ZXR10 5250 Product Description - Liberty · PDF fileZXR10 5250 Product Description ... ZXR10...

ZXR10 5250

Product Description

Product Description

ZTE Confidential Proprietary © 2015 ZTE CORPORATION. All rights reserved. I

ZXR10 5250 Product Description

Version Date Author Approved By Remarks

V1.00 2011-07-25 Liusheng Not open to the Third Party

V1.01 2011-12-06 Liusheng Modify the product types

© 2015 ZTE Corporation. All rights reserved.

ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to be disclosed or used without the prior written permission of ZTE.

Due to update and improvement of ZTE products and technologies, information in this document is subjected to change without notice.

Product Description

II ©2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

TABLE OF CONTENTS

1 Overview ......................................................................................................... 1

2 Highlights ........................................................................................................ 2 2.1 Energy saving and green .................................................................................. 2 2.2 Easy deployment and easy management ......................................................... 2 2.3 POE Features ................................................................................................... 3 2.4 Better video service experience ........................................................................ 3 2.5 Perfect security design ..................................................................................... 3 2.6 Smart VLAN...................................................................................................... 4 2.7 Overall supervision ........................................................................................... 4 2.8 Bidirectional ACL .............................................................................................. 4 2.9 Precision user locating ...................................................................................... 4 2.10 IPV6 ................................................................................................................. 5 2.11 Ethernet OAM ................................................................................................... 5 2.12 Off-power alarm ................................................................................................ 5

3 Functions ........................................................................................................ 6 3.1 Basic service functions ..................................................................................... 6 3.1.1 MAC address management .............................................................................. 6 3.1.2 VLAN ................................................................................................................ 7 3.1.3 STP features..................................................................................................... 8 3.1.4 Link aggregation ............................................................................................... 8 3.1.5 Basic Ethernet features .................................................................................... 8 3.2 Value-Added Service (VAS) .............................................................................. 9 3.2.1 DHCP-based batch upgrade ............................................................................. 9 3.2.2 IPTV ................................................................................................................. 9 3.2.3 ACL ................................................................................................................ 10 3.2.4 SFLOW ........................................................................................................... 10 3.2.5 RSPAN ........................................................................................................... 11 3.2.6 Global counter ................................................................................................ 12 3.2.7 IP source guard .............................................................................................. 12 3.2.8 Dynamic ARP Inspection (DAI) ....................................................................... 12 3.2.9 LLDP .............................................................................................................. 13 3.2.10 UDLD ............................................................................................................. 13 3.2.11 Voice vlan ....................................................................................................... 13 3.2.12 802.1x authentication ...................................................................................... 13 3.2.13 Ring protection ............................................................................................... 14 3.2.14 ZESS smart switching ..................................................................................... 14 3.2.15 DHCP relay .................................................................................................... 15 3.2.16 TACACS+ ....................................................................................................... 15 3.2.17 SSH ................................................................................................................ 16 3.2.18 Port loopback check ....................................................................................... 16 3.2.19 MButton .......................................................................................................... 16

4 System Architecture ..................................................................................... 17 4.1 Appearance .................................................................................................... 17 4.2 Hardware Architecture .................................................................................... 17

Product Description

ZTE Confidential Proprietary © 2015 ZTE CORPORATION. All rights reserved. III

4.2.1 Overall Hardware Architecture ........................................................................ 17 4.2.2 Working Principle of Hardware System ........................................................... 18 4.2.3 Introduction to Card ........................................................................................ 18 4.3 Software Architecture ..................................................................................... 20 4.3.1 Operation Support Sub-system ....................................................................... 20 4.3.2 MUX Sub-system ............................................................................................ 21 4.3.3 L2 Sub-system ................................................................................................ 22 4.3.4 NM and Maintenance Sub-system .................................................................. 22

5 Technical Indexes and Specifications ......................................................... 23 5.1 Physical Indexes ............................................................................................. 23 5.2 Basic Specifications ........................................................................................ 23

6 Operation and Maintenance ......................................................................... 26 6.1 NetNumen U31 Integrated NM Platform ......................................................... 26 6.1.1 NM Networking ............................................................................................... 26 6.1.2 NetNumen U31 NM System ............................................................................ 27

7 Comprehensive Networking Applications .................................................. 30 7.1 Community Access for Enterprise network ..................................................... 30 7.2 Corridor Access for MAN ................................................................................ 31

8 Abbreviations ................................................................................................ 32

Product Description

IV ©2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

FIGURES

Figure 3-1 Typical QinQ networking ..................................................................................... 7

Figure 3-2 sFlow frame ...................................................................................................... 11

Figure 3-3 ZESS network topology ..................................................................................... 15

Figure 4-1 ZXR10 5252-28TC ............................................................................................ 17

Figure 4-2 ZXR10 5252-52TC ............................................................................................ 17

Figure 4-3 ZXR10 5250-28SM ........................................................................................... 17

Figure 4-4 ZXR10 5250-52PM ........................................................................................... 17

Figure 4-6 Working principle of the system......................................................................... 18

Figure 4-7 Control principle ................................................................................................ 19

Figure 4-8 System framework diagram ............................................................................... 21

Figure 4-9 L2 system structure ........................................................................................... 22

Figure 7-1 Desktop access for enterprise network.............................................................. 30

Figure 7-2 MAN access ...................................................................................................... 31

TABLES

Table 5-1 Physical indexes ................................................................................................ 23

Table 5-2 System specifications ......................................................................................... 24

Table 8-1 Abbreviations ..................................................................................................... 32

ZTE Confidential Proprietary 2015 ZTE CORPORATION. All rights reserved 1

Product Description

1 Overview

As a new-generation GE access L2 Ethernet intelligent switch introduced by ZTE, ZXR10

5250 series enhances its features in energy saving, user information security, access

control as well as management and maintenance. 5250 when compared with similar

products are outstanding for its powerful forwarding capability, flexible ACL and rich

monitoring manners. It supports Ethernet OAM and voice vlan, so that is can satisfy MAN

and enterprise network access needs.

ZXR10 5250 include 4 models: ZXR10 5250-28TC, ZXR10 5250-52TC, ZXR10

5250-28SM and ZXR10 5250-52PM

Product Description

2 2015 ZTE CORPORATION. All rights reserved ZTE Confidential Proprietary

2 Highlights

2.1 Energy saving and green

ZXR10 5250 perfectly supports 802.3az. It can dynamically set port as idle when there’s

no traffic goes through so as to save the power. It functions well to save the consumption

at single port by reducing 70% consumption at single port. Meanwhile, the device can

provide the statistics of consumption saved by the port and the device so as to provide a

practical effect of energy saving to the customer.

ZXR10 5250 supports dynamic fan adjustment. It can adjust fan speed dynamically

based on the temperature inside the equipment. It raises the fan speed and increases air

flow when the temperature is high. It reduces fan speed when the temperature is low.

By using multiple energy-saving technologies, for example, disable idle ports and adjust

port power consumption as per cable length, ZXR10 5250 try their best to decrease the

power consumption for the customer maximally.

The material used for the product conforms to Europe RoHS environment protection

standard. The environment pollution of the materials is reduced to the least. We make

certain contribution to protection of the whole entironment.

2.2 Easy deployment and easy management

Automatic remote batch upgrade can upgrade the equipment of the same type at one

time, which avoid the hardship of the OAM staff going up and down the building carrying

their computers.

Creative M-Button enables the administrator to obtain the status of equipment port,

memory and CPU without logging in the system.

It supports system information display. Via one command, the system operation

information can be collected, which gives conveniences to information collection and

failure location.

It supports off-power warning. When the device is out of power, it is still capable of

sending off-power warning to remote server. In this way, the administration center can be

informed of the failure in the shortest time.

At the same time, the device supports multiple management manners, e.g., web, telnet

and snmp, etc. Also, the equipment can carry out local or remote authority authentication

to guarantee the reliability of the operation.


Product Description

2.3 POE Features

ZXR10 5250 series supports full-port POE and POE+ power supply, conforming to

802.3af and 802.3at standard. It is also compatible with PD equipment which doesn’t

conform to 802.3af or 802.3at standard. The maximal power supply of POE is 15.4W and

the maximal power supply of POE+ is 30W.

The port supports time-sharing POE power supply configuration. It can automatically

forcefully shut down POE power supply of the electrical interface during the period when

power supply is unneeded.

2.4 Better video service experience

ZXR10 5250 supports MVR, provides various rules and channel combination, and

supports multicast QoS. It solves traffic engineering management problem brought by

multiple egress duplication of multicast services, optimizes delay, jitter and packet loss

problem of video flow, and reduces join-in and offline delay of users’ video services. At

the same time, it supports multicast service access control, which guarantees security of

multicast service access and users’ high-quality video service experience.

2.5 Perfect security design

The security design of ZXR10 5250 is based upon two aspects: one is to guarantee the

normal operation of the device, the other is to ensure the security of the data.

For self security design, some restrictions to peer-end broadcasting message, multicast

message, unknown unicast message. Therefore, these messages will have less impact

to CPU. For CPU, the device uses control plane security service to classify and control

the speed of the protocol messages that CPU needs to process. This mechanism makes

sure that the speed of the delivered the message for the protocol stacking is within a

proper range, which avoids the breakdown of CPU caused by exceeding messages.

Besides common user name and password management, ZXR10 5250 supports multiple

logins such as SSH to prevent the administrative users being spoofed.

For user data security, besides PVLAN service, ZXR10 5250 also uses DHCP snooping

plus IP source guard to make sure user’s validity. For the messages which do not satisfy

bounding table, they will be discarded.

The device is also capable of DAI service. So that it can effectively restrict ARP-based

DOS attack. The device not only can discard arp message which does not accord with

the condition, but also can restrict the number of arp one port learns. This mechanism

successfully prevents equipment table entity from being occupied maliciously, which

makes sure other people can use the resource normally.

Product Description


2.6 Smart VLAN

ZXR10 5250 not only gives support to 1:1 vlan map, but also supports N: 1 VLAN map.

In this way, by aggregating vlan at the access side, the device greatly enhances the

usability of vlan resource.

ZXR10 5250 supports standard QinQ service and flexible SVLAN service, which enables

the operator to distinguish user and service at the access side effectively. In this way, the

units can implement different processing policies as per different users and services.

ZXR10 5250 supports dynamic distribution of independent vlan to voice device, and

provide higher priority to data in this vlan by configuring QoS strategy to guarantee voice

quality.

2.7 Overall supervision

ZXR10 5250 supports message mirroring service. It can classify mirroring image

of different messages, so that different message mirroring image can go to

different port.

ZXR10 5250 supports slfow service. It can sample the message and send it to the

designated server.

ZXR10 5250 support RSPAN service. It is used for the extension of common

mirroring. So that, all the messages on the monitored port will be completely sent

to the remote receiver.

The device also supports intelligent statistic service. Being different from the

traditional accounting service which can only collect the number of the port or

queue, the intelligent statistic service can count any interested traffic or port. The

counting service can be as precise as one user‘s one service, which accordingly

provides effective monitoring way for precise operation.

2.8 Bidirectional ACL

In the course of further developing similar products, ZXR10 5250 at the same time

supports incoming and outgoing ACL. User can implement both incoming and outgoing

traffic classification and speed restriction at the same time. This mechanism enables

more comprehensive and flexible ACL.

2.9 Precision user locating

Via multiple methods like DHCP, option82, PPPOE+ and VBAS, ZXR10 5250 can

provide user’s accurate location for the network management center. The field with user

location information can be configured freely to meet different operators’ requirements.


Product Description

2.10 IPV6

ZXR10 5250 supports multiple necessary IPv6 functions including IPv6/IPv4 dual

protocol stacking, ND (Neighbor discovery), ICMPV6, DHCPV6 snooping, and MLD

snooping.

2.11 Ethernet OAM

Ethernet Operations, Administration, and Maintenance (OAM) is a guarantee to provide

high-quality carrier-class network. It monitors link status change, makes evaluation of

service quality provided by the link, so as to provide great convenience for network

maintenance staff to locate network failures. ZXR10 5250 supports three OAM protocols:

802.1ag, 802.3ah, and Y1731.

2.12 Off-power alarm

When the power supply is off-power, the device sends alarm message to the designated

server, notifying the server that the device stops working because the power supply is off.

Power supply failure is the major failure of the access device. This function can help OAM

staff to make quick decision on device failure and speed up the processing and failure

recovery.

Product Description


3 Functions

3.1 Basic service functions

3.1.1 MAC address management

ZXR10 5250 series fulfills the following MAC functions:

Convert dynamic MAC address into static one

On one hand, the administrator expects that the user is fixed only to a port; on the other

hand, he does not want to configure too many static addresses. The function can be used

to reach the goal.

Bind MAC address to a port

Dynamic, static or permanent MAC address can be added to MAC address table. The

correspondence relation between static or permanent MAC address and port is fixed, and

cannot be cancelled until the address is deleted manually.

Limit MAC address number of a port

MAC address table capacity of a switch is limited. When many users are available and

MAC address table will reach the capacity limit, the MAC address number of low-priority

user port will be restricted.

The restriction can prevent MAC address broadcast to drive MAC address table to

overflow the network attack.

Port MAC address learning protection

When abnormal MAC address learning of a port is checked out, the switch will protect the

MAC address learning for some time. New address learning cannot be done in the

protection. When the protection expires, the port will be in the state of MAC learning

again.

Unknown-source MAC address filtering of a port

Unknown-source MAC address filtering of a switch port is closed by default, and the port

does not filter the unknown-source MAC address. If a switch port is configured with

enabling the unknown-source MAC address filtering, relative port will discard the packet

of unknown-source MAC address received at the port and learn it.

MAC address filtering


Product Description

Data frame can be filtered according to MAC address in the following ways:

1 Only the source MAC address of data frame is matched. If the source MAC

address is the set MAC address, the data frame will be filtered.

2 Only the destination MAC address of data frame is matched. If the destination

MAC address is the set MAC address, the data frame will be filtered.

3 The source or destination MAC address of data frame is matched. If the source

or destination MAC address is the set MAC address, the data frame will be

filtered.

3.1.2 VLAN

Support port-based vlan, 1:1 and N:1 vlan translation, PVLAN, QinQ and SVLAN.

QinQ, known as the tunnel protocol based on IEEE 802.1Q encapsulation, is also called

VLAN stack. QinQ adds a VLAN label (external label) outside the existing VLAN label

(internal label). The external label can shield the internal label.

QinQ without protocol support can implement simple L2VPN, and is suitable for mini-

LAN taking L3 switch as the backbone.

Typical QinQ networking is as follows. The port connecting user network is Customer port,

the port connecting SP network is Uplink port, and SP network edge access equipment is

called PE (Provider Edge).

Figure 3-1 Typical QinQ networking

Switch A

PESwitch B

PE

SPVLAN 10

Uplink port

SPVLAN 10

Uplink port

SP network

SPVLAN 10

customer

port

SPVLAN 10

customer

port

User network

1CVLAN1-

100

User network

2CVLAN1-

100

User network accesses PE via Trunk VLAN. Uplink ports in SP network are connected

symmetrically via Trunk VLAN.

When the packet comes from user network 1 to switch A customer port, no matter

whether the packet is tagged or untagged, switch A will forcedly insert the external label

(VLAN ID is 10). In SP network, the packet reaches switch B via VLAN 10 ports. Switch B

Product Description


finds out the port connected to user network 2 is customer port, removes the external

label according to the conventional 802.1Q protocol, restores it to the original packet, and

sends it to user network 2.

The data between user network 1 and 2 can be transmitted transparently via SP network.

User networks can freely plan their own private network VLAN ID to avoid the conflict with

SP network VLAN ID.

3.1.3 STP features

Support RSTP and MSTP as well as such protection features as bpdu guard, root guard

and loop guard.

3.1.4 Link aggregation

Link aggregation, known as Trunk, binds several physical ports into one logic port to

share incoming/outgoing traffic load among member ports. The switch decides according

to port load sharing policy configured by the user via which member port the packet is

sent to the opposite switch. When detecting that a fault occurs to the link of a member

port, the switch will stop sending the packet via the port, and recalculate and decide a

port for packet transport according to load sharing policy. After the faulty port restores,

the switch will recalculate and decide a port for packet transport again. Link aggregation

is an important technology to increase link bandwidth and support link transport resilience

and redundancy.

ZXR10 5250 supports static Trunk and LACP link aggregation.

Static Trunk adds several physical ports directly to Trunk group to form one logic port, but

it is not good at observing the status of link aggregation port.

LACP (Link Aggregation Control Protocol), following IEEE 802.3ad, dynamically

aggregates several physical ports into Trunk group through the protocol to form one logic

port. LACP automatically aggregates to get the maximum bandwidth.

3.1.5 Basic Ethernet features

ZXR10 5250 supports the following basic Ethernet features:

Support port mirroring

Port mirroring copies the data of one or several switch ports (mirrored port) to one

designated destination port (monitored port) to get the data of the monitored port for

traffic analysis and wrong diagnosis port data. The mirroring (RSPAN) of

cross-equipment ports is supported.

Support broadcast storm suppression


Product Description

It can limit the number of broadcast packet allowed to pass Ethernet port per second.

When broadcast traffic exceeds the value set by the user, the system will discard

broadcast traffic, thus broadcast traffic will be reduced to a reasonable range to suppress

broadcast storm and avoid network congestion to assure network services of normal

operation. Broadcast storm suppression takes the set rate as the parameter. The smaller

rate means the smaller broadcast traffic allowed to pass.

Support such configuration as port rate, duplex mode and adaptation.

Support line diagnosis analysis and test

ZXR10 5250 supports cable line diagnosis analysis and test. It can check line and

connection and find the location of cable fault to facilitate network management and fault

locating.

GE electrical interface is connected to other devices via network cable. Network cable

has 4 twisted pairs. 100M network cable uses twisted pair 1-2 and 3-6, and 1000M 1-2,

3-6, 4-5 and 7-8. The status of each twisted pair can be detected in line check. Line

statuses are as follows:

4 Open: Open-circuit line

5 Short: Short-circuit line

6 Good: Normal line

7 Broken: Open-circuit or short-circuit line

8 Unknown: Unknown or no result

9 Crosstalk: Line coupling

10 Fail: Failed detection

3.2 Value-Added Service (VAS)

3.2.1 DHCP-based batch upgrade

ZXR10 5250 supports the DHCP-based batch upgrade. By supporting DHCP option66,

67 and 150, the device gets the server address, catalog and filename storing the version.

Option150 stores the server IP address, option66 the version path, and option67 the

version filename. With the information, the device can automatically get the version from

the designated location via FTP or TFTP, which simplifies upgrade procedure, facilitate

operation & maintenance and increase working efficiency.

3.2.2 IPTV

IPTV, known as interactive network TV and launched by carriers based on broadband,

uses IP broadband network and integrates Internet, multimedia and telecom technologies

Product Description


to provide for the user such interactive services as live TV, video VOD and Internet

browse. The user gets the services via PC or “IP set top box＋TV”.

Controllable multicast is one of key technologies of ZTE’s IPTV system structure, and

usually works at the broadband access network side. The equipment (BRAS, access

equipment or switch) implementing the multicast control policy is called the multicast

control point. As the termination point of user multicast IGMP request, the multicast

control point decides according to relative IGMP request and control policy whether to

copy multicast flow to user port. The closer the multicast control point is, the more

network bandwidth the user can save. As the key equipment to implement the multicast

control policy, Multicast control point supports the following services: IGMP V1/V2，

IGMP Snooping, IGMP Filter, IGMP Proxy, IGMP Fastleave, MVR(Multicast Vlan

Register), SGR(Static Group Register), UGAC(User Group Access Control) and

UGAR(User Group Access Record). User’s on-demand authority can be controlled by

binding rules and channels.

3.2.3 ACL

ZXR10 5250 supports egress and ingress ACL.

ZXR10 5250 offers the following four types of ACL and supports IPv6 ACL.

Basic ACL: Only match source IP address.

Extension ACL: Match source IP address, destination IP address, IP protocol

type, TCP source port No., TCP destination port No., UDP source port No., UDP

destination port No., ICMP type, ICMP Code, DSCP (DiffServ Code Point), and

ToS.

L2 ACL: Match source MAC address, destination MAC address, source VLAN ID,

L2 Ethernet protocol type, and 802.1p priority value.

Mixed ACL: Match source MAC address, destination MAC address, source VLAN

ID, source IP address, destination IP address, TCP source port No., TCP

destination port No., UDP source port No., and UDP destination port No.,

including all matching fields of the above types.

IPv6ACL: Only match IPv6 source IP address and destination IP address.

3.2.4 SFLOW

sFlow is the IETF standard traffic monitoring technology. It has low hardware

requirements, less equipment resource consumption and high technical commonality, so

it is now used by multiple vendors.


Product Description

sFlow service mainly consists of three parts: sFlow message sampling unit, sFlow proxy

unit and sFlow collector (or named analyzer ). The sampling and proxy units of sFlow are

integrated in the network equipment; while sFlow collector which analyzes messages of

multiple sFlow proxies is out of the system structure. The entire basic system architecture

is as shown in the following figure:

Figure 3-2 sFlow frame

sFlow sampling unit is the basis of sFlow mechanism. sFlow samples network packets

at the network interface supporting sFlow and sends sampled packets to sFlow agent

equipment for processing. sFlow Collector is the network equipment sFlow uses to

manage, monitor, collect and analyze. It stores and analyzes network packets from sFlow

Agents, and gives equipment traffic and service analysis reports and tables.

3.2.5 RSPAN

Remote Switched Port Analyzer (RSPAN), i.e. remote port mirroring, without asking the

mirrored port and the mirroring port on the same switch, enables cross-network mirrored

port and mirroring port. This gives great convenineces to the administrator for remote

switch management.

The following switches can fulfill the RSPAN function.

Product Description


Source switch: The switch of the monitored port makes L2 forwarding of the traffic,

which needs to be mirrored, at Remote-probe VLAN L2 and forwards it to

intermediate switch or destination switch.

Intermediate switch: The switch between source switch and destination switch in

the network transports the mirroring traffic to the next intermediate switch or

destination switch via Remote-probe VLAN. If source switch and destination

switch are directly connected, there will be no intermediate switch.

Destination switch: The switch of destination port for remote mirroring forwards

the mirroring traffic received from Remote-probe VLAN to the monitoring

equipment via the mirroring destination port.

3.2.6 Global counter

ZXR10 5250 has unique global counter. The port and flow to be monitored can be bound

to a separate global counter. The specific flow can be decided according to flow

classification. For example, monitor a specific source IP and destination IP. After binding,

global counter separately counts the packets matching the flow.

Global counter provides the carriers with an effective way to monitor network traffic status,

which may be for a specific traffic of each user, so as to offer more data for network

structure planning.

3.2.7 IP source guard

IP source guard is a policy control technology. Based upon dynamic DHCP snooping

table entry or manual static table entry, it is mainly responsible for checking if IP+MAC

the same as DHCP snooping table entry or manual static table entry. If they are not the

same, the message will be judged as illegal. Then it will be discarded or sent to CPU.

3.2.8 Dynamic ARP Inspection (DAI)

ARP attack is the most commonly seen means in the network. It has two ways: One is to

transmit a lot of ARP packets which is beyond normal processing capability and break

down the equipment; the other is to transmit faked ARP packets and make the equipment

learn wrong table items, thus the packets of a normal user are wrongly forwarded to the

hacker faking the ARP packets and let him get private information of the user.

DAI service can effectively process ARP attack. After initiating DAI, the equipment can

restrict the number of ARP sent by the port, which guarantees adequate processing

capability of the equipment. Also, DAI service can check the legality of the received ARP

message according to user table entry generated dynamically. When the received ARP

message does not accord with the user dynamic table entry of this port, this message will

be dropped to make sure the correctness of the forwarding table entry.


Product Description

3.2.9 LLDP

LLDP (Link Layer Discovery Protocol) is a kind of neighbor discovery protocol. With LLDP,

network device notifies its information to other devices and establish neighbor

relationship with different devices. ZXR10 5250 supports multiple LLDP TLV attributes. It

can correctly notify its port and system information to its neighbors.

At the same time ZXR10 5250 supports LLDP MED (LLDP for Media Endpoint Devices).

The switch uses this protocol to configure the terminal device that connected to it.

3.2.10 UDLD

UDLD is a L2 network protocol used to detect the single-pass on physical link between

the devices. Sometimes only receiving is normal or only transmitting is normal on the

physical link between two devices. At this time, the link status may be normal but the

packet transmission is abnormal. Detecting the abnormality, UDLD can send alarm or

close the port, which is decided based on the configuration.

3.2.11 Voice vlan

Voice VLAN provides high forwarding priority for voice data packet. When voice device

access is detected, no matter what the default priority for the voice data flow is, ZXR10

5250 transfers the legal voice data to the specified voice VLAN and distributes a high

priority to it, so as to guarantee the voice packet is forwarded with priority.

3.2.12 802.1x authentication

DOT1X (IEEE 802.1x) is the port-based network access control protocol. It optimizes

authentication means and authentication architecture and resolves the issues caused by

conventional PPPoE and Web/Portal authentication, so it is more suitable for broadband

Ethernet.

IEEE 802.1x protocol architecture consists of three major parts: Supplicant System,

Authenticator System and Authentication Server System.

11 Supplicant system is a user terminal system which is usually installed with a

supplicant software. The user starts the software to initiate the authentication in

IEEE802.1x protocol. In order to support the port-based access control,

supplicant system needs to support EAPOL (Extensible Authentication Protocol

Over LAN).

12 Authenticator system is usually the network equipment supporting IEEE802.1x

protocol, such as switch. The equipment corresponds to the ports of different

users (They may be physical ports, or MAC address, VLAN and IP of user

equipment). Two logic ports are available: controlled port and uncontrolled port.

Product Description


1) Uncontrolled port is always in bidirectional connection status and transmits

EAPOL protocol frame to ensure that the supplicant can always send or

receive the authentication.

2) Only when the authentication is passed, can controlled port be opened to

transmit network resource and service. Controlled port can be configured to

bidirectional control or input control for different applications. If the user

does not pass the authentication, controlled port will be in authentication

status, and the user will not access the service provided by authenticator

system

13 Authentication server is usually RADIUS server. It can store the user-related

information, e.g., user VLAN, CAR parameters, priority, and user access control

list. When the user passes the authentication, authentication server passes the

user-related information to authenticator system which creates the dynamic

access control list, and subsequent user traffic will be under the supervision of

the above parameters. Authentication server communicates with RADIUS server

through RADIUS protocol.

3.2.13 Ring protection

ZTE Ethernet Switch Ring (ZESR) based upon EAPS principle of rfc3619 protocol makes

some progresses. It makes sure if the ring works smoothly. Also it confirms there’s only

one logic smooth path between two nodes. The port status can be changed between

block and forward status according to the situation of the ring (through-break,

break-through), which enables fast switchover of the logical path.

ZESR supports multiple such as network topologies as tangent ring and insectant ring as

well as multi-domain configuration. ZXR10 5250 ZESR supports to work with PVLAN to

comply with MEF networking model.

3.2.14 ZESS smart switching

ZTE Ethernet Smart Switch (ZESS), an Ethernet intelligent switchover technology

introduced by ZTE, describes a highly efficient link switchover mechanism. When the

active link breaks down, traffic can be switched over to the standby link, which makes

sure normal data transmission.

As shown in Figure 3, node 1 supports ZESS. Port 1 is master port and port 2 is slave

port. When node 1 finds that master port and slave port are UP, the protection service

VLAN forwarding of slave port will be blocked. When node 1 finds that master port is

DOWN, the protection service VLAN forwarding of master port will be blocked, and the

protection service VLAN forwarding of slave port will be opened. When node 1 finds that

master port restores to UP, inversion and non-inversion modes are available. In inversion

mode, master port is opened and slave port is blocked again. In non-inversion mode,


Product Description

master port is still blocked and slave port is still opened. Furthermore, when ZESS is

switched, FDB of the blocked port will be upgraded.

Figure 3-3 ZESS network topology

Upper-level

network

Node 1

Node 2 Node 3

Master port Slave port

3.2.15 DHCP relay

DHCP relay forwards users’ DHCP request packet to the designated DHCP server by L3

interface, and forwards the packet returned by the server to the user. ZXR10 5250 DHCP

relay supports configuration of multiple server. It supports identification and processing of

option82. Many different actions of forwarding, dropping or substitution can be adopted

for packets carrying option82.

3.2.16 TACACS+

Besides common radius authentication, ZXR10 5250 also supports TACACS+

authentication of administrative user. TACACS+ seems similar to radius in usage. It is

also an authentication method with client plus server. The device works as client and

sends the username and password to remote TACACS+ server, who takes

authentication and then returns the result to the client. Besides the difference in

authentication process and packet attribute, the biggest difference between TACACS+

and radius lies in the fact that TACACS+ takes encapsulation of the forwarded packet,

which greatly improves the system security.

Product Description


3.2.17 SSH

SSH mainly provides a secure login passage for the administrative user. The device

provides SSH server function for the user logs in as client. Client and server will negotiate

about the encrypted key before they establish the connection, with which server and

client can encrypt and de-encrypt the packet they send to each other to make the packet

unidentifiable by others during the process of transmission.

3.2.18 Port loopback check

Port loopback check works to separate the network. The device will block the port when it

finds loopback in the downlinked network of the port to avoid the influence on the whole

network of the loopback. Port loopback check can work only with the support of a single

node without the same protocol run in the whole network. ZXR10 5250 supports single

port and multi-port loopback check.

3.2.19 MButton

ZXR10 5250 switch can provide the MButton function without increasing user cost. The

function makes use of existing port indicators to indicate the run status of the switch.

MButton can switch different modes. When a mode is switched, port indicator shows

system status of the mode according to relative rules. The following statuses are

available now:

Port link status

Port duplex status

Port rate status

Memory utilization rate

CPU utilization rate

Port of packets with CRC error

Port generating broadcast storm

Uplink interface bandwidth occupancy

Port which does not learn MAC address

Ping NM server


Product Description

4 System Architecture

4.1 Appearance

ZXR10 5250 is a sort of cassette Ethernet switch. Its hardware is composed by chassis,

control switching fabric unit, line interface unit and power supply unit. The size of the

chassis goes in line with European standard.

Figure 4-1 ZXR10 5252-28TC

Figure 4-2 ZXR10 5252-52TC

Figure 4-3 ZXR10 5250-28SM

Figure 4-4 ZXR10 5250-52PM

4.2 Hardware Architecture

4.2.1 Overall Hardware Architecture

ZXR10 5250 is a cassette product that adopts centralized hardware architecture design.

All service interfaces are directly connected to switching main control card with no

expansion card.

Product Description


4.2.2 Working Principle of Hardware System

Figure 4-5 Working principle of the system

4.2.3 Introduction to Card

ZXR10 5250 system contains one main control card and service expansion slot. The

cards can be divided into switching control module, power supply module and interface

module based on the responsibilities they assume.

4.2.3.1 Control Card

Control card is the core component of ZXR10 5250. It mainly implements two functions of

control module and switch module.

In ZXR10 5250 system, control switch card is installed in the cassette structure with no

independent panel. Its related interface and indicator are on the front panel of the system.

The principle is shown in the following diagram:


Product Description

Figure 4-6 Control principle

4.2.3.2 Control Module

Control module is composed of main processor and some external functional chips. It

provides various external operation interfaces such as serial interface, and Ethernet

interface to implement processing of various applications by the system. The main

processor adopts high-performance CPU processor to implement the following tasks:

System network management protocol such as SNMP.

Network protocol such as STP.

Provides operation and management interfaces for each line card.

Takes data operation and maintenance.

4.2.3.3 Switch Module

Switch module adopts the private Switch chip with multiple GE and 10 GE bi-directional

interfaces integrated. It can process multi-port wire-speed switching. The switch chip can

implement the following functions:

Storage, forwarding, and switching

Support 10KB jumbo frame

Product Description


Support priority queuing. When CoS queue is in congestion, it drops frames

selectively.

4.3 Software Architecture

Ethernet switch ZXR10 5250 series switch is capable of L2 switching, providing L2

wire-speed switching and QoS guarantee. The system software implements

management, control and data forwarding of system. Its basic tasks include system start,

system configuration and management, protocol operation, table maintenance, switching

chip setting and state control, and some special packet software forwarding. System

software mainly implements the following functions:

It implements major L2 protocol functions including 802.1D STP protocol, 802.1P priority

control, 802.1Q VLAN functions, and 802.3ad link aggregation. It supports IPv4 protocol

stacking. It realizes multi-layer services of ACL and DHCP. It implements part of

broadband access functions and network management protocol.

Users can take network management of Ethernet switch by serial interface terminal,

Telnet, and SNMP Manager, covering network configuration management, failure

management, performance management, and security management.

System software can be divided into the following four sub-systems based on the above

system function requirements.

Operation support sub-system. It includs software modules of BSP, ROS, SSP.

MUX sub-system. It includes data distributing module, statistics monitoring

module and drive encapsulating module. Data distributing module takes charge of

distribution of data packets in the drive and upper layer software. Statistics

monitoring module takes charge of statistics data forwarding message and drive

software table monitoring.

L2 sub-system. It includes STP, LACP, IGMP SNOOPING, MAC address

management, VLAN management, and L2 data forwarding.

Network management and operation maintenance sub-system. It implements

Agent function of SNMP network management. It supports command line

management, provides operation maintenance interface and provides MIB

information.

4.3.1 Operation Support Sub-system

Operation support sub-system drives and encapsulates hardware in the lower layer to

provide support for other software systems in the upper layer. Operation support

sub-system mainly provides support for hardware operation, distributes operation

resource for hardware, and provides related interface for software in upper layer.


Product Description

Operation support sub-system uses ZXR10 ROS platform including system support,

system control, version loading control, BSP, and SSP. System support can be further

divided into modules of operation system kernel, process scheduling, process

communication, timer management, and memory management. The system diagram of

operation support sub-system is shown in the following figure:

Figure 4-7 System framework diagram

4.3.2 MUX Sub-system

MUX sub-system implements information switching of drive and upper layer software,

and takes statistics and monitoring of software table of switching chip. The main functions

of MUX sub-system are data forwarding and statistics monitoring. MUX layer receives

data packets from drive module and distributes data packets based on ETHER TYPES

field in MAC frame. MUX data forwarding also takes charge of encapsulating data

forwarding function of the drive. It provides new data forwarding function invoking for

each module in upper layer, which invokes data forwarding function provided by MUX to

implement forwarding when there’s data packet or protocol packet needs to be forwarded.

Statistics monitoring takes charge of state statistics of drive layer, physical layer and MUX

layer, receiving and sending packets statistics, register reading monitoring, and data

packet sniffer. It provides OAM module with interface function.

Product Description


4.3.3 L2 Sub-system L2 sub-system mainly implements configuration management (management layer) of data link layer, L2 protocol processing (control layer), and data forwarding (data layer or service layer). Its functional

Figure 4-8 L2 system structure

4.3.4 NM and Maintenance Sub-system

Foreground network management and operation maintenance sub-system use TCP/IP to

work as SNMP network management agent. They use the executive body of managed

entity in lower layer to implement management. By network communication background

and foreground network management take management of foreground system and

realize separation of management network and transport network.


Product Description

5 Technical Indexes and Specifications

5.1 Physical Indexes

Table 5-1 Physical indexes

Physical indexes

ZXR10 5250-28TC

ZXR10 5250-52TC

ZXR10 5250-28SM

ZXR10 5250-52PM

Size 442×220×43.6 442×220×43.6 442×220×43.6 442×440×43.6

Maximal weight for the whole set

<2.9kg <3.0kg <4.0kg <7.5kg

POE Not support Not support Not support support

Power supply

Support AC and DC input, support RPS

AC: 100V～

240V, 50Hz～60Hz

RPS:12V DC

Support AC and DC input, support RPS

AC: 100V～

240V, 50Hz～60Hz

DC: -48V～-60V

RPS:12V DC

Support two modular power

Support AC and DC input, AC:

100V～240V,

50Hz～60Hz

DC: -48V～-60V

Support two modular AC power

Support AC input,

AC: 100V～

240V, 50Hz～60Hz

Maximal consumption

27W 53W 39W

Max power 180(NO POE)W

POE power 840W

Working temperature

-5℃~50℃

Working humidity

10%~90%

Earthquake proof

8 earthquake intensity

Reliability MTBF>100,000 hours, MTTR<30 minutes

5.2 Basic Specifications

Product Description


Table 5-2 System specifications

Item ZXR10

5250-28TC ZXR10

5250-52TC ZXR10

5250-28SM ZXR10

5250-52PM

Port

1000M

24 10/100/1000Base-T Ethernet ports

48 10/100/1000Base-T Ethernet ports

24 fixed 100/1000 Base-X SFP ports

48 10/1000 Base-T X Ethernet ports (PoE)

GE/XG

2 GE Combo (10/100/1000 Base-T Ethernet port or 1000 Base-X SFP port),2 fixed 1000Base-X SFP ports

2 GE Combo (10/100/1000 Base-T Ethernet ports or 1000 Base-X SFP ports),2 fixed 1000Base-X SFP ports

Support two uplink subcards: One is 4 fixed 10/100/1000 Base-T Ethernet port subcard, the other is 4 fixed 100/1000 Base-X SFP port subcards

Support uplink subcard, which includes 4-port 10G optical, 4-port GE electrical, 4-port GE optical ports.

Forwarding performance

42Mpps 78Mpps 42Mpps 132Mpps

Port switching capacity

56Gbps 104Gbps 56Gbps 176Gbps

MAC

Support MAC address learning, aging and conversion from dynamic to static

Support static MAC address setting

Support MAC address attack protection

Support 16K address table items

VLAN

4k for the whole set

Support port-based VLAN

Support VLAN translation (1:1, N:1)

Support PVLAN

QinQ

Support QinQ-based forwarding

Support ordinary QinQ, outer layer label tagging based on port

Support Selective QinQ, outer layer label tagging based on traffic

Support Selective QinQ inner layer priority mapping

Support TPID modification

LACP Support dynamic LACP

Support traffic-based load balancing

Storm suppression

Support broadcasting packet suppression

Support multicast packet suppression

Support unknown packet suppression

Support unknown unicast/multicast packet dropping

Support unknown unicast/multicast broadcasting

L2 multicast

Support IGMP Snooping/proxy

Support IGMP rate limit, IGMP rate filter, and IGMP rate shaping

Support cross-VLAN multicast duplication


Product Description

QOS

Support port rate limit and traffic rate limit

Support 8 queues with different priorities at each port

Support mapping to different queues based on packet 802.1p

Support SP, WRR, and SP+WRR algorithm

Support traffic classification based on source MAC address, destination MAC address, source IP address, and destination IP address

Traffic classification of L4 port, protocol type, VLAN, Ethernet frame protocol, and CoS information

Support traffic-based label priority and packet re-orientation

Anti-lightening

Anti-lightening capability at all service ports: 6KV

Security features

Support DHCP snooping and DHCP relay

Support 802.1x, and maximal user limit at single port

Support dynamic ARP detection (DAI)

Support IP Source Guard

Support MAC address filtering

Support local or remote authentication of login user

Support CPU protection

Support SSH

LLDP Support LLDP neighbor discovery

Support LLDP MED

UDLD Support UDLD link detection

IPV6

Support IPV6 host

Support IPV6 ND

Support IPV6 MLD snooping

Support IPV6 ICMP

Support IPV6 DHCP V6 snooping

Support IPV6 ACL

Monitor

Support SLFOW

Support RSPAN

Support mirror

Maintenance Support DHCP based auto configuration

Support power fail alarm

Voice vlan Support voice vlan

Product Description


6 Operation and Maintenance

6.1 NetNumen U31 Integrated NM Platform

IP network is bearing more and more services. At the same time it covers large area with

complicated configuration. Users have high expectation for the network. Network

management difficulty and workload become rather great. Only artificial management

with passive checking maintenance can no long meet the needs of reliable operation of

the network.

How to quickly deploy services in the network, how to guarantee reliable and stable

network operation, how to foresee the network operation quality, and how to detect the

failure point as soon as possible when failure occurs in the network are all present before

OAM staff. Thus active monitoring is urgently needed for the network to automatically

detect and solve network failure, to maintain smooth operation of the network, so as to

realize network value maximization.

To achieve this ZTE developed NetNumen U31 integrated network management system.

NetNumen U31 is an centralized network management system integrating multiple

products of router, switch, and CE. It integrates network element management, network

management, and service management in one, supporting multiple databases. It has

graphic interface of many languages, providing direct and easy operation. Offering

flexible northbound interface, it supports powerful interconnection integration capability.

6.1.1 NM Networking

Inband management and outband management can be adopted for networking between

NetNumen U31 network management system and ZXR10 5250.

Inband management

Inband management. Network management and service data are transported through

one channel with no need to build extra DCN network. NetNumen U31 network

management system can perform management when it is connected with the network

equipment nearby with related SNMP parameters configured.

The advantage of inband management is flexible networking without extra investment.

The disadvantage is network management information occupies service bandwidth,

which may influence service quality.

Outband management

Outband management. Network management information is transported inside network

management network, separated from service data. Extra DCN network is needed.


Product Description

NetNumen U31 network management system is connected to outband management

interface on ZXR10 5250 so that network management information is transmitted

independently from service information.

The advantage is the interruption of service channel doesn’t influence management of

equipment by the network management station. Network management information

transmission is more reliable. The disadvantage is that network management network

built independently is influenced greatly by territory restriction so that extra investment is

necessary.

6.1.2 NetNumen U31 NM System

NetNumen U31 network management system is an integrated router, switch, and CE

management system developed by ZTE. Covering network management, network

management and service management, network management system provides the

following functions:

Failure management guarantees stable network operation

In network management maintenance, the management staff has an urgent need to know

the network operation to make sure the network works stably. Failure management in

NetNumen U31 mainly takes charge of realtime receiving of various equipment alarm and

network event reported by all network elements. It can notify the maintenance staff in an

audible and visual way. The maintenance staff confirms and deals with the event. They

save the collected alarm reports in the base for various statistic and query. Failure

management is the most important and most usual management measure in network

operation and maintenance. With failure management, users can implement query,

realtime monitoring, failure filtering, failure location, failure confirmation, failure clearance,

and failure analysis etc. NetNumen U31 system also provides audio prompt, graphic

display of alarm, accessible alarm box, Email system, and SMS system. It notifies users

with sound and light, Email, and message for users to have easy daily maintenance.

Performance management obtains a complete understanding of network services

Network traffic flow, network load are the most focused concern in network management.

NetNumen U31 performance management module mainly takes charge of performance

monitoring and analysis of network and equipment. It provides maintenance and

management department with information to supervise network engineering, planning

and adjusting to improve network operation quality by collecting various performance

data from network elements and generating performance report after processing. With

performance management, users can perform statistics of equipment load, traffic flow,

and interface load to learn about network service quality, assess and adjust network

resource configuration as soon as possible.

Resource management makes good use of network resource

Product Description


Resource management system implements physical resource and logic resource

management. It is a basic innegligible system in service process of the operators. It is an

important premise for two key service processes of service launching and service

guarantee to become automatic. With resource management, users can learn about not

only management of resource such as equipment, card, interface, and link, but also the

utilization of logic resource such as VLAN and MAC address.

View management makes network operation state clear

View management provides integrated network topology and multi-view management,

which enables users to clearly grasp the topology structure and network equipment

operation state of the whole network. At the same time it provides operation and

maintenance ingress of the network and equipment. with view management users can

get network equipment operation state and alarm, and quickly transfer to other

management systems.

Configuration management makes quick service deployment

Configuration management performs configuration of ZXR10 5250 including equipment

management, interface management, VLAN management, L2 feature management, QoS

management, software upgrade management, and configuration file management. It

supports multiple humanistic configuration including end-to-end configuration, batch

configuration, guide configuration. It also provides corresponding default configuration

templates for different management.

Security management guarantees network security

Security management guarantees valid use of the system by the user. Security

management implements management of user, user group and role. By properly arrange

the relation between user, user group and role, it provides security control for operator to

perform security management operation. With login authentication it prevents illegal

users from entering the system. With operation authentication it provides security control

for operators to perform operation.

Northbound interface provides easy integration

With the rapid development of telecom service, one operator usually needs to take

control of multiple equipment-level and network-level professional network management

systems of network element. The professional network management systems cannot

exchange information. The limit brought about by complicated management contents and

various operation interfaces become more and more obvious. To improve the

comprehensive management level and effect of the whole network for telecom

enterprises, one network management station can perform various management and

control over interconnected networks so as to realize the comprehensive management of

the whole network.

Comprehensive network management and professional network is connected via

interface. Professional network management needs to provide comprehensive network


Product Description

management system with standard open northbound interface to perform quick and

reliable integration with comprehensive network management. NetNumen U31 supports

multiple northbound interfaces such as CORBA, SNMP, TL1, and FTP.

Product Description


7 Comprehensive Networking Applications

7.1 Community Access for Enterprise network

Figure 7-1 Desktop access for enterprise network

It provides GE access to desktop and GE comb uplink port. Working with 802.1x

authentication, IP source guard, DAI, security port and conversion from dynamic MAC to

static, it can satisfy most of the requirements of enterprise network access.


Product Description

7.2 Corridor Access for MAN

Figure 7-2 MAN access

MAN access can adopt ordinary tree type and ZESR plus PVLAN. Working with DHCP

snooping and ip source guard, it provides users with high security guarantee. At the

same time, ZXR10 5250 can use QinQ or SVLAN to further distinguish users and

services, and to provide rich control information for service planning of the whole

network.

Product Description

32 © 2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

8 Abbreviations

Table 8-1 Abbreviations

Abbreviation Full form

ABR Area Border Router

ARP Address Resolution Protocol

AS Autonomous System

ASBR Autonomous System Border Router

ASN Abstract Syntax Notation

ATM Asynchronous Transfer mode

BIC Bridge interface & Alarm monitor card

BFEIE Fast Ethernet Interface- Electric for BRAS

BFEIO Fast Ethernet Interface-Optical for BRAS

BGEI Gigabit Ethernet Interface for BRAS

BGP Border Gateway Protocol

BNPC Network Processing Card for BRAS

BSFC Switch Fabric Card for BRAS

BTSR Back plane for Terabit Switch Router

BUPC Ultra Protocol processor control card for BRAS

CHAP Challenge Handshake Authentication Protocol

CIDR Classless Inter-Domain Routing

COS Class of Service

CRC Cyclic Redundancy Check

abbreviation English full name

CSN Cryptographic Sequence Number

DDN Digit Data Network

DNS Domain Name System

EBGP External Border Gateway Protocol

EGP Exterior Gateway Protocol

FDDI Fiber Distributed Data Interface

FEI Fast Ethernet Interface

FEIOE Fast Ethernet Interface-Optical/Electric

FIFO First In and First Out

FPGA Domain Programmable Gate Array

FTP File Transfer Protocol

FTP6 File Transfer Protocol Version 6

GEI Gigabit Ethernet Interface

Product Description


HDLC High-Level Data Link Control

ICMP Internet Control Message Protocol

ICMP6 Internet Control Message Protocol 6

IETF Internet Engineering Task Force

IGMP Internet Group Management Protocol

IGP Interior Gateway Protocol

IP Internet Protocol

Ipv6 Internet Protocol Version 6

IS-IS Intermediate System -to- Intermediate System


LAN Local Area Network

LSA Link State Advertisement

MAC Media Access Control

MD5 Message Digest 5

MIB Management Information Base

MPLS Multi-Protocol Label Switch

MTU Maximum Transmission Unit

NIC Network Information Center

NLRI Network Layer Reachable Information

NMS Network Management System

OID Object ID

OSI Open Systems Interconnection

OSPF Open Shortest Path First

PAP Passwork Authentication Protocol

PCB Process Control Block

POS Packet over SDH

PPP Point-to-Point Protocol

PRT Process Registry Table

QOS Quality of Service

RFC Request For Comments

RARP Reverse Address Resolution Protocol

RIP Routing Information Protocol

RLE Route lookup engine


RMON Remote Monitoring

SDH Synchronous Digital Hierarchy

SMTP Simple Mail Transfer Protocol

SNMP Simple Network Management Protocol

TCP Transmission Control Protocol

TFTP Trivial File Transfer Protocol

Product Description

34 © 2015ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

TOS Type Of Service

TELNET Telecommunication Network Protocol

TTL Time-To-Live

UDP User Datagram Protocol

VLSM Variable Length Subnet Mask

VPLS Virtual Private Lan Service

VPN Virtual Private Network

VPWS Virtual Private Wire Service

WAN Wide Area Network

WWW World Wide Web

ZXR10 5250 Product Description - Liberty · PDF fileZXR10 5250 Product Description ... ZXR10...

Documents

Transcript of ZXR10 5250 Product Description - Liberty · PDF fileZXR10 5250 Product Description ... ZXR10...