MEN Part 1

MEN Part 1
50464928
Network Learning Centre 1

Proprietary & Confidential 1
1
Class Introductions
• Participant Introductions
– Name
– Location (city)/ Department
– How long with Reliance
– Work experience in Data?
• Expectations

2
MEN Course Road Map
• Fundamental of Data Communication
• MEN Part 1
– Layer 2 theory and labs
– Layer 3
• OSPF theory and labs
• Overview of BGP and MPLS
• Reliance MEN architecture
• MEN Part 2
– Layer 3
• BGP theory and labs
– MPLS theory and labs
– VPN theory and labs
– VPLS theory and labs
– Reliance
Network MEN architecture
Learning Centre
3
Agenda
Day 1
Module 1
• VLAN
Module 2
• QinQ
Module 3
• Devices – Cisco & Huawei
Agenda
Day 2
• Exercises
– Basic Commands
– Clear the Configuration
– Telnet Configuration
– Management Vlan
– QinQ (optional)

Agenda
Day 3
Module 4
• STP
• RSTP
• MSTP
• Exercise
– MSTP

Agenda
Day 4
Module 5
• OSPF
• Exercises
– OSPF - 5 labs

Agenda
Day 5
Module 6
• BGP and MPLS Overview
Module 7
• MEN Architecture & Services
• Feedback & Test

8
Course Name
MAN Network Evolution

Today Tomorrow
Wireless Voice
Online Gaming
Wireless Data
High Speed
Streaming
Location &
Message
Presence
Message
Directory
Internet
Storage
Dial-up
Service
Video
Voice
Voice
VoIP
Data
FR
X.25
Core IP
IP / MPLS
ATM Network
PSTN SDH PDH
Cable
Access ADSL 3G
DSL FTTP/HFC Wireless
GSM/GPRS CDMA RAN
Ethernet
z Multiple networks merge together z Unified network, diversified services

z IP based z Gradual evolution
z Lower TCO
Network Learning Centre

Page9 9
TCO: Total Cost of Ownership

IP network can transmit multi-services, such as VoIP, internet data and IPTV.
Other networks can not do it.
Confidential Information of Huawei. No

Spreading Without Permission N-9
Course Name
Position of Metro Ethernet

Page10 10

Course Name
Star Topology
z Advantages: Simple, Low price

z Disadvantages: Need more
fiber, no link protection, not
suitable for NGN
Star

Page11 11
Star topology and ring topology are two main networking modes of Ethernet
switches. Star topology is of poor reliability because it does not provide protection
path. Therefore, it does not satisfy the demands for carrier-class services, for
example, NGN service. Ring topology, is more popular since it solves the problem
of protection switch.

Course Name
STP Based Ring
z Advantages: Mature
technology, good
interoperability, low cost, need
STP less fiber
z Disadvantages: Slow protection
switchover, complex protocol,
bad application experience
STP Based Ring

Page12 12
Spanning Tree Protocol (STP) is the most popular technology for Ethernet ring
networks. STP-based ring networks, however, have the following disadvantages:
The convergence speed is very low, usually in seconds, which does not satisfy the
demands of carrier-class services for the protection speed of 50ms.
Ring network technologies usually lead to increase of hop count, additional delay
and jitter, which do not satisfy the demands of NGN services. STP-based ring
technology does not consider measures to solve the problem of delay and jitter.
Stations on the ring share the bandwidth resource of the ring. Therefore,
competition for bandwidth resource exists certainly on the network. In this
condition, it is possible for the station farther to the convergence station to get less
bandwidth. Unfair utilization of resources like this makes it difficult to forecast the
bandwidth of the stations on the network and to guarantee the quality of services
(QoS).
Insert services of any station must be forwarded by all the stations on the ring.
Therefore, all the stations must have related configurations, such as configuration
of VLAN. Otherwise, services cannot be carried. In this case, addition of new
stations will impact the service at other stations, which makes it difficult to upgrade
the network and expand capacity of the network.

Course Name
Characteristics of Metro Ethernet
z High Availability
Switchover: <50ms Core
Service availability: 99.999% AN Metro (IP/MPLS)
Link Aggregation & node protection
E2E Protection
z Hard QoS
E2E SLA
z Scalability
No VLAN Limitation
Interface rate range from n Mbps to
N×10Gbps
z Service Management Metro

Fast provisioning, OAM
Unified management
Ethernet
z TDM
Seamless interoperation with legacy
TDM system
Legacy Leased Line
Page13 13
Ethernet in the metro can be deployed as an access interface to replace traditional T1/E1
TDM interfaces. Many data services are being deployed in the metro, including point-to-
point Ethernet Line Services and multipoint-to-multipoint Ethernet LAN services or Virtual
Private LAN services (VPLS) that extend the enterprise campus across geographically
dispersed backbones. Ethernet can run over many metro transport technologies, including
SONET/SDH, next-generation SONET/SDH, Resilient Packet Ring (RPR), and
wavelength-division multiplexing (WDM), as well as over pure Ethernet transport.
Ethernet, however, was not designed for metro applications and lacks the scalability and
reliability required for mass deployments. Deploying Ethernet in the metro requires the
scalability and robustness features that exist only in IP and Multiprotocol Label Switching
(MPLS)
control planes. As such, hybrid Layer 2 (L2) and Layer 3 (L3) IP and MPLS networks have
emerged as a solution that marries Ethernet's simplicity and cost effectiveness with the
scale of IP and MPLS networks. With many transport technologies deployed in the metro,
Ethernet
services have to be provisioned and monitored over a mix of data switches and optical
switches. It becomes essential to find a control plane that can span both data and optical
networks. MPLS has been extended to do this task via the use of the Generalized MPLS
(GMPLS) control plane,
which controls both data and optical switches. Understanding these topics and more will
help you master the metro space and its many intricacies.

Module 1
VLAN

Broadcast Storm
broadcast ……
Network
Page 15 Learning Centre 15
The traditional network is a flat structure in which one LAN belongs to the
same collision domain. The broadcast messages sent by any host will be
received by other hosts in the same broadcast domain. Replacing the hub with
the bridge (layer 2 switch) in the networking greatly improves the efficiency
of the unicast message transmission in the network as well as the
performance of the layer 2 network. But the bridge will still make several
copies of the broadcast messages in transmitting the broadcast messages to
send them to each corner of the network. With the increase of the network
scale, there are more and more broadcast messages in the network, which will
occupy more and more network resources that will seriously influence the
network performance. This is called broadcast storm.
Due to limitation of the working principle at the layer 2 network of the
bridge, it can do nothing to the broadcast storm. In order to improve the
network efficiency, normally the network will be divided into segments:
dividing one big broadcast domain into several small broadcast domains.
15
Divide Broadcast Domain by Router
broadcast
……
Network
In the past, the segmentation is made on the LAN through the routers. In
the figure above, we can replace the central node switch in the former figure
with the router to greatly diminish the transmitting range of the broadcast
message. This solution solves the broadcast storm problem. But the
segmentation by the routers is to separate the network physically. As a result,
the network planning is too complex and the networking mode is not flexible,
it will also increase the management and maintenance difficulty enormously.
As an alternative LAN segmentation method, the virtual local area network
has been introduced into the network solution to solve the problems occurring
in the large-scale layer 2 environment.
16
Divide Broadcast Domain by VLAN
Broadcast domain3
Broadcast domain1 VLAN 30
VLAN 10
Broadcast domain2
VLAN 20
Marketing Department Financial Department
Engineering Department
Network
VLAN——Virtual Local Area Network classifies the network resources

and network subscribers according to a certain principle, dividing a
physically interconnected network into several small logic networks. These
small logic networks form their own broadcast domains, namely the virtual
local area network (VLAN). In the figure, several departments share one
central switch, but each department belongs to different VLANs that form
their own broadcast domains. The broadcast messages can not be transmitted
across these broadcast domains.
The VLAN has the same features as the real network:
One VLAN forms a small broadcast domain, and members of the same
VLAN are in the definite broadcast domain of the VLAN belonged.;
Subscribers are not subjected to the physical equipment limitation. The
VLAN subscribers can be at any place of the network;
The VLAN has no influence to the subscriber application;
17
VLAN

Vlan range – 1- 4094

1- default
2-1005 – normal
1006 – 4094 - extended
18
Advantages of VLAN
• Compared to the traditional LAN

technology, the VLAN has the following
advantages:
– Improve the bandwidth utilization rate
– Enhance the communication security
– Strengthen the network robustness.
Network
The VLAN application has solved many problems occurred in the large-
scale layer 2 switching network:
Improve the bandwidth utilization rate: The VLAN can effectively solve
the performance declining problem caused by the broadcast storm;
Enhance the communication security: The message of one VLAN will
not be received by the hosts in other VLANs;
Strengthen the network robustness: When the network scale increases,
the failure in part of the network will influence the whole network. After
introducing the VLAN, some network failure can be limited within one;
As the VLAN makes the segmentation on the network logically, the flexible
networking solution and simple configuration management reduce the
management and maintenance cost.
19
Port Based VLAN
LAN Switch
VLAN Table
Port VLAN
Port 1Port 2Port 3 Port 4 Port 1 VLAN5
Port 2 VLAN10
Port 3 VLAN5
Port 4 VLAN10
Host A Host B Host C Host D
Network
This kind of VLAN segmentation method is to make the segmentation

according to the port of the Ethernet switch. For example, the switch ports
1~4 belong to the VLAN A, the switch ports 5~17 belong to the VLAN B,
and the switch ports 18~24 belong to the VLAN C. Of course, those ports
belonging to the same VLAN may not in consecutive numbers. The
administrator decides how to make the configuration.
In the figure, the port 1 and port 3 are designated to the VLAN 5, and the
port 2 and port 4 are designated to the VLAN 10. The host A and host C
connect to the port 1 and port 3 respectively. Therefore they belong to the
VLAN5.In the same way, the host B and host D belong to the VLAN 10.
If there are several switches, you can designate that the ports 1~6 of the
switch 1 and the ports 1~4 of the switch 2 belong to the same VLAN. That‘s
to say, the same VLAN can cross several Ethernet switches. The port-based
segmentation is the most commonly used method in defining the VLAN. The
advantage of this segmentation method is that it is simple to define the
VLAN members by only defining all the ports. Its disadvantage is that the
port should be defined again if the VLAN subscriber leaves the original port
to a certain port of a new switch .
20
Format of 802.1Q Frame
DA SA Type Data CRC
Standard Ethernet Frame
DA SA tag Type Data CRC
TCI
TPID Priority CFI VLAN ID
Ethernet Frame with IEEE802.IQ Flag

Network
The four-byte 802.1q tag head contains 2-byte tag protocol identifier
(TPID) and two-byte tag control information (TCI).
TPID (Tag Protocol Identifier) is a new type defined by the IEEE,
indicating that the frame bears the 802. 1Q tag. The TPID contains a fixed
value 0x8100.
The TCI contains the frame control information including the following
elements:
Priority: Three bits indicate the frame priority with total 8 priority levels
ranging 0－7. The IEEE 802.1p standard uses this three-digit information.
Canonical Format Indicator (CFI): If the CFI value is 0, it indicates the
standard format, and 1 indicates non-standard format. It is used in the token
ring /source routing FDDI medium access method to indicate the bits
sequence information of the address in the encapsulated frame.
VLAN Identified (VLAN ID): This 12-digit domain indicates the VLAN
ID which totals 4096 and each supports 802.1q. Each data packet sent by the
host that supports the 802. 1Q protocol will contain this domain to indicate
which VLAN it belongs to.
In the switching network environment, the Ethernet frame has two formats:
Frames without such four-byte tag are called untagged frames; Frames with
such four-byte tag are called tagged frame.
21
Link Type
Trunk Link or Hybrid Link
Access Link
Network
The access link refers to the link that connects the host and switch. In
normal case, the host does not need to know which VLAN it belongs to, and
the host hardware does not need to support the frames with VLAN tags. The
frames sent and received by the host are all frames without tag.
The access link connected to a certain port that belongs to but only one
VLAN. This port can not directly receive the information from other VLANs
or send the information to other VLANs. The information of different
VLANs should pass the layer 3 routing processing before forwarded to this
port.
The trunk link can bear multiple data links of different VLANs. The trunk
link normally refers to the interconnection between switches, or between
switches and routers.
When the data frame is transmitted over the trunk link, the switch must use
one method to identify which VLAN the data frame belongs to. The IEEE
802.1q has defined the VLAN frame format. All the frames transmitted over
the trunk links are tagged frames. Through such tags, the switch can confirm
which VLANs those frames belong to.
Different from the access link, the trunk link serves to bear the VLAN data
between different equipments (such as between switches and routers, or
between switches). Therefore, the trunk link does not belong to any specific
VLAN. Through the configuration, the trunk link can bear all the VLAN data.
The configuration can also be made to transmit only the designated VLAN
data.
Although the trunk link does not belong to any specific VLAN, one pvid
(port VLAN ID) should be configured to the trunk link. In case that the
untagged frames appear in the trunk link for any reason, the switch will add 22
h VLAN id hi f d k h i
VLAN Trunking
• Allows to send traffic for multiple VLAN across
single link.
• Two devices must support same trunking protocol
– 802.1q
• Device adds a header called tag to the original
Ethernet frame which has field for VLAN ID
• Allowed VLANs – Each trunk allows all VLANs by
default. However, they can be added or removed
from the list.

Frame Changes in Network
Communication
VLAN 2 VLAN 3
Ethernet frame with tag
Ethernet frame
without tag
Ethernet frame with tag
VLAN 3 VLAN 2
Network
The figure shows a LAN environment in which there are two switches in
the network and two VLANs configured. The link between the host and
switch is the access link. Switches connect each other through the trunk link.
For the host, it does not need to know whether the VLAN exists. All the
messages sent by the host are untagged messages; when the switch receives
those messages, it will judge which VLAN the message belongs to according
to the configuration principle (such as port information) before making the
processing. If the messages have to be sent through another switch, the
messages should be transmitted over the trunk link to another switch. In order
to guarantee that other switches process the VLAN information of the
messages correctly, the messages sent over the trunk link are all with the
VLAN tags.
When the switch finally confirms the ports that the messages are sent to, it
will delete the VLAN tag in the Ethernet before sending the messages to the
ports. In this way, the messages received by the host are the Ethernet frames
without VLAN tags.
Therefore, in normal case, the frames transmitted over the trunk link are all
tagged frames. The frames transmitted over the access link are all untagged
frames. The final result of this practice is that the VLAN configured in the
network can be processed correctly by all the switches, and the host does not
need to understand the VLAN information.
24
Trunk and VLAN
VLAN 4
VLAN 5
VLAN 2 VLAN 4 VLAN 3 VLAN 2 VLAN 4 VLAN 5 VLAN 5 VLAN 2
Trunk Link
Broadcast
Network
No matter how many switches one network includes, and no matter how
many switches one VLAN crosses, each VLAN confirms one broadcast
domain according to the VLAN definition. The broadcast messages can be
received by all the hosts in the same broadcast domain. That's to say, the
broadcast messages should be sent to all the ports of one VLAN. The VLAN
may cross multiple switches. When one switch receives the broadcast
message from one port of a certain VLAN, the switch should transfer the
message by performing the following principles to guarantee that all the hosts
in the same VLAN will receive this broadcast message:
1．Send to other ports of the same VLAN of this switch;
2．Send this message to all the trunk links of this VLAN that the switch
contains, so that the ports of the same VLAN of other switches can also send
this message.
One port is set as the trunk port. That is to say, the link connected to this
port is set as the trunk link. Whilst it should be configured what VLAN
messages can pass the trunk link. Before configuring which VLAN is allowed
to pass through, we should consider the network configuration situation. In
the meanwhile, we should not allow the trunk link to pass all the VLANs:
Because all the broadcast messages should be sent to all the ports of each
VLAN, and those broadcast messages will be transmitted to other switches
over the trunk link. If there is no port of this VLAN member at the other side
of the trunk link, it will waste the bandwidth resource and processing time.
For most subscribers, the manual configuration is troublesome. A large-
scale network may contain multiple VLANs. As the network configuration
changes at any time, it is quite complex to configure the trunk ports according
to the topology structure of the network. The GVRP protocol can solve this 25
problem: The trunk links are dynamically configured by the GVRP protocol
Cisco Commands
• #switchport mode access
• #switchport mode trunk
• #switchport trunk allowed vlan add 900

GARP/GVRP
(Not used in RCOM)

Generic Attribute Registration Protocol
(GARP)
Attribute claim and registration
GARP message
Attribute claim and registration
GARP model
a: to register attributes that the peer claimed
A: To claim its attributes to the peer
Attribute will be broadcast to the whole network

through GARP "claim-register-claim" process
GARP work process
Network
To understand GVRP, we have to mention GARP. The full name of the

GARP is Generic Attribute Registration Protocol, which provides the means
of the information distribution, transmission and registration for the switching
members such as the VLAN and multicast address in the same switching
network. Through the GARP mechanism, the configuration information of
one GARP member will be transmitted instantly to the whole switching
network.
Through the claim and reclaim, the GARP member informs other GARP
members to register or logout its attribute information. In the same way,
according to the claim or reclaim registration from other GARP members, it
can logout the attribute information at the opposite side.
The GARP itself is only a protocol specification but not an entity existing
in the switch. The application entity that observes the GARP protocol is
called the GARP application. At present, the main GARP application is
GVRP and GMRP.
The GVRP is the VLAN registration protocol, with full name GARP
VLAN Registration Protocol. The GVRP, which adopts the GARP-based
working mechanism, maintains the VLAN dynamic registration information
of the switch. All the switches supporting the GVRP attribute can receive the
VLAN registration information from other switches, and dynamically update
the local VLAN registration information. The VLAN registration information
transmitted by the GVRP includes the static registration information
configured manually in the local switch and the dynamic registration
information from other switches.
According to the VLAN registration information, the switch can
understand What VLAN there are at the opposite side of the trunk link. So it 28
can configure the trunk link automatically to allow only the VLANs needed
GARP VLAN Registration Protocol
(GVRP) Pruning
VLAN 1 A B C VLAN 1
E0/1 E0/1 E0/2 E0/1
VLAN 2
The frame tagged with vlan 2
can not pass through
VLAN 1 A B C VLAN 1
E0/1 E0/1 E0/2 E0/1
VLAN 2 VLAN 2
Add vlan 2
Network
It is shown in the above figure how the GVRP works. Different from the
default trunk link, the trunk link can decide whether to bear the message of a
certain VLAN according to the VLAN status at the opposite side. In this way,
it guarantees that the broadcast message transmitted over the trunk link is
corresponding to the port at the opposite switch which requires sending this
message.
In the initial status of the figure, the switch A and B connect with each
other through the trunk link, and so do switch B and C. The switch A
configures two VLANs: VLAN 1 and VLAN 2. While the switch C has only
VLAN 1, all the switches enable GVRP protocol. As we know, because of
GVRP protocol, all the switches have the attribute of vlan 2, but if we show
the status of Ethernet 0/2 on switch B, we can find that this port can not allow
the vlan2 frame to be passed because the vlan 2 attribute is not being
registered in the port.
From the lower part of the figure we can see that VLAN 2 is newly
configured in the port of switch C. The GVRP protocol operating in the three
switches will automatically update the VLAN registration status, and
configure the trunk link to allow the messages from VLAN 2 to transmit over
the trunk link.
In the future, if a certain switch deletes one VLAN, the GVRP will also
update the VLAN registration information, and configure the trunk link to
forbidden the unnecessary VLAN message transmission over the trunk link.
29
Inter-vlan Routing
L3 Forwarding
Network
30
Layer 2 switching network-broadcast
Broadcast domain
z In traditional layer 2 switching networks, the whole network is a

broadcast domain, so when the network increases in scale, network
broadcasting severely increases, causing a drop in efficiency, which
is disadvantageous for management
Network
In the layer 2 switching network, the whole network is a flat structure and
is wholly constructed by the layer 2 switches. The whole network is a big
broadcast domain.
In the Ethernet, the so-called broadcast domain refers to the maximum
range of the forwarded frames (the destination MAC address is the frame of
the ff-ff-ff-ff-ff-ff) in a network.
In the layer 2 switch, the switch makes the frame routing and forwarding
according to the MAC address. When one complete and correct Ethernet
frame is received by one port of the switch, the switch will search the address
in the MAC address list maintained by itself. According to different address
types and inquiry results, the switch will make different processing on the
frames.
Unicast-if its destination address available in the MAC address list ,
According to the output ports of the destination address designated in the
address list, the frame is forwarded to the corresponding port. (The unicast
MAC address can only designate one output port.) Unicast –if its destination
address not available in the MAC address list Broadcast this frame to all ports
except the input port in the broadcast domain.
Multicast -its destination address available in the MAC address list,
According to the output ports of the destination address designated in the
address list, the frame is forwarded to the corresponding ports. (The multicast
MAC address can designate one or a group of output ports) Multicast--if its
destination address not available in the MAC address list, Broadcast this
frame to all ports except the input port in the broadcast domain.
In the flat layer 2 network, the broadcast domain is the whole network. In
case that the broadcast occurs or the destination address frame fails to match 31
h i h dd li h f ill b b d h h l k
Insulating layer 2 broadcast domain
VLAN 100 VLAN 200
z VLAN has insulated the layer 2 broadcast domain, thus strictly

insulate any flow between any two VLANs
Network
In order to solve the problems such as the low efficiency and security
caused by the broadcast, the concept VLAN is introduced that each VLAN is
designed into one independent broadcast domain in the network that supports
the VLAN function and is constructed by the switches.
Each VLAN is strictly separated. Any frame can not be forwarded from the
VLAN belonged to other VLANs. The whole network is divided into several
broadcast domains in small scale. The network broadcast is controlled in a
comparatively small scope so that it increases the network bandwidth
utilization rate and improves the network efficiency and performance.
Everyone can not directly access one point of the network from another
point of the network, or monitor the frames of the whole network with no
limitation. The separated broadcast domain improves the network security.
The VLAN can perform the subscriber grouping. By configuring the
VLAN, it realizes the flexible network management. Whilst the network is
moved, the network design can be modified easily without any tedious and
time-consuming work on modifying the network wiring because of the
flexible configuration of the switch.
32
Inter-VLAN communication
VLAN 100 VLAN 200
VLAN 300
z Flows between different VLANs cannot directly cross VLAN
boundaries, we can use routers so that messages can be
transferred from one VLAN to another VLAN
Network
"Where there is no connection, there is no network". When one network is

divided into multiple broadcast domains by the VLAN, all the VLANs can
not access each other because the flow of each VLAN is separated physically
in nature.
Separating the network is not the final target of building the network.
Choosing the VLAN separation is only to optimize the network and our target
is to make the whole network interconnected finally.
The solution to the inter-VLAN communication is to configure 3-layer
facilities with the routing functions. The internal flow of the VLAN is
performed in the original layer 2 network within the VLAN. The
communication flow from one VLAN to another VLAN is forwarded through
the routing at layer 3. After it is forwarded to the destination network, the
message is finally sent to the destination host through the layer 2 switching
network.
As the layer 3 function adopts the no-forwarding strategy to the broadcast
messages in the Ethernet, configuring the routing function between VLANs
will not change the intention of dividing the VLAN to separate the broadcast.
We can interconnect the layer 3 functions of the VLAN through various
configurations, such as the routing protocol configuration and the access
control configuration to form the control strategy on the mutual accesses of
the VLANs and make the network status under control.
33
Route selection in inter-VLAN
communication
Ping 2.2.2.20 VLAN 100 VLAN 200
Non-
Non-local communication
Using default gateway
1.1.1.10/24 2.2.2.20/24
network1.1.1.0/24 at interface 1
network2.2.2.0/24 at interface 2
z A default gateway is configured at the host; for non-local communication, the

host will automatically search for the default gateway, and send the
messages to the default gateway for transferring instead of directly sending
to the destination host
Network
In the network ,we divide the VLAN and interconnect the VLANs through
routers, how do the hosts of the network communicate with each other?
First, let's give such a definition:
The hosts located in the same VLAN are called the local hosts. The
communication between the local hosts is called the local communication.
The hosts located in different VLANs are called non-local hosts. The
communication between non-local hosts is called non-local communication.
For the local communication, the hosts at both communication sides locate
in the same broadcast domain. The flow of two hosts can directly reach each
other. As the communication process is the same as which in the flat layer 2
network, the details will not be described here.
For the non-local communication, the hosts at both communicating sides
locate in different broadcast domains. The flow of two hosts can not directly
reach each other. The host can not request the address of the opposite side
through the ARP broadcast request. The current communication can only be
completed with the help of the intermediate router.
The routers between VLANs act as the gateway for each VLAN.
Therefore, the hosts that make mutual communication through the routers
should know whether the routers exist and their addresses.
After configuring the router, configure the default gateway as the interface
address of the router with this VLAN in the host.
As shown in the above figure, the host 1.1.1.10 should communicate with
2.2.2.20.
At first, the host 1.1.1.10 compares the local subnet masks to find that it
can not directly access the destination host as the destination host is not the 34
One physical connection for every
VLAN
VLAN 100 VLAN 300 VLAN 200
z VLAN is configured on layer 2 switches, and every VLAN uses a

unique physical connection to one interface of the router.
Network
As described before, the inter-VLAN communication operates through the

routers. So there exists the Inter-network option problem in establishing the
network.
According to the traditional network building principle, each VLAN
requiring the inter-networking will build an independent physical link to the
router. Each VLAN will occupy one switch port and one router port.
In such configuration, each routing interface and physical port of the router
are in one-to-one relation. When the router makes the inter-VLAN routing, it
forwards the message from one routing interface to another routing interface.
In the same time, the message is forwarded from one physical interface to
another physical interface.
35
Use VLAN Trunking
VLAN 100 VLAN 200
VLAN 300
z multiple VLANs in the network can share only one physical link.
z On the switch, configure that ports connecting to routers use the VLAN Trunking.
z And make the same configuration in the router
Network
Using the VLAN Trunking technology can help optimize the above
network.
The concept VLAN Trunking has been introduced in the chapter VLAN.
Using this technology enables the service flow of multiple VLANs to share
the same physical link. By transmitting the tagged frame in the physical link
of the VLAN Trunking, it distinguishes the flow of each VLAN.
In making the inter-VLAN inter-networking, multiple VLANs in the
network can share only one physical link. In the switch, configure that ports
connecting to routers use the VLAN Trunking. And make the same
configuration in the router.
In such configuration, every router interface and physical interface in the
router are in many-to-one relation. When the router makes the inter-VLAN
routing, it forwards the message from one routing interface to another routing
interface. But the message is forwarded from one physical interface back to
the same physical interface. The VLAN tag is replaced with the destination
network tag after the forwarding.
In normal case, the flow of inter-VLAN routing is not enough to reach the
linear speed of the link. Using the VLAN Trunking configuration can
improve the bandwidth utilization rate of the link, save the port resources and
simplify the management. (e.g, if adding one VLAN in the network, you can
only maintain the equipment configuration without changing the network
wiring.)
After using the VLAN Trunking, there is still some performance
deficiencies in using the traditional router to make the inter-VLAN routing.
The routings make use of the universal CPU. The routers make the
36
forwarding totally relying on the software and support various
Integration of switching and routing
VLAN 100 VLAN 200
VLAN 300
VLAN 100 VLAN 200
VLAN 300
z Functional integration of layer 2 switches and routers forms the layer 3

switch; the layer 3 switch functionally realizes VLAN classification,
VLAN internal layer 2 switching and inter-VLAN route functions.
Network
The emerging of the layer 3 switch brings huge economic benefits to the
network.
The layer 3 switch adopts the hardware technology to integrate the network
functions of the layer 2 switch and routers into one box through some clever
processing. Thus it improves the network integration and enhances the
forwarding performance.
In order to implement the interconnection of heterogeneous networks, the
IP protocol offers abundant functions. The standard IP routing needs to make
much processing and pass many processes when forwarding each IP message,
bringing huge work to the software as described before.
But such work is not necessary for each message processing. Most
messages only need to pass a small part of the processes. There is a large
space to improve the IP routing method.
The design of the layer 3 switch, based on the careful analysis of the IP
routing, picks up the necessary processes that each message should pass in
the IP routing. This process is a simplified process
Most messages in the IP routing do not include the IP option. So the IP
option processing of the message is not necessary in most cases.
The message length in different networks is different. In order to adapt to
different networks, the IP implements the message partition function.
However, in the Ethernet environment, the network frame (message) length is
fixed. So the message partition function can be omitted.
The layer 3 switch adopts the accurate address-matching mode for
processing to enable the hardware to fast inquiry, different from the mode
that requires matching the longest address mask in the router. 37
Th l 3 it h d t th C h th d t t th h t ti
Function model of layer 3 switch
ETH0:10.110.0.254/24 ETH2:10.110.2.254/24
ETH1:10.110.1.254/24
10.110.0.113/24 10.110.1.69/24 10.110.1.88/24 10.110.2.200/24

G:10.110.0.254 G:10.110.1.254 G:10.110.1.254 G:10.110.2.254
Network
The function of layer 3 switch is corresponding to the part in the dotted

line frame of the figure.
As the layer 3 switch integrates functions of routers and the layer 2 switch
supporting the VLAN, it is also called the layer 2 and layer 3 Switch.
Functions of the layer 2 switch and the router are realized in the layer 2
VLAN forwarding engine and layer 3 forwarding engine.
The layer 2 VLAN engine, the same as the layer 2 forwarding engine of the
layer 2 switch supporting the VLAN, uses the hardware to support the layer 2
forwarding of multiple VLANs.
The layer 3 forwarding engine uses the hardware ASIC technology to
realize the high-speed IP forwarding.
Corresponding to the IP network module, each VLAN is corresponding to
one IP network segment. The layer 3 forwarding engine of the layer 3 switch
forwards the messages between each network segment (VLAN) to realize the
inter-networking between VLANs. Therefore, the routing function of the
layer 3 switch is called the inter-VLAN Routing.
38
Message to message Layer 3 switching
technology
3 3 3 3
2 2 2 2
1 1 1 1
z Traditional layer 3 technology processes each message, and transfers

messages based on the destination IP addresses. This method is
called from message to message
Network
The difference between message-to-message switching mode and flow

switching mode is listed below. If each message should pass the layer 3
processing and the service flow forwarding is based on the layer 3 address,
this switching mode is called the message-to-message switching mode; if
only the first message passes the layer 3 processing and other subsequent
messages pass only the layer 2 forwarding, this switching mode is called the
flow switching mode.
In the message-to-message activity as shown in the figure above, first the
message enter the physical interface at layer 1 of the system OSI reference
module; next, it reaches the layer 2 to receive the destination MAC address
check. If the list check result does not allow the switching, the message will
enter the layer 3. At layer 3, the message passes the routing calculation and
address analysis processing. After passing the layer 3 processing, the message
header is modified and transmitted back to the layer 2. After the layer 2
confirms the appropriate output port, the message is transmitted to the
physical medium through the layer 1. All the subsequent messages should go
through the same process.
39
Layer 3 switching technology based on
flow switching
3 3 3 3
2 2 2 2
1 1 1 1
The first message

Subsequent messages
Network
In the flow switching, the first message is analyzed to confirm whether it

indicates one "flow" or a group of messages with the same source address and
destination address. If the first message has the correct feature, the
subsequent messages of this identifier flow will own the same priority. The
subsequent messages of the same flow will be switched to the destination
address based on the layer 2. The flow switch saves the processing time on
each message. Currently, all the layer 3 switches adopt the flow switching for
the high-speed switching
40
Isolate-user-VLAN
• Isolate-user-VLAN (Huawei) is same as Private VLAN (Cisco)
– This is not supported by CX200 (old technology not supported in
new devices)

Super-VLAN
• Super-VLAN is same as Aggregate VLAN

– Not supported in CX200, CX600 supports
C X -A
S u p er V L AN 4
S u b -V L A N 2 S u b -V L AN 3
Super-VLAN
• No Physical Ports in Super-VLAN
• Super-VLAN is the gateway for sub-vlans
• Super-VLAN has IP address (vlanif)
• VLAN aggregation solves the problem that excessive IP addresses
occupation caused by VLANs.
• As shown in Figure, in VLAN aggregation, multiple VLANs are
aggregated into a super-VLAN. Member VLANs of a super-VLAN
are called sub-VLANs. All sub-VLANs share the same IP network
segment.
• If a large number of VLANs exist in an Ethernet network, VLAN
aggregation can simplify the configurations.

Module 2
Q-in-Q

Basis of the QinQ Technology
Applications of BPDU Tunnel
Principles and Applications of Selected QinQ
Network
45
QinQ background
• Why we need QinQ?

– Solving the increasingly deficient public
network VLAN ID resources;
– Users can plan private network VLAN IDs
without conflicting with public network
VLAN IDs;
• QinQ technology: solving the increasingly
deficient public network VLAN ID resources;
providing small-sized MANs or Intranets with a
simple layer-2 VPN solution.
Network
QinQ background :
First :Solving the increasingly deficient public network VLAN ID resources;

Each VLAN supports 4096 users, which cannot meet the requirement of a large-
scale network; The operator classified access users according to the VLAN IDs,
The VLAN can support 4094 users; after using the QinQ technology, it can support
4094*4094 users.
Second :Users can plan private network VLAN IDs without conflicting with
public network VLAN IDs; The layer-2 VPN technology can be used to
transparently transmit user VLAN information and Ethernet configuration
information.
So we bring up QinQ technology: solving the increasingly deficient public

network VLAN ID resources; providing small-sized MANs or Intranets with a
simple layer-2 VPN solution.
46
The basic idea of QinQ
• The basic idea of QinQ is to add one more tag in front of the
tag of the message encapsulated on the basis of 802.1 Q;
Each message traverses the service provider’s backbone
network with two tags,

• At present, the feature is supported by many suppliers, but in
different names.
– HUAWEI VLAN VPN
– Cisco 802.1Q Tunneling
– Extreme Virtual MAN/vMANs
Page 47– Riverstone
Network Learning Centre Stackable VLAN/SVLAN 47
47
Proprietary & Confidential
The basic idea of QinQ is to add one more tag in front of the tag of the message
encapsulated on the basis of 802.1 Q; it might also be a visualized name for using
one tag to classify tunnels (users).
The general idea is to encapsulate the user’s private network VLAN tag into the
public network VLAN tag. Each message traverses the service provider’s backbone
network with two tags, hence providing users with a simple layer-2 VPN tunnel.
47
QinQ encapsulation
DA SA Type Data CRC

Ethernet frame
DA SA TPID tag Type Data CRC

802.1Q Ethernet frame
DA SA TPID tag TPID tag Type Data CRC

QinQ Ethernet frame
QinQ inserts a new tag, The internal tag
which is called the is attached by
external tag. the user.
Network
According to the 802.1Q Recommendation, the value of Tag Protocol Identifier

(TPID) Etype is 8100,
Huawei’s Etype values on external and internal tags are same as those of
CISCO; the values are all 0x8100. However, the Etype value of the external tags by
Foundry and Extreme is 0x9100 (possibly different in the latest versions).
In general, the Etype of the newly added external tag in QinQ is also 8100;
however, as no standard value is specified, some vendors define the value as
9100/9200. Huawei’s equipment provides the TPID adjustable function to facilitate
the interconnections with equipments with different Etype values.
48
QinQ topical application
Custom A
ISP network VLAN200
S
S S
VLAN100 header 10
user
data user
vlan header data
header
user
data
vlan S
S vlan
user
VLAN100
header 20 data
vlan
VLAN200
Custom A S External S
label
Trunk port: single tag at the customer side; two tags at the operator side
Tunnel port; external tag attached or peeled off
Network
The user’s message is attached with an external tag before it traverses the operator’s
network; simple layer-2 VPN functions are enabled.
Typical applications of QinQ Tunnel port: The QinQ-supported port is configured. The
Tunnel port is a VLAN allocated by the operator to the customer. The Tunnel port is only
configured at the operator’s equipment. In the above figure, customer A is allocated with
VLAN10; all Tunnel ports connected with customer A belong to VLAN10 in the operator’s
network. When the data of customer A (already with a customer VLAN tag) reaches the
Tunnel port, an external tag will be added. The VLAN ID is 10. In the operator’s network,
the data is transmitted according to the normal layer-2 transfer process in VLAN10. When
the data of customer A leaves the Tunnel port, the external tag will be peeled off. Only the
internal customer VLAN tag will be left. Upon arriving at the customer side switch, the data
is transmitted in the customer’s network as a normal Tag message. MAC study: When the
customer data reaches the Tunnel port, the MAC study is allocated to the customer VLAN
(customer A’s data MAC study is in VLAN10); when the data reaches the customer side,
MAC study is in the VLAN attached by the internal customer VLAN tag. The QinQ
function is not visible for the customer side switch. The operator’s network is transparent
for the customer. The Tunnel port is sometimes called the vlan-vpn port
49
Advantages of QinQ
• It can be simply taken as a packet with two

layers of 802.1Q tags.
• The QinQ technology reduce costs for
operator.
• The customer can plan a private VLAN ID.
• QinQ does not require signaling protocols.
• QinQ has expanded VLAN resources .
Network
QinQ can be simply understood as a message with two layers of 802.1Q tags.
The QinQ technology enables the operator to provide layer-2 VPN to customers at low
costs. QinQ services are implemented in the operator’s network; users are insensitive to
QinQ.
In each message in the operator’s network, the internal tag is the customer’s private
VLAN ID, while the external tag is allocated by the operator. The customer can plan a
private VLAN ID; changes in the operator’s network will not affect the customer’s network.
QinQ does not require signaling protocols; only static configurations shall be made;
configurations are simple and stable.
QinQ has expanded VLAN resources and enable the operator to classify access users
according to VLAN IDs.
50
QinQ QOS
• How to realize Ethernet QOS in the

QinQ network?
Core switch
S8500 QOS feature can realize:：
realize:：
For uplink traffic (messages with single tags)

QOS is enabled according to the internal VLAN ID
Mapping to external COS according to the internal COS

Mapping to DSCP according to the internal COS
Mapping to the local priority queue according to the internal COS
Network
The message with 8021Q tag at the customer side contains the 8021p priority level. After
the tunnel port is attached with an external tag, the message contents cannot be identified in
layer-2 transfer. How to realize Ethernet QOS in the QinQ network?
51
Challenges for the QinQ technology
• QinQ described above is port-based QinQ; its principle is : When

an equipment port receives a message, the switch will label a
default VLAN tag on the message, whether the message has had
a VLAN tag or not.
• New challenges
– In the QinQ network, the operator’s network is transparent for
customers. In case there is redundancy in the connection
between a customer and the operator’s network, a loop will be
generated.
• New technology--selected QinQ.
Network
The principle of port-based QinQ is : When an equipment port receives a

message, the witch will label a default VLAN tag on the message, whether the
message has had a VLAN tag or not. In this case, if the message has already had a
VLAN tag, it will have two tags. If the message is untagged, it will have a default
VLAN tag.
New challenges : In the QinQ network, the operator’s network is transparent for
customers. In case there is redundancy in the connection between a customer and
the operator’s network, a loop will be generated. (See customer A in the QinQ
application schematic map.)
This challenge requires the operator’s network to transparently transmit

STP/RSTP/MSTP messages. In this way, the customer can construct a STP tree
outside the operator’s network and hence cut off the redundant link (BPDU-
Tunnel).
Some operators propose user classification according to the user VID or other
features, rather than user access ports (selected QinQ).
52
Principles and Applications of Selected

QinQ
Network
53
QinQ BPDU Tunnel
BPDU Tunnel principles
• Layer-2 protocol messages are also called the

BPDU messages.
• The following requirements must be satisfied so that
BPDU messages can be transparently transmitted in
the operator’s QinQ network:
– All branches in a customer network can receive
their BPDU messages.
– BPDU tunnels in different customer networks
must be isolated from one another to avoid
How to solve the two
interference.
problems?
Network
Layer-2 protocol messages are also called the BPDU messages. Their transparent
transmission tunnels in the operator’s network can be called layer-2 protocol tunnels or
BPDU tunnels
So how to solve the two problem brought up in the slide?
First: When receiving a BPDU message on the Tunnel port, the port labels a tag allocated
by the operator on the message. Such tags are used to identify BPDU messages in different
VPNs. In the operator’s network, BPDU messages are transmitted as normal data messages.
Second : to avoid the customer’s BPDU message being processed by the operator’s
network equipment, a multicast MAC shall be attached to each encapsulated BPDU
message as the destination MAC. This ensures that the messages are sent to different
branches in the VLAN allocated by the operator. When a message goes out of the Tunnel
port, the VLAN tag will be removed, and the destination MAC will be changed back to the
BPDU MAC.
Characteristics of BPDU message messages: BPDU messages are layer-2 control
messages of bridge equipment. They are correlative globally in the equipment and have no
VLAN tags.
In the traditional bridge equipment, if a received BPDU message is not supported or
enabled, it will be propagated in all ports; otherwise, it will be processed in the equipment
before it is transferred.
54
Huawei adopted the above methods in previous solutions In the present solution the
QinQ BPDU Tunnel
Realization of the BPDU Tunnel
BPDU Packet
DA SA Length(2) DSAP(1) SSAP(1) Control(1)Protocol Data FCS

01-80-C2-00-00-00 00-0F-E2-07-F2-E0 0x42 0x42 0x03
BPDU-Tunnel Packet
DA SA Length(2) DSAP(1) SSAP(1) Control(1)Protocol Data User_Info FCS

01-00-0C-CD-CD-D0 00-0F-E2-07-F2-E0 0x42 0x42 0x03
Modifying the BPDU add this part to

destination address identify user
to multicast MAC network
Network
Upon receiving a BPDU message, the Tunnel port modifies the destination MAC into a
multicast MAC (01-00-0c-cd-cd-d0). Identification information, such as the user
information, is inserted in front of the FCS. The multicast MAC ensures that the message is
propagated in the VLAN; it also identifies the message as a BPDU-Tunnel message. When
receiving the message, the switch submits it to the CPU for processing; it recovers the
BPDU identity and sends the message to the corresponding customer network according to
the user information identification in the message.
Modifying the BPDU destination address to multicast MAC Modifying the BPDU
destination address to multicast MAC Destination: 01-00-0c-cd-cd-d0Source address: 00-
0F-E2-07-F2-E0 The source of the BPDU messages sent by Huawei’s switches is this
MAC. According to the above descriptions, we can find that BDPU messages and BPDU-
Tunnel messages are both in LLC encapsulation. At present, Huawei’s realization method is
consistent with the realization method of Cisco. Tests showed that Huawei’s equipment can
interwork with Cisco’s equipment.
55

QinQ
Network
56
QinQ
Characteristics of selected QinQ
• Based on the stream classification results,

selected QinQ can determine whether to
attach external VLAN tags and the type of
external VLAN tags. Different bearer schemes
are executed for different services.
DA mac SA mac Tag IP Protocol Data FCS
z Selected QinQ is also called stream classification based Nested VLAN

feature. Each user can implement operations on messages that match
with specific ACL stream rules.
Network
Based on the stream classification results, selected QinQ can determine whether
to attach external VLAN tags and the type of external VLAN tags. Characteristics
of selected QinQ can be implemented according to the user VLAN tag, MAC
address, IP protocol, source address, destination address, priority level, or port
number of the application program. With the above stream classification methods,
external VLAN tags can be encapsulated to messages according to different users,
different services, and different priority levels; different bearer schemes are
executed for different services.
57
QinQ
Scene 1 of selected QinQ applications
• Inter-service-area traffic distribution by

ports
MAN
VLAN 10 VLAN1-XXX
VLAN 20 VLAN1XXX
VLAN 30 VLAN2XXX
Trunk
Trunk
S S
VLAN 2 VLAN 2001 VLAN 3 VLAN 2002
VLAN 1001 VLAN 1002
Network
Inter-service-area traffic distribution by ports: ordinary Internet user PC VLAN is in the

range of 1~1K; IPTV user VLAN is in the range of 1K~2K; VIP customer Internet access
VLAN is in the range of 2K~3K...
Ordinary Internet users VLAN range 1~1K with external VLAN10
VLANIPTV users VLAN range 1K~2K with external VLAN20
VIP customer Internet access VLAN range 2K~3K with external VLAN30
58
QinQ
• Traffic distribution by message protocol

numbers
MAN
VLAN 10 PPPOE
VLAN 20 IPOE
VLAN 2
VLAN 3
S S
Network
Traffic distribution by message protocol numbers: ordinary PCs use the PPPoE protocol
to access the Internet; IPTV adopts the IPoE protocols. The terminals are connected to the
uplink via a VLAN. The QinQ technology can be used to distribute traffic according to
different protocol numbers of messages, for example PPPoE and IPoE message.
In Huawei’s 8500 switch, each PPPoE message of ordinary Internet PC is attached with
external VLAN10; each IPOE message of the IPTV is attached with external VLAN20.
59
QinQ
• Traffic distribution by message

destination IP addresses
MAN
VLAN 10 DA IP Service control
VLAN 20 DA VOIP
S S
Network
Traffic distribution by message destination IP addresses: for service application messages

with the same source IP address and same message encapsulation, for example messages
generated from the SoftPhone program, traffic can be distributed via the selected QinQ
technology according to the destination IP addresses of the messages.
Each ordinary Internet data message is attached with external VLAN10; each VOIP
messages with specific destination address is attached with external VLAN20
60
QinQ
• Traffic can be distributed by the internal VLAN tags of

the QinQ.
VLAN 10 VLAN 100
VLAN 10 VLAN 300
VLAN 20 VLAN 200

MAN
VLAN 20 VLAN 400
VLAN 30 VLAN 300

VLAN 10 VLAN 100
VLAN 40 VLAN 400
S VLAN 20 VLAN 200

S
VLAN 100
VLAN 200
VLAN 300 VLAN 400
Network
In the concatenated networking mode, some concatenated switches have adopted port-
based QinQ. In this case, traffic can be distributed via the selected QinQ according to the
internal VLAN tags of the QinQ.
The ordinary QinQ attaches external VLAN10 to VLAN100; it attaches VLAN30 to
VLAN300; VLAN 100 and VLAN300 belong to the same VPN user. Hence in the 8500
switch, external tag VLAN10 is attached according to VLAN100 and VLAN300 of the
QinQ message.
61
QinQ
Typical applications of selected QinQ
Users can be distributed to
Multicast different VLANs (with
external tags) according to
Router different applications to
internet VLAN 1001-
isolate the applications.
1003 VLAN 302
BRAS DHCP Server

Each user has one VLAN 303
VLAN (internal
tag) to be isolated
Campus S8500
from other users.
access S
switch DSLAM
VLAN 101-301
Network
The above is the networking of the most commonly used selected QinQ application by
operators. In general, telecom broadband user group include users accessed to the switch via
the campus network; the other are ADSL users accessed via DSLAM.
Let me briefly introduce the characteristics of this networking case:
1. VLAN101-200 users accessed from the campus network are ordinary users; this group
is allocated with pubic network VLAN1001 by the 8500 switch. VLAN201-300 users are
VIP users accessed from the campus network; this group is allocated with pubic network
VLAN1002 by the 8500 switch; VIP users have high requirements on network performance;
hence the bandwidth of VIP users shall be guaranteed via QOS.
2. ADSL users accessed from DSLAM are VLAN 101-300 users, who get an IP address
for Internet access via PPPOE dialing; this group is allocated with public network
VLAN1003 from the 8500 switch.
3. VLAN 301 is dedicated to multicast. IPTV users accessed via DSLAM or campus
network shall access multicast programs via VLAN 301. IPTV client terminals first get IP
addresses from the DHCP server; then they join the IGMP group on the 8500 switch to
access multicast programs.
4. For Internet users, the 8500 switch attaches a public network tag on each Internet user
messages before the message is submitted to BASE for processing. Each user implements
authentication, authorization and layer-2 termination on BASE.
62
Module 3
Devices-Huawei & Cisco

Huawei CX200D

Course Name
Hardware Architecture of the CX200D
CX200D
CX200D-EA
Dimensions 442mm×220mm×43.6mm
Port Switch capacity 8.8Gbps/6.6Mpps

Forwarding performance
Interface type 24*10/100TX+2*GE(SFP)
Power DC/AC 25W

S2300SI/EI capability : 8.8Gbps / 6.6Mpps

S3300SI/EI capability : 12.8Gbps / 9.6Mpps
Product List:
S2318P-SI 16*10/100TX+2*GE(SFP)
S2318P-EI 16*10/100TX+2*GE(SFP) (Enhanced L2)
S2326P-SI 24*10/100TX+2*GE(SFP)
S2326P-EI 24*10/100TX+2*GE(SFP) (Enhanced L2)
S3328TP-SI 24*10/100TX+2*GE(SFP)+ 2*GE Combo

S3328TP-EI 24*10/100TX+2*GE(SFP)+ 2*GE Combo (Enhanced L3)
S3352TP-SI 48*10/100TX+4*GE Combo
S3352TP-EI 48*10/100TX+4*GE Combo (Enhanced L3)
S2309P-SI 8*10/100TX+1*GE(SFP)
S2309P-EI 8*10/100TX+1*GE(SFP)
In EA there is 2 extra SFP, these are combo ports. If we use this we can’t use 2 FE ports.

Course Name
Software Architecture of the CX200D

System
System General management
service plane control plane plane
IGMP
Terminal service ACL QoS Command line
snooping
Information
Trunk VLAN ARP MAC STP SNMP
center
System service Ethernet EoRPR HGMP
VRP platform (OS)
Hardware drivers
z System management plane

Help the users log in and manage the information of CX200D.
z System service plane
Help the users configure and manage CX200D.
z General control plane
Provide features such as access, service transmission, and QoS.

According to the functions, the CX software architecture is composed of there planes:

System management plane
Help the users log in to the CX and manage the information in the CX.
System service plane
Help the users configure and manage the CX.
General control plane
Provide features such as access, service transmission, and QoS.
RPR（Resilient Packet Ring）
Cx600 uses – vrp ver 5.5

Cx200D uses – vrp ver 5.3

Course Name
Network position of the CX200D
Access Layer
Aggregation Layer
Core Layer
CX200D

CX200D is designed for the edge of the Ethernet access network.

It is a kind of edge aggregation metro ethernet platform with high performance and
price ratio.
It can provide IPTV、RRPP Ether ring、 QoS、Selective QinQ、cross VLAN
multicast、carrier class security.

CX200D Significant Features
Selective QinQ & Vlan Mapping

RRPP
IEEE802.3ah
IGMP Snooping
QoS
DHCP Option82
HGMP

Course Name
Selective-QinQ Make Service Provisioning Easier

VLAN10 BRAS
user1
CX200D VLAN20
Access Aggregation IP/MPLS Core
VLAN30 Network
user2
C-MAC-DA NPE
C-MAC-DA C-MAC-SA
C-MAC-SA S-VLAN-TAG
C-VLAN-TAG C-VLAN-TAG
C-ETH-TYPE C-ETH-TYPE
C-DATA C-DATA
VLAN Translation change VLAN tag as necessary, make service provisioning more flexible.
Selective QinQ insert different out tag based on different inner Tag.
DATA 1 SA DA DATA 1 SA DA DATA 10 SA DA
VALN1VoIPservice DATA 2 SA DA DATA 20 SA DA
DATA 2 SA DA
DATA 3 SA DA
user1 DATA 3 30 SA DA
VLAN2 BTVservice
DATA 3 SA DA DATA 10 SA DA
DATA 1 SA DA
VLAN3 Internet
DATA 2 SA DA DATA 20 SA DA
DATA 4 SA DA
user2 DATA 4 SA DA DATA 4 30 SA DA
VLAN4 Internet
4096 * 4096 = 16 million vlans

Course Name
Selective QinQ
UNI (FE/GE) NNI
DA SA 3 DATA DA SA 5 DATA
1. Modify C-VLAN ID
UNI (FE/GE) NNI
DA SA 3 DATA DA SA 6 3 DATA
2. Add S-VLAN ID

In selective QinQ we use normal vlan packets

On a certain port we we send multiple vlan – in normal qinq – same vlan is used in public
- in selective qinq – we can change the
public vlan as per private vlan id

VLAN Mapping——1:1
Vlan 100/200/300
Global mapping：
vlan 1ÅÆvlan 100
Vlan 1 Vlan 3 vlan 2ÅÆvlan 200
Vlan 2 vlan 3ÅÆvlan 300

Course Name
VLAN Mapping & QinQ-Application in

IPTV
• Two VLAN per HG •Enable 1:1VLAN mapping
• Same VLAN for in user port of switch •Selective QinQ based on
different users PUPSPV VLAN for internet and IPTV
service
Access Layer
Home Gateway S2000TP-
S2000TP-EA Campus 1
PC VLAN1 Aggregation Layer POP
VLAN1 VLAN1 CX200D
VLAN2 VLAN2 VLAN1001
IPTV VLAN2001@VLAN1
VLAN1 VLAN2 BRAS
PC VLAN2001@VLAN2
VLAN2002@VLAN1
VLAN2 CX200D CX200D VLAN2002@VLAN2
IPTV
Campus 2
VLAN 3001@VLAN 1001
PC
VLAN1 VLAN 3001@VLAN 1002
VLAN1 VLAN1 VLAN 3002@VLAN 1001
IPTV VLAN2 VLAN2 VLAN1001
VLAN 3002@VLAN 1002
PC VLAN1 VLAN2
VLAN1
VLAN2 VLAN1002
IPTV VLAN2
CX200D CX200D
PUPSPV is realized based on the same HG configuration, and 1:1 VLAN mapping on port of
CX200D Series Metro Ethernet.
At the Home Gateway edge, VLAN1 for PC to access internet with broadband service, VLAN2 for
IPTV service.
At the access layer，we use the 1:1 vlan mapping.
At the campus network, we use the QinQ feature.

Course Name
RRPP——Rapid Ring Protection Protocol

Metro Network
Main
Main Node
Port Slave
Link-Down Port
Notification
Transit
Node
Main
Ring
Transit Hello Packet
Node
Transit Transit
Node Sub- Sub-
Node Link-Down Ring 1 Ring 2
Notification
Block Status
Link Failure
User1 User2
RRPP provides Ethernet Ring solution with ordinary Ethernet Port

Less than 50ms failure protection.
Ring span support Link Aggregation
Huawei proprietary protocol

RSTP/MSTP is too high for our network..we need max 50ms
We have to manually define the main node (main switch) and declair main port to configure
RRPP. In STP every thing is automatically done.
Number of nodes in the ring has not been stated yet
A standard protocol RPR can also be used for <50ms convergent time, but this requires
separate interface to be purchased called RPR interface. It is costlier than ethernet.

Course Name
RRPP Feature
RRPP support Trunk
Metro Core
Main node
Main port Slave port
Transit Node Transit Node

NPE
RRPP
UPE
CX200D CX200D
CX200D
CX200D CX200D
Hello Packet
Block Status
RRPP can be used in Dual-Homed Protection network

RRPP can be apply between CE and UPE, or between UPE and NPE
User side device are RRPP Main Node in Protection Domain, block Slave Port.
Service can be switch between Master Port and Slave Port.

Course Name
Ethernet OAM——802.3ah
Protocol
Link Failure Message
CE PE 802.3ah protocol is used to solve “The
Last Mile” problem, and suitable for
CX380 Ethernet link between two devices too.
User to Network Interface Main Functions：
CX200D
OAM Auto Discover
Link Loopback Message
OAM Link Monitor
CE PE Remote Fault Notify
OAM Remote Loopback
Test Message CX380 Remote Taking MIB
User to Network Interface
CX200D

The Ethernet OAM 802.3ah verifies the connectivity, fault isolation, performance
monitoring and troubleshooting capabilities of Ethernet Services. Its objectives are
to push widely Ethernet technology into access network market of carriers.
EthOAM can improve network performance, and reduce OPEX and CAPEX.
802.3ah protocol includes all technology elements Ethernet must have, such as
physical criterions on cable, P2P fiber and P2MP fiber, and OAM mechanisms.
OAM（Operations Administration and Maintenance）
Only cx box can support this

Course Name
IGMP Snooping
Multicast Router
Internet Internet
VOD Server1 VOD Server2
CX200D
Video Stream
Multicast Group Multicast Group Multicast Group

Member Member Member


Course Name
High Reliable Multicast

Multicast function Feature
Core Layer
Convergence Layer
Only one copy for whole ring
IGMP Snooping V1/V2
MVLAN+ CX200D STP/RRPP CX200D
Native L2 multicast forwarding easy
to deploy and maintain
50ms switch over
IGMP fast leave, fast zapping


Course Name
Scheduling with Diff-Serv QoS

802.1P Service
7 TDM packet Q7
SP
6 VoIP Q6
5 BTV basic channel
SP Q5
BTV extension channel
4 Q4
VPN gold
Q3
3 VPN silver WRR/ AN
VoD DRR Q2
2
VPN bronze Q1
1 reserved
Q0
0 Internet
OSS and VoIP are marked with highest priority, scheduled with SP, and
policed to be within the pre-set maximum rate.


Course Name
Transmission of DHCP Messages

DHCP client CX DHCP server
DISCOVER
DISCOVER+Option82
OFFER(+Option82)
The Option 82 field carries the
inbound interface number and
OFFER
VLAN ID of DHCP messages.
REQUEST
REQUEST+Option82
ACK(+Option82)
ACK
Data transmit
RELEASE
RELEASE+Option82
Process of transmitting DHCP messages when the function of forcibly

appending the Option 82 field is enabled.
After being initialized, the DHCP client sends a DHCPDISCOVER message to the
DHCP server. The Option 82 field is forcibly appended to the DHCPDISCOVER
message on the CX.
When receiving the DHCPDISCOVER message that carries the Option 82 field,
the DHCP server sends a DHCPOFFER message that carries the Option 82 field to
the DHCP client. The CX removes the Option 82 field from the DHCPOFFER
message and then sends the message without the Option 82 field to the DHCP
client.
The DHCP client sends a DHCPREQUEST message to the DHCP server to
respond to the DHCPOFFER message sent by the DHCP server. The Option 82
field is forcibly appended to the DHCPREQUEST message on the CX.
When receiving the DHCPREQUEST message that carries the Option 82 field, the
DHCP server sends a DHCPACK message that carries the Option 82 field to the
DHCP client. The CX removes the Option 82 field from the DHCPACK message
and then sends the message without the Option 82 field to the DHCP client.
The DHCP client sends a DHCPRELEASE message to the DHCP server to
actively release the IP address assigned by the DHCP server. The Option 82 field is
forcibly appended to the DHCPRELEASE message on the CX.

Course Name
Networking diagram of DHCP Option 82

DHCP server
IP/MPLS core
enabled with DHCP relay

DHCP snooping agent
Eth0/0/1
Eth0/0/2 Eth0/0/3
LSW DSLAM
DHCP client DHCP client

As shown in Figure, DHCP Option 82 is enabled on the CX. The function of

forcibly appending the Option 82 field to DHCP messages is enabled on Ethernet
0/0/1, Ethernet 0/0/2, and Ethernet 0/0/3. For the DHCP messages sent from the
user side, the CX appends the Option 82 field to them. In this manner, the inbound
interface number and VLAN ID of the DHCP messages are provided for the
upstream device. For the DHCP messages sent from the network side, the CX
removes the Option 82 field. In this case, clients can still receive the DHCP
messages.

Course Name
HGMP——Group Management Protocol
HGMP Discovery automatically

Server DMS Topology collection and display
Metro Ethernet
Download configure Automatically
Rapid deployment
Convenient maintenance
Save on management IP address
Plug and Play
Save OPEX!
HGMP
Client

Combine multiple lan switch in to single big lan switch

Cisco Catalyst 3550 Switch

Product Features

L2 Transparent LAN Service-802.1Q
Tunneling
• Allows tunneling of customer’s VLAN

information through service provider network
transparently by adding a second .1Q tag
• Enables L2 transparent LAN (TLS) service
• Generic PDU tunneling to transparently tunnel
customer CDP,STP and VTP information
• Up to 4096 VLAN IDs

L2 Transparent LAN Service (TLS)

L2 Protocol Tunneling (L2TP)
• L2TP allows the propagation of specific layer 2 PDU’s to be tunneled

through a layer 2 network
• PDU’s that can be tunneled are Vlan trunking protocol, STP, CDP

L2tp is based on PPP. It takes the packet of any protocol (IP,IPX,etc) and encrypts
to deliver over internet using IP.
(Layer 2 Tunneling Protocol) A protocol from the IETF that allows a PPP session
to travel over multiple links and networks. L2TP is used to allow remote users
access to the corporate network. PPP is used to encapsulate IP packets from the
user's PC to the ISP, and L2TP extends that session across the Internet
86
Aggregate QoS Model

QoS Functions

Multicast Support

Problem to Distribute Multicast in L2
Ring
• We have 2 user Vlans per switch in the ring and

28 user vlans are sent over each trunk in the
ring.
• We need to be able to send all multicast streams
to each users
• In standard multicast the distribution, the BAN
needs to replicate multicast streams to
potentially 28 users Vlans
– 28 copies of each multicast packet might
travel over the ring
Problem to Distribute Multicast in L2
Ring

MVR Operation

IGMP Snooping

Supervisor Subsystem
• Managing control plane traffic for the switch

• Provides address learning capabilities

ACL
• Network security through Cisco access control lists

(ACLs) based on Layer 2 through Layer 4 information
– Access control all packets
– Lookups done in hardware : less delay
– Security at the edge
– Minimizes congestion by filtering unwanted traffic

Other features
• Simplified network management through the Cisco

Cluster Management Suite (CMS) Software
• Telnet traffic is encrypted (Secure Shell)
• Supports SNMP v3: encrypt admin traffic during
SNMP session
• MAC address notification : Alerts administrator when
user comes to the network.
• DHCP Interface Tracker: Provides Switch & port ID to
DHCP server

Cisco ME 3400

Cisco ME 3400
• 24 Ethernet 10/100 ports

• 2 SFP gigabit uplinks (GBIC in 3550)
• 30W max power consumption (25 W less than
3550)
• Operating temperature-50 deg (5 more than
3550)

Cisco Catalyst 3750

Cisco Catalyst 3750
• 12 SFP based Gigabit ports

• 32 Gbps high speed stacking bus
• Power consumption 120W max

Huawei CX600

Course Name
Contents
1. Introduction to CX 600
2. Service Features of CX600
3. Application of CX600

Page102 102

Course Name
Positioning of CX600
• CX600 Metro Services Platform (MSP) is a high end Ethernet

product. It focuses on Ethernet services access, aggregation and
transmission in metro area. It mainly locates at metro access and
aggregation point and can provide FE, GE, 10 GE and RPR
interfaces
Access with line speed performance.
Aggregation Edge Core Application
DSLAM BRAS Intern

CMTS et
MSP SoftX
VoD
Acc Switch CX600
ES
P
P
MSP Head
MSP PE
CX600 end
CX600
AG P
MSP
SBC VoD
CX600
CS
NodeB RNC SGSN

Page103 103
Position of CX600-8:
1. CX600-8 is Metro Services Platform, supports abundant Metro Ethernet
services.
2. Special for Ethernet Aggregation; bring L3 access to network margin;
3. Does not support POS, ATM, E1/E3 and T1/T3 interfaces for WAN application.

Course Name
Introduction to CX600
• Key components redundancy:
• 1:1 redundancy of the Switch and Route Processing Unit
(SRUs)
• 3+1 load balancing and redundancy backup of the Switch
Fabric Units (SFUs)
• Redundancy backup of power modules, fans, clock boards
and management bus
• Support GR, NSF, Hot Patch
Current capacity Expansion capacity
Backplane Switching Port capacity Switching Port capacity

bandwidth capacity (bidirectional) capacity (bidirectional)
160Gbps, 640Gbps,
2Tbps 640Gbps 1.28Tbps
10G/slot 40G/slot
Availability MTBF MTTR Downtime

1.34
99.999% 22.33 Years 0.5 Hour
Minutes/Year
CX600-8

Page104
Back-plane Bandwidth Calculation

CX600-8 has 8 LPU slots. There are 40 pairs of high speed bidirectional serdes of
3.125Gbps (not considering 8B/10B spending) bus connecting with Switching
Fabric on each LPU slot. So total bandwidth is 40*8*3.125*2=2Tbps.
Interface Capacity Calculation (Bidirectional)

Interface Capacity is sum of total interfaces capacity provided on current
product.CX600-8 has 8 bidirectional LPU slots, and each LPU slot can provide line-
speed 10Gbps service forwarding, so the total capacity of CX600-8 is
10*8*2=160Gbps.
平均修复时间MTTR（Mean Time to Repair）是指一个组件或设备从故障到恢
复正常所需的平均时间
平均故障间隔时间MTBF（Mean Time Between Failure）是指一个组件或设备
的无故障运行平均时间，通常以小时为单位。
在电讯行业，99.999%的可用度意味着设备的MTTR每年不得超过5分钟
GR（Graceful Restart）协议
双向转发检测BFD（Bidirectional Forwarding Detection）是一套全网统一的检
测机制，用于快速检测、监控网络中链路或者IP路由的转发连通状况
SRU（Switch and Route Unit）、SFU(Switch Fabric Unit)和LPU(Line Processing
Unit)

Course Name
CX600 System Architecture

Monitor Bus SRU Control Bus Data Bus
SRU
(1:1
(1:1redundancy)
redundancy)
FAN FAN
FAN
FAN
(redundancy) (redundancy)
(redundancy)
(redundancy)
SFU板
SFU板
SFU
SFU
LPU LPU
… Switching
Fabric …
交换矩阵
LPU LPU
3+1
3+1 redundancy
redundancy
(3+1备份)
(3+1备份)
¾
¾ Redundancy
Redundancy design
design for
for all
all components,
components, no no single
single point
point failure
failure
¾
¾ Distributed
Distributed forwarding
forwarding architecture
architecture to to eliminate
eliminate performance
performance bottle
bottle neck
neck and
and maximize
maximize
throughput
throughput
¾
¾ Separated
Separated data
data bus,
bus, control
control bus
bus and
and monitor
monitor bus
bus
¾
¾ 2:1
2:1 speedup
speedup (=switching
(=switching capacity
capacity :: port
port capacity),
capacity), non-blocking
non-blocking crossbar
crossbar switching
switching fabric
fabric
Page105 105

Course Name
CX600 Non-block Switching Fabric

Switching Capacity: 4 Pair of Serdes BUS
160Gbps per SFU to each SFU
Ingress LPU Egress LPU
Segmentation
Resembling
Switching based on Info in
Cell Header 4 SFU 3+1 Load Sharing
¾
¾ 64
64 pairs
pairs of
of high
high speed
speed (3.125Gbps)
(3.125Gbps) SERDES
SERDES bus
bus available
available on
on each
each
SFU
SFU
¾
¾ Switching
Switching capacity
capacity per
per SFU:
SFU: 3.125Gbps*8B/10B*64=160Gbps
3.125Gbps*8B/10B*64=160Gbps
¾
¾ One
One 10G
10G LPU
LPU hashas 16
16 pair
pair of
of SERDES
SERDES bus
bus spanning
spanning on
on 44 SFU
SFU
Page106 106
SERDES : Serializer/Deserializer

Course Name
CX600 Line Card

•200K FIB •32K flow queues per direction •Micro cell switching
•16K ARP •8 queues per port •VOQ
•128K MAC •5 level H-QoS •4 priorities
•8K ACL •100ms buffering
•1K CAR
control module CP
management interface
Framer
PFE TM SM
physical fabric interface

interface TCAM Buffer
¾
¾ Wire
Wire speed
speed && low
low latency
latency 10G
10G forwarding
forwarding capability
capability
¾
¾ Per
Per user
user per
per service
service ingress
ingress &
& egress
egress H-QoS
H-QoS guarantee
guarantee
¾
¾ Large
Large packet
packet buffer
buffer to
to reduce
reduce packet
packet loss
loss rate,
rate, meet
meet requirements
requirements of
of critical
critical
services
services
¾
¾ VOQ
VOQ toto avoid
avoid HOLB
HOLB (head
(head of
of line
line blocking)
blocking) issue
issue and
and maximize
maximize throughput
throughput
Page107 107

Course Name
Major Functions & Characteristics
2007-08-10 GA 2008Q1 GA
V200R001 V200R002
FE, GE, 10GE supports the 2*10G/slot,

1G, 2.5G, 10G RPR IPv6
BFD, GR, and TE, Ethernet OAM
22,000 FIB entries. perfect carrier-class feature
ME features (RRPP, BPDU RPR Bridge Mode
Tunnel, QinQ termination,
DHCP+)
HQOS are newly added,
which satisfy the marketing
requirements of the Metro
Ethernet

Page108
ME features: Metro Ethernet

Course Name
Software features(1)
Name of Software Features Remarks
Interface binding (IP TRUNK and Ethernet
Supports the cross-service LPU binding.
TRUNK)
TRUNK interface HASH load balancing
RPR (10G, 2.5G, 1000M)
GRE tunnel
IPv4 unicast service
IPv4 multicast service

Supports RIP, OSPF, IS-IS, and BGP4 Supports BGP Accounting and BGP MD5.
Weak poly-based routing
IGMPv3, PIM-SSM, Multicase Source Control

Common layer 2 features (interface isolation
128K Mac address per slot
in VLAN, VLANIF, QinQ, and STP/MSTP)
VLAN Mapping (1 to 1)
DHCP+(IP, MAC, Interface, and VLAN binding)

Page109 109

Course Name
RRPP (for Ethernet and Ethernet-Trunk)
RRPP ring multicast isolation feature
BPDU Tunnel
Supports complete load balancing and supports
FIB table supports the load balancing
eight ECMPs of load balancing.
Supports the LSP traffic-based load balancing and
LSP load balancing
the fault switch less than 50ms.
MPLS TE
LDP over TE LDP over TE for PE/P
TE over TRUNK (IP TRUNK, Ethernet
TRUNK
Supports three kinds of inter-domain modes:
Option A, B and C.
Supports ISIS, OSPF, RIP, BGP, and static route.
MPLS L3VPN
Can be access to the PE in static routing. The
OSPF supports 1000 instances.
Supports the HoPE.
Supports the following two kinds of protocol
MPLS L2VPN (VLL/PWE3, VPLS, HVPLS)
modes: Martini and Kompella.

Page110 110

Course Name
VPLS over TE
Static LSP is accessed to VPLS
QinQ termination is accessed to VPLS,
L2VPN, and L3VPN
Multicast VPN
MPLS OAM
MPLS Ping, MPLS Traceroute
The IS-IS convergence on the whole network is
IS-IS and fast convergence less than 1s, and convergence of the single node
is less than 50ms.
IP/LDP FRR
TE FRR
VPN FRR

Page111 111

Course Name
BFD for FRR, VRRP, and ISIS
BFD for BGP, OSPF, TRUNK, and VLANIF
BFD for VRF, Cisco Interconnection
BGP/ISIS/OSPF/LDP GR
VLL (LDP mode)/VPLS GR
L3VPN GR
HQOS (FADD only)
VPN QoS (Resource Reservation VPN)
QPPB
Tunnle/VPN statistics
NTP
SSHv2
IPTN TPE
NetStream for IPv4

Page112 112

Course Name
Specification of CX600
Description CX600 Description CX600 V2R1
Ethernet,RPR,GRE,NetStrea VPN-Instance 1K, Default 500
Interface
m
PPP/MP NO ARPv4 16K
FIBv6：3K IPV4 ACL per Board 8K
IPV6 ACLv6：1K
Max. IPv4 ACL per
ARPv6：1K 64K
Equipment
FIB 200K
H-QOS Levels 5-level Scheduler
Routing Table 1M
Ingress 24K
OSPF Neighbors 256, Default 50 FQ per Board
Egress 24K
OSPF Interfaces 256, Default 50
MAC per Board 128K
OSPF
256, Default 50 QinQs per Board 16K
Session/Instances
ISIS Neighbor 256, Default 50 MPLS LSP Tunnels 64K
ISIS Interfaces 256, Default 50 MPLS TE Tunnels 1K
ISIS Instances 256, Default 50 Multicast core Routing

4K
Table
BGP Neighbors 256, Default 50 SRU Memory 2Gbps, Default: 1G

Page113 113

Course Name
Introduction to Boards
Newly Added LPUs
1*10GBase-LAN-XFP Optical Interface LPU
1*10GBase-WAN-XFP Optical Interface LPU
10*1000Base-X-SFP SFP Optical Interface LPU
24*10/100/1000Base-TX-RJ45 Electrical Interface LPU
24*100/1000Base-X-SFP Optical Interface LPU
1*OC-192c/STM-64c RPR-XFP Optical Interface LPU
2*OC-48c/STM-16c RPR-XFP Optical InterfaceLPU
4*OC-48c/STM-16c RPR-XFP Optical InterfaceLPU
2*1000M RPR-SFP Optical InterfaceLPU
4*1000M RPR-SFP Optical InterfaceLPU
Service Processing Circuit Board-NetStream Processing
Service Processing Circuit Board-TSU Service Processing

Page114

Course Name
Introduction to Interface Types

Type Interface Remarks
Ethernet 10G LAN (XFP)
10G WAN (XFP)
GE (SFP)
GE (RJ45)
FE (SFP)
RPR 10G RPR(XFP)
2.5G RPR(SFP)
1000M RPR(SFP)
Optical Module XFP 10G 10Km For 10G WAN and RPR, the distance is
2Km
XFP 10G 40Km
XFP 10G 80Km Only for 10G WAN and 10G RPR
XFP 10G 300m Only for 10G LAN
SFP GE
550m/10Km/40Km/80Km/100Km
SFP CWDM 1GE 70Km
SFP 1000BaseT RJ45 Auto negotiation
SFP 2.5G 2Km/15Km/40Km/80Km
Page115

Contents

Page116 116
Course Name
Networking Capacities
• Core layer is responsible for the high-speed forwarding of service data.
• Edge and aggregation layer serve as the access point of various services.
• Access layer is responsible for the user access (DSLAM, converged-switch, AG,
NodeB)

Page117 117
The services access the network for forwarding through the BRAS, the centralized
PE, or the aggregation node, based on the service type.

Networking Capacities
The CX600 is applicable for the aggregation node and the distribution node to guarantee
the access of individual services and corporate services
Access individual services through the permanent virtual circuit (PVC).

DSLAM Adds VLAN or QinQ tag based on the types of users and services
Refers to the access switch that converges the Layer 2 corporate services
Switch to the aggregation node.
Distinguishes the VLAN or QinQ user services, forwards Layer 3 services

Aggregation node or VPN services, or transparently transmits services to the BRAS or the
centralized PE through the IP or MPLS technologies.
Distribution node Converges the services in ME and terminates the IP or MPLS pipes and
transparently transmits the services to the BRAS or the centralized PE
BRAS Refers to a device that processes PPPoE login services of individual users
Refers to the centralized service node, which can also serve as the
PE distribution node. PE accesses the services that should be converged and
processed, such as centralized L3VPN services
Refers to the core forwarding node or the edge node on the back bone
P/PE network. P or PE rapidly forwards the services or accesses the services to
the backbone network.

Page118 118
Characteristic of Ethernet
• Inter-VLAN and Super VLAN

• QinQ and Selective QinQ
• VLAN Mapping

Page119 119
Rich Layer 2 Feature
CX600 CX600
VLAN TRUNK
Branch A
Branch B
CX600
IP MAN
CX600 CX600
VLAN aggregation
rt
Po or Config VLAN layer 3 uses the same subnet
r interface to realize the
Mri Port IP; Communicates
communication of with another sub-
different VLAN Trunking
VLAN by ARP PROXY
...
VLAN10 VLAN20
VLAN 2 VLAN 9
userA：MAC_A userB：MAC_B

Page120
Rich Layer 2 Feature
CX600
MSTP
• Improves network reliability
DHCP, RADIUS Server
• Realizes VLAN-based load-

DHCP RELAY 10GE
balancing and redundant
• Root protection and dual-
L2 root redundant
Residential Area/Enterprise

Page121
Course Name
QinQ(Mapping outer tag according to

internal tag)- Selective QinQ
Internet Plane BRAS IPTV SR IPTV Plane
PC VID=1~100 : 1~1000 STB VID=101~200 :

1001~2000
CX600 Vid=1~1000 outer 1~100 to BRAS
Vid=1001~2000 outer 101~200 to IPTV SR
PC VID=1~1000
STB VID=1001~2000
DSLAM
PC VID=1~1000 PC VID=1~1000
STB VID=1001~2000 MODEM Home
STB VID=1001~2000
Network
PC STB
PC VID=1~50 PC
STB Home VID=101~150
MODEM STB
VID=1001~1050 Network PC VID=1~1000
VID=1101~1150
STB VID=1001~2000
PC STB
STB
PC VID=51~100
VID=1051~1100
Page122 122
In practice, especially in MAN, a great number of VLANs are needed to separate

users from each other. In IEEE 802.1Q, the VLAN tag only has 12 bits. Thus, 4096
VLANs are supported at most. Among 4096 VLANs, 4094 VLANs are assignable.
The number 0 and 4095 are reserved for other usage.
The CX600 provides the port with the VLAN VPN feature. That is, on the basis of
the existing VLAN tag, a new tag is added to the packet, namely Q-in-Q. Through
Q-in-Q, up to 4096 x 4096 VLANs are supported, among which 4094 x 4094
VLANs are assignable. The user can decide on the VLAN tag, namely the inside-
VLAN to be added.

Course Name
VLAN Mapping (Mapping outer tags

according to existing QinQ tags)
BRAS Corporate
VPN SR
Personal VID=1~100 : 1~3K Corporate VID=101~200 : 3K~4K
CX600 According to the range of internal tag, redistribute

outer tags
Personal VID=1~100 : 1~3K
Corporate VID=1~100 : 3K~4K
Aggregation Switch
Supporting QinQ
Corporate VID=3K~4K
Personal VID=1~3K Corporate
VID=3K~4K
Personal
DSLAM VID=1~3K
Personal Corporate Personal

Corporate

Page123 123
The VLAN stacking expands the Q-in-Q function:

On a Q-in-Q port, only one outside VLAN can be configured. On a Q-in-Q port
with the VLAN stacking function, multiple outside VLANs can be configured. The
port can add different outside tags to different VLAN frames.
A Q-in-Q port can only add the outside tag when receiving the frame and
remove it when sending the frame. A Q-in-Q port with the VLAN stacking function
can add the outside tag or remove the outmost tag on receiving and sending the
frame.

Course Name
VLAN Aggregation by VLAN Mapping
BAS SR
L3 VLAN 200
CX600
VLAN MAPPING
DSLAM

Page124 124
By VLAN mapping, CX600 can aggregate service. CX600 receives VLAN 100,
VLAN 102 and VLAN 103,which represents internet service.CX600 changes these
VLAN ID to VLAN 200. VLAN 200 means internet service in the aggregation
layer.

Strong Reliability Feature
• Non-stop Forwarding
• VPN FRR
• Enhanced-VRRP for Layer 3 Access Reliability

Page125 125
Course Name
Non-stop Forwarding
Signaling/protocol packet
1:1 redundancy RM
RM
Stateful Switchover
FIB Control Unit
Graceful Restart Capabilities BACKUP
ACTIVE
Statistics and status information FIB table
Forwarding Unit
Data Packet FIB
z Separated Control Plane & Forwarding Plane

z Stateful Switchover between active & standby MPU
z Full Graceful Restart capabilities
z Each line card has a duplicated FIB, forwards packets & maintains link
status independently
Page126 126

VPN FRR for Layer 3 VPN Reliability
VRF for NGN VPN Site1
DIP PE-ID Interface Label Priority
MG2 PE2 Tunnel1 100 10 Active

MG2 PE3 Tunnel 2 200 20 Inactive
VRF for NGN VPN Site1

Metro Core DIP PE-ID Interface Label Priority Metro Edge
MG2 PE3 Tunnel 2 200 20 Active
Tunnel 1
VoIP/VoD VLAN
PE2
Tunnel 2 PE1
CX600
PE3
• BFD for Detection of Path Failure

• VPN FRR for fast Recovery
Page127
BFD
z To improve network performance, the system must be able to rapidly detect a
communication failure, and then set up a backup channel to resume the communication.
To solve the preceding problems, the Bidirectional Forwarding Detection (BFD), a unified
detection mechanism, is developed.
BFD is a unified detection mechanism used to rapidly detect and track the connectivity of
the network links or IP routing. To improve network performance, adjacent systems must
be able to rapidly detect a communication failure, and then set up a backup channel to
resume the communication.
The BFD provides the following functions:
Provides low-load and short-duration detection for path faults between two adjacent
forwarding engines.
Uses a single mechanism to perform real-time detection of all media or protocol layers, and
supports different detection time and costs.
BFD for Fast Reroute

BFD for LDP FRR
For the MPLS products forwarded by the software, the BFD can detect the protected
interfaces. LDP FRR switchover is triggered when the BFD session is Down.
BFD for IP FRR and BFD for VPN FRR
For CX600 routers, the IP FRR and VPN FRR switchovers are triggered only after the
detected faults are reported to the control plane.
BFD provides reliability to MPLS-based applications, such as VPN FRR, TE FRR, and VLL
FRR for protecting services.
127
Course Name
Enhanced-VRRP for Layer 3 Access

Reliability
Normal VRRP: Enhanced VRRP:
VRRP VRRP
Master Backup Master Backup

VRRP Hello BFD for VRRP
interface x
vrrp vrid 1 virtual-ip
x.x.x.x interface y
Converge time: vrrp vrid 1 priority 150 vrrp vrid 1 virtual-ip x.x.x.x
3s
vrrp vrid 1 priority 120
vrrp vrid 1 track bfd-session
Converge time:
10 increase 50
• Normal VRRP, Master send VRRP 50ms
Hello packet to Backup periodically
• Backup device will be changed to z In the Enhanced VRRP, link
Master when it can not receive state is detected by BFD
VRRP Hello packet more than 3 z BFD can detect the link failure in
times 50ms, then VRRP state will be
• The period of VRRP Hello packet changed between Master and
could be configured to 1s minimum, Backup device
which means switchover time will z In some condition, the switchover
be more than 3s time could be less than 30ms
Page128 128

Course Name
BFD for PIM

•Normal
•Normal PIM,PIM, DR DR and
and
Head End BDR
BDR send
send Hello
Hello packet
packet
CDN periodically
periodically
BB Core
•BDR
•BDR will
will be
be changed
changed
to
to DR
DR when
when itit can
can not
not
receive
receive PIMPIM Hello
Hello
packet more
packet more than 3than 3
times
times
•The
•The period
period of of PIM
PIM
Hello
Hello packet
packet could
could bebe
configured
configured to to 1s
1s
CX600 •• minimum,
minimum, which which
means
means switchover
switchover timetime
PIM-SM will
will be
be more
more thanthan 3s
3s
BFD for PIM
¾With
¾With BFDBFD forfor PIM,
PIM,
IGMP V2
link
link state
state isis detected
detected byby
BFD
BFD
¾BFD
¾BFD can can detect
detect the
the
CX300 link
link failure
failure inin 50ms,
50ms,
then
then PIM state will be
PIM state will be
Multicast changed
changed between
between DR DR
DATA and
and BDR
BDR
¾In
¾In some
some condition,
condition, the
the
switchover
switchover time time could
could
DLSAM be
be less
less than
than 50ms
50ms
PC RTU STB

Page129 129

Course Name
Hierarchical QoS
L1-L4 info ,64Kbps granularity 5-level scheduling & shaping
precise traffic policing Precise bandwidth management
Congestion avoidance with WRED
NP TM TM NP
Classifier Scheduler Scheduler Classifier

Meter Shaper Shaper Meter
Marker Dropper Dropper Marker
Egress QoS
Ingress QoS
¾ Independent 24k Ingress and 24k Egress Queues
¾ 5 Level Hierarchical Scheduler

Page130 130

Benefits: Per-Subscriber Per-Service
QoS Guarantee
DSLAM connect to DSLAM cascade
AGG directly DSLAM connect via switch
Scoping
•3K subs per GE on AGG
•8 queues per sub
•1~10 cascading DSLAMs
3 Level HQoS at AGG

—WFQ per service —Shaping per DSLAM
—8 queues per sub —Shaping per subscriber —WFQ per service
VoIP VLAN
Sub-1 BTV VLAN
VoIP Sub-2 Sub VoD VLAN GE
IPTV *** Group
Sub *** Premium
IA Pre IA VLAN
IA BE Sub-n Normal
per Subscriber per DSLAM per Service

Page131 131
Course Name
Sophisticated NMS for Easy OAM
OSS/BSS
OSS/BSS (ORDER, BILLING, INVENTROY…)
BML
SNMP/CORBA/… FTP/
…
SNMP/
Service Management NSM CORBA/
SML VPN Manager QoS Manager LSP Manager
…
D2610
NetStream
Analysis
NML System
Network Management N2000

SNMP N2000 DMS
EML / TELNET
…
SNMP/TELNET/FTP/SYSLOG/…
NetStream
Networks & Devices

¾
¾ Sophisticated
Sophisticated FCAPS
FCAPS NMS NMS tools
tools to
to streamline
streamline the
the network
network operation
operation &
& maintenance
maintenance and
and free
free
the
the operators
operators
¾
¾ NMS
NMS openness:
openness: Huawei
Huawei VPN
VPN Manager
Manager is is able
able to
to manage
manage Cisco
Cisco routers,
routers, Huawei
Huawei MSP
MSP can
can bebe
managed
managed byby third
third party
party NMS
NMS asas well.
well.
Page132 132

Course Name
NetStream for Traffic Accounting &

Analysis
CX600
NetStream Analyzer
NetStream Collector
Version Description
Full flow export format, Based on 7 tuples of the flows (IP SA, IP DA, SP, DP,
NetFlow V5
protocol type, ToS, input interface) statistics, output statistics record
Aggregated record format, based on AS, Protocol-Port, Src-Prefix/Dst-Prefix,

NetFlow V8
Prefix attribute to aggregate
Templates based export format, support MPLS, MPLS VPN statistics record,
NetFlow V9
support interface statistics record

Page133 133

Contents

Page134 134
CX serial MSP Metro Ethernet Network
PSTN/DDN IP/MPLS 2G/3G/NGN

ATM NE40E Core NE40E ME60 CX300
CX300
MAN core layer N*GE E1/FE RNC

CX600 CX600
E1
TDM transparent transmission

2G/3G IP RAN
TDM clock synchronization GE GE GE Backhaul
MPLS PWE3
MAN convergence
layer CX200/300 CX300 CX300
E1 RPR/ CX200
FE/G RRPP
MSAN E WiMax
CX200 CX300 E1/FE
DSLAM radio access
MAN access layer FE FE FE
Villa/luxury Newly-built Newly-built

residential area residential residential AG Commercial NodeB
area area area
¾ CX300(UPE) and CX600(PE-AGG) compose MPLS Metro Ethernet solution
¾ CX300/CX600 support MPLS OAM fast protection
Page135 135
Cisco 7609

7609 Features
• Edge router that delivers robust & high performance

IP/MPLS features
• Features 720 Gbps of switching capacity
• 40 Gigabit/slot configuration
– Line Rate Performance
• 9-vertical slots
• Supports: L2 & L3 VPN’s & T.E.
• Wide range of IP services and quality of service
(QoS)

Router Architecture

Red one is 32gbps- old one – when switch was their. LAN card uses this bus.
Fabric disabled.
OSM card cn use 720 gbps mesh. They are fabric enabled.
Policy Feature Card (PFC)
Multilayer Switch Feature Card (MSFC)
138
7609 IOS

SUP 720 Module
• Apply ACLs for traffic policing and marking, make policy

decisions, and determine where to switch the packet, all at
line rate regardless of packet size and flow length
• Routing Engine : Routing Table maintenance
• Packet Forwarding Engine

Switch Processor
• Physically located on the Policy Feature Card

(PFC)
• Performs the initial bootup operation of the
switch
– Runs Spanning Tree
– Chassis & Power management etc..

Route Processor
• Physically located on the MSFC

• Executes the L3 protocols - OSPF, BGP etc.
• Manages the CLI.
• Show & Config commands are processed by RP
& then forwarded to SP, for execution

Flash & DRAM
• SP Bootflash (64MB), referred as SUP-

BOOTFLASH, stores boot image of the
equipment.
• RP Bootflash (64MB) is referred as
BOOTFLASH.
• SP & RP have individual DRAM’s.

IOS Boot process
• IOS image in SUP-BOOTFLASH

• SP portion of image is decompressed & loaded in to SP-DRAM
• The SP starts booting from this image
• The SP then hands-over the control to RP, to continue booting
• Next, RP downloads the IOS image in to RP-DRAM, and
decompresses the image
• RP boots using the RP-DRAM image & complete the boot
sequence.
• Console remains with RP

Optical Service Module

OSM features
• High speed WAN services

• Wide range of WAN connectivity: GE, ATM,
SDH etc.
• 4 GBIC ports on every OSM
• Packet buffers (64 MB to 128MB)

User Configuration Interface

Setup via Console
Console Port
Console Cable
Router
RS-232 Serial Port PC
Network
Setup via Telnet
Workstation
Router
100BASE-TX
Ethernet
Server Laptop PC
Network
Setup via the AUX Port
RS-232 Serial Port
PC
Router
Modem
PSTN
TEL: 12345678
Modem
Console Port Modem
Network
Command View
• The system commands are divided into

four level:
– Visit:
– Monitor:
– Config:
– Manage:
Network
Visit Level
z The commands in visit level:
Visit: includes the commands of network diagnosis tools

such as ping and tracert, and the commands for visit to
external devices, such as Telnet client, SSH client, and
RLOGIN.
Network
Monitor Level
• The commands in monitor level:
Commands used for system maintenance and service fault

diagnosis, including display and debugging commands.
Network
Config Level
• The commands in config level:
Config: Service configuration commands including routing

commands and the commands at the network layer.
Network
Manage Level
• The commands in
manage level:
Manage: Commands essential to
the system operations and the
system support modules. They
provide support to services that
concerns file system, FTP, TFTP,
XModem download, configuration
file switch, power control, standby
board control, user management,
level setting, as well as the
parameter setting within a system
(the last case involves those non-
protocol or non-RFC provisioned
commands).
Network
Command Views
• Command lines are associated with command views like:

– User view
– System view
– Routing protocol views: OSPF, RIP, BGP, IS-IS……
– Interface views: FE, GE, synchronous serial, cE1, E3, cT1, T3,
ATM, POS, CPOS, virtual-template, virtual Ethernet, loopback,
null, tunnel
– User interface view
– L2TP group view
– Route mapping view
Network
Command Line On-line Help
• Enter “?” in any views and you will

obtain all the commands in this view
and their simple descriptions as well.
<Quidway> ?
User view commands:
cd Change current directory
clock Specify the system clock
……
Network
(Continued)
• Enter a command and a “?” separated

by a space. If "?" stands for a key word,
all the keywords and their simple
descriptions will be given.
<Quidway> display ?
aaa AAA status and configuration
information
acl Acl status and configuration information
……
Network
(Continued)
• Enter a command and a “?” separated by
a space. If "?" stands for a parameter,
descriptions of these parameters will be
given. interface ethernet ?
[Quidway]
<3-3> Slot number
[Quidway] interface ethernet 3?
/
[Quidway] interface ethernet 3/?
<0-0>
[Quidway] interface ethernet 3/0?
/
[Quidway] interface ethernet 3/0/?
<0-0>
[Quidway] interface ethernet 3/0/0 ?
<cr>
Network
(Continued)
• Enter a character string followed by a

“?”. All the commands starting with this
string will be displayed.
<Quidway> d?
debugging delete dir display
z Press <tab> after entering the first several letters of a keyword to

display the complete keyword, given that these letters can uniquely
identify the keyword in this command.
Network
ThankYou


MEN Part 1 - Day1-Ver1 - NoRestriction

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

MEN Part 1 - Day1-Ver1 - NoRestriction

Hochgeladen von

Copyright:

Verfügbare Formate

Network Learning Centre 1

Network Learning Centre 2

Network Learning Centre 5

Network Learning Centre 6

Network Learning Centre 7

• Feedback & Test

MAN Network Evolution

z Multiple networks merge together z Unified network, diversified services

Network Learning Centre

TCO: Total Cost of Ownership

Confidential Information of Huawei. No

Position of Metro Ethernet

Network Learning Centre

Confidential Information of Huawei. No

z Advantages: Simple, Low price

Network Learning Centre

Confidential Information of Huawei. No

STP Based Ring

Network Learning Centre

Confidential Information of Huawei. No

Characteristics of Metro Ethernet

Confidential Information of Huawei. No

Network Learning Centre 14

Marketing Department Financial Department

VLAN——Virtual Local Area Network classifies the network resources

Network Learning Centre 18

Vlan range – 1- 4094

• Compared to the traditional LAN

Host A Host B Host C Host D

This kind of VLAN segmentation method is to make the segmentation

DA SA Type Data CRC

Standard Ethernet Frame

DA SA tag Type Data CRC

TPID Priority CFI VLAN ID

Ethernet Frame with IEEE802.IQ Flag

Trunk Link or Hybrid Link

Network Learning Centre 23

VLAN 2 VLAN 4 VLAN 3 VLAN 2 VLAN 4 VLAN 5 VLAN 5 VLAN 2

Network Learning Centre 26

(Not used in RCOM)

Network Learning Centre 27

Attribute claim and registration

a: to register attributes that the peer claimed

A: To claim its attributes to the peer

Attribute will be broadcast to the whole network

To understand GVRP, we have to mention GARP. The full name of the

z In traditional layer 2 switching networks, the whole network is a

VLAN 100 VLAN 200

z VLAN has insulated the layer 2 broadcast domain, thus strictly

VLAN 100 VLAN 200

"Where there is no connection, there is no network". When one network is

z A default gateway is configured at the host; for non-local communication, the

VLAN 100 VLAN 300 VLAN 200

z VLAN is configured on layer 2 switches, and every VLAN uses a

As described before, the inter-VLAN communication operates through the

VLAN 100 VLAN 200

VLAN 100 VLAN 200

z Functional integration of layer 2 switches and routers forms the layer 3

10.110.0.113/24 10.110.1.69/24 10.110.1.88/24 10.110.2.200/24

The function of layer 3 switch is corresponding to the part in the dotted

z Traditional layer 3 technology processes each message, and transfers

The difference between message-to-message switching mode and flow

Interface type 2410/100TX+2GE(SFP)

S3328TP-SI 2410/100TX+2GE(SFP)+ 2*GE Combo