Beruflich Dokumente
Kultur Dokumente
V200R001C00
01
Date
2012-03-15
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 01 (2012-03-15)
S9300
Remarks
VASP
V200R001C00
S9300 V200R001C00
VASP
V200R001C10
S9300 V200R001C00
Intended Audience
This document is intended for:
l
Commissioning engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
Issue 01 (2012-03-15)
ii
Symbol
Description
CAUTION
TIP
NOTE
Change History
Updates between document issues are cumulative. The latest document issue contains all updates
made in previous issues.
Issue 01 (2012-03-15)
iii
Contents
Contents
About This Document.....................................................................................................................ii
1 SPU Overview................................................................................................................................1
1.1 Introduction to the SPU......................................................................................................................................2
1.2 Functions and Typical Applications of the SPU................................................................................................2
Issue 01 (2012-03-15)
iv
1 SPU Overview
SPU Overview
The SPU release version for Russia does not provide the IPSec VPN function.
Issue 01 (2012-03-15)
1 SPU Overview
Transmission of shared files, such as pictures and high-definition video, over intranets
These applications require high reliability, security, and simplified operation and management
of industry networks.
As the VAS unit of the S9300, the SPU provides diverse VAS functions for industry networks,
such as load balancing, IPSec VPN, NAT, firewalls, NetStream, and two-node cluster backup.
In addition, the SPU provides network security solutions within communities, interconnection
between communities, and wireless local area networks (WLANs). The SPU provides a highefficiency load balancing solution, which speeds up the response of the IT system, shortens the
application delay, and balances the traffic on network devices. Service reliability is improved
and services can be expanded flexibly. Multiple firewalls and the IPSec VPN facilitate the
integration of the VLAN switching technology of switches with security network technologies,
to provide security services and implement the secure and encrypted interaction among
departments. NetStream provides data support for billing, network planning, and network
operation and management for most carriers.
Issue 01 (2012-03-15)
1 SPU Overview
LPU
Switching Packets
MPU
Processing Packets
SPU
Service functions
IPSec VPN, firewall/NAT, load balancing and NetStream.
Data processing capability of 10 Gbit/s
Routing and addressing of packets
Traffic management, congestion control, and forwarding scheduling of packets
Line-speed forwarding of packets
Debugging functions
Configuration and alarm
Board environment monitoring
Watchdog
Hierarchical reset
Commissioning
Load Balancing
l
Issue 01 (2012-03-15)
1 SPU Overview
Intranet
Intranet
User
ServerA
Switch
External
Network
ServerB
ServerC
As shown in Figure 1-2, an intranet user accesses the internal server through the external
network. The internal server is deployed in a group composed of three load balancing
servers. As the load balancing (LB) device, the Switch implements load balancing at layers
L4 to L7. The service load varies by server. When one or more servers are faulty, the system
automatically switches services to normal servers so that services are not interrupted. In
this manner, network faults are reduced and service processing reliability is improved.
l
External
Network
Intranet
user
Switch
RouterB
ISP2
As shown in Figure 1-3, an enterprise rents links from multiple carriers to use as egresses
between the intranet and the external network. The bandwidth and delay vary by carrier.
You can configure the Switch (an SPU) to select the optimal link according to requirements
for external network access of different enterprise users. The Switch also supports the
reverse NAT function.
Issue 01 (2012-03-15)
1 SPU Overview
IPSec
Figure 1-4 Networking of IPSec
SwitchA
SwitchB
Internet
Intranet
User A
Intranet
User B
As shown in Figure 1-4, an IPSec tunnel is set up between Switch A and Switch B. In this way,
data flows between intranet user A and intranet user B are protected when transmitted on insecure
networks. IPSec allows network users or administrators to control the granularity of security
services between peer devices. A Security Association (SA) can be established manually or in
IKE negotiation mode to provide security protection for different data flows.
NAT
Figure 1-5 Networking of NAT
Internet
Intranet
10.1.1.1/24
PC2
PC1
10.1.2.1/24
WWW
Issue 01 (2012-03-15)
FTP
SMTP
1 SPU Overview
As shown in Figure 1-5, IP addresses of PC1 and PC2 on the intranet can be mapped to public
IP addresses on the external network through Network Address Translation (NAT). In this way,
users on private networks can access external networks, without taking up public IP addresses.
The NAT mapping table is used to limit hosts on internal networks that access hosts on external
networks.
You can configure internal servers to map external IP addresses and port numbers to internal
servers. In this manner, an enterprise can provide access to internal servers for users on external
networks, such as World Wide Web (WWW), File Transfer Protocol (FTP), and Simple Mail
Transfer Protocol (SMTP) services.
Firewall
l
Virtual firewall
Figure 1-6 Networking of a virtual firewall
Internet
Switch
VLAN2
Interior
Subnetwork
FTP
Server
VLAN3
VLAN4
Interior
Subnetwork
Interior
Subnetwork
WWW
Server
Telnet
Server
As shown in Figure 1-6, an intranet can be divided into multiple subnets through VLANs.
The Switch (an SPU) provides a virtual firewall for each subnet. The server on each subnet
can access external networks through the Switch to provide different services for external
users.
l
Issue 01 (2012-03-15)
Transparent firewall
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
1 SPU Overview
Zone A
VLAN 10
PC B
Switch
VLAN 20
Zone B
VLAN 30
PC C
Zone C
As shown in Figure 1-7, the Switch functions as a transparent firewall. In this case, all
interfaces are Layer 2 interfaces and the network is divided into multiple access zones
through different VLANs. PCs in a zone share the same network segment. The packet
filtering, attack defense, and traffic monitoring policies are defined for different VLANs
on the Switch. For example, PC A can access Zone B and Zone C. PC B can send packets,
but the packets cannot pass the firewall.
l
Issue 01 (2012-03-15)
1 SPU Overview
SPU1
SPU2
Internet
Switch
PC 1
PC 2
As shown in Figure 1-8, SPU 1 and SPU 2 are installed on the Switch. To back up services,
VRRP is enabled on the two SPUs to provide a virtual IP address for the switch. When
SPU 1 functions as the master for example, data flows are transmitted to the Internet through
SPU 1. At the same time, data is synchronized from SPU 1 to SPU 2. If SPU 1 becomes
faulty, data flows are transmitted to the Internet through SPU 2.
Issue 01 (2012-03-15)
Issue 01 (2012-03-15)
2.1 Panel
This topic describes the appearance of the SPU, including interfaces, indicators, and colors and
blinking states of interface and board indicators.
The VAMPA functioning as an SPU is installed horizontally. The panel contains a serial interface
(identified as CON) and an FE electrical interface (identified as ETH), as shown in Figure
2-1.
Figure 2-1 VAMPA panel
1. ACT indicator
2. LINK indicator
The board status indicator RUN/ALM and interface indicators ACT and LINK are located on
the VAMPA panel. Table 2-1 describes the colors and blinking states of the indicators.
Table 2-1 Buttons and indicators on the VAMPA panel
Indicator/Button
Color
Description
ACT
Amber
LINK
Green-yellow
RUN/ALM
Green
Issue 01 (2012-03-15)
Red
Orange
10
NOTE
Quantity
Description
Console interface
Ethernet interface
Description
Connector type
RJ45
Interface attribute
RS232
Standards compliance
EIA/TIA-232
Issue 01 (2012-03-15)
Attribute
Description
Connector type
RJ45
Interface attribute
10BASE-T/100BASE-TX
11
Attribute
Description
Operation mode
Full duplex
Standards compliance
IEEE 802.3
Issue 01 (2012-03-15)
Parameter
Description
Board dimensions
153.27 W
Board weight
2.6 kg
12
Issue 01 (2012-03-15)
13
Networking Requirements
To log in to the SPU through the console interface, connect the console interface on the SPU to
the RS232 interface on the host through a serial cable, as shown in Figure 3-1.
Figure 3-1 Connecting to the SPU through the console interface
RS232
interface
Console Cable
Console
interface
Procedure
Step 1 Use a serial cable to connect the PC with the SPU as shown in Figure 3-1.
Step 2 Start the HyperTerminal on the PC.
Choose Start > All Programs > Accessories > Communications > HyperTerminal to start
the HyperTerminal.
Step 3 Set up a new connection.
Figure 3-2 Setting up a new connection
Issue 01 (2012-03-15)
14
As shown in Figure 3-2, enter the name of the new connection in the Name text box and choose
an icon for the connection. Click OK.
Step 4 Configure the connected interface.
Figure 3-3 Configuring the connected interface
In the Connect to window shown in Figure 3-3, select an interface from the Connect using
drop-down list box according to the interface on the PC or terminal. Then click OK.
Step 5 Set communication parameters.
In the COM1 Properties window shown in Figure 3-4, set communication parameters
according to Table 3-1.
Issue 01 (2012-03-15)
15
Value
9600
Data bit
Parity check
None
Stop bit
None
NOTE
In some versions of the Windows operating systems, Bit per second may be called Baud rate and Flow
control may be called Traffic control.
Step 6 After the HyperTerminal starts, choose File > Attributes to display the COMM1 Properties
dialog box, as shown in Figure 3-5. Click the Settings tab, and select Auto detect or VT100
from the Emulation drop-down list box. Click OK to complete the settings.
Issue 01 (2012-03-15)
16
After the preceding settings, press Enter. If the <Quidway> prompt is displayed, you have
logged in to the SPU. You can enter commands to configure or manage the SPU.
----End
Networking Requirements
You can log in to the S9300 MPU through a serial interface or through Telnet, and run the
redirection command. Then redirect the login process to the console interface of the SPU as
prompted to log, as shown in Figure 3-6.
Figure 3-6 Networking of redirection to the SPU through the S9300 MPU
Login
PC
Issue 01 (2012-03-15)
Redirection
Console
interface of
the SPU
S9300
17
Procedure
Step 1 Log in to the S9300 MPU.
Step 2 Run the spu connect slot slot-num command in the user view.
slot-num indicates the number of the slot where the SPU is installed on the S9300.
The following is displayed:
******************************************************
*
Slot 2 output to mainboard
*
******************************************************
Press Ctrl+D to quit
Press Ctrl+Y. The system redirects you to the serial interface of the SPU to log in to the SPU.
NOTE
----End
Networking Requirements
Telnet supports local and remote login, which facilitates maintenance. After configuring the
Telnet user of the SPU, the user can log in to the SPU through Telnet from the Ethernet interface
or service interfaces, such as an XGE sub-interface or an Eth-Trunk sub-interface whose member
interfaces are XGE interfaces, as shown in Figure 3-7.
Issue 01 (2012-03-15)
18
PC
STC
SPU
PC
Crossover
cable
STC
HUB
PC
STC
Crossover
cable or
optical fiber
SPU
SPU
L2 Switch
NOTE
The SPU is a board installed on the S9300. Generally, the ETH port of the SPU is not used to connect to
the network. Therefore, the service interface of the SPU is usually used to log in to the SPU through Telnet.
By logging in to the SPU through Telnet, you can configure the user name and password of the
Telnet user on the SPU. The method for configuring a Telnet user on the SPU is the same as that
for configuring a Telnet user on the S9300. For details, see the Quidway S9300 Terabit Routing
Switch Configuration Guide - Basic Configuration.
If you do not configure the Telnet user on the SPU, the user name and password are absent for
the first login through Telnet.
Procedure
Step 1 Set the IP address of the Ethernet interface of the SPU.
Log in to the SPU using the following methods:
l Using the console port of the SPU
l Redirecting to the SPU from the S9300
After logging in to the SPU, do as follows:
l Assign an IP address to the ETH port.
1.
2.
Run the interface interface-type interface-number command to enter the interface view.
Here, Ethernet 0/0/0 is used.
3.
Run the ip address ip-address { mask | mask-length } command to set the IP address
of the interface.
19
2.
3.
Assign an IP address to the Eth-Trunk sub-interface whose member interfaces are XGE
interfaces.
1.
2.
Run the interface eth-trunk trunk-id command to enter the Eth-Trunk interface
view.
3.
Run the trunkport xgigabitethernet { interface-number1 [ to interfacenumber2 ] } &<1-8> command to add two virtual interfaces of the SPU to the EthTrunk interface to complete link aggregation.
4.
5.
6.
2.
Press Enter to access the Telnet client. The Command Prompt window displays the
following:
Welcome to use Microsoft Telnet Client
Escape character is CTRL+]
Microsoft Telnet>
3.
Issue 01 (2012-03-15)
20
----End
Issue 01 (2012-03-15)
21
This topic describes all the features supported by the SPU: basic configuration, Ethernet, IP
services, IP routing, QoS, security, reliability, device management, network management, and
VPN.
Basic Configuration
Feature
Remarks
File system
This feature of the SPU is the same as that of the S9300. For details, see
Management of Configuration Files in the Quidway S9300 Terabit
Routing Switch Configuration Guide - Basic Configuration.
NOTE
The configuration file needs to be backed up on both S9300 and SPU.
Login through
the Console
interface
This feature of the SPU is the same as that of the S9300. To log in to the
SPU through the console interface, see 3.1 Logging In to the SPU
Through the Console Interface.
Login through
Telnet
This feature of the SPU is the same as that of the S9300 in some aspects.
The difference is as follows: You can configure the IP address of the
Ethernet interface on the SPU by logging in to the MPU of the S9300. To
log in to the SPU through Telnet, see 3.3 Logging In to the SPU Through
Telnet.
SSH login
This feature of the SPU is the same as that of the S9300. For details, see
Configuration of the SSH Server and Client in the Quidway S9300 Terabit
Routing Switch Configuration Guide - Basic Configuration.
Feature
Remarks
MAC
This feature of the SPU is the same as that of the S9300. For details, see
MAC Address Table Configuration in the Quidway S9300 Terabit
Routing Switch Configuration Guide - Ethernet.
Ethernet
Issue 01 (2012-03-15)
22
Feature
Remarks
ARP
This feature of the SPU is the same as that of the S9300. For details, see
ARP Configuration in the Quidway S9300 Terabit Routing Switch
Configuration Guide - Ethernet.
Link
aggregation
This feature of the SPU is the same as that of the S9300, except that each
Eth-Trunk on the SPU contains a maximum of two member interfaces and
the upper limit of link aggregation bandwidth is 2 Mbit/s. For details, see
Link Aggregation Configuration in the Quidway S9300 Terabit Routing
Switch Configuration Guide - Ethernet.
Feature
Remarks
IP address
configuration
Feature
Remarks
IPv4 unicast
static routes,
RIP, OSPF, ISIS, and BGP
This feature of the SPU is similar to that of the S9300. For details, see the
Quidway S9300 Terabit Routing Switch Configuration Guide - IP
Routing.
Routing policies
and policybased routing
This feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide - IP
Routing.
Route iteration
This feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide - IP
Routing.
Feature
Remarks
Names of the
traffic
classification,
traffic behavior,
and traffic
policy
This feature of the SPU is similar to that of the S9300, except that the
SPU does not support URPF. For details, see the Quidway S9300 Terabit
Routing Switch Configuration Guide - QoS.
IP Services
IP Routing
QoS
Issue 01 (2012-03-15)
23
Feature
Remarks
Priority
mapping
This feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide QoS.
Feature
Remarks
ACL
This feature of the SPU is similar to that of the S9300, except that the
SPU does not support named ACL or user-defined ACL. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Security.
URPF
This feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Security.
Feature
Remarks
BFD
This feature of the SPU is similar to that of the S9300, except that the SPU
does not support static BFD6 session with automatically negotiated
discriminators or multi-hop packet TTL. For details, see the Quidway
S9300 Terabit Routing Switch Configuration Guide - Reliability.
VRRP
This feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Reliability.
Security
Reliability
Device Management
Issue 01 (2012-03-15)
Feature
Remarks
Interface
mirroring
This feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide - Device
Management.
24
Network Management
Feature
Remarks
This feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Network Management.
SNMP
This feature of the SPU is the same as that of the S9300. For details, see
the Quidway S9300 Terabit Routing Switch Configuration Guide Network Management.
Feature
Remarks
GRE
This feature of the SPU is similar to that of the S9300, except that the
tunnel destination address on the SPU cannot be a VPN instance address.
For details, see the Quidway S9300 Terabit Routing Switch Configuration
Guide - VPN.
VPN
Issue 01 (2012-03-15)
25
5 Replacing an SPU
Replacing an SPU
Precautions
Before you replace an SPU, prepare an SPU with the same specifications of the SPU to be
replaced.
Tools
l
ESD-preventive bag
Procedure
Step 1 Check the position of the SPU to be replaced.
Before removing the SPU to be replaced, check the position of the cabinet, chassis, and slot
where the SPU is installed.
l An S9312/S9312E has 12 LPU slots, which are numbered from 1 to 12.
l An S9306/S9306E has 6 LPU slots, which are numbered from 1 to 6.
l An S9303/S9303E has 3 LPU slots, which are numbered from 1 to 3.
In the chassis, locate the SPU to be replaced and attach a label to identify this SPU.
Step 2 Ensure that there is no bent pin in the connector of the new SPU.
Step 3 Remove the cable from the SPU.
Step 4 Remove the SPU to be replaced from the chassis.
1.
Wear ESD-preventive wrist straps and connect the grounding terminal to the ESD jack on
the chassis.
2.
Hold the left and right ejector levers of the board with your hands, as shown in (1) of Figure
5-1. Press the springs of the ejector levers to loosen the ejector levers. Rotate the SPU
ejector levers outward. When the ejector levers and the panel form a 45-degree angle, the
SPU is released from the backplane.
Issue 01 (2012-03-15)
26
5 Replacing an SPU
CAUTION
l To prevent the SPU from colliding with other boards during this operation and causing
failure of the boards that are running, remove the SPU slowly and smoothly.
l To prevent the SPU from damage, when swapping the SPU, do not touch the parts on
the SPU.
3.
Hold the two ejector levers and smoothly pull out the SPU from the chassis along the guide
rail of the slot, as shown in (2) of Figure 5-1.
4.
CAUTION
l To prevent the SPU from colliding with other boards during this operation and causing
failure of the boards that are running, install the SPU slowly and smoothly.
l To prevent the SPU from damage, when swapping the SPU, do not touch the parts on
the SPU.
2.
Hold the two ejector levers and smoothly insert the SPU into the chassis along the guide
rail of the slot, as shown in (1) of Figure 5-2. Push the SPU until the bayonets of the ejector
levers touch the edges of the chassis.
3.
Align the bayonets of the ejector levers on the edges of the chassis, and then push the ejector
levers inward until you hear a click, as shown in (2) of Figure 5-2.
Issue 01 (2012-03-15)
27
5 Replacing an SPU
Step 6 Connect the cables to the corresponding interfaces in the original sequence.
Step 7 Check the running status of the new SPU.
In normal situations, after the new SPU is installed into the chassis, the SPU automatically
communicates with the MPU. Check the running status of the new SPU.
l If the RUN/ALM indicator on the SPU panel is green and blinks at the frequency of 0.5 Hz,
the SPU is running properly.
l Check the alarms. In normal situations, the system does not generate any alarm related to the
new SPU.
l To view the running status of the new SPU after logging in to the SPU, run the display
device command on the client. If the following command output is displayed, the SPUs in
the corresponding slots are running properly.
<Quidway> display device
S9300 SPU's Device status:
Slot Sub Type
Online
Power
Register
Alarm
Primary
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 13
VAMPA
Present
PowerOn
Registered
Normal
Master
Follow-up Procedure
If a replacement SPU is confirmed to be faulty, fill in the Faulty Card for Repair, and mail the
card and the faulty SPU together to Huawei local office for timely maintenance.
Issue 01 (2012-03-15)
28
Issue 01 (2012-03-15)
29
Example
Remarks
Processor
Two CPUs
DDR2 DRAM
Flash
64 MB
CF card
512 MB
Forwarding capability
10 Gbit/s
Service Feature
Technical Specification
Ethernet service
performance
128,000
3000 addresses/second
Number of ARPs
16,000
CAR
8 kbit/s
QoS performance
Issue 01 (2012-03-15)
30
Attribute
Service Feature
Technical Specification
ACL
ACLv4
Global: 32 thousand
VPN
VRF
1000
VPN route
230,000
Routing entries
230,000
IPv4 FIB
144,000
BFD
IP unicast
Reliability
service
Issue 01 (2012-03-15)
31