Академический Документы
Профессиональный Документы
Культура Документы
Product Description
Issue Date 02 2011-08-12
Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Website: Email:
Issue 02 (2011-08-12)
Related Versions
The following table lists the product versions related to this document. Product Name HUAWEI ATN 990 Multiservice Access Equipment Version V600R003
Intended Audience
This document is intended for: l l l l l l l Network planning engineers Hardware installation engineers Commissioning engineers Data configuration engineers On-site maintenance engineers Network monitoring engineers System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. ii
Symbol
Description
DANGER
Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury. Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury. Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.
WARNING
CAUTION
TIP
NOTE
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues.
Issue 02 (2011-08-12)
iii
Contents
Contents
About This Document.....................................................................................................................ii 1 Product Positioning.......................................................................................................................1
1.1 Product Positioning.............................................................................................................................................2 1.2 Product Features.................................................................................................................................................2
2 Product Architecture.....................................................................................................................4
2.1 Physical Architecture..........................................................................................................................................5 2.2 Logical Architecture...........................................................................................................................................5 2.3 Software Architecture.........................................................................................................................................6 2.4 Data Forwarding Process....................................................................................................................................8
6 Service Features...........................................................................................................................18
6.1 Ethernet Features..............................................................................................................................................19 6.1.1 Layer 2 Ethernet Features........................................................................................................................19 6.1.2 Layer 3 Ethernet Features........................................................................................................................19 6.1.3 QinQ Features..........................................................................................................................................19 6.1.4 Flexible Access to VPNs.........................................................................................................................20 6.1.5 RRPP Link Features................................................................................................................................20 6.1.6 RSTP/MSTP Features..............................................................................................................................20 6.1.7 BPDU Tunneling Features.......................................................................................................................21 6.2 IP Features........................................................................................................................................................21 6.2.1 IPv4 Features...........................................................................................................................................21 6.3 Routing Protocol...............................................................................................................................................21 6.3.1 Unicast Routing.......................................................................................................................................21 6.3.2 Multicast Routing....................................................................................................................................23 6.4 MPLS................................................................................................................................................................24 Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. iv
Contents
6.5 VPN Features....................................................................................................................................................28 6.5.1 Tunnel Policy...........................................................................................................................................28 6.5.2 VPN Tunnel.............................................................................................................................................28 6.5.3 MPLS L2VPN.........................................................................................................................................28 6.5.4 BGP/MPLS L3VPN................................................................................................................................30 6.6 QoS...................................................................................................................................................................31 6.7 Load Balancing.................................................................................................................................................35 6.8 Traffic Statistics................................................................................................................................................35 6.9 Security Features..............................................................................................................................................37 6.10 IP RAN Features.............................................................................................................................................41 6.11 Network Reliability........................................................................................................................................42 6.12 Clock...............................................................................................................................................................47
7 Applicable Environment............................................................................................................50
7.1 Typical ATN Application on the FMC MAN..................................................................................................51
Issue 02 (2011-08-12)
1 Product Positioning
1
About This Chapter
1.1 Product Positioning 1.2 Product Features
Product Positioning
Issue 02 (2011-08-12)
1 Product Positioning
ATN 990
An ATN 990 is 5 U high. It has two multi-functional slots for Main Processing Units (MPUs), two slots for Network Processing Units (NPUs), and eight slots for high-speed or low-speed subcards. Its switching capacity is 40G.
1 Product Positioning
services to meet the LTE network's requirements for clock synchronization and to better transport mobile backhaul services. l ATN990s adopt a 100% route architecture to transport multiple services and help the current network finally evolve into an LTE network to protect customers' investment. ATN990s adopt an advanced route architecture and a uniform platform to access and transport multiple types of services on an ALL IP network. This improves network flexibility and transmission efficiency, helps construct reliable carrier-class packet transport network (PTN), and reduces the total cost of ownership (TCO). Based on MPLS/ MPLS-TP series standards, ATN990s adopt a connection-oriented packet switching technology to provide wider bandwidth and low delays to help the current transport network to evolve into an LTE network. l ATN990s provide powerful Layer 3 features and perfect clock synchronization solutions to help rapidly deploy services in complicated scenarios. ATN990s provide powerful Layer 3 features based on the VRP. ATN990s support 5-level HQoS, able to provide flexible and reliable differentiated services for users by using refined traffic scheduling and shaping. In the IP RAN solution, ATN990s provide a mature clock synchronization schemes, including Adaptive Clock Recovery (ACR), Synchronization Ethernet, and 1588v2, to provide precious frequency or clock synchronization services. In addition, ATN990s support intelligent applications during Fixed and Mobile Convergence (FMC) to comply with the trend of intelligent services. l ATN990s are managed by a U2000, which is a visual network management system to implement one-key service provisioning to rapidly locate faults. Consequently, the PTN's operability is greatly enhanced. ATN990s are managed by a U2000. With the help of the convenient service configuration process and perfect OAM fault detection mechanism, the U2000 implements visual management, one-key E2E service provisioning for a single node, and rapid fault detection within 30 seconds. This greatly improves operation and maintenance efficiency and enhances manageability and operability of the PTN. In addition, the NMS supports uniform management of PTN, microwave, MSTP, and Wavelength Division Multiplexing (WDM) devices, effectively improving operation and maintenance qualities. ATN990s are able to communicate with non-Huawei devices, implementing seamless access at the network edge. All Layer 3 features provided by ATN990s are interoperable with the Metropolitan Area Network (MAN), greatly protecting customers' investment.
Issue 02 (2011-08-12)
2 Product Architecture
2
About This Chapter
2.1 Physical Architecture 2.2 Logical Architecture 2.3 Software Architecture 2.4 Data Forwarding Process
Product Architecture
Issue 02 (2011-08-12)
2 Product Architecture
All systems except the network management system (NMS) are located in an integrated cabinet. The power distribution system consists of power modules working in 1+1 backup mode. The following describes only the functional host system. The functional host system is composed of the system backplane, MPUs, NPUs, and PICs. The functional host system processes data. In addition, it monitors and manages the entire system, including the power distribution system, heat dissipation system, and NMS through NMS interfaces. Figure 2-1 shows the functional host system of the ATN 990. Figure 2-1 Functional host system
PSU (Power Support Unit) Control Bus Monitor Bus Control Bus Monitor Bus FAN
-48 V
-48 V
GE/Console/ Bits/USB
Backplane
Control Bus 2*10G NPU Monitor Bus Data Bus Control Bus 2*10G NPU Monitor Bus Data Bus
MPU (Slave)
GE/Console/ Bits/USB
Control Bus Monitor Bus Data Bus PIC 0-7 GE/FE/E1 (Physical etc Interface Card)
2 Product Architecture
Monitoring plane
Figure 2-2 shows the logical architecture. Figure 2-2 Logical architecture
MPU MPU
Monitoring plane
Control and management plane Management unit Data plane Forwarding unit
NPUI
Forwarding unit
NPUI
Data channel
PIC * N
The data plane is responsible for high speed processing and non-blocking switching of data packets. It encapsulates or decapsulates packets, forwards IPv4/IPv6/MPLS packets, performs QoS as well as scheduling and internal high-speed switching, and collects statistics. The control and management plane completes all control and management functions for the system and is the core of the entire system. Control and management units process protocols and signals, and maintain, manage, report on, and control system status. The monitoring plane monitors the ambient environment to ensure secure and stable operation of the system. It detects voltage levels, controls system power-on and-off, monitors temperature, and controls fan modules. When a unit fails, the monitoring plane isolates the faulty unit promptly so that other parts of the system can continue to run normally.
Issue 02 (2011-08-12)
2 Product Architecture
SNMP
RPS Master
NPU
NPU
Software of the ATN 990 consists of the Routing Process System (RPS), power monitoring system, fan monitoring system. l The RPS, which includes IPOS software, VRP software, and product-adaptation software, is the control and management module that runs on the MPU. The RPS on the active MPU and the one on the standby MPU back up each other. RPSs support IPv4/IPv6, MPLS, LDP, and routing protocols, calculate routes, establish LSPs and multicast distribution trees, generate unicast, multicast, and MPLS forwarding tables, and they deliver information concerning all the preceding mentioned to the NPU.
PIC
PIC
PIC
PIC
PIC
PIC
PIC
PIC
Issue 02 (2011-08-12)
2 Product Architecture
PIC Datagram
Processing on the incoming interface Upstream traffic classification
Datagram
Processing on the outgoing interface Downstream traffic classification IPv4 unicast IPv4 multicast MPLS IPv6 Packet encapsulation and forwarding in the downstream
PFE
IPv4 unicast Searching the IPv4 multicast routing table to MPLS forward packets IPv6 MAC
TM
Packet fragmentation
Multicast replication
Packet reassembly
Micro cell
As shown in Figure 2-4, the Packet Forwarding Engine (PFE) adopts a Network Processor (NP) or an Application Specific Integrated Circuit (ASIC) to implement high-speed packet routing. External memory types include Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), and Net Search Engine (NSE). The SRAM stores forwarding entries; the DRAM stores packets; the NSE performs non-linear searching. Data forwarding processes can be divided into upstream and downstream processes based on the direction of the data flow. l Upstream process: The Physical Interface Card (PIC) encapsulates packets to frames and then sends them to the PFE. On the PFE of the inbound interface, the system decapsulates the frames and identifies the packet types. It then classifies traffic according to the QoS configurations on the inbound interface. After traffic classification, the system searches the Forwarding Information Base (FIB) for the outbound interfaces and next hops of packets to be forwarded. To forward an IPv4 unicast packet, for instance, the system searches the FIB for the outbound interface and next hop according to the destination IP address of the
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8
Issue 02 (2011-08-12)
2 Product Architecture
packet. Finally, the system sends the packets containing information about outbound interfaces and next hops to the traffic management (TM) module. l Downstream process: Information about packet types that have been identified in the upstream process and about the outbound interfaces is encapsulated through the link layer protocol and the packets are stored in corresponding queues for transmission. If an IPv4 packet whose outbound interface is an Ethernet interface, the system needs to obtain the MAC address of the next hop. Outgoing traffic is then classified according to the QoS configurations on the outbound interfaces. Finally, the system encapsulates the packets with new Layer 2 headers on the outbound interfaces and sends them to the PIC.
Issue 02 (2011-08-12)
3 Technical Specifications
3
Physical Specifications
Table 3-1 Physical Specifications Item Dimensions (width x depth x height) Installation Weight (in full configuration) Typical power Heat dissipation DC input voltage Rated voltage Maximum voltage range Ambient temperat ure Long-term Short-term Remarks Storage temperature Relative ambient humidity Long-term Short-term
Technical Specifications
ATN990 442 mm x 220 mm x 222 mm (5 U height) Mounted in an N63E cabinet, a standard 19-inch cabinet, or a 23inch North American open rack 22 kg 650 W 2109 BTU/hour -48 V -38 V to -72 V
-5C to 50C -20C to 60C (Short-term refers to a period of not more than 96 consecutive hours and a total of not more than 15 days in 1 year.) Restriction on the temperature variation rate: 30C per hour -40C to 70C 5% to 85% RH, non-condensing 5% to 95% RH, non-condensing 0% to 95% RH, non-condensing
10
3 Technical Specifications
System Configuration
Table 3-2 System Configuration Item SDRAM CF card USB interface Forwarding capacity Packets forwarding rate Backplane bandwidth Interface capacity ATN990 2 GB 1 GB USB2.0 Host 40 Gbit/s 60 Mpps 450 Gpbs Non-line-rate: 75.2 Gbit/s Linerate: 40Gbit/s Number of subcard slots Number of MPU slots Number of NPU slots 8 2 2
Issue 02 (2011-08-12)
11
4 FPIC
4
Table 4-1 Subcards supported by the ATN990 Interface Name 8-port 100/1000Base-X-SFP Flexible Plug-in Card (FPIC) (1588v2) Description Supports synchronization Ethernet feature and multiple types of optical modules, and complies with the 1588v2 standard. l Supports the GE optical module to provide GE optical interfaces. l Supports the FE optical module to provide FE optical interfaces. l Supports the SFP electrical module to provide 100 M/1000 M auto-sensing electrical interfaces. (In this case, the synchronization Ethernet feature is not supported.) l Supports the mixed use of the preceding modules. Remarks
FPIC
The ATN990 has eight slots for subcards. Subcards are hot swappable and support automatic configuration recovery.
Subcards of this type can be inserted in the slots 5, 6, 9, and 10 on the ATN990..
Issue 02 (2011-08-12)
12
4 FPIC
Description Supports the synchronization Ethernet feature and multiple types of optical modules. l Supports the GE optical module to provide GE optical interfaces. l Supports the FE optical module to provide FE optical interfaces. l Supports the SFP electrical module to provide the features of 100 M/1000 M autosensing electrical interfaces. l Supports the mixed use of the preceding modules.
Remarks Subcards of this type can be inserted in the slots 5, 6, 9, and 10 on the ATN990.
Auxiliary Flexible Interface Card with 4-Port 100BaseRJ45(FIC, Supporting 1588v2)C 8-port 100Base-T FPIC (electrical interface)
Supports on-site ambient monitoring, including the monitoring of burglarproof switches and smoke sensors. -
Subcards of this type can be inserted in the slots 3, 4, 5, 6, 9, 10, 11, and 12 on the ATN990. Subcards of this type can be inserted in the slots 3, 4, 5, 6, 9, 10, 11, and 12 on the ATN990. Subcards of this type can be inserted in the slots 3, 4, 5, 6, 9, 10, 11, and 12 on the ATN990.
Supports hot swapping, the clock synchronization feature, and three protocols: Circuit Emulation Service (CES), Inverse Multiplexing for ATM (IMA), and Multilink Point-to-Point Protocol (ML-PPP). Supports hot swapping.
Subcards of this type can be inserted in the slots 3, 4, 5, 6, 9, 10, 11, and 12 on the ATN990. Subcards of this type can be inserted in the slots 3, 4, 5, 6, 9, 10, 11, and 12 on the ATN990.
Issue 02 (2011-08-12)
13
4 FPIC
Remarks Subcards of this type can be inserted in the slots 3, 4, 5, 6, 9, 10, 11, and 12 on the ATN990.
Issue 02 (2011-08-12)
14
5 Link Features
5
About This Chapter
5.1 TDM Link Features 5.2 Ethernet Link Features 5.3 CPOS Link Features 5.4 E1 Link Features
Link Features
Issue 02 (2011-08-12)
15
5 Link Features
The ATN 990 simulates TDM E1 services and channelized STM-1 services for transparent transmission. The ATN 990 supports the circuit emulation service (CES) by using Pseudo-Wire Emulation Edge to Edge (PWE3). The CES is classified into the Structure-aware TDM Circuit Emulation Service over Packet Switched Network (CESoPSN) and Structure-Agnostic TDM over Packet (SAToP) service.
5 Link Features
Channelization The E1 interface channalized from a CPOS interface, in compliance with SAToP, can transparently transmit unstructured TDM services through PWs on an MPLS network. The E1 interface channalized from a CPOS interface, in compliance with CESoPSN, can transparently transmit structured TDM services through PWs on an MPLS network.
ML-PPP/TDM/ATM IMA The ATN 990 provides CPOS interfaces at 155 Mbit/s. At the link layer, CPOS interfaces support the following protocols: ML-PPP TDM ATM IMA
The E1 interface supports the loopback function on an interface, including local loopback and remote loopback. PPP on serial interfaces supports the following: l MP
Issue 02 (2011-08-12)
17
6 Service Features
6
About This Chapter
6.1 Ethernet Features 6.2 IP Features 6.3 Routing Protocol 6.4 MPLS 6.5 VPN Features 6.6 QoS 6.7 Load Balancing 6.8 Traffic Statistics 6.9 Security Features 6.10 IP RAN Features 6.11 Network Reliability 6.12 Clock
Service Features
Issue 02 (2011-08-12)
18
6 Service Features
Identification of double VLAN tags (inner VLAN tag and outer VLAN tag)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 19
6 Service Features
l l l l l l l
Change of the outer VLAN ID Removal of double VLAN tags and then addition of new double VLAN tags QinQ mapping for the outer VLAN tag Change of the EtherType value and 802.1p priority in the outer VLAN tag; copy of the 802.1p priority in the inner VLAN tag to the outer VLAN tag of double-tagged packets Traffic classification based on the 802.1p priorities in the outer VLAN tags of packets Rate limit on interfaces based on the 802.1p priorities in both inner and outer VLAN tags Interface-based QinQ Interface-based QinQ is applicable to the following scenarios: Access to a VPLS network to transparently transmit VLAN packets Access to an L2VPN or PWE3 to transparently transmit VLAN packets
l l l l l l
VLAN-based QinQ QinQ termination EType in the outer tag of QinQ packets used for interoperation with devices of other vendors Multicast QinQ QinQ-based VLAN swapping VLAN stacking can be applied in the following scenarios: Access to VPLS Access to VLL or PWE3
RSTP MSTP
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 20
6 Service Features
MSTP provides BPDU protection to defend against such attacks. After the BPDU protection is enabled, the switch shuts down the edge port that receives BPDUs. At the same time, the switch informs the NMS of the situation. The edge port can be enabled by the network administrator. ATN 990 can restrict the sending of Layer 2 and Layer 3 protocol packets such as RSTP and DHCP through CP-CAR. This avoids influencing device performance.
6.2 IP Features
6.2.1 IPv4 Features
The ATN 990 supports the following IPv4 features: l l l l l l TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and ARP Static DNS and specified DNS server FTP server/client and TFTP client DHCP relay agent and DHCP server Suppression of DHCP flooding Ping, tracert, and NQA NQA can detect the status of ICMP, TCP, UDP, DHCP, FTP, HTTP, and SNMP services and test the response time of the services. The system supports NQA in UDP jitter and ICMP jitter tests by sending and receiving packets on LPUs. The minimum interval at which packets are transmitted can be 10 ms. Each LPU supports up to 100 concurrent jitter tests. The entire system supports up to 1000 concurrent jitter tests. l l l l IP policy-based routing (PBR) and flow-based next hop to which packets are forwarded IP PBR-based load balancing Load balancing in unequal cost multiple path (UCMP) mode Configuration of secondary IP addresses for all physical and logical interfaces Each interface can be configured with a maximum of 255 secondary IP addresses with 31bit masks.
6 Service Features
l l l l l l l l l l l l l l l
IPv4 routing protocols, including RIP, OSPF, IS-IS, and BGP4 IPv6 routing protocols, including Routing Information Protocol Next Generation (RIPng), OSPFv3, IS-ISv6, and BGP4+ Static routes that are manually configured by the administrator to simplify network configurations and improve network performance Selection of the optimal route through the perfect routing policy Import of routing information of other protocols Use of routing policies in advertising and receiving routes and filtering of routes through route attributes Password authentication and MD5 authentication to improve network security Restart of protocol processes through command lines RIP-1 (classful routing protocol) and RIP-2 (classless routing protocol) Advertisement of a default route from a RIP-enabled device to its peers and setting of the metric of this route RIP-triggered updates Disabling a specified interface from sending or receiving OSPF or RIP packets Association between OSPF and BGP Association between OSPF and LDP Fast OSPF convergence, which can be implemented in the following manners: Adjusting the interval at which LSAs are sent Enabling OSPF GR Configuring BFD for OSPF
l l l
OSPF I-SPF and IS-IS I-SPF (I-SPF re-calculates only the affected routes of a shortest path tree (SPT) rather the entire SPT) OSPF PRC OSPF calculation of link costs based on the reference bandwidth Link costs can be manually configured or automatically calculated by the system based on the reference bandwidth by using the following formula: Link cost = Reference bandwidth/Interface bandwidth The integer of the calculated result is the link cost. If the calculated result is smaller than 1, the cost is 1. The link cost can be changed by changing the reference bandwidth. By default, the reference bandwidth of the ATN 990 is 100 Mbit/s. The value can be changed to one in the range of 1 to 2147483648 in Mbit/s by running commands.
l l l l l l l
Issue 02 (2011-08-12)
Two-level IS-IS in a routing domain Association between IS-IS and LDP IS-IS GR, OSPF GR and BGP GR, which ensure high reliability with Non-Stop Forwarding (NSF) BGP indirect next hop and dynamic update peer-groups Policy-based route selection by BGP when there are multiple routes to the same destination BGP route reflector (RR), which addresses the problem of high costs of full-mesh requirement when there are many IBGP peers Sending of BGP Update packets that carry no private AS number
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 22
6 Service Features
l l l
Route dampening, which suppresses unstable routes (unstable routes are neither added to the BGP routing table nor advertised to other BGP peers) Routing protocol BGP fast convergence The ATN 990 adopts a new route convergence mechanism and algorithm, which speeds up convergence of BGP routes. The features are as follows: Indirect next hop On-demand route iteration
l l
BGP load balancing in multi-homing networking Non-Stop Routing (NSR) The ATN 990 supports the following NSR modes: IS-IS NSR BGP NSR
The formula for calculating the bandwidth occupies by LSAs on interfaces in the same area is as follows: Assume that there are 10000 routes, Ethernet interfaces are used, and the MTU of the Ethernet interfaces is 1500 bytes. In this case, the Ethernet frame header is of 24 bytes, and each LSA is of 44 bytes. Each LSA carries information about a route. (1500-24)/44=33. The preceding formula indicates that an Ethernet frame can carry information about 33 routes. In this case, 303 Ethernet frames are required to carry information about 10000 routes.
6 Service Features
l l l
Multicast static routes Configuration of multicast protocols on physical interfaces such as Ethernet, and Trunk interfaces. Filtering of routes based on the routing policy when the multicast routing module receives, imports, or advertises multicast routes and filtering and forwarding of multicast packets based on the routing policy when IP multicast packets are forwarded Multicast VPN The multicast domain (MD) scheme is used to implement this function. Addition and deletion of dummy entries Query of PIM neighbors and number of control messages Filtering of PIM neighbors, control of the forwarding boundary, and control of the BSR service and management boundary Filtering and suppression of PIM Register messages MSDP authentication IGMP packet rate limiting and IGMP proxy Prompt leave of IGMP and MLD group members and the use of group-policies to restrict the setup of forwarding entries Configuration of ACLs, including source address-based packet filtering, control of multicast group number, setup of multicast forwarding entries, and Switch-MDT switching, to ensure multicast security Multicast group-based, multicast source-based, multicast source/group-based, stablepreferred, and balance-preferred load splitting IGMP snooping The ATN 990 supports IGMP snooping on Layer 2 interfaces, Layer 3 interfaces, QinQ interfaces, STP topologies, RRPP rings, and VPLS PWs.
l l l l l l l l l
l l
Multicast flow control The ATN 990 discards or broadcasts unknown multicast packets in the VLAN to which the receiving interface belongs. Unknown multicast packets are packets that have no corresponding forwarding entries in the multicast forwarding table. In addition, the ATN 990 restricts the maximum percentage of multicast flows on Ethernet interfaces to control multicast traffic.
Multicast VLAN The ATN 990 supports multicast VLAN and VLAN-based 1+1 protection of multicast traffic.
l l
Multicast VPN For details, see section "6.5 VPN Features". Multicast CAC The ATN 990 supports multicast Call Admission Control (CAC). When multicast CAC rules are configured, the number of multicast groups and bandwidth are restricted for IGMP snooping on interfaces or the entire system.
6.4 MPLS
The ATN 990 supports MPLS features, and static and dynamic LSPs. Static LSPs require that the administrator configure the Label Switch Routers (LSRs) along the LSPs and set up LSPs
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 24
6 Service Features
manually. Dynamic LSPs are set up dynamically in accordance with the routing information through the Label Distribution Protocol (LDP) and RSVP-TE. The delay for MPLS packets can be controlled in the following aspects: l l In the case that there is no traffic congestion, the ATN 990 adopts a high-speed processor to ensure line-rate forwarding and low delay. In the case of traffic congestion, the ATN 990 ensures preferential forwarding and low delay for traffic with high priority through mechanisms such as QoS, HQoS, MPLS TE, and DS-TE.
Establishment of LSPs between ATN 990s of different IS-IS levels and between the ATN 990 and non-Huawei devices through LDP MPLS supported by the ATN 990 complies with the following standards:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 25
6 Service Features
RFC 3031 RFC 3032 RFC 3034 RFC 3035 RFC 3036 RFC 3037 The ATN 990 supports CR-LDP and RSVP-TE and can interoperate with non-Huawei devices through CR-LDP or RSVP-TE.
MPLS TE
The MPLS TE technology combines the MPLS technology with traffic engineering. It can reserve resources by setting up LSP tunnels for a specified path in an attempt to avoid network congestion and balance network traffic. In the case of resource scarcity, MPLS TE allows the preemption of bandwidth resources of LSPs with low priorities. This meets the demands of important services or the LSPs with large bandwidth. When an LSP fails or a node is congested, MPLS TE can ensure smooth network communication through the backup path and the fast reroute (FRR) function. Through automatic re-optimization and bandwidth adjustment, MPLS TE improves the self-adaptation capability of tunnels and properly allocates network resources. The process of updating the network topology through the TEDB is as follows: When a link goes Down, the CSPF failed link timer is enabled. If the IGP route is deleted or the link is changed within the timeout period of the CSPF failed link timer, CSPF deletes the timer and then updates the TEDB. If the IGP route is not deleted or the link is not changed after the timeout period of the CSPF failed link timer expires, the link is considered Up. MPLS TE provides the following functions: l Processing of static LSPs MPLS can create and delete static LSPs, which require bandwidth but are manually configured. l Processing of Constrained Route-Label Switched Path (CR-LSP) of various types and route calculation through the CSPF algorithm
CR-LSPs are classified into the following types: l l RSVP-TE RSVP authentication complies with RFC 3097. Auto routing Auto routing works in either of the following modes: IGP shortcut: An LSP is not advertised to neighboring routers. Therefore, other routers cannot use the LSP. Forwarding adjacency: An LSP is advertised to neighboring routers. Therefore, other routers can use the LSP. l Fast reroute (FRR) The switchover through FRR is within 50 ms, which minimizes the data loss when network faults occur. l
Issue 02 (2011-08-12)
Auto FRR
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 26
6 Service Features
Auto FRR is an extension to MPLS TE FRR. You can create a bypass tunnel that meets the requirement on the LSP by configuring the attributes of the bypass tunnel, global auto FRR, and auto FRR on the interface of the primary tunnel. With the change of the primary tunnel, the previous bypass tunnel is deleted automatically. Then, a new bypass tunnel that meets the requirement is set up. l Backup CR-LSP The ATN 990 supports the following backup modes: Hot backup A backup CR-LSP is established immediately after the primary CR-LSP is established. When the primary CR-LSP fails, MPLS TE switches traffic immediately to the backup CR-LSP. Ordinary backup A backup CR-LSP is set up when the primary CR-LSP fails. l LDP over TE In existing networks, not all devices support MPLS TE. It is possible that only the devices at the network core support TE and the devices at the network edge use LDP. The application of LDP over TE is therefore put forward. With LDP over TE, the TE tunnel is considered as a hop of the entire LDP LSP. Through forwarding adjacency, one MPLE TE tunnel can be considered as a virtual link and advertised to an IGP network. l Make-before-break Make-before-break is a technology for ensuring highly reliable CR-LSP switchover. The original path is not deleted until a new path has been created. Before a new CR-LSP is created, the original CR-LSP is not deleted. After a new CR-LSP has been created, the traffic is switched to the new CR-LSP first, and then the original CR-LSP is deleted. This ensures non-stop traffic forwarding. l DS-TE DS-TE implemented on the ATN 990 supports the Non-IETF mode and the IETF mode. The Non-IETF (non-standard) mode supports two CTs (CT0 and CT1), eight priorities (0-7), and two bandwidth constraint models (RDM and MAM). The CT here refers to the class type of a corresponding service flow. The priority here refers to the LSP preemption priority. The IETF (standard) mode supports eight CTs (CT0 through CT7), eight priorities (0-7), and three bandwidth constraint models (RDM, MAM, and Extended). DS-TE supports TE FRR, hot standby, protection switchover, and CT-based traffic statistics collection.
MPLS OAM
MPLS OAM functions are as follows: l MPLS OAM detection MPLS OAM sends CV/FFD and BDI packets along an LSP to be detected and its reverse LSP to detect its connectivity. l l
Issue 02 (2011-08-12)
6 Service Features
VLL
The ATN 990 supports the following VLL functions: l Martini VLL The Martini mode supports double labels. The inner label adopts extended LDP for signaling in compliance with RFC 4096. The type of VC FEC is 128. VC encapsulation types include 0x0004 Ethernet Tagged Mode, 0x0005 Ethernet, and 0x000B IP Layer2 Transport. l Kompella VLL VC encapsulation types of Kompella VLL include Ethernet, PPP, VLAN, and IPinterworking. Kompella VLL supports the local inter-board switching of packets in 802.1Q mode. Kompella VLL supports inter-AS VPN. l
Issue 02 (2011-08-12)
CCC VLL
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 28
6 Service Features
CCC VLL supports the local inter-board switching of packets in 802.1Q mode l l SVC VLL VLL heterogeneous interworking VLL heterogeneous IP-interworking is used when the link types of CEs on both ends of an L2VPN link are different. In MPLS L2VPN heterogeneous IP-interworking, after receiving a frame from a CE, a PE decapsulates the link-layer packet and transmits the IP packet across an MPLS network. The IP packet is transparently transmitted to the peer PE. The peer PE re-encapsulates IP packet according to its link layer protocol and transmits the packet to the connected CE. The link-layer control packet sent by the CE is processed by the PE and is not transmitted through the MPLS network. All non-IP packets such as MPLS and IPX packets are discarded. l Transparent transmission of certain types of link layer protocol packets Interfaces can be configured to transparently transmit certain types of link layer protocol packets, such as BPDUs, STP packets, LLDP packets, UDLD packets, CDP packets, and HGMP packets. l Inter-AS VLL SVC VLL, Martini VLL, and Kompella VLL can implement inter-AS L2VPN Option A (VRF-to-VRF). Option B requires the switching of both inner and outer labels on the ASBR, and is therefore not suitable for the VLL. Option C is the best solution. l VLL over TE ECMP
VPLS
In a VPLS network, PEs can be all connected to each other and enabled with split horizon to prevent Layer 2 loops. The implementations of VPLS control plane through BGP and LDP are called Kompella VPLS and Martini VPLS respectively. l Kompella VPLS Kompella VPLS has good scalability. With Kompella VPLS, BGP is adopted for signaling, and VPN targets are configured to implement automatic discovery of VPLS members. Therefore, the addition or deletion of PEs requires few additional operations. l Martini VPLS Martini VPLS has poor scalability. With Martini VPLS, LDP is adopted for signaling, and the peers of a PE need to be manually specified. PEs in a VPLS network are all connected to each other. Therefore, adding a new PE requires configurations on all the other associated PEs to be modified.A pseudo wire (PW) is actually a point-to-point link. This means that using LDP to create, maintain, and delete the PW is more effective. The ATN 990 supports the following VPLS functions: l l l l l
Issue 02 (2011-08-12)
Access to the VPLS network in QinQ mode HVPLS IGMP snooping for VPLS One MAC address space for each VSI VPLS learns MAC addresses in the following modes:
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 29
6 Service Features
Unqualified mode: In this mode, a VSI can contain multiple VLANs sharing a MAC address space and a broadcast domain. When learning MAC addresses, VPLS also needs to learn VLAN IDs. Qualified mode: In this mode, a VSI has only one VLAN, which has an independent MAC address space and a broadcast domain. When learning MAC addresses, VPLS does not need to learn VLAN IDs. l l l l l l VPLS/HVPLS equal-cost load balancing Fast switching of multicast traffic mVPLS STP over PW STP over VPLS Transparent transmission of certain types of link layer protocol packets Interfaces can be configured to transparently transmit certain types of link layer protocol packets, such as BPDUs, STP packets, LLDP packets, UDLD packets, CDP packets, and HGMP packets. l Ethernet loop detection
PWE3
The ATN 990 supports the following PWE3 functions: l Virtual Circuit Connectivity Verification PING (VCCV-PING) The ATN 990 supports the manual LDP PW connectivity detection on the UPE, including the connectivity of static PWs, dynamic PWs, single-hop PWs, and multi-hop PWs. l PW template The ATN 990 supports the binding between a PW and a PW template, and the reset of PWs. The ATN 990 supports heterogeneous interworking. Currently, the ATN 990 supports the transparent transmission of the following packets through PWE3: ATM AAL5 SDU VCC transport, Ethernet, ATM n-to-one VCC cell transport, IP Layer 2 transport, and ATM one-to-one VCC cell mode. l l l PW redundancy ATM IWF ATM IWF runs on an L2VPN in CCC local connection mode or an L2VPN in PW mode. The ATN 990 supports the circuit emulation service (CES) by using Pseudo-Wire Emulation Edge to Edge (PWE3). The CES is classified into the Structure-aware TDM Circuit Emulation Service over Packet Switched Network (CESoPSN) and Structure-Agnostic TDM over Packet (SAToP) service.
Issue 02 (2011-08-12)
6 Service Features
l l l
Static routes, BGP, RIP, OSPF, or IS-IS running between a CE and a PE Carrier's carrier Inter-AS VPN The ATN 990 supports the following inter-AS VPN solutions described in RFC 2547bis: VPN instance to VPN instance, also called Inter-Provider Backbones Option A In Option A, sub-interfaces connecting the Autonomous System Boundary Routers (ASBRs) manage VPN routes. EBGP redistribution of labeled VPN-IPv4 routes, also called Inter-Provider Backbones Option B In Option B, ASBRs advertise labeled VPN-IPv4 routes to each other through MPEBGP. Multihop EBGP redistribution of labeled VPN-IPv4 routes, also called Inter-Provider Backbones Option C In Option C, PEs advertise labeled VPN-IPv4 routes to each other through Multihop MP-EBGP.
l l
Multicast VPN IPv6 VPN The ATN 990 supports the following IPv6 VPN networking solutions: Intranet VPN Extranet VPN Hub&Spoke Inter-AS or multi-AS backbones VPN Carriers' carrier
l l l
6.6 QoS
On the ATN 990, you can collect traffic statistics on the packets on which QoS is performed and view the statistics result through corresponding display commands. The ATN 990 supports the following QoS functions:
Diff-Serv Model
Multiple service flows can be aggregated into a Behavior Aggregate (BA) and then processed based on the same Per-Hop Behavior (PHB). This simplifies the processing and storage of services. On the Diff-Serv core network, packet-specific QoS is provided. Therefore, signaling processing is not required.
Issue 02 (2011-08-12)
31
6 Service Features
l l
Traffic Policing
CAR is mainly used for rate limit. In the implementation of CAR, a token bucket is used to measure the data flows that pass through the interfaces on a router so that only the packets assigned with tokens can go through the router in the specified time period. In this manner, the rates of both incoming and outgoing traffic are controlled. In addition, the rate of certain types of data flows can be controlled based on the information such as the IP address, port number, and priority. Rate limit is not performed on the data flows that do not meet the specified conditions, and such data flows are forwarded at the original interface rate. CAR is mainly implemented at the edge of a network to ensure that core devices on the network process data properly. The ATN 990 supports CAR for both incoming and outgoing traffic.
Queue Scheduling
The ATN 990 supports FIFO, PQ, and WFQ for queue scheduling on interfaces. The ATN 990 maps packets of different priorities to different queues and adopts Round Robin (RR) on each interface for queue scheduling. Priority Queues (PQs) are classified into four types: top PQs, middle PQs, normal PQs, and bottom PQs. They are ordered in descending order of priorities. When packets leave queues, PQ allows the packets in the top PQ to go first. Packets in the top PQ are sent as long as there are packets in this PQ. The ATN 990 sends packets in the middle PQ only when all packets in the top PQ are sent. Similarly, the ATN 990 sends packets in the normal PQ only when all packets in the middle PQ are sent; the ATN 990 sends packets in the bottom PQ only when all packets in the normal PQ are sent. As a result, the packets in the PQ of a higher priority are always sent preferentially, which ensures that packets of key services are processed preferentially when the network is congested. Packets of common services are processed when the network is idle. In this manner, the quality of key services is guaranteed, and the network resources are fully utilized. Weight Fair Queuing (hereinafter referred to as WFQ) is a complex queuing process, which ensures that the services with the same priority are fairly treated and the services with different
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 32
6 Service Features
priorities are weighted. The number of WFQ queues can be pre-set and is allowed to range from 16 to 4096. WFQ weights services based on their requirements for the bandwidth and delay. The weights are determined by the IP precedence in the IP packet headers. With WFQ, the ATN 990 implements dynamic traffic classification based on quintuples or ToS values. The packets with the same quintuple (source IP address, destination IP address, source port number, destination port number, and protocol number) or ToS value belong to the same flow. Packets in one flow are placed in one queue through the Hash algorithm. When flows enter queues, WFQ automatically places different flows into different queues based on the Hash algorithm. When flows leave queues, WFQ allocates bandwidths to flows on the outbound interface based on different IP precedence of the flows. The smaller the precedence value of a flow, the smaller the bandwidth of the flow. In this manner, services of the same precedence are treated fairly; services of different precedence are treated based on their weights.
Congestion Avoidance
Congestion avoidance is a traffic control mechanism used to avoid network overload by adjusting network traffic. With this mechanism, the ATN 990 can monitor the usage of network resources (such as queues and buffers in the memory) and discard packets when the network congestion intensifies. Random Early Detection (RED) or Weighted Random Early Detection (WRED) algorithms are frequently used in congestion avoidance. The RED algorithm sets the upper and lower limits for each queue and specifies the following rules: l l l When the length of a queue is below the lower limit, no packet is discarded. When the length of a queue exceeds the upper limit, all the incoming packets are discarded. When the length of a queue is between the lower and upper limits, the incoming packets are discarded randomly. A random number is set for each received packet, and the random number is compared with the drop probability of the current queue. The packet is discarded when the random number is larger than the drop probability. The longer the queue, the higher the drop probability. The drop probability, however, has an upper limit.
Unlike RED, the random number in WRED is based on the IP precedence of IP packets. WRED keeps a lower drop probability for the packets that have a higher IP precedence. RED and WRED employ the random packet drop policy to avoid global TCP synchronization. The ATN 990 adopts WRED to implement congestion avoidance. The ATN 990 supports congestion avoidance in both inbound and outbound directions of an interface. The WRED template is applied in the outbound direction; the default scheduling policy in the system is applied in the inbound direction. In addition, WRED can be applied to the Multicast Tunnel interface (MTI) that is bound to the distributed multicast VPN on the ATN 990. The ATN 990 supports congestion avoidance based on services. The ATN 990 reserves on each interface eight service queues, that is, BE, AF1, AF2, AF3, AF4, EF, CS6, and CS7. The ATN 990 colors packets with red, yellow, and green to identify the priorities of packets and discard certain packets.
HQoS
The ATN 990 supports the following HQoS functions:
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 33
6 Service Features
l l l l l l
Provides five levels of scheduling modes to ensure diverse services. Sets parameters such as the maximum queue length, WRED, low delay, SP/WRR, CBS, PBS, and statistics function for each queue. Sets parameters such as the CIR, PIR, number of queues, and algorithm for scheduling queues for each user. Provides the traffic statistics function. Users can learn the bandwidth usage of services and properly distribute the bandwidth by analyzing traffic. Supports HQoS in the VPLS, L3VPN, VLL, and TE scenarios. Supports interface-based, VLAN-based, user-based, and service-based HQoS.
MPLS HQoS
MPLS QoS is a complete L2VPN/L3VPN QoS solution. It resorts to various QoS techniques to meet the diversified and delicate QoS demands of VPN users. MPLS QoS provides relative QoS on the MPLS Diff-Serv network and end-to-end QoS on the MPLE TE network. In actual applications, the following QoS policies are supported. l l l
Issue 02 (2011-08-12)
MPLS Diff-Serv applied to an L2VPN/L3VPN MPLS TE applied to an L2VPN/L3VPN MPLS DS-TE applied to an L2VPN/L3VPN
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 34
6 Service Features
Helps carriers analyze the traffic model of the network. Provides reference data for carriers to deploy and maintain Diff-Serv TE.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 35
6 Service Features
6 Service Features
URPF
The ATN 990 supports URPF for IPv4/IPv6 traffic.
Limit on the number of MAC addresses that can be learned Limit on the speed of MAC address learning Limit on interface-based MAC address learning Limit on PW-based MAC address learning Limit on VLAN+interface-based MAC address learning Limit on interface+VSI-based MAC address learning
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 37
6 Service Features
MAC entries in a MAC address table are classified into three types: l Dynamic entries Dynamic entries are learnt by interfaces and stored in hardware of LPUs. Dynamic entries age. Dynamic entries will be lost in the case of the system reset, LPU hot swap, or LPU reset. l Static entries Static entries are configured by users and delivered to LPUs. Static entries do not age. After static entries are configured and saved, they are not lost in the case of the system reset, LPU hot swap, or LPU reset. l Blackhole entries Blackhole entries are used to filter out the data frames that contain specific destination MAC addresses. Blackhole entries are configured by users and delivered to LPUs. Blackhole entries do not age. After blackhole entries are configured and saved, they will not be lost in the case of the system reset, LPU hot swap, or LPU reset.
In this manner, the network bandwidth is reasonably used and the network security is guaranteed.
IGMP Snooping
The ATN 990 supports IGMP snooping on Layer 2 interfaces, Layer 3 interfaces, QinQ interfaces, STP topologies, RRPP rings, and VPLS PWs.
DHCP Snooping
DHCP snooping is mainly used to prevent DHCP Denial of Service (DoS) attacks, bogus DHCP server attacks, ARP middleman attacks, and IP/MAC spoofing attacks when DHCP is enabled on the ATN 990. The working mode of DHCP snooping varies with the attack type, as shown in Table 6-1.
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 38
6 Service Features
Table 6-1 Attack types and DHCP snooping working modes Attack Type DHCP exhaustion attack Bogus DHCP server attack Middleman attack and IP/MAC spoofing attack DoS attack by changing the value of the Client Hardware Address (CHADDR) field DHCP Snooping Anti-Attack Working Mode MAC address limit Trusted/untrusted DHCP snooping binding table Check on the CHADDR field in DHCP packets
Association between the application layer and lower layers Local URPF
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 39
6 Service Features
l l
Management and service plane protection Defense against TCP/IP packet attacks The ATN 990 provides defense measures against attacks by sending the following types of packets on TCP/IP networks: Malformed packets Null IGMP packets, packets with invalid TCP flag bits, LAND attack packets, IP packets whose payloads are null, and smurf attack packets. Fragmented packets Packets with a huge number of fragments or packets that have a large offset value, repetitive fragmented packets, tear Drop, syndrop, nesta, fawx, bonk, NewTear, Rose, ping of death, and Jolt attacks TCP SYN UDP flood
Attack source tracing When the ATN 990 is attacked, it obtains and stores suspicious packets, and then displays the packets in a certain form through command lines or offline tools. This helps locate the attack source easily. When attacks occur, the system automatically removes the data encapsulated at upper layers of the transmission layer and then caches the packets in memory. When there are a certain number of packets in the cache, for example, 20000 packets on each LPU, the earliest cached packets are overridden when more packets are cached.
GTSM
On the current network, attackers forge valid packets to attack routers, which overloads the routers and consumes limited resources such as the CPU on the MPU. For example, an attacker forges BGP protocol packets and continuously sends them to a router. After the LPU of the router receives the packets, it finds that the packets are destined to itself and then sends the packets directly to the BGP processing module on the MPU without checking the validity of the packets. As a result, the system is abnormally busy processing these forged valid packets and the CPU usage is high. To guard against the preceding attacks, the ATN 990 provides the Generalized TTL Security Mechanism (GTSM). The GTSM protects services above the IP layer by checking whether the TTL value in the IP header is within a specified range. In actual applications, the GTSM is mainly used to protect the TCP/IP-based control plane such as the routing protocol against attacks of the CPU-utilization type such as CPU overload. The ATN 990 supports BGP GTSM, OSPF GTSM, and LDP GTSM.
Interface-based ARP entry restriction Timestamp suppression based on the destination IP address and source IP address of an ARP packet The destination address check for the ARP packet
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 40
6 Service Features
The system checks whether the destination IP address of the ARP packet received on the interface is correct. If the destination IP address is correct, the packet is sent to the CPU; otherwise, the packet is discarded. l l ARP bidirectional isolation Filtration of invalid ARP packets The ATN 990 filters out the following types of ARP packets: Invalid ARP packets Invalid ARP packets include ARP request packets with the destination MAC addresses being unicast addresses, ARP request packets with the source MAC addresses being non-unicast addresses, and ARP reply packets with the destination MAC addresses being non-unicast addresses. Gratuitous ARP packets ARP request packets with valid MAC addresses You can use commands to filter out one or more previously mentioned invalid packets.
Local Mirroring
In local mirroring, an LPU can be configured with a physical observing port, multiple logical observing ports, and multiple mirrored ports. Local mirroring can be inter-LPU mirroring, which means that the observing port and mirrored port reside on different LPUs.
Remote Mirroring
The ATN 990 provides MPLS LSPs, MPLS TE tunnels for remote mirroring. In remote mirroring, an LPU can be configured with multiple observing ports and mirrored ports. In remote mirroring, mirroring packets can be intercepted.
SSHv2
The ATN 990 supports the STelnet client and server and the SFTP client and server. Both support SSH 1.5 and SSH 2.0.
6 Service Features
Y.1731
Y.1731 supports the following functions: l l l Single-ended frame loss statistics collection, two-ended frame loss statistics collection, one-way frame delay, two-way frame delay and one-way jitter VLL Alarm Indication Signal (AIS) and VPLS AIS Multicast MAC ping
MPLS-TP OAM
MPLS-TP OAM supports the following functions: l l l l l l Basic connectivity detection LoopBack (LB) Remote Defect Indication (RDI) Single-ended frame loss statistics collection and two-ended frame loss statistics collection One-way frame delay and two-way frame delay APS 1:1
APS
The ATN 990 supports the following Automatic Protection Switching (APS) functions: l l
Issue 02 (2011-08-12)
1+1 unidirectional mode, 1+1 bidirectional modeand 1:1 bidirectional mode Manual switching of APS groups
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 42
6 Service Features
l l l l l l
Forcible switching of APS groups Locking of traffic on the working link of an APS group Interface-based APS Intra-LPU or inter-LPU APS Inter-device APS, that is, Enhanced APS (E-APS)Including APS 1+1 and APS 1:1 Addition of the working and protect interfaces of an APS group to a trunk so that all services are configured on the trunk
FRR
The ATN 990 provides multiple fast reroute (FRR) features. You can deploy FRR as required to improve network reliability. l IP FRR FRR switching can be complete in 50 ms. In this manner, the data loss caused by network failures is minimized to a great extend. FRR supported by the ATN 990 enables the system to monitor and save the status of LPUs and interfaces in real time and to check the status of interfaces during packet forwarding. When faults occur on an interface, the system can rapidly switch the traffic to another preset route, thus reducing time between failures and the packet loss ratio. l l LDP FRR LDP FRR switching can be complete in 50 ms. TE FRR TE FRR is an MPLS TE technology used to protect local networks. Only the interfaces with a transmission rate of over 100 Mbit/s support TE FRR. TE FRR switching can be complete within 50 ms. It can minimize data loss when network failures occur. TE FRR protects traffic only temporarily. When the protected LSP becomes normal or a new LSP is established, traffic is switched back to the original protected LSP or the newly established LSP. When a link or a node on the LSP fails, traffic is switched to the protection link and the ingress node of the LSP attempts to establish a new LSP, if an LSP is configured with TE FRR. With different protected objects, TE FRR is classified into the following types: Link protection Node protection l Auto FRR Auto FRR is an extension of MPLS TE FRR. It automatically creates a bypass tunnel that meets the requirements for the LSP through the configuration of the attributes of the bypass tunnel, global auto FRR attributes, and interface-based auto FRR attributes on the interface of the primary tunnel. When the primary tunnel changes to another path, the previous bypass tunnel is automatically deleted. Then, a bypass tunnel that meets the requirements is set up. l l VLL FRR VLL FRR switching can be complete in 50 ms. VPN FRR VPN FRR switching can be complete in 50 ms.
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 43
6 Service Features
l l
6 Service Features
Transmission alarm customization and suppression implement the following functions: l l Customizes alarms. This can specify the alarms that can cause the change of the interface status. Suppresses alarms. This can filter out the burr and prevent the network from frequently flapping.
VRRP
VRRP dynamically associates the virtual router with a physical router that carries services. When the physical router fails, another router is elected to take over services. Failover is transparent to users and thus the internal network and the external network can communicate without interruption. The ATN 990 supports the following VRRP functions: l l l l mVRRP VGMP E-VRRP VRRP For IPv6
GR
Graceful Restart (GR) is a key technology in implementing HA. It is designed based on NSF. GR switchover and subsequent restart can be performed by the administrator or triggered by faults. GR neither deletes the routing information from the routing table or the FIB nor resets
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 45
6 Service Features
the board during the switchover when faults occur. This prevents the service interruption of the entire system. The ATN 990 supports system-level GR and protocol-level GR. Protocol-based GR includes: l l l l l l l l l BGP GR OSPF GR IS-IS GR MPLS LDP GR Martini VLL GR Martini VPLS GR L3VPN GR RSVP GR PIM GR
BFD
BFD is a detection mechanism used uniformly in an entire network. It is used to rapidly detect and monitor the connectivity of links or IP routes in a network. BFD sends detection packets at both ends of a bidirectional link to check the link status in both directions. The defect detection is implemented at the millisecond level. The ATN 990 supports single-hop BFD and multi-hop BFD. BFD of the ATN 990 supports the following applications. l BFD for VRRP The system uses BFD to detect and monitor the connectivity of links or IP routes in a network. The rapid VRRP switchover is thus triggered. l BFD for FRR BFD for LDP FRR LDP FRR switchover is triggered after BFD detects faults on protected interfaces. BFD for IP FRR and BFD for VPN FRR IP FRR and VPN FRR are triggered after BFD detects faults and reports fault information to the upper layer applications. l l BFD for static routes BFD for IS-IS The ATN 990 supports detection on the IS-IS adjacency by using the BFD session that is configured statically. BFD detects the fault of the link between the adjacent IS-IS nodes and rapidly reports the fault to IS-IS. Thus fast convergence of IS-IS routes is performed. l BFD for OSPF/BGP The ATN 990 supports OSPF and BGP in dynamically setting up and deleting the BFD session. l BFD for PIM BFD detection on IP-Trunks and Eth-Trunks
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 46
6 Service Features
On the ATN 990, BFD can detect a trunk and the member links of the trunk independently. That is, it can detect the connectivity of the trunk and that of an important member link of the trunk. l BFD for LSP BFD for LSP performs fast fault detection of the LSP, the TE tunnel, and the PW. In this manner, BFD for LSP implements fast switchover of MPLS services such as VPN FRR, TE FRR, and VLL FRR. l l l l l l l BFD for Dot1q sub-interface BFD for mVSI Multi-hop BFD BFD For IPv6 BFD for OSPFv3, BFD for ISISv6, BFD for BGP4+, and BFDv6 for default IPv6 BFD for VPLS PW BFD for VPLS/VLL PW VPLS over LDP FRR/FW unicast
6.12 Clock
The ATN 990 supports the following clock features: l l l Ethernet clock synchronization The Ethernet interfaces of the ATN 990 provide Ethernet clock synchronization so that the clock quality and stratum of the network can be guaranteed. 1588v2 The 1588v2 feature: Supports the input and output of the externally synchronized time. Supports 10M/100M/1000M/10G Ethernet interfaces and auto sensing of 10M/100M/ 1000M Ethernet interfaces. Supports Eth-Trunk. Supports OC, BC, E2ETC, P2PTC, E2ETCOC, P2PTCOC and TCandBC. Allows the ATN 990 to function as a GrandMaster. Supports slave-only when functioning as an OC. Supports the dynamic BMC algorithm. Supports two delay measurement methods: Delay and PDelay Supports one-step mode and two-step mode in which 1588v2 packets that are used by 1588v2 devices to perform time synchronization are timestamped.. Supports multicast MAC encapsulation (the VLAN and 802.1p priority are configurable). Supports multicast UDP encapsulation (the source IP address, VLAN, and DSCP priority are configurable). Supports unicast MAC encapsulation (the destination MAC, VLAN, and 802.1p priority are configurable). Supports the performance monitoring function on Passive ports of a 1588v2 device.
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 47
6 Service Features
Supports unicast UDP encapsulation (the source IP address, destination IP address, destination MAC, VLAN, and DSCP priority are configurable). Uses the clock recovered through the Precision Time Protocol (PTP) as the clock source and supports the algorithm for dynamic clock source selection (based on the priority and clock stratum). Implements clock recovery that complies with G.813. Implements frequency recovery that meets the requirements of the SDH equipment clock (SEC) in G.823. l SDH Clock synchronization The CPOS interface, E1 interface, and WAN interface on the ATN 990provide clock synchronization so that the clock quality and stratum of the network can be guaranteed. l 1588 ACR Supports frequency synchronization only. Supports the change of selected clock sources. Supports unicast UDP encapsulation (and the DSCP field). Complies with Recommendation G.8261 in terms of service modeling and networking and performs clock recovery with accuracy that is prescribed by G.823. Supports 1588v2 header overlapping without affecting forwarding capabilities. Supports switchover between master and slave MPUs/SRUs without affecting services. Supports hot swapping of LPUs and sub-cards. l Network Time Protocol (NTP) clock The ATN 990 supports the following working modes of NTPv4: Server/client mode Peer mode Broadcast mode Multicast mode The ATN 990 supports two NTP security mechanisms: Access authority The ATN 990 provides four levels of access control. After receiving an NTP access request packet, the ATN 990 matches it from the lowest access control level to the highest access control level. The first successfully matched access control level takes effect. The matching order is as follows: peer: indicates the minimum access control. The remote end can send a time request and a control query to the local end. The local clock can also be synchronized with the clock of the remote server. server: indicates that the remote end can send a time request and a control query to the local end. The local clock, however, is not synchronized with the clock of the remote server. synchronization: indicates that the remote end can only send a time request to the local end. query: indicates the maximum access control. The remote end can only send a control query to the local end. l Authentication When configuring NTP authentication, note the following rules:
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 48
6 Service Features
The NTP authentication must be configured on both the client and the server; otherwise, the authentication does not take effect. If NTP authentication is enabled, keys must be configured and declared reliable. The server and the client must be configured with the same key. l Internal clock The ATN 990 provides an internal clock and can extract clock information from LPUs. The clock precision reaches 4.6 ppm, that is, 0.00002s.
Issue 02 (2011-08-12)
49
7 Applicable Environment
7
About This Chapter
Applicable Environment
Issue 02 (2011-08-12)
50
7 Applicable Environment
Single Metro
RNC
I n t e rn e t
Node B Fiber
Internet
POP
Issue 02 (2011-08-12)
51
8
About This Chapter
8.4 HGMP
8.1 System Configuration Modes 8.2 System Management and Maintenance 8.3 Device Running Status Monitoring
8.5 System Service and Status Tracking 8.6 System Test and Diagnosis 8.7 NQA 8.8 In-Service Debugging 8.9 Upgrade Features 8.10 License 8.11 Other Operation and Maintenance Features
Issue 02 (2011-08-12)
52
As a command input interface, the console interface can send command lines to the control plane. As a debugging interface, the console interface can receive debugging information from the control plane and data plane, and deliver debugging commands and control commands. The NMS configuration supports the configuration through the SNMP-based NMS.
l l l l
l l l l l
Log information
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 53
l l
Information is classified into eight severity levels. The lower the level, the higher the severity. The following table shows the detailed information. Lev el 0 Seve rity Emer gency Alert Critic al Description A fatal exception occurs on the device. The system is unable to function properly and must be restarted. For example, the device is restarted due to program exceptions or memory usage errors are detected. A serious exception occurs on the device, which requires immediate actions. For example, the memory usage of the device reaches the upper threshold. A critical exception occurs on the device, which needs to be handled and analyzed. For example, the memory usage exceeds the alarm threshold; the temperature exceeds the alarm threshold; and Bidirectional Forwarding Detection (BFD) detects that a device is unreachable or detects error messages generated by the local device. Improper operation is performed or abnormal process occurs on the device, which does not affect subsequent services but requires attention and cause analysis. For example, users enter incorrect commands or passwords; error protocol packets are received by other devices. An abnormality that may cause the device to malfunction occurs on the device, which requires attention. For example, a routing process is disabled by the user; BFD detects packet loss; and error protocol packets are detected. A key operation is performed to keep the device running normally. For example, the user runs the shutdown command on the interface, a neighbor is discovered, and the protocol state machine changes status. A routine operation is performed. For example, the user runs a display command. A routine operation is performed, which requires no action.
1 2
Error
The information center supports 10 channels, of which channels 0 through 5 each have a default channel name. By default, the six channels correspond to six directions in which information is output. The log information on the CF card is output to log files through Channel 9 by default. This means that a total of seven default output directions are supported. When multiple log hosts are configured, you can configure log information to be output to different log hosts through one channel or multiple channels. For example, you can configure some log information to be output to a log host through Channel 2 (loghost), and some log information to a log host through Channel 6. In addition, you can change the name of Channel 6 to implement the desired channel management.
Issue 02 (2011-08-12)
54
The ATN 990 stores all alarms in a log file, and provides the CF card to store the log file. How long the alarms can be stored depends on the number of the alarms. Generally, the alarms can be stored for months.
8.4 HGMP
The ATN 990 supports the Huawei Group Management Protocol (HGMP). HGMP is a cluster management protocol developed by Huawei. HGMP is used to group Layer 2 devices that are connected to the ATN 990 into a unified management domain, that is, a cluster. HGMP supports automatic collection of network topologies and provides integrated maintenance and management channels. In this manner, a cluster uses only one IP address for external communications, simplifying device management and saving IP addresses.
When voice services on the network deteriorate, or mosaics appear in some videos, the ATN 990 may have sent or received incorrect packets or have lost packets. You can capture packets to locate the problems. The packet capture function can be used to capture the packets sent to the CPU, and the packets forwarded in the inbound or outbound direction. Compared with the port mirroring function, the packet capture function is easier and faster to configure.
8.7 NQA
The ATN 990 supports Network Quality Analysis (NQA).NQA measures the performance of different protocols running on the network. In that case, carriers can collect the operation index of networks in real time, such as: l l l l l l Total delay of the HTTP Delay in TCP connection Delay in DNS resolution File transmission speed Delay in FTP connection DNS resolution error ratio Taking control of these indexes, carriers can provide network services of different levels and charge differently. NQA is also an effective tool for diagnosing and locating a network fault.
NQA supports the following functions: l l l l l l l l l l l PWE3 tracert Multicast ping Multicast tracert CE-ping (ping the host from a VPLS PW) VPLS MAC ping and VPLS MAC trace VPLS MAC purge and VPLS MAC populate LSP ping, LSP tracerout, and MPLS jitter Verification of DNS functions through DISMAN-NSLOOKUP-MIB NMS management over all NQA functions through NQA-MIB Transmission of consecutive 3000 simulated voice packets in one test Minimum transmission intervals at 10 ms
Issue 02 (2011-08-12)
56
8.10 License
With the variation of the ATN 990 software functions and higher ratio of software cost occupying the overall cost, the current service mode cannot satisfy the development requirements of customers and carriers. l l Common users need to reduce the purchase cost. Upgrade and expansion users need to effectively control the capacity and functions.
To satisfy the requirements of different users, the ATN 990 needs to implement the flexible authorization to service modules. For the authorization control of service modules, the ATN 990 provides the License authorization management platform through the Global Trotter License (GTL). Through the License authorization mode: l l Common users can purchase service modules as required and reduce the purchase cost. Upgrade and expansion users can expand the capacity, and support and maintain the functions by applying for a new License.
Provides hierarchical commands to prevent unauthorized users from logging in to a device. Users can type in a question mark "?" to obtain online help. Provides detailed debugging information to diagnose network faults.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 57
l l
Provides DosKey-like functions to run a history command. Provides command line descriptors for partial match of keywords not conflicting with keywords of other command lines. For example, you can enter "disp" for the display command.
Issue 02 (2011-08-12)
58
9 NMS
9
SNMP
The ATN 990 supports SNMPv1, SNMPv2c, and SNMPv3. l l l SNMPv1 SNMPv2c
NMS
The ATN 990 supports device operation and management by the network management station through SNMP.
SNMPv1 supports community name-based and MIB view-based access control. SNMPv2c supports community name-based and MIB view-based access control. SNMPv3 SNMPv3 inherits the basic functions of SNMPv2c, defines a management frame, and introduces a User-based Security Model (USM) to provide a more secure access control mechanism for users. SNMPv3 supports user groups, user group-based access control, user-based access control, and authentication and encryption mechanisms.
NMS
The ATN 990 adopts Huawei iManager U2000 network management system. It supports SNMPv1/v2c/v3 and the client/server architecture. The network management system can run independently on many operation systems, such as Windows NT/2000/XP, UNIX (Sun, HP, and IBM). The ATN 990 also provides a multi-lingual graphical user interface.
LLDP
The Link Layer Discovery Protocol (LLDP) is a Layer 2 protocol defined in IEEE 802.1ab. LLDP specifies that the status information is stored on all interfaces and the device can send its status to the neighbor stations. The interfaces can also send information about changes in the status to the neighbor stations as required. The neighbor stations then store the received information in the standard SNMP MIB. The NMS can search for Layer 2 information in the MIB. As specified in the IEEE 802.1ab standard, the NMS can also discover unreasonable Layer 2 configurations based on information provided by LLDP. When LLDP runs on the devices, the NMS can obtain Layer 2 information about all the devices to which it connects and detailed network topology information. This is helpful to the rapid
Issue 02 (2011-08-12) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 59
9 NMS
expansion of the network and acquirement of detailed network topologies and changes. LLDP also helps discover unreasonable configurations on networks and reports the configurations to the NMS. This removes incorrect configurations in time.
Issue 02 (2011-08-12)
60
10
A AAA AAL5 AC ACL AF ANSI AP ARP ASBR ASIC ATM AUX
Authentication, Authorization and Accounting ATM Adaptation Layer 5 Access Controller Access Control List Assured Forwarding American National Standard Institute Access Point Address Resolution Protocol Autonomous System Boundary Router Application Specific Integrated Circuit Asynchronous Transfer Mode Auxiliary (port)
C CAR CBR CE
Issue 02 (2011-08-12)
Challenge Handshake Authentication Protocol Class of Service Center Processing Unit Constrained Route - Label Distribution Protocol
D DAA DC DHCP DNS DS Destination Address Accounting Direct Current Dynamic Host Configuration Protocol Domain Name Server Differentiated Services
E EACL EF EMC Enhanced Access Control List Expedited Forwarding EElectroMagnetic Compatibility
F FCC FE FEC FIB FIFO FR FTP Fast Channel Change Fast Ethernet Forwarding Equivalence Class Forward Information Base First In First Out Frame Relay File Transfer Protocol
G GE GRE GTS Gigabit Ethernet Generic Routing Encapsulation Generic Traffic Shaping
Issue 02 (2011-08-12)
62
HA HDLC HTTP
High availablity High level Data Link Control Hyper Text Transport Protocol
I iVSE ICMP IDC IEEE IETF IGMP IGP IP IPoA IPTN IPTV IPv4 IPv6 IPX IS-IS ISP ITU Integrated Value-added Service Engine Internet Control Message Protocol Internet Data Center Institute of Electrical and Electronics Engineers Internet Engineering Task Force Internet Group Management Protocol Interior Gateway Protocol Internet Protocol IP Over ATM IP Telephony Network Internet Protocol Television IP version 4 IP version 6 Internet Packet Exchange Intermedia System-Intermedia System; Interim inter-switch Signaling Protocol International Telecommunication Union - Telecommunication Standardization Sector
Local Area Network Liquid Crystal Display Link Control Protocol Label Distribution Protocol Label switching Edge Router Line Processing Unit Label Switched Path Label Switch Router
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 63
M MAC MBGP MD5 MIB MP MPLS MSDP MSTP MTBF MTTR MTU Media Access Control Multiprotocol Border Gateway Protocol Message Digest 5 Management Information Base Multilink PPP Multi-protocol Label Switch; Multicast Source Discovery Protocol Multiple Spanning Tree Protocol Mean Time Between Failures Mean Time To Repair Maximum Transmission Unit
N NLS NP NTP NVRAM Network Layer Signaling Network Processor Network Time Protocol Non-Volatile Random Access Memory
P PAP PE PFE PIC PIM-DM PIM-SM POP POS Password Authentication Protocol Provider Edge Packet Forwarding Engine Parallel Interference Cancellation Protocol Independent Multicast-Dense Mode Protocol Independent Multicast-Sparse Mode Point Of Presence Packet Over SDH/SONET
Issue 02 (2011-08-12)
64
PPP PQ PT PVC
R RADIUS RAM RED RFC RH RIP RMON ROM RP RPR RSVP RSVP-TE Remote Authentication Dial in User Service Random-Access Memory Random Early Detection Requirement for Comments Relative Humidity Routing Information Protocol Remote Monitoring Read Only Memory Rendezvous Point Resilient Packet Ring Resource Reservation Protocol RSVP-Traffic Engineering
S SAP SCSR SDH SDRAM SFU SLA SNAP SNMP Service Advertising Protocol Self-Contained Standing Routing Synchronous Digital Hierarchy Synchronous Dynamic Random Access Memory Switch Fabric Unit Service Level Agreement SubNet Attachment Point Simple Network Management Protocol
Issue 02 (2011-08-12)
65
Synchronous Optical Network Strict Priority SDH Physical Interface Secure Shell SDH Transport Module -16 Switching Virtual Connection
T TCP TE TFTP TM ToS TP Transfer Control Protocol Traffic Engineering Trivial File Transfer Protocol Traffic Manager Type of Service Topology and Protection packet
U UBR UDP UNI UTP Unspecified Bit Rate User Datagram Protocol User Network Interface Unshielded Twisted Pair
V VBR-NRT VBR-RT VC VCI VDC VLAN VLL VPI VPLS VPN Non-Real Time Variable Bit Rate Real Time Variable Bit Rate Virtual Circuit Virtual Channel Identifier Variable Dispersion Compensator Virtual Local Area Network Virtual Leased Line Virtual Path Identifier Virtual Private LAN Service Virtual Private Network
Issue 02 (2011-08-12)
66
VRP VRRP
W WAN WFQ WRED WRR Wide Area Network Weighted Fair Queuing Weighted Random Early Detection Weighted Round Robin
Issue 02 (2011-08-12)
67