31400134-MA5600 Feature Description - (V300R002 - 03)

SmartAX MA5600 Multi-service Access Module
V300R002
Feature Description
Issue 03
Date 2007-07-10
Part Number 31400134
Huawei Technologies Proprietary

Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Copyright 2007 Huawei Technologies Co., Ltd. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Proprietary

Feature Description Contents
Contents
About This Document.....................................................................................................................1

1 SHDSL Access.............................................................................................................................1-1
1.1 Introduction.....................................................................................................................................................1-2
1.2 Availability......................................................................................................................................................1-3
1.3 Principle..........................................................................................................................................................1-3
1.4 Implementation................................................................................................................................................1-5
1.5 Reference.........................................................................................................................................................1-5
2 VLAN............................................................................................................................................2-1
2.1 Standard VLAN...............................................................................................................................................2-2
2.1.1 Introduction............................................................................................................................................2-2
2.1.2 Availability.............................................................................................................................................2-3
2.1.3 Principle.................................................................................................................................................2-3
2.1.4 Implementation.......................................................................................................................................2-4
2.1.5 Reference................................................................................................................................................2-4
2.2 Smart VLAN...................................................................................................................................................2-4
2.2.1 Introduction............................................................................................................................................2-5
2.2.2 Availability.............................................................................................................................................2-5
2.2.3 Principle.................................................................................................................................................2-6
2.2.4 Implementation.......................................................................................................................................2-6
2.2.5 Reference................................................................................................................................................2-6
2.3 MUX VLAN...................................................................................................................................................2-6
2.3.1 Introduction............................................................................................................................................2-7
2.3.2 Availability.............................................................................................................................................2-7
2.3.3 Principle.................................................................................................................................................2-7
2.3.4 Implementation.......................................................................................................................................2-8
2.3.5 Reference................................................................................................................................................2-8
2.4 QinQ VLAN....................................................................................................................................................2-8
2.4.1 Introduction............................................................................................................................................2-8
2.4.2 Availability.............................................................................................................................................2-9
2.4.3 Principle.................................................................................................................................................2-9
2.4.4 Implementation.....................................................................................................................................2-10
2.4.5 Reference..............................................................................................................................................2-10
Issue 03 (2007-07-10) Huawei Technologies Proprietary i

Contents Feature Description
2.5 VLAN Stacking.............................................................................................................................................2-11

2.5.1 Introduction..........................................................................................................................................2-11
2.5.2 Availability...........................................................................................................................................2-12
2.5.3 Principle...............................................................................................................................................2-12
2.5.4 Implementation.....................................................................................................................................2-13
2.5.5 Reference..............................................................................................................................................2-14
2.6 Super VLAN.................................................................................................................................................2-14
2.6.1 Introduction..........................................................................................................................................2-14
2.6.2 Availability...........................................................................................................................................2-15
2.6.3 Principle...............................................................................................................................................2-15
2.6.4 Implementation.....................................................................................................................................2-16
2.6.5 Reference..............................................................................................................................................2-16
3 DHCP Relay................................................................................................................................ 3-1

3.1 Introduction.....................................................................................................................................................3-2
3.2 Availability......................................................................................................................................................3-3
3.3 Principle..........................................................................................................................................................3-3
3.4 Implementation................................................................................................................................................3-4
3.5 Reference.........................................................................................................................................................3-4
4 ARP Proxy....................................................................................................................................4-1
4.1 ARP.................................................................................................................................................................4-2
4.1.1 Introduction............................................................................................................................................4-2
4.1.2 Availability.............................................................................................................................................4-3
4.1.3 Principle.................................................................................................................................................4-3
4.1.4 Implementation.......................................................................................................................................4-4
4.1.5 Reference................................................................................................................................................4-4
4.2 ARP Proxy.......................................................................................................................................................4-4
4.2.1 Introduction............................................................................................................................................4-5
4.2.2 Availability.............................................................................................................................................4-5
4.2.3 Principle.................................................................................................................................................4-5
4.2.4 Implementation.......................................................................................................................................4-6
4.2.5 Reference................................................................................................................................................4-7
5 ACL............................................................................................................................................... 5-1
5.1 Introduction.....................................................................................................................................................5-2
5.2 Availability......................................................................................................................................................5-4
5.3 Principle..........................................................................................................................................................5-4
5.4 Implementation................................................................................................................................................5-5
5.5 Reference.........................................................................................................................................................5-5
6 QoS................................................................................................................................................6-1
6.1 Overview.........................................................................................................................................................6-2
6.1.1 Introduction............................................................................................................................................6-2
6.1.2 Availability.............................................................................................................................................6-3
ii Huawei Technologies Proprietary Issue 03 (2007-07-10)

6.1.3 Principle.................................................................................................................................................6-3
6.1.4 Implementation.......................................................................................................................................6-4
6.1.5 Reference................................................................................................................................................6-4
6.2 PQ....................................................................................................................................................................6-4
6.2.1 Introduction............................................................................................................................................6-4
6.2.2 Principle.................................................................................................................................................6-5
6.3 WRR................................................................................................................................................................6-5
6.3.1 Introduction............................................................................................................................................6-6
6.3.2 Principle.................................................................................................................................................6-6
7 RSTP.............................................................................................................................................7-1
7.1 Introduction.....................................................................................................................................................7-2
7.2 Availability......................................................................................................................................................7-3
7.3 Principle..........................................................................................................................................................7-3
7.4 Implementation................................................................................................................................................7-5
7.5 Reference.........................................................................................................................................................7-5
8 NTP...............................................................................................................................................8-1
8.1 Introduction.....................................................................................................................................................8-2
8.2 Availability......................................................................................................................................................8-3
8.3 Principle..........................................................................................................................................................8-3
8.4 Implementation................................................................................................................................................8-4
8.5 Reference.........................................................................................................................................................8-5
9 Multicast......................................................................................................................................9-1
9.1 Overview.........................................................................................................................................................9-2
9.1.1 Introduction............................................................................................................................................9-2
9.1.2 Availability.............................................................................................................................................9-3
9.1.3 Principle.................................................................................................................................................9-3
9.1.4 Implementation.......................................................................................................................................9-4
9.1.5 Reference................................................................................................................................................9-4
9.2 IGMP Snooping...............................................................................................................................................9-5
9.2.1 Introduction............................................................................................................................................9-5
9.2.2 Principle.................................................................................................................................................9-5
9.3 IGMP Proxy....................................................................................................................................................9-6
9.3.1 Introduction............................................................................................................................................9-6
9.3.2 Principle.................................................................................................................................................9-7
9.4 Program Management.....................................................................................................................................9-7
9.4.1 Introduction............................................................................................................................................9-7
9.4.2 Principle.................................................................................................................................................9-8
9.5 User Management...........................................................................................................................................9-9
9.5.1 Introduction............................................................................................................................................9-9
9.5.2 Principle.................................................................................................................................................9-9
10 Triple Play...............................................................................................................................10-1
Issue 03 (2007-07-10) Huawei Technologies Proprietary iii

10.1 Features of Triply Play................................................................................................................................10-2

10.1.1 Introduction........................................................................................................................................10-2
10.1.2 Availability.........................................................................................................................................10-3
10.1.3 Principle.............................................................................................................................................10-3
10.1.4 Implementation...................................................................................................................................10-4
10.1.5 Reference............................................................................................................................................10-4
10.2 Multi-PVC for Multiple Services................................................................................................................10-4
10.2.1 Introduction........................................................................................................................................10-4
10.2.2 Principle.............................................................................................................................................10-5
11 Routing.....................................................................................................................................11-1
11.1 Overview.....................................................................................................................................................11-2
11.1.1 Introduction........................................................................................................................................11-2
11.1.2 Availability.........................................................................................................................................11-3
11.1.3 Principle.............................................................................................................................................11-3
11.1.4 Implementation...................................................................................................................................11-8
11.1.5 Reference............................................................................................................................................11-8
11.2 Static Route.................................................................................................................................................11-8
11.2.1 Introduction........................................................................................................................................11-8
11.2.2 Principle.............................................................................................................................................11-9
11.3 Dynamic Route............................................................................................................................................11-9
11.3.1 Introduction........................................................................................................................................11-9
11.3.2 Principle...........................................................................................................................................11-10
12 Ethernet Link Aggregation...................................................................................................12-1

12.1 Introduction.................................................................................................................................................12-2
12.2 Availability..................................................................................................................................................12-3
12.3 Principle......................................................................................................................................................12-3
12.4 Implementation............................................................................................................................................12-4
12.5 Reference.....................................................................................................................................................12-4
13 ATM Subtending...................................................................................................................13-1
13.1 Introduction.................................................................................................................................................13-2
13.2 Availability..................................................................................................................................................13-3
13.3 Principle......................................................................................................................................................13-3
13.4 Implementation............................................................................................................................................13-5
13.5 Reference.....................................................................................................................................................13-6
14 MPLS........................................................................................................................................14-1
14.1 MPLS Feature Description..........................................................................................................................14-2
14.1.1 Introduction........................................................................................................................................14-2
14.1.2 Availability.........................................................................................................................................14-5
14.1.3 Principle.............................................................................................................................................14-5
14.1.4 Implementation...................................................................................................................................14-6
14.1.5 Reference............................................................................................................................................14-6
iv Huawei Technologies Proprietary Issue 03 (2007-07-10)

14.2 MPLS PWE3...............................................................................................................................................14-6

14.2.1 Introduction........................................................................................................................................14-6
14.2.2 Principle.............................................................................................................................................14-8
14.2.3 Implementation.................................................................................................................................14-10
14.2.4 Reference..........................................................................................................................................14-10
15 System Security......................................................................................................................15-1
15.1 System Security Features............................................................................................................................15-2
15.1.1 Introduction........................................................................................................................................15-2
15.1.2 Availability.........................................................................................................................................15-4
15.1.3 Principle.............................................................................................................................................15-4
15.1.4 Implementation...................................................................................................................................15-4
15.1.5 Reference............................................................................................................................................15-5
15.2 Anti-DoS Attack..........................................................................................................................................15-5
15.2.1 Introduction........................................................................................................................................15-5
15.2.2 Availability.........................................................................................................................................15-6
15.2.3 Principle.............................................................................................................................................15-6
15.2.4 Implementation...................................................................................................................................15-7
15.3 Anti-ICMP/IP Attack..................................................................................................................................15-7
15.3.1 Introduction........................................................................................................................................15-7
15.3.2 Principle.............................................................................................................................................15-7
15.4 Source Route Filtering................................................................................................................................15-8
15.4.1 Introduction........................................................................................................................................15-8
15.4.2 Principle.............................................................................................................................................15-8
15.5 MAC Address Filtering...............................................................................................................................15-8
15.5.1 Introduction........................................................................................................................................15-9
15.5.2 Availability.........................................................................................................................................15-9
15.5.3 Principle.............................................................................................................................................15-9
15.6 Firewall Black List....................................................................................................................................15-10
15.6.1 Introduction......................................................................................................................................15-10
15.6.2 Principle...........................................................................................................................................15-10
15.7 Firewall......................................................................................................................................................15-11
15.7.1 Introduction......................................................................................................................................15-11
15.7.2 Principle...........................................................................................................................................15-11
15.8 Address Segments Configuration..............................................................................................................15-12
15.8.1 Introduction......................................................................................................................................15-12
15.8.2 Principle...........................................................................................................................................15-12
16 User Security...........................................................................................................................16-1
16.1 PITP.............................................................................................................................................................16-2
16.1.1 Introduction........................................................................................................................................16-2
16.1.2 Availability.........................................................................................................................................16-3
16.1.3 Principle.............................................................................................................................................16-3
16.1.4 Implementation.................................................................................................................................16-10
Issue 03 (2007-07-10) Huawei Technologies Proprietary v

16.1.5 Reference..........................................................................................................................................16-10
16.2 DHCP Option82........................................................................................................................................16-10
16.2.1 Introduction......................................................................................................................................16-11
16.2.2 Availability.......................................................................................................................................16-11
16.2.3 Principle...........................................................................................................................................16-12
16.2.4 Implementation.................................................................................................................................16-13
16.2.5 Reference..........................................................................................................................................16-14
16.3 RAIO.........................................................................................................................................................16-14
16.3.1 Introduction......................................................................................................................................16-14
16.3.2 Availability.......................................................................................................................................16-15
16.3.3 Principle...........................................................................................................................................16-15
16.3.4 Implementation.................................................................................................................................16-17
16.3.5 Reference..........................................................................................................................................16-17
16.4 IP Address Binding...................................................................................................................................16-17
16.4.1 Introduction......................................................................................................................................16-18
16.4.2 Availability.......................................................................................................................................16-18
16.4.3 Principle...........................................................................................................................................16-18
16.4.4 Implementation.................................................................................................................................16-18
16.4.5 Reference..........................................................................................................................................16-18
16.5 MAC Address Binding..............................................................................................................................16-19
16.5.1 Introduction......................................................................................................................................16-19
16.5.2 Availability.......................................................................................................................................16-20
16.5.3 Principle...........................................................................................................................................16-20
16.5.4 Implementation.................................................................................................................................16-20
16.5.5 Reference..........................................................................................................................................16-20
16.6 Anti-MAC Spoofing..................................................................................................................................16-20
16.6.1 Introduction......................................................................................................................................16-21
16.6.2 Availability.......................................................................................................................................16-22
16.6.3 Principle...........................................................................................................................................16-22
16.6.4 Implementation.................................................................................................................................16-22
16.6.5 Reference..........................................................................................................................................16-23
16.7 Anti-IP Spoofing.......................................................................................................................................16-23
16.7.1 Introduction......................................................................................................................................16-23
16.7.2 Availability.......................................................................................................................................16-24
16.7.3 Principle...........................................................................................................................................16-24
16.7.4 Implementation.................................................................................................................................16-24
16.7.5 Reference..........................................................................................................................................16-24
17 PPPoA Access..........................................................................................................................17-1
17.1 Introduction.................................................................................................................................................17-2
17.2 Availability..................................................................................................................................................17-2
17.3 Principle......................................................................................................................................................17-3
17.4 Implementation............................................................................................................................................17-4
vi Huawei Technologies Proprietary Issue 03 (2007-07-10)

17.5 Reference.....................................................................................................................................................17-4
18 IPoA Access.............................................................................................................................18-1
18.1 Introduction.................................................................................................................................................18-2
18.2 Availability..................................................................................................................................................18-2
18.3 Principle......................................................................................................................................................18-3
18.4 Implementation............................................................................................................................................18-4
18.5 Reference.....................................................................................................................................................18-4
19 Subtended Network Configuration....................................................................................19-1

19.1 Introduction.................................................................................................................................................19-2
19.2 Availability..................................................................................................................................................19-3
19.3 Principle......................................................................................................................................................19-3
19.4 Implementation............................................................................................................................................19-6
19.5 Reference.....................................................................................................................................................19-6
20 Environment Monitoring......................................................................................................20-1
20.1 Introduction.................................................................................................................................................20-2
20.2 Availability..................................................................................................................................................20-3
20.3 Principle......................................................................................................................................................20-3
20.4 Implementation............................................................................................................................................20-6
20.5 Reference.....................................................................................................................................................20-6
21 Ethernet OAM.........................................................................................................................21-1
21.1 Introduction.................................................................................................................................................21-2
21.2 Availability..................................................................................................................................................21-4
21.3 Principle......................................................................................................................................................21-4
21.4 Implementation............................................................................................................................................21-6
21.5 Reference.....................................................................................................................................................21-6
A Acronyms and Abbreviations................................................................................................A-1

Index.................................................................................................................................................i-1
Issue 03 (2007-07-10) Huawei Technologies Proprietary vii

Feature Description Figures
Figures
Figure 1-1 Typical SHDSL application model ....................................................................................................1-3

Figure 1-2 SHDSL terminal model......................................................................................................................1-4
Figure 2-1 802.1Q-based VLAN frame............................................................................................................... 2-3
Figure 2-2 QinQ VLAN service process............................................................................................................2-10
Figure 2-3 VLAN stacking service process........................................................................................................2-13
Figure 2-4 Super VLAN service process...........................................................................................................2-15
Figure 3-1 DHCP relay networking..................................................................................................................... 3-4
Figure 4-1 Implementation of the ARP proxy......................................................................................................4-6
Figure 5-1 ACL based filtering............................................................................................................................5-4
Figure 6-1 Schematic diagram of PQ...................................................................................................................6-5
Figure 7-1 Schematic drawing of designated bridge and designated port............................................................7-3
Figure 8-1 Operating principles of the NTP.........................................................................................................8-4
Figure 9-1 Tree multicast network.......................................................................................................................9-4
Figure 10-1 Operating principles of multi-PVC for multiple services...............................................................10-5
Figure 11-1 Working principles of routers.........................................................................................................11-4
Figure 11-2 Interconnected networks.................................................................................................................11-5
Figure 12-1 Manual link aggregation principles................................................................................................12-3
Figure 13-1 ATM subtending network for upstream transmission through Ethernet........................................13-4
Figure 13-2 ATM subtending network for upstream transmission through a private line.................................13-5
Figure 14-1 MPLS network structure.................................................................................................................14-5
Figure 14-2 MPLS PWE3 topology...................................................................................................................14-8
Figure 14-3 Packet encapsulation mode of ATM Nto1 PW...............................................................................14-9
Figure 14-4 Packet encapsulation mode of ATM SDU PW..............................................................................14-9
Figure 14-5 Packet encapsulation mode of Ethernet Tagged PW....................................................................14-10
Figure 15-1 System security application model of the MA5600.......................................................................15-3
Figure 16-1 PPPoE dialup process in PITP V mode..........................................................................................16-4
Figure 16-2 V mode packet format....................................................................................................................16-5
Figure 16-3 PPPoE dialup process in PITP P mode...........................................................................................16-8
Figure 16-4 Packet format in P mode.................................................................................................................16-9
Figure 16-5 PPPoE payload field format...........................................................................................................16-9
Figure 16-6 Vendor tag format.........................................................................................................................16-10
Figure 16-7 DHCP process with DHCP Option82 enabled.............................................................................16-12
Figure 16-8 Format of a DHCP Option82 field...............................................................................................16-13
Issue 03 (2007-07-10) Huawei Technologies Proprietary ix

Figures Feature Description
Figure 16-9 Sub options of DHCP Option82...................................................................................................16-13

Figure 17-1 PPPoA implementation process......................................................................................................17-3
Figure 18-1 IPoA implementation process.........................................................................................................18-3
Figure 19-1 Local subtended network configuration in a star topology............................................................19-4
Figure 19-2 Local subtended network configuration in a daisy chain topology................................................19-4
Figure 19-3 Remote subtended network configuration......................................................................................19-5
Figure 19-4 RSTP ring network.........................................................................................................................19-6
Figure 20-1 Master slave communication..........................................................................................................20-3
Figure 21-1 Connectivity check.........................................................................................................................21-4
Figure 21-2 Loopback detection.........................................................................................................................21-5
Figure 21-3 Link tracing.....................................................................................................................................21-6
x Huawei Technologies Proprietary Issue 03 (2007-07-10)

Feature Description Tables
Tables
Table 1-1 Acronyms and abbreviations concerning SHDSL............................................................................... 1-3

Table 1-2 TC-PAM coding technology................................................................................................................1-4
Table 2-1 Acronyms and abbreviations concerning the standard VLAN.............................................................2-3
Table 2-2 Acronyms and abbreviations concerning smart VLAN.......................................................................2-5
Table 2-3 Acronyms and abbreviations concerning QinQ VLAN.......................................................................2-9
Table 2-4 Acronyms and abbreviations concerning VLAN stacking.................................................................2-12
Table 3-1 Acronyms and abbreviations concerning DHCP relay........................................................................ 3-3
Table 4-1 Acronyms and abbreviations concerning ARP....................................................................................4-3
Table 5-1 ACL types............................................................................................................................................ 5-2
Table 5-2 Acronyms and abbreviations concerning the ACL..............................................................................5-3
Table 6-1 Glossary of technical terms concerning the QoS.................................................................................6-3
Table 6-2 Abbreviations and acronyms concerning the QoS...............................................................................6-3
Table 7-1 Acronyms and abbreviations concerning the RSTP.............................................................................7-2
Table 8-1 Glossary of technical terms concerning the NTP.................................................................................8-3
Table 8-2 Acronyms and abbreviations concerning the NTP...............................................................................8-3
Table 9-1 Acronyms and abbreviations concerning multicast............................................................................. 9-3
Table 10-1 Acronyms and abbreviations concerning triple play........................................................................10-3
Table 11-1 Acronyms and abbreviations concerning routing.............................................................................11-3
Table 11-2 Routing table of Router 8.................................................................................................................11-5
Table 11-3 Routing protocols and their default routing priorities......................................................................11-6
Table 12-1 Glossary of technical terms concerning the Ethernet link aggregation............................................12-2
Table 12-2 Acronyms and abbreviations concerning the Ethernet link aggregation..........................................12-3
Table 13-1 Glossary of technical terms concerning ATM.................................................................................13-3
Table 13-2 Acronyms and abbreviations concerning ATM...............................................................................13-3
Table 14-1 Glossary of technical terms concerning MPLS................................................................................14-4
Table 14-2 Acronyms and abbreviations concerning MPLS..............................................................................14-5
Table 14-3 Glossary of technical terms concerning MPLS PWE3....................................................................14-7
Table 14-4 Acronyms and abbreviations concerning MPLS PWE3..................................................................14-8
Table 15-1 Glossary of technical terms concerning system security.................................................................15-3
Table 15-2 Acronyms and abbreviations concerning system security...............................................................15-4
Table 16-1 Acronyms and abbreviations concerning PITP................................................................................16-3
Table 16-2 Fields of a V mode packet................................................................................................................16-5
Table 16-3 Fields of a PPPoE packet.................................................................................................................16-9
Issue 03 (2007-07-10) Huawei Technologies Proprietary xi

Tables Feature Description
Table 16-4 Acronyms and abbreviations concerning DHCP Option82...........................................................16-11

Table 16-5 Fields of a DHCP Option82 packet................................................................................................16-13
Table 16-6 Acronyms and abbreviations concerning RAIO............................................................................16-15
Table 16-7 CID formats in various access modes............................................................................................16-15
Table 16-8 RAIO fields in service-port-userlabel mode..................................................................................16-17
Table 17-1 Acronyms and abbreviations concerning PPPoA access.................................................................17-2
Table 18-1 Acronyms and abbreviations concerning IPoA access....................................................................18-2
Table 19-1 Glossary of technical terms concerning a subtended network configuration...................................19-2
Table 19-2 Acronyms and abbreviations concerning a subtended network configuration................................19-3
Table 20-1 Acronyms and abbreviations............................................................................................................20-3
Table 21-1 Glossary of technical terms concerning Ethernet OAM..................................................................21-3
Table 21-2 Acronyms and abbreviations concerning Ethernet OAM................................................................21-3
xii Huawei Technologies Proprietary Issue 03 (2007-07-10)

Feature Description About This Document
About This Document
Purpose
This document describes the key features of the MA5600 in detail from the following aspects:
l Definition
l Purpose
l Specification
l Principle
l Implementation
This document also provides the glossary, acronyms and abbreviations, as well as references
concerning these features of the MA5600.
Related Versions
The following table lists the product versions related to this document.
Product Name Version
MA5600 V300R002
N2000 BMS V200R008
Intended Audience
The intended audience of this document is:
l Network planning engineers

l Data configuration engineers
Organization
This document consists of the following parts and is organized as follows.
Issue 03 (2007-07-10) Huawei Technologies Proprietary 1

About This Document Feature Description
Chapter... Describes...
1 SHDSL Access The definition, purpose, specification, principle glossary,

acronyms and abbreviations, as well as references on the
SHDSL access
2 VLAN The definition, purpose, specification, principle glossary,

VLAN
3 DHCP Relay The definition, purpose, specification, principle glossary,

DHCP relay
4 ARP Proxy The definition, purpose, specification, principle glossary,

ARP proxy
5 ACL The definition, purpose, specification, principle glossary,

ACL
6 QoS The definition, purpose, specification, principle glossary,

QoS
7 RSTP The definition, purpose, specification, principle glossary,

RSTP
8 NTP The definition, purpose, specification, principle glossary,

NTP
9 Multicast The definition, purpose, specification, principle glossary,

multicast
10 Triple Play The definition, purpose, specification, principle glossary,

triple play
11 Routing The definition, purpose, specification, principle glossary,

routing
12 Ethernet Link The definition, purpose, specification, principle glossary,

Aggregation acronyms and abbreviations, as well as references on the
Ethernet link aggregation
13 ATM Subtending The definition, purpose, specification, principle glossary,

ATM subtending
2 Huawei Technologies Proprietary Issue 03 (2007-07-10)

Chapter... Describes...
14 MPLS The definition, purpose, specification, principle glossary,

MPLS
15 System Security The definition, purpose, specification, principle glossary,

system security
16 User Security The definition, purpose, specification, principle glossary,

user security
17 PPPoA Access The definition, purpose, specification, principle glossary,

PPPoA access
18 IPoA Access The definition, purpose, specification, principle glossary,

IPoA access
19 Subtended Network The definition, purpose, specification, principle glossary,

Configuration acronyms and abbreviations, as well as references on the
subtended network configuration
20 Environment Monitoring The definition, purpose, specification, principle glossary,

environment monitoring
21 Ethernet OAM The definition, purpose, specification, principle glossary,

Ethernet OAM
A Acronyms and The acronyms and abbreviations concerning all the features
Abbreviations of the MA5600
Conventions
Symbol Conventions
The following symbols may be found in this document. They are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk which, if not

avoided, will result in death or serious injury.
DANGER
Indicates a hazard with a medium or low level of risk which,

if not avoided, could result in minor or moderate injury.
WARNING

Symbol Description
Indicates a potentially hazardous situation that, if not

avoided, could cause equipment damage, data loss, and
CAUTION
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
your time.
NOTE Provides additional information to emphasize or

supplement important points of the main text.
General Conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Boldface Names of files, directories, folders, and users are in

boldface. For example, log in as user root.
Italic Book titles are in italics.

Courier New Terminal display is in Courier New.
Command Conventions
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[] Items (keywords or arguments) in square brackets [ ] are

optional.
{ x | y | ... } Alternative items are grouped in braces and separated by

vertical bars. One is selected.
[ x | y | ... ] Optional alternative items are grouped in square brackets

and separated by vertical bars. One or none is selected.
{ x | y | ... } * Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can
be selected.
GUI Conventions
Boldface Buttons, menus, parameters, tabs, window, and dialog titles

are in boldface. For example, click OK.

> Multi-level menus are in boldface and separated by the >

signs. For example, choose File > Create > Folder.
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl
+Alt+A means the three keys should be pressed
concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.
Mouse Operation
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Double-click Press the primary mouse button twice continuously and

quickly without moving the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Issue 03 (2007-07-10)
This is the third release for the issue 02 (2007-04-15). The third release has the following updates:
Description of Environment Monitoring is added.
Issue 02 (2007-04-15)
This is the second release for the issue 01 (2006-08-10). The second release has the following
updates:
l ATM Subtending
l PPPoA Access
l IPoA Access
l Subtended Network Configuration

l Ethernet OAM
Issue 01 (2006-08-10)
It is the first release.

Feature Description 1 SHDSL Access
1 SHDSL Access
About This Chapter
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the SHDSL access.
1.1 Introduction
This section describes the definition, purpose, specification, as well as acronyms and
abbreviations of the SHDSL access.
1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
1.3 Principle
This section describes the operating principles of the SHDSL access.
1.4 Implementation
This section describes the implementation of the SHDSL access.
1.5 Reference
This section describes the references on the SHDSL access.
Issue 03 (2007-07-10) Huawei Technologies Proprietary 1-1

1 SHDSL Access Feature Description
1.1 Introduction
abbreviations of the SHDSL access.
Definition
Single-pair high-speed digital subscriber line (SHDSL) is a symmetrical transmission
technology that is used for providing the high-speed leased line access over the twisted pair. It
is developed on the basis of the following technologies:
l High-speed digital subscriber line (HDSL)
l Symmetrical digital subscriber line (SDSL)
l High-speed digital subscriber line 2 (HDSL2)
SHDSL complies with ITU-T G.991.2.

An SHDSL port connects to a user end device through a common telephone line (copper twisted
pair) to provide high-speed broadband access using the trellis coded pulse amplitude modulation
(TC-PAM).
Purpose
This feature is used to provide high-speed leased line access service over common twisted pairs
with a reach of 3-6 km.
Specification
l SHDSL is implemented based on ITU-T Recommendation G.991.2.
l The MA5600 supports 2-wire SHDSL and 4-wire SHDSL. The upstream rate ranges from
192 Kbit/s to 2304 Kbit/s, and the downstream rate is 2312 Kbit/s. In 2-wire mode, the rate
adjustment granularity is 64 Kbit/s, and in 4-wire mode, the rate adjustment granularity is
128 Kbit/s.
l The MA5600 supports 24-port SHDSL access.
l SHDSL supports a maximum reach of 6 km.
l The MA5600 supports the network timing reference (NTR) clock.
l The MA5600 supports Ethernet and E1/V.35 access.
l The MA5600 supports auto rate adjustment according to the line conditions during the
initialization.
l The MA5600 supports configuration, modification and query of the SHDSL line profile
parameters.
l The MA5600 supports report of the alarms and maintenance messages of the line.
1-2 Huawei Technologies Proprietary Issue 03 (2007-07-10)

Acronyms and Abbreviations
Table 1-1 Acronyms and abbreviations concerning SHDSL
Acronym Full Expansion
SHDSL Single-pair high-speed digital subscriber line
SDSL Symmetrical digital subscriber line
HDSL High-speed digital subscriber line
TC-PAM Trellis coded pulse amplitude modulation
1.2 Availability
l The SHEA board supports the SHDSL feature.

l The modem supports the SHDSL protocol.
1.3 Principle
This section describes the operating principles of the SHDSL access.
Typical Application Model

SHDSL complies with G991.2 (2001).
Figure 1-1 shows a typical SHDSL application model.
Figure 1-1 Typical SHDSL application model

S/T
User
Terminal U-R U-C U-R U-C U-R U-C V
CO
.
..
STU-R DLL SRU DLL DLL Network

STU-C
S/T
User
Terminal
.. Optional
.
T1541150-00
Optional (114701)
One SHDSL system consists of:
l An SHDSL transceiver unit - central office end (STU-C)

l An SHDSL transceiver unit - remote end (STU-R)
l User terminals
Multiple repeaters can be added to the line between the STU-C and the STU-R.

1 SHDSL Access Feature Description
l The STU-C provides central office service ports.

l The STU-R provides user ports for connecting to multiple user terminals.
l The SHDSL repeater unit (SRU) refers to the repeater. It is used for signal resuming and
re-sending in ultra-distance transmission, thus increasing the transmission distance.
The MA5600 does not support repeaters.
Terminal Model
Figure 1-2 shows an SHDSL terminal model.
Figure 1-2 SHDSL terminal model

gR b a gC
STU-R STU-C
I/F I/F
TPS-TC
PMS-TC
PMS-TC
TPS-TC
Customer
PDM
PDM
Application
interface (s) SRU interface (s)
I/F I/F
...
...
Optional
Optional Optional
Application Application Application Application

specific section invariant section invariant section specific section
T1541130-00
(114701)
l PDM module
This module implements functions such as:

Regular element generation and recovery
Coding/decoding
Modulation/demodulation
Echo cancellation
Line equalization
Link start
SHDSL mainly adopts the trellis coded pulse amplitude modulation (TC-PAM) technology.
Table 1-2 lists the TC-PAM coding technology.
Table 1-2 TC-PAM coding technology
Standard Content
SHDSL R = n x 64 + (i) x 8, 3 n 36, and 0 i 7 (1922312 kbit/s)
l PMS-TC module
The PMS-TC module implements functions such as:

Framing

Frame synchronization
Scrambling
Descrambling
l TPS-TC layer
The TPS-TC module implements functions such as:

Mapping and encapsulation of data frames
Multiplexing and demultiplexing
Timing alignment of multiple user data channels
l I/F of the central office device
Providing ATM ports or circuit ports

Encapsulating packets from ATM ports and transmitted over ATM network into
Ethernet packets or E1/V3.5 packets through the segmentation and reassembly (SAR)
module; and then transmitting the packets over the Ethernet network or the E1 link.
Transmitting packets from the circuit ports over the E1/V.35 link of the time division
multiplexing (TDM) network.
l I/F of the user end device
Providing Ethernet ports (for delivering the ATM cells processed by the SAR module) or
E1/V.35 ports.
The SHDSL board of the MA5600 is based on ATM. The user end supports output from the
Ethernet port (in broadband access) or E1/V.35 port (private line access). In the upstream
direction, the user end is connected to the metropolitan area network (MAN).
1.4 Implementation
This section describes the implementation of the SHDSL access.
The SHDSL access feature takes effect automatically.
For details of the SHDSL access configuration, refer to "SHDSL Service Configuration" in
the MA5600 Configuration Guide.
1.5 Reference
This section describes the references on the SHDSL access.
The following lists the references on the SHDSL access:
l ITU-T Recommendation G.991.2 (2003), Single-pair high-speed digital subscriber line

(SHDSL) transceivers
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference

Feature Description 2 VLAN
2 VLAN
About This Chapter
abbreviations, and standard compliance of the VLAN.
2.1 Standard VLAN

This section describes the standard VLAN feature and its implementation on the MA5600.
2.2 Smart VLAN
This section describes the smart VLAN feature and its implementation on the MA5600.
2.3 MUX VLAN
This section describes the MUX VLAN feature and its implementation on the MA5600.
2.4 QinQ VLAN
This section describes the QinQ VLAN feature and its implementation on the MA5600.
2.5 VLAN Stacking
This section describes the VLAN stacking feature and its implementation on the MA5600.
2.6 Super VLAN
This section describes the super VLAN feature and its implementation on the MA5600.

2 VLAN Feature Description
2.1 Standard VLAN

This section describes the standard VLAN feature and its implementation on the MA5600.
2.1.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the standard VLAN.
2.1.2 Availability
2.1.3 Principle
This section describes the principles of the standard VLAN.
2.1.4 Implementation
This section describes the implementation of the standard VLAN.
2.1.5 Reference
This section describes the references on the standard VLAN.
2.1.1 Introduction
abbreviations of the standard VLAN.
Definition
Virtual local area network (VLAN) is a logical network from end to end in different network
segments or different networks. A VLAN can form a logical sub-network that is a logical but
not physical broadcast domain covering multiple network devices.
The IEEE issued draft IEEE 802.1Q in 1999 aims at standardizing VLAN implementations.
A standard VLAN is a kind of VLAN which contains multiple interconnected standard Ethernet
ports. Logically, all the ports in a standard VLAN are equal.
Purpose
All the Ethernet ports in a standard VLAN can communicate with each other. An Ethernet port
in a standard VLAN is isolated from an Ethernet port in another standard VLAN.
The standard VLAN is primarily used for subtending. The MA5600 supports the Ethernet
subtending networking. Several DSLAMs in different tiers can be subtended through the GE/
FE ports, which can extend the network coverage and satisfy the requirements for large access
capacity.
Specification
The MA5600 supports up to standard VLANs.
The VLAN ID ranges from 1 to 4095. The default VLAN ID of the system is 1.
Limitation

For the MA5600, a standard VLAN can include only the standard Ethernet ports provided by
the SCU board.
Glossary
None
Table 2-1 Acronyms and abbreviations concerning the standard VLAN

Acronym Full Expression
VLAN Virtual local area network
CFI Canonical format indicator
FDDI Fiber distributed digital interface
2.1.2 Availability
No additional hardware is required for supporting the standard VLAN.
2.1.3 Principle
This section describes the principles of the standard VLAN.
The standard VLAN can be planned according to the following parameters:
l Port
l MAC address
l Protocol type
l IP address mapping
l Multicast
l Policy
Unless otherwise stated, the VLAN described herein is based on ports, which is a common way
for planning VLANs in the telecom industry.
The standard VLAN strictly complies with the 802.1Q standard. In the IEEE 802.1Q standard,
the format of an Ethernet frame is modified by adding the 4-byte 802.1Q tag between the source
MAC address field and the protocol type field. See Figure 2-1 for details.
Figure 2-1 802.1Q-based VLAN frame
802.1Q tag
Destination Source Length/ FCS
PRI/CFI/ Data
address address Type Type (CRC-32)
VID
46 bytes
6 bytes 6 bytes 4 bytes 2 bytes 4 bytes
-1517 bytes

802.1Q tag contains the following fields:

l Type
It indicates the frame type with the length of two bytes. 0x8100 indicates a frame with the
802.1Q tag. Such a frame will be discarded by a device that does not support 802.1Q.
l PRI
It indicates the priority of a frame with the length of three bits. It is in the range of 07 and
applies to QoS. 0 indicates the lowest priority, and 7 indicates the highest priority.
l CFI
Canonical format indicator (CFI) with the length of one bit. It indicates whether the format
of a MAC address is typical or not, and applies to a bus-typed network or a token ring
network and a fiber distribution data interface (FDDI).
l VID
VLAN ID with the length of 12 bits. It indicates the VLAN to which a frame belongs.
This section describes the implementation of the standard VLAN.
The standard VLAN takes effect automatically.
For details of the standard VLAN configurations, refer to "VLAN Configuration" in the
MA5600 Configuration Guide.
2.1.5 Reference
This section describes the references on the standard VLAN.
The following lists the references on the standard VLAN:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks
2.2 Smart VLAN

This section describes the smart VLAN feature and its implementation on the MA5600.
2.2.1 Introduction
abbreviations of the smart VLAN.
2.2.2 Availability
2.2.3 Principle
This section describes the principles of the smart VLAN.
This section describes the implementation of the smart VLAN.
2.2.5 Reference

This section describes the references on the smart VLAN.
2.2.1 Introduction
abbreviations of the smart VLAN.
Definition
A smart VLAN is a VLAN that contains multiple upstream ports and multiple service virtual
ports. The service ports are isolated from each other in terms of traffic. The upstream ports can
communicate with each other, and the upstream ports and service virtual ports can also
communicate with each other.
Purpose
A smart VLAN can serve multiple xDSL users, thus saving VLAN resources.
Specification
The MA5600 supports up to 4096 smart VLANs. There is no limit to the number of the upstream
ports and that of the service ports in each smart VLAN.
Limitation
A smart VLAN has the following limitations:

l If a VLAN contains a layer 3 (L3) interface, to delete the VLAN, you need to delete the
interface first.
l If a VLAN contains a service virtual port, to delete the VLAN, you need to delete the service
virtual port first.
Glossary
None
Table 2-2 Acronyms and abbreviations concerning smart VLAN
xDSL X digital subscriber line
2.2.2 Availability
No additional hardware is required for supports the smart VLAN.

2.2.3 Principle
This section describes the principles of the smart VLAN.
In addition to all the features of a standard VLAN, a smart VLAN has the following features:
l There are two types of ports in the smart VLAN, upstream ports and service ports, which
are not treated equally.
The service ports are isolated from each other in terms of traffic.
The upstream ports can interconnect with each other.
The service port and the upstream port can interconnect with each other.
l The broadcast domain of the upstream port of the smart VLAN covers all the ports of the
VLAN. The broadcast domain of the service port, however, contains only the upstream
port. In contrast, the broadcast domain of each port of the standard VLAN covers all the
ports in the VLAN.
This section describes the implementation of the smart VLAN.
The smart VLAN takes effect automatically.
For details of the smart VLAN configurations, refer to "VLAN Configuration" in the
2.2.5 Reference
This section describes the references on the smart VLAN.
The following lists the references on the smart VLAN:

Local Area Networks.
2.3 MUX VLAN

This section describes the MUX VLAN feature and its implementation on the MA5600.
2.3.1 Introduction
abbreviations of the MUX VLAN.
2.3.2 Availability
2.3.3 Principle
This section describes the principles of the MUX VLAN.
This section describes the implementation of the MUX VLAN.

2.3.5 Reference
This section describes the references on the MUX VLAN.
2.3.1 Introduction
abbreviations of the MUX VLAN.
Definition
A MUX VLAN is a VLAN that contains one or more upstream ports, but contains only one
service port. Any two MUX VLANs are isolated.
Purpose
One-to-one mapping can be set up between a MUX VLAN and an access user. Hence, a MUX
VLAN can uniquely identify an access user. The MUX VLAN is used when users are
distinguished according to VLANs.
Specification
The MA5600 supports up to 4K MUX VLANs.
Limitation
A MUX VLAN has the following limitations:

l If a VLAN contains a L3 interface, to delete the VLAN, you must delete the interface first.
l If a VLAN contains a service port, to delete the VLAN, you must delete the port first.
Glossary
None

None
2.3.2 Availability
No additional hardware is required for supporting the MUX VLAN.
2.3.3 Principle
This section describes the principles of the MUX VLAN.
One MUX VLAN corresponds to one service port. Therefore, MUX VLANs can be used to
differentiate the users.

This section describes the implementation of the MUX VLAN.
The MUX VLAN takes effect automatically.
For details of the MUX VLAN configurations, refer to "VLAN Configuration" in the
2.3.5 Reference
This section describes the references on the MUX VLAN.
The following lists the references on the MUX VLAN:

2.4 QinQ VLAN

This section describes the QinQ VLAN feature and its implementation on the MA5600.
2.4.1 Introduction
abbreviations of the QinQ VLAN.
2.4.2 Availability
2.4.3 Principle
This section describes the principles of the QinQ VLAN.
This section describes the implementation of the QinQ VLAN.
2.4.5 Reference
This section describes the references on the QinQ VLAN.
2.4.1 Introduction
abbreviations of the QinQ VLAN.
Definition
QinQ, that is, 802.1Q in 802.1Q, is a visualized name for the tunnel protocol encapsulated based
on IEEE 802.1Q. For a VLAN packet that has the QinQ attribute, it contains two VLAN tags:
inner VLAN tag from the private network and outer VLAN tag from the MA5600.
Through the outer VLAN tag, a layer 2 (L2) VPN tunnel can be set up to transparently transmit
service data from private networks to public networks.

Purpose
The core of QinQ is to encapsulate the VLAN tag of the private network packet to the VLAN
tag of the public network. The packet carrying two VLAN tags in the form of IEEE 802.1Q is
forwarded to the user, after passing the operator's backbone network.
In a word, the QinQ VLAN provides the users with a simple L2 VPN tunnel service, which
extends the coverage of the private network to some extent. The QinQ supports transparently
transmitting the private VLAN to the peer end.
The leased line service herein refers to the private network service that is transparently
transmitted to the peer network end, for example, the Intranet service.
Specification
The MA5600 supports up to 4096 QinQ VLANs.
Limitation
The attribute of the following VLANs cannot be QinQ:
l Super VLAN
l Sub VLAN
l A VLAN containing a L3 interface
l Default VLAN in the system
The ID of the default VLAN is 1, and the default VLAN cannot be deleted but cannot be
modified.
Glossary
None
Table 2-3 Acronyms and abbreviations concerning QinQ VLAN

QinQ 802.1Q in 802.1Q
VPN Virtual private network
2.4.2 Availability
No additional hardware is required for supporting the QinQ VLAN.
2.4.3 Principle
This section describes the principles of the QinQ VLAN.
Figure 2-2 shows the QinQ VLAN service process of the MA5600.

Figure 2-2 QinQ VLAN service process
IP
L2/L3 L2/L3
VLAN3 VLAN2
VLAN3 VLAN1
MA5600 MA5600
Modem Modem
VLAN2 VLAN2
VLAN1
L2 L2
User 1 User 3 User 4 User 2
By QinQ VLAN, the MA5600 implements the user interconnection of the same private network
(VLAN 1 or VLAN 2) in different areas. The following describes the service process.
1. The user PC sends an untagged packet.
2. The LAN switch adds the VLAN tag (VLAN 1 or VLAN 2) of the private network to the
packet, and then sends the packet to the MA5600.
3. The MA5600 adds the VLAN tag (VLAN 3) of the public network to the packet, and then
sends the packet to the upper layer network.
4. The upper layer network device transmits the packet based on the VLAN tag of the public
network.
5. Upon receiving the packet, the peer end MA5600 extracts the VLAN tag of the public
network, and then sends the packet to the LAN switch.
6. The LAN switch identifies and extracts the VLAN tag of the private network, and then
sends the packet to the user in the VLAN of the private network.
In this way, users 1 and 2 in VLAN 1 can interconnect with each other, and users 3 and 4 in
VLAN 2 can interconnect with each other.
This section describes the implementation of the QinQ VLAN.
The QinQ VLAN takes effect automatically.
For details of the QinQ VLAN configurations, refer to "VLAN Configuration" in the
2.4.5 Reference
This section describes the references on the QinQ VLAN.
The following lists the references on the QinQ VLAN:

l IEEE P802.1ad: Virtual Bridged Local Area Networks Amendment 4: Provider Bridges
2.5 VLAN Stacking

This section describes the VLAN stacking feature and its implementation on the MA5600.
2.5.1 Introduction
abbreviations of the VLAN stacking.
2.5.2 Availability
2.5.3 Principle
This section describes the principles of the VLAN stacking.
This section describes the implementation of the VLAN stacking.
2.5.5 Reference
This section describes the references on the VLAN stacking.
2.5.1 Introduction
abbreviations of the VLAN stacking.
Definition
VLAN stacking is a stacking based on the IEEE 802.1 Q tag.
The core theory of the VLAN stacking is to add two VLAN tags in the form of IEEE 802.1Q to
the user packet that has no tag. The packet carrying two VLAN tags is forwarded to the broadband
remote access server (BRAS) for authentication after passing the operator's backbone network.
Alternatively, when the packet is forwarded to the BRAS, the outer VLAN tag is extracted, and
the inner VLAN tag is used to identify the user.
Purpose
For a VLAN packet that has the stacking attribute, it contains two VLAN tags: inner VLAN tag
and outer VLAN tag allocated by the MA5600.
The VLAN stacking feature can be used to improve the reuse of the network-side VLAN and
used for the wholesale service.
l The reuse of VLANs is improved by two VLAN tags.

l The outer VLAN tag is used to identify the Internet Service Provider (ISP) to which the
user belongs, and the inner VLAN tag is used to identify the user. In this way, different
users can get access to their own ISPs.
The wholesale service refers to a service in which users can be connected to their own ISPs in
batches according to the specified rules when there are multiple ISPs in the L2 MAN.
Specification
The MA5600 supports up to 4096 VLANs configured with the attribute of VLAN stacking.
Limitation
The attribute of the following VLANs cannot be VLAN stacking:

l Super VLAN
l Sub VLAN
l A VLAN contains a L3 interface
l Default VLAN in the system
The ID of the default VLAN is 1, and the default VLAN cannot be deleted but can be modified.
Glossary
None
Table 2-4 Acronyms and abbreviations concerning VLAN stacking
BRAS Broadband remote access server
2.5.2 Availability
No additional hardware is required for supporting the VLAN stacking.
2.5.3 Principle
This section describes the principles of the VLAN stacking.
If the VLAN stacking is used to increase the VLAN quantity and identify users, the BRAS is
required. If the VLAN stacking is used to provide the multi-ISP whole sale service, the upper
layer network should work in L2 mode to forward user packets based on VLAN and MAC
address directly.
Figure 2-3 shows the VLAN stacking service process of the MA5600.

Figure 2-3 VLAN stacking service process
ISP1 ISP2
MAN
SP VLAN 2 C VLAN 1
SP VLAN 1 C VLAN 1
L2/L3
SP VLAN 1 C VLAN 2 SP VLAN 2 C VLAN 2
MA5600
Modem
Modem
Enterprise Enterprise
A B
NOTE
l SP VLAN: Service provider VLAN

l C VLAN: Customer VLAN
By different VLAN stackings, the MA5600 connects the users of enterprise A to ISP1, and the
users of enterprise B to ISP2. The following describes the service process.
1. The user sends the untagged packets.

2. The packets are transmitted to the MA5600 after passing the modem.
3. The MA5600 adds two VLAN tags to the packets.
NOTE
The users of different ISPs correspond to different outer SP VLANs.

l SP VLAN 1 is encapsulated as the outer VLAN to all user packets of enterprise A, and the C
VLAN is encapsulated as the inner VLAN.
l SP VLAN 2 is encapsulated as the outer VLAN to all user packets of enterprise B, and the C
VLAN is encapsulated as the inner VLAN.
4. The metropolitan area network (MAN) device forwards the user packets based on the SP
VLAN.
5. Upon receiving the user packets, the ISP1 and ISP2 devices extract the SP VLAN, and
differentiate users based on their inner VLAN tags.
This section describes the implementation of the VLAN stacking.
The VLAN stacking takes effect automatically.
For details of the VLAN stacking configurations, refer to "VLAN Configuration" in the

2.5.5 Reference
This section describes the references on the VLAN stacking.
The following lists the references on the VLAN stacking:
2.6 Super VLAN

This section describes the super VLAN feature and its implementation on the MA5600.
2.6.1 Introduction
abbreviations of the super VLAN.
2.6.2 Availability
2.6.3 Principle
This section describes the principles of the super VLAN.
This section describes the implementation of the super VLAN.
2.6.5 Reference
This section describes the references on the super VLAN.
2.6.1 Introduction
abbreviations of the super VLAN.
Definition
Super VLAN, also known as VLAN aggregation, concerns the concept of both sub VLAN and
super VLAN.
A super VLAN is a kind of VLAN that contains only sub VLANs but does not contain any
physical port or service port.
A sub VLAN can be a smart VLAN, or a MUX VLAN. A sub VLAN contains only physical
ports and service ports, and the L3 VLAN interface cannot be established on the sub VLAN. All
the sub VLANs contained in a super VLAN share the L3 interface of this super VLAN to
communicate with the upper layer network device.
Purpose
The super VLAN is used to save the IP address resource and improve the service efficiency of
the IP addresses.

Specification
The MA5600 supports the following super VALN specifications:
l The MA5600 supports 16 super VLANs, each of which supports up to 1024 sub VLANs.
l The L3 interface can be established on a super VLAN, and the ARP proxy function can be
enabled or disabled on the L3 interface.
Limitation
If a sub VLAN contains any trunk port, the sub VLAN cannot join a super VLAN.
Glossary
None

None
2.6.2 Availability
No additional hardware is required for supporting the super VLAN.
2.6.3 Principle
This section describes the principles of the super VLAN.
Figure 2-4 shows the super VLAN service process of the MA5600.
Figure 2-4 Super VLAN service process

User A1
10.10.10.1/24
User A2
Super
10.10.10.2/24 VLAN 1
VLAN 100
User B1 VLAN 2
10.10.10.20/24
User B2
10.10.10.21/24 VLAN 3
User C1 MA5600
10.10.10.30/24
User C2
10.10.10.31/24
User groups A, B, and C are in different VLANs. Because the broadcast packets are isolated
between the VLANs, the user groups cannot communicate with each other. That means the user
groups are isolated at L2.

The L3 interface technology is used to enable communication between the hosts of different
VLANs, provided that the hosts are in different subnets. In this example, however, the user
groups are in the same subnet for saving IP addresses. Hence, a super VLAN can be adopted for
communication between different VLANs.
To enable communication between the user groups, do as follows:
1. Add super VLAN 100.

2. Add VLAN 1, VLAN 2, and VLAN 3 as the sub VLANs to super VLAN 100.
3. Add a L3 interface of super VLAN 100, and set the IP address.
4. Enable ARP proxy on the interface.
The following describes how user A1 accesses user C1.

1. Because user C1 and user A1 are in the same subnet, user A1 sends ARP request packets
to obtain the MAC address of user C1 when user A1 first accesses C1.
2. Because user A1 and user C1 are isolated at the L2, the request packets are not sent to user
C1 directly, but are captured by the ARP proxy function module of the super VLAN. After
obtaining the MAC address of user C1, the module informs user A1 of the MAC address
of the super VLAN interface as the MAC address of user C1.
3. The packets from user A1 intended for user C1 are sent to the super VLAN first. The super
VLAN then sends the packets to user C1 using the L3 forwarding feature.
The process for user C1 to access user A1 is similar.
The L3 interface can be associated with the physical port by mapping the super VLAN to the
sub VLAN. Because all sub VLANs contained in a super VLAN share the L3 interface of this
super VLAN, the hosts in different sub VLANs can share the gateway of this super VLAN. In
this way, the standard VLAN feature is implemented and the IP address resource is saved at the
same time.
This section describes the implementation of the super VLAN.
The super VLAN takes effect automatically.
For details of the super VLAN configurations, refer to "VLAN Configuration" in the
2.6.5 Reference
This section describes the references on the super VLAN.
The following lists the references on the super VLAN:

l RFC3069: VLAN Aggregation for Efficient IP Address Allocation.

Feature Description 3 DHCP Relay
3 DHCP Relay
About This Chapter
abbreviations, and standard compliance of the DHCP relay.
3.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the DHCP relay.
3.2 Availability
3.3 Principle
This section describes the operating principles of the DHCP relay.
3.4 Implementation
This section describes the implementation of the DHCP relay.
3.5 Reference
This section describes the references on the DHCP relay.

3 DHCP Relay Feature Description
3.1 Introduction
acronyms and abbreviations of the DHCP relay.
Definition
The Dynamic Host Configuration Protocol (DHCP) relay is a process in which cross-subnet
forwarding of DHCP broadcast packets is implemented between the DHCP client and the DHCP
server. In this way, the DHCP clients in different physical subnets can obtain correct IP addresses
which can be dynamically allocated from the same DHCP server.
Purpose
The DHCP works in client-server mode.
l The DHCP client dynamically requests the configuration data from the DHCP server.
l The DHCP server dynamically provides the data including the IP address to the client.
Initially, the DHCP was only suitable for the applications where the DHCP client and the DHCP
server were located on the same subnet and could not work across the subnet. In this case, each
subnet had to be configured with a DHCP server, which was uneconomical.
The introduction of the DHCP relay solves this problem. The DHCP relay serves as a relay
between the DHCP client and the DHCP server, which are located on different subnets. With
the DHCP relay, the DHCP packets can be relayed to the destination DHCP server or client
across subnets. In this way, multiple DHCP clients on different networks can use the same DHCP
server. This is economical and convenient for centralized management.
Specification
The MA5600 supports the following DHCP relay specifications:
l Up to 20 DHCP server groups, with an active DHCP server and a standby DHCP server in
each group
l Selection of a DHCP server in three modes:
Standard mode
DHCP Option60 mode
MAC address segment mode
l Up to 128 DHCP Option60 domains
A domain name is a case-insensitive character string of 132 characters.
l Up to 128 MAC address segments
The name of a MAC address segment is a case-insensitive character string of 132
characters.
Limitation
The DHCP relay is enabled globally. The DHCP relay based on a board or a port is not supported.

Feature Description 3 DHCP Relay
Glossary
None
Table 3-1 Acronyms and abbreviations concerning DHCP relay
DHCP Dynamic Host Configuration Protocol
DHCP Relay Dynamic host configuration protocol relay
3.2 Availability
No additional hardware is required for supporting the DHCP relay.
3.3 Principle
This section describes the operating principles of the DHCP relay.
When a DHCP client starts up and initializes DHCP, it broadcasts configuration request packets
on the LAN.
If there is a DHCP server on the LAN, no DHCP relay is required because the DHCP server can
directly configure DHCP for the DHCP clients on the LAN.
If there is no DHCP server on the LAN, the DHCP relay function should be enabled on the
MA5600. The DHCP relay processes the received broadcast packets from the DHCP client as
follows:
1. Selects the DHCP server group in a specified mode.
2. Converts the received broadcast packets into unicast IP packets.
3. Forwards the converted packets to the selected DHCP server group.
The DHCP server group that the MA5600 supports can be selected in the following three modes:
l DHCP relay standard mode

It is a mode in which a DHCP server group is selected according to the port receiving the
DHCP packets. This is the default mode. In this mode, you must configure the DHCP server
group bound with the port in advance.
This mode differentiates users by VLANs. It is the most commonly used and simplest
DHCP relay mode. However, it cannot differentiate the service types in the same VLAN.
l DHCP Option60 mode
It is a mode in which the DHCP server group is selected according to the character string
(domain name) in the Option60 field in a DHCP packet. In this mode, you must configure
the Option60 domain name and the DHCP server group bound with the domain name in
advance.

3 DHCP Relay Feature Description
This mode differentiates users by the domain information of the packets. It is a commonly
used DHCP relay mode and can differentiate the service types in the same VLAN.
l MAC address segment
It is a mode in which a DHCP server group is selected according to the source MAC address
of the DHCP packets. In this mode, you must configure the MAC address segment and the
DHCP server group bound with the MAC address segment in advance.
This mode differentiates users by the source MAC address segment of the packets and can
differentiate the service types in the same VLAN.
The DHCP server configures the DHCP client according to the received configuration request,
and forwards the configuration data to the DHCP client through the DHCP relay. In this way,
the DHCP server dynamically configures the DHCP client.
Figure 3-1 shows the DHCP relay networking.
Figure 3-1 DHCP relay networking

Ethernet
DHCP client DHCP client
Internet
DHCP client
MA5600
DHCP server
DHCP client
3.4 Implementation
This section describes the implementation of the DHCP relay.
The DHCP relay feature takes effect automatically. For details of the DHCP relay configuration,
refer to "DHCP Relay Configuration" in the MA5600 Configuration Guide.
3.5 Reference
This section describes the references on the DHCP relay.
The following lists the references on the DHCP relay:
l RFC 2131: Dynamic Host Configuration Protocol


Feature Description 4 ARP Proxy
4 ARP Proxy
About This Chapter
abbreviations, and standard compliance of the ARP proxy.
4.1 ARP
This section describes the ARP feature and its implementation on the MA5600.
4.2 ARP Proxy
This section describes the ARP proxy feature and its implementation on the MA5600.

4 ARP Proxy Feature Description
4.1 ARP
This section describes the ARP feature and its implementation on the MA5600.
4.1.1 Introduction
abbreviations of the ARP.
4.1.2 Availability
4.1.3 Principle
This section describes the operating principles of the ARP.
This section describes the implementation of the ARP.
4.1.5 Reference
This section describes the references on the ARP.
4.1.1 Introduction
abbreviations of the ARP.
Definition
Address Resolution Protocol (ARP) is a protocol used to convert an IP address to a MAC address.
It belongs to the TCP/IP protocol suite.
Purpose
The IP address represents only the network layer address of a host. If a host in a network needs
to send the network layer data to a destination host, the host must know the physical address
(MAC address) of the destination host. Therefore, an IP address has to be translated into a MAC
address. ARP is used for translating an IP address to a MAC address.
Specification
The MA5600 supports:

l 4096 ARP dynamic entries
l 500 ARP static entries
Glossary
None

Table 4-1 Acronyms and abbreviations concerning ARP

ARP Address Resolution Protocol
MAC Media access control
4.1.2 Availability
No additional hardware is required for supporting the ARP.
4.1.3 Principle
This section describes the operating principles of the ARP.
ARP Mapping List

Every host has a table named the ARP mapping list for converting IP addresses into MAC
addresses.
The ARP mapping list of a host contains a series of mappings between IP addresses and
associated MAC addresses of other hosts that have communicated with this host recently.
When a host is started, its ARP mapping list is empty.
Implementation of ARP
ARP enables two hosts in a network to interconnect with each other at L2.
Assume that there are two PCs: host A and host B with IP addresses IP_A and IP_B respectively.
Host A sends messages to host B in the following way:
1. Host A checks its ARP mapping list for the ARP mapping entry of IP_B.
2. If host A finds the MAC address of host B, host A encapsulates the IP data packets according
to the MAC address and then sends them to host B.
3. If host A does not find the MAC Address of host B, host A puts the data packets in the ARP
waiting queue, initiates an ARP request, and then broadcasts it on the Ethernet. The ARP
request contains the IP address of host B and the IP address and MAC address of host A.
4. As the ARP request is broadcast, all the hosts on the Ethernet can receive it. Only the
requested host (host B), however, responds to the request.
5. Host B stores the IP and MAC addresses of the request initiator (host A) contained in the
request, in its own ARP mapping list.
6. Host B returns an ARP response containing the MAC address of host B to host A. Such a
response is no longer broadcast, but sent to host A directly.
7. After receiving the response, host A extracts the IP address and MAC address of host B,
and adds them to its own ARP mapping list. After that, host A transmits all the data packets
in the waiting queue destined for host B.

Static ARP and Dynamic ARP

The ARP mapping list can be maintained either dynamically or manually. The manually
configured mapping between IP addresses and MAC addresses is known as the static ARP. The
mapping between IP addresses and MAC addresses configured dynamically by the ARP protocol
is known as the dynamic ARP.
In general, the dynamic ARP is needed. The static ARP is needed only when you need to
manually adjust the ARP entries.
A static ARP entry takes effect when the MA5600 works, while the aging time for a dynamic
ARP entry is 20 minutes.
This section describes the implementation of the ARP.
The ARP feature takes effect automatically.
For details of the ARP configuration, refer to "ARP&ARP Proxy Configuration" in the
4.1.5 Reference
This section describes the references on the ARP.
The following lists the references on the ARP:
l IETF RFC 826: An Ethernet Address Resolution Protocol or Converting Network Protocol
Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware
4.2 ARP Proxy

This section describes the ARP proxy feature and its implementation on the MA5600.
4.2.1 Introduction
abbreviations of the ARP proxy.
4.2.2 Availability
4.2.3 Principle
This section describes the operating principles of the ARP proxy.
This section describes the implementation of the ARP proxy.
4.2.5 Reference
This section describes the references on the ARP proxy.

4.2.1 Introduction
abbreviations of the ARP proxy.
Definition
When a host sends an ARP request to another host, the request is processed by the access device
connected to the two hosts. This process is called ARP proxy.
Purpose
On the MA5600, ARP proxy is often used for interconnection between sub VLANs in a super
VLAN.
Specification
The MA5600 supports ARP proxy.
Limitation
By default, ARP proxy is disabled. This feature is enabled only when it is enabled both in global
mode and under the VLAN interface.
Glossary
None

None
4.2.2 Availability
No additional hardware is required for supporting the ARP proxy.
4.2.3 Principle
This section describes the operating principles of the ARP proxy.
Figure 4-1 shows the implementation of the ARP proxy.

Figure 4-1 Implementation of the ARP proxy
Communication
Super VLAN
Virtual Gateway IP: 1.1.1.1/24

Layer 3 interface MAC: 00-e0-fc-00-00-11
y AR
ox P
Pr Pr
ox
P
AR y
Layer 2 Sub VLAN 1 Sub VLAN 2
Isolation
PC1 PC2
IP: 1.1.1.2/24 IP: 1.1.1.15/24
MAC: 00-e0-fc-00-00-02 MAC: 00-e0-fc-00-00-15
As shown in Figure 4-1, PDC 1 is in sub VLAN 1, and PC 2 is in sub VLAN 2. They are isolated
at L2. PC 1, PC 2 and the virtual L3 interface are in the same subnet.
The following describes how PC 1 and PC 2 communicate with each other.
1. Because PC 1 and PC 2 are in the same subnet, when PC 1 attempts to send packets to PC
2, PC 1 broadcasts ARP packets directly to request the MAC address of PC 2. Because PC
1 and PC 2 are in different broadcast domains, PC 1 does not receive the ARP response
packet from PC 2.
2. When the MA5600 with the ARP proxy enabled receives the ARP request packets, the
MA5600 sends the MAC address of its virtual L3 interface to PC 1, and searches its ARP
mapping list for the MAC address of PC 2.
3. If the ARP mapping list contains the MAC address of PC 2, the implementation of the ARP
proxy is complete, and the packets from PC 1 can be forwarded to PC 2 through the virtual
L3 interface.
4. If the ARP mapping list does not contain the MAC address of PC 2, the MA5600 broadcasts
the ARP request packets through its virtual L3 interface to request the MAC address of PC
2.
5. When the MA5600 receives the ARP response packets from PC 2, the MA5600 adds the
MAC address of PC 2 to its ARP mapping list. After this, the implementation of the ARP
proxy is complete, and PC 1 and PC 2 communicate with each other through the
MA5600.
This section describes the implementation of the ARP proxy.
The ARP proxy feature takes effect automatically.
For details of the ARP proxy configuration, refer to "ARP&ARP Proxy Configuration" in the

4.2.5 Reference
This section describes the references on the ARP proxy.
The following lists the references on the ARP proxy:
l IETF RFC1027: Using ARP to Implement Transparent Subnet Gateways

Feature Description 5 ACL
5 ACL
About This Chapter
abbreviations, and standard compliance of the ACL.
5.1 Introduction
acronyms and abbreviations of the ACL.
5.2 Availability
5.3 Principle
This section describes the operating principles of the ACL.
5.4 Implementation
This section describes the implementation of the ACL.
5.5 Reference
This section describes the references on the ACL.

5 ACL Feature Description
5.1 Introduction
acronyms and abbreviations of the ACL.
Definition
The access control list (ACL) is used to filter the specific data packets based on a series of
matching rules contained in the ACL, and therefore identifies the filtering objects. After the
filtering objects are identified, the corresponding data packets are permitted to pass or discarded
based on the preset rules.
Purpose
The packet filtering based on the ACL is the prerequisite for carrying out quality of service
(QoS). The ACL together with QoS improves the system security.
Specification
The MA5600 supports the following ACL specifications:
l ACLs are numbered from 2000 to 5999, and up to 4000 ACLs can be defined. Each ACL
can have 64 rules. Table 5-1 describes the four types of ACLs.
l The user can configure matching of the first 80 bytes in the packet based on the rules.
Multiple fields can be configured at the same time.
l Up to 1024 ACLs can be activated and validated for the MA5600.
Table 5-1 ACL types

ACL Type Number Feature
Range
Standard ACL 20002999 It allows definition of the rule according to the L3 source
IP address.
The rules of a standard ACL are defined only according
to the L3 source IP address for analyzing and processing
data packets.

ACL Type Number Feature

Range
Advanced 30003999 Compared with standard ACL, advanced ACL allows

ACL more accurate, rich and flexible definition of the rule
according to:
l Source address
l Destination address
l IP bearer protocol type
l TCP source port
l TCP destination port
l ICMP protocol type
l ICMP code
L2 ACL 40004999 It allows definition of the rule according to the L2

information such as:
l Source MAC address
l Source VLAN ID
l L2 protocol type
l Destination MAC address
Customized 50005999 It allows definition of the rule according to any 32 bytes

ACL of the first 80 bytes in an L2 frame.
Limitation
The ACLs activated earlier have lower priorities, while the ACLs activated later have higher
priorities.
Glossary
None
Table 5-2 Acronyms and abbreviations concerning the ACL

ACL Access control list
QoS Quality of service
ToS Type of service
DSCP Differentiated services codepoint

5 ACL Feature Description
5.2 Availability
No additional hardware is required for supporting the ACL.
5.3 Principle
This section describes the operating principles of the ACL.
The system matches and processes the input packets according to the ACLs:
l If the packets match the ACLs, they are forwarded for further processing, such as:
Packet filtering
Priority tagging
Traffic limiting
Port rate limiting
Traffic statistics
Packet redirection
Packet mirroring
Eventually, the packets are forwarded and generated.
l The MA5600 discards or forwards the packets that do not match the ACLs.
Figure 5-1 shows the process of ACL based filtering.
Figure 5-1 ACL based filtering
Packet filtering
Priority tagging
Traffic limiting
Port rate limiting

Input packet Output packet

stream Match the stream
Implement
packets with Matching?
Yes actions
the ACL
No Forwarded
Discard or packets
forward packets
Discarded
packets
l Packet filtering
The system determines whether or not to discard the packets depending on whether the
packets match the ACLs.
l Priority tagging

The system tags priority on the packets that match the ACLs. The tags include the ToS,
DSCP and 802.1p tags.
l Traffic limiting
The system limits the rate of the packets that match the ACLs.
l Port rate limiting
The system limits the rate for the packet transmission on an Ethernet port.
l Traffic statistics
The system collects statistics on the packets that match the ACLs.
l Packet redirection
The system redirects the packets that match the ACLs to another port (that is, the original
destination port no longer receives or forwards the packets).
l Packet mirroring
The system mirrors the packets that match the ACLs to another port (that is, the packets
are duplicated to another port).
5.4 Implementation
This section describes the implementation of the ACL.
For details of the ACL configuration, refer to "ACL Configuration" in the MA5600
Configuration Guide.
5.5 Reference
This section describes the references on the ACL.
The following lists the references on the ACL:

Feature Description 6 QoS
6 QoS
About This Chapter
abbreviations, and standard compliance of the QoS.
6.1 Overview
This section describes the QoS feature and its implementation on the MA5600.
6.2 PQ
This section describes the features of the PQ on the MA5600.
6.3 WRR
This section describes the features of the WRR on the MA5600.

6 QoS Feature Description
6.1 Overview
This section describes the QoS feature and its implementation on the MA5600.
6.1.1 Introduction
abbreviations of the QoS feature.
6.1.2 Availability
6.1.3 Principle
This section describes the operating principles of the QoS feature.
This section describes the implementation of the QoS feature.
6.1.5 Reference
This section describes the references on the QoS feature.
6.1.1 Introduction
abbreviations of the QoS feature.
Definition
QoS refers to setting different QoS parameters, such as service availability, time delay, jitter,
and loss rate, so as to provide users with high quality services.
Purpose
QoS aims at utilizing the limited network resources by providing differentiated qualities for
different services.
Specification
The MA5600 supports the following QoS specifications:
l 802.1p re-marking
l Up to eight queues (corresponding to eight service streams) for each port on control board
(service boards support up to four queues.)
l The queue scheduling methods such as:
Strict priority queuing (PQ)
Weighted round robin (WRR)
The service boards support PQ only.
l Flexible queue mapping

Glossary
Table 6-1 Glossary of technical terms concerning the QoS

Glossary Definition
Availability Availability refers to the percentage of time available for the users
to use the service to the total time for service provisioning.
Delay Delay refers to the time lag caused for a signal by the medium
through which it is passing, resulting in a distortion of the signal.
Jitter Jitter refers to the variation in the time taken for packets to be
delivered to an endpoint or network entity.
Packet loss ratio Packet loss ratio refers to the ratio of the number of packets lost
during the transmission between two reference points to that of
packets sent. Packet loss is caused by network congestion.
Table 6-2 Abbreviations and acronyms concerning the QoS

QoS Quality of service
CAR Committed access rate
WRR Weighted round robin
PQ Priority queuing
ToS Type of service
CoS Class of service
6.1.2 Availability
No additional hardware is required for supporting the QoS.
6.1.3 Principle
This section describes the operating principles of the QoS feature.
The QoS can be implemented through the following strategies:
l Flexible configuration of the packet priority based on the flow:
Trusting user 802.1p. (If the user packet does not have the 802.1p tag, 3 is selected)
Trusting user ToS. (If the user packet does not have the ToS tag, 3 is selected)
Trusting the default flow ToS. (The priority of the packet ToS determines which queue
the packet has to enter).

l Modification of the 802.1p of the output packets based on the flow:

Trusting user 802.1p. (If the user packet does not have the 802.1p tag, 3 is selected)
Trusting user ToS. (If the user packet does not have the ToS tag, 3 is selected)
Trusting the default flow priority.
l Queue scheduling
In case of network congestion, multiple packets compete for the network resources. In this
case, queue scheduling is used to solve the problem.
For details on queue scheduling, refer to "6.2 PQ" and "6.3 WRR."
This section describes the implementation of the QoS feature.
For details of the QoS configuration, refer to "QoS Configuration" in the MA5600
6.1.5 Reference
This section describes the references on the QoS feature.
The following lists the references on the QoS feature:

6.2 PQ
This section describes the features of the PQ on the MA5600.
6.2.1 Introduction
This section describes the definition, purpose and specification of the PQ feature.
6.2.2 Principle
This section describes the operating principles of the PQ feature.
6.2.1 Introduction
This section describes the definition, purpose and specification of the PQ feature.
Definition
By PQ, each queue is given with a different priority. During the scheduling, the packets in the
highest-priority queue are served first, and then the packets in the next lower-priority queue are
served. PQ handles the packets of different queues by strictly following the order from higher
priorities to lower priorities. The packets in the queue of the lower priority are sent only when
a queue of the higher priority becomes empty.

Purpose
PQ addresses the problem that multiple service streams contend for the resources during network
congestion.
Specification
Each port supports up to eight priority queues (numbered 0-7). 0 indicates the lowest priority
queue and 7 indicates the highest priority queue.
6.2.2 Principle
This section describes the operating principles of the PQ feature.
PQ aims at giving a strict priority to the important traffic. The important traffic is given
preferential and fast treatment in case of network congestions.
In PQ, the packets are placed in queues of different priorities. The traffic with a higher priority
gets preference over that of a lower priority. Therefore, packets in queues of a higher priority
are sent first. When a queue of higher priority is empty, the packets in the queue of a lower
priority are sent then.
Figure 6-1 shows the schematic diagram of PQ.
Figure 6-1 Schematic diagram of PQ

Queuing
High
Packets leaving the port
Medium
Classifying
Normal
Packets entering the port Queue scheduling
Low
In this way, the important traffic (such as voice service) with a higher priority gets preference
over that of a lower priority. Therefore, mission-critical traffic is served earlier than the non-
mission-critical traffic (such as E-mail service). The non-mission-critical traffic will be sent
using idle intervals during transmission of the mission-critical traffic.
A disadvantage of PQ is that, during network congestion, the lower priority traffic might be
discarded after waiting for a long time if there is large higher-priority traffic.
6.3 WRR
This section describes the features of the WRR on the MA5600.
6.3.1 Introduction
This section describes the definition, purpose and specification of the WRR feature.
6.3.2 Principle
This section describes the operating principles of the WRR feature.

6.3.1 Introduction
This section describes the definition, purpose and specification of the WRR feature.
Definition
By WRR, each queue is assigned with a weighted value, representing the number of packets
serviced in one cycle queue. One packet is sent in one scheduling. WRR guarantees that the
bandwidth used by different queues is consistent with the preset ratio.
Purpose
WRR addresses the problem that multiple service streams contend for the resources during
network congestion.
Specification
Each port supports up to eight priority queues, numbered 0-7 in ascending order.
6.3.2 Principle
This section describes the operating principles of the WRR feature.
WRR scheduling ensures that certain services for each queue by polling scheduling among
different queues.
Assume that each port has four priority queues. By WRR each queue is assigned with a weighted
value among w3, w2, w1 and w0 in descending order. The weighted value indicates the ratio of
resources that one queue can get.
Take a 100 Mbit/s port as an example. Assign 13, 10, 8 and 5 (corresponding to w3, w2, w1 and
w0 respectively) to the weighted value of its WRR algorithm to . This aims at guaranteeing the
minimum bandwidth of 14 Mbit/s to the queue of the lowest priority. In this way, the packets in
the queue of the lowest priority can be served.
The advantages of WRR algorithm are as follows:
l The undeserving long-time waiting that might occur can be avoided by using the PQ
algorithm.
l Time allocated to each WRR queue is not fixed. When no traffic is available in one queue,
the bandwidth resource is switched to the next queue immediately. Therefore, the
bandwidth resource is efficiently used.

Feature Description 7 RSTP
7 RSTP
About This Chapter
abbreviations, and standard compliance of the RSTP.
7.1 Introduction
acronyms and abbreviations of the RSTP.
7.2 Availability
7.3 Principle
This section describes the operating principles of the RSTP.
7.4 Implementation
This section describes the implementation of the RSTP.
7.5 Reference
This section describes the references on the RSTP.

7 RSTP Feature Description
7.1 Introduction
acronyms and abbreviations of the RSTP.
Definition
The Spanning Tree Protocol (STP) applies to a loop network to support path redundancy through
certain algorithms. The STP also prunes a loop network into a loop-free tree network. This avoids
proliferation and infinite loop of packets in the loop network.
The Rapid Spanning Tree Protocol (RSTP) is an improvement on the STP. The rapidness of the
RSTP relies on the greatly shortened delay for the designated port and the root port to turn into
the forwarding state in a certain condition. For details, refer to the RSTP principles in "7.3
Principle." This shortens the time for stabilizing the network topology.
Purpose
Although the STP can prune a loop network into a loop-free network, it fails to transit fast. Even
a port in a point-to-point link or an edge port has to wait double Forward Delay time before it
can turn into the forwarding state.
The RSTP can remedy the defects of the STP and processes all the functions of the STP. The
RSTP also features fast convergence.
l All the bridges in a local are network (LAN) share a same spanning tree, and fail to block
redundant links by VLAN.
l The packets of all the VLANs are forwarded along the same spanning tree. Therefore, load
sharing of data traffic cannot be implemented between VLANs.
Specification
The MA5600 supports the following RSTP specifications:
l Compliance with IEEE std 802.1s

l The port status includes discarding, learning, and forwarding
Glossary
None
Table 7-1 Acronyms and abbreviations concerning the RSTP
STP Spanning Tree Protocol

RSTP Rapid Spanning Tree Protocol
7.2 Availability
No additional hardware is required for supporting MSTP.
7.3 Principle
This section describes the operating principles of the RSTP.
Principles of the STP
The STP determines the topology of a network by transmitting a certain special message
(configuration message as defined in IEEE 802.1D) between bridges. A configuration message
contains sufficient information to enable the bridge to complete the calculation of the spanning
tree.
The following defines the designated port and the designated bridge:
l For a bridge (such as bridge A), the designated bridge is a bridge that is directly connected
to bridge A and forwards data packets to bridge A. The designated port is the port in the
designated bridge through which the data packets are forwarded to bridge A.
l For a LAN, the designated bridge is a bridge that forwards data packets to the LAN. The
designated port is the port in the designated bridge through which the data packets are
forwarded to the LAN.
Figure 7-1 shows a schematic drawing of the designated bridge and the designated port.
Figure 7-1 Schematic drawing of designated bridge and designated port

Switch A
Priority: 0
AP1 AP2
BP1 CP1
SwitchC
Switch B
Priority: 2
Priority: 1
CP2
BP2
LAN

7 RSTP Feature Description
As shown in Figure 7-1:

l AP1, AP2, BP1, BP2, CP1, and CP2 are ports in Switch A, Switch B, and Switch C
respectively.
l Switch A forwards data to Switch B through port AP1, and then the designated bridge of
Switch B is Switch A, and the designated port is port AP1 in Switch A.
l Switch B and Switch C are connected to the LAN. If Switch B forwards data packets to the
LAN, the designated bridge of the LAN is Switch B, and the designated port is port BP2
in Switch B.
In the STP, the configuration message is forwarded as follows:
1. In network initialization, all the bridges work as root bridges.
2. The designated port of a bridge takes the hello time as the interval for sending its
configuration messages. If the port that receives the configuration message is a root port,
the bridge increases the message age contained in the configuration message by degrees
and enables the timer to time the configuration message.
3. If a path fails, the root port on this path receives new configuration messages no longer,
and the old configuration messages are discarded due to timeout. This results in
recalculation of the spanning tree. A new path then is created to replace the faulty path and
recover the network connectivity.
The new configuration message upon the recalculation, however, will not immediately spread
throughout the entire network. In this case, the old root port and designated port that fail to
discover the topology change will forward their data along the old paths. If the selected root port
and designated port forwards data immediately, a temporary loop may be created.
Therefore, the STP adopts a state transition mechanism. That is, the root port and the designated
port have to experience a transition state before they can re-forward data. The transition state
turns into the forwarding state upon Forward Delay. This delay guarantees that the new
configuration message has spread throughout the entire network.
Defects of the STP

l In case of topology change or link failure, a port has to wait double forward delay time
before it can turn from the blocking state to the forwarding state. Therefore, in case of
topology change, double Forward Delay time (at least scores of seconds) is required to
restore the network connectivity.
l The entire bridged LAN uses a single spanning tree instance. Therefore, when the network
is large, a longer convergence time may be required or the topology changes frequently.
Principles of the RSTP

In comparison with the STP, the RSTP improves in the following aspects:
l The alternate port and backup port are set for rapid switching of the root port and designated
port. When the root port fails, the alternate port quickly switches to the new root port and
turns into the forwarding state without delay. When the designated port fails, the backup
port quickly switches to the new designated port and turns into the forwarding state without
delay.
l In a point-to-point link, a designated port can forward the data packets without delay after
one handshake with the downstream bridge. In a shared link connected with at least three
bridges, the downstream bridge will not respond to the handshake request sent from the

upstream designated port, and the designated port has to wait double Forward Delay time
before it can forward the data packets.
l A port that is directly connected to a terminal and is not connected to any other bridge is
defined as an edge port. The edge port can directly turn into the forwarding state without
delay. Because a bridge does not know whether a port is directly connected to a terminal,
the edge port must be configured manually.
The bridges that adopt the RSTP are compatible with the bridges that adopt the STP. The bridges
that adopt the RSTP can identify both the STP and the RSTP packets and apply them to
calculation of the spanning tree.
7.4 Implementation
This section describes the implementation of the RSTP.
The RSTP feature takes effect automatically. For details of the RSTP configuration, refer to
"RSTP Configuration" in the MA5600 Configuration Guide.
7.5 Reference
This section describes the references on the RSTP.
The following lists the references on the RSTP:
l IEEE Std 802.1d, 1998 Edition, Spanning Tree Protocol

l IEEE Std 802.1w-2001, Rapid Spanning Tree Protocol

Feature Description 8 NTP
8 NTP
About This Chapter
abbreviations, and standard compliance of the NTP.
8.1 Introduction
abbreviations of the NTP.
8.2 Availability
8.3 Principle
This section describes the operating principles of the NTP.
8.4 Implementation
This section describes the implementation of the NTP.
8.5 Reference
This section describes the references on the NTP.

8 NTP Feature Description
8.1 Introduction
abbreviations of the NTP.
Definition
The Network Time Protocol (NTP) is an application layer protocol in the TCP/IP protocol suite.
The NTP is used to synchronize the time between the distributed time server and the client. The
implementation of NTP is based on the IP and the UDP.
The NTP involves the Time Protocol and the ICMP timestamp message, with special design on
accuracy and robustness.
Purpose
The NTP defines the accurate time in an entire network. Because the network topology is
complicated, the clock synchronization among all the devices in the entire network becomes
more critical.
The objective of the NTP is to synchronize the clocks of all the devices in a network which have
clocks. This keeps time consistency among all the devices in the network. Therefore, the
equipment can offer various applications based on the clock synchronization.
The MA5600 supports the NTP feature to guarantee that the clocks of all the devices in a network
are consistent.
Specification
The MA5600 supports the following NTP specifications:
l NTP Version3
l NTP client/server mode
l NTP LAN broadcast mode
l NTP multicast mode
l NTP peer mode
l Clock filtering and selection
l Local clock calibration
l Clock source priority selection
l Support of the reference clock
l NTP security features
l Up to 128 peers in a static configuration
l Up to 100 peers in a dynamic configuration

Glossary
Table 8-1 Glossary of technical terms concerning the NTP

Glossary Definition
Stratum Stratum is an important concept in the NTP. It indicates the accuracy

of a clock. The clock with stratum 1 is the most accurate one. The clock
accuracy descends from stratum 1 to stratum 15.
Timestamp Each NTP packet contains four timestamps. The timestamp is the basis
in the NTP for implementing clock synchronization.
Clock filtering Clock filtering is the selection of a best time sample from a specified
peer as for the same peer for the local clock.
Clock selection For different peers (multiple servers or peers configured for a client),
a peer sends clock synchronization packets to each server or passive
peer. After receiving the response packets, it selects the best clock for
clock synchronization according to the clock selection algorithm.
Table 8-2 Acronyms and abbreviations concerning the NTP

NTP Network Time Protocol
8.2 Availability
No additional hardware is required for supporting the NTP.
8.3 Principle
This section describes the operating principles of the NTP.
Figure 8-1 shows the operating principles of the NTP. The process in which the NTP works is
as follows:

8 NTP Feature Description
Figure 8-1 Operating principles of the NTP
MA5600 Router
NTP packet 10:00:00am
Network
Step1:
NTP packet 10:00:00am 11:00:01am
Network
Step 2:
NTP packet 10:00:00am 11:00:01am 11:00:02am
Network
Step 3:
NTP Packet received at 10:00:03
Network
Step 4:
1. The MA5600 sends an NTP packet to the router. This packet contains the timestamp when
it leaves the MA5600. The timestamp is 10:00:00 am (T1).
2. When the NTP packet arrives at the router, the router adds its timestamp to the packet. The
timestamp is 11:00:01 am (T2).
3. When the NTP packet leaves the router, the router adds another timestamp to the packet.
The timestamp is 11:00:02 am (T3).
4. When the MA5600 receives the response packet, it adds a new timestamp to the packet.
The timestamp is 10:00:03 am (T4).
Now, the MA5600 has sufficient information to calculate two important parameters:
l The delay for a round trip of the NTP packet = (T4 - T1) - (T3 - T2).
l Offset between the MA5600 and the router = ((T2 - T1) + (T3 - T4))/2
In this way, the MA5600 can set its clock according to the information and thus keeps its clock
synchronized with that of the router.
8.4 Implementation
This section describes the implementation of the NTP.
For details of the NTP configuration, refer to "NTP Configuration" in the MA5600

8.5 Reference
This section describes the references on the NTP.
The following lists the references on the NTP:
l RFC1305.txt, "Network Time Protocol (Version 3) Specification, Implementation and

Analysis"

Feature Description 9 Multicast
9 Multicast
About This Chapter
abbreviations, and standard compliance of the multicast.
9.1 Overview
This section describes the basic features of the multicast on the MA5600.
9.2 IGMP Snooping
This section describes the features of the IGMP snooping on the MA5600.
9.3 IGMP Proxy
This section describes the features of the IGMP proxy on the MA5600.
9.4 Program Management
This section describes the features of the program management on the MA5600.
9.5 User Management
This section describes the features of the user management on the MA5600.

9 Multicast Feature Description
9.1 Overview
This section describes the basic features of the multicast on the MA5600.
9.1.1 Introduction
acronyms and abbreviations of multicast.
9.1.2 Availability
9.1.3 Principle
This section describes the operating principles of multicast.
This section describes the implementation of multicast.
9.1.5 Reference
This section describes the references on multicast.
9.1.1 Introduction
acronyms and abbreviations of multicast.
Definition
Multicast refers to the point-to-multipoint communication between a certain node and all other
nodes in the network.
Controllable multicast allows an access device to determine if a user has the authority to watch
programs by identifying the user request packets. In this way, the access device controls and
forwards the multicast services.
Purpose
The MA5600 provides the IPTV service by adopting the multicast technology.
By adopting controllable multicast, the access device manages and controls multicast users. This
satisfies carriers' requirements for video services provisioning, and enables the multicast services
to be operable and manageable.
The core of the multicast technology is duplication of the packets at the place nearest to the
receiver, thus lowering the multicast traffic in the network.
Specification
The MA5600 supports the following multicast specifications:
l IGMP V1/V2
l IGMP proxy
l IGMP snooping

l Tree network
l RSTP ring network
l Configuration based on right profile and user right
l Controllable multicast, including program management, and user management
Glossary
None
Table 9-1 Acronyms and abbreviations concerning multicast

IGMP Internet Group Management Protocol
CAC Connection access control
9.1.2 Availability
No additional hardware is required for supporting the multicast technology.
9.1.3 Principle
This section describes the operating principles of multicast.
Layer 2 forwarding is adopted for the multicast application on the access equipment. The
MA5600 forwards the data based on the VLAN and MAC address of the multicast. Figure
9-1 shows the typical tree multicast network.
In a ring network, the device enabled with the RSTP supports path redundancy using certain
algorithms, and dynamically prunes the ring network into a loop-free tress network.

Figure 9-1 Tree multicast network
IPTV server 1 IPTV server 2
Supports SSM forwarding

Running IGMP proxy/
snooping, or multicast IP MAN
routing protocol
Enabled with IGMP proxy/snooping

Supports IGMP V1/V2
Forwards the multicast traffic based MA5600
on VLAN + multicast MAC
Enabled with Enabled with

IGMP proxy IGMP V1-V2
Home
Home
gateway
gateway
STB STB
VoIP Data IPTV video VoIP Data IPTV video

service service service service service service
This section describes the implementation of multicast.
The multicast feature takes effect automatically.
For details of the multicast configuration, refer to "Multicast Service Configuration" in the
9.1.5 Reference
This section describes the references on multicast.
The following lists the references on multicast:
l TR101: Technical Report DSL Forum TR-101 Migration to Ethernet-Based DSL

Aggregation April 2006.
l RFC 1112: Deering, S., "Host Extensions for IP Multicasting",STD 5, RFC 1112, August
1989
l RFC 2236: Fenner, W., "Internet Group Management Protocol, Version 2", RFC 2236,
November 1997

l RFC 3376: B. Cain., "Internet Group Management Protocol, Version 3 ", RFC
3376,October 2002
9.2 IGMP Snooping

This section describes the features of the IGMP snooping on the MA5600.
9.2.1 Introduction
This section describes the definition, purpose, specification and limitation of IGMP snooping.
9.2.2 Principle
This section describes the operating principles of IGMP snooping.
9.2.1 Introduction
This section describes the definition, purpose, specification and limitation of IGMP snooping.
Definition
IGMP snooping is a multicast control mechanism that works at the data link layer. It is used to
mouse the IGMP packet, generate and maintain the multicast forwarding entries.
Purpose
The MA5600 supports IGMP snooping feature to support the multicast management in the L2
network, user authentication and multicast control, thus effectively restraining the spread of the
multicast data in L2.
Specification
The MA5600 supports the following IGMP snooping specifications:
l IGMP V1/V2 IGMP Proxy
l A querier that supports the general query and group-specific query mechanism
A querier that supports the general query and group-specific query mechanism
Limitation
None
9.2.2 Principle
This section describes the operating principles of IGMP snooping.
l Process for a multicast user to get online and offline
In IGMP snooping mode, the MA5600 switches the packets for joining and leaving a
multicast group to the program VLAN, and then forwards the packets to the multicast router.

In IGMP snooping mode, the MA5600 acts as a querier. Upon receiving the query packets
from the multicast router, the MA5600 sends a query packet to the user. If there is no
response within the specified duration, the MA5600 deletes the local multicast forwarding
entry. Consequently, the multicast router deletes the forwarding entry from its own
database.
Upon receiving a users leave packet, the upper layer router sends a group-specific query
packet to the user. If there is no response from the user within a specified duration, the
router deletes the user from the multicast group.
l Snooping report proxy and leave proxy
When a user gets online and sends a request packet for joining a program, the MA5600
switches the packet to multicast VLAN and then forwards it to the multicast router. The
subsequent request packets from the user for joining the program are not forwarded to the
multicast router.
When the user gets offline, the MA5600 forwards only the last leave packet to the multicast
router to tell it not to send any more multicast traffic.
If report proxy is enabled, the MA5600 responds to the query of the multicast router.
9.3 IGMP Proxy

This section describes the features of the IGMP proxy on the MA5600.
9.3.1 Introduction
This section describes the definition, purpose, specification and limitation of IGMP proxy.
9.3.2 Principle
This section describes the operating principles of IGMP proxy.
9.3.1 Introduction
This section describes the definition, purpose, specification and limitation of IGMP proxy.
Definition
IGMP proxy means that in some network topologies, the device does not set up the multicast
routes, but learns the information on the connected multicast group members and forwards it to
the upstream multicast router.
l For a multicast host, the MA5600 serves as a multicast router.

l For a multicast router, the MA5600 serves as a multicast host.
Purpose
IGMP proxy enables the L2 device to support multicast service. In addition, it decreases the
packets for joining and leaving a multicast group, thus lowering the multicast traffic at the
network side.
Specification
The MA5600 supports the following IGMP proxy specifications:

l IGMP V1/V2 proxy

l A querier that supports the general query and group-specific query mechanism
l The features of responding to the query of an upper layer router
l IGMP host for sending a packet to the upper layer multicast router for joining and leaving
a multicast group
Limitation
None
9.3.2 Principle
This section describes the operating principles of IGMP proxy.
The IGMP proxy implementation is as follows:
1. When an IGMP user intends to order a video program, the user must send an IGMP request
to the IGMP proxy for joining the multicast group corresponding to the program.
2. Upon receiving the request, the MA5600 forwards the request packet to the multicast router
for applying for multicast traffic if the user is the first one to watch the program. If the
multicast traffic is being delivered, the MA5600 forwards the traffic directly to the user.
3. The MA5600 sends general query packets to all online IGMP users at regular intervals. If
it fails to receive any response from a user within a certain period, it considers that the user
has left the multicast group, and deletes the user from the multicast group. If the user is the
last one in the group, the MA5600 sends leave packets to the multicast router.
4. Meanwhile, when receiving a general query from the multicast router, the MA5600 reports
the current multicast state to the router.
9.4 Program Management

This section describes the features of the program management on the MA5600.
9.4.1 Introduction
This section describes the definition, purpose, specification and limitation of program
management.
9.4.2 Principle
This section describes the operating principles of program management.
9.4.1 Introduction
This section describes the definition, purpose, specification and limitation of program
management.
Definition
Program management indicates the management of program attributes, including the program
bandwidth and preview parameters.
Purpose

Program management is to set the attributes of a program.
Specification
l Preview parameters
l Up to 1024 static programs
l Prejoin of a static program
l Setting the priority of a static program
l Setting the bandwidth of a static program
Limitation
To preview a program, a multicast user must have the right to preview the program.
9.4.2 Principle
This section describes the operating principles of program management.
Program management includes program preview, program prejoin, program priority, and
program bandwidth.
Preview
The program preview is to control the times, duration, and interval for a user to watch a program.
This allows the user to have basic knowledge about the program, but does not have the right to
watch the complete program.
A user with the preview authority can preview the program only for a fixed duration. When the
duration expires, the user gets offline. After the preview interval, the user can preview the
program again. The user cannot preview a program for more than the number of times specified.
Prejoin
The program prejoin feature enables the MA5600 to send request packets to the multicast router
for joining a multicast group if there is no online user. This helps in delivering the multicast
traffic to the MA5600 in advance, thus shortening the wait time for a user to order a program.
Priority
When forwarding multicast traffic, the MA5600 schedules the traffic on the user port according
to the specified priority. This guarantees the quality of the program.
Bandwidth
The connection access control (CAC) at the network side is supported. The CAC at the network
side is based on the total bandwidth occupied by the online programs of an upstream port. The
bandwidth determines whether a new program can be played. If the bandwidth occupied by the
online programs and that of a new program exceeds the specified CAC, the user cannot play the
new program.

9.5 User Management

This section describes the features of the user management on the MA5600.
9.5.1 Introduction
This section describes the definition, purpose and specification of user management.
9.5.2 Principle
This section describes the operating principles of user management.
9.5.1 Introduction
This section describes the definition, purpose and specification of user management.
Definition
User management indicates the configuration of valid multicast users, authentication of the users
when they log in, and CAC bandwidth checks.
Purpose
User management pertains to preventing illegal users from watching controlled programs.
Specification
The MA5600 supports the following user management specifications:
l The management of xDSL multicast users means the management of physical ports on a
service board.
l The IGMP bearer channel and multicast service bearer channel of a multicast user can be
defined separately.
l Up to 2000 authority profiles can be configured.
l The program authority can be any one of watch, preview, forbidden and idle.
l A multicast user can be bound with up to 256 authority profiles.
l The fast leave feature is supported.
l A multicast user can watch up to eight programs concurrently.
9.5.2 Principle
This section describes the operating principles of user management.
Multicast CAC
Multicast CAC indicates the bandwidth of a subscriber line for bearing multicast programs.
When joining a multicast group, a user is allocated with the program bandwidth. The
MA5600 checks if the user bandwidth is sufficient for playing a program. If yes, the user can
order the program. If not, the user fails to order the program.

Fast Leave
Fast leave indicates that the MA5600 deletes a user from a multicast group without any query
if it receives the IGMP leave packet.
IGMP Bearer Channel

The IGMP bearer channel involves the following parameters:
l xDSL, including ADSL, SHDSL (ATM mode)
l VCI, VPI
Video Bearer Channel

By default, the IGMP bearer channel and the video bearer channel are the same. For flexibility,
you can specify a video bearer channel and an IGMP bearer channel.
If you do not specify the video bearer channel is not specified, the IGMP bearer channel also
serves as the video bearer channel.
The video bearer channel involves the following parameters:
l xDSL, including ADSL, SHDSL (ATM mode)
l VCI, VPI
Program Authority
The program authority is defined in an authority profile. You can control the authorities by
binding a user with different authority profiles.
The program authority can be forbidden, preview, watch, and idle in a descending order. The
system administrator is authorized to configure the authority.

Feature Description 10 Triple Play
10 Triple Play
About This Chapter
abbreviations, and standard compliance of triple play.
10.1 Features of Triply Play

This section describes the features of triple play and the implementation of these features on the
MA5600.
10.2 Multi-PVC for Multiple Services
This section describes multi-PVC for multiple services, which is a triple play mode, and its
implementation on the MA5600.

10 Triple Play Feature Description
10.1 Features of Triply Play

This section describes the features of triple play and the implementation of these features on the
MA5600.
10.1.1 Introduction
acronyms and abbreviations of triple play.
10.1.2 Availability
10.1.3 Principle
This section describes the operating principles of triple play.
This section describes the implementation of triple play.
10.1.5 Reference
This section describes the references on triple play.
10.1.1 Introduction
acronyms and abbreviations of triple play.
Definition
Triple play is a service provisioning mode in which integrated services can be provided to a user.
Currently, the prevailing integrated services include the high-speed Internet access service, voice
over IP (VoIP) service, and IPTV service.
Purpose
The triple play service is to encapsulate the broadband access, VoIP service, and video service
into an independent broadband connection to facilitate the usage and reduce the carrier's
maintenance cost.
Specification
The MA5600 supports multi-PVC for multiple services.
Glossary
None

Table 10-1 Acronyms and abbreviations concerning triple play
VoIP Voice over IP
PSTN Public switched telephone network
PVC Permanent virtual channel
10.1.2 Availability
No additional hardware is required for supporting triple play.
10.1.3 Principle
This section describes the operating principles of triple play.
The main concern of triple play is how to handle different priorities of different services in a
user port, and to reduce the mutual effect to the lowest level.
l VoIP service
Because the bandwidth and delay of the VoIP service is low, the priority of the VoIP service
is the highest among the triple play services.
NOTE
High delay causes echo that affects the voice quality.

l IPTV service
Because the bandwidth occupied by the IPTV service is relatively high, and the bit error
ratio/packet loss ratio is relatively low, the priority of the IPTV service is lower than that
of the VoIP service, but is higher than that of the Internet access service.
NOTE
A high bit error ratio or packet loss ratio causes loss to video frames, thus affecting the program
quality.
l High-speed Internet access
Because common Internet access services, such as web browsing, require neither a strong
real-time performance nor a low packet loss ratio, the priority of the high-speed Internet
access service is the lowest among the triple play services.
NOTE
For the Internet access service, the retransmission mechanism is usually available to guarantee
transmission reliability. Therefore, the Internet access service does not require a low packet loss ratio
like the IPTV service.
To manage the three services on a port conveniently, the MA5600 supports three VLANs for an
upstream interface, one for the VoIP service, one for the IPTV service, and another for the high-
speed Internet access service.

10 Triple Play Feature Description
NOTE
When the services are differentiated by the Ethernet type (IPoE/PPPoE), the service data goes upstream
through only two different VLANs.
This section describes the implementation of triple play.
The triple play feature takes effect automatically. For details of the triple play configuration,
refer to "Triple Play Service Configuration" in the MA5600 Configuration Guide.
10.1.5 Reference
This section describes the references on triple play.
The following lists the references on triple play:

NOTE
For standards and recommendations, refer to "Standards Compliance" in the MA5600 Product
Description.
10.2 Multi-PVC for Multiple Services

This section describes multi-PVC for multiple services, which is a triple play mode, and its
implementation on the MA5600.
10.2.1 Introduction
This section describes the definition, purpose and specification of multi-PVC for multiple
services.
10.2.2 Principle
This section describes the operating principles of multi-PVC for multiple services.
10.2.1 Introduction
This section describes the definition, purpose and specification of multi-PVC for multiple
services.
Definition
Multi-PVC for multiple services is a triple play mode in which multiple PVCs are adopted for
carrying multiple services from the access device to each DSL user terminal.
Purpose
This triple play mode is compatible with the existing operations, administration and maintenance
(OAM) system.

Specification
l Each xDSL port supports up to 8 PVCs.
l Each service board supports up to 256 PVCs.
10.2.2 Principle
This section describes the operating principles of multi-PVC for multiple services.
The Internet access services, VoIP and IPTV services are carried by different PVCs to the user.
That is, each xDSL port is configured with at least three PVCs. At the network end, three VLANs
are created for the upstream interface to carry different types of services.
Figure 10-1 shows the operating principles of multi-PVC for multiple services.
Figure 10-1 Operating principles of multi-PVC for multiple services

Home
gateway
DHCP/
PPPoE MA5600
IP Phone
DHCP/ ADSL ADSL0 GE LAN Switch
VoIP
PPPoE Voice VLAN BRAS VPN
STB 3PVC
Video VLAN Video
VPN
PPP
oE
PC
Internet
DHCP/ Internet VLAN
PPPoE
IP Phone
DHCP/
PPPoE
ST
3PVC
B VoIP traffic
ADSLN
Video traffic
PPPoE Internet traffic
PC
l The home gateway must be adopted for the DSL user terminal to provide three Ethernet
ports. The ports are used to connect to the Ephone for the VoIP service, the STB for the
IPTV service, and the PC for the high-speed Internet access.
l Each port is bound with a PVC (That is, the data flow from the port is labeled with the VPI/
VCI of this PVC). Then, the home gateway sends the data flow from this port to the
MA5600 over a single PVC for processing.
l After receiving the packets from the PVC, the MA5600 converts them into a data flow,
labels the data flow with a certain service VLAN, and then sends the labeled data flow to
the upper layer device.

Feature Description 11 Routing
11 Routing
About This Chapter
abbreviations, and standard compliance of routing.
11.1 Overview
This section describes the features of the routing on the MA5600.
11.2 Static Route
This section describes the features of the static route on the MA5600.
11.3 Dynamic Route
This section describes the features of the dynamic route on the MA5600.

11 Routing Feature Description
11.1 Overview
This section describes the features of the routing on the MA5600.
11.1.1 Introduction
abbreviations of routing.
11.1.2 Availability
11.1.3 Principle
This section describes the operating principles of routing.
This section describes the implementation of routing.
11.1.5 Reference
This section describes the references on routing.
11.1.1 Introduction
abbreviations of routing.
Definition
Routing is a common term used for describing the path through which the packets from a host
in a network travel to a host in another network.
Routers send packets on the Internet. A router selects a suitable path in a network according to
the destination address included in a received packet, and sends the packet to the next router on
the path. In this way, the packet travels over the Internet until the last router sends it to the
destination host.
Purpose
The access equipment, serving as a basic element in the entire telecom network, must support
the functions of remote operation, management and maintenance on the equipment itself.
It functions of remote operation, management and maintenance on the equipment itself. With
the development of small-size access equipment that can be managed remotely, the access
equipment needs to have BRAS functions, such as allocation of network addresses and user
management. In this way, the access equipment must support the routing feature.
An MA5600 can also serve as a router.
Specification
l Static routes

l Dynamic routing protocols, such as Routing Information Protocol (RIP) and Open Shortest
Path First (OSPF)
Glossary
None
Table 11-1 Acronyms and abbreviations concerning routing

RIP Routing Information Protocol
OSPF Open shortest path first
AS Autonomous system
ABR Area border router
ASBR Autonomous system boundary router
11.1.2 Availability
No additional hardware is required for supporting the routing feature.
11.1.3 Principle
This section describes the operating principles of routing.
Working Principle of Routers

The router logically takes the path through which a packet travels from the network ingress to
the network egress as a route unit; this is called a hop. The path that a hop covers is called a
route segment.
As shown in Figure 11-1, the packets from PC_A travel through three networks and two routers
until they reach PC_C and the hop count is three. If one node is connected to another through a
network, the two nodes are adjacent on the Internet. Similarly, adjacent routers mean that these
routers are connected to the same network. The hop count from a router in a network to a host
in the same network is zero.
Figure 11-1 shows the working principles of routers.

Figure 11-1 Working principles of routers
Router
Router
PC_A
Route segment
Router
Router
Router
PC_B
PC_C
Routing Table
Each router keeps a routing table. The routing table is a key for forwarding packets. The route
entries in the table shows:
l Through which a packet can be forwarded to a specific subnet or host so as to reach the
next router along the path.
l Whether the packet can be sent to the destination host in an interconnected network without
passing through other routers.
The routing table contains the following key entries:
l Destination address
The destination address is a 32-bit character that labels the destination IP address or
destination network of an IP packet.
l Subnet mask
The subnet mask consists of a sequence of "1"s, and can be expressed in dotted decimal
format or as the total number of consecutive "1"s. The mask is used with the destination
address to identify the subnet address of the destination host or router.
To obtain the subnet address of the destination host or router, perform an AND operation
for the destination address and the subnet mask.
For example, if a routers destination address and subnet mask are 129.102.8.10 and
255.255.0.0, respectively, the routers subnet address is 129.102.0.0.
l Output interface
The output interface specifies the interface of a router for IP packet forwarding.
l Next hop IP address
The next hop IP address indicates the next router through which an IP packet will pass.
l Route priority
The route with the highest priority (smallest value) will be the optimal one. You can
configure multiple routes with different priorities to the same destination, but only one
route is selected based on the priority for IP packet forwarding.

Route Classification
Based on the destination, routes can be classified as:
l Subnet route
Its destination is a subnet.
l Host route
Its destination is a host.
Based on the connection between the destination and the router, routes can be classified as:
l Direct route
Its destination network is directly connected to the router.
l Indirect route
Its destination network is not directly connected to the router.
To avoid large routing tables, a default route can be assigned. Once a packet fails to find a route
in the routing table, the default route is selected for forwarding the packet.
Figure 11-2 shows some interconnected networks. The digits in each network represent the IP
address of the network. Router 8 is connected to three networks. Therefore, it has three IP
addresses and three physical ports.
Figure 11-2 Interconnected networks

16.0.0.1 16.0.0.3
16.0.0.0
15.0.0.2 R7 10.0.0.2
R6
16.0.0.2
15.0.0.0 R5 10.0.0.0
13.0.0.3
13.0.0.2 2
15.0.0.1 10.0.0.1
13.0.0.0 3 R8
R2
14.0.0.2 11.0.0.1 1
13.0.0.1 13.0.0.4
11.0.0.0
14.0.0.0
R3
R1 12.0.0.2 11.0.0.2
14.0.0.1 R4
12.0.0.0
12.0.0.3
12.0.0.1
Table 11-2 shows the routing table of Router 8.
Table 11-2 Routing table of Router 8
Subnet of the Destination Forward or Forward Through Port

Host from
10.0.0.0 Directly 2
11.0.0.0 Directly 1
12.0.0.0 11.0.0.2 1

Subnet of the Destination Forward or Forward Through Port

Host from
13.0.0.0 Directly 3
14.0.0.0 13.0.0.2 3
15.0.0.0 10.0.0.2 2
16.0.0.0 10.0.0.2 2
Routing Management Policy
The routing protocols supported by the MA5600 include:
l Static routing protocols

l Dynamic routing protocols such as RIP and OSPF
The MA5600 manages the static and dynamic routes in a unified manner. The static routes
and the routes discovered by RIP and OSPF can be shared.
Routing Protocols and Routing Priority
The current route to a specific destination at a specific moment can only be determined by one
routing protocol. Each routing protocol (including the static routing protocol) is allocated with
a priority. When multiple route sources exist, the route discovered by the routing protocol with
the highest priority becomes the current route.
Table 11-3 lists various routing protocols and the default priorities of the routes discovered by
them.
Table 11-3 Routing protocols and their default routing priorities
Routing Protocol Routing Priority
DIRECT 0
OSPF 10
INTERNAL EIGRP 50
STATIC 60
RIP 100
OSPF ASE 150
EXTERNAL EIGRP 160
IBGP 256
EBGP 256
UNKNOWN 255

The smaller the value, the higher the priority. In this table, "0" indicates the direct route, and
"255" indicates any route from an untrusted source.
You can define the priorities for all dynamic routing protocols except the direct route (DIRECT)
and the BGP (IBGP, EBGP). In addition, the priorities of any two static routes can be different.
Route Sharing
Different routing protocols can find different routes as they use different algorithms. Therefore,
a problem arises, that is, how to share the routes discovered by various routing protocols.
A routing protocol might need to import routes discovered by other protocols to diversify its
own routes. However, a protocol only needs to import qualified routes by setting attributes of
the routes to be imported.
To support a route policy, you must define the attributes of the routes to which the route policy
is to be applied, such as the destination address, and the address of the router distributing routes.
You can define the matching rules in advance so that they can be applied in a route policy for
route distribution, reception and importing.
Filters
The following describes the several filters used by the MA5600.
l ACL
An ACL is defined with a specified IP address and subnet range for identifying routes with
the desired destination segment address or next hop address.
l Address prefix list
An address prefix list is similar to an ACL in functions, but is more flexible and
comprehensible. When applied to filter routes, the address prefix list targets at the
destination address fields.
Identified by name, an address prefix list contains multiple entries. Each entry specifies a
matching range and is identified with index-number. index-number also specifies the
matching order.
In the process of matching, the router checks every entry identified with index-number in
the ascending order. If the route matches one entry, it means that the route matches the
address prefix list, and comparison with next entry is unnecessary.
l Route policy
Route policy is a sophisticated filter to identify routes with the desired attributes and modify
some attributes if conditions are satisfied. Route policy can define its own match rules using
other filters.
A route policy consists of several nodes (matching units). The node number is also the
matching order. Every node consists of if-match clause and apply clause. if-match defines
the matching order. The objects of the matching are some attributes of the routes. The
relationship between two if-match clauses of a node is "and". The match test can be
considered as pass-through only when all if-match clauses of a node are satisfied. apply
clause specifies the action to be taken when node match test is conducted, that is, set some
attributes of the routes.

The relationship between nodes of a route policy is "or". The system checks every node of
a route policy. If one node passes the match test, it means that the route policy passes the
match test, and match test for next node is not required.
Applications of the Routing Policy

The two applications of the routing policy are as follows:
l When importing routes discovered by other protocols, a routing protocol can apply this
filter to obtain the required routes.
l When transmitting or receiving routes, a routing protocol can apply the filter so that only
the required ones are transmitted or received.
This section describes the implementation of routing.
The routing feature takes effect automatically.
For details of the routing configuration, refer to "Routing Protocol Configuration" in the
11.1.5 Reference
This section describes the references on routing.
The following lists the references on routing:
l RFC 2453, Routing Information Protocol

l RFC 2328, Open Shortest Path First
11.2 Static Route

This section describes the features of the static route on the MA5600.
11.2.1 Introduction
This section describes the definition, purpose, specification of the static route.
11.2.2 Principle
This section describes the operating principles of the static route.
11.2.1 Introduction
This section describes the definition, purpose, specification of the static route.
Definition
The static route is a special route. It is configured manually by the network administrator.

Purpose
In a simple network, a router can work in the normal state as long as its static routes are
configured. Proper configuration and use of static routes can improve the network performance
and assure bandwidth for important applications.
Configuring static routes is easy. Static routes apply to small networks that are simple and stable.
However, when a network fault occurs, the static routes cannot change automatically. They have
to be adjusted by the administrator.
Specification
The MA5600 supports up to 1000 static routes.
11.2.2 Principle
This section describes the operating principles of the static route.
An administrator adds static routes to the routing table through the CLI or SNMP. The forwarding
module follows the longest match algorithm for the route matching. If the destination address
of a packet matches an entry in the routing table, the module forwards the packet to the next
hop.
11.3 Dynamic Route

This section describes the features of the dynamic route on the MA5600.
11.3.1 Introduction
This section describes the definition, purpose, specification of the dynamic route.
11.3.2 Principle
This section describes the operating principles of the dynamic route.
11.3.1 Introduction
This section describes the definition, purpose, specification of the dynamic route.
Definition
The dynamic route refers to a route that automatically changes in light of the change of network
topology or network traffic.
Purpose
The routing algorithm of a dynamic routing protocol enables a route to adapt to change of
network topology. Dynamic routes apply to the network deployed with L3 devices. However,
configuring dynamic routes is complicated. In addition, it has a higher requirement on the system,
and occupies more network resources than configuring static routes.
Specification
The MA5600 supports 2300 dynamic routes.

The dynamic routing protocols supported by the MA5600 include:
l RIP
l OSPF
11.3.2 Principle
This section describes the operating principles of the dynamic route.
RIP
RIP defines how routers exchange routing table information. RIP is based on the view
differencing (V-D) algorithm. RIP falls into two versions: RIP 1 and RIP 2.
With RIP, routers can exchange route using the User Datagram Protocol (UDP) packets, and
send route updates every 30s. If a router does not receive any route updates from the peer device
for 180s, it labels the routes from the peer device as unreachable, and deletes such routes if no
route updates are received in the next 120s.
l RIP 1
RIP 1 is a classful routing protocol. It supports broadcasting protocol packets. The RIP 1
protocol packets do not contain any masks. Therefore, RIP 1 can identify only the routes
of the natural network segments such as Class A, Class B and Class C. Thus, RIP 1 supports
neither route summary nor discontinuous subnet.
l RIP 2
RIP 2 is a classless routing protocol. Compared with RIP 1, RIP 2 supports the following:
Route tag
It controls routes flexibly based on the Tag in the route policy.
Packets containing masks
The packets contain masks for route summary and classless inter-domain routing
(CIDR).
The next hop selection
In broadcast networks, you can select the optimal next hop address.
Multicast route to send updates
Only RIP 2 routers can receive protocol packets, thus reducing resource consumption.
Protocol packet authentication
RIP 2 provides two authentication modes: authentication in plain text and MD5
authentication to enhance the security of the packets.
NOTE
l RIP 2 transmits packets in two modes: broadcast mode and multicast mode. By default, packets
are transmitted in multicast mode using the multicast address 224.0.0.9.
l When the interface runs in RIP 2 broadcast mode, it can also receive RIP 1 packets.
l Hop count
The RIP uses hop count to measure the distance to the destination host, which is called
routing metric.

In the RIP, the metric from a router to its directly connected network is 0 (is 1 defined by
some protocols), and the metric from a router to a network which can be reached through
another router is 1, and so on.
To restrict the convergence time, the RIP prescribes that the metric is an integer ranging
from 0 to 15. When hop count is 16, it is regarded as infinitely large.
l Routing loop avoidance
RIP avoids routing loops by the following mechanisms:
Counting to infinity
The RIP defines the metric of 16 as infinity. In case routing loops occur, when the cost
of a route reaches 16, this route is considered unreachable.
Split horizon
The RIP does not send the routes learned from an interface to its adjacent routers through
this interface. This reduces bandwidth consumption and avoids routing loops.
Poison reverse
The RIP learns a route from an interface, sets its metric to 16 (unreachable), and
advertises it to the adjacent routers through this interface. This clears the unnecessary
information in the routing tables of its adjacent routers.
Triggered updates
RIP can avoid routing loops among multiple routers and speed up the network
convergence through triggered updates. After the metric of a route changes, a router
advertises updates to its adjacent routers rather than waits until the period times out.
OSPF
OSPF is an interior gateway protocol (IGP) based on the link state developed by the Internet
Engineering Task Force (IETF). The version in use is the OSPF Version 2 (RFC 2328), which
has the following features:
l Application scope
It supports networks of various scales and hundreds of routers.
l Fast convergence
It enables an update to be sent immediately after the network topology changes, so that the
change can be synchronized in the Autonomous System (AS).
l Loop-free
As OSPF calculates the route with the shortest path tree algorithm through the collected
link state, no loop route is generated from the algorithm itself.
l Area division
The network of the AS is divided into areas. The routes between the areas become more
abstract, reducing the bandwidth occupation in the network.
l Equal route
It supports multiple equal routes to the same destination address.
l Routing hierarchy
Four types of routes are used in the order of preference: intra-area routes, inter-area routes,
external routes of type 1 and external routes of type 2.

l Authentication
It supports interface-based packet authentication to ensure the security of route calculation.
l Multicast
It supports multicast addresses.
l AS mechanism
The whole network can be regarded as an entity consisting of multiple ASs. Information
of the ASs can be synchronized through dynamic discovery and transmission of routes by
collecting and transmitting the AS link states.
Each AS can also be further divided into several areas. If the interfaces of a router are
allocated to multiple areas, this router is called an area border router (ABR). An ABR is
located at the area boundary and is connected to multiple areas.
The OSPF backbone area, a special area labeled with 0.0.0.0, is responsible for exchange
of routing information for non-backbone areas. As all the non-backbone OSPF areas are
interconnected logically with the backbone area, the concept of virtual link is introduced
to ensure that logical connectivity remains between the physically divided areas.
The Autonomous System Boundary Router (ASBR) is a router responsible for exchanging
routing information with other ASs and distributing external routes among the ASs.

Feature Description 12 Ethernet Link Aggregation
12 Ethernet Link Aggregation
About This Chapter
abbreviations, and standard compliance of the Ethernet link aggregation.
12.1 Introduction
acronyms and abbreviations of the Ethernet link aggregation.
12.2 Availability
12.3 Principle
This section describes the operating principles of the Ethernet link aggregation.
12.4 Implementation
This section describes the implementation of the Ethernet link aggregation.
12.5 Reference
This section describes the references on the Ethernet link aggregation.

12 Ethernet Link Aggregation Feature Description
12.1 Introduction
acronyms and abbreviations of the Ethernet link aggregation.
Definition
Ethernet link aggregation refers to aggregation of multiple Ethernet ports together to form a port
to provide higher bandwidth and link security.
IEEE 802.3ad is a standard concerning Ethernet link aggregation. The Link Aggregation Control
Protocol (LACP) based on IEEE802.3ad is a protocol for realizing link aggregation. Using the
LACP, the Ethernet ports of different devices can be automatically aggregated without
interventions from the user, and the link layer failure of the ports can be detected to implement
link aggregation control.
Purpose
Link aggregation is used to improve the bandwidth and implements loading sharing according
to certain strategies. This guarantees reliability and security.
Specification
The MA5600 supports the following link aggregation specifications:
Up to three LAGs and up to six physical ports in a LAG
Limitation
The Ethernet link aggregation of the MA5600 has the following limitations:
l Only the ports of the same type (including port attribute, operating mode, and rate) can be
aggregated together to form a LAG.
l The LAG of an SCU board contains the ports of this SCU board.
l Dynamic link aggregation is not supported.
Glossary
Table 12-1 Glossary of technical terms concerning the Ethernet link aggregation
Glossary Definition
Manual link aggregation In manual link aggregation mode, a user manually creates a link
aggregation group (LAG), adds or deletes the member ports
without running the LACP. All the member ports in the LAG have
two physical states: down and up.

Feature Description 12 Ethernet Link Aggregation
Table 12-2 Acronyms and abbreviations concerning the Ethernet link aggregation
LACP Link Aggregation Control Protocol
LAG Link aggregation group
12.2 Availability
The SCUB/SCUK control board and SCUB/SCUK Ethernet subtending board support the
Ethernet link aggregation.
12.3 Principle
This section describes the operating principles of the Ethernet link aggregation.
According to the link aggregation configuration methods, the Ethernet link aggregation includes:
l Manual link aggregation
l Static link aggregation
l Dynamic link aggregation
The MA5600 supports only the manual link aggregation configuration. The LACP protocol is
not supported in manual link aggregation. The following details the principles of the manual
link aggregation configuration.
Figure 12-1 shows the manual link aggregation principles.
Figure 12-1 Manual link aggregation principles
Aggregation
MA5600
S S
Switch
C C
U U
Two ports of the MA5600 are aggregated together to form an aggregation group. The peer device
adds the two ports into the aggregation group.
If the two ports of the MA5600 are in the normal state, the traffic between the MA5600 and the
peer device is shared by the two links according to the source MAC address or the combination
of the source MAC address and the destination MAC address. However, if a port of the
MA5600 fails or the corresponding link fails, the control board of the MA5600 will not distribute
the traffic to the faulty port.

12 Ethernet Link Aggregation Feature Description
12.4 Implementation
This section describes the implementation of the Ethernet link aggregation.
The feature of Ethernet link aggregation takes effect automatically. For details of the Ethernet
link aggregation configuration, refer to "Device Subtending Configuration" in the MA5600
12.5 Reference
This section describes the references on the Ethernet link aggregation.
The following lists the references on the Ethernet link aggregation:
l IEEE 802.3ad Link Aggregation

Feature Description 13 ATM Subtending
13 ATM Subtending
About This Chapter
abbreviations, and standard compliance of the ATM subtending.
13.1 Introduction
abbreviations of the ATM subtending feature.
13.2 Availability
13.3 Principle
This section describes the operating principles of ATM subtending.
13.4 Implementation
This section describes the implementation of ATM subtending.
13.5 Reference
This section describes the references on ATM subtending.

13 ATM Subtending Feature Description
13.1 Introduction
abbreviations of the ATM subtending feature.
Definition
ATM subtending refers to a subtended configuration in which the IP DSLAM is subtended with
the existing ATM DSLAMs in several tiers through its ATM ports, such as STM-1 ports.
Purpose
Currently the ATM network has come to a standstill. In the future, the MAN construction will
be based on IP. The legacy ATM network is gradually shifting to the IP MAN, and IP DSLAMs
have become the mainstream of the DSLAMs.
To save the operators' resources, one solution is to add ATM ports on the IP DSLAM to subtend
with the existing ATM DSLAMs.
Specification
The MA5600 supports the following ATM subtending specifications:
l Supports PVC switching.
l Supports PPPoE+ and DHCP Option82.
l Supports QinQ and VLAN stacking.
l Supports uplink through the Smart VLAN and MUX VLAN.
l Supports CAR on the downstream direction of the PVC at a granularity of 64 kbit/s.
l Each AIU board supports up to four STM-1 ports or eight IMA E1 ports.
Limitation
The ATM subtending feature of the MA5600 has the following limitations:
l The MA5600 does not support VP switching.
l The MA5600 does not support configuration of PVP.
l The MA5600 is not subtended with ATM DSLAMs that provide services of strict clock
requirements (such as CES and FR).
l The subtended DSLAMs do not support multicast service.
l The subtended DSLAMs do not support single-PVC for multiple services.

Glossary
Table 13-1 Glossary of technical terms concerning ATM

Glossary Definition
PWE3 PWE3 is an end to end L2 service bearing technology. It realizes

point to point L2 VPNs.
Table 13-2 Acronyms and abbreviations concerning ATM

ATM Asynchronous transfer mode
CAR Committed access rate
PWE3 Pseudo wire emulation edge-to-edge
PVC Permanent virtual channel
PVP Permanent virtual path
VP Virtual path
13.2 Availability
The AIUG board supports the ATM subtending.
13.3 Principle
This section describes the operating principles of ATM subtending.
ATM Subtending: Upstream Transmission through Ethernet

ATM subtending supports upstream transmission through a common Ethernet network. The
typical function of the ATM port is to convert the ATM cells from the subtended ATM DSLAM
to Ethernet packets. The packets are then sent to the Ethernet MAN from the uplink port of the
IP DSLAM.
Figure 13-1 shows an ATM subtending network for upstream transmission through Ethernet.

Figure 13-1 ATM subtending network for upstream transmission through Ethernet
BRAS
Ethernet
MAN
GE/FE
MA5600
ADSL2+ STM-1
ATM DSLAM
Modem
Modem
l In the upstream direction (from the ATM DSLAM to the IP DSLAM)

1. The IP DSLAM recovers the ATM frames (such as STM-1 frames) from the ATM
DSLAM to ATM cell stream. If the interface between the ATM DSLAM and the IP
DSLAM is an IMA E1 port, the IP DSLAM also performs deframing on the IMA E1
frames.
2. The ATM cells are reassembled to ALL5 frames.
3. The AAL5 frames are recovered to Ethernet packets.
4. After the associated VLAN tags are added to the Ethernet packet header, Ethernet
packets are sent to the Ethernet MAN through the uplink port.
l In the downstream direction (from the IP DSLAM to the ATM DSLAM)
1. The Ethernet packets received by the IP DSLAM from the Ethernet MAN are
encapsulated to AAL5 frames.
2. The AAL5 frames are segmented to ATM cells.
3. The cells are encapsulated to the ATM frames (such as STM-1 frames), and then sent
to the ATM DSLAM through the ATM port (such as STM-1 port).
ATM Subtending: Upstream Transmission through a Private Line

ATM subtending supports not only upstream transmission through Ethernet, but also upstream
transmission through a private line. In this case of upstream transmission through a private line,
the IP DSLAM encapsulates ATM cells to an ATM PWE3 private line. The ATM private line
service is sent to the ATM BRAS at the peer end through the Ethernet MAN.
Figure 13-2 shows an ATM subtending network for upstream transmission through a private
line.

Figure 13-2 ATM subtending network for upstream transmission through a private line
ATM BRAS
Ethernet MAN
ATM
PWE3 GE/FE
MA5600
ADSL2+ STM-1
ATM DSLAM
Modem
Modem
As shown in Figure 13-2, the IP DSLAM sets up a PWE3 private line for the ATM cells sent
from the ATM DSLAM. The ATM cells are encapsulated to PWE3 packets, and then sent to
the ATM BRAS at the peer end through the Ethernet MAN.
l In the upstream direction (from the ATM DSLAM to the IP DSLAM)
1. The IP DSLAM recovers the ATM cells (such STM-1 cells) from the ATM DSLAM
to ATM cell stream. If the interface between the ATM DSLAM and the IP DSLAM
is an IMA E1 port, the IP DSLAM also performs deframing on the IMA E1 frames.
2. The IP DSLAM encapsulates the ATM cells to PWE3 packets, and then encapsulates
the PWE3 packets to Ethernet packets.
3. The Ethernet packets are sent to the ATM BRAS at the peer end over the Ethernet
MAN through the Ethernet uplink port on the IP DSLAM.
l In the downstream direction (from the IP DSLAM to the ATM DSLAM)
1. After receiving the Ethernet packets from the Ethernet MAN, the IP DSLAM recovers
packets to PWE3 packets, and then to ATM cell stream.
2. The ATM cell stream is encapsulated to ATM frames (such as STM-1 frames).
3. The ATM frames are sent to the ATM DSLAM through the ATM port (such as STM-1
port).
13.4 Implementation
This section describes the implementation of ATM subtending.
The ATM subtending feature takes effect automatically.
For details of the ATM subtending configuration, refer to "ATM-DSLAM Access

Configuration" in the MA5600 Configuration Guide.

13.5 Reference
This section describes the references on ATM subtending.
The following lists the references on ATM subtending:
l ITU-T I.363.5, AAL5 Service Adaptation Protocol
l ITU-T I.361, B-ISDN ATM layer specification

Feature Description 14 MPLS
14 MPLS
About This Chapter
abbreviations, and standard compliance of the MPLS.
14.1 MPLS Feature Description

This section describes the MPLS feature and its implementation on the MA5600.
14.2 MPLS PWE3
This section describes the MPLS PWE3 feature and its implementation on the MA5600.

14 MPLS Feature Description
14.1 MPLS Feature Description

This section describes the MPLS feature and its implementation on the MA5600.
14.1.1 Introduction
acronyms and abbreviations of MPLS.
14.1.2 Availability
14.1.3 Principle
This section describes the operating principles of MPLS.
This section describes the implementation of MPLS.
14.1.5 Reference
This section describes the references on MPLS.
14.1.1 Introduction
acronyms and abbreviations of MPLS.
Definition
Multiprotocol label switching (MPLS) was introduced to improve the forwarding speed.
However, because of its excellent performance in traffic engineering (TE) and virtual private
network (VPN), which are the two critical technologies in the present IP network, MPLS is
becoming an important standard for extending the IP network.
l Basic functions of MPLS

l MPLS pseudo wire emulation edge-to-edge (PWE3)
l MPLS OAM
l MPLS RSVP-TE
This section describes the basic functions of MPLS.
The basic functions of MPLS include the MPLS Label Distribution Protocol (LDP) and the label
switched path (LSP) management function.
l LDP is a standard MPLS label distribution protocol defined by the IETF. It is responsible
for Forwarding Equivalence Class (FEC) classification, label distribution, as well as
establishment and maintenance of LDP sessions.
l The LSP management function enables unified management and maintenance of LSPs
created by various label distribution protocols and implements the function of delivering
the hardware forwarding module.
MPLS supports multiple LDPs, including:
l Protocols specially defined for label distribution, such as LDP and Constraint-Based
Routing using LDP (CR-LDP)

l Extended protocols that can support label distribution, such as Border Gateway Protocol
(BGP) and Resource Reservation Protocol (RSVP)
The MA5600 supports LDP, RSVP, and manually configured static LSPs. It does not support
CR-LDP or BGP.
Purpose
The basic functions of MPLS are the foundation of MPLS PWE3.
Specification
The MA5600 supports the following MPLS specifications:
l Downstream unsolicited (DU) label distribution
l Ordered label control mode
l Liberal label retention mode
l Penultimate hop popping
l Working as an LER
l 1024 LDP LSPs
l 256 static LSPs
l 8 local LDP peers
l 32 remote LDP peers
l MPLS label range: 819216383
Limitation
The MA5600 MPLS has the following limitations:
l The MA5600 does not work as an LSR.
l The MA5600 does not support MPLS forwarding according to the FEC which is based on
the IP address of a user.
l The MPLS VLAN must be a standard VLAN.

Glossary
Table 14-1 Glossary of technical terms concerning MPLS

Glossary Definition
Forwarding equivalent MPLS is a high-performance forwarding technology that takes the

class (FEC) packets with the same forwarding mode as a class. This type of class
is called a forwarding equivalent class (FEC).
The packets of the same FEC are treated the same in the MPLS
network.
The source address, destination address, source port, destination
port, protocol type, VPN or any of these combinations can determine
an FEC. For example, all the packets transmitted to the same
destination through the longest matching algorithm belong to an
FEC.
Label A label is a short identifier of a fixed length with local significance.

It is used to uniquely identify an FEC. The label assigned to the
packet represents an FEC. In some cases, several different labels are
assigned to an FEC, but one label can represent only one FEC.
Label switching router An LSR is a basic element of an MPLS network. All LSRs support
(LSR) MPLS.
l An LSR consists of a control plane and a forwarding plane.
l The control plane allocates labels, selects routes, creates the label-
forwarding information base, and sets up or deletes an LSP.
l The forwarding plane forwards the received packets according to
the entries in the label-forwarding base.
Label switching edge An LER is responsible for traffic classification, label mapping
router (LER) (Ingress), and label deletion. At the edge of an MPLS network, an
LER (Ingress LER) classifies the traffic which is transmitted to the
MPLS network into different FECs, and requests labels for these
FECs.
Label Switched Path An LSP refers to the path along which an FEC travels in an MPLS
(LSP) network.
The LSP functions as a unidirectional path from the ingress to the
egress, similar to the virtual circuit of the ATM or frame relay (FR).
Label Distribution LDP is the control protocol of MPLS. It is similar to the signaling
Protocol (LDP) protocol in a traditional network.
LDP is responsible for FEC classification, label distribution, LSP
establishment and maintenance.

Table 14-2 Acronyms and abbreviations concerning MPLS
MPLS Multi-protocol label switch
FEC Forwarding equivalence class
LSR Label switching router
LER Label switching edge router
LSP Label switched path
TE Traffic engineering
14.1.2 Availability
To support MPLS, an MPLS subboard must be configured.
14.1.3 Principle
This section describes the operating principles of MPLS.
Figure 14-1 shows the MPLS network structure.
Figure 14-1 MPLS network structure
Label Switched Path

(LSP)
Ingress
Egress
MPLS core LSR
MPLS Edge Router

(LER)
1. Enable MPLS and LDP on all the routers in the network, and enable LDP on the
interconnected ports.
2. LDP establishes an LDP session between two routers that carries the LDP protocol packets.
3. LDP with traditional routing protocols like OSPF and RIP establishes LSPs for requesting
FECs in each LSR.

4. To establish static LSPs, LDP is not necessarily enabled. For this purpose, configure FECs,
incoming labels and outgoing labels on each MPLS router along the static LSPs.
This section describes the implementation of MPLS.
The MPLS feature takes effect automatically.
For details of the MPLS configuration, refer to "MPLS Access Configuration" in the
14.1.5 Reference
This section describes the references on MPLS.
The following lists the references on MPLS:
l RFC3031, Multiprotocol Label Switching Architecture

l RFC3036, LDP Specification
14.2 MPLS PWE3

This section describes the MPLS PWE3 feature and its implementation on the MA5600.
14.2.1 Introduction
acronyms and abbreviations of MPLS PWE3.
14.2.2 Principle
This section describes the operating principles of MPLS PWE3.
This section describes the implementation of MPLS PWE3.
14.2.4 Reference
This section describes the references on MPLS PWE3.
14.2.1 Introduction
acronyms and abbreviations of MPLS PWE3.
Definition
Pseudo wire emulation edge-to-edge (PWE3) is an end-to-end L2 technology for bearing service
traffic. It is a point-to-point L2VPN.
The MA5600 supports MPLS PWE3 in which LDP is used as a singling to implement the
following functions:

l ATM emulation
l Ethernet emulation
l ATM or Ethernet leased line
Purpose
MPLS PWE3 provides the following functions:
l ATM emulation
l Ethernet emulation
l Emulation leased line solution in an IP network
Specification
The MA5600 supports the following MPLS PWE3 specifications:
l Establishment of static pseudo wire (PW)
l Establishment of dynamic PW
l Support of one-hop PW
l Support of U-PE
l Dynamic PW supporting LDP
l ATM Nto1, ATM SDU, and ETHERNET TAGGED PW
l Mapping from user PVC and VLAN priorities to the EXP fields of MPLS labels
l Priority scheduling based on the EXP field
l Working as an provider edge (PE)
l 896 static PWs
l 2048 dynamic PWs
l 256 PW profiles
Limitation
The MA5600 MPLS PWE3 has the following limitations:
l The MA5600 does not work as an S-PW.
l The MA5600 does not work as a device on the P (provider) node.
Glossary
Table 14-3 Glossary of technical terms concerning MPLS PWE3
Glossary Definition
PW The path for the AC service to enter a PE, exit from another
PE, and enter another AC can be a point-to-point connection
from one PE to another PE, or a point-to-multipoint
connection.

Glossary Definition
PWE3 A general term for the whole service from a CE to the peer CE
through the PSN. The transmission media can be the same or
different. The end-to-end management can be implemented.
ATM/Ethernet emulation Emulation of the ATM/Ethernet service in a network which is

neither an ATM network nor an Ethernet network.
Table 14-4 Acronyms and abbreviations concerning MPLS PWE3
PWE3 Pseudo wire emulation edge-to-edge
PW Pseudo wire
AC Attachment circuit
PE Provider edge
CE Customer edge
14.2.2 Principle
This section describes the operating principles of MPLS PWE3.
As a PE, the MA5600 establishes the MPLS PW tunnel, encapsulates user data (ATM cells or
Ethernet frames) at the transmit end with two layers of MPLS labels, and sends them to the
MPLS backbone network. At the receive end, the received MPLS packets are decapsulated to
the original packets and then sent to the users.
The MA5600 classifies ATM cells into different ATM PWs according to the VPI/VCI of the
ATM PVC, and classifies Ethernet frames into different Ethernet PWs according to the VLAN.
The packets are encapsulated with the incoming label of the PW and the outgoing label of the
external LSP as well as the public Ethernet header, and then transmitted from the corresponding
upstream port. That is, PWs are transmitted. This task is performed by the MPLS forwarding
module of the MA5600.
Figure 14-2 shows an MPLS PWE3 topology.
Figure 14-2 MPLS PWE3 topology
CE1 PE1 PE2 CE2

MPLS Tunnel
PW1
PW2

For a user, this is an ATM switching network or an Ethernet L2 switching network regardless
of the backbone network.
Figure 14-3, Figure 14-4 and Figure 14-5 show the packet encapsulation modes of three types
of PWs.
Figure 14-3 Packet encapsulation mode of ATM Nto1 PW

ADSL access ATM cell
module
MPLS forwarding module
AIUG access
module
ATM Nto1 PW packets

Input of ATM cells
The MPLS forwarding module Ethernet header
queries the FTN according to the
VPI/VCI to obtain the MPLS External LSP label
egress label and the Ethernet
ATM Cell PW Label
layer information of the egress
port. Then, the module directly
encapsulates the ATM cells into ATM Cell
the MPLS packets.
Figure 14-4 Packet encapsulation mode of ATM SDU PW

ATM cell
ADSL access
module
MPLS forwarding module
AIUG access
module ATM SDU PW packets
The MPLS forwarding module
Input of ATM cells reorganize the ATM cells into AAL5 Ethernet header
PDUs and discards PAD and CPCS-
VLAN
PDU tails. The module queries the
ATM Cell
FTN according to the VPI/VCI to External LSP Label
obtain the MPLS egress label and

the Ethernet layer information of the PW Label

egress port. Then, the module adds Control word
32-bit control words as specified by
ATM Cell the PWE3 protocol to AAL5 CPSC- ATM AAL5 SDU
SDUs and then encapsulates them
to the MPLS packets.

Figure 14-5 Packet encapsulation mode of Ethernet Tagged PW

The ADSL access
module reorganize the
user ATM cells and
extracts the Ethernet
packets.
Ethernet
ADSL access
packet MPLS forwarding module
module
ATM SDU PW packets
Input of ATM cells The MPLS forwarding module
queries the FTN according to the Ethernet header
ATM Cell VLAN to obtain the MPLS egress VLAN
label and the Ethernet layer
information of the egress port. External LSP Label

Then, the module directly PW Label

encapsulates the Ethernet cells into
ATM Cell the MPLS packets.
Ethernet packet
This section describes the implementation of MPLS PWE3.
The MPLS PWE3 feature takes effect automatically.
For details of the MPLS PWE3 configuration, refer to "MPLS Access Configuration" in the
14.2.4 Reference
This section describes the references on MPLS PWE3.
The following lists the references on MPLS PWE3:
l draft-ietf-pwe3-requirements-08, Requirements for Pseudo-Wire Emulation Edge-to-Edge
(PWE3)
l draft-ietf-pwe3-control-protocol-12, Pseudowire Setup and Maintenance using LDP
l draft-ietf-pwe3-arch-07, PWE3 Architecture
l draft-ietf-pwe3-ethernet-encap-08, Encapsulation Methods for Transport of Ethernet
Frames Over IP/MPLS Networks
l draft-ietf-pwe3-atm-encap-07, Encapsulation Methods for Transport of ATM Over MPLS
Networks

Feature Description 15 System Security
15 System Security
About This Chapter
abbreviations, and standard compliance of system security.
15.1 System Security Features

This section describes the system security features supported by the MA5600.
15.2 Anti-DoS Attack
This section describes the anti-DoS attack feature and its implementation on the MA5600.
15.3 Anti-ICMP/IP Attack
This section describes the features of the anti-ICMP/IP attack on the MA5600.
15.4 Source Route Filtering
This section describes the source route filtering feature and its implementation on the
MA5600.
15.5 MAC Address Filtering
This section describes the features of the MAC address filtering on the MA5600.
15.6 Firewall Black List
This section describes the features of the firewall black list on the MA5600.
15.7 Firewall
This section describes the feature of the firewall on the MA5600.
15.8 Address Segments Configuration
This section describes the configuration of the acceptable/refused address segment on the
MA5600.

15 System Security Feature Description
15.1 System Security Features

This section describes the system security features supported by the MA5600.
15.1.1 Introduction
abbreviations of system security.
15.1.2 Availability
15.1.3 Principle
This section describes the principles of system security features.
This section describes how to activate, modify and deactivate the system security features.
15.1.5 Reference
This section describes the references on system security.
15.1.1 Introduction
abbreviations of system security.
Definition
The MA5600 supports security settings to prevent attacks initiated by the network to the
MA5600 itself and by users in the network. The MA5600 supports the following security
features:
l Anti-denial of service (DoS) attack
l Anti-ICMP/IP attack
l Source route filtering
l MAC address filtering
l Firewall black list
l Firewall
l Configuration of acceptable/refused address segments
Purpose
Figure 15-1 shows the system security application model of the MA5600.

Figure 15-1 System security application model of the MA5600
Carrier network
RG
MAN
DSLAM Network
device
Broadband user
Remote user
In an access network, the attacks might include the following modes:

l A local user initiates attacks on the system.
l A local user initiates attacks on the network equipment.
l A remote user initiates attacks on local users.
l A remote user initiates attacks on the system.
This chapter describes how the MA5600 protects itself from attacks initiated by a user. Some
features (such as the firewall feature) of the MA5600 can also prevent a remote user from
attacking the system.
In addition, the MA5600 protects the network equipment from attacks. This guarantees the
security of the carrier's network.
Specification
The MA5600 supports the following system security specifications:

l Anti-DoS attack
l Firewall
Glossary
Table 15-1 Glossary of technical terms concerning system security
Glossary Definition
SSH Secure shell (SSH) is a protocol that ensures encrypted

connection for one host or server to other hosts or servers.

Table 15-2 Acronyms and abbreviations concerning system security
DoS Denial of service attack
ACL Access control list
SSH Secure shell
SNMP Simple Network Management Protocol
15.1.2 Availability
No additional hardware is required for supporting the system security features.
15.1.3 Principle
This section describes the principles of system security features.
l Anti-DoS attack
The MA5600 detects and controls the number of packets sent from a user to the CPU of
the main control board. This avoids attacks on the CPU caused by an excessively large
number of packets.
The MA5600 identifies and discards the ICMP/IP packets with their destination IP
addresses the same as the IP address of the MA5600.
The MA5600 identifies and discards the IP packets with specified source route options.
The MA5600 identifies and discards the packets with the specified source MAC addresses.
The MA5600 filters the service packets with the source IP addresses in the firewall black
list.
l Firewall
The MA5600 filters data packets based on the ACL rule. This prevents unauthorized users
from accessing the MA5600.
The MA5600 checks if the IP address of a login user is in the acceptable address segments.
This prevents users of unauthorized address segments from accessing the MA5600.
This section describes how to activate, modify and deactivate the system security features.

The system security feature automatically takes effect. For details of the system security
configuration, refer to "System Security Configuration" in the MA5600 Configuration
Guide.
15.1.5 Reference
This section describes the references on system security.
The following lists the references on system security:
15.2 Anti-DoS Attack

This section describes the anti-DoS attack feature and its implementation on the MA5600.
15.2.1 Introduction
This section describes the definition, purpose, specification and limitation of the anti-DoS attack
feature.
15.2.2 Availability
This section describes the hardware required for this feature, including boards and terminals..
15.2.3 Principle
This section describes the principles of the anti-DoS attack feature.
This section describes how to activate, modify and deactivate the anti-DoS attack feature.
15.2.1 Introduction
This section describes the definition, purpose, specification and limitation of the anti-DoS attack
feature.
Definition
Anti-DoS attack means defensive measures taken by the MA5600 to control and limit the number
of control packets from a user.
A DoS attack occurs when users send an excessively large number of control packets purposely
to the system to overload it.
Purpose
A DoS attack:
l Endangers the normal operation of the access system
l Prevents the DSLAM from receiving normal service requests from the legal users.
l Suspends the system
To protect the MA5600, you can enable the MA5600 to limit the number of control packets from
a user. In this way, the MA5600 discards excessive packets.

For a user initiating DoS attacks, the MA5600 adds the user to the firewall black list and stops
receiving control packets from the user.
For a user in the firewall black list, the administrator can force the user to get offline.
Specification
The MA5600 supports the following anti-DoS attack specifications:
l Anti-DoS attacks in the form of various control packets such as:

PPPoE discovery packets
PPPoE discovery packets
ARP packets
ICMP packets
IGMP packets
PPP LCP packets
BPDU packets
l Up to 1024 users in a firewall black list of DoS attack
l Report of an alarm when a DoS attack occurs or when it ends
Limitation
For the xDSL board, the MA5600 detects if a DoS attack occurs on a physical port.
15.2.2 Availability
This section describes the hardware required for this feature, including boards and terminals..
No additional hardware is required for supporting the anti-DoS attack feature.
15.2.3 Principle
This section describes the principles of the anti-DoS attack feature.
The MA5600 prevents DoS attacks in the following ways:

l The MA5600 maintains a firewall black list of DoS attackers. For the users in the firewall
black list, the administrator can force the user to get offline by deactivating the
corresponding port or by other methods.
l With the anti-DoS attack switch enabled, the MA5600 detects if a DoS attack occurs and
ends in this way:
The MA5600 detects the packets from a user port to the control module. If the number
of packets exceeds the average number of control packets for normal services, the
MA5600 confirms that a DoS attack occurs.
When a DoS attack occurs from a user port, the MA5600 adds the port to the firewall
black list, and discards the packets from the port.
When the MA5600 detects that the user stops DoS attacks, the MA5600 deletes the port
from the firewall black list, and allows transmission of the packets to the control module.

This section describes how to activate, modify and deactivate the anti-DoS attack feature.
For details of the anti-DoS attack feature, refer to "System Security Configuration" in the
15.3 Anti-ICMP/IP Attack

This section describes the features of the anti-ICMP/IP attack on the MA5600.
15.3.1 Introduction
This section describes the definition, purpose and specification of the anti-ICMP/IP attack
feature.
15.3.2 Principle
This section describes the principles of the anti-ICMP/IP attack feature.
15.3.1 Introduction
This section describes the definition, purpose and specification of the anti-ICMP/IP attack
feature.
Definition
Anti-ICMP/IP attack refers to the capability of the MA5600 to discard malicious ICMP/IP
packets.
ICMP/IP attack means a malicious user sends ICMP/IP packets whose destination IP address is
the IP address of the MA5600 itself. The packets affect the system performance.
Purpose
The packets from a normal user do not use the IP address of an MA5600 as their destination IP
address. A malicious user, however, might attack the MA5600 by sending ICMP/IP packets with
the destination IP address the same as the IP address of the MA5600.
Anti-ICMP/IP attack means the MA5600 identifies and discards the ICMP/IP packets whose
destination IP address is the IP address of the MA5600.
Specification
None
15.3.2 Principle
This section describes the principles of the anti-ICMP/IP attack feature.
If the destination IP address of the ICMP/IP packets from a user is the IP address of the
MA5600, the MA5600 discards the packets.

15.4 Source Route Filtering

This section describes the source route filtering feature and its implementation on the
MA5600.
15.4.1 Introduction
This section describes the definition, purpose and specification of the source route filtering
feature.
15.4.2 Principle
This section describes the principle of the anti-ICMP/IP attack feature.
15.4.1 Introduction
This section describes the definition, purpose and specification of the source route filtering
feature.
Definition
The IP packet with the source route option specifies the transmission path of the packet. For
example, if you want an IP packet to pass through three routers, R1, R2 and R3, then you can
specify the interface addresses of these three routers in the source route option. In this way, the
IP packet passes through these three routers in turn regardless of the routing tables on the three
routers are.
During the transmission, the source and destination addresses of such an IP packet change
continuously. In this case, by setting the source route option properly, an attacker can forge some
valid IP addresses to access the network deceitfully.
When the source route filtering feature is enabled, the MA5600 can drop such an IP packet.
Purpose
Source route filtering means dropping the IP packet with the source route option. This protects
the carrier's network from attacks initiated by a malicious user by sending forged IP packets.
Specification
None
15.4.2 Principle
This section describes the principle of the anti-ICMP/IP attack feature.
With the source route filtering feature enabled, the MA5600 discards the IP packets with the
source route option.
15.5 MAC Address Filtering

This section describes the features of the MAC address filtering on the MA5600.
15.5.1 Introduction

This section describes the definition, purpose, specification and limitation of the MAC address
filtering feature.
15.5.2 Availability
15.5.3 Principle
This section describes the principles of the MAC address filtering feature.
15.5.1 Introduction
This section describes the definition, purpose, specification and limitation of the MAC address
filtering feature.
Definition
MAC address filtering means that the MA5600 checks the source MAC address of user packet.
The source MAC address cannot be the MAC address of the network equipment. For example,
the 01-80-C2-00-00-0 in the MAC address of the LACP, or the 01-00-5E-00-00-09 in the MAC
address of the RIP.
Purpose
MAC address filtering is used to specify the source MAC addresses not allowed for user packets.
This is to prevent malicious users from forging the MAC address of the network equipment to
attack the carrier's network.
Specification
The MA5600 supports the filtering of four MAC addresses.
Limitation
The MAC address filtering and anti-MAC spoofing feature can be enabled at the same time. If
both are enabled, the feature of MAC address filtering has a higher priority.
15.5.2 Availability
No additional hardware is required for supporting this feature.
15.5.3 Principle
This section describes the principles of the MAC address filtering feature.
The principles for implementing the MAC address filtering feature is as follows:
1. To prevent a user from forging a MAC address of the network equipment, set the MAC
address as the one to be filtered.
2. For upstream user packets, the MA5600 checks the source MAC address. If it is the same
as the specified MAC address, the MA5600 discards the packets.

15.6 Firewall Black List

This section describes the features of the firewall black list on the MA5600.
15.6.1 Introduction
This section describes the definition, purpose, specification and limitation of firewall black list
feature.
15.6.2 Principle
This section describes the principles of the firewall black list feature.
15.6.1 Introduction
This section describes the definition, purpose, specification and limitation of firewall black list
feature.
Definition
A firewall black list is a list of IP addresses. The system filters the service packets whose source
IP addresses are in the firewall black list. This enhances system security and network security.
Purpose
The firewall black list is used to specify malicious users for preventing attacks on the
MA5600.
Specification
The MA5600 supports the following firewall black list specifications:
l Up to 2000 IP addresses can be manually configured in the firewall black list.

l When configuring the firewall black list, you can specify the aging time of an IP address.
The duration is in the range of 11000 minutes. If the aging time is not specified, the IP
address does not age.
Limitation
An ACL rule is applicable when the firewall black list feature is enabled. In this case, the ACL
rule has a higher priority.
15.6.2 Principle
This section describes the principles of the firewall black list feature.
The principle for implementing the firewall black list feature is as follows:
1. For the packets with the source IP address specified in the firewall black list, the
MA5600 discards the packets.
2. For the packets that match a specified ACL rule, if the rule allows the packets to pass
through, the MA5600 transmits the packets upstream even if the IP address is in the firewall
black list. If the rule forbids the packets to pass through, the MA5600 discards packets.

15.7 Firewall
This section describes the feature of the firewall on the MA5600.
15.7.1 Introduction
This section describes the definition, purpose, specification and limitation of the firewall feature.
15.7.2 Principle
This section describes the principles of the firewall feature.
15.7.1 Introduction
This section describes the definition, purpose, specification and limitation of the firewall feature.
Definition
The firewall feature enables the MA5600 to filter data packets based on an ACL rule. This
prevents unauthorized users from accessing the MA5600.
Purpose
By setting the firewall, only authorized users can maintain the MA5600 through its maintenance
network port (outband) or service channel (inband).
An unauthorized users might access an MA5600 through its maintenance network port (outband)
or service channel (inband) to configure the MA5600 illegally. This affects the operation of the
MA5600 and the carrier's network.
Specification
The MA5600 supports the following firewall specifications:
l The firewall feature can be enabled on the maintenance network port and every VLAN
interface.
Limitation
The MA5600 firewall has the following limitations:
l The firewall feature enables the MA5600 to filter data packets based on ACL rules,
provided that the rules exist. If the rules do not exist, the MA5600 transmits or discards the
packets according to the default rule.
l The ACL rules applying to the firewall must be a basic ACL rule or an advance ACL rule.
15.7.2 Principle
This section describes the principles of the firewall feature.
The principle for implementing the firewall feature is as follows:
1. If the firewall feature is enabled, when a user logs in to the MA5600 through its maintenance
network port or a service channel, the MA5600 judges whether the user is allowed to access

the system according to the configured ACL rules. If the user packets do not match the
ACL rules, the MA5600 discards the packets.
2. An ACL rule specifies a group of IP addresses, protocol types, or ports allowed or forbidden
to access the system.
15.8 Address Segments Configuration

This section describes the configuration of the acceptable/refused address segment on the
MA5600.
15.8.1 Introduction
This section describes the definition, purpose, specification and limitation of the address segment
configuration feature.
15.8.2 Principle
This section describes the principles of the address segment configuration feature.
15.8.1 Introduction
This section describes the definition, purpose, specification and limitation of the address segment
configuration feature.
Definition
Address segments configuration means the configuration of IP address segments acceptable/

refused for the login through the firewall of a specified protocol type.
Purpose
The MA5600 prevents the users of illegal IP address segments from logging in to the system,
and thus the system security is guaranteed to an extent.
Specification
The MA5600 supports the login through protocols Telnet, SSH and SNMP. For each type of the
firewall, the MA5600 supports the configuration of acceptable/refused IP address segments.
For each type of firewall, you can configure up to 10 acceptable IP address segments and 10
refused IP address segments.
Limitation
The first address of a new address segment cannot be the same as that of an existing address
segment.
15.8.2 Principle
This section describes the principles of the address segment configuration feature.
When a user logs in to the system through Telnet, or SSH or SNMP, the system checks if the IP
address of the user is in the acceptable IP address segments. If yes, the user can log in
successfully.

Feature Description 16 User Security
16 User Security
About This Chapter
abbreviations, and standard compliance of user security.
16.1 PITP
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the PITP.
16.2 DHCP Option82
abbreviations, and standard compliance of the DHCP Option82.
16.3 RAIO
abbreviations, and standard compliance of the RAIO.
16.4 IP Address Binding
abbreviations, and standard compliance of the IP address binding.
16.5 MAC Address Binding
abbreviations, and standard compliance of the MAC address binding.
16.6 Anti-MAC Spoofing
abbreviations, and standard compliance of the anti-MAC spoofing.
16.7 Anti-IP Spoofing
abbreviations, and standard compliance of the anti-IP spoofing.

16 User Security Feature Description
16.1 PITP
abbreviations, and standard compliance of the PITP.
16.1.1 Introduction
acronyms and abbreviations of the PITP.
16.1.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
16.1.3 Principle
This section describes the principles of the PITP.
This section describes the implementation of the PITP.
16.1.5 Reference
This section describes the references on the PITP.
16.1.1 Introduction
acronyms and abbreviations of the PITP.
Definition
The Policy Information Transfer Protocol (PITP) is a protocol for transferring the policy
information between the access equipment and the BRAS in the layer-2 P2P communication
mode. PITP is used to transfer the information on a user's access location. PITP, namely, relay
agent information option (RAIO), involves:
l V mode
In this mode, the BRAS initiates the query of a user's port information from the MA5600.
l P mode
In this mode, the MA5600 adds a user's port information to the PPPoE discovery packet
for the BRAS to authenticate the user.
Purpose
For the MA5600, PITP provides the upper layer authentication server (such as BRAS) with the
information about the ports of users. After the BRAS obtains the port information, it
authenticates the binding of the user account with the access port to avoid theft and roaming of
user accounts.
Specification
PITP supports V mode and P mode.
PITP takes effect only when it is enabled in all the following levels:
l Global level

l Port level
Limitation
l Only one PITP mode can be enabled at a time.
l The V mode protocol type cannot be the standard Ethernet protocol type.
l The V mode Ethernet protocol type cannot be configured in the PITP V mode. To modify
the default V mode protocol type, disable V mode first.
Glossary
None
Table 16-1 Acronyms and abbreviations concerning PITP

PITP Policy Information Transfer Protocol
PPPoE Point to point protocol over Ethernet
RAIO Relay agent information option
16.1.2 Availability
No additional hardware is required for supporting PITP.
16.1.3 Principle
This section describes the principles of the PITP.
Implementation of V Mode
Figure 16-1 shows the PPPoE dialup process in PITP V mode.

Figure 16-1 PPPoE dialup process in PITP V mode
User MA5600 BRAS RADIUS Server
1 PADI
2 PADO
Discovery
3 PADR
4 PADS
5 VBAS request packet
6 VBAS response packet
7 LCP negotiation
8 Authentication
Session packet 9 Request packet
with the user port
information
10 Access
accepted packet
11 Authentication
pass packet
12 Data transmission
The V process is as follows:

1. After the PPPoE discovery stage is over, the BRAS sends V mode request packets to the
MA5600 for the physical location of the user.
2. After receiving the request packets, the MA5600 searches the user's access location
information (shelf/slot/port number) according to the MAC address and VLAN information
contained in the request packets.
3. When finding the information, the MA5600 adds it to the V mode response packets and
then sends the packets to the BRAS. If not, the MA5600 does not respond.
V Mode Packet Format

Figure 16-2 shows the format of a V mode packet.

Figure 16-2 V mode packet format
# 012345678901 23456789012345678901
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Version | Reserve |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Trans Info Type | Oper Type | Oper Result |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Session ID |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Addr Len | Info Len | IF Type |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Src Addr |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Src Addr | Src Vlan |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Src Port | Dst Addr |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Dst Addr |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Dst Vlan | Dst Port |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | User Info Len | ~~~
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
The Ethernet protocol type of a V mode packet is configurable. By default, it is 0x8200. Table
16-2 describes each field in a V mode packet.
Table 16-2 Fields of a V mode packet

Field Description
Version Version number with one byte.

It is 1 for both request and response packets.
Reserve Reserved field with three bytes.

Field Description
Trans Info Type Information transmission type with two bytes.

It is 1 for both request and response packets. This field will be
extended with other information later.
It indicates the type of physical port information.
Oper Type Operation type with one byte. It is:

l 1 for a request packet.
l 2 for a response packet.
Oper Result Operation result with one byte. It is:

l 0 for a successful response packet.
l 1 if a packet cannot be identified.
l 2 if a destination VLAN does not exist.
l 3 if a destination MAC address does not exist.
To simplify the process, the MA5600 does not send any response
packet if the port information of a user cannot be found.
Session ID Session ID with four bytes.

This field is filled by the BRAS and it must be consistent in a
request packet and in the associated response packet.
Addr LEN Length of the hardware address with one byte.

Info LEN Information length with one byte.

IF Type Interface type with two bytes. It is:

l 15 for an Ethernet port and 16 for an xDSL port in a response
packet.
Src Addr Source hardware address with four bytes. It is:

l The MAC address of the BRAS for a request packet.
l The MAC address of the queried user for a response packet.
Src Vlan Source VLAN ID with two bytes. It is:

l The VLAN ID contained in the PPPoE discovery packet for a
request packet. If no VLAN ID is available, this field is fully
filled with Fs.
l The F/S/P value of 4/4/8 bits for a response packet. The
MA5600 fills the information of the 16 bits in this field and does
not truncate the last 12 bits. The BRAS uses only the last 12 bits.

Field Description
Src Port Source port with two bytes.

This field is not used.
Dst Addr Destination hardware address with six bytes. It is:

l The MAC address of the queried user for a request packet.
l The MAC address of the BRAS for a response packet.
Dst Vlan Destination VLAN ID with two bytes.

This field is the same as the source VLAN ID in a request packet.
Dst Port Destination port with two bytes.

This field is not used.
User Info LEN Length of user information with one byte. It is:
l Invalid for a request packet.
l The length of the character string of the user port information
for a response packet. The length is changeable, and the
character string concerns the information on a user's access
location, namely, the RAIO information.
The format varies with different modes. For details, refer to "16.3
RAIO."
Implementation of P Mode
Figure 16-3 shows the PPPoE dialup process in PITP P mode.

Figure 16-3 PPPoE dialup process in PITP P mode
User MA5600 BRAS RADIUS Server
1 PADI PADI+Tag
Discovery 2 PADO PADO+Tag

3 PADR PADR+Tag
4 PADS PADS+Tag
5 LCP negotiation
6 Authentication
packet 7 Request packet
with the user port
Session information
8 Access accepted
packet
9 Authentication
pass packet
10 Data transmission
In PITP P mode, the MA5600 adds the information on a user's access location into PPPoE
discovery packets for user authentication at the upper layer server.
The difference of PPPoE dialup between the case that P mode is enabled and that P mode is
disabled lies in:
l At the PPPoE discovery stage, the PPPoE packets sent between the MA5600 and the BRAS
contain the information on a user's access location. The MA5600 receives the PPPoE
packets from a user and adds the access location information into the packets. After that,
the MA5600 forwards the packets to the BRAS. Upon receiving the PPPoE packets
containing the access location information from the BRAS, the MA5600 extracts the
information and then forwards the packets to the user.
NOTE
Note that the packets from the BRAS do not necessarily contain the information on a user's access
location.
l If the PPPoE user needs to be authenticated on the RADIUS server, the BRAS extracts the
access location information from the PPPoE packets from the MA5600 and then adds the
information into the authentication request packets for authentication.
Packet Format in P Mode

Figure 16-4 shows the format of a packet in P mode.

Figure 16-4 Packet format in P mode

012345678901234567 89012345678901
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VER | TYPE | CODE | SESSION_ID |
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LENGTH | PAYLOAD ~
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 16-5 shows the format of a PPPoE payload field.
Figure 16-5 PPPoE payload field format
01234567890123456789012345678901
+ -+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-
| TAG_TYPE | TAG_LENGTH |
+ -+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-
| TAG_VALUE ... ~
+ -+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-
Table 16-3 describes each field in a PPPoE packet.
Table 16-3 Fields of a PPPoE packet
Field Description
VER It is 1.
TYPE It is 1.
Code This field indicates the packet type at the PPPoE discovery stage. The
correlation between this field and the packet type is as follows:
l PADI: 0x09
l PADO: 0x07
l PADR: 0x19
l PADS: 0x65
l PADT: 0xa7
SessionID The session ID is obtained through the negotiation between the user
and the BRAS.
Length The length of the PPPoE load.
PAYLOAD This field is represented in a format of type-length-value. Figure

16-5 shows the format of this field.

Figure 16-6 shows the format of the vendor tag (P mode tag) specified by the forum.
Figure 16-6 Vendor tag format

+ ---- ---------- + -------------- + -------------- + -------------- +
| 0x0105 (Vendor- Specific) | TAG_LENGTH |
+ -------------- + -------------- + -------------- + -------------- +
| 0x00000DE9 (3561 decimal, i.e. ADSL Forum IANA entry) |
+ -------------- + -------------- + -------------- + -------------- +
| 0x01 | length | Agent Circuit ID value... |
+ -------------- + -------------- + -------------- + -------------- +
| Agent Circuit ID value (con t) |
+ -------------- + -------- ------ + -------------- + -------------- +
| 0x02 | length | Agent Remote ID value... |
+ -------------- + -------------- + -------------- + -------------- +
| Agent Remote ID value (con t) |
+ -------------- + -------------- +-- ------------ + -------------- +
The MA5600 supports the vendor tags in different formats. For details, refer to "16.3 RAIO."
This section describes the implementation of the PITP.
For details of the PITP configuration, refer to "User Security Configuration" in the MA5600
16.1.5 Reference
This section describes the references on the PITP.
The following lists the references on the PITP:

l RFC2516, "PPP Over Ethernet"
16.2 DHCP Option82

abbreviations, and standard compliance of the DHCP Option82.
16.2.1 Introduction

abbreviations of the DHCP Option82.
16.2.2 Availability
16.2.3 Principle
This section describes the principles of the DHCP Option82.
This section describes the implementation of the DHCP Option82.
16.2.5 Reference
This section describes the references on the DHCP Option82.
16.2.1 Introduction
abbreviations of the DHCP Option82.
Definition
DHCP Option82 is similar to P mode. The information on a user's access location is added into
the DHCP request packets initiated by a user for user authentication.
Purpose
DHCP Option82 enables the DHCP request packets to carry the information on a user's access
location for user authentication.
Specification
DHCP Option82 takes effect only when it is enabled at all the following levels:
l Global level
l Port level
l Service port level
Glossary
None
Table 16-4 Acronyms and abbreviations concerning DHCP Option82

16.2.2 Availability

No additional hardware is required for supporting DHCP Option82.
16.2.3 Principle
This section describes the principles of the DHCP Option82.
Principle
Figure 16-7 shows the DHCP process when DHCP Option82 is enabled.
Figure 16-7 DHCP process with DHCP Option82 enabled
User MA5600 DHCP Relay Agent/

DHCP Server
Discovery
Discovery+Option82
Offer(+Option82)
Offer
Request
Request+Option82
ACK(+Option82)
ACK
Data transmission
Release
The principle of DHCP Option82 is similar to that of P mode. The difference lies in that when
a user requests for configuration, the MA5600 adds the information on the user's access location
into the DHCP request packets from the user for authentication at the upper layer.
DHCP Option82 Packet Format

For DHCP Option82, you need to concern only about the option field in a DHCP packet, which
is detailed in this section.
This field length is changeable. This field contains the following initial configurations for
terminals and network configurations:
l IP features
l Domain name
l Specific information for identifying a terminal
l IP address of the default gateway
l IP address of the WINS server
l A user's valid lease term for an IP address
Figure 16-8 shows the format of a DHCP Option82 field.

Figure 16-8 Format of a DHCP Option82 field

Code Len Agent Information Field
+ ------ + ------ + ------ + ------ + ------ +
| 82 | N | i1 | i2 | i3 | i4 | | iN |
+ ------ + ------ + --- --- + ------ + ------ +
Table 16-5 describes each field in a DHCP Option82 packet.
Table 16-5 Fields of a DHCP Option82 packet
Field Description
Code One byte. This field is in the CLV format, used to uniquely
identify the following information.
Len One byte. This field indicates the length of the following
information.
Agent Information Field This field indicates the information in bytes. The length is
specified by the length field.
Option82 contains multiple sub options, which are contained in the value filed of Option82.
Figure 16-9 shows the format of each sub option.
Figure 16-9 Sub options of DHCP Option82

SubOpt Len Sub- option Value
+ ------ + ------ + ------ + ------ + ------ + ------
1 N | s1 | s2 | s3 | s4 | | sN |
+ ------ + ------ + ------ + ------ + ------ + ------
The two major sub options of Option82 are:

l Circuit ID (CID)
This sub option is used to identify the local circuit identifier of DHCP proxy for receiving
DHCP packets from a user. This field might contain router interface No. and ATM PVC
No.. The identifier is 1.
l Remote ID (RID)
This sub option is used to identify the remote host of a circuit. This field might contain the
ATM address of a remote incoming and the modem ID. The identifier is 2.
The MA5600 supports Option82 in different formats. For details, refer to "16.3 RAIO."
This section describes the implementation of the DHCP Option82.
For details of the DHCP Option82 configuration, refer to "User Security Configuration" in the

16.2.5 Reference
This section describes the references on the DHCP Option82.
The following lists the references on the DHCP Option82:

l RFC1531, "Dynamic Host Configuration Protocol"
l RFC3046, "DHCP Relay Agent Information Option"
16.3 RAIO
abbreviations, and standard compliance of the RAIO.
16.3.1 Introduction
abbreviations of the RAIO.
16.3.2 Availability
16.3.3 Principle
This section describes the principles of the RAIO.
This section describes the implementation of the RAIO.
16.3.5 Reference
This section describes the references on the RAIO.
16.3.1 Introduction
abbreviations of the RAIO.
Definition
In the case that PTIP and DHCP Option82 are enabled, RAIO refers to the information on a
user's access location provided by the MA5600 in the VBAS response packet, PPPoE discovery
packet and DHCP Option82 packet for the BRAS to authenticate a user.
Purpose
RAIO indicates the access location of a user, which is provided by the MA5600 to the BRAS,
and based on which the BRAS authenticates the user.

Specification
RAIO contains the PITP tag and DHCP Option82 tag. Because RAIO has not standardized yet,
the formats required by different carriers vary. Hence, multiple RAIO modes are provided to
meet different carriers' needs.
The RAIO modes are:
l common
l port-userlabel
l service-port-userlabel
The default mode is common.
Glossary
None
Table 16-6 Acronyms and abbreviations concerning RAIO

RAIO Relay agent information option
DSLAM Digital subscriber line access multiplexer
16.3.2 Availability
No additional hardware is required for supporting RIAO.
16.3.3 Principle
This section describes the principles of the RAIO.
The following describes the RAIO modes, and the fields of each mode.
Common
l CID: In general, this field is used to identify the attributes of a device (global information).
The format varies with the access mode. Table 16-7 shows the CID formats in various
access modes.
Table 16-7 CID formats in various access modes

Access Mode CID Format
ATM port Device name atm shelf No./slot No./sub slot No./port No.:
vpi.vci
VDSL/LAN access Device name eth shelf No./Slot No./Sub Slot No./Port No.:
User's VLAN ID

If the device name field is the default name MA5600, the MAC address of the
MA5600 is entered in this field. The format is 00E0FC000001 in upper case.
If the device name is not MA5600, the actual name of the device is used to fill the device
name field.
l RID: In general, this field is used to identify the access information of a user (local
information). The format can be customized. For the MA5600, this field is null, which
means the RID sub option contains only the Code and Len fields.
The following is an example of RAIO field in common mode:

l CID --------> 00E0FC112233 atm 0/12/0/49:0.35
l RID --------> NULL
xDSL Port Rate
In this mode, this field for upstream/downstream ADSL activation rate is added at the end of
the CID default format. Currently, only the ADSL2+ board supports this mode.
The RAIO field in this mode is as follows:
"AccessNodeIdentifier {atm|eth} frame/slot/subslot/port[:vpi.vci|vlan]%Up:xxxkbps

Dowm:xxxkbps"
l %: Information identifier, which indicates the information after is the activation rate.
l XXX: Indicates the ADSL activation rate in the unit of kbps.
l Up: Indicates the upstream activation rate.
l Down: Indicates the downstream activation rate.
The following is an example of RAIO field in xDSL port rate mode:

l CID ----> 00E0FC112233 atm 0/12/0/49:0.35%Up:1020kbps Down:24540kbps
l RID ----> NULL
Port-userlabel
In this mode, the CID field carries a customized description of a user's access location, besides
the description contained in common mode. The RID field also needs to carry the customized
description (Label), the length of which is up to 32 bytes.
The following is an example of RAIO field in port-userlabel mode:

l CID ----> 00E0FC112233 atm 0/12/0/49:0.35 075528978944
l RID ----> 075528978944
Service-port-userlabel
The CID field supports ATM/ETH access. The RID field carries the information on a user's
flow.
Table 16-8 lists the RAIO fields in service-port-userlabel mode.

Table 16-8 RAIO fields in service-port-userlabel mode
Filed Access Mod CID Format
CID ATM <Access-Node-Identifier> atm slot/port:vpi.vci
ETH VLAN-based multi-service: <Access-Node-Identifier> eth

slot/port:flowpara
Others: <Access-Node-Identifier> eth slot/port:vlanid
RID - description-of-flow-label (flow information)
This section describes the implementation of the RAIO.
The RAIO takes effect automatically.
For details of the RAIO configuration, refer to "User Security Configuration" in the
16.3.5 Reference
This section describes the references on the RAIO.
The following lists the references on the RAIO:

l RFC3046, "DHCP Relay Agent Information Option"
l DSL Forum, TR-101, "Migration to Ethernet-Based DSL Aggregation"
16.4 IP Address Binding

abbreviations, and standard compliance of the IP address binding.
16.4.1 Introduction
abbreviations of the IP address binding.
16.4.2 Availability
16.4.3 Principle
This section describes the principles of the IP address binding.
This section describes the implementation of the IP address binding.
16.4.5 Reference
This section describes the references on the IP address binding.

16.4.1 Introduction
abbreviations of the IP address binding.
Definition
IP address binding indicates the binding between an IP address and a service virtual port. The
MA5600 allows only the upstream packets with the source address the same as the one bound
to pass through.
Purpose
The IP address binding feature guarantees the authentication security and the carriers' profits.
Specification
The MA5600 supports binding of IP addresses with up to 1024 service ports. Each service port
can be bound with up to eight IP addresses.
Glossary
None

None
16.4.2 Availability
No additional hardware is required for supporting the IP address binding.
16.4.3 Principle
This section describes the principles of the IP address binding.
After a service port is bound with an IP address, the service forwarding module checks the source
IP address of user packets. If the address is not the same as that bound with the port, the
MA5600 discards the packets. Otherwise, the MA5600 allows the packets to pass through.
This section describes the implementation of the IP address binding.
The IP address binding takes effect automatically.
For details of the IP address binding configuration, refer to "User Security Configuration" in
16.4.5 Reference
This section describes the references on the IP address binding.

The following lists the references on the IP address binding:

16.5 MAC Address Binding

abbreviations, and standard compliance of the MAC address binding.
16.5.1 Introduction
abbreviations of the MAC address binding.
16.5.2 Availability
16.5.3 Principle
This section describes the principles of the MAC address binding.
This section describes the implementation of the MAC address binding.
16.5.5 Reference
This section describes the references on the MAC address binding.
16.5.1 Introduction
abbreviations of the MAC address binding.
Definition
MAC address binding indicates the binding between a MAC address and a service virtual port.
Thus, only the packets with the specified MAC address can be transmitted over the network.
Purpose
The MAC address binding feature can effectively avoid illegal access.
Specification
The MA5600 supports binding of MAC addresses with up to 1024 service ports.
Each service port can be bound with up to eight MAC addresses.
The MA5600 supports binding of MAC addresses with up to 1024 service virtual ports. Each
service virtual port can be bound with up to eight MAC addresses.
Glossary
None


None
16.5.2 Availability
No additional hardware is required for supporting the MAC address binding.
16.5.3 Principle
This section describes the principles of the MAC address binding.
To implement the binding between a MAC address and a service virtual port, do as follows:
l Set the maximum number of MAC addresses that can be learned by a service virtual port
to 0.
l Set the static MAC address of the service virtual port.
In this way, the service forwarding module does not learn the MAC address of the user packets.
In addition, if the MAC address is not the same as any of the static MAC address configured for
the service virtual port, the MA5600 discards the packets.
Hence, only the packets with the specified MAC address can pass through the service virtual
port.
This section describes the implementation of the MAC address binding.
The MAC address binding takes effect automatically.
For details of the MAC address binding configuration, refer to "User Security
Configuration" in the MA5600 Configuration Guide.
16.5.5 Reference
This section describes the references on the MAC address binding.
The following lists the references on the MAC address binding:
16.6 Anti-MAC Spoofing

abbreviations, and standard compliance of the anti-MAC spoofing.
16.6.1 Introduction
abbreviations of the anti-MAC spoofing.
16.6.2 Availability

16.6.3 Principle
This section describes the principles of the anti-MAC spoofing.
This section describes the implementation of the anti-MAC spoofing.
16.6.5 Reference
This section describes the references on the anti-MAC spoofing.
16.6.1 Introduction
abbreviations of the anti-MAC spoofing.
Definition
MAC spoofing attack means that a malicious user forges a valid MAC address to attack a system.
If the forged MAC address is the MAC address of a valid user, the attack affects services of the
user.
If the forged MAC address is the MAC address of a system, or a large number of forged packets
of different MAC addresses are sent to the system, the attack might affect the system operation.
The system might even get down due to the attack.
Anti-MAC spoofing attack means the system takes measures to prevent a user from attacking
the system using a forged MAC address.
Purpose
To guarantee the system security and carriers' network security, the MA5600 prevents the MAC
spoofing attack in the following ways:
l For PPPoE and DHCP access users, the MA5600 disables the dynamic MAC address
learning feature, and allows only the packets of trusty MAC addresses to pass through a
port. This prevents a large number of packets of suspect MAC addresses from entering
carriers' networks.
l The MA5600 can detect and forbid a malicious user to forge the MAC address of an online
valid user. This guarantees that the services provisioned to all the valid users are not
affected.
Specification
The MA5600 supports the dynamic MAC address binding with up to 1024 service ports.
Each service port can be bound with up to eight MAC addresses dynamically.
Limitation
For a user with a static IP address, if the feature of anti-MAC spoofing attack is enabled, the
static MAC address must be configured manually.

Glossary
None

None
16.6.2 Availability
All the broadband access service boards of the MA5600 support anti-MAC spoofing.
16.6.3 Principle
This section describes the principles of the anti-MAC spoofing.
Anti-MAC Spoofing (PPPoE Users)

For a PPPoE user, the MA5600 implements the anti-MAC address spoofing in this way:
1. With the anti-MAC spoofing switch turned on, the MA5600 binds the user account with
the user's MAC address according the PPPoE packets received.
2. The MA5600 discards the data packets sent before the binding.
3. If the source MAC address contained in the data packets is the same as the one bound, the
MA5600 transmits the packets in the upstream direction, or else the MA5600 discards the
packets.
4. When the user gets offline, the MA5600 cancel the binding between the user account and
the MAC address.
Anti-MAC Spoofing (DHCP Users)

For a DHCP user, the MA5600 implements the anti-MAC address spoofing in this way:
1. With the anti-MAC spoofing switch turned on, the MA5600 binds the user account with
the user's MAC address according the DHCP packets received.
3. If the source MAC address contained in the data packets is the same as the one bound, the
packets.
4. When the user gets offline, the MA5600 cancel the binding between the user account and
the MAC address.
This section describes the implementation of the anti-MAC spoofing.
The anti-MAC spoofing takes effect automatically.
For details of the anti-MAC spoofing configuration, refer to "User Security Configuration" in

16.6.5 Reference
This section describes the references on the anti-MAC spoofing.
The following lists the references on the anti-MAC spoofing:
16.7 Anti-IP Spoofing

abbreviations, and standard compliance of the anti-IP spoofing.
16.7.1 Introduction
abbreviations of the anti-IP spoofing.
16.7.2 Availability
16.7.3 Principle
This section describes the principles of the anti-IP spoofing.
This section describes the implementation of the anti-IP spoofing.
16.7.5 Reference
This section describes the references on the anti-IP spoofing.
16.7.1 Introduction
abbreviations of the anti-IP spoofing.
Definition
IP spoofing attack means that a malicious user forges a valid IP address to attack a system.
Anti-IP spoofing attack means the system takes measures to prevent a malicious user from
attacking the system using a forged IP address.
Purpose
To guarantee the system security and carriers' network security, the MA5600 needs to prevent
the IP spoofing attack.
For DHCP access users, the MA5600 enables the feature of anti-IP spoofing, and allows only
the packets of trusty IP addresses allocated by the DHCP server to pass through a port. This
avoids the packets of forged or suspect IP addresses from entering carriers' networks.
Specification
The MA5600 supports the dynamic binding of up to 1024 service ports with the IP addresses.

Each service port can be bound with eight IP addresses dynamically.
Limitation
Do not manually configure the binding between the user account and the IP address for a DHCP
user. The anti-IP spoofing feature allows the MA5600 to control the packets from the user.
For a user with a static IP address, the static IP address needs to be bound manually. In this way,
the MA5600 can control the IP address over the network.
Glossary
None

None
16.7.2 Availability
All the broadband access service boards of the MA5600 support anti-IP spoofing.
16.7.3 Principle
This section describes the principles of the anti-IP spoofing.
The MA5600 implements the anti-IP address spoofing in the following way:
1. With the anti-IP spoofing switch turned on, the MA5600 binds the user account with the
user's IP address according the DHCP packets received.
3. If the source IP address contained in the data packets is the same as the one bound, the
packets.
4. When the user gets offline, the MA5600 cancels the binding between the user account and
the IP address.
This section describes the implementation of the anti-IP spoofing.
The anti-IP spoofing takes effect automatically.
For details of the anti-IP spoofing configuration, refer to "User Security Configuration" in the
16.7.5 Reference
This section describes the references on the anti-IP spoofing.
The following lists the references on the anti-IP spoofing:



Feature Description 17 PPPoA Access
17 PPPoA Access
About This Chapter
abbreviations, and standard compliance of PPPoA access.
17.1 Introduction
abbreviations of PPPoA access.
17.2 Availability
17.3 Principle
This section describes the operating principles of PPPoA access.
17.4 Implementation
This section describes the implementation of PPPoA access.
17.5 Reference
This section describes the references on PPPoA access.

17 PPPoA Access Feature Description
17.1 Introduction
abbreviations of PPPoA access.
Definition
Point to Point Protocol over ATM Adaptation Layer 5 (PPPoA) access is an access mode in
which users can transmit PPPoA packets to the PPPoE server, that is, the upper layer broadband
remote access server (BRAS) based on Ethernet.
The MA5600 needs to handle the PPPoA packets from users and the PPPoE packets of the PPPoE
server to support the interworking function (IWF) between PPPoA packets and PPPoE packets.
Purpose
PPPoA access is used to support the IWF between PPPoA and PPPoE for the transition from
the ATM network to the IP network.
Specification
The MA5600 supports the following PPPoA specifications:
l PPP LLC and PPP VC-MUX encapsulation modes, and auto-sensing of the two modes
l PPP MRU > 1492
l Up to 4096 PPPoA users
Glossary
None
Table 17-1 Acronyms and abbreviations concerning PPPoA access
PPPoA Point to point protocol over ATM adaptation layer 5
PPPoE Point to point protocol over Ethernet
IWF Interworking function
17.2 Availability
All the ATM service boards support PPPoA access.

Feature Description 17 PPPoA Access
17.3 Principle
This section describes the operating principles of PPPoA access.
Figure 17-1 shows the PPPoA implementation process.
Figure 17-1 PPPoA implementation process
State=disconnected
LCP Config-Req
PPPoE PADI
PPPoE PADO
PPPoE
PPPoE PADR Discovery stage
PPPoE PADS
State=connected
PPPoE (LCP Config-Req )

PPPoE (LCP Config-Ack )
LCP Config-Ack
PPP packet
PPPoE (PPP packet) PPPoE
. Session stage
.
.
.
.
PPP packet .
PPPoE (PPP packet) PPP session
terminates
State=disconnected PPPoE PADT
RG Access Node BRAS
The PPPoA implementation process is as follows:

1. After receiving an LCP configure request packet from a PPPoA user, the MA5600 saves
it in its buffer, and initiates a PPPoE session. In this session, the PADI packet is broadcast,
and the source MAC address of the packet is that allocated by the MA5600 to the PPPoA
user.
2. The BRAS sends the PADO packet to the MA5600.
3. The MA5600 obtains the MAC address of the BRAS, and sends the PADR packet to the
BRAS.
4. The BRAS sends the PADS packet to the MA5600.
5. After obtaining the session ID, the MA5600 sends the saved LCP configure request to the
BRAS to enter the PPPoE session stage.
6. The user sends PPP data packets to the MA5600. Then, the MA5600 encapsulates the data
packets into PPPoE packets according to the MAC address of the BRAS and the MAC

17 PPPoA Access Feature Description
address allocated by the MA5600 to the user, and sends the packets to the BRAS. For the
downstream packets, the process is on the contrary.
7. The BRAS sends the PADT packet or the PPPoA user sends the LCP configure terminate
packet to terminate the session.
17.4 Implementation
This section describes the implementation of PPPoA access.
The PPPoA access feature takes effect automatically. For details of the PPPoA access
configuration, refer to "ADSL2+ Service Configuration" in the MA5600 Configuration
Guide.
17.5 Reference
This section describes the references on PPPoA access.
The following lists the references on PPPoA access:
l IETF RFC2364: PPP Over AAL5
l IETF RFC2516: A Method for Transmitting PPP Over Ethernet (PPPoE)
l DSL Forum TR-101: Migration to Ethernet-Based DSL Aggregation

Feature Description 18 IPoA Access
18 IPoA Access
About This Chapter
abbreviations, and standard compliance of IPoA access.
18.1 Introduction
abbreviations of IPoA access.
18.2 Availability
18.3 Principle
This section describes the operating principles of IPoA access.
18.4 Implementation
This section describes the implementation of IPoA access.
18.5 Reference
This section describes the references on IPoA access.

18 IPoA Access Feature Description
18.1 Introduction
abbreviations of IPoA access.
Definition
IPoA access is an access mode in which:
l The IPoA packets are analyzed and the payloads of IP packets are converted into Ethernet
frames for upstream transmissions to the upper layer network.
l The downstream IPoE packets are converted into IPoA packets and then forwarded to users.
Purpose
IPoA access is usually used for leased line access for the transition from the ATM network to
the IP network.
Specification
The MA5600 supports the following IPoA specifications:
l Compliance with RFC2684 to support IPoA static users
l Compliance with RFC1577 to support IPoA dynamic users
l Up to 1024 IPoA users
l Up to 512 different user gateways
l Automatic discovery of the LLC-IP encapsulation mode
l L2 and L3 IPoA applications
Glossary
None
Table 18-1 Acronyms and abbreviations concerning IPoA access

IPoA Internet Protocol over ATM
18.2 Availability
l The ADSL2+ and SHDSL service boards support IPoA access.
l The modem must support RFC2684 or RFC1577.

Feature Description 18 IPoA Access
18.3 Principle
This section describes the operating principles of IPoA access.
L2 IPoA
In this scenario, the MA5600 works in L2 routing mode. The IP address of the default user
gateway is the IP address of the L3 interface of the upper layer device. The MA5600 converts
IPoA packets into IPoE packets without the L3 routing function.
The user gateways of IPoA must be configured by the administrator, and multiple IPoA users
can use the same gateway.
L3 IPoA
In this scenario, the MA5600 works in L3 routing mode. The IP address of the default user
gateway is the IP address of the L3 interface of the MA5600. The MA5600 converts IPoA packets
into IPoE packets, and forwards them according to the destination IP addresses.
The user gateways of IPoA must be configured by the administrator, and multiple IPoA users
can use the same gateway.
Static/Dynamic IPoA Users

If the modem supports only ATM adaptation layer 5 (AAL5) frames encapsulated in VC-IP
mode, the MA5600 cannot obtain the IP address of the modem. In this case, the administrator
of the MA5600 should configure the source IP address of the static user.
If dynamic IPoA user terminals comply with RFC1577, the MA5600 can obtain the IP address
of the WAN interface in the modem through the ATM ARP packets.
Process
The MA5600 allocates a source MAC address for each IPoA user, and obtains the MAC address
of the user gateway through the ARP protocol. These two MAC addresses are the source and
destination MAC addresses of Ethernet frames for conversion between ATM packets and
Ethernet frames.
Figure 18-1 shows the IPoA implementation process.
Figure 18-1 IPoA implementation process
PC Modem DSLAM L2/L3
IP IP IP IP
MAC MAC AAL5 AAL5 MAC MAC MAC
ETH ETH ADSL ADSL ETH ETH ETH

18 IPoA Access Feature Description
18.4 Implementation
This section describes the implementation of IPoA access.
The IPoA access feature takes effect automatically. For details of the IPoA access configuration,
refer to "ADSL2+ Service Configuration" in the MA5600 Configuration Guide.
18.5 Reference
This section describes the references on IPoA access.
The following lists the references on IPoA access:
l RFC2684: Multiprotocol Encapsulation over ATM Adaptation Layer 5
l RFC1577: Classical IP and ARP over ATM

Feature Description 19 Subtended Network Configuration
19 Subtended Network Configuration
About This Chapter
abbreviations, and standard compliance of a subtended network configuration.
19.1 Introduction
acronyms and abbreviations a subtended network configuration.
19.2 Availability
19.3 Principle
This section describes the operating principles of a subtended network configuration.
19.4 Implementation
This section describes the implementation of a subtended network configuration.
19.5 Reference
This section describes the references on a subtended network configuration.

19 Subtended Network Configuration Feature Description
19.1 Introduction
acronyms and abbreviations a subtended network configuration.
Definition
A subtended network configuration is a configuration in which the MA5600s are subtended in
several tiers through the FE/GE ports.
Purpose
Subtended network configurations make the networking of the MA5600s more flexible, thus
saving the upstream line resources of the access point. The remote subtended network
configurations save the convergence equipment resource and also simplify the networking.
Specification
The MA5600 supports the following subtending specifications:
l The subtending ports of the MA5600 are provided by the control board (SCU) and the
ETHA board.
l The ports provided by the SCU board can be the upstream ports or the subtending ports.
l The SCU board provides up to six ports.
l It is recommended that up to seven nodes can be included in an RSTP subtended network.
Limitation
If two SCU boards are configured, a local subtended network configuration supports only the
optical ports.
Glossary
Table 19-1 Glossary of technical terms concerning a subtended network configuration

Glossary Definition
Local Subtended Network Configuration Subtending of multiple shelves in a cabinet,

or subtending of multiple shelves in different
local cabinets.
Remote Subtended Network Configuration Subtending of remote shelves or other Mini-

DSLAM devices through fibers.

Table 19-2 Acronyms and abbreviations concerning a subtended network configuration

19.2 Availability
A subtended network configuration needs the subtending boards. The boards of the MA5600
that support subtending include the control boards SCUB/SCUK.
19.3 Principle
This section describes the operating principles of a subtended network configuration.
According to the location, the subtended network configurations supported by the MA5600
consist of the local and remote subtended network configurations.
Local Subtended Network Configuration

A local subtended network configuration is a configuration in which multiple MA5600 shelves
are subtended in a cabinet or in multiple local cabinets.
l According to the connection type, the local subtended network configurations consist of
the star topology and the daisy chain topology.
l Depending on whether the control boards back up, the local subtended network
configurations consist of the configurations with one control board and with two control
boards.
Figure 19-1 shows the local subtended network configuration in a star topology.

Figure 19-1 Local subtended network configuration in a star topology
SCU SCU
SPL
Rx Tx Rx Tx
SPL
Splitter Splitter
Rx Tx Rx Tx
One control board Two control boards
If two SCU boards are configured, only the FE/GE optical ports subtending is supported. The
subtended network configuration is implemented through the optical splitter, as shown in Figure
19-1.
Figure 19-2 shows the local subtended network configuration in a daisy chain topology.
Figure 19-2 Local subtended network configuration in a daisy chain topology
SCU SCU
SPL
Rx Tx Rx Tx
SPL
Splitter Splitter
Rx Tx Rx Tx
One control board Two control boards
The local subtended network configuration of the MA5600 is implemented through the SCU
board. Each SCU board provides six ports for the upstream transmission or subtending. The
number of subtending ports depends on the bandwidth requirements. In an active/standby
configuration, the subtended network configuration is implemented through the optical splitter.

Remote Subtended Network Configuration

A remote subtended network configuration is a configuration in which the remote MA5600
shelves are subtended through fibers. According to the bandwidth requirements, the GE or FE
optical port can be selected as the subtending port, as shown in Figure 19-3.
Figure 19-3 shows a remote subtended network configuration.
Figure 19-3 Remote subtended network configuration
Local MA5600 subtending

SCU
Remote MA5600 subtending

SCU SPL
S
P
L
SPL
S
S P
P L
L
The SCU board can provide the subtending ports for a remote subtended network configuration.
A remote subtended network configuration can be an RSTP ring network. The control board
SCU can support the RSTP ring network, as shown in Figure 19-4. In an active/standby
configuration, the subtended network configuration is implemented through the optical splitter.
Each node in the RSTP ring network can be subtended with local and remote network. The
networking mode is flexible to meet different networking requirements.
Figure 19-4 shows an RSTP/MSTP ring network.

Figure 19-4 RSTP ring network
S S
C C
U U
RSTP
S S
C C
U U
19.4 Implementation
This section describes the implementation of a subtended network configuration.
The feature of a subtended network configuration takes effect automatically. For details of the
subtended network configuration, refer to "Device Subtending Configuration" in the
19.5 Reference
This section describes the references on a subtended network configuration.
The following lists the references on a subtended network configuration:
l IEEE 802.1w Rapid Spanning Tree

Feature Description 20 Environment Monitoring
20 Environment Monitoring
About This Chapter
abbreviations, and standard compliance of the environment monitoring.
20.1 Introduction
abbreviations of the environment monitoring.
20.2 Availability
20.3 Principle
This section describes the operating principles of the environment monitoring.
20.4 Implementation
This section describes the implementation of the environment monitoring.
20.5 Reference
This section describes the references on the environment monitoring.

20 Environment Monitoring Feature Description
20.1 Introduction
abbreviations of the environment monitoring.
Definition
Environment monitoring includes environment parameter monitoring and power supply
monitoring.
l Environment parameter monitoring refers to monitoring the environment factors that may
lead to device fault or damage. The monitoring items include temperature, humidity, door
status switch, water, smoke, main distribution frame (MDF), and door status sensor.
l Power supply monitoring refers to monitoring the power supply, including input mains,
DC power supply, rectifier unit, and batteries.
To monitor the environment, use the serial port cable to connect the monitoring serial port on
the device to the communication serial port on the device to be monitored. Users can monitor
the device status directly through the private protocols.
l You can monitor the power supply status, fan status, external batteries status, and built-in
environment monitoring status.
l For the external sensors provided, you can also monitor the functions of the sensors,
including temperature, humidity, buzzer, and cabinet LEDs.
l You can also modify the configuration as required, such as the alarm value, power supply
and battery group control parameters.
Purpose
Environment monitoring is used to monitor the running status of the device in time to discover
the fault immediately. In this case, the telecom network can be more stable.
Specification
l Supports monitoring the fans
l Supports monitoring the H303ESC
l Supports monitoring the H304ESC
l Supports monitoring the Power4845
Glossary
None

Table 20-1 Acronyms and abbreviations
EMU Environment monitoring unit
20.2 Availability
No additional hardware is required for supporting the environment monitoring.
20.3 Principle
This section describes the operating principles of the environment monitoring.
One upper layer device manages multiple lower layer devices. In this way, the MA5600
implements the environment monitoring function. The devices in upper and lower layers
communicate with each other through the master-slave protocol. Figure 20-1 shows the basic
principles of environment monitoring of the MA5600.
Here, the upper layer device is the control board of the device, and the lower layer device is the
monitoring board or monitoring shelf that monitors the environment.
Figure 20-1 Master slave communication
Upper-layer device
Lower-layer device 1 Lower-layer device N
The interactive method of the upper layer device and the lower layer device is as follows:
l The upper layer device manages and maintains the lower layer device.
l The upper layer device delivers the user commands to the lower layer device after analysis,
and the lower layer device performs the related operations.
l The lower layer device detects and processes the external data through its hardware
interface, and then reports the data to the upper layer device.

EMU
The device that can monitor the environment must exist. The monitoring devices are classified
into the following types:
l The board with independent module, such as H303ESC.

l The monitoring module in other devices, such as fan tray, POWER4845.
The device, no matter whether it is independent or in other devices, is called an EMU if it can
perform environment monitoring.
A monitoring process board and a port for communicating with the host must exist on the EMU.
The EMU of the MA5600 includes:
l H303ESC
The H302ESC supports built-in sensor and provides port for extended sensor to enhance
the flexibility of environment monitoring.
The intelligent power supply can be monitored.
The battery cannot be directly monitored. You can monitor the battery by using the
extended sensor.
l H304ESC
The upgraded board for the H303ESC. It is compatible with all the functions of the
H303ESC, and can also manage the battery.
l FAN
The fan tray can perform monitoring, that is, the monitoring board is integrated in the fan
tray. The fan tray can monitor the simple built-in analog parameters and built-in digital
parameters. The port for extended sensor is not provided. The power supply and battery
cannot be monitored.
l Power4845
The Power4845 is an embedded power supply. It supports built-in sensor and provides port
for extended sensor. Power4845 is a power supply that can monitor itself. The battery can
also be monitored.
Slave Node
The environment is monitored through the master slave communication mode. In this case, the
lower layer device (also called slave node device) must own an unique identification code.
Otherwise, the communication in the point-to-multipoint networking or the multipoint-to-
multipoint networking fails. The unique identification code of the lower layer device is the salve
node number (also called slave node address). The identification code is determined by the
hardware, which is similar to the MAC address of the network adapter. Generally, the monitoring
board of the lower layer device provides the DIP switch to adjust other slave code numbers.
Ensure that the salve nodes of the lower layer devices corresponding to the same upper layer
device must be unique. Otherwise, the communication between the upper layer device and the
lower layer device fails.
Analog Parameter

Analog parameter is a consecutive parameter, such as temperature, voltage, and current. The
analog monitoring port is used to connect to the analog sensor to monitor the analog parameter
in time.
The attributes of the analog sensor include:
l Upper alarm threshold and lower alarm threshold: They are used to judge whether the
analog parameter can generate an alarm. If the analog parameter meets the following
requirements, the system works in the normal state.
Lower alarm threshold <= Current tested value <= Upper alarm threshold
: indicates the error of the hardware
l Upper test threshold and lower test threshold: The test range is restricted on the sensor. The
test range on some sensors are adjustable. The test result varies with different test range.
The alarm threshold must be in the test range.
l Sensor type: Generally, the sensor includes current mode sensor and voltage mode sensor.
This parameter is desired when the analog parameter is configured.
l Unit: It is defined according to the tested object and test accuracy.
l Current value and current status: The analog parameter can report the tested analog
parameter in time, and generally display the analog parameter status (over high, over low,
or normal).
For the EMU, the analog parameter includes built-in analog parameter and extended analog
parameter.
l Generally, built-in analog parameter is fixed. For example, the H303ESC board is fixed
with the temperature sensor and humidity sensor. Except upper alarm threshold and lower
alarm threshold, users cannot modify other built-in analog parameters.
l The extended analog parameter is changeable. Users can configured the analog sensor as
desired.
Digital Parameter
Compared with the analog parameter, digital parameter is a discrete value to indicate the status.
Digital parameter include two values: normal or faulty. The digital analog sensor detects the
status according to the comparison of the high and low levels.
The attributes of the digital analog parameter include: alarm level, valid level, sensor type, and
current status.
l Alarm level: When the digital level is equal to the alarm level, the digital sensor generates
an alarm. For example: When the alarm level of the digital sensor is configured as high
level, if the tested digital parameter becomes high level, the digital sensor generates an
alarm. If the digital parameter becomes low level, the digital sensor does not generate an
alarm.
l Valid level: It is opposite to the alarm level. When the digital parameter level is equal to
the valid level, the digital parameter does not generate an alarm.
l Sensor type: Generally, the sensor includes current mode sensor and voltage mode sensor.
This parameter is desired when the digital parameter is configured.
l Current status: The status detected by the voltage mode sensor.
For the EMU, the digital parameter includes built-in analog parameter and extended analog
parameter.

l Generally, built-in digital parameter is fixed. For example, the H303ESC board is fixed
with the door sensor and MDF sensor. Except valid level, users cannot modify other built-
in digital parameters.
l The extended digital parameter is changeable. Users can configured the digital sensor as
desired.
Other Monitoring Parameters

The monitoring parameters that the MA5600 supports also include:
l Mains status: It is used to detect the mains status and report the related faulty or recovery
alarm.
l Power module status: It is used to detect the power module status and report the related
faulty or recovery alarm.
l Power supply status: It is used to detect the current power supply status (AC power supply
or battery power supply) and report the alarm during power supply switchover.
l Battery charging status: It is used to detect the charging status of the battery.
l Battery voltage status: It is used to detect the voltage status of the battery, including normal,
over voltage, or lower voltage.
l Battery protection status: It is used to detect the protection status of the battery, including
normal protection and over temperature protection. Users can configure the temperature
threshold for battery over temperature protection. When the actual temperature exceeds the
threshold, the over temperature system is enabled automatically to stop the charging.
20.4 Implementation
This section describes the implementation of the environment monitoring.
The environment monitoring feature takes effect automatically. For details of the environment
monitoring configuration, refer to "Environment Monitoring Configuration" in the
20.5 Reference
This section describes the references on the environment monitoring.
The following lists the references on the environment monitoring:

Feature Description 21 Ethernet OAM
21 Ethernet OAM
About This Chapter
abbreviations, and standard compliance of the Ethernet OAM.
21.1 Introduction
acronyms and abbreviations of Ethernet OAM.
21.2 Availability
21.3 Principle
This section describes the operating principles of Ethernet OAM.
21.4 Implementation
This section describes the implementation of Ethernet OAM.
21.5 Reference
This section describes the references on Ethernet OAM.

21 Ethernet OAM Feature Description
21.1 Introduction
acronyms and abbreviations of Ethernet OAM.
Definition
In a broad sense, operations, administration and maintenance (OAM) means a tool for monitoring
and diagnosing network faults. Ethernet OAM is defined as Connectivity Fault Management in
IEEE 802.1ag to provide an end-to-end fault detection and diagnosis solution.
Purpose
Ethernet is a widely used local area network technology because of its rich bandwidth, low cost,
convenience for plug-and-play, and support of multipoint operations.
As the Ethernet technology is gradually developing from carriers' networks to metropolitan area
networks (MANs) and wide area networks (WANs), the network management and maintenance
are increasingly important. Currently, however, Ethernet has no carrier-class management
capability, and thus fails to detect the L2 network faults.
Ethernet OAM provides an end-to-end fault detection solution to monitor, diagnose, and
troubleshoot the Ethernet.
Specification
The MA5600 supports the following Ethernet OAM specifications:
l Up to 3 maintenance domains (MDs)
l Up to 48 maintenance associations (MAs)
l Up to 48 MAs in an MD
l Support of a maintenance end point (MEP) and up to six remote maintenance end points
(RMEPs) by each MA
Limitation
The MA5600 Ethernet OAM has the following limitations:
l If 48 MAs are configured in MD 0, no MA can be configured in MD 1 or MD 2.
l MEPs can be configured only on the upstream ports and the ports in the Ethernet subtending
board.
l The system supports neither maintenance association intermediate points (MIPs) nor
internal ports.

Glossary
Table 21-1 Glossary of technical terms concerning Ethernet OAM

Glossary Definition
CFM Connectivity Fault Management (CFM) is an end-to-end Ethernet

connectivity management. It is a main protocol for implementing
Ethernet OAM. In other words, CFM is a subset of OAM.
Maintenance entity A maintenance entity (ME) is a maintainable device in a network.

(ME) Basically, an ME is a bridge in the network, that is, the device for
L2 forwarding through VLAN + MAC address.
Maintenance domain A maintenance domain (MD) is a combination of bridges and

(MD) maintenance levels.
Maintenance An MD contains various maintenance associations (MAs). Each MA

association (MA) is associated to a service instance (SI) which is identified by VLAN
in the MD. That is, an MA is a combination of an MD and a VLAN.
Maintenance point An MA contains various maintenance points (MPs). An MP is the

(MP) port in a bridge device. That is, an MP is a combination of a bridge
port, a VLAN, and a maintenance level.
An MP can be an MEP or an MIP. An MEP can be configured for
each MA. An MEP is associated with a port of the device.
Table 21-2 Acronyms and abbreviations concerning Ethernet OAM

OAM Operations administration and maintenance
CFM Connectivity fault management
MD Maintenance domain
MA Maintenance association
MEP Maintenance association end point
MIP Maintenance association intermediate point
CC Continuity check message
LB Loopback
LT Linktrace
TLV Type, length, value

21.2 Availability
The SCUB/SCUK board supports Ethernet OAM.
21.3 Principle
This section describes the operating principles of Ethernet OAM.
NOTE
The MEP refers to the port in the MA5600 in this section unless otherwise specified.
Ethernet CFM
Ethernet CFM includes connectivity check, loopback detection, and link tracing.
Figure 21-1 shows the connectivity check.
Figure 21-1 Connectivity check
Link 1 Link 2 Link 3 Link 4
IP network
MA5600-1 Switch Switch MA5600-2
Connectivity check message
To connect two MA5600s, configure the two MA5600s in the same MA (MA 0) of the same
MD (MD 0), and configure MA5600-1 (MEP ID: 300) and MA5600-2 (MEP ID: 5600) as two
MEPs. After Ethernet OAM is enabled, all MEPs initiatively send connectivity check messages
at intervals and receive the connectivity check messages from other MEPs.
Connectivity Check
The network connectivity is monitored through the connectivity check messages transmitted at
intervals to a multicast domain. The process is as follows:
l Each MEP (such as MA5600-1) initiatively sends connectivity check messages at intervals.
A connectivity check message contains the configuration information of MA5600-1.
l Each MEP (such as MA5600-2) can receive connectivity check messages without sending
the response messages. When MA5600-2 receives the messages from any other MEP, it
checks the information contained in the messages.
l If an MEP fails to receive any messages or receives undesired messages within a certain
period of time, it indicates that the network fails.
As shown in Figure 21-1, if link 1 fails, MEP 5600 will fail to receive any connectivity check
message from MEP 300 within a certain period of time. In this case, MEP 5600 reports a message

loss alarm. In this way, the users of MA5600-2 can know the connectivity with other networks
(such as the network in which MA5600-1 is located).
Loopback Detection Messages and Responses

A loop message is sent from an MEP to a specified MIP or MEP to help locate the fault. The
MIP or MEP ahead of the fault location can respond to the loopback message, but the MIP or
MEP after the fault location fails to respond to the loopback message. In this way, the fault is
located accurately.
Figure 21-2 shows the loopback detection.
Figure 21-2 Loopback detection
IP network
MEP 300 MIP-0 MIP-1 MEP 5600
Loopback detection message

Loopback detection response
As shown in Figure 21-2:

1. MEP 300 sends a loopback detection message to MEP .
2. After MEP receives the detection message, it sends a response message to MEP 300.
Link Tracing Messages and Reponses

A link tracing message is used for checking the MIP path between two MEPs. All the MIPs in
a link respond to the MEP that initiates a link tracing message, and forward the link tracing
message until the message reaches the destination MIP/MEP.
If the destination point is an MEP, each MIP in an MA responds to the source MEP. Through
the received response, the source MEP knows the MAC addresses and locations of all the MIPs
as well as the link where the fault has occurred.
Figure 21-3 shows the link tracing.

Figure 21-3 Link tracing
MIP-1
MEP 300 MEP 5600

MIP-0 MIP-2
Link tracing message

Link tracing response
1. MEP 300 sends a link tracing message to MEP 5600.

2. After receiving the message, an MIP between MEP 300 and MEP 5600 sends a response
to MEP 300 and forwards the message.
3. After receiving the message, MEP 5600 does not forward it, but sends a response directly
to MEP 300.
21.4 Implementation
This section describes the implementation of Ethernet OAM.
The Ethernet OAM feature takes effect automatically.
For details of the Ethernet OAM configuration, refer to "Ethernet OAM Configuration" in the
21.5 Reference
This section describes the references on Ethernet OAM.
The following lists the references on Ethernet OAM:
l IEEE P802.1ag/D6.0, Connectivity Fault Management


Feature Description A Acronyms and Abbreviations
A Acronyms and Abbreviations
A attachment circuit
ACL access control list
ARP Address Resolution Protocol
AS autonomous system
ABR area border router
ASBR autonomous system boundary router
ATM asynchronous transfer mode
B
BPDU bridge protocol data unit
BRAS broadband remote access server
C
CAC connection admission control
CAR committed access rate
CC continuity check message
CE customer edge
CFM connectivity fault management
CST common spanning tree
CIST common and internal spanning tree
CSPF constraint shortest path first
D
Issue 03 (2007-07-10) Huawei Technologies Proprietary A-1

A Acronyms and Abbreviations Feature Description
DHCP Relay dynamic host configuration protocol relay

DHCP option82 DHCP relay agent option 82
DMT discrete multi-tone
DoS denial of service attack
DSLAM digital subscriber line access multiplexer
F
FEC forwarding equivalence class
FTTH fiber to the home
FTTx fiber to the x
H
HDSL high-speed digital subscriber line
I
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol
IPoA Internet Protocol over ATM
IPoE IP over Ethernet
L
LB loopback
LT linktrace
TLV type, length, value
LSR label switching router
LER label switching edge router
LSP label switched path
M
MA maintenance association
MEP maintenance association end point
MIP maintenance association intermediate point
MPLS multi-protocol label switch
MSTP Multiple Spanning Tree Protocol
A-2 Huawei Technologies Proprietary Issue 03 (2007-07-10)

Feature Description A Acronyms and Abbreviations
MSTR multiple spanning tree regions

MSTI multiple spanning tree instance
N
NTP Network Time Protocol
O
OAM operations administration and maintenance
OSPF open shortest path first
OLT optical line terminal
ONU optical network unit
ONT optical network terminal
P
P2P point to point
PSTN public switched telephone network
PVC permanent virtual channel
PQ priority queuing
PTM packet transfer mode
PBO power back off
PE provider edge
PITP Policy Information Transfer Protocol
PPPoA point to point protocol over ATM adaptation layer 5
PPPoE point to point protocol over Ethernet
PWE3 pseudo wire emulation edge-to-edge
PW pseudo wire
PVP permanent virtual path
Q
QinQ 802.1Q in 802.1Q
QoS quality of service
R
RAIO relay agent information option
RIP Routing Information Protocol
Issue 03 (2007-07-10) Huawei Technologies Proprietary A-3

A Acronyms and Abbreviations Feature Description

RFI radio frequency interference
S
SFTP Secure File Transfer Protocol
SNMP Simple Network Management Protocol
SSH secure shell
SHDSL single-line high speed digital subscriber line
SPF shortest path first
STU-C SHDSL transceiver unit - central office end
STU-R SHDSL transceiver unit - remote end
T
TE traffic engineering
TEDB TE database
ToS type of service
TC-PAM trellis coded pulse amplitude modulation
V
VLAN virtual LAN
VoIP voice over IP
VP virtual path
VBAS virtual broadband access server
W
WRR weighted round robin
X
xDSL x digital subscriber line
A-4 Huawei Technologies Proprietary Issue 03 (2007-07-10)

Feature Description Index
Index
Symbols/Numerics ARP
ARP mapping list, 4-3
10 address segments (each firewall), 15-12 definition, 4-2
1000 static routes, 11-9 function, 4-2
2300 dynamic routes, 11-10 hardware, 4-3
256 static LSPs, 14-3 implementation, 4-4
802.1Q tag principle, 4-5
CFI, 2-4 reference information, 4-4
PRI, 2-4 specification, 4-2
type, 2-4 ARP proxy
VID, 2-4 definition, 4-5
A hardware, 4-5
implementation, 4-6
access location, 16-14 principle, 4-3
ACL reference information, 4-7
definition, 5-2 ATM subtending
filtering, 5-4 definition, 13-2
function, 5-2 principle, 13-3
hardware, 5-4 availability
implementation, 5-5 DHCP relay, 3-3
principle, 5-4 multicast, 9-3
reference information, 5-5 NTP, 8-3
restriction, 5-3 PPPoA access, 17-2
specification, 5-2 subtended network configuration, 19-3
type, 5-2 triple play, 10-3
ACL-based firewall, 15-11
address segment configuration
definition, 15-12 C
principle, 15-12 classification of route, 11-5
analog parameter of environment monitoring, 20-4 Connectivity check, 21-4
anti-DoS attack counting to infinity (loop avoidance), 11-11
availability, 15-6
definition, 15-5
anti-ICMP/IP attack
D
definition, 15-7 daisy chain topology, 19-4
principle, 15-7 defect
anti-IP spoofing STP, 7-4
definition, 16-23 definition
principle, 16-24 ACL, 5-2
reference information, 16-24 ARP, 4-2
anti-MAC spoofing ARP proxy, 4-5
definition, 16-21 ATM subtending, 13-2
principle, 16-22 DHCP relay, 3-2
reference information, 16-23 environment monitoring, 20-2
Issue 03 (2007-07-10) Huawei Technologies Proprietary i-1

Index Feature Description
Ethernet link aggregation, 12-2 hardware, 12-3

Ethernet OAM, 21-2 implementation, 12-4
IGMP proxy, 9-6 principle, 12-3
IGMP snooping, 9-5 reference information, 12-4
IPoA access, 18-2 restriction, 12-2, 12-2
MPLS, 14-2 specification, 12-2
multicast, 9-2 Ethernet OAM
MUX VLAN, 2-7 definition, 21-2
NTP, 8-2 function, 21-2
PPPoA access, 17-2 hardware, 21-4
QinQ VLAN, 2-8 implementation, 21-6
QoS, 6-2 principle, 21-4
routing, 11-2 reference information, 21-6
smart VLAN, 2-5 restriction, 21-2
subtended network configuration, 19-2 specification, 21-2
super VLAN, 2-14
triple play, 10-2 F
VLAN stacking, 2-11
DHCP Option82 fast leave (user management), 9-10
definition, 16-11 filter
packet format, 16-12 ACL, 11-7
principle, 16-12 address prefix list, 11-7
reference information, 16-14 route policy, 11-7
DHCP relay filtering
availability, 3-3 MAC address, 15-8
definition, 3-2 source route, 15-8
function, 3-2 firewall
implementation, 3-4 definition, 15-11
principle, 3-3 principle, 15-11
reference information, 3-4 Telnet/SSH/SNMP, 15-12
restriction, 3-2 firewall black list
specification, 3-2 definition, 15-10
digital parameter of environment monitoring, 20-5 principle, 15-10
DoS attack, definition, 15-5 function
dynamic route, 11-9 ACL, 5-2
dynamic/static IPoA, 18-3 ARP, 4-2
DHCP relay, 3-2
E environment monitoring, 20-2
Ethernet link aggregation, 12-2
EMU of environment monitoring, 20-4 Ethernet OAM, 21-2
environment monitoring IGMP proxy, 9-6
definition, 20-2 IGMP snooping, 9-5
EMU, 20-4 IPoA access, 18-2
function, 20-2 MPLS, 14-3
hardware , 20-3 MSTP, 7-2
parameter multicast, 9-2
analog parameter, 20-4 NTP, 8-2
digital parameter, 20-5 PPPoA access, 17-2
principle, 20-3 QoS, 6-2
reference information, 20-6 routing, 11-2
slave node, 20-4 subtended network configuration, 19-2
specification, 20-2 triple play, 10-2
environment monitorings
implementation, 20-6 H
Ethernet CFM, 21-4
Ethernet link aggregation hardware
definition, 12-2 ACL, 5-4
function, 12-2 ARP, 4-3
i-2 Huawei Technologies Proprietary Issue 03 (2007-07-10)

ARP proxy, 4-5

environment monitoring, 20-3 L
Ethernet link aggregation, 12-3
Ethernet OAM, 21-4 L2 IPoA access, 18-3
MPLS, 14-5 L3 IPoA access, 18-3
MSTP, 7-3 LDP, 14-4
QoS, 6-3 LER, 14-4
hop, 11-3 link aggregation
definition, 12-2
I function, 12-2
hardware, 12-3
I/F (SHDSL terminal model), 1-5 implementation, 12-4
ICMP/IP attack, 15-7 principle, 12-3
IEEE standards reference information, 12-4
Ethernet OAM, 21-6 specification, 12-2
MSTP, 7-5 link tracing, 21-5
IGMP bearer channel (user management), 9-10 local subtended network configuration
IGMP proxy daisy chain topology, 19-4
definition, 9-6 principle, 19-3
function, 9-6 star topology, 19-3
principle, 9-7 loop avoidance
specification, 9-6 counting to infinity, 11-11
IGMP snooping poison reverse, 11-11
definition, 9-5 split horizon, 11-11
function, 9-5 triggered updates, 11-11
principle, 9-5 loopback detection, 21-5
restriction, 9-5 LSP, 14-4
specification, 9-5 LSR, 14-4
implementation
ARP, 4-4 M
DHCP relay, 3-4
environment monitoring, 20-6 MAC address binding, 16-19
Ethernet link aggregation, 12-4 MAC address filtering
Ethernet OAM, 21-6 availability, 15-9
IPoA access, 18-4 definition, 15-9
MPLS, 14-6 principle, 15-9
MSTP, 7-5 MAC spoofing attack, definition, 16-21
multicast, 9-4 manual link aggregation
NTP, 8-4 definition, 12-2
PPPoA access, 17-4 MPLS
routing, 11-8 definition, 14-2
SHDSL.bis access, 1-5 function, 14-3
subtended network configuration, 19-6 hardware, 14-5
triple play, 10-4 implementation, 14-6
Internet access principle, 10-3 MPLS PWE3
IP address binding, 16-18 definition, 14-6
IPoA access implementation, 14-10
function, 18-2 reference information, 14-10
implementation, 18-4 restriction, 14-7
L2 IPoA access, 18-3 specification, 14-7
L3 IPoA access, 18-3 principle, 14-5
principle, 18-3 reference information, 14-6
reference information, 18-4 restriction, 14-3
specification, 18-2 MSTP
static/dynamic IPoA, 18-3 function, 7-2
IPTV principle, 10-3 hardware, 7-3
implementation, 7-5

reference information, 7-5 PDM module (SHDSL terminal model), 1-4

specification, 7-2 PITP
multi-PVC for multiple services, 10-4 definition, 16-2
multicast principle, 16-3
availability, 9-3 reference information, 16-10
definition, 9-2 specification, 16-2
function, 9-2 PMS-TC layer (SHDSL terminal model), 1-4
implementation, 9-4 poison reverse (loop avoidance), 11-11
principle, 9-3 PPPoA access
reference information, 9-4 availability, 17-2
specification, 9-2 definition, 17-2
multicast CAC, 9-9 function, 17-2
multicast program management implementation, 17-4
function, 9-8 reference information, 17-4
prejoin, 9-8 specification, 17-2
preview, 9-8 PQ
principle, 9-8 definition, 6-4
program priority, 9-8 principle, 6-5
restriction, 9-8 preview, 9-8, 9-8
specification, 9-8 principle
multicast user management ACL, 5-4
definition, 9-9 ARP proxy, 4-5
fast leave, 9-10 DHCP relay, 3-3
function, 9-9 environment monitoring, 20-3
IGMP bearer channel, 9-10 Ethernet link aggregation, 12-3
multicast CAC, 9-9 Ethernet OAM, 21-4
principle, 9-9 IGMP proxy, 9-7
program authority, 9-10 IGMP snooping, 9-5
specification, 9-9 IPoA access, 18-3
video bearer channel, 9-10 MPLS, 14-5
MUX VLAN multicast, 9-3
definition, 2-7 MUX VLAN, 2-7
principle, 2-7 NTP, 8-3
purpose, 2-7 PPPoA access, 17-3
restriction, 2-7 QinQ VLAN, 2-9
specification, 2-7 QoS, 6-3
routing, 11-3
N smart VLAN, 2-6
standard VLAN, 2-3
NTP subtended network configuration, 19-3
availability, 8-3 super VLAN, 2-15
Definition, 8-2 triple play, 10-3
function, 8-2 VLAN stacking, 2-12
implementation, 8-4 program authority, 9-10
principle, 8-3 program management
reference information, 8-5 definition, 9-7
specification, 8-2 function, 9-7
prejoin, 9-8
O preview, 9-8
principle, 9-8
OSPF program priority, 9-8
definition, 11-11 restriction, 9-8
features, 11-11 specification, 9-8
program priority, 9-8
P purpose
MUX VLAN, 2-7
parameter of environment monitoring, 20-6 QinQ VLAN, 2-9

smart VLAN, 2-5 MUX VLAN, 2-7

super VLAN, 2-14 program management, 9-8
VLAN stacking, 2-11 QinQ VLAN, 2-9
PVC for multiple services, 10-4 smart VLAN, 2-5
super VLAN, 2-15
Q VLAN stacking, 2-12
RFC standards
QinQ VLAN MPLS, 14-6
definition, 2-8 NTP, 8-5
principle, 2-9 RIP
purpose, 2-9 hop count, 11-10
restriction, 2-9 RIP 1, 11-10
specification, 2-9 RIP 2, 11-10
QoS router
definition, 6-2 hop, 11-3
function, 6-2 routing table, 11-4
hardware, 6-3 routing
implementation, 6-4 classification, 11-5
principle, 6-3 definition, 11-2
reference information, 6-4 function, 11-2
specification, 6-2 implementation, 11-8
management policy, 11-6
R principle, 11-3
priority, 11-6
RAIO reference information, 11-8
common mode, 16-15 routing table, 11-4
definition, 16-14 sharing, 11-7
port-userlabel mode, 16-16 specification, 11-2
reference information, 16-17 routing table, 11-4
service-port-userlabel mode, 16-16 RSTP
xDSL port rate, 16-16 definition, 7-2
reference information principle, 7-4
ARP, 4-4
DHCP relay, 3-4
environment monitoring, 20-6
S
Ethernet link aggregation, 12-4 security feature
Ethernet OAM, 21-6 address segment configuration, 15-12
IPoA access, 18-4 anti-ICMP/IP attack, 15-7
MPLS, 14-6 anti-IP spoofing, 16-23
MSTP, 7-5 anti-MAC spoofing, 16-20
multicast, 9-4 DHCP Option82, 16-10
NTP, 8-5 firewall, 15-11
PPPoA access, 17-4 firewall black list, 15-10
routing, 11-8 IP address binding, 16-17
SHDSL access, 1-5 MAC address binding, 16-19
subtended network configuration, 19-6 MAC address filtering, 15-8
triple play, 10-4 PITP, 16-2
remote subtended network configuration source route filtering, 15-8
principle, 19-5 sharing of routes, 11-7
RSTP ring network, 19-5 SHDSL
through FE/GE optical port, 19-5 principle, 1-3
restriction, 2-2 SHDSL.bis access
ACL, 5-3 implementation, 1-5
DHCP relay, 3-2 slave node of environment monitoring, 20-4
Ethernet link aggregation, 12-2 smart VLAN
Ethernet OAM, 21-2 definition, 2-5
IGMP snooping, 9-5 principle, 2-6
MPLS, 14-3 purpose, 2-5

restriction, 2-5 application model, 15-2

specification, 2-5 system security
source route filtering address segment configuration, 15-12
definition, 15-8 anti-DoS attack, 15-5
principle, 15-8 anti-ICMP/IP attack, 15-7
specification application model, 15-2
ACL, 5-2 firewall, 15-11
ARP, 4-2 firewall black list, 15-10
DHCP relay, 3-2 MAC address filtering, 15-8
environment monitoring, 20-2 protection method, 15-3
Ethernet link aggregation, 12-2 source route filtering, 15-8
Ethernet OAM, 21-2
IGMP proxy, 9-6 T
IGMP snooping, 9-5
IPoA access, 18-2 terminal model, SHDSL
MSTP, 7-2 I/F, 1-5
multicast, 9-2 PDM module, 1-4
MUX VLAN, 2-7 PMS-TC layer, 1-4
NTP, 8-2 TPS-TC layer, 1-5
PPPoA access, 17-2 TPS-TC layer (SHDSL terminal model), 1-5
QinQ VLAN, 2-9 triggered updates (loop avoidance), 11-11
QoS, 6-2 triple play
routing, 11-2 availability, 10-3
smart VLAN, 2-5 definition, 10-2
subtended network configuration, 19-2 function, 10-2
super VLAN, 2-15 implementation, 10-4
triple play, 10-2 Internet access, high-speed, 10-3
VLAN stacking, 2-12 IPTV, 10-3
split horizon (loop avoidance), 11-11 principle, 10-3
standard VLAN reference information, 10-4
principle, 2-3 specification, 10-2
standards VoIP, 10-3
IEEE, 7-5, 21-6
RFC, 8-5, 14-6 U
star topology, 19-3
static route, 11-8 user management
static/dynamic IPoA, 18-3 definition, 9-9
STP fast leave, 9-10
defect, 7-4 function, 9-9
definition, 7-2 IGMP bearer channel, 9-10
principle, 7-3 multicast CAR, 9-9
subtended network configuration principle, 9-9
availability, 19-3 program authority, 9-10
definition, 19-2 specification, 9-9
function, 19-2 video bearer channel, 9-10
implementation, 19-6 user security
local one, 19-3 anti-IP spoofing, 16-23
reference information, 19-6 anti-MAC spoofing, 16-20
remote one, 19-5 DHCP Option82, 16-10
specification, 19-2 IP address binding, 16-17
super VLAN MAC address binding, 16-19
definition, 2-14 PITP, 16-2
principle, 2-15
purpose, 2-14 V
restriction, 2-15
specification, 2-15 VBAS
system feature implementation, 16-3
anti-DoS attack, 15-5 video bearer channel (user management), 9-10

VLAN
definition, 2-2
MUX VLAN, 2-6
QinQ VLAN, 2-8
smart VLAN, 2-4
standard VLAN, 2-2
super VLAN, 2-14
VLAN stacking, 2-11
VLAN stacking
definition, 2-11
principle, 2-12
purpose, 2-11
restriction, 2-12
specification, 2-12
VoIP principle, 10-3
W
WRR
definition, 6-6
principle, 6-6

31400134-MA5600 Feature Description - (V300R002 - 03)

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

31400134-MA5600 Feature Description - (V300R002 - 03)

Загружено:

Авторское право:

Доступные форматы

SmartAX MA5600 Multi-service Access Module

Huawei Technologies Proprietary

Huawei Technologies Co., Ltd.

Copyright 2007 Huawei Technologies Co., Ltd. All rights reserved.

Trademarks and Permissions

Huawei Technologies Proprietary

About This Document.....................................................................................................................1

Issue 03 (2007-07-10) Huawei Technologies Proprietary i

2.5 VLAN Stacking.............................................................................................................................................2-11

3 DHCP Relay................................................................................................................................ 3-1

ii Huawei Technologies Proprietary Issue 03 (2007-07-10)

Issue 03 (2007-07-10) Huawei Technologies Proprietary iii

10.1 Features of Triply Play................................................................................................................................10-2

12 Ethernet Link Aggregation...................................................................................................12-1

iv Huawei Technologies Proprietary Issue 03 (2007-07-10)

14.2 MPLS PWE3...............................................................................................................................................14-6

Issue 03 (2007-07-10) Huawei Technologies Proprietary v

vi Huawei Technologies Proprietary Issue 03 (2007-07-10)

19 Subtended Network Configuration....................................................................................19-1

A Acronyms and Abbreviations................................................................................................A-1

Issue 03 (2007-07-10) Huawei Technologies Proprietary vii

Figure 1-1 Typical SHDSL application model ....................................................................................................1-3

Issue 03 (2007-07-10) Huawei Technologies Proprietary ix

Figure 16-9 Sub options of DHCP Option82...................................................................................................16-13

x Huawei Technologies Proprietary Issue 03 (2007-07-10)

Table 1-1 Acronyms and abbreviations concerning SHDSL............................................................................... 1-3

Issue 03 (2007-07-10) Huawei Technologies Proprietary xi

Table 16-4 Acronyms and abbreviations concerning DHCP Option82...........................................................16-11

xii Huawei Technologies Proprietary Issue 03 (2007-07-10)

About This Document

Product Name Version

N2000 BMS V200R008

l Network planning engineers

Issue 03 (2007-07-10) Huawei Technologies Proprietary 1

1 SHDSL Access The definition, purpose, specification, principle glossary,

2 VLAN The definition, purpose, specification, principle glossary,

3 DHCP Relay The definition, purpose, specification, principle glossary,

4 ARP Proxy The definition, purpose, specification, principle glossary,

5 ACL The definition, purpose, specification, principle glossary,

6 QoS The definition, purpose, specification, principle glossary,

7 RSTP The definition, purpose, specification, principle glossary,

8 NTP The definition, purpose, specification, principle glossary,

9 Multicast The definition, purpose, specification, principle glossary,

10 Triple Play The definition, purpose, specification, principle glossary,

11 Routing The definition, purpose, specification, principle glossary,

12 Ethernet Link The definition, purpose, specification, principle glossary,

13 ATM Subtending The definition, purpose, specification, principle glossary,

2 Huawei Technologies Proprietary Issue 03 (2007-07-10)

14 MPLS The definition, purpose, specification, principle glossary,

15 System Security The definition, purpose, specification, principle glossary,

16 User Security The definition, purpose, specification, principle glossary,

17 PPPoA Access The definition, purpose, specification, principle glossary,

18 IPoA Access The definition, purpose, specification, principle glossary,

19 Subtended Network The definition, purpose, specification, principle glossary,

20 Environment Monitoring The definition, purpose, specification, principle glossary,

21 Ethernet OAM The definition, purpose, specification, principle glossary,

Indicates a hazard with a high level of risk which, if not

Indicates a hazard with a medium or low level of risk which,

Issue 03 (2007-07-10) Huawei Technologies Proprietary 3

Indicates a potentially hazardous situation that, if not

NOTE Provides additional information to emphasize or

Times New Roman Normal paragraphs are in Times New Roman.

Boldface Names of files, directories, folders, and users are in