Вы находитесь на странице: 1из 51

ZXR10

5250

Description

Operator Logo

Product

ZXR10 5250 Product Description

ZXR10 5250 Product Description

ZXR10 5250 Product Description

Version

Date

Author

Approved By

Remarks

   

Liu

   

V1.0

2011-07-25

Sheng

Not open to the Third Party

   

Liu

   

V1.1

2012-12-05

Sheng

Modified according to feedbacks

       

Add types for enterprise networks:

V1.2

2013-03-05

Liu

Sheng

5250-28TS-L,5250-52TS-L,5250-28TC-H

5250-52TC-H,5250-52PM-H

   

Liu

   

V1.3

2013-6-28

Sheng

Modify the diagram of 5250-28SM

   

Liu

   

V1.4

2013-9-15

Sheng

Add 2511 series description

   

Ding

 

Add equipment highlights and value-added functions; modify hardware description

V1.5

2014-4-29

Haowei

© 2015 ZTE Corporation. All rights reserved.

ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to be disclosed or used without the prior written permission of ZTE.

Due to update and improvement of ZTE products and technologies, information in this document is subjected to change without notice.

ZXR10 5250 Product Description

ZXR10 5250 Product Description

TABLE OF CONTENTS

1

Overview

1

2

Highlights

2

2.1

Energy saving and green

2

2.2

Easy deployment and easy management

2

2.3

POE Features

3

2.4

Better video service experience

3

2.5

Perfect security design

3

2.6

Smart VLAN

4

2.7

Overall supervision

4

2.8

Bidirectional ACL

4

2.9

Precision user locating

4

2.10

IPV6

5

2.11

Ethernet OAM

5

2.12

Off-power alarm

5

2.13

Free seating networking

5

2.14

Supporting ERPS (G.8032)

5

2.15

Broadcast storm prevention and restoration

6

3

Functions

7

3.1

Basic service functions

7

3.1.1

MAC address management

7

3.1.2

VLAN

8

3.1.3

STP features

9

3.1.4

Link aggregation

9

3.1.5

Basic Ethernet features

9

3.2

Value-Added Service (VAS)

10

3.2.1

DHCP-based batch upgrade

10

3.2.2

IPTV

10

3.2.3

ACL

11

3.2.4

SFLOW

11

3.2.5

RSPAN

12

3.2.6

Global counter

13

3.2.7

IP source guard

13

3.2.8

Dynamic ARP Inspection (DAI)

13

3.2.9

LLDP

14

3.2.10

UDLD

14

3.2.11

Voice vlan

14

3.2.12

802.1x authentication

14

3.2.13

Ring protection

15

3.2.14

ZESS smart switching

15

3.2.15

DHCP relay

16

3.2.16

TACACS+

16

3.2.17

SSH

17

3.2.18

Port loopback check

17

3.2.19

MButton

17

3.2.20

SFTP

18

ZXR10 5250 Product Description

ZXR10 5250 Product Description

3.2.21

SSL

18

4

System Architecture

18

4.1

Appearance

18

4.2

Hardware Architecture

20

4.2.1

Overall Hardware Architecture

20

4.2.2

Working Principle of Hardware System

20

4.2.3

Introduction to Card

20

4.3

Software Architecture

22

4.3.1

Operation Support Sub-system

23

4.3.2

MUX Sub-system

23

4.3.3

L2 Sub-system

24

4.3.4

NM and Maintenance Sub-system

24

5

Technical Indexes and Specifications

25

5.1

Physical Indexes

25

5.2

Basic Specifications

28

6

Operation

and Maintenance

35

6.1

NetNumen U31 Integrated NM Platform

35

6.1.1

NM Networking

35

6.1.2

NetNumen U31 NM System

36

7

Comprehensive Networking Applications

39

7.1

Community Access for Enterprise network

39

7.2

Corridor Access for MAN

39

8

Abbreviations

41

ZXR10 5250 Product Description

ZXR10 5250 Product Description

FIGURES

Figure

3-1

Typical QinQ networking

8

Figure

3-2

sFlow

ZESS

frame

12

Figure

3-3

network topology

16

Figure

4-1

ZXR10

5250-28TC-H

18

Figure

4-2

ZXR10

5250-52TC-H

18

Figure

4-3

ZXR10

5250-52PM-H

18

Figure

4-4

ZXR10

5250-28PM-H

18

Figure

4-5

ZXR10

5250-28TM-H

19

Figure

4-6

ZXR10

5250-52TM-H

19

Figure

4-7

ZXR10

5250-28TC

19

Figure

4-8

ZXR10

5250-52TC

19

Figure

4-9

ZXR10

5250-28SM

19

Figure

4-10

ZXR10

5250-52PM

19

Figure

4-11

ZXR10

5250-28PM

19

Figure

4-12

ZXR10

5250-28TS-L

19

Figure

4-13

ZXR10

5250-52TS-L

20

Figure 4-14

Working principle of the system

20

Figure

4-15

Control principle

21

Figure

4-16

System framework diagram

23

Figure

4-17

L2 system structure

24

Figure

7-1

Desktop access for enterprise network

39

Figure

7-2

MAN access

39

TABLES

 

Table 5-1

5250-H series physical indexes

25

Table 5-2

5250

5250

standard series physical indexes

26

Table

5-3

TS-L series physical indexes

27

Table 5-4

5250-H series system specifications

28

Table 5-5

5250 standard series system specifications

30

Table 5-6

5250-L series system specifications

33

ZXR10 5250 Product Description

ZXR10 5250 Product Description

Table 8-1

Abbreviations

41

1 ZXR10 5250 Product Description Overview As a new-generation GE access L2 Ethernet intelligent switch

1

ZXR10 5250 Product Description

Overview

As a new-generation GE access L2 Ethernet intelligent switch introduced by ZTE, ZXR10 5250 series enhances its features in energy saving, user information security, access control as well as management and maintenance. 5250 when compared with similar products are outstanding for its powerful forwarding capability, flexible ACL and rich monitoring manners. It supports Ethernet OAM and voice vlan, so that is can satisfy MAN and enterprise network access needs.

ZXR10 5250 include 4 models: ZXR10 5250-28TC, ZXR10 5250-52TC, ZXR10 5250-28SM and ZXR10 5250-52PM

ZXR10 5250 Product Description

2

Highlights

ZXR10 5250 Product Description 2 Highlights 2.1 Energy saving and green ZXR10 5250 perfectly supports 802.3az.

2.1 Energy saving and green

ZXR10 5250 perfectly supports 802.3az. It can dynamically set port as idle when there’s no traffic goes through so as to save the power. It functions well to save the consumption at single port by reducing 70% consumption at single port. Meanwhile, the device can provide the statistics of consumption saved by the port and the device so as to provide a practical effect of energy saving to the customer.

ZXR10 5250 supports dynamic fan adjustment. It can adjust fan speed dynamically based on the temperature inside the equipment. It raises the fan speed and increases air flow when the temperature is high. It reduces fan speed when the temperature is low.

By using multiple energy-saving technologies, for example, disable idle ports and adjust port power consumption as per cable length, ZXR10 5250 try their best to decrease the power consumption for the customer maximally.

The material used for the product conforms to Europe RoHS environment protection standard. The environment pollution of the materials is reduced to the least. We make certain contribution to protection of the whole environment.

2.2 Easy deployment and easy management

Automatic remote batch upgrade can upgrade the equipment of the same type at one time, which avoids the hardship of the OAM staff going up and down the building carrying their computers.

Creative M-Button enables the administrator to obtain the status of equipment port, memory and CPU without logging in the system.

It supports system information display. Via one command, the system operation information can be collected, which gives conveniences to information collection and failure location.

It supports off-power warning. When the device is out of power, it is still capable of sending off-power warning to remote server. In this way, the administration center can be informed of the failure in the shortest time.

At the same time, the device supports multiple management manners, e.g., web, telnet and snmp, etc. Also, the equipment can carry out local or remote authority authentication to guarantee the reliability of the operation.

2.3 POE Features ZXR10 5250 Product Description ZXR10 5250 series supports full-port POE and POE+

2.3 POE Features

ZXR10 5250 Product Description

ZXR10 5250 series supports full-port POE and POE+ power supply, conforming to 802.3af and 802.3at standard. It is also compatible with PD equipment which doesn’t conform to 802.3af or 802.3at standard. The maximal power supply of POE is 15.4W and the maximal power supply of POE+ is 30W.

The port supports time-sharing POE power supply configuration. It can automatically forcefully shut down POE power supply of the electrical interface during the period when power supply is unneeded.

2.4 Better video service experience

ZXR10 5250 supports MVR, provides various rules and channel combination, and supports multicast QoS. It solves traffic engineering management problem brought by multiple egress duplication of multicast services, optimizes delay, jitter and packet loss problem of video flow, and reduces join-in and offline delay of users’ video services. At the same time, it supports multicast service access control, which guarantees security of multicast service access and users’ high-quality video service experience.

2.5 Perfect security design

The security design of ZXR10 5250 is based upon two aspects: one is to guarantee the normal operation of the device, the other is to ensure the security of the data.

For self security design, some restrictions to peer-end broadcasting message, multicast message, unknown unicast message. Therefore, these messages will have less impact to CPU. For CPU, the device uses control plane security service to classify and control the speed of the protocol messages that CPU needs to process. This mechanism makes sure that the speed of the delivered the message for the protocol stacking is within a proper range, which avoids the breakdown of CPU caused by exceeding messages. Besides common user name and password management, ZXR10 5250 supports multiple logins such as SSH to prevent the administrative users being spoofed.

For user data security, besides PVLAN service, ZXR10 5250 also uses DHCP snooping plus IP source guard to make sure user’s validity. For the messages which do not satisfy bounding table, they will be discarded.

The device is also capable of DAI service. So that it can effectively restrict ARP-based DOS attack. The device not only can discard arp message which does not accord with the condition, but also can restrict the number of arp one port learns. This mechanism successfully prevents equipment table entity from being occupied maliciously, which makes sure other people can use the resource normally.

ZXR10 5250 Product Description

2.6 Smart VLAN

ZXR10 5250 Product Description 2.6 Smart VLAN ZXR10 5250 not only gives support to 1:1 vlan

ZXR10 5250 not only gives support to 1:1 vlan map, but also supports N: 1 VLAN map. In this way, by aggregating vlan at the access side, the device greatly enhances the usability of vlan resource.

ZXR10 5250 supports standard QinQ service and flexible SVLAN service, which enables the operator to distinguish user and service at the access side effectively. In this way, the units can implement different processing policies as per different users and services.

ZXR10 5250 supports dynamic distribution of independent vlan to voice device, and provide higher priority to data in this vlan by configuring QoS strategy to guarantee voice quality.

2.7 Overall supervision

ZXR10 5250 supports message mirroring service. It can classify mirroring image of different messages, so that different message mirroring image can go to different port.

ZXR10 5250 supports sFlow service. It can sample the message and send it to the designated server.

ZXR10 5250 support RSPAN service. It is used for the extension of common mirroring. So that, all the messages on the monitored port will be completely sent to the remote receiver.

The device also supports intelligent statistic service. Being different from the traditional accounting service which can only collect the number of the port or queue, the intelligent statistic service can count any interested traffic or port. The counting service can be as precise as one user‘s one service, which accordingly provides effective monitoring way for precise operation.

2.8 Bidirectional ACL

In the course of further developing similar products, ZXR10 5250 at the same time supports incoming and outgoing ACL. User can implement both incoming and outgoing traffic classification and speed restriction at the same time. This mechanism enables more comprehensive and flexible ACL.

2.9 Precision user locating

Via multiple methods like DHCP, option82, PPPOE+ and VBAS, ZXR10 5250 can provide user’s accurate location for the network management center. The field with user location information can be configured freely to meet different operators’ requirements.

2.10 IPV6 ZXR10 5250 Product Description ZXR10 5250 supports a number of essential IPV6 functions,

2.10 IPV6

ZXR10 5250 Product Description

ZXR10 5250 supports a number of essential IPV6 functions, including IPV6/IPV4 dual protocol stack, ND (neighbor discovery), ICMPV6, DHCPV6 snooping and MLD snooping.

2.11 Ethernet OAM

Ethernet Operations, Administration, and Maintenance (OAM) is a guarantee to provide high-quality carrier-class network. It monitors link status change, makes evaluation of service quality provided by the link, so as to provide great convenience for network maintenance staff to locate network failures. ZXR10 5250 supports three OAM protocols:

802.1ag, 802.3ah, and Y1731.

2.12 Off-power alarm

When the power supply is off-power, the device sends alarm message to the designated server, notifying the server that the device stops working because the power supply is off. Power supply failure is the major failure of the access device. This function can help OAM staff to make quick decision on device failure and speed up the processing and failure recovery.

2.13 Free seating networking

ZXR10 5250 series enables the users find desired new services easily with mouse on the interface platform provided by the operators by enabling MFF, IPTV, ZESR and MAC-based vlan functions, to implement free selection, free switching and free accounting. With the Free-seating solution, operators have a new role a platform connecting service providers and final users. In Free-seating platform, Internet service providers and IPTV media providers can adjust their marketing strategies flexibly and carry out “preview” service promotion; they can rank the services according to user click-through rate and adjust their service direction without worrying about the trouble of user payment.

2.14 Supporting ERPS (G.8032)

ZXR10 5250 series supports ERPS (Ethernet Ring Protection Switching). It can prevent broadcast storm caused by data loop in an Ethernet ring. When one link is disconnected in the Ethernet ring, it can enable the standby link rapidly to restore communication between the nodes on the Ethernet rings. Compared with STP protocol, ERPS protocol has the following features: typology convergence is fast (less than 50ms); convergence time is unrelated to the number of nodes on the Ethernet ring.

ZXR10 5250 Product Description

ZXR10 5250 Product Description 2.15 Broadcast storm prevention and restoration ZXR10 5250 supports broadcast storm

2.15 Broadcast storm prevention and restoration

ZXR10 5250 supports broadcast storm prevention and restoration. When the broadcast frames received reach the preset threshold, the port will drop the broadcast frames automatically and generate alarms at the same time. When the broadcast frames are under the preset threshold, it will report the restoration alarm.

3 Functions ZXR10 5250 Product Description 3.1 Basic service functions 3.1.1 MAC address management ZXR10

3

Functions

ZXR10 5250 Product Description

3.1 Basic service functions

3.1.1 MAC address management

ZXR10 5250 series fulfills the following MAC functions:

Convert dynamic MAC address into static one

On one hand, the administrator expects that the user is fixed only to a port; on the other hand, he does not want to configure too many static addresses. The function can be used to reach the goal.

Bind MAC address to a port

Dynamic, static or permanent MAC address can be added to MAC address table. The correspondence relation between static or permanent MAC address and port is fixed, and cannot be cancelled until the address is deleted manually.

Limit MAC address number of a port

MAC address table capacity of a switch is limited. When many users are available and MAC address table will reach the capacity limit, the MAC address number of low-priority user port will be restricted.

The restriction can prevent MAC address broadcast to drive MAC address table to overflow the network attack.

Port MAC address learning protection

When abnormal MAC address learning of a port is checked out, the switch will protect the MAC address learning for some time. New address learning cannot be done in the protection. When the protection expires, the port will be in the state of MAC learning again.

Unknown-source MAC address filtering of a port

Unknown-source MAC address filtering of a switch port is closed by default, and the port does not filter the unknown-source MAC address. If a switch port is configured with enabling the unknown-source MAC address filtering, relative port will discard the packet of unknown-source MAC address received at the port and learn it.

MAC address filtering

ZXR10 5250 Product Description

ZXR10 5250 Product Description Data frame can be filtered according to MAC address in the following

Data frame can be filtered according to MAC address in the following ways:

1 Only the source MAC address of data frame is matched. If the source MAC address is the set MAC address, the data frame will be filtered.

2 Only the destination MAC address of data frame is matched. If the destination MAC address is the set MAC address, the data frame will be filtered.

3 The source or destination MAC address of data frame is matched. If the source or destination MAC address is the set MAC address, the data frame will be filtered.

3.1.2

VLAN

Support port-based vlan, 1:1 and N:1 vlan translation, PVLAN, QinQ and SVLAN.

QinQ, known as the tunnel protocol based on IEEE 802.1Q encapsulation, is also called VLAN stack. QinQ adds a VLAN label (external label) outside the existing VLAN label (internal label). The external label can shield the internal label.

QinQ without protocol support can implement simple L2VPN, and is suitable for mini- LAN taking L3 switch as the backbone.

Typical QinQ networking is as follows. The port connecting user network is Customer port, the port connecting SP network is Uplink port, and SP network edge access equipment is called PE (Provider Edge).

Figure 3-1

Typical QinQ networking

SPVLAN 10

customer

User network 1 CVLAN1- 100 PE
User network
1
CVLAN1-
100
PE
port SPVLAN 10 Uplink port Switch A Switch B SP network PE SPVLAN 10 Uplink
port
SPVLAN 10
Uplink port
Switch A
Switch B
SP network
PE
SPVLAN 10
Uplink port

SPVLAN 10

customer

port

User network

2

CVLAN1-

100

User network accesses PE via Trunk VLAN. Uplink ports in SP network are connected symmetrically via Trunk VLAN.

When the packet comes from user network 1 to switch A customer port, no matter whether the packet is tagged or untagged, switch A will forcedly insert the external label (VLAN ID is 10). In SP network, the packet reaches switch B via VLAN 10 ports. Switch B

ZXR10 5250 Product Description finds out the port connected to user network 2 is customer

ZXR10 5250 Product Description

finds out the port connected to user network 2 is customer port, removes the external label according to the conventional 802.1Q protocol, restores it to the original packet, and sends it to user network 2.

The data between user network 1 and 2 can be transmitted transparently via SP network. User networks can freely plan their own private network VLAN ID to avoid the conflict with SP network VLAN ID.

3.1.3 STP features

Support RSTP and MSTP as well as such protection features as bpdu guard, root guard and loop guard.

3.1.4 Link aggregation

Link aggregation, known as Trunk, binds several physical ports into one logic port to share incoming/outgoing traffic load among member ports. The switch decides according to port load sharing policy configured by the user via which member port the packet is sent to the opposite switch. When detecting that a fault occurs to the link of a member port, the switch will stop sending the packet via the port, and recalculate and decide a port for packet transport according to load sharing policy. After the faulty port restores, the switch will recalculate and decide a port for packet transport again. Link aggregation is an important technology to increase link bandwidth and support link transport resilience and redundancy.

ZXR10 5250 supports static Trunk and LACP link aggregation.

Static Trunk adds several physical ports directly to Trunk group to form one logic port, but it is not good at observing the status of link aggregation port.

LACP (Link Aggregation Control Protocol), following IEEE 802.3ad, dynamically aggregates several physical ports into Trunk group through the protocol to form one logic port. LACP automatically aggregates to get the maximum bandwidth.

3.1.5 Basic Ethernet features

ZXR10 5250 supports the following basic Ethernet features:

Support

port mirroring

Port mirroring copies the data of one or several switch ports (mirrored port) to one designated destination port (monitored port) to get the data of the monitored port for traffic analysis and wrong diagnosis port data. The mirroring (RSPAN) of cross-equipment ports is supported.

Support

broadcast storm suppression

ZXR10 5250 Product Description

ZXR10 5250 Product Description It can limit the number of broadcast packet allowed to pass Ethernet

It can limit the number of broadcast packet allowed to pass Ethernet port per second. When broadcast traffic exceeds the value set by the user, the system will discard broadcast traffic, thus broadcast traffic will be reduced to a reasonable range to suppress broadcast storm and avoid network congestion to assure network services of normal operation. Broadcast storm suppression takes the set rate as the parameter. The smaller rate means the smaller broadcast traffic allowed to pass.

Support such configuration as port rate, duplex mode and adaptation.

Support

line diagnosis analysis and test

ZXR10 5250 supports cable line diagnosis analysis and test. It can check line and connection and find the location of cable fault to facilitate network management and fault locating.

GE electrical interface is connected to other devices via network cable. Network cable has 4 twisted pairs. 100M network cable uses twisted pair 1-2 and 3-6, and 1000M 1-2, 3-6, 4-5 and 7-8. The status of each twisted pair can be detected in line check. Line statuses are as follows:

1 Open: Open-circuit line

2 Short: Short-circuit line

3 Good: Normal line

4 Broken: Open-circuit or short-circuit line

5 Unknown: Unknown or no result

6 Crosstalk: Line coupling

7 Fail: Failed detection

3.2 Value-Added Service (VAS)

3.2.1 DHCP-based batch upgrade

ZXR10 5250 supports the DHCP-based batch upgrade. By supporting DHCP option66, 67 and 150, the device gets the server address, catalog and filename storing the version. Option150 stores the server IP address, option66 the version path, and option67 the version filename. With the information, the device can automatically get the version from the designated location via FTP or TFTP, which simplifies upgrade procedure, facilitate operation & maintenance and increase working efficiency.

3.2.2 IPTV

IPTV, known as interactive network TV and launched by carriers based on broadband, uses IP broadband network and integrates Internet, multimedia and telecom technologies

ZXR10 5250 Product Description to provide for the user such interactive services as live TV,

ZXR10 5250 Product Description

to provide for the user such interactive services as live TV, video VOD and Internet browse. The user gets the services via PC or “IP set top box+TV”.

Controllable multicast is one of key technologies of ZTE’s IPTV system structure, and usually works at the broadband access network side. The equipment (BRAS, access equipment or switch) implementing the multicast control policy is called the multicast control point. As the termination point of user multicast IGMP request, the multicast control point decides according to relative IGMP request and control policy whether to copy multicast flow to user port. The closer the multicast control point is, the more network bandwidth the user can save. As the key equipment to implement the multicast control policy, Multicast control point supports the following services: IGMP V1/V2, IGMP Snooping, IGMP Filter, IGMP Proxy, IGMP Fastleave, MVR(Multicast Vlan Register), SGR(Static Group Register), UGAC(User Group Access Control) and UGAR(User Group Access Record). User’s on-demand authority can be controlled by binding rules and channels.

3.2.3 ACL

ZXR10 5250 supports egress and ingress ACL.

ZXR10 5250 offers the following four types of ACL.

Basic ACL: Only match source IP address.

Extension ACL: Match source IP address, destination IP address, IP protocol type, TCP source port No., TCP destination port No., UDP source port No., UDP destination port No., ICMP type, ICMP Code, DSCP (DiffServ Code Point), and ToS.

L2 ACL: Match source MAC address, destination MAC address, source VLAN ID, L2 Ethernet protocol type, and 802.1p priority value.

Mixed ACL: Match source MAC address, destination MAC address, source VLAN ID, source IP address, destination IP address, TCP source port No., TCP destination port No., UDP source port No., and UDP destination port No., including all matching fields of the above types.

3.2.4 SFLOW

sFlow is the IETF standard traffic monitoring technology. It has low hardware requirements, less equipment resource consumption and high technical commonality, so it is now used by multiple vendors.

sFlow service mainly consists of three parts: sFlow message sampling unit, sFlow proxy unit and sFlow collector (or named analyzer ). The sampling and proxy units of sFlow are integrated in the network equipment; while sFlow collector which analyzes messages of

ZXR10 5250 Product Description

ZXR10 5250 Product Description multiple sFlow proxies is out of the system structure. The entire basic

multiple sFlow proxies is out of the system structure. The entire basic system architecture is as shown in the following figure:

Figure 3-2

sFlow frame

is as shown in the following figure: Figure 3-2 sFlow frame sFlow sampling unit is the

sFlow sampling unit is the basis of sFlow mechanism. sFlow samples network packets at the network interface supporting sFlow and sends sampled packets to sFlow agent equipment for processing. sFlow Collector is the network equipment sFlow uses to manage, monitor, collect and analyze. It stores and analyzes network packets from sFlow Agents, and gives equipment traffic and service analysis reports and tables.

3.2.5

RSPAN

Remote Switched Port Analyzer (RSPAN), i.e. remote port mirroring, without asking the mirrored port and the mirroring port on the same switch, enables cross-network mirrored port and mirroring port. This gives great conveniences to the administrator for remote switch management.

The following switches can fulfill the RSPAN function.

ZXR10 5250 Product Description  Source switch: The switch of the monitored port makes L2

ZXR10 5250 Product Description

Source switch: The switch of the monitored port makes L2 forwarding of the traffic, which needs to be mirrored, at Remote-probe VLAN L2 and forwards it to intermediate switch or destination switch.

Intermediate switch: The switch between source switch and destination switch in the network transports the mirroring traffic to the next intermediate switch or destination switch via Remote-probe VLAN. If source switch and destination switch are directly connected, there will be no intermediate switch.

Destination switch: The switch of destination port for remote mirroring forwards the mirroring traffic received from Remote-probe VLAN to the monitoring equipment via the mirroring destination port.

3.2.6 Global counter

ZXR10 5250 has unique global counter. The port and flow to be monitored can be bound to a separate global counter. The specific flow can be decided according to flow classification. For example, monitor a specific source IP and destination IP. After binding, global counter separately counts the packets matching the flow.

Global counter provides the carriers with an effective way to monitor network traffic status, which may be for a specific traffic of each user, so as to offer more data for network structure planning.

3.2.7 IP source guard

IP source guard is a policy control technology. Based upon dynamic DHCP snooping table entry or manual static table entry, it is mainly responsible for checking if IP+MAC the same as DHCP snooping table entry or manual static table entry. If they are not the same, the message will be judged as illegal. Then it will be discarded or sent to CPU.

3.2.8 Dynamic ARP Inspection (DAI)

ARP attack is the most commonly seen means in the network. It has two ways: One is to transmit a lot of ARP packets which is beyond normal processing capability and break down the equipment; the other is to transmit faked ARP packets and make the equipment learn wrong table items, thus the packets of a normal user are wrongly forwarded to the hacker faking the ARP packets and let him get private information of the user.

DAI service can effectively process ARP attack. After initiating DAI, the equipment can restrict the number of ARP sent by the port, which guarantees adequate processing capability of the equipment. Also, DAI service can check the legality of the received ARP message according to user table entry generated dynamically. When the received ARP message does not accord with the user dynamic table entry of this port, this message will be dropped to make sure the correctness of the forwarding table entry.

ZXR10 5250 Product Description

3.2.9 LLDP

ZXR10 5250 Product Description 3.2.9 LLDP LLDP (Link Layer Discovery Protocol) is a kind of neighbor

LLDP (Link Layer Discovery Protocol) is a kind of neighbor discovery protocol. With LLDP, network device notifies its information to other devices and establish neighbor relationship with different devices. ZXR10 5250 supports multiple LLDP TLV attributes. It can correctly notify its port and system information to its neighbors.

At the same time ZXR10 5250 supports LLDP MED (LLDP for Media Endpoint Devices). The switch uses this protocol to configure the terminal device that connected to it.

3.2.10 UDLD

UDLD is a L2 network protocol used to detect the single-pass on physical link between the devices. Sometimes only receiving is normal or only transmitting is normal on the physical link between two devices. At this time, the link status may be normal but the packet transmission is abnormal. Detecting the abnormality, UDLD can send alarm or close the port, which is decided based on the configuration.

3.2.11 Voice vlan

Voice VLAN provides high forwarding priority for voice data packet. When voice device access is detected, no matter what the default priority for the voice data flow is, ZXR10 5250 transfers the legal voice data to the specified voice VLAN and distributes a high priority to it, so as to guarantee the voice packet is forwarded with priority.

3.2.12 802.1x authentication

DOT1X (IEEE 802.1x) is the port-based network access control protocol. It optimizes authentication means and authentication architecture and resolves the issues caused by conventional PPPoE and Web/Portal authentication, so it is more suitable for broadband Ethernet.

IEEE 802.1x protocol architecture consists of three major parts: Supplicant System, Authenticator System and Authentication Server System.

1 Supplicant system is a user terminal system which is usually installed with a supplicant software. The user starts the software to initiate the authentication in IEEE802.1x protocol. In order to support the port-based access control, supplicant system needs to support EAPOL (Extensible Authentication Protocol Over LAN).

2 Authenticator system is usually the network equipment supporting IEEE802.1x protocol, such as switch. The equipment corresponds to the ports of different users (They may be physical ports, or MAC address, VLAN and IP of user equipment). Two logic ports are available: controlled port and uncontrolled port.

ZXR10 5250 Product Description 1) Uncontrolled port is always in bidirectional connection status and transmits

ZXR10 5250 Product Description

1)

Uncontrolled port is always in bidirectional connection status and transmits EAPOL protocol frame to ensure that the supplicant can always send or receive the authentication.

2)

Only when the authentication is passed, can controlled port be opened to transmit network resource and service. Controlled port can be configured to bidirectional control or input control for different applications. If the user does not pass the authentication, controlled port will be in authentication status, and the user will not access the service provided by authenticator system

3 Authentication server is usually RADIUS server. It can store the user-related information, e.g., user VLAN, CAR parameters, priority, and user access control list. When the user passes the authentication, authentication server passes the user-related information to authenticator system which creates the dynamic access control list, and subsequent user traffic will be under the supervision of the above parameters. Device communicates with RADIUS server through RADIUS protocol.

3.2.13 Ring protection

ZTE Ethernet Smart Ring (ZESR) based upon EAPS principle of rfc3619 protocol makes some progresses. It makes sure if the ring works smoothly. Also it confirms there’s only one logic smooth path between two nodes. The port status can be changed between block and forward status according to the situation of the ring (through-break, break-through), which enables fast switchover of the logical path.

ZESR supports multiple such as network topologies as tangent ring and intersecting ring as well as multi-domain configuration. ZXR10 5250 ZESR supports to work with PVLAN to comply with MEF networking model.

3.2.14 ZESS smart switching

ZTE Ethernet Smart Switch (ZESS), providing an Ethernet intelligent switchover technology introduced by ZTE, describes a highly efficient link switchover mechanism. When the active link breaks down, traffic can be switched over to the standby link, which makes sure normal data transmission.

As shown in Figure 3, node 1 supports ZESS. Port 1 is master port and port 2 is slave port. When node 1 finds that master port and slave port are UP, the protection service VLAN forwarding of slave port will be blocked. When node 1 finds that master port is DOWN, the protection service VLAN forwarding of master port will be blocked, and the protection service VLAN forwarding of slave port will be opened. When node 1 finds that master port restores to UP, inversion and non-inversion modes are available. In inversion mode, master port is opened and slave port is blocked again. In non-inversion mode,

ZXR10 5250 Product Description

ZXR10 5250 Product Description master port is still blocked and slave port is still opened. Furthermore,

master port is still blocked and slave port is still opened. Furthermore, when ZESS is switched, FDB of the blocked port will be upgraded.

Figure 3-3

ZESS network topology

Upper-level network
Upper-level
network
Figure 3-3 ZESS network topology Upper-level network Master port S l a v e p o
Figure 3-3 ZESS network topology Upper-level network Master port S l a v e p o

Master port

3-3 ZESS network topology Upper-level network Master port S l a v e p o r

S l a v e p o r t Slave port

Node 2

Node 3

port S l a v e p o r t Node 2 N o d e

Node 1

3.2.15 DHCP relay

DHCP relay forwards users’ DHCP request packet to the designated DHCP server by L3 interface, and forwards the packet returned by the server to the user. ZXR10 5250 DHCP relay supports configuration of multiple server. It supports identification and processing of option82. Many different actions of forwarding, dropping or substitution can be adopted for packets carrying option82.

3.2.16 TACACS+

Besides common radius authentication, ZXR10 5250 also supports TACACS+ authentication of administrative user. TACACS+ seems similar to radius in usage. It is also an authentication method with client plus server. The device works as client and sends the username and password to remote TACACS+ server, who takes authentication and then returns the result to the client. Besides the difference in authentication process and packet attribute, the biggest difference between TACACS+ and radius lies in the fact that TACACS+ takes encapsulation of the forwarded packet, which greatly improves the system security.

3.2.17 SSH ZXR10 5250 Product Description SSH mainly provides a secure login passage for the

3.2.17 SSH

ZXR10 5250 Product Description

SSH mainly provides a secure login passage for the administrative user. The device provides SSH server function for the user logs in as client. Client and server will negotiate about the encrypted key before they establish the connection, with which server and client can encrypt and de-encrypt the packet they send to each other to make the packet unidentifiable by others during the process of transmission.

3.2.18 Port loopback check

Port loopback check works to separate the network. The device will block the port when it finds loopback in the downlinked network of the port to avoid the influence on the whole network of the loopback. Port loopback check can work only with the support of a single node without the same protocol run in the whole network. ZXR10 5250 supports single port and multi-port loopback check.

3.2.19 MButton

ZXR10 5250 switch can provide the MButton function without increasing user cost. The function makes use of existing port indicators to indicate the run status of the switch. MButton can switch different modes. When a mode is switched, port indicator shows system status of the mode according to relative rules. The following statuses are available now:

Port link status

Port duplex status

Port rate status

Memory utilization rate

CPU utilization rate

Port of packets with CRC error

Port generating broadcast storm

Uplink interface bandwidth occupancy

Port which does not learn MAC address

Ping NM server

POE status

ZXR10 5250 Product Description

3.2.20 SFTP

ZXR10 5250 Product Description 3.2.20 SFTP SFTP is actually an SSH-based file transmission mode supporting file

SFTP is actually an SSH-based file transmission mode supporting file transmission encryption. Its real name is SSH File Transfer Protocol.

3.2.21 SSL

Secure Socket Layer is used to guarantee the safety of data transmission on Internet. It adopts data Encryption technology to prevent data interception during transmission.

The current version is V 3.0. It has been widely used in identify authentication and encrypted data transmission between Web browser and servers.

4 System Architecture

4.1

Appearance

ZXR10 5250 is a sort of cassette Ethernet switch. Its hardware is composed by chassis, control switching fabric unit, line interface unit and power supply unit. The size of the chassis goes in line with European standard.

Figure 4-1

ZXR10 5250-28TC-H

in line with European standard. Figure 4-1 ZXR10 5250-28TC-H Figure 4-2 ZXR10 5250-52TC-H Figure 4-3 ZXR10

Figure 4-2

ZXR10 5250-52TC-H

Figure 4-1 ZXR10 5250-28TC-H Figure 4-2 ZXR10 5250-52TC-H Figure 4-3 ZXR10 5250-52PM-H Figure 4-4 ZXR10 5250-28PM-H

Figure 4-3

ZXR10 5250-52PM-H

Figure 4-2 ZXR10 5250-52TC-H Figure 4-3 ZXR10 5250-52PM-H Figure 4-4 ZXR10 5250-28PM-H 1 8 2015 ZTE

Figure 4-4

ZXR10 5250-28PM-H

Figure 4-3 ZXR10 5250-52PM-H Figure 4-4 ZXR10 5250-28PM-H 1 8 2015 ZTE CORPORATION. All rights reserved
Figure 4-5 ZXR10 5250-28TM-H ZXR10 5250 Product Description Figure 4-6 ZXR10 5250-52TM-H Figure 4-7 ZXR10

Figure 4-5

ZXR10 5250-28TM-H

ZXR10 5250 Product Description

Figure 4-5 ZXR10 5250-28TM-H ZXR10 5250 Product Description Figure 4-6 ZXR10 5250-52TM-H Figure 4-7 ZXR10 5250-28TC

Figure 4-6

ZXR10 5250-52TM-H

ZXR10 5250 Product Description Figure 4-6 ZXR10 5250-52TM-H Figure 4-7 ZXR10 5250-28TC Figure 4-8 ZXR10 5250-52TC

Figure 4-7

ZXR10 5250-28TC

Figure 4-6 ZXR10 5250-52TM-H Figure 4-7 ZXR10 5250-28TC Figure 4-8 ZXR10 5250-52TC Figure 4-9 ZXR10 5250-28SM

Figure 4-8

ZXR10 5250-52TC

Figure 4-7 ZXR10 5250-28TC Figure 4-8 ZXR10 5250-52TC Figure 4-9 ZXR10 5250-28SM Figure 4-10 ZXR10 5250-52PM

Figure 4-9

ZXR10 5250-28SM

Figure 4-8 ZXR10 5250-52TC Figure 4-9 ZXR10 5250-28SM Figure 4-10 ZXR10 5250-52PM Figure 4-11 ZXR10 5250-28PM

Figure 4-10

ZXR10 5250-52PM

Figure 4-9 ZXR10 5250-28SM Figure 4-10 ZXR10 5250-52PM Figure 4-11 ZXR10 5250-28PM Figure 4-12 ZXR10 5250-28TS-L

Figure 4-11

ZXR10 5250-28PM

Figure 4-10 ZXR10 5250-52PM Figure 4-11 ZXR10 5250-28PM Figure 4-12 ZXR10 5250-28TS-L ZTE Confidential Proprietary

Figure 4-12

ZXR10 5250-28TS-L

Figure 4-11 ZXR10 5250-28PM Figure 4-12 ZXR10 5250-28TS-L ZTE Confidential Proprietary 2015 ZTE CORPORATION. All

ZXR10 5250 Product Description

Figure 4-13

ZXR10 5250-52TS-L

ZXR10 5250 Product Description Figure 4-13 ZXR10 5250-52TS-L 4.2 Hardware Architecture 4.2.1 Overall Hardware Architecture
ZXR10 5250 Product Description Figure 4-13 ZXR10 5250-52TS-L 4.2 Hardware Architecture 4.2.1 Overall Hardware Architecture

4.2 Hardware Architecture

4.2.1 Overall Hardware Architecture

ZXR10 5250 is a cassette product that adopts centralized hardware architecture design. All service interfaces are directly connected to switching main control card.

4.2.2 Working Principle of Hardware System

Figure 4-14

Working principle of the system

Hardware System Figure 4-14 Working principle of the system 4.2.3 Introduction to Card ZXR10 5250 system

4.2.3 Introduction to Card

ZXR10 5250 system can be divided into switching control module, power supply module and interface module based on the responsibilities they assume.

4.2.3.1 Control Card ZXR10 5250 Product Description Control card is the core component of ZXR10

4.2.3.1 Control Card

ZXR10 5250 Product Description

Control card is the core component of ZXR10 5250. It mainly implements two functions of control module and switch module.

In ZXR10 5250 system, control switch card is installed in the cassette structure with no independent panel. Its related interface and indicator are on the front panel of the system. The principle is shown in the following diagram:

Figure 4-15

Control principle

in the following diagram: Figure 4-15 Control principle 4.2.3.2 Control Module Control module is composed of

4.2.3.2 Control Module

Control module is composed of main processor and some external functional chips. It provides various external operation interfaces such as serial interface, and Ethernet interface to implement processing of various applications by the system. The main processor adopts high-performance CPU processor to implement the following tasks:

System network management protocol such as SNMP.

Network protocol such as STP.

Provides operation and management interfaces for each line card.

Takes data operation and maintenance.

ZXR10 5250 Product Description

4.2.3.3 Switch Module

ZXR10 5250 Product Description 4.2.3.3 Switch Module Switch module adopts the private Switch chip with multiple

Switch module adopts the private Switch chip with multiple GE bi-directional interfaces integrated. It can process multi-port wire-speed switching. The switch chip can implement the following functions:

Storage, forwarding, and switching

Support 10KB jumbo frame

Support priority queuing. When CoS queue is in congestion, it drops frames selectively.

4.3 Software Architecture

Ethernet switch ZXR10 5250 series switch is capable of L2 switching, providing L2 wire-speed switching and QoS guarantee. The system software implements management, control and data forwarding of system. Its basic tasks include system start, system configuration and management, protocol operation, table maintenance, switching chip setting and state control, and some special packet software forwarding. System software mainly implements the following functions:

It implements major L2 protocol functions including 802.1D STP protocol, 802.1P priority control, 802.1Q VLAN functions, and 802.3ad link aggregation. It supports IPv4 protocol stacking. It realizes multi-layer services of ACL and DHCP. It implements part of broadband access functions and network management protocol.

Users can take network management of Ethernet switch by serial interface terminal, Telnet, and SNMP Manager, covering network configuration management, failure management, performance management, and security management.

System software can be divided into the following four sub-systems based on the above system function requirements.

Operation support sub-system. It includes software modules of BSP, ROS, and SSP.

MUX sub-system. It includes data distributing module, statistics monitoring module and drive encapsulating module. Data distributing module takes charge of distribution of data packets in the drive and upper layer software. Statistics monitoring module takes charge of statistics data forwarding message and drive software table monitoring.

L2 sub-system. It includes STP, LACP, IGMP SNOOPING, MAC address management, VLAN management, and L2 data forwarding.

ZXR10 5250 Product Description  Network management and operation maintenance sub-system. It implements Agent function

ZXR10 5250 Product Description

Network management and operation maintenance sub-system. It implements Agent function of SNMP network management. It supports command line management, provides operation maintenance interface and provides MIB information.

4.3.1 Operation Support Sub-system

Operation support sub-system drives and encapsulates hardware in the lower layer to provide support for other software systems in the upper layer. Operation support sub-system mainly provides support for hardware operation, distributes operation resource for hardware, and provides related interface for software in upper layer. Operation support sub-system uses ZXR10 ROS platform including system support, system control, version loading control, BSP, and SSP. System support can be further divided into modules of operation system kernel, process scheduling, process communication, timer management, and memory management. The system diagram of operation support sub-system is shown in the following figure:

Figure 4-16

System framework diagram

the following figure: Figure 4-16 System framework diagram 4.3.2 MUX Sub-system MUX sub-system implements information

4.3.2 MUX Sub-system

MUX sub-system implements information switching of drive and upper layer software, and takes statistics and monitoring of software table of switching chip. The main functions of MUX sub-system are data forwarding and statistics monitoring. MUX layer receives data packets from drive module and distributes data packets based on ETHER TYPES

ZXR10 5250 Product Description

ZXR10 5250 Product Description field in MAC frame. MUX data forwarding also takes charge of encapsulating

field in MAC frame. MUX data forwarding also takes charge of encapsulating data forwarding function of the drive. It provides new data forwarding function invoking for each module in upper layer, which invokes data forwarding function provided by MUX to implement forwarding when there’s data packet or protocol packet needs to be forwarded. Statistics monitoring takes charge of state statistics of drive layer, physical layer and MUX layer, receiving and sending packets statistics, register reading monitoring, and data packet sniffer. It provides OAM module with interface function.

4.3.3 L2 Sub-system

L2 sub-system mainly implements configuration management (management layer) of data link layer, L2 protocol processing (control layer), and data forwarding (data layer or service layer).

Figure 4-17

L2 system structure

layer or service layer). Figure 4-17 L2 system structure 4.3.4 NM and Maintenance Sub-system Foreground network

4.3.4 NM and Maintenance Sub-system

Foreground network management and operation maintenance sub-system use TCP/IP to work as SNMP network management agent. They use the executive body of managed entity in lower layer to implement management. By network communication background and foreground network management take management of foreground system and realize separation of management network and transport network.

ZXR10 5250 Product Description 5 Technical Indexes and Specifications 5.1 Physical Indexes Table 5-1 5250-H

ZXR10 5250 Product Description

5 Technical Indexes and Specifications

5.1 Physical Indexes

Table 5-1

5250-H series physical indexes

Phy

           

sical

5250-28TC-

5250-52TC

5250-52PM

5250-28PM

5250-28TM

5250-52TM

inde

H

-H

-H

-H

-H

-H

xes

Dim

           

ensi

on

(widt

h×de

pth×

442×220×4

3.6

442×220×4

3.6

442×440×4

3.6

442×440×4

3.6

442×440×4

3.6

442×440×4

3.6

heig

ht)m

m

Max

           

weig

ht of

the

<2.9kg

<3.0kg

<7.5kg

<7.5kg

<6.4kg

<6.4kg

whol

e set

POE

Not support

Not support

Support

Support

Not support

Not support

 

Support AC

Support AC

Support

Support

Support

Support

and DC

and DC

inserting

inserting

two

two

input;

input;

two

two

modular AC

modular AC

Support

Support

modular AC

modular AC

or DC

or DC

Pow

RPS

RPS

power

power

power

power

AC:

AC:

modules

modules

supply

supply

er

100V~240V

100V~240V

(each

(each

sup

ply

,

,

535W);

535W);

50Hz~60Hz

50Hz~60Hz

rated

rated

 

DC:

DC:

voltage:

voltage:

-48V~-60V

-48V~-60V

100V~240V

100V~240V

RPS:12V

RPS:12V

AC;

AC;

DC

DC

50Hz~60Hz

50Hz~60Hz

Max

   

<180 W (consumpti on upon full load PoE

output), the max. PoE output power is 840 W, in

<111 W (consumpti on upon full load PoE

output), the max. PoE output power is 720W, in

   

pow

er

cons

<27W

<53W

<51W

<70W

ump

tion

ZXR10 5250 Product Description

ZXR10 5250 Product Description       normal working environmen t AC 220 V input condition)
     

normal working environmen t AC 220 V input condition)

normal working environmen t AC 220 V input condition)

   

Wor

 

king

Long-term working temperature: -5~+50: short-term working temperature:

tem

-5~+55;

pera

Storage temperature: -40~+70

 

ture

 

Wor

 

king

Relative humidity 20%~90%, no coagulation

 

hum

idity

 

Eart

 

hqu

ake

8 earthquake intensity

 

proo

f

 

Reli

MTBF: >100,000 hours; MTTR: <30 minutes

 

abilit

 

y

Table 5-2

5250 standard series physical indexes

Physical

5250-28T

5250-52TC

5250-28SM

5250-28PM

5250-52PM

indexes

 

C

Dimensio

         

n

(width×d

epth×hei

442×220×

43.6

442×220×4

3.6

442×220×43.

6

442×440×4

3.6

442×440×4

3.6

ght)mm

Max

         

weight of

the

<2.9kg

<3.0kg

<4.0kg

<7.5kg

<7.5kg

whole

set

 

Not

       

POE

support

Not support

Not support

Support

Support

   

Support AC

 

Support AC, DC and DC RPS input; AC: rated voltage: 100 V~240 V AC; 50/60 Hz DC: rated voltage:-48 V/-60 V DC

and DC

input:

Power

AC: rated voltage: 100 V ~240 V AC ; 50/60

Support AC input: rated voltage: 100 V ~240 V AC; 50/60 Hz

supply

DC

RPS: rated voltage:

Hz

 

+12

V DC

DC: rated voltage: -48

ZXR10 5250 Product Description     V DC   Max       <111 W

ZXR10 5250 Product Description

   

V DC

 

Max

     

<111 W (consumpti on upon full load PoE output), the max. PoE output power is 720W, in normal working environmen t AC 220 V input condition)

<180 W (consumpti on upon full load PoE output), the max. PoE output power is 840 W, in normal working environmen t AC 220 V input condition)

power

27W

53W

39W

consump

tion

     

Working

Long-term working temperature: -5~+50: short-term working temperature: -5~+55; Storage temperature: -40~+70

temperat

ure

Working

Relative humidity 20%~90%, no coagulation

 

humidity

Earthqua

8 earthquake intensity

 

ke proof

Reliabilit

MTBF: >100,000 hours; MTTR: <30 minutes

 

y

 

Table 5-3

5250 TS-L series physical indexes

 

Phys

   

ical

inde

5250-28TS-L

5250-52TS-L

xes

Dime

   

nsio

n

(widt

h×de

442×220×43.6

442×220×43.6

pth×

heig

ht)m

m

Max

   

weig

ht of

the

<2.9kg

<3.0kg

whol

e set

POE

Not support

Not support

Pow

Support AC and DC RPS input;

Support AC and DC RPS input;

ZXR10 5250 Product Description

ZXR10 5250 Product Description er AC: 100V~240V, 50Hz~60Hz RPS:12V DC AC: 100V~240V, 50Hz~60Hz RPS:12V DC supp

er

AC: 100V~240V, 50Hz~60Hz RPS:12V DC

AC: 100V~240V, 50Hz~60Hz RPS:12V DC

supp

ly

   

Max

   

pow

er

cons

<27W

<53W

umpt

ion

Wor

 

king

Long-term working temperature: -5~+50: short-term working temperature: -5~+55; Storage temperature: -40~+70

temp

eratu

re

 

Wor

 

king

Relative humidity 20%~90%, no coagulation

humi

dity

 

Eart

 

hqua

ke

8 earthquake intensity

proo

f

Relia

MTBF: >100,000 hours; MTTR: <30 minutes

bility

5.2 Basic Specifications

 

Table 5-4

5250-H series system specifications

 

Item

5250-28TC-

5250-52TC

5250-52PM

5250-28PM

5250-28TM

5250-52TM

 

H

 

-H

-H

-H

-H

-H

 

U

N

I

24

10/100/1000

Base-T

Ethernet

ports

48

10/100/100

0Base-T

Ethernet

48

10/100/100

0Base-TX

Ethernet

ports(PoE)

20

10/100/100

0Base-TX

Ethernet

ports(PoE)

20

10/100/100

0Base-TX

Ethernet

ports

48

10/100/100

0Base-TX

Ethernet

ports

ports

+4GE

+4GE

COMBO

COMBO

P

 

2

GE

2

GE

Support

Support

Support

Support

o

Combo

Combo

uplink

uplink

uplink

uplink

rt

(10/100/100

(10/100/10

subcard,

subcard,

subcard,

subcard,

0Base-T

00Base-T

which

which

which

which

N

N

I

Ethernet

ports or

1000Base-X

Ethernet

ports or

1000Base-

includes

4-port 10G

optical,

includes

4-port 10G

optical,

includes

4-port 10G

optical,

includes

4-port 10G

optical,

SFP port);

X SFP

4-port GE

4-port GE

4-port GE

4-port GE

2

fixed

port);

electrical,

electrical,

electrical,

electrical,

1000Base-X

2

fixed

4-port GE

4-port GE

4-port GE

4-port GE

ZXR10 5250 Product Description Item 5250-28TC- 5250-52TC 5250-52PM 5250-28PM 5250-28TM 5250-52TM H

ZXR10 5250 Product Description

Item

5250-28TC-

5250-52TC

5250-52PM

5250-28PM

5250-28TM

5250-52TM

H

-H

-H

-H

-H

-H

   

SFP ports;

1000Base-

optical

optical

optical

optical

X SFP

ports.

ports.

ports.

ports.

ports

Forw

           

ardin

g

42Mpps

78Mpps

132Mpps

96Mpps

96Mpps

132Mpps

perfo

rman

           

ce

Port

           

switc

hing

56Gbps

104Gbps

176Gbps

128Gbps

128Gbps

176Gbps

capa

city

MAC

Support MAC address learning, aging and conversion from dynamic to static Support static MAC address setting Support MAC address attack protection Support 16K address table items

VLAN

4k for the whole set Support port-based VLAN Support VLAN translation (1:1, N:1) Support PVLAN Support macbased vlan

 

ACL

Support ingress ACl Support egress ACl

 

QinQ

Support QinQ-based forwarding Support ordinary QinQ, outer layer label tagging based on port Support Selective QinQ, outer layer label tagging based on traffic Support Selective QinQ inner layer priority mapping Support TPID modification

 

LACP

Support dynamic LACP Support traffic-based load balancing

 

Stor

Support broadcast packet suppression

 

m

Support multicast packet suppression Support unknown packet suppression Support unknown unicast/multicast packet dropping

 

suppr

essio

n

Support unknown unicast/multicast broadcasting

L2

Support IGMP Snooping/proxy Support IGMP rate limit, IGMP rate filter, IGMP rate shaping Support cross-VLAN multicast duplication

 

multi

cast

QOS

Support port rate limit and traffic rate limit Support 8 queues with different priorities at each port Support mapping to different queues based on packet 802.1p Support SP, WRR, and SP+WRR algorithm Support traffic classification based on source MAC address, destination MAC

ZXR10 5250 Product Description

ZXR10 5250 Product Description Item 5250-28TC- 5250-52TC 5250-52PM 5250-28PM 5250-28TM 5250-52TM H

Item

5250-28TC-

5250-52TC

5250-52PM

5250-28PM

5250-28TM

5250-52TM

H

-H

-H

-H

-H

-H

 

address, source IP address, and destination IP address Traffic classification of L4 port, protocol type, VLAN, Ethernet frame protocol, and CoS information Support traffic-based label priority and packet re-orientation

Anti-l

 

ighte

Anti-lightening capability at all service ports: 6KV6KV

 

ning

 

Secur

Support DHCP snooping and DHCP relay Support 802.1x, and maximal user limit at single port Support dynamic ARP detection (DAI) Support IP Source Guard Support MAC address filtering Support local or remote authentication of login user Support CPU protection Support SSH V2 Support TACACS+ and radius authentication of administrative user

 

ity

featur

es

LLDP

Support LLDP neighbor discovery Support LLDP MED

 

UDLD

Support UDLD unidirectional link detection

 
 

Support 802.1ag

 

OAM

Support 802.3ah

IPV6

Support IPV6 host management Support IPV6 ND Support IPV6 MLD snooping Support IPV6 ICMPV6 Support IPV6 DHCPV6 snooping Support IPV6 ACL

 

Monit

oring

Support SFLOW

Support

RSPAN

 

Support

mirror

Maint

 

enan

Support DHCP-based auto configuration and loading Support MButton

 

ce

Voice

 

vlan

Support

voice vlan

 

Netw

 

ork

mana

Support SNMP V2,V3

 

geme

nt

 

Table 5-5

5250 standard series system specifications

ZXR10 5250 Product Description Item   5250-28TC   5250-52TC 5250-28SM 5250-28PM 5250-52PM

ZXR10 5250 Product Description

Item

 

5250-28TC

 

5250-52TC

5250-28SM

5250-28PM

5250-52PM

   

U

NI

24

10/100/1000

Base-T

Ethernet

ports

48

10/100/1000

Base-T

Ethernet

24 fixed

10/100/100

0Base-X

SFP ports

20

10/100/1000

Base-TX

Ethernet

ports (PoE)

48

10/100/100

0Base-TX

Ethernet

ports (PoE)

 

ports

+4GE

COMBO

     

Support

   

two uplink

subcards:

Support

P

or

t

 

N

NI

2

(10/100/1000

GE Combo

Base-T

Ethernet

ports or

1000Base-X

SFP port);

2

1000Base-X

SFP ports

fixed

2

(10/100/1000

GE Combo

Base-T

Ethernet

ports or

1000Base-X

SFP port);

2

1000Base-X

SFP ports

fixed

One is 4 fixed

10/100/100

Base-T

Ethernet

port

subcard,

the other is

4

100/1000

0

fixed

Support

uplink

subcard,

which

includes

4-port 10G

optical,

4-port GE

electrical,

4-port GE

optical ports.

uplink

subcard,

which

includes

4-port 10G

optical,

4-port GE

electrical,

4-port GE

optical

 

Base-X

ports.

SFP port

subcards

Forwa

         

rding

42Mpps

78Mpps

42Mpps

96Mpps

132Mpps

perfor

mance

         

Port

         

switch

ing

 

56Gbps

104Gbps

56Gbps

128Gbps

176Gbps

capaci

ty

 
 

Support MAC address learning, aging and conversion from dynamic to static

MAC

Support static MAC address setting Support MAC address attack protection Support 16K address table items

 
 

4k for the whole set Support port-based VLAN

 

VLAN

Support VLAN translation (1:1, N:1) Support PVLAN Support macbased vlan

 

ACL

Support ingress ACl Support egress ACl

 
 

Support QinQ-based forwarding Support ordinary QinQ, outer layer label tagging based on port

 

QinQ

Support Selective QinQ, outer layer label tagging based on traffic Support Selective QinQ inner layer priority mapping Support TPID modification

ZXR10 5250 Product Description

ZXR10 5250 Product Description Item 5250-28TC 5250-52TC 5250-28SM 5250-28PM 5250-52PM LACP Support dynamic LACP
Item 5250-28TC 5250-52TC 5250-28SM 5250-28PM 5250-52PM LACP Support dynamic LACP Support traffic-based load
Item
5250-28TC
5250-52TC
5250-28SM
5250-28PM
5250-52PM
LACP
Support dynamic LACP
Support traffic-based load balancing
Storm
suppr
ession
Support broadcast packet suppression
Support multicast packet suppression
Support unknown packet suppression
Support unknown unicast/multicast packet dropping
Support unknown unicast/multicast broadcasting
L2
multic
ast
Support IGMP Snooping/proxy
Support IGMP rate limit, IGMP rate filter, IGMP rate shaping
Support cross-VLAN multicast duplication
QOS
Support port rate limit and traffic rate limit
Support 8 queues with different priorities at each port
Support mapping to different queues based on packet 802.1p
Support SP, WRR, and SP+WRR algorithm
Support traffic classification based on source MAC address, destination
MAC address, source IP address, and destination IP address
Traffic classification of L4 port, protocol type, VLAN, Ethernet frame
protocol, and CoS information
Support traffic-based label priority and packet re-orientation
Anti-li
ghteni
Anti-lightening capability at all service ports: 6KV6KV
ng
Securi
ty
featur
es
Support DHCP snooping and DHCP relay
Support 802.1x, and maximal user limit at single port
Support dynamic ARP detection (DAI)
Support IP Source Guard
Support MAC address filtering
Support local or remote authentication of login user
Support CPU protection
Support SSH V2
Support TACACS+ and radius authentication of administrative user
LLDP
Support LLDP neighbor discovery
Support LLDP MED
UDLD
Support UDLD unidirectional link detection
IPV6
Support IPV6 host management
Support IPV6 ND
Support IPV6 MLD snooping
Support IPV6 ICMPV6
Support IPV6 DHCPV6 snooping
Support IPV6 ACL
Support SFLOW
Monit
Support
RSPAN
oring
Support
mirror
Mainte
nance
Support DHCP-based auto configuration and loading
Support MButton
ZXR10 5250 Product Description Item 5250-28TC 5250-52TC 5250-28SM 5250-28PM 5250-52PM   Voice

ZXR10 5250 Product Description

Item

5250-28TC

5250-52TC

5250-28SM

5250-28PM

5250-52PM

 

Voice

 

vlan

Support

voice vlan

 

Netwo

 

rk

 

mana

Support SNMP V2,V3

 

geme

nt

   
 

Table 5-6

5250-L series system specifications

 

Item

 

5250-28TS-L

   

5250-52TS-L

 
   

U

24 10/100/1000Base-T Ethernet

 

P

NI

ports

48 10/100/1000Base-T Ethernet ports

or

 

t

 

N

   

NI

4 fixed 1000Base-X SFP ports

 

4 fixed 1000Base-X SFP ports

 

Forwa

   

rding

42Mpps

 

78Mpps

 

perfor

mance

   

Port

   

switch

ing

 

56Gbps

104Gbps

 

capaci

 

ty

 

MAC

Support MAC address learning, aging and conversion from dynamic to static Support static MAC address setting Support MAC address attack protection Support 8K address table items

 

4k for the whole set

 

VLAN

Support port-based VLAN Support PVLAN

ACL

Support ingress ACl

 

QinQ

Support QinQ-based forwarding Support TPID modification

 

LACP

Support dynamic LACP Support traffic-based load balancing

 

Storm

Support broadcast packet suppression Support multicast packet suppression Support unknown packet suppression Support unknown unicast/multicast packet dropping Support unknown unicast/multicast broadcasting

 

suppr

ession

ZXR10 5250 Product Description

ZXR10 5250 Product Description Item 5250-28TS-L 5250-52TS-L L2 multic Support IGMP Snooping Support IGMP rate limit,
Item 5250-28TS-L 5250-52TS-L L2 multic Support IGMP Snooping Support IGMP rate limit, IGMP rate filter,
Item
5250-28TS-L
5250-52TS-L
L2
multic
Support IGMP Snooping
Support IGMP rate limit, IGMP rate filter, IGMP rate shaping
ast
QOS
Support port rate limit and traffic rate limit
Support 4 queues with different priorities at each port
Support mapping to different queues based on packet 802.1p
Support SP, WRR, and SP+WRR algorithm
Support traffic classification based on source MAC address, destination
MAC address, source IP address, and destination IP address
Traffic classification of L4 port, protocol type, VLAN, Ethernet frame protocol,
and CoS information
Support traffic-based label priority and packet re-orientation
Anti-li
ghteni
Anti-lightening capability at all service ports: 6KV6KV
ng
Securi
ty
featur
es
Support DHCP snooping
Support 802.1x, and maximal user limit at single port
Support dynamic ARP detection (DAI)
Support IP Source Guard
Support MAC address filtering
Support local or remote authentication of login user
Support CPU protection
Support SSH V2
Support TACACS+ and radius authentication of administrative user
LLDP
Support LLDP neighbor discovery
Support LLDP MED
UDLD
Support UDLD unidirectional link detection
IPV6
Support IPV6 host management
Support IPV6 ND
Support IPV6 ICMPV6
Support IPV6 ACL
Monit
Support
RSPAN
oring
Support
mirror
Mainte
Support DHCP-based auto configuration and loading
nance
Voice
Support
voice vlan
vlan
Netwo
rk
mana
Support SNMP V2,V3
geme
nt
ZXR10 5250 Product Description 6 Operation and Maintenance 6.1 NetNumen U31 Integrated NM Platform IP

ZXR10 5250 Product Description

6 Operation and Maintenance

6.1 NetNumen U31 Integrated NM Platform

IP network is bearing more and more services. At the same time it covers large area with complicated configuration. Users have high expectation for the network. Network management difficulty and workload become rather great. Only artificial management with passive checking maintenance can no long meet the needs of reliable operation of the network.

How to quickly deploy services in the network, how to guarantee reliable and stable network operation, how to foresee the network operation quality, and how to detect the failure point as soon as possible when failure occurs in the network are all present before OAM staff. Thus active monitoring is urgently needed for the network to automatically detect and solve network failure, to maintain smooth operation of the network, so as to realize network value maximization.

To achieve this ZTE developed NetNumen U31 integrated network management system. NetNumen U31 is an centralized network management system integrating multiple products of router and switch. It integrates network element management, network management, and service management in one, supporting multiple databases. It has graphic interface of many languages, providing direct and easy operation. Offering flexible northbound interface, it supports powerful interconnection integration capability.

6.1.1 NM Networking

Inband management and outband management can be adopted for networking between NetNumen U31 network management system and ZXR10 5250.

Inband management

Inband management. Network management and service data are transported through one channel with no need to build extra DCN network. NetNumen U31 network management system can perform management when it is connected with the network equipment nearby with related SNMP parameters configured.

The advantage of inband management is flexible networking without extra investment. The disadvantage is network management information occupies service bandwidth, which may influence service quality.

Outband management

Outband management. Network management information is transported inside network management network, separated from service data. Extra DCN network is needed.

ZXR10 5250 Product Description

ZXR10 5250 Product Description NetNumen U31 network management system is connected to outband management interface on

NetNumen U31 network management system is connected to outband management interface on ZXR10 5250 so that network management information is transmitted independently from service information.

The advantage is the interruption of service channel doesn’t influence management of equipment by the network management station. Network management information transmission is more reliable. The disadvantage is that network management network built independently is influenced greatly by territory restriction so that extra investment is necessary.

6.1.2 NetNumen U31 NM System

NetNumen U31 network management system is an integrated router, switch, and CE management system developed by ZTE. Covering network management, network management and service management, network management system provides the following functions:

Failure management guarantees stable network operation

In network management maintenance, the management staff has an urgent need to know the network operation to make sure the network works stably. Failure management in NetNumen U31 mainly takes charge of realtime receiving of various equipment alarm and network event reported by all network elements. It can notify the maintenance staff in an audible and visual way. The maintenance staff confirms and deals with the event. They save the collected alarm reports in the base for various statistic and query. Failure management is the most important and most usual management measure in network operation and maintenance. With failure management, users can implement query, realtime monitoring, failure filtering, failure location, failure confirmation, failure clearance, and failure analysis etc. NetNumen U31 system also provides audio prompt, graphic display of alarm, accessible alarm box, Email system, and SMS system. It notifies users with sound and light, Email, and message for users to have easy daily maintenance.

Performance management obtains a complete understanding of network services

Network traffic flow, network load are the most focused concern in network management. NetNumen U31 performance management module mainly takes charge of performance monitoring and analysis of network and equipment. It provides maintenance and management department with information to supervise network engineering, planning and adjusting to improve network operation quality by collecting various performance data from network elements and generating performance report after processing. With performance management, users can perform statistics of equipment load, traffic flow, and interface load to learn about network service quality, assess and adjust network resource configuration as soon as possible.

Resource management makes good use of network resource

ZXR10 5250 Product Description Resource management system implements physical resource and logic resource management. It

ZXR10 5250 Product Description