ZTE 1800-2SW Intelligent Integrated Multi-Services Router User Manual ZXR10 ZSR Intelligent Integrated Multi Service Router Product Description

ZTE Corporation Intelligent Integrated Multi-Services Router ZXR10 ZSR Intelligent Integrated Multi Service Router Product Description

ZXR10 ZSR Intelligent Integrated Multi-Service Router Product Description

ZXR10ZSRV2IntelligentIntegratedMulti-ServiceRouterProductDescriptionVersion:2.00.20ZTECORPORATIONNo.55,Hi-techRoadSouth,ShenZhen,P .R.ChinaPostcode:518057Tel:+86-755-26771900Fax:+86-755-26770801URL:http://support.zte.com.cnE-mail:support@zte.com.cn
LEGALINFORMATIONCopyright©2014ZTECORPORATION.Thecontentsofthisdocumentareprotectedbycopyrightlawsandinternationaltreaties.Anyreproductionordistributionofthisdocumentoranyportionofthisdocument,inanyformbyanymeans,withoutthepriorwrittenconsentofZTECORPORATIONisprohibited.Additionally,thecontentsofthisdocumentareprotectedbycontractualcondentialityobligations.Allcompany,brandandproductnamesaretradeorservicemarks,orregisteredtradeorservicemarks,ofZTECORPORATIONoroftheirrespectiveowners.Thisdocumentisprovided“asis”,andallexpress,implied,orstatutorywarranties,representationsorconditionsaredisclaimed,includingwithoutlimitationanyimpliedwarrantyofmerchantability,tnessforaparticularpurpose,titleornon-infringement.ZTECORPORATIONanditslicensorsshallnotbeliablefordamagesresultingfromtheuseoforrelianceontheinformationcontainedherein.ZTECORPORATIONoritslicensorsmayhavecurrentorpendingintellectualpropertyrightsorapplicationscoveringthesubjectmatterofthisdocument.ExceptasexpresslyprovidedinanywrittenlicensebetweenZTECORPORATIONanditslicensee,theuserofthisdocumentshallnotacquireanylicensetothesubjectmatterherein.ZTECORPORATIONreservestherighttoupgradeormaketechnicalchangetothisproductwithoutfurthernotice.UsersmayvisittheZTEtechnicalsupportwebsitehttp://support.zte.com.cntoinquireforrelatedinformation.TheultimaterighttointerpretthisproductresidesinZTECORPORATION.RevisionHistoryRevisionNo.RevisionDateRevisionReasonR1.02015-03-30FirsteditionSerialNumber:SJ-20150204153047-003PublishingDate:2015-03-30(R1.0)SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ContentsAboutThisManual.........................................................................................IChapter1ProductLocationandFeatures...............................................1-11.1ProductLocation................................................................................................1-11.2ProductFeatures................................................................................................1-2Chapter2ProductStructure.....................................................................2-12.1ProductAppearance...........................................................................................2-12.2HardwareStructure............................................................................................2-52.3SoftwareStructure..............................................................................................2-7Chapter3FunctionsandFeatures...........................................................3-13.1IPv4RoutingProtocolsandIPBasicServices......................................................3-13.1.1UnicastRoutingProtocols.........................................................................3-13.1.2MulticastRoutingProtocol........................................................................3-33.1.3PolicyRouteandRoutingPolicy................................................................3-53.1.4DHCPandDNS.......................................................................................3-63.2WANAccess......................................................................................................3-63.3RoutingandSwitchingIntegration.......................................................................3-83.4MPLS................................................................................................................3-93.5VPN................................................................................................................3-103.5.1IPSecandGRE......................................................................................3-103.5.2MPLSVPN............................................................................................3-143.5.3SmartDialControl..................................................................................3-153.6QoS................................................................................................................3-163.7SecurityFeatures.............................................................................................3-183.7.1ACL.......................................................................................................3-183.7.2Anti-Attack.............................................................................................3-193.7.3Firewall..................................................................................................3-193.7.4MultipleSecurityAuthenticationModes....................................................3-233.7.5uRPF.....................................................................................................3-243.8NetworkReliability............................................................................................3-243.9IPv6Features..................................................................................................3-263.9.1IPv6BasicFunctions..............................................................................3-263.9.2IPv6UnicastRoutingProtocols...............................................................3-263.9.3IPv6MulticastRoutingProtocols.............................................................3-27ISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
3.9.4IPv6TunnelFunctions............................................................................3-283.9.56PEand6VPE.......................................................................................3-303.9.6NAT64...................................................................................................3-303.10NAT...............................................................................................................3-313.11NetworkManagementFeatures.......................................................................3-313.12SystemOperationandMaintenance................................................................3-33Chapter4NetworkApplications...............................................................4-14.1ApplicationScenarioofAccessNetworksofEnterpriseHeadquartersandBranches.........................................................................................................4-14.2ApplicationScenarioofEgressGatewaysinEnterpriseNetworks..........................4-24.3ApplicationScenarioofConvergenceandAccessNetworksofIndustryNetworks..........................................................................................................4-44.4ApplicationScenarioofT elecomOperators'DCNNetworks..................................4-5Chapter5TechnicalIndexes.....................................................................5-1Figures.............................................................................................................ITables............................................................................................................IIIGlossary.........................................................................................................VIISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
AboutThisManualPurposeThismanualdescribestheproductlocationandfeatures,productstructure,functionsandapplications,technicalparametersoftheZXR10ZSRV2seriesrouters.IntendedAudienceThismanualisintendedfor:lNetworkplanningengineerslNetworkmaintenanceengineersWhatIsinThisManualThismanualcontainsthefollowingchapters:Chapter1,ProductLocationandFeaturesDescribesthelocationandhighlightsoftheZXR10ZSRV2.Chapter2,ProductStructureDescribestheappearance,hardwarestructure,andsoftwarestructureoftheZXR10ZSRV2.Chapter3,FunctionsandFeaturesDescribessoftwarefeaturesandmajorfunctionsoftheZXR10ZSRV2.Chapter4,NetworkApplica-tionsDescribesapplicationsoftheZXR10ZSRV2inactualnetworkarchi-tectures.Chapter5,T echnicalIn-dexesDescribestechnicalindexesoftheZXR10ZSRV2.ConventionsThismanualusesthefollowingconventions.ItalicsVariablesincommands.Itmayalsorefertootherrelatedmanualsanddocuments.BoldMenus,menuoptions,functionnames,inputelds,optionbuttonnames,checkboxes,drop-downlists,dialogboxnames,windownames,parameters,andcommands.ConstantwidthTextthatyoutype,programcodes,lenames,directorynames,andfunctionnames.[]Optionalparameters.{}Mandatoryparameters.|Separatesindividualparametersinaseriesofparameters.ISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Warning:indicatesapotentiallyhazardoussituation.Failuretocomplycanresultinseriousinjury,equipmentdamage,orinterruptionofmajorservices.Caution:indicatesapotentiallyhazardoussituation.Failuretocomplycanresultinmoderateinjury,equipmentdamage,orinterruptionofminorservices.Note:providesadditionalinformationaboutacertaintopic.IISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter1ProductLocationandFeaturesTableofContentsProductLocation........................................................................................................1-1ProductFeatures........................................................................................................1-21.1ProductLocationTheZXR10ZSRV2seriesisanintelligentmulti-servicerouterintegratingrouting,switching,wireless,security,VPN,andbroadbanduseraccessmanagementfunctions.TheZXR10ZSRV2usesthemodularandextensiblesystemarchitecture,andcanbeusedtoestablishintelligent,efcient,reliable,exible,andnetworkswitheaseofmaintenance.TheZXR10ZSRV2canbewidelyusedinthefollowingscenarios:lEgressgatewaysofcampusnetworks,governmentnetworks,andenterprisenetworkslAccessnetworksofenterpriseheadquartersandbrancheslMobileofcenetworkslConvergencenetworkandaccessnetworkofindustrynetworksTheZXR10ZSRV2seriesincludesvetypesofproducts:lZXR103800-8lZXR102800-4lZXR101800-2SMountingawirelessfunctionmoduletotheZXR101800-2Sresultsintwosub-models:ZXR101800-2S(G)andZXR101800-2S(W).lZXR101800-2EMountingawirelessfunctionmoduletotheZXR101800-2Eresultsinsub-modelZXR101800-2E(G).lZXR102800-3EMountingawirelessfunctionmoduletotheZXR102800-3Eresultsinsub-modelZXR102800-3E(G).Figure1-1showsanexternalviewofeachproduct.1-1SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionFigure1-1ExternalViewsoftheZXR10ZSRV2SeriesProducts1.2ProductFeaturesHighPerformance,EnsuringNoNetworkAccessBottleneckWithincreaseofenterpriseapplications,networktrafcincreases.Newapplicationssuchasvideoconferencing,distancelearning,andremotedisasterrecoveryhavehigherandhigherrequirementsforperformanceonnodesprocessingnetworkdata.TheZXR10ZSRV2provideshighperformanceandensuresnonetworkaccessbottleneck.lThehigh-performancemulti-coreprocessorandintelligentswitchingengineguaranteehigh-performanceprotocolprocessingandmanagementcontrolprocessing,andimplementhigh-speedL2andL3packetforwarding.Thisimprovestheoverallperformanceofthesystem.Multi-layerdistributedforwardingandprocessingensuresthatthesystemresourcescanbeallocatedproperlyformultiplesimultaneousservices,whichguaranteesthehighforwardingperformanceofthesystem.Eachslotsupportsamaximumof10Gbpsbusbandwidth,ensuringsmoothservicepacketforwarding.lTheZXR10ZSRV2supportsvarioustypesofinterfaces,includingwiredinterfacessuchastheGEinterface,FEinterface,POSinterface,CPOSinterface,E1interface,xDSLinterface,synchronousserialinterfaceandasynchronousinterface,andwirelessinterfacessuchasthe3G/LTEinterfaceandWi-Fiinterface.FEinterfacesareintegratedontheMPUs,andtheseinterfacescanbeusedasWANinterfacesorLANinterfaces.Thisprovidestheexibleaccesscapabilityandimprovestheprice/performanceratio.lTheZXR10ZSRV2usesahigh-availabilitydesign.TheACpowerandDCpowerareusedforredundancy.Thepowersupplymodules,fanmodules,andserviceboardssupporthotswapping.Thesystemsoftwareusesthemodulardesignandnewfunctionscanbeadded,whichimprovesstabilityandexibilityofthesystem.TheZXR10ZSRV2supportsavailabilitytechnologiessuchasOAMdetection,BFDforeverything,FRR,VRRP ,andlinkaggregation.1-2SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter1ProductLocationandFeatureslTheZXR10ZSRV2providesthecontrol-planesecurityfunction.TheZXR10ZSRV2classiescontrol-planepackets,andperformsmulti-levelratelimitandscheduling.Thetrafcsuppression,protocolwhitelist,protocolauthenticationfunctionscanbeset.TheZXR10ZSRV2supportsanti-DDOSattacks,anti-ARPattacks,andattack-sourcetracing,whichguaranteesequipmentsecuritytothemaximumextent.lTheZXR10ZSRV2providestheACLfunctionandsupportsaL2andL3hybridACLprocessingalgorithm.TheefcientACLprocessingcapabilityanduser-friendlyACLlogstatisticsmanagementfunctionhelptoperformelaborateservicemanagement.lTheZXR10ZSRV2usesareneddesign.TheZXR101800-2Susesadesktopdesign,soitissmallandexible.TheZXR102800-4and3800-8useafront-outletdesign,sothatmaintenanceandoperationscanbeperformedatonesideofeachdevice.TheZXR102800-4and3800-8canbeinstalledincabinetswhosedepthis300mmtosavespaceofequipmentrooms.TheZXR102800-4and3800-8alsocanbeinstalledinnarrowspacesuchasoutdoorcabinets,vehicle-mountedcabinets,basestations,andofcecabinetstoreduceoperationandmaintenancecosts.TheZXR102800-2EandZXR103800-3Ecanbeinstalledinacabinet600mmdeep.Theycanalsobeinstalledinoutdoorcabinets,vehicles,basestations,anddevicecabinetsinofces,sotheO&Mcostisrelativelylow.WiredandWirelessAccess,AnytimeandAnywhereComparedwithaconventionalnetwork,awirelessnetworkhaslargercoverage.Itextendsthenetworkaccessrange,andcanprovidesupplementaryforawirednetwork.Mobileofceworkcanbeperformedthroughwirelessnetworks,whichremovesthetime-spacebottleneck.Operatingasa4Grouter,theZXR10ZSRV2guaranteesnetworkreliability,andimprovesthenetworkbandwidthvalue.TheZXR10ZSRV2providesthefollowingfunctions:lSupports3G(includingWCDMA,andTD-SCDMA)andLTE(includingTDDandFDD)formats.lProvidesbuilt-inwirelessmodules,plugandplayUSBcardsandspecialinterfacecardstomeetrequirementsofdifferentnetworkstructures.lProvidesanextensionfeedertosolvethesignalcoverageproblemwhenthedeviceislocatedinaequipmentroomcornerorofcecornerwherethewirelesssignalisweak.lAwareof3G/LTEsignalstrengthanddetectslinkqualityinrealtimetoguaranteethecustomerSLA.lProvidestheSmartDial-upControland24-hourbackupfunctions.ThexDSLor3G/LTEstandbylinkcanbeconnectedbasedonpoliciestoprotectservicesorperformloadsharing.Thisimprovesviabilityofnetworksandreliabilityofservices.lUsesthemulti-linkloadsharingtechnology,monitorsinterconnectedlinksofdifferentcarriers,andperformsintelligentroutingfordataowssenttotheInternet.ThisensuresthatuserscanaccesstheInternetthroughoptimallinks.lSupportsestablishingVPNchannelsin3G/LTEnetworks,whichimprovessecurityofwirelesslinks.lSupportsWi-Fiaccessand802.11b/g/nradiofrequencymodeadjustment,sothattheaccessratecanbedynamicallyadjustedinaccordancewiththeenvironment.1-3SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionlSupportstheguardintervaltoavoiddatainterference.lSupportsWi-FimultimediaandprovideswirelessQoS,whichguaranteesqualityofapplicationssuchasthevoiceandvideoservices.lSupportsdifferentauthenticationmodes,includingnone,WEP ,WPA,WPA2(TKIPandAES-CCMP),andWAPIhardencryption.MultipleFunctions,ReducingCostsTheZXR10ZSRV2providesdifferentfunctionstomeetrequirementsofdifferentnetworkstructures.lProvidestherouter,switch,rewall,AP ,NATgateway,andVPNgatewayfunctions.Thefunctionscanbeloadedasneeded,whichprovidesaexibleplatformtoimplementoptimalservicedeployment.lSupportstheGRE,IPSec,andMPLSVPNoverGREfunctionstomeetrequirementsofVPNapplicationsindifferentnetworkstructures.lSupportsMPLS,providesL2andL3MPLSVPNsolutions,andsupportsthePWE3circuitsimulationtechnologytobearTDMtrafc.lSupportsstatelessrewallandcontrolsincomingandoutgoingtrafc,whichguaranteesnetworksecurity.lSupportshardware-basedQoSandH-QoS,andprovidesdifferentSLAsfordifferentusersandservices,whichmeetsrequirementsofelaboratecontrol.FlexibleExtensionandSmoothUpgradeTheZXR10ZSRV2providesdifferentavailableforwardingengineswithdifferentperformance,andupgradecanbeperformedsmoothly.Thisreducesusers'costsandmeetsfuturenetworkrequirements.lManagementandPacketForwardingUnits(MPFUs)withdifferentforwardingperformanceareprovidedfortheZXR102800andZXR103800.Thecardscanbeusedasneeded.Thisreducesthenetworkconstructioncosts,andsolvesproblemscausedbyfutureperformanceupgrade.lTheZXR101800-2EandZXR102800-3Efeaturedifferenttransferringperformance.Userscanselectproductsasrequiredtoreducenetwork-constructioncost.lTheZXR10ZSRV2supportstheIPv4andIPv6stacks,soIPv4andIPv6accesscanbeprovidedatthesametime.lTheZXR10ZSRV2supports6in4,6to4and6in4tunnelstotransmitdatabetweentheIPv4networkandIPv6network.TheZXR10ZSRV2alsosupportsNAT444,NAT64and6RDforsmoothevolutionfromIPv4toIPv6.EaseofCommissioningandMaintenance,SupportingFastNetworkDeploymentTheZXR10ZSRV2providesavisualcommissioningandmaintenancemethodthatsupportsconvenientandfastoperations,remotemaintenance,andany-timediagnosis.lTheZXR10ZSRV2supportsUSBcommissioning,automaticconguration,andin-batchversionupgradethroughNMS.Inthisway,zero-touchautomaticconguration,in-batchdeployment,andeaseofmaintenancecanbeperformed.1-4SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter1ProductLocationandFeatureslTheZXR10ZSRV2supportsSQAtoperformreal-timenetworkqualitydetectionandlocationthroughICMP-echo,UDP ,TCP ,FTP ,DNS,HTTPandSNMP .SQAcanbeusedtogetherwithVRRP ,staticroutes,interfacebackup,linkbackup,policyroutesandtheZXNPAtoprovidealarmsofdifferentlevelsbasedonautomaticnetworkperformancethresholds,andperformgraphicdetectionandmanagement.lTheZXR10ZSRV2supportsportmirroringandNetow1:1sampling,sothattrafccanbedisplayedwithexplicitfeatures.Thisprovidesaneffectivemonitoringmethodforaccuratenetworkcontrolandoperation.lTheZXR10ZSRV2supportsWEBGUInetworkmanagementandtheNetnumentoimplementvisualservicedeploymentandmaintenance.TheZXR10ZSRV2providesatoolforone-clickservicecreationandone-clockinformationcollection,whichhelpsnetworkadministratorstoperformquickserviceprovisioningandhigh-efciencymaintenance.GreenEnergySavingTheZXR10ZSRV2complieswiththegreenandenvironmentalprotectionideaindesign,researchanddevelopment,manufacturing,logistics,andprojects,andhelpsuserstoconstructlow-noise,low-energy,andhigh-efciencycommunicationnetworks.lTheZXR10ZSRV2usesadvanced28nmchips,soperformanceisimprovedandenergyconsumptionisreduced.lTheZXR10ZSRV2usesaexcelsiorhardwarestructuredesignandadvancedsubmarine-levelmutingtechnology.lTheintelligentfansystemautomaticallyadjuststhefanspeedinaccordancewithsystemoperation,whichreducesenergyconsumptionanddevicenoise.lTheboardsandcardssupportsthesleepfunction,whichcomplieswiththeEEEstandard.Idleandlow-speedportsreduceenergyconsumptionby2/3,andreducecarbondioxideemissions.lTheZXR10ZSRV2usesnonleadedgreenmaterials,andthemanufacturingprocessstrictlycomplieswiththeRoHSstandard.1-5SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionThispageintentionallyleftblank.1-6SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructureTableofContentsProductAppearance...................................................................................................2-1HardwareStructure....................................................................................................2-5SoftwareStructure......................................................................................................2-72.1ProductAppearanceOverviewDesignedonamodularstructure,withhot-pluggableboardsandparts,theZXR10ZSRV2providesexibleextensibility.Theentiresetconsistsofasubrack,abackplane,amain-controlforwardingboard,alineinterfaceboard,apowermodule,andafansubrack.ZXR103800-8ProductAppearanceForthemaincomponentsoftheZXR103800-8chassis,seeFigure2-1.Figure2-1MainComponentsontheFrontSideoftheZXR103800-8chassisForthefrontviewoftheZXR103800-8chassis,seeFigure2-2.2-1SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionFigure2-2FrontViewoftheZXR103800-8chassisZXR102800-4AppearanceForthemaincomponentsoftheZXR102800-4chassis,seeFigure2-3.Figure2-3MainComponentsontheFrontSideoftheZXR102800-4chassisForthefrontviewoftheZXR102800-4chassis,seeFigure2-4.Figure2-4FrontViewoftheZXR102800-4chassisZXR101800-2SAppearanceForthemaincomponentsoftheZXR101800-2Schassis,seeFigure2-5.2-2SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructureFigure2-5MainComponentsontheFrontSideoftheZXR101800-2SchassisForthefrontviewoftheZXR101800-2Schassis,seeFigure2-6.Figure2-6MainComponentsontheFrontSideoftheZXR101800-2SchassisForthebackviewoftheZXR101800-2Schassis,seeFigure2-7.Figure2-7MainComponentsontheBackSideoftheZXR101800-2SchassisNote:BoththeZXR101800-2S(G)andtheZXR101800-2S(W)supportthewirelessfunction.Eachofthemisconguredwithawirelessmoduleandapairofantennas.Ifnowirelessmoduleiscongured,thechassishasnoantenna.ZXR102800-3EAppearanceFortheappearanceoftheZXR102800-3Echassis,seeFigure2-8.2-3SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionFigure2-8ZXR102800-3EAppearanceForthefrontviewoftheZXR102800-3Echassis,seeFigure2-9.Figure2-9ZXR102800-3EFrontViewNote:Thesub-modelZXR102800-3E(G)isembeddedwithawirelessmoduleandsupportsthewirelesscommunicationfunction.Twoantennasareinstalled.Whenthewirelessmoduleisremoved,thereisnoantennaonthechassis.ForthebackviewoftheZXR102800-3Echassis,seeFigure2-10.Figure2-10ZXR102800-3EBackViewZXR101800-2EAppearanceFortheappearanceoftheZXR101800-2Echassis,seeFigure2-11.2-4SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructureFigure2-11ZXR101800-2EAppearanceForthefrontviewoftheZXR101800-2Echassis,seeFigure2-12.Figure2-12ZXR101800-2EFrontViewNote:Thesub-modelZXR101800-2E(G)isembeddedwithawirelessmoduleandsupportsthewirelesscommunicationfunction.Twoantennasareinstalled.Whenthewirelessmoduleisremoved,thereisnoantennaonthechassis.ForthebackviewoftheZXR101800-2Echassis,seeFigure2-13.Figure2-13ZXR101800-2EBackView2.2HardwareStructureOverviewThehardwaresystemoftheZXR10ZSRV2consistsoffunctionalunitssuchastheMPFU,lineinterfacecard,high-speedbackplane,powersupplymodule,andfanmodule.Thesefunctionalunitsareinterconnectedthroughhigh-speedserialbusesandEthernetbuses.2-5SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionOverallHardwareSystemStructureInthehardwaresystemstructureoftheZXR10ZSRV2,theforwardingplaneandcontrolplaneareseparated.lTheMPFUisthesystemcore,anditcommunicateswithotherunitsthroughthebackplane.lTheengineoftheMPFUisamulti-coreCPU.Thecoresaredividedintoforwardingcoresandcontrolcores.Theforwardingcoresandothersystemunitsformaforwardinglogicalplanethatforwardspacketsandprocessesservices.Thecontrolcoresandothersystemunitsformacontrollogicalplanethatperformsroutingprotocolinteraction,routingcalculation,systemmanagement,andcontrolmessagesynchronization.lTheforwardingplaneandcontrolplaneareseparated,sotheimpactstoeachothercausedbyextensionofthefunctionsandperformanceinthetwoplanesarereducedtotheminimumextent.Thisguaranteeshighexibilityofthesystem.ThepowersupplyandfansystemsoftheZXR10ZSRV2usesthemodulardesign.Powersupplymodulesandfanmodulesareinstalledtosub-racksandconnectedtothehigh-speedbackplane,whichachievesthenon-cabledesign.TheZXR102800-4andZXR103800-8supportsACandDCpowersupplymodulesforredundancy.TheZXR101800-2SsupportsonlyoneACpowersupplymoduleoroneDCpowersupplymodule.OperationalPrincipleoftheHardwareSystemTheforwardingplaneandcontrolplaneoftheZXR10ZSRV2areseparated.Afterpacketsareprocessedbythephysical-layerchipofalineinterfacecardandframeresolutionisperformed,lForacommonserviceow,thepacketsareforwardedtotheMPFU.ThetrafcmanagementmoduleanddataforwardingmoduleintheMPFUsendthepacketstotheinterfaceonthedestinationlineinterfacecard.lForprotocolpacketsorcontrolpackets,thepacketsareconvergedinthegigabitEthernetswitchingmodule.ThemanagementandcontrolmoduleintheMPFUinteractswiththeprocessingunitonalineinterfacecardtoprocessthepackets.MPFUsandLineInterfaceCardsTheMPFUisthecontrolnodeoftheZXR10ZSRV2.TheMPFUforwardspackets,andmanagesandmaintainstheentiredevice.TheMPFUconsistsofthepacketforwardingmodule,managementandcontrolmodule,clockprocessingmodule,andalarmmonitoringmodule.Itforwardspackets,andmanagesthesystemclocksource,controlplane,systemmaintenanceplaneandenvironmentalmonitoringplane.ZXR102800-4andZXR103800-8providethreetypesofMPFUs:MPFU-A,MPFU-B,andMPFU-Cthatprovidedifferentforwardingperformancerespectively.TheMPFUsusethemodulardesign,supporthotswapping,andsupportforwardingplaneandcontrolplaneseparation.2-6SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructureTheMPFUsoftheZXR101800-2S,ZXR101800-2E,andZXR102800-3Earexedinthechassis,soitdoesnotsupporthotswapping,butitsupportsforwardingplaneandcontrolplaneseparation.TheZXR10ZSRV2providesdifferentlineinterfacecardsandsupportsdifferentinterfaceratesanddifferentnumbersofports,whichmeetsrequirementsofdifferentnetrorksandservices.ForadescriptionofMPFUsandlineinterfacecards,refertothe“HardwareDescription”oftheZXR10ZSRV2.PowerSupplyModulesTheZXR10ZSRV2supportsACpowersupply(100Vto240V,and50Hzto60Hz)andDCpowersupply(-72Vto-38V).TheZXR101800-2SsupportsonlyoneACpowersupplymoduleoroneDCpowersupplymodule.Thepowersupplymoduleisxedinthedeviceboxandcannotberemovedorinstalled.TheZXR102800-4,ZXR103800-8,ZXR101800-2EandZXR102800-3EsupportDCandACpowersupplymodulesforredundancy,andthepowersupplymodulescanberemovedandinstalled.FanModulesThereisaverticalfanmoduleontheZXR10ZSRV2.TheZXR10ZSRV2canautomaticallyadjustthefanspeedinaccordancewiththesystemoperation,andsupportsthefanstatemonitoringandalarmfunctions.TheZXR10ZSRV2usesdowndraughtheatdissipation.Codeairentersthedevicefromoneside,passesbytheboardsandpowersupplymodules,andleavesthedevicefromtheotherside.2.3SoftwareStructureOverviewThesoftwaresystemoftheZXR10ZSRV2isbasedonthesoftwareplatformwithproprietaryintellectualpropertyrights,whichcansatisfyvariousnetworkrequirementsinhigh-performanceandcomplexcommercialserviceenvironments.Thesoftwareplatformownsawidesetofnetworkfeaturesestablishedoninternationalstandards.OverallStructureFortheoverallsoftwarestructure,seeFigure2-14.2-7SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionFigure2-14ZXR10ZSRV2OverallSoftwareStructureThemajorfunctionsofeachsubsystemintheZXR10ZSRV2softwarestructurearedescribedasfollows:lHardwaredrivingsubsystem:providessoftwaredrivingforthemain-controlforwardingboard,thelineinterfaceboard,thebackplane,thefan,andthepowermodule.lThedistributedoperatingsystemplatform:providesthereal-timeoperatingplatform.AsthekerneloftheZXR10ZSRV2softwaresystemstructure,itmanagesthehardwaresystemstructureoftheentiresystemandprovidesauniedoperatingplatformforapplicationprogramsontheentiresoftwaresystem.Itfeatureshighreliability,real-time,self-recovery,maintainability,andencapsulationfeatures.lL2protocolsubsystem:providesthedrivingprogramoftheswitchingchip,L2linkcontrol,andmanagementprotocols.ItalsoprovidessupportforL3protocols.lIProutesubsystem:Asthekerneloftheroutersoftwaresystemstructure,itrunsIPv4andIPv6routingprotocolssuchasRoutingInformationProtocol(RIP),OSPF ,BGP ,andthemulticastroutingprotocol.Thissystemisinchargeofreceivingandstoringroutinginformationintherouter,establishingtheglobalroutingtable,selecting,forwarding,andexchangingroutes,andmaintainingtheroutetable.lUnicastroutingprotocolsubsystem:collectsthenetworktopologyinformationbyexchanginginformationwithotherroutersinthenetwork,formsanIPunicastroutingtable,andnotiestheroutingtabletotheIPforwardingplanetoforwardunicastIPpackets.lMulticastroutingprotocolsubsystem:formsamulticastforwardingroutingtableforthebottomlayertoforwardmulticastdatapackets.lSupportprotocolsubsystem:completesIPdataprocessing,ICMPprotocolprocessing,AddressResolutionProtocol(ARP)processing,TransferControlProtocol(TCP)processing,UserDatagramProtocol(UDP)processing,Telnetguardingprocessandclientprogramprocessing,FileTransferProtocol(FTP)andTrivialFileTransferProtocol(TFTP)processingintherouter.Thesupportsubsystemprovidesservicesfortheroutingsubsystemandthemanagementsubsystem.2-8SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructurelMPLSprotocolsubsystem:providesLDP ,RSVPwithTrafcEngineeringextensions(RSVP-TE),L2/L3VPN,andprovidesbasicMPLSfunctionsandlabelforwardingservices.lSecuritysubsystem:providesmultiplesecurityprotectionfunctionsontheequipment.Itprovidesfunctionssuchaspacketltering,encryptionpassword,authentication,modicationofcongurationrequestlicenses,severalVPNtechnologies,NetworkAddressTranslation(NAT),MessageDigest5Algorithm(MD5),userauthentication,andstatisticstocompletelysatisfyequipmentguarantyanduserrequirementsforsecureapplications.lAlarmstatisticalsubsystem:maintainsthecongurationforvariousstatisticalalarms,savesvariousstatistics,andprovidesaqueryinterface.lSNMPsubsystem:providesfunctionsoftheSNMPAgent,andsupportsallprotocoloperationsfortheSNMPAgentspeciedinSNMPV1/V2/V3.lNetworkmanagementsubsystem:providesnetworkcongurationmanagement,faultmanagement,performancemanagement,andsecuritymanagementfunctionsfortheequipment,andcompletesthemanagementforservices,versions,congurationles,andvariouslogsinthelesystemoftheequipment.lUsermanagementservicecontrolsubsystem:completesuseraccessandmanagementfunctions,includeuserserviceconguration,andAuthentication,AuthorizationandAccounting(AAA)functions,PPPusermanagement,IPusermanagement,VPLSservicecontrol,andmulticastusermanagement.lSystemmanagement:provideslemanagement,equipmentmanagement(forthepowermoduleandthefanmodule),monitoringmaintenance,anddiagnosisdebuggingfunctionstoensurethestableoperationalstateoftheequipment.SoftwareFeaturesThesoftwaresystemoftheZXR10ZSRV2usesthesoftwareplatform,whichisamulti-taskdistributedreal-timenetworkoperatingsystemthatprovidesuniedIPprotocolsupportforallequipmentofZTE.Thesoftwaresystemplatformprovidesamatureandstablestructure,whichisprovidedbasedonservicerequirements.Consideringtheoperationandmaintenancecost,serviceexpansibility,andapplicationrequirements,thesoftwaresystemplatformprovidesthefollowingfeatures:lFineencapsulationàSupportsseveraloperatingsystemsandsupportsthesmoothupgradeoftheoperatingsystem.àSupportsauniformcongurationstyleforallZTEproductstofacilitateuseroperationandmaintenance.lPowerfulmonitoringfunctionàMonitorsexceptionswithprocessesandthememory.àMonitorstheoperationalstateorabnormalstateofthepowermodule,therotationspeedorineffectivenessofthefanmodule,thevoltage,thecurrent,andtheenvironmenttemperature.2-9SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionàProvidesrapidtroubleshootingfunctionstoensurehighstabilityofproductversions.lFlexiblemodularcomponentstructureàSoftwarefunctionsbasedonthesoftwareplatformcanbeeasilyextendedorremoved,andnewfunctionscanbequicklydevelopedupontheoriginalstructure.àSoftwarefunctionscanbeexiblycustomizedasrequiredtorapidlyrespondtouserrequirements.lExtensionofnewcarrier-classEthernetservicesbasedontheuniformplatformàSupportsL2andL3VPNmechanism,supportsHierarchyofVPLS(H-VPLS)tosatisfytherequirementoflayeredservicedeployment,andsupportsmulticastfunctionsinsidetheVPN.TheZXROSngplatformcanalsoproviderapidVPNdeploymentthroughtheuniednetworkmanagementsystem,andcanrapidlydeploymulticastservicessuchasuservideoandIPTV.àProvidesacompleteQoSmechanismbysupportingtrafcclassication,trafclabeling,trafcspeed-limit,trafcshaping,congestionmanagement,andcongestionavoidancemechanisms.àSupportsIPv4/IPv6dualprotocolstacks.TheZXROSngplatformsupportstheIPv4/IPv6transitionmechanisminvariousapplicationscenarios,suchasmanualgeneraltunnels,automatic6To4tunnels,and6PE.lOptimalmutualoperability,incompliancewithmainstreamprotocolsandstandards2-10SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesTableofContentsIPv4RoutingProtocolsandIPBasicServices............................................................3-1WANAccess..............................................................................................................3-6RoutingandSwitchingIntegration..............................................................................3-8MPLS.........................................................................................................................3-9VPN.........................................................................................................................3-10QoS.........................................................................................................................3-16SecurityFeatures.....................................................................................................3-18NetworkReliability....................................................................................................3-24IPv6Features...........................................................................................................3-26NAT..........................................................................................................................3-31NetworkManagementFeatures...............................................................................3-31SystemOperationandMaintenance.........................................................................3-333.1IPv4RoutingProtocolsandIPBasicServices3.1.1UnicastRoutingProtocolsOverviewTheZXR10ZSRV2seriesproductsfullysupportsvariousIPv4unicastroutingprotocols,includingthestaticroute,theRIP ,theOSPF ,theIS-IS,andtheBGP .StaticRouteThestaticrouteismanuallyconguredbytheadministratortosimplifythenetworkcongurationandimprovethenetworkperformance.Itisnormallyusedinascenariowitharelativelysimplenetworkstructure.Whenafaultoccursinthenetworkorthenetworktopologyischanged,thestaticrouteisnotchangedautomaticallyandneedstobemanuallymodiedbytheadministrator.TheZXR10ZSRV2seriesproductssupportsthecongurationofastaticroutebasedonthenexthoporontheegress.ItalsosupportstheassociationbetweenstaticroutesandVRFinstances.RIPTheRIPisadynamicroutingprotocolforthedistancevectorbasedontheUDP .Itperiodicallybroadcaststheroutingtabletoitsneighbors,maintainstherelationship3-1SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionbetweenrouters,andcalculatesitsroutingtableinaccordancewithreceivedroutes.TheRIPissimpleinoperationandisapplicabletosmall-scalenetworks.TheZXR10ZSRV2seriesproductssupportsthefollowingRIPfunctions:lBasicfunctionsoftheRIPv1/v2,suchashorizontalsplitting,poisonousreversion,interfaceauthentication,routesummary,andredistributionofvariousroutingprotocols.lLoadsharingoftheRIP .lVPNaccessfunctionoftheRIP .lTheRIPManagementInformationBase(MIB)function.OSPFTheOSPFroutingprotocolisanInteriorGatewayProtocol(IGP)basedonlinkstate,whichexchangesroutinginformationbetweenroutesinsidethesameAutonomousSystem(AS).TheOSPFisoneofthewidelyappliedIPv4IGProutingprotocols.TheZXR10ZSRV2seriesproductssupportsthefollowingOSPFfunctions:lBasicOSPFfunctions,includingbasicprotocolfunctions,neighborauthentication,virtuallink,STUB,Not-So-StubbyArea(NSSA),type-3LinkStateAdvertisement(LSA)aggregation,type-5LSAaggregation,andredistributionofotherroutingprotocolslLoadsharingofOSPFrouteslVPNaccessandadvancedfunctions,includingsham-linklOSPF-TElOSPFBFDlOSPFFRRlOSPFMIBIS-ISTheIS-ISroutingprotocolismadebytheInternationalOrganizationforStandardization(ISO)tosupporttheConnectionLessNetworkSevice(CLNS).AsanextensionoftheIS-IS,theIETFsupportstobeartheIProutinginformation.TheIS-ISisalsoanIGPbasedonthelinkstate.TheIS-ISisoneofthemostwidelyappliedIPv4IGProutingprotocols.TheZXR10ZSRV2seriesproductssupportsthefollowingIS-ISfunctions:lBasicfunctionsoftheIS-ISprotocollExtendedfunctionsoftheIS-ISprotocol,suchasHostname,Overload-bitlLoadsharingofIS-ISrouteslVPNaccessoftheIS-ISlIS-IS-TElIS-ISBFDlIS-ISFRRlIS-ISMIB3-2SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesBGPTheBGPisaninter-domainroutingprotocolbetweenASs,usedtoexchangethenetworkavailabilityinformationbetweenASsrunningtheBGPprotocol.TheZXR10ZSRV2seriesproductssupportsthefollowingBGPfunctions:lBasicfunctionsoftheBGPprotocol,andenhancedfunctionssuchassessionauthentication,routeoscillationsuppression,routereector,alliance,extendedcommunityattribute,routeaggregation,androutelteringlLoadsharingofBGProuteslMP-BGPfunction,supportingAFItypessuchasIPv4unicast,IPv4multicast,IPv4labeled-unicast,IPv4mdt,IPv6unicast,IPv6multicast,IPv6labeled-unicast,andVPNv4lBGPBFDlBGPFRRlBGPMIB3.1.2MulticastRoutingProtocolOverviewMulticastisapoint-to-multipointormultipoint-to-multipointcommunicationmode,inwhichseveralreceiversreceivethesameinformationfromonesourceatthesametime.Multicast-basedapplicationsincludevideoconference,remotelearning,andsoftwaredistribution.IGMPThroughtheInternetGroupManagementProtocol(IGMP),thehostnotiesthemulticastrouteronitsnetworkofthegroupthatitjoinsorleaves.Thismeansthat,themulticastrouterknowswhetherisanymulticastgroupmemberonthenetworkanddetermineswhethertoforwardmulticastdatapacketstothisnetwork.Whenamulticastrouterreceivesamulticastdatapacket,itchecksthemulticastdestinationaddressinthisdatapacketandforwardsdatapacketstointerfacesordownstreamroutersofmembersinthisgroup.TheZXR10ZSRV2supportsIGMPv1,IGMPv2,andIGMPv3protocols.PIM-SMThePIM-SMisapplicabletothefollowingsituations:lGroupmembersarescatteredinawiderange.lNetworkbandwidthresourcesarelimited.ThePIM-SMdoesnotdependonaspecicunicastroutingprotocol.PIM-SMassumesthatallroutersonasharingnetworksectiondonotneedtosendbroadcastpacketsandaroutercansendorreceivemulticastpacketsonlyafteritinitiallyrequeststojoinamulticastgroup.3-3SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionThroughsettingtheRendezvousPoint(RP),thePIM-SMnotiesthemulticastinformationtoallrouterssupportingthePIM-SM.InthePIM-SM,therouterexplicitlyjoinsorquitsamulticastgroup,sothenetworkwidthoccupiedbydatapacketsandcontrolpacketsisreduced.PIM-DMThePIM-DMisamulticastroutingprotocolindensemode,whichtransmitsmulticastdatainthe"push"mode.Itisapplicabletosmall-scalenetworkswherebroadcastgroupmembersarerelativelydense.PIM-SSMTheProtocolIndependentMulticast-Source-SpecicMulticast(PIM-SSM)featuresalladvantagesofthePIM-SMprotocol,exceptthatitdoesnotcreatethesharingtreebutcreatestheshortest-pathtreebasedonsources.ThePIM-SSMdirectlycreatestheshortest-pathtreewhenitreceivesamembershipreportmessagefromaspecicsourcetothegroup.AsasubsetofthePIM-SM,thePIM-SSMisapplicabletothewellknownsource.ThePIM-SSMisvalidbothinsideadomainandbetweendomains.ThePIM-SMneedstousetheMSDPprotocolforinter-domainmulticastrouting,whilethePIM-SSMdoesnotneedto.StaticMulticastThemulticaststaticrouteisusedinthescenariothatmulticastpacketsneedtobeforwardedinaccordancewiththespeciedpathinsteadoftheoptimalpathoftheunicastroute.Thestaticmulticastprovidestheegressandingressofuserstocongurethemulticastroutingtabledirectly,andformsamulticastforwardingtableinaccordancewiththisconguration.Ifboththestaticmulticastrouteandthedynamicmulticastrouteexist,thestaticmulticastrouteispreferential.ThelogicalpositionofthestaticmulticastisequivalentinthePIM-SMandthePIM-DM,soitcanbeunderstoodasaspecialmulticastroutingprotocol.Inaccordancewiththespecicapplicationenvironments,themulticaststaticrouteperformsthefollowingfunctions:lModiestheReversePathForwarding(RPF)route.Ingeneral,thenetworktopologystructureandthetransmissionofthemulticastarethesameasthoseoftheunicast.TheusercancongurethemulticaststaticroutetochangetheRPFroute,andcreateatransmissionpathdifferentfromtheunicastforthemulticastdata.lConnectstheRPFroute:Whentheunicastrouteinthenetworkischanged,themulticastdatacannotbeforwardedbecausethereisnoRPFroute.TheusercancongurethemulticaststaticroutetocreateanRPFroute,andcreatemulticastroutingentriestoguidetheforwardingofmulticastdata.3-4SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesMSDPTheMSDPisamechanismconnectingseveralPIMdomains.ItoperatesabovetheTCPprotocoltoprovidethePIM-SMwiththeinformationofmulticastsourcesoutsidethePIMdomain.TheMSDPspeakerinsideaPIM-SMdomainusestheTCPconnectiontocreatetheMSDPneighborsessionrelationshipwithMSDPneighborsinotherdomains.WhentheMSDPspeakerknowsaboutanewmulticastsourceinsidethelocaldomain(throughthePIMregistrationmechanism),theMSDPcreatesaSourceActive(SA)messageandsendsthismessagetoallMSDPneighbors.3.1.3PolicyRouteandRoutingPolicyPolicyRouteTheZXR10ZSRV2supportspolicyroutestoforwarddatapacketsinaccordancewithspeciedpolicies.Thepolicyrouteprovidesapacketforwardingpolicy,inwhichthepacketsshouldbematchedandmatchingitemsarelteredinaccordancewithfeatureeldsinthesepackets.Operationsaresetfortheseobjects,includingtwotypes:lRouteoptions,usedtomodifytheforwardingpathlPacketmodicationoption,usedtomodifyfeaturesoflteredpacketsThepolicyrouteprovidestrafcengineeringtosomeextent,sothattrafcwithdifferentQoSordatawithdifferentnatures(suchasvoiceandFTP)runondifferentpaths.RoutingPolicyTheroutingpolicyisapolicyusedtoreleaseandreceiveroutes.Basedontheroutingprotocol,theroutingpolicychangesroutegeneration,release,orselectionresultsbychangingsomeparametersorsettingaparticularcontrolmodeinaccordancewithaparticularrule.TheZXR10ZSRV2supportstheroutingpolicyonthefollowingroutes:RIP ,OSPF ,IS-IS,BGP ,andVRF .lDuringthereleaseofcontrolroutes,theroutingpolicyonlyreleasesroutessatisfyingthesetconditions.lDuringthereceivingofcontrolroutes,theroutingpolicyonlyreceivesnecessaryandvalidroutes,whichcontrolsthecapacityoftheroutingtableandimprovesthenetworksecurity.lTheroutingpolicyltersandcontrolsintroducedroutes.lWhenaroutingpolicyintroducestheroutinginformationdiscoveredbyotherroutingprotocols,theroutingpolicyonlyintroducestheroutinginformationthatsatisesthesetconditions,anditalsosetsattributesoftheintroducedroutinginformationtomakeitsatisfythisprotocol.lTheroutingpolicysetsthecorrespondingattributesofroutesusedtoltertrafc.3-5SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription3.1.4DHCPandDNSDHCPTheDynamicHostCongurationProtocol(DHCP)technologyperformscentralizeddynamicmanagementandcongurationforusers.Basedontheclient/servercommunicationmode,theclientproposesacongurationrequest(parameterssuchasIPaddress,subnetmask,anddefaultgateway)totheserverandtheserverreturnsthecorrespondingcongurationinformationinaccordancewiththepolicy.DHCPusesUDPasthetransportprotocol.AhostsendsmessagestoPort67ofaDHCPserver,andtheserverreturnsamessagetoPort68ofthehost.TheZXR10ZSRV2supportsDHCPclient,DHCPrelay,andDHCPserverfunctionstosupportDHCPrequirementsunderdifferentscenarios.DNSTheDNSisadistributeddatabaseforTCP/IPapplicationprograms,whichisusedtomakeconversionbetweendomainnamesandIPaddresses.WiththeDNS,theusercandirectlyusethemeaningfuldomainnamesthatareeasytoremember,andtheDNSserverinthenetworkresolvesthemintothecorrectIPaddresses.AsaDNSclient,theZXR10ZSRV2sendsDNSresolutionrequesttotheDNSserver,receivesresponsepacketsfromtheDNSserver,andsendsthemtousers.3.2WANAccessPPPThePPPisawidelyusedWideAreaNetwork(WAN)protocolthatprovidestherouter-to-routerandhost-to-networkpoint-to-pointconnectionacrosssynchronousandasynchronouscircuits.ThePPPprovidesanentiresetofplanstosolveproblemsduringlinkestablishment,maintenance,disconnection,upper-layerprotocolnegotiation,andauthentication.ThePPPincludestheLinkControlProtocol(LCP)andtheNetworkControlProtocol(NCP).Itnegotiateslinknegotiationandlinkmaintenanceonthepoint-to-pointinterface(suchasE1/T1/POS),andprovidestheupperlayerwithapacketencapsulationformatdifferentfromtheEthernetprotocol.Forupper-layerprotocolpackets(suchasIPpacketsandMPLSpackets),thePPPonlyencapsulatesa2-byteprotocoleldbeforethepacketandaddsaPPPheaderwithtwoxedvalues,meaning0xFF03.ThisPPPheadercanbecompressedinaccordancewiththenegotiationasneeded.ThePPPnegotiationisdividedintotheLCP ,authentication(optional),andNCPphases.Forthelasttwophases,3-6SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures1.Theauthenticationphaseisselectedasneeded.Itisnormallyusedtoauthenticateaccessusersonarouterequipment.2.NCPcontrolprotocolsincludetheIPControlProtocol(IPCP),IPv6CP ,MPLSCP ,OSINLCP ,andtheBCP .TheIPCP(supportingtheIPv4)mustbenegotiated,whileotherNCPprotocolscanbeselectedasneeded.AftersuccessfulIPCPnegotiation,theprotocolisuponthePPPport.ComparedwithEthernetencapsulation,thePPPhasthefollowingfeatures:lThebandwidthusageofthePPPishigher,whichismoreapparentforshortpackets.Additionally,theencapsulationofPPPpacketheadersissimpler,andthepackettransceivingmechanismalsoremovesthecomplicatedMACheaderencapsulationandde-capsulationofEthernetencapsulation.lHowever,theprotocolstatusmachineofthePPPismorecomplicatedthanthatofEthernetencapsulation.ThePPPinterfacesetstheprotocoltouponlyaftersuccessfulnegotiation,andthentheupperlayercansendandreceiveservicepackets.ForthePPPinterface,theprotocolstatusisdownbydefaultwhenitiscreated.TheportisuponlyafterthePPPlinkisnegotiatedsuccessfully.BothpartiesperiodicallysendLCPkeep-alivepackets.IfnoECHOresponseisreceivedforN(N>=1)keep-aliverequestscontinuously,boththelinkandtheprotocolstatusaresettodown,whichtriggerrecalculationandrouteupdateoperations.ML-PPPTheML-PPPisatechnologythatbindsseveralPPPlinkstoincreasethebandwidth.ItcanbeappliedoninterfacessupportingthePPP .HDLCTheHigh-levelDataLinkControl(HDLC)isabit-orientatedlink-layerprotocol.Paralleltolayer-2protocolssuchasthePPPandframerelay,theHDLCprovidesserviceswithdifferentrequirementsforupper-layerprotocols.TheprominentfeatureoftheHDLCisthatthedatadoesnotneedtobeacharacterset.TheHDLCcanprovideapparenttransmissionforanybitstream.FRTheFrameRelay(FR)isahigh-performanceWANprotocolthatrunsonthephysicallayerandthedatalinklayerintheOpenSystemInterconnection(OSI)referencemodel.TheFRisadatapacketexchangetechnology.AsasimpliedformoftheX.25,itsavessomecomplicatedfunctionsoftheX.25(suchasthewindowtechnologyandthedataretransmissiontechnology)andprovidestheerror-correctionfunctionwithhigher-layerprotocols.ComparedwiththeX.25,theFRoperatesonbetterX.25equipment,whichprovideshigherreliability.TheFRstrictlycorrespondstothebottomtwolayersintheOSIreferencemodel,andprovidesbetterperformanceandhighertransmissionefciencythantheX.25.3-7SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionTheFRWANequipmentnormallyincludestheDataT erminalEquipment(DTE)andtheDataCircuitTerminalEquipment(DCE),whicharelocatedonbothendsoftheFR.TherouterisnormallyusedastheDTE.TheFRprovidesconnection-orientatedcommunicationonthedatalinklayer.Adenedcommunicationlinkexistsbetweeneachpairofequipment,whichhasaDataLinkConnectionIdentier(DLCI).ServicesareprovidedthroughtheFRPermanentVirtualCircuit(PVC)thatisidentiedbytheDLCI.ThevalueoftheDLCIisnormallyspeciedbytheFRserviceprovider.TheDLCIrangethatisavailabletousersis16to1007,whileotherDLCIsarereservedfortheprotocol.TheFRsupportsboththePVCandtheSwitchingVirtualCircuit(SVC).Atpresent,thePVCmodeismostlyusedintheFR.ThePVCisamanualmodeofconguringvirtualcircuits,itissimple,highlyefcient,andmultiplexed.3.3RoutingandSwitchingIntegrationOverviewTomeetintranetrequirements,theZXR10ZSRV2provideshigh-densityEthernetswitchingmodules,whichachievesseamlessintegrationofroutersandswitches.TheZXR10ZSRV2supportstheVLAN,SuperVLAN,QinQ,SmartGroupfunctions.ItsupportsL2/L3modeswitchingonEthernetportstoachieveinter-boardL2switching.L2andL3congurationcanbecompletedonthesameinterface.TheZXR10ZSRV2supportsL2functionssuchasSTPandbroadcaststormsuppression.BroadcastStormSuppressionIfbroadcastframesareendlesslyforwardedinanetworkandthenumberofbroadcastframesincreasesrapidly,communicationinthenetworkisaffected.Thismeansthatabroadcaststormisgenerated,whichdegradesnetworkperformance.Throughthebroadcaststormsuppressionfunction,athresholdforbroadcastframesreceivedonaportcanbeset.Whenthenumberofbroadcastframesexceedsthethreshold,theextraframesaredropped.Thispreventsabroadcaststorm,andguaranteesnetworkoperation.TheZXR10ZSRV2supportsthefollowingstormsuppression:lBroadcastpacketsuppressionlMulticastpacketsuppressionlUnknown-packetsuppressionlRatelimitintwomodes:bpsandppsSTPInaL2switchingnetwork,oncethereisaloop,packetsarecycledintheloopandthenumberofpacketsincreases.Thiscausesabroadcaststorm,andallavailablebandwidthisoccupied.Asaresult,thenetworkisunavailable.STPisaL2managementprotocol.3-8SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesItselectivelyblocksaredundantlinktoremovealoopinanetworkandprovidesthelinkbackupfunction.Thesameasotherprotocols,STPisupdatedbasedonnetworkdevelopment.Atrst,IEEE802.1D-1998STPiswidelyused.BasedonSTP ,IEEE802.1wRSTPandIEEE802.1sMSTParedeveloped.TheZXR10ZSRV2supportsSTP ,RSTP ,MSTP ,andtransparenttransmissionovertheseprotocols.3.4MPLSLDPTheMPLSisamulti-layerswitchingtechnologythatcombineslayer-2switchingtechnologiesandlayer-3switchingtechnologies.Usinglabelsasthemodeofaggregatingtheforwardinginformation,theMPLSrunsundertheroutinghierarchy,supportsseveralupper-layerprotocols,andcanbeprovidedonseveralphysicalplatforms.TheZXR10ZSRV2supportstheMPLStechnology,includingthefollowingfeatures:lSupportsbasicfunctionsandthelabelforwardingserviceoftheMPLS,implementstheLDPsignalingprotocol.TheMPLSsignalingprotocolisinchargeofdistributinglabels,establishingtheLSP ,andtransmittingparametersduringtheLSPestablishmentprocess.lSupportstheGracefulRestartfunctionontheMPLSsignalingprotocollayer,andcontinuouslyforwardslabeldatawhentheprotocolisinterrupted.lSupportstheMPLSPing/Tracertfunctions,anddetectstheavailabilityoftheLSPthroughMPLSechorequestandMPLSechoreplymessages.lSupportstheLDPFRRfunction.TheZXR10ZSRV2canquicklyswitchdatatrafcwhentheLSPisinterrupted.lSupportstheloadsharingfunctionoftheMPLSLSP .lSupportstheprocessingofmulti-layerlabels.lSupportsmanagementfunctionssuchastheLSPloopdetectionmechanism.lSupportstheMPLSCoSandsupportsthemappingbetweenIPpacketsintheT oSdomainandMPLSpacketsintheEXPdomain.StaticTunnelThestatictunnelisatunnelmanuallyconguredbytheadministrator.ItdoesnotneedtobetriggeredbytheMPLSsignalingprotocolorexchangecontrolpackets,soitconsumesfewresourcesandisapplicabletosmall-scalestablenetworkswithsimpletopologies.Thetunnelcreatedthroughlabelallocationinstaticmodecannotbedynamicallyadjustedwiththechangeofnetworktopology,andneedstobemanuallyconguredbytheadministrator.ThestatictunnelcommandneedstobeconguredoneachLabelSwitchRouter(LSR)oftheentiretunnel,includingtheheadernode,interimnodes,andthetailnode.ServicescanbeproperlyforwardedontheLSPofthistunnelonlyafterthetunneliscorrectlyconguredonallnodes.3-9SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionMPLS-TENetworkcongestionisamajorproblemaffectingtheperformanceofthebackbonenetwork.Itisnormallycausedbecausenetworkresourcesareinsufcient,orthenetworkispartiallycongestedbecausetheloadofnetworkresourcesisnotbalanced.TheTrafcEngineering(TE)solvesthecongestioncausedbyunbalanceload.TheMPLSTEisatechnologythatcombinestheTEtechnologyandtheMPLS.ThroughtheMPLSTE,theserviceprovidercanaccuratelycontrolthetrafcpathtoavoidcongestednodes,whichsolvestheproblemthatsomepathsareoverloadedwhileotherpathsareidle,andtakingexistingbandwidthresourcesintofullutilization.Additionally,theMPLSTEcanreserveresourcesduringtheestablishmentoftheLSPtunnel,whichensurestheQoS.ThroughtheOSPFTEortheIS-ISTE,theMPLSTEestablishesalinkbandwidthresourcedatabaseforallnodesintheMPLSnetwork,andusestheCSPFalgorithmtocalculationthetunnelestablishmentpathinaccordancewiththelinkbandwidthresourcedatabaseandthetunnelconstraintconditions.TheMPLSTEnallyusestheRSVP-TEsignalingprotocoltoestablishtheTEtunnelonthepathcalculatedbytheCSPFalgorithm.TheZXR10ZSRV2supportsthefollowingMPLSTEfeatures:lSupportsOSPFTEandIS-ISTE.lSupportsConstrainedShortestPathFirst(CSPF)algorithm.lProvidesbasicfunctionsoftheRSVP-TEprotocolinaccordancewiththeRFC,andestablishesandmaintenancestheTEtunnelbyexchangingPath/Resvmessages.lProvideslinkprotectionandnodeprotectionfunctionsoftheRSVP-TEFRRprotocolinaccordancewiththeFacilitymodedenedbytheRFC,sothattheLSPpossessesthelocationprotectioncapabilityoftheRSVP-TE.lProvidestheGracefulRestartfunctiondenedbytheRFC,theExtensionstoGMPLSRSVPGracefulRestart,andtherecoveryprocessingmechanismwhenseveraladjacentnodesarerestartedsimultaneously.lSupportsRSVP-TEMIBfunction.lProvidesextendedfunctions,includingtheMakeBeforeBreak(MBB),re-optimization,prioritypreemption,abstractrefreshing,automaticrouting,FA,hot-standby,andauthenticationfunctions.3.5VPN3.5.1IPSecandGREIPSecVPNTheIPSecisanIP-layersecurityframeworkprotocoldraftedbytheInternetEngineeringTaskForce(IETF),whichprovidesprotectionforthetransmissionofsensitivedatainanunprotectednetworkenvironment(suchastheInternet).TheIPSecdenestheformatandrelatedbasicstructureofIPdatapackets,whichprovidescondentiality,dataintegrity,3-10SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesanti-replay,andenhancedidentityauthenticationfunctionsforthetransmissionofIPdatapacketsduringnetworkcommunication.lCondentialityindicatesthatuserdataisencryptedforprotectionandistransmittedasencryptedtexts.lDataintegrityindicatesthatthedataisnotmodiedduringthetransmissionprocess.TheIPSecauthenticatesthereceiveddatatodeterminationwhetherthepacketisfalsied.lAnti-replayindicatesthattheIPSecdeterminationswhetheradatapacketisduplicatedbycomparingtheslidingwindowonthetargethostwiththesequencenumberinthereceiveddatapacket.Inthisway,itpreventsmalicioususersfrominterceptinganIPSecdatapacketandinsertingitintothesessionagain.lSourceauthenticationindicatesthattheIPSecidentiestheidentityofthedatasenderthroughthepre-sharedencryptionkeyortheRSAsignature.TheIPSecusesthefollowingtwomajorframeworkprotocols:lAuthenticationHeader(AH):TheAHisapacketheaderauthenticationprotocol,providingdatasourceauthentication,dataintegritycheck,andpacketanti-replayfunctions.TheAHprotocoldoesnotencryptprotecteddatapackets.lEncapsulationSecurityPayload(ESP):TheESPprotocolprovidesbothauthenticationfunctionsandtheencryptionfunction.TheESPprovidesthesameauthenticationfunctionsastheAHprotocol(exceptthatthedataintegritycheckoftheESPdoesnotincludeIPpacketheaders),andalsoprovidestheencryptionfunctiontoimprovethesecurityofIPdatapackets.TheIPSectransmitsIPdatapacketsunderthefollowingtwomodes:lTunnelmode:Intunnelmode,theAHorESPisinsertedbeforetheoriginalIPheaderandanewIPheaderisformedbeforetheAHorESP .Thetunnelmodeisusedtoconnecttwosecuritygateways(suchasrouters).lTransmissionmode:Intransmissionmode,theAHortheESPisinsertedaftertheIPheaderbutbeforethetransmission-layerprotocol.Thetransmissionmodeismainlyusedforend-to-endconnectionbetweenhosts.ItusestheaddressintheoriginalIPpacketheaderforaddressing.TheZXR10ZSRV2hasthefollowingIPSecfeatures:lSupportstocreatethesecurityassociationmanuallyorintheIKEdynamicassociationmode(isakmp).lSupportstheIKEv1encryptionkeynegotiationandexchange.TheIKEsupportsthefollowingsecuritymechanisms:àDife-Hellman(DH)exchangeandencryptionkeydistribution:TheDHalgorithmisapublicencryptionkeyalgorithm,withwhichbothcommunicationpartiescalculatethesharedencryptionkeybyexchangingdatabutnottransmittingtheencryptionkey.Theencryptionprerequisiteisthatbothpartiesexchangingtheencryptiondatamusthaveasharedencryptionkey.àPerfectForwardSecrecy(PFS):ThePFSisasecurityfeatureindicatingthatthesecurityofotherencryptionkeysisnotaffectedafteroneencryptionkeyis3-11SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptiondecrypted,becausetheseencryptionkeysarenotderivedfromeachother.TheencryptionkeyforthesecondphaseoftheIPSecisexportedfromthatoftherstphase.IftheIKEencryptionkeyoftherstphaseisstolen,theattackermaycollectenoughinformationtoexporttheIPSecSAencryptionkeyofthesecondphase.ThePFSensuresthesecurityoftheencryptionkeyinthesecondphasebyexecutinganadditionalDHexchange.àIdentityauthentication:Itmeansthattheidentitiesofbothpartiesareconrmed.TheZXR10ZSRV2supportsthepre-sharedkeyvericationmode,inwhichthevalidationwordisusedtocreatetheencryptionkey.Ifthevalidationwordisdifferent,thesameencryptionkeycannotbecreatedonbothparties.àIdentityprotection:Theidentitydataisencryptedandtransmittedaftertheencryptionkeyisgeneratedtoprotecttheidentitydata.lSupportstheAHprotocolandtheESPprotocol.Bothprotocolscanbeusedtogether.lSupportsthetransmissionofdatapacketsintunnelmodeandintransmissionmode.lSupportsthefollowingtwogeneralhashalgorithmstoensurethatthedataisnotmodiedduringthetransmission:àHMAC-MD5:usesthe128-digitencryptionkeytocalculatethehash.àHMAC-SHA-1:usesthe160-digitencryptionkeytocalculatethehash.lSupportsencryptionalgorithmssuchastheDES-CBC,3DES-CBC,AES-128-CBC,AES-192-CBC,andAES-256-CBC.lSupportstheDPDdetectionoftheIPSec.lSupportstheNATtraversingoftheIPSec.lSupportstheIPSec+GREnetworkarchitecture.lSupportstheIPSectobeassociatedwiththeVRF.GREVPNTheGREprotocolencapsulatesparticulardatapacketsofthenetwork-layerprotocol,sothattheseencapsulateddatapacketscanbetransmittedintheIPv4network.Whentherouterreceivesanoriginaldatapacket(Payload)thatneedstobeencryptedandrouted,theGRErstencapsulatesthispacketintoaGREpacketandthenencapsulatesitintheIPprotocol.TheIPlayerwillthenbefullyresponsibleforforwardingthispacket.Theprotocoloftheoriginalpacketiscalledthepassengerprotocol,theGREiscalledtheencryptionprotocol,andtheIPpacketinchargeofpacketforwardingiscalledthedeliverypacketorthetransportprotocol.TheGREdoesnotcareforthespecicformatorcontentsofthepassengerprotocolduringtheaboveprocesses.TheGREhasthefollowingadvantages:lThemulti-protocollocalnetworkcantransmitpacketsoverthebackbonenetworkofasingleprotocol.lDiscontinuoussubnetsareconnectedtoestablishaVPN.lTheworkscopeofthenetworkisextendedtoincludeprotocolsrestrictedbytheroutinggateway.3-12SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesIPSecNATInanetwork,ifthereareroutersbetweentwoIPSecrouters,theIPSecroutersmustsupportIPSecNAT ,sothatNAT-TnegotiationisperformedthroughIKEandESPpacketscanbeencapsulatedanddecapsulatedthroughUDP .Figure3-1showsanIPSecNATapplication.Figure3-1IPSecNATGREOverIPSecAnIPSectunnelsupportsunicastonly,andcannotprotectbroadcastdata.GREsupportsencapsulationfornon-IPpackets,IPmulticastpackets,andIPbroadcastpackets.Therefore,GREOverIPSeccanbeusedtoprotectbroadcastdatainaGREtunnel.GREOverIPSecisusedinapplicationscenariowhereroutingprotocolsneedprotection,seeFigure3-2.Figure3-2GREOverIPSecVPN3-13SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription3.5.2MPLSVPNOverviewTheMPLSVPNprovidesdatasecrecyoftheISPandsupportstouseanon-uniquededicatedIPaddressintheVPN.TheVPNforwardingtableincludesthecorrespondinglabelforVPN-IPaddress,throughwhichthedataistransmittedtothecorrespondinglocation.TheMPLSVPNhasthefollowingadvantages:lThecongurationofVPNconnectionissimple,soitimposesnopressureupontheexistingbackbonenetwork.lItdoesnotimposeanyrequirementuponexistingusers,sousersdonotneedtomakeanymodication.ThecongurationforaddingauserintotheVPNisalsosimple.lItprovidespowerfulnetworkextensibility.lVPNuserscancontinueusingoriginaldedicatedaddresseswithoutmakinganymodication.TheVPN-IDisusedonthebackbonenetworktomaintainuniquenessintheentirenetwork.lItiseasiertoprovidevalue-addedservices,suchasdifferentCOSs.MPLSL2VPNTheZXR10ZSRV2supportstheMPLSL2VPNinMartinimode.ItusestheVC-TypeandtheVC-IDtoidentifyaVirtualCircuit(VC).TheZXR10ZSRV2supportsthefollowingfunctions:lUsestheLDPprotocolasthebasicsignaling.lSupportsboththeVPWSandtheVPLSL2VPNservices.lSupportstheL2VPNMIB.lSupports129-typeFECencoding.lSupportsthePseudoWire(PW)classconguration,heterogeneousstructure,statusTag,Length,Value(TLV),VirtualCircuitConnectivityVerication(VCCV),andcontroleldcongurationfortheVPWSservice.lSupportstheL2VPNreectorfortheVPLSservice.lSupportstheL2VPNGracefulRestartfunction.lSupportstheMACaddresslteringandrestrictionfunctions.lSupportsPWE3.lSupportsCESoPSN.lSupportsSAT oP .lSupportsL2VPNandL3VPNBridgeFunction.MPLSL3VPNTheZXR10ZSRV2supportstheL3VPNbasedontheMPLS/BGP .Itusesexistingpublicnetworkresourcestoprovideuserswithservicesofthevirtualanddedicatednetwork,3-14SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturessatisfyingusers'servicerequirementsandsecurityrequestsfortransmittingprivatedataonthepublicnetwork.TheZXR10ZSRV2supportsthefollowingMPLSL3VPNfunctions:lSupportsdynamic(BGP ,RIP ,OSPF ,IS-IS)andstatic(staticroute)VPNaccesses.lSupportspolicycontrolssuchasRTrewritingandSOO.lSupportsseveralcross-domainVPNmodes.lSupportstheVPNroutingrestrictionfunction.lSupportstheVPNFRR.3.5.3SmartDialControlSmartDialControl(SDC)isadial-on-demandbackuptechnologyusedtointerconnectroutersthroughthePSTN,ISDN,ora3Gwirelessnetwork.Dialondemand:Noconnectionispre-establishedbetweentworouters.Whendataneedstobetransmittedbetweentherouters,theSDCowisstartedtoestablishaconnection,andthenmessagescanbetransmitted.Whentheconnectionisidle,SDCautomaticallydisconnectstheconnection.Thedial-on-demandfunctionprovidedbySDCisexible,economical,andefcient.Inactualapplications,SDCisusedasbackuptoprovideguaranteeformainlinecommunication.Itprovidesanalternativeauxiliarychannelwhencommunicationfailsonamainlineduetoalinefailureoranotherfault,whichensuresthatservicescanbeprovidedproperly.TheSDCmoduleprovidesthefollowingfunctions:lDialingbackupfunctionàDialingbackuptriggeredbyafailedactivelink(orinterface):Aftertheactivelink(orinterface)isinvalidforaperiod,thestandbyinterfacedials,andthestandbylinkisactivated.Whentheactivelink(orinterface)isrecoveredforaperiod,thestandbylinkisdisconnected.àDialingbackuptriggeredbyanoverloadedactivelink(orinterface):Whentheloadontheactivelink(orinterface)exceedsthespeciedpercentageofthelinkcapacity,thestandbyinterfacedials,andthestandbylinkisactivated.Thestandbylinkoperatestogetherwiththeactivelink.Whentheloadontheactivelink(orinterface)isreducedtothespeciedpercentageofthelinkcapacity,thestandbylinkisdisconnected.àLinkbackupthroughroutedetection:WhentheSDCmoduledetectsthatsomeroutesthatneedbackuparelost,dialingistriggeredandbackuproutestothespecieddestinationaregenerated.lDial-on-demandfunctionàPermanentdialing:Afterpermanentdialingisconguredonadialinginterface,dialingisimmediatelytriggereduntildialingissucceeded.3-15SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionàAutomaticdialing:Whenadeviceisstartedupandthephysicaldialinginterfaceisup,automaticdialingistriggered.àManualdialing:Manualdialingcanbeperformedordisabledthroughcommandconguration.àTriggereddialing:Flowsreceivedonaroutercanbedividedintotriggeringowsandnon-triggeringows.Foratriggeringow,ifnoconnectionisestablished,therouterestablishesadialingconnectionwiththeremoterouter.Foranon-triggeringow,therouterdoesnotcalltheremoterouter.3.6QoSOverviewWiththepopularizationofdiverseservices(voices,data,andvideo)anthecontinuousprogressoftheFixedMobileConvergence(FMC)process,themultiservicebearernetworkisrequiredtoprovidedifferentialservicesfordifferentservicesanddifferentusers,sothatitcandistinguishservicesandguaranteetheQoSofuserservicesinaccordancewiththeServiceLevelAgreement(SLA).TheQoSguarantyisprovidedundervariousapplicationmodelstoprovideend-to-endQoS,sothatthenetworkcansenseandmanageservices,providedelicateoperationofservices,andnallyimproveusers'serviceexperiences.StreamClassicationandLabelingInaccordancewithserviceclassicationpolicies,includingthedestinationMAC,sourceMAC,VLANID,802.1P ,TypeOfService(T oS)/DSCP ,andtheIPquintuple(protocoltype,destinationIP ,sourceIP ,destinationportnumber,andsourceportnumber),servicepacketsaredividedintoseveralprioritiesortypes.Additionally,theCoSofEthernetpackets,theT oSofIPpackets,andtheEXPeldofDSCPorMPLSpacketsarelabeledtoprovideclass-basedscheduling,congestionmanagement,andtrafcreshaping.TrafcSupervisionThroughthetokenbucketalgorithm,thetrafcenteringthenetworkisrestrictedwithinacorrectrange.TheZXR10ZSRV2supervisesandpunishestheexceedingtrafc,suchasdiscardingpackets,coloringpackets,orresettingpacketpriorities,toprotectnetworkresourcesandcarrier'sprots.TheZXR10ZSRV2supportstheSingle-rateThreeColorMarker(SrTCM)andTwo-rateThreeColorMarker(TrTCM)coloringalgorithms,andsupportstheColor-BlindandColor-Awarecoloringmodes.TheZXR10ZSRV2supportsport-basedandstream-basedcoloringmodes,andcanapplythemineithertheingressortheegress.TrafcReshapingThetrafcreshapingfunctioncachesandsendsegresstrafcoutatarelativelyevenspeed,sothatthetrafcratesatisestheprocessingcapabilityofdownstreamequipment.3-16SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesTheZXR10ZSRV2supportsport-basedandqueue-basedtrafcreshaping.QueuingThequeuingtechnologysolvesthecongestionofnetworknodesthroughaseriesofschedulingalgorithms.High-prioritypacketsareforwardedpreferentially,whilelow-prioritypacketsalsogetthecorrespondingschedulingchancesfairly.TheZXR10ZSRV2supportsthePQ,theWeightedFairQueuing(WFQ),andtheCBWFQmodes.CongestionAvoidanceBecausetheprocessingcapabilityandcachingcapabilityofthenetworkequipmentarelimited,packetsaboveequipmentcapabilitiesmaycausenetworkcongestion.Ifthesepacketsarediscardedsimply,theglobalsynchronizationsymptomoccurs.TheZXR10ZSRV2avoidscongestioninRED/WREDmodetoimprovethenetworkquality.TheWREDcansenseservices,includingtheIPpriority,DSCP ,andMPLSEXP ,andsetsdifferentearlier-phasediscardingpoliciesforpacketswithdifferentpriorities.Thismeansthat,itprovidesdifferentialdiscardingfeaturesfordifferentservices.MPLSQoSTheZXR10ZSRV2supportsthefollowingMPLSQoSfeatures:lSupportstheMPLSQoSbasedontheDiff-Servmodel.TheMPLSQoScompletestheprioritymappingbetweenMPLS,IP ,andEthernetpackets,anddistinguishesdatastreamsofdifferentservicesinaccordancewiththeEXPinthelabel.Thismeansthat,itprovidesdifferentialservicesandensurestheQoSforvoiceandvideoservices.lSupportsthreestandardcarrierMPLSQoStunnels:UniformTunnel,PipeTunnelandShortPipeTunnel.lCombinestheMPLS-TEandtheDiff-Serv,sothattheIP/MPLScorenetworkownsserviceidenticationcapabilities.Thetunnelisalsoestablishedtoensurethebandwidthforhigh-priorityservices.lSupportsQoSschedulinginsidetheMPLSVPN,andensuresthatkeyVPNservicesareforwardedpreferentiallybyachievingDiff-ServinsidetheVPN.lDistinguishesPWsinaccordancewithuserservicesandmapstheservicePWtothecorrespondingMPLStunnel.Byachievingservice-basedend-to-endQoSthatiseasiertobedeployedandplansthebandwidth,theZXR10ZSRV2providesoperationguarantyforthedifferentialmanagementandservicesofmultipleservices.H-QoSThroughhierarchalschedulinganduniedcentralizedconguration,theH-QoSprovidesdelicateQoSforhigh-qualityservicesandusers,reducestheconstructioncostoftheequipmentaccessedintothenetwork,andsimpliesthemaintenancecostoftheentirenetwork.Additionally,theH-QoSimprovestheQoSoftheentirenetwork.3-17SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionTheH-QoSprovidesdelicateschedulinginhierarchalmodeandprovidesreliableservicesupportforuserstodeploymultipleservices.TheZXR10ZSRV2supportsthefollowinghierarchalQoSfeatures:lSupportsmulti-hierarchytrafcmanagementthroughsettingmulti-hierarchyscheduler,meetingnetworkdeploymentrequirements.lSupportsmulti-user,multi-service,andmulti-trafcclassicationrequirementstoperformcongestionavoidanceandtrafcshaping.lSupportspacketmarkinginH-QoSqueuescheduling.lSupportstrafcstatisticsforserviceschedulinginthehierarchalQoSandprovidesvisualizedmanagementofthetrafcservicemodel.Thismeansthat,themaintenanceandmanagementpersonnelhavebetterunderstandingofthenetwork.3.7SecurityFeatures3.7.1ACLAnACLisusedtopermitordenypacketowsbasedonconguredrules.PacketlteringrulesdeterminetheACLtype.ACLrulescanbedenedbasedonthefollowingconditions:lMACaddresslVLANlSourceIPaddresslDestinationIPaddresslSourceportnumberlDestinationportnumberlTransport-layerprotocolnumberlT oSlTimerangeAfteranACLiscreated,itmustbeappliedonaninterface.Dataowsonaninterfacearebidirectional,sothedirection(inputoroutput)mustbespeciedwhenanACLisappliedonaninterface.TocongureanACLonaninterface,anACL,theinterfaceonwhichtheACLisapplied,andthedirectioninwhichtheACLisappliedontheinterfacemustbedened.TheACLoperationprocedureisasfollows:1.TheACLtypeisidentiedthroughtheACLserialnumber.PacketsarecheckedbasedontheACLtodeterminewhetherthepacketscanpasstheinterface.2.ACLrulesareusedforcheckingpacketsinaccordancewiththecongurationorderoftherules.Rulesconguredrstareusedforcheckingpacketsrst.3.Oncethepacketsmatcharule,therouterstopscheckingthepackets.4.Forthematchedpackets,whetherthepacketsareallowedtopasstheinterfacedependsonthecorrespondingaction(permitordeny)conguredfortherule.5.Ifthepacketsmatchnorule,thedefaultruleisused,thatis,thepacketsaredisallowedtopasstheinterface.3-18SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesTheZXR10ZSRV2providesthefollowingACLfeatures:lSupportsstandardACLsandextendedACLslSupportsL2ACLs,L3ACLs,andL2/L3hybridACLslSupportsACLtimerangelSupportsACLlogstatisticslSupportscollectingstatisticsonthehitratelSupportsACLbindinginbatches3.7.2Anti-AttackIPSourceAttackDefenseTheZXR10ZSRV2supportsthefollowingIPsourceattackdefensemechanisms:lIPandMACbinding:Inaccordancewithconguration,abindingrelationshipcanbeestablishedbetweenthespeciedIPaddressandMACaddress.ForpacketswiththespeciedIPaddress(source),iftheMACaddressisdifferentfromtheboundMACaddress,thepacketsaredropped.ThispreventsattacksbypacketswithfalseIPaddresses.lARPscanning:StaticIPandMACassociationtablecanbegeneratedinbatchesthroughtheARPscanningfunction.lIPsourceguard:WhentheZXR10ZSRV2isusedasaL2device,abindingtablecanbeusedtoguardIPsourcecheat.ARPAttackDefenseTheZXR10ZSRV2supportsthefollowingARPattackdefensemechanisms:lUsesperiodicgratuitousARPpackets,sothatusers'packetcanbeproperlyforwardedtogatewayswithoutbeingattackedorintercepted.lUsesstrictARPleaningtopreventARPcheat.lUsesARPprotectiontopreventARPcheat.lUsesdynamicARPinspectiontopreventARPcheat.lUsesARPpacketsuppressiontopreventARPooding.lUsesARPMissmessagesuppressiontopreventARPooding.3.7.3FirewallSecurityZoneTheZXR10ZSRV2supportssecurityzones,includingtheDMZ.Allsecuritypoliciesareimplementedbasedonsecurityzones.Aftersecurityzonesarecongured,therewallfunctioncanbeconguredinthesecurityzones.Securityzonecongurationincludesthesecurityzonename,priority,interfaceaddedtothesecurityzone,andtheDMZ.Ingeneral,aDMZisalteringsubnetthatprovidesasecurityzonebetweenaninternalnetworkandexternalnetwork.3-19SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionPacket-FilteringFirewallandFragmented-MessageFilteringPacketscanbelteredthroughACLconguration.Packetsarelteredbasedoninformationsuchastheprotocolnumberoftheupper-layerprotocoloperatingoverIP ,sourceIPaddress,destinationIPaddress,sourceportnumberanddestinationportnumberinapacketandthepackettransmissiondirection.Packetlteringisusedintherewallfunction.T oforwardapacket,theZXR10ZSRV2retrievesinformationintheheaderofthepacketandchecksthepacketbasedontheACLrules.TheZXR10ZSRV2determineswhethertoforwardordropthepacketbasedonthecomparisonresult.Packetlteringsupportsfragmented-messageltering.Thepacketlteringrewallidentiespackettypes,suchasnon-fragmentedmessage,rstfragmentedmessage,andnon-rstfragmentedmessage.Alltypesofpacketsareltered.StatefulFirewallStatefulrewallisanextensionofthepacket-lteringrewall.IttakeseachpacketasanindependentunittoperformACLcheckandltering,andalsoconsidersapplication-layerassociativitybetweenpackets.lThestatefulrewallusesdifferentstatetablestomonitorTCPsessionsorUDPsessions.TheACLdeterminesthesessionsthatareallowedtobeestablished.Onlythepacketsrelatedtotheallowedsessionsareforwarded.lForaTCPsessionorUDPsession,thestatefulrewallanalyzestheapplication-layerstateinformationaboutpackets,andlterspacketsthatdonotmatchthecurrentapplication-layerstate.lThestatefulrewallhastheadvantagesofthepacket-lteringrewallandproxyrewall,providingthehighspeedandsecurity.Thestatefulrewallperformslteringforapplication-layerpackets,meaningstate-basedpacketltering.Thestatefulrewallcandetecttheinformationabouttheapplication-layerprotocolsessionthatwantstopasstherewall.Thestatefulrewallmaintainsthesessionstateandcheckstheprotocolnumberandportnumberofsessionpackets.Ifthepacketsdonotmatchrules,thepacketsaredisallowedtopasstherewall.Thestatefulrewallmaintainsthestateinformationabouteachconnectiontodynamicallydeterminewhethertoallowpassingthepacketsordropthepackets.Thestatefulrewallalsocanmonitorvariousapplication-layerprotocoltrafc.BlacklistThebacklistisusedtolterpacketsbasedonsourceVPNandsourceIPaddress.ThepacketeldscheckedbytheblacklistaresimplerthanthosecheckedbyACLs,sopacketscanbelteredathighspeeds.Inthisway,packetssentfromthespeciedIPaddressesareshielded.Theblacklistcanbestaticallyconguredordynamicallygeneratedbytherewall.BesidestheIPaddressesstaticallyconguredintheblacklist,whentheZXR10ZSRV2detectsthatthereareIP-scanningattacksorport-scanningattacksfromthespecicIP3-20SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesaddress,thisIPaddressisaddedtotheblacklist.Iftheblacklistfunctionisenabled,anypacketsformtheIPaddressareltered.Theagingperiodofthestaticblacklistanddynamicblacklistcanbecongured.Whenpacketsmatchtheblacklist,evenifthepacketsarepermittedinaccordancewiththeACLrules,therewalldropsthepackets.Blacklistcongurationcanbeexportedtoale,andblacklistcongurationcanbeimportedthroughale.WhiteListIftheIPaddressandVPNofahostareaddedtothewhitelist,therewalldoesnotperformIP-scanningattackcheckorport-scanningattackcheckforpacketssentfromthehost.TherewalldoesnotaddtheIPaddresstodynamicblacklist,andtheIPaddresscannotbeaddedtothestaticblacklist.Afterreceivingapacket,theZXR10ZSRV2checkswhetherthesourceIPaddressofthepacketisinthewhitelist.Ifyes,theZXR10ZSRV2doesnotperformIP-scanningattackcheckorport-scanningattackcheckforthepacket,anddoesnotaddtheIPaddresstothedynamicblacklist.Othersecuritylteringproceduresareperformed,suchasACLpacketltering,statefulrewall,andtrafcstatisticsandmonitoring,whichachievestheoptimalsecuritylteringeffects.Theagingperiodcanbeconguredforthewhitelist.Whitelistcongurationcanbeexportedtoale,andwhitelistcongurationcanbeimportedthroughale.Anti-DDOSAttackAsthenetworkenvironmentbecomesmoreandmorecomplicated,asthecorepartprocessingvariouscomplicatedprotocoldatapackets,thecontrol-layerprocessoroftherouterequipmentiseasiertobeattackedbynetworkbroadcaststorms,PINGooding,andTCPsynooding.TopreventtheseattacksfromaffectingtheCPUandevenleadingtoserviceerror,pause,orinterruption,theZXR10ZSRV2providesaexibleandcompletestream-controlmechanismforthetrafcenteringthecontrollayer.lTheZXR10ZSRV2dividesreceivedCPUtrafcintoseveralqueueswithdifferentprioritiestoensurethatimportantprotocolpackets,suchastheBGPandtheOSPF ,andcustomizeddatapacketsareprocessedpreferentially.Eachqueuesetsdifferentthresholdsfordifferentpackettypes.lTheZXR10ZSRV2supportsCARspeedlimitforthetrafcsentfromthephysicalingressports.lTheZXR10ZSRV2supportstheCARspeedlimitforcustomizedpacketsinaccordancewiththesourceaddress,protocoltype,TCP/UDPportnumber,andthephysicalingressportnumber.lTheZXR10ZSRV2supportsthecongurationofthenumberofpacketssentpersecondandtheirprioritiesinaspecicrule.lTheZXR10ZSRV2supportsthefunctionofdetectingexceptionsforpacketssentfromlogicalports.TheZXR10ZSRV2checksthespeedofallreceivedpacketsonlogicalports,stopsthepacket-receivingoperationontheportwhenitndsthat3-21SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionthetrafcsentontheportreachesthespeciedthreshold,extendstheoperationappropriately,andthencontinuesreceivingpackets.Throughdividingandtreatingdatapacketswithdifferentpriorities,themulti-queuesendingtechnology,thecongurationoftheportsendingpolicy,andthespeedlimitforsentstreams,theZXR10ZSRV2effectivelyensuresthatimportantdatapacketswithhigherprioritiesaresentpreferentially,andshieldsattacksfromerrorpackets.Anti-DOSAttackTheZXR10ZSRV2supportsthefollowinganti-DOSattackmechanisms:lLANDattackdefenselSmurfattackdefenselWinNukeattackdefenselSYNoodattackdefenselICMPoodattackdefenselUDPoodattackdefenseAnti-ScanningAttackTheZXR10ZSRV2supportsthefollowinganti-scanningattackmechanisms:lPing-deathattackdefenselLarge-ICMPattackdefenselICMP-unreachableattackdefenselICMP-redirectattackdefenselICMPfragmentattackdefenselIPfragmentattackdefenselT eardropattackdefenselFraggleattackdefenselTracertattackdefenseAnti-Abnormal-PacketAttackTheZXR10ZSRV2supportsthefollowinganti-abnormal-packetattackmechanisms:lAbnormalTCPpacketattackdefenselIPincorrectoptionattackdefenselSynfragmentattackdefenselUnknownprotocolattackdefenselIPspoongattackdefenselIPoptionpacketattackdefenselTCPNo-FlagpacketattackdefenselTCPSynFinpacketattackdefenselTCPFin-No-Ackpacketattackdefense3-22SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures3.7.4MultipleSecurityAuthenticationModesAAATheZXR10ZSRV2supportmultiplesecurityauthenticationmodes.Withdifferentauthenticationpoliciesforuseraccess,theZXR10ZSRV2providescompleteAAAauthenticationandauthorizationfunctions.Differentaccessauthenticationpoliciescanbeconguredtoperformdifferentauthenticationandauthorizationforusersselectivelyasneeded.TheAAAsupportsthefollowingthreeauthenticationmodes:lLocalauthenticationlRADIUSauthenticationlTACACS+authenticationTheAAAsupportsthefollowingfourauthorizationmodes:lDirecttrustingauthorization:TheAAAperformsauthorizationwithouttheuseraccount.lLocalaccountauthorization:TheAAAperformsauthorizationinaccordancewithuseraccountsconguredlocally.lTACACS+authorization:TheTACACS+isdividedintoauthenticationandauthorization.TheTACACS+serverauthorizesusers.lAuthorizationaftersuccessfulRADIUSauthentication:TheauthorizationandauthenticationoftheRADIUSprotocolcannotbesplit.ProtocolSecurityValidationInaccordancewiththesecurityvalidationrequirementsofdifferentprotocols,theZXR10ZSRV2providescompleteprotocolsecurityvalidationfunctionsfortheSecureShell(SSH),PPP ,routingprotocol,andSNMPprotocol.SecurityvalidationfortheSSHprotocol:lSupportsencryptionauthenticationbasedontheMD5lSupportsencryptionauthenticationbasedontheSHA1SecurityvalidationforPPPaccess:lSupportsthePasswordAuthenticationProtocol(PAP)-basedvalidationmode.lSupportstheChallengeHandshakeAuthenticationProtocol(CHAP)-basedvalidationmode.Securityvalidationfortheroutingprotocol:lSupportstheexplicitpacketauthenticationfortheRIPv2,OSPF ,andIS-IS.lSupportstheMD5-basedencryptionauthenticationfortheRIPv2,OSPF ,IS-IS,andtheBGP .lSupportstheMD5-basedencryptionIPSecAHauthenticationfortheRIPng,OSPFv3,andtheBGP-4+.3-23SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionlSupportstheSHA1-basedencryptionIPSecAHauthenticationfortheRIPng,OSPFv3,andtheBGP-4+.SNMPsecurityvalidation:SupportstheencryptionandauthenticationfortheSNMPv3.3.7.5uRPFTheZXR10ZSRV2supportstheURPFfunctiontoavoidnetworkattacksbasedonsourceaddresscheats.ThesourceaddresscheatingmethodiscommonamongDoSattacks.Theattackerfakesasourceaddress(whichisnormallyavalidnetworkaddress)toaccesstheequipmenttopreventitfromprovidingservicesproperly.TheURPFcaneffectivelyavoidsthistypeofattacks.TheZXR10ZSRV2supportsthefollowingURPFfeatures:lSupportstheStrictRPFcheckingfunction.lSupportstheLooseRPFcheckingfunction.lSupportstheLooseRPFcheckingfunctionthatignoresthedefaultroute.lSupportstheACLcheckingfunction.3.8NetworkReliabilityPingDetectThePingDetectautomaticdetectionfunction,whichusesrequest/responsepacketsoftheICMPtodetectwhetherthedestinationisreachable,andfeedsbackthedetectionresulttotheassociatedstandbyfunctionmoduletotriggeractive/standbyswitchover.Thismeansthat,itprovidesthebackupfunctionbasedontheavailabilityofapplicationsonthenetworklayer.BFDAnimportantfunctionofanynetworkequipmentistoquicklydetectcommunicationfaultswithadjacentsystemsandrapidlycreateotherpaths.TheBFDprotocolgreatlysupportsthispurpose.TheBFDisusedtoprovidealow-loadandfastfaultdetectionmechanismbetweenadjacentforwardingengines.TheBFD,togetherwiththeFRR,canprovidemillisecond-levellinkdetectionandrouteswitchoverfunctionsontheforwardinglayer.TheZXR10ZSRV2supportsthefollowingBFDfeatures:lSupportstheBFDdetectionfunctionofversion0andversion1.lSupportstheBFDforBGPdetection.lSupportstheBFDforOSPFdetection.lSupportstheBFDforIS-ISdetection.lSupportstheBFDforLDPLSPdetection.lSupportstheBFDforTEtunneldetection.3-24SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatureslSupportstheBFDforstaticroutenext-hopdetection.lSupportstheBFDforpolicyroutedetection.lSupportstheBFDforVRRPdetection.FRRWhenparticularlinksornodesinthenetworkbecomeineffective,thepacketsreachingthedestinationtroughtheseineffectivenodesmaybediscardedorformaloop.Trafcinterruptionortrafcloopinevitablyoccursinthenetworkuntilthenetworkre-convergestocalculateoutanewtopologyandroute.Theinterruptionnormallycontinuesforseveralseconds.T oreducethetrafcinterruptionperiodinthenetwork,amechanismmustbeprovidedtoprovidethefollowingfunctions:lRapidlydiscoversineffectivelinks.lRapidlyprovidesanotherrecoverypathwhentherstlinkfails.lAvoidstheforwardingloop"micro-loop"inthefollow-upnetworkrecoveryprocess.TheZXR10ZSRV2providesIPFRRandMPLSFRRfunction.lWiththeIPFRRfunctionprovidedbytheZXR10ZSRV2,theroutingprotocolmoduleavoidsno-loopactive/standbyroutesinaccordancewiththeloopconguredbytheuser.Duringtheforwardingprocess,theforwardingmoduleforwardstrafcaccountingtotheactiverouteanddetectstheportstatusoftheactiveroute.Whenanexceptionoccursontheactiveport,theZXR10ZSRV2rapidlyswitchesthetrafcovertothestandbyroute,whichreducesthetrafcswitchoverperiodandthenumberofdiscardedpackets.TheIPFRRisnormallyusedtogetherwiththeroutingprotocol.TheZXR10ZSRV2supportsthefollowingIPFRR:staticrouteFRR,OSPFFRR,IS-ISFRR,andBGPFRR.lMPLSFRRisalocalisedprotectiontechnologyforMPLS-TEnetworks.AftertheFRRfunctionisconguredforanLSP ,whenalinkornodeintheprotectedLSPfails,trafcisreroutedtothestandbylink.FRRisameasurefortemporaryprotection.WhentheprotectedlinkisrecoveredoranewLSPisestablished,trafcisreroutedtotheprotectedLSPorthenewLSP .VRRPByprovidingasetofdetectionandcompetitionmechanism,theVRRPprotocolprovidesthegatewaybackupfunctionsinthemulti-addressaccessLAN(suchastheEthernet).TheVRRPprotocolbacksupgatewayequipmentsintheLANtomaintaintheinterruptedoperationofhostequipmentaccessedintothenetworksystem.Thatis,theVRRPbacksuptheroutenext-hopequipmentfortheaccessedhostequipment.TheZXR10ZSRV2supportsthefollowingVRRPfeatures:lSupportsbasicfunctionsoftheVRRP .lSupportstheheartbeatlinefunctionoftheVRRP .lSupportsthebindingoftheVRRPandtheBFDdetection.lSupportsthebindingoftheVRRPandthePINGdetection.3-25SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionlSupportsdetectingthestatusofspeciedportsthroughtheVRRP .lSupportsdetectingkeyrouteinformationthroughtheVRRP .lSupportsVRRPgroupmanagementfunctionstouniformlyreceiveorsendprotocolpacketsinseveralVRRPgroups.lSupportstheVRRPMIBfunction.3.9IPv6Features3.9.1IPv6BasicFunctionsTheZXR10ZSRV2supportsIPv4/IPv6dual-protocolstacks.lSupportstheIPv6basicprotocol,IPv6protocol,andtheNeighborDiscoveryprotocol.lSupportstheTELNET6andtheSSHv6forremoteuserloginandconnection.lSupportstheTCP6,UDP6andtheSocketIPv6.lSupportstheIPv6DHCPRelay/ServerandtheDNS6Client.lSupportsthePMTUdiscoveryfunction.lSupportsIPv6linkdetectionfunctionssuchasthePing6andtheTrace6.lSupportstheIPv6ACLfunction.lSupportstheIPv6QoSfunction.lSupportssecurityfunctionsuchastheIPv6VRRPandtheIPv6uRPF .3.9.2IPv6UnicastRoutingProtocolsOverviewTheZXR10ZSRV2supportsunicastroutingprotocolssuchastheIPv6staticroute,RIPng,OSPFv3,IS-ISv6,BGP4+,andtheIPv6policyroute.IPv6StaticRouteTheIPv6staticrouteindicatesthatthenetworkadministratorspeciestherouteinformationintheIPv6routingtablethroughcongurationcommands.ItdoesnotcreatetheroutingtableinaccordancewiththeroutingalgorithminthesamewayastheIPv6dynamicroute.Whenthedynamicrouteiscongured,routersneedtofrequentlyexchangeroutingtableswitheachotherandwilleasilybecomeoverloaded.Thestaticroutecanbeusedtosolvethisproblem.Withthestaticroute,theuseronlyneedstomakefewcongurationstoavoidusingthedynamicroute.TheZXR10ZSRV2supportsthecongurationoftheIPv6staticroutebyspecifyingthenexthoportheegressinterface.RIPngBasedontheUDP ,theRIPngusesport521tosendandreceivedatapackets.3-26SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesTheZXR10ZSRV2supportstheRIPngbasicprotocol,routesummaryandredistribution,RIPngrouteloadsharing,RIPngprotocolMIBfunction,RIPngVRFaccessinstance,andthefunctionofassociatingtheIPv6BFDwiththeRIPng.OSPFv3TheOSPFv3isusedtoprovidetheroutingfunctionintheIPv6network.TheZXR10ZSRV2supportstheOSPFv3basicprotocol,routesummaryandredistribution,OSPFv3routeloadsharing,OSPFv3authentication,OSPFv3protocolMIBfunction,OSPFv3VRFaccessinstance,andthefunctionofassociatingtheIPv6BFDwiththeOSPFv3.IS-ISv6TheworkprincipleoftheIS-ISv6issimilartothatoftheIS-ISv4.TheZXR10ZSRV2supportstheIS-ISv6basicprotocol,routesummaryandredistribution,IS-ISv6routeloadsharing,IS-ISv6routeltering,IS-ISv6authentication,IS-ISv6protocolMIBfunction,IS-ISv6VRFaccessinstance,andthefunctionofassociatingtheIPv6BFDwiththeIS-ISv6.BGP4+TheBGP4+isanextensionoftheBGPprotocol.ItinheritsthebasicmessageformatoftheBGP4andaddsextendedattributesfortransmittingtheIPv6routinginformation.TheZXR10ZSRV2supportsthebasicprotocol,routeattributes,routesummary,routedistribution,reector,andalliancefunctionsoftheBGP4+,policylteringofBGP4+routes,BGP4+routeloadsharing,BGP4+authentication,BGP4+protocolMIBfunction,BGP4+VRFaccessinstance,andthefunctionofassociatingtheIPv6BFDwiththeBGP4+.IPv6PolicyRouteTheconceptandprincipleofthepolicyrouteintheIPv6arethesameasthoseintheIPv4,exceptthatIPv6addressesandroutesareusedfortheconguration.3.9.3IPv6MulticastRoutingProtocolsOverviewIPv6multicastisdifferentfromIPv4multicastinthattheIPv6multicastaddressmechanismisgreatlyenhanced.Butgroupmembermanagement,multicastpacketforwarding,andmulticastrouteestablishmentfunctionsarebasicallythesameasthoseinIPv4multicast.MLDTheMLDprotocoloriginatesfromtheIGMPprotocol.TheMLDv1correspondstotheIGMPv2,andtheMLDv2correspondstotheIGMPv3.3-27SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionDifferentfromtheIGMPprotocolthatusesthepackettypewiththeIPprotocolnumberof2,theMLDprotocolusestheICMPv6(withtheIPprotocolnumberof58)packettype,includingtheMLDquerypacket(type130),MLDv1reportpacket(type131),MLDv1leavingpacket(type132),andMLDv2reportpacket(type143).TheMLDprotocolandtheIGMPprotocolhavedifferentpacketformat,buttheirprotocolbehaviorsarecompletelythesame.TheZXR10ZSRV2supportstheMLDv1/v2protocol.IPv6PIMTheIPv6PIMprotocolisdifferentfromtheIPv4PIMintheIPaddressstructureinthepacket,butotherprotocolbehaviorsinthemarebasicallythesame.TheIPv6PIMalsosupportstheSM,DM,andSSMmodes.TheZXR10ZSRV2supportstheIPv6PIM-DM,IPv6PIM-SM,andIPv6ProtocolIndependentMulticast-SourceSpecicMulticast(PIM-SSM)protocols.3.9.4IPv6TunnelFunctionsOverviewTheZXR10ZSRV2supportsIPv6tunnelprotocols,includingIPv6overIPv4congurationtunnelandautomatictunnel,IPv4overIPv6tunnel,andISATAPtunnel.IPv6overIPv4TheIPv6overIPv4tunnelmechanismencapsulatesIPv4packetheadersbeforeanIPv6datapacketandpassestheIPv6packetovertheIPv4networkthroughtunnelstoprovidetheinterconnectionofseparatedIPv6networks,seeFigure3-3.Figure3-3IPv6overIPv4TunnelPrincipleTheIPv6overIPv4tunnelcanbeestablishedbetweenhosts,fromahosttoanequipment,fromanequipmenttoahost,orbetweenequipments.ThedestinationofatunnelmaybethenaldestinationoftheIPv6packet,ortheIPv6packetcanbefurtherforwarded.In3-28SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesaccordancewiththedifferentwaysofacquiringIPv4addressesonthetunneldestination,tunnelscanbedividedintocongurationtunnelsandautomatictunnels.lIfthedestinationaddressofanIPv6overIPv4tunnelcannotbeautomaticallygotfromthedestinationaddressoftheIPv6packet,itneedstobemanuallycongured.Thistypeoftunneliscalledthecongurationtunnel,suchasthe6in4tunnelandtheGREtunnel.lIftheinterfaceaddressofanIPv6overIPv4tunnelusesthespecialIPv6addressformatwithanIPv4address,theIPv4addressofthetunneldestinationcanbeautomaticallygotfromthedestinationaddressoftheIPv6packet.Thistypeoftunneliscalledtheautomatictunnel,suchasthe6to4tunnelandtheISATAPtunnel.IPv4overIPv6TheIPv4orIPv6overIPv6tunnelprotocolencapsulatesIPv4orIPv6datapackets,sothatthedatapacketscanbetransmittedinanotherIPv6network.TheencapsulateddatapacketistheIPv6tunnelpacket,seeFigure3-4.Figure3-4IPv4overIPv6TunnelPrincipleISATAPTheISATAPcanaccessthedual-stacknodeinsidetheIPv4siteintotheIPv6routerthroughtheautomatictunnel,sothatthedual-stacknodethatdoesnotsharethesamephysicalnodewiththeIPv6routercansenddatapacketstotheIPv6nexthopthroughtheIPv4automatictunnel.TheISATAPtransitionmechanismusestheIPv6addresswithanIPv4address,sotheIPv6-in-IPv4automatictunneltechnologyisusedinthesitewithetheraglobalIPv4addressoraprivateIPv4address.BecausetheISATAPaddressformatusesboththesiteunicastIPv6addressprexandtheglobalunicastIPv6addressprex,theISATAPsupportsbothsiteandglobalIPv6routes.3-29SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription3.9.56PEand6VPE6PEInanIPv4MPLSnetwork,6PEusesanexistingMPLStointerconnectislandingIPv6networks.6PEusestheBGP/MPLSVPNprincipletoestablishMP-BGPpeersbetweenPEs.IPv6routesinIPv6sitesaredistributedbetweenthePEs,andpacketsareforwardedthroughIPv4MPLSlabelsintheIPv4network.Inthisway,islandingIPv6networkscancommunicatewitheachother.6VPEThe6VPEisatechnologyusedtoprovideBGPMPLSVPNservicesintheIPv6usernetwork.Theworkprincipleofthe6VPEoriginatesfromtheBGPMPLSVPNintheIPv4,andthe6VPEisanextensionoftheIPv4BGPMPLSVPN.The6VPEisnotrestrictedtoIPprotocolversionsusedonthebackbonenetwork.Thismeansthat,theIPv6VPNtrafcistransmittedthroughIPv6tunnelsorIPv4tunnels.TheZXR10ZSRV2supportsthe6VPEandsupportstoruntheIPv6staticroute,RIPng,OSPFv3,IS-ISv6,andEBGPprotocolsbetweenCustomerEdges(CEs)andProviderEdges(PEs).3.9.6NAT64NAT64isanIPv4-IPv6transitiontechnologythroughwhichIPv6hostscanuseIPv4services.ThekeyofIPv6networktransitionisusers'IPv6transition.NAT64allowsIPv6userstouseIPv4applicationservices.NAT64isdenedtobewidelyusedinscenarioswhereIPv6clientsinitiateIPv4servicesessions.ItsimpliesNAT-PTscenarios,andfacilitatesdeployment,operationandmaintenance.Figure3-5showsaNAT64applicationscenario.Figure3-5NAT64ApplicationScenario3-30SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeaturesNAThasthefollowingfeatures:lAnIPv6hostactivelysendsaconnectionrequesttoanIPv4service.lTheNAT64unitisseparatedfromtheDNSunit.NAT64onlysupportssessioninitiatedbyIPv6hostsforIPv4services,andaddressmappingtoIPv4serveraddressesissimpleinIPv6networks,soitisunnecessarytoperformcomplicatedmanagementforassociationsbetweendomainnamesandaddresses.ThisavoidstheDNSsecurityproblemandDNSSECcompatibilityproblem.lTheDNSneedstosupporttheDNS64function.TheDNSusedinNAT64mustsupporttheDNS64function,sothatArecordscanbetranslatedintoAAAArecords.WhenthereisnoAAAArecordinthesystem,ArecordscanbequeriedthroughDNSproxy.TheZXR10ZSRV2supportstheNAT64function.3.10NATNATcantranslateanIPaddressinonenetworktoanotherIPaddressinanothernetwork.Ingeneral,NATisusedtomaponeaddressusedinaprivatenetworkorintranettooneormultipleaddressesusedinapublicnetworkorInternet.NAThasthefollowingadvantages:lLimitsthenumberofIPaddressesusedinprivatenetworksthatneedIANAregistration.lSavesthenumberofglobalIPaddressesneededinprivatenetworks.(Forexample,oneentitycanuseoneIPaddressforcommunicationintheInternet.)lMaintainsprivacyofLANs,becauseinternalIPaddressesarenotpublic.TheZXR10ZSRV2hasthefollowingNATfeatures:lSupportsin/outsideNATlSupportsNAT44andNAT64lSupportsmulti-egressNATlSupportsstaticNATanddynamicNATlSupportsmappingmode,lteringmode,andhybridmodelSupportsPATlSupportsALGapplications,includingTCPALG(FTP ,RSTP ,H323,andPPTP),UDPALG(DNS,SIP ,andH323),andICMPALG3.11NetworkManagementFeaturesOverviewTheZTENetNumenTMisanetworkmanagementsystemconstructedonthedatacommunicationnetwork,whichperformscentralizedmaintenanceandmanagement3-31SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionuponvarioustypesofnetworkequipmentinawideareaandcomplicatedapplicationenvironment.NetworkManagementNetworkArchitectureThefollowingtwonetworkarchitecturescanbeusedbetweentheNetNumenTMnetworkmanagementsystemandtheZXR10ZSRV2:lIn-bandmanagement:ThenetworkmanagementinformationandtheservicedataistransmittedinthesamechannelwithoutextraDCNnetwork.lOut-of-bandmanagement:Thenetworkmanagementinformationistransmittedinthenetworkmanagementnetworkindependentoftheservicedata.SoanextraDCNnetworkisrequired.TheNetNumenTMnetworkmanagementsystemisconnectedtotheout-of-bandmanagementportoftheZXR10ZSRV2,sothenetworkinformationandtheserviceinformationcanbetransmittedseparately.NetNumenTMNetworkManagementSystemTheNetNumenTMU31(BN)networkmanagementsystemisauniednetworkmanagementsystemdevelopedbyZTEtomanageSynchronousDigitalHierarchy(SDH),Multi-ServiceTransportPlatform(MSTP),WavelengthDivisionMultiplexing(WDM),PacketTransportNetwork(PTN),OpticalTransportNetwork(OTN),andIPequipment(routersandswitches).ItcoversmanagementlayersincludingNEmanagement,networkmanagement,andservicemanagement.TheNetNumenTMU31(BN)networkmanagementsystemprovidesthefollowingfunctions:lFaultmanagement:ensuresthestableoperationofthenetwork.lPerformancemanagement:enablestheusertohaveacompleteunderstandingofservicesituationsinthenetwork.lResourcemanagement:ensuresthatnetworkresourcesareutilizedproperly.lViewmanagement:ensuresthattheuserhaveaclearviewofthenetworkoperationalstatus.lCongurationmanagement:providesfastservicedeployment.lSecuritymanagement:guaranteesnetworksecurity.lNorthboundinterface:supportsthird-partysystemintegration.NetowTheNetowtechnologycanquicklydistinguishdifferenttypesofserviceowstransmittedinthenetworkbyanalyzingattributesofIPdatapackets.TheNetowseparatelytracesandaccuratelymeasureseachdataowthatisdistinguishedout,recordsitsowattributessuchasthetransmissiondirectionanddestination,countsitsstartingtime,endingtime,servicetype,andtrafcinformationsuchasthenumberofdatapacketsandbytesincludedinthisow.TheNetowoutputstheoriginalrecordsofthecollecteddataowtrafcandowdirectioninformationatregularintervals,automaticallysummarizesoriginalrecords,andoutputsthestatisticalresults.TheZXR10ZSRV2supportsthefollowingNetowfeatures:3-32SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatureslComplieswiththemainstreamv5,v8,andv9packetformatsintheindustry.lSupportssendingpacketstotheserverinIPv4/UDPmode.lSupportsthemodeofinitiallyreportingpackets.lSupportsthecongurationofactiveandinactiveagingperiodsinthecache.lSupportsmultipleservers.lsupportsrandomsamplingbyow.lSupportsthecongurationofinterfacetrafcsamplingrates.lSupportstheNetowsamplingfunctiononphysicalinterfacesandsub-interfaces.lSupportsseparatesamplingintheingressandegressdirectionsofaninterface.lSupportsindependentsamplingofmultipleservicesinonedirection,suchasunicast,multicast,andMPLS.lSupportssamplingratesrangingfrom65535:1to1:1.NetworkLayerDetectionTheZXR10ZSRV2providesseveralnetwork-layerdetectionfunctionsbasedonPingandTracefunctions,suchasIPPing,IPTrace,LSPPing,LSPTrace,multicastPing,andmulticastTrace.3.12SystemOperationandMaintenanceMultipleCongurationModesTheZXR10ZSRV2providesmultipleequipmentloginandcongurationmodesfortheusertoselecttheappropriateconnectioncongurationmodeasneeded.lCongurationthroughtheserialportconnectionlCongurationthroughtheT elnetconnectionlCongurationthroughtheSSHprotocolconnectionlCongurationthroughtheSNMPconnectionlVersionupgradethroughUSBlDHCPautomaticcongurationlIn-batchversionupgradethroughNMSSystemMonitoring,ManagementandMaintenanceTheZXR10ZSRV2supportsequipmentmonitoring,management,andmaintenanceinseveralmodes,sotheequipmentcanperformthecorrespondingtroubleshootingundereachabnormalsituationandprovideuserswithparametersduringtheequipmentoperationprocess.Equipmentmonitoringfunctionsinclude:lThereareindicatorsonthepowermodule,thefanmodule,themaincontrolmodule,andeachinterfaceboard,toindicatetheoperationalstateofparts.lThefanmoduleperformsfanmonitoringtodetectthefanexistencestatusinformationandadjustthefanspeedintelligently.3-33SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionlThepowermodulefunctionprovidestheexistenceinformation,statusinformation,powerinformation,andtheAC/DCinformationofthepowermodule.lWhenthefanmodule,thepowermodule,orthetemperaturebecomesabnormal,thesystemraisessoundalarmsandalarmpromptsonthesoftware.lThenetworkmanagementsystemcollectstemperatureindistributedmodetomonitorthetemperatureofeachboard.lHot-pluggingeventsandswitchovereventsonthemaincontrolboardarerecordedforuserstoquery.lThenetworkmanagementsystemautomaticallychecksversioncompatibilityduringthesystemoperatingprocess.lThenetworkmanagementsystemmonitorstheoperationalstateofthesoftware.Iftheproperoperationoftheequipmentisaffectedduetoabnormalsituations,thesystemrestartsthelineinterfaceboardorswitchesovertheactive/standbymaincontrolboards.Equipmentmanagementandmaintenancefunctionsinclude:lThesystemprovidesexibleonlinehelpinCLImode.lThesystemsupportsoperationsbyseveraluserssimultaneously.Theoperatorcanspecifywhethertoallowthisfunctionthroughthecorrespondingcommand.lThesystemprovidesmultileveluserpermissionmanagementfunctionsandautomaticallyrecordsuseroperationlogs.lThesystemprovidestheuniedmanagementoflog,alarmanddebugginginformationintheinformationcenter.lThesystemprovidestheCLImodeforuserstoquerythebasicinformationofeachmaincontrolboard,interfaceboard,andopticalmodule.lThesystemenablestheusertologinthroughtheconsoleportwithorwithoutspecifyingtheusernameandpassword.lThesystemprovidesthequeryofseveralinformationitems,includingthesoftwareversioninformation,partsstatus,environmenttemperature,CPUoccupancy,andmemoryoccupancy.lThepasswordsofnormaluserscanbedisplayedinexplicittextsorinencryptedmode.lThesystemprovideslayeredmanagementofequipmentalarms,supportsalarmclassicationandalarmlteringfunctions,andcanoutputalarmstotheremoteserver.DiagnosisandDebuggingTheZXR10ZSRV2providesseveraldiagnosisanddebuggingmethodsforuserstogetmoredebugginginformationthroughmoremethodsduringequipmentdebugging.TheZXR10ZSRV2supportsthededicateddiagnosisanddebuggingcommandmode,andsupportscompleteequipmentdiagnosisandtestingfunctions.Theusercandetecttheequipmentatanytimeandremotelyidentifythecausewhenafaultoccursontheequipment.TheZXR10ZSRV2supportsthefollowingdiagnosisanddebuggingmodes:lDetectingtheoperationalstatusoftheequipment3-34SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatureslPerformingthePingandTraceRoutefunctionslDebugging3-35SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionThispageintentionallyleftblank.3-36SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter4NetworkApplicationsTheZXR10ZSRV2canbeusedasanegressgatewayinenterprisenetworks,andusedinenterpriseheadquartersandbranchaccessnetworks,convergenceandaccessnetworksofverticalindustrialnetworks,andtelecomoperators'CPEandDCNnetworks.TableofContentsApplicationScenarioofAccessNetworksofEnterpriseHeadquartersandBranches.4-1ApplicationScenarioofEgressGatewaysinEnterpriseNetworks..............................4-2ApplicationScenarioofConvergenceandAccessNetworksofIndustryNetworks.....4-4ApplicationScenarioofTelecomOperators'DCNNetworks.......................................4-54.1ApplicationScenarioofAccessNetworksofEnterpriseHeadquartersandBranchesAsarouterinaccessnetworksofheadquartersandbranchesinsmall/medium-sizeenterprises,theZXR10ZSRV2providesbothnetworkconnectionsforNEsinsideenterprises,andaccesstoexternalWANsandenterpriseVPNs,thusensuringthatenterpriseuserscanaccessboththeInternetandenterprisenetworksrapidly,securelyandreliably.Figure4-1showsatypicalaccessnetworkofenterpriseheadquartersandbranches.4-1SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionFigure4-1AccessNetworkofHeadquartersandBranchesofaSmall/Medium-SizeEnterpriseAsshowninFigure4-1,theZXR10ZSRV2providesthefollowingfunctions:lThroughWi-Ficonnections,high-densityL2/L3Ethernetboards,orconnectedswitches,theZXR10ZSRV2canconnecttoIPnetworkdevicesinsideenterprises,suchasPCs,printers,andservers.lThroughmultiplewired/wirelesslinks,theZXR10ZSRV2canperformactive/standbyswitchoverorloadbalancing,thusimprovingbothnetworkavailabilityandnetworkbandwidthusagethroughtheintelligentroutingtechnology.lByusingVPNtechnologies,suchasIPSec,GRE,andMPLSVPN,theZXR10ZSRV2ensuressecureaccessbetweenbranchesandtheheadquartersofanenterprise.4.2ApplicationScenarioofEgressGatewaysinEnterpriseNetworksAsanegressgatewayinsmall/medium-sizeenterprisenetworks,small/medium-sizecampusnetworks,andotherspecializednetworks,theZXR10ZSRV2providesbothnetworkconnectionsforinternalNEsandhigh-speedInternetaccess.Figure4-2showsthetypicalnetworkarchitectureofanegressgatewayinanenterprisenetwork.4-2SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter4NetworkApplicationsFigure4-2NetworkArchitectureofanEgressGatewayinanEnterpriseNetworkAbbreviationsintheabovegurearedescribedbelow:3G/LTE3rdgenerationmobilecommunications/LongT ermEvolution(4G,4thgenerationmobilecommunications)Copper/FiberCoppercable/OpticalberSR/BRASServiceRouter/BroadbandRemoteAccessServerISPInternetServiceProviderxDSL/xPONDigitalSubscriberLineofalltypes/new-generationPassiveOpticalNetworkAsshowninFigure4-2,theZXR10ZSRV2providesthefollowingfunctions:lThroughWi-Ficonnections,high-densityL2/L3Ethernetboards,orconnectedswitches,theZXR10ZSRV2,asegressgatewaysinsmall/medium–sizeenterprisenetworks,canconnecttoIPnetworkdevicesinsideenterprises,suchasPCs,printers,andservers.lTheZXR10ZSRV2providesabundantwired/wirelessinterfaces,includingE1port,serialport,Ethernetport,andPOS,xDSL,and3G/4Ginterfaces,thusensuringthattheaccessofbranchnetworksisnotrestrictedbygeographicalenvironments.lThroughmultiplelinks,theZXR10ZSRV2canperformactive/standbyswitchoverorloadbalancing,thusimprovingbothnetworkavailabilityandnetworkbandwidthusage.4-3SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionlByintegratingmultiplefunctionsofhigh-performanceNAT s,rewalls,APs,andswitches,theZXR10ZSRV2ensuresbothsecureaccessauthenticationforinternalusersandsecureaccesstoexternalnetworks.4.3ApplicationScenarioofConvergenceandAccessNetworksofIndustryNetworksTheZXR10ZSRV2canbeappliedintheconvergenceandaccesslayerofaverticalindustrialnetwork,suchasthepower,government,andnanceindustrynetworks.AsshowninFigure4-3,L3andL4networksformanetworkarchitecturetogetherwithmedium/high-endroutersinL1andL2networks(suchastheZXR10M6000andZXR106800seriesrouters),thusforminganoverallsolutionfromthecorelayer,convergencelayertotheaccesslayer.Figure4-3ConvergenceandAccessNetworksofanIndustryNetworkAbbreviationsintheabovegurearedescribedbelow:P/PE/CEProviderrouter/ProviderEdgerouter/CustomerEdgerouterRRRouterReectorAsshowninFigure4-3,theZXR10ZSRV2providesthefollowingfunctions:4-4SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter4NetworkApplicationslTheZXR10ZSRV2,togetherwithmedium/high-endrouters,buildsindustrynetworks.ByenablingL2/L3MPLSVPN,theZXR10ZSRV2achievessecureseparationbetweenservicesystemsinsideenterprises.lTheZXR10ZSRV2supportshigh-densityE1,CPOS3,andPOS3/POS12interfaces,andthuscansatisfyconvergenceandaccessrequirementsofdifferentlayersinindustrynetworks.4.4ApplicationScenarioofTelecomOperators'DCNNetworksAsthetransmissionchannelsandcommunicationplatformsfortelecomservices,businessoperations,billingservices,NMdatatransmission,andmultimediacommunications,telecomoperators'DCNnetworksenableinformationalandautomatedsupervision,management,maintenance,anddecisionmakingupontelecomnetworks.TheZXR10ZSRV2canbeappliedinDCNnetworks,toconnectNEsintelecomoperators'networks,providechannelsormanagement,maintenance,operation,andinternalofceofallNEs,andsupportservicedeployment.Figure4-4showsatypicalDCNnetworkofatelecomoperator.Figure4-4TelecomOperator'sDCNNetwork4-5SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionAbbreviationsintheabovegurearedescribedbelow:PEProviderEdgerouterMSSManagementSupportSystemBSSBusinessSupportSystemOSSOperationSupportSystemAsshowninFigure4-4,theZXR10ZSRV2providesthefollowingfunctions:lAstheaccessrouter,theZXR10ZSRV2,togetherwithothermedium/high-endrouters,providestheMPLSVPNfunction,thusachievingsecureseparationbetweenservicesystems.lTheZXR10ZSRV2providesreverseT elnet/SSHfunctions.TheZXR10ZSRV2connectstotheConsolemanagementportofaterminaldevicethroughitsasynchronousserialport,andprovidescentralizedmanagementupontheterminaldevicethroughthereverseT elnettechnology.4-6SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter5TechnicalIndexesForthehardwarefeaturesoftheZXR10ZSRV2seriesproducts,refertoTable5-1.Table5-1HardwareFeaturesParameterZXR101800-2S/2S(G)/2S(W)ZXR101800-2EZXR102800-3EZXR102800-4ZXR103800-8Dimension(W×H×D)380mm×43.6mm×200mm442mm×44mm×440mm442mm×80.1mm×200mm442mm×132mm×200mmNumberofSPIUslots22324NumberofPIU/DPIUslots001/12/14/2Fixedinterface2GECombointerfacesand4GERJ45interfaces2S(W):Wi-Fiinterface2S(G):3G/LTEinterfaceWAN:2×GEComboportsLAN:24×GEMPFUA:2GECombointerfacesand4GERJ45interfacesMPFUBandMPFUC:4GECombointerfacesand2GERJ45interfacesMemory2GB2GB2GB2GB2GBFlash2GB1GB4GB4GB4GBUSB2.02USBports,supporting3GextensionandcommissioningthroughUSB2USBports,supportingcommission-ingthroughUSB2USBports,supportingcommission-ingthroughUSB2USBports,supporting3Gextensionandcommission-ingthroughUSB2USBports,supporting3Gextensionandcommission-ingthroughUSBMicroUSB11100CONSOLE11111AUX111115-1SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionParameterZXR101800-2S/2S(G)/2S(W)ZXR101800-2EZXR102800-3EZXR102800-4ZXR103800-8InterfacetypeGE/FE,E1/CE1,V.35/V.24GE/FE,E1/CE1,V.35/V.24GE/FE,E1/CE1,STM-1POS/CPOS,OC-12/STM-4POS,ADSL/VDSL,G.SHDSL,V.35/V.24,3G/LTE10GE/GE/FE,E1/CE1,OC-3/STM-1POS/CPOS,OC-12/STM-4POS,ADSL/VDSL,G.SHDSL,V.35/V.24,3G/LTEPowersupplyAC:100Vto240VDC:-72Vto-38VAC:100Vto240VDC:-72Vto-38VSupports1+1redundancy,andsupportsACandDChybridpowersupplyMaximumpower<55W<80W<120W<160W<240WOperationaltemperature-5ºCto45ºCStoragetemperature-40ºCto70ºCOperationalhumidity5%–95%(noncondensing)Storagehumidity5%–95%(noncondensing)MTBF/M-TTRMTBF:100000hMTTR:0.5hForthesoftwarefeaturesoftheZXR10ZSRV2seriesproducts,refertoT able5-2.Table5-2SoftwareFeaturesFeatureDescriptionSupportedprotocolsL2protocols:MACmanagement,VLAN,QinQ,SuperVLAN,Smartgroup,PPP ,PPPoE,HDLC,FR,and802.1xIPv4/IPv6routingprotocols:staticroutes,RIP/RIPng,OSPF/OSPFv3,IS-IS/IS-ISv6,andBGPv4/BGP4+Multicastprotocols:staticmulticast,IGMPv1/v2/v3,PIM-DM,PIM-SM,PIM-SSM,MSDP ,PIM-SSMmapping,andMLDv1/v2DHCP:DHCPv4/v6Relay,DHCPv4/v6Server,andDHCPv4/v6Snooping5-2SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter5T echnicalIndexesFeatureDescriptionMPLSfeaturesSupportsLDP ,MPLSloadsharing,andRSVP-TESupportsMPLSL2/3VPN,PWE3,Inter-ASOptionA/B/C,and6VPEVPNfeaturesSupportsVPWS,VPLS,HVPLS,6VPE,GRE,andIPSecTransitiontechnologiesSupports6PE,6VPE,6in4,6to4,4in6,NAT444,NAT64,and6RDNATfeaturesSupportsstaticNAT ,dynamicNAT ,PAT ,multi-egressNAT ,NATALG,andNATlogQoSfeaturesSupportsH-QoS,QPPB,andtime-rangeQoSSupportsowclass,marking,priorityinheritanceandmapping,trafcshaping,andtrafcratelimitSupportsPQ,CQ,WFQ,CBWFQ,andphysicalportbasedtrafcscheduling3G/LTEfeaturesSupportsTD-SCDMAandWCDMA/HSPA+SupportsTDDandFDDLTESecurityfeaturesSupportsstatefulrewall,control-planesecurity,CPUsecurityprotection,anti-DoS,anti-DDoS,routesecurity,andIPSecencryptionSupportsMACandIPbinding,anti-ARPattack,MACaddressltering,controlofthenumberofMACaddresses,andcontrolofthenumberofTCPsessionsSupportsRADIUS/TACACS+authentication,uRPF ,andSSHReliabilityfeaturesSupportspowersupplymoduleredundancy,andhotswappingforpowersupplymodules,fanmodules,andboardsSupportsBFDforeverything,VRRP ,linkaggregationFRR,PWredundancy,SDC,andlinkredundancyOAMfeaturesSupportsEthernetOAM,MPLSOAM,andSQASupportscommissioningthroughUSB,in-batchmanagement,temperaturemonitoring,automaticfanspeedadjustment,portmirroring,NetFlowV5/V9,andNetow1:1samplingSupportsWEBportal,SNMPv1/v2/v3,T elnet,SSHv1/v2,SYSLOG,andRMON5-3SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionThispageintentionallyleftblank.5-4SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
FiguresFigure1-1ExternalViewsoftheZXR10ZSRV2SeriesProducts............................1-2Figure2-1MainComponentsontheFrontSideoftheZXR103800-8chassis...........2-1Figure2-2FrontViewoftheZXR103800-8chassis................................................2-2Figure2-3MainComponentsontheFrontSideoftheZXR102800-4chassis...........2-2Figure2-4FrontViewoftheZXR102800-4chassis................................................2-2Figure2-5MainComponentsontheFrontSideoftheZXR101800-2Schassis...................................................................................................2-3Figure2-6MainComponentsontheFrontSideoftheZXR101800-2Schassis...................................................................................................2-3Figure2-7MainComponentsontheBackSideoftheZXR101800-2Schassis...................................................................................................2-3Figure2-8ZXR102800-3EAppearance...................................................................2-4Figure2-9ZXR102800-3EFrontView.....................................................................2-4Figure2-10ZXR102800-3EBackView....................................................................2-4Figure2-11ZXR101800-2EAppearance................................................................2-5Figure2-12ZXR101800-2EFrontView...................................................................2-5Figure2-13ZXR101800-2EBackView....................................................................2-5Figure2-14ZXR10ZSRV2OverallSoftwareStructure............................................2-8Figure3-1IPSecNAT.............................................................................................3-13Figure3-2GREOverIPSecVPN...........................................................................3-13Figure3-3IPv6overIPv4TunnelPrinciple.............................................................3-28Figure3-4IPv4overIPv6TunnelPrinciple.............................................................3-29Figure3-5NAT64ApplicationScenario...................................................................3-30Figure4-1AccessNetworkofHeadquartersandBranchesofaSmall/Medium-SizeEnterprise...............................................................................................4-2Figure4-2NetworkArchitectureofanEgressGatewayinanEnterpriseNetwork..................................................................................................4-3Figure4-3ConvergenceandAccessNetworksofanIndustryNetwork.....................4-4Figure4-4T elecomOperator'sDCNNetwork..........................................................4-5ISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
FiguresThispageintentionallyleftblank.IISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
TablesTable5-1HardwareFeatures....................................................................................5-1Table5-2SoftwareFeatures.....................................................................................5-2IIISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
TablesThispageintentionallyleftblank.IVSJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
GlossaryAAA-Authentication,AuthorizationandAccountingAH-AuthenticationHeaderARP-AddressResolutionProtocolAS-AutonomousSystemCE-CustomerEdgeCHAP-ChallengeHandshakeAuthenticationProtocolCLNS-ConnectionLessNetworkServiceCPE-CustomerPremisesEquipmentDCE-DataCommunicationEquipmentDCN-DataCommunicationsNetworkDH-Dife-HellmanDHCP-DynamicHostCongurationProtocolDLCI-DataLinkConnectionIdentierDMZ-DemilitarizedZoneDTE-DataT erminalEquipmentESP-EncapsulationSecurityPayloadFMC-FixedMobileConvergenceVSJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionFR-FrameRelayFTP-FileTransferProtocolH-VPLS-HierarchyofVPLSHDLC-High-levelDataLinkControlIANA-InternetAssignedNumberAuthorityIETF-InternetEngineeringT askForceIGMP-InternetGroupManagementProtocolIGP-InteriorGatewayProtocolIP-InternetProtocolIPCP-IPControlProtocolISO-InternationalOrganizationforStandardizationLCP-LinkControlProtocolLSA-LinkStateAdvertisementLSR-LabelSwitchRouterMBB-MakeBeforeBreakMD5-MessageDigest5AlgorithmMIB-ManagementInformationBaseMSTP-Multi-ServiceTransportPlatformNAT-NetworkAddressTranslationVISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
GlossaryNCP-NetworkControlProtocolNSSA-Not-So-StubbyAreaOSI-OpenSystemInterconnectionOTN-OpticalTransportNetworkPAP-PasswordAuthenticationProtocolPC-PersonalComputerPE-ProviderEdgePFS-PerfectForwardSecrecyPIM-SSM-ProtocolIndependentMulticast-SourceSpecicMulticastPTN-PacketTransportNetworkPVC-PermanentVirtualCircuitPW-PseudoWireRIP-RoutingInformationProtocolRPF-ReversePathForwardingRSVP-TE-ResourceReservationProtocol-TrafcEngineeringSDH-SynchronousDigitalHierarchySLA-ServiceLevelAgreementSSH-SecureShellSVC-SwitchedVirtualCircuitVIISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescriptionSrTCM-Single-rateThreeColorMarkerTCP-TransmissionControlProtocolTFTP-TrivialFileTransferProtocolTLV-T ag,Length,ValueToS-TypeofServiceTrTCM-Two-rateThreeColorMarkerUDP-UserDatagramProtocolVC-VirtualCircuitVCCV-VirtualCircuitConnectivityVericationVPN-VirtualPrivateNetworkWAN-WideAreaNetworkWDM-WavelengthDivisionMultiplexingWFQ-WeightedFairQueuingVIIISJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential

Navigation menu