ZTE 1800-2SW Intelligent Integrated Multi-Services Router User Manual ZXR10 ZSR Intelligent Integrated Multi Service Router Product Description

ZTE Corporation Intelligent Integrated Multi-Services Router ZXR10 ZSR Intelligent Integrated Multi Service Router Product Description

ZXR10 ZSR Intelligent Integrated Multi-Service Router Product Description

ZXR10ZSRV2
IntelligentIntegratedMulti-ServiceRouter
ProductDescription
Version:2.00.20
ZTECORPORATION
No.55,Hi-techRoadSouth,ShenZhen,P .R.China
Postcode:518057
Tel:+86-755-26771900
Fax:+86-755-26770801
URL:http://support.zte.com.cn
E-mail:support@zte.com.cn
LEGALINFORMATION
Copyright©2014ZTECORPORATION.
Thecontentsofthisdocumentareprotectedbycopyrightlawsandinternationaltreaties.Anyreproductionor
distributionofthisdocumentoranyportionofthisdocument,inanyformbyanymeans,withoutthepriorwritten
consentofZTECORPORATIONisprohibited.Additionally,thecontentsofthisdocumentareprotectedby
contractualcondentialityobligations.
Allcompany,brandandproductnamesaretradeorservicemarks,orregisteredtradeorservicemarks,ofZTE
CORPORATIONoroftheirrespectiveowners.
Thisdocumentisprovided“asis”,andallexpress,implied,orstatutorywarranties,representationsorconditions
aredisclaimed,includingwithoutlimitationanyimpliedwarrantyofmerchantability,tnessforaparticularpurpose,
titleornon-infringement.ZTECORPORATIONanditslicensorsshallnotbeliablefordamagesresultingfromthe
useoforrelianceontheinformationcontainedherein.
ZTECORPORATIONoritslicensorsmayhavecurrentorpendingintellectualpropertyrightsorapplications
coveringthesubjectmatterofthisdocument.ExceptasexpresslyprovidedinanywrittenlicensebetweenZTE
CORPORATIONanditslicensee,theuserofthisdocumentshallnotacquireanylicensetothesubjectmatter
herein.
ZTECORPORATIONreservestherighttoupgradeormaketechnicalchangetothisproductwithoutfurthernotice.
UsersmayvisittheZTEtechnicalsupportwebsitehttp://support.zte.com.cntoinquireforrelatedinformation.
TheultimaterighttointerpretthisproductresidesinZTECORPORATION.
RevisionHistory
RevisionNo.RevisionDateRevisionReason
R1.02015-03-30Firstedition
SerialNumber:SJ-20150204153047-003
PublishingDate:2015-03-30(R1.0)
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Contents
AboutThisManual.........................................................................................I
Chapter1ProductLocationandFeatures...............................................1-1
1.1ProductLocation................................................................................................1-1
1.2ProductFeatures................................................................................................1-2
Chapter2ProductStructure.....................................................................2-1
2.1ProductAppearance...........................................................................................2-1
2.2HardwareStructure............................................................................................2-5
2.3SoftwareStructure..............................................................................................2-7
Chapter3FunctionsandFeatures...........................................................3-1
3.1IPv4RoutingProtocolsandIPBasicServices......................................................3-1
3.1.1UnicastRoutingProtocols.........................................................................3-1
3.1.2MulticastRoutingProtocol........................................................................3-3
3.1.3PolicyRouteandRoutingPolicy................................................................3-5
3.1.4DHCPandDNS.......................................................................................3-6
3.2WANAccess......................................................................................................3-6
3.3RoutingandSwitchingIntegration.......................................................................3-8
3.4MPLS................................................................................................................3-9
3.5VPN................................................................................................................3-10
3.5.1IPSecandGRE......................................................................................3-10
3.5.2MPLSVPN............................................................................................3-14
3.5.3SmartDialControl..................................................................................3-15
3.6QoS................................................................................................................3-16
3.7SecurityFeatures.............................................................................................3-18
3.7.1ACL.......................................................................................................3-18
3.7.2Anti-Attack.............................................................................................3-19
3.7.3Firewall..................................................................................................3-19
3.7.4MultipleSecurityAuthenticationModes....................................................3-23
3.7.5uRPF.....................................................................................................3-24
3.8NetworkReliability............................................................................................3-24
3.9IPv6Features..................................................................................................3-26
3.9.1IPv6BasicFunctions..............................................................................3-26
3.9.2IPv6UnicastRoutingProtocols...............................................................3-26
3.9.3IPv6MulticastRoutingProtocols.............................................................3-27
I
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
3.9.4IPv6TunnelFunctions............................................................................3-28
3.9.56PEand6VPE.......................................................................................3-30
3.9.6NAT64...................................................................................................3-30
3.10NAT...............................................................................................................3-31
3.11NetworkManagementFeatures.......................................................................3-31
3.12SystemOperationandMaintenance................................................................3-33
Chapter4NetworkApplications...............................................................4-1
4.1ApplicationScenarioofAccessNetworksofEnterpriseHeadquartersand
Branches.........................................................................................................4-1
4.2ApplicationScenarioofEgressGatewaysinEnterpriseNetworks..........................4-2
4.3ApplicationScenarioofConvergenceandAccessNetworksofIndustry
Networks..........................................................................................................4-4
4.4ApplicationScenarioofT elecomOperators'DCNNetworks..................................4-5
Chapter5TechnicalIndexes.....................................................................5-1
Figures.............................................................................................................I
Tables............................................................................................................III
Glossary.........................................................................................................V
II
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
AboutThisManual
Purpose
Thismanualdescribestheproductlocationandfeatures,productstructure,functionsand
applications,technicalparametersoftheZXR10ZSRV2seriesrouters.
IntendedAudience
Thismanualisintendedfor:
lNetworkplanningengineers
lNetworkmaintenanceengineers
WhatIsinThisManual
Thismanualcontainsthefollowingchapters:
Chapter1,ProductLocation
andFeaturesDescribesthelocationandhighlightsoftheZXR10ZSRV2.
Chapter2,ProductStructureDescribestheappearance,hardwarestructure,andsoftwarestructure
oftheZXR10ZSRV2.
Chapter3,Functionsand
FeaturesDescribessoftwarefeaturesandmajorfunctionsoftheZXR10ZSRV2.
Chapter4,NetworkApplica-
tions
DescribesapplicationsoftheZXR10ZSRV2inactualnetworkarchi-
tectures.
Chapter5,T echnicalIn-
dexesDescribestechnicalindexesoftheZXR10ZSRV2.
Conventions
Thismanualusesthefollowingconventions.
ItalicsVariablesincommands.Itmayalsorefertootherrelatedmanualsanddocuments.
BoldMenus,menuoptions,functionnames,inputelds,optionbuttonnames,checkboxes,
drop-downlists,dialogboxnames,windownames,parameters,andcommands.
Constant
width
Textthatyoutype,programcodes,lenames,directorynames,andfunctionnames.
[]Optionalparameters.
{}Mandatoryparameters.
|Separatesindividualparametersinaseriesofparameters.
I
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Warning:indicatesapotentiallyhazardoussituation.Failuretocomplycanresultin
seriousinjury,equipmentdamage,orinterruptionofmajorservices.
Caution:indicatesapotentiallyhazardoussituation.Failuretocomplycanresultin
moderateinjury,equipmentdamage,orinterruptionofminorservices.
Note:providesadditionalinformationaboutacertaintopic.
II
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter1
ProductLocationand
Features
TableofContents
ProductLocation........................................................................................................1-1
ProductFeatures........................................................................................................1-2
1.1ProductLocation
TheZXR10ZSRV2seriesisanintelligentmulti-servicerouterintegratingrouting,
switching,wireless,security,VPN,andbroadbanduseraccessmanagementfunctions.
TheZXR10ZSRV2usesthemodularandextensiblesystemarchitecture,andcan
beusedtoestablishintelligent,efcient,reliable,exible,andnetworkswitheaseof
maintenance.TheZXR10ZSRV2canbewidelyusedinthefollowingscenarios:
lEgressgatewaysofcampusnetworks,governmentnetworks,andenterprise
networks
lAccessnetworksofenterpriseheadquartersandbranches
lMobileofcenetworks
lConvergencenetworkandaccessnetworkofindustrynetworks
TheZXR10ZSRV2seriesincludesvetypesofproducts:
lZXR103800-8
lZXR102800-4
lZXR101800-2S
MountingawirelessfunctionmoduletotheZXR101800-2Sresultsintwosub-models:
ZXR101800-2S(G)andZXR101800-2S(W).
lZXR101800-2E
MountingawirelessfunctionmoduletotheZXR101800-2Eresultsinsub-model
ZXR101800-2E(G).
lZXR102800-3E
MountingawirelessfunctionmoduletotheZXR102800-3Eresultsinsub-model
ZXR102800-3E(G).
Figure1-1showsanexternalviewofeachproduct.
1-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Figure1-1ExternalViewsoftheZXR10ZSRV2SeriesProducts
1.2ProductFeatures
HighPerformance,EnsuringNoNetworkAccessBottleneck
Withincreaseofenterpriseapplications,networktrafcincreases.Newapplicationssuch
asvideoconferencing,distancelearning,andremotedisasterrecoveryhavehigherand
higherrequirementsforperformanceonnodesprocessingnetworkdata.
TheZXR10ZSRV2provideshighperformanceandensuresnonetworkaccess
bottleneck.
lThehigh-performancemulti-coreprocessorandintelligentswitchingengine
guaranteehigh-performanceprotocolprocessingandmanagementcontrol
processing,andimplementhigh-speedL2andL3packetforwarding.Thisimproves
theoverallperformanceofthesystem.Multi-layerdistributedforwardingand
processingensuresthatthesystemresourcescanbeallocatedproperlyformultiple
simultaneousservices,whichguaranteesthehighforwardingperformanceofthe
system.Eachslotsupportsamaximumof10Gbpsbusbandwidth,ensuringsmooth
servicepacketforwarding.
lTheZXR10ZSRV2supportsvarioustypesofinterfaces,includingwiredinterfaces
suchastheGEinterface,FEinterface,POSinterface,CPOSinterface,E1interface,
xDSLinterface,synchronousserialinterfaceandasynchronousinterface,and
wirelessinterfacessuchasthe3G/LTEinterfaceandWi-Fiinterface.FEinterfaces
areintegratedontheMPUs,andtheseinterfacescanbeusedasWANinterfaces
orLANinterfaces.Thisprovidestheexibleaccesscapabilityandimprovesthe
price/performanceratio.
lTheZXR10ZSRV2usesahigh-availabilitydesign.TheACpowerandDCpower
areusedforredundancy.Thepowersupplymodules,fanmodules,andservice
boardssupporthotswapping.Thesystemsoftwareusesthemodulardesignand
newfunctionscanbeadded,whichimprovesstabilityandexibilityofthesystem.
TheZXR10ZSRV2supportsavailabilitytechnologiessuchasOAMdetection,BFD
foreverything,FRR,VRRP ,andlinkaggregation.
1-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter1ProductLocationandFeatures
lTheZXR10ZSRV2providesthecontrol-planesecurityfunction.TheZXR10ZSRV2
classiescontrol-planepackets,andperformsmulti-levelratelimitandscheduling.
Thetrafcsuppression,protocolwhitelist,protocolauthenticationfunctionscan
beset.TheZXR10ZSRV2supportsanti-DDOSattacks,anti-ARPattacks,and
attack-sourcetracing,whichguaranteesequipmentsecuritytothemaximumextent.
lTheZXR10ZSRV2providestheACLfunctionandsupportsaL2andL3hybridACL
processingalgorithm.TheefcientACLprocessingcapabilityanduser-friendlyACL
logstatisticsmanagementfunctionhelptoperformelaborateservicemanagement.
lTheZXR10ZSRV2usesareneddesign.TheZXR101800-2Susesadesktop
design,soitissmallandexible.TheZXR102800-4and3800-8useafront-outlet
design,sothatmaintenanceandoperationscanbeperformedatonesideofeach
device.TheZXR102800-4and3800-8canbeinstalledincabinetswhosedepth
is300mmtosavespaceofequipmentrooms.TheZXR102800-4and3800-8also
canbeinstalledinnarrowspacesuchasoutdoorcabinets,vehicle-mountedcabinets,
basestations,andofcecabinetstoreduceoperationandmaintenancecosts.The
ZXR102800-2EandZXR103800-3Ecanbeinstalledinacabinet600mmdeep.
Theycanalsobeinstalledinoutdoorcabinets,vehicles,basestations,anddevice
cabinetsinofces,sotheO&Mcostisrelativelylow.
WiredandWirelessAccess,AnytimeandAnywhere
Comparedwithaconventionalnetwork,awirelessnetworkhaslargercoverage.Itextends
thenetworkaccessrange,andcanprovidesupplementaryforawirednetwork.Mobile
ofceworkcanbeperformedthroughwirelessnetworks,whichremovesthetime-space
bottleneck.Operatingasa4Grouter,theZXR10ZSRV2guaranteesnetworkreliability,
andimprovesthenetworkbandwidthvalue.TheZXR10ZSRV2providesthefollowing
functions:
lSupports3G(includingWCDMA,andTD-SCDMA)andLTE(includingTDDandFDD)
formats.
lProvidesbuilt-inwirelessmodules,plugandplayUSBcardsandspecialinterface
cardstomeetrequirementsofdifferentnetworkstructures.
lProvidesanextensionfeedertosolvethesignalcoverageproblemwhenthedeviceis
locatedinaequipmentroomcornerorofcecornerwherethewirelesssignalisweak.
lAwareof3G/LTEsignalstrengthanddetectslinkqualityinrealtimetoguaranteethe
customerSLA.
lProvidestheSmartDial-upControland24-hourbackupfunctions.ThexDSLor
3G/LTEstandbylinkcanbeconnectedbasedonpoliciestoprotectservicesor
performloadsharing.Thisimprovesviabilityofnetworksandreliabilityofservices.
lUsesthemulti-linkloadsharingtechnology,monitorsinterconnectedlinksofdifferent
carriers,andperformsintelligentroutingfordataowssenttotheInternet.This
ensuresthatuserscanaccesstheInternetthroughoptimallinks.
lSupportsestablishingVPNchannelsin3G/LTEnetworks,whichimprovessecurityof
wirelesslinks.
lSupportsWi-Fiaccessand802.11b/g/nradiofrequencymodeadjustment,sothatthe
accessratecanbedynamicallyadjustedinaccordancewiththeenvironment.
1-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
lSupportstheguardintervaltoavoiddatainterference.
lSupportsWi-FimultimediaandprovideswirelessQoS,whichguaranteesqualityof
applicationssuchasthevoiceandvideoservices.
lSupportsdifferentauthenticationmodes,includingnone,WEP ,WPA,WPA2(TKIP
andAES-CCMP),andWAPIhardencryption.
MultipleFunctions,ReducingCosts
TheZXR10ZSRV2providesdifferentfunctionstomeetrequirementsofdifferentnetwork
structures.
lProvidestherouter,switch,rewall,AP ,NATgateway,andVPNgatewayfunctions.
Thefunctionscanbeloadedasneeded,whichprovidesaexibleplatformto
implementoptimalservicedeployment.
lSupportstheGRE,IPSec,andMPLSVPNoverGREfunctionstomeetrequirements
ofVPNapplicationsindifferentnetworkstructures.
lSupportsMPLS,providesL2andL3MPLSVPNsolutions,andsupportsthePWE3
circuitsimulationtechnologytobearTDMtrafc.
lSupportsstatelessrewallandcontrolsincomingandoutgoingtrafc,which
guaranteesnetworksecurity.
lSupportshardware-basedQoSandH-QoS,andprovidesdifferentSLAsfordifferent
usersandservices,whichmeetsrequirementsofelaboratecontrol.
FlexibleExtensionandSmoothUpgrade
TheZXR10ZSRV2providesdifferentavailableforwardingengineswithdifferent
performance,andupgradecanbeperformedsmoothly.Thisreducesusers'costsand
meetsfuturenetworkrequirements.
lManagementandPacketForwardingUnits(MPFUs)withdifferentforwarding
performanceareprovidedfortheZXR102800andZXR103800.Thecardscanbe
usedasneeded.Thisreducesthenetworkconstructioncosts,andsolvesproblems
causedbyfutureperformanceupgrade.
lTheZXR101800-2EandZXR102800-3Efeaturedifferenttransferringperformance.
Userscanselectproductsasrequiredtoreducenetwork-constructioncost.
lTheZXR10ZSRV2supportstheIPv4andIPv6stacks,soIPv4andIPv6accesscan
beprovidedatthesametime.
lTheZXR10ZSRV2supports6in4,6to4and6in4tunnelstotransmitdatabetweenthe
IPv4networkandIPv6network.TheZXR10ZSRV2alsosupportsNAT444,NAT64
and6RDforsmoothevolutionfromIPv4toIPv6.
EaseofCommissioningandMaintenance,SupportingFastNetworkDeployment
TheZXR10ZSRV2providesavisualcommissioningandmaintenancemethodthat
supportsconvenientandfastoperations,remotemaintenance,andany-timediagnosis.
lTheZXR10ZSRV2supportsUSBcommissioning,automaticconguration,
andin-batchversionupgradethroughNMS.Inthisway,zero-touchautomatic
conguration,in-batchdeployment,andeaseofmaintenancecanbeperformed.
1-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter1ProductLocationandFeatures
lTheZXR10ZSRV2supportsSQAtoperformreal-timenetworkqualitydetectionand
locationthroughICMP-echo,UDP ,TCP ,FTP ,DNS,HTTPandSNMP .SQAcanbe
usedtogetherwithVRRP ,staticroutes,interfacebackup,linkbackup,policyroutes
andtheZXNPAtoprovidealarmsofdifferentlevelsbasedonautomaticnetwork
performancethresholds,andperformgraphicdetectionandmanagement.
lTheZXR10ZSRV2supportsportmirroringandNetow1:1sampling,sothattrafc
canbedisplayedwithexplicitfeatures.Thisprovidesaneffectivemonitoringmethod
foraccuratenetworkcontrolandoperation.
lTheZXR10ZSRV2supportsWEBGUInetworkmanagementandtheNetnumen
toimplementvisualservicedeploymentandmaintenance.TheZXR10ZSRV2
providesatoolforone-clickservicecreationandone-clockinformationcollection,
whichhelpsnetworkadministratorstoperformquickserviceprovisioningand
high-efciencymaintenance.
GreenEnergySaving
TheZXR10ZSRV2complieswiththegreenandenvironmentalprotectionideaindesign,
researchanddevelopment,manufacturing,logistics,andprojects,andhelpsusersto
constructlow-noise,low-energy,andhigh-efciencycommunicationnetworks.
lTheZXR10ZSRV2usesadvanced28nmchips,soperformanceisimprovedand
energyconsumptionisreduced.
lTheZXR10ZSRV2usesaexcelsiorhardwarestructuredesignandadvanced
submarine-levelmutingtechnology.
lTheintelligentfansystemautomaticallyadjuststhefanspeedinaccordancewith
systemoperation,whichreducesenergyconsumptionanddevicenoise.
lTheboardsandcardssupportsthesleepfunction,whichcomplieswiththeEEE
standard.Idleandlow-speedportsreduceenergyconsumptionby2/3,andreduce
carbondioxideemissions.
lTheZXR10ZSRV2usesnonleadedgreenmaterials,andthemanufacturingprocess
strictlycomplieswiththeRoHSstandard.
1-5
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Thispageintentionallyleftblank.
1-6
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2
ProductStructure
TableofContents
ProductAppearance...................................................................................................2-1
HardwareStructure....................................................................................................2-5
SoftwareStructure......................................................................................................2-7
2.1ProductAppearance
Overview
Designedonamodularstructure,withhot-pluggableboardsandparts,theZXR10ZSR
V2providesexibleextensibility.Theentiresetconsistsofasubrack,abackplane,a
main-controlforwardingboard,alineinterfaceboard,apowermodule,andafansubrack.
ZXR103800-8ProductAppearance
ForthemaincomponentsoftheZXR103800-8chassis,seeFigure2-1.
Figure2-1MainComponentsontheFrontSideoftheZXR103800-8chassis
ForthefrontviewoftheZXR103800-8chassis,seeFigure2-2.
2-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Figure2-2FrontViewoftheZXR103800-8chassis
ZXR102800-4Appearance
ForthemaincomponentsoftheZXR102800-4chassis,seeFigure2-3.
Figure2-3MainComponentsontheFrontSideoftheZXR102800-4chassis
ForthefrontviewoftheZXR102800-4chassis,seeFigure2-4.
Figure2-4FrontViewoftheZXR102800-4chassis
ZXR101800-2SAppearance
ForthemaincomponentsoftheZXR101800-2Schassis,seeFigure2-5.
2-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructure
Figure2-5MainComponentsontheFrontSideoftheZXR101800-2Schassis
ForthefrontviewoftheZXR101800-2Schassis,seeFigure2-6.
Figure2-6MainComponentsontheFrontSideoftheZXR101800-2Schassis
ForthebackviewoftheZXR101800-2Schassis,seeFigure2-7.
Figure2-7MainComponentsontheBackSideoftheZXR101800-2Schassis
Note:
BoththeZXR101800-2S(G)andtheZXR101800-2S(W)supportthewirelessfunction.
Eachofthemisconguredwithawirelessmoduleandapairofantennas.Ifnowireless
moduleiscongured,thechassishasnoantenna.
ZXR102800-3EAppearance
FortheappearanceoftheZXR102800-3Echassis,seeFigure2-8.
2-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Figure2-8ZXR102800-3EAppearance
ForthefrontviewoftheZXR102800-3Echassis,seeFigure2-9.
Figure2-9ZXR102800-3EFrontView
Note:
Thesub-modelZXR102800-3E(G)isembeddedwithawirelessmoduleandsupportsthe
wirelesscommunicationfunction.Twoantennasareinstalled.Whenthewirelessmodule
isremoved,thereisnoantennaonthechassis.
ForthebackviewoftheZXR102800-3Echassis,seeFigure2-10.
Figure2-10ZXR102800-3EBackView
ZXR101800-2EAppearance
FortheappearanceoftheZXR101800-2Echassis,seeFigure2-11.
2-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructure
Figure2-11ZXR101800-2EAppearance
ForthefrontviewoftheZXR101800-2Echassis,seeFigure2-12.
Figure2-12ZXR101800-2EFrontView
Note:
Thesub-modelZXR101800-2E(G)isembeddedwithawirelessmoduleandsupportsthe
wirelesscommunicationfunction.Twoantennasareinstalled.Whenthewirelessmodule
isremoved,thereisnoantennaonthechassis.
ForthebackviewoftheZXR101800-2Echassis,seeFigure2-13.
Figure2-13ZXR101800-2EBackView
2.2HardwareStructure
Overview
ThehardwaresystemoftheZXR10ZSRV2consistsoffunctionalunitssuchastheMPFU,
lineinterfacecard,high-speedbackplane,powersupplymodule,andfanmodule.These
functionalunitsareinterconnectedthroughhigh-speedserialbusesandEthernetbuses.
2-5
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
OverallHardwareSystemStructure
InthehardwaresystemstructureoftheZXR10ZSRV2,theforwardingplaneandcontrol
planeareseparated.
lTheMPFUisthesystemcore,anditcommunicateswithotherunitsthroughthe
backplane.
lTheengineoftheMPFUisamulti-coreCPU.Thecoresaredividedintoforwarding
coresandcontrolcores.Theforwardingcoresandothersystemunitsforma
forwardinglogicalplanethatforwardspacketsandprocessesservices.Thecontrol
coresandothersystemunitsformacontrollogicalplanethatperformsrouting
protocolinteraction,routingcalculation,systemmanagement,andcontrolmessage
synchronization.
lTheforwardingplaneandcontrolplaneareseparated,sotheimpactstoeachother
causedbyextensionofthefunctionsandperformanceinthetwoplanesarereduced
totheminimumextent.Thisguaranteeshighexibilityofthesystem.
ThepowersupplyandfansystemsoftheZXR10ZSRV2usesthemodulardesign.
Powersupplymodulesandfanmodulesareinstalledtosub-racksandconnectedtothe
high-speedbackplane,whichachievesthenon-cabledesign.TheZXR102800-4and
ZXR103800-8supportsACandDCpowersupplymodulesforredundancy.TheZXR10
1800-2SsupportsonlyoneACpowersupplymoduleoroneDCpowersupplymodule.
OperationalPrincipleoftheHardwareSystem
TheforwardingplaneandcontrolplaneoftheZXR10ZSRV2areseparated.Afterpackets
areprocessedbythephysical-layerchipofalineinterfacecardandframeresolutionis
performed,
lForacommonserviceow,thepacketsareforwardedtotheMPFU.Thetrafc
managementmoduleanddataforwardingmoduleintheMPFUsendthepacketsto
theinterfaceonthedestinationlineinterfacecard.
lForprotocolpacketsorcontrolpackets,thepacketsareconvergedinthegigabit
Ethernetswitchingmodule.ThemanagementandcontrolmoduleintheMPFU
interactswiththeprocessingunitonalineinterfacecardtoprocessthepackets.
MPFUsandLineInterfaceCards
TheMPFUisthecontrolnodeoftheZXR10ZSRV2.TheMPFUforwardspackets,and
managesandmaintainstheentiredevice.TheMPFUconsistsofthepacketforwarding
module,managementandcontrolmodule,clockprocessingmodule,andalarmmonitoring
module.Itforwardspackets,andmanagesthesystemclocksource,controlplane,system
maintenanceplaneandenvironmentalmonitoringplane.
ZXR102800-4andZXR103800-8providethreetypesofMPFUs:MPFU-A,MPFU-B,and
MPFU-Cthatprovidedifferentforwardingperformancerespectively.TheMPFUsusethe
modulardesign,supporthotswapping,andsupportforwardingplaneandcontrolplane
separation.
2-6
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructure
TheMPFUsoftheZXR101800-2S,ZXR101800-2E,andZXR102800-3Earexedinthe
chassis,soitdoesnotsupporthotswapping,butitsupportsforwardingplaneandcontrol
planeseparation.
TheZXR10ZSRV2providesdifferentlineinterfacecardsandsupportsdifferentinterface
ratesanddifferentnumbersofports,whichmeetsrequirementsofdifferentnetrorksand
services.
ForadescriptionofMPFUsandlineinterfacecards,refertothe“HardwareDescription”
oftheZXR10ZSRV2.
PowerSupplyModules
TheZXR10ZSRV2supportsACpowersupply(100Vto240V,and50Hzto60Hz)and
DCpowersupply(-72Vto-38V).TheZXR101800-2SsupportsonlyoneACpowersupply
moduleoroneDCpowersupplymodule.Thepowersupplymoduleisxedinthedevice
boxandcannotberemovedorinstalled.TheZXR102800-4,ZXR103800-8,ZXR10
1800-2EandZXR102800-3EsupportDCandACpowersupplymodulesforredundancy,
andthepowersupplymodulescanberemovedandinstalled.
FanModules
ThereisaverticalfanmoduleontheZXR10ZSRV2.TheZXR10ZSRV2can
automaticallyadjustthefanspeedinaccordancewiththesystemoperation,andsupports
thefanstatemonitoringandalarmfunctions.TheZXR10ZSRV2usesdowndraughtheat
dissipation.Codeairentersthedevicefromoneside,passesbytheboardsandpower
supplymodules,andleavesthedevicefromtheotherside.
2.3SoftwareStructure
Overview
ThesoftwaresystemoftheZXR10ZSRV2isbasedonthesoftwareplatformwith
proprietaryintellectualpropertyrights,whichcansatisfyvariousnetworkrequirementsin
high-performanceandcomplexcommercialserviceenvironments.Thesoftwareplatform
ownsawidesetofnetworkfeaturesestablishedoninternationalstandards.
OverallStructure
Fortheoverallsoftwarestructure,seeFigure2-14.
2-7
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Figure2-14ZXR10ZSRV2OverallSoftwareStructure
ThemajorfunctionsofeachsubsystemintheZXR10ZSRV2softwarestructureare
describedasfollows:
lHardwaredrivingsubsystem:providessoftwaredrivingforthemain-control
forwardingboard,thelineinterfaceboard,thebackplane,thefan,andthepower
module.
lThedistributedoperatingsystemplatform:providesthereal-timeoperatingplatform.
AsthekerneloftheZXR10ZSRV2softwaresystemstructure,itmanagesthe
hardwaresystemstructureoftheentiresystemandprovidesauniedoperating
platformforapplicationprogramsontheentiresoftwaresystem.Itfeatureshigh
reliability,real-time,self-recovery,maintainability,andencapsulationfeatures.
lL2protocolsubsystem:providesthedrivingprogramoftheswitchingchip,L2link
control,andmanagementprotocols.ItalsoprovidessupportforL3protocols.
lIProutesubsystem:Asthekerneloftheroutersoftwaresystemstructure,itrunsIPv4
andIPv6routingprotocolssuchasRoutingInformationProtocol(RIP),OSPF ,BGP ,
andthemulticastroutingprotocol.Thissystemisinchargeofreceivingandstoring
routinginformationintherouter,establishingtheglobalroutingtable,selecting,
forwarding,andexchangingroutes,andmaintainingtheroutetable.
lUnicastroutingprotocolsubsystem:collectsthenetworktopologyinformationby
exchanginginformationwithotherroutersinthenetwork,formsanIPunicastrouting
table,andnotiestheroutingtabletotheIPforwardingplanetoforwardunicastIP
packets.
lMulticastroutingprotocolsubsystem:formsamulticastforwardingroutingtablefor
thebottomlayertoforwardmulticastdatapackets.
lSupportprotocolsubsystem:completesIPdataprocessing,ICMPprotocol
processing,AddressResolutionProtocol(ARP)processing,TransferControlProtocol
(TCP)processing,UserDatagramProtocol(UDP)processing,Telnetguarding
processandclientprogramprocessing,FileTransferProtocol(FTP)andTrivialFile
TransferProtocol(TFTP)processingintherouter.Thesupportsubsystemprovides
servicesfortheroutingsubsystemandthemanagementsubsystem.
2-8
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter2ProductStructure
lMPLSprotocolsubsystem:providesLDP ,RSVPwithTrafcEngineeringextensions
(RSVP-TE),L2/L3VPN,andprovidesbasicMPLSfunctionsandlabelforwarding
services.
lSecuritysubsystem:providesmultiplesecurityprotectionfunctionsontheequipment.
Itprovidesfunctionssuchaspacketltering,encryptionpassword,authentication,
modicationofcongurationrequestlicenses,severalVPNtechnologies,Network
AddressTranslation(NAT),MessageDigest5Algorithm(MD5),userauthentication,
andstatisticstocompletelysatisfyequipmentguarantyanduserrequirementsfor
secureapplications.
lAlarmstatisticalsubsystem:maintainsthecongurationforvariousstatisticalalarms,
savesvariousstatistics,andprovidesaqueryinterface.
lSNMPsubsystem:providesfunctionsoftheSNMPAgent,andsupportsallprotocol
operationsfortheSNMPAgentspeciedinSNMPV1/V2/V3.
lNetworkmanagementsubsystem:providesnetworkcongurationmanagement,fault
management,performancemanagement,andsecuritymanagementfunctionsforthe
equipment,andcompletesthemanagementforservices,versions,congurationles,
andvariouslogsinthelesystemoftheequipment.
lUsermanagementservicecontrolsubsystem:completesuseraccessand
managementfunctions,includeuserserviceconguration,andAuthentication,
AuthorizationandAccounting(AAA)functions,PPPusermanagement,IPuser
management,VPLSservicecontrol,andmulticastusermanagement.
lSystemmanagement:provideslemanagement,equipmentmanagement(for
thepowermoduleandthefanmodule),monitoringmaintenance,anddiagnosis
debuggingfunctionstoensurethestableoperationalstateoftheequipment.
SoftwareFeatures
ThesoftwaresystemoftheZXR10ZSRV2usesthesoftwareplatform,whichisa
multi-taskdistributedreal-timenetworkoperatingsystemthatprovidesuniedIPprotocol
supportforallequipmentofZTE.Thesoftwaresystemplatformprovidesamatureand
stablestructure,whichisprovidedbasedonservicerequirements.Consideringthe
operationandmaintenancecost,serviceexpansibility,andapplicationrequirements,the
softwaresystemplatformprovidesthefollowingfeatures:
lFineencapsulation
àSupportsseveraloperatingsystemsandsupportsthesmoothupgradeofthe
operatingsystem.
àSupportsauniformcongurationstyleforallZTEproductstofacilitateuser
operationandmaintenance.
lPowerfulmonitoringfunction
àMonitorsexceptionswithprocessesandthememory.
àMonitorstheoperationalstateorabnormalstateofthepowermodule,therotation
speedorineffectivenessofthefanmodule,thevoltage,thecurrent,andthe
environmenttemperature.
2-9
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
àProvidesrapidtroubleshootingfunctionstoensurehighstabilityofproduct
versions.
lFlexiblemodularcomponentstructure
àSoftwarefunctionsbasedonthesoftwareplatformcanbeeasilyextendedor
removed,andnewfunctionscanbequicklydevelopedupontheoriginalstructure.
àSoftwarefunctionscanbeexiblycustomizedasrequiredtorapidlyrespondto
userrequirements.
lExtensionofnewcarrier-classEthernetservicesbasedontheuniformplatform
àSupportsL2andL3VPNmechanism,supportsHierarchyofVPLS(H-VPLS)to
satisfytherequirementoflayeredservicedeployment,andsupportsmulticast
functionsinsidetheVPN.TheZXROSngplatformcanalsoproviderapidVPN
deploymentthroughtheuniednetworkmanagementsystem,andcanrapidly
deploymulticastservicessuchasuservideoandIPTV.
àProvidesacompleteQoSmechanismbysupportingtrafcclassication,trafc
labeling,trafcspeed-limit,trafcshaping,congestionmanagement,and
congestionavoidancemechanisms.
àSupportsIPv4/IPv6dualprotocolstacks.TheZXROSngplatformsupportsthe
IPv4/IPv6transitionmechanisminvariousapplicationscenarios,suchasmanual
generaltunnels,automatic6To4tunnels,and6PE.
lOptimalmutualoperability,incompliancewithmainstreamprotocolsandstandards
2-10
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3
FunctionsandFeatures
TableofContents
IPv4RoutingProtocolsandIPBasicServices............................................................3-1
WANAccess..............................................................................................................3-6
RoutingandSwitchingIntegration..............................................................................3-8
MPLS.........................................................................................................................3-9
VPN.........................................................................................................................3-10
QoS.........................................................................................................................3-16
SecurityFeatures.....................................................................................................3-18
NetworkReliability....................................................................................................3-24
IPv6Features...........................................................................................................3-26
NAT..........................................................................................................................3-31
NetworkManagementFeatures...............................................................................3-31
SystemOperationandMaintenance.........................................................................3-33
3.1IPv4RoutingProtocolsandIPBasicServices
3.1.1UnicastRoutingProtocols
Overview
TheZXR10ZSRV2seriesproductsfullysupportsvariousIPv4unicastroutingprotocols,
includingthestaticroute,theRIP ,theOSPF ,theIS-IS,andtheBGP .
StaticRoute
Thestaticrouteismanuallyconguredbytheadministratortosimplifythenetwork
congurationandimprovethenetworkperformance.Itisnormallyusedinascenario
witharelativelysimplenetworkstructure.Whenafaultoccursinthenetworkorthe
networktopologyischanged,thestaticrouteisnotchangedautomaticallyandneedsto
bemanuallymodiedbytheadministrator.
TheZXR10ZSRV2seriesproductssupportsthecongurationofastaticroutebasedon
thenexthoporontheegress.Italsosupportstheassociationbetweenstaticroutesand
VRFinstances.
RIP
TheRIPisadynamicroutingprotocolforthedistancevectorbasedontheUDP .It
periodicallybroadcaststheroutingtabletoitsneighbors,maintainstherelationship
3-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
betweenrouters,andcalculatesitsroutingtableinaccordancewithreceivedroutes.The
RIPissimpleinoperationandisapplicabletosmall-scalenetworks.
TheZXR10ZSRV2seriesproductssupportsthefollowingRIPfunctions:
lBasicfunctionsoftheRIPv1/v2,suchashorizontalsplitting,poisonousreversion,
interfaceauthentication,routesummary,andredistributionofvariousrouting
protocols.
lLoadsharingoftheRIP .
lVPNaccessfunctionoftheRIP .
lTheRIPManagementInformationBase(MIB)function.
OSPF
TheOSPFroutingprotocolisanInteriorGatewayProtocol(IGP)basedonlinkstate,which
exchangesroutinginformationbetweenroutesinsidethesameAutonomousSystem(AS).
TheOSPFisoneofthewidelyappliedIPv4IGProutingprotocols.
TheZXR10ZSRV2seriesproductssupportsthefollowingOSPFfunctions:
lBasicOSPFfunctions,includingbasicprotocolfunctions,neighborauthentication,
virtuallink,STUB,Not-So-StubbyArea(NSSA),type-3LinkStateAdvertisement
(LSA)aggregation,type-5LSAaggregation,andredistributionofotherrouting
protocols
lLoadsharingofOSPFroutes
lVPNaccessandadvancedfunctions,includingsham-link
lOSPF-TE
lOSPFBFD
lOSPFFRR
lOSPFMIB
IS-IS
TheIS-ISroutingprotocolismadebytheInternationalOrganizationforStandardization
(ISO)tosupporttheConnectionLessNetworkSevice(CLNS).AsanextensionoftheIS-IS,
theIETFsupportstobeartheIProutinginformation.TheIS-ISisalsoanIGPbasedon
thelinkstate.TheIS-ISisoneofthemostwidelyappliedIPv4IGProutingprotocols.
TheZXR10ZSRV2seriesproductssupportsthefollowingIS-ISfunctions:
lBasicfunctionsoftheIS-ISprotocol
lExtendedfunctionsoftheIS-ISprotocol,suchasHostname,Overload-bit
lLoadsharingofIS-ISroutes
lVPNaccessoftheIS-IS
lIS-IS-TE
lIS-ISBFD
lIS-ISFRR
lIS-ISMIB
3-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
BGP
TheBGPisaninter-domainroutingprotocolbetweenASs,usedtoexchangethenetwork
availabilityinformationbetweenASsrunningtheBGPprotocol.
TheZXR10ZSRV2seriesproductssupportsthefollowingBGPfunctions:
lBasicfunctionsoftheBGPprotocol,andenhancedfunctionssuchassession
authentication,routeoscillationsuppression,routereector,alliance,extended
communityattribute,routeaggregation,androuteltering
lLoadsharingofBGProutes
lMP-BGPfunction,supportingAFItypessuchasIPv4unicast,IPv4multicast,IPv4
labeled-unicast,IPv4mdt,IPv6unicast,IPv6multicast,IPv6labeled-unicast,and
VPNv4
lBGPBFD
lBGPFRR
lBGPMIB
3.1.2MulticastRoutingProtocol
Overview
Multicastisapoint-to-multipointormultipoint-to-multipointcommunicationmode,in
whichseveralreceiversreceivethesameinformationfromonesourceatthesametime.
Multicast-basedapplicationsincludevideoconference,remotelearning,andsoftware
distribution.
IGMP
ThroughtheInternetGroupManagementProtocol(IGMP),thehostnotiesthemulticast
routeronitsnetworkofthegroupthatitjoinsorleaves.Thismeansthat,themulticast
routerknowswhetherisanymulticastgroupmemberonthenetworkanddetermines
whethertoforwardmulticastdatapacketstothisnetwork.Whenamulticastrouterreceives
amulticastdatapacket,itchecksthemulticastdestinationaddressinthisdatapacketand
forwardsdatapacketstointerfacesordownstreamroutersofmembersinthisgroup.
TheZXR10ZSRV2supportsIGMPv1,IGMPv2,andIGMPv3protocols.
PIM-SM
ThePIM-SMisapplicabletothefollowingsituations:
lGroupmembersarescatteredinawiderange.
lNetworkbandwidthresourcesarelimited.
ThePIM-SMdoesnotdependonaspecicunicastroutingprotocol.
PIM-SMassumesthatallroutersonasharingnetworksectiondonotneedtosend
broadcastpacketsandaroutercansendorreceivemulticastpacketsonlyafteritinitially
requeststojoinamulticastgroup.
3-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
ThroughsettingtheRendezvousPoint(RP),thePIM-SMnotiesthemulticastinformation
toallrouterssupportingthePIM-SM.InthePIM-SM,therouterexplicitlyjoinsorquitsa
multicastgroup,sothenetworkwidthoccupiedbydatapacketsandcontrolpacketsis
reduced.
PIM-DM
ThePIM-DMisamulticastroutingprotocolindensemode,whichtransmitsmulticast
datainthe"push"mode.Itisapplicabletosmall-scalenetworkswherebroadcastgroup
membersarerelativelydense.
PIM-SSM
TheProtocolIndependentMulticast-Source-SpecicMulticast(PIM-SSM)featuresall
advantagesofthePIM-SMprotocol,exceptthatitdoesnotcreatethesharingtreebut
createstheshortest-pathtreebasedonsources.ThePIM-SSMdirectlycreatesthe
shortest-pathtreewhenitreceivesamembershipreportmessagefromaspecicsource
tothegroup.
AsasubsetofthePIM-SM,thePIM-SSMisapplicabletothewellknownsource.The
PIM-SSMisvalidbothinsideadomainandbetweendomains.ThePIM-SMneedstouse
theMSDPprotocolforinter-domainmulticastrouting,whilethePIM-SSMdoesnotneed
to.
StaticMulticast
Themulticaststaticrouteisusedinthescenariothatmulticastpacketsneedtobe
forwardedinaccordancewiththespeciedpathinsteadoftheoptimalpathoftheunicast
route.
Thestaticmulticastprovidestheegressandingressofuserstocongurethemulticast
routingtabledirectly,andformsamulticastforwardingtableinaccordancewiththis
conguration.Ifboththestaticmulticastrouteandthedynamicmulticastrouteexist,
thestaticmulticastrouteispreferential.Thelogicalpositionofthestaticmulticastis
equivalentinthePIM-SMandthePIM-DM,soitcanbeunderstoodasaspecialmulticast
routingprotocol.Inaccordancewiththespecicapplicationenvironments,themulticast
staticrouteperformsthefollowingfunctions:
lModiestheReversePathForwarding(RPF)route.Ingeneral,thenetworktopology
structureandthetransmissionofthemulticastarethesameasthoseoftheunicast.
TheusercancongurethemulticaststaticroutetochangetheRPFroute,andcreate
atransmissionpathdifferentfromtheunicastforthemulticastdata.
lConnectstheRPFroute:Whentheunicastrouteinthenetworkischanged,the
multicastdatacannotbeforwardedbecausethereisnoRPFroute.Theusercan
congurethemulticaststaticroutetocreateanRPFroute,andcreatemulticastrouting
entriestoguidetheforwardingofmulticastdata.
3-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
MSDP
TheMSDPisamechanismconnectingseveralPIMdomains.ItoperatesabovetheTCP
protocoltoprovidethePIM-SMwiththeinformationofmulticastsourcesoutsidethePIM
domain.
TheMSDPspeakerinsideaPIM-SMdomainusestheTCPconnectiontocreatetheMSDP
neighborsessionrelationshipwithMSDPneighborsinotherdomains.WhentheMSDP
speakerknowsaboutanewmulticastsourceinsidethelocaldomain(throughthePIM
registrationmechanism),theMSDPcreatesaSourceActive(SA)messageandsends
thismessagetoallMSDPneighbors.
3.1.3PolicyRouteandRoutingPolicy
PolicyRoute
TheZXR10ZSRV2supportspolicyroutestoforwarddatapacketsinaccordancewith
speciedpolicies.
Thepolicyrouteprovidesapacketforwardingpolicy,inwhichthepacketsshouldbe
matchedandmatchingitemsarelteredinaccordancewithfeatureeldsinthese
packets.Operationsaresetfortheseobjects,includingtwotypes:
lRouteoptions,usedtomodifytheforwardingpath
lPacketmodicationoption,usedtomodifyfeaturesoflteredpackets
Thepolicyrouteprovidestrafcengineeringtosomeextent,sothattrafcwithdifferent
QoSordatawithdifferentnatures(suchasvoiceandFTP)runondifferentpaths.
RoutingPolicy
Theroutingpolicyisapolicyusedtoreleaseandreceiveroutes.Basedontherouting
protocol,theroutingpolicychangesroutegeneration,release,orselectionresultsby
changingsomeparametersorsettingaparticularcontrolmodeinaccordancewitha
particularrule.
TheZXR10ZSRV2supportstheroutingpolicyonthefollowingroutes:RIP ,OSPF ,IS-IS,
BGP ,andVRF .
lDuringthereleaseofcontrolroutes,theroutingpolicyonlyreleasesroutessatisfying
thesetconditions.
lDuringthereceivingofcontrolroutes,theroutingpolicyonlyreceivesnecessaryand
validroutes,whichcontrolsthecapacityoftheroutingtableandimprovesthenetwork
security.
lTheroutingpolicyltersandcontrolsintroducedroutes.
lWhenaroutingpolicyintroducestheroutinginformationdiscoveredbyotherrouting
protocols,theroutingpolicyonlyintroducestheroutinginformationthatsatisesthe
setconditions,anditalsosetsattributesoftheintroducedroutinginformationtomake
itsatisfythisprotocol.
lTheroutingpolicysetsthecorrespondingattributesofroutesusedtoltertrafc.
3-5
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
3.1.4DHCPandDNS
DHCP
TheDynamicHostCongurationProtocol(DHCP)technologyperformscentralized
dynamicmanagementandcongurationforusers.Basedontheclient/server
communicationmode,theclientproposesacongurationrequest(parameterssuchas
IPaddress,subnetmask,anddefaultgateway)totheserverandtheserverreturnsthe
correspondingcongurationinformationinaccordancewiththepolicy.
DHCPusesUDPasthetransportprotocol.AhostsendsmessagestoPort67ofaDHCP
server,andtheserverreturnsamessagetoPort68ofthehost.
TheZXR10ZSRV2supportsDHCPclient,DHCPrelay,andDHCPserverfunctionsto
supportDHCPrequirementsunderdifferentscenarios.
DNS
TheDNSisadistributeddatabaseforTCP/IPapplicationprograms,whichisusedtomake
conversionbetweendomainnamesandIPaddresses.WiththeDNS,theusercandirectly
usethemeaningfuldomainnamesthatareeasytoremember,andtheDNSserverinthe
networkresolvesthemintothecorrectIPaddresses.
AsaDNSclient,theZXR10ZSRV2sendsDNSresolutionrequesttotheDNSserver,
receivesresponsepacketsfromtheDNSserver,andsendsthemtousers.
3.2WANAccess
PPP
ThePPPisawidelyusedWideAreaNetwork(WAN)protocolthatprovidesthe
router-to-routerandhost-to-networkpoint-to-pointconnectionacrosssynchronousand
asynchronouscircuits.ThePPPprovidesanentiresetofplanstosolveproblemsduring
linkestablishment,maintenance,disconnection,upper-layerprotocolnegotiation,and
authentication.
ThePPPincludestheLinkControlProtocol(LCP)andtheNetworkControlProtocol(NCP).
Itnegotiateslinknegotiationandlinkmaintenanceonthepoint-to-pointinterface(suchas
E1/T1/POS),andprovidestheupperlayerwithapacketencapsulationformatdifferent
fromtheEthernetprotocol.
Forupper-layerprotocolpackets(suchasIPpacketsandMPLSpackets),thePPPonly
encapsulatesa2-byteprotocoleldbeforethepacketandaddsaPPPheaderwithtwo
xedvalues,meaning0xFF03.ThisPPPheadercanbecompressedinaccordancewith
thenegotiationasneeded.
ThePPPnegotiationisdividedintotheLCP ,authentication(optional),andNCPphases.
Forthelasttwophases,
3-6
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
1.Theauthenticationphaseisselectedasneeded.Itisnormallyusedtoauthenticate
accessusersonarouterequipment.
2.NCPcontrolprotocolsincludetheIPControlProtocol(IPCP),IPv6CP ,MPLSCP ,
OSINLCP ,andtheBCP .TheIPCP(supportingtheIPv4)mustbenegotiated,while
otherNCPprotocolscanbeselectedasneeded.AftersuccessfulIPCPnegotiation,
theprotocolisuponthePPPport.
ComparedwithEthernetencapsulation,thePPPhasthefollowingfeatures:
lThebandwidthusageofthePPPishigher,whichismoreapparentforshortpackets.
Additionally,theencapsulationofPPPpacketheadersissimpler,andthepacket
transceivingmechanismalsoremovesthecomplicatedMACheaderencapsulation
andde-capsulationofEthernetencapsulation.
lHowever,theprotocolstatusmachineofthePPPismorecomplicatedthanthat
ofEthernetencapsulation.ThePPPinterfacesetstheprotocoltouponlyafter
successfulnegotiation,andthentheupperlayercansendandreceiveservice
packets.
ForthePPPinterface,theprotocolstatusisdownbydefaultwhenitiscreated.The
portisuponlyafterthePPPlinkisnegotiatedsuccessfully.Bothpartiesperiodically
sendLCPkeep-alivepackets.IfnoECHOresponseisreceivedforN(N>=1)keep-alive
requestscontinuously,boththelinkandtheprotocolstatusaresettodown,whichtrigger
recalculationandrouteupdateoperations.
ML-PPP
TheML-PPPisatechnologythatbindsseveralPPPlinkstoincreasethebandwidth.It
canbeappliedoninterfacessupportingthePPP .
HDLC
TheHigh-levelDataLinkControl(HDLC)isabit-orientatedlink-layerprotocol.Parallel
tolayer-2protocolssuchasthePPPandframerelay,theHDLCprovidesserviceswith
differentrequirementsforupper-layerprotocols.
TheprominentfeatureoftheHDLCisthatthedatadoesnotneedtobeacharacterset.
TheHDLCcanprovideapparenttransmissionforanybitstream.
FR
TheFrameRelay(FR)isahigh-performanceWANprotocolthatrunsonthephysicallayer
andthedatalinklayerintheOpenSystemInterconnection(OSI)referencemodel.The
FRisadatapacketexchangetechnology.AsasimpliedformoftheX.25,itsaves
somecomplicatedfunctionsoftheX.25(suchasthewindowtechnologyandthedata
retransmissiontechnology)andprovidestheerror-correctionfunctionwithhigher-layer
protocols.ComparedwiththeX.25,theFRoperatesonbetterX.25equipment,which
provideshigherreliability.TheFRstrictlycorrespondstothebottomtwolayersintheOSI
referencemodel,andprovidesbetterperformanceandhighertransmissionefciencythan
theX.25.
3-7
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
TheFRWANequipmentnormallyincludestheDataT erminalEquipment(DTE)andthe
DataCircuitTerminalEquipment(DCE),whicharelocatedonbothendsoftheFR.The
routerisnormallyusedastheDTE.
TheFRprovidesconnection-orientatedcommunicationonthedatalinklayer.Adened
communicationlinkexistsbetweeneachpairofequipment,whichhasaDataLink
ConnectionIdentier(DLCI).ServicesareprovidedthroughtheFRPermanentVirtual
Circuit(PVC)thatisidentiedbytheDLCI.ThevalueoftheDLCIisnormallyspeciedby
theFRserviceprovider.TheDLCIrangethatisavailabletousersis16to1007,while
otherDLCIsarereservedfortheprotocol.
TheFRsupportsboththePVCandtheSwitchingVirtualCircuit(SVC).Atpresent,the
PVCmodeismostlyusedintheFR.ThePVCisamanualmodeofconguringvirtual
circuits,itissimple,highlyefcient,andmultiplexed.
3.3RoutingandSwitchingIntegration
Overview
Tomeetintranetrequirements,theZXR10ZSRV2provideshigh-densityEthernet
switchingmodules,whichachievesseamlessintegrationofroutersandswitches.
TheZXR10ZSRV2supportstheVLAN,SuperVLAN,QinQ,SmartGroupfunctions.It
supportsL2/L3modeswitchingonEthernetportstoachieveinter-boardL2switching.
L2andL3congurationcanbecompletedonthesameinterface.TheZXR10ZSRV2
supportsL2functionssuchasSTPandbroadcaststormsuppression.
BroadcastStormSuppression
Ifbroadcastframesareendlesslyforwardedinanetworkandthenumberofbroadcast
framesincreasesrapidly,communicationinthenetworkisaffected.Thismeansthat
abroadcaststormisgenerated,whichdegradesnetworkperformance.Throughthe
broadcaststormsuppressionfunction,athresholdforbroadcastframesreceivedona
portcanbeset.Whenthenumberofbroadcastframesexceedsthethreshold,theextra
framesaredropped.Thispreventsabroadcaststorm,andguaranteesnetworkoperation.
TheZXR10ZSRV2supportsthefollowingstormsuppression:
lBroadcastpacketsuppression
lMulticastpacketsuppression
lUnknown-packetsuppression
lRatelimitintwomodes:bpsandpps
STP
InaL2switchingnetwork,oncethereisaloop,packetsarecycledintheloopandthe
numberofpacketsincreases.Thiscausesabroadcaststorm,andallavailablebandwidth
isoccupied.Asaresult,thenetworkisunavailable.STPisaL2managementprotocol.
3-8
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
Itselectivelyblocksaredundantlinktoremovealoopinanetworkandprovidesthelink
backupfunction.
Thesameasotherprotocols,STPisupdatedbasedonnetworkdevelopment.Atrst,
IEEE802.1D-1998STPiswidelyused.BasedonSTP ,IEEE802.1wRSTPandIEEE
802.1sMSTParedeveloped.
TheZXR10ZSRV2supportsSTP ,RSTP ,MSTP ,andtransparenttransmissionoverthese
protocols.
3.4MPLS
LDP
TheMPLSisamulti-layerswitchingtechnologythatcombineslayer-2switching
technologiesandlayer-3switchingtechnologies.Usinglabelsasthemodeofaggregating
theforwardinginformation,theMPLSrunsundertheroutinghierarchy,supportsseveral
upper-layerprotocols,andcanbeprovidedonseveralphysicalplatforms.
TheZXR10ZSRV2supportstheMPLStechnology,includingthefollowingfeatures:
lSupportsbasicfunctionsandthelabelforwardingserviceoftheMPLS,implements
theLDPsignalingprotocol.TheMPLSsignalingprotocolisinchargeof
distributinglabels,establishingtheLSP ,andtransmittingparametersduringtheLSP
establishmentprocess.
lSupportstheGracefulRestartfunctionontheMPLSsignalingprotocollayer,and
continuouslyforwardslabeldatawhentheprotocolisinterrupted.
lSupportstheMPLSPing/Tracertfunctions,anddetectstheavailabilityoftheLSP
throughMPLSechorequestandMPLSechoreplymessages.
lSupportstheLDPFRRfunction.TheZXR10ZSRV2canquicklyswitchdatatrafc
whentheLSPisinterrupted.
lSupportstheloadsharingfunctionoftheMPLSLSP .
lSupportstheprocessingofmulti-layerlabels.
lSupportsmanagementfunctionssuchastheLSPloopdetectionmechanism.
lSupportstheMPLSCoSandsupportsthemappingbetweenIPpacketsintheT oS
domainandMPLSpacketsintheEXPdomain.
StaticTunnel
Thestatictunnelisatunnelmanuallyconguredbytheadministrator.Itdoesnotneedto
betriggeredbytheMPLSsignalingprotocolorexchangecontrolpackets,soitconsumes
fewresourcesandisapplicabletosmall-scalestablenetworkswithsimpletopologies.The
tunnelcreatedthroughlabelallocationinstaticmodecannotbedynamicallyadjustedwith
thechangeofnetworktopology,andneedstobemanuallyconguredbytheadministrator.
ThestatictunnelcommandneedstobeconguredoneachLabelSwitchRouter(LSR)of
theentiretunnel,includingtheheadernode,interimnodes,andthetailnode.Servicescan
beproperlyforwardedontheLSPofthistunnelonlyafterthetunneliscorrectlycongured
onallnodes.
3-9
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
MPLS-TE
Networkcongestionisamajorproblemaffectingtheperformanceofthebackbonenetwork.
Itisnormallycausedbecausenetworkresourcesareinsufcient,orthenetworkispartially
congestedbecausetheloadofnetworkresourcesisnotbalanced.TheTrafcEngineering
(TE)solvesthecongestioncausedbyunbalanceload.
TheMPLSTEisatechnologythatcombinestheTEtechnologyandtheMPLS.Through
theMPLSTE,theserviceprovidercanaccuratelycontrolthetrafcpathtoavoidcongested
nodes,whichsolvestheproblemthatsomepathsareoverloadedwhileotherpathsare
idle,andtakingexistingbandwidthresourcesintofullutilization.Additionally,theMPLS
TEcanreserveresourcesduringtheestablishmentoftheLSPtunnel,whichensuresthe
QoS.
ThroughtheOSPFTEortheIS-ISTE,theMPLSTEestablishesalinkbandwidthresource
databaseforallnodesintheMPLSnetwork,andusestheCSPFalgorithmtocalculation
thetunnelestablishmentpathinaccordancewiththelinkbandwidthresourcedatabase
andthetunnelconstraintconditions.TheMPLSTEnallyusestheRSVP-TEsignaling
protocoltoestablishtheTEtunnelonthepathcalculatedbytheCSPFalgorithm.
TheZXR10ZSRV2supportsthefollowingMPLSTEfeatures:
lSupportsOSPFTEandIS-ISTE.
lSupportsConstrainedShortestPathFirst(CSPF)algorithm.
lProvidesbasicfunctionsoftheRSVP-TEprotocolinaccordancewiththeRFC,and
establishesandmaintenancestheTEtunnelbyexchangingPath/Resvmessages.
lProvideslinkprotectionandnodeprotectionfunctionsoftheRSVP-TEFRRprotocol
inaccordancewiththeFacilitymodedenedbytheRFC,sothattheLSPpossesses
thelocationprotectioncapabilityoftheRSVP-TE.
lProvidestheGracefulRestartfunctiondenedbytheRFC,theExtensionstoGMPLS
RSVPGracefulRestart,andtherecoveryprocessingmechanismwhenseveral
adjacentnodesarerestartedsimultaneously.
lSupportsRSVP-TEMIBfunction.
lProvidesextendedfunctions,includingtheMakeBeforeBreak(MBB),re-optimization,
prioritypreemption,abstractrefreshing,automaticrouting,FA,hot-standby,and
authenticationfunctions.
3.5VPN
3.5.1IPSecandGRE
IPSecVPN
TheIPSecisanIP-layersecurityframeworkprotocoldraftedbytheInternetEngineering
TaskForce(IETF),whichprovidesprotectionforthetransmissionofsensitivedatainan
unprotectednetworkenvironment(suchastheInternet).TheIPSecdenestheformat
andrelatedbasicstructureofIPdatapackets,whichprovidescondentiality,dataintegrity,
3-10
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
anti-replay,andenhancedidentityauthenticationfunctionsforthetransmissionofIPdata
packetsduringnetworkcommunication.
lCondentialityindicatesthatuserdataisencryptedforprotectionandistransmitted
asencryptedtexts.
lDataintegrityindicatesthatthedataisnotmodiedduringthetransmissionprocess.
TheIPSecauthenticatesthereceiveddatatodeterminationwhetherthepacketis
falsied.
lAnti-replayindicatesthattheIPSecdeterminationswhetheradatapacketis
duplicatedbycomparingtheslidingwindowonthetargethostwiththesequence
numberinthereceiveddatapacket.Inthisway,itpreventsmalicioususersfrom
interceptinganIPSecdatapacketandinsertingitintothesessionagain.
lSourceauthenticationindicatesthattheIPSecidentiestheidentityofthedatasender
throughthepre-sharedencryptionkeyortheRSAsignature.
TheIPSecusesthefollowingtwomajorframeworkprotocols:
lAuthenticationHeader(AH):TheAHisapacketheaderauthenticationprotocol,
providingdatasourceauthentication,dataintegritycheck,andpacketanti-replay
functions.TheAHprotocoldoesnotencryptprotecteddatapackets.
lEncapsulationSecurityPayload(ESP):TheESPprotocolprovidesboth
authenticationfunctionsandtheencryptionfunction.TheESPprovidesthesame
authenticationfunctionsastheAHprotocol(exceptthatthedataintegritycheck
oftheESPdoesnotincludeIPpacketheaders),andalsoprovidestheencryption
functiontoimprovethesecurityofIPdatapackets.
TheIPSectransmitsIPdatapacketsunderthefollowingtwomodes:
lTunnelmode:Intunnelmode,theAHorESPisinsertedbeforetheoriginalIPheader
andanewIPheaderisformedbeforetheAHorESP .Thetunnelmodeisusedto
connecttwosecuritygateways(suchasrouters).
lTransmissionmode:Intransmissionmode,theAHortheESPisinsertedaftertheIP
headerbutbeforethetransmission-layerprotocol.Thetransmissionmodeismainly
usedforend-to-endconnectionbetweenhosts.ItusestheaddressintheoriginalIP
packetheaderforaddressing.
TheZXR10ZSRV2hasthefollowingIPSecfeatures:
lSupportstocreatethesecurityassociationmanuallyorintheIKEdynamicassociation
mode(isakmp).
lSupportstheIKEv1encryptionkeynegotiationandexchange.TheIKEsupportsthe
followingsecuritymechanisms:
àDife-Hellman(DH)exchangeandencryptionkeydistribution:TheDHalgorithm
isapublicencryptionkeyalgorithm,withwhichbothcommunicationparties
calculatethesharedencryptionkeybyexchangingdatabutnottransmittingthe
encryptionkey.Theencryptionprerequisiteisthatbothpartiesexchangingthe
encryptiondatamusthaveasharedencryptionkey.
àPerfectForwardSecrecy(PFS):ThePFSisasecurityfeatureindicatingthat
thesecurityofotherencryptionkeysisnotaffectedafteroneencryptionkeyis
3-11
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
decrypted,becausetheseencryptionkeysarenotderivedfromeachother.The
encryptionkeyforthesecondphaseoftheIPSecisexportedfromthatofthe
rstphase.IftheIKEencryptionkeyoftherstphaseisstolen,theattackermay
collectenoughinformationtoexporttheIPSecSAencryptionkeyofthesecond
phase.ThePFSensuresthesecurityoftheencryptionkeyinthesecondphase
byexecutinganadditionalDHexchange.
àIdentityauthentication:Itmeansthattheidentitiesofbothpartiesareconrmed.
TheZXR10ZSRV2supportsthepre-sharedkeyvericationmode,inwhichthe
validationwordisusedtocreatetheencryptionkey.Ifthevalidationwordis
different,thesameencryptionkeycannotbecreatedonbothparties.
àIdentityprotection:Theidentitydataisencryptedandtransmittedafterthe
encryptionkeyisgeneratedtoprotecttheidentitydata.
lSupportstheAHprotocolandtheESPprotocol.Bothprotocolscanbeusedtogether.
lSupportsthetransmissionofdatapacketsintunnelmodeandintransmissionmode.
lSupportsthefollowingtwogeneralhashalgorithmstoensurethatthedataisnot
modiedduringthetransmission:
àHMAC-MD5:usesthe128-digitencryptionkeytocalculatethehash.
àHMAC-SHA-1:usesthe160-digitencryptionkeytocalculatethehash.
lSupportsencryptionalgorithmssuchastheDES-CBC,3DES-CBC,AES-128-CBC,
AES-192-CBC,andAES-256-CBC.
lSupportstheDPDdetectionoftheIPSec.
lSupportstheNATtraversingoftheIPSec.
lSupportstheIPSec+GREnetworkarchitecture.
lSupportstheIPSectobeassociatedwiththeVRF.
GREVPN
TheGREprotocolencapsulatesparticulardatapacketsofthenetwork-layerprotocol,so
thattheseencapsulateddatapacketscanbetransmittedintheIPv4network.
Whentherouterreceivesanoriginaldatapacket(Payload)thatneedstobeencryptedand
routed,theGRErstencapsulatesthispacketintoaGREpacketandthenencapsulates
itintheIPprotocol.TheIPlayerwillthenbefullyresponsibleforforwardingthispacket.
Theprotocoloftheoriginalpacketiscalledthepassengerprotocol,theGREiscalledthe
encryptionprotocol,andtheIPpacketinchargeofpacketforwardingiscalledthedelivery
packetorthetransportprotocol.TheGREdoesnotcareforthespecicformatorcontents
ofthepassengerprotocolduringtheaboveprocesses.
TheGREhasthefollowingadvantages:
lThemulti-protocollocalnetworkcantransmitpacketsoverthebackbonenetworkof
asingleprotocol.
lDiscontinuoussubnetsareconnectedtoestablishaVPN.
lTheworkscopeofthenetworkisextendedtoincludeprotocolsrestrictedbythe
routinggateway.
3-12
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
IPSecNAT
Inanetwork,ifthereareroutersbetweentwoIPSecrouters,theIPSecroutersmust
supportIPSecNAT ,sothatNAT-TnegotiationisperformedthroughIKEandESPpackets
canbeencapsulatedanddecapsulatedthroughUDP .Figure3-1showsanIPSecNAT
application.
Figure3-1IPSecNAT
GREOverIPSec
AnIPSectunnelsupportsunicastonly,andcannotprotectbroadcastdata.GREsupports
encapsulationfornon-IPpackets,IPmulticastpackets,andIPbroadcastpackets.
Therefore,GREOverIPSeccanbeusedtoprotectbroadcastdatainaGREtunnel.GRE
OverIPSecisusedinapplicationscenariowhereroutingprotocolsneedprotection,see
Figure3-2.
Figure3-2GREOverIPSecVPN
3-13
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
3.5.2MPLSVPN
Overview
TheMPLSVPNprovidesdatasecrecyoftheISPandsupportstouseanon-unique
dedicatedIPaddressintheVPN.TheVPNforwardingtableincludesthecorresponding
labelforVPN-IPaddress,throughwhichthedataistransmittedtothecorresponding
location.
TheMPLSVPNhasthefollowingadvantages:
lThecongurationofVPNconnectionissimple,soitimposesnopressureuponthe
existingbackbonenetwork.
lItdoesnotimposeanyrequirementuponexistingusers,sousersdonotneedtomake
anymodication.ThecongurationforaddingauserintotheVPNisalsosimple.
lItprovidespowerfulnetworkextensibility.
lVPNuserscancontinueusingoriginaldedicatedaddresseswithoutmakingany
modication.TheVPN-IDisusedonthebackbonenetworktomaintainuniqueness
intheentirenetwork.
lItiseasiertoprovidevalue-addedservices,suchasdifferentCOSs.
MPLSL2VPN
TheZXR10ZSRV2supportstheMPLSL2VPNinMartinimode.ItusestheVC-Type
andtheVC-IDtoidentifyaVirtualCircuit(VC).TheZXR10ZSRV2supportsthefollowing
functions:
lUsestheLDPprotocolasthebasicsignaling.
lSupportsboththeVPWSandtheVPLSL2VPNservices.
lSupportstheL2VPNMIB.
lSupports129-typeFECencoding.
lSupportsthePseudoWire(PW)classconguration,heterogeneousstructure,status
Tag,Length,Value(TLV),VirtualCircuitConnectivityVerication(VCCV),andcontrol
eldcongurationfortheVPWSservice.
lSupportstheL2VPNreectorfortheVPLSservice.
lSupportstheL2VPNGracefulRestartfunction.
lSupportstheMACaddresslteringandrestrictionfunctions.
lSupportsPWE3.
lSupportsCESoPSN.
lSupportsSAT oP .
lSupportsL2VPNandL3VPNBridgeFunction.
MPLSL3VPN
TheZXR10ZSRV2supportstheL3VPNbasedontheMPLS/BGP .Itusesexistingpublic
networkresourcestoprovideuserswithservicesofthevirtualanddedicatednetwork,
3-14
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
satisfyingusers'servicerequirementsandsecurityrequestsfortransmittingprivatedata
onthepublicnetwork.
TheZXR10ZSRV2supportsthefollowingMPLSL3VPNfunctions:
lSupportsdynamic(BGP ,RIP ,OSPF ,IS-IS)andstatic(staticroute)VPNaccesses.
lSupportspolicycontrolssuchasRTrewritingandSOO.
lSupportsseveralcross-domainVPNmodes.
lSupportstheVPNroutingrestrictionfunction.
lSupportstheVPNFRR.
3.5.3SmartDialControl
SmartDialControl(SDC)isadial-on-demandbackuptechnologyusedtointerconnect
routersthroughthePSTN,ISDN,ora3Gwirelessnetwork.
Dialondemand:Noconnectionispre-establishedbetweentworouters.Whendataneeds
tobetransmittedbetweentherouters,theSDCowisstartedtoestablishaconnection,
andthenmessagescanbetransmitted.Whentheconnectionisidle,SDCautomatically
disconnectstheconnection.
Thedial-on-demandfunctionprovidedbySDCisexible,economical,andefcient.
Inactualapplications,SDCisusedasbackuptoprovideguaranteeformainline
communication.Itprovidesanalternativeauxiliarychannelwhencommunicationfails
onamainlineduetoalinefailureoranotherfault,whichensuresthatservicescanbe
providedproperly.
TheSDCmoduleprovidesthefollowingfunctions:
lDialingbackupfunction
àDialingbackuptriggeredbyafailedactivelink(orinterface):Aftertheactivelink
(orinterface)isinvalidforaperiod,thestandbyinterfacedials,andthestandby
linkisactivated.Whentheactivelink(orinterface)isrecoveredforaperiod,the
standbylinkisdisconnected.
àDialingbackuptriggeredbyanoverloadedactivelink(orinterface):Whenthe
loadontheactivelink(orinterface)exceedsthespeciedpercentageofthe
linkcapacity,thestandbyinterfacedials,andthestandbylinkisactivated.The
standbylinkoperatestogetherwiththeactivelink.Whentheloadontheactive
link(orinterface)isreducedtothespeciedpercentageofthelinkcapacity,the
standbylinkisdisconnected.
àLinkbackupthroughroutedetection:WhentheSDCmoduledetectsthatsome
routesthatneedbackuparelost,dialingistriggeredandbackuproutestothe
specieddestinationaregenerated.
lDial-on-demandfunction
àPermanentdialing:Afterpermanentdialingisconguredonadialinginterface,
dialingisimmediatelytriggereduntildialingissucceeded.
3-15
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
àAutomaticdialing:Whenadeviceisstartedupandthephysicaldialinginterface
isup,automaticdialingistriggered.
àManualdialing:Manualdialingcanbeperformedordisabledthroughcommand
conguration.
àTriggereddialing:Flowsreceivedonaroutercanbedividedintotriggeringows
andnon-triggeringows.Foratriggeringow,ifnoconnectionisestablished,
therouterestablishesadialingconnectionwiththeremoterouter.Fora
non-triggeringow,therouterdoesnotcalltheremoterouter.
3.6QoS
Overview
Withthepopularizationofdiverseservices(voices,data,andvideo)anthecontinuous
progressoftheFixedMobileConvergence(FMC)process,themultiservicebearernetwork
isrequiredtoprovidedifferentialservicesfordifferentservicesanddifferentusers,sothat
itcandistinguishservicesandguaranteetheQoSofuserservicesinaccordancewiththe
ServiceLevelAgreement(SLA).TheQoSguarantyisprovidedundervariousapplication
modelstoprovideend-to-endQoS,sothatthenetworkcansenseandmanageservices,
providedelicateoperationofservices,andnallyimproveusers'serviceexperiences.
StreamClassicationandLabeling
Inaccordancewithserviceclassicationpolicies,includingthedestinationMAC,source
MAC,VLANID,802.1P ,TypeOfService(T oS)/DSCP ,andtheIPquintuple(protocol
type,destinationIP ,sourceIP ,destinationportnumber,andsourceportnumber),service
packetsaredividedintoseveralprioritiesortypes.Additionally,theCoSofEthernet
packets,theT oSofIPpackets,andtheEXPeldofDSCPorMPLSpacketsarelabeled
toprovideclass-basedscheduling,congestionmanagement,andtrafcreshaping.
TrafcSupervision
Throughthetokenbucketalgorithm,thetrafcenteringthenetworkisrestrictedwithina
correctrange.TheZXR10ZSRV2supervisesandpunishestheexceedingtrafc,such
asdiscardingpackets,coloringpackets,orresettingpacketpriorities,toprotectnetwork
resourcesandcarrier'sprots.
TheZXR10ZSRV2supportstheSingle-rateThreeColorMarker(SrTCM)andTwo-rate
ThreeColorMarker(TrTCM)coloringalgorithms,andsupportstheColor-Blindand
Color-Awarecoloringmodes.TheZXR10ZSRV2supportsport-basedandstream-based
coloringmodes,andcanapplythemineithertheingressortheegress.
TrafcReshaping
Thetrafcreshapingfunctioncachesandsendsegresstrafcoutatarelativelyeven
speed,sothatthetrafcratesatisestheprocessingcapabilityofdownstreamequipment.
3-16
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
TheZXR10ZSRV2supportsport-basedandqueue-basedtrafcreshaping.
Queuing
Thequeuingtechnologysolvesthecongestionofnetworknodesthroughaseriesof
schedulingalgorithms.High-prioritypacketsareforwardedpreferentially,whilelow-priority
packetsalsogetthecorrespondingschedulingchancesfairly.
TheZXR10ZSRV2supportsthePQ,theWeightedFairQueuing(WFQ),andtheCBWFQ
modes.
CongestionAvoidance
Becausetheprocessingcapabilityandcachingcapabilityofthenetworkequipmentare
limited,packetsaboveequipmentcapabilitiesmaycausenetworkcongestion.Ifthese
packetsarediscardedsimply,theglobalsynchronizationsymptomoccurs.
TheZXR10ZSRV2avoidscongestioninRED/WREDmodetoimprovethenetworkquality.
TheWREDcansenseservices,includingtheIPpriority,DSCP ,andMPLSEXP ,andsets
differentearlier-phasediscardingpoliciesforpacketswithdifferentpriorities.Thismeans
that,itprovidesdifferentialdiscardingfeaturesfordifferentservices.
MPLSQoS
TheZXR10ZSRV2supportsthefollowingMPLSQoSfeatures:
lSupportstheMPLSQoSbasedontheDiff-Servmodel.TheMPLSQoScompletes
theprioritymappingbetweenMPLS,IP ,andEthernetpackets,anddistinguishesdata
streamsofdifferentservicesinaccordancewiththeEXPinthelabel.Thismeansthat,
itprovidesdifferentialservicesandensurestheQoSforvoiceandvideoservices.
lSupportsthreestandardcarrierMPLSQoStunnels:UniformTunnel,PipeTunneland
ShortPipeTunnel.
lCombinestheMPLS-TEandtheDiff-Serv,sothattheIP/MPLScorenetworkowns
serviceidenticationcapabilities.Thetunnelisalsoestablishedtoensurethe
bandwidthforhigh-priorityservices.
lSupportsQoSschedulinginsidetheMPLSVPN,andensuresthatkeyVPNservices
areforwardedpreferentiallybyachievingDiff-ServinsidetheVPN.
lDistinguishesPWsinaccordancewithuserservicesandmapstheservicePWto
thecorrespondingMPLStunnel.Byachievingservice-basedend-to-endQoSthatis
easiertobedeployedandplansthebandwidth,theZXR10ZSRV2providesoperation
guarantyforthedifferentialmanagementandservicesofmultipleservices.
H-QoS
Throughhierarchalschedulinganduniedcentralizedconguration,theH-QoSprovides
delicateQoSforhigh-qualityservicesandusers,reducestheconstructioncostofthe
equipmentaccessedintothenetwork,andsimpliesthemaintenancecostoftheentire
network.Additionally,theH-QoSimprovestheQoSoftheentirenetwork.
3-17
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
TheH-QoSprovidesdelicateschedulinginhierarchalmodeandprovidesreliableservice
supportforuserstodeploymultipleservices.
TheZXR10ZSRV2supportsthefollowinghierarchalQoSfeatures:
lSupportsmulti-hierarchytrafcmanagementthroughsettingmulti-hierarchy
scheduler,meetingnetworkdeploymentrequirements.
lSupportsmulti-user,multi-service,andmulti-trafcclassicationrequirementsto
performcongestionavoidanceandtrafcshaping.
lSupportspacketmarkinginH-QoSqueuescheduling.
lSupportstrafcstatisticsforserviceschedulinginthehierarchalQoSandprovides
visualizedmanagementofthetrafcservicemodel.Thismeansthat,themaintenance
andmanagementpersonnelhavebetterunderstandingofthenetwork.
3.7SecurityFeatures
3.7.1ACL
AnACLisusedtopermitordenypacketowsbasedonconguredrules.Packetltering
rulesdeterminetheACLtype.ACLrulescanbedenedbasedonthefollowingconditions:
lMACaddress
lVLAN
lSourceIPaddress
lDestinationIPaddress
lSourceportnumber
lDestinationportnumber
lTransport-layerprotocolnumber
lT oS
lTimerange
AfteranACLiscreated,itmustbeappliedonaninterface.Dataowsonaninterfaceare
bidirectional,sothedirection(inputoroutput)mustbespeciedwhenanACLisapplied
onaninterface.
TocongureanACLonaninterface,anACL,theinterfaceonwhichtheACLisapplied,
andthedirectioninwhichtheACLisappliedontheinterfacemustbedened.TheACL
operationprocedureisasfollows:
1.TheACLtypeisidentiedthroughtheACLserialnumber.Packetsarecheckedbased
ontheACLtodeterminewhetherthepacketscanpasstheinterface.
2.ACLrulesareusedforcheckingpacketsinaccordancewiththecongurationorderof
therules.Rulesconguredrstareusedforcheckingpacketsrst.
3.Oncethepacketsmatcharule,therouterstopscheckingthepackets.
4.Forthematchedpackets,whetherthepacketsareallowedtopasstheinterface
dependsonthecorrespondingaction(permitordeny)conguredfortherule.
5.Ifthepacketsmatchnorule,thedefaultruleisused,thatis,thepacketsaredisallowed
topasstheinterface.
3-18
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
TheZXR10ZSRV2providesthefollowingACLfeatures:
lSupportsstandardACLsandextendedACLs
lSupportsL2ACLs,L3ACLs,andL2/L3hybridACLs
lSupportsACLtimerange
lSupportsACLlogstatistics
lSupportscollectingstatisticsonthehitrate
lSupportsACLbindinginbatches
3.7.2Anti-Attack
IPSourceAttackDefense
TheZXR10ZSRV2supportsthefollowingIPsourceattackdefensemechanisms:
lIPandMACbinding:Inaccordancewithconguration,abindingrelationshipcanbe
establishedbetweenthespeciedIPaddressandMACaddress.Forpacketswiththe
speciedIPaddress(source),iftheMACaddressisdifferentfromtheboundMAC
address,thepacketsaredropped.ThispreventsattacksbypacketswithfalseIP
addresses.
lARPscanning:StaticIPandMACassociationtablecanbegeneratedinbatches
throughtheARPscanningfunction.
lIPsourceguard:WhentheZXR10ZSRV2isusedasaL2device,abindingtable
canbeusedtoguardIPsourcecheat.
ARPAttackDefense
TheZXR10ZSRV2supportsthefollowingARPattackdefensemechanisms:
lUsesperiodicgratuitousARPpackets,sothatusers'packetcanbeproperlyforwarded
togatewayswithoutbeingattackedorintercepted.
lUsesstrictARPleaningtopreventARPcheat.
lUsesARPprotectiontopreventARPcheat.
lUsesdynamicARPinspectiontopreventARPcheat.
lUsesARPpacketsuppressiontopreventARPooding.
lUsesARPMissmessagesuppressiontopreventARPooding.
3.7.3Firewall
SecurityZone
TheZXR10ZSRV2supportssecurityzones,includingtheDMZ.Allsecuritypoliciesare
implementedbasedonsecurityzones.Aftersecurityzonesarecongured,therewall
functioncanbeconguredinthesecurityzones.Securityzonecongurationincludesthe
securityzonename,priority,interfaceaddedtothesecurityzone,andtheDMZ.Ingeneral,
aDMZisalteringsubnetthatprovidesasecurityzonebetweenaninternalnetworkand
externalnetwork.
3-19
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Packet-FilteringFirewallandFragmented-MessageFiltering
PacketscanbelteredthroughACLconguration.Packetsarelteredbasedon
informationsuchastheprotocolnumberoftheupper-layerprotocoloperatingoverIP ,
sourceIPaddress,destinationIPaddress,sourceportnumberanddestinationport
numberinapacketandthepackettransmissiondirection.
Packetlteringisusedintherewallfunction.T oforwardapacket,theZXR10ZSRV2
retrievesinformationintheheaderofthepacketandchecksthepacketbasedontheACL
rules.TheZXR10ZSRV2determineswhethertoforwardordropthepacketbasedonthe
comparisonresult.
Packetlteringsupportsfragmented-messageltering.Thepacketlteringrewall
identiespackettypes,suchasnon-fragmentedmessage,rstfragmentedmessage,and
non-rstfragmentedmessage.Alltypesofpacketsareltered.
StatefulFirewall
Statefulrewallisanextensionofthepacket-lteringrewall.Ittakeseachpacketasan
independentunittoperformACLcheckandltering,andalsoconsidersapplication-layer
associativitybetweenpackets.
lThestatefulrewallusesdifferentstatetablestomonitorTCPsessionsorUDP
sessions.TheACLdeterminesthesessionsthatareallowedtobeestablished.Only
thepacketsrelatedtotheallowedsessionsareforwarded.
lForaTCPsessionorUDPsession,thestatefulrewallanalyzestheapplication-layer
stateinformationaboutpackets,andlterspacketsthatdonotmatchthecurrent
application-layerstate.
lThestatefulrewallhastheadvantagesofthepacket-lteringrewallandproxy
rewall,providingthehighspeedandsecurity.
Thestatefulrewallperformslteringforapplication-layerpackets,meaningstate-based
packetltering.Thestatefulrewallcandetecttheinformationabouttheapplication-layer
protocolsessionthatwantstopasstherewall.Thestatefulrewallmaintainsthesession
stateandcheckstheprotocolnumberandportnumberofsessionpackets.Ifthepackets
donotmatchrules,thepacketsaredisallowedtopasstherewall.Thestatefulrewall
maintainsthestateinformationabouteachconnectiontodynamicallydeterminewhether
toallowpassingthepacketsordropthepackets.Thestatefulrewallalsocanmonitor
variousapplication-layerprotocoltrafc.
Blacklist
ThebacklistisusedtolterpacketsbasedonsourceVPNandsourceIPaddress.The
packeteldscheckedbytheblacklistaresimplerthanthosecheckedbyACLs,sopackets
canbelteredathighspeeds.Inthisway,packetssentfromthespeciedIPaddresses
areshielded.Theblacklistcanbestaticallyconguredordynamicallygeneratedbythe
rewall.
BesidestheIPaddressesstaticallyconguredintheblacklist,whentheZXR10ZSRV2
detectsthatthereareIP-scanningattacksorport-scanningattacksfromthespecicIP
3-20
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
address,thisIPaddressisaddedtotheblacklist.Iftheblacklistfunctionisenabled,
anypacketsformtheIPaddressareltered.Theagingperiodofthestaticblacklistand
dynamicblacklistcanbecongured.Whenpacketsmatchtheblacklist,evenifthepackets
arepermittedinaccordancewiththeACLrules,therewalldropsthepackets.
Blacklistcongurationcanbeexportedtoale,andblacklistcongurationcanbeimported
throughale.
WhiteList
IftheIPaddressandVPNofahostareaddedtothewhitelist,therewalldoesnotperform
IP-scanningattackcheckorport-scanningattackcheckforpacketssentfromthehost.The
rewalldoesnotaddtheIPaddresstodynamicblacklist,andtheIPaddresscannotbe
addedtothestaticblacklist.
Afterreceivingapacket,theZXR10ZSRV2checkswhetherthesourceIPaddressofthe
packetisinthewhitelist.Ifyes,theZXR10ZSRV2doesnotperformIP-scanningattack
checkorport-scanningattackcheckforthepacket,anddoesnotaddtheIPaddresstothe
dynamicblacklist.Othersecuritylteringproceduresareperformed,suchasACLpacket
ltering,statefulrewall,andtrafcstatisticsandmonitoring,whichachievestheoptimal
securitylteringeffects.
Theagingperiodcanbeconguredforthewhitelist.Whitelistcongurationcanbe
exportedtoale,andwhitelistcongurationcanbeimportedthroughale.
Anti-DDOSAttack
Asthenetworkenvironmentbecomesmoreandmorecomplicated,asthecorepart
processingvariouscomplicatedprotocoldatapackets,thecontrol-layerprocessorofthe
routerequipmentiseasiertobeattackedbynetworkbroadcaststorms,PINGooding,
andTCPsynooding.TopreventtheseattacksfromaffectingtheCPUandevenleading
toserviceerror,pause,orinterruption,theZXR10ZSRV2providesaexibleand
completestream-controlmechanismforthetrafcenteringthecontrollayer.
lTheZXR10ZSRV2dividesreceivedCPUtrafcintoseveralqueueswithdifferent
prioritiestoensurethatimportantprotocolpackets,suchastheBGPandtheOSPF ,
andcustomizeddatapacketsareprocessedpreferentially.Eachqueuesetsdifferent
thresholdsfordifferentpackettypes.
lTheZXR10ZSRV2supportsCARspeedlimitforthetrafcsentfromthephysical
ingressports.
lTheZXR10ZSRV2supportstheCARspeedlimitforcustomizedpacketsin
accordancewiththesourceaddress,protocoltype,TCP/UDPportnumber,andthe
physicalingressportnumber.
lTheZXR10ZSRV2supportsthecongurationofthenumberofpacketssentper
secondandtheirprioritiesinaspecicrule.
lTheZXR10ZSRV2supportsthefunctionofdetectingexceptionsforpacketssent
fromlogicalports.TheZXR10ZSRV2checksthespeedofallreceivedpackets
onlogicalports,stopsthepacket-receivingoperationontheportwhenitndsthat
3-21
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
thetrafcsentontheportreachesthespeciedthreshold,extendstheoperation
appropriately,andthencontinuesreceivingpackets.
Throughdividingandtreatingdatapacketswithdifferentpriorities,themulti-queue
sendingtechnology,thecongurationoftheportsendingpolicy,andthespeedlimitfor
sentstreams,theZXR10ZSRV2effectivelyensuresthatimportantdatapacketswith
higherprioritiesaresentpreferentially,andshieldsattacksfromerrorpackets.
Anti-DOSAttack
TheZXR10ZSRV2supportsthefollowinganti-DOSattackmechanisms:
lLANDattackdefense
lSmurfattackdefense
lWinNukeattackdefense
lSYNoodattackdefense
lICMPoodattackdefense
lUDPoodattackdefense
Anti-ScanningAttack
TheZXR10ZSRV2supportsthefollowinganti-scanningattackmechanisms:
lPing-deathattackdefense
lLarge-ICMPattackdefense
lICMP-unreachableattackdefense
lICMP-redirectattackdefense
lICMPfragmentattackdefense
lIPfragmentattackdefense
lT eardropattackdefense
lFraggleattackdefense
lTracertattackdefense
Anti-Abnormal-PacketAttack
TheZXR10ZSRV2supportsthefollowinganti-abnormal-packetattackmechanisms:
lAbnormalTCPpacketattackdefense
lIPincorrectoptionattackdefense
lSynfragmentattackdefense
lUnknownprotocolattackdefense
lIPspoongattackdefense
lIPoptionpacketattackdefense
lTCPNo-Flagpacketattackdefense
lTCPSynFinpacketattackdefense
lTCPFin-No-Ackpacketattackdefense
3-22
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
3.7.4MultipleSecurityAuthenticationModes
AAA
TheZXR10ZSRV2supportmultiplesecurityauthenticationmodes.
Withdifferentauthenticationpoliciesforuseraccess,theZXR10ZSRV2provides
completeAAAauthenticationandauthorizationfunctions.Differentaccessauthentication
policiescanbeconguredtoperformdifferentauthenticationandauthorizationforusers
selectivelyasneeded.
TheAAAsupportsthefollowingthreeauthenticationmodes:
lLocalauthentication
lRADIUSauthentication
lTACACS+authentication
TheAAAsupportsthefollowingfourauthorizationmodes:
lDirecttrustingauthorization:TheAAAperformsauthorizationwithouttheuser
account.
lLocalaccountauthorization:TheAAAperformsauthorizationinaccordancewithuser
accountsconguredlocally.
lTACACS+authorization:TheTACACS+isdividedintoauthenticationand
authorization.TheTACACS+serverauthorizesusers.
lAuthorizationaftersuccessfulRADIUSauthentication:Theauthorizationand
authenticationoftheRADIUSprotocolcannotbesplit.
ProtocolSecurityValidation
Inaccordancewiththesecurityvalidationrequirementsofdifferentprotocols,theZXR10
ZSRV2providescompleteprotocolsecurityvalidationfunctionsfortheSecureShell
(SSH),PPP ,routingprotocol,andSNMPprotocol.
SecurityvalidationfortheSSHprotocol:
lSupportsencryptionauthenticationbasedontheMD5
lSupportsencryptionauthenticationbasedontheSHA1
SecurityvalidationforPPPaccess:
lSupportsthePasswordAuthenticationProtocol(PAP)-basedvalidationmode.
lSupportstheChallengeHandshakeAuthenticationProtocol(CHAP)-basedvalidation
mode.
Securityvalidationfortheroutingprotocol:
lSupportstheexplicitpacketauthenticationfortheRIPv2,OSPF ,andIS-IS.
lSupportstheMD5-basedencryptionauthenticationfortheRIPv2,OSPF ,IS-IS,and
theBGP .
lSupportstheMD5-basedencryptionIPSecAHauthenticationfortheRIPng,OSPFv3,
andtheBGP-4+.
3-23
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
lSupportstheSHA1-basedencryptionIPSecAHauthenticationfortheRIPng,
OSPFv3,andtheBGP-4+.
SNMPsecurityvalidation:
SupportstheencryptionandauthenticationfortheSNMPv3.
3.7.5uRPF
TheZXR10ZSRV2supportstheURPFfunctiontoavoidnetworkattacksbasedonsource
addresscheats.
ThesourceaddresscheatingmethodiscommonamongDoSattacks.Theattackerfakes
asourceaddress(whichisnormallyavalidnetworkaddress)toaccesstheequipmentto
preventitfromprovidingservicesproperly.TheURPFcaneffectivelyavoidsthistypeof
attacks.
TheZXR10ZSRV2supportsthefollowingURPFfeatures:
lSupportstheStrictRPFcheckingfunction.
lSupportstheLooseRPFcheckingfunction.
lSupportstheLooseRPFcheckingfunctionthatignoresthedefaultroute.
lSupportstheACLcheckingfunction.
3.8NetworkReliability
PingDetect
ThePingDetectautomaticdetectionfunction,whichusesrequest/responsepacketsofthe
ICMPtodetectwhetherthedestinationisreachable,andfeedsbackthedetectionresultto
theassociatedstandbyfunctionmoduletotriggeractive/standbyswitchover.Thismeans
that,itprovidesthebackupfunctionbasedontheavailabilityofapplicationsonthenetwork
layer.
BFD
Animportantfunctionofanynetworkequipmentistoquicklydetectcommunicationfaults
withadjacentsystemsandrapidlycreateotherpaths.TheBFDprotocolgreatlysupports
thispurpose.TheBFDisusedtoprovidealow-loadandfastfaultdetectionmechanism
betweenadjacentforwardingengines.TheBFD,togetherwiththeFRR,canprovide
millisecond-levellinkdetectionandrouteswitchoverfunctionsontheforwardinglayer.
TheZXR10ZSRV2supportsthefollowingBFDfeatures:
lSupportstheBFDdetectionfunctionofversion0andversion1.
lSupportstheBFDforBGPdetection.
lSupportstheBFDforOSPFdetection.
lSupportstheBFDforIS-ISdetection.
lSupportstheBFDforLDPLSPdetection.
lSupportstheBFDforTEtunneldetection.
3-24
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
lSupportstheBFDforstaticroutenext-hopdetection.
lSupportstheBFDforpolicyroutedetection.
lSupportstheBFDforVRRPdetection.
FRR
Whenparticularlinksornodesinthenetworkbecomeineffective,thepacketsreaching
thedestinationtroughtheseineffectivenodesmaybediscardedorformaloop.Trafc
interruptionortrafcloopinevitablyoccursinthenetworkuntilthenetworkre-converges
tocalculateoutanewtopologyandroute.Theinterruptionnormallycontinuesforseveral
seconds.T oreducethetrafcinterruptionperiodinthenetwork,amechanismmustbe
providedtoprovidethefollowingfunctions:
lRapidlydiscoversineffectivelinks.
lRapidlyprovidesanotherrecoverypathwhentherstlinkfails.
lAvoidstheforwardingloop"micro-loop"inthefollow-upnetworkrecoveryprocess.
TheZXR10ZSRV2providesIPFRRandMPLSFRRfunction.
lWiththeIPFRRfunctionprovidedbytheZXR10ZSRV2,theroutingprotocol
moduleavoidsno-loopactive/standbyroutesinaccordancewiththeloopcongured
bytheuser.Duringtheforwardingprocess,theforwardingmoduleforwardstrafc
accountingtotheactiverouteanddetectstheportstatusoftheactiveroute.When
anexceptionoccursontheactiveport,theZXR10ZSRV2rapidlyswitchesthetrafc
overtothestandbyroute,whichreducesthetrafcswitchoverperiodandthenumber
ofdiscardedpackets.
TheIPFRRisnormallyusedtogetherwiththeroutingprotocol.TheZXR10ZSRV2
supportsthefollowingIPFRR:staticrouteFRR,OSPFFRR,IS-ISFRR,andBGP
FRR.
lMPLSFRRisalocalisedprotectiontechnologyforMPLS-TEnetworks.AftertheFRR
functionisconguredforanLSP ,whenalinkornodeintheprotectedLSPfails,trafc
isreroutedtothestandbylink.FRRisameasurefortemporaryprotection.When
theprotectedlinkisrecoveredoranewLSPisestablished,trafcisreroutedtothe
protectedLSPorthenewLSP .
VRRP
Byprovidingasetofdetectionandcompetitionmechanism,theVRRPprotocolprovides
thegatewaybackupfunctionsinthemulti-addressaccessLAN(suchastheEthernet).
TheVRRPprotocolbacksupgatewayequipmentsintheLANtomaintaintheinterrupted
operationofhostequipmentaccessedintothenetworksystem.Thatis,theVRRPbacks
uptheroutenext-hopequipmentfortheaccessedhostequipment.
TheZXR10ZSRV2supportsthefollowingVRRPfeatures:
lSupportsbasicfunctionsoftheVRRP .
lSupportstheheartbeatlinefunctionoftheVRRP .
lSupportsthebindingoftheVRRPandtheBFDdetection.
lSupportsthebindingoftheVRRPandthePINGdetection.
3-25
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
lSupportsdetectingthestatusofspeciedportsthroughtheVRRP .
lSupportsdetectingkeyrouteinformationthroughtheVRRP .
lSupportsVRRPgroupmanagementfunctionstouniformlyreceiveorsendprotocol
packetsinseveralVRRPgroups.
lSupportstheVRRPMIBfunction.
3.9IPv6Features
3.9.1IPv6BasicFunctions
TheZXR10ZSRV2supportsIPv4/IPv6dual-protocolstacks.
lSupportstheIPv6basicprotocol,IPv6protocol,andtheNeighborDiscoveryprotocol.
lSupportstheTELNET6andtheSSHv6forremoteuserloginandconnection.
lSupportstheTCP6,UDP6andtheSocketIPv6.
lSupportstheIPv6DHCPRelay/ServerandtheDNS6Client.
lSupportsthePMTUdiscoveryfunction.
lSupportsIPv6linkdetectionfunctionssuchasthePing6andtheTrace6.
lSupportstheIPv6ACLfunction.
lSupportstheIPv6QoSfunction.
lSupportssecurityfunctionsuchastheIPv6VRRPandtheIPv6uRPF .
3.9.2IPv6UnicastRoutingProtocols
Overview
TheZXR10ZSRV2supportsunicastroutingprotocolssuchastheIPv6staticroute,RIPng,
OSPFv3,IS-ISv6,BGP4+,andtheIPv6policyroute.
IPv6StaticRoute
TheIPv6staticrouteindicatesthatthenetworkadministratorspeciestheroute
informationintheIPv6routingtablethroughcongurationcommands.Itdoesnotcreate
theroutingtableinaccordancewiththeroutingalgorithminthesamewayastheIPv6
dynamicroute.
Whenthedynamicrouteiscongured,routersneedtofrequentlyexchangeroutingtables
witheachotherandwilleasilybecomeoverloaded.Thestaticroutecanbeusedtosolve
thisproblem.Withthestaticroute,theuseronlyneedstomakefewcongurationstoavoid
usingthedynamicroute.
TheZXR10ZSRV2supportsthecongurationoftheIPv6staticroutebyspecifyingthe
nexthoportheegressinterface.
RIPng
BasedontheUDP ,theRIPngusesport521tosendandreceivedatapackets.
3-26
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
TheZXR10ZSRV2supportstheRIPngbasicprotocol,routesummaryandredistribution,
RIPngrouteloadsharing,RIPngprotocolMIBfunction,RIPngVRFaccessinstance,and
thefunctionofassociatingtheIPv6BFDwiththeRIPng.
OSPFv3
TheOSPFv3isusedtoprovidetheroutingfunctionintheIPv6network.
TheZXR10ZSRV2supportstheOSPFv3basicprotocol,routesummaryand
redistribution,OSPFv3routeloadsharing,OSPFv3authentication,OSPFv3protocolMIB
function,OSPFv3VRFaccessinstance,andthefunctionofassociatingtheIPv6BFD
withtheOSPFv3.
IS-ISv6
TheworkprincipleoftheIS-ISv6issimilartothatoftheIS-ISv4.
TheZXR10ZSRV2supportstheIS-ISv6basicprotocol,routesummaryandredistribution,
IS-ISv6routeloadsharing,IS-ISv6routeltering,IS-ISv6authentication,IS-ISv6protocol
MIBfunction,IS-ISv6VRFaccessinstance,andthefunctionofassociatingtheIPv6BFD
withtheIS-ISv6.
BGP4+
TheBGP4+isanextensionoftheBGPprotocol.Itinheritsthebasicmessageformatof
theBGP4andaddsextendedattributesfortransmittingtheIPv6routinginformation.
TheZXR10ZSRV2supportsthebasicprotocol,routeattributes,routesummary,route
distribution,reector,andalliancefunctionsoftheBGP4+,policylteringofBGP4+routes,
BGP4+routeloadsharing,BGP4+authentication,BGP4+protocolMIBfunction,BGP4+
VRFaccessinstance,andthefunctionofassociatingtheIPv6BFDwiththeBGP4+.
IPv6PolicyRoute
TheconceptandprincipleofthepolicyrouteintheIPv6arethesameasthoseintheIPv4,
exceptthatIPv6addressesandroutesareusedfortheconguration.
3.9.3IPv6MulticastRoutingProtocols
Overview
IPv6multicastisdifferentfromIPv4multicastinthattheIPv6multicastaddressmechanism
isgreatlyenhanced.Butgroupmembermanagement,multicastpacketforwarding,and
multicastrouteestablishmentfunctionsarebasicallythesameasthoseinIPv4multicast.
MLD
TheMLDprotocoloriginatesfromtheIGMPprotocol.TheMLDv1correspondstothe
IGMPv2,andtheMLDv2correspondstotheIGMPv3.
3-27
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
DifferentfromtheIGMPprotocolthatusesthepackettypewiththeIPprotocolnumberof
2,theMLDprotocolusestheICMPv6(withtheIPprotocolnumberof58)packettype,
includingtheMLDquerypacket(type130),MLDv1reportpacket(type131),MLDv1
leavingpacket(type132),andMLDv2reportpacket(type143).TheMLDprotocolandthe
IGMPprotocolhavedifferentpacketformat,buttheirprotocolbehaviorsarecompletely
thesame.
TheZXR10ZSRV2supportstheMLDv1/v2protocol.
IPv6PIM
TheIPv6PIMprotocolisdifferentfromtheIPv4PIMintheIPaddressstructureinthe
packet,butotherprotocolbehaviorsinthemarebasicallythesame.TheIPv6PIMalso
supportstheSM,DM,andSSMmodes.
TheZXR10ZSRV2supportstheIPv6PIM-DM,IPv6PIM-SM,andIPv6Protocol
IndependentMulticast-SourceSpecicMulticast(PIM-SSM)protocols.
3.9.4IPv6TunnelFunctions
Overview
TheZXR10ZSRV2supportsIPv6tunnelprotocols,includingIPv6overIPv4conguration
tunnelandautomatictunnel,IPv4overIPv6tunnel,andISATAPtunnel.
IPv6overIPv4
TheIPv6overIPv4tunnelmechanismencapsulatesIPv4packetheadersbeforeanIPv6
datapacketandpassestheIPv6packetovertheIPv4networkthroughtunnelstoprovide
theinterconnectionofseparatedIPv6networks,seeFigure3-3.
Figure3-3IPv6overIPv4TunnelPrinciple
TheIPv6overIPv4tunnelcanbeestablishedbetweenhosts,fromahosttoanequipment,
fromanequipmenttoahost,orbetweenequipments.Thedestinationofatunnelmaybe
thenaldestinationoftheIPv6packet,ortheIPv6packetcanbefurtherforwarded.In
3-28
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
accordancewiththedifferentwaysofacquiringIPv4addressesonthetunneldestination,
tunnelscanbedividedintocongurationtunnelsandautomatictunnels.
lIfthedestinationaddressofanIPv6overIPv4tunnelcannotbeautomaticallygotfrom
thedestinationaddressoftheIPv6packet,itneedstobemanuallycongured.This
typeoftunneliscalledthecongurationtunnel,suchasthe6in4tunnelandtheGRE
tunnel.
lIftheinterfaceaddressofanIPv6overIPv4tunnelusesthespecialIPv6address
formatwithanIPv4address,theIPv4addressofthetunneldestinationcanbe
automaticallygotfromthedestinationaddressoftheIPv6packet.Thistypeoftunnel
iscalledtheautomatictunnel,suchasthe6to4tunnelandtheISATAPtunnel.
IPv4overIPv6
TheIPv4orIPv6overIPv6tunnelprotocolencapsulatesIPv4orIPv6datapackets,so
thatthedatapacketscanbetransmittedinanotherIPv6network.Theencapsulateddata
packetistheIPv6tunnelpacket,seeFigure3-4.
Figure3-4IPv4overIPv6TunnelPrinciple
ISATAP
TheISATAPcanaccessthedual-stacknodeinsidetheIPv4siteintotheIPv6router
throughtheautomatictunnel,sothatthedual-stacknodethatdoesnotsharethesame
physicalnodewiththeIPv6routercansenddatapacketstotheIPv6nexthopthroughthe
IPv4automatictunnel.
TheISATAPtransitionmechanismusestheIPv6addresswithanIPv4address,sothe
IPv6-in-IPv4automatictunneltechnologyisusedinthesitewithetheraglobalIPv4
addressoraprivateIPv4address.BecausetheISATAPaddressformatusesboththe
siteunicastIPv6addressprexandtheglobalunicastIPv6addressprex,theISATAP
supportsbothsiteandglobalIPv6routes.
3-29
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
3.9.56PEand6VPE
6PE
InanIPv4MPLSnetwork,6PEusesanexistingMPLStointerconnectislandingIPv6
networks.6PEusestheBGP/MPLSVPNprincipletoestablishMP-BGPpeersbetween
PEs.IPv6routesinIPv6sitesaredistributedbetweenthePEs,andpacketsareforwarded
throughIPv4MPLSlabelsintheIPv4network.Inthisway,islandingIPv6networkscan
communicatewitheachother.
6VPE
The6VPEisatechnologyusedtoprovideBGPMPLSVPNservicesintheIPv6user
network.Theworkprincipleofthe6VPEoriginatesfromtheBGPMPLSVPNintheIPv4,
andthe6VPEisanextensionoftheIPv4BGPMPLSVPN.
The6VPEisnotrestrictedtoIPprotocolversionsusedonthebackbonenetwork.This
meansthat,theIPv6VPNtrafcistransmittedthroughIPv6tunnelsorIPv4tunnels.
TheZXR10ZSRV2supportsthe6VPEandsupportstoruntheIPv6staticroute,RIPng,
OSPFv3,IS-ISv6,andEBGPprotocolsbetweenCustomerEdges(CEs)andProvider
Edges(PEs).
3.9.6NAT64
NAT64isanIPv4-IPv6transitiontechnologythroughwhichIPv6hostscanuseIPv4
services.ThekeyofIPv6networktransitionisusers'IPv6transition.NAT64allowsIPv6
userstouseIPv4applicationservices.
NAT64isdenedtobewidelyusedinscenarioswhereIPv6clientsinitiateIPv4service
sessions.ItsimpliesNAT-PTscenarios,andfacilitatesdeployment,operationand
maintenance.
Figure3-5showsaNAT64applicationscenario.
Figure3-5NAT64ApplicationScenario
3-30
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
NAThasthefollowingfeatures:
lAnIPv6hostactivelysendsaconnectionrequesttoanIPv4service.
lTheNAT64unitisseparatedfromtheDNSunit.
NAT64onlysupportssessioninitiatedbyIPv6hostsforIPv4services,andaddress
mappingtoIPv4serveraddressesissimpleinIPv6networks,soitisunnecessary
toperformcomplicatedmanagementforassociationsbetweendomainnames
andaddresses.ThisavoidstheDNSsecurityproblemandDNSSECcompatibility
problem.
lTheDNSneedstosupporttheDNS64function.
TheDNSusedinNAT64mustsupporttheDNS64function,sothatArecordscanbe
translatedintoAAAArecords.WhenthereisnoAAAArecordinthesystem,Arecords
canbequeriedthroughDNSproxy.
TheZXR10ZSRV2supportstheNAT64function.
3.10NAT
NATcantranslateanIPaddressinonenetworktoanotherIPaddressinanothernetwork.
Ingeneral,NATisusedtomaponeaddressusedinaprivatenetworkorintranettoone
ormultipleaddressesusedinapublicnetworkorInternet.
NAThasthefollowingadvantages:
lLimitsthenumberofIPaddressesusedinprivatenetworksthatneedIANA
registration.
lSavesthenumberofglobalIPaddressesneededinprivatenetworks.(Forexample,
oneentitycanuseoneIPaddressforcommunicationintheInternet.)
lMaintainsprivacyofLANs,becauseinternalIPaddressesarenotpublic.
TheZXR10ZSRV2hasthefollowingNATfeatures:
lSupportsin/outsideNAT
lSupportsNAT44andNAT64
lSupportsmulti-egressNAT
lSupportsstaticNATanddynamicNAT
lSupportsmappingmode,lteringmode,andhybridmode
lSupportsPAT
lSupportsALGapplications,includingTCPALG(FTP ,RSTP ,H323,andPPTP),UDP
ALG(DNS,SIP ,andH323),andICMPALG
3.11NetworkManagementFeatures
Overview
TheZTENetNumenTMisanetworkmanagementsystemconstructedonthedata
communicationnetwork,whichperformscentralizedmaintenanceandmanagement
3-31
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
uponvarioustypesofnetworkequipmentinawideareaandcomplicatedapplication
environment.
NetworkManagementNetworkArchitecture
ThefollowingtwonetworkarchitecturescanbeusedbetweentheNetNumenTMnetwork
managementsystemandtheZXR10ZSRV2:
lIn-bandmanagement:Thenetworkmanagementinformationandtheservicedatais
transmittedinthesamechannelwithoutextraDCNnetwork.
lOut-of-bandmanagement:Thenetworkmanagementinformationistransmittedin
thenetworkmanagementnetworkindependentoftheservicedata.SoanextraDCN
networkisrequired.TheNetNumenTMnetworkmanagementsystemisconnectedto
theout-of-bandmanagementportoftheZXR10ZSRV2,sothenetworkinformation
andtheserviceinformationcanbetransmittedseparately.
NetNumenTMNetworkManagementSystem
TheNetNumenTMU31(BN)networkmanagementsystemisauniednetwork
managementsystemdevelopedbyZTEtomanageSynchronousDigitalHierarchy(SDH),
Multi-ServiceTransportPlatform(MSTP),WavelengthDivisionMultiplexing(WDM),
PacketTransportNetwork(PTN),OpticalTransportNetwork(OTN),andIPequipment
(routersandswitches).ItcoversmanagementlayersincludingNEmanagement,network
management,andservicemanagement.
TheNetNumenTMU31(BN)networkmanagementsystemprovidesthefollowingfunctions:
lFaultmanagement:ensuresthestableoperationofthenetwork.
lPerformancemanagement:enablestheusertohaveacompleteunderstandingof
servicesituationsinthenetwork.
lResourcemanagement:ensuresthatnetworkresourcesareutilizedproperly.
lViewmanagement:ensuresthattheuserhaveaclearviewofthenetworkoperational
status.
lCongurationmanagement:providesfastservicedeployment.
lSecuritymanagement:guaranteesnetworksecurity.
lNorthboundinterface:supportsthird-partysystemintegration.
Netow
TheNetowtechnologycanquicklydistinguishdifferenttypesofserviceowstransmitted
inthenetworkbyanalyzingattributesofIPdatapackets.TheNetowseparatelytraces
andaccuratelymeasureseachdataowthatisdistinguishedout,recordsitsowattributes
suchasthetransmissiondirectionanddestination,countsitsstartingtime,endingtime,
servicetype,andtrafcinformationsuchasthenumberofdatapacketsandbytesincluded
inthisow.TheNetowoutputstheoriginalrecordsofthecollecteddataowtrafcand
owdirectioninformationatregularintervals,automaticallysummarizesoriginalrecords,
andoutputsthestatisticalresults.
TheZXR10ZSRV2supportsthefollowingNetowfeatures:
3-32
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
lComplieswiththemainstreamv5,v8,andv9packetformatsintheindustry.
lSupportssendingpacketstotheserverinIPv4/UDPmode.
lSupportsthemodeofinitiallyreportingpackets.
lSupportsthecongurationofactiveandinactiveagingperiodsinthecache.
lSupportsmultipleservers.
lsupportsrandomsamplingbyow.
lSupportsthecongurationofinterfacetrafcsamplingrates.
lSupportstheNetowsamplingfunctiononphysicalinterfacesandsub-interfaces.
lSupportsseparatesamplingintheingressandegressdirectionsofaninterface.
lSupportsindependentsamplingofmultipleservicesinonedirection,suchasunicast,
multicast,andMPLS.
lSupportssamplingratesrangingfrom65535:1to1:1.
NetworkLayerDetection
TheZXR10ZSRV2providesseveralnetwork-layerdetectionfunctionsbasedonPing
andTracefunctions,suchasIPPing,IPTrace,LSPPing,LSPTrace,multicastPing,and
multicastTrace.
3.12SystemOperationandMaintenance
MultipleCongurationModes
TheZXR10ZSRV2providesmultipleequipmentloginandcongurationmodesforthe
usertoselecttheappropriateconnectioncongurationmodeasneeded.
lCongurationthroughtheserialportconnection
lCongurationthroughtheT elnetconnection
lCongurationthroughtheSSHprotocolconnection
lCongurationthroughtheSNMPconnection
lVersionupgradethroughUSB
lDHCPautomaticconguration
lIn-batchversionupgradethroughNMS
SystemMonitoring,ManagementandMaintenance
TheZXR10ZSRV2supportsequipmentmonitoring,management,andmaintenance
inseveralmodes,sotheequipmentcanperformthecorrespondingtroubleshooting
undereachabnormalsituationandprovideuserswithparametersduringtheequipment
operationprocess.
Equipmentmonitoringfunctionsinclude:
lThereareindicatorsonthepowermodule,thefanmodule,themaincontrolmodule,
andeachinterfaceboard,toindicatetheoperationalstateofparts.
lThefanmoduleperformsfanmonitoringtodetectthefanexistencestatusinformation
andadjustthefanspeedintelligently.
3-33
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
lThepowermodulefunctionprovidestheexistenceinformation,statusinformation,
powerinformation,andtheAC/DCinformationofthepowermodule.
lWhenthefanmodule,thepowermodule,orthetemperaturebecomesabnormal,the
systemraisessoundalarmsandalarmpromptsonthesoftware.
lThenetworkmanagementsystemcollectstemperatureindistributedmodetomonitor
thetemperatureofeachboard.
lHot-pluggingeventsandswitchovereventsonthemaincontrolboardarerecorded
foruserstoquery.
lThenetworkmanagementsystemautomaticallychecksversioncompatibilityduring
thesystemoperatingprocess.
lThenetworkmanagementsystemmonitorstheoperationalstateofthesoftware.
Iftheproperoperationoftheequipmentisaffectedduetoabnormalsituations,the
systemrestartsthelineinterfaceboardorswitchesovertheactive/standbymain
controlboards.
Equipmentmanagementandmaintenancefunctionsinclude:
lThesystemprovidesexibleonlinehelpinCLImode.
lThesystemsupportsoperationsbyseveraluserssimultaneously.Theoperatorcan
specifywhethertoallowthisfunctionthroughthecorrespondingcommand.
lThesystemprovidesmultileveluserpermissionmanagementfunctionsand
automaticallyrecordsuseroperationlogs.
lThesystemprovidestheuniedmanagementoflog,alarmanddebugginginformation
intheinformationcenter.
lThesystemprovidestheCLImodeforuserstoquerythebasicinformationofeach
maincontrolboard,interfaceboard,andopticalmodule.
lThesystemenablestheusertologinthroughtheconsoleportwithorwithout
specifyingtheusernameandpassword.
lThesystemprovidesthequeryofseveralinformationitems,includingthesoftware
versioninformation,partsstatus,environmenttemperature,CPUoccupancy,and
memoryoccupancy.
lThepasswordsofnormaluserscanbedisplayedinexplicittextsorinencryptedmode.
lThesystemprovideslayeredmanagementofequipmentalarms,supportsalarm
classicationandalarmlteringfunctions,andcanoutputalarmstotheremote
server.
DiagnosisandDebugging
TheZXR10ZSRV2providesseveraldiagnosisanddebuggingmethodsforusersto
getmoredebugginginformationthroughmoremethodsduringequipmentdebugging.
TheZXR10ZSRV2supportsthededicateddiagnosisanddebuggingcommandmode,
andsupportscompleteequipmentdiagnosisandtestingfunctions.Theusercandetect
theequipmentatanytimeandremotelyidentifythecausewhenafaultoccursonthe
equipment.
TheZXR10ZSRV2supportsthefollowingdiagnosisanddebuggingmodes:
lDetectingtheoperationalstatusoftheequipment
3-34
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter3FunctionsandFeatures
lPerformingthePingandTraceRoutefunctions
lDebugging
3-35
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Thispageintentionallyleftblank.
3-36
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter4
NetworkApplications
TheZXR10ZSRV2canbeusedasanegressgatewayinenterprisenetworks,andusedin
enterpriseheadquartersandbranchaccessnetworks,convergenceandaccessnetworks
ofverticalindustrialnetworks,andtelecomoperators'CPEandDCNnetworks.
TableofContents
ApplicationScenarioofAccessNetworksofEnterpriseHeadquartersandBranches.4-1
ApplicationScenarioofEgressGatewaysinEnterpriseNetworks..............................4-2
ApplicationScenarioofConvergenceandAccessNetworksofIndustryNetworks.....4-4
ApplicationScenarioofTelecomOperators'DCNNetworks.......................................4-5
4.1ApplicationScenarioofAccessNetworksof
EnterpriseHeadquartersandBranches
Asarouterinaccessnetworksofheadquartersandbranchesinsmall/medium-size
enterprises,theZXR10ZSRV2providesbothnetworkconnectionsforNEsinside
enterprises,andaccesstoexternalWANsandenterpriseVPNs,thusensuringthat
enterpriseuserscanaccessboththeInternetandenterprisenetworksrapidly,securely
andreliably.
Figure4-1showsatypicalaccessnetworkofenterpriseheadquartersandbranches.
4-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Figure4-1AccessNetworkofHeadquartersandBranchesofaSmall/Medium-Size
Enterprise
AsshowninFigure4-1,theZXR10ZSRV2providesthefollowingfunctions:
lThroughWi-Ficonnections,high-densityL2/L3Ethernetboards,orconnected
switches,theZXR10ZSRV2canconnecttoIPnetworkdevicesinsideenterprises,
suchasPCs,printers,andservers.
lThroughmultiplewired/wirelesslinks,theZXR10ZSRV2canperformactive/standby
switchoverorloadbalancing,thusimprovingbothnetworkavailabilityandnetwork
bandwidthusagethroughtheintelligentroutingtechnology.
lByusingVPNtechnologies,suchasIPSec,GRE,andMPLSVPN,theZXR10ZSR
V2ensuressecureaccessbetweenbranchesandtheheadquartersofanenterprise.
4.2ApplicationScenarioofEgressGatewaysin
EnterpriseNetworks
Asanegressgatewayinsmall/medium-sizeenterprisenetworks,small/medium-size
campusnetworks,andotherspecializednetworks,theZXR10ZSRV2providesboth
networkconnectionsforinternalNEsandhigh-speedInternetaccess.
Figure4-2showsthetypicalnetworkarchitectureofanegressgatewayinanenterprise
network.
4-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter4NetworkApplications
Figure4-2NetworkArchitectureofanEgressGatewayinanEnterpriseNetwork
Abbreviationsintheabovegurearedescribedbelow:
3G/LTE3rdgenerationmobilecommunications/LongT ermEvolution(4G,4th
generationmobilecommunications)
Copper/FiberCoppercable/Opticalber
SR/BRASServiceRouter/BroadbandRemoteAccessServer
ISPInternetServiceProvider
xDSL/xPONDigitalSubscriberLineofalltypes/new-generationPassiveOptical
Network
AsshowninFigure4-2,theZXR10ZSRV2providesthefollowingfunctions:
lThroughWi-Ficonnections,high-densityL2/L3Ethernetboards,orconnected
switches,theZXR10ZSRV2,asegressgatewaysinsmall/medium–sizeenterprise
networks,canconnecttoIPnetworkdevicesinsideenterprises,suchasPCs,
printers,andservers.
lTheZXR10ZSRV2providesabundantwired/wirelessinterfaces,includingE1port,
serialport,Ethernetport,andPOS,xDSL,and3G/4Ginterfaces,thusensuringthat
theaccessofbranchnetworksisnotrestrictedbygeographicalenvironments.
lThroughmultiplelinks,theZXR10ZSRV2canperformactive/standbyswitchover
orloadbalancing,thusimprovingbothnetworkavailabilityandnetworkbandwidth
usage.
4-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
lByintegratingmultiplefunctionsofhigh-performanceNAT s,rewalls,APs,and
switches,theZXR10ZSRV2ensuresbothsecureaccessauthenticationforinternal
usersandsecureaccesstoexternalnetworks.
4.3ApplicationScenarioofConvergenceandAccess
NetworksofIndustryNetworks
TheZXR10ZSRV2canbeappliedintheconvergenceandaccesslayerofavertical
industrialnetwork,suchasthepower,government,andnanceindustrynetworks.As
showninFigure4-3,L3andL4networksformanetworkarchitecturetogetherwith
medium/high-endroutersinL1andL2networks(suchastheZXR10M6000andZXR10
6800seriesrouters),thusforminganoverallsolutionfromthecorelayer,convergence
layertotheaccesslayer.
Figure4-3ConvergenceandAccessNetworksofanIndustryNetwork
Abbreviationsintheabovegurearedescribedbelow:
P/PE/CEProviderrouter/ProviderEdgerouter/CustomerEdgerouter
RRRouterReector
AsshowninFigure4-3,theZXR10ZSRV2providesthefollowingfunctions:
4-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter4NetworkApplications
lTheZXR10ZSRV2,togetherwithmedium/high-endrouters,buildsindustry
networks.ByenablingL2/L3MPLSVPN,theZXR10ZSRV2achievessecure
separationbetweenservicesystemsinsideenterprises.
lTheZXR10ZSRV2supportshigh-densityE1,CPOS3,andPOS3/POS12interfaces,
andthuscansatisfyconvergenceandaccessrequirementsofdifferentlayersin
industrynetworks.
4.4ApplicationScenarioofTelecomOperators'DCN
Networks
Asthetransmissionchannelsandcommunicationplatformsfortelecomservices,business
operations,billingservices,NMdatatransmission,andmultimediacommunications,
telecomoperators'DCNnetworksenableinformationalandautomatedsupervision,
management,maintenance,anddecisionmakingupontelecomnetworks.
TheZXR10ZSRV2canbeappliedinDCNnetworks,toconnectNEsintelecomoperators'
networks,providechannelsormanagement,maintenance,operation,andinternalofce
ofallNEs,andsupportservicedeployment.
Figure4-4showsatypicalDCNnetworkofatelecomoperator.
Figure4-4TelecomOperator'sDCNNetwork
4-5
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Abbreviationsintheabovegurearedescribedbelow:
PEProviderEdgerouter
MSSManagementSupportSystem
BSSBusinessSupportSystem
OSSOperationSupportSystem
AsshowninFigure4-4,theZXR10ZSRV2providesthefollowingfunctions:
lAstheaccessrouter,theZXR10ZSRV2,togetherwithothermedium/high-end
routers,providestheMPLSVPNfunction,thusachievingsecureseparationbetween
servicesystems.
lTheZXR10ZSRV2providesreverseT elnet/SSHfunctions.TheZXR10ZSR
V2connectstotheConsolemanagementportofaterminaldevicethroughits
asynchronousserialport,andprovidescentralizedmanagementupontheterminal
devicethroughthereverseT elnettechnology.
4-6
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter5
TechnicalIndexes
ForthehardwarefeaturesoftheZXR10ZSRV2seriesproducts,refertoTable5-1.
Table5-1HardwareFeatures
ParameterZXR101800-
2S/2S(G)/2S(W)
ZXR10
1800-2E
ZXR10
2800-3E
ZXR10
2800-4
ZXR10
3800-8
Dimension
(W×H×D)
380mm×43.6mm
×200mm
442mm×44mm×440mm442mm×80.1
mm×200mm
442mm×132
mm×200mm
Numberof
SPIUslots
22324
Numberof
PIU/DPIU
slots
001/12/14/2
Fixed
interface
2GECombo
interfacesand
4GERJ45
interfaces
2S(W):Wi-Fi
interface
2S(G):3G/LTE
interface
WAN:2×GEComboports
LAN:24×GE
MPFUA:2GECombo
interfacesand4GERJ45
interfaces
MPFUBandMPFUC:4GE
Combointerfacesand2GE
RJ45interfaces
Memory2GB2GB2GB2GB2GB
Flash2GB1GB4GB4GB4GB
USB2.02USBports,
supporting3G
extensionand
commissioning
throughUSB
2USBports,
supporting
commission-
ingthrough
USB
2USBports,
supporting
commission-
ingthrough
USB
2USBports,
supporting3G
extensionand
commission-
ingthrough
USB
2USBports,
supporting3G
extensionand
commission-
ingthrough
USB
MicroUSB11100
CONSOLE11111
AUX11111
5-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
ParameterZXR101800-
2S/2S(G)/2S(W)
ZXR10
1800-2E
ZXR10
2800-3E
ZXR10
2800-4
ZXR10
3800-8
Interface
type
GE/FE,E1/CE1,
V.35/V.24
GE/FE,
E1/CE1,V.35/
V.24
GE/FE,
E1/CE1,
STM-1
POS/CPOS,
OC-12/STM-4
POS,
ADSL/VDSL,
G.SHDSL,
V.35/V.24,
3G/LTE
10GE/GE/FE,E1/CE1,
OC-3/STM-1POS/CPOS,
OC-12/STM-4POS,
ADSL/VDSL,G.SHDSL,
V.35/V.24,3G/LTE
Power
supply
AC:100Vto240
V
DC:-72Vto-38V
AC:100Vto240V
DC:-72Vto-38V
Supports1+1redundancy,andsupportsACandDChybrid
powersupply
Maximum
power
<55W<80W<120W<160W<240W
Operational
temperature
-5ºCto45ºC
Storage
temperature
-40ºCto70ºC
Operational
humidity
5%–95%(noncondensing)
Storage
humidity
5%–95%(noncondensing)
MTBF/M-
TTR
MTBF:100000h
MTTR:0.5h
ForthesoftwarefeaturesoftheZXR10ZSRV2seriesproducts,refertoT able5-2.
Table5-2SoftwareFeatures
FeatureDescription
Supported
protocols
L2protocols:MACmanagement,VLAN,QinQ,SuperVLAN,Smartgroup,PPP ,
PPPoE,HDLC,FR,and802.1x
IPv4/IPv6routingprotocols:staticroutes,RIP/RIPng,OSPF/OSPFv3,
IS-IS/IS-ISv6,andBGPv4/BGP4+
Multicastprotocols:staticmulticast,IGMPv1/v2/v3,PIM-DM,PIM-SM,
PIM-SSM,MSDP ,PIM-SSMmapping,andMLDv1/v2
DHCP:DHCPv4/v6Relay,DHCPv4/v6Server,andDHCPv4/v6Snooping
5-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Chapter5T echnicalIndexes
FeatureDescription
MPLSfeaturesSupportsLDP ,MPLSloadsharing,andRSVP-TE
SupportsMPLSL2/3VPN,PWE3,Inter-ASOptionA/B/C,and6VPE
VPNfeaturesSupportsVPWS,VPLS,HVPLS,6VPE,GRE,andIPSec
Transition
technologies
Supports6PE,6VPE,6in4,6to4,4in6,NAT444,NAT64,and6RD
NATfeaturesSupportsstaticNAT ,dynamicNAT ,PAT ,multi-egressNAT ,NATALG,and
NATlog
QoSfeaturesSupportsH-QoS,QPPB,andtime-rangeQoS
Supportsowclass,marking,priorityinheritanceandmapping,trafcshaping,
andtrafcratelimit
SupportsPQ,CQ,WFQ,CBWFQ,andphysicalportbasedtrafcscheduling
3G/LTEfeaturesSupportsTD-SCDMAandWCDMA/HSPA+
SupportsTDDandFDDLTE
SecurityfeaturesSupportsstatefulrewall,control-planesecurity,CPUsecurityprotection,
anti-DoS,anti-DDoS,routesecurity,andIPSecencryption
SupportsMACandIPbinding,anti-ARPattack,MACaddressltering,control
ofthenumberofMACaddresses,andcontrolofthenumberofTCPsessions
SupportsRADIUS/TACACS+authentication,uRPF ,andSSH
ReliabilityfeaturesSupportspowersupplymoduleredundancy,andhotswappingforpower
supplymodules,fanmodules,andboards
SupportsBFDforeverything,VRRP ,linkaggregationFRR,PWredundancy,
SDC,andlinkredundancy
OAMfeaturesSupportsEthernetOAM,MPLSOAM,andSQA
SupportscommissioningthroughUSB,in-batchmanagement,temperature
monitoring,automaticfanspeedadjustment,portmirroring,NetFlowV5/V9,
andNetow1:1sampling
SupportsWEBportal,SNMPv1/v2/v3,T elnet,SSHv1/v2,SYSLOG,andRMON
5-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
Thispageintentionallyleftblank.
5-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Figures
Figure1-1ExternalViewsoftheZXR10ZSRV2SeriesProducts............................1-2
Figure2-1MainComponentsontheFrontSideoftheZXR103800-8chassis...........2-1
Figure2-2FrontViewoftheZXR103800-8chassis................................................2-2
Figure2-3MainComponentsontheFrontSideoftheZXR102800-4chassis...........2-2
Figure2-4FrontViewoftheZXR102800-4chassis................................................2-2
Figure2-5MainComponentsontheFrontSideoftheZXR101800-2S
chassis...................................................................................................2-3
Figure2-6MainComponentsontheFrontSideoftheZXR101800-2S
chassis...................................................................................................2-3
Figure2-7MainComponentsontheBackSideoftheZXR101800-2S
chassis...................................................................................................2-3
Figure2-8ZXR102800-3EAppearance...................................................................2-4
Figure2-9ZXR102800-3EFrontView.....................................................................2-4
Figure2-10ZXR102800-3EBackView....................................................................2-4
Figure2-11ZXR101800-2EAppearance................................................................2-5
Figure2-12ZXR101800-2EFrontView...................................................................2-5
Figure2-13ZXR101800-2EBackView....................................................................2-5
Figure2-14ZXR10ZSRV2OverallSoftwareStructure............................................2-8
Figure3-1IPSecNAT.............................................................................................3-13
Figure3-2GREOverIPSecVPN...........................................................................3-13
Figure3-3IPv6overIPv4TunnelPrinciple.............................................................3-28
Figure3-4IPv4overIPv6TunnelPrinciple.............................................................3-29
Figure3-5NAT64ApplicationScenario...................................................................3-30
Figure4-1AccessNetworkofHeadquartersandBranchesofaSmall/Medium-Size
Enterprise...............................................................................................4-2
Figure4-2NetworkArchitectureofanEgressGatewayinanEnterprise
Network..................................................................................................4-3
Figure4-3ConvergenceandAccessNetworksofanIndustryNetwork.....................4-4
Figure4-4T elecomOperator'sDCNNetwork..........................................................4-5
I
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Figures
Thispageintentionallyleftblank.
II
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Tables
Table5-1HardwareFeatures....................................................................................5-1
Table5-2SoftwareFeatures.....................................................................................5-2
III
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Tables
Thispageintentionallyleftblank.
IV
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Glossary
AAA
-Authentication,AuthorizationandAccounting
AH
-AuthenticationHeader
ARP
-AddressResolutionProtocol
AS
-AutonomousSystem
CE
-CustomerEdge
CHAP
-ChallengeHandshakeAuthenticationProtocol
CLNS
-ConnectionLessNetworkService
CPE
-CustomerPremisesEquipment
DCE
-DataCommunicationEquipment
DCN
-DataCommunicationsNetwork
DH
-Dife-Hellman
DHCP
-DynamicHostCongurationProtocol
DLCI
-DataLinkConnectionIdentier
DMZ
-DemilitarizedZone
DTE
-DataT erminalEquipment
ESP
-EncapsulationSecurityPayload
FMC
-FixedMobileConvergence
V
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
FR
-FrameRelay
FTP
-FileTransferProtocol
H-VPLS
-HierarchyofVPLS
HDLC
-High-levelDataLinkControl
IANA
-InternetAssignedNumberAuthority
IETF
-InternetEngineeringT askForce
IGMP
-InternetGroupManagementProtocol
IGP
-InteriorGatewayProtocol
IP
-InternetProtocol
IPCP
-IPControlProtocol
ISO
-InternationalOrganizationforStandardization
LCP
-LinkControlProtocol
LSA
-LinkStateAdvertisement
LSR
-LabelSwitchRouter
MBB
-MakeBeforeBreak
MD5
-MessageDigest5Algorithm
MIB
-ManagementInformationBase
MSTP
-Multi-ServiceTransportPlatform
NAT
-NetworkAddressTranslation
VI
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Glossary
NCP
-NetworkControlProtocol
NSSA
-Not-So-StubbyArea
OSI
-OpenSystemInterconnection
OTN
-OpticalTransportNetwork
PAP
-PasswordAuthenticationProtocol
PC
-PersonalComputer
PE
-ProviderEdge
PFS
-PerfectForwardSecrecy
PIM-SSM
-ProtocolIndependentMulticast-SourceSpecicMulticast
PTN
-PacketTransportNetwork
PVC
-PermanentVirtualCircuit
PW
-PseudoWire
RIP
-RoutingInformationProtocol
RPF
-ReversePathForwarding
RSVP-TE
-ResourceReservationProtocol-TrafcEngineering
SDH
-SynchronousDigitalHierarchy
SLA
-ServiceLevelAgreement
SSH
-SecureShell
SVC
-SwitchedVirtualCircuit
VII
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
ZXR10ZSRV2ProductDescription
SrTCM
-Single-rateThreeColorMarker
TCP
-TransmissionControlProtocol
TFTP
-TrivialFileTransferProtocol
TLV
-T ag,Length,Value
ToS
-TypeofService
TrTCM
-Two-rateThreeColorMarker
UDP
-UserDatagramProtocol
VC
-VirtualCircuit
VCCV
-VirtualCircuitConnectivityVerication
VPN
-VirtualPrivateNetwork
WAN
-WideAreaNetwork
WDM
-WavelengthDivisionMultiplexing
WFQ
-WeightedFairQueuing
VIII
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential

Navigation menu