[PPT] - H3C S5500-EI 10G IPv6 Switches Content Introduction Highlight PowerPoint Presentation

SLIDE 1

H3C S5500-EI 10G IPv6 Switches

SLIDE 2 www.h3c.com.cn 2

Content Introduction Highlight Features Typical Solutions

SLIDE 3 www.h3c.com.cn 3

Content Introduction Highlight Features Typical Solutions

SLIDE 4 www.h3c.com.cn 4

Switch Capacity:128Gbps / Throughput 95.2Mpps
IPv4/IPv6 dual stack and hardware forwarding
L3+ function: Static Routing, RIP, OSPF, BGP
Full wire speed GE ports and 10GE uplink
PoE (S5500-28C-PWR-SI)

24×10/100/1000Base-T Port 4×1000 Base-X SFP (combo) Console Port AC Power Connector DC Power Connector (non-PoE) 2 Extended slots Highlights

S5500-28C-SI / S5500-28C-PWR-SI

Hardware Specification

SLIDE 5 www.h3c.com.cn 5

S5500-52C-SI / S5500-52C-PWR-SI

48×10/100/1000Base-T Port 4×1000 Base-X SFP (combo) Console Port AC Power Connector DC Power Connector (PoE) 2 Extended slots

Switch Capacity:176Gbps / Throughput 130.9Mpps
IPv4/IPv6 dual stack and hardware forwarding
L3+ function: Static Routing, RIP, OSPF, BGP
Full wire speed GE ports and 10GE uplink
PoE(S5500-52C-PWR-SI)

Highlights

Hardware Specification

SLIDE 6 www.h3c.com.cn 6

S5500-28F-EI

8 x 10/100/100Base-T Port (combo) 24 x 1000Base-X SFP Port Highlights

Hardware Specification

Console Port Modular power slots (AC/DC) 2 Extended slots Modular power slots (AC/DC)

Switch Capacity:128Gbps / Throughput 95.2Mpps
IPv4/IPv6 dual stack and hardware forwarding
L3+ function: Static Routing, RIP, OSPF, BGP
Full wire speed GE ports and 10GE uplink

SLIDE 7 www.h3c.com.cn 7

Content Introduction Highlight Features Typical Solutions

SLIDE 8 www.h3c.com.cn 8  SNMPv1/v2/v3  sFlow  VCT, DLDP  LDT  4K L2-L4 hardware based ACL  Ingress and EGRESS ACL  VLAN and port based ACL  uRPF  ARP detection  RRPP (Rapid Ring Network Protect Protocol)  SMARTLINK  VRRP  Redundant power supply  Up to 4 10GE uplinks  128G/176G switching capacity  Full wire speed L2/L3 switching and forwarding  32K MAC, 12K routing table  IPv4/IPv6 dual stack  RIP, OSPF, BGP, RIPng, OSPFv3, BGP4+  IGMP, PIM SM/DM, MLD, PIM6 SM/DM  IPv4/IPv6 Policy Based Routing  IPv6 Ready phase-II certification

S5500-EI

Highlights of S5500-EI

Performance IPv6 Securit y Reliability Management & Maintenance

SLIDE 9 www.h3c.com.cn 9

Benefits From IPv6

Lower network administration costs:

The auto-configuration and hierarchical addressing features of IPv6 will make networks easy to manage.

Optimized for next generation networks:

Getting rid of NAT re-enables the peer-to-peer model and helps in deploying new applications. E.g. communications and mobility solutions such as VoIP

Protection of company assets:

Integrated IPSEC makes IPv6 inherently secure and provides for a unified security strategy for the entire network.

Investment protection:

The transition and translation suite of protocols helps in easy and planned migration from IPv4 and IPv6, while allowing for co-existence in the transition phase.

SLIDE 10 www.h3c.com.cn 10

IPv6 Protocols & Applications

IPv4 Static Routing IPv6 Static Routing RIPv1/RIPv2 RIPng OSPF v1/v2 OSPF v3 BGP4 BGP4+ for IPv6 VRRP VRRP v3 Policy based routing IPv6 policy based routing IGMP-snooping MLD-snooping IGMP MLD PIM SM/DM PIM6 SM/DM Telnet Telnet6 Ping Ping6 TFTP TFTP6 DNS DNS6

IPv4/IPv6 Routing & Multicast Protocols IPv4/IPv6 Applications

SLIDE 11 www.h3c.com.cn 11 IPv6 IPv6 IPv6 Header IPv6 Data IPv6 Header IPv6 Data IPv4 Header IPv6 Header IPv6 Data Dual Stack Router IPv6 Host IPv6 Host Tunnel Dual Stack Router Network Network IPv4 Network

S5500-EI supports the following tunneling types:

Manual Tunnel
6 to 4 Tunnel
ISATAP Tunnel

IPv6 Tunnel

SLIDE 12 www.h3c.com.cn 12

S5500-EI VOD Server

Video stream

S5500-EI VOD Server

Video stream Multicast Group member Non-Multicast Group member Non-Multicast Group member Multicast Group member Non-Multicast Group member Non-Multicast Group member Multicast Router Multicast Router Multicast packet transmission without MLD snooping Multicast packet transmission when MLD snooping runs

IPv6 Multicast

SLIDE 13 www.h3c.com.cn 13

Bi-directional ACL

Support not only common ingress ACL, but also EGRESS ACL, which brings two advantages to users:

Simplify configuration and improve the network convenience;
Save ACL hardware resource

UserG rGrou roup p A UserG rGrou roup p B Other erUse Users rs Serve verFa rFarm A rm A Serve verFa rFarm B rm B

SLIDE 14 www.h3c.com.cn 14

Bi-directional ACL

Serve verFa rFarm A rm A Serve verFa rFarm B rm B

ServerFarm A: ServerFarm A: Only permit Only permit UserGroup A UserGroup A & & UserGroup UserGroup B, and B, and deny all deny all others

thers

ServerFarm B: ServerFarm B: Only deny UserGroup Only deny UserGroup B，and permit and permit all others all others

UserG rGrou roup p A UserG rGrou roup p B Other erUse Users rs

Without Egress ACL, users have to configure complicated Egress policy to realize the function; with the expand of network scale, the network configuration process will become more and more complicated and difficult, and there must be more and more configuration errors can’t be avoid

Port A t A: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any Port B t B: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any Port C t C: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any

SLIDE 15 www.h3c.com.cn 15

Bi-directional ACL

Serve verFa rFarm A rm A Serve verFa rFarm B rm B

Without Egress ACL, once the network topology got changed, all the current configuration need to be designed again, which does brings great risks

UserG rGrou roup p A UserG rGrou roup p B Other erUse Users rs UserG rGrou roup p C Port A t A: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any Port B t B: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any Port C t C: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any



SLIDE 16 www.h3c.com.cn 16

Bi-directional ACL

Serve verFa rFarm A rm A Serve verFa rFarm B rm B UserG rGrou roup p A UserG rGrou roup p B Other erUse Users rs

ServerFarm A: ServerFarm A: Only permit Only permit UserGroup A UserGroup A & & UserGroup UserGroup B, and B, and deny all deny all others

thers
Simplify ACL configuration process
Save ACL hardware resource

ServerFarm B: ServerFarm B: Only deny UserGroup Only deny UserGroup B, B, and and permit permit all others all others Port A: Port A: Permit UserGroup A/B Permit UserGroup A/B To To ServerFarm A ServerFarm A Deny Any Deny Any Port B: Port B: Deny Deny UserGroup B UserGroup B To To ServerFarm B ServerFarm B Permit Any Permit Any

SLIDE 17 www.h3c.com.cn 17

VLAN Based ACL

Traditional ACL policy is configured based on port, so users have to configure

ACL policy on all ports one by one;

S5500-EI supports VLAN based ACL policy. Therefore users can define ACL

policy easily and flexibly Traditional port based ACL:

# Interface Port 1> Deny ftp Permit any # Interface Port 2> Deny ftp Permit any # Interface Port 3> Deny ftp Permit any # Interface Port 3> Deny ftp Permit any # …

VLAN based ACL VLAN based ACL

# Vlan 100> Deny ftp Permit any #

SLIDE 18 www.h3c.com.cn 18 Metro Ethernet Network AMG CE LSW DSLAM I P/ MPLS Core A B C Active Link Backup Link

 Suitable for dual uplink circumstances, better than Spanning tree technology for brings higher reliability to the network;  Working in the active/standby mode, once active link gets failed, standby link will be enabled, and the recovery time is less than 50ms;

S7800 Backup Link Active Link Blocking Blocking S7800 S7800

Smart Link

SLIDE 19 www.h3c.com.cn 19 Major Ring Sub Ring Master Edge Transit Transit Master Major Control VLAN Secondary Control VLAN S5500-EI S5500-EI

 High performance price ratio RING network solution  High reliability with 50ms recovery time

RRPP (Rapid Ring Network Protec)

SLIDE 20 www.h3c.com.cn 20

N：4 Port Mirroring

For most switch products, one source port can only be mirrored to one

target port traffic monitoring

S5500-EI supports N:4 port mirroring, so that one port can be mirrored

to up to 4 target ports, that means multi actions can be done at the same time, such as IPS, IDS, Netstream, and activity monitoring

S5500-EI

IDS Netstream Activity monitoring IPS

SLIDE 21 www.h3c.com.cn 21

VCT – Virtual Cable Test

VCT (Virtual Cable Test) testing items include: whether short or

pen circuit exists in the Rx/Tx

direction of the cable, and what is the length of the cable in normal status or the length from the port to the fault point of the cable.

X

S5500-EI S3100 [S5500-Ethernet0/4]virtual-cable-test

Cable pair: RX Status:Open Cable Error lenth:5 metres Cable pair: TX Status:Open Cable Error lenth:5 metres

SLIDE 22 www.h3c.com.cn 22

LDT: Loopback Detection

Loopback Detection is used to monitoring the network to avoid loop, which may bring broadcast storm to influence the common network application [S5500-EI]loopback-detection enable [S5500-EI]display loopback-detection

Port loopback-detection is running System Loopback-detection is running Detection interval time is 30 seconds Loopback link is Dectected The Loopback link is Port 3

SLIDE 23 www.h3c.com.cn 23

S5500-EI can provide power to those powered devices including wireless AP, IP Phone, web camera over the unified Ethernet.

Support IEEE 802.3af standard, providing maximum 15.4w to each port
Support THREE levels of power provide: critical/high/low
Equipped with 370w high power supply to cover maximum 24 ports powered

devices

PD switch AP S5500-EI PD: Powered Device AP: Access Point Power over Ethernet

Power Over Ethernet (POE)

SLIDE 24 www.h3c.com.cn 24

Voice VLAN

Benefits:

✔ Guarantee the QoS of voice data ✔ Improve the security Voice Queue Data Queue 1 Data Queue 2

1. Mac address 00E0-BB00-0000 mask ffff-ff00-0000
2. Ah! It is an IP Phone of Vendor A, B, C……( Totally, 16 Vendors)
3. Put the traffic from IP Phone into Voice VLAN automatically
4. Other traffic will be processed with lower priority

Voice Data Other Data

SLIDE 25 www.h3c.com.cn 25

Content Introduction Highlight Features Typical Solutions

SLIDE 26 www.h3c.com.cn 26

10 GE 10 GE GE

CAMS NMS Server Farm Firewall S9500/S7500 S9500/S7500 S5500-EI S5500-EI GE GE GE GE S3600 S3600 S3600 S3600 S5100 S5100 GE GE GE GE S3600 S3600 S3600 S3600 S5500-EI S5500-EI GE GE GE GE S3600 S3600 S3600 S3600

Aggregation of Large Enterprise Network

SLIDE 27 www.h3c.com.cn 27 S5500-SI S5500-SI GE PoE GE GE PoE

10 GE GE

CAMS NMS Server Farm Firewall S5500-EI S5500-EI S5500-SI S5500-SI GE GE GE PoE GE S5100-SI S5100-SI GE PoE GE GE PoE

Core of Mid-to-small sized Network

SLIDE 28 www.h3c.com.cn 28

S5500-EI IPv6 组网方案

IPv4 Network

IPv6 Enterprise Users IPv6 Users WLAN

IPv6 Network

Dual-Stack Access Dual-Stack Access Mobile Network IPv4 Access IPv6 IDC Network Manager IPv6 Mobile Terminal IPv6 Island

IPv4 Internet

IPv6 Internet IPv6 Over IPv4 Tunnel IPv6 Access IPv6 Access IPv4 User IPv6 Link 6to4 Relay S5500-EI S5500-EI S5500-EI S5500-EI

IPv6/IPv4 Hybrid Network

SLIDE 29

杭州华三通信技术有限公司 www.h3c.com.cn