H3C S5500-SI System Description ISSUE 2.0 Date Hangzhou H3C - - PowerPoint PPT Presentation

H3C S5500-SI System Description

ISSUE 2.0

Date： Hangzhou H3C Technologies Co., Ltd.

 Impelling 1000M desktop connection demands  Development of IPV6 applications  New-generation full 1000M IPv4/IPv6 dual-stack switch

Review

 Understand S5500-SI configuration and hardware structure  Comprehend S5500-SI software features  Master typical S5500-SI applications  Grasp basic S5500-SI maintenance

Objectives

Upon completion of this course, you will be able to:

 Chapter 1 S5500-SI System Description  Chapter 2 S5500-SI Software Features  Chapter 3 Typical S5500-SI Applications  Chapter 4 Basic S5500-SI Maintenance

Contents

www.h3c.com

5

References

 H3C S5500-SI Installation Manual  H3C S5500-SI Operation Manual  H3C S5500-SI Command Manual  H3C S5500-SI FAQ

www.h3c.com

6

S5500-SI System Description

 System description——1000M weak L3 Ethernet switch

High port density Flexible extension slot Support 10GE uplink Support PoE Support IPv6

 Equipment positioning

At the access layer of enterprise network At the convergence layer of enterprise or campus network

www.h3c.com

7

Product Positioning

Layer 2 Layer 3- Layer 3 Metro 10GE GE FE

H3C S9500 H3C S7500 H3C S5600 H3C S5100-26C H3C S5100-24P H3C S5600-PWR Quidway S3552I Quidway S3528 H3C S3600-EI-PWR H3C S3600-EI H3C S3600-SI H3C S5100-50C H3C S5100-48P Quidway S3000-EI Quidway S3050C H3C S3100-SI Quidway S2000-EI H3C S9500 H3C S7502M S5500-SI H3C S5600 Quidway S5000 L3- + GE+ 10GE uplink +IPv4/IPv6

www.h3c.com

8

H3C Series Products Comparison

S5500-SI S5100-EI S5600 S5510 Quantity of GE ports 24/48 24/48 24/48 24 Quantity of 10GE ports 4 2 2 10GE port type XFP/CX4 XENPAK/CX4 XENPAK/XFP NA IRF NA Support Support NA PoE Support NA Support NA MAC address 8K 16K 16K 12K ARP table 2K 256 8K 4K Routing table 512 16 16K 16K RIP Support NA Support Support OSPF NA NA Support Support PIM NA NA Support Support VRRP NA NA Support Support IPv6 protocol stack Support NA NA Support RIPng Support NA NA Support OSFPv3 NA NA NA Support Software platform ComwareV5 ComwareV3 ComwareV3 ComwareV5

www.h3c.com

9

Comparison with Competitors’ Products

H3C S5500-SI Cisco C3560 HP 2800 HP 3400cl Fixed port 24 GE + 4 SFP(Combo) 48 GE + 4 SFP(Combo) 24 GE + 4 SFP 48 GE + 4 SFP 24 GE + 4 SFP(Combo) 48 GE + 4 SFP(Combo) 24 GE + 4 SFP(Combo) 48 GE + 4 SFP(Combo) Extension port 4x10GE None None 2x10GE Routing table 512 8k ? ? Flow speed limit Granularity 64kbps Granularity 8kps NA NA Quantity of queues 8 4 4 4 L2 protocol LACP/GVRP/MSTP LACP/VTP/MSTP/PVST+ LACP/MSTP/GVRP/CDP LACP/MSTP/GVRP/LLDP IPv4 routing protocol RIP RIP/OSPF/BGP/IGRP/EIGRP NA RIP/OSPF IPv6 routing protocol RIPng RIPng/OSPFv3 NA NA Equal cost route NA Support NA NA Policy route NA Support NA NA Multicast protocol IGMP Snooping/MLD Snooping IGMP/PIM/MLD Snooping IGMPv3 IGMPv3 VRRP NA HSRP NA XRRP SSHv2/Tacacs+ Support Support Support Support sFlow NA NA Support Support PoE Support Support NA NA

www.h3c.com

10

Product Models and Configuration

 H3C S5500-SI series models and configuration  H3C S5500-28C-SI

• 24 1000M electrical interfaces + 4 SFP ports (combo) + 2 extension

slots

 H3C S5500-52C-SI

• 48 1000M electrical interfaces +4 SFP ports (combo) + 2 extension slots

 H3C S5500-28C-PWR-SI

• 24 1000M electrical interfaces + PoE + 4 SFP ports (combo) + 2

extension slots

 H3C S5500-52C-PWR-SI

• 48 1000M electrical interfaces + PoE + 4 SFP ports (combo) + 2

extension slots

www.h3c.com

11

Product Models and Configuration

 Extension modules (hot swappable)

 LSPM1XP1P

• 1-port XFP 10GE Module, the XFP shall support

LR/SR/ER/LRM  LSPM1XP2P

• 2-port XFP 10GE Module, the XFP shall support

LR/SR/ER/LRM  LSPM1CX2P

• 2-port CX4 10GE Module

 CX4 cable

• 50cm/100cm/300cm (screw-screw)
• 300cm (screw-clip)

www.h3c.com

12

Panel LEDs

 Power LED

 Display the equipment status: normal/POST error

 RPS LED

 Display the current RPS input status

 Mode LED

 Display the current mode keystroke status: speed/duplex/PoE

 Module LED

 Display the current extension module status: normal/abnormal/not in position

 7-Segment Display

 Display the current equipment status:

• POST ID
• Cluster Status (Commander/Member/Candidate/Standalone)
• File download indication
• PoE utilization indication
• Fan/Temperature alarm indication

 Port LED

 Display the current port status based on mode keystroke:

• Speed: 1000M/10-100M/POST Fail
• Duplex: Full /Half Duplex/POST Fail
• PoE: Normal/Fault/POST Fail

www.h3c.com

13

Hardware Structure

 S5500-28C-SI hardware structure

Switch CPU

PCI 10GE 10GE

24 GE Module2 Module1 Module2

Switch

CPU

PCI

Switch

Module1

10GE 10GE

48 GE

 S5500-52C-SI hardware structure

www.h3c.com

14

Hardware Structure Features

 Hardware design features

 Super compact, highest 1000M port density

• Dimensions: 440 mm X 43.6 mm X 300 mm (Non-PoE)/ 440 mm X 43.6 mm X 420 mm (PoE)
• The front panel offers 48 1000M electrical interfaces and 4 1000M SFP optical interfaces
• The rear panel offers maximum of 4 10GE ports

 High performance design, speed experience

• All ports are at full wire speed, and switching capacity is 128 Gbps/176 Gbps
• 10GE interface

 Flexible extensibility

• Multiple types of extension modules
• Cost-effective 10GE interface (CX4)

 Comprehensive reliability design

• Provide RPS and AC/DC power supply
• Hot-swappable extension module
• Support monitoring alarm of environment temperature and fans
• Temperature-control fan
• Extension module without CPU

 Chapter 1 S5500-SI System Description  Chapter 2 S5500-SI Software Features  Chapter 3 Typical S5500-SI Applications  Chapter 4 Basic S5500-SI Maintenance

Contents

www.h3c.com

16

Software Features Overview

 Software design features

 Built on the brand-new Comware5 platform, integrated with intelligences and advantages

• 8-year VRP R&D
• Progressive 3Com technologies

 Rich services

• Routing protocol: static route/RIP
• IPv6: RIPng
• Multicast capability: IGMP Snooping, MLD Snooping and MVR+
• Radius-based user authentication: 802.1x and MAC authentication
• Voice VLAN
• PoE……

 Considerate design, easy to use and secure

• Profile-based management (PoE profile)
• How-swappable extension module
• Password protection

 Powerful maintenance, convenient fault diagnosis

• Self-contained LED and 7-segment display, reflects the current state of equipment in real

time

www.h3c.com

17

Port Features

 Basic features

 Port Types: 1000Base-T, SFP, XFP, CX4  Speed/Duplex auto-negotiation  Auto MDI/MDIX  Broadcast storm control (BC, MC, UC)

 Port aggregation

 Support 12 trunk groups  Each group supports max to 8 GE ports or 2 10G ports  Support LACP dynamic link aggregation

 Port isolation

 Port isolation (Protected Port)

 Other features

 PoE

 Combo ports

www.h3c.com

18

Port Features Precautions

 Broadcast storm suppression

 In the port mode, the suppression percentage of the 64-byte broadcast/multicast/unknown unicast packet is

• accurate. This is because that the chip supports broadcast suppression based on PPS only. In the case of

percentage-based suppression, the system converts the percentage into PPS based on 64 bytes. Therefore the PPS mode is recommended.  Broadcast/Multicast/Unknown unicast suppression does not change the port’s instantaneous speed, but prohibits packet forwarding in a certain period to implement suppression.  When broadcast/multicast/unknown unicast suppression and CAR are concurrently enabled on a port, the final wire speed is calculated with the following formula: CIR/wire speed * packets suppression pps.

 Port aggregation

 The selected/unselected principles of V3/V5 static aggregation ports are different. When there are over eight ports to be aggregated, products at the two ends may select different ports.  IP unicast packet: load balancing based on source/destination IP and source port  Non-IP unicast packet: load balancing based on source/destination MAC, VLAN and ethertype  IPMC multicast: load balancing based on source/destination IP and incoming port index  Other multicast/broadcast/unknown unicast packet: load balancing based on source/destination MAC and incoming port index

www.h3c.com

19

Port Features——POE

 PoE:

802.3af standard PD/Legacy PD support (Cisco/Huawei) Max to 15.4Watt power per port 24 Ports max power support with AC input Full port max power support with DC input 3 priorities support: Critical/High/Low Power statistics: Current/Average/Peak

CLI DEVM Driver MCU Others UAR T Switch PSU

www.h3c.com

20

L2 Features

 MAC address management

8K MAC addresses /128 static MAC addresses MAC black hole MAC learnt limitation

 VLAN

 4094 802.1q VLANs  GVRP  Auto VLAN assignment via 802.1x  Voice VLAN  QinQ/Selective QinQ

 Spanning Tree

STP/RSTP/MSTP BPDU guard/Root guard/Loop Guard/TC Protect

www.h3c.com

21

Selective QinQ

 S5500-SI serves as the PE:

 In the uplink direction, the UNI port processes a received packet as follows:

• 1) Search the mapping table of inner VLANs and
• uter VLANs configured by the user for S-VLAN

based on incoming port number and C-TAG;

• 2) Search the MAC table for outgoing port based on

S-VID and C-DA;

• 3) Learn MAC address based on S-VID and C-SA;
• 4) Insert S-TAG into the packet, and then send it out

through the outgoing port;

• 5) For the untagged or Pri-tagged packet, insert VID

(equal to PVID of port) TAG into the packet, and then send it out.

 In the downlink direction, the UNI port processes a packet as follows:

• 1) Search the MAC table for outgoing port based on

S-VID and C-DA;

• 2) Learn MAC address based on S-VID and C-SA;
• 3) Strip off S-TAG, and then send the packet out

through the outgoing port.

www.h3c.com

22

L3 Features

 L3 interface

 64 VLAN interfaces  Secondary IP address (4 IP per VLAN)

 ARP

 2K ARP entries/ 64 static ARP entries  ARP Proxy

 Unicast routing protocol

 RIPv1/v2  512 routing table (including 64 static routes)

 Multicast

 IGMPv1/v2/v3 Snooping  128 multicast groups  MVR+  IGMP Fast Leave  IGMP Filter  IGMP Group Limit  Drop known  Source Deny

www.h3c.com

23

Multicast Precautions

 IGMP Snooping

When IGMP Snooping is enabled in a VLAN, uplink multicast data will flood the VLAN if no member joins in any multicast group. The solution is to enable unknown multicast discard in the VLAN. Note: When unknown multicast discard or multicast port source discard is enabled in the VLAN, multicast packets (such as OSPF, RIP and NTP) will be discarded.

 Multicast VLAN +

Support multicast VLAN duplication, and port duplication capability is 64. The whole system shares 1K entries, and supports duplication of maximum of 16 ports in full configuration in the case that every port joins in 128 groups.

www.h3c.com

24

IPv6 Features

 L3 interface

 64 VLAN interfaces

 ND

 1K ND entries (including 64 static ND entries)

 Unicast routing

 RIPng  256 routing table (including 64 static routes)

 Multicast

 MLDv1 Snooping/128 multicast groups  Multicast VLAN

 Management

 Telnet/SSH/SNMP/HTTP over IPv6  ping/Tracert for IPv6

www.h3c.com

25

Security Features

 HTTPs  SSHv2

 DES/3DES support

 User authentication

 802.1x  Centralized Mac authentication  Local Database  Radius  Tacacs+

 Packet Filtering

 L2L3/L4  Time-based  384 ACL entries per ASIC  Port /VLAN based ACL

 Others

 DoS protection  Password Recovery  DHCP Snooping Trust  Port Mirroring/Traffic Mirroring  Up to 4 Monitor Port

www.h3c.com

26

QoS Features

 Egress Queue

 8 queues  Scheduler : SP, WRR, SP + WRR

 Priority mapping/remarking

 802.1p  DSCP

 Traffic classification

 L2(Link)/ L3/L4(Advanced)  Time-based

 Rate limiting

 Port Rate Limitation

• Ingress/Egress
• 64Kbps granularity

 Flow Rate Limitation

• Ingress only
• 64Kbps granularity

 L4 port range check

www.h3c.com

27

Management Features

 HGMP V2  Web management:

 Support multiple browser: IE 5.5/IE 6/Netscape 7.1/Mozilla 1.4  Rich management function

• Basic port management (enable/disable, speed, flow control, etc)
• Layer 2

— VLAN Configuration — Voice VLAN Configuration — Spanning Tree Configuration — Link Aggregation Configuration — IGMP Snooping — Port Mirroring

• Management Configuration

— Software Agent Upgrade — Network Login Configuration — User management (passwords, etc) — Device Configuration Save & Recovery — Administration: Initialize/Reboot/Save Configuration

www.h3c.com

28

Features under Development

 Layer 2

 UDLD  VLAN Mapping  RSPAN  Flex Link  Support 100M SFP Module

 Network Security

 DHCP Snooping Option82  Dynamic ARP Inspection  IP Source Guard  Port Security

 Multicast

 MLDv2 Snooping

 Management

 Enhanced Clustering Support  Enhanced Web Management

 Chapter 1 S5500-SI System Description  Chapter 2 S5500-SI Software Features  Chapter 3 Typical S5500-SI Applications  Chapter 4 Basic S5500-SI Maintenance

Contents

www.h3c.com

30

Typical Networking (Convergence Layer)

10 GE 10 GE GE

CAMS NMS Server Farm

Firewall

S9500/S7500 S9500/S7500

S5100 S5100

GE GE GE GE

S3600 S3600 S3600 S3600

S5100 S5100

GE GE GE GE

S3600 S3600 S3600 S3600

S5500-SI S5500-SI

GE GE GE GE

S3600 S3600 S3600 S3600

www.h3c.com

31

Typical Networking (Access Layer)

S5500-SI S5500-SI

GE PoE GE GE PoE

10 GE 10 GE GE

CAMS NMS Server Farm

Firewall

S9500/S7500 S9500/S7500

S5500-SI S5500-SI

GE GE GE PoE GE

S5500-SI S5500-SI

GE PoE GE GE PoE

www.h3c.com

32

Typical Networking (IPv6)

IPv4 Network

IPv6 Enterprise Users IPv6 Users

WLAN

IPv6 Network

Dual-Stack Access Dual-Stack Access

Mobile Network

IPv4 Access IPv6 IDC Network Manager IPv6 Mobile Terminal

IPv6 Island

IPv4 Internet

IPv6 Internet IPv6 Over IPv4Tunnel

IPv6 Access IPv6 Access IPv4 User

IPv6 Link 6to4 Relay

S5500-SI S5500-SI S5500-SI

 Chapter 1 S5500-SI System Description  Chapter 2 S5500-SI Software Features  Chapter 3 Typical S5500-SI Applications  Chapter 4 Basic S5500-SI Maintenance

Contents

www.h3c.com

34

Common Fault Location——DIAG Mode

 The S5500-SI integrates the diagnosis mode provided by the chip manufacturer, enables the user to view hardware entries in the chip in real time, and realizes the convenient on-line diagnosis function. The operation steps are as follows:

 Type diag in any view, and the system displays a prompt whether to enter the diag mode. Type Y and password sdk to enter the diag mode.  Choose the chip number to view.  Type the command to view the desired entry. The user can type ? or help to display all the available commands.

____________________________ | GFD_24 physical connection | | | | 27 26 25 24（4个10GE） | | | | | | | | ___ | __| __| __ |______ | | | | | | | chip-0 | | | |___________________ | | | | | | | | | | | | | | .... | | | | | 0 1 2 21 22 23(24GE) | |_____________________________ | ____________________________________________ | GFD_48 physical connection | | | | 27 26 (4个10GE) 25 24 | | | | | | | | ____|____|____ ____|____|_____ | | | 25 |___Hig___|26 | | | | chip-0 24 |___Hig___|27 chip-1 | | | |______________| |______________| | | | | | | | | | | | | | | .. | | | | .. | | | | 0 1 22 23 (48GE) 0 1 22 23 | |___________________________________________ |

www.h3c.com

35

Common Fault Location——FIB

 View ARP entry in the DIAG (l3 l3table show)  View virtual interface entry in the DIAG (l3 intf show)  View routing entry in the DIAG (l3 defip show)  View IPv6 host entry in the DIAG (l3 ip6host show)  View IPv6 routing entry in the DIAG (l3 ip6route show)

www.h3c.com

36

Common Fault Location——Sending/Receiving Packet

 [H3C-hidecmd]_debugging drv ni packet

rxcos Display packet info in drv receive from special cos rxdiag Display drv diag receive packet info rxdrop Display drv drop receive packet info rxdrv Display drv receive all packet info rxplat Display send to platform all packet info rxport Display packet info in drv receive from special port rxreason Display packet info in drv receive from special reason txdiag Display inbound diag send all packet info txdrop Display drv drop from platform send all packet info txdrv Display drv send all packet info txplat Display platform send all packet info txplatport Display platform send all packet info using port send txplatvlan Display platform send all packet info using vlan send txsoftbc Display drv soft vlan flood packet info

 <H3C>terminal debugging

www.h3c.com

37

Common Fault Location——QACL Realization  QACL realization – hardware resources

There are four TCAMs in the chip. Each TCAM contains 128 entries. TCAMs are numbered 0, 2, 4 and 6, and entries in each TCAM are numbered 0 to 127. Every entry corresponds to a rule of the user, and is numbered TCAM_id * 128 + entry_id.

TCAM 6 TCAM 4 TCAM 0 TCAM 2

Entry_id 127 Entry_id 0 Number: 6*128+127=895 Number: 4*128+0=512

www.h3c.com

38

Common Fault Location——QACL Realization  QACL realization - priority

When viewing a rule, the user can see its global number, work out TCAM_id and entry_id based on the number, and then figure out its position in the chip. Priority relations among rules are as follows:

• In different TCAMs, the larger TCAM_id is, the higher

priority is; while the smaller entry_id is, the higher priority is.

• TCAM0 is reserved by the system, and unavailable for

users.

LOW PRIORITY HIGH PRIORITY TCAM6 TCAM 4 TCAM 0 TCAM 2 HIGH PRIORITY RULE TCAM

www.h3c.com

39

Common Fault Location——QACL Query

 Query QoS Policy delivered on the port:

[H3C-GigabitEthernet1/0/1]display qos policy interface [H3C-GigabitEthernet1/0/1]dis qos p int Interface: GigabitEthernet1/0/1 Direction: Inbound Policy: test Classifier: test Operator: AND Rule(s) : If-match source-mac 0000-0000-0001 Behavior: test Committed Access Rate: CIR 64 (kbps), CBS 500 (byte) Red Action: discard

www.h3c.com

40

Common Fault Location——QACL Query

 Query QACL rules configured by the user:

[H3C-hidecmd] _dis drv qacl user-rule policy-name policy-name [H3C-hidecmd] _dis drv qacl user-rule policy-name test port based policy policy-name test entry detail info entry_id: 768 valid_sta 1 ip_ver IPv4 class_name test behavior_name test acl_num 0 sub_item: 0 if_time_range: 0

Rule number in the hardware: Indicates that this rule is located at TCAM6 and entry_id is 0 Classifier and behavior name configured by the user

www.h3c.com

41

Common Fault Location——QACL Query

IPv4 rule content dst_mac: 0-0-0-0-0-0 dst_mac_mask: 0-0-0-0-0-0 src_mac: 0-0-0-0-0-1 src_mac_mask: ff-ff-ff-ff-ff-ff

• uter_vid: 0
• uter_vid_mask: 0

inner_vid: 0 inner_vid_mask: 0 ether_type: 0 ether_type_mask: 0 src_ip: 0 src_ip_mask: 0 dst_ip: 0 dst_ip_mask: 0 ip_protocol: 0 ip_protocol_mask: 0 ………………………………………………(omitted contents)

Match source MAC 0-0-1

www.h3c.com

42

Common Fault Location——QACL Query

action content ……………………………………(omitted contents) drop: Action not be set mirror: Action not be set mtp_modid: 0 mtp_port: 0 change_dmac_vlan: Action not be set new_dmac_vlan: 0 car: MeterConfig car_cir: 64 car_cbs: 4 rp_drop: RpDrop rp_change_dscp: Action not be set rp_newdscp: 0 count: Action not be set counter_mode: 0

Enable rate limit The speed limit is 64 Kbps Token bucket depth is 4Kbype Out-profile discard

www.h3c.com

43

Questions

 Any Question?

www.h3c.com

44

Summary

 The H3C S5500-SI uses the Comware V5 platform software, and inherits all features of the V5 platform.

New software/hardware features

• Voice VLAN
• PoE
• IPv6
• Selective QinQ

Brand-new QACL design

• TCAM
• Policy/Classifier/Behavior

Hangzhou H3C Technologies Co., Ltd. www.h3c.com