H3C S9500E Series Core Switch Contents Development Trends of - - PowerPoint PPT Presentation

H3C S9500E Series Core Switch

 Development Trends of Core Switches  Introduction of the H3C S9500E  Technical Characteristics of the H3C S9500E  Application of H3C S9500E Series

Contents

3,000 1,000 100 10

1970 1980 1990 2000 2010 2020

Number of users (million)

2005 2010

Center on mainframe computer Center on server Center on network Center on data

Development Milestones of IT

Common Difficulties in Network Construction

What will be included in large- and mid-scale networks? How to construct them? While there are more applications and higher performance requirements, can the data center support future service development? How to address the compatibility problem of heterogeneous devices purchased at different times? How to ensure network reliability and service continuity? How to guarantee security of key data that faces soft and hard faults? How to implement remote disaster recovery of data? How to manage the network in a unified manner and reduce the management and maintenance cost? … …

Network access capability of a higher density; high-density 10G capacity expansion capability; large-capacity block-free switching

New Requirements on Network Devices

Larger buffer capacity, distributive buffer mechanism to better protect service quality More reliable network devices and more improved security protection mechanism More diverse product online maintenance means Greener, more energy- saving ………

 Development Trends of Core Switches  Introduction of the H3C S9500E  Technical Characteristics of the H3C S9500E  Application of H3C S9500E Series

Contents

 The H3C S9500E is H3C’s core switch and the flagship product of the H3C switch product family.  The H3C S9500E is located at the large MAN convergence layer and the core layer of medium and small MANs, and is one of the industry-leading core switches.  The H3C S9500E series contains three switch models, S9505E/S9508E-V/S9512E.

H3C S9500E Core Switch Series

Attribute S9505E S9508E-V S9512E Number of main control slots 2 2 2 Number of service slots 5 8 12

Product Family of H3C 9500E

H3C S9500E Series

Number of slots 5 8 (vertical) 12 Switching capacity 720G 1.44T 1.44T Packet forwarding rate 360Mpps 576Mpps 864Mpps Engine redundancy Supported Supported Supported Power supply redundancy 1+1 1+1 1+1

• Maxi. number of Gigabit ports

240 384 576

• Maxi. number of 10G ports per

slot 16 16 16 Maximum number of 10G ports 80 128 192 Cabinet size 11U 22U 17U

Main Features of S9500E

Innovative multi-engine architecture The control engine, detection engine and maintenance engine provide powerful control capabilities and high 50ms protection reliability. High-capacity multi-service forwarding performance Up to 192 10GE ports per unit IPv4/IPv6/MPLS traffic line-rate forwarding capability High-performance security and wireless service cards Perfect maintenance and detection mechanisms Online status detection mechanism Innovative board isolation mechanism

S9500E Interface Modules

24-port electrical/optical interface board (8 ports support combo port application)

48-port electrical/optical interface board

2/4-port 10GE interface board (XFP interfaces) 16-port 10GE interface board (SFP+ interfaces) S9508E-V/S9512E main boards S9505E main boards

IPS service module WLAN Switch Module SSL VPN module LB load balancing module NAT service module Firewall service module

.

Multi-service Support – 9500E

EMC and Safety Compliance of S9500E

• The S9500E series are designed by following the leading

EMC and safety standards to meet the requirements in Europe, North America, Germany, Japan and Russia and have

• btained their authorized certificates.

S9500E-Green and Environmentally Friendly



Traditional production techniques largely use heavy metals and poisonous substances such as lead, mercury, cadmium, hexavalent chromium, PBB, and PBDE, which cause long-term, serious damage to the environment. Improving the techniques requires high investment and advanced technologies, which many vendors cannot afford.



H3C invests heavily in R&D and introduces advanced production techniques. The design and production of S9500E fully comply with the European RoHS directive and have passed certification testing. The production, usage and recycling processes produce no environmental pollution.

All-round high security The switch integrates the device anti- attack and the service anti-attack capabilities, protecting the user network. Mature architecture The hardware platform based on ASIC + NP + multiple cores balances the flexible service expansion capability and the high processing performance. Carrier-class high reliability The unique design of device reliability and network reliability provides carrier-class reliability capability. Diverse service features MPLS+IPv6+VPLS+EPCL

The user customization mode provides tailor-made core switches to users.

Tailor-made for User -9500E

 Development Trends of Core Switches  Overview of the H3C S9500E  Technical Characteristics of the H3C S9500E

Innovative hardware structure Carrier-level reliability Rich service features Comprehensive security and maintenance

 Application of H3C S9500E Series

Contents

Innovative Multi-Engine Design

S9500E adopts an innovative hardware structure, which accommodates a control engine, a detection engine and a maintenance engine to provide powerful control capabilities and 50ms protection reliability. Independent control engine Independent detection engine Independent maintenance engine

FFDR

主控板

处理器

背板

EMS EMS EMS FFDR Processor

Main board

EMS

Independent Control Engine

Independent control engine

The CPU of the control engine has a main frequency of 1GHz, and thus can easily process various protocols’

• packets. As it is no long responsible for

reliability and maintainability and thus avoids impact of service channels on control channels, the CPU almost has the same processing capabilities as a high-end core router. Tolly test results: Route learning: 20000 routes per second IP FRR failover time: 30ms

FFDR

主控板

处理器

背板

EMS EMS EMS FFDR Processor

Main board

EMS

Control engine

Independent Detection Engine

Independent detection engine

The independent detection engine has a highly-reliable, high-performance fast fault detection and restoration (FFDR) CPU system to implement BFD and OAM fast fault detection. It works together with the protocols of the control plane to provide fast failover (30ms) and convergence, ensuring service continuance. BFD for VRRP/BGP/IS-IS/OSPF/static routing has a failover time of less than 30ms, which was tested by Tolly.

FFDR

主控板

处理器

背板

EMS EMS EMS FFDR Processor

Main board

EMS

Detection engine

Independent Maintenance Engine

Independent maintenance engine

The independent maintenance engine has an intelligent embedded maintenance subsystem (EMS) CPU system to provide intelligent power

• management. It powers on boards in sequence,

which avoids impact of simultaneous power-on

• n the power supply, increases device lifetime,

and reduces electromagnetic radiation. It can power off specific boards, and isolate faulty/idle boards to reduce system power consumption. The innovative board isolation function separates service boards from the forwarding plane to implement management, diagnosis, maintenance, and upgrade, bringing new application experience for users.

FFDR

主控板

处理器

背板

EMS EMS EMS FFDR Processor

Main board

EMS

Maintenance engine

Other interfaces Storage System Other interfaces System Storage System Storage

FW module **service module Service base board IPS module

 Based on the open application architecture, S9500E provides standard application interfaces for users and third parties to develop their

• wn services, which increases the

value of S9500E and speeds up the development of intelligent IP networks.

Open Application Architecture (OAA)

Distributed Forwarding

 Distributed IPv4/IPv6/MPLS traffic forwarding ensures the high-

performance forwarding capabilities of S9500E, and fully satisfies the requirements of data centers and the core layer of campus networks.

Crossbar Crossbar Engine Engine IPv4 MPLS VPN ASIC I/O Module IPv6 IPv4 MPLS VPN ASIC I/O Module IPv6 IPv4 MPLS VPN ASIC I/O Module IPv6 IPv4 MPLS VPN ASIC I/O Module IPv6

 Development Trends of Core Switches  Overview of the H3C S9500E  Technical Characteristics of the H3C S9500E

Innovative hardware structure Carrier-level reliability Rich service features Comprehensive security and maintenance

 Application of H3C S9500E Series

Contents

Software reliability System reliability Hardware reliability

BFD for VRRP/RIP/ISIS/OSPF/BGP/ static routing; IP/TE FRR; OAM; RRPP; VRRP/VRRPE; NSF+GR; Configuration restoration; Hot patch; Online upgrade; IRF2

S9500E High-Reliability Design

• As core devices, S9500E must provide high

reliability, which is fully considered during design.

Power supply redundancy; Main board redundancy; Fan module redundancy; All boards are hot swappable; Link aggregation

FIB FIB FIB FIB

Crossbar

AMB SMB

Neighbor switch During GR, the neighbor does not remove relevant routes.

Ensure session continuance after failover to achieve grace ful restart

Neighbor switch

 Support GR for OSPF/IS-IS/BGP/LDP/RSVP.  Ensure normal operation during AMB/SMB failover, and fast rebuild the routing table with the help of neighbors after failover.  Ensure non stop forwarding during failover.

GR－Non Stop Forwarding

Code segment Code segment

Original code segment

Code segment Code segment Code Segment

Original program Patch code area

Online loading

 Allows you to modify software bugs and add small features without resetting running devices.  Allows you to load/activate/deactivate/run/delete patch units at the command line interface.

Optimize code segment 补丁 代码

Hot-patch provides a flexible defect correction method to ensure the reliability of software features.

Replace the original code segment with an enhanced patch code segment

Hot-Patch Technology

BFD for FRR

Core node Convergence/access node Convergence/access node Working patch Protection path Working patch Protection path

BFD FRR

Main control board

Service board Main control board Service board Universal quick handshake (10ms) Fault alarm Bidirectional forwarding detection

S9500E IRF2 Feature

Units support dual main boards for high Reliability. Common interface boards support stack links. Up to 12 links can be aggregated to provide large bandwidth. As a single logical device, it can be easily managed. Easy to deploy and transparent to neighbors Priority given to local links to improve forwarding speed. Uniform stateful hot-backup configuration for routes

IRF

Dual-homing can be easily deployed by aggregating neighbors.

IRF2 Introduction

Layer-2 loops in the traditional solution Complicated VRRP+MSTP design Complex routing design due to complex links Routing flaps due to node/link failures Interruption of large numbers of links in the data center Layer-2 distribution/core termination offered by end-to-end stack virtualization Multiple nodes are virtualized as a single node: Multiple links are bundled as a single logical link. Complicated VLAN+MSTP/VRRP is removed. Greatly simplify routing and VLAN configuration in the data center The failure of a single node/link does not affect upper-level routing.

 Development Trends of Core Switches  Overview of the H3C S9500E  Technical Characteristics of the H3C S9500E

Innovative hardware structure Carrier-level reliability Rich service features Comprehensive security and maintenance

 Application of H3C S9500E Series

Contents

Integrate all mainstream features and implement high-performance all-in-one integration

Distributive ASIC Distributive and high-performance features High-performance NP Tight coupling and high-performance features Multi-core CPU Loose coupling and flexible features

IPS FW/NAT LB/SSL NetStream

Bridge forwarding IPv4/v6 forwarding MPLS VPLS Bidirectional ACL Multicast Multicast VPN 6PE uRPF PBT

Diverse Service Feature

MPLS network MP-BGP UPE SPE UPE PE PE

Hierarchical PEs

MPLS network VPN2 site2 VPN1 site1 VPN2 site3 VPN1 site3 VPN1 site2 VPN2 site1

Support HoPE technology for VPN extension and expansion Support multiple routing protocols between PE and CE, such as static routing, EBGP, RIP and OSPF. Support inter-AS solutions: VRF-to-VRF MP-EBGP Multi-Hop MP-EBGP

PE-ASBR PE-ASBR

Support MPLS VPN Manager Support MPLS traffic analysis Support VLL / VPLS Martini mode Kompella mode

Layer-2 network

MPLS Solutions

Distributed MPLS traffic line- rate forwarding

MPLS network PE PE MPLS tunnel (LSP)

Branch 1 of Company A Headquarters of Company A Branch 1 of Company B Outer label VC label MAC header Data

VC label distribution

Only one connection needed Only one connection needed

P E

 The distributed VPLS feature of S9500E implements line-speed forwarding without needing any centralized engine.  VPLS supports up to 4K instances and 128K MAC addresses. In addition, it supports rich features, fully meeting the VPLS needs of core routing switches.

Distributed VPLS

Headquarters of Company B Branch 2 of Company B Branch 2 of Company A

Backbone

PE 2

P

CE-A2 University

PE3

Multicast Core IBGP IBGP IBGP

PE1

University

Multicast source

Receiver

 MPLS/BGP VPN has been widely used. Some VPN users need multicast services.  S9500E supports MD mode multicast VPN, ensuring that PIM state can be controlled, multicast in private networks is isolated from that in public networks, and the backbone network runs stably.  Optimization of multicast routing: Multicast traffic is only sent to needed PE routers through Switch-Group, effectively reducing multicast traffic in the backbone network.  Flexible VPN implementations: Private and public networks respectively forward multicast traffic according to their multicast forwarding

• entries. Multicast forwarding entries in private networks do not need to sense the changes to public multicast tunnels, upon which,

however, private multicast forwarding entries can fast complete switchover.

University Enterprise Enterprise Multicast source Receiver Receiver

Multicast VPN

 Development Trends of Core Switches  Overview of the H3C S9500E  Technical Characteristics of the H3C S9500E

Innovative hardware structure Carrier-level reliability Rich service features Comprehensive security and maintenance

 Application of H3C S9500E Series

Contents

 The advanced architecture, comprehensive security features and strict service access control mechanisms enable the S9500E to provide secure gateway access.

Routing security Access security Management security Forwarding security

SSH RADIUS TACACS+ SYSLOG

Large numbers of bidirectional ACLs

URPF Netstream Mirror

MD5 authentication for routing protocols Isolation between management and service planes Secure Comware routing software system

ARP rate limit Address binding

Filtering and limiting of control information

NQA

Rate limit on ports

IPS/FW/IPSec

Port isolation in VLAN Broadcast/abnormal traffic suppression

Comprehensive Security Features

Independent CPU Traffic Control

Traffic to CPU CPU

OSPF ARP BPDU ICMP

...

Software control plane policy

Packets of each protocol are assigned to a single queue to avoid interference between protocols. Traffic can be limited based on pps.

S9500E Online Status Detection

The maintenance engine is specifically responsible for online status detection

• f the switch fabric, communication

channels on the backplane, service communication channels, key chips, and memories. Once detecting a fault, it sends a report to the system through EMS.

FFDR

主控板

处理器

背板

EMS EMS EMS FFDR Processor

Main board

EMS POST Regular detection

• f hardware faults

Regular detection

• f service channels

Board isolation Offline diagnosis Software version integrated management

 Development Trends of Core Switches  Introduction of the H3C S9500E  Technical Characteristics of the H3C S9500E  Application of H3C S9500E Series

Contents

S9500E Application in Virtual Campus Networks

Core layer Data center

WAN

Branch Branch Public users

Internet

FIT AP FIT AP

S9500E

S9500E S7500E

Network management center

Wireless access Access layer (floors) Access layer (floors) Distribution layer (Buildings)

S9500E Application in Virtual Campus Networks

• 1. MPLS traffic full line-rate forwarding
• The core layer of a virtual campus network is responsible for handling the MPLS

traffic of the whole network, and thus must have the distributed MPLS full line-rate forwarding capability.

• 2. Rich MPLS features, including Layer-2/-3 VPN and multicast VPN, fully satisfying future

application requirements.

• 3. High reliability features such as BFD ensure the core layer to provide highly reliable
• services. S9500E supports BFD for VRRP/RIP/OSPF/BGP.
• 4. Provide high-density 10GE access through 16-port 10GE interface boards
• 5. Support wireless LAN deployment, and provide unified wireless and wired solutions.
• 6. Support multi-service security cards, and provide integrated network and security

solutions.

• 7. EAD solutions fully satisfy dynamic authorization and secure access requirements of

customers.

S9500E Application in Data Centers

Campus Core

FW LB NSM FW LB NSM

NIC Teaming cluster NIC Teaming access Blade servers Pass through mainframe Blade switch Layer-3 access

S12500 S9500E S9500E S5800 S5500

aggregation3 Aggregation2

• 1. The distributed full line-rate forwarding

capabilities satisfy the high-performance needs of data centers.

• 2. Features such as BFD and IRF2 satisfy

the high-reliability needs of data centers and simplify the network structure.

• 3. Provide high-density 10GE access

through 16-port 10GE interface boards.

• 4. Integrated service deployment, security

deployment, and network analysis deployment.

• 5. Large numbers of ACLs : An enhanced

board of S9500E supports up to 16K ACLs and thus S9500E can fully meet the complex traffic configuration needs of data centers.

• 6. 1:N traffic mirroring satisfies the needs of

handling complex services.

 The core and distribution devices in the large-scale campus network support both IPv4 and IPv6.  The core or distribution devices can provide WLAN and security service cards to construct an integrated campus network.  High-reliability features such as BFD ensure the core network to provide highly reliable services.  The EAD solution provides better security for private networks.

S5500- SI S9500 E

IPv4 IPv6

S7500E

S9500E Application in Campus Networks

Backup Slides

Feature S9500 S9500E

IPv6+MPLS

Supported on different type Interface Supported on one single Interface

Software NAT

N supported

sFlow

N supported

EACL

N supported

10G Module

Max 4 port 10GE per slot Max 16 port 10GE per slot

BFD

N Y，50ms

1:N Mirror

N supported

VPLS、uRPF

Centralized Distributed

6PE、Multicast VPN

N supported

MAC、ARP Table Size

Small size Large size

Improvement on 9500E

S9500E C6500E

Architecture

Fully Distributed ASIC+NP+Multi-core CPU Centralized or Distributed ASIC + NP

Performance

1.44T per Chassis Up to 1.44T bps with VSS

Port Density

Max 16 x 10GE per slot Max 16 x 10GE per slot

VSS

IRF2 for 95E/75E/55/56/36 VSS only on 6500E

Multi-service

LB/WLAN/SSL/IPS/NSM/IPSEC/NAT WLAN/LB/IPS/NAM/CME/SSL

OAM

Hardware Software

vs vs

H3C 9500E vs Cisco 6500E

H3C IRF2 vs Cisco VSS

H3C IRF2 CISCO VSS

device number

2 or 4 2 or 4

performance

1.44T per device 1.44T for whole group

series support

S12500/S9500E/S7500E/S5800/S5500 C6500E

hardware requirement

No special requirement Special engine needed

Crossbar Service board CPU Forwarding plane Main control board CPU Data stream Control stream Packet filtering Submitted to the control plane for precision speed- limiting protection Anti DOS of the main control board

 Three-level protection helps the S12500 to become solidly secure against network attacks.

Device Control Plane Protection Supported

IPS service module Gigabit performance, leading plug-in IPS architecture, integration of security and network AC service module Largest capacity in the industry, supports 640 APs and wirelined & wireless integrated network SSL VPN module enables users to deploy mobile, remote access, satisfying the requirements of multiple remote access modes. LB load balancing module supports NAT, DR mode and various load balancing algorithms, greatly improves the performance of the server cluster. NAT module high-performance NP processing architecture, supports NAT multiple instances for MPLS VPN application Firewall service module 10G processing capability and the multi-CPU architecture, seamless integration of network and security.

S9500E OAA Service & Application Modules

Thank You