How it Works
ZTE
Loading...
1800-2SW
Users Manual
146 pgs3.62 Mb0
Users Manual
76 pgs1.56 Mb0
Users Manual
21 pgs368.74 Kb0
Table of contents
Loading...

ZTE 1800-2SW Users Manual

Download
Page 1
ZXR10ZSRV2
IntelligentIntegratedMulti-ServiceRouter
ProductDescription
Version:2.00.20
ZTECORPORATION No.55,Hi-techRoadSouth,ShenZhen,P .R.China Postcode:518057 Tel:+86-755-26771900 Fax:+86-755-26770801 URL:http://support.zte.com.cn E-mail:support@zte.com.cn
Page 2
LEGALINFORMATION
Copyright©2014ZTECORPORATION.
Thecontentsofthisdocumentareprotectedbycopyrightlawsandinternationaltreaties.Anyreproductionor
distributionofthisdocumentoranyportionofthisdocument,inanyformbyanymeans,withoutthepriorwritten
consentofZTECORPORATIONisprohibited.Additionally,thecontentsofthisdocumentareprotectedby
contractualcondentialityobligations.
Allcompany,brandandproductnamesaretradeorservicemarks,orregisteredtradeorservicemarks,ofZTE
CORPORATIONoroftheirrespectiveowners.
Thisdocumentisprovided“asis”,andallexpress,implied,orstatutorywarranties,representationsorconditions
aredisclaimed,includingwithoutlimitationanyimpliedwarrantyofmerchantability,tnessforaparticularpurpose,
titleornon-infringement.ZTECORPORATIONanditslicensorsshallnotbeliablefordamagesresultingfromthe
useoforrelianceontheinformationcontainedherein.
ZTECORPORA TIONoritslicensorsmayhavecurrentorpendingintellectualpropertyrightsorapplications
coveringthesubjectmatterofthisdocument.ExceptasexpresslyprovidedinanywrittenlicensebetweenZTE
CORPORATIONanditslicensee,theuserofthisdocumentshallnotacquireanylicensetothesubjectmatter
herein.
ZTECORPORA TIONreservestherighttoupgradeormaketechnicalchangetothisproductwithoutfurthernotice.
UsersmayvisittheZTEtechnicalsupportwebsitehttp://support.zte.com.cntoinquireforrelatedinformation.
TheultimaterighttointerpretthisproductresidesinZTECORPORATION.
RevisionHistory
RevisionNo.RevisionDateRevisionReason
R1.02015-03-30Firstedition
SerialNumber:SJ-20150204153047-003
PublishingDate:2015-03-30(R1.0)
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 3
Contents
AboutThisManual.........................................................................................I
Chapter1ProductLocationandFeatures...............................................1-1
1.1ProductLocation................................................................................................1-1
1.2ProductFeatures................................................................................................1-2
Chapter2ProductStructure.....................................................................2-1
2.1ProductAppearance...........................................................................................2-1
2.2HardwareStructure............................................................................................2-5
2.3SoftwareStructure..............................................................................................2-7
Chapter3FunctionsandFeatures...........................................................3-1
3.1IPv4RoutingProtocolsandIPBasicServices......................................................3-1
3.1.1UnicastRoutingProtocols.........................................................................
3.1.2MulticastRoutingProtocol........................................................................3-3
3.1.3PolicyRouteandRoutingPolicy................................................................3-5
3.1.4DHCPandDNS.......................................................................................3-6
3.2WANAccess......................................................................................................3-6
3.3RoutingandSwitchingIntegration.......................................................................3-8
3.4MPLS................................................................................................................3-9
3.5VPN................................................................................................................3-10
3.5.1IPSecandGRE......................................................................................
3.5.2MPLSVPN............................................................................................
3.5.3SmartDialControl..................................................................................
3.6QoS................................................................................................................
3.7SecurityFeatures.............................................................................................
3.7.1ACL.......................................................................................................3-18
3.7.2Anti-Attack.............................................................................................3-19
3.7.3Firewall..................................................................................................3-19
3.7.4MultipleSecurityAuthenticationModes....................................................
3-1
3-10
3-14
3-15
3-16
3-18
3-23
3.7.5uRPF.....................................................................................................3-24
3.8NetworkReliability............................................................................................3-24
3.9IPv6Features..................................................................................................
3.9.1IPv6BasicFunctions..............................................................................3-26
3.9.2IPv6UnicastRoutingProtocols...............................................................3-26
3.9.3IPv6MulticastRoutingProtocols.............................................................3-27
I
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
3-26
Page 4
3.9.4IPv6TunnelFunctions............................................................................3-28
3.9.56PEand6VPE.......................................................................................3-30
3.9.6NAT64...................................................................................................3-30
3.10NAT...............................................................................................................
3.11NetworkManagementFeatures.......................................................................3-31
3.12SystemOperationandMaintenance................................................................
Chapter4NetworkApplications...............................................................
4.1ApplicationScenarioofAccessNetworksofEnterpriseHeadquartersand
Branches.........................................................................................................
4.2ApplicationScenarioofEgressGatewaysinEnterpriseNetworks..........................
4.3ApplicationScenarioofConvergenceandAccessNetworksofIndustry
Networks..........................................................................................................
4.4ApplicationScenarioofT elecomOperators'DCNNetworks..................................4-5
3-31
3-33
4-1
Chapter5TechnicalIndexes.....................................................................5-1
Figures.............................................................................................................I
Tables............................................................................................................III
Glossary.........................................................................................................V
4-1
4-2
4-4
II
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 5

AboutThisManual

Purpose
Thismanualdescribestheproductlocationandfeatures,productstructure,functionsand applications,technicalparametersoftheZXR10ZSRV2seriesrouters.
IntendedAudience
Thismanualisintendedfor:
lNetworkplanningengineers lNetworkmaintenanceengineers
WhatIsinThisManual
Thismanualcontainsthefollowingchapters:
Chapter1,ProductLocation
andFeatures
Chapter2,ProductStructure
Chapter3,Functionsand
Features
Chapter4,NetworkApplica-
tions
Chapter5,TechnicalIn-
dexes
DescribesthelocationandhighlightsoftheZXR10ZSRV2.
Describestheappearance,hardwarestructure,andsoftwarestructure
oftheZXR10ZSRV2.
DescribessoftwarefeaturesandmajorfunctionsoftheZXR10ZSRV2.
DescribesapplicationsoftheZXR10ZSRV2inactualnetworkarchi-
tectures.
DescribestechnicalindexesoftheZXR10ZSRV2.
Conventions
Thismanualusesthefollowingconventions.
ItalicsVariablesincommands.Itmayalsorefertootherrelatedmanualsanddocuments.
BoldMenus,menuoptions,functionnames,inputelds,optionbuttonnames,checkboxes,
drop-downlists,dialogboxnames,windownames,parameters,andcommands.
Constant
width
Textthatyoutype,programcodes,lenames,directorynames,andfunctionnames.
[]Optionalparameters.
{}Mandatoryparameters.
|Separatesindividualparametersinaseriesofparameters.
I
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 6
Warning:indicatesapotentiallyhazardoussituation.Failuretocomplycanresultin
seriousinjury,equipmentdamage,orinterruptionofmajorservices.
Caution:indicatesapotentiallyhazardoussituation.Failuretocomplycanresultin
moderateinjury,equipmentdamage,orinterruptionofminorservices.
Note:providesadditionalinformationaboutacertaintopic.
II
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 7

1.1ProductLocation

Chapter1
ProductLocationand Features
TableofContents
ProductLocation........................................................................................................1-1
ProductFeatures........................................................................................................1-2
TheZXR10ZSRV2seriesisanintelligentmulti-servicerouterintegratingrouting, switching,wireless,security ,VPN,andbroadbanduseraccessmanagementfunctions. TheZXR10ZSRV2usesthemodularandextensiblesystemarchitecture,andcan beusedtoestablishintelligent,efcient,reliable,exible,andnetworkswitheaseof maintenance.TheZXR10ZSRV2canbewidelyusedinthefollowingscenarios:
lEgressgatewaysofcampusnetworks,governmentnetworks,andenterprise
networks
lAccessnetworksofenterpriseheadquartersandbranches lMobileofcenetworks lConvergencenetworkandaccessnetworkofindustrynetworks
TheZXR10ZSRV2seriesincludesvetypesofproducts:
lZXR103800-8 lZXR102800-4 lZXR101800-2S
MountingawirelessfunctionmoduletotheZXR101800-2Sresultsintwosub-models: ZXR101800-2S(G)andZXR101800-2S(W).
lZXR101800-2E
MountingawirelessfunctionmoduletotheZXR101800-2Eresultsinsub-model ZXR101800-2E(G).
lZXR102800-3E
MountingawirelessfunctionmoduletotheZXR102800-3Eresultsinsub-model ZXR102800-3E(G).
Figure1-1showsanexternalviewofeachproduct.
1-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 8
ZXR10ZSRV2ProductDescription

1.2ProductFeatures

Figure1-1ExternalViewsoftheZXR10ZSRV2SeriesProducts
HighPerformance,EnsuringNoNetworkAccessBottleneck
Withincreaseofenterpriseapplications,networktrafcincreases.Newapplicationssuch asvideoconferencing,distancelearning,andremotedisasterrecoveryhavehigherand higherrequirementsforperformanceonnodesprocessingnetworkdata.
TheZXR10ZSRV2provideshighperformanceandensuresnonetworkaccess bottleneck.
lThehigh-performancemulti-coreprocessorandintelligentswitchingengine
guaranteehigh-performanceprotocolprocessingandmanagementcontrol processing,andimplementhigh-speedL2andL3packetforwarding.Thisimproves theoverallperformanceofthesystem.Multi-layerdistributedforwardingand processingensuresthatthesystemresourcescanbeallocatedproperlyformultiple simultaneousservices,whichguaranteesthehighforwardingperformanceofthe system.Eachslotsupportsamaximumof10Gbpsbusbandwidth,ensuringsmooth servicepacketforwarding.
lTheZXR10ZSRV2supportsvarioustypesofinterfaces,includingwiredinterfaces
suchastheGEinterface,FEinterface,POSinterface,CPOSinterface,E1interface, xDSLinterface,synchronousserialinterfaceandasynchronousinterface,and wirelessinterfacessuchasthe3G/LTEinterfaceandWi-Fiinterface.FEinterfaces areintegratedontheMPUs,andtheseinterfacescanbeusedasWANinterfaces orLANinterfaces.Thisprovidestheexibleaccesscapabilityandimprovesthe price/performanceratio.
lTheZXR10ZSRV2usesahigh-availabilitydesign.TheACpowerandDCpower
areusedforredundancy.Thepowersupplymodules,fanmodules,andservice boardssupporthotswapping.Thesystemsoftwareusesthemodulardesignand newfunctionscanbeadded,whichimprovesstabilityandexibilityofthesystem. TheZXR10ZSRV2supportsavailabilitytechnologiessuchasOAMdetection,BFD foreverything,FRR,VRRP ,andlinkaggregation.
1-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 9
Chapter1ProductLocationandFeatures
lTheZXR10ZSRV2providesthecontrol-planesecurityfunction.TheZXR10ZSRV2
classiescontrol-planepackets,andperformsmulti-levelratelimitandscheduling. Thetrafcsuppression,protocolwhitelist,protocolauthenticationfunctionscan beset.TheZXR10ZSRV2supportsanti-DDOSattacks,anti-ARPattacks,and attack-sourcetracing,whichguaranteesequipmentsecuritytothemaximumextent.
lTheZXR10ZSRV2providestheACLfunctionandsupportsaL2andL3hybridACL
processingalgorithm.TheefcientACLprocessingcapabilityanduser-friendlyACL logstatisticsmanagementfunctionhelptoperformelaborateservicemanagement.
lTheZXR10ZSRV2usesareneddesign.TheZXR101800-2Susesadesktop
design,soitissmallandexible.TheZXR102800-4and3800-8useafront-outlet design,sothatmaintenanceandoperationscanbeperformedatonesideofeach device.TheZXR102800-4and3800-8canbeinstalledincabinetswhosedepth is300mmtosavespaceofequipmentrooms.TheZXR102800-4and3800-8also canbeinstalledinnarrowspacesuchasoutdoorcabinets,vehicle-mountedcabinets, basestations,andofcecabinetstoreduceoperationandmaintenancecosts.The ZXR102800-2EandZXR103800-3Ecanbeinstalledinacabinet600mmdeep. Theycanalsobeinstalledinoutdoorcabinets,vehicles,basestations,anddevice cabinetsinofces,sotheO&Mcostisrelativelylow.
WiredandWirelessAccess,AnytimeandAnywhere
Comparedwithaconventionalnetwork,awirelessnetworkhaslargercoverage.Itextends thenetworkaccessrange,andcanprovidesupplementaryforawirednetwork.Mobile ofceworkcanbeperformedthroughwirelessnetworks,whichremovesthetime-space bottleneck.Operatingasa4Grouter,theZXR10ZSRV2guaranteesnetworkreliability, andimprovesthenetworkbandwidthvalue.TheZXR10ZSRV2providesthefollowing functions:
lSupports3G(includingWCDMA,andTD-SCDMA)andLTE(includingTDDandFDD)
formats.
lProvidesbuilt-inwirelessmodules,plugandplayUSBcardsandspecialinterface
cardstomeetrequirementsofdifferentnetworkstructures.
lProvidesanextensionfeedertosolvethesignalcoverageproblemwhenthedeviceis
locatedinaequipmentroomcornerorofcecornerwherethewirelesssignalisweak.
lAwareof3G/LTEsignalstrengthanddetectslinkqualityinrealtimetoguaranteethe
customerSLA.
lProvidestheSmartDial-upControland24-hourbackupfunctions.ThexDSLor
3G/LTEstandbylinkcanbeconnectedbasedonpoliciestoprotectservicesor performloadsharing.Thisimprovesviabilityofnetworksandreliabilityofservices.
lUsesthemulti-linkloadsharingtechnology ,monitorsinterconnectedlinksofdifferent
carriers,andperformsintelligentroutingfordataowssenttotheInternet.This ensuresthatuserscanaccesstheInternetthroughoptimallinks.
lSupportsestablishingVPNchannelsin3G/L TEnetworks,whichimprovessecurityof
wirelesslinks.
lSupportsWi-Fiaccessand802.11b/g/nradiofrequencymodeadjustment,sothatthe
accessratecanbedynamicallyadjustedinaccordancewiththeenvironment.
1-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 10
ZXR10ZSRV2ProductDescription
lSupportstheguardintervaltoavoiddatainterference. lSupportsWi-FimultimediaandprovideswirelessQoS,whichguaranteesqualityof
applicationssuchasthevoiceandvideoservices.
lSupportsdifferentauthenticationmodes,includingnone,WEP ,WPA,WPA2(TKIP
andAES-CCMP),andWAPIhardencryption.
MultipleFunctions,ReducingCosts
TheZXR10ZSRV2providesdifferentfunctionstomeetrequirementsofdifferentnetwork structures.
lProvidestherouter,switch,rewall,AP ,NATgateway,andVPNgatewayfunctions.
Thefunctionscanbeloadedasneeded,whichprovidesaexibleplatformto implementoptimalservicedeployment.
lSupportstheGRE,IPSec,andMPLSVPNoverGREfunctionstomeetrequirements
ofVPNapplicationsindifferentnetworkstructures.
lSupportsMPLS,providesL2andL3MPLSVPNsolutions,andsupportsthePWE3
circuitsimulationtechnologytobearTDMtrafc.
lSupportsstatelessrewallandcontrolsincomingandoutgoingtrafc,which
guaranteesnetworksecurity.
lSupportshardware-basedQoSandH-QoS,andprovidesdifferentSLAsfordifferent
usersandservices,whichmeetsrequirementsofelaboratecontrol.
FlexibleExtensionandSmoothUpgrade
TheZXR10ZSRV2providesdifferentavailableforwardingengineswithdifferent performance,andupgradecanbeperformedsmoothly.Thisreducesusers'costsand meetsfuturenetworkrequirements.
lManagementandPacketForwardingUnits(MPFUs)withdifferentforwarding
performanceareprovidedfortheZXR102800andZXR103800.Thecardscanbe usedasneeded.Thisreducesthenetworkconstructioncosts,andsolvesproblems causedbyfutureperformanceupgrade.
lTheZXR101800-2EandZXR102800-3Efeaturedifferenttransferringperformance.
Userscanselectproductsasrequiredtoreducenetwork-constructioncost.
lTheZXR10ZSRV2supportstheIPv4andIPv6stacks,soIPv4andIPv6accesscan
beprovidedatthesametime.
lTheZXR10ZSRV2supports6in4,6to4and6in4tunnelstotransmitdatabetweenthe
IPv4networkandIPv6network.TheZXR10ZSRV2alsosupportsNAT444,NA T64 and6RDforsmoothevolutionfromIPv4toIPv6.
EaseofCommissioningandMaintenance,SupportingFastNetworkDeployment
TheZXR10ZSRV2providesavisualcommissioningandmaintenancemethodthat supportsconvenientandfastoperations,remotemaintenance,andany-timediagnosis.
lTheZXR10ZSRV2supportsUSBcommissioning,automaticconguration,
andin-batchversionupgradethroughNMS.Inthisway ,zero-touchautomatic conguration,in-batchdeployment,andeaseofmaintenancecanbeperformed.
1-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 11
Chapter1ProductLocationandFeatures
lTheZXR10ZSRV2supportsSQAtoperformreal-timenetworkqualitydetectionand
locationthroughICMP-echo,UDP ,TCP ,FTP,DNS,HTTPandSNMP .SQAcanbe usedtogetherwithVRRP ,staticroutes,interfacebackup,linkbackup,policyroutes andtheZXNPAtoprovidealarmsofdifferentlevelsbasedonautomaticnetwork performancethresholds,andperformgraphicdetectionandmanagement.
lTheZXR10ZSRV2supportsportmirroringandNetow1:1sampling,sothattrafc
canbedisplayedwithexplicitfeatures.Thisprovidesaneffectivemonitoringmethod foraccuratenetworkcontrolandoperation.
lTheZXR10ZSRV2supportsWEBGUInetworkmanagementandtheNetnumen
toimplementvisualservicedeploymentandmaintenance.TheZXR10ZSRV2 providesatoolforone-clickservicecreationandone-clockinformationcollection, whichhelpsnetworkadministratorstoperformquickserviceprovisioningand high-efciencymaintenance.
GreenEnergySaving
TheZXR10ZSRV2complieswiththegreenandenvironmentalprotectionideaindesign, researchanddevelopment,manufacturing,logistics,andprojects,andhelpsusersto constructlow-noise,low-energy,andhigh-efciencycommunicationnetworks.
lTheZXR10ZSRV2usesadvanced28nmchips,soperformanceisimprovedand
energyconsumptionisreduced.
lTheZXR10ZSRV2usesaexcelsiorhardwarestructuredesignandadvanced
submarine-levelmutingtechnology.
lTheintelligentfansystemautomaticallyadjuststhefanspeedinaccordancewith
systemoperation,whichreducesenergyconsumptionanddevicenoise.
lTheboardsandcardssupportsthesleepfunction,whichcomplieswiththeEEE
standard.Idleandlow-speedportsreduceenergyconsumptionby2/3,andreduce carbondioxideemissions.
lTheZXR10ZSRV2usesnonleadedgreenmaterials,andthemanufacturingprocess
strictlycomplieswiththeRoHSstandard.
1-5
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 12
ZXR10ZSRV2ProductDescription
Thispageintentionallyleftblank.
1-6
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 13
Chapter2
ProductStructure
TableofContents
ProductAppearance...................................................................................................2-1
HardwareStructure....................................................................................................2-5
SoftwareStructure......................................................................................................2-7

2.1ProductAppearance

Overview
Designedonamodularstructure,withhot-pluggableboardsandparts,theZXR10ZSR V2providesexibleextensibility.Theentiresetconsistsofasubrack,abackplane,a main-controlforwardingboard,alineinterfaceboard,apowermodule,andafansubrack.
ZXR103800-8ProductAppearance
ForthemaincomponentsoftheZXR103800-8chassis,seeFigure2-1.
Figure2-1MainComponentsontheFrontSideoftheZXR103800-8chassis
ForthefrontviewoftheZXR103800-8chassis,seeFigure2-2.
2-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 14
ZXR10ZSRV2ProductDescription
Figure2-2FrontViewoftheZXR103800-8chassis
ZXR102800-4Appearance
ForthemaincomponentsoftheZXR102800-4chassis,seeFigure2-3.
Figure2-3MainComponentsontheFrontSideoftheZXR102800-4chassis
ForthefrontviewoftheZXR102800-4chassis,seeFigure2-4.
Figure2-4FrontViewoftheZXR102800-4chassis
ZXR101800-2SAppearance
ForthemaincomponentsoftheZXR101800-2Schassis,seeFigure2-5.
2-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 15
Chapter2ProductStructure
Figure2-5MainComponentsontheFrontSideoftheZXR101800-2Schassis
ForthefrontviewoftheZXR101800-2Schassis,seeFigure2-6.
Figure2-6MainComponentsontheFrontSideoftheZXR101800-2Schassis
ForthebackviewoftheZXR101800-2Schassis,seeFigure2-7.
Figure2-7MainComponentsontheBackSideoftheZXR101800-2Schassis
Note:
BoththeZXR101800-2S(G)andtheZXR101800-2S(W)supportthewirelessfunction. Eachofthemisconguredwithawirelessmoduleandapairofantennas.Ifnowireless moduleiscongured,thechassishasnoantenna.
ZXR102800-3EAppearance
FortheappearanceoftheZXR102800-3Echassis,seeFigure2-8.
2-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 16
ZXR10ZSRV2ProductDescription
Figure2-8ZXR102800-3EAppearance
ForthefrontviewoftheZXR102800-3Echassis,seeFigure2-9.
Figure2-9ZXR102800-3EFrontView
Note:
Thesub-modelZXR102800-3E(G)isembeddedwithawirelessmoduleandsupportsthe wirelesscommunicationfunction.Twoantennasareinstalled.Whenthewirelessmodule isremoved,thereisnoantennaonthechassis.
ForthebackviewoftheZXR102800-3Echassis,seeFigure2-10.
Figure2-10ZXR102800-3EBackView
ZXR101800-2EAppearance
FortheappearanceoftheZXR101800-2Echassis,seeFigure2-11.
2-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 17
Chapter2ProductStructure
Figure2-11ZXR101800-2EAppearance
ForthefrontviewoftheZXR101800-2Echassis,seeFigure2-12.
Figure2-12ZXR101800-2EFrontView

2.2HardwareStructure

Note:
Thesub-modelZXR101800-2E(G)isembeddedwithawirelessmoduleandsupportsthe wirelesscommunicationfunction.Twoantennasareinstalled.Whenthewirelessmodule isremoved,thereisnoantennaonthechassis.
ForthebackviewoftheZXR101800-2Echassis,seeFigure2-13.
Figure2-13ZXR101800-2EBackView
Overview
ThehardwaresystemoftheZXR10ZSRV2consistsoffunctionalunitssuchastheMPFU, lineinterfacecard,high-speedbackplane,powersupplymodule,andfanmodule.These functionalunitsareinterconnectedthroughhigh-speedserialbusesandEthernetbuses.
2-5
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 18
ZXR10ZSRV2ProductDescription
OverallHardwareSystemStructure
InthehardwaresystemstructureoftheZXR10ZSRV2,theforwardingplaneandcontrol planeareseparated.
lTheMPFUisthesystemcore,anditcommunicateswithotherunitsthroughthe
backplane.
lTheengineoftheMPFUisamulti-coreCPU.Thecoresaredividedintoforwarding
coresandcontrolcores.Theforwardingcoresandothersystemunitsforma forwardinglogicalplanethatforwardspacketsandprocessesservices.Thecontrol coresandothersystemunitsformacontrollogicalplanethatperformsrouting protocolinteraction,routingcalculation,systemmanagement,andcontrolmessage synchronization.
lTheforwardingplaneandcontrolplaneareseparated,sotheimpactstoeachother
causedbyextensionofthefunctionsandperformanceinthetwoplanesarereduced totheminimumextent.Thisguaranteeshighexibilityofthesystem.
ThepowersupplyandfansystemsoftheZXR10ZSRV2usesthemodulardesign. Powersupplymodulesandfanmodulesareinstalledtosub-racksandconnectedtothe high-speedbackplane,whichachievesthenon-cabledesign.TheZXR102800-4and ZXR103800-8supportsACandDCpowersupplymodulesforredundancy.TheZXR10 1800-2SsupportsonlyoneACpowersupplymoduleoroneDCpowersupplymodule.
OperationalPrincipleoftheHardwareSystem
TheforwardingplaneandcontrolplaneoftheZXR10ZSRV2areseparated.Afterpackets areprocessedbythephysical-layerchipofalineinterfacecardandframeresolutionis performed,
lForacommonserviceow,thepacketsareforwardedtotheMPFU.Thetrafc
managementmoduleanddataforwardingmoduleintheMPFUsendthepacketsto theinterfaceonthedestinationlineinterfacecard.
lForprotocolpacketsorcontrolpackets,thepacketsareconvergedinthegigabit
Ethernetswitchingmodule.ThemanagementandcontrolmoduleintheMPFU interactswiththeprocessingunitonalineinterfacecardtoprocessthepackets.
MPFUsandLineInterfaceCards
TheMPFUisthecontrolnodeoftheZXR10ZSRV2.TheMPFUforwardspackets,and managesandmaintainstheentiredevice.TheMPFUconsistsofthepacketforwarding module,managementandcontrolmodule,clockprocessingmodule,andalarmmonitoring module.Itforwardspackets,andmanagesthesystemclocksource,controlplane,system maintenanceplaneandenvironmentalmonitoringplane.
ZXR102800-4andZXR103800-8providethreetypesofMPFUs:MPFU-A,MPFU-B,and MPFU-Cthatprovidedifferentforwardingperformancerespectively.TheMPFUsusethe modulardesign,supporthotswapping,andsupportforwardingplaneandcontrolplane separation.
2-6
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 19
Chapter2ProductStructure
TheMPFUsoftheZXR101800-2S,ZXR101800-2E,andZXR102800-3Earexedinthe chassis,soitdoesnotsupporthotswapping,butitsupportsforwardingplaneandcontrol planeseparation.
TheZXR10ZSRV2providesdifferentlineinterfacecardsandsupportsdifferentinterface ratesanddifferentnumbersofports,whichmeetsrequirementsofdifferentnetrorksand services.
ForadescriptionofMPFUsandlineinterfacecards,refertothe“HardwareDescription” oftheZXR10ZSRV2.
PowerSupplyModules
TheZXR10ZSRV2supportsACpowersupply(100Vto240V ,and50Hzto60Hz)and DCpowersupply(-72Vto-38V).TheZXR101800-2SsupportsonlyoneACpowersupply moduleoroneDCpowersupplymodule.Thepowersupplymoduleisxedinthedevice boxandcannotberemovedorinstalled.TheZXR102800-4,ZXR103800-8,ZXR10 1800-2EandZXR102800-3EsupportDCandACpowersupplymodulesforredundancy, andthepowersupplymodulescanberemovedandinstalled.

2.3SoftwareStructure

FanModules
ThereisaverticalfanmoduleontheZXR10ZSRV2.TheZXR10ZSRV2can automaticallyadjustthefanspeedinaccordancewiththesystemoperation,andsupports thefanstatemonitoringandalarmfunctions.TheZXR10ZSRV2usesdowndraughtheat dissipation.Codeairentersthedevicefromoneside,passesbytheboardsandpower supplymodules,andleavesthedevicefromtheotherside.
Overview
ThesoftwaresystemoftheZXR10ZSRV2isbasedonthesoftwareplatformwith proprietaryintellectualpropertyrights,whichcansatisfyvariousnetworkrequirementsin high-performanceandcomplexcommercialserviceenvironments.Thesoftwareplatform ownsawidesetofnetworkfeaturesestablishedoninternationalstandards.
OverallStructure
Fortheoverallsoftwarestructure,seeFigure2-14.
2-7
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 20
ZXR10ZSRV2ProductDescription
Figure2-14ZXR10ZSRV2OverallSoftwareStructure
ThemajorfunctionsofeachsubsystemintheZXR10ZSRV2softwarestructureare describedasfollows:
lHardwaredrivingsubsystem:providessoftwaredrivingforthemain-control
forwardingboard,thelineinterfaceboard,thebackplane,thefan,andthepower module.
lThedistributedoperatingsystemplatform:providesthereal-timeoperatingplatform.
AsthekerneloftheZXR10ZSRV2softwaresystemstructure,itmanagesthe hardwaresystemstructureoftheentiresystemandprovidesauniedoperating platformforapplicationprogramsontheentiresoftwaresystem.Itfeatureshigh reliability,real-time,self-recovery ,maintainability,andencapsulationfeatures.
lL2protocolsubsystem:providesthedrivingprogramoftheswitchingchip,L2link
control,andmanagementprotocols.ItalsoprovidessupportforL3protocols.
lIProutesubsystem:Asthekerneloftheroutersoftwaresystemstructure,itrunsIPv4
andIPv6routingprotocolssuchasRoutingInformationProtocol(RIP),OSPF ,BGP , andthemulticastroutingprotocol.Thissystemisinchargeofreceivingandstoring routinginformationintherouter,establishingtheglobalroutingtable,selecting, forwarding,andexchangingroutes,andmaintainingtheroutetable.
lUnicastroutingprotocolsubsystem:collectsthenetworktopologyinformationby
exchanginginformationwithotherroutersinthenetwork,formsanIPunicastrouting table,andnotiestheroutingtabletotheIPforwardingplanetoforwardunicastIP packets.
lMulticastroutingprotocolsubsystem:formsamulticastforwardingroutingtablefor
thebottomlayertoforwardmulticastdatapackets.
lSupportprotocolsubsystem:completesIPdataprocessing,ICMPprotocol
processing,AddressResolutionProtocol(ARP)processing,TransferControlProtocol (TCP)processing,UserDatagramProtocol(UDP)processing,T elnetguarding processandclientprogramprocessing,FileTransferProtocol(FTP)andTrivialFile TransferProtocol(TFTP)processingintherouter.Thesupportsubsystemprovides servicesfortheroutingsubsystemandthemanagementsubsystem.
2-8
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 21
Chapter2ProductStructure
lMPLSprotocolsubsystem:providesLDP,RSVPwithTrafcEngineeringextensions
(RSVP-TE),L2/L3VPN,andprovidesbasicMPLSfunctionsandlabelforwarding services.
lSecuritysubsystem:providesmultiplesecurityprotectionfunctionsontheequipment.
Itprovidesfunctionssuchaspacketltering,encryptionpassword,authentication, modicationofcongurationrequestlicenses,severalVPNtechnologies,Network AddressTranslation(NAT),MessageDigest5Algorithm(MD5),userauthentication, andstatisticstocompletelysatisfyequipmentguarantyanduserrequirementsfor secureapplications.
lAlarmstatisticalsubsystem:maintainsthecongurationforvariousstatisticalalarms,
savesvariousstatistics,andprovidesaqueryinterface.
lSNMPsubsystem:providesfunctionsoftheSNMPAgent,andsupportsallprotocol
operationsfortheSNMPAgentspeciedinSNMPV1/V2/V3.
lNetworkmanagementsubsystem:providesnetworkcongurationmanagement,fault
management,performancemanagement,andsecuritymanagementfunctionsforthe equipment,andcompletesthemanagementforservices,versions,congurationles, andvariouslogsinthelesystemoftheequipment.
lUsermanagementservicecontrolsubsystem:completesuseraccessand
managementfunctions,includeuserserviceconguration,andAuthentication, AuthorizationandAccounting(AAA)functions,PPPusermanagement,IPuser management,VPLSservicecontrol,andmulticastusermanagement.
lSystemmanagement:provideslemanagement,equipmentmanagement(for
thepowermoduleandthefanmodule),monitoringmaintenance,anddiagnosis debuggingfunctionstoensurethestableoperationalstateoftheequipment.
SoftwareFeatures
ThesoftwaresystemoftheZXR10ZSRV2usesthesoftwareplatform,whichisa multi-taskdistributedreal-timenetworkoperatingsystemthatprovidesuniedIPprotocol supportforallequipmentofZTE.Thesoftwaresystemplatformprovidesamatureand stablestructure,whichisprovidedbasedonservicerequirements.Consideringthe operationandmaintenancecost,serviceexpansibility,andapplicationrequirements,the softwaresystemplatformprovidesthefollowingfeatures:
lFineencapsulation
àSupportsseveraloperatingsystemsandsupportsthesmoothupgradeofthe
operatingsystem.
àSupportsauniformcongurationstyleforallZTEproductstofacilitateuser
operationandmaintenance.
lPowerfulmonitoringfunction
àMonitorsexceptionswithprocessesandthememory.
àMonitorstheoperationalstateorabnormalstateofthepowermodule,therotation
speedorineffectivenessofthefanmodule,thevoltage,thecurrent,andthe environmenttemperature.
2-9
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 22
ZXR10ZSRV2ProductDescription
àProvidesrapidtroubleshootingfunctionstoensurehighstabilityofproduct
versions.
lFlexiblemodularcomponentstructure
àSoftwarefunctionsbasedonthesoftwareplatformcanbeeasilyextendedor
removed,andnewfunctionscanbequicklydevelopedupontheoriginalstructure.
àSoftwarefunctionscanbeexiblycustomizedasrequiredtorapidlyrespondto
userrequirements.
lExtensionofnewcarrier-classEthernetservicesbasedontheuniformplatform
àSupportsL2andL3VPNmechanism,supportsHierarchyofVPLS(H-VPLS)to
satisfytherequirementoflayeredservicedeployment,andsupportsmulticast functionsinsidetheVPN.TheZXROSngplatformcanalsoproviderapidVPN deploymentthroughtheuniednetworkmanagementsystem,andcanrapidly deploymulticastservicessuchasuservideoandIPTV.
àProvidesacompleteQoSmechanismbysupportingtrafcclassication,trafc
labeling,trafcspeed-limit,trafcshaping,congestionmanagement,and congestionavoidancemechanisms.
àSupportsIPv4/IPv6dualprotocolstacks.TheZXROSngplatformsupportsthe
IPv4/IPv6transitionmechanisminvariousapplicationscenarios,suchasmanual generaltunnels,automatic6T o4tunnels,and6PE.
lOptimalmutualoperability ,incompliancewithmainstreamprotocolsandstandards
2-10
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 23
Chapter3
FunctionsandFeatures
TableofContents
IPv4RoutingProtocolsandIPBasicServices............................................................3-1
WANAccess..............................................................................................................
RoutingandSwitchingIntegration..............................................................................3-8
MPLS.........................................................................................................................3-9
VPN.........................................................................................................................
QoS.........................................................................................................................3-16
SecurityFeatures.....................................................................................................
NetworkReliability....................................................................................................3-24
IPv6Features...........................................................................................................3-26
NAT..........................................................................................................................
NetworkManagementFeatures...............................................................................
SystemOperationandMaintenance.........................................................................
3-6
3-10
3-18
3-31 3-31 3-33

3.1IPv4RoutingProtocolsandIPBasicServices

3.1.1UnicastRoutingProtocols

Overview
TheZXR10ZSRV2seriesproductsfullysupportsvariousIPv4unicastroutingprotocols, includingthestaticroute,theRIP ,theOSPF,theIS-IS,andtheBGP .
StaticRoute
Thestaticrouteismanuallyconguredbytheadministratortosimplifythenetwork congurationandimprovethenetworkperformance.Itisnormallyusedinascenario witharelativelysimplenetworkstructure.Whenafaultoccursinthenetworkorthe networktopologyischanged,thestaticrouteisnotchangedautomaticallyandneedsto bemanuallymodiedbytheadministrator.
TheZXR10ZSRV2seriesproductssupportsthecongurationofastaticroutebasedon thenexthoporontheegress.Italsosupportstheassociationbetweenstaticroutesand VRFinstances.
RIP
TheRIPisadynamicroutingprotocolforthedistancevectorbasedontheUDP .It periodicallybroadcaststheroutingtabletoitsneighbors,maintainstherelationship
3-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 24
ZXR10ZSRV2ProductDescription
betweenrouters,andcalculatesitsroutingtableinaccordancewithreceivedroutes.The RIPissimpleinoperationandisapplicabletosmall-scalenetworks.
TheZXR10ZSRV2seriesproductssupportsthefollowingRIPfunctions:
lBasicfunctionsoftheRIPv1/v2,suchashorizontalsplitting,poisonousreversion,
interfaceauthentication,routesummary,andredistributionofvariousrouting protocols.
lLoadsharingoftheRIP . lVPNaccessfunctionoftheRIP . lTheRIPManagementInformationBase(MIB)function.
OSPF
TheOSPFroutingprotocolisanInteriorGatewayProtocol(IGP)basedonlinkstate,which exchangesroutinginformationbetweenroutesinsidethesameAutonomousSystem(AS). TheOSPFisoneofthewidelyappliedIPv4IGProutingprotocols.
TheZXR10ZSRV2seriesproductssupportsthefollowingOSPFfunctions:
lBasicOSPFfunctions,includingbasicprotocolfunctions,neighborauthentication,
virtuallink,STUB,Not-So-StubbyArea(NSSA),type-3LinkStateAdvertisement (LSA)aggregation,type-5LSAaggregation,andredistributionofotherrouting protocols
lLoadsharingofOSPFroutes lVPNaccessandadvancedfunctions,includingsham-link lOSPF-TE lOSPFBFD lOSPFFRR lOSPFMIB
IS-IS
TheIS-ISroutingprotocolismadebytheInternationalOrganizationforStandardization (ISO)tosupporttheConnectionLessNetworkSevice(CLNS).AsanextensionoftheIS-IS, theIETFsupportstobeartheIProutinginformation.TheIS-ISisalsoanIGPbasedon thelinkstate.TheIS-ISisoneofthemostwidelyappliedIPv4IGProutingprotocols.
TheZXR10ZSRV2seriesproductssupportsthefollowingIS-ISfunctions:
lBasicfunctionsoftheIS-ISprotocol lExtendedfunctionsoftheIS-ISprotocol,suchasHostname,Overload-bit lLoadsharingofIS-ISroutes lVPNaccessoftheIS-IS lIS-IS-TE lIS-ISBFD lIS-ISFRR lIS-ISMIB
3-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 25
BGP
TheBGPisaninter-domainroutingprotocolbetweenASs,usedtoexchangethenetwork availabilityinformationbetweenASsrunningtheBGPprotocol.
TheZXR10ZSRV2seriesproductssupportsthefollowingBGPfunctions:
lBasicfunctionsoftheBGPprotocol,andenhancedfunctionssuchassession
authentication,routeoscillationsuppression,routereector,alliance,extended communityattribute,routeaggregation,androuteltering
lLoadsharingofBGProutes lMP-BGPfunction,supportingAFItypessuchasIPv4unicast,IPv4multicast,IPv4
labeled-unicast,IPv4mdt,IPv6unicast,IPv6multicast,IPv6labeled-unicast,and VPNv4
lBGPBFD lBGPFRR lBGPMIB

3.1.2MulticastRoutingProtocol

Chapter3FunctionsandFeatures
Overview
Multicastisapoint-to-multipointormultipoint-to-multipointcommunicationmode,in whichseveralreceiversreceivethesameinformationfromonesourceatthesametime. Multicast-basedapplicationsincludevideoconference,remotelearning,andsoftware distribution.
IGMP
ThroughtheInternetGroupManagementProtocol(IGMP),thehostnotiesthemulticast routeronitsnetworkofthegroupthatitjoinsorleaves.Thismeansthat,themulticast routerknowswhetherisanymulticastgroupmemberonthenetworkanddetermines whethertoforwardmulticastdatapacketstothisnetwork.Whenamulticastrouterreceives amulticastdatapacket,itchecksthemulticastdestinationaddressinthisdatapacketand forwardsdatapacketstointerfacesordownstreamroutersofmembersinthisgroup.
TheZXR10ZSRV2supportsIGMPv1,IGMPv2,andIGMPv3protocols.
PIM-SM
ThePIM-SMisapplicabletothefollowingsituations:
lGroupmembersarescatteredinawiderange. lNetworkbandwidthresourcesarelimited.
ThePIM-SMdoesnotdependonaspecicunicastroutingprotocol.
PIM-SMassumesthatallroutersonasharingnetworksectiondonotneedtosend broadcastpacketsandaroutercansendorreceivemulticastpacketsonlyafteritinitially requeststojoinamulticastgroup.
3-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 26
ZXR10ZSRV2ProductDescription
ThroughsettingtheRendezvousPoint(RP),thePIM-SMnotiesthemulticastinformation toallrouterssupportingthePIM-SM.InthePIM-SM,therouterexplicitlyjoinsorquitsa multicastgroup,sothenetworkwidthoccupiedbydatapacketsandcontrolpacketsis reduced.
PIM-DM
ThePIM-DMisamulticastroutingprotocolindensemode,whichtransmitsmulticast datainthe"push"mode.Itisapplicabletosmall-scalenetworkswherebroadcastgroup membersarerelativelydense.
PIM-SSM
TheProtocolIndependentMulticast-Source-SpecicMulticast(PIM-SSM)featuresall advantagesofthePIM-SMprotocol,exceptthatitdoesnotcreatethesharingtreebut createstheshortest-pathtreebasedonsources.ThePIM-SSMdirectlycreatesthe shortest-pathtreewhenitreceivesamembershipreportmessagefromaspecicsource tothegroup.
AsasubsetofthePIM-SM,thePIM-SSMisapplicabletothewellknownsource.The PIM-SSMisvalidbothinsideadomainandbetweendomains.ThePIM-SMneedstouse theMSDPprotocolforinter-domainmulticastrouting,whilethePIM-SSMdoesnotneed to.
StaticMulticast
Themulticaststaticrouteisusedinthescenariothatmulticastpacketsneedtobe forwardedinaccordancewiththespeciedpathinsteadoftheoptimalpathoftheunicast route.
Thestaticmulticastprovidestheegressandingressofuserstocongurethemulticast routingtabledirectly,andformsamulticastforwardingtableinaccordancewiththis conguration.Ifboththestaticmulticastrouteandthedynamicmulticastrouteexist, thestaticmulticastrouteispreferential.Thelogicalpositionofthestaticmulticastis equivalentinthePIM-SMandthePIM-DM,soitcanbeunderstoodasaspecialmulticast routingprotocol.Inaccordancewiththespecicapplicationenvironments,themulticast staticrouteperformsthefollowingfunctions:
lModiestheReversePathForwarding(RPF)route.Ingeneral,thenetworktopology
structureandthetransmissionofthemulticastarethesameasthoseoftheunicast. TheusercancongurethemulticaststaticroutetochangetheRPFroute,andcreate atransmissionpathdifferentfromtheunicastforthemulticastdata.
lConnectstheRPFroute:Whentheunicastrouteinthenetworkischanged,the
multicastdatacannotbeforwardedbecausethereisnoRPFroute.Theusercan congurethemulticaststaticroutetocreateanRPFroute,andcreatemulticastrouting entriestoguidetheforwardingofmulticastdata.
3-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 27
MSDP
TheMSDPisamechanismconnectingseveralPIMdomains.ItoperatesabovetheTCP protocoltoprovidethePIM-SMwiththeinformationofmulticastsourcesoutsidethePIM domain.
TheMSDPspeakerinsideaPIM-SMdomainusestheTCPconnectiontocreatetheMSDP neighborsessionrelationshipwithMSDPneighborsinotherdomains.WhentheMSDP speakerknowsaboutanewmulticastsourceinsidethelocaldomain(throughthePIM registrationmechanism),theMSDPcreatesaSourceActive(SA)messageandsends thismessagetoallMSDPneighbors.

3.1.3PolicyRouteandRoutingPolicy

PolicyRoute
TheZXR10ZSRV2supportspolicyroutestoforwarddatapacketsinaccordancewith speciedpolicies.
Thepolicyrouteprovidesapacketforwardingpolicy,inwhichthepacketsshouldbe matchedandmatchingitemsarelteredinaccordancewithfeatureeldsinthese packets.Operationsaresetfortheseobjects,includingtwotypes:
Chapter3FunctionsandFeatures
lRouteoptions,usedtomodifytheforwardingpath lPacketmodicationoption,usedtomodifyfeaturesoflteredpackets
Thepolicyrouteprovidestrafcengineeringtosomeextent,sothattrafcwithdifferent QoSordatawithdifferentnatures(suchasvoiceandFTP)runondifferentpaths.
RoutingPolicy
Theroutingpolicyisapolicyusedtoreleaseandreceiveroutes.Basedontherouting protocol,theroutingpolicychangesroutegeneration,release,orselectionresultsby changingsomeparametersorsettingaparticularcontrolmodeinaccordancewitha particularrule.
TheZXR10ZSRV2supportstheroutingpolicyonthefollowingroutes:RIP ,OSPF,IS-IS, BGP ,andVRF.
lDuringthereleaseofcontrolroutes,theroutingpolicyonlyreleasesroutessatisfying
thesetconditions.
lDuringthereceivingofcontrolroutes,theroutingpolicyonlyreceivesnecessaryand
validroutes,whichcontrolsthecapacityoftheroutingtableandimprovesthenetwork security.
lTheroutingpolicyltersandcontrolsintroducedroutes. lWhenaroutingpolicyintroducestheroutinginformationdiscoveredbyotherrouting
protocols,theroutingpolicyonlyintroducestheroutinginformationthatsatisesthe setconditions,anditalsosetsattributesoftheintroducedroutinginformationtomake itsatisfythisprotocol.
lTheroutingpolicysetsthecorrespondingattributesofroutesusedtoltertrafc.
3-5
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 28
ZXR10ZSRV2ProductDescription

3.1.4DHCPandDNS

DHCP
TheDynamicHostCongurationProtocol(DHCP)technologyperformscentralized dynamicmanagementandcongurationforusers.Basedontheclient/server communicationmode,theclientproposesacongurationrequest(parameterssuchas IPaddress,subnetmask,anddefaultgateway)totheserverandtheserverreturnsthe correspondingcongurationinformationinaccordancewiththepolicy.
DHCPusesUDPasthetransportprotocol.AhostsendsmessagestoPort67ofaDHCP server,andtheserverreturnsamessagetoPort68ofthehost.
TheZXR10ZSRV2supportsDHCPclient,DHCPrelay,andDHCPserverfunctionsto supportDHCPrequirementsunderdifferentscenarios.
DNS
TheDNSisadistributeddatabaseforTCP/IPapplicationprograms,whichisusedtomake conversionbetweendomainnamesandIPaddresses.WiththeDNS,theusercandirectly usethemeaningfuldomainnamesthatareeasytoremember,andtheDNSserverinthe networkresolvesthemintothecorrectIPaddresses.

3.2WANAccess

AsaDNSclient,theZXR10ZSRV2sendsDNSresolutionrequesttotheDNSserver, receivesresponsepacketsfromtheDNSserver,andsendsthemtousers.
PPP
ThePPPisawidelyusedWideAreaNetwork(WAN)protocolthatprovidesthe router-to-routerandhost-to-networkpoint-to-pointconnectionacrosssynchronousand asynchronouscircuits.ThePPPprovidesanentiresetofplanstosolveproblemsduring linkestablishment,maintenance,disconnection,upper-layerprotocolnegotiation,and authentication.
ThePPPincludestheLinkControlProtocol(LCP)andtheNetworkControlProtocol(NCP). Itnegotiateslinknegotiationandlinkmaintenanceonthepoint-to-pointinterface(suchas E1/T1/POS),andprovidestheupperlayerwithapacketencapsulationformatdifferent fromtheEthernetprotocol.
Forupper-layerprotocolpackets(suchasIPpacketsandMPLSpackets),thePPPonly encapsulatesa2-byteprotocoleldbeforethepacketandaddsaPPPheaderwithtwo xedvalues,meaning0xFF03.ThisPPPheadercanbecompressedinaccordancewith thenegotiationasneeded.
ThePPPnegotiationisdividedintotheLCP ,authentication(optional),andNCPphases. Forthelasttwophases,
3-6
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 29
Chapter3FunctionsandFeatures
1.Theauthenticationphaseisselectedasneeded.Itisnormallyusedtoauthenticate accessusersonarouterequipment.
2.NCPcontrolprotocolsincludetheIPControlProtocol(IPCP),IPv6CP ,MPLSCP, OSINLCP ,andtheBCP .TheIPCP(supportingtheIPv4)mustbenegotiated,while otherNCPprotocolscanbeselectedasneeded.AftersuccessfulIPCPnegotiation, theprotocolisuponthePPPport.
ComparedwithEthernetencapsulation,thePPPhasthefollowingfeatures:
lThebandwidthusageofthePPPishigher,whichismoreapparentforshortpackets.
Additionally,theencapsulationofPPPpacketheadersissimpler,andthepacket transceivingmechanismalsoremovesthecomplicatedMACheaderencapsulation andde-capsulationofEthernetencapsulation.
lHowever,theprotocolstatusmachineofthePPPismorecomplicatedthanthat
ofEthernetencapsulation.ThePPPinterfacesetstheprotocoltouponlyafter successfulnegotiation,andthentheupperlayercansendandreceiveservice packets.
ForthePPPinterface,theprotocolstatusisdownbydefaultwhenitiscreated.The portisuponlyafterthePPPlinkisnegotiatedsuccessfully.Bothpartiesperiodically sendLCPkeep-alivepackets.IfnoECHOresponseisreceivedforN(N>=1)keep-alive requestscontinuously,boththelinkandtheprotocolstatusaresettodown,whichtrigger recalculationandrouteupdateoperations.
ML-PPP
TheML-PPPisatechnologythatbindsseveralPPPlinkstoincreasethebandwidth.It canbeappliedoninterfacessupportingthePPP .
HDLC
TheHigh-levelDataLinkControl(HDLC)isabit-orientatedlink-layerprotocol.Parallel tolayer-2protocolssuchasthePPPandframerelay,theHDLCprovidesserviceswith differentrequirementsforupper-layerprotocols.
TheprominentfeatureoftheHDLCisthatthedatadoesnotneedtobeacharacterset. TheHDLCcanprovideapparenttransmissionforanybitstream.
FR
TheFrameRelay(FR)isahigh-performanceWANprotocolthatrunsonthephysicallayer andthedatalinklayerintheOpenSystemInterconnection(OSI)referencemodel.The FRisadatapacketexchangetechnology .AsasimpliedformoftheX.25,itsaves somecomplicatedfunctionsoftheX.25(suchasthewindowtechnologyandthedata retransmissiontechnology)andprovidestheerror-correctionfunctionwithhigher-layer protocols.ComparedwiththeX.25,theFRoperatesonbetterX.25equipment,which provideshigherreliability.TheFRstrictlycorrespondstothebottomtwolayersintheOSI referencemodel,andprovidesbetterperformanceandhighertransmissionefciencythan theX.25.
3-7
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 30
ZXR10ZSRV2ProductDescription
TheFRWANequipmentnormallyincludestheDataT erminalEquipment(DTE)andthe DataCircuitTerminalEquipment(DCE),whicharelocatedonbothendsoftheFR.The routerisnormallyusedastheDTE.
TheFRprovidesconnection-orientatedcommunicationonthedatalinklayer.Adened communicationlinkexistsbetweeneachpairofequipment,whichhasaDataLink ConnectionIdentier(DLCI).ServicesareprovidedthroughtheFRPermanentVirtual Circuit(PVC)thatisidentiedbytheDLCI.ThevalueoftheDLCIisnormallyspeciedby theFRserviceprovider.TheDLCIrangethatisavailabletousersis16to1007,while otherDLCIsarereservedfortheprotocol.
TheFRsupportsboththePVCandtheSwitchingVirtualCircuit(SVC).Atpresent,the PVCmodeismostlyusedintheFR.ThePVCisamanualmodeofconguringvirtual circuits,itissimple,highlyefcient,andmultiplexed.

3.3RoutingandSwitchingIntegration

Overview
Tomeetintranetrequirements,theZXR10ZSRV2provideshigh-densityEthernet switchingmodules,whichachievesseamlessintegrationofroutersandswitches.
TheZXR10ZSRV2supportstheVLAN,SuperVLAN,QinQ,SmartGroupfunctions.It supportsL2/L3modeswitchingonEthernetportstoachieveinter-boardL2switching. L2andL3congurationcanbecompletedonthesameinterface.TheZXR10ZSRV2 supportsL2functionssuchasSTPandbroadcaststormsuppression.
BroadcastStormSuppression
Ifbroadcastframesareendlesslyforwardedinanetworkandthenumberofbroadcast framesincreasesrapidly ,communicationinthenetworkisaffected.Thismeansthat abroadcaststormisgenerated,whichdegradesnetworkperformance.Throughthe broadcaststormsuppressionfunction,athresholdforbroadcastframesreceivedona portcanbeset.Whenthenumberofbroadcastframesexceedsthethreshold,theextra framesaredropped.Thispreventsabroadcaststorm,andguaranteesnetworkoperation.
TheZXR10ZSRV2supportsthefollowingstormsuppression:
lBroadcastpacketsuppression lMulticastpacketsuppression lUnknown-packetsuppression lRatelimitintwomodes:bpsandpps
STP
InaL2switchingnetwork,oncethereisaloop,packetsarecycledintheloopandthe numberofpacketsincreases.Thiscausesabroadcaststorm,andallavailablebandwidth isoccupied.Asaresult,thenetworkisunavailable.STPisaL2managementprotocol.
3-8
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 31
Chapter3FunctionsandFeatures
Itselectivelyblocksaredundantlinktoremovealoopinanetworkandprovidesthelink backupfunction.
Thesameasotherprotocols,STPisupdatedbasedonnetworkdevelopment.Atrst, IEEE802.1D-1998STPiswidelyused.BasedonSTP,IEEE802.1wRSTPandIEEE
802.1sMSTParedeveloped.
TheZXR10ZSRV2supportsSTP ,RSTP ,MSTP ,andtransparenttransmissionoverthese protocols.

3.4MPLS

LDP
TheMPLSisamulti-layerswitchingtechnologythatcombineslayer-2switching technologiesandlayer-3switchingtechnologies.Usinglabelsasthemodeofaggregating theforwardinginformation,theMPLSrunsundertheroutinghierarchy,supportsseveral upper-layerprotocols,andcanbeprovidedonseveralphysicalplatforms.
TheZXR10ZSRV2supportstheMPLStechnology,includingthefollowingfeatures:
lSupportsbasicfunctionsandthelabelforwardingserviceoftheMPLS,implements
theLDPsignalingprotocol.TheMPLSsignalingprotocolisinchargeof distributinglabels,establishingtheLSP ,andtransmittingparametersduringtheLSP establishmentprocess.
lSupportstheGracefulRestartfunctionontheMPLSsignalingprotocollayer,and
continuouslyforwardslabeldatawhentheprotocolisinterrupted.
lSupportstheMPLSPing/Tracertfunctions,anddetectstheavailabilityoftheLSP
throughMPLSechorequestandMPLSechoreplymessages.
lSupportstheLDPFRRfunction.TheZXR10ZSRV2canquicklyswitchdatatrafc
whentheLSPisinterrupted.
lSupportstheloadsharingfunctionoftheMPLSLSP . lSupportstheprocessingofmulti-layerlabels. lSupportsmanagementfunctionssuchastheLSPloopdetectionmechanism. lSupportstheMPLSCoSandsupportsthemappingbetweenIPpacketsintheT oS
domainandMPLSpacketsintheEXPdomain.
StaticTunnel
Thestatictunnelisatunnelmanuallyconguredbytheadministrator.Itdoesnotneedto betriggeredbytheMPLSsignalingprotocolorexchangecontrolpackets,soitconsumes fewresourcesandisapplicabletosmall-scalestablenetworkswithsimpletopologies.The tunnelcreatedthroughlabelallocationinstaticmodecannotbedynamicallyadjustedwith thechangeofnetworktopology,andneedstobemanuallyconguredbytheadministrator.
ThestatictunnelcommandneedstobeconguredoneachLabelSwitchRouter(LSR)of theentiretunnel,includingtheheadernode,interimnodes,andthetailnode.Servicescan beproperlyforwardedontheLSPofthistunnelonlyafterthetunneliscorrectlycongured onallnodes.
3-9
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 32
ZXR10ZSRV2ProductDescription
MPLS-TE
Networkcongestionisamajorproblemaffectingtheperformanceofthebackbonenetwork. Itisnormallycausedbecausenetworkresourcesareinsufcient,orthenetworkispartially congestedbecausetheloadofnetworkresourcesisnotbalanced.TheTrafcEngineering (TE)solvesthecongestioncausedbyunbalanceload.
TheMPLSTEisatechnologythatcombinestheTEtechnologyandtheMPLS.Through theMPLSTE,theserviceprovidercanaccuratelycontrolthetrafcpathtoavoidcongested nodes,whichsolvestheproblemthatsomepathsareoverloadedwhileotherpathsare idle,andtakingexistingbandwidthresourcesintofullutilization.Additionally,theMPLS TEcanreserveresourcesduringtheestablishmentoftheLSPtunnel,whichensuresthe QoS.
ThroughtheOSPFTEortheIS-ISTE,theMPLSTEestablishesalinkbandwidthresource databaseforallnodesintheMPLSnetwork,andusestheCSPFalgorithmtocalculation thetunnelestablishmentpathinaccordancewiththelinkbandwidthresourcedatabase andthetunnelconstraintconditions.TheMPLSTEnallyusestheRSVP-TEsignaling protocoltoestablishtheTEtunnelonthepathcalculatedbytheCSPFalgorithm.
TheZXR10ZSRV2supportsthefollowingMPLSTEfeatures:
lSupportsOSPFTEandIS-ISTE. lSupportsConstrainedShortestPathFirst(CSPF)algorithm. lProvidesbasicfunctionsoftheRSVP-TEprotocolinaccordancewiththeRFC,and
establishesandmaintenancestheTEtunnelbyexchangingPath/Resvmessages.
lProvideslinkprotectionandnodeprotectionfunctionsoftheRSVP-TEFRRprotocol
inaccordancewiththeFacilitymodedenedbytheRFC,sothattheLSPpossesses thelocationprotectioncapabilityoftheRSVP-TE.
lProvidestheGracefulRestartfunctiondenedbytheRFC,theExtensionstoGMPLS
RSVPGracefulRestart,andtherecoveryprocessingmechanismwhenseveral adjacentnodesarerestartedsimultaneously .
lSupportsRSVP-TEMIBfunction. lProvidesextendedfunctions,includingtheMakeBeforeBreak(MBB),re-optimization,
prioritypreemption,abstractrefreshing,automaticrouting,FA,hot-standby ,and authenticationfunctions.

3.5VPN

3.5.1IPSecandGRE

IPSecVPN
TheIPSecisanIP-layersecurityframeworkprotocoldraftedbytheInternetEngineering TaskForce(IETF),whichprovidesprotectionforthetransmissionofsensitivedatainan unprotectednetworkenvironment(suchastheInternet).TheIPSecdenestheformat andrelatedbasicstructureofIPdatapackets,whichprovidescondentiality,dataintegrity,
3-10
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 33
Chapter3FunctionsandFeatures
anti-replay,andenhancedidentityauthenticationfunctionsforthetransmissionofIPdata packetsduringnetworkcommunication.
lCondentialityindicatesthatuserdataisencryptedforprotectionandistransmitted
asencryptedtexts.
lDataintegrityindicatesthatthedataisnotmodiedduringthetransmissionprocess.
TheIPSecauthenticatesthereceiveddatatodeterminationwhetherthepacketis falsied.
lAnti-replayindicatesthattheIPSecdeterminationswhetheradatapacketis
duplicatedbycomparingtheslidingwindowonthetargethostwiththesequence numberinthereceiveddatapacket.Inthisway,itpreventsmalicioususersfrom interceptinganIPSecdatapacketandinsertingitintothesessionagain.
lSourceauthenticationindicatesthattheIPSecidentiestheidentityofthedatasender
throughthepre-sharedencryptionkeyortheRSAsignature.
TheIPSecusesthefollowingtwomajorframeworkprotocols:
lAuthenticationHeader(AH):TheAHisapacketheaderauthenticationprotocol,
providingdatasourceauthentication,dataintegritycheck,andpacketanti-replay functions.TheAHprotocoldoesnotencryptprotecteddatapackets.
lEncapsulationSecurityPayload(ESP):TheESPprotocolprovidesboth
authenticationfunctionsandtheencryptionfunction.TheESPprovidesthesame authenticationfunctionsastheAHprotocol(exceptthatthedataintegritycheck oftheESPdoesnotincludeIPpacketheaders),andalsoprovidestheencryption functiontoimprovethesecurityofIPdatapackets.
TheIPSectransmitsIPdatapacketsunderthefollowingtwomodes:
lTunnelmode:Intunnelmode,theAHorESPisinsertedbeforetheoriginalIPheader
andanewIPheaderisformedbeforetheAHorESP .Thetunnelmodeisusedto connecttwosecuritygateways(suchasrouters).
lTransmissionmode:Intransmissionmode,theAHortheESPisinsertedaftertheIP
headerbutbeforethetransmission-layerprotocol.Thetransmissionmodeismainly usedforend-to-endconnectionbetweenhosts.ItusestheaddressintheoriginalIP packetheaderforaddressing.
TheZXR10ZSRV2hasthefollowingIPSecfeatures:
lSupportstocreatethesecurityassociationmanuallyorintheIKEdynamicassociation
mode(isakmp).
lSupportstheIKEv1encryptionkeynegotiationandexchange.TheIKEsupportsthe
followingsecuritymechanisms:
àDife-Hellman(DH)exchangeandencryptionkeydistribution:TheDHalgorithm
isapublicencryptionkeyalgorithm,withwhichbothcommunicationparties calculatethesharedencryptionkeybyexchangingdatabutnottransmittingthe encryptionkey.Theencryptionprerequisiteisthatbothpartiesexchangingthe encryptiondatamusthaveasharedencryptionkey.
àPerfectForwardSecrecy(PFS):ThePFSisasecurityfeatureindicatingthat
thesecurityofotherencryptionkeysisnotaffectedafteroneencryptionkeyis
3-11
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 34
ZXR10ZSRV2ProductDescription
decrypted,becausetheseencryptionkeysarenotderivedfromeachother.The encryptionkeyforthesecondphaseoftheIPSecisexportedfromthatofthe rstphase.IftheIKEencryptionkeyoftherstphaseisstolen,theattackermay collectenoughinformationtoexporttheIPSecSAencryptionkeyofthesecond phase.ThePFSensuresthesecurityoftheencryptionkeyinthesecondphase byexecutinganadditionalDHexchange.
àIdentityauthentication:Itmeansthattheidentitiesofbothpartiesareconrmed.
TheZXR10ZSRV2supportsthepre-sharedkeyvericationmode,inwhichthe validationwordisusedtocreatetheencryptionkey.Ifthevalidationwordis different,thesameencryptionkeycannotbecreatedonbothparties.
àIdentityprotection:Theidentitydataisencryptedandtransmittedafterthe
encryptionkeyisgeneratedtoprotecttheidentitydata.
lSupportstheAHprotocolandtheESPprotocol.Bothprotocolscanbeusedtogether. lSupportsthetransmissionofdatapacketsintunnelmodeandintransmissionmode. lSupportsthefollowingtwogeneralhashalgorithmstoensurethatthedataisnot
modiedduringthetransmission:
àHMAC-MD5:usesthe128-digitencryptionkeytocalculatethehash.
àHMAC-SHA-1:usesthe160-digitencryptionkeytocalculatethehash.
lSupportsencryptionalgorithmssuchastheDES-CBC,3DES-CBC,AES-128-CBC,
AES-192-CBC,andAES-256-CBC.
lSupportstheDPDdetectionoftheIPSec. lSupportstheNATtraversingoftheIPSec. lSupportstheIPSec+GREnetworkarchitecture. lSupportstheIPSectobeassociatedwiththeVRF .
GREVPN
TheGREprotocolencapsulatesparticulardatapacketsofthenetwork-layerprotocol,so thattheseencapsulateddatapacketscanbetransmittedintheIPv4network.
Whentherouterreceivesanoriginaldatapacket(Payload)thatneedstobeencryptedand routed,theGRErstencapsulatesthispacketintoaGREpacketandthenencapsulates itintheIPprotocol.TheIPlayerwillthenbefullyresponsibleforforwardingthispacket. Theprotocoloftheoriginalpacketiscalledthepassengerprotocol,theGREiscalledthe encryptionprotocol,andtheIPpacketinchargeofpacketforwardingiscalledthedelivery packetorthetransportprotocol.TheGREdoesnotcareforthespecicformatorcontents ofthepassengerprotocolduringtheaboveprocesses.
TheGREhasthefollowingadvantages:
lThemulti-protocollocalnetworkcantransmitpacketsoverthebackbonenetworkof
asingleprotocol.
lDiscontinuoussubnetsareconnectedtoestablishaVPN. lTheworkscopeofthenetworkisextendedtoincludeprotocolsrestrictedbythe
routinggateway.
3-12
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 35
Chapter3FunctionsandFeatures
IPSecNAT
Inanetwork,ifthereareroutersbetweentwoIPSecrouters,theIPSecroutersmust supportIPSecNAT,sothatNAT -TnegotiationisperformedthroughIKEandESPpackets canbeencapsulatedanddecapsulatedthroughUDP .Figure3-1showsanIPSecNA T application.
Figure3-1IPSecNAT
GREOverIPSec
AnIPSectunnelsupportsunicastonly ,andcannotprotectbroadcastdata.GREsupports encapsulationfornon-IPpackets,IPmulticastpackets,andIPbroadcastpackets. Therefore,GREOverIPSeccanbeusedtoprotectbroadcastdatainaGREtunnel.GRE OverIPSecisusedinapplicationscenariowhereroutingprotocolsneedprotection,see
Figure3-2.
Figure3-2GREOverIPSecVPN
3-13
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 36
ZXR10ZSRV2ProductDescription

3.5.2MPLSVPN

Overview
TheMPLSVPNprovidesdatasecrecyoftheISPandsupportstouseanon-unique dedicatedIPaddressintheVPN.TheVPNforwardingtableincludesthecorresponding labelforVPN-IPaddress,throughwhichthedataistransmittedtothecorresponding location.
TheMPLSVPNhasthefollowingadvantages:
lThecongurationofVPNconnectionissimple,soitimposesnopressureuponthe
existingbackbonenetwork.
lItdoesnotimposeanyrequirementuponexistingusers,sousersdonotneedtomake
anymodication.ThecongurationforaddingauserintotheVPNisalsosimple.
lItprovidespowerfulnetworkextensibility. lVPNuserscancontinueusingoriginaldedicatedaddresseswithoutmakingany
modication.TheVPN-IDisusedonthebackbonenetworktomaintainuniqueness intheentirenetwork.
lItiseasiertoprovidevalue-addedservices,suchasdifferentCOSs.
MPLSL2VPN
TheZXR10ZSRV2supportstheMPLSL2VPNinMartinimode.ItusestheVC-Type andtheVC-IDtoidentifyaVirtualCircuit(VC).TheZXR10ZSRV2supportsthefollowing functions:
lUsestheLDPprotocolasthebasicsignaling. lSupportsboththeVPWSandtheVPLSL2VPNservices. lSupportstheL2VPNMIB. lSupports129-typeFECencoding. lSupportsthePseudoWire(PW)classconguration,heterogeneousstructure,status
Tag,Length,V alue(TL V),VirtualCircuitConnectivityVerication(VCCV),andcontrol eldcongurationfortheVPWSservice.
lSupportstheL2VPNreectorfortheVPLSservice. lSupportstheL2VPNGracefulRestartfunction. lSupportstheMACaddresslteringandrestrictionfunctions. lSupportsPWE3. lSupportsCESoPSN. lSupportsSAToP. lSupportsL2VPNandL3VPNBridgeFunction.
MPLSL3VPN
TheZXR10ZSRV2supportstheL3VPNbasedontheMPLS/BGP .Itusesexistingpublic networkresourcestoprovideuserswithservicesofthevirtualanddedicatednetwork,
3-14
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 37
satisfyingusers'servicerequirementsandsecurityrequestsfortransmittingprivatedata onthepublicnetwork.
TheZXR10ZSRV2supportsthefollowingMPLSL3VPNfunctions:
lSupportsdynamic(BGP ,RIP ,OSPF ,IS-IS)andstatic(staticroute)VPNaccesses. lSupportspolicycontrolssuchasRTrewritingandSOO. lSupportsseveralcross-domainVPNmodes. lSupportstheVPNroutingrestrictionfunction. lSupportstheVPNFRR.

3.5.3SmartDialControl

SmartDialControl(SDC)isadial-on-demandbackuptechnologyusedtointerconnect routersthroughthePSTN,ISDN,ora3Gwirelessnetwork.
Dialondemand:Noconnectionispre-establishedbetweentworouters.Whendataneeds tobetransmittedbetweentherouters,theSDCowisstartedtoestablishaconnection, andthenmessagescanbetransmitted.Whentheconnectionisidle,SDCautomatically disconnectstheconnection.
Chapter3FunctionsandFeatures
Thedial-on-demandfunctionprovidedbySDCisexible,economical,andefcient. Inactualapplications,SDCisusedasbackuptoprovideguaranteeformainline communication.Itprovidesanalternativeauxiliarychannelwhencommunicationfails onamainlineduetoalinefailureoranotherfault,whichensuresthatservicescanbe providedproperly.
TheSDCmoduleprovidesthefollowingfunctions:
lDialingbackupfunction
àDialingbackuptriggeredbyafailedactivelink(orinterface):Aftertheactivelink
(orinterface)isinvalidforaperiod,thestandbyinterfacedials,andthestandby linkisactivated.Whentheactivelink(orinterface)isrecoveredforaperiod,the standbylinkisdisconnected.
àDialingbackuptriggeredbyanoverloadedactivelink(orinterface):Whenthe
loadontheactivelink(orinterface)exceedsthespeciedpercentageofthe linkcapacity ,thestandbyinterfacedials,andthestandbylinkisactivated.The standbylinkoperatestogetherwiththeactivelink.Whentheloadontheactive link(orinterface)isreducedtothespeciedpercentageofthelinkcapacity,the standbylinkisdisconnected.
àLinkbackupthroughroutedetection:WhentheSDCmoduledetectsthatsome
routesthatneedbackuparelost,dialingistriggeredandbackuproutestothe specieddestinationaregenerated.
lDial-on-demandfunction
àPermanentdialing:Afterpermanentdialingisconguredonadialinginterface,
dialingisimmediatelytriggereduntildialingissucceeded.
3-15
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 38
ZXR10ZSRV2ProductDescription

3.6QoS

àAutomaticdialing:Whenadeviceisstartedupandthephysicaldialinginterface
isup,automaticdialingistriggered.
àManualdialing:Manualdialingcanbeperformedordisabledthroughcommand
conguration.
àTriggereddialing:Flowsreceivedonaroutercanbedividedintotriggeringows
andnon-triggeringows.Foratriggeringow,ifnoconnectionisestablished, therouterestablishesadialingconnectionwiththeremoterouter.Fora non-triggeringow,therouterdoesnotcalltheremoterouter.
Overview
Withthepopularizationofdiverseservices(voices,data,andvideo)anthecontinuous progressoftheFixedMobileConvergence(FMC)process,themultiservicebearernetwork isrequiredtoprovidedifferentialservicesfordifferentservicesanddifferentusers,sothat itcandistinguishservicesandguaranteetheQoSofuserservicesinaccordancewiththe ServiceLevelAgreement(SLA).TheQoSguarantyisprovidedundervariousapplication modelstoprovideend-to-endQoS,sothatthenetworkcansenseandmanageservices, providedelicateoperationofservices,andnallyimproveusers'serviceexperiences.
StreamClassicationandLabeling
Inaccordancewithserviceclassicationpolicies,includingthedestinationMAC,source MAC,VLANID,802.1P ,TypeOfService(T oS)/DSCP,andtheIPquintuple(protocol type,destinationIP ,sourceIP ,destinationportnumber,andsourceportnumber),service packetsaredividedintoseveralprioritiesortypes.Additionally,theCoSofEthernet packets,theT oSofIPpackets,andtheEXPeldofDSCPorMPLSpacketsarelabeled toprovideclass-basedscheduling,congestionmanagement,andtrafcreshaping.
TrafcSupervision
Throughthetokenbucketalgorithm,thetrafcenteringthenetworkisrestrictedwithina correctrange.TheZXR10ZSRV2supervisesandpunishestheexceedingtrafc,such asdiscardingpackets,coloringpackets,orresettingpacketpriorities,toprotectnetwork resourcesandcarrier'sprots.
TheZXR10ZSRV2supportstheSingle-rateThreeColorMarker(SrTCM)andTwo-rate ThreeColorMarker(TrTCM)coloringalgorithms,andsupportstheColor-Blindand Color-Awarecoloringmodes.TheZXR10ZSRV2supportsport-basedandstream-based coloringmodes,andcanapplythemineithertheingressortheegress.
TrafcReshaping
Thetrafcreshapingfunctioncachesandsendsegresstrafcoutatarelativelyeven speed,sothatthetrafcratesatisestheprocessingcapabilityofdownstreamequipment.
3-16
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 39
Chapter3FunctionsandFeatures
TheZXR10ZSRV2supportsport-basedandqueue-basedtrafcreshaping.
Queuing
Thequeuingtechnologysolvesthecongestionofnetworknodesthroughaseriesof schedulingalgorithms.High-prioritypacketsareforwardedpreferentially,whilelow-priority packetsalsogetthecorrespondingschedulingchancesfairly.
TheZXR10ZSRV2supportsthePQ,theWeightedFairQueuing(WFQ),andtheCBWFQ modes.
CongestionAvoidance
Becausetheprocessingcapabilityandcachingcapabilityofthenetworkequipmentare limited,packetsaboveequipmentcapabilitiesmaycausenetworkcongestion.Ifthese packetsarediscardedsimply ,theglobalsynchronizationsymptomoccurs.
TheZXR10ZSRV2avoidscongestioninRED/WREDmodetoimprovethenetworkquality. TheWREDcansenseservices,includingtheIPpriority,DSCP ,andMPLSEXP ,andsets differentearlier-phasediscardingpoliciesforpacketswithdifferentpriorities.Thismeans that,itprovidesdifferentialdiscardingfeaturesfordifferentservices.
MPLSQoS
TheZXR10ZSRV2supportsthefollowingMPLSQoSfeatures:
lSupportstheMPLSQoSbasedontheDiff-Servmodel.TheMPLSQoScompletes
theprioritymappingbetweenMPLS,IP ,andEthernetpackets,anddistinguishesdata streamsofdifferentservicesinaccordancewiththeEXPinthelabel.Thismeansthat, itprovidesdifferentialservicesandensurestheQoSforvoiceandvideoservices.
lSupportsthreestandardcarrierMPLSQoStunnels:UniformTunnel,PipeTunneland
ShortPipeTunnel.
lCombinestheMPLS-TEandtheDiff-Serv,sothattheIP/MPLScorenetworkowns
serviceidenticationcapabilities.Thetunnelisalsoestablishedtoensurethe bandwidthforhigh-priorityservices.
lSupportsQoSschedulinginsidetheMPLSVPN,andensuresthatkeyVPNservices
areforwardedpreferentiallybyachievingDiff-ServinsidetheVPN.
lDistinguishesPWsinaccordancewithuserservicesandmapstheservicePWto
thecorrespondingMPLStunnel.Byachievingservice-basedend-to-endQoSthatis easiertobedeployedandplansthebandwidth,theZXR10ZSRV2providesoperation guarantyforthedifferentialmanagementandservicesofmultipleservices.
H-QoS
Throughhierarchalschedulinganduniedcentralizedconguration,theH-QoSprovides delicateQoSforhigh-qualityservicesandusers,reducestheconstructioncostofthe equipmentaccessedintothenetwork,andsimpliesthemaintenancecostoftheentire network.Additionally ,theH-QoSimprovestheQoSoftheentirenetwork.
3-17
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 40
ZXR10ZSRV2ProductDescription

3.7SecurityFeatures

3.7.1ACL

TheH-QoSprovidesdelicateschedulinginhierarchalmodeandprovidesreliableservice supportforuserstodeploymultipleservices.
TheZXR10ZSRV2supportsthefollowinghierarchalQoSfeatures:
lSupportsmulti-hierarchytrafcmanagementthroughsettingmulti-hierarchy
scheduler,meetingnetworkdeploymentrequirements.
lSupportsmulti-user,multi-service,andmulti-trafcclassicationrequirementsto
performcongestionavoidanceandtrafcshaping.
lSupportspacketmarkinginH-QoSqueuescheduling. lSupportstrafcstatisticsforserviceschedulinginthehierarchalQoSandprovides
visualizedmanagementofthetrafcservicemodel.Thismeansthat,themaintenance andmanagementpersonnelhavebetterunderstandingofthenetwork.
AnACLisusedtopermitordenypacketowsbasedonconguredrules.Packetltering rulesdeterminetheACLtype.ACLrulescanbedenedbasedonthefollowingconditions:
lMACaddress lVLAN lSourceIPaddress lDestinationIPaddress lSourceportnumber lDestinationportnumber lTransport-layerprotocolnumber lT oS lTimerange
AfteranACLiscreated,itmustbeappliedonaninterface.Dataowsonaninterfaceare bidirectional,sothedirection(inputoroutput)mustbespeciedwhenanACLisapplied onaninterface.
TocongureanACLonaninterface,anACL,theinterfaceonwhichtheACLisapplied, andthedirectioninwhichtheACLisappliedontheinterfacemustbedened.TheACL operationprocedureisasfollows:
1.TheACLtypeisidentiedthroughtheACLserialnumber.Packetsarecheckedbased ontheACLtodeterminewhetherthepacketscanpasstheinterface.
2.ACLrulesareusedforcheckingpacketsinaccordancewiththecongurationorderof therules.Rulesconguredrstareusedforcheckingpacketsrst.
3.Oncethepacketsmatcharule,therouterstopscheckingthepackets.
4.Forthematchedpackets,whetherthepacketsareallowedtopasstheinterface dependsonthecorrespondingaction(permitordeny)conguredfortherule.
5.Ifthepacketsmatchnorule,thedefaultruleisused,thatis,thepacketsaredisallowed topasstheinterface.
3-18
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 41
TheZXR10ZSRV2providesthefollowingACLfeatures:
lSupportsstandardACLsandextendedACLs lSupportsL2ACLs,L3ACLs,andL2/L3hybridACLs lSupportsACLtimerange lSupportsACLlogstatistics lSupportscollectingstatisticsonthehitrate lSupportsACLbindinginbatches

3.7.2Anti-Attack

IPSourceAttackDefense
TheZXR10ZSRV2supportsthefollowingIPsourceattackdefensemechanisms:
lIPandMACbinding:Inaccordancewithconguration,abindingrelationshipcanbe
establishedbetweenthespeciedIPaddressandMACaddress.Forpacketswiththe speciedIPaddress(source),iftheMACaddressisdifferentfromtheboundMAC address,thepacketsaredropped.ThispreventsattacksbypacketswithfalseIP addresses.
lARPscanning:StaticIPandMACassociationtablecanbegeneratedinbatches
throughtheARPscanningfunction.
lIPsourceguard:WhentheZXR10ZSRV2isusedasaL2device,abindingtable
canbeusedtoguardIPsourcecheat.
Chapter3FunctionsandFeatures
ARPAttackDefense
TheZXR10ZSRV2supportsthefollowingARPattackdefensemechanisms:
lUsesperiodicgratuitousARPpackets,sothatusers'packetcanbeproperlyforwarded
lUsesstrictARPleaningtopreventARPcheat. lUsesARPprotectiontopreventARPcheat. lUsesdynamicARPinspectiontopreventARPcheat. lUsesARPpacketsuppressiontopreventARPooding. lUsesARPMissmessagesuppressiontopreventARPooding.

3.7.3Firewall

SecurityZone
TheZXR10ZSRV2supportssecurityzones,includingtheDMZ.Allsecuritypoliciesare implementedbasedonsecurityzones.Aftersecurityzonesarecongured,therewall functioncanbeconguredinthesecurityzones.Securityzonecongurationincludesthe securityzonename,priority,interfaceaddedtothesecurityzone,andtheDMZ.Ingeneral, aDMZisalteringsubnetthatprovidesasecurityzonebetweenaninternalnetworkand externalnetwork.
togatewayswithoutbeingattackedorintercepted.
3-19
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 42
ZXR10ZSRV2ProductDescription
Packet-FilteringFirewallandFragmented-MessageFiltering
PacketscanbelteredthroughACLconguration.Packetsarelteredbasedon informationsuchastheprotocolnumberoftheupper-layerprotocoloperatingoverIP , sourceIPaddress,destinationIPaddress,sourceportnumberanddestinationport numberinapacketandthepackettransmissiondirection.
Packetlteringisusedintherewallfunction.T oforwardapacket,theZXR10ZSRV2 retrievesinformationintheheaderofthepacketandchecksthepacketbasedontheACL rules.TheZXR10ZSRV2determineswhethertoforwardordropthepacketbasedonthe comparisonresult.
Packetlteringsupportsfragmented-messageltering.Thepacketlteringrewall identiespackettypes,suchasnon-fragmentedmessage,rstfragmentedmessage,and non-rstfragmentedmessage.Alltypesofpacketsareltered.
StatefulFirewall
Statefulrewallisanextensionofthepacket-lteringrewall.Ittakeseachpacketasan independentunittoperformACLcheckandltering,andalsoconsidersapplication-layer associativitybetweenpackets.
lThestatefulrewallusesdifferentstatetablestomonitorTCPsessionsorUDP
sessions.TheACLdeterminesthesessionsthatareallowedtobeestablished.Only thepacketsrelatedtotheallowedsessionsareforwarded.
lForaTCPsessionorUDPsession,thestatefulrewallanalyzestheapplication-layer
stateinformationaboutpackets,andlterspacketsthatdonotmatchthecurrent application-layerstate.
lThestatefulrewallhastheadvantagesofthepacket-lteringrewallandproxy
rewall,providingthehighspeedandsecurity.
Thestatefulrewallperformslteringforapplication-layerpackets,meaningstate-based packetltering.Thestatefulrewallcandetecttheinformationabouttheapplication-layer protocolsessionthatwantstopasstherewall.Thestatefulrewallmaintainsthesession stateandcheckstheprotocolnumberandportnumberofsessionpackets.Ifthepackets donotmatchrules,thepacketsaredisallowedtopasstherewall.Thestatefulrewall maintainsthestateinformationabouteachconnectiontodynamicallydeterminewhether toallowpassingthepacketsordropthepackets.Thestatefulrewallalsocanmonitor variousapplication-layerprotocoltrafc.
Blacklist
ThebacklistisusedtolterpacketsbasedonsourceVPNandsourceIPaddress.The packeteldscheckedbytheblacklistaresimplerthanthosecheckedbyACLs,sopackets canbelteredathighspeeds.Inthisway,packetssentfromthespeciedIPaddresses areshielded.Theblacklistcanbestaticallyconguredordynamicallygeneratedbythe rewall.
BesidestheIPaddressesstaticallyconguredintheblacklist,whentheZXR10ZSRV2 detectsthatthereareIP-scanningattacksorport-scanningattacksfromthespecicIP
3-20
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 43
Chapter3FunctionsandFeatures
address,thisIPaddressisaddedtotheblacklist.Iftheblacklistfunctionisenabled, anypacketsformtheIPaddressareltered.Theagingperiodofthestaticblacklistand dynamicblacklistcanbecongured.Whenpacketsmatchtheblacklist,evenifthepackets arepermittedinaccordancewiththeACLrules,therewalldropsthepackets.
Blacklistcongurationcanbeexportedtoale,andblacklistcongurationcanbeimported throughale.
WhiteList
IftheIPaddressandVPNofahostareaddedtothewhitelist,therewalldoesnotperform IP-scanningattackcheckorport-scanningattackcheckforpacketssentfromthehost.The rewalldoesnotaddtheIPaddresstodynamicblacklist,andtheIPaddresscannotbe addedtothestaticblacklist.
Afterreceivingapacket,theZXR10ZSRV2checkswhetherthesourceIPaddressofthe packetisinthewhitelist.Ifyes,theZXR10ZSRV2doesnotperformIP-scanningattack checkorport-scanningattackcheckforthepacket,anddoesnotaddtheIPaddresstothe dynamicblacklist.Othersecuritylteringproceduresareperformed,suchasACLpacket ltering,statefulrewall,andtrafcstatisticsandmonitoring,whichachievestheoptimal securitylteringeffects.
Theagingperiodcanbeconguredforthewhitelist.Whitelistcongurationcanbe exportedtoale,andwhitelistcongurationcanbeimportedthroughale.
Anti-DDOSAttack
Asthenetworkenvironmentbecomesmoreandmorecomplicated,asthecorepart processingvariouscomplicatedprotocoldatapackets,thecontrol-layerprocessorofthe routerequipmentiseasiertobeattackedbynetworkbroadcaststorms,PINGooding, andTCPsynooding.TopreventtheseattacksfromaffectingtheCPUandevenleading toserviceerror,pause,orinterruption,theZXR10ZSRV2providesaexibleand completestream-controlmechanismforthetrafcenteringthecontrollayer.
lTheZXR10ZSRV2dividesreceivedCPUtrafcintoseveralqueueswithdifferent
prioritiestoensurethatimportantprotocolpackets,suchastheBGPandtheOSPF, andcustomizeddatapacketsareprocessedpreferentially.Eachqueuesetsdifferent thresholdsfordifferentpackettypes.
lTheZXR10ZSRV2supportsCARspeedlimitforthetrafcsentfromthephysical
ingressports.
lTheZXR10ZSRV2supportstheCARspeedlimitforcustomizedpacketsin
accordancewiththesourceaddress,protocoltype,TCP/UDPportnumber,andthe physicalingressportnumber.
lTheZXR10ZSRV2supportsthecongurationofthenumberofpacketssentper
secondandtheirprioritiesinaspecicrule.
lTheZXR10ZSRV2supportsthefunctionofdetectingexceptionsforpacketssent
fromlogicalports.TheZXR10ZSRV2checksthespeedofallreceivedpackets onlogicalports,stopsthepacket-receivingoperationontheportwhenitndsthat
3-21
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 44
ZXR10ZSRV2ProductDescription
thetrafcsentontheportreachesthespeciedthreshold,extendstheoperation appropriately,andthencontinuesreceivingpackets.
Throughdividingandtreatingdatapacketswithdifferentpriorities,themulti-queue sendingtechnology,thecongurationoftheportsendingpolicy,andthespeedlimitfor sentstreams,theZXR10ZSRV2effectivelyensuresthatimportantdatapacketswith higherprioritiesaresentpreferentially ,andshieldsattacksfromerrorpackets.
Anti-DOSAttack
TheZXR10ZSRV2supportsthefollowinganti-DOSattackmechanisms:
lLANDattackdefense lSmurfattackdefense lWinNukeattackdefense lSYNoodattackdefense lICMPoodattackdefense lUDPoodattackdefense
Anti-ScanningAttack
TheZXR10ZSRV2supportsthefollowinganti-scanningattackmechanisms:
lPing-deathattackdefense lLarge-ICMPattackdefense lICMP-unreachableattackdefense lICMP-redirectattackdefense lICMPfragmentattackdefense lIPfragmentattackdefense lT eardropattackdefense lFraggleattackdefense lTracertattackdefense
Anti-Abnormal-PacketAttack
TheZXR10ZSRV2supportsthefollowinganti-abnormal-packetattackmechanisms:
lAbnormalTCPpacketattackdefense lIPincorrectoptionattackdefense lSynfragmentattackdefense lUnknownprotocolattackdefense lIPspoongattackdefense lIPoptionpacketattackdefense lTCPNo-Flagpacketattackdefense lTCPSynFinpacketattackdefense lTCPFin-No-Ackpacketattackdefense
3-22
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 45

3.7.4MultipleSecurityAuthenticationModes

AAA
TheZXR10ZSRV2supportmultiplesecurityauthenticationmodes.
Withdifferentauthenticationpoliciesforuseraccess,theZXR10ZSRV2provides completeAAAauthenticationandauthorizationfunctions.Differentaccessauthentication policiescanbeconguredtoperformdifferentauthenticationandauthorizationforusers selectivelyasneeded.
TheAAAsupportsthefollowingthreeauthenticationmodes:
lLocalauthentication lRADIUSauthentication lT ACACS+authentication
TheAAAsupportsthefollowingfourauthorizationmodes:
lDirecttrustingauthorization:TheAAAperformsauthorizationwithouttheuser
account.
lLocalaccountauthorization:TheAAAperformsauthorizationinaccordancewithuser
accountsconguredlocally.
lT ACACS+authorization:TheT ACACS+isdividedintoauthenticationand
authorization.TheTACACS+serverauthorizesusers.
lAuthorizationaftersuccessfulRADIUSauthentication:Theauthorizationand
authenticationoftheRADIUSprotocolcannotbesplit.
Chapter3FunctionsandFeatures
ProtocolSecurityValidation
Inaccordancewiththesecurityvalidationrequirementsofdifferentprotocols,theZXR10 ZSRV2providescompleteprotocolsecurityvalidationfunctionsfortheSecureShell (SSH),PPP ,routingprotocol,andSNMPprotocol.
SecurityvalidationfortheSSHprotocol:
lSupportsencryptionauthenticationbasedontheMD5 lSupportsencryptionauthenticationbasedontheSHA1
SecurityvalidationforPPPaccess:
lSupportsthePasswordAuthenticationProtocol(PAP)-basedvalidationmode. lSupportstheChallengeHandshakeAuthenticationProtocol(CHAP)-basedvalidation
mode.
Securityvalidationfortheroutingprotocol:
lSupportstheexplicitpacketauthenticationfortheRIPv2,OSPF,andIS-IS. lSupportstheMD5-basedencryptionauthenticationfortheRIPv2,OSPF ,IS-IS,and
theBGP .
lSupportstheMD5-basedencryptionIPSecAHauthenticationfortheRIPng,OSPFv3,
andtheBGP-4+.
3-23
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 46
ZXR10ZSRV2ProductDescription

3.7.5uRPF

lSupportstheSHA1-basedencryptionIPSecAHauthenticationfortheRIPng,
OSPFv3,andtheBGP-4+.
SNMPsecurityvalidation:
SupportstheencryptionandauthenticationfortheSNMPv3.
TheZXR10ZSRV2supportstheURPFfunctiontoavoidnetworkattacksbasedonsource addresscheats.
ThesourceaddresscheatingmethodiscommonamongDoSattacks.Theattackerfakes asourceaddress(whichisnormallyavalidnetworkaddress)toaccesstheequipmentto preventitfromprovidingservicesproperly.TheURPFcaneffectivelyavoidsthistypeof attacks.
TheZXR10ZSRV2supportsthefollowingURPFfeatures:
lSupportstheStrictRPFcheckingfunction. lSupportstheLooseRPFcheckingfunction. lSupportstheLooseRPFcheckingfunctionthatignoresthedefaultroute. lSupportstheACLcheckingfunction.

3.8NetworkReliability

PingDetect
ThePingDetectautomaticdetectionfunction,whichusesrequest/responsepacketsofthe ICMPtodetectwhetherthedestinationisreachable,andfeedsbackthedetectionresultto theassociatedstandbyfunctionmoduletotriggeractive/standbyswitchover.Thismeans that,itprovidesthebackupfunctionbasedontheavailabilityofapplicationsonthenetwork layer.
BFD
Animportantfunctionofanynetworkequipmentistoquicklydetectcommunicationfaults withadjacentsystemsandrapidlycreateotherpaths.TheBFDprotocolgreatlysupports thispurpose.TheBFDisusedtoprovidealow-loadandfastfaultdetectionmechanism betweenadjacentforwardingengines.TheBFD,togetherwiththeFRR,canprovide millisecond-levellinkdetectionandrouteswitchoverfunctionsontheforwardinglayer.
TheZXR10ZSRV2supportsthefollowingBFDfeatures:
lSupportstheBFDdetectionfunctionofversion0andversion1. lSupportstheBFDforBGPdetection. lSupportstheBFDforOSPFdetection. lSupportstheBFDforIS-ISdetection. lSupportstheBFDforLDPLSPdetection. lSupportstheBFDforTEtunneldetection.
3-24
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 47
Chapter3FunctionsandFeatures
lSupportstheBFDforstaticroutenext-hopdetection. lSupportstheBFDforpolicyroutedetection. lSupportstheBFDforVRRPdetection.
FRR
Whenparticularlinksornodesinthenetworkbecomeineffective,thepacketsreaching thedestinationtroughtheseineffectivenodesmaybediscardedorformaloop.Trafc interruptionortrafcloopinevitablyoccursinthenetworkuntilthenetworkre-converges tocalculateoutanewtopologyandroute.Theinterruptionnormallycontinuesforseveral seconds.T oreducethetrafcinterruptionperiodinthenetwork,amechanismmustbe providedtoprovidethefollowingfunctions:
lRapidlydiscoversineffectivelinks. lRapidlyprovidesanotherrecoverypathwhentherstlinkfails. lAvoidstheforwardingloop"micro-loop"inthefollow-upnetworkrecoveryprocess.
TheZXR10ZSRV2providesIPFRRandMPLSFRRfunction.
lWiththeIPFRRfunctionprovidedbytheZXR10ZSRV2,theroutingprotocol
moduleavoidsno-loopactive/standbyroutesinaccordancewiththeloopcongured bytheuser.Duringtheforwardingprocess,theforwardingmoduleforwardstrafc accountingtotheactiverouteanddetectstheportstatusoftheactiveroute.When anexceptionoccursontheactiveport,theZXR10ZSRV2rapidlyswitchesthetrafc overtothestandbyroute,whichreducesthetrafcswitchoverperiodandthenumber ofdiscardedpackets.
TheIPFRRisnormallyusedtogetherwiththeroutingprotocol.TheZXR10ZSRV2 supportsthefollowingIPFRR:staticrouteFRR,OSPFFRR,IS-ISFRR,andBGP FRR.
lMPLSFRRisalocalisedprotectiontechnologyforMPLS-TEnetworks.AftertheFRR
functionisconguredforanLSP ,whenalinkornodeintheprotectedLSPfails,trafc isreroutedtothestandbylink.FRRisameasurefortemporaryprotection.When theprotectedlinkisrecoveredoranewLSPisestablished,trafcisreroutedtothe protectedLSPorthenewLSP .
VRRP
Byprovidingasetofdetectionandcompetitionmechanism,theVRRPprotocolprovides thegatewaybackupfunctionsinthemulti-addressaccessLAN(suchastheEthernet). TheVRRPprotocolbacksupgatewayequipmentsintheLANtomaintaintheinterrupted operationofhostequipmentaccessedintothenetworksystem.Thatis,theVRRPbacks uptheroutenext-hopequipmentfortheaccessedhostequipment.
TheZXR10ZSRV2supportsthefollowingVRRPfeatures:
lSupportsbasicfunctionsoftheVRRP . lSupportstheheartbeatlinefunctionoftheVRRP . lSupportsthebindingoftheVRRPandtheBFDdetection. lSupportsthebindingoftheVRRPandthePINGdetection.
3-25
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 48
ZXR10ZSRV2ProductDescription
lSupportsdetectingthestatusofspeciedportsthroughtheVRRP . lSupportsdetectingkeyrouteinformationthroughtheVRRP . lSupportsVRRPgroupmanagementfunctionstouniformlyreceiveorsendprotocol
packetsinseveralVRRPgroups.
lSupportstheVRRPMIBfunction.

3.9IPv6Features

3.9.1IPv6BasicFunctions

TheZXR10ZSRV2supportsIPv4/IPv6dual-protocolstacks.
lSupportstheIPv6basicprotocol,IPv6protocol,andtheNeighborDiscoveryprotocol. lSupportstheTELNET6andtheSSHv6forremoteuserloginandconnection. lSupportstheTCP6,UDP6andtheSocketIPv6. lSupportstheIPv6DHCPRelay/ServerandtheDNS6Client. lSupportsthePMTUdiscoveryfunction. lSupportsIPv6linkdetectionfunctionssuchasthePing6andtheTrace6. lSupportstheIPv6ACLfunction. lSupportstheIPv6QoSfunction. lSupportssecurityfunctionsuchastheIPv6VRRPandtheIPv6uRPF .

3.9.2IPv6UnicastRoutingProtocols

Overview
TheZXR10ZSRV2supportsunicastroutingprotocolssuchastheIPv6staticroute,RIPng, OSPFv3,IS-ISv6,BGP4+,andtheIPv6policyroute.
IPv6StaticRoute
TheIPv6staticrouteindicatesthatthenetworkadministratorspeciestheroute informationintheIPv6routingtablethroughcongurationcommands.Itdoesnotcreate theroutingtableinaccordancewiththeroutingalgorithminthesamewayastheIPv6 dynamicroute.
Whenthedynamicrouteiscongured,routersneedtofrequentlyexchangeroutingtables witheachotherandwilleasilybecomeoverloaded.Thestaticroutecanbeusedtosolve thisproblem.Withthestaticroute,theuseronlyneedstomakefewcongurationstoavoid usingthedynamicroute.
TheZXR10ZSRV2supportsthecongurationoftheIPv6staticroutebyspecifyingthe nexthoportheegressinterface.
RIPng
BasedontheUDP,theRIPngusesport521tosendandreceivedatapackets.
3-26
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 49
Chapter3FunctionsandFeatures
TheZXR10ZSRV2supportstheRIPngbasicprotocol,routesummaryandredistribution, RIPngrouteloadsharing,RIPngprotocolMIBfunction,RIPngVRFaccessinstance,and thefunctionofassociatingtheIPv6BFDwiththeRIPng.
OSPFv3
TheOSPFv3isusedtoprovidetheroutingfunctionintheIPv6network.
TheZXR10ZSRV2supportstheOSPFv3basicprotocol,routesummaryand redistribution,OSPFv3routeloadsharing,OSPFv3authentication,OSPFv3protocolMIB function,OSPFv3VRFaccessinstance,andthefunctionofassociatingtheIPv6BFD withtheOSPFv3.
IS-ISv6
TheworkprincipleoftheIS-ISv6issimilartothatoftheIS-ISv4.
TheZXR10ZSRV2supportstheIS-ISv6basicprotocol,routesummaryandredistribution, IS-ISv6routeloadsharing,IS-ISv6routeltering,IS-ISv6authentication,IS-ISv6protocol MIBfunction,IS-ISv6VRFaccessinstance,andthefunctionofassociatingtheIPv6BFD withtheIS-ISv6.
BGP4+
TheBGP4+isanextensionoftheBGPprotocol.Itinheritsthebasicmessageformatof theBGP4andaddsextendedattributesfortransmittingtheIPv6routinginformation.
TheZXR10ZSRV2supportsthebasicprotocol,routeattributes,routesummary ,route distribution,reector,andalliancefunctionsoftheBGP4+,policylteringofBGP4+routes, BGP4+routeloadsharing,BGP4+authentication,BGP4+protocolMIBfunction,BGP4+ VRFaccessinstance,andthefunctionofassociatingtheIPv6BFDwiththeBGP4+.
IPv6PolicyRoute
TheconceptandprincipleofthepolicyrouteintheIPv6arethesameasthoseintheIPv4, exceptthatIPv6addressesandroutesareusedfortheconguration.

3.9.3IPv6MulticastRoutingProtocols

Overview
IPv6multicastisdifferentfromIPv4multicastinthattheIPv6multicastaddressmechanism isgreatlyenhanced.Butgroupmembermanagement,multicastpacketforwarding,and multicastrouteestablishmentfunctionsarebasicallythesameasthoseinIPv4multicast.
MLD
TheMLDprotocoloriginatesfromtheIGMPprotocol.TheMLDv1correspondstothe IGMPv2,andtheMLDv2correspondstotheIGMPv3.
3-27
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 50
ZXR10ZSRV2ProductDescription
DifferentfromtheIGMPprotocolthatusesthepackettypewiththeIPprotocolnumberof 2,theMLDprotocolusestheICMPv6(withtheIPprotocolnumberof58)packettype, includingtheMLDquerypacket(type130),MLDv1reportpacket(type131),MLDv1 leavingpacket(type132),andMLDv2reportpacket(type143).TheMLDprotocolandthe IGMPprotocolhavedifferentpacketformat,buttheirprotocolbehaviorsarecompletely thesame.
TheZXR10ZSRV2supportstheMLDv1/v2protocol.
IPv6PIM
TheIPv6PIMprotocolisdifferentfromtheIPv4PIMintheIPaddressstructureinthe packet,butotherprotocolbehaviorsinthemarebasicallythesame.TheIPv6PIMalso supportstheSM,DM,andSSMmodes.
TheZXR10ZSRV2supportstheIPv6PIM-DM,IPv6PIM-SM,andIPv6Protocol IndependentMulticast-SourceSpecicMulticast(PIM-SSM)protocols.

3.9.4IPv6TunnelFunctions

Overview
TheZXR10ZSRV2supportsIPv6tunnelprotocols,includingIPv6overIPv4conguration tunnelandautomatictunnel,IPv4overIPv6tunnel,andISA TAPtunnel.
IPv6overIPv4
TheIPv6overIPv4tunnelmechanismencapsulatesIPv4packetheadersbeforeanIPv6 datapacketandpassestheIPv6packetovertheIPv4networkthroughtunnelstoprovide theinterconnectionofseparatedIPv6networks,seeFigure3-3.
Figure3-3IPv6overIPv4TunnelPrinciple
TheIPv6overIPv4tunnelcanbeestablishedbetweenhosts,fromahosttoanequipment, fromanequipmenttoahost,orbetweenequipments.Thedestinationofatunnelmaybe thenaldestinationoftheIPv6packet,ortheIPv6packetcanbefurtherforwarded.In
3-28
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 51
Chapter3FunctionsandFeatures
accordancewiththedifferentwaysofacquiringIPv4addressesonthetunneldestination, tunnelscanbedividedintocongurationtunnelsandautomatictunnels.
lIfthedestinationaddressofanIPv6overIPv4tunnelcannotbeautomaticallygotfrom
thedestinationaddressoftheIPv6packet,itneedstobemanuallycongured.This typeoftunneliscalledthecongurationtunnel,suchasthe6in4tunnelandtheGRE tunnel.
lIftheinterfaceaddressofanIPv6overIPv4tunnelusesthespecialIPv6address
formatwithanIPv4address,theIPv4addressofthetunneldestinationcanbe automaticallygotfromthedestinationaddressoftheIPv6packet.Thistypeoftunnel iscalledtheautomatictunnel,suchasthe6to4tunnelandtheISATAPtunnel.
IPv4overIPv6
TheIPv4orIPv6overIPv6tunnelprotocolencapsulatesIPv4orIPv6datapackets,so thatthedatapacketscanbetransmittedinanotherIPv6network.Theencapsulateddata packetistheIPv6tunnelpacket,seeFigure3-4.
Figure3-4IPv4overIPv6TunnelPrinciple
ISATAP
TheISATAPcanaccessthedual-stacknodeinsidetheIPv4siteintotheIPv6router throughtheautomatictunnel,sothatthedual-stacknodethatdoesnotsharethesame physicalnodewiththeIPv6routercansenddatapacketstotheIPv6nexthopthroughthe IPv4automatictunnel.
TheISATAPtransitionmechanismusestheIPv6addresswithanIPv4address,sothe IPv6-in-IPv4automatictunneltechnologyisusedinthesitewithetheraglobalIPv4 addressoraprivateIPv4address.BecausetheISAT APaddressformatusesboththe siteunicastIPv6addressprexandtheglobalunicastIPv6addressprex,theISATAP supportsbothsiteandglobalIPv6routes.
3-29
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 52
ZXR10ZSRV2ProductDescription

3.9.56PEand6VPE

6PE
InanIPv4MPLSnetwork,6PEusesanexistingMPLStointerconnectislandingIPv6 networks.6PEusestheBGP/MPLSVPNprincipletoestablishMP-BGPpeersbetween PEs.IPv6routesinIPv6sitesaredistributedbetweenthePEs,andpacketsareforwarded throughIPv4MPLSlabelsintheIPv4network.Inthisway,islandingIPv6networkscan communicatewitheachother.
6VPE
The6VPEisatechnologyusedtoprovideBGPMPLSVPNservicesintheIPv6user network.Theworkprincipleofthe6VPEoriginatesfromtheBGPMPLSVPNintheIPv4, andthe6VPEisanextensionoftheIPv4BGPMPLSVPN.
The6VPEisnotrestrictedtoIPprotocolversionsusedonthebackbonenetwork.This meansthat,theIPv6VPNtrafcistransmittedthroughIPv6tunnelsorIPv4tunnels.
TheZXR10ZSRV2supportsthe6VPEandsupportstoruntheIPv6staticroute,RIPng, OSPFv3,IS-ISv6,andEBGPprotocolsbetweenCustomerEdges(CEs)andProvider Edges(PEs).

3.9.6NAT64

NAT64isanIPv4-IPv6transitiontechnologythroughwhichIPv6hostscanuseIPv4 services.ThekeyofIPv6networktransitionisusers'IPv6transition.NA T64allowsIPv6 userstouseIPv4applicationservices.
NAT64isdenedtobewidelyusedinscenarioswhereIPv6clientsinitiateIPv4service sessions.ItsimpliesNAT-PTscenarios,andfacilitatesdeployment,operationand maintenance.
Figure3-5showsaNA T64applicationscenario.
Figure3-5NA T64ApplicationScenario
3-30
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 53

3.10NAT

Chapter3FunctionsandFeatures
NAThasthefollowingfeatures:
lAnIPv6hostactivelysendsaconnectionrequesttoanIPv4service. lTheNAT64unitisseparatedfromtheDNSunit.
NAT64onlysupportssessioninitiatedbyIPv6hostsforIPv4services,andaddress mappingtoIPv4serveraddressesissimpleinIPv6networks,soitisunnecessary toperformcomplicatedmanagementforassociationsbetweendomainnames andaddresses.ThisavoidstheDNSsecurityproblemandDNSSECcompatibility problem.
lTheDNSneedstosupporttheDNS64function.
TheDNSusedinNAT64mustsupporttheDNS64function,sothatArecordscanbe translatedintoAAAArecords.WhenthereisnoAAAArecordinthesystem,Arecords canbequeriedthroughDNSproxy.
TheZXR10ZSRV2supportstheNAT64function.
NATcantranslateanIPaddressinonenetworktoanotherIPaddressinanothernetwork. Ingeneral,NATisusedtomaponeaddressusedinaprivatenetworkorintranettoone ormultipleaddressesusedinapublicnetworkorInternet.
NAThasthefollowingadvantages:
lLimitsthenumberofIPaddressesusedinprivatenetworksthatneedIANA
registration.
lSavesthenumberofglobalIPaddressesneededinprivatenetworks.(Forexample,
oneentitycanuseoneIPaddressforcommunicationintheInternet.)
lMaintainsprivacyofLANs,becauseinternalIPaddressesarenotpublic.
TheZXR10ZSRV2hasthefollowingNATfeatures:
lSupportsin/outsideNAT lSupportsNAT44andNAT64 lSupportsmulti-egressNA T lSupportsstaticNATanddynamicNAT lSupportsmappingmode,lteringmode,andhybridmode lSupportsPAT lSupportsALGapplications,includingTCPALG(FTP ,RSTP ,H323,andPPTP),UDP
ALG(DNS,SIP ,andH323),andICMPALG

3.11NetworkManagementFeatures

Overview
TheZTENetNumen communicationnetwork,whichperformscentralizedmaintenanceandmanagement
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
TM
isanetworkmanagementsystemconstructedonthedata
3-31
Page 54
ZXR10ZSRV2ProductDescription
uponvarioustypesofnetworkequipmentinawideareaandcomplicatedapplication environment.
NetworkManagementNetworkArchitecture
ThefollowingtwonetworkarchitecturescanbeusedbetweentheNetNumen
TM
network
managementsystemandtheZXR10ZSRV2:
lIn-bandmanagement:Thenetworkmanagementinformationandtheservicedatais
transmittedinthesamechannelwithoutextraDCNnetwork.
lOut-of-bandmanagement:Thenetworkmanagementinformationistransmittedin
thenetworkmanagementnetworkindependentoftheservicedata.SoanextraDCN networkisrequired.TheNetNumen
TM
NetNumen
TheNetNumen
TM
NetworkManagementSystem
TM
U31(BN)networkmanagementsystemisauniednetwork managementsystemdevelopedbyZTEtomanageSynchronousDigitalHierarchy(SDH), Multi-ServiceTransportPlatform(MSTP),WavelengthDivisionMultiplexing(WDM), PacketTransportNetwork(PTN),OpticalTransportNetwork(OTN),andIPequipment (routersandswitches).ItcoversmanagementlayersincludingNEmanagement,network management,andservicemanagement.
TheNetNumen
TM
U31(BN)networkmanagementsystemprovidesthefollowingfunctions:
lFaultmanagement:ensuresthestableoperationofthenetwork. lPerformancemanagement:enablestheusertohaveacompleteunderstandingof
servicesituationsinthenetwork.
lResourcemanagement:ensuresthatnetworkresourcesareutilizedproperly. lViewmanagement:ensuresthattheuserhaveaclearviewofthenetworkoperational
status.
lCongurationmanagement:providesfastservicedeployment. lSecuritymanagement:guaranteesnetworksecurity. lNorthboundinterface:supportsthird-partysystemintegration.
Netow
TheNetowtechnologycanquicklydistinguishdifferenttypesofserviceowstransmitted inthenetworkbyanalyzingattributesofIPdatapackets.TheNetowseparatelytraces andaccuratelymeasureseachdataowthatisdistinguishedout,recordsitsowattributes suchasthetransmissiondirectionanddestination,countsitsstartingtime,endingtime, servicetype,andtrafcinformationsuchasthenumberofdatapacketsandbytesincluded inthisow.TheNetowoutputstheoriginalrecordsofthecollecteddataowtrafcand owdirectioninformationatregularintervals,automaticallysummarizesoriginalrecords, andoutputsthestatisticalresults.
TheZXR10ZSRV2supportsthefollowingNetowfeatures:
3-32
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 55
Chapter3FunctionsandFeatures
lComplieswiththemainstreamv5,v8,andv9packetformatsintheindustry . lSupportssendingpacketstotheserverinIPv4/UDPmode. lSupportsthemodeofinitiallyreportingpackets. lSupportsthecongurationofactiveandinactiveagingperiodsinthecache. lSupportsmultipleservers. lsupportsrandomsamplingbyow. lSupportsthecongurationofinterfacetrafcsamplingrates. lSupportstheNetowsamplingfunctiononphysicalinterfacesandsub-interfaces. lSupportsseparatesamplingintheingressandegressdirectionsofaninterface. lSupportsindependentsamplingofmultipleservicesinonedirection,suchasunicast,
multicast,andMPLS.
lSupportssamplingratesrangingfrom65535:1to1:1.
NetworkLayerDetection
TheZXR10ZSRV2providesseveralnetwork-layerdetectionfunctionsbasedonPing andTracefunctions,suchasIPPing,IPTrace,LSPPing,LSPTrace,multicastPing,and multicastTrace.

3.12SystemOperationandMaintenance

MultipleCongurationModes
TheZXR10ZSRV2providesmultipleequipmentloginandcongurationmodesforthe usertoselecttheappropriateconnectioncongurationmodeasneeded.
lCongurationthroughtheserialportconnection lCongurationthroughtheT elnetconnection lCongurationthroughtheSSHprotocolconnection lCongurationthroughtheSNMPconnection lVersionupgradethroughUSB lDHCPautomaticconguration lIn-batchversionupgradethroughNMS
SystemMonitoring,ManagementandMaintenance
TheZXR10ZSRV2supportsequipmentmonitoring,management,andmaintenance inseveralmodes,sotheequipmentcanperformthecorrespondingtroubleshooting undereachabnormalsituationandprovideuserswithparametersduringtheequipment operationprocess.
Equipmentmonitoringfunctionsinclude:
lThereareindicatorsonthepowermodule,thefanmodule,themaincontrolmodule,
andeachinterfaceboard,toindicatetheoperationalstateofparts.
lThefanmoduleperformsfanmonitoringtodetectthefanexistencestatusinformation
andadjustthefanspeedintelligently.
3-33
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 56
ZXR10ZSRV2ProductDescription
lThepowermodulefunctionprovidestheexistenceinformation,statusinformation,
powerinformation,andtheAC/DCinformationofthepowermodule.
lWhenthefanmodule,thepowermodule,orthetemperaturebecomesabnormal,the
systemraisessoundalarmsandalarmpromptsonthesoftware.
lThenetworkmanagementsystemcollectstemperatureindistributedmodetomonitor
thetemperatureofeachboard.
lHot-pluggingeventsandswitchovereventsonthemaincontrolboardarerecorded
foruserstoquery.
lThenetworkmanagementsystemautomaticallychecksversioncompatibilityduring
thesystemoperatingprocess.
lThenetworkmanagementsystemmonitorstheoperationalstateofthesoftware.
Iftheproperoperationoftheequipmentisaffectedduetoabnormalsituations,the systemrestartsthelineinterfaceboardorswitchesovertheactive/standbymain controlboards.
Equipmentmanagementandmaintenancefunctionsinclude:
lThesystemprovidesexibleonlinehelpinCLImode. lThesystemsupportsoperationsbyseveraluserssimultaneously.Theoperatorcan
specifywhethertoallowthisfunctionthroughthecorrespondingcommand.
lThesystemprovidesmultileveluserpermissionmanagementfunctionsand
automaticallyrecordsuseroperationlogs.
lThesystemprovidestheuniedmanagementoflog,alarmanddebugginginformation
intheinformationcenter.
lThesystemprovidestheCLImodeforuserstoquerythebasicinformationofeach
maincontrolboard,interfaceboard,andopticalmodule.
lThesystemenablestheusertologinthroughtheconsoleportwithorwithout
specifyingtheusernameandpassword.
lThesystemprovidesthequeryofseveralinformationitems,includingthesoftware
versioninformation,partsstatus,environmenttemperature,CPUoccupancy,and memoryoccupancy.
lThepasswordsofnormaluserscanbedisplayedinexplicittextsorinencryptedmode. lThesystemprovideslayeredmanagementofequipmentalarms,supportsalarm
classicationandalarmlteringfunctions,andcanoutputalarmstotheremote server.
DiagnosisandDebugging
TheZXR10ZSRV2providesseveraldiagnosisanddebuggingmethodsforusersto getmoredebugginginformationthroughmoremethodsduringequipmentdebugging. TheZXR10ZSRV2supportsthededicateddiagnosisanddebuggingcommandmode, andsupportscompleteequipmentdiagnosisandtestingfunctions.Theusercandetect theequipmentatanytimeandremotelyidentifythecausewhenafaultoccursonthe equipment.
TheZXR10ZSRV2supportsthefollowingdiagnosisanddebuggingmodes:
lDetectingtheoperationalstatusoftheequipment
3-34
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 57
lPerformingthePingandTraceRoutefunctions lDebugging
Chapter3FunctionsandFeatures
3-35
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 58
ZXR10ZSRV2ProductDescription
Thispageintentionallyleftblank.
3-36
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 59
Chapter4
NetworkApplications
TheZXR10ZSRV2canbeusedasanegressgatewayinenterprisenetworks,andusedin enterpriseheadquartersandbranchaccessnetworks,convergenceandaccessnetworks ofverticalindustrialnetworks,andtelecomoperators'CPEandDCNnetworks.
TableofContents
ApplicationScenarioofAccessNetworksofEnterpriseHeadquartersandBranches.
ApplicationScenarioofEgressGatewaysinEnterpriseNetworks..............................4-2
ApplicationScenarioofConvergenceandAccessNetworksofIndustryNetworks.....
ApplicationScenarioofTelecomOperators'DCNNetworks.......................................4-5
4.1ApplicationScenarioofAccessNetworksof EnterpriseHeadquartersandBranches
Asarouterinaccessnetworksofheadquartersandbranchesinsmall/medium-size enterprises,theZXR10ZSRV2providesbothnetworkconnectionsforNEsinside enterprises,andaccesstoexternalWANsandenterpriseVPNs,thusensuringthat enterpriseuserscanaccessboththeInternetandenterprisenetworksrapidly,securely andreliably.
Figure4-1showsatypicalaccessnetworkofenterpriseheadquartersandbranches.
4-1
4-4
4-1
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 60
ZXR10ZSRV2ProductDescription
Figure4-1AccessNetworkofHeadquartersandBranchesofaSmall/Medium-Size Enterprise
AsshowninFigure4-1,theZXR10ZSRV2providesthefollowingfunctions:
lThroughWi-Ficonnections,high-densityL2/L3Ethernetboards,orconnected
switches,theZXR10ZSRV2canconnecttoIPnetworkdevicesinsideenterprises, suchasPCs,printers,andservers.
lThroughmultiplewired/wirelesslinks,theZXR10ZSRV2canperformactive/standby
switchoverorloadbalancing,thusimprovingbothnetworkavailabilityandnetwork bandwidthusagethroughtheintelligentroutingtechnology .
lByusingVPNtechnologies,suchasIPSec,GRE,andMPLSVPN,theZXR10ZSR
V2ensuressecureaccessbetweenbranchesandtheheadquartersofanenterprise.
4.2ApplicationScenarioofEgressGatewaysin EnterpriseNetworks
Asanegressgatewayinsmall/medium-sizeenterprisenetworks,small/medium-size campusnetworks,andotherspecializednetworks,theZXR10ZSRV2providesboth networkconnectionsforinternalNEsandhigh-speedInternetaccess.
Figure4-2showsthetypicalnetworkarchitectureofanegressgatewayinanenterprise
network.
4-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 61
Chapter4NetworkApplications
Figure4-2NetworkArchitectureofanEgressGatewayinanEnterpriseNetwork
Abbreviationsintheabovegurearedescribedbelow:
3G/LTE3rdgenerationmobilecommunications/LongT ermEvolution(4G,4th
generationmobilecommunications)
Copper/FiberCoppercable/Opticalber
SR/BRASServiceRouter/BroadbandRemoteAccessServer
ISPInternetServiceProvider
xDSL/xPONDigitalSubscriberLineofalltypes/new-generationPassiveOptical
Network
AsshowninFigure4-2,theZXR10ZSRV2providesthefollowingfunctions:
lThroughWi-Ficonnections,high-densityL2/L3Ethernetboards,orconnected
switches,theZXR10ZSRV2,asegressgatewaysinsmall/medium–sizeenterprise networks,canconnecttoIPnetworkdevicesinsideenterprises,suchasPCs, printers,andservers.
lTheZXR10ZSRV2providesabundantwired/wirelessinterfaces,includingE1port,
serialport,Ethernetport,andPOS,xDSL,and3G/4Ginterfaces,thusensuringthat theaccessofbranchnetworksisnotrestrictedbygeographicalenvironments.
lThroughmultiplelinks,theZXR10ZSRV2canperformactive/standbyswitchover
orloadbalancing,thusimprovingbothnetworkavailabilityandnetworkbandwidth usage.
4-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 62
ZXR10ZSRV2ProductDescription
lByintegratingmultiplefunctionsofhigh-performanceNATs,rewalls,APs,and
switches,theZXR10ZSRV2ensuresbothsecureaccessauthenticationforinternal usersandsecureaccesstoexternalnetworks.
4.3ApplicationScenarioofConvergenceandAccess NetworksofIndustryNetworks
TheZXR10ZSRV2canbeappliedintheconvergenceandaccesslayerofavertical industrialnetwork,suchasthepower,government,andnanceindustrynetworks.As showninFigure4-3,L3andL4networksformanetworkarchitecturetogetherwith medium/high-endroutersinL1andL2networks(suchastheZXR10M6000andZXR10 6800seriesrouters),thusforminganoverallsolutionfromthecorelayer,convergence layertotheaccesslayer.
Figure4-3ConvergenceandAccessNetworksofanIndustryNetwork
Abbreviationsintheabovegurearedescribedbelow:
P/PE/CEProviderrouter/ProviderEdgerouter/CustomerEdgerouter
RRRouterReector
AsshowninFigure4-3,theZXR10ZSRV2providesthefollowingfunctions:
4-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 63
Chapter4NetworkApplications
lTheZXR10ZSRV2,togetherwithmedium/high-endrouters,buildsindustry
networks.ByenablingL2/L3MPLSVPN,theZXR10ZSRV2achievessecure separationbetweenservicesystemsinsideenterprises.
lTheZXR10ZSRV2supportshigh-densityE1,CPOS3,andPOS3/POS12interfaces,
andthuscansatisfyconvergenceandaccessrequirementsofdifferentlayersin industrynetworks.

4.4ApplicationScenarioofTelecomOperators'DCN Networks

Asthetransmissionchannelsandcommunicationplatformsfortelecomservices,business operations,billingservices,NMdatatransmission,andmultimediacommunications, telecomoperators'DCNnetworksenableinformationalandautomatedsupervision, management,maintenance,anddecisionmakingupontelecomnetworks.
TheZXR10ZSRV2canbeappliedinDCNnetworks,toconnectNEsintelecomoperators' networks,providechannelsormanagement,maintenance,operation,andinternalofce ofallNEs,andsupportservicedeployment.
Figure4-4showsatypicalDCNnetworkofatelecomoperator.
Figure4-4T elecomOperator'sDCNNetwork
4-5
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 64
ZXR10ZSRV2ProductDescription
Abbreviationsintheabovegurearedescribedbelow:
PEProviderEdgerouter
MSSManagementSupportSystem
BSSBusinessSupportSystem
OSSOperationSupportSystem
AsshowninFigure4-4,theZXR10ZSRV2providesthefollowingfunctions:
lAstheaccessrouter,theZXR10ZSRV2,togetherwithothermedium/high-end
routers,providestheMPLSVPNfunction,thusachievingsecureseparationbetween servicesystems.
lTheZXR10ZSRV2providesreverseT elnet/SSHfunctions.TheZXR10ZSR
V2connectstotheConsolemanagementportofaterminaldevicethroughits asynchronousserialport,andprovidescentralizedmanagementupontheterminal devicethroughthereverseT elnettechnology.
4-6
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 65
Chapter5
TechnicalIndexes
ForthehardwarefeaturesoftheZXR10ZSRV2seriesproducts,refertoT able5-1.
Table5-1HardwareFeatures
ParameterZXR101800-
2S/2S(G)/2S(W)
Dimension
(W×H×D)
Numberof
SPIUslots
Numberof
PIU/DPIU
slots
Fixed
interface
Memory2GB2GB2GB2GB2GB
380mm×43.6mm
×200mm
22324
001/12/14/2
2GECombo
interfacesand
4GERJ45
interfaces
2S(W):Wi-Fi
interface
2S(G):3G/L TE
interface
ZXR10
1800-2E
442mm×44mm×440mm442mm×80.1
WAN:2×GEComboports
LAN:24×GE
ZXR10
2800-3E
ZXR10
2800-4
mm×200mm
MPFUA:2GECombo
interfacesand4GERJ45
interfaces
MPFUBandMPFUC:4GE
Combointerfacesand2GE
RJ45interfaces
ZXR10
3800-8
442mm×132
mm×200mm
Flash2GB1GB4GB4GB4GB
USB2.02USBports,
supporting3G
extensionand
commissioning
throughUSB
MicroUSB11100
CONSOLE11111
AUX11111
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
2USBports,
supporting
commission-
ingthrough
USB
5-1
2USBports,
supporting
commission-
ingthrough
USB
2USBports,
supporting3G
extensionand
commission-
ingthrough
USB
2USBports,
supporting3G
extensionand
commission-
ingthrough
USB
Page 66
ZXR10ZSRV2ProductDescription
ParameterZXR101800-
2S/2S(G)/2S(W)
Interface
type
Power
supply
Maximum
power
Operational
temperature
GE/FE,E1/CE1,
V.35/V.24
AC:100Vto240
V
DC:-72Vto-38V
<55W<80W<120W<160W<240W
-5ºCto45ºC
ZXR10
1800-2E
GE/FE,
E1/CE1,V .35/
V.24
AC:100Vto240V
DC:-72Vto-38V
Supports1+1redundancy ,andsupportsACandDChybrid
powersupply
ZXR10
2800-3E
GE/FE,
E1/CE1,
STM-1
POS/CPOS,
OC-12/STM-4
POS,
ADSL/VDSL,
G.SHDSL,
V.35/V.24,
3G/LTE
ZXR10
2800-4
10GE/GE/FE,E1/CE1,
OC-3/STM-1POS/CPOS,
OC-12/STM-4POS,
ADSL/VDSL,G.SHDSL,
V.35/V.24,3G/LTE
ZXR10
3800-8
Storage
temperature
Operational
humidity
Storage
humidity
MTBF/M-
TTR
-40ºCto70ºC
5%–95%(noncondensing)
5%–95%(noncondensing)
MTBF:100000h
MTTR:0.5h
ForthesoftwarefeaturesoftheZXR10ZSRV2seriesproducts,refertoT able5-2.
Table5-2SoftwareFeatures
FeatureDescription
Supported
protocols
L2protocols:MACmanagement,VLAN,QinQ,SuperVLAN,Smartgroup,PPP ,
PPPoE,HDLC,FR,and802.1x
IPv4/IPv6routingprotocols:staticroutes,RIP/RIPng,OSPF/OSPFv3,
IS-IS/IS-ISv6,andBGPv4/BGP4+
Multicastprotocols:staticmulticast,IGMPv1/v2/v3,PIM-DM,PIM-SM,
PIM-SSM,MSDP ,PIM-SSMmapping,andMLDv1/v2
DHCP:DHCPv4/v6Relay,DHCPv4/v6Server,andDHCPv4/v6Snooping
5-2
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 67
FeatureDescription
MPLSfeaturesSupportsLDP ,MPLSloadsharing,andRSVP-TE
SupportsMPLSL2/3VPN,PWE3,Inter-ASOptionA/B/C,and6VPE
VPNfeaturesSupportsVPWS,VPLS,HVPLS,6VPE,GRE,andIPSec
Chapter5T echnicalIndexes
Transition
Supports6PE,6VPE,6in4,6to4,4in6,NAT444,NAT64,and6RD
technologies
NATfeaturesSupportsstaticNAT,dynamicNAT ,P AT,multi-egressNAT ,NA TALG,and
NATlog
QoSfeaturesSupportsH-QoS,QPPB,andtime-rangeQoS
Supportsowclass,marking,priorityinheritanceandmapping,trafcshaping,
andtrafcratelimit
SupportsPQ,CQ,WFQ,CBWFQ,andphysicalportbasedtrafcscheduling
3G/LTEfeaturesSupportsTD-SCDMAandWCDMA/HSP A+
SupportsTDDandFDDLTE
SecurityfeaturesSupportsstatefulrewall,control-planesecurity,CPUsecurityprotection,
anti-DoS,anti-DDoS,routesecurity,andIPSecencryption
SupportsMACandIPbinding,anti-ARPattack,MACaddressltering,control
ofthenumberofMACaddresses,andcontrolofthenumberofTCPsessions
SupportsRADIUS/TACACS+authentication,uRPF ,andSSH
ReliabilityfeaturesSupportspowersupplymoduleredundancy,andhotswappingforpower
supplymodules,fanmodules,andboards
SupportsBFDforeverything,VRRP ,linkaggregationFRR,PWredundancy,
SDC,andlinkredundancy
OAMfeaturesSupportsEthernetOAM,MPLSOAM,andSQA
SupportscommissioningthroughUSB,in-batchmanagement,temperature
monitoring,automaticfanspeedadjustment,portmirroring,NetFlowV5/V9,
andNetow1:1sampling
SupportsWEBportal,SNMPv1/v2/v3,T elnet,SSHv1/v2,SYSLOG,andRMON
5-3
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 68
ZXR10ZSRV2ProductDescription
Thispageintentionallyleftblank.
5-4
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 69

Figures

Figure1-1ExternalViewsoftheZXR10ZSRV2SeriesProducts............................1-2
Figure2-1MainComponentsontheFrontSideoftheZXR103800-8chassis...........
Figure2-2FrontViewoftheZXR103800-8chassis................................................2-2
Figure2-3MainComponentsontheFrontSideoftheZXR102800-4chassis...........2-2
Figure2-4FrontViewoftheZXR102800-4chassis................................................2-2
Figure2-5MainComponentsontheFrontSideoftheZXR101800-2S
chassis...................................................................................................2-3
Figure2-6MainComponentsontheFrontSideoftheZXR101800-2S
chassis...................................................................................................2-3
Figure2-7MainComponentsontheBackSideoftheZXR101800-2S
chassis...................................................................................................
Figure2-8ZXR102800-3EAppearance...................................................................2-4
Figure2-9ZXR102800-3EFrontView.....................................................................
Figure2-10ZXR102800-3EBackView....................................................................2-4
Figure2-11ZXR101800-2EAppearance................................................................2-5
Figure2-12ZXR101800-2EFrontView...................................................................2-5
Figure2-13ZXR101800-2EBackView....................................................................2-5
2-1
2-3
2-4
Figure2-14ZXR10ZSRV2OverallSoftwareStructure............................................2-8
Figure3-1IPSecNAT.............................................................................................
Figure3-2GREOverIPSecVPN...........................................................................3-13
Figure3-3IPv6overIPv4TunnelPrinciple.............................................................3-28
Figure3-4IPv4overIPv6TunnelPrinciple.............................................................3-29
Figure3-5NAT64ApplicationScenario...................................................................3-30
Figure4-1AccessNetworkofHeadquartersandBranchesofaSmall/Medium-Size
Enterprise...............................................................................................4-2
Figure4-2NetworkArchitectureofanEgressGatewayinanEnterprise
Network..................................................................................................4-3
Figure4-3ConvergenceandAccessNetworksofanIndustryNetwork.....................4-4
Figure4-4T elecomOperator'sDCNNetwork..........................................................4-5
3-13
I
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 70
Thispageintentionallyleftblank.
Figures
II
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 71

Tables

Table5-1HardwareFeatures....................................................................................5-1
Table5-2SoftwareFeatures.....................................................................................
5-2
III
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 72
Thispageintentionallyleftblank.
Tables
IV
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 73

Glossary

AAA
-Authentication,AuthorizationandAccounting
AH
-AuthenticationHeader
ARP
-AddressResolutionProtocol
AS
-AutonomousSystem
CE
-CustomerEdge
CHAP
-ChallengeHandshakeAuthenticationProtocol
CLNS
-ConnectionLessNetworkService
CPE
-CustomerPremisesEquipment
DCE
-DataCommunicationEquipment
DCN
-DataCommunicationsNetwork
DH
-Dife-Hellman
DHCP
-DynamicHostCongurationProtocol
DLCI
-DataLinkConnectionIdentier
DMZ
-DemilitarizedZone
DTE
-DataT erminalEquipment
ESP
-EncapsulationSecurityPayload
FMC
-FixedMobileConvergence
V
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 74
ZXR10ZSRV2ProductDescription
FR
-FrameRelay
FTP
-FileTransferProtocol
H-VPLS
-HierarchyofVPLS
HDLC
-High-levelDataLinkControl
IANA
-InternetAssignedNumberAuthority
IETF
-InternetEngineeringTaskForce
IGMP
-InternetGroupManagementProtocol
IGP
-InteriorGatewayProtocol
IP
-InternetProtocol
IPCP
-IPControlProtocol
ISO
-InternationalOrganizationforStandardization
LCP
-LinkControlProtocol
LSA
-LinkStateAdvertisement
LSR
-LabelSwitchRouter
MBB
-MakeBeforeBreak
MD5
-MessageDigest5Algorithm
MIB
-ManagementInformationBase
MSTP
-Multi-ServiceTransportPlatform
NAT
-NetworkAddressTranslation
VI
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 75
NCP
-NetworkControlProtocol
NSSA
-Not-So-StubbyArea
OSI
-OpenSystemInterconnection
OTN
-OpticalTransportNetwork
PAP
-PasswordAuthenticationProtocol
PC
-PersonalComputer
PE
-ProviderEdge
PFS
-PerfectForwardSecrecy
Glossary
PIM-SSM
-ProtocolIndependentMulticast-SourceSpecicMulticast
PTN
-PacketTransportNetwork
PVC
-PermanentVirtualCircuit
PW
-PseudoWire
RIP
-RoutingInformationProtocol
RPF
-ReversePathForwarding
RSVP-TE
-ResourceReservationProtocol-TrafcEngineering
SDH
-SynchronousDigitalHierarchy
SLA
-ServiceLevelAgreement
SSH
-SecureShell
SVC
-SwitchedVirtualCircuit
VII
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Page 76
ZXR10ZSRV2ProductDescription
SrTCM
-Single-rateThreeColorMarker
TCP
-TransmissionControlProtocol
TFTP
-TrivialFileTransferProtocol
TLV
-T ag,Length,Value
ToS
-TypeofService
TrTCM
-Two-rateThreeColorMarker
UDP
-UserDatagramProtocol
VC
-VirtualCircuit
VCCV
-VirtualCircuitConnectivityVerication
VPN
-VirtualPrivateNetwork
WAN
-WideAreaNetwork
WDM
-WavelengthDivisionMultiplexing
WFQ
-WeightedFairQueuing
VIII
SJ-20150204153047-003|2015-03-30(R1.0)ZTEProprietaryandCondential
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use