CloudEngine 6800&5800 V100R003C00 Product Description 01

CloudEngine 6800&5800 Series Switches

V100R003C00

Product Description

Issue 01

Date 2013-12-31

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://enterprise.huawei.com

Issue 01 (2013-12-31) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://enterprise.huawei.com

About This Document

Intended AudienceThis document describes the positioning, characteristics, usage scenarios, functions, systemarchitecture, operations and maintenance, and specifications of CloudEngine (CE) switches.

This document helps you understand the characteristics and features of CE switches.

This document is intended for:

l Network planning engineersl Hardware installation engineersl Commissioning engineersl Data configuration engineersl Onsite maintenance engineersl Network monitoring engineersl System maintenance engineers

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

Indicates an imminently hazardous situationwhich, if not avoided, will result in death orserious injury.

Indicates a potentially hazardous situationwhich, if not avoided, could result in death orserious injury.

Indicates a potentially hazardous situationwhich, if not avoided, may result in minor ormoderate injury.

CloudEngine 6800&5800 Series SwitchesProduct Description About This Document


ii

Symbol Description

Indicates a potentially hazardous situationwhich, if not avoided, could result inequipment damage, data loss, performancedeterioration, or unanticipated results.NOTICE is used to address practices notrelated to personal injury.

NOTE Calls attention to important information, bestpractices and tips.NOTE is used to address information notrelated to personal injury, equipment damage,and environment deterioration.

Change HistoryChanges between document issues are cumulative. The latest document issue contains all thechanges made in earlier issues.

Issue 01 (2013-12-31)Initial commercial release.

CloudEngine 6800&5800 Series SwitchesProduct Description About This Document


iii

Contents

About This Document.....................................................................................................................ii

1 Product Positioning and Characteristics...................................................................................11.1 Product Positioning.........................................................................................................................................................21.2 Product Characteristics...................................................................................................................................................21.2.1 High Performance and High Port Density...................................................................................................................21.2.2 Front-to-Rear/Rear-to-Front Ventilation Channels.....................................................................................................31.2.3 Simplified Operations and Maintenance.....................................................................................................................41.2.4 Easy-to-Deploy, Easy-to-Maintain High-Performance Stacking................................................................................41.2.5 Abundant Data Center Service Features......................................................................................................................5

2 Typical Applications.....................................................................................................................72.1 ToR Application.............................................................................................................................................................82.2 EoR Application.............................................................................................................................................................9

3 Structures of CE6800&5800 Series Switches..........................................................................10

4 Product Features...........................................................................................................................144.1 Feature List...................................................................................................................................................................154.2 Ethernet Features..........................................................................................................................................................214.2.1 Link Aggregation.......................................................................................................................................................214.2.2 Interface-based Flow Control....................................................................................................................................224.2.3 Traffic Suppression....................................................................................................................................................224.2.4 VLAN........................................................................................................................................................................224.2.5 QinQ..........................................................................................................................................................................234.2.6 VLAN Mapping.........................................................................................................................................................234.3 STP/RSTP/MSTP.........................................................................................................................................................244.3.1 STP and RSTP...........................................................................................................................................................244.3.2 MSTP.........................................................................................................................................................................244.3.3 MSTP Protection.......................................................................................................................................................244.4 Port Security.................................................................................................................................................................254.5 Link Detection..............................................................................................................................................................254.6 IP Features....................................................................................................................................................................264.6.1 IPv4/IPv6 Dual-Stack................................................................................................................................................264.6.2 IPv4............................................................................................................................................................................26

CloudEngine 6800&5800 Series SwitchesProduct Description Contents


iv

4.6.3 IPv6............................................................................................................................................................................264.6.4 IPv6 Transition Technologies....................................................................................................................................274.7 Routing.........................................................................................................................................................................274.8 Multicast.......................................................................................................................................................................274.8.1 Layer 2 Multicast.......................................................................................................................................................274.8.2 Layer 3 Multicast.......................................................................................................................................................284.9 VPN Features................................................................................................................................................................294.10 QoS.............................................................................................................................................................................294.10.1 Traffic Classification...............................................................................................................................................294.10.2 Access Control and Re-Marking.............................................................................................................................304.10.3 Traffic Policing........................................................................................................................................................304.10.4 Congestion Management.........................................................................................................................................314.10.5 Congestion Avoidance.............................................................................................................................................314.10.6 Rate-limiting on an Interface...................................................................................................................................314.10.7 Two-Rate-Three-Color............................................................................................................................................314.11 Security.......................................................................................................................................................................324.11.1 Device Security........................................................................................................................................................324.11.2 Service Security.......................................................................................................................................................334.12 MAC-Forced Forwarding...........................................................................................................................................344.13 DHCP..........................................................................................................................................................................354.14 Network Management................................................................................................................................................364.14.1 LLDP.......................................................................................................................................................................364.14.2 NQA.........................................................................................................................................................................364.14.3 NetStream................................................................................................................................................................374.14.4 sFlow.......................................................................................................................................................................384.15 Smart Link and Multi-Instance...................................................................................................................................384.16 Stacking......................................................................................................................................................................394.17 Data Center Features..................................................................................................................................................394.17.1 TRILL......................................................................................................................................................................394.17.2 DCB.........................................................................................................................................................................404.17.3 FCoE........................................................................................................................................................................404.17.4 VM Detection..........................................................................................................................................................404.17.5 Forwarding Based on the VEPA.............................................................................................................................414.17.6 NLB Cluster Association.........................................................................................................................................42

5 Operation Maintenance and Network Management ...........................................................435.1 Maintenance and Management.....................................................................................................................................445.1.1 Configuration Modes.................................................................................................................................................445.1.2 Monitoring and Maintenance.....................................................................................................................................445.1.3 Diagnosis and Debugging..........................................................................................................................................455.1.4 Software Upgrade and In-Service Patching...............................................................................................................465.1.5 Hardware Fault Handling..........................................................................................................................................46



v

5.2 eSight............................................................................................................................................................................46

6 System Parameters.......................................................................................................................486.1 Specifications................................................................................................................................................................49



vi

1 Product Positioning and Characteristics

About This Chapter

1.1 Product Positioning

1.2 Product Characteristics

CloudEngine 6800&5800 Series SwitchesProduct Description 1 Product Positioning and Characteristics


1

1.1 Product Positioning

NOTICEThe CloudEngine 6800&5800 (CE6800&5800) series data center switches are class A productsand may cause radio interference. Customers should take appropriate preventative measures.

Huawei CE6800&5800 series switches are next-generation data center switches designed forhigh-performance data centers. The CE6800 series switches support 10GE access, while theCE5800 series switches support GE access.

The CE6800&5800 series switches function as access switches. As shown in Figure 1-1, serversconnect to CE6800&5800 switches through 10GE/GE uplinks; and CE6800&5800 switchesconnect to core switches CE12800 through 10GE/40GE uplinks.

Figure 1-1 CE6800&5800 switches on the network

……

CE12800

CE6800/5800

…… ……

1.2 Product Characteristics

CE6800&5800 switches use industry-leading hardware and software platforms. Their optimizedsystem architecture and features provide higher performance, larger capacity, and richer servicesfor data centers. In addition, these switches are easy to install and maintain.

1.2.1 High Performance and High Port Density

CE6800&5800 switches use cutting-edge hardware platforms in the industry. By using a 1 U (1U = 44.45 mm) box, CE6800&5800 switches provide high port densities and line-rate forwardingcapabilities. Next-generation, high-performance servers in super high density arrangements caneasily connect to CE6800&5800 switches.



2

l CE5810-24T4S-EI:Provides twenty-four 10/100/1000BASE-T Ethernet ports, four 10GSFP+ Ethernet optical ports.

l CE5810-48T4S-EI:Provides forty-eight 10/100/1000BASE-T Ethernet ports, four 10GSFP+ Ethernet optical ports.

l CE5850-48T4S2Q-EI: Provides forty-eight 10/100/1000BASE-T Ethernet ports, four 10GSFP+ Ethernet optical ports, and two 40G QSFP+ Ethernet optical ports.

l CE5850-48T4S2Q-HI: provides forty-eight 10/100/1000BASE-T Ethernet ports, four 10GSFP+ Ethernet optical ports, and two 40G QSFP+ Ethernet optical ports. The switch alsosupports a large buffer to handle burst traffic.

l CE6850-48S4Q-EI: Provides forty-eight 10G SFP+ Ethernet optical ports and four 40GQSFP+ Ethernet optical ports

l CE6850-48T4Q-EI: Provides forty-eight 10G BASE-T Ethernet ports and four 40G QSFP+ Ethernet optical ports

CE6800&5800 switches provide high-performance 40GE ports, which can connect to high-density 40GE line processing units (LPUs) on CE12800 switches to construct full-40G datacenter networks.

1.2.2 Front-to-Rear/Rear-to-Front Ventilation Channels

CE6800&5800 switches use front-to-rear/rear-to-front ventilation channels. This design isolatescold air from hot air channels, improves heat dissipation efficiency, and lowers powerconsumption, without the need to reconstruct racks in the data center equipment room.

Figure 1-2 and Figure 1-3 show the front-to-rear/rear-to-front ventilation channels onCE6800&5800 switches. The airflow direction in the ventilation channels can be changed byconfiguring fan modules and power modules.

Figure 1-2 Front-to-rear ventilation channels

1 2 3 4 5 6 7 8 9 10 11 1213 14 15 16 17 18 19 20 21 22 23 24

25 26 27 28 29 30 31 32 33 34 35 3637 38 39 40 41 42 43 44 45 46 47 48

1 2

1 2

3 4

Cold airHot air

PAC-150WA ~100-240V;50/60Hz,2.5A

STATUS

PAC-150WA ~100-240V;50/60Hz,2.5A

STATUSSTATUS

FAN-40EA-F

STATUS

FAN-40EA-F

CONSOLE

ETH

SYS

MST

ACT

L/A

ID

PWR1 FAN1 FAN2 PWR2

CE5850-48T4S2Q-EI



3

Figure 1-3 Rear-to-front ventilation channels

1 2 3 4 5 6 7 8 9 10 11 1213 14 15 16 17 18 19 20 21 22 23 24

25 26 27 28 29 30 31 32 33 34 35 3637 38 39 40 41 42 43 44 45 46 47 48

1 2

1 2

3 4

SYS

MST

STAT

SPEED

STACK

MODE/ID

CE5850-48T4S2Q-EI Cold airHot air

STATUS

FAN-40EA-B

STATUS

FAN-40EA-B

CONSOLE

ETH

SYS

MST

ACT

L/A

ID

PWR1 FAN1 FAN2 PWR2

CE5850-48T4S2Q-EI

PAC-150WA ~100-240V;50/60Hz,2.5A

STATUS

PAC-150WA ~100-240V;50/60Hz,2.5A

STATUS

1.2.3 Simplified Operations and Maintenance

CE6800&5800 switches' architecture separates the data plane from the management plane.

l The management ports, fan modules, and power modules are at the front side of the switchfor easy maintenance.

l The data ports are at the rear side of the switch to facilitate cabling and maintenance.

CE6800&5800 switches optimize indicators in the following aspects to facilitate easymaintenance of data center networks with high device densities:

l Redundant system indicator

CE6800&5800 switches have system indicators on both the front side (with managementports) and rear side (with data ports). These system indicators show the system status andstack status, helping administrators easily monitor the system status.

l Easy-to-read port indicator

Innovative 40G port indicators clearly show the running status of 40GE ports that havebeen converted into four 10GE ports.

l Easy-to-maintain stack indicator

The stack indicator shows the role and ID of the switch in a stack system, helpingadministrators maintain the stack system.

l Innovative positioning indicator

CE6800&5800 switches have a positioning indicator that allows administrators to remotelyposition a switch quickly. Administrators can turn on switches' positioning indicatorsthrough the network management system (NMS) or console so that they can quickly findthe switches that require maintenance. Positioning indicators are blue, making them easyto find.

1.2.4 Easy-to-Deploy, Easy-to-Maintain High-PerformanceStacking



4

A maximum of 16 CE6800&5800 switches can be added to a stack system. The stack systemhas the following advantages:

l High performance

In the stack, a maximum of 768 GE or 10GE interfaces are allowed.

l High bandwidth

Stacked CE5800 switches support 80 Gbit/s stack bandwidth, and stacked CE6800 switchessupport 160 Gbit/s stack bandwidth, making a stacking bandwidth bottleneck unlikely tooccur.

l Fast recovery

The ring stack topology allows for system recovery within 200 ms.

l Easy to deploy and maintain

– The pre-deployment and offline configuration functions allow users to plan and pre-configure the system and add devices on demand. This feature offers a Pay As YouGrow solution.

– Users can specify device IDs in a stack system to easily identify, locate, and maintaindevices.

– Indicators clearly identify the role and status of the device in a stack system. With theseindicators, users can complete basic maintenance tasks on a stack system without a PC.

l Simple upgrade

A stack system supports quick software upgrades and automatic software upgrades,simplifying the upgrade process and reducing workload.

1.2.5 Abundant Data Center Service Features

CE6800&5800 switches have a wide range of data center service features, including thefollowing:

l Fiber Channel over Ethernet (FCoE) and Data Center Bridging (DCB)

– FCoE, Data Center Bridging Exchange (DCBX) in 802.1Qaz, Priority-based FlowControl (PFC) in 802.1Qbb, and Enhanced Transmission Selection (ETS) in 802.1Qazallow fiber channels (FCs) to run on a converged lossless Enhanced Ethernet, therebylowering networking costs.

– FCoE and DCB can seamlessly interconnect with the existing FC infrastructure,protecting investments in the FC storage area network (FC SAN).

NOTE

Only CE6800 supports FCoE and DCB.

l Virtualization and virtual machine (VM) access

– Server virtualization improves data center efficiency.

– VM detection enables switches to automatically migrate network policies during VMmigrations, so network sources can be allocated on demand. With the technologies thatenable large Layer 2 networking, VMs can migrate freely across the entire data centernetwork.

l Transparent Interconnection of Lots of Links (TRILL)



5

– TRILL is an Internet Engineering Task Force (IETF) standard that allows for superlarge, flexible networking.

– TRILL implements multi-path load balancing to balance traffic among multiple pathsin response to service requirements.

– TRILL can quickly detect network changes and complete network convergence withina short time.



6

2 Typical Applications

About This Chapter

2.1 ToR Application

2.2 EoR Application

CloudEngine 6800&5800 Series SwitchesProduct Description 2 Typical Applications


7

2.1 ToR Application

Top of rack (ToR) is a cabling mode in a server cabinet. Switches deployed in ToR mode arecalled ToR switches. The ToR mode applies to data center networks with high server densities.As shown in Figure 2-1, ToR switches are deployed at the top of server cabinets. Two ToRswitches in two adjacent server cabinets form a stack system, and servers are dual-homed to thetwo ToR switches. The access ports on the two ToR switches constitute a link aggregation group(LAG).

Figure 2-1 ToR application

Aggregation Switch

RACKSwitch

Server

Server

Server

Server

Server

Server

Server

Server

Switch

Server

Server

Server

Server

Server

Server

Server

Server

RACK

ToR networking has the following advantages:

l The stack system can eliminate bandwidth bottlenecks. In the stack system, ToR switchesare stacked using 10GE/40GE ports, and all stack cables work in Active state, greatlyimproving stack bandwidths.

l The access reliability of the stack system is high. Master and backup ports on servers areconnected to two ToR switches simultaneously, and the access ports on the two ToRswitches work in LAG mode. Therefore, the Spanning Tree Protocol (STP) is not required,and a switchover is completed within 100 ms once a fault has occurred.

l ToR switches support 40GE uplink ports that can be used together with high-density 40GELPUs on CE12800 switches to construct high-performance 40GE data center networks.



8

2.2 EoR Application

End of row (EoR) is a cabling mode in a server cabinet. Switches deployed in EoR mode arecalled EoR switches.

The EoR mode applies to data center networks with low densities of servers. At the end of eachrow of server cabinets, there are two network cabinets where access switches are installed.Servers in cabinets along the row share these access switches. As shown in Figure 2-2, accessswitches in the network cabinets form a stack system and provide high access port densities.

Figure 2-2 EoR application

40G

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

EoR networking has the following advantages:l High access port densities. A maximum of 16 CE6800&5800 switches can be added to a

stack system and provide more than 768 GE/10GE access ports.l Improved user experience. CE6800&5800 switches use the same operating system as the

CE12800 and support chassis architecture. After being stacked, CE6800&5800 switchescan work as a chassis switch and provide the same application experience as the CE12800.

l Super-high stack bandwidth. The EoR networking mode eliminates the stack systembottleneck to the maximum extent and improves performance of the entire system.



9

3 Structures of CE6800&5800 Series Switches

Front ViewNOTE

The figures in this document are for reference only.

The front views (power supply side) of the CE6800&5800 series switches are the same exceptfor the device model silkscreens. Figure 3-1 shows the front view of a CE5850-48T4S2Q-EIswitch as an example.

Figure 3-1 CE5850-48T4S2Q-EI front view (power supply side)

1 23 456 87

l 1. Power supply slot 1

l 2. Power supply slot 2

Available power modules:

l CE5800 series: 150 W ACpower module, 350 W DCpower module

l CE6850-48S4Q-EI: 350 WAC power module, 350 WDC power module

l CE6850-48T4Q-EI: 350 WAC power module, 600 WAC power module

l 3. Fan slot 1l 4. Fan slot 2

Available fans:l CE5810 series: FAN-40SB

series fan modulesl CE5850 series: FAN-40EA

series fan modulesl CE6800 series: FAN-40EA

series fan modules

NOTEEarlier versions of theCE5850-48T4S2Q-EI use theFAN-40SA serial fan modules.

5. Console port

NOTEThis port is used for first-time login or local deviceconfiguration.

CloudEngine 6800&5800 Series SwitchesProduct Description 3 Structures of CE6800&5800 Series Switches


10

6. ETH management port

NOTEThis port is used for local or remotedevice configuration.

7. Bar code label

NOTEThis label is drawable, and youcan pull it outward to view the barcode and MAC address of theswitch.

8. USB port

NOTEThis port is used for devicedeployment, configurationfile transfer, and upgrade.

Rear ViewFigure 3-2, Figure 3-3, Figure 3-4, Figure 3-5, Figure 3-6, and Figure 3-7 show rear views(port side) of CE6800&5800 chassis.

Figure 3-2 CE5810-24T4S-EI rear view (port side)

7 4

Figure 3-3 CE5810-48T4S-EI rear view (port side)

1 4

Figure 3-4 CE5850-48T4S2Q-EI rear view (port side)

51 4

Figure 3-5 CE5850-48T4S2Q-HI rear view (port side)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 1 2 3 4SYSMSTSTATSPEEDSTACK

MODE/IDCE5850-48T4S2Q-HI

140GEBreakout

2 3 4

1 2

1 4 5

Figure 3-6 CE6850-48S4Q-EI rear view (port side)

3 6



11

Figure 3-7 CE6850-48T4Q-EI rear view (port side)

2 6

1. Forty-eight10/100/1000BASE-T Ethernetelectrical ports

2. Forty-eight 10GBASE-TEthernet electrical ports

NOTEWhen a CE6850-48T4Q-EI switchuses 350 W AC power modules and allits ports are in use, the length of eachnetwork cable used on the switchcannot exceed 30 m.

3. Forty-eight 10GESFP+ Ethernet opticalports

4. Four 10GE SFP+ Ethernetoptical ports

5. Two 40GE QSFP+ Ethernetoptical ports

NOTE

l A 40GE QSFP+ port of aCE5850-48T4S2Q-EI switchcannot be converted into four10GE SFP+ ports.

l A 40GE QSFP+ port of aCE5850-48T4S2Q-HI switch canbe converted into four 10GE SFP+ ports.

6. Four 40GE QSFP+Ethernet optical ports

NOTEA 40GE QSFP+ port ofa CE6800 switch can beconverted into four10GE SFP+ ports.

7. Twenty-four10/100/1000BASE-T Ethernetelectrical ports

- -

Side ViewFigure 3-8, Figure 3-9, Figure 3-10, and Figure 3-11 show side views of CE6800&5800chassis.

Figure 3-8 CE5800 side view (left side)

1 2

1 1

2

2 2



12

Figure 3-9 CE5800 side view (right side)

12

1 1

2

2 2 3

Figure 3-10 CE6800 side view (left side)

1 2

1 1

2

2 24 4

4 4

Figure 3-11 CE6800 side view (right side)

12

1 1

2

2 2 4 4

4 4

3

1. Three port-sidemounting holes formounting brackets

2. Four power-supply-side mounting holesfor mounting brackets

3. Ground screw 4. Four middlemounting holes formounting brackets



13

4 Product Features

About This Chapter

4.1 Feature List

4.2 Ethernet Features

4.3 STP/RSTP/MSTP

4.4 Port Security

4.5 Link Detection

4.6 IP Features

4.7 Routing

4.8 Multicast

4.9 VPN Features

4.10 QoS

4.11 Security

4.12 MAC-Forced Forwarding

4.13 DHCP

4.14 Network Management

4.15 Smart Link and Multi-Instance

4.16 Stacking

4.17 Data Center Features

CloudEngine 6800&5800 Series SwitchesProduct Description 4 Product Features


14

4.1 Feature List

Table 4-1 lists the features supported by CE6800&5800 switches.

Table 4-1 Features supported by CE6800&5800 switches

Feature Description

Ethernet Ethernet l Operating modes of full-duplex and auto-negotiationl Operating rates of an Ethernet interface, including 10 Mbit/

s, 100 Mbit/s, 1000 Mbit/s, 10 Gbit/s, 40 Gbit/s, and auto-negotiationNOTE

l GE electrical interfaces support the operating rates of 10 Mbit/s, 100 Mbit/s, and 1000 Mbit/s.

l 10GE electrical interfaces support the operating rates of 100Mbit/s, 1000 Mbit/s, and 10 Gbit/s.

l 10GE optical interfaces support the operating rates of 1000Mbit/s and 10 Gbit/s.

l 40GE optical interfaces support only the operating rate of 40Gbit/s.

l Flow control on interfacesNOTE

10GE/40GE optical interfaces do not support flow control.

l Jumbo framesl Link aggregationl Load balancing among links within a trunkl Interface isolation and forwarding restrictionsl Broadcast storm suppression

Virtual LocalAreaNetwork(VLAN)

l Multiple interface types: access, trunk, hybrid, and 802.1Q-in-802.1Q (QinQ)

l Multiple access modes: access, trunk, hybrid, and QinQl VLAN assignment: port-based, MAC address-based, IP

subnet-based VLAN assignmentl VLAN aggregationl MUX VLANl Transparent Transmission of Protocol Packets in a VLANl 1 to 1 VLAN mapping.l 2 to 1 VLAN mapping.l 2 to 2 VLAN mapping.



15

Feature Description

MediaAccessControl(MAC)

l Automatic learning and aging of MAC addressesl Static, dynamic, and blackhole MAC address entriesl Packet filtering based on source MAC addressesl Interface-based MAC learning limiting

Link LayerDiscoveryProtocol(LLDP)

Support for LLDP

Virtualinterfaceconfiguration table(VCT)

Support for VCT

Ethernetloopprotection

MultipleSpanningTreeProtocol(MSTP)

l Spanning Tree Protocol (STP)l Rapid Spanning Tree Protocol (RSTP)l MSTPl Bridge protocol data unit (BPDU) protection, root

protection, and loop protectionl Partitioned STP

IP features AddressResolutionProtocol(ARP)

l Static and dynamic ARP entriesl ARP in a VLANl Aging of ARP entriesl ARP and Reverse Address Resolution Protocol (RARP)l ARP proxyl Auto-detection

IPv6 l IPv4/IPv6 dual-stackl Neighbor Discovery (ND)l IPv6 over IPv4 Manual Tunnell IPv6 over IPv4 GRE Tunnell 6to4 Tunnel

DynamicHostConfiguration Protocol(DHCP)

l DHCP server

l DHCP relay

l DHCPv6 Relay

l DHCP snooping



16

Feature Description

IPforwarding

Unicastrouting

l IPv4/IPv6 static routingl Routing Information Protocol version 1 (RIP-1), RIP-2, and

RIPngl )Open Shortest Path First (OSPF), including OSPFv2 and

OSPFv3l Intermediate System to Intermediate System (IS-IS)l Border Gateway Protocol 4.0 (BGP4) and Border Gateway

Protocol for IPv6 (BGP4+)l Routing protocoll Policy-based routingl Unicast Reverse Path Forwarding (URPF) checkl Virtual Routing Forwarding (VRF)

VPN l GRE Tunnell Virtual Routing Forwarding (VRF)

Multicastrouting

l Internet Group Management Protocol Version 1/2/3(IGMPv1/v2/v3)

l PIM-SM (IPv4) and PIM-SM (IPv6)l PIM-SSM (IPv4) and PIM-SSM (IPv6)l MLDv1 and MLDv2l MLD SSM Mappingl Multiprotocol BGP (MBGP)l Multicast Source Discovery Protocol (MSDP)l Multicast routing policiesl Reverse Path Forwarding (RPF)l Bidirectional PIM (IPv4) and Bidirectional PIM (IPv6)



17

Feature Description

Devicereliability

BidirectionalForwardingDetection(BFD)

l BFD (IPv4) and BFD (IPv6)l Association between BFD and Eth-Trunkl BFD for OSPFl BFD for OSPFV3l BFD for IS-ISl BFD for IS-IS IPV6l BFD for BGPl BFD for BGP4+l BFD for PIM(IPv4)l BFD for PIM(IPv6)l BFD for static routing(IPv4)l BFD for static routing(IPv6)l BFD for VRRPl BFD for VRRP6

Others l Virtual Router Redundancy Protocol (VRRP) and VRRP6l Device Link Detection Protocol (DLDP)l Smart Linkl Ethernet in the First Mile (EFM), defined in 802.3ah

Layer 2multicastfeatures

Layer 2multicast

l IGMP snoopingl IGMP proxyl Fast leavel Multicast traffic controll Multicast VLAN

QoSfeatures

Trafficclassification

l Traffic classification based on combination of the L2protocol header, IP 5-tuple, outbound interface, and 802.1ppriority

l Traffic classification based on the C-VID and C-PRI of QinQpackets

Trafficbehavior

l Access control after traffic classificationl Traffic policing based on traffic classifiersl Re-marking based on the traffic classification resultl Class-based packet queuingl Association between traffic classifiers and traffic behaviors



18

Feature Description

Queuescheduling

l Priority queuing (PQ) schedulingl Deficit round robin (DRR) schedulingl PQ+DRR schedulingl Weighted round robin (WRR) schedulingl PQ+WRR scheduling

Congestionavoidance

Weighted Random Early Detection (WRED)

Rate limitingon outboundinterfaces

Rate limiting on outbound interfaces

Virtualization

Many-to-onevirtualization

l Intelligent Stack (iStack)l Stack split and mergel Dual-active detectionl Version and configuration synchronization

Datacenterfeatures

TransparentInterconnection of Lots ofLinks(TRILL)

TRILL featuresIGMP over TRILLNOTE

CE5810 does not support TRILL.

Data CenterBridging(DCB)

l Data Center Bridging Exchange Protocol (DCBX)l Priority-based Flow Control (PFC)l Enhanced Transmission Selection (ETS)NOTE

Only CE6800 supports DCB.

Fiberchannel overEthernet(FCoE)

FIP Snooping Bridge (FSB)NOTE

Only CE6800 supports FCoE.

Virtualawareness &serverassociation

l Virtual awarenessl Automatic policy deploymentl Automatic policy migrationl Cluster of NLB servers

– Association between virtual IP addresses of NLBs andmulticast MAC addresses

– Association between one multicast MAC address andmultiple outbound interfaces



19

Feature Description

Forwardingmode basedon theVirtualEthernet PortAggregator(VEPA)

Forwarding mode based on the VEPA

Configuration andmaintenance

Terminalservice

l Command line configurationl Error messages and online help in English and Chinesel Login through console and Telnet terminalsl Send function and data communications between terminal

users

File system l Directory and file managementl File upload and download using File Transfer Protocol (FTP)

and Trivial File Transfer Protocol (TFTP)

Debuggingandmaintenance

l Unified management of logs, alarms, and debugginginformation

l Electronic labelsl User operation logsl Detailed debugging information for network fault diagnosisl Network test tools such as tracert and ping commandsl Port mirroring and traffic mirroring (remote mirroring

supported)

Versionupgrade

l Device software loading and in-service software loadingl In-service upgrade using the basic input/output system

(BIOS) menul In-service patchingl ZTP



20

Feature Description

Securityandmanagement

Systemsecurity

l Hierarchical command-line protection based on user levels,preventing unauthorized users from using commands toaccess CE6800&5800 switches

l Secure Shell (SSH)l RADIUS (IPv4) and RADIUS (IPv6) authentication for

login usersl HWTACACS (IPv4) and HWTACACS (IPv6)

authentication for login usersl Access control list (ACL) filteringl Dynamic ARP inspection (DAI)l DHCP packet filtering (appending the Option 82 field)l Defense against control packet attacksl Defense against attacks of source address spoofing, LAND,

SYN flood (TCP SYN), smurf, ping flood (ICMP echo),teardrop, and ping of death

l Logs about attacking MAC addresses

Networkmanagement

l ICMP-based ping and tracertl Simple Network Management Protocol Version 1/2c/3

(SNMPv1/v2c/v3)l Standard management information base (MIB)l Remote network monitoring (RMON)l NetStream, with output statistics packets in the V5, V8, or

V9 formatl sFlowl Network quality analysis

4.2 Ethernet Features

4.2.1 Link Aggregation

Link aggregation binds multiple physical interfaces on one or more devices into a logicalinterface (such as an Eth-Trunk). This logical interface is called a load balancing group or a linkaggregation group (LAG).

After link aggregation, traffic on a logical interface is load balanced among the physicalinterfaces bound to the logical interface. When a physical interface fails, the system switchestraffic on this interface to the other physical interfaces so that services are not interrupted. Whenthe physical interface recovers, the system re-distributes traffic among physical interfaces toensure balanced traffic distribution.



21

CE6800&5800 switches support link aggregation and implement load balancing based on anyof the following information:

l Source MAC address

l Destination MAC address

l Source and destination MAC addresses

l Source IP address

l Destination IP address

l Source and destination IP addresses

l Transport-layer source port

l Transport-layer destination port

l Transport-layer source and destination ports

l User-defined load balancing modes for Layer 2 packets, IPv4 packets, and MPLS packets

Link aggregation technology increases transmission bandwidth and improves link reliabilityefficiently and cost-effectively, without the need to upgrade hardware.

4.2.2 Interface-based Flow Control

Flow control based on interfaces is a method for congestion management. CE6800&5800switches implement flow control on interfaces using a hardware backpressure mechanism. Whenan interface works in full-duplex mode, CE6800&5800 switches implement flow control on theinterface in accordance with the IEEE 802.3x standard.

When congestion occurs, CE6800&5800 switches send consecutive Pause frames to theupstream device, requesting the upstream device to stop sending data for a specified period oftime. When the upstream device receives the Pause frames, it reduces the volume of traffic sentfrom its outbound interface. Interface-based flow control takes effect on all traffic types.

4.2.3 Traffic Suppression

Traffic suppression limits the number of unknown unicast packets, multicast packets, andbroadcast packets to within a proper range to ensure network efficiency.

On the CE6800&5800 series switches, you can configure traffic limits for unknown unicastpackets, multicast packets, and broadcast packets. When the rate of these packets on an interfaceor a VLAN exceed the limits, the switches drop excess packets to control the traffic rate withina proper range, ensuring normal operations of network services.

The CE6800&5800 series switches can also control the percentages of unknown unicast packets,multicast packets, and broadcast packets on an interface.

4.2.4 VLAN

A local area network (LAN) can be divided into several logical LANs. Each logical LAN is abroadcast domain, called a virtual LAN or VLAN. To put it simply, devices on a LAN arelogically grouped into different LAN segments, regardless of their physical locations. VLANsisolate broadcast domains on a LAN.



22

VLAN AggregationTo implement communication between VLANs on CE6800&5800 switches, users can configureVLANIF interfaces and assign an IP address to each VLANIF interface. This implementation,however, wastes IP addresses when there are many VLANs. To conserve IP addresses, VLANaggregation is introduced.

VLAN aggregation means that multiple VLANs are aggregated into a super-VLAN. The VLANsthat form the super-VLAN are called sub-VLANs. A super-VLAN cannot contain physicalinterfaces, but a VLANIF interface can be created for the super-VLAN and be configured withan IP address. A sub-VLAN can contain physical interfaces, but a VLANIF interface cannot becreated for the sub-VLAN. Interfaces in all the sub-VLANs use the IP address of the VLANIFinterface created for the super-VLAN. Each sub-VLAN functions as an independent broadcastdomain, which conserves the IP addresses previously used for common VLANs.

MUX VLANMUX VLAN isolates Layer 2 traffic between ports on a VLAN. On an enterprise network forexample, MUX VLAN can isolate client ports but enable them to communicate with server ports.

This function involves a principal VLAN and several subordinate VLANs. Subordinate VLANsare classified into subordinate group VLANs and subordinate separate VLANs. Ports onsubordinate VLANs can communicate with ports on the principal VLAN. Ports on a subordinategroup VLAN can communicate with each other but cannot communicate with ports on othersubordinate group VLANs. Ports on a subordinate separate VLAN cannot communicate witheach other.

4.2.5 QinQ

The 802.1Q-in-802.1Q (QinQ) protocol is a Layer 2 tunnel protocol based on the IEEE 802.1Qtechnology. A frame transmitted on the public network has double 802.1Q tags (one for thepublic network and the other for the private network).

In most cases, telecom carriers define VLANs on the public network, and users define VLANson their own private networks. Therefore, different private networks may use the same VLANIDs. Using the QinQ function, CE6800&5800 switches add public VLAN tags to packets comingfrom private networks. Then the private VLAN tag of these packets becomes the inner VLANtag. In this way, packets from private networks are transmitted transparently on the publicnetwork, keeping private networks separate from the public network.

4.2.6 VLAN Mapping

When new branches are planned on the same network segment as old branches, and VLAN IDsin new branches are inconsistent with those in old branches, use VLAN mapping so that VLANdeployment in old branches does not need to be changed. VLAN mapping allows users to flexiblyplan VLAN IDs, prevents VLAN ID conflicts, and implement communication between new andold branches.

Implementation ModesThe device supports VLAN-based and MQC-based VLAN mapping. There are three VLAN-based VLAN mapping modes:



23

l 1 to 1 VLAN mapping

When an interface configured with VLAN mapping receives a single-tagged packet, theinterface maps the VLAN tag in the packet to a new VLAN tag.


When an interface configured with VLAN mapping receives a double-tagged packet, theinterface maps the outer tag of the packet to a specified tag and transparently transmits theinner tag as the data.


When an interface configured with VLAN mapping receives a double-tagged packet, theinterface maps the inner and outer VLAN tags in the packet to new inner and outer VLANtags.

MQC-based VLAN mapping uses a traffic classifier to classify packets based on VLAN IDs,associates the traffic classifier with a traffic behavior defining VLAN mapping so that the devicecan re-mark the VLAN ID in packets matching the traffic classifier. MQC-based VLAN mappingimplements differentiated services.

4.3 STP/RSTP/MSTP

4.3.1 STP and RSTP

The Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP) are link-layermanagement protocols that are primarily applied to LANs to prevent loops. STP blocksredundant links and trims a network into a loop-free tree topology. RSTP enhances STP,providing fast transition of interface status to speed up network convergence.

STP and RSTP prevent broadcast storms caused by loops and provide backup links for dataforwarding.

4.3.2 MSTP

The Multiple Spanning Tree Protocol (MSTP) was developed based on STP and RSTP. MSTPdivides a switching network into multiple regions. Based on VLAN tags, each region has severalspanning trees that are independent of each other. As a result, the entire network is trimmed intoa loop-free tree topology, to prevent broadcast storms.

MSTP associates VLANs with spanning trees so that packets of different VLANs are transmittedalong different spanning trees. This speeds up network convergence and implements loadbalancing.

Unlike STP and RSTP, MSTP provides multiple redundant data forwarding links to implementload balancing among VLANs.

4.3.3 MSTP Protection



24

BPDU Protection

MSTP-enabled CE6800&5800 switches provide bridge protocol data unit (BPDU) protection.When BPDU protection is enabled, CE6800&5800 switches shut down the edge port thatreceives a BPDU, instead of turning the edge port into a non-edge port. In this case, the spanningtree is not recalculated, and network flapping is prevented.

Root Protection

MSTP-enabled CE6800&5800 switches provide root protection. CE6800&5800 switchesprotect the role of the root device by retaining the role of the designated port.

When the designated port with root protection enabled receives a BPDU of a higher priority thanthe local port priority, the port does not change to a non-designated port. Instead, it enters theListening state and stops forwarding packets. After the designated port has not received BPDUsof a higher priority for a long time, it returns to the forwarding state. This prevents networkflapping.

Loop Protection

CE6800&5800 switches with loop protection enabled block the root port if the root port fails toreceive any BPDUs from an upstream device. If the blocked port receives BPDUs again, itbecomes the root port and enters the Forwarding state. If the blocked port does not receiveBPDUs, it remains blocked and cannot forward packets. In this way, loops are prevented on thenetwork.

4.4 Port Security

Port security is a security mechanism that controls network access. This mechanism checkswhether the source MAC addresses of data frames received on an interface are valid. Whendetecting packets with invalid source MAC addresses, the mechanism takes appropriate actionto protect the interface.

After port security is enabled, CE6800&5800 switches consider the following types of MACaddresses valid:

l Static MAC addresses that are manually configured

l Dynamic or static MAC addresses in the DHCP snooping table

l Dynamic MAC addresses that are learned before the number of learned MAC addressesreaches the upper limit

When an interface receives frames with invalid source MAC addresses, CE6800&5800 switchesdiscard the frames or generate an alarm.

4.5 Link Detection

CE6800&5800 switches support link detection. This link detection feature provides two meansto detect link faults on LANs: loopback detection and virtual cable test (VCT).



25

l Loopback detection is used to detect whether loops exist on a LAN. CE6800&5800switches send specific packets to detect loops over the entire LAN.

l VCT is used to estimate network cable length and locate failure points on the cable.CE6800&5800 switches simulate radar to detect cable faults and locate the failure pointsalong a single link.

4.6 IP Features

NOTE

If you need IPv6 features on CE12800 switches, buy licenses from Huawei.

4.6.1 IPv4/IPv6 Dual-StackIPv4/IPv6 dual-stack features good interoperability and easy implementation. Figure 4-1 showsthe IPv4/IPv6 dual-stack structure.

Figure 4-1 IPv4/IPv6 dual-stack structure

IPv4/IPv6 Application

TCP UDP

Link Layer

I P v 4 I P v 6

4.6.2 IPv4The CE6800&5800 supportthe following IPv4 features:

l TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), andARP

l Static DNS, which the DNS server address manually specified

l FTP server/client and TFTP client

l DHCP relay, DHCP server, and DHCP snooping

l Ping, tracert, and NQA.

l Bidirectional Forwarding Detection (BFD) features, including BFD for OSPF, BFD forISIS, BFD for BGP, and BFD for PIM

4.6.3 IPv6The CE6800&5800 supportthe following IPv6 features:



26

l IPv6 Neighbor Discovery (ND)l Path MTU Discovery (PMTU)l TCP6, ping IPv6, tracert IPv6, socket IPv6, UDP6, and Raw IP6

4.6.4 IPv6 Transition TechnologiesMost IPv6 networks are upgraded from IPv4 networks. When an IPv4 network is being upgradedto an IPv6 network, some issues occur, for example, IPv6 islands. IPv6 transition technologiesaddress these issues. IPv6 transition technologies include the dual stack technology andtunneling technology.

CE series switches support the following IPv6 transition technologies:

l Dual stack technology

– IPv4/IPv6 dual stackl Tunneling technology

– IPv6 over IPv4 Manual Tunnel

– IPv6 over IPv4 GRE Tunnel

– 6to4 Tunnel

4.7 Routing

The CE12800 supports the following routing features:

l Static routes that are manually configured by the administrator to simplify networkconfigurations and improve network performance

l IPv4 routing protocols, including RIPv1/v2, OSPF, IS-IS (IPv4), and BGPl IPv6 routing protocols, including RIPng, OSPFv3, IS-IS (IPv6), and BGP4+l Virtual routing forwarding (VRF) multi-instance and IP address overlappingl Optimal route selection using routing policies

4.8 Multicast

4.8.1 Layer 2 Multicast

The CE6800&CE5800 series switches support Layer 2 multicast (IP multicast at the data linklayer). Layer 2 multicast implements on-demand forwarding of multicast data within a broadcastdomain. This feature conserves network bandwidth and improves security of data transmission.

The CE6800&CE5800 series switches support the following Layer 2 multicast functions:

l IGMP snooping: This function is deployed on a switch between hosts and a multicast router.The switch not only supports static multicast forwarding entries, but also generates dynamicLayer 2 multicast forwarding entries with multicast groups, VLANs, and outboundinterfaces by listening to IGMP messages exchanged between the hosts and multicastrouter. When the CE6800&CE5800 series switches receive multicast cast data packets,



27

they forward the packets to the receivers in the corresponding VLAN according to the Layer2 forwarding table.

l IGMP snooping proxy: This function is deployed on a switch between hosts and a multicastrouter. The switch functions as a proxy server between the hosts and multicast server. Itterminates the IGMP messages sent from the hosts to the multicast router and substitutesfor the hosts to respond to the IGMP Query messages sent from the multicast router. Inaddition, the switch processes IGMP messages exchanged between the hosts and multicastrouter to create Layer 2 multicast forwarding entries, and forward multicast data accordingto the Layer 2 multicast forwarding entries.

l Fast leave: When a group member leaves a group, the host of the member sends an IGMPLeave message. When a Layer 2 multicast switch (CE6800&CE5800) receives the IGMPLeave message, it resets the aging timer for corresponding multicast forwarding entry anddeletes the connected member port from the entry when the aging timer expires. If eachport in a VLAN connects to only one host, you can configure the fast leave function on theswitch. With this function enabled, the switch deletes the corresponding multicastforwarding entry on a member port immediately after receiving an IGMP Leave messagefrom the member port. This function conserves network bandwidth and system resourcesand realizes fast service switching.

l Multicast traffic control: When the CE6800&CE5800 series switches receive unknownmulticast packets that do not have forwarding entries in the multicast forwarding table, theydrop the packets or broadcasts them in the VLAN to which the inbound interface belongs.They can also control the multicast traffic rate by limiting the percentage of inboundmulticast traffic on an Ethernet interface.

l Multicast VLAN: A multicast VLAN aggregates and forwards multicast traffic. If hosts inuser VLANs request multicast data, bind the user VLANs to the multicast VLAN. Thenmulticast data is replicated from the multicast VLAN to the user VLANs, realizing inter-VLAN multicast replication. The CE6800&CE5800 series switches can replicate multicastdata from one multicast VLAN to a maximum of 128 user VLANs. Multicast flows areforwarded to the multicast VLAN first, replicated at the distribution points according tothe multicast forwarding table, and then distributed to the associated user VLANs. MulticastVLAN technology enables the CE6800&CE5800 series switches to aggregate multicastflows in one or more multicast VLANs, saving bandwidth on the network. As unicast andmulticast data flows are transmitted in different VLANs, multicast VLAN technologyfacilitates management and control of multicast flows and reduces wastes of bandwidth.

4.8.2 Layer 3 Multicast

The CE6800&CE5800 series switches support Layer 3 multicast (IP multicast at the networklayer). Layer 3 multicast enables multicast data to be forwarded over an IP network and allowsuser hosts to join the multicast network.

The CE6800&CE5800 series switches support the following Layer 3 multicast functions:

l IPv4 multicast protocols: including the Internet Group Management Protocol (IGMP),Protocol Independent Multicast Any-Source Multicast (PIM-ASM), Protocol IndependentSource-Specific Multicast (PIM-SSM), Bidirectional PIM (BIDIR-PIM), and MulticastSource Discovery Protocol (MSDP).

l IPv6 multicast protocols: including PIM-ASM (IPv6), PIM-SSM (IPv6), BIDIR-PIM(IPv6), and Multicast Listener Discovery (MLD).



28

l Line-speed forwarding of IP multicast traffic.

l ASM and SSM models.

l Anycast rendezvous point (RP): Multiple RPs can exist in a domain and establish MSDPpeer relationships. A multicast source can register with the nearest RP, and a receiver canjoin the rendezvous point tree (RPT) of the nearest RP. In this manner, load balancing isimplemented among the RPs. When an RP fails, sources and receivers registered with thisRP choose another nearest RP. This RP redundancy mechanism enhances networkreliability.

l Multicast static routes

l Route filtering: The multicast routing module can filter multicast routes it receives andadvertises using routing policies. It can also use routing policies to filter and forward IPmulticast packets.

l Reverse path forwarding (RPF) check.

4.9 VPN FeaturesThe CE6800&5800 supports the following virtual private network (VPN) features:

l MPLS/BGP IPv4 L3VPN

l MPLS/BGP IPv6 L3VPN

l VPLS and VPLS over GRE

l GRE Tunnel

4.10 QoS

CE6800&5800 switches provide a class-based QoS mechanism and support 802.1p prioritiesfor minimizing end-to-end delay and jitter and optimizing bandwidth.

CE6800&5800 switches classify traffic based on specific rules and take actions on traffic tobetter support value-added services such as next generation network (NGN) services, IPTV, andbroadband access. The actions include priority re-marking, traffic policing, congestionmanagement, congestion avoidance, and rate limiting on an interface.

4.10.1 Traffic Classification

Traffic classification assesses packet header information against a set of rules to identify packetsof a certain type. For example, the 802.1p priority of packets sent by the operating support system(OSS) and NMS is set to 7; the 802.1p priority of voice over IP (VoIP) packets is set to 6; the802.1p priority of broadcast TV (BTV) packets and video on demand (VoD) packets is set to 5or 4; the 802.1p priority of packets sent by virtual private network (VPN) users is set to 3, 2, or1 according to the level of VPN users; and the 802.1p priority of Internet access service packetsis set to 0. Packets are classified based on their 802.1p priorities.

CE6800&5800 switches use a hardware classifier to ensure line-rate transmission of service dataon interfaces.

Users can define rules to classify packets and specify the relationships between rules.



29

l and: Packets match a traffic classifier only when the packets match all the rules.

l or: Packets match a traffic classifier as long as the packets match one of the rules.

Table 4-2 describes the traffic classification rules.

Table 4-2 Traffic classification rules

Layer Traffic Classification Rule

Layer 2 l VLAN ID in the outer tag of a VLAN packetl VLAN ID in the inner tag of a VLAN packetl 802.1p priority in the outer tag of a VLAN packetl 802.1p priority in the inner tag of a VLAN packetl Source MAC addressl Destination MAC address

Layer 3 l DSCP priority in IP packetsl IP precedence in IP packetsl IP protocol type

Layer 4 l TCP SYN flag in TCP packets

Others l Inbound interfacel Outbound interfacel ACL

4.10.2 Access Control and Re-Marking

After traffic classification, CE6800&5800 switches perform access control on packets bypermitting or rejecting the packets. When packets are permitted, CE6800&5800 switches re-mark the following information in the packets:

l 802.1p priority (PRI field in the VLAN tag)

l DSCP field

l Precedence field of IP packets

4.10.3 Traffic Policing

CE6800&5800 switches use a token bucket algorithm to police and control incoming traffic,implementing the committed access rate (CAR).

The traffic rate is controlled by limiting the speed at which tokens are placed in the token bucket.When the traffic rate exceeds the upper limit, CE6800&5800 switches discard excess traffic sothat the traffic remains within an acceptable range. This function saves network resources andprotects the investments of customers.



30

4.10.4 Congestion Management

CE6800&5800 switches use queue scheduling technologies to implement congestionmanagement. Each outbound interface on CE6800&5800 switches has eight queues. Afterpackets are classified, they enter the appropriate queues based on their priorities.

CE6800&5800 switches support the following queue scheduling policies:

l PQ

l WRR

l DRR

l PQ+WRR

l PQ+DRR

4.10.5 Congestion Avoidance

To remove congestion, a switch quickly discards packets to release queue resources and doesnot put packets in long-delay queues.

The CE6800&5800 switches support the Weighted Random Early Detection (WRED)algorithm. WRED monitors packets in each queue, compares the queue length with upper andlower drop thresholds, and when congestion occurs, processes packets in queues based on thefollowing rules when congestion occurs:

l When the length of a queue is smaller than the lower drop threshold, no packet is discarded.

l When the length of a queue is between the upper drop threshold and the lower dropthreshold, WRED discards packets randomly based on the maximum drop probability.

l When the length of a queue exceeds the upper drop threshold, all packets in the queue arediscarded.

4.10.6 Rate-limiting on an Interface

Rate-limiting an interface proactively adjusts the rate of traffic on the interface in order to preventburst traffic and lower the packet loss rate. CE6800&5800 switches use a token bucket and abuffer to rate-limit interfaces, implementing traffic shaping. When the rate of packets exceedsthe rate limit, CE6800&5800 switches buffer excess packets and send them after the traffic ratefalls below the rate limit. In this manner, the packet transmission rate is smoothed.

4.10.7 Two-Rate-Three-Color

CE6800&5800 switches control traffic based on the traffic classification results and discardexcess packets when the rate of packets exceeds the rate limit. CE6800&5800 switches supporttwo-rate-three-color markers. Users can set the following parameters on CE6800&5800switches:

l Committed information rate (CIR), which is the average rate of traffic that can pass throughan interface



31

l Committed burst size (CBS), which is the average volume of burst traffic that can passthrough an interface

l Peak information rate (PIR), which is the maximum rate of traffic that can pass through aninterface

l Peak burst size (PBS), which is the maximum volume of burst traffic that can pass throughan interface

In addition, CE6800&5800 switches can mark packets red, green, or yellow according to thetraffic volume, map behaviors (such as permit or deny) to the colors, and re-mark packets.

4.11 Security

CE6800&5800 switches ensure both device security and service security.

4.11.1 Device Security

Hierarchical Command ProtectionCE6800&5800 switches authenticate users when they are logging in to CE6800&5800 switchesin Telnet mode from an Ethernet interface. Only authenticated users can configure and maintainCE6800&5800 switches.

CE6800&5800 switches use a hierarchical protection mode for commands, and define fourcommand levels in ascending order: visit level, monitoring level, configuration level, andmanagement level. Users are also classified corresponding to the four command levels. Userscan use only the commands at the same or lower level than their own levels. This implementationeffectively controls user rights.

CE6800&5800 switches can combine command levels and user levels to extend to 16 total levelsfor more finely grained user management.

Remote SSH LoginCE6800&5800 switches support Secure Shell (SSH). On an insecure network, SSH provides asecurity guarantee and authentication functions for user logins and defends against multipleattacks.

SNMP Encrypted AuthenticationCE6800&5800 switches support encrypted authentication through Simple NetworkManagement Protocol version 3 (SNMPv3). When CE6800&5800 switches are managed by thenetwork management system (NMS) through SNMP, the encrypted authentication mode in theuser-based security model (USM) can be used to ensure switch security.

AAACE6800&5800 switches support Authentication, Authorization, and Accounting (AAA).Together with hierarchical command protection, CE6800&5800 switches can authenticate andauthorize login users. In addition, CE6800&5800 switches can authenticate NMS users. TheAAA mechanism enables CE6800&5800 switches to prevent unauthorized access.



32

CE6800&5800 switches support multiple authentication methods such as local, RemoteAuthentication Dial-In User Service (RADIUS), and Huawei Terminal Access ControllerAccess Control System (HWTACACS) authentication modes.

CPU Attack DefenseCE6800&5800 switches can filter the protocol packets and management packets sent to the CPUbased on the protocol ID, port number, or combination of the port number and VLAN ID. Thisfiltering protects CPU channels from denial of service (DoS) attacks.

4.11.2 Service Security

VLAN AssignmentCE6800&5800 switches support division of a LAN into multiple VLANs. Devices in differentVLANs cannot communicate with each other. This function isolates broadcast domains andimproves service security.

MAC Address Learning Limit on InterfacesUsers can set the maximum number of MAC addresses that a CE6800&5800 interface can learn,to prevent hackers from initiating source MAC address attacks from the interface. This settingensures that the MAC address entries on CE6800&5800 switches will not be used up.

Blackhole MAC Address EntryCE6800&5800 switches support blackhole MAC address entries. When receiving a packet,CE6800&5800 switches compare the source or destination MAC address of the packet withMAC address entries. If the source or destination MAC address of the packet is a blackholeMAC address entry, CE6800&5800 switches discard the packet.

Once detecting that packets with a specific MAC address are prone to attacks, users can set ablackhole MAC entry to filter out packets with this MAC address. This setting defendsCE6800&5800 switches against MAC address attacks.

MAC Table LookupTo improve interface security, CE6800&5800 switches support MAC table lookup based onVLAN IDs and MAC addresses to improve interface security. The network administrator canadd static entries to the MAC address table. A static entry defines the mapping between a MACaddress and an interface. In this way, devices with specific MAC addresses are bound tointerfaces, which defends CE6800&5800 switches against attacks from packets with forgedMAC addresses.

Port IsolationPort isolation prevents interfaces on the same CE6800&5800 switches from sending Layer 2packets to each other. CE6800&5800 switches support unidirectional and bidirectional portisolation. Port isolation ensures security of user networks and helps construct cost-effective,intelligent community networks. Port isolation also effectively controls broadcast packets andincreases network throughput.



33

Packet FilteringPacket filtering is used to filter out invalid or unwanted packets.

CE6800&5800 switches can filter out packets based on user-defined rules, for example, bychecking the MAC address, IP address, port number, and VLAN ID of packets. Packet filteringdoes not check the session status or analyze data. The packet filtering technology enablesCE6800&5800 switches to effectively control the packets that pass through.

4.12 MAC-Forced ForwardingThe access layer provides network connections between the user-side hosts and the telecomcarrier-side access routers (ARs), including the reliable connections between the hosts and theInternet or other IP networks.

The access layer is divided into the user network and aggregation network. The user network isconnected to an access node (AN) through a subscriber line (which is a physical line), and theAN connects the subscriber line to the aggregation network. Therefore, the AN is the edgebetween the subscriber line and the aggregation network. The aggregation network centralizesand aggregates user traffic. Figure 4-2 shows the connections at the access layer.

Figure 4-2 Connections at the access layer

Switch CSwitch A

Switch B

EAN

EAN

EAN

Gateway

Flow through GatewayFlow not through Gateway

Server ServerServerServer



34

Users have the following requirements at the access layer:

l CE6800&5800 switches must perform Layer 3 forwarding for traffic of different user hostsin different networks. In this way, switches can filter, schedule, and charge user traffic.

l IPv4 address assignment efficiency needs to be improved to save IPv4 addresses. Theaddress assignment effectiveness also needs to be improved if addresses are assigned froma large address pool but not from a small and independent network segment.

To implement user isolation at the access layer and meet the preceding requirements, the MAC-Forced Forwarding (MFF) protocol is introduced.

MFF is a security protocol and it ensures that user hosts accessing a device with the same mediaare isolated at Layer 2. When MFF is running, its security program applies to any shared accessmedia.

In addition to Layer 2 isolation, the AN running MFF discards any upstream broadcast packetsexcept for DHCP packets and ARP request packets. Especially, the AN discards DHCP Replypackets received through the subscriber line and rate-limits the DHCP Broadcast packets.

The AN running MFF must track the IPv4 addresses allocated to the subscriber line. This is todiscard upstream traffic that uses forged source IPv4 addresses.

4.13 DHCP

DHCP SnoopingCE6800&5800 switches can be deployed between the DHCP server and client to listen DHCPpackets that are exchanged. Based on the listening result, CE6800&5800 switches create an IP+MAC+PORT+VLAN binding table to suppress invalid packets.

In addition, CE6800&5800 switches support the Option 82 field for collecting accurate locationsof DHCP clients.

l After receiving a Request packet from a DHCP client, CE6800&5800 switches append theOption 82 field to the Request packet. Then, CE6800&5800 switches forward the packetto the DHCP server. The DHCP server allocates IP addresses based on the Option 82 field.

l The DHCP server appends the Option 82 field to a Reply packet and sends the reply packetto CE6800&5800 switches. CE6800&5800 switches parse the Option 82 field, determinethe target interface, remove the Option82 field, and then forward the packet to a user.

On CE6800&5800 switches, Option 82 is implemented in two modes: Option 82 insert andOption 82 rebuild.

The Option 82 field contains the user circuit ID that carries the user device name, inner and outerVLAN IDs, and port number. Therefore, the Option 82 function effectively prevents attackersfrom modifying DHCP packets.

DHCP RelayThe DHCP client and DHCP server broadcast DHCP packets during IP address allocation.Therefore, DHCP applies only to scenarios when the DHCP client and DHCP server are on thesame subnet. To implement dynamic host configuration, users must configure a DHCP serveron each network segment, which increases costs.



35

The DHCP relay function is introduced to resolve this problem. By using DHCP relay, a DHCPclient in a subnet can communicate with the DHCP server in another subnet and finally obtainan IP address. In this manner, DHCP clients on multiple network segments can share one DHCPserver. This reduces costs and facilitates centralized management.

DHCP ServerA DHCP server processes requests for address allocation, address lease extending, and addressrelease from DHCPv6 clients or DHCPv6 relay agents, and allocates IP addresses and othernetwork configuration parameters to DHCP clients.

The switch can function as a DHCP server and uses a global IP address pool to allocate IPaddresses. You can configure the following DHCP server functions on the switch:l Configure and IP address pool, address lease, DNS server address, NetBIOS server address,

domain name suffix, and other network parameters. The DHCP server then dynamicallyallocates IP addresses and other network configuration parameters to DHCP clients.

l Exclude some IP addresses in the address pool so that they will not be dynamically allocatedto clients.

l Bind IP addresses in the address pool to MAC addresses so that fixed IP addresses can beallocated to servers or hosts used for special purpose on the network.

l Configure the DHCP server to check whether an IP address is in use by sending ping packetsbefore allocating the IP address to a client.

4.14 Network Management

4.14.1 LLDP

CE6800&5800 switches support the Link Layer Discovery Protocol (LLDP) that conforms toIEEE 802.1ab. LLDP is a link layer protocol that a device uses to obtain information aboutneighboring devices.

Using LLDP, the local NMS can obtain link-layer information of all devices on the local networkand details about the network topology. This expands the network management scope.

The LLDP-enabled interfaces on a CE6800&5800 periodically notify the neighboring devicesof the local interface status. When the status of an interface changes, the interface sends a statusupdate message to the directly connected neighboring device. The neighboring device stores thestatus update message in the standard SNMP MIB. Then the NMS obtains link-layer informationof the network from the MIB to calculate the topology of the entire network.

4.14.2 NQA

With the launch of more value-added services, telecom carriers and users alike requireincreasingly high QoS. Especially with the advent of voice over IP (VoIP) and video over IPservices, telecom carriers and users all tend to require Service Level Agreements (SLAs). Toensure users with the committed bandwidth, telecom carriers need to collect statistics aboutdelay, jitter, and packet loss of devices. These statistics help analyze network performance intimely fashion.



36

CE6800&5800 switches provide the network quality analysis (NQA) function to meet thepreceding requirements. NQA measures the performance of different protocols running on thenetwork. With NQA, telecom carriers can collect network operation indexes in real time, suchas TCP connection delay and file transfer rate. Based on these indexes, telecom carriers canprovide differentiated network services and charge differently for them. NQA is also an effectivetool for diagnosing network faults.

4.14.3 NetStreamAs bandwidth on the Internet increases fast, users need to manage their network resources morerefinedly. NetStream technology can collect statistics about network traffic and usage of networkresources by sampling network traffic. This technology enables network administrators to obtaindetailed records about traffic on their data networks.

Figure 4-3 NetStream networking diagram

NDENetStream

NSC NSC

NDA NDA

NetStream traffic

traffic

NDE: NetStream Data Exporter NSC: NetStream Collector NDA: NetStream Data Analyzer

NetStream provides the following functions:l Network management and planningl Enterprise accounting and department billingl ISP billingl Data storagel Business data collection

An IP a connectionless protocol, a service data flow on an IP network is a group of IP packetsthat may be sent from any terminal to another terminal. Most data flows on an IP network aretemporary and bidirectional.



37

NetStream identifies flows of different services based on 7-tuple information consisting of thedestination IP address, source IP address, destination port number, source port number, protocolID, Type of Service (ToS), and inbound or outbound interface. After identifying data flows,NetStream collects statistics for each service separately.

The NDE periodically sends the collected traffic statistics to the NSC. NSC processes the trafficstatistics and sends the statistics to the NDA. NDA analyzes the statistics, generates reports foraccounting and networking planning.

CE6800&CE5800 switches can work as an NDE and support packet-based random sampling tosample IPv4, IPv6, and MPLS packets. The switches can create original traffic, flexible traffic,and aggregation traffic and encapsulate NetStream packets V5, V8, or V9 format. They supportthe Distributed NetStream model.

4.14.4 sFlowSampled Flow (sFlow) is a traffic monitoring technology that samples packets for trafficstatistics collection and analysis.

sFlow provides interface-based traffic analysis and displays traffic statistics in graphs or reports,facilitating preventive maintenance on enterprise networks, especially for enterprises that do nothave specialized network administrators.

NetStream technology also provides traffic analysis function. As NetStream is implementedbased on traffic information, network devices must collect traffic statistics and save the collectedstatistics in their buffers. Statistics are sent to the NetStream Collector (NSC) when their buffersare full or when the traffic aging time expires. In sFlow application, network devices only needto sample packets and do not need to save traffic statistics in their buffers. Traffic analysis iscompleted by a remote collector. sFlow has the following advantages over NetStream:

l Fewer sources consumed and lower costs: Network devices do not need to save trafficstatistics in their buffers, reducing the network resources consumed and lowering costs.

l Flexible, on-demand collector deployment: Network traffic statistics collection andanalysis are completed by the collector. The traffic collection and analysis functions canbe flexibly configured on the collector according to network characteristics.

4.15 Smart Link and Multi-InstanceDual-homing is a commonly used networking model. A dual-homing network usually runs theSpanning Tree Protocol (STP) protocol to implement link redundancy. However, STPconvergence speed is low.

Smart Link can implement fast link switchover while providing redundancy protection. On adual-homed device, when the active link fails, the device switches traffic to the standby link toensure normal traffic forwarding.

Smart Link is specific to dual-homing networking and features fast convergence (subsecondconvergence), simple configuration, and easy user operation.

Smart Link multi-instance allows you to associate a Smart Link Group with multiple instancesbound to different VLAN ranges. Configure the standby link (using a command) to forwardtraffic of some instances. Then data traffic of different VLANs is transmitted over differentpaths, realizing loading balancing.



38

4.16 Stacking

Stacking enables switches located in the same place to form a reliable switch group by way ofhigh-speed uplink interfaces. CE6800&5800 switches implement stacking by multiplexing10GE/40GE uplink interfaces as stack interfaces. After being stacked, CE6800&5800 switchescan be uniformly managed and maintained, which reduces maintenance costs.

Stack interfaces on CE6800&5800 switches can be bonded to improve bandwidth and to enhancestacking reliability.

Member switches in a stack system have three roles:

l Master switchA stack system has only one master switch. The master switch manages the entire stacksystem by assigning stack IDs to member switches, collecting information about the stacktopology, and advertising information to all the member switches.

l Standby switchWhen the master switch fails, the standby switch becomes the master switch and takes overall services.

l Slave switchIn a stack system, all member switches except for the master switch are slave switches.

4.17 Data Center Features

4.17.1 TRILL

In the cloud computing era, server virtualization technology is widely used in data centers. VMsmust be able to dynamically migrate within a wide range to enhance service reliability and lowerIT costs. Moreover, collaborative computing between servers generates a large volume of east-west traffic. Therefore, fat-tree networking is required to implement non-blocking dataforwarding. These service requirements lead to the birth of large Layer 2 networking.Transparent Interconnection of Lots of Links (TRILL) is introduced to build large Layer 2networks.

TRILL is an IETF standard to implement large Layer 2 networking. Data packets areencapsulated in TRILL headers with a TTL value to prevent packet loops. RPF check performedon multicast packets also effectively prevents broadcast storms caused by loops. Packets areforwarded along multiple paths to improve bandwidth efficiency. TRILL supports shared linksand can seamlessly interconnect with traditional Layer 2 networks. In addition, many TRILLparameters are generated automatically, simplifying TRILL deployment. TRILL supportsunicast and multicast services simultaneously and features easy operation and maintenance(O&M). TRILL is applicable to building large Layer 2 networks. It has the same characteristicsas traditional Layer 2 networks: plug-and-play and flexible deployment. TRILL also addressesmany issues of traditional Layer 2 networks. For example, bandwidth efficiency is low, STPconvergence is slow, and every switch needs to learn MAC addresses from devices on the entirenetwork.



39

All CE6800&5800 series switches support standard TRILL.

4.17.2 DCB

Data Center Bridging (DCB) is a set of standards designed for enhancing Ethernet technologiesand can transmit service packets on the Ethernet without packet loss. The CE6800 switchsupports the following DCB features:l Priority-based Flow Control (PFC): controls flows based on priorities. When congestion is

to occur on the queue of a priority on an interface, the switch sends a backpressure signalto the upstream switch, requesting the upstream device to reduce the rate of packets of thesame priority in the queue according to congestion. This mechanism takes effect on eachnode along the path to the source switch. Backpressure can be applied to a single priorityor to several priorities, but cannot be applied to all priorities of packets passing through theinterface.

l Enhanced Transmission Selection (ETS): classifies priorities according to bandwidthallocation, low latency, or best effort (BE). Flows with identical or similar features areclassified into one priority group so that bandwidth is properly allocated to each group.

l Data Center Bridging Exchange (DCBX): detects the configuration of the peer device andexchanges configurations between switches in accordance with DCB.

4.17.3 FCoE

In a traditional data center, the Ethernet and storage area network (SAN) are independent of eachother, resulting in complicated network architecture and high network maintenance andmanagement costs. To simplify network architecture and reduce network costs, Fiber Channelover Ethernet (FCoE) technology has become an inevitable industry trend as this technologycan effectively converge Ethernet and SAN.

In addition, converged network adapters (CNAs) are widely applied to 10GE servers. A CNAcan function as the network interface card (NIC) on the Ethernet and the host bus adapter (HBA)on the fiber channel (FC) network at the same time. Therefore, a CNA can directly connect toan Ethernet switch and transmit both Ethernet packets and FC packets (FC packets areencapsulated in Ethernet packets using FCoE). Network convergence is thereby implemented.

FIP Snooping Bridge (FSB): supports access of FCoE traffic by working with DCB features.FSB requires fewer FC access switches, which lowers the costs and power consumption on theentire network.

4.17.4 VM Detection

In data center server virtualization scenarios, the minimum managed object for a switch is virtualmachine (VM), but not the physical server. When VMs migrate within a data center, the switchneeds to quickly detect the migration and synchronizes service configurations to new interfacesto ensure normal running of services. Figure 4-4 shows the virtual awareness solution.



40

Figure 4-4 Virtual awareness solution

Network administrator

Switch

NICHardware

Virtual Switch

VM VM VM

NICHardware

Virtual Switch

VM VM VM

nCenter

vCenter

The CE6800&5800 series switches support the following virtual awareness features:l Manage and control VMs, and quickly obtain VM migration information from the vCenter.l Automatically deploy and migrate VM policies. When a VM goes online, the switch

automatically deploys a VM policy for the VM; when a VM goes offline, its VM policy isautomatically deleted; when a VM is migrated, the switch deploys the VM policy on thenew access interface.

4.17.5 Forwarding Based on the VEPA

In server virtualization scenarios, virtual machines (VMs) on the same server cannot directlycommunicate with each other.

In the Virtual Edge Port Aggregator (VEPA) service model, all traffic exchanged between VMson the same server must be forwarded by the upstream CE6800&5800 switches. This is theVEPA-based traffic model. VEPA-based forwarding ensures that theCE6800&5800 seriesswitches can correctly forward traffic to the destination VMs on the same port. Figure 4-5 showsthe VEPA-based traffic model.

Figure 4-5 VEPA-based traffic model

Hypervisor

VM1 VM2 VM3

Server

VEPA

Switch



41

4.17.6 NLB Cluster AssociationThe network load balancing (NLB) cluster is a server clustering technology developed byMicrosoft based on network load balancing. NLB cluster supports load balancing andredundancy backup among servers in a cluster. Servers in an NLB cluster use the same clusterIP address and cluster MAC address. To ensure fast switching, network devices (such asswitches) in a data center need to send data packets to all servers in an NLB cluster. Therefore,network devices need to be associated with the NLB cluster, as shown in Figure 4-6.

Figure 4-6 NLB cluster association

Switch

Server_1 Server_2 Server_3

IF1

IF2

IF3

Server groupIP MAC

NLB cluster association supports the following features:

l Associating NLB virtual IP addresses with multicast MAC addressesl Associating multicast MAC addresses with multiple outbound interfaces



42

5 Operation Maintenance and NetworkManagement

About This Chapter

5.1 Maintenance and Management

5.2 eSight

CloudEngine 6800&5800 Series SwitchesProduct Description 5 Operation Maintenance and Network Management


43

5.1 Maintenance and Management

5.1.1 Configuration Modes

Configuration Methods

CE6800&5800 switches support the following configuration and management methods:

l Command line

Users can log in to the console port on CE6800&5800 switches from a console terminaland then configure various features and parameters in the command-line interface (CLI).

l NMS configuration

Users can configure and manage CE6800&5800 switches using SNMP through a networkmanagement system (NMS) workstation.

Login Modes

CE6800&5800 switches provide a console port for users to configure CE6800&5800 switcheslocally or remotely. Users can connect a console terminal to the console port through a serialport.

In addition, users can log in to CE6800&5800 switches' service interfaces through Telnet,Stelnet, or SSH for configuration and management.

For user logins, CE6800&5800 switches support multiple authentication modes, including non-authentication, local authentication, and AAA authentication.

5.1.2 Monitoring and Maintenance

Hardware Monitoring

CE6800&5800 switches provide the following hardware monitoring functions:

l Re-detect hardware faults to prevent incorrect detection caused by intermittent interference.

l Checks version mapping automatically when the CE6800&5800 system is running.

Device Management and Maintenance

CE6800&5800 switches provide the following device management and maintenance functions:

l Support online help for the command line in English and Chinese.

l Provide hierarchical commands and user rights management.

l Provide an information center to uniformly manage logs, alarms, and debugginginformation and redirect information as required.



44

l Provide electronic labeling. Users can query basic information about the main controlboards, optical modules, and fan modules on the CLI, and back up the information to anexternal server using FTP or TFTP.

l Display the system version, module status, ambient temperature, CPU usage, and memoryusage.

5.1.3 Diagnosis and Debugging

Ping and tracert

On traditional IP networks, CE6800&5800 switches provide the following tools to checknetwork connectivity:

l Ping

l Tracert

These tools test network connectivity and record the transmission paths of packets to help locatefaults.

Debugging

CE6800&5800 switches provide various debugging commands for each software feature. Eachdebugging command supports multiple parameters and can be flexibly controlled. Debuggingcommands can display the detailed information about process handling, packets received andtransmitted, and error checking of features.

Black Box

CE6800&5800 switches provide a black box function to record information on feature modules,tasks, and events. To facilitate fault location, the black box records the dying gasp, process status,and function calling track.

VCT

After a user runs the virtual cable test (VCT) command on an interface of CE6800&5800switches, the interface sends a testing signal. According to time domain reflectometry (TDR)theory, the interface receives the reflected signal a while after sending the testing signal. Basedon the characteristics of the reflected signal, the user can infer the cable status.

Mirroring Functions

CE6800&5800 switches support the following mirroring functions.

l Port mirroring

CE6800&5800 switches copy packets from the mirrored port to the mirroring port foranalysis and monitoring.

l Flow mirroring

CE6800&5800 switches copy all traffic on the mirrored port to the mirroring port foranalysis and monitoring.



45

Users can connect a monitoring host to a mirrored port on CE6800&5800 switches to observepackets passing through CE6800&5800 switches in real time. The mirroring function facilitatestraffic detection, fault location, and data analysis.

The CE6800&5800 series switches also support remote mirroring and can send the packetscopied by port mirroring or traffic mirroring to a remote monitoring device through a GREtunnel.

5.1.4 Software Upgrade and In-Service Patching

Software Upgrade

Before a software upgrade, CE6800&5800 switches can check the integrity and applicability ofsystem software. Two software upgrade methods are available for CE6800&5800 switches.

l Local upgrade

When CE6800&5800 switches are powered on and starting, the software can be loaded andupgraded using the BIOS menu.

l Remote in-service upgrade

When CE6800&5800 switches are running properly, the new software can be remotelydownloaded using FTP or TFTP. When CE6800&5800 switches restart, the new softwareruns and takes effect. This implements smooth remote software upgrade.

l Zero Touch Provisioning (ZTP)

After an unconfigured device is powered on, it downloads the new system software fromthe remote file server to upgrade the system.

CE6800&5800 switches support software version rollback in case of an upgrade failure.

In-Service Patching

CE6800&5800 switches support in-service patching to protect services from being affectedwhen a patch is installed. Device information is recorded before and after in-service patching,so the patch can be rolled back to the previous version if necessary.

5.1.5 Hardware Fault Handling

CE6800&5800 switches support automatic and manual intervention when a hardware faultoccurs, for example, when a chip fails. The maintenance personnel can locate a hardware faultand handle it quickly to minimize service interruption.

5.2 eSight

eSight can display the software version information, save and restore configuration files andVRP image programs, and support in-service patching for CE6800&5800 switches through CLI.

eSight provides the following functions:



46

Resource Management

eSight provides the resource management function to manage network resources, includingdevices, interfaces, and links on large and complex networks. Resource management allowsusers to query and manage CE6800&5800 switches and to check and locate abnormal resources.

View Management

eSight provides a unified topology view of all devices on a network to help users easily obtainnetwork information. eSight also provides powerful topology management functions. Users canbrowse device information in the system topology views, protocol topology views, and user-defined views. In addition, eSight provides user-friendly interfaces for operation andmaintenance of networks and devices.

The protocol topology views include the Ethernet view, which covers the topologies of variousnetworking modes and network hierarchies. These views support automatic discovery of anetwork topology and reflect changes in the network topology and device status in real time.

Configuration Management

eSight provides configuration management and supports management of devices, interfaces,VLANs, Layer 2 features, software upgrades, and configuration files. eSight supports diverseconfiguration modes such as end-to-end configuration, batch configuration, and wizard-basedconfiguration, and offers default configuration templates.

Fault Management

Fault management is essential for maintaining networks. On the graphical user interface (GUI)provided by eSight, users can query and monitor the CE6800&5800 running status and faults inreal time, and filter, locate, acknowledge, and analyze faults. eSight can generate alarm soundsor display alarms on the alarm panel. eSight can be connected to an alarm box for convenientroutine maintenance of networks and devices.

Performance Management

eSight can monitor device performance, collect data, and analyze the collected data. It generatesdevice performance data in graphs and reports. With eSight, users can query the CPU capacity,device memory, and interfaces, and collect statistics about device load and user access. Withthese statistics, users can determine the QoS of the network and evaluate and adjust networkresource configurations proactively.

Performance management is implemented based on eSight's resource management function.

Security Management

eSight provides various measures for security management. Users are authenticated uniformlyon eSight and user rights are configured based on the minimum granularity. In addition, eSightauthenticates users to ensure system security and provides detailed operation logs for users toquery and analyze user operations.

Security management includes user management, access control, user group management, andoperation management.



47

6 System Parameters

About This Chapter

6.1 Specifications

CloudEngine 6800&5800 Series SwitchesProduct Description 6 System Parameters


48

6.1 Specifications

Table 6-1 lists the specifications of CE6800&5800 switches.

Table 6-1 Specifications

Item Description

Physical specifications l Dimensions (W x D x H):

– CE5810-24T4S-EI: 442.0 mm x 420.0 mm x 43.6mm

– CE5810-48T4S-EI: 442.0 mm x 420.0 mm x 43.6mm

– CE5850-48T4S2Q-EI: 442.0 mm x 420.0 mm x43.6 mm

– CE5850-48T4S2Q-HI: 442.0 mm x 420.0 mm x43.6 mm

– CE6850-48S4Q-EI: 442.0 mm x 600.0 mm x43.6 mm

– CE6850-48T4Q-EI: 442.0 mm x 600.0 mm x43.6 mm

l Weight (without optical modules, with two powermodules and two fan modules):

– CE5810-24T4S-EI: 8.0 kg

– CE5810-48T4S-EI: 8.2 kg

– CE5850-48T4S2Q-EI: 8.85 kg

– CE5850-48T4S2Q-HI: 8.8 kg

– CE6850-48S4Q-EI: 11.05 kg

– CE6850-48T4Q-EI: 11.35 kg

Environmentparameters

Temperature l Operating temperature: 0°C to 40°C (0 m to 1800 m)NOTE

When the altitude is between 1800 m and 5000 m, thehighest operating temperature reduces 1°C every time thealtitude increases 220 m.

l Storage temperature: -40°C to +70°C

Relativehumidity

5% RH to 95% RH, noncondensing

Altitude < 5000 m



49

Item Description

Noise (soundpressure, 27°C)

l CE5810-24T4S-EI:

– Back-to-front airflow: < 43 dBA

– Front-to-back airflow: < 47 dBAl CE5810-48T4S-EI:


– Front-to-back airflow: < 47 dBAl CE5850-48T4S2Q-EI:


– Front-to-back airflow: < 45 dBAl CE5850-48T4S2Q-HI:


– Front-to-back airflow: < 51 dBAl CE6850-48S4Q-EI:


– Front-to-back airflow: < 56 dBAl CE6850-48T4Q-EI:


– Front-to-back airflow: < 56 dBA

Powerspecifications

Power sourcetype

AC/DC

AC power input l Rated input voltage range: 100 V AC to 240 V AC,50/60 Hz

l Maximum input voltage range: 90 V AC to 290 VAC, 45 Hz to 65 Hz

DC power input l Rated voltage range: -48 V DC to -60 V DCl Maximum voltage range: -38.4 V DC to -72 V DC

Maximum inputcurrent

l 150 W AC power: 2.5 A (100 V AC to 240 V AC)l 350 W AC power: 5 A (100 V AC to 240 V AC)l 350 W DC power: 11 A (-38.4 V DC to -72 V DC)l 600 W AC power: 9 A (100 V AC to 240 V AC)

Chassis powerconsumption

Maximumpowerconsumption

l CE5810-24T4S-EI: 68 Wl CE5810-48T4S-EI: 92 Wl CE5850-48T4S2Q-EI: 133 Wl CE5850-48T4S2Q-HI: 131 Wl CE6850-48S4Q-EI: 272 Wl CE6850-48T4Q-EI: 380 W



50

Item Description

Typical powerconsumption

l CE5810-24T4S-EI: 58 W (100% traffic load, 3 mnetwork cables on 24 ports, SFP+ cables on 4 ports,double power modules)

l CE5810-48T4S-EI: 80 W (100% traffic load, 3 mnetwork cables on 48 ports, SFP+ cables on 4 ports,double power modules)

l CE5850-48T4S2Q-EI: 103 W (100% traffic load, 3m network cables on 48 ports, SFP+ cables on 4 portsand QSFP+ cables on 2 ports, double powermodules)

l CE5850-48T4S2Q-HI: 109 W (100% traffic load, 3m network cables on 48 ports, SFP+ cables on 4 portsand QSFP+ cables on 2 ports, double powermodules)

l CE6850-48S4Q-EI: 180 W (100% traffic load, SFP+ cables on 48 ports and QSFP+ cables on 4 ports,double power modules)

l CE6850-48T4Q-EI: 305 W (100% traffic load, 3 mnetwork cables on 48 ports and QSFP+ cables on 4ports, double power modules)

Surge protection Port: 1±kV in common mode; power module: 6 ±kV incommon mode and 6 ±kV in differential mode

Heatdissipation

Heat dissipationmode

Air cooling

Airflow Front-to-back or back-to-front, which is determined byfeatures of fan modules and power modules.

Reliability Power modulebackup

1+1 backup

Fan modulebackup

The CE5850-EI and CE5810-EI support 1+1 backup offan modulesNOTE

A CE6800 or CE5850-HI chassis uses two FAN-40EA seriesfan modules, with each fan module containing two fans. Thefour fans on the CE6800 or CE5850-HI chassis work in 3+1backup mode.

Hot swap All the power modules and fan modules support hotswap.



51

Item Description

Technicalspecifications

Processor l CE5810-24T4S-EI: 1.2 GHz, dual-corel CE5810-48T4S-EI: 1.2 GHz, dual-corel CE5850-48T4S2Q-EI: 1.2 GHz, quad-corel CE5850-48T4S2Q-HI: 1.2 GHz, dual-corel CE6850-48S4Q-EI: 1.5 GHz, quad-corel CE6850-48T4Q-EI: 1.5 GHz, quad-core

Forwardingcapacity of thechassis (Mpps)

l CE5810-24T4S-EI: 96l CE5810-48T4S-EI: 132l CE5850-48T4S2Q-EI: 252l CE5850-48T4S2Q-HI: 252l CE6850-48S4Q-EI: 960l CE6850-48T4Q-EI: 960

SDRAMMemory

2 GB

NOR Flash l CE5810-24T4S-EI: 16 MBl CE5810-48T4S-EI: 16 MBl CE5850-48T4S2Q-EI: 8 MBl CE5850-48T4S2Q-HI: 16 MBl CE6850-48S4Q-EI: 8 MBl CE6850-48T4Q-EI: 8 MB

NAND Flash l CE5810-24T4S-EI: 512 MBl CE5810-48T4S-EI: 512 MBl CE5850-48T4S2Q-EI: 1 GBl CE5850-48T4S2Q-HI: 1 GBl CE6850-48S4Q-EI: 1 GBl CE6850-48T4Q-EI: 1 GB



52

Item Description

Stack Service portsupporting thestack function

l CE5810-24T4S-EI: uplink 10GE optical ports,supporting service interface stacking

l CE5810-48T4S-EI: uplink 10GE optical ports,supporting service interface stacking

l CE5850-48T4S2Q-EI: uplink 10GE and 40GEoptical ports

l CE5850-48T4S2Q-HI: uplink 10GE and 40GEoptical ports

l CE6850-48S4Q-EI: downlink 10GE optical portsand uplink 40GE optical ports

l CE6850-48T4Q-EI: downlink 10GE electrical ports(V100R002 and later versions) and uplink 40GEoptical ports

NOTEDownlink GE electrical ports cannot be used as stack ports.

Maximum stackbandwidth(unidirectional)

l CE5810-24T4S-EI: 40 Gbit/s (4x10GE, a maximumof four physical ports on a logical stack port)

l CE5810-48T4S-EI: 40 Gbit/s (4x10GE, a maximumof two physical ports on a logical stack port)

l CE5850-48T4S2Q-EI: 80 Gbit/s (4x10GE or2x40GE, a maximum of four physical ports on alogical stack port)

l CE5850-48T4S2Q-HI: 80 Gbit/s (4x10GE or2x40GE, a maximum of four physical ports on alogical stack port)

l CE6850-48S4Q-EI: 160 Gbit/s (4x40GE or16x10GE, a maximum of sixteen physical ports ona logical stack port)

l CE6850-48T4Q-EI: 160 Gbit/s (4x40GE or16x10GE, a maximum of sixteen physical ports ona logical stack port)

NOTEA 10GE port and a 40GE port cannot belong to the same logicalstack port.

Safety standards compliance l EN 60950-1:2006+A11:2009+A1:2010+A12:2011l EN 60825-1:2007l EN 60825-2:2010l UL 60950-1:2007 2rd Editionl CSA C22.2 No.650:2007 2rd Editionl IEC 60950-1:2005+A1:2009l AS/NZS 60950-1:2011l GB4943:2011



53

Item Description

EMC standards compliance l ICES-003:2012 CLASS Al CISPR 22:2008 CLASS Al CISPR 24:2010l EN 55022:2010 CLASS Al EN 55024:2010l ETSI EN 300 386 V1.6.1:2012l AS/NZS CISPR 22:2009 CLASS Al IEC 61000-3-2:2005+A1:2008+A2:2009/EN

61000-3-2:2006+A1:2009+A2:2009l IEC 61000-3-3:2008/EN 61000-3-3:2008l CNS 13438:2006 CLASS Al VCCI V-4:2012 CLASS Al VCCI V-3:2012 CLASS Al FCC 47CFR Part15 CLASS Al EC Council Directive 2004/108/ECl GB9254

Safety and environmentalstandards compliance

l 2002/95/EC, 2011/65/EUl 2002/96/EC, 2012/19/EUl EC NO.1907/2006l ETSI EN 300 019-1-1 V2.1.4l ETSI EN 300 019-1-2 V2.1.4l ETSI EN 300 019-1-3 V2.3.2l ETSI EN 300753 V1.2.1



54

Date post:	07-Feb-2016
Category:	Documents
Upload:	menganofulano
View:	65 times
Download:	0 times

CloudEngine 6800&5800 V100R003C00 Product Description 01

Documents