H3C S5500-EI IPv6 Switches: Advanced Features for Modern Networks

H3C S5500-EI 10G IPv6 Switches

Content • Introduction • Highlight Features • Typical Solutions

S5500-28C-SI / S5500-28C-PWR-SI Hardware Specification Console Port 2 Extended slots 4×1000 Base-X SFP (combo) DC Power Connector (non-PoE) 24×10/100/1000Base-T Port AC Power Connector Highlights • Switch Capacity:128Gbps / Throughput 95.2Mpps • IPv4/IPv6 dual stack and hardware forwarding • L3+ function: Static Routing, RIP, OSPF, BGP • Full wire speed GE ports and 10GE uplink • PoE (S5500-28C-PWR-SI)

S5500-52C-SI / S5500-52C-PWR-SI Hardware Specification 2 Extended slots Console Port 4×1000 Base-X SFP (combo) AC Power Connector 48×10/100/1000Base-T Port DC Power Connector (PoE) Highlights • Switch Capacity:176Gbps / Throughput 130.9Mpps • IPv4/IPv6 dual stack and hardware forwarding • L3+ function: Static Routing, RIP, OSPF, BGP • Full wire speed GE ports and 10GE uplink • PoE(S5500-52C-PWR-SI)

S5500-28F-EI Hardware Specification 2 Extended slots Console Port 8 x 10/100/100Base-T Port (combo) Modular power slots (AC/DC) Modular power slots (AC/DC) 24 x 1000Base-X SFP Port Highlights • Switch Capacity:128Gbps / Throughput 95.2Mpps • IPv4/IPv6 dual stack and hardware forwarding • L3+ function: Static Routing, RIP, OSPF, BGP • Full wire speed GE ports and 10GE uplink

Highlights of S5500-EI • Up to 4 10GE uplinks • 128G/176G switching capacity • Full wire speed L2/L3 switching and forwarding • 32K MAC, 12K routing table Performance • IPv4/IPv6 dual stack • RIP, OSPF, BGP, RIPng, OSPFv3, BGP4+ • IGMP, PIM SM/DM, MLD, PIM6 SM/DM • IPv4/IPv6 Policy Based Routing • IPv6 Ready phase-II certification IPv6 • 4K L2-L4 hardware based ACL • Ingress and EGRESS ACL • VLAN and port based ACL • uRPF • ARP detection Security • RRPP (Rapid Ring Network Protect Protocol) • SMARTLINK • VRRP • Redundant power supply Reliability • SNMPv1/v2/v3 • sFlow • VCT, DLDP • LDT Management & Maintenance S5500-EI

Benefits From IPv6 Lower network administration costs: The auto-configuration and hierarchical addressing features of IPv6 will make networks easy to manage. Optimized for next generation networks: Getting rid of NAT re-enables the peer-to-peer model and helps in deploying new applications. E.g. communications and mobility solutions such as VoIP Protection of company assets: Integrated IPSEC makes IPv6 inherently secure and provides for a unified security strategy for the entire network. Investment protection: The transition and translation suite of protocols helps in easy and planned migration from IPv4 and IPv6, while allowing for co-existence in the transition phase.

IPv6 Protocols & Applications IPv4/IPv6 Routing & Multicast Protocols IPv4/IPv6 Applications

IPv6 Tunnel S5500-EI supports the following tunneling types: • Manual Tunnel • 6 to 4 Tunnel • ISATAP Tunnel

Multicast packet transmission without MLD snooping Multicast packet transmission when MLD snooping runs Multicast Router Multicast Router Video stream Video stream VOD Server VOD Server S5500-EI S5500-EI Non-Multicast Group member Multicast Group member Non-Multicast Group member Non-Multicast Group member Multicast Group member Non-Multicast Group member IPv6 Multicast

ServerFarm A ServerFarm B Bi-directional ACL • Support not only common ingress ACL, but also EGRESS ACL, which brings two advantages to users: • Simplify configuration and improve the network convenience; • Save ACL hardware resource UserGroup A UserGroup B OtherUsers

Bi-directional ACL Port A: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any ServerFarm A: Only permit UserGroup A & UserGroup B, and deny all others Port B: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any Port C: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any ServerFarm B: Only deny UserGroup B，and permit all others ServerFarm A UserGroup A UserGroup B OtherUsers ServerFarm B Without Egress ACL, users have to configure complicated Egress policy to realize the function; with the expand of network scale, the network configuration process will become more and more complicated and difficult, and there must be more and more configuration errors can’t be avoid

Bi-directional ACL  Port A: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any Port B: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any Port C: Permit UserGroup A To ServerFarm A Permit UserGroup B To ServerFarm A Permit Any To ServerFarm B Deny UserGroup B To ServerFarm B Deny Any To Any ServerFarm A UserGroup A UserGroup B OtherUsers ServerFarm B UserGroup C Without Egress ACL, once the network topology got changed, all the current configuration need to be designed again, which does brings great risks

ServerFarm A ServerFarm B Bi-directional ACL ServerFarm A: Only permit UserGroup A & UserGroup B, and deny all others Port A: Permit UserGroup A/B To ServerFarm A Deny Any ServerFarm B: Only deny UserGroup B, and permit all others UserGroup A UserGroup B OtherUsers Port B: Deny UserGroup B To ServerFarm B Permit Any • Simplify ACL configuration process • Save ACL hardware resource

VLAN Based ACL • Traditional ACL policy is configured based on port, so users have to configure ACL policy on all ports one by one; • S5500-EI supports VLAN based ACL policy. Therefore users can define ACL policy easily and flexibly Traditional port based ACL: # Interface Port 1> Deny ftp Permit any # Interface Port 2> Deny ftp Permit any # Interface Port 3> Deny ftp Permit any # Interface Port 3> Deny ftp Permit any # … VLAN based ACL # Vlan 100> Deny ftp Permit any #

IP/MPLS Core Smart Link B Forwarding traffic S7800 Active Link Backup Link S7800 Blocking Metro Ethernet Network DSLAM LSW A Blocking CE Forwarding traffic Backup Link Active Link S7800 C AMG • Suitable for dual uplink circumstances, better than Spanning tree technology for brings higher reliability to the network; • Working in the active/standby mode, once active link gets failed, standby link will be enabled, and the recovery time is less than 50ms;

Master Transit Major Control VLAN Major Ring Edge S5500-EI Secondary Control VLAN Sub Ring Transit Master S5500-EI RRPP (Rapid Ring Network Protec) • High performance price ratio RING network solution • High reliability with 50ms recovery time

N：4 Port Mirroring • For most switch products, one source port can only be mirrored to one target port traffic monitoring • S5500-EI supports N:4 port mirroring, so that one port can be mirrored to up to 4 target ports, that means multi actions can be done at the same time, such as IPS, IDS, Netstream, and activity monitoring IPS IDS S5500-EI Netstream Activity monitoring

VCT – Virtual Cable Test S5500-EI VCT (Virtual Cable Test) testing items include: whether short or open circuit exists in the Rx/Tx direction of the cable, and what is the length of the cable in normal status or the length from the port to the fault point of the cable. X S3100 • [S5500-Ethernet0/4]virtual-cable-test • Cable pair: RX Status:Open Cable Error lenth:5 metres • Cable pair: TX Status:Open Cable Error lenth:5 metres

LDT: Loopback Detection • [S5500-EI]loopback-detection enable • [S5500-EI]display loopback-detection • Port loopback-detection is running • System Loopback-detection is running • Detection interval time is 30 seconds • Loopback link is Dectected • The Loopback link is Port 3 Loopback Detection is used to monitoring the network to avoid loop, which may bring broadcast storm to influence the common network application

Power Over Ethernet (POE) S5500-EI can provide power to those powered devices including wireless AP, IP Phone, web camera over the unified Ethernet. • Support IEEE 802.3af standard, providing maximum 15.4w to each port • Support THREE levels of power provide: critical/high/low • Equipped with 370w high power supply to cover maximum 24 ports powered devices S5500-EI PD switch AP Power over Ethernet PD: Powered Device AP: Access Point

1. Mac address 00E0-BB00-0000 mask ffff-ff00-0000 2. Ah! It is an IP Phone of Vendor A, B, C……( Totally, 16 Vendors) 3. Put the traffic from IP Phone into Voice VLAN automatically 4. Other traffic will be processed with lower priority Voice Queue Data Queue 1 Voice Data Data Queue 2 Other Data Voice VLAN Benefits: • Guarantee the QoS of voice data • Improve the security

S5500-EI S5500-EI S5500-EI S5100 S5500-EI S5100 GE GE GE GE GE GE GE GE GE GE GE GE S3600 S3600 S3600 S3600 S3600 S3600 S3600 S3600 S3600 S3600 S3600 S3600 Aggregation of Large Enterprise Network Server Farm CAMS NMS GE S9500/S7500 S9500/S7500 Firewall 10 GE 10 GE

Core of Mid-to-small sized Network Server Farm CAMS NMS GE S5500-EI S5500-EI Firewall 10 GE S5500-SI S5500-SI S5500-SI S5500-SI S5100-SI S5100-SI GE PoE PoE GE GE GE PoE GE GE GE GE PoE PoE GE GE

IPv6/IPv4 Hybrid Network S5500-EI IPv6 组网方案 IPv6 Internet IPv6 Island IPv6 Link IPv4 Internet S5500-EI IPv6 IDC Network Manager 6to4 Relay IPv6 Network S5500-EI S5500-EI IPv6 Access IPv6 Over IPv4 Tunnel Mobile Network Dual-Stack Access IPv6 Access IPv4 Network S5500-EI WLAN IPv4 Access Dual-Stack Access IPv6 Mobile Terminal IPv6 Enterprise Users IPv6 Users IPv4 User

H3C S5500-EI IPv6 Switches: Advanced Features for Modern Networks

H3C S5500-EI IPv6 Switches: Advanced Features for Modern Networks

Presentation Transcript

Switches

Switches

Switches

IPv6 IPv6 IPv6

Switches

Switches

1000/10G L2/L3/L4 Series Managed Switches

Switches

ich h ei ße ei ns zw ei dr ei N ei n, danke. m ei ne Mutter

Switches

Switches

Switches

Switches

Switches

Switches

H3C MSR Presentation

H3C SR8800 Series 10G Core Router Technology Analysis

H3C Building an H3C WLAN GB0-342 Certification Study Guide