1 / 49

H3C S9500E Series Core Switch

H3C S9500E Series Core Switch. Contents. Development Trends of Core Switches Introduction of the H3C S9500E Technical Characteristics of the H3C S9500E Application of H3C S9500E Series. Center on data. Center on network. Center on server. Center on mainframe computer.

hschweitzer
Download Presentation

H3C S9500E Series Core Switch

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. H3C S9500E Series Core Switch

  2. Contents • Development Trends of Core Switches • Introduction of the H3C S9500E • Technical Characteristics of the H3C S9500E • Application of H3C S9500E Series

  3. Center on data Center on network Center on server Center on mainframe computer Development Milestones of IT Number of users (million) 3,000 1,000 100 10 0 2010 2005 1970 1980 1990 2000 2010 2020

  4. … … Common Difficulties in Network Construction How to ensure network reliability and service continuity? How to guarantee security of key data that faces soft and hard faults? How to implement remote disaster recovery of data? What will be included in large- and mid-scale networks? How to construct them? How to manage the network in a unified manner and reduce the management and maintenance cost? While there are more applications and higher performance requirements, can the data center support future service development? How to address the compatibility problem of heterogeneous devices purchased at different times?

  5. ……… Greener, more energy-saving Larger buffer capacity, distributive buffer mechanism to better protect service quality New Requirements on Network Devices More diverse product online maintenance means More reliable network devices and more improved security protection mechanism Network access capability of a higher density; high-density 10G capacity expansion capability; large-capacity block-free switching

  6. Contents • Development Trends of Core Switches • Introduction of the H3C S9500E • Technical Characteristics of the H3C S9500E • Application of H3C S9500E Series

  7. Product Family of H3C 9500E H3C S9500E Core Switch Series • The H3C S9500E is H3C’s core switch and the flagship product of the H3C switch product family. • The H3C S9500E is located at the large MAN convergence layer and the core layer of medium and small MANs, and is one of the industry-leading core switches. • The H3C S9500E series contains three switch models, S9505E/S9508E-V/S9512E.

  8. H3C S9500E Series

  9. Main Features of S9500E Innovative multi-engine architecture The control engine, detection engine and maintenance engine provide powerful control capabilities and high 50ms protection reliability. High-capacity multi-service forwarding performance Up to 192 10GE ports per unit IPv4/IPv6/MPLS traffic line-rate forwarding capability High-performance security and wireless service cards Perfect maintenance and detection mechanisms Online status detection mechanism Innovative board isolation mechanism

  10. S9500E Interface Modules 24-port electrical/optical interface board (8 ports support combo port application) 2/4-port 10GE interface board (XFP interfaces) S9508E-V/S9512E main boards 48-port electrical/optical interface board 16-port 10GE interface board (SFP+ interfaces) S9505E main boards

  11. Multi-service Support – 9500E Firewall service module . WLAN Switch Module IPS service module LB load balancing module NAT service module SSL VPN module

  12. EMC and Safety Compliance of S9500E • The S9500E series are designed by following the leading EMC and safety standards to meet the requirements in Europe, North America, Germany, Japan and Russia and have obtained their authorized certificates.

  13. S9500E-Green and Environmentally Friendly • Traditional production techniques largely use heavy metals and poisonous substances such as lead, mercury, cadmium, hexavalent chromium, PBB, and PBDE, which cause long-term, serious damage to the environment. Improving the techniques requires high investment and advanced technologies, which many vendors cannot afford. • H3C invests heavily in R&D and introduces advanced production techniques. The design and production of S9500E fully comply with the European RoHS directive and have passed certification testing. The production, usage and recycling processes produce no environmental pollution.

  14. Tailor-made for User -9500E Mature architecture The hardware platform based on ASIC + NP + multiple cores balances the flexible service expansion capability and the high processing performance. Carrier-class high reliability The unique design of device reliability and network reliability provides carrier-class reliability capability. Diverse service features MPLS+IPv6+VPLS+EPCL The user customization mode provides tailor-made core switches to users. All-round high security The switch integrates the device anti-attack and the service anti-attack capabilities, protecting the user network.

  15. Contents • Development Trends of Core Switches • Overview of the H3C S9500E • Technical Characteristics of the H3C S9500E • Innovative hardware structure • Carrier-level reliability • Rich service features • Comprehensive security and maintenance • Application of H3C S9500E Series

  16. 背板 FFDR 主控板 处理器 Independent detection engine Independent control engine Independent maintenance engine FFDR Main board Processor EMS EMS EMS EMS Innovative Multi-Engine Design S9500E adopts an innovative hardware structure, which accommodates a control engine, a detection engine and a maintenance engine to provide powerful control capabilities and 50ms protection reliability.

  17. FFDR 主控板 处理器 Independent control engine FFDR Main board Processor EMS EMS EMS EMS Independent Control Engine 背板 The CPU of the control engine has a main frequency of 1GHz, and thus can easily process various protocols’ packets. As it is no long responsible for reliability and maintainability and thus avoids impact of service channels on control channels, the CPU almost has the same processing capabilities as a high-end core router. Tolly test results: Route learning: 20000 routes per second IP FRR failover time: 30ms Control engine

  18. 背板 FFDR 主控板 Independent detection engine 处理器 FFDR Main board Processor EMS EMS EMS EMS Independent Detection Engine The independent detection engine has a highly-reliable, high-performance fast fault detection and restoration (FFDR) CPU system to implement BFD and OAM fast fault detection. It works together with the protocols of the control plane to provide fast failover (30ms) and convergence, ensuring service continuance. BFD for VRRP/BGP/IS-IS/OSPF/static routing has a failover time of less than 30ms, which was tested by Tolly. Detection engine

  19. 背板 FFDR 主控板 Independent maintenance engine 处理器 FFDR Main board Processor EMS EMS EMS EMS Independent Maintenance Engine The independent maintenance engine has an intelligent embedded maintenance subsystem (EMS) CPU system to provide intelligent power management. It powers on boards in sequence, which avoids impact of simultaneous power-on on the power supply, increases device lifetime, and reduces electromagnetic radiation. It can power off specific boards, and isolate faulty/idle boards to reduce system power consumption. The innovative board isolation function separates service boards from the forwarding plane to implement management, diagnosis, maintenance, and upgrade, bringing new application experience for users. Maintenance engine

  20. Service base board FW module System Other interfaces Storage IPS module System Storage **service module Other interfaces System Storage Open Application Architecture (OAA) • Based on the open application architecture, S9500E provides standard application interfaces for users and third parties to develop their own services, which increases the value of S9500E and speeds up the development of intelligent IP networks.

  21. IPv4 IPv4 IPv4 IPv4 IPv6 IPv6 IPv6 IPv6 MPLS VPN MPLS VPN MPLS VPN MPLS VPN ASIC ASIC ASIC ASIC I/O Module I/O Module I/O Module I/O Module Distributed Forwarding Engine Engine Crossbar Crossbar • DistributedIPv4/IPv6/MPLS traffic forwarding ensures the high-performance forwarding capabilities of S9500E, and fully satisfies the requirements of data centers and the core layer of campus networks.

  22. Contents • Development Trends of Core Switches • Overview of the H3C S9500E • Technical Characteristics of the H3C S9500E • Innovative hardware structure • Carrier-level reliability • Rich service features • Comprehensive security and maintenance • Application of H3C S9500E Series

  23. Hardware reliability S9500E High-Reliability Design • As core devices, S9500E must provide high reliability, which is fully considered during design. System reliability NSF+GR; Configuration restoration; Hot patch; Online upgrade; IRF2 Software reliability BFD for VRRP/RIP/ISIS/OSPF/BGP/ static routing; IP/TE FRR; OAM; RRPP; VRRP/VRRPE; Power supply redundancy; Main board redundancy; Fan module redundancy; All boards are hot swappable; Link aggregation

  24. FIB FIB FIB GR-Non Stop Forwarding During GR, the neighbor does not remove relevant routes. AMB Neighbor switch SMB Ensure session continuance after failover to achieve graceful restart Neighbor switch Crossbar FIB • Support GR for OSPF/IS-IS/BGP/LDP/RSVP. • Ensure normal operation during AMB/SMB failover, and fast rebuild the routing table with the help of neighbors after failover. • Ensure non stop forwarding during failover.

  25. Online loading 补丁 代码 Optimize code segment Hot-Patch Technology Replace the original code segment with an enhanced patch code segment Patch code area Original program Code segment Code segment Code Segment Hot-patch provides a flexible defect correction method to ensure the reliability of software features. Original code segment Code segment Code segment • Allows you to modify software bugs and add small features without resetting running devices. • Allows you to load/activate/deactivate/run/delete patch units at the command line interface.

  26. Fault alarm Main control board Main control board Universal quick handshake (10ms) Service board Service board Bidirectional forwarding detection BFD for FRR BFD Working patch Working patch Protection path Protection path FRR Convergence/access node Convergence/access node Core node

  27. S9500E IRF2 Feature Easy to deploy and transparent to neighbors Units support dual main boards for high Reliability. Common interface boards support stack links. IRF Up to 12 links can be aggregated to provide large bandwidth. Priority given to local links to improve forwarding speed. As a single logical device, it can be easily managed. Dual-homing can be easily deployed by aggregating neighbors. Uniform stateful hot-backup configuration for routes

  28. IRF2 Introduction • Layer-2 distribution/core termination offered by end-to-end stack virtualization • Multiple nodes are virtualized as a single node: • Multiple links are bundled as a single logical link. • Complicated VLAN+MSTP/VRRP is removed. • Greatly simplify routing and VLAN configuration in the data center • The failure of a single node/link does not affect upper-level routing. • Layer-2 loops in the traditional solution • Complicated VRRP+MSTP design • Complex routing design due to complex links • Routing flaps due to node/link failures • Interruption of large numbers of links in the data center

  29. Contents • Development Trends of Core Switches • Overview of the H3C S9500E • Technical Characteristics of the H3C S9500E • Innovative hardware structure • Carrier-level reliability • Rich service features • Comprehensive security and maintenance • Application of H3C S9500E Series

  30. Diverse Service Feature PBT Integrate all mainstream features and implement high-performance all-in-one integration uRPF 6PE Multicast VPN Multicast Bidirectional ACL VPLS MPLS LB/SSL IPv4/v6 forwarding FW/NAT Bridge forwarding NetStream IPS Distributive ASIC Distributive and high-performance features High-performance NP Tight coupling and high-performance features Multi-core CPU Loose coupling and flexible features

  31. MPLS Solutions VPN2 site3 Support multiple routing protocols between PE and CE, such as static routing, EBGP, RIP and OSPF. UPE VPN1 site1 PE VPN2 site1 MP-BGP PE MPLS network SPE MPLS network VPN1 site3 • Support inter-AS solutions: • VRF-to-VRF • MP-EBGP • Multi-Hop MP-EBGP VPN1 site2 UPE VPN2 site2 Hierarchical PEs PE-ASBR PE-ASBR Support HoPE technology for VPN extension and expansion Distributed MPLS traffic line-rate forwarding Layer-2 network Support MPLS VPN Manager Support MPLS traffic analysis • Support VLL / VPLS • Martini mode • Kompella mode

  32. Distributed VPLS Branch 1 of Company A Outer label VC label MAC header Data Only one connection needed PE Headquarters of Company A Headquarters of Company B MPLS Tunnel (LSP) Only one connection needed MPLS tunnel (LSP) PE MPLS network MPLS tunnel (LSP) Branch 2 of Company A PE Branch 1 of Company B Branch 2 of Company B VC label distribution • The distributed VPLS feature of S9500E implements line-speed forwarding without needing any centralized engine. • VPLS supports up to 4K instances and 128K MAC addresses. In addition, it supports rich features, fully meeting the VPLS needs of core routing switches.

  33. Multicast source Multicast VPN University CE-A2 Receiver University PE2 IBGP Multicast source Backbone University Receiver P PE1 IBGP Multicast Core PE3 Enterprise IBGP Receiver Enterprise • MPLS/BGP VPN has been widely used. Some VPN users need multicast services. • S9500E supports MD mode multicast VPN, ensuring that PIM state can be controlled, multicast in private networks is isolated from that in public networks, and the backbone network runs stably. • Optimization of multicast routing: Multicast traffic is only sent to needed PE routers through Switch-Group, effectively reducing multicast traffic in the backbone network. • Flexible VPN implementations: Private and public networks respectively forward multicast traffic according to their multicast forwarding entries. Multicast forwarding entries in private networks do not need to sense the changes to public multicast tunnels, upon which, however, private multicast forwarding entries can fast complete switchover.

  34. Contents • Development Trends of Core Switches • Overview of the H3C S9500E • Technical Characteristics of the H3C S9500E • Innovative hardware structure • Carrier-level reliability • Rich service features • Comprehensive security and maintenance • Application of H3C S9500E Series

  35. Comprehensive Security Features MD5 authentication for routing protocols Isolation between management and service planes Filtering and limiting of control information Secure Comware routing software system SSH Large numbers of bidirectional ACLs Routing security RADIUS URPF TACACS+ Mirror Management security Forwarding security SYSLOG Netstream Access security NQA IPS/FW/IPSec Address binding ARPrate limit Port isolation in VLAN Rate limit on ports Broadcast/abnormal traffic suppression • The advanced architecture, comprehensive security features and strict service access control mechanisms enable the S9500E to provide secure gateway access.

  36. OSPF Independent CPU Traffic Control CPU Software control plane policy ARP Traffic to CPU ... BPDU ICMP Packets of each protocol are assigned to a single queue to avoid interference between protocols. Traffic can be limited based on pps.

  37. FFDR 主控板 处理器 Software version integrated management FFDR Offline diagnosis Main board Processor Board isolation POST Regular detection of hardware faults Regular detection of service channels EMS EMS EMS EMS S9500E Online Status Detection The maintenance engine is specifically responsible for online status detection of the switch fabric, communication channels on the backplane, service communication channels, key chips, and memories. Once detecting a fault, it sends a report to the system through EMS. 背板

  38. Contents • Development Trends of Core Switches • Introduction of the H3C S9500E • Technical Characteristics of the H3C S9500E • Application of H3C S9500E Series

  39. Branch Branch Public users Data center WAN Internet FIT AP FIT AP S9500E Core layer S9500E S7500E S9500E Application in Virtual Campus Networks Network management center Wireless access Distribution layer (Buildings) Access layer (floors) Access layer (floors)

  40. S9500E Application in Virtual Campus Networks • 1. MPLS traffic full line-rate forwarding • The core layer of a virtual campus network is responsible for handling the MPLS traffic of the whole network, and thus must have the distributed MPLS full line-rate forwarding capability. • 2. Rich MPLS features, including Layer-2/-3 VPN and multicast VPN, fully satisfying future application requirements. • 3. High reliability features such as BFD ensure the core layer to provide highly reliable services. S9500E supports BFD for VRRP/RIP/OSPF/BGP. • 4. Provide high-density 10GE access through 16-port 10GE interface boards • 5. Support wireless LAN deployment, and provide unified wireless and wired solutions. • 6. Support multi-service security cards, and provide integrated network and security solutions. • 7. EAD solutions fully satisfy dynamic authorization and secure access requirements of customers.

  41. Campus Core S12500 S9500E FW FW LB LB S9500E NSM NSM Aggregation2 aggregation3 S5800 S5500 mainframe NIC Teaming access Layer-3 access Blade servers Pass through NIC Teaming cluster Blade switch S9500E Application in Data Centers 1. The distributed full line-rate forwarding capabilities satisfy the high-performance needs of data centers. 2. Features such as BFD and IRF2 satisfy the high-reliability needs of data centers and simplify the network structure. 3. Provide high-density 10GE access through 16-port 10GE interface boards. 4. Integrated service deployment, security deployment, and network analysis deployment. 5. Large numbers of ACLs : An enhanced board of S9500E supports up to 16K ACLs and thus S9500E can fully meet the complex traffic configuration needs of data centers. 6. 1:N traffic mirroring satisfies the needs of handling complex services.

  42. IPv4 IPv6 S9500E S7500E S5500-SI S9500E Application in Campus Networks • The core and distribution devices in the large-scale campus network support both IPv4 and IPv6. • The core or distribution devices can provide WLAN and security service cards to construct an integrated campus network. • High-reliability features such as BFD ensure the core network to provide highly reliable services. • The EAD solution provides better security for private networks.

  43. Backup Slides

  44. Improvement on 9500E

  45. H3C 9500E vs Cisco 6500E vs

  46. H3C IRF2 vs Cisco VSS

  47. Anti DOS of the main control board Submitted to the control plane for precision speed-limiting protection Packet filtering Device Control Plane Protection Supported Main control board CPU Service board CPU Data stream Forwarding plane Control stream Crossbar • Three-level protection helps the S12500 to become solidly secure against network attacks.

  48. S9500E OAA Service & Application Modules Firewall service module 10G processing capability and the multi-CPU architecture, seamless integration of network and security. AC service module Largest capacity in the industry, supports 640 APs and wirelined & wireless integrated network IPS service module Gigabit performance, leading plug-in IPS architecture, integration of security and network LB load balancing module supports NAT, DR mode and various load balancing algorithms, greatly improves the performance of the server cluster. NAT module high-performance NP processing architecture, supports NAT multiple instances for MPLS VPN application SSL VPN module enables users to deploy mobile, remote access, satisfying the requirements of multiple remote access modes.

  49. Thank You

More Related