Upload
duongkhue
View
273
Download
8
Embed Size (px)
Citation preview
ZXR10 ZSR V2 Series Router
Product Description
V 2.00.20R3
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 1
ZXR10 ZSR V2 Series Router Product Description
Version Date Author Reviewer Notes
V1.0 2013/12/06 Xiehuachao Liujumei/Xuqi Not open to the third party, based on
V2.00.10.
V1.1 2014/08/28 Xiehuachao Liujumei/Xuqi Not open to the third party, based on
V2.00.10R2.
V2.0 2014/12/08 Xiehuachao Liujumei/Xuqi Not open to the third party, based on
V2.00.20R1.
V3.0 2015/03/20 Xiehuachao Liujumei/Xuqi Not open to the third party, based on
V2.00.20R2.
V3.1 2015/07/28 Xiehuachao Liujumei/Xuqi Not open to the third party, based on
V2.00.20R3.
© 2015 ZTE Corporation. All rights reserved.
ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to be disclosed or used
without the prior written permission of ZTE.
Due to update and improvement of ZTE products and technologies, information in this document is subjected to
change without notice.
ZXR10 ZSR V2 Series Router Product Description
2 ZTE Confidential & Proprietary
TABLE OF CONTENTS
1 Overview ............................................................................................................ 7
2 Highlights ........................................................................................................... 7
2.1 Strong performance, no bottleneck for network access ........................................ 7
2.2 Wired and wireless, access anytime and anywhere ............................................. 9
2.3 All in one, Lower CAPEX ................................................................................... 10
2.4 Flexible extension, smooth upgrade ................................................................... 10
2.5 Easy provision & maintenance, fast network deployment ................................... 11
2.6 Green and energy saving, bring a nature and serene network ........................... 11
3 Features ........................................................................................................... 12
3.1 IPv4 Routing protocols and IP basic service ...................................................... 12
3.1.1 Unicast routing protocols .................................................................................... 12
3.1.2 IPv4 Multicast route protocol .............................................................................. 14
3.1.3 Policy route and route policy .............................................................................. 17
3.1.4 DHCP ................................................................................................................ 18
3.1.5 DNS ................................................................................................................... 18
3.2 WAN Access ...................................................................................................... 18
3.2.1 PPP ................................................................................................................... 18
3.2.2 ML-PPP ............................................................................................................. 19
3.2.3 HDLC ................................................................................................................. 19
3.2.4 FR 20
3.3 Switching and Routing in One ............................................................................ 20
3.3.1 Broadcasting storm suppression ........................................................................ 21
3.3.2 Spanning Tree Protocol ..................................................................................... 21
3.4 MPLS ................................................................................................................. 22
3.4.1 LDP.................................................................................................................... 22
3.4.2 Static Tunnel ...................................................................................................... 22
3.4.3 MPLS-TE ........................................................................................................... 23
3.5 VPN ................................................................................................................... 24
3.5.1 IPSec VPN ......................................................................................................... 24
3.5.2 IPSec NAT traversal .......................................................................................... 26
3.5.3 GRE VPN .......................................................................................................... 26
3.5.4 L2TP VPN .......................................................................................................... 27
3.5.5 IPSec + GRE ..................................................................................................... 29
3.5.6 MPLS L3 VPN .................................................................................................... 29
3.5.7 MPLS L2 VPN .................................................................................................... 30
3.5.8 Smart Dial Control (SDC) ................................................................................... 30
3.6 QoS Capability ................................................................................................... 32
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 3
3.6.1 Flow Classification and Flow Tag ....................................................................... 32
3.6.2 Traffic Monitoring ............................................................................................... 32
3.6.3 Traffic Shaping ................................................................................................... 33
3.6.4 Queue Scheduling ............................................................................................. 33
3.6.5 Congestion Avoidance ....................................................................................... 33
3.6.6 MPLS QoS ......................................................................................................... 33
3.7 Security Features ............................................................................................... 34
3.7.1 ACL.................................................................................................................... 34
3.7.2 Anti-IP source attacks ........................................................................................ 36
3.7.3 Anti-ARP attacks ................................................................................................ 36
3.7.4 Firewall .............................................................................................................. 37
3.7.5 Multiple Security Authentications ....................................................................... 41
3.7.6 URPF ................................................................................................................. 43
3.8 Network Reliability ............................................................................................. 43
3.8.1 Ping Detect ........................................................................................................ 43
3.8.2 BFD ................................................................................................................... 44
3.8.3 FRR ................................................................................................................... 44
3.8.4 VRRP ................................................................................................................. 45
3.9 IPv6 Features .................................................................................................... 46
3.9.1 Basic Function of IPv6 ....................................................................................... 46
3.9.2 IPv6 Unicast Routing Protocol............................................................................ 46
3.9.3 Multicast Routing Protocol ................................................................................. 48
3.9.4 IPv6 Tunnel ........................................................................................................ 49
3.9.5 6PE .................................................................................................................... 52
3.9.6 6VPE ................................................................................................................. 52
3.9.7 NAT64 ............................................................................................................... 53
3.10 NAT ................................................................................................................... 54
3.11 Network Management Features ......................................................................... 55
3.11.1 NetNumen™ Integrated Network Management Platform.................................... 55
3.11.2 NETFLOW ......................................................................................................... 56
3.11.3 Network Layer Inspection ................................................................................... 57
3.12 System Operation and Maintenance .................................................................. 57
3.12.1 Multiple Configuration Methods .......................................................................... 57
3.12.2 System Policing and Maintenance ..................................................................... 57
3.12.3 Diagnosis and Debugging .................................................................................. 59
3.12.4 Version Upgrade ................................................................................................ 59
4 System Architecture ........................................................................................ 60
4.1 Product Appearance .......................................................................................... 60
4.1.1 The Appearance of ZXR10 3800-8 .................................................................... 60
4.1.2 The Appearance of ZXR10 2800-4 .................................................................... 62
4.1.3 The Appearance of ZXR10 1800-2S/2S(G)/2S(W) ............................................. 63
ZXR10 ZSR V2 Series Router Product Description
4 ZTE Confidential & Proprietary
4.1.4 The Appearance of ZXR10 1800-2E/2E(G) ........................................................ 64
4.1.5 The Appearance of ZXR10 2800-3E/3E(G) ........................................................ 66
4.2 Hardware Architecture ....................................................................................... 68
4.2.1 Overall Hardware Architecture ........................................................................... 68
4.2.2 The Working Principle of the Hardware System ................................................. 71
4.2.3 The Introduction to the Hardware Unit ................................................................ 71
4.3 Software Architecture ......................................................................................... 76
4.4 Technical Specifications ..................................................................................... 81
4.5 RFC List ............................................................................................................. 84
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 5
FIGURES
Figure 1-1 The view of the ZXR10 ZSR V2 series router .................................................... 7
Figure 3-1 IPSec NAT traversal schematic diagram ...........................................................26
Figure 3-2 L2TP VPN schematic diagram ..........................................................................27
Figure 3-3 IPSec+GRE VPN schematic diagram ...............................................................29
Figure 3-4 Working principle of IPv6 over IPv4 tunnel ........................................................50
Figure 3-5 Working principle of IPv4 (or IPv6) over IPv6 tunnel .........................................51
Figure 3-6 Working principle of ISATAP tunnel ..................................................................52
Figure 3-7 NAT64 Application scenario ..............................................................................53
Figure 4-1 The Front View of the ZXR10 3800-8 ................................................................60
Figure 4-2 The Key Components of the ZXR10 3800-8 .....................................................61
Figure 4-3 The Ichnography of the ZXR10 3800-8 Architecture........................................61
Figure 4-4 The Front View of the ZXR10 2800-4 ................................................................62
Figure 4-5 The Key Components of the ZXR10 2800-4 .....................................................62
Figure 4-6 The Ichnography of the ZXR10 2800-4 Architecture .........................................62
Figure 4-7 The Front View of the ZXR10 1800-2S .............................................................63
Figure 4-8 The Front View of the ZXR10 1800-2S(G)/2S(W) .............................................64
Figure 4-9 The Ichnography of the ZXR10 1800-2S/2S(G)/2S(W) Archtiecture..................64
Figure 4-10 The Front and Real Panel of the ZXR10 1800-2E/2E(G) ................................64
Figure 4-11 The Key Components of the ZXR10 1800-2E/2E(G) .......................................65
Figure 4-12 The Ichnography of the ZXR10 1800-2E/2E(G) Architecture ...........................66
Figure 4-13 The Front and Real Panel of the ZXR10 2800-3E/3E(G) ................................66
Figure 4-14 The Key Components of the ZXR10 2800-3E/3E(G) .......................................67
Figure 4-15 The Ichnography of the ZXR10 2800-3E/3E(G) Architecture ...........................67
Figure 4-16 The Hardware Architecture of the ZXR10 3800-8 ...........................................69
Figure 4-17 The Hardware Architecture of the ZXR10 2800-4 ...........................................69
Figure 4-18 The Hardware Architecture of the ZXR10 1800-2S/2S(G)/2S(W) ....................70
Figure 4-19 The Hardware Architecture of the ZXR10 1800-2E/2E(G) ...............................70
Figure 4-20 The Hardware Architecture of the ZXR10 2800-3E/3E(G) ...............................70
ZXR10 ZSR V2 Series Router Product Description
6 ZTE Confidential & Proprietary
Figure 4-21 Open Service Unit of ZXR10 ZSR V2 .............................................................75
Figure 4-22 The Entire Software Architecture of the ZXR10 ZSR V2 .................................77
TABLES
Table 4-1 The PIUs supported by the ZXR10 ZSR V2 .......................................................73
Table 4-2 Physical Indices of OSU .....................................................................................75
Table 4-3 Physical Indices of ZXR10 ZSR V2 ....................................................................81
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 7
1 Overview
ZXR10 ZSR V2 is ZTE’s intelligent multiservice router integrating routing, switching,
wireless, security and VPN. The modular and scalable system structure builds intelligent,
efficient, reliable, flexible and maintainable network.
ZXR10 ZSR V2 series router includes 1800-2S/2S(G)/2S(W), 2800-4, 3800-8, 1800-2E
/2E(G)and 2800-3E/3E(G). They can meet different market demands. Their forwarding
performance ranges from 1Mpps to 5Mpps. They can be applied to VIP access, DCN,
campus network, enterprise network egress gateway, enterprise headquarter/branch
access, mobile office, industry network convergence/access, etc.
The appearance of each product is shown as below:
Figure 1-1 The view of the ZXR10 ZSR V2 series router
2 Highlights
2.1 Strong performance, no bottleneck for network
access
The rise of enterprise application content and network data traffic and the appearance of
video-conference, remote teaching and remote data disaster recovery backup lead to
higher performance requirements for node equipment processing network data.
High-performance multi-core processor + Smart Switching Engine (SSE) ensure
ZXR10 ZSR V2 Series Router Product Description
8 ZTE Confidential & Proprietary
high-performance protocol processing and management control processing as well
as L2/L3 high-speed forwarding of data, increasing the overall system performance
by 10 times than the previous generation of access router. The multilayer distributed
forwarding allocates system resources reasonably in system multiservice overlay to
assure excellent forwarding performance. Single slot has the bus bandwidth of up to
10Gbps.
Support high-speed interface of GE, FE, E1, POS, CPOS, xDSL,
Synchronous/asynchronous serial wire port and 3G/LTE, Wi-Fi wireless port, and the
device Integrated industry's largest fixed-Gigabit interfaces, which can be used as
WAN or LAN access, providing a complete and flexible access capability.
Supports speed, duplex mode auto-negotiation and MDI / MDIX.
The perfect high reliability design. AC/DC power supply 1+1 hybrid redundancy.
Power supply, fans and interface boards hot-swappable. The software modular
design, which can overlay new features flexibility and improve system stability and
flexibility. Perfect OAM detection mechanisms and BFD for everything, FRR, VRRP,
links bundled and other rich reliability technologies to enhance service reliability.
Control plane security technologies include classification of the control plane packets,
multi-level speed restrictions, multi-level scheduling, traffic suppression, protocol
white name, protocol authentication, anti-DDOS attack mechanism and attack trace
functions. The greatest degree to ensure the safety of equipment itself.
Strong ACL, excellent L2/L3 ACL mixed processing algorithms, up to 8K ACLs
capacity (all overlay loads scene, the system performance degradation is less than
30%) and humanization ACL log statistics management function helps users to
easily achieve fine management of various services.
Compact design, 1800-2S adopts the desktop design. 2800-4 and 3800-8 adopt the
front cabling design where operation and maintenance can be fulfilled at single side.
They can be installed into 300mm-deep cabinet to saving the space in equipment
room, and or into outdoor cabinet, vehicle equipment, BS and office locker to cut
O&M cost.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 9
2.2 Wired and wireless, access anytime and anywhere
With wider coverage than conventional network, wireless network can extend network
access scope to supplement wired network. It supports mobile office anytime, anywhere
to resolve the bottleneck of time and space. ZXR10 ZSR V2 is creating the industry’s
first true 4G router ensuring network reliability and increasing bandwidth value.
Support 3G (WCDAM/CDMA/TD-SCDMA) and LTE (TDD / FDD).
Embedded wireless module, PnP USB data card and special interface card are
optional, meeting networking requirements in various scenarios.
When the equipment is deployed in equipment room or office corner with weak
wireless signal, the optional extension feeder solve the problem of signal coverage.
It can detect 3G/LTE signal strength and dynamically monitors link quality to ensure
SLA.
Powerful SDC support smart dial-up achieve link redundancy. Device can dialed the
xDSL or the 3G/LTE link according to the policy, building load balancing and
redundancy protection route, to protect the service.
For the consideration of Internet egress performance and reliability, several Internet
egresses from multiple carriers are often used at the same time. Multilink load
balance technology can monitor the Internet links from multiple carriers and smartly
select the path for data flow accessing the Internet to ensure the fastest and best
Internet access for users.
Create VPN channels in 3G/LTE networks to enhance wireless link security.
Support WIFI access, adjustable 802.11b/g/n RF mode, dynamic adjustment of
access rate according based on environments, Guard Interval to prevent front/back
data interference, WMM (Wi-Fi Multimedia) to provide wireless QoS and assure the
quality of voice and video services, and such verification modes as no verification,
WEP, WPA, WPA2 (TKIP and AES-CCMP) and WAPI hardware encryption.
ZXR10 ZSR V2 Series Router Product Description
10 ZTE Confidential & Proprietary
2.3 All in one, Lower CAPEX
With network application increase, customers often need to connect different devices to
resolve different problems, which increase user investment and increase network fault
points. ZXR10 ZSR V2 integrates multiple functions to meet network requirements in
different scenarios, such as routing, switching, AP NAT gateway, VPN gateway, etc.
L2TP/GRE/IPSec tunnel technology and MPLS VPN over GRE for a variety of
different environments of VPN networking.
Support MPLS, Provide Perfect L2/L3 MPLS solutions which easily extend MPLS to
the network edge. Support PWE3 to bear TDM service.
Support the stateful firewall, which can control access data flow and ensure network
security.
Hardware-based QoS, support HQoS for different users and services to provide a
variety of service level guarantee to meet user multi-service access meticulous
management needs.
2.4 Flexible extension, smooth upgrade
As network applications and traffic rise, processing performance should be upgraded
smoothly. ZXR10 ZSR V2 offers forwarding engines of different performances as well as
on-demand selection and smooth upgrade, protecting user investment and meeting future
network requirements. IPv4 address pool dwindles and IPv6 is the development trend.
An upgradable router is vital to an enterprise because it can extend router lifecycle.
ZXR10 2800-4 and ZXR10 3800-8 have main control forwarding cards supporting
multiple forwarding performances, reducing CAPEX and assuring future
performance upgrade.
Profound accumulation, in early 2000 ZTE began to study the IPv6 technology, and
in global IPv6 next-generation Internet Summit 2010, due to the outstanding
performance in the commercial promotion of IPv6, ZTE was awarded the IPv6
equipment commercial Pioneer Award ". ZXR10 ZSR V2 supports IPv4/IPv6 dual
stack, which can access IPv4 and IPv6 at the same time. It supports 6in4, 6to4 and
6in4 tunnel technologies to transmit data between IPv4 and IPv6 networks, and
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 11
NAT444, NAT64 and 6rd technologies to evolve IPv4 network to IPv6.
2.5 Easy provision & maintenance, fast network
deployment
A large number of access routers are deployed in wide range. Traditionally, engineers
need to load and upgrade versions for each router on site. The traditional mode has low
efficiency and may cause optional errors, so it is necessary to provide visual deployment
and maintenance means supporting convenient operation, remote maintenance, and
diagnosis anytime.
Support USB disk to deploy devices, Auto-Config, Network Management batch
version upgrades, zero-touch automatic device configuration and mass deployment.
Support SQA (Service Quality Analyzer). It can dynamically detect and locate
network quality through ICMP-echo, UDP, TCP, FTP, DNS, HTTP and SNMP. It can
adopt VRRP, static route, interface backup, link backup and policy route as well as
ZXNPA to automatically report network performance threshold alarm and fulfill
graphic detection and management.
Support port mirroring, 1:1 netflow sampling, Support the flow characteristics explicit
presentation, Provide an effective means of monitoring to ensure network precisely
controlled and operated.
Support WEB GUI and graphical NMS, provides one-click service creation and
one-click information-gathering tool to help network administrators achieve the rapid
loading of the service and high-maintenance.
2.6 Green and energy saving, bring a nature and serene
network
ZXR10 ZSR V2 adheres to green environmental protection, and takes measures in design,
R&D, manufacturing, logistics and engineering to build a communication network with low
noise, low power consumption and high efficiency.
Advanced 28nm chip increases performance and reduces energy consumption.
ZXR10 ZSR V2 Series Router Product Description
12 ZTE Confidential & Proprietary
The hardware adopts the leading submarine-level quiet technology.
Intelligent fan is automatically adjusted according to system operation status,
reducing power consumption and equipment noise.
Intelligent off Idle service cards, support EEE energy efficient Ethernet specification,
can reduce energy consumption 2/3.
Strict adherence to RoHS standards, using unleaded green material, reducing
carbon dioxide emissions.
3 Features
3.1 IPv4 Routing protocols and IP basic service
3.1.1 Unicast routing protocols
ZXR10 ZSR V2 fully supports a variety of unicast routing protocols, including static routing,
RIP, OSPF, IS-IS and BGP.
3.1.1.1 Static Route
Static route is configured manually by an administrator to simplify network configuration
and improve network performance. It uses a scenario of simple network structure. When a
network failure or topology change happens, static route is not automatically changed, but
it is manually changed by an administrator.
ZXR10 ZSR V2 supports static route configuration based on next hop and egress
interface as well as the correlation between static route and VRF instance.
3.1.1.2 RIP
RIP is a UDP-based distance vector dynamic routing protocol. It periodically broadcasts
route tables to neighbors to maintain the relationship between adjacent routers and
calculate its own route table according to the received routes. RIP runs simply and is
applied to small networks.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 13
ZXR10 ZSR V2 supports the following RIP functions:
Support RIPv1/v2 basic functions such as split horizon, poison reverse, interface
verification, route collection, and route protocol redistribution.
Support RIP load sharing.
Support RIP VPN access.
Support RIP MIB.
3.1.1.3 OSPF
OSPF routing protocol is used for route information exchange between routers in one
Autonomous System (AS), so it is an Interior Gateway Protocol (IGP) based on link status.
OSPF is one of the most widely used IPv4 IGP routing protocols. ZXR10 ZSR V2 supports
the following OSPF functions:
Support OSPF basic functions such as neighbor certification, Virtual Link, STUB,
NSSA, Type-3 LSA aggregation, Type-5 LSA aggregation, and redistribution of other
route protocols.
Support OSPF route load sharing.
Support VPN access and advanced functions such as sham-link.
Support OSPF BFD.
Support OSPF FRR.
Support OSPF-TE.
Support OSPF MIB.
3.1.1.4 IS-IS
IS-IS is a routing protocol drafted by ISO to support Connectionless Network Service
(CLNS). IETF extends the IS-IS to support IP route information. ISIS is also an Interior
Gateway Protocol (IGP) based on link status.
IS-IS is one of the most widely used IPv4 IGP route protocols. ZXR10 ZSR V2 supports
the following IS-IS functions:
ZXR10 ZSR V2 Series Router Product Description
14 ZTE Confidential & Proprietary
Support IS-IS basic functions.
Support IS-IS extension functions such as hostname and overload-bit.
Support IS-IS route load sharing.
Support IS-IS VPN ACCESS.
Support IS-IS BFD.
Support IS-IS FRR.
Support IS-IS-TE.
Support IS-IS MIB.
3.1.1.5 BGP
Border Gateway Protocol (BGP) is an inter-AS routing protocol. It is used for network
reachability information exchange between AS running BGP.
ZXR10 ZSR V2 supports the following BGP functions:
Support BGP basic function and such enhanced functions as session certification,
route oscillation suppression, route reflector, alliance, extension group attribute,
route aggregation, and route filtering.
Support BGP route load sharing.
Support MP-BGP functions such as IPv4 unicast, IPv4 multicast, IPv4
labeled-unicast, IPv4 MDT, IPv6 unicast, IPv6 multicast, IPv6 labeled-unicast,
VPNv4, and other AFIs.
Support BGP BFD.
Support BGP FRR.
Support BGP MIB.
3.1.2 IPv4 Multicast route protocol
The multicast is a point-to-multipoint or multipoint-to-multipoint communications mode,
namely, multiple receivers receive the same information from single source.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 15
Multicast-based applications include video conference, remote teaching, software
allocation, etc.
3.1.2.1 IGMP
The host uses Internet Group Management Protocol (IGMP) to inform the multicast router
on the network which group the router should join or leave. In this way, the multicast router
on the network knows whether a multicast group member is available on the network, and
decides whether to forward multicast packets to the network. When a multicast router
receives a multicast packet, it checks the multicast destination address of the packet, and
forward packets to the interfaces of all group members or downstream routers.
ZXR10 ZSR V2 supports IGMPv1, IGMPv2 and IGMPv3.
3.1.2.2 PIM-SM
Protocol Independent Multicast-Sparse Mode (PIM-SM) is applied to the following
situations:
Group members are extended across a wide scope.
Network bandwidth resource is limited.
PIM-SM is not dependent on a specific unicast routing protocol. Supposed that all routers
on a shared network segment do not need to send multicast packets, the router must take
the initiative to request to join a multicast group before sending and receiving multicast
packets. By setting the RP (Rendezvous Point), PIM-SM sends multicast information to all
routers supporting PIM-SM. In PIM-SM, the router explicitly joins and leaves the multicast
group to reduce the network bandwidth occupied by data packet and control packet.
3.1.2.3 PIM-DM
PIM-DM (PIM-Dense-mode) is a dense-mode multicast route protocol and sends
multicast data in the ‘push’ mode. It usually applies to small network with dense multicast
group members.
ZXR10 ZSR V2 Series Router Product Description
16 ZTE Confidential & Proprietary
3.1.2.4 PIM-SSM
PIM-SSM has all the advantages of PIM-SM, but it can create a source-based shortest
path tree rather than a shared tree. When a group membership report from a particular
source to group is received, the shortest path tree is created directly.
PIM-SSM, a subset of PIM-SM, is suitable for the ‘well known’ source and is valid between
domains and within a domain. PIM-SM uses the MSDP multicasting inter-domain route,
but PIM-SSM does not.
3.1.2.5 Static Multicast
Static route multicast is used when a multicast is expected to be forwarded via the
specified path rather than the best path of unicast route.
Static multicast provides egress and ingress interfaces for the user to configure multicast
route table and form multicast forwarding table according to the configuration. If static
multicast route and dynamic multicast route are available at the same time, static
multicast route is preferred. Static multicast has the logic status equivalent to PIM-SM and
PIM-DM, namely, a special multicast route protocol. Static route multicast has the
following purposes:
Change RPF route: The multicast and unicast generally have the same network
topology structure and data transport path. Multicast static route can be configured to
change the RPF route so as to create a different transport path for multicast data.
Connect RPF route: When a unicast route is blocked, multicast data cannot be
forwarded because a RPF route is unavailable. Multicast static route can be
configured to generate a RPF route so that multicast route table can be created to
guide the forwarding of multicast data.
3.1.2.6 MSDP
Multicast Source Discovery Protocol (MSDP) is a mechanism connecting several PIM
domains. It works on TCP to provide PIM-SM with multicast source information outside
PIM domain.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 17
A MSDP speaker in one PIM-SM domain creates a session with other inter-domain MSDP
neighbors via TCP. When the MSDP speaker knows a new multicast source in the MSDP
domain (through the PIM register mechanism), it generates a Source Active (SA)
message and sends it to all MSDP neighbors.
3.1.3 Policy route and route policy
3.1.3.1 Policy routing
ZXR10 ZSR V2 supports policy routing to forward packets according to the policy
designated by a user. The policy routing provides the packet forwarding policy, and match
object is packet. Match objects is screened according to attribute fields and the set action
is designated. The set is divided into two types: One is route option which changes a
forwarding path, and the other is packet modification option which modifies the attributes
of the screened packet. Policy routing implements traffic engineering to a certain extent,
thus flows of different QoS or data of different types (such as voice and FTP) can take
different paths.
3.1.3.2 Route policy
Route policy is the route distributing and receiving policy. Route protocol selection is
actually a route policy. Route policy means modifying parameters or setting control mode
to change the results of route creation, distribution and selection. ZXR10 ZSR V2
supports RIP, OSPF, IS-IS, BGP and VRF to use route policy.
Control route distribution. Only distribute route information meeting conditions.
Control route receiving. Only receive indispensible, legal route information to control
the capacity of route table and improve network security.
Filtering and control the introduced route.
Only introduce some route information meeting conditions and set some of their
attributes to satisfy protocol requirements.
Set the attribute for the route filtered by route policy.
ZXR10 ZSR V2 Series Router Product Description
18 ZTE Confidential & Proprietary
3.1.4 DHCP
Dynamic Host Configuration Protocol (DHCP) dynamically manages and configures the
users in a centralize way. It adopts client/server communications mode. A client applies to
a server for configuration information (including parameters such as IP address, subnet
mask and default gateway), and the server returns the information according to the policy.
DHCP uses UDP as transport protocol. The host sends a message to port 67 of DHCP
server, and the server returns a message to port 68 of the host.
ZXR10 ZSR V2 supports DHCP Relay, and DHCP Server to accommodate user demands
for DHCP in different scenarios.
3.1.5 DNS
Domain Name System (DNS), a distributed database for TCP/IP applications, copes with
the conversion between domain name and IP address. With the DNS, a user directly
employs an easy-to-remember, meaningful domain name for an application, and the DNS
resolution server in the network resolves it into a proper IP address.
ZXR10 ZSR V2 can work as a DNS client. It sends a DNS resolution request to a DNS
server to request and receive the response message of the DNS server packet, and then
sends the message to the user.
3.2 WAN Access
3.2.1 PPP
PPP (a widely used WAN protocol, achieves router-to-router) and host-to-network
connection across synchronous and asynchronous circuits. It has a set of schemes for
link creation/maintenance/removal, upper-layer protocol negotiation, authentication, and
other functions.
PPP consists of LCP and NCP. It supports the point-to-point interface (such as
E1/T1/POS) link creation by negotiation and link maintenance, and provides a upper-layer
protocol packet with a packet encapsulation format different from Ethernet protocol.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 19
A upper-layer protocol packet (such as IP packets and MPLS packet) is only
encapsulated with two bytes of protocol fields in the front, and is added with a PPP header
with two fixed values, namely, 0xFF03. The header can be removed through negotiation.
The PPP negotiation has three stages: LCP, authentication (optional) and NCP:
The authentication is optional and it is generally used for an access router to
authenticate an access user.
NCP consists of IPCP, IPv6CP, MPLSCP, OSINLCP and BCP. IPCP (supporting
IPv4) must make link negotiation and the rest is selected as needed. After successful
negotiation with IPCP, PPP port is set to UP.
Compared with the Ethernet encapsulation:
PPP has a higher bandwidth utilization ratio, which has a better effect on short packet.
And its header encapsulation is simpler, and complex Ethernet MAC header
encapsulation and decapsulation are removed from packet transceiving mechanism.
But PPP state machine is more complex than Ethernet because PPP interface is set
to UP only after successful negotiation and then the packet is received at the upper
layer.
The default protocol state of a PPP interface is down after creation, and it is UP after
successful PPP link negotiation. Both sides periodically send LCP keep-alive packets to
each other. If there is no ECHO response to continuous N (N>=1) keep-alive request
packets, the link is set to down and the protocol state is set to down to trigger route
recalculation and route update.
3.2.2 ML-PPP
ML-PPP bundles multiple PPP links with a purpose to increase bandwidth. It can be
applied to an interface supporting PPP.
3.2.3 HDLC
High-level Data Link Control (HDLC) is a bit-oriented link-layer protocol. It parallels with
such L2 protocol as PPP and Frame Relay (FR), and offers different services for
upper-level protocols.
ZXR10 ZSR V2 Series Router Product Description
20 ZTE Confidential & Proprietary
The HDLC’s biggest feature is that character set is not required for data, and any bit
stream can be transparently transported.
3.2.4 FR
Frame Relay (FR) is a high-performance WAN protocol running on physical layer and
data link layer of OSI reference model.
The data packet switching technology is a simplified X.25. It removes some complex
functions of X.25 (such as window technology and data retransmission technology) and
relies on high-level protocol to provide error correction. Because FR works on WAN
devices which are better than X.25, these devices has a higher reliability. FR strictly
corresponds to the lowest two layers of the OSI reference model, while X.25 provides L3
services, so FR has a higher performance and more efficient transport efficiency than
X.25
FR WAN equipment is usually divided into data terminal equipment (DTE) and data
circuit-terminating equipment (DCE). At both ends of communications are DTE and DCE,
and the router generally works as a DTE device.
FR provides the connection-oriented communications at data link layer. A communication
link is defined between each pair of devices, and the link has a data link connection
identifier (DLCI). This service needs a permanent virtual circuit (PVC) with a DLCI. The
DLCI value is generally specified by a FR SP. The available DLCI is 16-1007 and the rest
is retained for the protocols.
FR supports both PVC and SVC. PVC is the most frequently used. The manually
configured PVC is particularly suitable for data communication thanks to its simplicity,
high efficiency and multiplexing.
3.3 Switching and Routing in One
Based on the network connection requirements inside enterprise, ZXR10 ZSR V2
promotes high-density Ethernet switching module to implement seamless integration of
router and Ethernet switch.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 21
ZXR10 ZSR V2 supports VLAN, Supervlan, QINQ, SmartGroup, supports Ethernet port
L2/L3 mode switching, L2 switching across the board, L2/L3 configured on the same
interface, supports full Spanning Tree Protocol and broadcast storm suppression , and
other L2 functions.
3.3.1 Broadcasting storm suppression
The broadcasting storm which seriously damages network performance refers to the
disturbed network communication caused by continuous forwarded broadcasting frames.
The broadcasting storm suppression means the user can set the size of the broadcasting
streams that allowed by the port. When the streams exceed the threshold, the system will
discard the exceeding ones to avoid the broadcasting storm.
ZXR10 ZSR V2 support the following storm suppression.
Support the broadcast packet suppression
Support the multicast packet suppression
Support the unknown packet suppression
Speed limit supports two modes bps or pps
3.3.2 Spanning Tree Protocol
Loops in L2 switching networks make the messages cycling and growing in the loop.
Thus, the broadcasting storm which takes up all valid bandwidth and makes network
unavailable is generated.
Under this circumstance, the spanning tree protocol (STP) is generated. As a L2
management protocol, the STP eliminates the L2 loop by blocking redundant links
optionally. At the same time, it is capable of link backup. The same as other
protocols, the STP keeps developing. However, it was initially used as IEEE
802.1D-1998 STP, then generates IEEE 802.1w RSTP(Rapid Spanning Tree
Protocol) and IEEE 802.1s MSTP(Multiple Spanning Tree Protocol).
ZXR10 ZSR V2 supports STP, RSTP and MSTP, and supports transparent
transmission of the above protocols.
ZXR10 ZSR V2 Series Router Product Description
22 ZTE Confidential & Proprietary
3.4 MPLS
3.4.1 LDP
MPLS is a multiple layer switching technology. It combines L2 switching and L3 routing,
uses label to aggregate the messages need forwarding. It works in route layer structure,
supporting multiple upper layer protocols. It can be implemented on multiple physical
platforms.
ZXR10 ZSR V2 supports multi-protocol label switching by supporting the following
functions:
It supports basic functions and label forwarding services of MPLS. It
implements LDP signaling protocol, which takes charge of label distribution,
LSP establishment, and parameters needed in LSP establishment.
It supports Graceful Restart at MPLS signaling protocol layer. It can keep label
data forwarding when protocol is interrupted.
It supports MPLS Ping/Tracert. It uses MPLS echo request and MPLS echo
reply to check the availability of LSP.
It supports LDP FRR. It can takes quick switching of data flow when LSP
interrupts.
It supports MPLS LSP load balancing.
It supports multiple layer label processing.
It supports LSP loop check mechanism.
It supports MPLS CoS and mapping of IP packet from ToS domain to MPLS
packet in EXP domain.
3.4.2 Static Tunnel
Static tunnel is the tunnel configured by the administrator manually. It doesn’t need to be
triggered by MPLS signaling protocol, nor packet control by exchange. Thus it consumes
little resource and suits stable small network with simple topology structure. However, the
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 23
tunnel established by static label distribution cannot be dynamically adjusted based on
network topology change. It should be manually configured by the administrator.
Each LSR on the tunnel should be configured with static tunnel command, including head
node, intermediate node and tail node. The services can be guaranteed to normally
forward on LSP of the tunnel only when the tunnel is correctly configured on each node.
3.4.3 MPLS-TE
Network congestion is a major problem that influences backbone network performance.
The local congestion may result from inadequate network resources or unbalanced
resource load. TE (Traffic Engineering) solves the congestion caused by unbalanced
load.
MPLS TE is a technology combining traffic engineering and MPLS. With MPLS TE, the
service provider can precisely control the path that the traffic goes through, so as to avoid
the congested node. It can solve the problem that some paths are overloaded but some
are idle, so as to make full use of the existing bandwidth resources. At the same time,
MPLS TE can reserve the resources during the process of LSP tunnel establishment to
guarantee service quality.
MPLS TE establish link bandwidth resource database at each node in MPLS network by
OSPF TE or IS-IS. It uses CSPF algorithm to calculate tunnel establishment path based
on link bandwidth resource database and tunnel constraint. At last it uses RSVP-TE
signaling protocol to establish TE tunnel on the path that calculated by CSPF algorithm.
ZXR10 ZSR V2 supports the following MPLS TE features:
OSPF TE and IS-IS TE
CSPF (Constrained Shortest Path First)
Basic functions of RSVP-TE: it implements RSVP-TE basic functions defined by
RFC2205 and RFC3209. It can establish and maintain TE tunnel by Path/Resv
message interaction.
RSVP-TE FRR: it implements link protection and node protection of RSVP-TE
FRR protocol functions in Facility defined by RFC4090 to offer LSR RSVP-TE
local protection capability.
ZXR10 ZSR V2 Series Router Product Description
24 ZTE Confidential & Proprietary
RSVP-TE Graceful Restart: it implements Graceful Restart by RFC3473, Draft
‘Extensions to GMPLS RSVP Graceful Restart’, and recovery mechanism for
restart at adjacent multiple nodes defined in the section of ‘failure recovery’.
RSVP-TE MIB.
RSVP-TE expansion: RSVP-TE MBB, re-optimization, preemptive priority,
abstract update, automatic routing, FA, Hot-standby, and authentication.
3.5 VPN
3.5.1 IPSec VPN
IP Security (IPSec) is an IETF-defined IP-layer security framework protocol. It protects
sensitive data transport in an unprotected network (e.g., the Internet). It defines IP packet
formats and related infrastructure for confidentiality, data integrity, anti-replay and
enhanced identity authentication in network communication IP packet transport.
Confidentiality means encrypting user data and sending it in the form of ciphertext.
Data integrity means ensuring no data modification in the transport. IPSec
authenticates the data received to determine whether the packet has been modified.
Anti-replay means comparing the slide window of the target host with the sequence
number of the received packet to identify whether the packet is copied, preventing a
malicious user from intercepting IPSec packets and reinsert them into the session.
Origin certification means identifying the identity of the data sender through a
pre-shared key or RSA signature.
IPSec uses the following framework protocols:
Authentication Header (AH): It provides data origin authentication, data integrity
check and packet anti-replay. AH does not encrypt the protected packet.
Encapsulating Security Payload (ESP) provides both authentication and encryption.
Its authentication functions are almost the same as all AH functions (data integrity
check does not include IP header), and it also encrypts IP packets to improve their
security.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 25
IPSec transmits IP packets in the following modes:
Tunnel mode: AH or ESP is inserted before the original IP header, and a new IP
header is generate and put before the AH or ESP. The mode is applied to the
connection between two security gateways (e.g., routers).
Transfer mode: AH or ESP is inserted after the IP header but before the
transport-layer protocol. The mode is applied to the end-to-end connection between
hosts, and it uses the original IP header address for addressing.
ZXR10 ZSR V2 IPSec has the following features:
Establish a security alliance manually or through IKE dynamic negotiation (isakmp).
Support IKEv1 key negotiation and exchange. IKE support the following security
mechanisms:
Diffie-Hellman (DH) exchange and key distribution: The DH algorithm is a
public key algorithm. Communicating parties send no key but calculate a
shared key through data exchange. The precondition for encrypted is
that both sides for encrypted data exchange must have a shared key.
Perfect Forward Secrecy (PFS): The safety feature means that a cracked
key does not affect the safety of other keys because these keys have no
derivative relationship. The key of the IPSec second stage is derived
from the key of the first phase. If the IKE key of the first phase is stolen,
the attacker may collect enough information to derive the IPSec SA key
of the second stage. PFS implements an additional DH exchange to
ensure the safety of the key of the second phase.
Authentication: It means confirming the identity of communicating parties.
ZXR10 ZSR V2 supports the pre-shared key authentication. An
authenticator generates a key, and Different authenticators cannot
generate the same key on both sides.
Identity protection: After a key is generated, identity data is encrypted for
protection in the transport.
Support AH and ESP protocols and their mixed use.
Transmit a packet in tunnel mode or transfer mode.
Provide two general hash algorithms to ensure that no data is modified in the
ZXR10 ZSR V2 Series Router Product Description
26 ZTE Confidential & Proprietary
transport.
HMAC-MD5: Use 128-bit shared key for hash calculation.
HMAC-SHA-1: Use 160-bit shared key for hash calculation.
Support such encryption algorithms as DES-CBC, 3DES-CBC, AES-128-CBC,
AES-192-CBC, and AES-256-CBC.
Support IPSec DPD detection.
Support IPSec NAT traversal.
Support IPSec+GRE networking.
Support IPSec and VRF association.
3.5.2 IPSec NAT traversal
In network applications, if there is a routing equipment between two IPSec routers, the
IPSec router have to support NAT traversal. The NAT traversal mainly includes NAT-T
negotiation in IKE and using UDP to encapsulate and decapsulate the ESP packet.
Figure 3-1 IPSec NAT traversal schematic diagram
3.5.3 GRE VPN
Generic Routing Encapsulation (GRE) protocol can encapsulate the packets of some
network-layer protocols so that these encapsulated packets can be transmitted in the IPv4
network.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 27
When a router receives an original packet (payload) to be encapsulated and routed, the
payload was first encapsulated by GRE into a GRE packet which is encapsulated by the
IP protocol and then is forwarded at the IP layer. The original packet protocol is called the
passenger protocol, the GRE the encapsulation protocol and the IP protocol the delivery
protocol or transport protocol. It should be noticed that the above processes do not care
about the specific format or content of the passenger protocol.
GRE has the following advantages:
A multiprotocol local network can transport packets via a single-protocol backbone
network.
Connect discontinuous subnets to create VPN.
Expand network scope of work, including the protocol with limited route gateways.
3.5.4 L2TP VPN
L2TP (Layer 2 Tunneling Protocol) is a L2 tunnel protocol based upon point-to-point
protocol PPP. L2TP mainly consists of LAC (L2TP Access Concentrator) and LNS
(L2TP Network Server). LAC supporting client-end L2TP is used to initiate call,
receive call and establish tunnel. LNS is the end of all the tunnels to terminate all
PPP flows.
Figure 3-2 L2TP VPN schematic diagram
LAC: L2TP Access Concentrator is a PPP-initiator system with L2TP protocol
processing capability. Usually, LAC is a network access server (NAS), which
supplies network access service through PSTN/ISDN.
ZXR10 ZSR V2 Series Router Product Description
28 ZTE Confidential & Proprietary
LNS: L2TP Network Server, the logical termination of PPP conversation, is used on
the PPP-end system for processing the software of L2TP protocol server.
Between a pair of LNS and LAC there are two types of connection: one is tunnel
connection, which defines a LNS and LAC pair. The other is session connection,
which is multiplexed on tunnel connection, indicating each PPP session process in
the tunnel. One tunnel connection can bear multiple session connections. L2TP
connection maintenance and PPP data transmission are both implemented by
exchange of L2TP message, which uses UDP port 1701. L2TP message can be
divided into two types: control message and data message. Control message works
to create and maintain tunnel connection and session connection. Data message
works to bear users’ PPP session data packets.
L2TP is featured as follows:
Secure identity authentication mechanism: similar to PPP, L2TP can implement
tunnel endpoint verification. PPP CHAP verification is stipulated to be used.
Internal address distribution support: LNS is deployed behind enterprise network
firewall. It implements dynamic distribution and management of remote user address
and supports DHCP and private address application (RFC1918). Address distributed
for remote user is not Internet address but internal private address of enterprise
network, which facilitates address management and enhances security.
Network accounting flexibility: accounting could be implemented at LAC (usually is
ISP) and LNS (usually is enterprise) at the same time. The former accounting
generates bills and the latter is for payment and auditing. L2TP can provide
accounting data of data transmission such as incoming and outgoing packets
number, bytes number, beginning and ending time for connection.
Reliability: L2TP protocol supports LNS backup. When main LNS is unreachable,
LAC (access server) can re-establish connection with backup LNS to improve VPN
service reliability and error tolerance.
Integrated network management: L2TP protocol has become standard RFC protocol.
Related L2TP standard MIB has been established. In this way SNMP network
management solution can be integrated adopted to implement easy network
maintenance and management.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 29
3.5.5 IPSec + GRE
The IPSec tunnel only supports unicast flow, multicast data can not be protected.GRE can
encapsulate non-IP packets, IP multicast and broadcast packets, so you can use GRE
over IPSec to protect the data in GRE tunnel, thereby protecting the GRE tunnel multicast
data flow.
Figure 3-3 IPSec+GRE VPN schematic diagram
3.5.6 MPLS L3 VPN
MPLS VPN supports ISP data privacy and the use of non-unique private IP address in the
VPN.VPN forwarding table includes a label corresponding to a VPN-IP address. This tag
sends data to the appropriate location. MPLS VPN has the following advantages:
VPN connection configuration is simple and has no pressure on the existing
backbone network.
There is no requirement for existing users. The user does not need to make any
changes, and the user joining VPN configuration is also very simple.
The network is highly scalable.
VPN users can continue to use the dedicated address without any modification,
and the VPN-ID is unique in the backbone network.
It is easy to provide value-added services, such as different COS.
ZXR10 ZSR V2 support the MPLS/BGP-based L3 VPN. It provides users with VPN
service on existing public networks to meet service needs and security requirements in
transmitting private data on public networks. The VPN end-to-end solution satisfies user
service demands in this regard.
Assume the roles of P, PE and CE.
ZXR10 ZSR V2 Series Router Product Description
30 ZTE Confidential & Proprietary
Support dynamic (BGP, RIP, OSPF and IS-IS) and static (static route) VPN
access.
Support such policy control as RT rewriting and SOO.
Support multiple cross-domain VPN modes.
Support VRF route restriction.
Support VPN FRR.
3.5.7 MPLS L2 VPN
ZXR10 ZSR V2 supports the Martini-type MPLS L2VPN and uses VC-Type+VC-ID to
identify a VC.It supports the following functions:
Take LDP as basic signaling.
Support two L2 VPN services: VPWS and VPLS.
Support L2VPN MIB.
Support 129-type FEC code.
VPWS service support PW Class configuration, heterogeneity, Status TLV,
VCCV, control field configuration, etc.
VPLS service support L2VPN reflector.
Support L2VPN Graceful Restart.
Support MAC address filtering and restriction.
Support PWE3.
Support CESoPSN.
Support SAToP.
Support L2 VPN and L3 VPN bridging.
3.5.8 Smart Dial Control (SDC)
Smart Dial Control (SDC) is a dial-on-demand backup technology used for
interconnecting routers via PSTN, ISDN or 3G. The ‘dial-on-demand’: the interconnected
routers in different networks only get communicated via dial-up manner when there are
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 31
data to be processed between them. When the link is free, the SDC will disconnect the link
automaitcally. As in some circumstances, the connections and communications between
routers only happen when there is information to be processed, the information under
transmission often features irrelenvant time, abruptness and few data. The SDC service
at this momenet provies flexible economical and highly efficient solutions for this
implementation. In real applications, the SDC which often exists as a backup path keeps
the service running smoothly when the communmication is down due to broken links.
The SDC module often implements the following services:
Dial backup service
The invalid master link (interface) triggers the dial backup: When the master link
(interface) fails for a while, the backup interface will dial up the backup link. When the
master link (interface) recovers, the backup link will be disconnected.
The overload major link (interface) triggers the dial backup: When the major link
(interface) is overloaded, the backup interface will be dialed up. Then the backup link
will be initiated to work together with the master link. When the load of the master link
(interface) returns normal, the backup link will be disconnected then.
Implement link backup service via route interception: When the SDN intercepts that
the particular route items are missing, the dial-up signal will be triggered. Without
asking for preset low-priority static routes to trigger the dial-up signal, this method
which is more flexible actively triggers the signal when the SDC intercepts the loss of
some route items that are going to be backed up. In this way, the backup routes
which go to special destinations will be generated.
Dial-on-Demand (DDR)
Permanent dialing: When the permanent dialing mechnism is set at the dial-up
interface, the dialing will be triggered immediately.
Automatic dialing: After initiation, when the physical dial-up interface turns to up
status, the autoamtic dialing will be triggered.
Manual dialing: The user can implement dialing or turn off the signal by configuring
commands.
ZXR10 ZSR V2 Series Router Product Description
32 ZTE Confidential & Proprietary
Trigger data triggers dialing: The data accessing the router split into two categories:
trigger data and non-trigger data. The trigger data packets will be sent out by the router. If
there’s no connection at that moment, the router will dial the remote router to set up
connections. With non-trigger data, the router won’t dial the remote router.
3.6 QoS Capability
With the popularity of diversified services (data, voice and video) and development of
FMC process, multi-service bearer network is required to provide differentiated services
for different services and users, so as to differentiate services, guarantee user service
QoS based on SLA, realize QoS guarantee in various application models, and provide
E2E QoS. It makes the network sense and manage the services, implement fine operation
of service, and finally improve the service experience of the users.
3.6.1 Flow Classification and Flow Tag
Based on the classification strategies such as destination MAC, source MAC, VLAN ID,
802.1P, ToS/DSCP, and IP 5-tuple (protocol type, destination IP, source IP, destination
port number, source port number), service packets are divided into multiple priorities or
categories. Ethernet packet CoS, ToS or DSCP of IP packet head, and EXP field of MPLS
can be tagged to implement scheduling based on the categories, congestion
management, and traffic shaping. QoS for different service types can be provided.
3.6.2 Traffic Monitoring
Take token bucket algorithm and restrict the traffic enters the network within a proper
range. Manage and punish the exceeding part. For example, drop the packet, color the
packet, or re-set the priority of the packet, in order to protect the network resource and
operators’ benefits. ZXR10 ZSR V2 supports srTCM (single-speed three-color) and
trTCM (dual-speed and three-color) algorithms. It also supports Color-Blind and
Color-Aware coloring mode. ZXR10 ZSR V2 supports port-based and traffic-based
coloring, which can be applied in both incoming and outgoing directions.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 33
3.6.3 Traffic Shaping
Traffic shaping buffers and sends outgoing traffic at an even rate meet the processing
capability of the downstream equipment. ZXR ZSR V2 supports port-based and
queue-based traffic shaping.
3.6.4 Queue Scheduling
Queue scheduling solves the congestion problem at the network node by a series of
scheduling algorithms. By scheduling, the packets with high priority are first forwarded.
The packets with low priority can also fairly get corresponding scheduling opportunity.
ZXR10 ZSR V2 supports queue scheduling of PQ (Priority Queuing), Weighted Fair
Queuing(WFQ) and CBWFQ,etc..
3.6.5 Congestion Avoidance
The network equipment has limited processing capability and buffering capability. The
packets exceed equipment processing capability will cause congestion. Simply dropping
these packets will cause ‘global synchronization’. ZXR10 ZSR V2 adopts RED/WRED to
avoid congestion and improve network quality. WRED can sense the service IP priority,
DSCP and MPLS EXP. It can set different early dropping strategy for packets with
different priorities so as to provide differentiated dropping features for different services.
3.6.6 MPLS QoS
ZXR10 ZSR V2 supports MPLS QoS based on Diff-Serv model. MPLS QoS implements
mapping of priority between MPLS, IP and Ethernet packets. It also differentiate data flow
of different services based on the value of EXP in the tag, so as to realize different
services, guarantee the QoS of voice and video services. ZXR10 ZSR V2 supports
operator MPLS QoS service channels of three standards:
Uniform Tunnel
Pipe Tunnel
Short Pipe Tunnel
ZXR10 ZSR V2 Series Router Product Description
34 ZTE Confidential & Proprietary
ZXR10 ZSR V2 combines MPLS-TE and Diff-Serv to offer IP/MPLS core network with
service identifying capability. Based on this it establishes tunnel to guarantee the
bandwidth of service with high priority. ZXR10 ZSR V2 supports QoS scheduling inside
MPLS VPN. It can implement Diff-Serv scheduling inside VPN and guarantee the key
VPN services are forwarded with priority.
ZXR10 ZSR V2 supports user service-based PW differentiation, and mapping of service
PW to the corresponding MPLS tunnel to realize E2E QoS based on service. It’s easy to
deploy with the bandwidth management plannable. It provides operation guarantee for
service differentiation management and service.
3.6.6.1 H-QoS
With hierarchy, H-QoS implements finer scheduling and provides reliable service support
for multi-service development. ZXR10 ZSR V2 supports H-QoS with the following
features:
It supports to set the multi-level scheduler to achieve multi-level traffic management
to meet the actual network deployment requirements.
It supports multi-user, multi-service, multi-flow classification requirements to
implement congestion avoidance and traffic shaping.
It supports packet tagging feature in the hierarchical QoS queue scheduling.
It supports traffic statistics of service scheduling in hierarchical QoS to realize visual
management of traffic service model and to make maintenance management know
the network better.
3.7 Security Features
3.7.1 ACL
Access control list is used to permit or reject packet based on criteria configured.
The packet filtering criteria determines the type of access control list. Packet filtering
can be defined based on the following conditions:
MAC
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 35
VLAN
Source IP address
Destination IP address
Source port number
Destination port number
Protocol number for transmission layer
Type of service (TOS)
Time-range
For router interface, a configured access control list will only take effect when it is
applied on an interface. As data flow passing an interface is bidirectional, the access
control list should be adopted on the interface, simultaneously, which is egress
direction (i.e. data flow moves away from router) and ingress direction (i.e. data flow
enters router)
There are procedures for implementing access control list on an interface:
1. Define access control list
2. Define the interfaces on which the access control list will be implemented
While using ACL, firstly the type of ACL is classified via ACL number, and then
packets are compared with the configured ACL to see if the packets are permitted to
pass through the interface. The rule of ACL processing is, beginning items are given
the highest priority, in other words, as per the sequence of access control list. The
processing will stop when there is one item matching to the configured control list.
Therefore, the sequence is very important when configuring access control list, and
items with high priorities should be put in the beginning. If there is an exact match for
the packet, it will be permitted or denied to pass through the interface according to
the specified fields ‘permit’ or ‘deny’. If there is no exact match for the packet, it will
follow the default filtering principle, i.e. this unmatched packet will be denied to pass
through the interface.
ZXR10 ZSR V2 supports the ACL features are as follows:
ZXR10 ZSR V2 Series Router Product Description
36 ZTE Confidential & Proprietary
Support standard ACL and extended ACL
Support L2 ACL, L3 ACL and L2/L3 hybrid ACL
Support ACL Time-range
Support ACL log statistics
Support statistical Hit rate
Support ACL bulk binding
3.7.2 Anti-IP source attacks
IP+MAC binding
The binding of MAC and IP addresses refers to the connections formed between
special IP addresses and MAC addresses according to the user’s configuration. If the
message sent from this IP address does not match the designated MAC address, it
will be discarded to avoid attacks by fake IP addresses.
ARP scanning service
ARP scanning service triggers in-batch IP+MAC static binding tables.
IP Source Guard service
IPSG means the device working as a L2 device fights against IP source spoofing
attacks via the binding table.
3.7.3 Anti-ARP attacks
Send free ARP messages on a regular basis
Free ARP messages are sent to prevent the user’s message from being blocked or
intercepted.
Anti-ARP spoofing-Strict ARP learning
Fight against the ARP spoofing via strict ARP learning.
Anti-ARP spoofing-ARP entity learning protection
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 37
ARP entity learning protection avoids the ARP spoofing.
Anti-ARP spoofing-Dynamic ARP inspection
Dynamic ARP inspection avoids the ARP spoofing.
Anti-ARP message flood-ARP message suppression
ARP message suppression avoids ARP message food.
Anti-ARP message flood-ARP Miss message suppression
ARP Miss message suppression avoids the ARP message flood.
3.7.4 Firewall
3.7.4.1 Configure security domains
Divide security domains, including DMZ domain service. As to firewalls, all security
policies are implemented on the basis of security domains. The related firewalls can
only be configured when security domains are divided. The configurations of the
security domain include: the name of the security domain, priority, interfaces to
access the security domain and the DMZ domain. Usually being a filtration subnet,
the DMZ domain is a security area between the intranet and extranet.
3.7.4.2 Packet filtration firewall-fragment message filtration service
Configure ACL to implement packet message filtration. The filtration is implemented
mainly based upon protocol number, source/destination IP addresses, source/destination
port number and message transmission direction of the upper layer protocol borne by the
IP layer of the data packet.
Setting in the firewall of the device, the packet filtration service compares the header of
the packet got from the packet with the preset ACL rules to decide if the packet will be
forwarded or discarded.
The packet filtration service supports the inspection of fragment messages. The packet
filtration firewall identifies different message types: non-fragment messages, first
fragment messages and follow-up fragment messages. All types of messages are filtered.
ZXR10 ZSR V2 Series Router Product Description
38 ZTE Confidential & Proprietary
3.7.4.3 Stateful firewall
As an extension of the packet filtration firewall, the stateful firewall not only takes the
packet as an independent unit to implement ACL inspection and filtration, but also
considers the relevance between the application layers of the packets. By using all sorts
of stateful tables to monitor TCP/UDP sessions, the stateful firewall makes the ACL table
to decide which session is allowed to be built. Only the packets that related to the
permitted sessions can be forwarded. At the same time, according to the TCP/UDP
session, the stateful firewall analyzes the status of the packet application layer, and filters
the packets which do not match the status of the existing application layer. Combining the
advantages of the packet filtration firewall and proxy firewall, the stateful firewall is not
only fast, but also safe.
SFW (Stateful Firewall) is message filtration based upon the application layer, in other
words, it is a status-based message filtration. As this service can inspect the protocol
sessions which try to pass through the firewall in the application layer by maintaining the
session status, checking the protocol and port number of the session messages, it stops
the messages which do not match the rules from passing through the firewall. For all
connections, the status of each connection maintained by the SFW is used to decide if the
packet is allowed to pass the firewall dynamically. At the same time, the SFW can
monitor the service of different application layer protocols.
3.7.4.4 Black list
Blacklist is a filtration method based upon the source VPN and the source IP address of
the message. As the matching domain is much simpler than the ACL, the blacklist can
implement rapid message filtration. Therefore, it can effectively shield the messages sent
from some particular IP addresses. At the same time, user’s static blacklist and the
firewall-based dynamic blacklist are supported.
In addition to the blacklist made by the user statically, some particular IP addresses which
are found implementing IP scanning attacks or port scanning attacks will be put into the
blacklist actively. If the blacklist has been activated, all the messages coming from this IP
address in a certain period will be filtered. The user can configure the aging time of both
static and dynamic blacklists. Completely ignoring the ACL rules, the firewall discard all
the packets in the blacklist.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 39
Users can export the blacklist to files. Also, the blacklist can be configured by importing
the data on files.
3.7.4.5 White list
If the user puts the VPN and IP address of one host to the white list of the firewall, the
firewall will not launch IP scanning attacks or port scanning attacks of the message sent
by the host. Also, it won’t add the IP address to the blacklist dynamically. What’s more, the
user cannot put the host to the static blacklist.
After receiving a message, the device will check if it came from the white list. If the source
of the message is the white list, the device won’t arrange the IP scanning attack, the port
scanning attack or the generation of a dynamic blacklist containing this source IP address.
However, other security filtrations must be kept to make the firewall safe, e.g. ACL packet
filtration, SFW, traffic statistics and monitoring, etc. The user can configure the aging time
of the white list. The information of the white list can be imported and exported by files.
3.7.4.6 Anti-DDos attack
The network environment is getting more and more complicated. The control layer
processor of router device is the core component to deal with various complicated
protocol data packets. It usually suffers from broadcast storm, PING flooding, and TCP
syn flooding attacks. To avoid the influence on CPU or even service abnormality, pause,
and interruption caused by the attacks, ZXR10 ZSR V2 implements flexible and complete
flow control mechanism for the traffic enters the control layer:
The CPU flow transmitted upwards is divided into multiple queues with priority
to guarantee the important protocol packets such as BGP, OSPF as well as
user customized data packets are transmitted upwards and processed with
priority. Each queue has different threshold values for different packet types.
It supports CAR rate limit of flow transmitted upwards based on physical
ingress.
It supports CAR rate limit of customized packet based on source destination +
protocol type + TCP/UDP port number + CAR rate limit of physical ingress
number.
ZXR10 ZSR V2 Series Router Product Description
40 ZTE Confidential & Proprietary
It supports configuration of number of transmission per second and
transmission priority as a particular rule.
It supports transmission abnormality check based on logical port. It takes rate
measurement of all received packets at the logic port. When the traffic
transmitted at the port is found to reach the specified threshold, close packet
receiving at the port and make certain delay. Then continue to receive the
packets to prevent the port from strong attack which may influence user
services at other ports.
ZXR10 ZSR V2 can effectively guarantee that the important data packets with high priority
can be transmitted first by dividing and differentiation of data packet priority, multi-queue
transmission, configuration of transmission strategy at port, and transmission flow rate
limit. It can effectively block attack from abnormal packets.
3.7.4.7 Anti-DOS attack
ZXR10 ZSR V2 supports the following DOS attack prevention:
LAND attack
Smurf attack
WinNuke attack
SYN Flood attack
ICMP Flood attack
UDP Flood attack
3.7.4.8 Anti-scanning attack
ZXR10 ZSR V2 supports the following anti-scanning attack prevention:
ping-death attack
Large-ICMP attack
ICMP Unreachable attack
ICMP-Redirect attack
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 41
ICMP Fragment attack
IP Fragment attack
Teardrop attack
Fraggle attack
Tracert attack
3.7.4.9 Anti abnormal packet attack
ZXR10 ZSR V2 supports the following anti-abnormal attack prevention:
Abnormal TCP packet attack
IP error option attack
Syn Fragment attack
Unknown Protocol attack
IP spoofing attack
IP option packet attack
TCP No-Flag packet attack
TCP Syn Fin packet attack
TCP Fin-No-Ack packet attack
3.7.5 Multiple Security Authentications
ZXR10 ZSR V2 supports the following multiple security authentications:
AAA
ZXR10 ZSR V2 implements complete AAA authentication authorization for different
user access authentication strategy. Based on different access authentication needs,
users can configure different access authentication strategy and take different
Authentication and Authorization for different users.
AAA supports three user authentication types:
Local authentication
ZXR10 ZSR V2 Series Router Product Description
42 ZTE Confidential & Proprietary
RADIUS (Remote Authentication Dial-In User Service) authentication
TACACS+ (Terminal Access Controller Access Control System) authentication
AAA supports four authorization types:
Direct trust authorization: Directly authorized without account.
Local account authorization: make authorization based on locally configured
user account
TACACS+ authorization: TACACS+ can divide authentication and authorization.
TACACS+ server can authorize the users.
Authorization after successful RADIUS authentication: RADIUS protocol
authentication and authorization cannot be divided.
Protocol Security Verification
ZXR10 ZSR V2 implements complete protocol security verification for SSH, PPP, routing
protocol, and SNMP protocols based on different protocol security verification
requirements.
SSH protocol security verification:
It supports MD5-based cipher text authentication
It supports SHA1-based cipher text authentication
PPP access security verification
It supports PAP-based verification
It supports CHAP verification
Routing Protocol security verification
RIP v2, OSPF, and IS-IS support plain text authentication
RIP v2, OSPF, IS-IS, and BGP support MD5-based cipher text authentication
RIPng, OSPFv3, and BGP-4+ support MD5-based cipher text IPSec AH
authentication
RIPng, OSPFv3, and BGP-4+ support SHA1-based cipher text IPSec AH
authentication
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 43
SNMP security verification:
SNMPv3 encryption and authentication.
3.7.6 URPF
ZXR10 ZSR V2 supports uRPF (Unicast Reverse Path Forwarding) to prevent network
attack based on source address spoofing. Among the common DoS attacks, there’s one
source address spoofing. The attacker spoofs a source address (usually the address of a
legal network) to get access to the attacked equipment so as to prevent the attacked
equipment from providing normal services. uRPF can effectively prevent this attack.
ZXR10 ZSR V2 supports the following uRPF features:
It supports Strict RPF check
It supports loose RPF check
It supports loose RPF check that ignores default route
It supports ACL check
3.8 Network Reliability
3.8.1 Ping Detect
Ping Detect is also called automatic detect. It uses request/response packet of ICMP to
detect the reachability of the destination, and returns the detect result to the backup
function unit that associated with it, so as to trigger the main/standby switching and
provides backup based on the reachability of network layer application.
Ping Detect solves this problem. Ping Detect uses request/response packet of ICMP to
detect the destination reachability of the network application. The result (reachable or
unreachable destination ICMP) can be returned to the associated unit such as static route
backup, dial backup or VRRP to trigger the corresponding main/standby switching.
ZXR10 ZSR V2 Series Router Product Description
44 ZTE Confidential & Proprietary
3.8.2 BFD
An important function of network equipment is to quickly detect the communication failure
between the adjacent systems, and to create other paths as soon as possible. BFD
(Bidirectional Forwarding Detection) protocol perfectly achieves this goal. The main
function of BFD is to provide a low-load quick failure detection mechanism for the adjacent
forwarding engines. Combining BFD and FRR, ms level link detection and route switching
can be implemented at forwarding layer.
ZXR10 ZSR V2 supports the following BFD features:
version 0 and version 1 BFD check.
BFD for BGP check.
BFD for OSPF check.
BFD for IS-IS check.
BFD for LDP LSP check.
BFD for TE tunnel check.
BFD for static route configuration for next-hop check.
BFD for strategy route check.
BFD for VRRP check.
3.8.3 FRR
When a link or node fails in the network, the packets go through it may be dropped or put
into a loopback. Then there will be inevitable temporary traffic interruption or loopback
until the network re-converge and reckon out a new topology and route. Usually this kind
of interruption will last several seconds. Therefore, to shorten the traffic interruption, a
mechanism should be provided to implement the following functions:
Quick discovery of link failure
Quickly provide a recovery path when link fails
Avoid forwarding ‘micro-loop’ in following-up network recovery.
This is FRR (Fast ReRoute). ZXR10 ZSR V2 FRR covers IP FRR and L3VPN FRR.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 45
3.8.3.1 IP FRR
ZXR10 ZSR V2 product provides IP FRR. The routing protocol unit provides loop-free
main/standby route based on the loop avoiding strategy configured by the user. The
forwarding unit implements traffic forwarding based on main route in the process. At the
same time it checks the port status of the main route. When the port fails, ZXR10 ZSR V2
will quickly switch the traffic to the standby route to reduce traffic switching time and
packet loss.
IP FRR is usually used with routing protocol. ZXR10 ZSR V2 supports IP FRR that
including static route FRR, OSPF FRR, IS-IS FRR, and BGP FRR.
3.8.3.2 L3 VPN FRR
FRR of VPN route is VPN FRR of private network, not including FRR implemented by
public network outer layer label switching. Thus L3VPN FRR is that for pure private
network VPN route. Currently VPN route learning source is mainly different remote PE,
which can form FRR relationship.
3.8.4 VRRP
VRRP implements gateway backup in multiple access LAN (such as Ethernet) by
providing a check and election mechanism. The protocol maintains the unremittance of
the access host service operation by backup of gateway in LAN, that is to say, it takes
backup of next hop equipment on the route of the accessed host.
ZXR10 ZSR V2 supports VRRP with the following features:
Basic functions of VRRP.
VRRP heartbeat.
VRRP and BFD check & binding.
VRRP and PING check & binding.
VRRP check the status of the specified port.
VRRP check the key route information.
ZXR10 ZSR V2 Series Router Product Description
46 ZTE Confidential & Proprietary
VRRP group management implements integrated protocol packet receiving and
transmitting of multiple VRRP groups.
VRRP MIB.
3.9 IPv6 Features
3.9.1 Basic Function of IPv6
ZXR10 ZSR V2 supports IPv4/IPv6 dual-stack:
IPv6 basic protocols: IPv6 protocol and ND (Neighbor Discovery) ,etc.
TELNET6 and SSHv6, easy for users to take remote login and connection.
TCP6, UDP6, and Socket IPv6.
IPv6 DHCP Client/ Relay/Server and DNS6 Client.
PMTU Discovery (Path MTU Discovery) RFC1981.
IPv6 link check such as Ping6 and Trace6.
IPv6 ACL.
IPv6 QoS.
Security functions such as IPv6 VRRP and IPv6 uRPF.
3.9.2 IPv6 Unicast Routing Protocol
ZXR10 ZSR V2 supports unicast routing protocols including IPv6 static route, RIPng,
OSPFv3, IS-ISv6, BGP4+, and IPv6 strategy routing.
3.9.2.1 IPv6 Static Routing
To implement IPv6 static routing, the network administrator configures command and
specifies the routing information in IPv6 routing table. Its routing table is not established
based on routing algorithm like IPv6 dynamic routing.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 47
When dynamic routes are configured, the routers need to exchange their routing tables
frequently to make the router difficult to burden. Then static route can be used to solve the
problem. It can avoid dynamic route usage with configuration of only few.
ZXR10 ZSR V2 supports IPv6 static route configuration of specified next-hop and
specified egress.
3.9.2.2 RIPng
RIPng is based on UDP. It uses port number of 521 to transmit and receive data packet.
ZXR10 ZSR V2 supports RIPng basic protocol, route summarization and route
redistribution, RIPng route load balancing, RIPng MIB, RIPng VRF access instance, and
IPv6 BFD associating RIPng.
3.9.2.3 OSPFv3
OSPFv3 is mainly used to provide routing function in IPv6 network.
ZXR10 ZSR V2 supports OSPFv3 basic protocol, route summarization and route
redistribution, OSPFv3 route load balancing, OSPFv3 authentication, OSPFv3 protocol
MIB, OSPFv3 VRF access instance, and IPv6 BFD associating OSPFv3.
3.9.2.4 IS-ISv6
The working principle of IS-ISv6 is similar to that of IS-ISv4.
ZXR10 ZSR V2 supports IS-ISv6 basic protocol, route summarization and route
redistribution, IS-ISv6 route load balancing, IS-ISv6 route filtering, IS-ISv6 authentication,
IS-ISv6 protocol MIB, IS-ISv6 VRF access instance, and IPv6 BFD associating IS-ISv6.
3.9.2.5 BGP4+
BGP4+ is an expansion of BGP. It inherits the basic message format of BGP4. The
expansion attribute used to transport IPv6 route information.
ZXR10 ZSR V2 Series Router Product Description
48 ZTE Confidential & Proprietary
ZXR10 ZSR V2 supports BGP4+ basic protocols, routing attributes, route summarization,
route redistribution, reflector, and alliance. It supports strategy filtering of BGP4+ route,
BGP4+ route load balancing, BGP4+ authentication, BGP4+ protocol MIB, BGP4+ VRF
access instance and IPv6 BFD associating BGP4+.
3.9.2.6 IPv6 Policy Routing
The concept and principle of Policy routing in IPv6 are the same with those of IPv4. The
only difference is IPv6 address and route are used to complete the configuration.
3.9.3 Multicast Routing Protocol
The biggest difference from IPv4 multicast is that IPv6 multicast address system is greatly
enriched. The other features of IPv6 such as group member management, multicast
packet forwarding and multicast route establishment are the same with IPv4.
3.9.3.1 MLD
MLD protocol is originated from IGMP. MLDv1 is corresponding to IGMPv2, and MLDv2 is
corresponding to IGMPv3. Different from IGMP which adopts packet type with IP protocol
number of 2, MLD protocol adopts ICMPv6 (with IP protocol number of 58) packet type
including MLD query packet (with type value 130), MLDv1 report packet (with type value
131), MLDv1 leave packet (with type value 132), and MLDv2 report packet (with type
value 143). MLD protocol behavior is exactly the same with IGMP except different packet
format. Similarly, MLD Snooping is basically the same with IGMP Snooping.
ZXR10 ZSR V2 supports MLDv1/v2 protocol.
3.9.3.2 IPv6 PIM
Except IP address structure, IPv6 PIM protocol behavior is the same with IPv4 PIM. IPv6
PIM also supports three modes of SM, DM, and SSM.
ZXR10 ZSR V2 supports IPv6 PIM-DM, IPv6 PIM-SM, and IPv6 PIM-SSM protocols.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 49
3.9.4 IPv6 Tunnel
ZXR10 ZSR V2 supports IPv6 tunnel protocols including IPv6 over IPv4 manually
configured tunnel and automatic tunnel, IPv4 over IPv6 tunnel, ISATAP tunnel, and 6rd
etc.
3.9.4.1 IPv6 over IPv4 Tunnel
IPv6 over IPv4 tunnel mechanism is to encapsulate IPv4 packet header to the front of
IPv6 data packet. It enables IPv6 packets to traverse IPv4 network through the Tunnel, so
as to realize the interconnection of separated IPv6 network as shown in Figure:
ZXR10 ZSR V2 Series Router Product Description
50 ZTE Confidential & Proprietary
Figure 3-4 Working principle of IPv6 over IPv4 tunnel
IPv6 over IPv4 tunnel can be established on host-host, host-device, device-host, and
device-device. The terminal of the tunnel could be the final destination of IPv6 packet, or
could be further forwarded. Based on different ways to obtain IPv4 address for terminal of
the tunnel, the tunnel is divided into ‘configured tunnel’ and ‘automatic tunnel’.
If the terminal address of IPv6 over IPv4 tunnel cannot be automatically obtained
from the destination address of IPv6 packet, it should be manually configured. This is
‘configured tunnel’ such as 6in4 and GRE.
If the interface address of IPv6 over IPv4 tunnel uses special IPv6 address with
embedded IPv4 address, IPv4 address of tunnel terminal can be automatically
obtained from the destination address of IPv6 packet. This is ‘automatic tunnel’ such
as 6to4 and ISATAP.
3.9.4.2 IPv4 over IPv6 Tunnel
IPv4 or IPv6 over IPv6 tunnel (RFC2473) protocol encapsulates IPv4 or IPv6 data packets
to enable them to be transmitted in another IPv6 network. The encapsulated data packets
are IPv6 tunnel packets as shown in Figure:
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 51
Figure 3-5 Working principle of IPv4 (or IPv6) over IPv6 tunnel
3.9.4.3 ISATAP
ISATAP (the Intra-Site Automatic Tunnel Addressing Protocol) can make the dual-stack
node at IPv4 site get access to IPv6 router by automatic tunnel. It’s permitted not to share
the dual-stack node of one physical link and transmit the data packet to next hop of IPv6
through IPv4 automatic tunnel.
ISATAP transition system uses an IPv6 address with an IPv4 address embedded. No
matter what kind of IPv4 address is used at the site, global or private, IPv6-in-IPv4
automatic tunnel can be used at the site. ISATAP address format can use site unicast
IPv6 address prefix or global unicast IPv6 address prefix. That is to say, it can support
both site and global IPv6 route.
ISATAP tunnel principles cover tunnel encapsulation and de-encapsulation process:
Encapsulation principles: When IPv6 packets are transmitted, the egress is the
tunnel interface. The tunnel type can be decided based on the packets returned by
the interface. If it is ISATAP tunnel, we take IPv4 header encapsulation. ISATAP
tunnel encapsulation format inherits that for 6in4. The destination address of outer
layer V4 is the V4 address embedded in destination address of V6 packet. The
source address of outer layer V4 is the source address configured for ISATAP tunnel.
After the encapsulation common IPv4 packets are transmitted to take the processing.
De-encapsulation principles: the de-encapsulation process of ISATAP tunnel is
ZXR10 ZSR V2 Series Router Product Description
52 ZTE Confidential & Proprietary
exactly the same with that of 6in4. The basic principle works as follows: when IPv4
data packets are received, and the protocol number in IPv4 header is 41, invoke
each protocol number processing function registered to IPv4, and enter 6in4
de-encapsulation. Check the matched tunnel item based on the source address and
destination address of the packet. Peel off the IPv4 header encapsulated by the
tunnel if it is found. The left IPv6 packets are delivered to processing of IPv6 packet
receiving procedure.
Figure 3-6 Working principle of ISATAP tunnel
3.9.5 6PE
6PE implements IPv6/IPv4 dual-stack functions.It exchange labeled IPv6 routes over
MP-BGP sessions running over IPv4.6PE forward IPv6 data over the IPv4-signaled LSP,
outer labels for forwarding packets, inner label for identifying IPv6 packets.
3.9.6 6VPE
6VPE (IPv6 VPN Provider Edge) is a technology that provides IPv6 user network with
BGP MPLS VPN service. The technical principle of 6VPE originates from BGP MPLS
VPN in IPv4. It’s especially an expansion of IPv4 BGP MPLS VPN.6VPE doesn’t restrict
the IP protocol version that the backbone network adopts. In this way IPv6 VPN traffic can
be transmitted by IPv6 tunnel or IPv4 tunnel.
ZXR10 ZSR V2 supports the operation of IPv6 static route, RIPng, OSPFv3, IS-ISv6, and
EBGP protocol between CE and PE.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 53
3.9.7 NAT64
NAT64 technology, one of IPv4-IPv6 transition technologies, satisfies the interconnection
of the IPv6 host and the IPv4 service. As IPv6 transition is the key to the IPv6 network
transition, this technology enables IPv6 users to visit the existing IPv4 services.
Orienting to make the IPv6 Client to initiate IPv4 sessions actively in the future, the NAT64
technology not only simplifies NAT-PT scenario, but also makes the deployment and
maintenance easier.
Figure 3-7 NAT64 Application scenario
NAT64 technology has the following features:
IPv6 host sends a connection request to the IPv4 service initiative.
The NAT64 unit separated from the DNS unit.
NAT64 only supports IPv6 host initiates a session to IPv4 services, the IPv6 network
address mapping of the IPv4 server is relatively simple, and therefore do not need the
between NAT64 unit and DNS to close complex domain name and address associated
management, but also to avoid DNS security issues and DNSSEC compatibility issues.
DNS for NAT64 requires DNS64 function.
A record translated into AAAA records. In addition, when the system does not exist in the
AAAA records to support DNS proxy mode to query A record.
ZXR10 ZSR V2 support NAT64.
ZXR10 ZSR V2 Series Router Product Description
54 ZTE Confidential & Proprietary
3.10 NAT
Network address translation (NAT) can translate an IP address used in one network
into a different IP address in another network. Usually, NAT is used to map IP
addresses used in private network or local enterprise network into one or multiple
addresses in public network or global internet. The features of NAT are:
Restrict the number of IP address requiring IANA registration used by private
network.
Save global IP address space required by intranet (for example, one
organization can use a single IP address for communication on internet)
Keep the confidentiality of LAN as the inner IP is not for public.
ZXR10 ZSR V2 supports the following NAT features:
Support in/out side NAT
Support NAT44 and NAT64
Support NAT multi-outlet
Support static / dynamic NAT
Support mapping mode, filter mode and two modes mix
Support PAT
Support PPPoE NAT(user side NAT)
Supports a variety of ALG applications, including TCP
ALG(FTP/RSTP/H323/PPTP),UDP ALG(DNS/SIP/H323) and ICMP ALG.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 55
3.11 Network Management Features
3.11.1 NetNumen™ Integrated Network Management Platform
3.11.1.1 Network Management Networking
ZTE NetNumen™ is a network management system constructed on the data
communication network. It can take integrated maintenance and management of various
types of network equipment in a wide area and complicated application environment.
In-band management and out-band network management can be adopted between
NetNumen™ network management system and ZXR10 ZSR V2.
In-band management
In-band management means network management information and service data are
transported in one channel. No extra DCN should be built. NetNumen™ network
management system can fulfill its task as long as it’s connected to the nearby network
equipment with related SNMP parameters configured.
Out-band management
Out-band management means network management information is independent from
service data. The network management information is transported inside network
management system. Extra DCN network is needed. NetNumen™ network management
is connected to ZXR10 ZSR V2 via its out-band management interface. Network
management information and service information are transmitted independently and
respectively.
3.11.1.2 NetNumen™ Network Management System
The NetNumen™ U31 (BN) developed by ZTE is a unified network management system
aiming at managing SDH, MSTP, WDM, PTN, OTN and IP device (router and switch, etc.).
It includes the management of the network element, network, and service. The network
management provides the following services:
Fault management ensures stable network operation.
ZXR10 ZSR V2 Series Router Product Description
56 ZTE Confidential & Proprietary
Performance management gives overall picture to the entire network service
situation.
Resource management enables rational network resource adoption.
View management makes the network running obvious.
Configuration management enables fast service deployment.
Security management makes the network safer.
Northbound interface supports third-party systems integration.
3.11.2 NETFLOW
The Netflow technology distinguishes the Flows of different services transfered in the
network rapidly. Each distinguished Netflow can be traced and calculated. It records the
traffic attribute such as the transmission direction and the destination, collect the start and
end time, service type, the data and byte number in the packet. The Netflow send the
original collected traffic and flow direction out on a regular basis. Besides, it can also
analyze the original records and send the results out. The ZXR10 ZSR V2 supports the
following Netflow features:
Be compatible with the industry-leading v5 , v8 and v9 files.
Transfer the message to the server in the manner of IPv4/UDP.
Support automatic message report.
Support the configuration of cache active and non-active aging time.
Support multiple servers.
Support flow-based random sampling.
Support the configuration of the interface traffic sampling.
Ethernet and POS physical interfaces together with its sub-interfaces support
Netflow sampling service.
Support independent interface ingress sampling
Support the independent sampling of multiple services (e.g. unicast/multicast and
MPLS services) in one direction.
Support data stream sampling ratio from 65535:1 to 1:1.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 57
3.11.3 Network Layer Inspection
The ZXR10 ZSR V2 provides multiple network layer inspection services on the basis of
ping and trace, e.g. IP Ping, IP Trace, LSP Ping, LSP Trace, multicast Ping, and multicast
Trace.
3.12 System Operation and Maintenance
3.12.1 Multiple Configuration Methods
The ZXR10 ZSR V2 provides multiple device login and management configuration modes.
So that, the user can chose the best configuration mode as per different scenarios.
Serial port connection configuration
Telnet connection configuration
Secure shell protocol (SSH) connection configuration
SNMP connection configuration
Upgrade version by USB
Auto-config
Upgrade version batch by network management
3.12.2 System Policing and Maintenance
The ZXR10 ZSR V2 supports multiple ways to monitor, manage and maintain the device.
As a result, corresponding approaches are provided for different aberrance. The
specifications in running the device can also be offered.
The device policing includes:
There’re indicators in the power supply, fan, MPFU and all PIUs to show their running
status.
The fan monitoring is handled by the fan module. In addition to inspect the unit
on-board information and the status, it can also support changing the fan speed
intelligently.
ZXR10 ZSR V2 Series Router Product Description
58 ZTE Confidential & Proprietary
The power supply monitoring provides on-board information, status information,
power consumption and DC/AC information.
When the breakdown occurs on the fan, power supply or the temperature, the audio
alarm and software alarm will be generated.
Distributed temperature collection and temperature monitoring are implemented on
the units.
The hot swappable and switchover events of the MPFU are recorded for the user’s
reference.
The version set will be checked automatically in running the system.
The system monitors the software running status. If the aberrance disturbs normal
device operation, the PIU will be restarted.
Device management and maintenance include:
The command line provides flexible online help.
Support the operation carried out by multiple users. Some commands can be used to
decide if other user can take operations at the same time.
Provide multi-level user authority management and automatic record of the user’s
operation log.
Support information center. Provide unified management to the log, alarm and
debugging information.
Run CLI command line to check the basic information of the MPFU, PIU and optical
modules of the device.
The user can decide if the user name and the password are used to get login through
the Console port.
Provide multiple information queries, including software version information,
component status, environment temperature, CPU and memory availability.
The ordinary user supports clear-text password and cipher.
Provide hierarchical device alarm management. Support alarm classification and
alarm filtration services. The alarms can be sent to the remote server.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 59
3.12.3 Diagnosis and Debugging
The ZXR10 ZSR V2 provides many ways for diagnosis and debugging. So that, the user
can be more flexible and knowledgeable in the device debugging. Support special
diagnosis test command mode. Support complete device diagnosis and test services, so
that, it can inspect the device at any time. When the device breaks down, the cause can
be found remotely.
The inspection of the device running status.
Ping and TraceRoute.
Debugging.
3.12.4 Version Upgrade
The ZXR10 ZSR V2 supports the upgrade of the device Boot initiation file and he software
file. The new configuration can only take effect when the router is restarted.
Boot version upgrade: The initiation and drive files saved by the Bootrom storage on
the MPFU in the course of device upload can be upgraded locally or on line via the
remote FTP BOOT version.
Software version upgrade: The original device performance or the software service
can be optimized and enhanced locally or on line via the remote FTP/TFTP software.
ZXR10 ZSR V2 Series Router Product Description
60 ZTE Confidential & Proprietary
4 System Architecture
4.1 Product Appearance
With modular architecture, the ZXR10 ZSR V2 is designed with hot swappable modules
and components, so that it is known for amazing flexibility. The entire device is composed
by chassis, backplane, MPFU, SPIU, PIU, DPIU, power supply unit and fan chassis.
ZXR10 2800-4&3800-8 is made of sheet metal. All the units, fan chassis, and cables
(vertical fiber egress) are installed through the front panel. ZXR10 1800-2S/2S(G)/2S(W)
is 380mm wide, belong to the desktop products, and are installed through the rear panel.
The width of the entire device complies of ZXR10
1800-2E/2E(G)/2800-3E/3E(G)/2800-4/3800-8 with the 19-inch standard in the industry.
So they can be installed in IEC297 standard rack and ETSI standard rack. The entire
device is 200mm deep, which can be put in any regular standard rack.
4.1.1 The Appearance of ZXR10 3800-8
The chassis of ZXR10 3800-8 is 3U (1U=44mm). The size of the device is 442 (W) x132
(H) x200mm (D). The front view of the ZXR10 3800-8 is as shown in the figure.
Figure 4-1 The Front View of the ZXR10 3800-8
The key components of the ZXR10 3800-8 are as shown in the figure:
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 61
Figure 4-2 The Key Components of the ZXR10 3800-8
The ichnography of the ZXR10 3800-8 architecture is as shown in the figure:
Figure 4-3 The Ichnography of the ZXR10 3800-8 Architecture
With horizontal slots, ZXR10 3800-8 is designed with 9 service slots, in which the number
0-7 slots are for SPIUs , PIUs and DPIUs, and number 8 slot is for MPFU
According to the size, the ZXR10 3800-8 supports three models of PIU.
DPIU types: This is high-speed interface board, which bandwidth is upto 10 Gbps.
Size (width x height x deep) is: 176 mm x 20 mm x 175 mm (Single-high DPIU) or 40
mm x 176 mm x 176 mm (Double-hight DPIU), in which Single-high DPIU takes up 3
or 7 slots, Double-hight DPIU takes up combination slot 1 and 3 or slot 5 and 7.
PIU types: This is general-speed interface board, bandwidth is 1 Gbps. Size (width x
height x deep) is: 176 mm x 20 mm x 175 mm (Single-high PIU) or 40 mm x 176 mm
x 176 mm (Double-hight PIU), in which Single-high PIU takes up 1, 3, 5 or 7 slots,
Double-hight PIU takes up combination slot 1 and 3 or slot 5 and 7.
SPIU types: This is general-speed interface board, which bandwidth is 1 Gbps. Size
(width x height x deep) is: 77 mm x 20 mm x 182 mm, in which SPIU takes up 0, 2, 4
ZXR10 ZSR V2 Series Router Product Description
62 ZTE Confidential & Proprietary
or 6 slots.
4.1.2 The Appearance of ZXR10 2800-4
The chassis of 2800-4 is 2U (1U=44mm). The size of the device is 442mm (W) x88.1 (H)
x200mm (D). The front view of the ZXR10 2800-4 is as shown in the figure.
Figure 4-4 The Front View of the ZXR10 2800-4
The key components of the ZXR10 2800-4 are as shown in the figure:
Figure 4-5 The Key Components of the ZXR10 2800-4
The ichnography of the ZXR10 2800-4 architecture is as shown in the figure:
Figure 4-6 The Ichnography of the ZXR10 2800-4 Architecture
AC/DC
SPIU
SPIU
PIU
PIU/DPIU FAN
MPFU
AC/DC0 1
32
4
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 63
With horizontal slots, ZXR10 2800-4 is designed with 5 service slots, in which the number
0-3 slots are for SPIUs and PIUs, and number 4 is for MPFU.
According to the size, the ZXR10 2800-4 supports three models of PIU.
DPIU types: This is high-speed interface board, which bandwidth is upto 10 Gbps.
Size (width x height x deep) is: 176 mm x 20 mm x 175 mm (Single-high DPIU) or 40
mm x 176 mm x 176 mm (Double-hight DPIU), in which Single-high DPIU takes up 3
slot, Double-hight DPIU takes up combination slot 1 and 3.
PIU types: This is general-speed interface board, which bandwidth is 1 Gbps. Size
(width x height x deep) is: 176 mm x 20 mm x 175 mm (Single-high PIU) or 40 mm x
176 mm x 176 mm (Double-hight PIU), in which Single-high PIU takes up 1 or 3 slots,
Double-hight PIU takes up combination slot 1 and 3.
SPIU types: This is general-speed interface board, which bandwidth is 1 Gbps. Size
(width x height x deep) is: 77 mm x 20 mm x 182 mm, in which SPIU takes up 0 or 2
slots.
4.1.3 The Appearance of ZXR10 1800-2S/2S(G)/2S(W)
The chassis of 1800-2S/2S(G)/2S(W) is 1U (1U=44mm). The size of the device is 380mm
(W) x43.6 (H) x200mm (D). The front view of the ZXR10 1800-2S/2S(G)/2S(W) is as
shown in the figure.
Figure 4-7 The Front View of the ZXR10 1800-2S
ZXR10 ZSR V2 Series Router Product Description
64 ZTE Confidential & Proprietary
Figure 4-8 The Front View of the ZXR10 1800-2S(G)/2S(W)
The ichnography of the ZXR10 1800-2S/2S(G)/2S(W) architecture is as shown in the
figure:
Figure 4-9 The Ichnography of the ZXR10 1800-2S/2S(G)/2S(W) Archtiecture
AC/DCSPIU
SPIUMPFU
0
1
The ZXR10 1800-2S/2S(G)/2S(W) only supports SPIU. This is general-speed
interface board, which bandwidth is 1 Gbps. Size (width x height x deep) is: 77 mm x
20 mm x 182 mm, in which SPIU takes up 0 or 1 slots.
4.1.4 The Appearance of ZXR10 1800-2E/2E(G)
The chassis of 1800-2E/2E(G) is 1U (1U=44mm). The size of the device is 442mm (W)
x44 (H) x200mm (D). The front view of the ZXR10 1800-2E/2E(G) is as shown in the
figure.
Figure 4-10 The Front and Real Panel of the ZXR10 1800-2E/2E(G)
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 65
The key components of the ZXR10 1800-2E/2E(G) are as shown in the figure:
Figure 4-11 The Key Components of the ZXR10 1800-2E/2E(G)
The ichnography of the ZXR10 1800-2E/2E(G) architecture is as shown in the figure:
ZXR10 ZSR V2 Series Router Product Description
66 ZTE Confidential & Proprietary
Figure 4-12 The Ichnography of the ZXR10 1800-2E/2E(G) Architecture
With horizontal slots, ZXR10 1800-2E/2E(G) is designed with 3 service slots, in which the
number 0-1 slots are for SPIUs, and number 2 is for MPFU.
According to the size, the ZXR10 1800-2E/2E(G) supports SPIU.
SPIU types: This is general-speed interface board, which bandwidth is 1 Gbps. Size
(width x height x deep) is: 77 mm x 20 mm x 182 mm, in which SPIU takes up 0 or 1
slots.
4.1.5 The Appearance of ZXR10 2800-3E/3E(G)
The chassis of 2800-3E/3E(G) is 1U (1U=44mm). The size of the device is 442mm (W)
x44(H) x200mm (D). The front view of the ZXR10 2800-3E/3E(G) is as shown in the
figure.
Figure 4-13 The Front and Real Panel of the ZXR10 2800-3E/3E(G)
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 67
The key components of the ZXR10 2800-3E/3E(G) are as shown in the figure:
Figure 4-14 The Key Components of the ZXR10 2800-3E/3E(G)
The ichnography of the ZXR10 2800-3E/3E(G) architecture is as shown in the figure:
Figure 4-15 The Ichnography of the ZXR10 2800-3E/3E(G) Architecture
With horizontal slots, ZXR10 2800-3E/3E(G) is designed with 4 service slots, in which the
number 0-2 slots are for SPIUs and PIUs, and number 3 is for MPFU.
According to the size, the ZXR10 2800-3E/3E(G) supports three models of PIU.
ZXR10 ZSR V2 Series Router Product Description
68 ZTE Confidential & Proprietary
DPIU types: This is high-speed interface board, which bandwidth is upto 10 Gbps.
Size (width x height x deep) is: 176 mm x 20 mm x 175 mm, in which DPIU takes up
2 slot.
PIU types: This is general-speed interface board, which bandwidth is 1 Gbps. Size
(width x height x deep) is: 176 mm x 20 mm x 175 mm, in which PIU takes up 2 slots.
SPIU types: This is general-speed interface board, which bandwidth is 1 Gbps. Size
(width x height x deep) is: 77 mm x 20 mm x 182 mm, in which SPIU takes up 0 or 1
slots.
4.2 Hardware Architecture
4.2.1 Overall Hardware Architecture
The hardware system of the ZXR10 ZSR V2 is mainly composed by the following service
subunits: management and packet forwarding unit, physical interface unit, high-speed
backplane service unit, power supply unit and fan unit. All the service units connect with
each other via the high-speed serial bus and Ethernet bus.
The hardware system architecture of the ZXR10 3800-8 is as shown in the figure:
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 69
Figure 4-16 The Hardware Architecture of the ZXR10 3800-8
The hardware system architecture of the ZXR10 2800-4 is as shown in the figure:
Figure 4-17 The Hardware Architecture of the ZXR10 2800-4
The hardware system architecture of the ZXR10 1800-2S/2S(G)/2S(W) is as shown in the
figure:
ZXR10 ZSR V2 Series Router Product Description
70 ZTE Confidential & Proprietary
Figure 4-18 The Hardware Architecture of the ZXR10 1800-2S/2S(G)/2S(W)
The hardware system architecture of the ZXR10 1800-2E/2E(G) is as shown in the figure:
Figure 4-19 The Hardware Architecture of the ZXR10 1800-2E/2E(G)
The hardware system architecture of the ZXR10 2800-3E/3E(G) is as shown in the figure:
Figure 4-20 The Hardware Architecture of the ZXR10 2800-3E/3E(G)
The ZXR10 ZSR V2 has independent forwarding plane and control plane. The system
focuses on the management and packet forwarding unit (MPFU), and uses the backplane
to communmicate with other components. The multicore engine on the MPFU contains
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 71
forwarding core and control core as per different working contents. The forwarding core
and other system components compose a logical forwarding plane to implement message
forwarding and service processing. The control core and other system components make
of a logical control plane, which is used to implement routing protocol interaction, routing
calculation, system amanagement and control message synchronization. The system
archigtecture with the independent forwarding and control planes enables minimum
mutual influence caused in extending the services and performance of the two planes. In
this way, the system is more flexible.
The modular power supply unit and fan unit of the ZXR10 ZSR V2 can connect with the
high-speed backplane in the manner of the chassis, so that the entire device can be
cable-free. For the power supply unit, the ZXR10 ZSR V2 provides AC and DC power
supply modes.
4.2.2 The Working Principle of the Hardware System
The ZXR10 ZSR V2 uses independent control forwarding and control planes, and the two
planes are protected standby. The data packets experience the PIU physical layer chip
processing and frame resolution first. The ordinary services are sent directly to the MPFU.
Then the traffic management unit and the data forwarding unit on the MPFU work together
to send the target PIU interface. As for the protocol message and the control message,
they are processed by the processing unit of the PIU and the management and control
units of the MPFU.
4.2.3 The Introduction to the Hardware Unit
4.2.3.1 MPFU
As the control node of the product, the management and packet forwarding unit (MPFU)
of the ZXR10 ZSR V2 is responsible for data forwarding, management and maintenance.
The MPFU includes message forwarding unit, management and control unit, clock
processing unit and monitoring alarming unit, etc. It implements data forwarding and the
management of the system clock source, control plane, system maitenance plane and the
environment monitoring plane.
Message forwarding unit
ZXR10 ZSR V2 Series Router Product Description
72 ZTE Confidential & Proprietary
Composed by the forwarding core of the multicore processor and other corresponding
chips on the MPFU, it is responsible for message classification, traffic control and
forwarding.
Management and control unit
The management and control unit is composed by the management core and control core
of the multicore processor, and the 1000M Ethernet switch unit. The management core
and the control core are responsible for the processing of the local protocol messages, the
management and configuration of table entries , MPFU chips and PIU chips. The 1000M
Ethernet switch unit switches the control plane messages of the local service card. The
management and control unit has the following services:
Process all sorts of protocol and signaling. Implement system status control and
report. The routing protocl control plane is independent from the configuration
operationg management plane, so that the protocol control plane becomes more
reliable, and the device is more manageable.
System status configuration and maintenance management. implement system data
configuration and upgrade. Provide system running log. Provide serial port and RJ45
interface for the device management and maintenance. SD card interface is offered
for data storage.
Traffic control unit
The traffic management unit is responsible for line-side traffic control, precedence
classification, congestion management, congestion avoidance and discarding policy. It
also supports multiple QoS services, e.g. CAR, Shaping, FQ, PA, WFQ, CBWFQ and
WRED. The traffic control unit as per the stream direction splits into Ingress traffic control
unit and Egress traffic control unit.
Monitoring alarm unit
The environment monitoring alarm unit is resposible for collecting and generating alarms
on the working status of the rack, e.g. the running status of the module, power supply, fan
and the temperature change. Also, via the CLI command and the SNMP real-time network
management display, it gives the admistrator a sound man-machine interface.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 73
4.2.3.2 PIU
The ZXR10 ZSR V2 provides rich PIUs with multiple interface speeds and port densities.
So that, it can satisfy different network and service demands.
According to different sizes, the ZXR10 ZSR V2 supports three types of PIU:
The ZXR10 1800-2S and ZXR10 1800-2E/2E(G) support SPIU only. The ZXR10
2800-4/3800-8/2800-3E/3E(G) support SPIUs, PIUs and DPIUs.
The PIUs supported by the ZXR10 ZSR V2 are as shown in the table:
Table 4-1 The PIUs supported by the ZXR10 ZSR V2
PIU Name PIU Type Description
SPIU, For 1800/2800/3800
RAC-SPIU-04GE SPIU 4-port 100/1000M RJ45 Physical Interface
Unit
RAC-SPIU-02UE1-75 SPIU 2-port E1 Physical Interface Unit (75 ohm)
RAC-SPIU-02UE1-120 SPIU 2-port E1 Physical Interface Unit (120ohm)
RAC-SPIU-02CE1-75 SPIU 2-port E1/Channelized E1 Physical Interface
Unit (75 ohm)
RAC-SPIU-02CE1-120 SPIU 2-port E1/Channelized E1 Physical Interface
Unit (120ohm)
RAC-SPIU-02HS SPIU 2-port Syn./Asyn. Series Port Physical
Interface Unit
PIU, For 2800-4/3800-8/2800-3E/3E(G) (2800-3E/3E(G) does not support
RAC-PIU-16FE1GE-1SFP)
RAC-PIU-LTE PIU FDD/TDD/TD-SCDMA/WCDMA/HSPA+
RAC-PIU-08GE-SFP PIU 8-port GE SFP Physical Interface Unit
RAC-PIU-09GE-8E1SFP PIU 8-port 100/1000M RJ45 and 1-port GE
SFP Physical Interface Unit
RAC-PIU-05GE-4E1SFP PIU 4-port 100/1000M RJ45 and 1-port GE SFP
Physical Interface Unit
RAC-PIU-04GE-SFP PIU 4-port 100/1000M SFP Physical Interface
Unit
RAC-PIU-08FE1GE-1SFP PIU 8-port 100M RJ45 and 1-port GE SFP
Physical Interface Unit
ZXR10 ZSR V2 Series Router Product Description
74 ZTE Confidential & Proprietary
PIU Name PIU Type Description
RAC-PIU-16FE1GE-1SFP PIU 16-port 100M RJ45 and 1-port GE SFP
Physical Interface Unit
RAC-PIU-16CE1 PIU 16-port E1/Channelized E1 Physical
Interface Unit
RAC-PIU-16CE1-CES PIU
16-port E1/Channelized E1 Physical
Interface Unit, Support Circuit Emulation
Service
RAC-PIU-04UE1-75 PIU 4-port E1 Physical Interface Unit (75 ohm)
RAC-PIU-04UE1-120 PIU 4-port E1 Physical Interface Unit (120ohm)
RAC-PIU-04CE1-75 PIU 4-port E1/Channelized E1 Physical Interface
Unit (75 ohm)
RAC-PIU-04CE1-120 PIU 4-port E1/Channelized E1 Physical Interface
Unit (120ohm)
RAC-PIU-01P12-SFP PIU 1-port OC-12/STM-4 POS Physical Interface
Unit
RAC-PIU-04P3-SFP PIU 4-port OC3c/STM-1c POS SFP Physical
Interface Unit
RAC-PIU-04CP3-SFP PIU 4-port Channelized OC3c/STM-1c POS SFP
Physical Interface Unit
RAC-PIU-02P3-SFP PIU 2-port OC3c/STM-1c POS SFP Physical
Interface Unit
RAC-PIU-02CP3-SFP PIU 2-port Channelized OC3c/STM-1c POS SFP
Physical Interface Unit
RAC-PIU-01DSLB PIU 1-port xDSL Physical Interface Unit
RAC-PIU-04SHDSL PIU 4-port SHDSL Physical Interface Unit
RAC-PIU-04HS PIU 4-port Syn./Asyn. Series Port Physical
Interface Unit
DPIU, For 2800-4/3800-8/2800-3E/3E(G)(2800-3E/3E(G) does not support
RAC-DPIU-16GE-12SFP4E and OSU)
RAC-DPIU-16GE-12SFP4E DPIU 12-port GE SFP and 4-port 100/1000M
RJ45 Physical Interface Unit
RAC-DPIU-01XGE-SFP+ DPIU 1-port 10GE LAN/WAN SFP Physical
Interface Unit
RAC-DPIU-OSU-A1 OSU ZSR V2 Open Service Unit A1
RAC-DPIU-OSU-A2 OSU ZSR V2 Open Service Unit A2
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 75
4.2.3.3 Open Service Unit (OSU)
Open Service Unit is launched by ZTE on ZXR10 ZSR V2 router platform to allow service
provider, enterprise customers, third-party manufacturers and ZTE to independent or
co-develop a variety of value-added services.
Users can install Linux, Windows and other operating systems on the OSU and the
application software installed on the operating system.
Figure 4-21 Open Service Unit of ZXR10 ZSR V2
Table 4-2 Physical Indices of OSU
Feature RAC-DPIU-OSU-A1 RAC-DPIU-OSU-A2
model ZXR10 2800-4/3800-8 ZXR10 2800-4/3800-8
slot 1 DPIU(Dual-height slot) 1 DPIU(Dual-height slot)
CPU Frequency: 1.7GHz
, Quad-core Intel processors
Frequency: 2.4GHz
, Quad-core Intel processors
Memory 1 x 4GB/8GB DDR3 Default: 1 x 4GB/8GB DDR3
Hard disk 1 x 500G/1T 1 x 500G/1T
Interface
4xUSB
1xRS232
1xRJ45
1xVGA
4xUSB
1xRS232
1xRJ45
1xVGA
Dimensions
(HxWxD) 40.24x197.2x175 mm 40.24x197.2x175 mm
ZXR10 ZSR V2 Series Router Product Description
76 ZTE Confidential & Proprietary
4.2.3.4 Power Supply Unit
The ZXR10 ZSR V2 supports 100V-240V AC power supply unit and -38V--72V DC power
supply unit. The ZXR10 1800-2S adopts single power supply mode. The ZXR10
2800-4/ZXR10 3800-8/ZXR10 1800-2E/2E(G)/ZXR10 2800-3E/3E(G) supports dula
power supply units which are in 1+1 rendundancy mode. They support hybrid insertion of
AC and DC power supply units, power supply pluggable.
ZXR10 2800-4 and 3800-8 AC and DC power supply module rated output power is 250W,
size (length x width x deep): 40 mm x 80 mm x 175 mm.
4.2.3.5 FAN Module Unit
ZXR10 ZSR V2 has a vertical fan which draws air to cool the equipment. It can
automatically adjust the speed according to equipment operation, monitor fan status and
report fault alarm. Cooling air enters at one side of the router, passes boards and power
modules and then exits at the other side.
ZXR10 1800-2S/2S(G)/2S(W) fan module includes three fan units, for each fan unit size
(length x width x deep): 40mmx40mmx10mm. ZXR10 2800-4 fan module includes two fan
units, for each fan unit size (length x width x deep): 60 mmx60mmx25mm. ZXR10 3800-8
fan module includes four fan units, for each fan unit size (length x width x deep): 60
mmx60mmx25mm. ZXR10 1800-2E/2E(G)/2800-3E/3E(G) fan module includes seven
fan units, for each fan unit size (length x width x deep): 40mmx40mmx10mm.
4.3 Software Architecture
The software system of the ZXR10 ZSR V2 is made on the basis of the ZXROSng
software platform which has self-owned intellectual property. It satisfifies different
network demands in high-performance and complicated commercial service environment.
This software has the most integrated network features defined by the international
standards. The entire software architecture is as shown in the following figure:
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 77
Figure 4-22 The Entire Software Architecture of the ZXR10 ZSR V2
User Management Service Control Subsystem
Distributed Operation System Support Platform
MP
LS
Pro
toco
l
Su
bsyste
m
Hardware & Driver
Ne
two
rk M
an
ag
em
en
t
Su
bsyste
m
L2 Protocol Subsystem
IP Routing Subsystem
SN
MP
Su
bsyste
m
Sta
tistica
l A
larm
Su
bsyste
m
Th
e S
ecu
rity
Su
bsyste
mUnicast Routing
Protocol Subsystem
Multicast Routing
Protocol
Subsystem
Support Protocol
Subsystem
The key services of the subsystems of the ZXR10 ZSR V2 software are:
Hardware drive subsystem: Provide the software drives for the MPFU, the PIU, the
backplane, the fan and the power supply.
Distributed operating system platform: A real-time operating system which is the core
of the ZXR10 ZSR V2 software system is responsible for managing the hardware
system architecture of the entire system and providing a unified operating platform
for all the application programs on the entire software system. It is known for high
reliability, real-time feature, self-healing feature, maintainability and encapsulation.
L2 protocol subsystem: It implements the drive of the switching chip, L2 link control
and management protocols. At the same time, it offers support to the L3 protocols.
IP routing subsystem: It is the core of the router software system. It runs IPv4 and
IPv6 routing protocols, including RIP, OSPF and BGP protocols (the multicast routing
protocol is included). This system is responsible for routing data reception and
storage, entire routing table establishment, route selection, forwarding and
interaction, and routing table maintenance.
Unicast routing protocol subsystem: Via exchanging the information among different
routers in the network, it collects the network topology information, and forms an IP
unicast routing table. In addition, it sends the routing information to the IP forwarding
layer to forward the unicast IP packet.
Multicast routing protocol subsystem: It generates the routing table for the bottom
layer to forward the multicast packets.
ZXR10 ZSR V2 Series Router Product Description
78 ZTE Confidential & Proprietary
Support protocol subsystem: It processes the IP data, ICMP protocol, ARP protocol,
TCP protocol and UDP protocol. In addition, it also implements Telnet process, client
process, and the processing of FTP and TFTP protocols. The support system
provides services for the routing subsystem and the management subsystem.
Security subsystem: It realizes multiple device security protection services. By
providing message filtration, encryption password, authentication, the permission to
change the configuration, multiple VPN technologies, NAT, MD5, user authentication
and the statistic information, it gives 100% security guarantee to the device and the
user’s applications.
MPLS protocol subsystem: It implements LDP, RSVP-TE and L2/L3 VPN. It provides
basic MPLS basic service and label forwarding service.
Statistic alarm subsystem: It maintains all sorts of statistic alarm configuration
information. Also, it saves all the statistical information and offers query interfaces.
System management: It provides file management, device management (power
supply and fan modules), monitoring maintenance and diagnosis commissioning
services. It keeps the device in a reliable running status.
SNMP subsystem: It realizes SNMP AGENT service. Also, it supports all the protocol
operations of the SNMP agent in SNMP V1/V2/V3.
Network management subsystem: By providing device network configuration
management, fault management, performance management and security
management, it finishes the device file system service, version management, the
management of the configuration files and logs.
User management service control subsystem: It implements the existing user access
and management services. It also realizes user service configuration, AAA service,
user management service including PPP user management, IP user management,
VPLS service control and multicast user management.
The ZXROSng platform of the ZXR10 ZSR V2 software system is a multitask distributed
real-time nework operating system. It offers unified IP protocol to all the devices made by
ZTE. The ZXROSng provides mature and stable architecture, so it has been extensively
used by the operators in recent years. The existing ZXROSng platform is an enhanced
version on the basis of the user’s service demands. The new platform gives more
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 79
consideration to the costs of the operation and maintenance, and the service scalability
and application capability are both improved in the following ways:
Superior encapsulation
Support multiple operating systems. Support smooth upgrade of the operating
system.
All the devices are configured in the same way, which makes the operation and
maintenance easier.
Powerful monitoring service
Provide monitoring to the aberrance of the process and memory
Provide monitoring to power supply, fan speed, voltage, current and
environment temperature.
Provide fast fault location to make sure highly reliable product version.
Flexible modular component
All software services based upon the ZXROSng platform can be easily
extended and uninstalled. New services are developed quickly on the basis of
the original architecture.
Flexible customization based upon the user’s demands gives quick response to
the user’s requirements.
Extension of the new telecom Ethernet services based upon the unified platform
Support L2/L3 VPN mechanism. Support H-VPLS to satisfy different service
deopolyment. Support the muolticast service in VPN, and realize fast VPN
deployment via the unified network management. Deploy the multicast service
such as user video and IPTV rapidly.
Provide integrated QoS mechanism. Support traffic classification traffic mark,
traffic speed restrain, traffic shaping, congestion management and congestion
avoidance mechanisms.
ZXR10 ZSR V2 Series Router Product Description
80 ZTE Confidential & Proprietary
Support IPv4/IPv6 dual protocol stacks. Support the IPv4/IPv6 transition
mechanism in different application scenarios: universal manual tunnel,
automatic 6To4 tunnel and 6PE, etc.
Sound interaction. Comply with the mainstream protocols and standards.
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 81
4.4 Technical Specifications
Table 4-3 Physical Indices of ZXR10 ZSR V2
Item 1800-2E/2E(G) 2800-3E/3E(G)
1800-2S/2S(G)/2S(
W)
2800-4 3800-8
Hardware features
Forwarding
performance 1.5Mpps 5Mpps 1Mpps 1.5M~5Mpps
Fixed
interface
WAN: 2*GE Combo
LAN: 24*GE
-2E(G)/3E(G): 3G/LTE
2*GE Combo+ 4*GE
RJ45
2S(W): WIFI
2S(G): 3G/LTE
2*GE Combo + 4*GE
RJ45/4*GE Combo + 2*GE
RJ45
MAC Address
Table
8k 8k 8k 8k 8k
Maximum
number of
VLAN
1k 1k 1k 1k 1k
Memory 2G 2G 2G 2G 2G
FLASH 1G 4G 1G 4G 4G
Flash
Capacity
Support multiple copies of software and configurations can be kept on the router.
USB 2.0 2 2 2 2 2
Micro USB 1 1 1 0 0
CON(RJ45) 1 1 1 1 1
AUX 1 1 1 1 1
SPIU slot 2 2 2 2 4
PIU slot 0 1 0 2 4
DPIU slot 0 1 0 1 2
OSU slot 0 0 0 1 2
ZXR10 ZSR V2 Series Router Product Description
82 ZTE Confidential & Proprietary
Interface
GE/FE
E1/CE1
V.35/V.24
GE/FE,
E1/CE1,OC-3/ST
M-1 POS/CPOS,
OC-12/STM-4
POS,
ADSL/VDSL,
G.SHDSL,V.35/
V.24,3G/LTE
GE/FE
E1/CE1
V.35/V.24
GE/FE, E1/CE1,OC-3/STM-1
POS/CPOS, OC-12/STM-4
POS, ADSL/VDSL,
G.SHDSL,V.35/ V.24,3G/LTE
OSU
Dimensions
(H×W×D mm) 44×442x440 43.6×380×200
88.1×442×20
0
132.0×442×20
0
Power AC:100V~240V
1+1 Redundant power
AC:100V~240V ,
60Hz
DC: -72V~ -38V
AC:100V~240V/DC: -72V~
-38V
1+1 Redundant power
Maximum
power
consumption
80W 120W 55W 160W 240W
Long-term
environment
al
temperature
-5oC~45
oC
Short-term
environment
al
temperature
-40oC ~ 70
oC
Operating
Environment
Humidity
5% ~ 95%(Non-condensing)
Software features
Protocol
L2: MAC management, VLAN, QinQ, superVLAN, smartgroup , PPP, PPPOE, HDLC, FR,802.1x
IPv4/IPv6: Static routing, RIP/RIPng, OSPF/OSPFv2/OSPFv3, IS-IS/IS-ISv6, BGPv4/BGP4+
Multicast: Static multicast, IGMPv1/v2/v3, PIM-DM, PIM-SM, PIM-SSM, MSDP, PIM-SSM
mapping, MLDv1/v2, 802.1Q
DHCPv4/v6 Relay, DHCPv4/v6 Server, DHCPv4/v6 Snooping
MPLS LDP, MPLS Traffic load sharing, RSVP-TE
MPLS L2/3 VPN, PWE3, Inter-AS Option A/B/C, 6vPE
VPN VPWS, VPLS, HVPLS, 6VPE, GRE, IPSec, L2TP
Transition
technology 6PE, 6VPE, 6in4, 6to4, 4in6, NAT444, NAT64, 6rd
NAT Static NAT, Dynamic NAT, PAT, NAT multi-exports, NAT ALG, NAT syslog
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 83
QoS
H-QOS, QPPB, QOS based on time-range. Flow classification, mark, priority inheritance and
mapping, traffic shaping/speed limit. PQ, CQ, WFQ CBWFQ and traffic scheduling based on
physical port
3G/LTE TD-SCDMA, WCDMA/HSPA+
TDD, FDD LTE
Security
State firewalls, control plane safety, CPU safety protection, prevent DOS and DDOS, routing
security, IPSEC encryption. MAC and IP binding, ARP attack prevention, MAC address
filtering/quantity control, the number of the TCP session control. RADIUS and TACACS+
certification, uRPF, SSH
Reliability Power supply redundancy, key components hot drawing
BFD for everything, VRRP, link bound, FRR, pseudo line redundancy, SDC smart dial-up control
OAM
Ethernet OAM, SQA, USB deployment, batch management, temperature monitoring, automatic
fan speed control, port mirror, NetFlow V5/ V9, NetFlow 1:1
SNMPv1/v2/v3, TR069, Telnet, SSHv1/v2, SYSLOG and RMON
ZXR10 ZSR V2 Series Router Product Description
84 ZTE Confidential & Proprietary
4.5 RFC List
The RFC list below contains the RFCs that this equipment can support.
RFC List
Index Title
RFC768 User Datagram Protocol
RFC791 Internet Protocol/Internet Protocol version 4
RFC792 Internet Control Message Protocol(ICMP)
RFC793 Transmission Control Protocol (TCP)
RFC826 Address Resolution Protocol (ARP)
RFC854 Telnet Protocol Specification
RFC855 TELNET OPTION SPECIFICATIONS
RFC1131 OSPF specification
RFC1142 IS-IS Intra-Domain Routing Protocol
RFC1157 A Simple Network Management Protocol (SNMP)
RFC1191 Path MTU Discovery
RFC1213 Management Information Base (MIB) for Network Management of TCP/IP-based
internets:MIB-II.
RFC1215 A Convention for Defining Traps for use with the SNMP
RFC1245 OSPF protocol analysis
RFC1246 Experience with the OSPF protocol
RFC1305 Network Time Protocol (NTP) Version 3
RFC1315 Management Information Base (MIB) for Frame Relay DTEs.
RFC1334 PPP Authentication Protocols
RFC1349 Type of Service in the Internet Protocol Suite
RFC1350 TFTP Version 2
RFC1657 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol
(BGP-4) using SMIv2.
RFC1661 The Point-to-Point Protocol (PPP)
RFC1701 Generic Routing Encapsulation (GRE)
RFC1717 The PPP Multilink Protocol (MP)
RFC1721 RIP Version 2 Protocol Analysis
RFC1722 RIP Version 2 Protocol Applicability Statement
RFC1723 RIP version 2 Carrying Additional Information
RFC1724 RIP Version 2 Management Information Base (MIB) Extension.
RFC1745 BGP4/IDRP for IP — OSPF Interaction
RFC1757 Remote Network Monitoring Management Information Base (MIB).
RFC1765 OSPF Database Overflow Specification
RFC1769 Simple Network Time Protocol (SNTP)
ZXR10 ZSR V2 Series Router Product Description
ZTE Confidential & Proprietary 85
RFC1771 Border Gateway Protocol 4
RFC1772 Application of the Border Gateway Protocol in the Internet
RFC1793 Extending OSPF to Support Demand Circuits
RFC1812 Requirements for IP Version 4 Routers
RFC1850 OSPF Version 2 Management Information Base (MIB) Specification
RFC1877 PPP Internet Protocol Control Protocol Extensions for Name Server Addresses
RFC1901 Introduction to Community-based SNMPv2
RFC1902 Structure of Management Information for Version 2 of the Simple Network Management
Protocol (SNMPv2)
RFC1903 Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)
RFC1904 Conformance Statements for Version 2 of the Simple Network Management Protocol
(SNMPv2)
RFC1905 Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)
RFC1906 Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)
RFC1907 Management Information Base (MIB) for Version 2 of the Simple Network Management
Protocol (SNMPv2).
RFC1918 Address Allocation for Private Internets
RFC1965 BGP4 Confederations
RFC1966 BGP Route Reflection: An Alternative to Full-Mesh IBGP
RFC1981 Path MTU Discover for IPv6
RFC1990 The PPP Multilink Protocol
RFC1994 PPP Challenge Handshake Authentication Protocol (CHAP)
RFC1997 BGP Communities Attribute
RFC2273 SNMPv3 Applications.
RFC2283 Multiprotocol Extensions for BGP-4
RFC2292 Advanced Sockets API for IPv6
RFC2328 OSPF Version 2
RFC2338 Virtual Router Redundancy Protocol
RFC2362 Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification
RFC2370 The OSPF Opaque LSA Option Specification
RFC2373 IP Version 6 Addressing Architecture
RFC2374 An IPv6 Aggregatable Global Unicast Address Format
RFC2375 IPv6 Multicast Address Assignments
RFC2385 Protection of BGP Sessions via the TCP MD5 Signature Option
RFC2401 Security Architecture for the Internet Protocol
RFC2402 IP Authentication Header Specification
RFC2406 IP Encapsulating Security Payload Specification
RFC2407 The Internet Key Exchange Specification
RFC2408 Internet Security Association and Key Management Protocol (ISAKMP)
RFC2409 The Internet IP Security Domain of Interpretation for ISAKMP
ZXR10 ZSR V2 Series Router Product Description
86 ZTE Confidential & Proprietary
RFC2428 FTP Extensions for IPv6 and NATs
RFC2439 BGP Route Flap Damping
RFC2452 IP Version 6 Management Information Base (MIB) for the Transmission Control Protocol.
RFC2453 RIP Version 2
RFC2454 IP Version 6 Management Information Base (MIB) for the User Datagram Protocol.
RFC2460 IPv6 Specifications
RFC2461 Neighbor Discovery for IPv6
RFC2462 IPv6 Stateless Address Auto Configuration
RFC2570 Introduction to Version 3 of the Internet-standard Network Management Framework
RFC2571 An Architecture for Describing SNMP Management Frameworks
RFC2572 Message Processing and Dispatching for the Simple Network Management Protocol
(SNMP)
RFC2573 SNMP Applications
RFC2574 User-based Security Model (USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)
RFC2575 View-based Access Control Model (VACM) for the Simple Network Management Protocol
(SNMP)
RFC2710 Multicast Listener Discovery (MLD) for IPv6
RFC2711 IPv6 Router Alert Option
RFC2863 The Interfaces Group MIB
RFC2865 Remote Authentication Dial In User Service (RADIUS)
RFC2866 RADIUS Accounting
RFC2869 RADIUS Extensions
RFC2890 Key and Sequence Number Extensions to GRE
RFC2893 Transition Mechanisms for IPv6 Hosts and Routers
RFC2918 Route Refresh Capability for BGP-4
RFC3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6
RFC4601 Protocol Independent Multicast-Sparse Mode (PIM-SM)