ZXR10 M6000 Carrier-Class Router Product Description

ZXR10 M6000 Carrier-Class
Router Product Description

Click here to place subtitle
ZXR10 M6000 Carrier-Class Router Product Description

Version Date Author Reviewer Notes
V1.0 2009/3/10 Liu Qiming YUANYUFENG Not open to the third party
WAN
V1.1 2010/11/03 ZHU HAIDONG Not open to the third party
YUNFEI
Liang
V1.2 2011-1-13 ZHU HAIDONG Not open to the third party
Yulong
© 2011 ZTE Corporation. All rights reserved.

ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to be disclosed or used
without the prior written permission of ZTE.
Due to update and improvement of ZTE products and technologies, information in this document is subjected to
change without notice.
ZTE Confidential Proprietary 1

TABLE OF CONTENTS
Click here to place subtitle .................................................................................................. 1
ZXR10 M6000 Carrier-Class Router Product Description .................................................. 1
TABLE OF CONTENTS......................................................................................................... 2
FIGURES 5
TABLES 5
1 Overview ............................................................................................................ 8
2 Highlight Features ............................................................................................. 9

2.1 Broadband Multi-Service Integration Platform ...................................................... 9
2.2 Scalable switching capacity and wire-speed forwarding capability ....................... 9
2.3 Various service accesses................................................................................... 10
2.4 Carrier-class reliability ........................................................................................ 11
2.5 Complete security guarantee ............................................................................. 12
2.6 Graphical integrated network management system............................................ 13
2.7 Individualized service customization .................................................................. 14
3 Functionality .................................................................................................... 14
3.1 Routing Protocols............................................................................................... 14
3.1.1 Unicast Routing Protocols .................................................................................. 14
3.1.2 Multicast Routing Protocols ................................................................................ 17
3.2 QoS and Traffic Engineering .............................................................................. 18
3.2.1 Flow Classification and Queue Scheduling ........................................................ 18
3.2.2 Traffic Engineering ............................................................................................. 22
3.2.3 Implementation of Control/Service Policy ........................................................... 24
3.3 MPLS and VPN Service ..................................................................................... 24
3.3.1 MPLS Overview ................................................................................................. 24
3.3.2 MPLS L3 VPN .................................................................................................... 26
3.3.3 MPLS L2 VPN.................................................................................................... 27
3.4 Network Availability ............................................................................................ 28
3.4.1 IP-FRR/LDP-FRR .............................................................................................. 28
3.4.2 MPLS-FRR ........................................................................................................ 28
3.4.3 Graceful Restart ................................................................................................. 28
3.4.4 VRRP................................................................................................................. 29
3.4.5 BFD ................................................................................................................... 29
3.5 Security Features ............................................................................................... 30
2 ZTE Confidential Proprietary

3.5.1 Anti-DDOS attack............................................................................................... 30

3.5.2 Multiple Security Authentication and Authorization ............................................. 31
3.5.3 Unicast Reverse Path Forwarding ...................................................................... 33
3.5.4 Port Mirroring ..................................................................................................... 33
3.5.5 Netflow............................................................................................................... 33
3.6 IPv4/IPv6 ........................................................................................................... 34
3.6.1 IPv4 ................................................................................................................... 34
3.6.2 IPv6 ................................................................................................................... 35
3.7 Broadband User Access .................................................................................... 36
3.7.1 IPoE Access ...................................................................................................... 36
3.7.2 PPPoE Access ................................................................................................... 38
3.7.3 User Precise Location ........................................................................................ 39
3.8 PPPoE/IPoE Hot Standby .................................................................................. 40
3.8.1 PPPoE/IPoE Service Hot Standby ..................................................................... 41
3.8.2 IP Host Service Hot Standby .............................................................................. 42
3.8.3 PPPoE / IPoE Access VPN Service Hot Standby ............................................... 42
3.8.4 Multicast Service Hot Standby ........................................................................... 42
3.9 User and Service Management .......................................................................... 43
3.9.1 Domain Management ......................................................................................... 43
3.9.2 Service access list (SAL) ................................................................................... 44
3.9.3 Service Interval Management ............................................................................ 45
3.9.4 RADIUS Client ................................................................................................... 46
3.10 Clock Synchronization ....................................................................................... 48
3.10.1 Synchronous Ethernet ....................................................................................... 49
3.10.2 IEEE 1588v2 ...................................................................................................... 49
3.11 OPERATION AND MAINTENANCE................................................................... 50
3.11.1 Netnumen Unified Network Management Platform............................................. 50
3.11.2 Maintenance and Management .......................................................................... 53
4 System Architecture ........................................................................................ 57

4.1 Product layout .................................................................................................... 57
4.1.1 Layout of ZXR10 M6000-16 ............................................................................... 58
4.1.2 Layout of ZXR10 M6000-8 ................................................................................. 61
4.1.3 Layout of ZXR10 M6000-8S............................................................................... 64
4.1.4 Layout of ZXR10 M6000-5S............................................................................... 66
4.1.5 Layout of ZXR10 M6000-3S............................................................................... 69
4.2 System Hardware Architecture........................................................................... 71
4.2.1 Entire System Hardware Architecture ................................................................ 71
4.2.2 The Working Philosophy of Hardware System ................................................... 76
4.2.3 Introduction to Hardware Module ....................................................................... 76
4.3 Software Architecture ......................................................................................... 83

5 Technical Specifications ................................................................................. 86

5.1 Physical Indices ................................................................................................. 86
5.2 Basic Performance Indices ................................................................................ 88
5.3 System Software Attributes ................................................................................ 89
6 Protocols and Standard .................................................................................. 96
7 Abbreviation .................................................................................................. 105

FIGURES
Figure 1-1 ZXR10 M6000 Series......................................................................................... 9

Figure 3-1 PPPoE/IPoE Service Hot Standby ....................................................................41
Figure 4-1 The layout of M6000-16 ....................................................................................59
Figure 4-2 The appearance and architecture layout of ZXR10 M6000-16 ..........................60
Figure 4-3 The layout of ZXR10 M6000-8 ..........................................................................62
Figure 4-4 The appearance and architecture layout of ZXR10 M6000-8 ............................63
Figure 4-5 The appearance of ZXR10 M6000-8S ..............................................................64
Figure 4-6 The architecture layout of ZXR10 M6000-8S ....................................................65
Figure 4-7 The appearance of ZXR10 M6000-5S AC.........................................................66
Figure 4-8 The appearance of ZXR10 M6000-5S DC ........................................................67
Figure 4-9 The architecture layout of ZXR10 M6000-5S AC ..............................................67
Figure 4-10 The architecture layout of ZXR10 M6000-5S DC ............................................68
Figure 4-11 The appearance of ZXR10 M6000-3S AC.......................................................69
Figure 4-12 The appearance of ZXR10 M6000-3S DC ......................................................69
Figure 4-13 The architecture layout of ZXR10 M6000-3S AC ............................................70
Figure 4-14 The architecture layout of ZXR10 M6000-3S DC ............................................70
Figure 4-15 ZXR10 M6000-16 Hardware Architecture .......................................................72
Figure 4-16 ZXR10 M6000-8 Hardware Architecture .........................................................72
Figure 4-17 ZXR10 M6000-8S Hardware Architecture .......................................................73
Figure 4-18 ZXR10 M6000-5S Hardware Architecture .......................................................73
Figure 4-19 ZXR10 M6000-5S Hardware Architecture (FULLMESH Switch)......................74
Figure 4-20 ZXR10 M6000-8 LIC Architecture ...................................................................79
Figure 4-21 The Software System Architecture ..................................................................83
TABLES

Table 4-1 BRAS PFU .........................................................................................................80

Table 4-2 SR PFU .............................................................................................................80
Table 4-3 Full-height Flexible PIC ......................................................................................81
Table 4-4 Semi-height Flexible PIC....................................................................................81
Table 4-5 1/4 Flexible PIC..................................................................................................82
Table 5-1 Physical Indices .................................................................................................86
Table 5-2 Basic Performance Indices ................................................................................88
Table 5-3 L2 Attributes.......................................................................................................89
Table 5-4 L3 Attributes.......................................................................................................91
Table 5-5 MPLS Attributes .................................................................................................92
Table 5-6 QoS ...................................................................................................................92
Table 5-7 Service Management .........................................................................................93
Table 5-8 Reliability ...........................................................................................................93
Table 5-9 Tunnel Attributes ................................................................................................94
Table 5-10 Security Attributes ............................................................................................94
Table 5-11 Operation and Maintenance .............................................................................95
Table 6-1 L2 Protocol Standard .........................................................................................96
Table 6-2 TCP/IP Protocol Standard ..................................................................................96
Table 6-3 RIP Protocol Standard .......................................................................................97
Table 6-4 OSPF Protocol Standard....................................................................................97
Table 6-5 BGP Protocol Standard ......................................................................................97
Table 6-6 ISIS Standard ....................................................................................................98
Table 6-7 VRRP Standard .................................................................................................98
Table 6-8 LDP Standard ....................................................................................................98
Table 6-9 IPV6 Standard ...................................................................................................98
Table 6-10 Multicast Standard ...........................................................................................99
Table 6-11 MPLS Standard..............................................................................................100
Table 6-12 RSVP-TE Standard ........................................................................................100
Table 6-13 Differentiated Services Standard ....................................................................100
Table 6-14 PPP Standard ................................................................................................100

Table 6-15 ATM Standard ................................................................................................101

Table 6-16 DHCP Standard .............................................................................................101
Table 6-17 VPLS Standard ..............................................................................................102
Table 6-18 PW Standard .................................................................................................102
Table 6-19 Network Management Standard .....................................................................103

1 Overview
ZXR10 M6000 series devices introduced by ZTE in 2009 are new generation
carrier-class Broadband Multi-Service Gateway (BMSG). Designed based upon ZTE’s
rich experiences in Broadband Remote Access System (BRAS) and high-end router
research for many years, ZXR10 M6000 absorbs all advantages of BRAS and high-end
router, inherits the soul of the technologies ZTE accumulated in developing its router and
BRAS products. Besides, it uses unified ZXROS software platform, integrates services of
router and BRAS. As a result, it is a new generation integrated service platform on the
basis of ZTE’s deep understanding of telecom market and its glorious achievement in
this industry.
With creative system architecture, ZXR10 M6000 supports seamless upgrade service
from 100G to next generation 400G; it is capable of large traffic management and hard
QoS support, integrating multi-service capabilities, enabling a number of users to
implement fast access. It fully supports MPLS, MPLS VPN and integrated IPv4/v6 dual
protocol stacks.
ZXR10 M6000 provides integrated visible operating and management tool, which greatly
simplifies the deployment and management of large-scale network. With tight and large
switching capacity, it saves the space in the equipment room and reduces the number of
the requiring element. Large-capacity high-density design and multi-service integration
reduce network layer, in this way the flat network simplifies POP architecture and saves
network construction costs at the same time. By using special switching chip featuring
low power consumption and large capacity, together with energy-saving hardware
architecture, ZXR10 M6000 shows excellent performance in saving energy.
ZXR10 M6000 series devices consist of five models: ZXR10 M6000-16/-8/-8S/-5S/-3S.

They are shown as follows:

Figure 1-1 ZXR10 M6000 Series
2 Highlight Features
2.1 Broadband Multi-Service Integration Platform
ZXR10 M6000 supports integrated services of business customer and public customer to
get accessed on the same platform. Also, it implements SR and BRAS services at the
same time, which accordingly saves equipment room and reduces user’s investment.
ZXR10 M6000 greatly decreases operator’s network construction costs, realizes fast
service deployment and network reconfiguration.
2.2 Scalable switching capacity and wire-speed

forwarding capability
With advanced system architecture, distributed and modular design philosophy, ZXR10
M6000 series have largest switch fabric capacity and highest performance packet
processor in industry to provide best performance and flexibility. M6000 series can
construct network platform facing future.

 Adopting advanced CROSSBAR switching fabric, supporting large capacity of

switch board, centralized control and distributed processing.
 Adopting high-performance network processor and dedicated hardware chip to fully

guarantee the wire-speed forwarding capability for each slot. Providing powerful
service scalability for easy new service delivering.
 Supporting hardware ASIC processing technology such as TM (Traffic Manager),

which enhances M6000 performance and service processing capability.
 Supporting 100G interfaces non-block wire-speed forwarding per slot and

supporting 16 of 100G interfaces per chassis
 Mass routing capacity and fast convergence.
2.3 Various service accesses
ZXR10 M6000 provides various service accesses for flexible networking as follows:
 Providing various interface types such as 100GE, 10GE LAN/WAN, GE, FE, 10G
POS, 2.5G POS, 622M POS/ATM, 155M POS/ATM, Channelized 155M POS,
E1/CE1 etc. Be capable of upgrade to support 400G interface smoothly to fully
meet various requirements for customers to construct network.
 MPLS protocol: Supporting BGP expansion-based L3 MPLS VPN, inter-AS for

BGP/MPLS VPN and L3 MPLS VPN advanced features including VRRP TRACK,
VRF NAT, and HUB-SPOKE architecture. Supporting L2 MPLS VPN such as VPLS
and VPWS. Providing special VPLS C/S mode to implement hierarchical access
control between headquarters and branches. Supporting L2VPN CE dual-homing.
Supporting H-VPLS to improve L2 VPN network scalability. Supporting L2/L3 MPLS
VPN hybrid networking. Supporting L2/L3 VPN hybrid access to implement
advantage complementation and improve networking flexibility.
 Route protocol: Supporting IPv4/IPv6 static routing and multiple dynamic routing
protocols such as RIP/RIPng, OSPFv2/v3, IS-ISv4/v6, and BGP4/BGP4+,
IGMPv1/v2/v3, MLDv1/v2/v3, PIM-DM, PIM-SM, PIM-SSM, MSDP, LDP, OSPF-TE,
ISIS-TE, RSVP-TE.

 Supporting multiple accesses such as VLAN, SuperVLAN, QinQ, PPPoE, IPoE

access. Providing flexible and various solutions for VIP access.
 Perfect user positioning technology: Supports PPPOE+, DHCP option82, VBAS,

and QinQ.
 Rich billing services: Support time or traffic-based billing for individual customers,
and multiple sorts of prepaying card and rechargeable card. Support precise billing
based upon VPN (VPLS, L2TP and GRE) traffic. Support traffic-based billing
arranged for group customer, which is capable of real-time billing service and
pre-paying service.
 Powerful QoS mechanism with complete and refined features of queuing,

scheduling, bandwidth distribution, congestion management and resource
reservation.
 PPPoE multicast: Supports controllable multicast. It provides per user customized

management. It provides three functions of permitting, prohibiting, and preview. It
can restrict maximal multicast group number received by user. Perfect multicast
security control function implements set-top box multi-dimensional authentication of
account, line or MAC address. It also monitors illegal multicast source to provide
powerful guarantee for IPTV service operation.
 Supporting IPv4/IPv6 dual protocol stacking; supporting IPv4/IPv6 transition

mechanisms in various application scenarios: manual universal tunnel, automatic
6To4 tunnel and 6PE, etc. Providing special SmartGroup + VLAN aggregation +
rate limit + address binding technology. At the same time implementing link
protection, user address binding, network segment sharing, and bandwidth
restriction.
2.4 Carrier-class reliability
Carrier-class reliability features for ZXR10 M6000 are listed as follows:
 Adopting complete distributed modular system to support switching and controlling

separation. Supporting graceful restart for various protocols, guarantee non-stop

forwarding (NSF) during restart of the control plane and non-stop routing (NSR).
 Triple planes design with individual data forwarding plane, control plane and system
management plane. Routing Engine and Forwarding Engine are separated.
 All hardware boards and equipment components support hot-swapping, switching

fabric, protocol processor, system main control system, power supply module, fan
tray redundancy configuration. System availability reaches carrier-class five-nine
criteria.
 Modular ZXROS operation system platform implements complete hardware

shielding, making application layer irrelevant to hardware and providing application
for each processor with an integrated and portable system platform.
 Supporting ISSU non-stop online system upgrade.
 Supporting multi-link binding and load sharing
 Supporting advanced Fast ReRoute (FRR) technology to protect node and line level
failure to guarantee network stability.
 Supporting fast failure detecting BFD for everything to implement 50ms failure
recovery and binding BFD with various route protocols, VRRP, VRRP Track and
LDP. Supporting IGP FRR/LDP FRR/IP FRR/RSVP TE FRR and satisfying
carrier-class protection requirements for key services.
2.5 Complete security guarantee
To guarantee equipment security, to avoid network failure caused by illegal access of

unauthenticated user or DDoS attack, ZXR10 M6000 provides complete security service
technologies such as access control, packet filtering, access authentication etc., so as to
avoid equipment security risk as much as possible.
Security features for M6000 are as follows:
 Full modular hardware architecture is the hardware basis for equipment security
guarantee.

 Self-owned operating system with highly modular structure, isolated process space,
and separated controlling plane and forwarding plane is the software basis for
equipment security guarantee.
 Important protocols such as OSPF/BGP/IS-IS/RSVP/LDP all support

authentications (non-authentication, plain text authentication, and MD5
authentication) to avoid packet attack as much as possible.
 Adopting CAR (Committed Access Rate) to restrict ICMP protocol data packets rate
to avoid CPU processing packets being overloaded.
 Multiple user access authentications: local authentication, RADIUS server

authentication and TACACS+ authentication.
 ACL-based security authentication. Multiple user access control measures could be

adopted to further enhance the security for equipment access control, to protect
accessed users against being attacked, and to prevent accessed users from
attacking other users and networks.
 Enhanced ACL-based packet filtering security mechanism.
 TCP session control mechanism.
 Inspect illegal DHCP and multicast source server.
 Supporting complete anti-DDoS attack capability. Put the traffic transmitted

upwards to CPU into multiple priority queues. Guarantee protocol packets and data
packets customized by user are offered priority to be transmitted and processed.
Each queue has different threshold for different packet types.
 Supporting various routing protocol encryption and security authentication

mechanism; supporting uRPF, DHCP Snooping, address binding to prevent
address spoofing.
2.6 Graphical integrated network management system
ZXR10 M6000 supports graphical network management system, provides easy service

deployment tools as follows:
 Supporting ZTE NetNumen integrated NMS. Its graphic user interface (GUI)
supports hierarchical password setting to protect router operation. Providing
multiple management interfaces such as Console and Ethernet, supporting inband
and outband NM information channel.
 Providing complete and easy VPN service management system, graphical service
wizard, simple “fool“ configuration, featured large customer self-management,
which brings great convenience for user’s VPN service development.
 Complete QoS master, supporting QoS traffic analysis during planning,

configuration and deployment during implementation, and QoS policy
implementation result analysis. Flexible deployment and modular configuration can
easily and quickly implement QoS deployment in the whole network.
2.7 Individualized service customization
ZTE provides individualized service customization to realize win-win with the customer.
 As a communication product manufacturer with its own intellectual property right,

ZTE has powerful R&D capability.
 ZTE provides fast service customization, which closely tracks users’ requirements
and develops featured and competitive services. ZTE cooperates with customer to
implement featured function development and service customization.
3 Functionality
3.1 Routing Protocols
3.1.1 Unicast Routing Protocols
ZXR10 M6000 fully supports all types of unicast routing protocol. Its main features

include:
 Supporting static routing: manual configuration handled by administrator simplifies

network configuration and enhances network performance.
 Supporting IPv4 dynamic routing protocol: BGP4, OSPF, IS-IS and RIP.
 BGP (Border Gateway Protocol) is an inter-Autonomous System (AS) dynamic

routing protocol. It is used to exchange routing information among different AS.
BGP uses TCP as transmission protocol, and its port number is 179.
 Functions of BGP are:
 Basic and enhanced BGP protocol functions, including route damping, route
reflector, confederation, and extended community, etc;
 Graceful Restart function of BGP;
 MP-BGP;
 VPN access;
 Basic MIB function of BGP;
 Binding with BFD;
 BGP FRR.
 OSPF routing protocol exchanges routing information among all the routers within
one AS. It is an interior gateway protocol (IGP) based upon link status. OSPF
creates link status database by announcing network interface status among routers,
and generates the shortest path tree. Then each OSPF router uses these shortest
paths to create routing table.
 OSPF routing protocol supports the following functions:
 Basic OSPF protocol functions, including virtual link, STUB area;
 Graceful Restart function of OSPF;

 NSSA;
 Demand Circuit function;
 VPN access and sham-link;
 MIB function of OSPF;
 OSPF-TE;
 OSPF FRR.
 Defined by International Organization for Standards (ISO), IS-IS routing protocol is

used to support Connectionless Network Service (CLNS) routing protocol. IS-IS, a
hierarchical link-status routing protocol, uses a transmission protocol to send link
information. Similar to IETF-defined OSPF routing protocol, it is also a link
status-based interior gateway protocol.
 ISIS routing protocol supports the following functions:
 Basic IS-IS functions;
 Graceful Restart function of ISIS;
 Extending capability of IS-IS, e.g. hostname and overload-bit;
 IS-IS VPN access;
 MIB function of ISIS;
 IS-IS-TE;
 IS-IS FRR.
 RIP protocol is a dynamic routing protocol running on UDP protocol module. As the
earliest and simplest routing protocol promoted by IPv4 network, it is implemented
based upon distance vector algorithm of local network. RIP broadcasts route by

sending routing information (routing table). In every 30 seconds, it broadcasts

routing table, and maintains neighbor status. At the same time, it calculates its own
routing table as per the received routing information. As RIP runs easily, it is
suitable for small-size network.
 RIP routing protocol supports the following functions:
 Basic functions of RIPv2/v1 protocol;
 RIP VPN access;
 MIB function of RIP.
 Supporting IPv6 routing protocols: BGP4+, OSPFv3, ISISv6 and RIPng.
3.1.2 Multicast Routing Protocols
ZXR10 M6000 supports all types of intra-domain, inter-domain and client multicast
routing protocol of IPv4 and IPv6. It supports controllable multicast and provides QoS
guarantee.
The main features of ZXR10 M6000 are:
 Supporting IPv4 client multicast routing protocols, IGMPv1, IGMPv2 and IGMPv3.
 Supporting IPv6 client multicast routing protocols, MLDv1 and MLDv2;
 SupportingIPv4 multicast routing protocols, PIM-DM and PIM-SM;
 Supporting PIM-SSM. When multicast source has not been confirmed, it can
directly join in multicast source without registering to Rendezvous Point (RP).
 Supporting IPv6 inter-domain multicast routing protocols, PIM-SMv6 and

PIM-SSMv6;
 Supporting Embedded-RP. For the groups with Embedded-RP, multicast routing

table can be formed without a designated RP;
 Supporting Anycast RP. Multiple RPs exists in a multicast domain. MSDP peers are
set among RPs. Multicast source can choose the nearest RP for registration;

receiver can add the nearest RP to its sharing tree. Hence, RP load sharing can be
implemented. When one RP is invalid, another nearest RP will substitute it to realize
RP redundant backup;
 Supporting static multicast. The static multicast can implement active/standby

switchover in the course of non-stop traffic;
 Supporting multicast VPN, P network and C network can be in PIM-SM or PIM-SSM

mode. The multicast message encapsulation in P network can be implemented in
GRE or IP-in-IP modes;
 Supporting inter-domain multicast routing protocols, MSDP and MBGP;
 Supporting controllable multicast. Multicast sources and clients can be controlled by

multicast routing policy;
 Supporting multicast routing incremental synchronization;
 Supporting multicast distributed processing. The generation of multicast routing,

switchover between SPT and RPT, and the processing of multicast protocol
message can be implemented on line card, and then be synchronized to main
processor card.
3.2 QoS and Traffic Engineering
3.2.1 Flow Classification and Queue Scheduling
With the further development of IP network, more and more new services not only ask IP
network for reliable information delivery, but also requires predictable information
transport. Users hope that their networks can provide steady services in any
circumstance, but more advanced switch and higher bandwidth can only release the
pressure of data transmission bandwidth and QoS guarantee. However, the routing
system of traditional IP network for example internal gateway protocol OSPF and RIP,
external gateway protocol BGP4 can only provide reachable services to fit data
transmission, it is not capable of adjusting entire network resources. And this algorithm
may cause the aggregation of data traffic at network transmission side in one link, one

node or one interface. Traffic engineering aims at optimizing network performance. It can
map traffic to physical path, and optimize network resources automatically at the same
time to create network engineering technology that meets special requirements of
particular application program, and enables macro-adjustment and micro control.
Currently the key point of traffic engineering is: load balance and network recovery. The
implementation of IP traffic engineering intends to realized the integration of the
best-effort traditional IP network and QoS mechanism.
3.2.1.1 Flow Classification and Access Rate Control
ZXR10 M6000 identifies data flow using L2/L3/L4 information: L2 traffic classification
based upon 802.1p priority or MAC address, L3 traffic classification based upon source
IP address and destination IP address, L4 traffic classification based upon both source
IP address/destination IP address, and TCP/UDP-based upon source/destination port,
TOS information, protocol type, ingoing subnet or physical interface. Once the traffic is
classified, users can implements CAR or queue scheduling mechanism. ZXR10 M6000
provides hardware-based speed restriction capability, and access speed control
mechanism provides precise bandwidth distribution policy.
The hardware-based access speed control capability of ZXR10 M6000 is also called
HRL(Hardware Rate Limiting), which makes sure other connections for example NAT,
ACL and WAN are free from affection. All interfaces with access speed control service
can guarantee controllable and reliable network access free from DOS attack. At the
same time, carriers can use this service to build hierarchical services with different prices,
which efficiently take advantage of bandwidth.
ZXR10 M6000 supports three types of hardware-based access speed limiting mode:
 Port Rate Limiting. This speed limiting mode can be used over the physical
incoming or outgoing port that requires bandwidth limits, providing bidirectional
speed restriction service (no matter what kind of traffic is forwarded on this physical
port). Via this service, the network administrator or service provider can restrict the
practical speed of each physical port, and the network administrator now is capable
of allocating bandwidth between different users to guarantee saturation of the uplink,
the service provider can give key users bandwidth guarantee. Moreover, the uplink
and downlink bandwidths can be configured respectively. Precise services can be

provided on one port to meet user’s requirements for unbalanced uplink and
downlink bandwidth.
 Aggregate Rate Limiting. This speed restriction mode can be done on the basis of
traffic policy, providing bandwidth control to one protocol or traffic. It can define
either a traffic policy for one subnet or a policy for aggregation traffic which by the
way can be incoming traffic or outgoing traffic of a certain application. Each traffic
policy is composed by multiple applications with flexible traffic control. The network
administrator can restrict the total amount the traffic via this service, or it can limit
the traffic of a certain subnet.
 Per-Flow Rate Limiting. Data flow is a group of packets consisting of network

address, application port number and protocol type of both the sender and receiver.
For different hosts and applications, different data flows will be generated. Per-Flow
rate limiting set bandwidth restriction based upon each flow, and its QoS speed
limiting is implemented per flow. So if one flow exceeds bandwidth limit, the network
administrator can set bandwidth restriction to a particular IP flow, in this way, the
exceeding part can either be discarded or allocated with a lower priority. One OP
traffic can be allocated via IP head, source address, destination address, source
port, destination port and ToS byte, so that, ZXR10 M6000 can identify any data
flow based upon IP packet.
3.2.1.2 Queue Mechanism of Congestion Management
Basic queue scheduling algorithms supported by ZXR10 M6000 include:
 FIFO (First-In First-Out)
 PQ (Priority Queue)
 WFQ (Weighted Fair Queue)
 CBWFQ (Class-Based Weighted Fair Queue)
FIFO-First-In First-Out queue doesn’t classify packets. When packets ingress rate is
faster than interface transmission rate, FIFO will put the packets into queue based on
packets’ arrival sequence. At the same time, FIFO let packets get out at the queue exit

according to the sequence they enter. This is a best-effort service.
PQ-Priority Queuing classifies all packets into up to four types based on prior
configuration, puts them into four queues with different priorities respectively based on
FIFO policy. When packets get out of the queue, the queue with higher priority enjoys
absolute priority over the queue with lower priority. Packets in queue with lower priority
can be transmitted only when transmission of packets in queue with higher priority is
completed. And transmission of packets in queue with lower priority will be preempted by
packets in queue with higher priority in case of network congestion. So this queuing
mechanism can guarantee that data packets of important services (given higher priority)
are absolutely firstly transmitted. However, if the rate of packets with higher priority is
always faster than interface rate, packets with lower priority will never get an opportunity
to be transmitted.
CBWFQ-Class Based Weighted Queuing. CBWFQ usually classifies IP packets

according to DSCP, input port and five elements of IP packets. Packets of different types
enter different Bandwidth Queuing (BQ). If there’s no matching queue, the packets will
enter system default queue.
ZXR10 M6000 internal implementation skillfully integrates multiple scheduling methods

to configure and implement uniformly for users’ understanding and operation. Every port
of each line card in the system has been configured PQ, WFQ and Default queue. In
practice, PQ implements absolute priority scheduling. After offering the bandwidth
needed by PQ, WFQ implements CBWFQ scheduling based on the percentage
configured by the users. After two of the above queue bandwidth being both satisfied, the
rest traffic enters Default queue and will be scheduled by FIFO. Users can select a
scheduling way or a combination of multiple scheduling ways by configuration to meet
various user needs.
3.2.1.3 Congestion Management
Random Early Detection (RED) can be adopted as an avoiding mechanism preventing

congestion problem at bandwidth bottleneck. WRED (Weighted Random Early Detection)
combines IP priority level determined by weighted calculation and RED algorithm. WRED
provides a statistics tool to maintain effective link utilization. When output buffer reaches
guard line, packets will be randomly selected to be dropped. No packets will be dropped

if they are smaller than the minimal threshold. All packets will be dropped if they are
bigger than the threshold. When buffer is between the two thresholds, the dropping rate
will be a function of average queue length, which is an average value during the whole
operation process. Since data packets are dropped randomly, packets in all traffic flows
are dropped at different time, “global synchronization“ phenomenon which usually goes
together with drop-tail.
Congestion management algorithms that ZXR10 M6000 supports are:
 RED (Random Early Detection)
 WRED (Weighted Random Early Detection)
Congestion management algorithm can be individually configured to each priority queue

on the port. Implementing packet dropping with different statistic possibilities over each
kind of traffic flow or packets with different dropping level in one service flow based on
users’ configuration on dropping policy, can effectively avoid and control network
congestion in good time.
3.2.2 Traffic Engineering
Network congestion is a main problem influencing backbone network performance. The

reason of local congestion may be inadequate network resource or unbalanced network
resource load. TE (Traffic Engineering) resolves congestion caused by unbalanced load.
MPLS TE is a technology combining TE and MPLS. By MPLS TE, service provider can
accurately control the path traffic goes through so as to avoid the nodes with congestion
and solve the problem of part of path being overloaded while the other part of path being
idle; so that fully utilize the current bandwidth resource. Meanwhile, MPLS TE can
reserve resource during the process of LSP tunnel establishment in order to ensure QoS.
MPLS TE use CSPF (Constrained Shortest Path First) algorithm to calculate the shortest
path to certain node.
RSVP is the short form for Resource Reservation Protocol, which is initiated by receiver
to reserve resource for unicast and multicast data flows. RSVP-TE is the technology
implementing MPLS Traffic Engineering by using extended RSVP as signaling protocol

to create LSP tunnel.
ZXR10 M6000 supports MPLS TE technology providing the following features:
 OSPF TE and IS-IS TE
 CSPF (Constrained Shortest Path First) algorithm
 Basic functions of RSVP-TE
 Implementing basic function of RSVP-TE protocol defined by RFC2205 and

RFC3209; being able to establish and maintain TE tunnel by Path/Resv message
exchange.
 RSVP-TE FRR function
 Implementing RSVP-TE-FRR link protection and node protection function by

Facility defined by RFC4090, offering RSVP-TE local protection capability.
 DS-TE function
 Implementing RFC4124, RFC4127, and RFC4125 functions including uni-CT and

multi-CT DS-TE tunnel; and MAM, RDM and E-MAM bandwidth models.
 RSVP-TE Graceful Restart function
 Implementing Graceful Restart, Draft “Extensions to GMPLS RSVP Graceful

Restart“ extension and recovery processing mechanism as defined in the section of
“fault recovery“ by RFC3473.
 RSVP-TE MIB function.
 Implementing RFC3970 and RFC3812 functions.
 RSVP-TE extension function.
 RSVP-TE MBB (Make-Before-Break), re-optimization, priority preemption, abstract

update, automatic route, FA, hot-standby and authentication etc.
 E-LSP.

3.2.3 Implementation of Control/Service Policy
To make sure the successful delivery of all services in the network, different services
should be classified into different priority queues for transmission; to control the use of
network bandwidth, the related services or user’s transport traffic should be shaped (i.e.
speed restriction); to control user to access different services, ACL especially
application-based ACL should be set; to provide particular route path for special users
and services, policy-based route should be set; packet loss mechanism (e.g. WRED)
should be set when congestion occurs.
The control/service policies above are very important for the reasonable and efficient
network implementation. Considerate and hierarchical implementation should be done in
practice. Different network layers play different roles and accomplish different policy
tasks in network operation.
The interface module of ZXR10 M6000 supports Hardware Routing Table, routing table
and some ACL can be stored in interface module directly. All data traffics on the router
are directly forwarded by ASIC chip, which further releases CPU and faster than
traffic-based L3 switching mode (The first data packet experiences CPU process, the
interface module memories the forwarding result of data traffic. Other packets and the
repeated data traffic will be forwarded via ASIC chip).This forwarding mode is a new
technology generated based upon the increasing development of backbone link
bandwidth technology. It enables the route processing speed of backbone equipment
especially the equipment in the core layer to be more corresponding to the link with large
bandwidth (OC-48c, OC-192c and high-speed DWDM).
3.3 MPLS and VPN Service
3.3.1 MPLS Overview
MPLS is a multi-layer switching technology. It combines L2 switching technology and L3

routing technology together, using label to aggregate forwarding information. It is
implemented in hierarchical route architecture, supporting multiple upper protocols and
can be implemented on multiple physical platforms.
MPLS is based on per-hop route, which allows easier forwarding mechanism. As the

general mode and general routing protocol of label distribution are used on multiple types
of medium (e.g. packet, cell and frame, etc). MPLS supports highly efficient route for all
sorts of purpose (e.g. QoS route) and general traffic engineering and other operation
methods.
In MPLS VPN, carrier allocates each VPN a label named as route distinguisher (RD). RD
is unique in carrier’s network. MBGP is a route protocol extension based on BGP, which
defines VPN connection by multi-protocol extension and common features. In MPLS
VPN, BGP only sends information to the sites belong to a same VPN. It makes sure the
basic security by steams isolation. As data is forwarded along LSP, and the special path
LSP defined is fixed, which in other words guarantees security at the same time. This
label-based mode provides the same confidentiality as frame relay and ATM. Carrier
instead of user connects a special VPN to interface when using VPN, so that, data
packet forwarding is decided by ingress label. As spoofing port cannot be formed, MPLS
VPN is free from spoofing attack.
ZXR10 M6000 supports MPLS technology. Its features are:
 Supporting basic functions and label forwarding services of MPLS, realizing LDP
signaling protocol.
 Supporting Graceful Restart over MPLS signaling protocol. When protocol breaks
down, label can be forwarded as well.
 Supporting MPLS Ping/Tracert. MPLS echo request and MPLS echo reply are used
to test the usability of LSP.
 Supporting TE FRR. When LSP breaks down, data flow can be switched over
rapidly.
 Supporting load sharing.
 Supporting the management of multi-layer label stacking.
 Supporting LSP loop detection mechanism.
 Supporting MPLS CoS, mapping MPLS EXP from IP ToS/DSCP domain .
 Supporting MPLS TE include TE, FRR and DS-TE etc.

3.3.2 MPLS L3 VPN
MPLS VPN is a new VPN technology, realizing ISP data confidentiality and supporting
nonexclusive but appropriative IP address. As a result, MPLS forwarding instead of
relying on the destination address in packet head is based upon the marked value.
MPLS allows ISP to provide VPN by simple and flexible tunnel mechanism.
VPN forwarding table consists of labels corresponding to VPN-IP address. Data is

delivered to related place via this label. Since label replaces IP address, user can keep
its appropriative address architecture, and there’s no need for user to deliver data by
network address translation (NAT). In short, MPLS VPN has the following merits:
 VPN connection features simple configuration, so it has no pressure to the legacy

backbone network.
 As there’s no extra demand for users, users do not have to change anything. The
configuration is also very simple when user wants to join in VPN.
 The network scalability is powerful
 VPN use can adopt his old private address without any change. VPN-ID is used in
the backbone network for keeping uniqueness in the entire network.
 It is easy for providing value-added services.
ZXR10 M6000 supports MPLS/BGP-based L3 VPN. Providing users with virtual private
network service by using existing public network resource, ZXR10 M6000 satisfies users’
service requirement of private data transmission on public network and security
requirement. VPN end-to-end solution provided can meet these service requirements.
 Be able to play the role of P, PE or CE.
 Supporting dynamic (BGP, RIP, OSPF, and IS-IS) and static (static route) VPN
access.
 Supporting policy control such as RT rewriting and Site of Origin (SOO).
 Supporting multiple Inter-AS VPN solutions.

 Supporting VRF route restriction.
 Supporting Graceful Restart.
3.3.3 MPLS L2 VPN
ZXR10 M6000 supports Martini-mode MPLS-L2VPN by adopting VC-Type + VC-ID to

identify a VC (virtual circuit). VC-Type identifies the type of this VC to be Ethernet or
VLAN. VC-ID is used to solely mark a VC. VC-ID for each VC of one same VC-Type
should be sole. PE connecting two CE exchange VC labels by LDP and bind the
corresponding CE by VC-ID. When LSP connecting two PE is successfully created, label
exchanging and binding of two parties are completed, a VC is established. Two CE can
transmit L2 data via this VC.
To exchange VC label between PE, Martini-mode extends LDP and adds VC FEC type.
Besides, two PE exchanging VC labels may not be directly connected, so LDP must use
remote peer to establish session via which VC FEC and VC label are transmitted.
L2 VPN service supports the following features:
 Adopt LDP protocol as basic signaling.
 Supporting VPWS and VPLS.
 Supporting L2 VPN MIB.
 Supporting FEC 129 coding.
 VPWS service supports PW Class configuration, heterogeneous, Status TLV,

VCCV, and control word configuration etc.
 L2 VPN reflector for VPLS.
 Supporting multi-segment pseudowire (MS-PW).
 Supporting MAC address filtering and restriction.

3.4 Network Availability
3.4.1 IP-FRR/LDP-FRR
The switching interval of IP-FRR (IP Fast ReRoute) can be in 50ms level, which can
reduce data loss in case of network failure to the utmost extent.
IP FRR supported by ZXR10 M6000 uses loop avoidance policy configured by routing
protocol module based on user’s need to provide loop-free main/backup route. It
synchronizes main/backup route with interface line card. The forwarding module
implements traffic forwarding based on main route and check the port status of main
route at the same time. When abnormal situation occur at the port, ZXR10 M6000 quickly
switch the traffic to backup route so that switching time is reduced and packets lost are
reduced.
3.4.2 MPLS-FRR
MPLS Fast ReRoute, full form for MPLS-FRR, is the technology of MPLS-TE network
local protection. Once LSP is configured with FRR, when a link or node on the protected
LSP fails, traffic will be switched to backup link. FRR is only a temporary protection
measure. When the protected link recovers or new LSP is established, traffic will be
switched to the original LSP or new LSP.
3.4.3 Graceful Restart
Graceful Restart (GR) is a mechanism aiming at minimizing the impact of routing

protocol restart. It tries to reduce route jitter caused by router restart as much as possible
and diminish the influence of routing protocol restart. When routing protocol restarts, the
restarting router implements it’s routing information synchronization with the neighbor
router as soon as possible. Then it updates local routing information without redoing
controlling layer. The routing protocols with GR capability are as follows. Although each
protocol implements uniquely, they have similar basic principle.
GR supported by ZXR10 M6000 includes:
 BGP Graceful Restart

 OSPF Graceful Restart
 ISIS Graceful Restart
 LDP Graceful Restart
 RSVP-TE Graceful Restart
3.4.4 VRRP
VRRP protocol implements gateway backup function in the multiple-access LAN (such
as Ethernet) by providing a set of checking and election mechanism. VRRP maintains
uninterruptible service of network system for accessed host equipment by backup of
gateway equipment in LAN. That is to say, VRRP backups route next-hop equipment of
accessed host equipment.
VRRP protocols supported by ZXR10 M6000 have the following features:
 Supporting VRRP basic functions.
 Supporting VRRP and BFD check and binding.
 Supporting VRRP and PING check and binding.
 Supporting VRRP checking designated port status.
 Supporting VRRP checking key routing information.
 Supporting VRRP heartbeat implementing protocol packets forwarded by

designated L3 interface.
 Supporting VRRP group management implementing integrated receiving and

sending protocol packets of multiple VRRP groups.
3.4.5 BFD
One important performance of network equipment is to quickly detect the fault between
adjacent systems, and to create other path as soon as possible. BFD (Bidirectional
Forwarding Detection) just perfectly fulfill this aim. The main function of BFD is to provide

a light-loaded fast failure detection mechanism for neighboring forwarding engine.

Millisecond-level link detection and route switching function can be realized by combining
BFD and FRR.
BFD supported by ZXR10 M6000 has the following features:
 Supporting version 0, version 1 BFD detection function.
 Supporting BFD for BGP detection.
 Supporting BFD for OSPF detection.
 Supporting BFD for ISIS detection
 Supporting BFD for LDP LSP detection.
 Supporting BFD for TE tunnel detection.
 Supporting BFD for PW detection.
 Supporting BFD for static routing configuring next-hop detection.
 Supporting BFD for policy routing detection.
 Supporting BFD for VRRP detection.
3.5 Security Features
3.5.1 Anti-DDOS attack
The network environment is becoming more and more complicated. Route processor on
control layer is core component processing various complicated protocol data packets,
which may encounter network storm and DDOS attack. To avoid service breakdown
caused by influence of these abnormal situations on CPU, ZXR10 M6000 implements
complicated traffic control mechanism over traffic on control layer.
 CPU traffic transmitted is divided into multiple priority queues, ensuring that
important protocol packets such as BGP, OSPF and data packets customized by

administrator are given priority to be transmitted and processed. Each queue has
different threshold for different types of packets.
 Supporting ingress physical interface CAR rate restriction of traffic transmitted.
 Supporting CAR rate restriction based on source address + protocol type +

TCP/UDP port + physical ingress interface for customized packets.
 Supporting configuration of transmitting number per second and sending priority for
particular rules.
 Supporting logic port-based transmitting abnormal situation detection function.

Measure the rate at all logic ports receiving packets. When it discovers that the
traffic transmitted by the port arrives at the threshold designated by user, it disables
packet receiving processing of the port; take a proper delay; and then continue
receiving packets. In this way impact on user service of other ports caused by
violent attack against ports can be prevented.
ZXR10 M6000 can effectively ensure that important data packets with higher priority can
be firstly transmitted and shield abnormal packets attack by data packet priority
classification, different handling, multiple queue transmitting technology, transmitting
policy configuration at port, and transmitting traffic flow rate restriction.
3.5.2 Multiple Security Authentication and Authorization
ZXR10 M6000 supports multiple security authentication and authorization:
 AAA
ZXR10 M6000 implements complete security functions for administrator

authentication policy. Administrator can configure different access authentication
policy based on different access authentication needs to selectively implement
different authentication and authorization.
Three user authentication ways:
 Local authentication
 RADIUS (Remote Authentication Dial-In User Service)
 TACACS+ (Terminal Access Controller Access Control System)

Four authorization ways:
 Direct trust-based authorization: trust the user and offer authority with no need
of account.
 Local authorization: implement authorization based on local configured user

account.
 TACACS+ authorization: TACACS+ can separate authentication and

authorization. TACACS+ server implements user authorization.
 RADIUS authorizes after authentication is completed. RADIUS protocol

authentication and authorization cannot be separated.
 Protocol Security
ZXR10 M6000 implements complete protocol security authentication for protocols

such as SSH, PPP, routing protocols and SNMP based on different requirements of
protocol security authentication.
SSH protocol security authentication:
 Support MD5-based cipher text authentication.
 Support SHA1-based cipher text authentication
PPP access security authentication:
 Support PAP-based authentication
 Support CHAP-based authentication
Routing protocol security authentication:
 RIP v2, OSPF, and IS-IS support plaintext packet authentication.
 RIP v2, OSPF, IS-IS, and BGP support MD5-based cipher text authentication.
 RIPng, OSPFv3, and BGP-4 support MD5-based cipher text IPSec AH

authentication.

 RIPng, OSPFv3, and BGP-4 support SHA1-based cipher text IPSec AH

authentication.
 Support SNMPv3 encryption and authentication.
3.5.3 Unicast Reverse Path Forwarding
ZXR10 M6000 supports uRPF (Unicast Reverse Path Forwarding), preventing network
attacks based on source address spoofing. Among common DoS attacks there is a kind
of source address spoofing with which the attacker spoofs a source address (usually a
legal network address) to access to the attacked equipment so as to prevent it from
providing normal services. URPF can effectively defend against this attack.
ZXR10 M6000 supports the following uRPF features:
 Strict RPF checking
 Loose RPF checking
 Loose RPF checking ignoring default route
 ACL checking
 Support uRPF for IPv4 and IPv6
3.5.4 Port Mirroring
ZXR10 M6000 supports flexible port mirroring function. It can duplicate all data on a port
to another one, enabling network administrator to check and analyze port traffic.
ZXR10 M6000 supports duplicating traffic on one port matching certain requirements to
another port based on users’ selecting requirements; so as to enable network
administrator to check and analyze the data.
3.5.5 Netflow
ZXR10 M6000 supports netflow, which is a kind of technology based on sampling and
designed to monitor the network. Main features of netflow are:

 Supporting Netflow v5 and v9.
 Supporting transmitting packets to server by IPv4/UDP.
 Supporting active report mode.
 Supporting active and inactive buffer aging time configuration.
 Supporting dual servers.
 Supporting flow-based random sampling.
 Supporting interface traffic sampling rate configuration.
 Supporting sub-interface sampling.
 Supporting sampling at ingress and egress respectively.
 Supporting service individual sampling of unicast, multicast, and MPLS etc.
 Supporting Top N statistics flow analysis.
3.6 IPv4/IPv6
3.6.1 IPv4
The main features of IPv4 supported by ZXR10 M6000 are:
 Supporting basic TCP/IP protocol stacking, including ARP, IP, ICMP, TCP, UDP
and Socket.
 Supporting TELNET Client, TELNET Server and SSH Server (version 1, version 2),
giving conveniences to remote login.
 Supporting the transmission of FTP client, FTP server and TFTP Client files.
 Supporting IP policy routing. In the course of delivering and forwarding message,

next hop can be used directly according to the feature of message.

 Supporting DHCP Relay Agent and DHCP Server.
 M6000 also provides many link detection and diagnosis technology of IPv4 protocol,
including:
 Supporting common diagnosis functions e.g. Ping and Trace.
 Implementing automatic detection function of Ping. By using auto detection of Ping,

static routing’s next hop can be detected, and the priority of VRRP backup group
can be detected and controlled.
3.6.2 IPv6
ZXR10 M6000 supports IPv6. The features of its supported IPv6 protocol are:
 Supporting basic IPv6 protocols, including IPv6 protocol and ND (Neighbor

Discovery) protocols.
 Supporting TCP6, UDP6 and Socket IPv6.
 Supporting TELNET6, which gives conveniences for remote login via telnet6.
 Supporting PMTU (Path MTU Discovery) function.
 Providing IPv6 link detection function, including Ping6 and Trace6.
 Supporting IPv6 policy routing.
 Supporting IPv4/IPv6 dual protocol stacks. Realize both IPv4 and IPv6 functions.
 Supporting 6in4 tunnels, 4in6 manual tunnels, 6to4 automatic tunnel.
 Supporting NAT-PT(Network Address Translation - Protocol Translation).
 Supporting 6PE (IPv6 Provider Edge).
M6000 can also provide various IPv6 evolution solutions, such as Dual Stack, 6RD,
DS-Lite, NAT444, PNAT, NAT64+DNS64 and so on.
And support flexible ALG functions, such as FTP, Real Time Streaming Protocol, ICMP,

PPTP, H.323, SIP, DNS ALG, and so on.
3.7 Broadband User Access
Used in service control layer, ZXR10 M6000 enables the access of a large number of
broadband users. By supporting different access modes, i.e. ADSL, LAN and WLAN, it
satisfies the demands of different types of operator and service provider. Based upon
simple, highly efficient and unified user management mode, ZXR10 M6000 provides
multiple ways for flexible authentication, authorization and billing management.
3.7.1 IPoE Access
IPoE service is one kind of access and authentication service. In the IPoE service, users
get accessed via physical links like Ethernet. Get IP address by configuring fixed IP
address or dynamic DHCP, and check ID via Web authentication, Option60
authentication or circuit authentication.
3.7.1.1 DHCP+WEB Access
In this access mode, the client can not access the network after getting IP address via
DHCP Server (either embedded DHCP server in M6000 or extra DHCP server). No
matter what URL the user input in the browser, M6000 will connect to the designated
WEB page by force. After inputting the user account and password in this page, the
program will send the account and password to M6000. Then this information will be
delivered to RADIUS Server for authentication. After that, M6000 will modify the user’s
ACL, so that the user can access the network.
When the user is unconventionally offline, break down the network and turn off the
device provided the user’s host is down. ZXR10 M6000 can provide multiple inspection
ways, e.g. traffic-based determination which checks if the user’s host is under normal
operation via ARP message.
DCHP modes supported by ZXR10 M6000 include: embedded DHCP Server and DHCP
Relay. In address capture stage, DHCP Relay control communicaitons via Relay devices.
In address renewal stage, instead of processing the renew messages of DHCP Clinet,

DHCP Relay directly sends the message to DGCP Server via the forwarding platform.
The packets returned by the Server is processed in the same way. In other words, in the
renewal stage, DHCP Client and Server communiate with each directly. And the Relay
device instead of being processed by the control plane only implements forwarding
service.
3.7.1.2 DHCP Boot-Strap Authentication Access
DHCP boot-strap authentication supports two subscriber authentication modes.
 Circuit-based subscriber authentication
 Option60-based extended subscriber authentication
The flow of circuit-based subscriber authentication is described below.
 A subscriber opens the client and applies for an address through DHCP.
 When receiving the message, ZXR10 M6000 obtains the circuit information of the
port that receives the message. It searches for corresponding subscriber and
domain name according to the circuit information, and then searches for the
authentication mode of the subscriber according to the domain. If the local
authentication mode is configured, ZXR10 M6000 starts the local authentication
flow. It compares the subscriber information obtained with the local subscriber
information configured (including username, password and domain name). If the
information is consistent, the subscriber passes through the authentication
successfully. The server will assign an IP address and reply with a DHCP Offer
message. If the authentication mode is Remote Authentication Dial in User Service
(RADIUS), it is necessary to configure subscriber authentication information that is
consistent with the circuit information on the RADIUS server. The flow is the same
as that of local authentication after the subscriber passes the authentication.
 When receiving the DHCP Offer message sent by ZXR10 M6000, the client replies
with a DHCP Request message. After ZXR10 M6000 receives the Request
message, it searches for the address assignment address information of the
subscriber according to the hardware address. If the information is found, ZXR10
M6000 will reply with an ACK message, and then the subscriber can get online

successfully. Otherwise, the subscriber will reply with a NAK message and send a
DHCP Discover message again.
The flow of option60-based subscriber authentication is described below.
 A subscriber opens the client and applies for an address through DHCP.
 When receiving the message, ZXR10 M6000 obtains the option60 information from
the message. Then it resolves the information according to the Option60 resolution
method that the subscriber configures. ZXR10 M6000 obtains the authentication
mode according to the domain name. If it is local authentication, ZXR10 M6000
starts the local authentication flow. It compares the subscriber information obtained
with the local subscriber information configured. If the information is consistent, the
subscriber passes through the authentication successfully. The server will assign
an IP address and reply with a DHCP Offer message. If the information is not
consistent, the server will not assign an address or reply with a DHCP Offer
message. If the authentication mode is RADIUS, it is necessary to configure
subscriber authentication information that is consistent with the circuit information
on the RADIUS server. The flow is the same as that of local authentication after the
subscriber passes the authentication.
 When receiving the DHCP Offer message sent by ZXR10 M6000, the client replies
with a DHCP Request message. After ZXR10 M6000 receives the Request
message, it searches for the address assignment address information of the
subscriber according to the hardware address. If the information is found, ZXR10
M6000 will reply with an ACK message, and then the subscriber can get online
successfully. Otherwise, the subscriber will reply with a NAK message and send a
DHCP Discover message again.
3.7.2 PPPoE Access
PPPoE access is a link access technology via which user accesses the broadband
access server by PPP dialer. In this way, user can intercommunicate with ZXR10 M6000
via PPPoE protocol. ZXR10 M6000 is responsible for terminating PPPoE connection.
Bearing PPP data on Ethernet, PPPoE (Point-to-Point Protocol over Ethernet) provides a
standard in the broadcasting network for multiple hosts linking to remote broadband

access server. PPPoE protocol consists of two stages, i.e. PPPoE discovery stage and
PPPoE session stage. The discovery stage is used to build link layer connection
between the host and BRAS (discover MAC of BRAS) and create a PPPoE session ID
which will accompany this PPP dial-up number until the user is off the line. The session
stage mainly includes negotiation data link layer parameters, e.g. authentication
negotiation and MRU negotiation, and negotiation network layer parameters like IP
address negotiation. The implementation of the session stage consists of three steps:
creation of LCP, AUTH ahtneitcation and NCP (IPCP ) negotiation stage. LCP is used to
negotiate some parameters of the link. It is responsible for creating and maintaining links.
AUTH contains two authentication ways: PAP and CHAP. PAP (Password
Authentication Protocol) whose password is cipher text is a two-handshake
authentication. NCP mainly including IPCP and IPXCP is the most commonly used
IPCP protocol. In running IPCP, dynamic IP address negotiation of the point-to-point
devices are implemented.
3.7.3 User Precise Location
Precise user location technology which defines user’s uniqueness not only gives
conveniences to service and user management, but also provides users with different
levels of service which effectively prevent their accounts from being stolen.
 PPPoE+ standing for PPPoE Intermediate agent. Usually, DSLAM is used to realize
PPPoE Intermediate agent and the modification of PPPoE message. Add identifier
of user’s route to PADI and PADO in PPPoE discovery stage. ZXR10 M6000
implements LAC service and gets user’s route identifier. PPPoE+ is only suitable for
PPPoE access.
 DCHP Option82 is a specific application scenario of DHCP agent. DHCP agent is

implemented based upon RFC 3046. In DHCP environment, DSLAM or switch are
used to implement DHCP agent service. Put user access route identifier into the
new TAG (82) of each DHCP discover and DHCP request packet. Then send the
message to DHCP server or RADIUS server for authentication, authorization and
billing.
 The implementation of VBAS (Virtual BAS) requires the coupling of DSLAM and
BRAS. Set DSLAM corresponding to VLAN on BRAS. In terms of user’s bandwidth

VLAN, BRAS maps the packet to the related DSLAM. When BRAS initiate the query
this DSLAM for user route identifier, the DSLAM returns the identifier to BRAS. The
implementation of VBAS requires one-by-one corresponding VLAN and DSLAM on
BRAS.
 Before tagging 802.1q protocol, QinQ mechanism encapsulates 802.1q protocol tag
again. The inner label marks customer, and the outer label indicates service
provider network. Via label extension, user route identifier can be realized. QinQ
gives a better way to solve the inadequate VLAN issue (maximally 4K).
After getting user’s route information via precise location technology, ZXR10 M6000 will
send its NAS-PORT-ID field which is put in RADIUS request Packet to RADIUS server
for authentication. If the binding parameter is not right, RADIUS server will return
access-reject message, so that, ZXR10 M6000 will reject user’s connection request.
3.8 PPPoE/IPoE Hot Standby
User perceives an urgent need for unaware reliability.
The simple redundancy and backup of device key components and link layer can not
enable non-blocking services user requires.
ZXR10 M6000 supports PPPoE / IPoE, IP Host, PPPoE / IPoE access VPN, multicast
and other hot standby technologies. It means to build "forever working" networks for
customers.
The hot standby technology synchronizes user information between active and standby
devices. After active/standby switchover, user does not need to reinitiate request for
connection. It does not have any awareness of the fault at all.

3.8.1 PPPoE/IPoE Service Hot Standby
Figure 3-1 PPPoE/IPoE Service Hot Standby
Realization process is as follows:

(1) Subinterface is used between backup ports of two BMSG devices to negotiate
active/standby relationship via VRRP protocol. BFD can be used to speed up failure
inspection. The active/standby relationship of BRAS subinterfaces are shown by
connecting with VRRP.
(2) User initiates connection requests. It broadcasts PADI and DHCP Discovery
message. The standby device BMSG-2 does not give any response. The active
device BMSG-1 sends PADO/DHCP Offer message back. The source MAC address
in the message is composed by vitual MAC address generated by VRRP group.
(3) The user accesses from BMSG-1, and BMSG-1 transmits all the user information
to BMSG-2 with SIBP, including the user's session ID, AAA information, access line
information, QoS and so on.
(4) When BMSG-1 was failed or link was failed, BMSG-2 becomes the active one.
User does not need to reinitiate the connection request. Services will be switched
over to BMSG-2 automatically. BMSG-2 sends free ARP packets to refresh the MAC
forwarding tables of the switch, and user traffic flows to BMSG-2.
(5) Typically, different backup groups share the global address pool, if only the link
between BMSG-1 and SW was failed, the user's downstream traffic still flows from
BMSG-1. It is recommended active/standby devices adopts direct line to redirect the
flows, or adopts tunnel technology; if BMSG-1 equipment was failed, delete the route.
And then the downstream traffic will flow from BMSG-2 according to route

convergence.
(6) Since fault state is abnormal, it is suggested to configure VRRP groups
occupAtion. After recovery, BMSG-1 becomes the active equipment again. User
traffic returns to the initial stage when the fault is removed.
3.8.2 IP Host Service Hot Standby

IP host user means user configure IP address statically. There’s no need to link
request to BMSG, so it only differs from PPPoE/IPoE hot standby in step 2
mentioned above.
3.8.3 PPPoE / IPoE Access VPN Service Hot Standby

The only difference between PPPoE/IPoE Access VPN service and normal
PPPoE/IPoE service is that the users access to the VPN services after connection
not the public network services. For hot standby, the main difference of them is the
disposal of user downstream control -- the stream from master device to slave
device needs VPN routing redirection. There are two ways to solve this problem.
One: The master/slave devices connect with each other directly.It is several
sub-interfaces on the connection physical interfaces, and each sub-interface has
only one corresponding VPN. When downstream is sent to BMSG-1, the route is
redirected to BMSG-2 through IP FRR.
Two: The labels are distributed to VPN via MP-IBGP between BMSG-1 and BMSG-2.
It advertises the VPN host route, and forms the FRR route. The VPN information can
be inherited by the flows arrived at BMSG-2.
3.8.4 Multicast Service Hot Standby

BMSG-1 and BMSG-2 elected active/standby relationship by VRRP. Two devices
can receive the user's IGMP join-in request. Only BMSG-1 handles user’s IGMP
request, and then synchronizes the user group information to BMSG-2 by SIBP. Two
devices have the user group information, and they both direct the multicast traffic by
sending PIM join message. But because BMSG-2 multicast user is on the standby
status, BMSG-2 does not replicate multicast messages. According to rapid fault
detection BFD for PIM, users no longer need to initiate IGMP request after the
active/standby switchover. BMSG-2 will be on the active status, replicate multicast
messages, and then users can receive the multicast packets from BMSG -2.
Figure 3-2 Multicast Service Hot Standby

3.9 User and Service Management

Multi-services edge router M6000 support end users’ access and management
functions including Access, Authentication, Billing, Address Assignment, etc.;
3.9.1 Domain Management
AAA treats domain as a complete control entity. The user should be fallen into a certain
domain when being authenticated. It means that a domain should be chosen for a user
when he is authenticated. Only then authentication, authorization and account can be
carried on according to domain configuration.
All functions of the AAA module are performed within the domain management entity.
Different domains are independent from each other with different authentication and
accounting policies. All processes of authentication and accounting go along within the
range of domain control. To achieve core control of AAA module, authentication policies
(local, none and radius), hierarchical authentication and billing Radius server group can
be performed according to the domain policy or user’s default template. And billing
protecting mechanism is provided by handshake detection, redundant backup, load
balance, re-send, detailed list of calls local stored etc. of authentication server.

Functions of domain management are: support for multiple authentication mechanisms,

support for various authorization policy, second billing function, VRF correlation, and
various customized services and authorization control.
3.9.2 Service access list (SAL)

Service access list performs the mapping of users to domains. The user should
belong to a certain domain through SAL. If the domain which the user belongs to is
not configured in the system, it will be appointed to one domain by SAL.
Default user module is a generic collection of accounts authority and it is the only
authority information under such circumstance. Its application makes user account
management convenient, where shared authority within one domain can be configured.
For access users without specified authority can be authorized in this default user
module.
 Accounts management of local users
The combination of user name and domain name is the only identification for local
users to manage his accounts. It supports remote authentication, so that the user’s
domain name is not required to be pre-exist in the system. The accounts
management of local user is the central database of local authentication.
 Radius server group
In a distributed way, Radius server manages configures servers and usage policies,
network parameters and domain feature of Radius protocol package. That is to say,
Radius server group implements all the configurations related to Radius.
 Service Access Control List Function(SAL)
Service access control list implements the mapping of users to domain and can
control the user’s domain according to user’s physical link. SAL can prohibit or
permit access of certain domains from certain interfaces, and performs mapping of
users to domain at the same time. The user without a domain name can be
assigned to one domain by means of default-domain configuration. If the domain the
user belonging to is not configured (including domain name not added during the
user’s entry), it can be assigned to roaming domain; otherwise if roaming domain
has not been configured, then the user cannot get access. SAL can also perform
domain name translation as well as translating all domains to an appointed one, and
domain replace function from one domain name translate to another domain name.

After these steps, end users must have been belonged to on domain.
SAL is associated in circuit interface. If not, the processing principle is: no access
without user domain name; access according to domain name via domain search,
otherwise no access allowed.
If there is still no domain name after domain mapping, the user cannot access
unless “permit any” has been configured; if a roaming domain is configured, the user
belongs to it, otherwise he cannot access.
SAL is a combination of the following sub-functions, which manages different ways

of access for user authentication, implementing flexible access control:
 Account name analysis: usually user accounts takes the format of user name
plus domain name, while account analysis means to dissemble the account
loaded by the user to user name and domain name.
 Default domain function: If the user does not enter a domain name when
performing authentication, the default domain function can provide a shared
default domain as a control entity for the user to access.
 Domain name mapping function: This function substitutes the user input
domain with specified domain(s) for authentication, making it available for an
entity to possession several domain names.
 Domain control function: SAL domain control function can prohibit and permit
users in the appointed domains to access for more convenient access control.
 Roaming domain function: roaming domain function is useful when the domain
the user loads is not configured in its access point, which needs to implement
user’s access control. When ZXR10 M6000 has determined that the
user-entered domain is not configured in the local area, it will make use of
roaming domain configured by SAL as a control entity for user to access.
3.9.3 Service Interval Management
Given broadband access services are becoming more and more comprehensive; the
requirement for user service control is also becoming higher. Thus, more granular and
more intelligent management capabilities are being requested by the carriers.

To meet the requirements, ZXR10 M6000 implements interval management for three
services, namely, ACL, QoS and management domain respectively. Managers can
define different intervals for different service policies to provide users with diversified and
differentiated services.
ACL and QoS interval management: When a user has been authenticated, it will
dynamically obtain ACL or QoS from interval management system according to
configured authentication period and applies it in the user’s attribute. Then, when the
user is online, it will apply the corresponding ACL or QoS and modifies user’s attributes,
implementing different authority within different intervals.
Domain interval management: A basic domain function only implements simple function
of access prohibition or permission, however, it’s often required to control access for
different intervals in practical. Via domain interval management, manager can control
different access in different intervals in one domain.
3.9.4 RADIUS Client
Working as RADIUS client and RADIUS server in communication, ZXR10 M6000 can
implement remote authentication, authorization and accounting. The specific services
are:
 The encapsulation, decapsulation and delivery of RADIUS protocol of user

authentication and accounting information.
 After successful authentication, return user authorization information from RADIUS

server.
 Support 2-level accounting; satisfy accounting services among different ISPs.
 RADIUS server selection policy supports First mode and Round-Robin mode.
 Support L2TP accounting mode of rfc2867.
 Support Accounting-on and Accounting-off.
 RADIUS requires queue maintenance and allows concurrent delivery.
 Resending mechanism ensures valid information transmission.

 Cache RADIUS accounting information.
 Provide convenient tracking scheduling and data statistical service.
 Support MIB interface of rfc2618 and rfc2620.
3.9.4.1 RADIUS Group Management
RADIUS protocol is in distributed architecture. RADIUS Client and the Server

communicate with each other via the network. As there are lots of instability and aberrant
situations, ZXR10 M6000 in order to be more reliable manages RADIUS server via the
grouping management. One server group forms a reliable server aggregate. By
deploying different policies to the server group, balanced load and backup server can be
achieved among servers.
3.9.4.2 Policy in Selecting RADIUS Server
ZXR10 M6000 supports two selection algorithms, i.e. first algorithm and round-robin
algorithm. The basic principle of Frist algorithm is very easy: if the existing server is still
available, use the existing one primarily. If the existing server does not respond, choose
the next valid server. The Round-robin algorithm also follows a simple theory: ignoring
the status of the existing server, choose the next valid server directly.
For example: provided there are three servers, i.e. A, B and C. If server B is used for
authentication, based upon first algorithm it will continue working if it is still valid in later
user authentication. Otherwise, server C (If it is valid) or server A (If server C is invalid,
use server A instead) will be used. If round-robin algorithm is used, use the server C (if
valid) or server A (if C is invalid, use server A instead) directly in the authentication.
3.9.4.3 RADIUS Server Active/Standby Switchover
ZXR10 M6000 supports active/standby RADIUS server switchover. When the active
RADIUS server breaks down, the system must send the authentication accounting
information automatically to the standby RADIUS server. Then the backup one will
implement authentication and accounting services. Then when the active RADIUS
recovers, ZXR10 M6000 can switch the information back to the active RADIUS. There is

no service breakdown or accounting information loss in the course of switchover.
3.9.4.4 Accounting Protection
As users always care accounting service, the accounting information should be not only
accurate but also complete. However, if RADIUS is bothered by unsmooth traffic or
overloaded accounting server, it may lose accounting information. ZXR10 M6000
provides local accounting protection, i.e. if the accounting server does not give any
response to user’s accounting information sent by ZXR10 M6000, the accounting service
is defaulted as failed. Then this accounting information (including start accounting packet
and end accounting packet) will be sent to local accounting cache.
3.9.4.5 RADIUS Dynamic Authorization
ZXR10 M6000 supports that the dispatched feature of RADIUS dynamically adjusts
user’s bandwidth or restrict the access to particular resources. It supports RFC3576.
RADIUS server confirms the user as per its account number, then it changes the user’s
IP, ACL, QoS and uplink/downlink traffic bandwidth control. The modified information will
be sent to ZXR10 M6000 via CoA-request information. ZXR10 M6000 searches for
corresponding users according to related user’s circuit information in the request, and it
will change the user’s related service data. During the entire course, the user is normally
online, and there’s no need for PPP reset.
3.10 Clock Synchronization
In the modern communication network, the goal of clock synchronization is to control

clock frequency and phase of all nodes in the entire network in a preset tolerance range,
to avoid the data errors caused by clock inconsistencies, to save the costs of setting up
the network.
Clock synchronization includes two synchronous information: on one hand it’s the time
(phase) synchronization, phase between the signals is consistent, that is, phase
difference between signals is a constant zero; on the other hand, it’s the frequency
synchronization, the frequency between the signals maintains a strict relationship, the
effective moments appeare in the same average rates, to maintain all devices in the

communications network work in the same speed.
3.10.1 Synchronous Ethernet
ZXR10 M6000 supports synchronous Ethernet technology. In the sending side,

enhanced clock daughter card (SCME) in M6000 sends uniformly a high-precision
system clock to all Ethernet interface cards, and the clock module in the Ethernet
interface card uses this high-precision clock to send data. In the receiving side, the clock
module in the Ethernet interface card recoves the clock, and sends it to the enhanced
clock daughter card (SCME) after frequency division. According to the quality of each
interface, SCME selects a high accuracy clock, and synchronizes the system clock with
it.
To generate high-precision system clock, Synchronous Ethernet adopts an external

high-precision clock (2MBits, 2MHz) for reference, and the generated system clock is
distributed to all line cards. Furthermore, GPS can be used for clock reference.
3.10.2 IEEE 1588v2
ZXR10 M6000 supports IEEE 1588v2 protocol. 1588V2 protocol provides a set of
precise time synchronization program -PTP (Precision Time Protocol), which supports
time and frequency synchronization, providing sub-microsecond time synchronization
accuracy. In 1588V2 protocol, PTP packets can have a variety of packages, such as
UDP (IPV4, IPV6), Ethernet and so on. At the same time, PTP packets can be transmited
by multicast mode or unicast mode.
To the communication, clock can be divided into the master clock and the slave clock. In
theory, any clock can serve as the master clock and slave clock, but a PTP
communication subnet can have only one master clock. Optimal clock throughout the
system clock is the GMC (Grandmaster Clock), which is the best stability, accuracy,
reliability and so on. According to the precision and level of the clock on each node, and
traceability of UTC (Universal Time Clock), the best master clock algorithm automatically
selects the subnet master clock; in only one subnet system, the master clock is the GMC.
Each system has only one GMC, and each subnet has only one master clock, slave
clock should keep pace with the master clock.

3.11 OPERATION AND MAINTENANCE
3.11.1 Netnumen Unified Network Management Platform
Due to the development of IP network, there is more and more service implemented by
IP network. At the same time, the network ranges larger, and configures harder, plus
user’s higher expectation, the network management becomes more and more difficult.
Only manual management and passive inspection cannot meet the requirements of
running the entire system.
Now the maintenance engineer is focusing on how to deploy service swiftly, how to keep
steady network operation, how to predict the operating quality of the network and how to
locate the failure as soon as it happens. Therefore, the active network monitoring,
automatic network failure inspection and recovery, and sound network operation are
urgently required to guarantee maximum network profit.
ZTE giving positive response to the call of the times develops Netnumen unified network
management system. It is an integrated network management system composed by
router, switch and CE, responsible for network element management, network
management and service network management. It supports multiple sorts of database,
has graphic interface in different languages for convenient operation. Besides, this
system also provides flexible northbound interface, supporting powerful interconnecting
integration.
3.11.1.1 Network Management Networking Mode
Between Netnumen NM system and ZXR10 M6000 series equipment, inband

management and outband management networking modes can be used.
 Inband Management
Inband Management, i.e. instead of requiring an extra DCN, network management

information and service data are delivered in the same channel. Netnumen only has
to connect with its nearby network equipments, and then together with configured
SNMP, it can arrange management.
The advantage of inband management is that flexible networking does not ask for

extra investment. But the network management information takes up service

bandwidth, so it may seriously affect service quality.
 Outband Management
Outband management, i.e. the network management information is delivered in

service data independent from service data, so extra DCN is needed. Netnumen
network management system is connected with the outband management interface
of ZXR10 M6000 so that network management information and service information
can be delivered independently.
By using outband management; the breakup the service channel will prevent the
network management station to do equipment management, so that the transport of
network information becomes more reliable. But due to the huge geographic limits,
the independent network management network requires extra investment.
3.11.1.2 Netnumen Network Management System
Netnumen network management system is an integrated management system designed

by ZTE for its router, switch and CE. It covers network element management, network
management and service management. Netnumen network management system
provides the following services:
 Failure management makes sure steady network operation.
In the maintenance of network management, the administrator urgently needs to

know the network operating status to make sure steady network operation. The
failure management of Netnumen is responsible for receiving real-time equipment
warning and network events from all NE, so that it can give audible and visible
information to maintenance staffs; after being confirmed by maintenance staffs, the
collected warning report will be saved for future statistics and search. Failure
management is the most important and common used method in user’s network
operating maintenance. Via failure management, user can arrange information
search, real-time monitoring, failure filtering, failure location, failure confirmation,
failure deletion, and failure analysis for ZXR10 M6000 series device. Besides,
Netnumen system also provides voice prompt, graphic warning display, and informs
user the failure by sending Email and messages via warning system, Email system,
SMS system, which simplifies user’s daily maintenance.
 Performance management enables complete understanding of network services

The traffic direction, traffic load and network load are the key issues in network
management. The performance management module of Netnumen is mainly
responsible for the performance monitoring and analysis of data network and its
equipments. The performance data collected by network element will generate
performance report after a certain processing, so that maintenance and
management departments can get information to guide network engineering, plan,
network scheduling and improve network operating quality. Via performance
management, user can implement load, traffic direction and interface load collection,
get timely service quality report and give prompt evaluations and adjustment on
entire network resource configuration.
 Resource management makes reasonable use of network resource
The resource management system realizes the management of physical resource

and logical resource, so it is an inevitable basic system in carrier’s service progress.
Also it is the critical precondition for realizing automatic service initiation and service
guarantee. Via resource management, user via the resource management system
not only can get information of the management of the equipment, module, interface
and link in the network, but also can know the operating status of the logical
resources, such as, VLAN resource, L2/L3 VPN resource, and MAC addresses.
 Graphic management makes network operation clear
Graphic management provides unified network topology and multi-graph

management, which enables the user to be aware of the network topology and
equipment operating status in the entire network. At the same time, it provides
maintenance interfaces for network and equipment. User utilizes graphic
management to know the operating status and warning status of the equipment. At
the same time, it supports fast navigation to other management systems.
 Configuration management, fast service deployment
The configuration management implements the configuration of ZXR10 M6000

series, including equipment management, interface management, L2 attribute
management, MPLS management, routing protocol management, software upgrade
management, and configuration file management; Also it supports many
customer-friendly configuration modes, such as end-to-end configuration, in-batch
configuration, guiding configuration. Besides, it offers default configuration models
to corresponding management.
 Security management protects network
The security management is mainly responsible for user’s legal network operation. It
realizes the management of user, user group and role. By arranging correct
relationships between user, user group and role, it provides administrators with

security control mechanism. Via login authentication, it prevents illegal users from
accessing the system. By authorized operation, it offers security mechanism to
administrator’s secure operation.
 Northbound interface gives conveniences to integration
Due to the fast development of telecom industry, one carrier nowadays should
manage multiple different network element equipment or professional network
management system. The drawbacks for instance non-interaction among different
professional network management systems, complicated management content, and
multiple operating interfaces become more and more obvious. To enhance the
integrated network management level and effect of telecom enterprise, one network
management station can be used to implement all sorts of management and control
to the interconnected networks, so that, the integrated entire network management
comes true.
The integrated network management connects with professional network
management via interface. So the professional network management should
provide standard open northbound interface to the integrated network management
system, so that, it can integrate with the integrated network management system
rapidly and reliably. Netnumen supports many types of northbound interface, e.g.
CORBA, SNMP, TL1 and FTP.
3.11.2 Maintenance and Management
ZXR10 M6000 has clear maintenance interface which also enables easy operation. User
management is carried out based upon differentiated authorities to make sure the
security of equipment maintenance. ZXR10 M6000 can provide online software upgrade,
BOOTROM upgrade; outband network management, equipment self-diagnosis, and
record of abnormal equipment file.
ZXR10 M6000 supports SNMP (Simple Network Management Protocol) V1/V2c/V3

protocols and the interoperation with most general background network management
system. In addition, ZTE configures ZXR10 M6000 with dedicated network
management system ZXR10 NetNumen which provides powerful graphic interface
system; realize easier background configuration and monitoring.
3.11.2.1 Multiple Configuration Modes
 ZXR10 M6000 series equipment provides multiple equipment login and

management configuration modes, which enables user to choose the optimal way
to configuring its connections. It makes the equipment maintenance easier.
 Multiple configuration and management modes:
 Serial interface connection configuration: Serial interface connection configuration

uses VT100 terminal mode. It can use super terminal tool provided by Window
operating system to complete the configuration; for the bare metal or
connectionless equipment, this method is the only choice;
 Telnet connection configuration: 1. Via the IP address of the management Ethernet

interface telnet (10/100Base-TX)on telnet main control board to configure switch; 2.
Configure IP address over VLAN interface and set user name and password. Via
the IP address of telnet VLAN interface, it implements switch configuration; when
user requires remote login, and is able to communicating with equipment, this
connection configuration mode can be used;
 SSH (Secure Shell) protocol connection configuration: Initiate SSH service on

ZXR10 M6000 series equipment, connect the VLAN interface IP address or
management Ethernet port IP address via SSH client software to implement more
secure switch configuration. When users require remote login with high demands
for security, this connection configuration can be chosen;
 SNMP connection configuration: The background network server acts as SNMP

server, the front equipment ZXR10 M6000 series equipment works as SNMP Client.
The background and front equipment share one MIB to manage the configuration of
ZXR10 M6000 series equipment via network management software; this
connection configuration mode enables the user to implement effective
management configuration via network management software.
3.11.2.2 Policing and Maintenance
 ZXR10 M6000 series is capable of multiple ways of equipment policing,

management and maintenance, which enables the equipment to process all sorts of
abnormity correctly, and provide users with all types of parameter in the course of
equipment operation.

 Equipment Policing:
 LCD shows system status and all sorts of alarm;
 There are indicators on power supply module, fan, MSC and all LICs. They show
the operating status of these components;
 Fan monitoring is done by special fan module which can test the operation and
status. Besides, it is also capable of intelligent fan speed adjustment.
 Power supply module provides operation, status, power consumption, current,

voltage and AC/DC situation;
 When the fan, power supply or temperature goes working, the voice awarding and
software warning will be generated;
 Distributed temperature collection and temperature monitoring;
 The MSC switchover and hot swappable records are kept for reference;
 Automatic check for matching of version in the course of system operation
 The system monitors the operating status of the software, when abnormity happens,
the LIC will be restarted and MSC switchover will be implemented as well;
Equipment management and maintenance
 The command line provides flexible online help;
 Provide hierarchical user authority management and hierarchical commands;
 Provide multi-level user authority management, automatic record of user operation

log;
 Support information center, provide unified management of log, alarm and

scheduling information;
 Via CLI, user can check the basic information of all MSC, LIC, and optical modules;
 User can decide if console login require user name and password or not;

 Provide multiple sorts of information query, including version, component status,

temperature, CPU and memory availability;
 Common user’s password support text and Cipher text modes;
 Provide hierarchical equipment alarming management, alarm classification, and

alarm filtering, which can send the alarm to remote server.
3.11.2.3 Diagnosis and Scheduling
 ZXR10 M6000 series provides multiple sorts of diagnosis and scheduling methods,
enabling user to have multiple ways to adjust equipment and get more scheduling
information. Support dedicated diagnosis test command mode, complete equipment
diagnosis and test, which enables equipment test to be carried out at any time. And
when the equipment breaks down, it can be inspected remotely.
 Test of equipment operation status
 Provide CPU availability, peak value of CPU availability and memory

availability of all modules
 Provide record on traffic speed and peak traffic of all interfaces
 Support the calculation of the packet processing carried out by internal

processor of line card and switching fabric
 Test of Equipment Failure Status
 Support the display of status of internal register of line card and memory
address
 Support the display of the memory of service table
 Support the external operation internal function
 Support the display of internal communications status of line card
 Ping and Trace Route: by inspecting if the network connection is reachable, the
transport path of the online record packet acts as the reference;

 Debug: rich debug commands are provided to each of software. Every debug
command supports multiple debugging parameters, so it can be controlled flexibly.
Via debug command, specific information on the progress, message processing
and tolerance inspection of the service in the course of operation can be displayed;
 Mirroring image service: it supports interface-based mirroring image, via which the
incoming, outgoing or bidirectional messages are replicated to the observed
interface.
3.11.2.4 Software Upgrade
ZXR10 M6000 provides software upgrade modes in both normal and abnormal
conditions.
 Upgrade when the system is abnormal: Provide software upgrade when the
equipment cannot be initiated normally. Via modifying boot initiation mode, load
new software version from the management Ethernet interface to complete initiation
upgrade;
 Upgrade when the system is normal: Provide local or remote FTP online upgrade
when the equipment is in normal condition.
4 System Architecture
4.1 Product layout
ZXR10 M6000 series product uses chassis-based architecture that is popular in the
industry. Adopting all-in-one chassis and modular architecture, it uses hot swappable line
card modules and components, so it features flexible scalability.
The entire equipment is mainly composed by chassis, LCD display module, fan tray, air
intake plane, backplane, power supply module, management processor unit, switch
fabric unit and service line cards.
The chassis is made by sheet metal. It is an entire architecture composed by two-side

boards, soleplate, top plate, and structure tracks. The module insert and cabling can be
done in the front of chassis. The LCD module, power supply module and fan tray are
designed in modular architecture. The entire device is 19 inch which totally goes in line
with the industry standard; as a result, it can be put in IEC 297 or ETSI standard racks.
4.1.1 Layout of ZXR10 M6000-16
The appearance and planar layout of ZXR10 M6000-16 are shown respectively as
follows:

Figure 4-1 The layout of M6000-16
442mm
2
3
4 4
4 4
4 4
4
5 1686.2mm
6
6
6 6
5
4
4 4
4 4
4 4
4 4
3
1 LCD
2 2 Fan tray
7 3 Cable bracket
4 Line card
8 5 MPU
600mm
6 SFU
7 Air filter
8 Power module

Figure 4-2 The appearance and architecture layout of ZXR10 M6000-16
The chassis of ZR10 M6000-16 is 38U(1U=44.45mm) high and its entire size goes like
442mm(W)*1686.3mm(H)*600mm(D). With vertical slots, ZXR10 M6000-16 is designed
with 22 slots including 16 service line card slots, 2 MPU (management process unit) and
4 SFU (switch fabric unit). The MPU is designed in 1:1 redundant backup and SFU is in
3+1 redundant backup.
Each MPU card provides:
1*CF card interface and 2*USB interfaces. It is capable of connecting with external
storage to save configuration file, etc.
1*10/100M Ethernet electrical interface and 1*RS232 interface that are used for
configuration and control;
1*10/100/1000M Ethernet electrical interface for internal debugging;

1*Modem interface for remote management;
2*1000M Ethernet optical interfaces (reserved);
The system supports BITS clock and 2MHz clock interfaces.
The power supply module is designed in online backup mode. It is capable of providing
-48V DC or 220V AC modes. DC power supply mode is in 1+1 design, which enables 2
groups of -48V DC offer electricity at the same time. AC power supply mode uses 1+1
backup to enhance the reliability of the entire power supply system.
The real-time temperature, power consumption, version and equipment alarm can be
shown on LCD on the top side of the chassis. Besides, airs filter locating above the
power supply module to prevent dusts from falling down to the chassis. There are two fan
trays on the top and bottom part of the chassis respectively. The entire chassis adopts
bottom-to-top ventilation cooling mode. Two sets of cable brackets on the top and bottom
parts of the line card respectively, which are give conveniences for cabling.
4.1.2 Layout of ZXR10 M6000-8
The appearance and architecture layout of ZXR10 M6000-8 are shown respectively as
follows:

Figure 4-3 The layout of ZXR10 M6000-8
442m
m
2
2
3
1152.9
mm
4
4 4
4 4
4 4
4 6
6
6
7 1 LCD
2 Fan tray
5
3 Cable bracket
5
4 Line card
5 MPU
8 6 SFU
600m
m 7 Air filter
8 Power module

Figure 4-4 The appearance and architecture layout of ZXR10 M6000-8
The chassis of ZXR10 M6000-8 is 27U(1U=44.45mm) high and its entire size goes like
442mm(W)*1152.9mm(H)*600mm(D). With vertical slots, ZXR10 M6000-8 is designed
with13 slots including 8 service line cards, 2 MPU and 3 SFU. The MPU is designed in
1:1 redundant backup and SFU is in 2+1 redundant backup.
1*CF card interface and 2*USB interfaces. It is capable of connecting with external
storage to save upgrade file, etc.
1*10/100M Ethernet electrical interface and 1*RS232 interface that are used for
configuration and control;
1*10/100/1000M Ethernet electrical interface for internal debugging
1*Modem interface for remote management;
2*1000M Ethernet optical interfaces (reserved);
The system supports BITS clock and 2MHz clock interfaces.

The power supply module is designed in hot backup mode. It is capable of providing
-48V DC or 220V AC modes. DC power supply mode is in 1+1 design, which enables 2
groups of -48V DC offer electricity at the same time. AC power supply mode uses 1+1
backup to enhance the reliability of the entire power supply system.
The real-time temperature, power consumption, version and equipment alarm can be
shown on LCD on the top side of the chassis. Besides, air filter prevents dusts from
falling down to the chassis. There are two fan trays on the bottom part of the chassis.
The entire chassis adopts bottom-to-top ventilation cooling mode. Cable bracket locates
on the top part of the line card.
4.1.3 Layout of ZXR10 M6000-8S
The appearance and architecture layout of ZXR10 M6000-8S are as shown as follows:
Figure 4-5 The appearance of ZXR10 M6000-8S
441mm
750mm
1
7
1 Cable bracket
2 2 2 Service cards
2 2
2 2 3 SRU cards
2 2
4 SFU cards
3 619.5mm 5 Air inlets
3
6 Transversal dust screen
4
7 Handles
8 Sub-rack mounting flange
9 Side air inlets
8
6
5
9

Figure 4-6 The architecture layout of ZXR10 M6000-8S
Cable bracket
00 1 2 3 10 8 1110 4 5 6 77
SFU
PFU+PIU
PFU+PIU
PFU+PIU
PFU+PIU
PFU+PIU
PFU+PIU
PFU+PIU
PFU+PIU
SFU
SRU
SFU
SRU
9
SFU
FAN
Transversal dust screen
Air inlets
The chassis of ZR10 M6000-8S is 14U (1U=44.45mm) high and its entire size goes like
441mm*619.5mm*750mm (W*H*D). With vertical slots, ZXR10 M6000-8S is designed
with 12 slots including 8 service line card slots, 2 SRU (switch router unit) and 2 SFU
(switch fabric unit). The SRU is designed in 1:1 redundant backup and SFU is in 3+1
redundant backup.
Each SRU card provides:
 1 x SD embedded interface, 1 x USB interface and 1 x SAS hard disk interface. It is

capable of connecting with external storage to save configuration file, etc.
 2 x ALM port (RJ45), as the alarm input and output interfaces
 1 x LAMP port (RJ45), as alarm lighting signal interface
 1 x OAM port (RJ45), as download version and monitor interface
 1 x STDBY port (RJ45), as the dubug interface
 1 x CONSOLE port (RJ45), as the connection interface to the back management

end, for operation and maintenance of the equipment
 1 x AUX port (RJ45), as the connection to Modem, for remote management
 2 x CLK port (SMB), as 2.048MHZ or 2.048MBit/s clock input and output interfaces
 2 x GPS port (RJ45), as the external GPS clock input and output interfaces
The power supply module is designed in online backup mode. It is capable of providing

-48V DC modes. DC power supply mode is in 2+2 design, which enables 2 groups of
-48V DC offer electricity at the same time to enhance the reliability of the entire power
supply system.
There are five groups of fans trays on the top-back part of the chassis respectively. So,
the wind comes into the chassis from the front and both sides and goes out of it from the
back-top.
One set of cable brackets on the top part of the line card, which gives conveniences for
cabling.
The appearance and architecture layout of ZXR10 M6000-5S AC and DC are shown as
follows:
Figure 4-7 The appearance of ZXR10 M6000-5S AC
5 442mm
1 1 Service cards
1 2 SRU cards
1
3 AC Power module
2
2 4 Sub-rack mounting flange
1
1 5 Cable bracket
1 352.8mm 1
6 Handles
3
630mm
95mm

Figure 4-8 The appearance of ZXR10 M6000-5S DC
5 442mm
1 1 Service cards
1 2 SRU cards
1
3 Handles
2
2 4 Sub-rack mounting flange
1 5 Cable bracket
1 308.4mm
630mm
95mm
Figure 4-9 The architecture layout of ZXR10 M6000-5S AC
4 PFU+PIU
3 PFU+PIU
2 PFU+PIU
6 SRU
5 SRU
1 PFU+PIU
0 PFU+PIU
AC Power Supply AC Power Supply

Figure 4-10 The architecture layout of ZXR10 M6000-5S DC
4 PFU+PIU
3 PFU+PIU
2 PFU+PIU
6 SRU
5 SRU
1 PFU+PIU
0 PFU+PIU
The chassis of ZXR10 M6000-5S AC is 8U (1U=44.45mm) high and its entire size goes
like 442mm*352.8mm*725mm (W*H*D). And the chassis of ZXR10 M6000-5S DC is 7U
high and its entire size goes like 442mm*308.4mm*725mm (W*H*D).
With horizontal slots, ZXR10 M6000-5S is designed with7 slots including 5 service line
cards and 2 SRU. The SRU is designed in 1:1 redundant backup and Switch Fabric Unit
is in 1+1 redundant backup.
Each SRU card provides:


-48V DC or 110/220V AC modes. DC power supply mode is in 1+1 design, which
enables 2 groups of -48V DC offer electricity at the same time. AC power supply mode

uses 2+2 backup to enhance the reliability of the entire power supply system.
Air filter prevents dusts from falling down to the chassis. The entire chassis adopts
side-to-back ventilation cooling mode.
Two sets of cable brackets on the both sides, which give conveniences for cabling.
The appearance and architecture layout of ZXR10 M6000-3S AC and DC are shown as
follows:
Figure 4-11 The appearance of ZXR10 M6000-3S AC
6
1 Service cards
5 442mm
1 2 MPU cards
1
3 AC Power module
1
4 Sub-rack mounting
2
3 219.4mm flange
5 Cable bracket
628mm
4 6 Handles
1
95mm
Figure 4-12 The appearance of ZXR10 M6000-3S DC
5 442mm
1 1 Service cards
1 2 MPU cards
1 3 Handles
2
175mm 4 Sub-rack mounting
628mm
4
flange
1
5 Cable bracket
95mm

Figure 4-13 The architecture layout of ZXR10 M6000-3S AC
2 PFU+PIU
1 PFU+PIU
0 PFU+PIU
3 MPU 4 MPU
AC Power Supply AC Power Supply
Figure 4-14 The architecture layout of ZXR10 M6000-3S DC
2 PFU+PIU
1 PFU+PIU
0 PFU+PIU
3 MPU 4 MPU
The chassis of ZXR10 M6000-3S AC is 5U (1U=44.45mm) high and its entire size goes
like 442mm*219.5mm*723mm (W*H*D). And the chassis of ZXR10 M6000-3S DC is 4U
high and its entire size goes like 442mm*175mm*723mm (W*H*D). With horizontal slots,
ZXR10 M6000-3S is designed with5 slots including 3 service line cards and 2 MPU. The
MPU is designed in 1:1 redundant backup.



-48V DC or 110/220V AC modes. DC power supply mode is in 1+1 design, which
enables 2 groups of -48V DC offer electricity at the same time. AC power supply mode
uses 1+1 backup to enhance the reliability of the entire power supply system.
Air filter prevents dusts from falling down to the chassis. There are two groups of fans
trays on the back part of the chassis. The entire chassis adopts side-to-back ventilation
cooling mode.
Two sets of cable brackets on the both sides, which give conveniences for cabling.
4.2 System Hardware Architecture
4.2.1 Entire System Hardware Architecture
The hardware of ZXR10 M6000 uses many key technologies, such as distributed parallel
processing, Cross-bar space division switching, fast route search, multi-level traffic
management, etc. All its components are designed with redundant backup protection,
featuring carrier-class reliability. Based upon the hardware of high-end router that’s now
popular in the industry, ZXR10 M6000 creates brand-new switching architecture to
enable easier system capacity extension. With distributed protocol processing, it greatly
enhances the processing performance and flexibility of all sorts of protocols.
With rack-based design, ZXR10 M6000 series product is mainly composed by the
following subunit: physical line interface subunit, packet forward subunit, and service
processor subunit, switch fabric subunit, management process subunit, and backplane
subunit, power supply subunit, monitoring alarming subunit and diagnosis and debugging
subunit. All the subunits interconnect with each other via large-capacity serial bus or
Ethernet bus. The general hardware architecture of ZXR10 M6000-16 and ZXR10
M6000-8 are as shown in 0 and 0 respectively.

Figure 4-15 ZXR10 M6000-16 Hardware Architecture
Figure 4-16 ZXR10 M6000-8 Hardware Architecture

Figure 4-17 ZXR10 M6000-8S Hardware Architecture
Line card PFU

Power/CLK Power/CLK
Switch card SFU
POS/ETHERN Physics Line Switch Control Control
ET interface processi interface
unit ng unit unit 4
TDM/ATM HSSL HSSL
1 3
2 Switch Matrix 2
1
8
b
a Ethernet
General Service card GSU Management Process Unit MPU
Power/CLK c Power/CLK
k Ethernet Maintenance
RS232
Service Switch Control p switch unit Management
processi interface l unit ZXR10-OAM
2.048MHz
ng unit unit a Control
HSSL n System 2.048Mbps
management and Clock
TOD/PP1
e maintenance unit S
module
1 MS
2
8
Power
Power Fan
supply module
module .. 5
2
1 1
2
3
4
Figure 4-18 ZXR10 M6000-5S Hardware Architecture
Line card PFU

Power/CLK Power/CLK
Switch card SFU
POS/ETHERN Physics Line Switch Control Control
ET interface processi interface
unit ng unit unit
TDM/ATM HSSL HSSL
1
2 Switch Matrix 2
1
5
b
a Ethernet
General Service card GSU Management Process Unit MPU
k Ethernet Maintenance
RS232
Service Switch Control p switch unit Management
processi interface l unit ZXR10-OAM
2.048MHz
ng unit unit a Control
HSSL n System 2.048Mbps
management and Clock
TOD/PP1
e maintenance unit S
module
1 MS
2
5
Power
Power Fan
supply module
module
3
2
1 1
2

Figure 4-19 ZXR10 M6000-5S Hardware Architecture (FULLMESH Switch)
Line card PFU

Power/CLK
Physics Line Switch
POS/ETHERNET Control
interface processin interface
TDM/ATM
unit g unit unit
HSSL
1
2
3
b Ethernet
General Service card GSU a Management Process Unit MPU
k Ethernet Maintenance RS232
Service Switch Control p switch unit Managemen
processin interface l ZXR10-OAM
a t unit 2.048MHz
g unit unit HSSL Control
n System 2.048Mbps
e Clock TOD/PP1S
management and
maintenance unit module
1 M S
2
3
Power
Fan module
Power
supply
module
2
1
1
2
The corresponding interface buses connecting to the backplane of ZXR10 M6000 consist
of: switching fabric interface fast Serdes bus for service transmission, switching
management interface for the transmission of management data, 1000M Ethernet
Serdes bus for intercommunications among all hardware modules, system clock bus
provided by the clock subcard on MPU, and intelligent platform management bus and
monitoring bus for managing hardware system. In addition, MPU also provides the bus
and I/O interface for the management of system power supply. All management modules,
switching modules, power supply module, data switching Serdes, communication Serdes,
and management bus are in redundant design.
ZXR10 M6000 hardware system has the following features:
 Totally independent data forwarding platform, local control platform, remote control
plane enable isolated physical tunnels for delivering control plane message and
control plane configuration information. This method ensures the independent
operation of data plane and control platform.
 Advanced switching fabric architecture via VOQ (Virtual Output Queue) technology
realizes multiple virtual output queues in one physical tunnel, which realizes
end-to-end traffic control and QoS in switching plane. It realizes real non-blocking
service.

 The hardware architecture takes full consideration of future smooth upgrade.

Currently, it can support 100G single port, and in the future it will support single port
400G smoothly. It meets the requirements of the next generation network for super
high-speed interface.
 Packet Forwarding Unit (PFU) uses high-performance network processor, together

with traffic management chip and large-capacity TCAM to realize wire-speed
processing over high-speed interface. The adequate flexible management
hardware queue can support multi-level HQOS scheduling, which matches precise
user’s demands for multi-service and QoS management.
 PFU also supports local FLASH to save image file, which greatly shortens the
version download in the course of system initiation.
 Physical Interface Unit (PIU) flexible subcard enables the PFU to support hybrid
interface cards with different speed and types. It gives conveniences to flexible
networking.
 High-speed system management bus. Protocol message uses 3-level TM traffic

management, which effectively makes sure the fast responding of system
management and protocol message processing, and it avoids the influence to
protocol processing and system management caused by fast data processing.
 The advanced design philosophy of ATCA: inheriting ATCA’s design philosophy in

system infrastructure and power supply control. It uses independent bus to control
the bootup sequence of line cards. Select the general power supply mode.
 Support node/link redundancy and non-stop service. Known for carrier-class high
reliability and stability, the hardware guarantees the redundancy of SFU and MPU.
So when failure happens or repair takes place, the wire-speed forwarding and QoS
can be guaranteed.
 LCD gives real-time display on the monitoring information, such as power supply
status, fan, temperature and version, etc.
 Automatic power consumption adjustment, intelligent and stepless speed fan

reduces system power consumption and decreases noises.

4.2.2 The Working Philosophy of Hardware System
ZXR10 M6000 adopts distributed switching architecture. Messages are primarily

processed by the chip in interface physical layer, then they will experience frame
resolution, traffic classification and queue management in packet processing unit. After
that, the messages will be forwarded. Working together with TM chip, Fabric Queue
interface, the network processor in packet processing unit provides system-class ingress
and egress traffic management. The messages then are made adaptive to backplane
fast Serdes interface, and then switched to destination port via switching fabric. Data
switching is done in the control of management CPU module, the corresponding protocol
packets and management information realizes inner board communication via fast
switching. Via 1000M Ethernet switch, inter-slot communication is implemented. All
routing calculation and management control are done by the management module.
4.2.3 Introduction to Hardware Module
4.2.3.1 MPU (Management Process Unit)
As core control node of the product, management process unit of ZXR10 M6000 is
responsible for the entire management and maintenance of the chassis. When MPU
receives the related routing information sent by line cards, it will initiate dynamic routing
protocol, receive and send routing information, calculate routing table. Also, it uses
different processes to handle routing information of different types, and forms entire
routing table finally. Then via internal 1000M Ethernet bus, it delivers entire routing table
to each line card and service card. The active and standby MPU communicate with each
other via special internal communication tunnel. A dedicated circuit on MPU monitors the
operation status of CPU in real time, so when serious fault like storage ECC verifying
error and the breakdown of Ethernet switching chip, the hardware will implement the
switchover of main and standby MPUs.
MPU mainly consists of operation maintenance management and protocol processing

unit, Ethernet switching unit, clock processing unit. It is in charge of the management of
system clock source, control plane, maintenance plane, and environment monitoring
plane.
Operation Maintenance Management and Protocol Processing Unit

The core of MPU is mainly responsible for:
 Processing all sorts of protocol and signaling to realize the control and
announcement of the system status. Isolating forwarding plane and control plane,
isolating routing protocol control plane and configuration operation management
plane. Enhance the reliability of protocol control plane and the manageability of the
equipment.
 The inter-slot outbands communication of the entire system. The local switching
module inbuilt in the board provides modules with non-stop intraboard outband
communication to realize the interboard control, maintenance and information
exchange correctly. The isolation of interboard communication service and data
service guarantees the absolute reliability of the system interboard information.
 The configuration and maintenance management of the system status. It takes in

charge of the configuration and upgrade of system data, providing system operation
log. Outwardly, it offers serial port and RJ45 interface management and
maintenance. It provides SD card and USB interface for convenient in batch data
storage.
Ethernet Switching Unit
Ethernet switching unit (ESU) provides control communication tunnel for MPU, line card
and SFU. It realizes data communication and equipment management between MPU
and all other cards.
Clock Processing Unit
It provides all line cards with highly precise and reliable SDH (Synchronous Digital
Hierarchy) interface clock signal. It supports 2MBITS, 2MHz, GPS and line clock as
reference. By changing oven controlled crystal oscillators and software, type-III or type-II
clocks can be implemented. The clock processing unit provides system switch fabric with
highly reliable synchronized clock, and guarantees the clock synchronization of the
switch fabric and line card.
Monitoring Alarm Unit
The environment monitoring alarm unit is responsible for collecting the working status of

the rack and giving on time alarm. Besides, all these information will be displayed on
LCD, which on the other hand offers a sound man-machine interface to maintenance
engineer.
4.2.3.2 SFU(Switch Forward Unit)
The switch forward unit of ZXR10 M6000 is the core of data switching plane, taking care
of the unblocked switching. By using high-performance switching fabric, SFU integrates
creative capacity extension solution, implements multicast tunnel management,
intelligent monitoring and entire queue management. ZXR10 M6000-16 has 3+1
redundant SFU, ZXR10 M6000-8 has 2+1 redundant SFU, ZXR10 M6000-8S has 3+1
redundant SFU, and ZXR10 M6000-5S has 1+1 redundant SFU.
ZXR10 M6000 switch forward unit has the following features:
 The SFU of ZXR10 M6000 uses switching fabric oriented to high-speed

implementation. It can provide up to 960Gbps switching capacity;
 To ensure the reliability and redundancy of the switching system, the maximum
3-time speedup ratio is used. For M6000-16, 3+1 load sharing and redundant
design, plus 4 pieces of SFU working at the same time, so when 1 SFU breaks
down, the rest 3 still can provide adequate switching capacity for entire system
switching process. And it’s similar to M6000-8 with 2+1 redundancy.
 High-performance control processor is built-in SFU. 1000M Ethernet link is used as

information interactive tunnel between SFU and MFU, meeting the requirement of
the bandwidth and processing capability for information interaction.
 Monitoring and test bus independent from service has independent power supply,
providing the monitoring information on the power, voltage, current, temperature of
SFU, the control of hot swappable module, reset and boot-up, etc.
4.2.3.3 Line Card
The line card of ZXR10 M6000 is composed by PFU and PIU. There are following logical
subunit: physical line interface unit, forwarding unit, traffic management unit, switching
fabric interface unit and CPU control unit. It implements fast processing and forwarding,

takes care of the maintenance and management of link protocol and service forwarding
tables. The Line card architecture show as below:
Figure 4-20 ZXR10 M6000-8 LIC Architecture
 Physical line interface unit: it implements the processing in physical layer and data
link layer, such as the link identification, access, optical/electrical conversion,
coding/decoding and framing.
 Forwarding unit: it implements the processing and encapsulation of multiple sorts of

link layer protocols (e.g. ATM/Ethernet PPP/ML); implement traffic identification and
classification required by data forwarding, queue management, management of
protocol message; finish the configuration of the forwarding table entry, and
implement data forwarding, data management and scheduling according to
forwarding table.
 Traffic management unit: Implement the traffic control, classification, congestion

avoidance, discarding policy. It realizes different sorts of QoS service such as CAR,
Shaping, FQ, PQ, WFQ, CBWFQ and WRED. According to the direction of the
traffic, the traffic management unit consists of ingress traffic management unit and
egress traffic management unit, responsible for ingress and egress traffic
respectively.
 Switching fabric interface unit: it implements data forwarding together with

forwarding unit. Besides it also realizes the switching fabric traffic control, queue
management, priority classification, congestion avoidance, discarding policy,
multicast replication scheduling service and the conversion of high-speed interface
between SFU. As per different traffic direction, the switch interface unit consists of

Ingress Fabric Q switching interface unit and Egress Fabric Q switching interface
unit.
 CPU control unit: implement local protocol message processing, manage and
configure all sorts of chip and table entry on the line card.
ZXR10 M6000 provides rich service line cards, covering many types of interface, e.g.
Ethernet/POS/cPOS/E1 /E3. Besides, it supports multiple sorts of interface rate and port
density to meet the requirements of different network and services. It gives users
conveniences to implement flexible configuration.
According to different sizes, the existing interface card of ZXR10 M6000 consists of three
categories: full-high PIU, half-high PIU and 1/4 PIU. Depended on types of PFU, each
service slot can be configured with one full-height PIU or at most two half-height PIUs or
at most four 1/4 PIUs. And PIU also supports the hybrid configuration. ZXR10 M6000
full-high PIU mainly are high-density Ethernet /POS interface cards and high-speed
interface. The half-high PIU and 1/4 PIU of ZXR10 M6000 is designed for enhancing
network flexibility, reducing user’s network costs, and meeting different user and network
requirements. Also, PFU supports the access of PIU with hybrid types, which effectively
enhances the flexibility of user’s configuration, simplifies user’s choices and reduces
carrier’s OPEX and CAPEX.
Table 4-1 BRAS PFU
Number Description Remarks

1 20G Packet Forwarding Unit Type A2 2 semi-height sub-slots
3 40G Packet Forwarding Unit Type A1 1 full-height sub-slot
Table 4-2 SR PFU
Number Description Remarks

Table 4-3 Full-height Flexible PIC
Number Full-height Flexible PIC Remarks
1 48 ports 10/100/1000M Interface Card Interface Card
2 40 ports 100M/1000M (SFP) Interface Card Interface Card
3 4 ports OC-192c/STM-64c POS Interface Card Interface Card
4 1 port OC-768/STM-256 POS Interface Card Interface Card
5 1 port 100GE LAN/WAN 1588v2 Interface Card Interface Card
Table 4-4 Semi-height Flexible PIC
Number Semi-height Flexible PIC Remarks
1 1 port OC-192c/STM-64c POS(XFP) Interface Card Interface Card
2 2 port OC-192c/STM-64c POS(XFP) Interface Card Interface Card
3 4 ports OC-48c/STM-16c POS(SFP) Interface Card Interface Card
6 4 ports OC-3/STM-1 CPOS(SFP) Interface Card Interface Card
7 2 ports OC-12 ATM (SFP) Interface Card Interface Card
8 4 ports OC-3 ATM (SFP) Interface Card Interface Card
9 12 ports 100/1000M 1588(SFP) Interface Card Interface Card
10 20 ports 100/1000M 1588(SFP) Interface Card Interface Card
11 8 ports 100M/1000M SFP + 4 ports GE Combo Interface Card

Interface Card, 1588V2
13 2 ports 10GE LAN/WAN 1588v2 Interface Card Interface Card
14 16 ports Fast Ethernet Interface Card Interface Card
15 4 ports OC-3/STM-1 cPOS PWE3 Interface Card Interface Card

Table 4-5 1/4 Flexible PIC
Number 1/4 Flexible PIC Remarks
1 24 port CE1 Interface Card Interface Card
2 4 port Channelized OC-3/STM-1 POS Interface Card Interface Card
3 8 port OC-3/OC-12 POS Interface Card Interface Card
4 4 port OC-3/OC-12 POS Interface Card Interface Card
5 4 port OC-48/STM-16 POS Interface Card Interface Card
6 8 port 100M/1000M SFP Interface Card Interface Card
7 8 port 10M/100M/1000M Electrical Interface Card Interface Card
4.2.3.4 Service Processor Unit
Service processor unit is responsible for processing all sorts of complicated services and
protocols. Working together with different service licenses, ZXR10 M6000 can offer
services like CGN (Carrier Grade NAT), Netflow, L2TP, IPsec and DPI etc.
Taking up one slot, service processor unit does not provide outward interfaces. As per
different uploaded software, service processor unit offers different services.
ZXR10 M6000 uses load sharing parallel processing mode to enhance processing
capability.
4.2.3.5 Signal Backplane Unit
The signal backplane unit of ZXR10 M6000 is the bridge of line card, MPU, SFU and
other components, which interconnects all sorts of data, control and power signal of the
functional units.
The features of the SBU of ZXR10 M6000 are:
 Passive design, reliable and stable.
 It fully supports 3.125G/6.25G high-speed cabling. It completely enables the super

high-speed interface in network evolution.
 Referring to ATCA design philosophy, it is compatible with many kinds of

high-speed signal standard
 Dual-star topology enhances the reliability and redundancy of the switching fabric
 Dual-input DC power supply
4.2.3.6 Power Supply Module
ZXR10 M6000 power supply module is designed in N+N redundant mode, supporting DC
and AC power supply models. Two groups of power supply modules work independently.
They are hot swappable, so when one power supply module breaks down or is plugged
out, the system won’t be affected, which on the other hand enhances equipment
reliability. The power supply module is designed in environment protection mode,
capable of exceed outgoing traffic protection, exceed outgoing voltage protection,
short-circuit protection, alarm provision and anti-lightening protection. Also it can send
error alarming information via monitoring tunnel to LCD in time.
4.3 Software Architecture
Based upon ZTE’s self-researched route operation system ZXROS, ZXR10 M6000 can
be adaptive to all kinds of network in any high-performance and complicated commercial
environment. This software has the most integrated network features built based upon
international standard. The entire software architecture is as shown as following:
Figure 4-21 The Software System Architecture
User Management Service Control Subsystem
Support Protocol
Network Management
MPLS Protocol
SNMP Subsystem
Subsystem
Statistical Alarm
Subsystem
The Security
Subsystem
The Security
Subsystem
Subsystem
Subsystem
Multicast Routing
Unicast Routing
Protocol
Protocol Subsystem
Subsystem
IP Routing Subsystem
L2 Protocol Subsystem
Distributed Operation System Support Platform

Hardware & Driver

The sub-system functions of ZXR10 M6000 software system list below:
 Hardware & Drive Subsystem: Provide drives for the software of MPU, line card,
backplane, fan and power supply module ;
 Distributed Operation System Support Platform: As the core of ZXR10 M6000

series software system, it provides real-time operation system. Downstream, it is
responsible for the entire hardware system of the routing switch, and upstream it
offers a unified operating platform to the operating program of the entire software
system. It features high reliability, real-time service, self-healing, maintainability,
and encapsulation;
 L2 Protocol Subsystem: Implement the drive program of switching chip, L2link

control and management protocol.
 IP Routing Subsystem: it is the core of router software system architecture. Support

IPv4 and IPv6 routing protocols like RIP, OSPF, IS-IS and BGP, also multicast
routing protocol. This system is mainly responsible for the maintenance of routing
table.
 Unicast Routing Protocol Subsystem: it forms unicast forwarding routing table for
lower layers to forward unicast packet.
 Multicast Routing Protocol Subsystem: it forms multicast forwarding routing table for
lower layers to forward multicast packet.
 Underlay Protocol Subsystem: It implements IP data processing, ICMP protocol

processing, ARP protocol processing, TCP protocol processing, UDP protocol
processing, Telnet guard process and client program, FTP and TFTP protocol
processing. The underlay subsystem provides services for route subsystem and
management subsystem.
 The Security Subsystem: Realize multiple security protection modes; provide

message filtering, encryption password, authentication, authorization, various VPN
technologies, NAT, administrator authentification and statistical information
provision, etc.
 MPLS Protocol Subsystem: implement LDP, RSVP-TE, and L2/L3 VPN. Provide

basic MPLS services and label forwarding service.
 Statistical Alarm Subsystem: maintain all sorts of statistical alarm and configuration
information, store all kinds of statistical information, and provide query interface
 System Management subsystem: provide file management, equipment

management, monitoring maintenance and diagnosis debugging service
 SNMP Subsystem: implement SNMP AGENT service, support all the protocol
operations of SNMP agent made in SNMP V1 /V2/V3
 Network Management Subsystem: Provide equipment configuration management,

failure management, performance management and security management.
 User Management Service Control Subsystem: implement user access and

management features, user service configuration, AAA. User management service
consists of PPP user management, IP user management, VPLS service
management, VPDN user management and multicast user management, etc.
ZXROS is a modularized multitask-based distributed real-time network operating system,

providing unified IP protocol support for all devices from ZTE Corporation. ZXROS in
terms of user’s service demands considers more about user’s OPEX and CAPEX.
 Encapsulation
 Support multiple operating systems and the smooth upgrade of the operating
system.
 Adopt unified product configuration style and give conveniences to user

operation and maintenance.
 Monitoring
 Monitor processes and memory abnormities.
 Monitor the working status of power supply module, fan, voltage, current, and
working temperature.
 Provide fast failure location to guarantee high reliability of the product version.

 Modular Components
 All software services based upon ZXROS can be extended or uninstalled

easily; new services can be developed based upon the original architecture.
 Based upon customer’s requirements, provide flexible on-demand service and

rapid response.
 The Extension of Carrier-Class Ethernet New Services Based Upon Unified

Platform
 Implement E-LINE, E-LAN, E-TREE multiple connection modes. Realize the

safe and flexible deployment of hierarchical network.
 Support L2/L3 VPN, H-VPLS, meet the requirements of hierarchical services,

support multicast VPN service and realize rapid VPN deployment via unified
network management system. Besides, it also implements user’s multicast
services, for example, video and IPTV services.
 Support IEEE 1588v2 and synchronized Ethernet clock.
5 Technical Specifications
5.1 Physical Indices
Table 5-1 Physical Indices
Item Parameters
M6000-16 M6000-8 M6000-8S M6000-5S M6000-3S
Physical Dimensions
441*619.5 442*308.3 442*175*7
Paramet (W*H*D
*749.4 *740 38
er mm) (DC) 442*1686* 442*1197.
Dimensions 600 3*600
442*352.8 442*219.4
(W*H*D NA
*740 *738
mm) (AC)
Weight (Full < 210kg <145kg <95kg <55kg <35kg

load)
Slot Total Slot 22 13 12 7 5

Number Number
Service Slot 16 8 8 5 3
Power Power DC:-60V~-40V(Rated DC:-38V ~ -72V(Rated voltage:

Supply Supply voltage: -48V) -48V)
Module Module AC:200V~240V AC:100V~240V(M6000-5S/M6000-3
S)
Rated DC:8000W DC:4000W DC:2650 DC:2650 DC:2650

Power (1+1) (1+1) W (2+2) W (1+1) W(1+1)
Consumptio AC:2000 AC:2000W AC:2675 AC:2675
n W (4+4) (2+2) W (1+1) W(1+1)
Reliabilit MTBF >400000 hours

y MTTR <30 minutes
Reliability ≥99.999%
Hot Swap All modules are hot-swappable, interface sub-modules are not
ability hot-swappable
MPU 1:1 redundancy

Redundant
Backup
SFU 3+1 2+1 3+1 1+1 FULLMES

Redundant redundan redundan redundan redundan H
Backup cy cy cy cy
Power DC: 1+1 DC: 1+1 DC: 2+2 DC: 1+1 DC: 1+1
Supply AC: 4+4 AC: 2+2 AC: 1+1 AC: 1+1
Module
Redundant
Backup
Environ Operating -5 Degree C~+45 Degree C

ment Temperatur
Require e
ment Storage -40 Degree C~+70 Degree C
Temperatur
e
Operating 5%~90%,no concreting

Humidity
Noise <70dB

Anti-Seismi Anti-9 magnitude earthquake design

c Design
Cooling Thermal 26559 12911 14633 DC: 9084 DC: 5908

Load of AC: 9650 AC: 6311
Entire
Device
(BTU/h)
5.2 Basic Performance Indices
Table 5-2 Basic Performance Indices
Parameters
Item
M6000-16 M6000-8 M6000-8S M6000-5S M6000-3S
Basic Port Maximum 100G/Slot

Perform Throughput
ance
MAC
Address 256K 256K
L2
Table
Feature
VLAN
64K 64K
Number
Routing 4M
4M
Table
L3 Multicast 64K
L3 64K
Table
Feature
IPv6 1M
Routing 1M
Table
LSP
500K 500K
Number
Number of
MPLS LDP 2000 2000
Neighbors
Time for
<50ms <50ms
MPLS FRR

Switchover
QoS CAR
8 kbit/s 8 Kbps
Granularity
Queue 256K/Slot 256K/Slot

Number
HQoS Level 5 5
VPN VRF 16K 16K
VRF
Routing 1M 1M
Table
VPLS Entity
16K 16K
Number
PPPoE
32K/slot 32K/slot
User
256K/chassis 256K/160K/96K /chassis
BRAS Number
IPoE User 32K/slot 32K/slot

Number 256K/chassis 256K/160K/96K /chassis
Concurrent 32K/slot 32K/slot

DHCP
sessions 256K/chassis 256K/160K/96K /chassis
Maximum
configured 10 7 7 4 2
boards
SPU-NA Maximum
T concurrent
sessions 12M
per
SPU-NAT
5.3 System Software Attributes
Table 5-3 L2 Attributes
Item Descriptions
L2 Features VLAN Support VLAN based upon port, protocol, subnet
and MAC address

QinQ Support QinQ-based forwarding

Support common QinQ. Tag outer label based upon
port
Super VLAN Basic functions of Super VLAN

VLAN IP binding
MAC IP binding
Super VLAN cross board
Super VLAN of QinQ
MAC Support MAC address learning, aging and fixing

Support the configuration of static MAC address
Prevent MAC address from attacking
SmartGroup SmartGroup and its subinterface support: 1)

inter-slot; 2) ACL; 3) L2/L3 VPN; 4) VPLS; 5)
PQ/CBWFQ; 6) CAR; 7) QinQ
Link Layer PPP

Protocol ML-PPP
HDLC
LACP Support dynamic LACP

Support traffic-based load balance
Support inter-slot aggregation
Storm Support broadcasting packet suppression

Suppression Support multicast packet suppression
Support unknown packet suppression
Support the drop of unknown unicast/multicast
packets
Support unknown unicast/multicast broadcasting
Support unknown unicast/multicast designates
forwarding port
ARP Support static ARP configuration

Support dynamic ARP learning
Support ARP Proxy
Support dynamic aging of ARP table aging
Port Support incoming port mirroring, outgoing mirroring,

N:1 mirroring, traffic mirroring, CPU mirroring,
DSPAN
Support port traffic control service

L2 Multicast Support IGMP Snooping/proxy

Support IGMP rate limit, IGMP rate filter, IGMP rate
shaping
Support IGMP failure fast switchover
Support MLD snooping
Support PIM snooping
Support IGMP port redundancy, multicast load
balance
Support inter-VLAN multicast replication
Ethernet OAM Support IEEE 802.1ag

Support IEEE 802.3ah
Support ITU-T Y.1731
Table 5-4 L3 Attributes
Item Descriptions
L3 Features IPv4 Unicast Support IPv4 unicast static route

Route Support RIPv1/v2, OSPFv2, IS-IS, BGP-4
Support NAT
Support ICMP
Support static route
Support policy route
Support load sharing
Support uRPF
IPv6 Unicast Support static route

Route Support policy route
Support RIPng, OSPFv3, IS-ISv6, BGP4+
Support URPFv6
Support NAT-PT
Support 6to4 tunnel, 4in6 tunnel and 6in4 tunnel
Support 6PE and 6vPE
L3 Multicast Support static multicast

Support IGMPv1/v2/v3
Support PIM-SM, PIM-SSM, PIM-DM, MSDP, MBGP
Support master/slave switchover without packet loss

Table 5-5 MPLS Attributes
Item Descriptions
MPLS Basic Support LDP

Attributes Attributes Support load sharing
Support MPLS CAR
Support LDP GR
Support MPLS policy
MPLS L2 VPN Support VPWS

Support VPLS
MPLS L3 VPN Support static route

Support RIP, OSPF, ISIS and BGP access
Support VRF-NAT and VRF-ACL
MPLS TE Support MPLS TE

Support RSVP-TE
Support MPLS DS-TE
Support TE FRR
MPLS OAM Support the interconnectivity of CV/FFD

Support 1+1/1:1 protection mode
Support MPLS Ping
Support MPLS Trace Route
Table 5-6 QoS
Item Descriptions
QoS Traffic Support traffic classification based upon physical
Classification port
Support traffic classification based upon VLAN ID
Support IP classification based upon source and
destination addresses
Support port classification based upon TCP/UDP
Support traffic classification based upon DSCP
domain
Support traffic classification based upon protocol
number
Message Support 802.1p precedence, IP Precedence, IP

Remarking DSCP, IP TOS, MPLS EXP remarking and mapping

Support mapping of inner and outer labels
Traffic Policing Support single color 3 speeds and dual-color 3

speeds
Support traffic-based CAR
Support VLAN port speed restriction
Support ingress/egress traffic policing
Support remarking after setting traffic monitoring
Congestion Support traffic-based bandwidth control

Control Support RED and WRED
Queue Support PQ, LLQ, CBWFQ

Scheduling Support queue statistics
Traffic Shaping Support
QPPB Support IP/MPLS/VRF

Support source/dest IP mode
H-QoS Hierarchical Support ingress/egress H-QoS, support over 5 tiers

QoS
Table 5-7 Service Management
Item Descriptions
Service Support RADIUS authentification.

Management Support Tacacs+
Support DHCP Server, DHCP Relay, DHCP Snooping
Table 5-8 Reliability
Item Descriptions
Reliability Support MPLS-TE tunnel end-to-end path protection
Support MPLS-TE FRR
Support BFD for Static Routing , Policy Routing, LDP, OSPF,
ISIS, BGP, VRRP, FRR
Support VPN FRR, IP FRR, LDP FRR
Support Graceful Restart
Support NSF/NSR
Support ISSU
Support VRRP

Table 5-9 Tunnel Attributes
Item Descriptions
Static Tunnel MPLS Tunnel Support static MPLS tunnel

Service GRE Tunnel Support
Table 5-10 Security Attributes
Item Descriptions
Security Attack Support ACL

Feature Prevention Support IPv4/v6 uRPF
Support anti-DOS attack
Support CPU prevention
Support anti-ARP attack
Support command tier protection
Support protection of deformity message and failed
message
Support anti-SMURF attack
Support MAC filtering
Support MAC restricting
Support TCP control
Support port mirroring
Support port holding
Support SSHv2
Support netflow
CPU Security Support the initiation and disablement of protocol

Protection priority processing
Support protocol packet protection
Filter the delivered CPU message by check
matching fields.
Advanced Support data log monitoring

Security Support automatic broadcasting storm suppression
Attributes , Support control/signaling MD5 encryption and
authentification.

Table 5-11 Operation and Maintenance
Item Descriptions
Operation Operation and Support CLI

and Maintenance Support administrator authority management
Maintenance Support password aging and confirmation
Support console
Support user access service management
Support remote access via SSH, TELNET, WEB,
SNMP, SSL
Support different types of warning (voice and light
warning platform)
Support Netnumen integrated network management
Support CLI hierarchical network management
Support user access control list
Support the recovery of configuration storage
Support record of operation log
Support management of warning log
Support basic MIB function
Support traffic statistical function
Support MPLS VPN Debug function
Support QoS network management
Support TE network management
OAM Support CLI command

Support in-batch creation and replication of CLI
command
Support TELNET
Support SNMP
Support RMON
Support NTP
Support BOOY online upgrade
Support Ethernet OAM
Support MPLS OAM
Support OAM tool (LSP Ping, LSP trace route,
VPLS MAC Ping, etc.)

6 Protocols and Standard
Table 6-1 L2 Protocol Standard
L2 Protocol Standard
IEEE 802.1d Bridging IEEE 802.3ad Link Aggregation
IEEE 802.1Q VLAN tagging IEEE 802.3ag Service Layer OAM
IEEE 802.1p VLAN Priority IEEE 802.3ah Provider Backbone B
9216 bytes jumbo frame forward on IEEE 802.1ab LLDP(Link Layer

Ethernet and pos interface Discovery Protocol)
IEEE 802.1ad VLAN stacking, Select IGMP v1/v2 snooping/proxy

QinQ, VLAN translate
IEEE 802.3 10BaseT IEEE 802.3ae 10Gpbs Ethernet
IEEE802.3ah Ethernet OAM IEEE 802.3x Flow Control
IEEE 802.3 100BaseT IEEE 802.3z 1000BaseSX/LX
IEEE 802.3u 100BaseTx IEEE 802.3ae 10Gbps Ethernet
Table 6-2 TCP/IP Protocol Standard
TCP Protocol Standard
RFC 768 UDP RFC 791 IP
RFC 792 ICMP RFC 793 TCP
RFC 826 ARP RFC 854 Telnet
RFC 951 BootP RFC 1350 TFTP
RFC 1519 CIDR RFC 1812 Requirements for IPv4

Routers
draft-ietf-bfd-v4v6-1hop-02.txt BFD IPv4 RFC 2347 TFTP option Extension

and IPv6(Single Hop)
RFC2349TFTPTimeoutIntervaland RFC 2401 Security Architecture for

Transfer Size option Internet Protocol
draft-ietf-bfd-mib-00.txt Bidirectional draft-ietf-bfd-base-02.txt Bidirectional

Forwarding Detection Management Forwarding Detection
Information Base

Table 6-3 RIP Protocol Standard
RIP Protocol Standard
RFC 1058 RIP Version1 RFC 2453 RIP Version2
RFC 2082 RIP-2 MD5 Authentication
Table 6-4 OSPF Protocol Standard
OSPF Protocol Standard
FC 1765 OSPF Database Overflow RFC 2328 OSPF Version 2
FC 2370 Opaque LSA Support RFC 2740 OSPF for IPv6(OSPFv3)
RFC 3101 OSPF NSSA Option RFC 3137 OSPF Stub Router
Advertisement
RFC 3623 Graceful OSPF Restart-GR

helper
Table 6-5 BGP Protocol Standard
BGP Protocol Standard
RFC 1397 BGP Default Route RFC 1772 Application of BGP in the
Advertisement Internet
RFC 1965 Confederations for BGP RFC 1997 BGP Attribute Communities
RFC 2385 Protection of BGP Sessions RFC 2439 BGP Route-Flap Dampening
via MD5
RFC 2547bis BGP/MPLS VPNs RFC 2796 BGP Route Reflection
draft-ietf-idr-rfc2796bis-02.txt draft-ietf-idr-rfc2858bis-09.txt
RFC 2918 Route Refresh Capability for RFC 3065 Confederations for BGP
BGP4
draft-ietf-idr-rfc3065bis-05.txt RFC 3392 Capabilities Advertisement

with BGP4
RFC 4271 BGP-4 (previously RFC 1771) RFC 4360 BGP Extended Communities
Attribute
RFC 4364 BGP/MPLS IP Virtual Private RFC 2547bis BGP/MPLS VPNs

Networks (VPNs)
RFC 4724 Graceful Restart Mechanism RFC 4760 Multi-protocol Extensions for
for BGP-GR helper BGP

Table 6-6 ISIS Standard
ISIS Standard
RFC 1142 OSI IS-IS Intra-domain RFC 1195 Use of OSI IS-IS for routing
Routing Protocol (ISO 10589) in TCP/IP&dual environments
RFC 2763 Dynamic Hostname Exchange RFC 2973 IS-IS Mesh Groups
for IS-IS
RFC 3373 Three-Way Handshake for RFC 2966 Domain-wide Prefix

Intermediate System to Inter-mediate Distribution with Two-Level IS-IS
System (IS-IS) Point-to-Point
Adjacencies
RFC 3567 Intermediate System to Cryptographic Authentication

Intermediate System(IS-IS)
RFC 3719 ecommendations for RFC 3784 Intermediate System to

Interoperable Networks using IS-IS Intermediate
System(IS-IS) Extensions for Traffic RFC 3787 Recommendations for

Engineering (TE) Interoperable IP Networks
RFC 3847 Restart Signaling for IS-IS-GR RFC 4205 for Shared Risk Link Group
helper (SRLG) TLV
draft-ietf-isis-igp-p2p-over-lan-05.txt
Table 6-7 VRRP Standard
VRRP Standard
RFC 2787 Definitions of Managed RFC 3768 Virtual Router Redundancy

Objects for the Virtual Router Protocol
Redundancy Protocol
Table 6-8 LDP Standard
LDP Standard
RFC 3036 LDP Specification draft-jork-ldp-igp-sync-03
RFC 3037 LDP Applicability RFC 3478 Graceful Restart Mechanism

for LDP-GR helper
Table 6-9 IPV6 Standard
IPV6 Standard

RFC 1981 Path MTU Discovery for IPv6 RFC 2375 IPv6 Multicast Address
Assignments
RFC 2460 Internet Protocol Version RFC 2461 Neighbor Discovery for IPv6
6(IPv6) Specification
RFC 2462 IPv6 Stateless Address Auto RFC 2463 Internet Control Message
configuration Protocol(ICMPv6) for the Internet
Protocol Version 6 Specification
RFC 2464 Transmission of IPv6 Packets RFC 5072 IP Version 6 over PPP
over Ethernet Networks
RFC 2545 Use of BGP-4 Multi-protocol RFC 2710 Multicast Listener Discovery
Extension for IPv6 Inter-Domain Routing (MLD) for IPv6
RFC 2740 OSPF for IPv6 RFC 3306 Unicast-Prefix-based IPv6

Multicast Addresses
RFC 3315 Dynamic Host Configuration RFC 3587 IPv6 Global Unicast Address
Protocol for IPv6 Format
RFC 3590 Source Address Selection for RFC 3810 Multicast Listener Discovery
the Multicast Listener Discovery (MLD) Version 2 (MLDv2) for IPv6
Protocol
RFC 4007 IPv6 Scoped Address RFC 4193 Unique Local IPv6 Unicast
Architecture Addresses
RFC 4291 IPv6 Addressing Architecture RFC 4659 BGP-MPLS IP Virtual Private
Network(VPN) Extension for IPv6 VPN
Table 6-10 Multicast Standard
Multicast Standard
RFC 1112 Host Extensions for IP RFC 2236 Internet Group Man-agement
Multicasting(Snooping) Protocol
RFC 2362 Protocol Independent RFC 3376Internet Group Management

Multicast-Sparse Mode(PIM-SM) Protocol Version3
RFC 3446 Anycast Rendezvous RFC 3618 Multicast Source Discovery

Point(RP) mechanism using Protocol Protocol (MSDP)
Independent Multicast(PIM) and Multicast
Source Discovery Protocol(MSDP)
RFC 4601 Protocol Independent RFC 4604 Using IGMPv3 and MLDv2 for
Multicast-Sparse Mode(PIM-SM) Source-Specific Multicast
RFC 4607 Source-Specific Multicast for RFC 4608 Source-Specific Protocol

IP Independent Multicast in 232/8
RFC 4610 Anycast-RP Using Protocol draft-ietf-pim-sm-bsr-06.txt

Independent Multicast(PIM)
draft-rosen-vpn-mcast-08.txt draft-ietf-mboned-msdp-mib-01.txt
Table 6-11 MPLS Standard
MPLS Standard
RFC 3031 MPLS Architecture RFC 3032 MPLS Label Stack
RFC 4182 Removing a Restriction on the RFC 4379 Detecting Multi-Proto-col

use of MPLS Explicit NULL Label Switched (MPLS) Data Plane
Failures
Table 6-12 RSVP-TE Standard
RSVP-TE Standard
RFC 2747 RSVP Cryptographic RFC 3209 Extensions to RSVP for

Authentication Tunnels
RFC 4090 Fast reroute Extensions to RFC 3097 RSVP Cryptographic

RSVP-TE for LSP Tunnels Authentication
Table 6-13 Differentiated Services Standard
Differentiated Services Standard
RFC 2474 Definition of the DS Field the RFC 2598 An Expedited Forwarding PHB
IPv4 and IPv6 Headers(Rev)
Table 6-14 PPP Standard
PPP Standard
RFC 1332 PPP IPCP RFC 1377 PPP OSINLCP
RFC 1662 PPP in HDLC-like Framing RFC 1638/2878 PPP BCP
RFC 1661 PPP RFC 1989 PPP Link Quality Monitoring
RFC 1990 The PPP Multilink RFC 2516 A Method for Transmitting PPP
Protocol(MP) Over Ethernet
RFC 2615 PPP over SONET/SDH

Table 6-15 ATM Standard
ATM Standard
RFC 2514 Definitions of Textual RFC 2515 Definition of Managed Objects

Conventions and OBJECT_IDENTI-TIES for ATM Management
for ATM Management
ITU-T Recommendation I.610- B-ISDN ITU-T Recommendation I.432.1-BISDN

Operation and Maintenance PrincIPles user-network interface-Physical layer
and Functions version 11/95 specification: General characteristics
GR-1248-CORE-Generic Require-ments AF-TM-0121.000 Traffic Manage-ment

for Operations of ATM Network Specification Version 4.1
Elements(NEs),Issue 3
RFC 1626 Default IP MTU for use over RFC2684 MultIProtocol Encapsulation
ATM AAL5 over ATM Adaptation Layer 5
GR-1113-CORE-Asynchronous Transfer AF-ILMI-0065.000 Integrated Local

Mode (ATM) and ATM Adaptation Management Interface(ILMI) Version4.0
Layer(AAL) Protocols Generic
equirements,Issue1
AF-TM-0150.00 Addendum toTraffic

Management v4.1 optional minimum
desired cell rate indication for UBR
Table 6-16 DHCP Standard
DHCP Standard
RFC 2131 DynamicHost-Configuration RFC 3046DHCP Relay Agent Information

Protocol(REV) Option(Option 82)

Table 6-17 VPLS Standard
VPLS Standard
RFC 4762 Virtual Private LAN Services RFC 5501 (previously

Using LDP(previously draft-ietf-l2vpn-vpls-mcast-reqts-04.txt)
draft-ietf-l2vpn-vpls-ldp-08.txt)
Table 6-18 PW Standard
PW Standard
RFC 3985 Pseudo Wire Emulation RFC 4385 Pseudo Wire Emulation
Edge-to-Edge(PWE3) Edge-to-Edge(PWE3) Control Word for
Use over an MPLS PSN
RFC 3916 Requirements for PWE3 RFC 4446 IANA Allocations for PWE3
RFC 4447 Pseudowire Setup and RFC 4448 Encapsulation Methods for
Maintenance Using Transport of Ethernet over MPLS
LDP(draft-ietf-pwe3-control-protocol-17.t Networks(draft-ietf-pwe3-ethernet-encap-
xt) 11.txt)
RFC 4619 Encapsulation Methods for RFC 4717 Encapsulation Methods for
Transport of Frame Relay over MPLS Transport ATM over MPLS Networks
Networks(draft-ietf-pwe3-frame-relay-07.t (draft-ietf-pwe3-atm-encap-10.txt)
xt)
RFC 4816 PWE3 ATM Transparent Cell RFC 5085,Pseudowire Virtual Circuit
Transport Connectivity Verification (VCCV):A
Service(draft-ietf-pwe3-cell-transport-04.t Control Channel for Pseudowire
xt)
draft-ietf-l2vpn-vpws-iw-oam-02.txt RFC 6310

(draft-ietf-pwe3-oam-msg-map-05-txt)
draft-ietf-l2vpn-arp-mediation-04.txt draft-ietf-pwe3-ms-pw-arch-02.txt
draft-ietf-pwe3-segme nted-pw-05.txt draft-hart-pwe3-segmented-pw-vccv-02.t

xt
MFA Forum 9.0.0 The Use of Virtual MFA Forum 12.0.0 Multiservice
trunks for ATM/MPLS Control Plane Interworking-Ethernet over MPLS
Interworking
MFA Forum 13.0.0-Fault Management for MFA Forum 16.0.0-Multiservice

Multiservice Interworking v1.0 Interworking-IP over MPLS

Table 6-19 Network Management Standard
Network Management Standard
ITU-T M.3000, Overview of TMN ITU-T M.3010, PrincIPles for a

recommendations Telecommunications management
network
ITU-T M.3016, TMN security overview ITU-T M.3020, TMN Interface

Specification Methodology
ITU-T M.3100 Generic Network ITU-T M.3101, Managed Object

Information Model Conformance Statements for the Generic
Network Information Model
ITU-T M.3200, TMN management ITU-T M.3300, TMN F interface

services and telecommunications requirements
managed areas: overview
ITU-T M.3400, TMN Management ITU-T Temporary Document 69 (IP

Function Experts): Revised draft document on IP
access network architecture
ITU-T X.701-X.709, Systems ITU-T X.710-X.719, Management

Management framework and architecture Communication Service and Protocol
ITU-T X.720-X.729, Structure of ITU-T X.730-X.799, Management

Management Information functions
RFC1157, Simple Network Management RFC1213, Management Information

Protocol Base for Network Management of TCP/IP
based internets: MIB-II
RFC1901, Introduction to RFC1902, Structure of Management

Community-based SNMPv2 Information for Version 2 of the Simple
Network Management Protocol
(SNMPv2)
RFC1903, Textual Conventions for RFC1905, Protocol Operations for

Version 2 of the Simple Network Version 2 of the Simple Network
Management Protocol (SNMPv2) Management Protocol (SNMPv2)
RFC2037, Entity MIB using SMIv2 RFC2233, The Interface Group MIB using
SMIv2
RFC1558, A String Representation of RFC1558, A String Representation of

LDAP Search Filters LDAP Search Filters
RFC1777, Lightweight Directory Access RFC1778, The String Representation of

Protocol Standard Attribute Syntaxes
RFC1959, An LDAP URL Format RFC2251, Lightweight Directory Access

Protocol (v3)
RFC1493, Definitions of Managed GB901, A Service management Business

Objects for Bridges Process Model
GB910,Telecom Operations Map GB909,Generic Requirements for

Telecommunications Management
Building Blocks
RFC1757, Remote Network Monitoring GB908,Network Management Detailed

Management Information Base Operations Map
RFC1757, Remote Network Monitoring GB914,System Integration Map

Management Information Base
GB917, SLA Management Handbook NMF038, Bandwidth Management

V1.5 Ensemble V1.0
TMF508, Connection and Service TMF801, Plug and Play Service

Management Information Model Fulfillment Phase 2 Validation
Business Agreement Specification V1.0
TMF605, Connection and Service NMF037, Sub-System Alarm Surveillance

Management Information Model Ensemble V1.0
TMF053, NGOSS Architecture TMF053A, NGOSS Architecture

Technology Neutral Specification V1.5 Technology Neutral Specification V1.5
TMF053B, NGOSS Architecture TMF821, IP VPN Management Interface

Technology Neutral Specification V1.5 Implementation Specification V1.5
TMF816, B2B Managed Service for DSL Interworking Between CORBA and TMN
Interface Implementation Specification System Specification V1.0
V1.5
YD/T 852-1996 TMN General Design YD/T 871-1996 TMN General Information
Principle Model
YD/T XXXX-2001 General Requirements YD/T XXXX-2001 IP Network Technology

of Broadband MAN Requirement-Network Performance and
Availability
YD/T XXXX-2000 IP Network Technical YDN 075-1998 China Public Multimedia

Requirements-General Network Communications Network Management
Standard
YDN 075-1998 China Public Multimedia RFC 1215 A Convention for Defin-ing
Communications Network Management Traps for use with the SNMP
Standard
RFC 1657 BGP4-MIB RFC 1724 RIPv2-MIB
RFC 1850 OSPF-MIB RFC 1907 SNMPv2-MIB

RFC 2096 IP-FORWARD-MIB RFC 2011 IP-MIB
RFC 2012 TCP-MIB RFC 2013 UDP-MIB
RFC 2138 RADIUS RFC 2206 RSVP-MIB
RFC 2452 IPv6 Management Information RFC 2454 IPv6 Management Information
Base for the Transmission Control Base for the User Datagram Protocol
Protocol
RFC 2987 VRRP-MIB RFC 3014 NOTIFICATION-LOGMIB
RFC 3019 IP Version 6 RFC 3164 Syslog

Manage-mentInformation Base for The
Multicast Listener Discovery Protocol
draft-ietf-disman-alarm-mib-04.txt draft-ietf-ospf-mib-update-04.txt
draft-ietf-isis-wg-mib-05.txt draft-ietf-mpls-lsr-mib-06.txt
draft-ietf-mpls-te-mib-04.txt draft-ietf-mpls-ldp-mib-07.txt
7 Abbreviation
Abbreviation Full Name in English
ACL Access Control List
ARP Address Resolution Protocol
AS Autonomous System
ASBR Autonomous System Border Router
ATM Asynchronous Transfer mode
ASIC Application Specific Integrated Circuit
ATCA Advanced Telecom Computing Architecture
BRAS Broadband Remote Access System
BFD Bidirectional Forwarding Detection
BGP Border Gateway Protocol
CBWFQ Class-Based Weighted Fair Queue
CE1 Channelized E1
CHAP Challenge Handshake Authentication Protocol
CIDR Classless Inter-Domain Routing
COS Class of Service

CSPF Constrained Shortest Path First
DoS Denial of Service
DNS Domain Name System
EBGP External Border Gateway Protocol
FIFO First In and First Out
FRR Fast ReRoute
FTP File Transfer Protocol
GR Graceful Restart
HDLC High-Level Data Link Control
ICMP Internet Control Message Protocol
IETF Internet Engineering Task Force
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
Ipv6 Internet Protocol Version 6
IS-IS Intermediate System -to- Intermediate System
IS-IS V3 Intermediate System -to- Intermediate System Version 3
ISSU In-Service Software Upgrade
LAN Local Area Network
LSA Link State Advertisement
MAC Media Access Control
MD5 Message Digest 5
MIB Management Information Base
MPLS Multi-Protocol Label Switch
MTU Maximum Transmission Unit
NMS Network Management System
NAT Network Address Translation
NSR Nonstop Routing
OSI Open Systems Interconnection
OSPF Open Shortest Path First
OSPFV3 Open Shortest Path First Version 3
PQ Priority Queue

PAP Password Authentication Protocol
PCB Process Control Block
POS Packet over SDH
PPP Point-to-Point Protocol
QOS Quality of Service
RED Random Early Detection
RFC Request For Comments
RIP Routing Information Protocol
RIPng Routing Information Protocol for IPV6
RMON Remote Monitoring
SCME System Clock Module, Enhanced version
SDH Synchronous Digital Hierarchy
SFU Switch Forward Unit
SNMP Simple Network Management Protocol
SR Service Router
TE Traffic Engineering
TM Traffic Manager
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
TOS Type Of Service
TELNET Telecommunication Network Protocol
TACACS+ Terminal Access Controller Access Control System
UDP User Datagram Protocol
uRPF Unicast Reverse Path Forwarding
VPLS Virtual Private Lan Service
VPN Virtual Private Network
VPWS Virtual Private Wire Service
WAN Wide Area Network
WFQ Weighted Fair Queue
WRED Weighted Random Early Detection
6PE IPv6 Provider Edge
ACL Access Control List

ARP Address Resolution Protocol
AS Autonomous System

ZXR10 M6000 Carrier-Class Router Product Description

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

ZXR10 M6000 Carrier-Class Router Product Description

Caricato da

Copyright:

Formati disponibili

ZXR10 M6000 Carrier-Class

Router Product Description

ZXR10 M6000 Carrier-Class Router Product Description

© 2011 ZTE Corporation. All rights reserved.

ZTE Confidential Proprietary 1

Click here to place subtitle .................................................................................................. 1

ZXR10 M6000 Carrier-Class Router Product Description .................................................. 1

2 Highlight Features ............................................................................................. 9

2 ZTE Confidential Proprietary

3.5.1 Anti-DDOS attack............................................................................................... 30

4 System Architecture ........................................................................................ 57

ZTE Confidential Proprietary 3

5 Technical Specifications ................................................................................. 86

6 Protocols and Standard .................................................................................. 96

7 Abbreviation .................................................................................................. 105

4 ZTE Confidential Proprietary

Figure 1-1 ZXR10 M6000 Series......................................................................................... 9

ZTE Confidential Proprietary 5

Table 4-1 BRAS PFU .........................................................................................................80

6 ZTE Confidential Proprietary

Table 6-15 ATM Standard ................................................................................................101

ZTE Confidential Proprietary 7

ZXR10 M6000 series devices consist of five models: ZXR10 M6000-16/-8/-8S/-5S/-3S.

8 ZTE Confidential Proprietary

Figure 1-1 ZXR10 M6000 Series

2.1 Broadband Multi-Service Integration Platform

2.2 Scalable switching capacity and wire-speed

ZTE Confidential Proprietary 9

 Adopting advanced CROSSBAR switching fabric, supporting large capacity of

 Adopting high-performance network processor and dedicated hardware chip to fully

 Supporting hardware ASIC processing technology such as TM (Traffic Manager),

 Supporting 100G interfaces non-block wire-speed forwarding per slot and

 Mass routing capacity and fast convergence.

2.3 Various service accesses

 MPLS protocol: Supporting BGP expansion-based L3 MPLS VPN, inter-AS for

10 ZTE Confidential Proprietary

 Supporting multiple accesses such as VLAN, SuperVLAN, QinQ, PPPoE, IPoE

 Perfect user positioning technology: Supports PPPOE+, DHCP option82, VBAS,

 Powerful QoS mechanism with complete and refined features of queuing,

 PPPoE multicast: Supports controllable multicast. It provides per user customized

 Supporting IPv4/IPv6 dual protocol stacking; supporting IPv4/IPv6 transition

2.4 Carrier-class reliability

Carrier-class reliability features for ZXR10 M6000 are listed as follows:

 Adopting complete distributed modular system to support switching and controlling

ZTE Confidential Proprietary 11

 All hardware boards and equipment components support hot-swapping, switching

 Modular ZXROS operation system platform implements complete hardware

 Supporting ISSU non-stop online system upgrade.

 Supporting multi-link binding and load sharing

2.5 Complete security guarantee

To guarantee equipment security, to avoid network failure caused by illegal access of

Security features for M6000 are as follows:

12 ZTE Confidential Proprietary

 Important protocols such as OSPF/BGP/IS-IS/RSVP/LDP all support

 Multiple user access authentications: local authentication, RADIUS server

 ACL-based security authentication. Multiple user access control measures could be

 Enhanced ACL-based packet filtering security mechanism.

 TCP session control mechanism.

 Inspect illegal DHCP and multicast source server.

 Supporting complete anti-DDoS attack capability. Put the traffic transmitted

 Supporting various routing protocol encryption and security authentication

2.6 Graphical integrated network management system

ZTE Confidential Proprietary 13

deployment tools as follows: