Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
TABLE OF CONTENTS
1 Overview ......................................................................................................... 1
2 Highlights ........................................................................................................ 2
2.1 Energy saving and green .................................................................................. 2
2.2 Easy deployment and easy management ......................................................... 2
2.3 POE Features ................................................................................................... 3
2.4 Better video service experience ........................................................................ 3
2.5 Perfect security design ..................................................................................... 3
2.6 Smart VLAN...................................................................................................... 4
2.7 Overall supervision ........................................................................................... 4
2.8 Bidirectional ACL .............................................................................................. 4
2.9 Precision user locating ...................................................................................... 4
2.10 IPV6 ................................................................................................................. 5
2.11 Ethernet OAM ................................................................................................... 5
2.12 Off-power alarm ................................................................................................ 5
2.13 Free seating networking ................................................................................... 5
2.14 Supporting ERPS (G.8032)............................................................................... 5
2.15 Broadcast storm prevention and restoration ..................................................... 6
3 Functions ........................................................................................................ 7
3.1 Basic service functions ..................................................................................... 7
3.1.1 MAC address management .............................................................................. 7
3.1.2 VLAN ................................................................................................................ 8
3.1.3 STP features..................................................................................................... 9
3.1.4 Link aggregation ............................................................................................... 9
3.1.5 Basic Ethernet features .................................................................................... 9
3.2 Value-Added Service (VAS) ............................................................................ 10
3.2.1 DHCP-based batch upgrade ........................................................................... 10
3.2.2 IPTV ............................................................................................................... 10
3.2.3 ACL ................................................................................................................ 11
3.2.4 SFLOW........................................................................................................... 11
3.2.5 RSPAN ........................................................................................................... 12
3.2.6 Global counter ................................................................................................ 13
3.2.7 IP source guard .............................................................................................. 13
3.2.8 Dynamic ARP Inspection (DAI) ....................................................................... 13
3.2.9 LLDP .............................................................................................................. 14
3.2.10 UDLD ............................................................................................................. 14
3.2.11 Voice vlan ....................................................................................................... 14
3.2.12 802.1x authentication...................................................................................... 14
3.2.13 Ring protection ............................................................................................... 15
3.2.14 ZESS smart switching ..................................................................................... 15
3.2.15 DHCP relay .................................................................................................... 16
3.2.16 TACACS+ ....................................................................................................... 16
3.2.17 SSH ................................................................................................................ 17
3.2.18 Port loopback check ....................................................................................... 17
3.2.19 MButton .......................................................................................................... 17
3.2.20 SFTP .............................................................................................................. 18
8 Abbreviations................................................................................................ 41
ZTE Confidential Proprietary © 2015 ZTE CORPORATION. All rights reserved. III
ZXR10 5250 Product Description
FIGURES
TABLES
1 Overview
As a new-generation GE access L2 Ethernet intelligent switch introduced by ZTE, ZXR10
5250 series enhances its features in energy saving, user information security, access
control as well as management and maintenance. 5250 when compared with similar
products are outstanding for its powerful forwarding capability, flexible ACL and rich
monitoring manners. It supports Ethernet OAM and voice vlan, so that is can satisfy MAN
and enterprise network access needs.
2 Highlights
ZXR10 5250 supports dynamic fan adjustment. It can adjust fan speed dynamically
based on the temperature inside the equipment. It raises the fan speed and increases air
flow when the temperature is high. It reduces fan speed when the temperature is low.
By using multiple energy-saving technologies, for example, disable idle ports and adjust
port power consumption as per cable length, ZXR10 5250 try their best to decrease the
power consumption for the customer maximally.
The material used for the product conforms to Europe RoHS environment protection
standard. The environment pollution of the materials is reduced to the least. We make
certain contribution to protection of the whole environment.
Creative M-Button enables the administrator to obtain the status of equipment port,
memory and CPU without logging in the system.
It supports system information display. Via one command, the system operation
information can be collected, which gives conveniences to information collection and
failure location.
It supports off-power warning. When the device is out of power, it is still capable of
sending off-power warning to remote server. In this way, the administration center can be
informed of the failure in the shortest time.
At the same time, the device supports multiple management manners, e.g., web, telnet
and snmp, etc. Also, the equipment can carry out local or remote authority authentication
to guarantee the reliability of the operation.
The port supports time-sharing POE power supply configuration. It can automatically
forcefully shut down POE power supply of the electrical interface during the period when
power supply is unneeded.
For self security design, some restrictions to peer-end broadcasting message, multicast
message, unknown unicast message. Therefore, these messages will have less impact
to CPU. For CPU, the device uses control plane security service to classify and control
the speed of the protocol messages that CPU needs to process. This mechanism makes
sure that the speed of the delivered the message for the protocol stacking is within a
proper range, which avoids the breakdown of CPU caused by exceeding messages.
Besides common user name and password management, ZXR10 5250 supports multiple
logins such as SSH to prevent the administrative users being spoofed.
For user data security, besides PVLAN service, ZXR10 5250 also uses DHCP snooping
plus IP source guard to make sure user’s validity. For the messages which do not satisfy
bounding table, they will be discarded.
The device is also capable of DAI service. So that it can effectively restrict ARP-based
DOS attack. The device not only can discard arp message which does not accord with
the condition, but also can restrict the number of arp one port learns. This mechanism
successfully prevents equipment table entity from being occupied maliciously, which
makes sure other people can use the resource normally.
ZXR10 5250 supports standard QinQ service and flexible SVLAN service, which enables
the operator to distinguish user and service at the access side effectively. In this way, the
units can implement different processing policies as per different users and services.
ZXR10 5250 supports dynamic distribution of independent vlan to voice device, and
provide higher priority to data in this vlan by configuring QoS strategy to guarantee voice
quality.
ZXR10 5250 supports sFlow service. It can sample the message and send it to
the designated server.
ZXR10 5250 support RSPAN service. It is used for the extension of common
mirroring. So that, all the messages on the monitored port will be completely sent
to the remote receiver.
The device also supports intelligent statistic service. Being different from the
traditional accounting service which can only collect the number of the port or
queue, the intelligent statistic service can count any interested traffic or port. The
counting service can be as precise as one user‘s one service, which accordingly
provides effective monitoring way for precise operation.
2.10 IPV6
ZXR10 5250 supports a number of essential IPV6 functions, including IPV6/IPV4 dual
protocol stack, ND (neighbor discovery), ICMPV6, DHCPV6 snooping and MLD
snooping.
3 Functions
On one hand, the administrator expects that the user is fixed only to a port; on the other
hand, he does not want to configure too many static addresses. The function can be used
to reach the goal.
Dynamic, static or permanent MAC address can be added to MAC address table. The
correspondence relation between static or permanent MAC address and port is fixed, and
cannot be cancelled until the address is deleted manually.
MAC address table capacity of a switch is limited. When many users are available and
MAC address table will reach the capacity limit, the MAC address number of low-priority
user port will be restricted.
The restriction can prevent MAC address broadcast to drive MAC address table to
overflow the network attack.
When abnormal MAC address learning of a port is checked out, the switch will protect the
MAC address learning for some time. New address learning cannot be done in the
protection. When the protection expires, the port will be in the state of MAC learning
again.
Unknown-source MAC address filtering of a switch port is closed by default, and the port
does not filter the unknown-source MAC address. If a switch port is configured with
enabling the unknown-source MAC address filtering, relative port will discard the packet
of unknown-source MAC address received at the port and learn it.
Data frame can be filtered according to MAC address in the following ways:
1 Only the source MAC address of data frame is matched. If the source MAC
address is the set MAC address, the data frame will be filtered.
2 Only the destination MAC address of data frame is matched. If the destination
MAC address is the set MAC address, the data frame will be filtered.
3 The source or destination MAC address of data frame is matched. If the source
or destination MAC address is the set MAC address, the data frame will be
filtered.
3.1.2 VLAN
Support port-based vlan, 1:1 and N:1 vlan translation, PVLAN, QinQ and SVLAN.
QinQ, known as the tunnel protocol based on IEEE 802.1Q encapsulation, is also called
VLAN stack. QinQ adds a VLAN label (external label) outside the existing VLAN label
(internal label). The external label can shield the internal label.
QinQ without protocol support can implement simple L2VPN, and is suitable for mini-
LAN taking L3 switch as the backbone.
Typical QinQ networking is as follows. The port connecting user network is Customer port,
the port connecting SP network is Uplink port, and SP network edge access equipment is
called PE (Provider Edge).
SPVLAN 10
customer
port
User network SPVLAN 10
1 Uplink port
CVLAN1- Switch A
100 PE Switch B
SP network PE User network
2
SPVLAN 10 CVLAN1-
Uplink port 100
SPVLAN 10
customer
port
User network accesses PE via Trunk VLAN. Uplink ports in SP network are connected
symmetrically via Trunk VLAN.
When the packet comes from user network 1 to switch A customer port, no matter
whether the packet is tagged or untagged, switch A will forcedly insert the external label
(VLAN ID is 10). In SP network, the packet reaches switch B via VLAN 10 ports. Switch B
finds out the port connected to user network 2 is customer port, removes the external
label according to the conventional 802.1Q protocol, restores it to the original packet, and
sends it to user network 2.
The data between user network 1 and 2 can be transmitted transparently via SP network.
User networks can freely plan their own private network VLAN ID to avoid the conflict with
SP network VLAN ID.
Support RSTP and MSTP as well as such protection features as bpdu guard, root guard
and loop guard.
Link aggregation, known as Trunk, binds several physical ports into one logic port to
share incoming/outgoing traffic load among member ports. The switch decides according
to port load sharing policy configured by the user via which member port the packet is
sent to the opposite switch. When detecting that a fault occurs to the link of a member
port, the switch will stop sending the packet via the port, and recalculate and decide a
port for packet transport according to load sharing policy. After the faulty port restores,
the switch will recalculate and decide a port for packet transport again. Link aggregation
is an important technology to increase link bandwidth and support link transport resilience
and redundancy.
Static Trunk adds several physical ports directly to Trunk group to form one logic port, but
it is not good at observing the status of link aggregation port.
Port mirroring copies the data of one or several switch ports (mirrored port) to one
designated destination port (monitored port) to get the data of the monitored port for
traffic analysis and wrong diagnosis port data. The mirroring (RSPAN) of
cross-equipment ports is supported.
It can limit the number of broadcast packet allowed to pass Ethernet port per second.
When broadcast traffic exceeds the value set by the user, the system will discard
broadcast traffic, thus broadcast traffic will be reduced to a reasonable range to suppress
broadcast storm and avoid network congestion to assure network services of normal
operation. Broadcast storm suppression takes the set rate as the parameter. The smaller
rate means the smaller broadcast traffic allowed to pass.
ZXR10 5250 supports cable line diagnosis analysis and test. It can check line and
connection and find the location of cable fault to facilitate network management and fault
locating.
GE electrical interface is connected to other devices via network cable. Network cable
has 4 twisted pairs. 100M network cable uses twisted pair 1-2 and 3-6, and 1000M 1-2,
3-6, 4-5 and 7-8. The status of each twisted pair can be detected in line check. Line
statuses are as follows:
ZXR10 5250 supports the DHCP-based batch upgrade. By supporting DHCP option66,
67 and 150, the device gets the server address, catalog and filename storing the version.
Option150 stores the server IP address, option66 the version path, and option67 the
version filename. With the information, the device can automatically get the version from
the designated location via FTP or TFTP, which simplifies upgrade procedure, facilitate
operation & maintenance and increase working efficiency.
3.2.2 IPTV
to provide for the user such interactive services as live TV, video VOD and Internet
browse. The user gets the services via PC or “IP set top box+TV”.
Controllable multicast is one of key technologies of ZTE’s IPTV system structure, and
usually works at the broadband access network side. The equipment (BRAS, access
equipment or switch) implementing the multicast control policy is called the multicast
control point. As the termination point of user multicast IGMP request, the multicast
control point decides according to relative IGMP request and control policy whether to
copy multicast flow to user port. The closer the multicast control point is, the more
network bandwidth the user can save. As the key equipment to implement the multicast
control policy, Multicast control point supports the following services: IGMP V1/V2,
IGMP Snooping, IGMP Filter, IGMP Proxy, IGMP Fastleave, MVR(Multicast Vlan
Register), SGR(Static Group Register), UGAC(User Group Access Control) and
UGAR(User Group Access Record). User’s on-demand authority can be controlled by
binding rules and channels.
3.2.3 ACL
L2 ACL: Match source MAC address, destination MAC address, source VLAN ID,
L2 Ethernet protocol type, and 802.1p priority value.
Mixed ACL: Match source MAC address, destination MAC address, source VLAN
ID, source IP address, destination IP address, TCP source port No., TCP
destination port No., UDP source port No., and UDP destination port No.,
including all matching fields of the above types.
3.2.4 SFLOW
sFlow is the IETF standard traffic monitoring technology. It has low hardware
requirements, less equipment resource consumption and high technical commonality, so
it is now used by multiple vendors.
sFlow service mainly consists of three parts: sFlow message sampling unit, sFlow proxy
unit and sFlow collector (or named analyzer ). The sampling and proxy units of sFlow are
integrated in the network equipment; while sFlow collector which analyzes messages of
multiple sFlow proxies is out of the system structure. The entire basic system architecture
is as shown in the following figure:
sFlow sampling unit is the basis of sFlow mechanism. sFlow samples network packets
at the network interface supporting sFlow and sends sampled packets to sFlow agent
equipment for processing. sFlow Collector is the network equipment sFlow uses to
manage, monitor, collect and analyze. It stores and analyzes network packets from sFlow
Agents, and gives equipment traffic and service analysis reports and tables.
3.2.5 RSPAN
Remote Switched Port Analyzer (RSPAN), i.e. remote port mirroring, without asking the
mirrored port and the mirroring port on the same switch, enables cross-network mirrored
port and mirroring port. This gives great conveniences to the administrator for remote
switch management.
Source switch: The switch of the monitored port makes L2 forwarding of the traffic,
which needs to be mirrored, at Remote-probe VLAN L2 and forwards it to
intermediate switch or destination switch.
Intermediate switch: The switch between source switch and destination switch in
the network transports the mirroring traffic to the next intermediate switch or
destination switch via Remote-probe VLAN. If source switch and destination
switch are directly connected, there will be no intermediate switch.
Destination switch: The switch of destination port for remote mirroring forwards
the mirroring traffic received from Remote-probe VLAN to the monitoring
equipment via the mirroring destination port.
ZXR10 5250 has unique global counter. The port and flow to be monitored can be bound
to a separate global counter. The specific flow can be decided according to flow
classification. For example, monitor a specific source IP and destination IP. After binding,
global counter separately counts the packets matching the flow.
Global counter provides the carriers with an effective way to monitor network traffic status,
which may be for a specific traffic of each user, so as to offer more data for network
structure planning.
IP source guard is a policy control technology. Based upon dynamic DHCP snooping
table entry or manual static table entry, it is mainly responsible for checking if IP+MAC
the same as DHCP snooping table entry or manual static table entry. If they are not the
same, the message will be judged as illegal. Then it will be discarded or sent to CPU.
ARP attack is the most commonly seen means in the network. It has two ways: One is to
transmit a lot of ARP packets which is beyond normal processing capability and break
down the equipment; the other is to transmit faked ARP packets and make the equipment
learn wrong table items, thus the packets of a normal user are wrongly forwarded to the
hacker faking the ARP packets and let him get private information of the user.
DAI service can effectively process ARP attack. After initiating DAI, the equipment can
restrict the number of ARP sent by the port, which guarantees adequate processing
capability of the equipment. Also, DAI service can check the legality of the received ARP
message according to user table entry generated dynamically. When the received ARP
message does not accord with the user dynamic table entry of this port, this message will
be dropped to make sure the correctness of the forwarding table entry.
3.2.9 LLDP
LLDP (Link Layer Discovery Protocol) is a kind of neighbor discovery protocol. With LLDP,
network device notifies its information to other devices and establish neighbor
relationship with different devices. ZXR10 5250 supports multiple LLDP TLV attributes. It
can correctly notify its port and system information to its neighbors.
At the same time ZXR10 5250 supports LLDP MED (LLDP for Media Endpoint Devices).
The switch uses this protocol to configure the terminal device that connected to it.
3.2.10 UDLD
UDLD is a L2 network protocol used to detect the single-pass on physical link between
the devices. Sometimes only receiving is normal or only transmitting is normal on the
physical link between two devices. At this time, the link status may be normal but the
packet transmission is abnormal. Detecting the abnormality, UDLD can send alarm or
close the port, which is decided based on the configuration.
Voice VLAN provides high forwarding priority for voice data packet. When voice device
access is detected, no matter what the default priority for the voice data flow is, ZXR10
5250 transfers the legal voice data to the specified voice VLAN and distributes a high
priority to it, so as to guarantee the voice packet is forwarded with priority.
DOT1X (IEEE 802.1x) is the port-based network access control protocol. It optimizes
authentication means and authentication architecture and resolves the issues caused by
conventional PPPoE and Web/Portal authentication, so it is more suitable for broadband
Ethernet.
IEEE 802.1x protocol architecture consists of three major parts: Supplicant System,
Authenticator System and Authentication Server System.
ZESR supports multiple such as network topologies as tangent ring and intersecting ring
as well as multi-domain configuration. ZXR10 5250 ZESR supports to work with PVLAN
to comply with MEF networking model.
As shown in Figure 3, node 1 supports ZESS. Port 1 is master port and port 2 is slave
port. When node 1 finds that master port and slave port are UP, the protection service
VLAN forwarding of slave port will be blocked. When node 1 finds that master port is
DOWN, the protection service VLAN forwarding of master port will be blocked, and the
protection service VLAN forwarding of slave port will be opened. When node 1 finds that
master port restores to UP, inversion and non-inversion modes are available. In inversion
mode, master port is opened and slave port is blocked again. In non-inversion mode,
master port is still blocked and slave port is still opened. Furthermore, when ZESS is
switched, FDB of the blocked port will be upgraded.
Upper-level
network
Node 2 Node 3
Node 1
DHCP relay forwards users’ DHCP request packet to the designated DHCP server by L3
interface, and forwards the packet returned by the server to the user. ZXR10 5250 DHCP
relay supports configuration of multiple server. It supports identification and processing of
option82. Many different actions of forwarding, dropping or substitution can be adopted
for packets carrying option82.
3.2.16 TACACS+
3.2.17 SSH
SSH mainly provides a secure login passage for the administrative user. The device
provides SSH server function for the user logs in as client. Client and server will negotiate
about the encrypted key before they establish the connection, with which server and
client can encrypt and de-encrypt the packet they send to each other to make the packet
unidentifiable by others during the process of transmission.
Port loopback check works to separate the network. The device will block the port when it
finds loopback in the downlinked network of the port to avoid the influence on the whole
network of the loopback. Port loopback check can work only with the support of a single
node without the same protocol run in the whole network. ZXR10 5250 supports single
port and multi-port loopback check.
3.2.19 MButton
ZXR10 5250 switch can provide the MButton function without increasing user cost. The
function makes use of existing port indicators to indicate the run status of the switch.
MButton can switch different modes. When a mode is switched, port indicator shows
system status of the mode according to relative rules. The following statuses are
available now:
Ping NM server
POE status
3.2.20 SFTP
3.2.21 SSL
Secure Socket Layer is used to guarantee the safety of data transmission on Internet. It
adopts data Encryption technology to prevent data interception during transmission.
The current version is V 3.0. It has been widely used in identify authentication and
encrypted data transmission between Web browser and servers.
4 System Architecture
4.1 Appearance
ZXR10 5250 is a sort of cassette Ethernet switch. Its hardware is composed by chassis,
control switching fabric unit, line interface unit and power supply unit. The size of the
chassis goes in line with European standard.
ZXR10 5250 is a cassette product that adopts centralized hardware architecture design.
All service interfaces are directly connected to switching main control card.
ZXR10 5250 system can be divided into switching control module, power supply module
and interface module based on the responsibilities they assume.
Control card is the core component of ZXR10 5250. It mainly implements two functions of
control module and switch module.
In ZXR10 5250 system, control switch card is installed in the cassette structure with no
independent panel. Its related interface and indicator are on the front panel of the system.
The principle is shown in the following diagram:
Control module is composed of main processor and some external functional chips. It
provides various external operation interfaces such as serial interface, and Ethernet
interface to implement processing of various applications by the system. The main
processor adopts high-performance CPU processor to implement the following tasks:
Switch module adopts the private Switch chip with multiple GE bi-directional interfaces
integrated. It can process multi-port wire-speed switching. The switch chip can implement
the following functions:
It implements major L2 protocol functions including 802.1D STP protocol, 802.1P priority
control, 802.1Q VLAN functions, and 802.3ad link aggregation. It supports IPv4 protocol
stacking. It realizes multi-layer services of ACL and DHCP. It implements part of
broadband access functions and network management protocol.
Users can take network management of Ethernet switch by serial interface terminal,
Telnet, and SNMP Manager, covering network configuration management, failure
management, performance management, and security management.
System software can be divided into the following four sub-systems based on the above
system function requirements.
Operation support sub-system drives and encapsulates hardware in the lower layer to
provide support for other software systems in the upper layer. Operation support
sub-system mainly provides support for hardware operation, distributes operation
resource for hardware, and provides related interface for software in upper layer.
Operation support sub-system uses ZXR10 ROS platform including system support,
system control, version loading control, BSP, and SSP. System support can be further
divided into modules of operation system kernel, process scheduling, process
communication, timer management, and memory management. The system diagram of
operation support sub-system is shown in the following figure:
MUX sub-system implements information switching of drive and upper layer software,
and takes statistics and monitoring of software table of switching chip. The main functions
of MUX sub-system are data forwarding and statistics monitoring. MUX layer receives
data packets from drive module and distributes data packets based on ETHER TYPES
field in MAC frame. MUX data forwarding also takes charge of encapsulating data
forwarding function of the drive. It provides new data forwarding function invoking for
each module in upper layer, which invokes data forwarding function provided by MUX to
implement forwarding when there’s data packet or protocol packet needs to be forwarded.
Statistics monitoring takes charge of state statistics of drive layer, physical layer and
MUX layer, receiving and sending packets statistics, register reading monitoring, and
data packet sniffer. It provides OAM module with interface function.
4.3.3 L2 Sub-system
L2 sub-system mainly implements configuration management (management layer) of
data link layer, L2 protocol processing (control layer), and data forwarding (data layer or
service layer).
normal normal
working working
environmen environmen
t AC 220 V t AC 220 V
input input
condition) condition)
Wor
king Long-term working temperature: -5℃~+50℃: short-term working temperature:
tem -5℃~+55℃;
pera Storage temperature: -40℃~+70℃
ture
Wor
king
Relative humidity 20%~90%, no coagulation
hum
idity
Eart
hqu
ake 8 earthquake intensity
proo
f
Reli MTBF: >100,000 hours; MTTR: <30 minutes
abilit
y
Physical 5250-28T
5250-52TC 5250-28SM 5250-28PM 5250-52PM
indexes C
Dimensio
n
442×220× 442×220×4 442×220×43. 442×440×4 442×440×4
(width×d
43.6 3.6 6 3.6 3.6
epth×hei
ght)mm
Max
weight of
the <2.9kg <3.0kg <4.0kg <7.5kg <7.5kg
whole
set
Not
POE Not support Not support Support Support
support
Support AC
Support AC, DC and DC and DC
RPS input; input:
AC: rated voltage: 100 AC: rated
V~240 V AC; 50/60 Hz Support AC input: rated
Power voltage: 100 voltage: 100 V ~240 V AC;
supply DC: rated voltage:-48 V ~240 V 50/60 Hz
V/-60 V DC AC ; 50/60
DC RPS: rated voltage: Hz
+12 V DC DC: rated
voltage: -48
V DC
<111 W <180 W
(consumpti (consumpti
on upon full on upon full
load PoE load PoE
output), the output), the
max. PoE max. PoE
Max
output output
power
27W 53W 39W power is power is
consump
720W, in 840 W, in
tion
normal normal
working working
environmen environmen
t AC 220 V t AC 220 V
input input
condition) condition)
Working Long-term working temperature: -5℃~+50℃: short-term working
temperat temperature: -5℃~+55℃;
ure Storage temperature: -40℃~+70℃
Working
Relative humidity 20%~90%, no coagulation
humidity
Earthqua
8 earthquake intensity
ke proof
Reliabilit MTBF: >100,000 hours; MTTR: <30 minutes
y
Voice
Support voice vlan
vlan
Netw
ork
mana Support SNMP V2,V3
geme
nt
How to quickly deploy services in the network, how to guarantee reliable and stable
network operation, how to foresee the network operation quality, and how to detect the
failure point as soon as possible when failure occurs in the network are all present before
OAM staff. Thus active monitoring is urgently needed for the network to automatically
detect and solve network failure, to maintain smooth operation of the network, so as to
realize network value maximization.
To achieve this ZTE developed NetNumen U31 integrated network management system.
NetNumen U31 is an centralized network management system integrating multiple
products of router and switch. It integrates network element management, network
management, and service management in one, supporting multiple databases. It has
graphic interface of many languages, providing direct and easy operation. Offering
flexible northbound interface, it supports powerful interconnection integration capability.
6.1.1 NM Networking
Inband management and outband management can be adopted for networking between
NetNumen U31 network management system and ZXR10 5250.
Inband management
Inband management. Network management and service data are transported through
one channel with no need to build extra DCN network. NetNumen U31 network
management system can perform management when it is connected with the network
equipment nearby with related SNMP parameters configured.
Outband management
In network management maintenance, the management staff has an urgent need to know
the network operation to make sure the network works stably. Failure management in
NetNumen U31 mainly takes charge of realtime receiving of various equipment alarm
and network event reported by all network elements. It can notify the maintenance staff in
an audible and visual way. The maintenance staff confirms and deals with the event.
They save the collected alarm reports in the base for various statistic and query. Failure
management is the most important and most usual management measure in network
operation and maintenance. With failure management, users can implement query,
realtime monitoring, failure filtering, failure location, failure confirmation, failure clearance,
and failure analysis etc. NetNumen U31 system also provides audio prompt, graphic
display of alarm, accessible alarm box, Email system, and SMS system. It notifies users
with sound and light, Email, and message for users to have easy daily maintenance.
Network traffic flow, network load are the most focused concern in network management.
NetNumen U31 performance management module mainly takes charge of performance
monitoring and analysis of network and equipment. It provides maintenance and
management department with information to supervise network engineering, planning
and adjusting to improve network operation quality by collecting various performance
data from network elements and generating performance report after processing. With
performance management, users can perform statistics of equipment load, traffic flow,
and interface load to learn about network service quality, assess and adjust network
resource configuration as soon as possible.
Security management guarantees valid use of the system by the user. Security
management implements management of user, user group and role. By properly arrange
the relation between user, user group and role, it provides security control for operator to
perform security management operation. With login authentication it prevents illegal
users from entering the system. With operation authentication it provides security control
for operators to perform operation.
With the rapid development of telecom service, one operator usually needs to take
control of multiple equipment-level and network-level professional network management
systems of network element. The professional network management systems cannot
exchange information. The limit brought about by complicated management contents and
various operation interfaces become more and more obvious. To improve the
comprehensive management level and effect of the whole network for telecom
enterprises, one network management station can perform various management and
control over interconnected networks so as to realize the comprehensive management of
the whole network.
7 Comprehensive Networking
Applications
It provides GE access to desktop and GE comb uplink port. Working with 802.1x
authentication, IP source guard, DAI, security port and conversion from dynamic MAC to
static, it can satisfy most of the requirements of enterprise network access.
MAN access can adopt ordinary tree type and ZESR plus PVLAN. Working with DHCP
snooping and ip source guard, it provides users with high security guarantee. At the
same time, ZXR10 5250 can use QinQ or SVLAN to further distinguish users and
services, and to provide rich control information for service planning of the whole
network.
8 Abbreviations
Table 8-1 Abbreviations
Full form
Abbreviation