Professional Documents
Culture Documents
C300/C320
Feature Description
ZXA10 C300/C320
Optical Access Convergence Equipment
Feature Description
Revision History
R1.0 (2014-06-30)
First edition
CONTENTS
1
1.1
1.2
1.2.1
1.2.2
1.2.3
1.3
1.3.1
1.3.2
1.3.3
1.3.4
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
2
2.1.1
2.1.2
3
3.1
3.2
4
4.1
4.1.1
4.1.2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
5
5.1
5.2
5.2.1
5.2.2
5.3
5.3.1
5.3.2
6
6.1
6.1.1
6.1.2
6.2
6.2.1
6.2.2
6.3
6.3.1
6.3.2
6.4
6.4.1
6.4.2
6.5
6.5.1
6.5.2
6.6
6.6.1
6.6.2
6.7
6.7.1
6.7.2
6.8
6.8.1
6.8.2
6.9
6.9.1
6.9.2
6.10
6.10.1
6.10.2
6.11
6.11.1
6.11.2
6.12
6.12.1
6.12.2
6.13
6.13.1
6.13.2
6.14
6.14.1
6.14.2
7
7.1
7.1.1
7.1.2
7.1.3
7.2
7.2.1
7.2.2
7.3
7.3.1
7.3.2
7.4
7.4.1
7.4.2
7.5
7.5.1
7.5.2
7.6
7.6.1
7.6.2
7.7
7.7.1
7.7.2
8
8.1
8.1.1
8.1.2
8.2
8.2.1
8.2.2
8.3
8.3.1
8.3.2
8.4
8.4.1
8.4.2
8.5
8.5.1
8.5.2
8.6
8.6.1
8.6.2
8.7
8.7.1
8.7.2
9
9.1
9.2
10
10.1
10.1.1
10.1.2
10.2
10.2.1
10.2.2
10.3
10.3.1
10.3.2
10.4
10.4.1
10.4.2
10.5
10.5.1
10.5.2
10.6
10.6.1
10.6.2
10.7
10.7.1
10.7.2
10.8
10.8.1
10.8.2
10.9
10.9.1
10.9.2
10.10
10.10.1
10.10.2
10.11
10.11.1
10.11.2
10.12
10.12.1
10.12.2
10.13
10.13.1
10.13.2
11
11.1
11.2
11.3
11.4
11.4.1
11.4.2
11.5
11.6
12
12.1
12.1.1
12.1.2
12.2
12.2.1
12.2.2
12.3
12.3.1
12.3.2
12.4
12.4.1
12.4.2
12.5
12.5.1
12.5.2
12.6
12.6.1
12.6.2
12.7
12.7.1
12.7.2
12.8
12.8.1
12.8.2
12.9
12.9.1
12.9.2
12.10
12.10.1
12.10.2
13
13.1
13.2
ACL........................................................................................................................... 202
Introduction ............................................................................................................... 202
Basic Theory and Solution ...................................................................................... 204
14
14.1
14.2
15
15.1
15.1.1
15.1.2
15.2
15.2.1
15.2.2
15.3
15.3.1
15.3.2
16
16.1
16.2
17
17.1
17.2
18
18.1
18.2
19
19.1
19.1.1
19.1.2
19.2
19.2.1
19.2.2
19.3
19.4
19.4.1
19.4.2
19.5
19.5.1
19.5.2
19.5.3
19.5.4
19.6
19.6.1
19.6.2
19.7
19.7.1
19.7.2
19.8
19.8.1
19.8.2
19.9
19.9.1
19.9.2
20
20.1
20.1.1
20.1.2
20.2
20.3
20.3.1
20.3.2
FIGURES
Figure 1-1
Figure 1-2
Figure 1-8
Figure 1-9
Figure 1-10
Figure 1-15
Figure 1-16
Figure 1-17
Figure 1-18
Figure 2-1 Co-existence of XG-PON1, G-PON and RF video in the same ODN via WDM1r
........................................................................................................................................................ 45
Figure 2-2 Parameter of WDM1 ................................................................................................ 46
Figure 4-1
Figure 4-2
10
Figure 7-2
Figure 7-5
Figure 7-6
Figure 7-7
Figure 7-11
Figure 7-12
Figure 8-1
Figure 9-1
Figure 10-2
Figure 11-1
11
Figure 11-3
Figure 11-4
Figure 11-5
Figure 11-6
Figure 11-7
Figure 11-8
Figure 11-9
Figure 11-10
Figure 12-1
Figure 12-2
Implementation of isolation for different service flows with different users ..... 179
Figure 12-6
Figure 12-7
Figure 12-8
Figure 12-9
Figure 12-10
Figure 14-1
Figure 15-1
Figure 15-2
Figure 17-1
Figure 18-1
Figure 20-1
ZXA10 C300 supports time and clock redundancy function ............................ 238
12
TABLES
Table 2-1 Technical Difference between G-PON and XG-PON1........................................... 44
Table 4-1
Table 4-2
Table 4-3
Table 4-4
Table 13-1
13
1 GPON Feature
1.1
Introduction
Description
GPON is an optical broadband access network. Its position in the PON network is
shown in the following Figure 1. The uplink network is the core switch network, while
the downlink is the users local network. It is to implement the user services
collecting, switching and forwarding.
Figure 1-1
14
Multiplexes/de-multiplexes services.
OLT converges and handles the service traffics on several access nodes. An OLT is a
switch or router. It is also a platform, which provides multiple services. It is the core part
of GPON system. OLT implements the following functions:
ODN consists of single-mode optical fiber and optical splitter, optical connector, which
provides optical transmission media for the physical connection between the OLT and
the ONU.
Target
The basic GPON technology has the following functions:
15
The downstream rate is 2488.32 Mbit/s and the upstream rate is 1244.16
Mbit/s.
The physical distance supports 3 modes, including 0-20 km, 20-40 km, and
40-60 km. The maximum logical distance is 60 km, and the maximum
difference distance is 20 km.
16
1.2
GPON Principle
1.2.1
Transmission Mechanism
Description
GPON uses single fiber duplex transmission, with the downlink wavelength of 1490
nm and uplink wavelength of 1310 nm. The downlink data flow uses the TDM
technology and the uplink data flow uses the TDMA technology.
GPON defines the GEM frame format to encapsulate the uplink and downlink data
flow. The encapsulated GEM frames and the overhead bytes at the physical layer
form the GTC frames, which are transmitted between the OLT and ONU.
To schedule the uplink bandwidth, GPON uses T-CONTs as the bandwidth
scheduling units.
Target
The single fiber duplex transmission mechanism implements high efficient
transmission of both uplink and downlink service flow, and supports finer bandwidth
management.
17
Figure 1-2
The GEM header field consists of PLI, Port ID, PTI, and HEC. PLI indicates the
loading length, Port ID identifies the GEM frame, PTI indicates the GEM frame type,
and HEC is used to verify the header field. The GEM loading length can customized.
Since PLI is only 12 bits, the maximum loading length is 4095 bytes.
Figure 1-3 shows the method of encapsulating an Ethernet frames to a GEM frame.
For the methods of encapsulating other frames to GEM frames, refer to the GPON
standard.
Figure 1-3
After the data flow is encapsulated to GEM frames, multiple GEM frames are
encapsulated to a GTC frame.
filet-0000973721_A-036FE9D4_EncapsulatingGEMFramesToAGTC129_29
Figure 1-4 shows the downstream GTC frame format.
18
Figure 1-4
19
Figure 1-6
PLOu indicates the uplink physical layer overhead of the ONU. Each Allocation
interval indicates a T-CONT upstream timeslot. ONU sends the data in the
T-CONT queue to the OLT during this timeslot. The BWmap field in PCBd of the
downstream frame defines the upstream starting time and end time of each
T-CONT.
Note:
The data of multiple GEM ports can be mapped to the same T-CONT.
In the GPON system, the downstream data flow of the OLT PON port is distributed
to different logical channels according to the GEM Port-IDs. The ONU filters the
downstream data according to the GEM Port-IDs, and it handles its own GEM data.
The data from one GEM Port-ID can be received by multiple ONUs to transmit
downstream broadcast or multicast data, as shown in Figure 1-7.
20
Figure 1-7
In the upstream direction, the data of multiple GEM Port-IDs can be converged to
one T-CONT. In the T-CONT upstream timeslot, the ONU sends these GEM
frames to the OLT. The OLT determines the scheduling between multiple GEM
Port-IDs in the same T-CONT. Figure 1-8 shows the upstream data transmission
mechanism.
21
Figure 1-8
1.2.2
OAM
Description
GPON OAM function includes three parts:
Embedded OAM and the PLOAM channel manage the functions of PMD, and
on the GTC layer.
Target
22
23
OLT can implement the following management functions through the OMCI
channel:
1.2.3
Description
GPON OLT applies embedded OAM and PLOAM channel to search ONUs
periodically. When it gets a legal ONU, it allocates corresponding ONU-ID and
measures the distance. After it successfully measures the distance, it registers the
ONU through PLOAM channel if necessary. After the successful registration, it
configures and manages services through the OMCI management channel just
set.
Target
GPON OLT is used to access and control the ONU.
24
25
Figure 1-12 The registration and authentication process of the GPON ONUs
26
After receiving the downstream GTC frame, the ONU clears the local
LOS/LOF, and the state is changed from O1 to O2.
After receiving the Upstream_Overhead PLOAM message, the ONU set the
preamble, delimiter, and equalization delay of the upstream frame according to
the message content, and the state is changed from O2 to O3.
The OLT uses the BWMap field of the downstream GTC frame to open a
public quiet window. All the unregistered ONUs can send their serial numbers
to the OLT through this quiet window.
The ONU sends its serial number to the OLT in the Serial_Number_ONU
PLOAM message.
After receiving the ONU serial number, the OLT assigns an ONU-ID to the
ONU through the Assign_ONU_ID PLOAM message.
The ONU receives the Assign_ONU_ID PLOAM message, and the state is
changed from O3 to O4.
27
The OLT uses the BWMap field of the downstream GTC frame to open an
upstream quiet window for the ONU-ID. The ONU sends its serial number to
the OLT through the quiet window.
The ONU sends its serial number to the OLT in the Serial_Number_ONU
PLOAM message.
After receiving the ONU serial number, the OLT calculates the ONU distance
and equalization delay, and sends the equalization delay to the ONU in the
Ranging_Time PLOAM message.
After receiving the Ranging_Time PLOAM message, the ONU sets its
equalization delay, and the state is changed from O4 to O5.
The ONU sends its password to the OLT in the Password PLOAM message.
The ONU password is verified, The OLT delivers the Configure Port-ID
PLOAM message and configures the ONU OMCI management channel.
The ONU sets the OMCI management channel. The OLT can perform service
configuration and management through this channel.
1.3
Key Technologies
1.3.1
Description
The authentication security method is used to configure the username/password to
establish a session between a client and server.
Target
The authentication security method includes validation schemes as follows:
28
Disable
The ONU supports the session between the client and server by the
configured validation parameters.
Basic Theory
The OLT configures the parameters of authentication security method by OMCI
messages according to the G.984.4 9.12.4 authentication security method.
The ONU implements the validation according to RFC2617.
The authentication security method defines the user id/password configuration to
establish a session between a client and a server. This object may be used in the
role of the client or server. An instance of this managed entity is created by the
OLT if authenticated communication is necessary.
Relationships
Attributes
Managed entity id: This attribute uniquely identifies each instance of this
managed entity. The value 0xFFFF is not valid. (R, Set-by-create) (mandatory)
(2 bytes)
29
Validation scheme: This attribute specifies the validation scheme used when
the ONT validates a challenge. Validation schemes are defined as follows:
Validation disabled
Username: This string attribute is the user name. If the string is shorter than 25
bytes, it must be null terminated. (R, W) (mandatory) (25 bytes)
Password: This string attribute is the password. If the string is shorter than 25
bytes, it must be null terminated. (R, W) (mandatory) (25 bytes)
Realm: This string attribute specifies the realm used in digest authentication. If
the string is shorter than 25 bytes, it must be null terminated. (R, W)
(mandatory) (25 bytes)
Solution
The solutions are as follows:
1.3.2
30
Description
The dynamic bandwidth allocation of GPON is that the OLT dynamically allocate
uplink transmission time slot for ONU according to the transmission buffer
occupancy ratio.
Target
It is to implement the dynamic allocation of GPON uplink bandwidth.
Features& Specification
ZXA10 C300/C320 supports the following features:
31
Builds the BWmap field for the downstream frame according to the upstream
bandwidth value and store it in the BWmap table.
The OLT can set the queue scheduling policy on ONU T-CONT through
management channel, as shown in
Figure 1-13
Figure 1-13.
The OLT can obtain the occupied state of T-CONT logical cache by two ways:
The OLT continuously monitor the T-CONT upstream flow, and speculate the
current occupied state of the T-CONT logical cache according to the
fluctuation condition for corresponding bandwidth allocation. The DBA
implementing this method is known as TM-DBA.
The OLT can require ONU to report current occupied state of each T -CONT
logical cache for corresponding bandwidth allocation. The DBA applying this
method is known as SR-DBA.
32
Best-effort bandwidth: It is of the lowest priority and is allocated after the fixed,
assured, and non-assured bandwidth are allocated.
1.3.3
Data Encryption
Description
Data Encryption is to encrypt the downstream service data.
Target
As GPON is a point-to-multipoint system, the encryption on the downstream data
can prevent the data sent to an ONU being wiretapped to ensure user data
security.
33
OLT delivers Request_Key PLOAM message to request ONU for a new key.
OLT saves the new key locally and delivers Key_Switching_Time PLOAM
message to inform the ONU of the activation time of the new key.
ONU configures the activation time of new key and transmits a confirmation
message to the OLT through Acknowledge message PLOAM.
34
At the activation time of the new key, the OLT encrypts the downstream data
with the new key, then delivers it to the ONU.
The ONU uses the new key to decipher downstream data to obtain effective
data.
1.3.4
FEC
Description
FEC is to encode transmission data according to a certain algorithm to add extr a
redundant bit.
Target
FEC technology has the following functions:
35
The original data is reserved when FEC based on the block is applied. Therefore,
even the opposite port does not support the FEC, the original data can be
processed by ignoring check bits.
Figure 1-15 shows the downstream frame with FEC code
Figure 1-15
Figure 1-16
1.4
1.4.1
36
After configuring ONU to manage IP, users can directly log on the ONU to manage
through in-band modes: such as SNMP, Telnet, Web etc
1.4.2
Port Isolation
Port isolation is to prevent layer 2 interworking among ONU user ports to strengthen
the network security.The ONU bridge port allows local exchange or not by
Configure a bridge to allow or block the local exchange
1.4.3
ONU Auto-Delivery
Auto-delivery is to save ONU service data on OLT while ONU does not need the
service data. When the ONU goes online, the OLT automatically deliver remote
management data to the ONU to ensure normal services. The implementation of
the unified management of the OLT on the ONU is convenient to maintain and
replace the ONU.The system automatically delivers the configuration to the ONU
while the ONU goes online again.
OLT re-set the local configuration of the ONU after the an ONU goes online at the
first time, then it deliver the configuration to the ONU. If the ONU goes online again,
the OLT and ONU maintains a counter respectively. When the ONU goes online
again, the OLT compares the two counters. If the counters are different, use the
OLT configuration to reset the local configuration of the ONU. If they are the same,
it is unnecessary to reset the configuration.
1.4.4
E1 Port Configuration
Configure the ONU E1 port through OMCI, ZXA10 C300/C320 supports E1 port
enable/disable function.E1 supported ONUs can be configured to enable or disable
E1 port.
1.4.5
37
After configuring port MAC address binding, only the packets with source MAC
of bound MAC can pass. The packets with other source MAC is to be
discarded.
After configuring port MAC filtering, the packets with the source MAC of the
filtered MAC is to be discarded.
1.4.6
The static MAC address must not age or learn after configuration.
Forward the packets upstream. The downstream packets flood because they
fail to find the forwarding port.
1.4.7
Multicast Configuration
Configure controllable multicast on ONU through OMCI.
ZXA10 C300/C320 supports the following features:
38
Fastleave function.
IGMP Snooping
IGMP Snooping considers that Layer2 switch is between the host and the
router (Layer3 switch). Between the router and the host, IGMP establishes
the relation between the IP multicast group and router members . The router
transmits a Query packet to all the ports to query which host to join. The host
transmits a Report packet to the router after the host receives the Query
packet to inform the router the host IP address which intends to join. When the
IGMP packets is interacting, the router uses a specific type D multicast IP
address of 224.0.0.1 to transmit the Query packet and the host uses a specific
type D IP address of 224.0.0.2 to transmit the Report packet. The MAC
address that the two IP addresses maps is unique. Therefore, the Layer2
switch traps the Ethernet frame of the two multicast MAC address which the
Layer2 switch receives, then the CPU defames the Ethernet frame to be
IGMP packet. Processing the IGMP packet is to get the relation between the
IP multicast group and the switch port and map it to be the relation between
the MAC multicast group address and the switch port. The IGMP Snooping
module processes the Query packets from the router and ana lyzes its
multicast source, and forwards it to other ports of the same VLAN. The IGMP
Snooping also receives Report and Leave packets from other hosts, analyzes
the members of the multicast group, and forwards the frame all the ports of the
same VLAN.
39
Controllable Multicast
The OLT identifies the user on the port according to the use's LLID or the
VLAN ID carried by the upstream IGMP Join packet. It judges whether the user
has the authority and parameters to access the applied multicast services. The
OLT transmits the authority to access the multicast channel to the ONU
through the extended OAM packet controlled by the multicast. Then the ONU
forwards or shuts down the multicast service traffic of the user on this port.
Multicast VLAN
1.4.8
40
802.1p mapping service: Map the Ethernet data frame to different Gemport
according to the 3 bit priority field in the Ethernet data frame.
Flow: The service in ZXA10 C300/C320 GPON obtains a flow according a certain
mapping rules.
Complete Layer-2 service on ONU according to the service model specified by
G984.4 standard.
1.4.9
41
Figure 1-17
Activate the version after downloading the version to the ONU, as shown in Figure
1-18
42
Figure 1-18
2 XG-PON1 Feature
2.1.1
Introduction
XG-PON1 is the next-generation evolution of GPON, therefore XG-PON1 scenarios
is similar with GPON scenarios. XG-PON1 is the technology used for
10-gigabit-capable passive optical network systems a family of flexible access
network systems that operate over a point-to-multipoint optical access infrastructure
at the nominal data rates on the order of 10.0 Gbit/s in downstream direction, while
providing a wide range of broadband and narrow-band services to the end-users.
43
XGPON is accordance with ITU-T G.987 series standard The downstream rate of
XGPON1 is 10Gbit/s, and the upstream rate is 2.5Gbit/s.
Table 2-1 shows the technical Difference between G-PON and XG-PON1
XG-PON1
Standard
G.984
G.987
DS2.5Gbps
DS10Gbps
US1.25Gbps
US2.5Gbps
Split Ratio
1:128
1:512
Line code
NRZ
NRZ
Operating wavelength
DS
DS 575-1580nm
1480-1450nm
US 1260-1280nm
US
1290-1330nm
Max Distance/ Differential Distance
20km/20km
40km/40km
60km/20km
60km/60km
Encapsulation Method
GEM
XGEM
FEC
RS(255, 239)
DS RS(248,216)
Distance
US RS(248.232)
Encryption
DS AES
DS/US AES
Multicast Encryption
No Support
Support
OMCI
Fix length
Multiple PLOAM messages are transmitted into one downstream XGTC frame,
which increases PLOAM channel capacity.
44
Decouple of FEC and bandwidth on the ONU side to reduce ONUs cost.
Doze and cyclic sleep power saving modes to decrease power consumption
on the ONU side.
The basic principle of co-existence of XG-PON1, G-PON and RF video in the same
ODN prototype is shown in Figure 2-1
Figure 2-1
WDM1r
45
Figure 2-2
2.1.2
Parameter of WDM1
Each XG-PON1 line card can provide eight 10G gigabit-capable passive optical
network(GPON) ports.
Each 10G GPON port supports 256 optical network units (ONUs).
Each 10G GPON port supports 8192 XGPON encapsulation mode (XGEM) ports.
OLTs use AES-128 to transmit key ciphertext. AES is the acronym for Advanced
Encryption Standard.
46
OLTs support the function for querying 10G GPON optical module parameters,
such as temperature, bias current, voltage, and receive optical power.
Introduction
Point-to-point (P2P) GE/FE optical access means the point-to-point FTTX access based
on the combination between its P2P GE/FE optical access card and the P2P GE/FE
terminal devices. ZXA10 C300/C320 provides point-to-point (P2P) Ethernet optical
access with GE/FE ports and coordinates with downstream devices to implement various
optical access solutions for users. The scenarios include FTTC/FTTB, FTTO, and
FTTCell
The P2P card in ZXA10 C300/C320 uses WDM technology. It uses single optical fiber for
sending and receiving. Therefore, it is greatly suitable for those occasions that access
layer is in great demand of optical fibers and optical fibers are in short, to achieve device
interconnection. The P2P card can save a large number of optical fiber resources and
thus reduce the network construction cost. To meet the requirement of connection with
the normal GE/FE Ethernet interface of the downlink equipment. In addition, the P2P
card can also use the dual-fiber SFP optical module to implement the normal GE/FE
Ethernet interface, therefore, the number of each card decrease to half. The P2P card is
mainly applied in the following scenarios:
FTTH
As an access scenario, the P2P card is connected to an P2P ONU to implement FTTH
application, The FTTH solution implemented through GE P2P optical access can provide
a higher bandwidth for users, thus meeting the requirements of high-end users. Because
each user exclusively possesses an optical fiber, he can be provided the most reliable
optical-layer security isolation.
FTTO/B
47
Through P2P access for FTTO application, it provides enterprise user with higher reliable
dedicated line and VPN services. The OLT is connected to enterprise SBUs through GE
P2P Ethernet optical access. The SBUs are connected to user terminals through FE,
POTS, or Wi-Fi. QinQ VLAN encapsulation is implemented on the SBUs and the OLT. In
this way, transparent and secure places, and thus the service data and BPDUs between
the enterprise private networks can be transparently transmitted over the public network.
FTTO is applicable to enterprise networks. In this scenario, FTTO implements TDM PBX,
IP PBX, and private line service in the enterprise intranets
FTTC
The P2P card provides Ethernet FTTC access which is subtended to mini-OLT/DSLAMs
and hence reduces the cost of networking in order to converge a large number of users
with the features such as inter-board aggregation, smart link, and ring check.
FTTcell
The P2P card can provide connection to base stations directly or through P2P ring. To
meet the backhaul requirement, it provides the synE/IEEE 1588V2 features. The OLT is
connected to CBUs or base stations through GE/FE P2P Ethernet optical access. The
OLT connects wireless base stations to the core IP bearer network through optical
access technologies. This implementation mode is not only simpler than traditional
private network technologies, but also drives down the costs of base station backhaul.
FTTCell is applicable to reconstruring and capacity expansion of mobile bearer networks.
In this scenario, FTTCell converges the fixed network and the mobile network on the
bearer plane
3.2
Each P2P card supports a maximum of forty-eight GE/FE optical ports which is
compliant with IEEE802.3-2008 and ITU-T G.985/G.986.
48
The P2P interface support LACP/MSTP, the LACP function can support for those
ports of inner-card and inter-card
The P2P card provides multicast function such as IPv4 ASM, IPV4 SSM,IPV6
ASM,IPV6 SSM
The following IP security function can be supported in P2P card: DHCPV4 Snooping,
DHCPV6 Snooping, IPv4 source guard, IPV6 source guard, ND Snooping.
The port location can support PPPOE+,DHCPV4 L2 relay agent; DHCPV6 L2 relay
agent, and ND LIO;
The ACL function includes IPV4 ACL, IPV6 ACL, ACL can support traffic monitoring,
traffic statistics, VLAN, COS and DSCP modification,
The QOS function includes port+VLAN policing, port+VLAN shaping, DSCP to COS
mapping, etc.
Description
MAC address management is a basic Layer 2 management.
Target
49
The system ages dynamic MAC addresses to ensure timely updates of the MAC
address table. If the MAC address table is full and not updated, the system will fail to
learn new MAC addresses and will consequently fail to forward data.
By limiting the number of learnable dynamic MAC addresses, the system
administrator can limit the number of MAC addresses that enter the network and
hence alleviate the load of network devices.
By configuring static MAC addresses, the system administrator denies access to
unauthenticated users.
4.1.2
Table 4-1
Function
Dynamically
learning MAC
addresses
50
Description
The system learns the source
MAC address and outer VLAN ID
in accordance with the ingress
service flow, and generates a
MAC address table, which is used
as the basis for service
forwarding.
Remarks
The line rate learning is
supported. The MAC address
can be learnt successful even
when the traffic is too high.
The maximum number of
MAC addresses of the SCXN
board is 64K (65535), and that
of the SCTM board is 256K
(262144). For the GTGO
Function
Description
Remarks
board, the maximum numbers
of MAC addresses of each
PON interface and the PON
board are all 16K. For the
GTGH board, the maximum
number of MAC addresses of
each PON interface is 16K,
and that of the PON board is
32K.
Querying MAC
addresses
51
Function
Statically setting
MAC address items
Description
The system supports statically
setting MAC address items and
manually setting the MAC address
table based on the uplink interface
and user interface.
Remarks
The static MAC address table
does not age with the aging
period of MAC addresses.
The static item of the same
MAC address and VLAN must
be unique in the global OLT.
Deleting MAC
addresses
4.2
4.2.1
VLAN
Overview
Description
Layer 2 switching uses the Media Access Control (MAC) address from the host's
Network Interface Cards (NICs) to decide where to forward frames. Layer 2 switching is
hardware based, provides wire speed and low latency. Layer 2 switch can be treated as
a multiport bridge. Layer 2 switching is commonly used in LAN communications.
VLAN switching is based on Layer 2 switching, and VLANs are identified by VLAN IDs.
Data with the same VLAN ID can be forwarded through L2 switching, and data with
different VLAN IDs is separated from each other. The VLAN technology ensures that
broadcast data and flood data would not be forwarded to all the other ports and reduces
the traffic load. Data with different VLAN IDs cannot be interworked, so the data security
is improved. In network planning, the Per User Per VLAN (PUPV), Per Service Per VLAN
(PSPV), or Per User Per Service Per VLAN (PUPSPV) methods can be used for
separated control of users or services.
The IEEE 8021.Q standard adds a tag field (four bytes) to an Ethernet frame.
IEEE802.1Q does not actually encapsulate the original frame. Instead, for Ethernet
frames, it adds a 32-bit field between the source MAC address and the
52
EtherType/Length fields of the original frame, so the minimum and maximum frame sizes
from 64 and 1,518 bytes (octets) to 64 and 1,522 bytes.
Figure 4-1
IEEE802.1Q format
Table 4-2
IEEE802.1Q header
16 bits
TPID
3 bits
PCP
1 bit
TCI/DEI
12 bits
VID
Tag Protocol Identifier (TPID): a 16-bit field set to a value of 0x8100 in order to
identify the frame as an IEEE 802.1Q-tagged frame. This field is located at the
same position as the EtherType/Length field in untagged frames, and is thus used
to distinguish the frame from untagged frames.
Priority Code Point (PCP): a 3-bit field which refers to the IEEE 802.1p priority.
It indicates the frame priority level. Values are from 0 (best effort) to 7 (highest);
1 represents the lowest priority. These values can be used to prioritize different
classes of traffic (voice, video, data, etc.). See also Class of Service or CoS.
Drop Eligible Indicator (DEI): a 1-bit field. (formerly CFI) May be used
separately or in conjunction with PCP to indicate frames eligible to be dropped
in the presence of congestion.
VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs.
The hexadecimal values of 0x000 and 0xFFF are reserved. All other values may be
used as VLAN identifiers, allowing up to 4,094 VLANs. The reserved value 0x000
indicates that the frame does not belong to any VLAN, it referred to as a priority tag.
53
On bridges, VLAN 1 (the default VLAN ID) is often reserved for a management
VLAN; this is vendor-specific by default
As the numbers of VLAN users and services keep increasing, 4094 VIDs cannot meet
the service requirements. Therefore, on the basis of IEEE 802.1Q, the IEEE 802.3ad
standard defines the concept of double-tag. IEEE802.1ad adds double tag field between
the source MAC address and the EtherType/Length fields of the original frame.
Double-tag can be useful for Internet service providers, allowing them to use VLANs
internally while mixing traffic from clients that are already VLAN-tagged. The outer (next
to source MAC and representing ISP VLAN) S-TAG (service tag) comes first, followed by
the inner C-TAG (customer tag). S-TAG VID and C-TAG VID can be combined as a
unique identifier. IEEE 802.3ad increases the number of VIDs to 4094 4094.
Figure 4-2
The ZXA10 C300/C320 may use the following concepts related to VLAN listed as Table
4-3
Table 4-3
Concept
VLAN
VLAN concepts
Description
A general term for common VLANs,
including multiple VLAN modes and
scenarios.
Remarks
When a service flow is
identified by VLAN, it
indicates that the service
flow carries an 802.1Q
domain for differentiation
from untagged data.
When a port is identified by
VLAN, it indicates that the
port can receive and send
data carrying an 802.1Q or
54
Concept
Description
VLAN ID
C-VLAN
S-VLAN
User-VLAN
Untag
Untagged
C-VLAN
S-VLAN
C-PCP
S-PCP
TLS
Remarks
802.3ad double-tagged
field.
The range of VLAN ID
defined in 802.1Q is 1-4094,
while in 802.3ad, S-TAG
VID and C-TAG ID are
combined into a VLAN ID
with the range of 1 to
40944094.
Normally, a C-VLAN
indicates a user or service
type.
A unified S-VLAN is added
for users or services with
the same features, and
forwarded from an OLT port
to the corresponding router.
Normally, an S-VLAN
indicates a Service Provider
(SP).
The VLAN ID may be
carried by the service, or
added or converted by an
ONU based on the
configuration.
Normally, the VLAN ID of a
downlink service flow may
be deleted.
Defined in TR-101
55
Target
It enable the carries network to support multiple service which could identify specific
subscribers and services.
The VLAN function complies with BBF TR156/TR167 standards.
The ZXA10 C300/C320 supports the following VLAN processing rules, which are
applicable to uplink services. For downlink services, the corresponding user -side
interfaces need to be located based on the S-VLANs and destination MAC addresses.
The down link services are then reversely converted according to the VLAN processing
rules of the user-side interfaces. The service flows whose VLAN processing rules cannot
be located will be discarded.
The following figure shows the detailed VLAN functions in ZXA10 C300 /C320 as listed in
Table 4-4 :
Table 4-4
56
VLAN funtions
Uplink
Service
Untag
Classification Rule
Processing Rule
Remarks
Untag
Untag
Untag + Ethtype
Priority tag
Priority tag
Uplink
Service
C-VLAN
Classification Rule
C-VLAN ID or C-VLAN
ID range
C-VLAN ID (or
C-VLAN ID range) +
Ethtype
C-VLAN ID (or
C-VLAN ID range) +
C-VLAN PCP
Processing Rule
added.
Or C-VLANs, C-PCPs,
S-VLANs, and S-PCPs are
added.
Packets are transparently
transmitted or discarded.
C-VLANs are changed.
C-VLAN PCPs are modified.
S-VLANs are added, and
C-VLAN PCPs are copied to
S-VLAN PCPs.
S-VLANs are modified and
added, and C-VLANs or
S-VLAN PCPs are modified.
Packets are transparently
transmitted or discarded.
C-VLANs are changed.
C-VLAN PCPs are modified.
S-VLANs are added, and
C-VLAN PCPs are copied to
S-VLAN PCPs.
S-VLANs are modified and
added, and C-VLANs or
S-VLAN PCPs are modified.
Packets are transparently
transmitted or discarded.
C-VLANs are changed.
C-VLAN PCPs are modified.
S-VLANs are added, and
C-VLAN PCPs are copied to
S-VLAN PCPs.
S-VLANs are modified and
added, and C-VLANs or
S-VLAN PCPs are modified.
Packets are transparently
transmitted if service VLANs
are consistent with port
VLANs. Or unified S-VLANs
and S-VLAN IDs are added
Remarks
C-VLAN or C-VLAN
PCP modification is
not supported if
services are
classified by the
C-VLAN ID range.
C-VLAN or C-VLAN
PCP modification is
not supported if
services are
classified by the
C-VLAN ID range.
C-VLAN or C-VLAN
PCP modification is
not supported if
services are
classified by the
C-VLAN ID range.
The processing
rules comply with
TR-101.
57
Uplink
Service
Classification Rule
Processing Rule
Remarks
4.2.2
Description
ZXA10 C300/C320 supports the VLAN service to isolate layer-2 subscribers to
access the network. The network and user side of ZXA10 C300/C320 are
configured with the same VLAN to forward packets to each other and keep the
data independent between VLANs.
IEEE 802.1Q
The basic VLAN service is simple. In the upstream direction, the ONU packets
have VLAN tags (configured through the home gateway or user interface by
default). The packets are sent to the main control and switching card through the
GPON card for VLAN tagging and MAC address learning. The first broadcast
packet is transmitted in flooding mode and then forwarded to the uplink port
(configured with the same VLAN tag) of the uplink card and then to the uplink
device.
In the downstream direction, the GPON card is found based on the user VLAN tag
and the destination MAC address. The packets then send to ONU and ONU will
match the original Tag or Untagged format.
58
4.2.3
VLAN Translation
Description
With the development of Triple Play, access devices are required to support more
services such as the Internet, VoIP and IPTV services. A subscriber can access
these services through one home gateway device.
Carriers want to simplify the home gateway configuration. At the meantime the
access devices (ONUs or OLTs) are required to identify different subscribers and
services, and implement N:1 VLAN translation or 1:1 VLAN translation.
1:1/N:1 VLAN translation is applicable per user /service/ VLAN. All the service
types (based on different VLANs) with each user are translated to different VLANs.
It is applicable for the single-edge and multi-edge networking, as shown in Figure
4-3
The GPON system works in the following procedures: When there is no home
gateway, ONU adds VLAN tag for each service and user. When there is a home
gateway, the home gateway configures different VLAN tags for different services.
After the ONU sends packets to the OLT, OLT implements 1:1 VLAN translation.
Each service of individual user is identified with a VLAN tag. The OLT can add an
external VLAN tag in order to distribute the traffic under the multi-edge condition.
For the downstream traffic, the OLT needs to implement the forwarding based on
VLAN ID or VLAN ID+MAC.
59
Figure 4-3
A indicates to implement 1:1 translation for the VLAN which VoIP belongs to
when stripping the GEM port ID, add the external VLAN, and then transmit it.
B indicates to implement 1:1 translation for the specific service VLAN (such
iTV), add the external VLAN, and then transmit it through the specific SNI as
required.
4.2.4
VBESor TLS
Description
VBES stands for VLAN for Business Ethernet Services. The traffic at the ONU UNI
interface can be untagged, tagged, double-tagged or priority-tagged. For TLS, the
required implementation is for the ONU to always add an S-Tag or translate an
incoming S-Tag to a new S-Tag, on upstream traffic.
60
4.2.5
Selective Q-in-Q
Description
Selective Q-in-Q is the function that adding the outside VLAN Tag based on the
user packet VLAN tag and the given user port (GEM port in GPON).
Selective Q-in-Q is used with 1:1 VLAN translation for per user/ service/ VLAN.
In the upstream direction, the user packet with single VLAN tag is received. On
the user port, OLT find the select Q-in-Q rule by the VLAN tag and the user
port. If the rule is found, OLT adds the outside VLAN to the user packet and
forwards it to the NNI side.
61
In the downstream direction, the packet with S+C VLAN tag (Double VLAN tag)
is received on NNI port. Then the OLT forwards the packet to the user port with
1:1 or N:1 VLAN forwarding mode. Furthermore, on the user port of the OLT
will find the select Q-in-Q rule by the S+C VLAN tag plus user port. If the rule is
found, the OLT will remove the outside VLAN of the user packet and then send
out.
4.2.6
VLAN Forwarding
Description
N:1 and 1:1 VLAN Forwarding are the different ways to forward packets in Layer 2
devices.
N:1 VLAN forwarding mode is the common VLAN + MAC translation mode in
layer-2. Single VLAN can be associated with more than one user port and uplink
port. Firstly when the packets are received, the source MAC address and VLAN
will be learned and contribute to the MAC forwarding table. The next step is to
search the destination port in the MAC forwarding table based on destination MAC
and VLAN ID. If the destination port is found then forward the packets to the
destination port otherwise the packets is flooded.
1:1 VLAN forwarding mode forwards the packets only based on the VLAN ID. In
the upstream direction, the packets are transparently transmitted to the designated
uplink port. In the downstream direction, the packets search the destination port
from the 1:1 VLAN forwarding table and forward to that port.
According to the 1:1 VLAN forwarding mode, it is unnecessary to act the MAC
address learning.
62
5 Ethernet OAM
5.1
Introduction
Description
Ethernet has been widely deployed because its economic, interoperable and feasible.
Since the Ethernet, especially 10Gbit/s Ethernet standards getting matured, the
technology has penetrated to MAN (Metro Area Network) and WAN (Wide Area Network)
as the carrier-class transport network to cater for multi-service requirements. In MAN and
WAN, there are various types of subscribers who need to be supported by end -to-end
services from several different carriers network. People therefore will face more
challenges on its extensibility, reliability, security and manageability while Ethernet is
widely deployed. Today the most popular Ethernet OAM standards including: IEEE
802.3ah, IEEE 802.1ag and ITU-T Y.1731.
Target
Ethernet OAM solution includes two aspects: one is called Link Level Ethernet OAM
according to IEEE 802.3ah. It can realize automatic neighbor discovery, link fault
detection, link failure indication, and link loop test etc; the other one is called Service
Level Ethernet OAM according to 802.1ag/Y.1731. It can realize end-to-end performance
measurement for connection monitoring, failure indication, frame delay measurement
and frame loss measurement etc.
Function
Scenario
Defined by
detects
IEEE
and
802.1ag, CFM
locates
Ethernet
to
monitor
the
63
Feature
Function
following
Scenario
functions:
Connectivity
EFM
is
used
Ethernet
links
for
physical
between
two
monitoring
performance
and
quality
the
and
Measurement
(LM),
Measurement
(DM),
frame
Delay
and
frame
of
network
64
Supports 802.3ah for V-cut boards/P2P boards, and emergency link detection
5.2
5.2.1
Description
Link Level Ethernet OAM is the tactics for link fault detection, link failure indication
and fault recovery processing in Point-to-Point Ethernet link.
Target
Users could achieve the Ethernet network management with the minimum cost in
Point-to-Point Ethernet level, which means to provide with connection monitoring,
failure indication and link loop test for link automatic protection switch.
Abbreviations
OAM
5.2.2
65
Solution
Initially peer end devices will need to start the Link Level Ethernet OAM
protocol discovery process, the active side device will send out the Discovery
frame of the protocol from OAM port to negotiate the parameters with the
passive side device.
Link Level Ethernet OAM defines a series of process for response the link
operation consists of remote equipment communication mechanism. Through
the defined events, the local device will report the Link Event Notification to the
remote OAM client and provide the explicit Event Notification messages.
Link monitoring function are for detecting and indicting link faults under a
variety of circumstances. Link monitoring uses the Event Notification
OAMPDU, and sends events to the remote OAM entity when there are
problems detected on the link, The error events defined in the standard are:
66
Errored Symbol Period, Errored Frame, Errored Frame Period, Errored Frame
Seconds Summary.
OAM provides an optional data link level loopback mode for initiating remote
control. When the remote device under the OAM remote loopback mode, it can
query and compare the local and remote devices statistics at the random time.
Through analyzing the OAM sub- layer remote loopback message, it can
ensure the status of the link connection.
5.3
5.3.1
Description
This standard is dedicated for providing point-to-point management for service
provider's network which allows service providers to manage independent services
for individual subscriber. For the "service" level to manage, detect, identify and
isolate connectivity failure, the standard provides the facilitated and efficient
functions for prompt fault detection, testing and management.
67
Supports 16 MD
Support 64 MA
Support 512 MEP, MEG End Point
Support Y.1731 Service Level Ethernet OAM function, support functions as below:
Support AIS, Alarm Indication Signal
Support DM, Delay Measurement
Support LM, Loss measurement
supports six frequency levels to send CCM frames, the 3.3ms is fast time interval
support ETH-LCK, Ethernet Lock signal function
support ETH-Test, Ethernet Test function
support Availability Performance function according to MEF 10.2.1
Abbreviations
1DM
AIS
APS
CCM
CE Customer edge
CoS
Class of service
68
DMR
ETH
ETH-AIS
ETH-APS
ETH-CC
ETH-DM
ETH-LCK
ETH-Test
LBM
Loopback message
LBR
Loopback reply
LCK
Locked
LMM
LMR
LOC
Loss of continuity
LTM
LTR
MAC
ME Maintenance entity
MEG
ME group
MEL
MEG level
MEP
MIP
NMS
NNI
OAM
69
PDU
PE Provider edge
PRBS Pseudo random bit sequence
RDI
STP
UNI
VLAN identifier
5.3.2
70
Figure 5-2
Solution
71
Fault recovery
Network administrator operates the fault recovery, such as modify the
configuration errors, or enable STP protocol, or initiate APS.
source
transmitting/receiving
timestamp,
and
peer
MEP
transmitting/receiving timestamp.
72
For single-ended ETH-LM, the source MEP sends LMM message added with
the counters of service frames at the egress point, the peer MEP received the
LMM message, copy the original counters and also add the local counters of
service frames for ingress and egress packets, then send the LTP message
out. The source MEP receives the LMR message, cumulates the counters of
the service frames at all the interfaces, thus the source MEP will get the loss
measurement result by simply calculating the sending the receiving counters
of service frame.
By using this function, we can calculate the effective service time and total
time in a relative long period (e.g. 1h) to obtain the availability performance
results.
6 IPV4 L3 Feature
6.1
6.1.1
Introduction
IP Routing Overview
At present, carriers use VoIP to implement voice access. The ONU is built in with a
VoIP module or the ONU is connected by an IAD to access the broadband network
through the PON system.
The subscribers of different ONUs under the same OLT or different IADs under the
same ONU can realize VoIP interoperation. According to the networking plan of
most operators, the devices of access network are required to be separated from
each other. The access subscribers interoperate with each other through the uplink
73
router. Such a network has high security and is easy to be planned. The layer-2
devices are separated and they interoperate with each other through a layer-3
device.
Interoperating through layer-3 handles the ARP address resolution and packet
forwarding. The interoperating is realized in the following methods:
The uplink router enables the ARP proxy function, the OLT implements layer -2
separation, and the uplink router implements interoperating through layer-3.
The uplink router does not enable the ARP proxy function, the OLT
implements layer-2 separation, the OLT or the convergence switch enables
the ARP agent function (based on the VoIP VLAN, not for all subscribers). The
OLT takes place of the uplink router to return the MAC address of the router.
Packets are forwarded by the uplink routers on layer-3.
The uplink router does not enable the ARP proxy function, the OLT enables
the layer-3 function, that is, the OLT implements the functions of ARP proxy
and layer-3 data forwarding between the VoIP subscribers under the OLT.
Description
IP routing features refer to the condition that ZXA10 C300/C320 works for layer-3
forwarding. It uses the destination IP address of the IP packet and lookup the IP
routing table of ZXA10 C300/C320 to forward packets to the next-hop device. This
is different from the layer-2 forwarding where ZXA10 C300/C320 uses the
destination MAC+VLAN to forward packets to next-hop device. The IP routing table
can be configured in static mode or obtained dynamically through routing protocols
such as RIP, OSPF, BGP, or IS-IS.
Target
Under layer-3 networking, ZXA10 C300/C320 uses the destination IP address to
forward IP packets to the next-hop device.
6.1.2
74
Figure 6-1
Description
The routing supports the following:
Static routing
RIP
OSPF
BGP
IS-IS
75
6.2
ARP Agent
6.2.1
Introduction
Description
ARP agent includes two sub features can enable independently
MAC forced forwarding(MFF) according to RFC4562
it implements layer-2 interoperating. The OLT has no L3 interface and configures
the ARP agent to allow the VoIP subscribers under the same OLT to communicate
with each other by sending ARP reply packets with the MAC address of the uplink
router gateway.
IP-aware ARP request filtering
OLT populates a local ARP table according to DHCP snooping or static IP/MAC
bundle (also called static ARP). When OLT snooping downstream broadcast ARP
request from network side, OLT looks up local table with Target IP of ARP request
message and change its Ethernet frames destination MAC from broadcast to
unicast. It prevents ARP request from network side broadcast to all end users
Supports enable IP-aware ARP request filtering for specific VLAN subscribers
only.
76
6.2.2
Since subscribers A1 and C1 are in the same subnet, when A1 visits C1 for the
first time, it sends an ARP request broadcast packet to obtain the MAC
address of C1.
The ARP agent module intercepts the gateway MAC address, and then sends
the ARP reply packet to subscriber A1 using the gateway MAC address
instead of the C1 MAC address.
The packets that subscriber A1 sends to C1 are sent to the gateway firstly. The
gateway forwards the packets to subscriber C1. Thus subscribers A1 and C1
can communicate with each other.
Since ARP agent does not occupy the user address and does not need to enable
layer-3 interface, it is recommended for layer-2 interoperating based on specific
VLAN subscribers.
The process of IP-aware ARP request filtering is described as follows:
OLT has DHCP snooping feature enabled and populated an entry in local ARP
table that bundle A1s IP address and MAC address
OLT has IP-aware ARP request filtering enabled.
When BRAS send an broadcast ARP request to resolve A1s MAC address, OLT
looks up Target IP of ARP request and hit an entry in local table
OLT changes broadcast destination MAC with A1s MAC from the entry.
Only A1 received ARP request and replied his MAC as link-layer address
77
6.3
ARP Proxy
6.3.1
Introduction
Description
ARP proxy implements the layer-3 ARP function. The ARP proxy function needs to
be enabled on the layer-3 router for the VoIP subscribers under the same OLT to
interoperate with each other. When the layer-3 router does not enable ARP proxy
for security purposes, the OLT returns the MAC address of the uplink router
gateway, that is, the OLT enables ARP agent.
C300/C320 will create a layer-3 interface and the assigned IP address is in the
same subnet with the subscribers, and ARP proxy function is enabled on
C300/C320.
6.3.2
Since subscribers A1 and C1 are in the same subnet, when A1 visits C1 for the
first time, it sends an ARP request broadcast packet to obtain the MAC
address of C1.
78
The ARP proxy module sends the ARP reply packet to subscriber A1 using
OLT MAC address instead of the C1 MAC address, and adds a host route
entry pointing to A1 to the route table.
The packets that subscriber A1 sends to C1 are sent to the OLT firstly. Then
the OLT forwards the packets to subscriber C1. Thus subscribers A1 and C1
can communicate with each other.
When the subscriber sends an ARP request, ARP proxy returns the OLT MAC
address, while ARP agent returns the gateway MAC address.
For ARP proxy, the OLT transits data, while in ARP agent, the layer-3 gateway
router transits data.
ARP agent does not require layer-3 interface or occupy an IP address, while
ARP proxy does.
6.4
DHCP Relay
6.4.1
Introduction
Description
When a DHCP Client and DHCP servers are on different network segments,
DHCP relay is used to forward DHCP clients request to a specific DHCP server.
ZXA10 C300/C320 works as a DHCP relay on the layer-3 switch condition.
Target
DHCP relay is a general way to deploy DHCP service in the layer-3 networking
environment. DHCP servers can be collectively deployed to simplify operator
79
Each layer-3 VLAN interface can be configured with at most four DHCP
servers per group for load balance, and adopts polling modes to implement
mutual backup.
Application Scenario
When the DHCP server and the user are in different network segment, ZXA10
C300/C320 is applied to implement layer-3 switch and to run DHCP relay function,
as shown in Figure 6-2.
Figure 6-2
6.4.2
DHCP Principle-2
80
DHCP Principle-3
6.5
DHCP Proxy
6.5.1
Introduction
Description
DHCP proxy is a special form of the DHCP relay. Through ZXA10 C300/C320, the
DHCP proxy converts the originally obtained long leased time to pre-configured
short leased time and assigns it to users. It can also implements abnormal offline
test on the DHCP users.
Target
DHCP proxy is used to improve the service efficiency of IP addresses by
preventing some users from being offline abnormally, while their long leased IP
addresses cannot be recycled in time.
81
Configure short lease time for users testing on layer 3 VLAN interface.
Application Scenario
The application scenario of the DHCP proxy is consistent with the DHCP relay.
6.5.2
82
Figure 6-4
DHCP Principle-4
6.6
DHCP Option60
6.6.1
Introduction
Description
As a field in the DHCP, Option60 is used to define user ONT. ZXA10 C300/C320,
as a DHCP relay, forwards DHCP packets to different DHCP servers according to
the different Option60 fields and thereby obtains different IP addresses. Option60
is actually a special mode of DHCP relay/proxy to choose the DHCP server.
Target
Option60 is used for different ONT to forward protocol packets to different DHCP
servers according to ZXA10 C300/C320 configuration policy in the same VLAN.
83
Application Scenario
There are two types of ONT at ZXA10 C300/C320 user side: One is for VoIP, the
other is for IPTV, which are identified with Option60 fields. The ONT of the VoIP
applies addresses from the DHCP Server 139.1.1.1 and the ONT of the IPTV
applies address from the DHCP sever 160.1.1.1, as shown in Figure 6-5
Figure 6-5
6.6.2
DHCP Principle-5
84
Figure 6-6
DHCP Principle-6
6.7
6.7.1
Introduction
Description
The option82 is called the Relay Agent Information option and is inserted by the
DHCP relay agent when forwarding client-originated DHCP packets to a DHCP
server. It carries information like line identification. Servers recognizing the Relay
Agent Information option may use the information to implement IP address or other
parameter assignment policies.
Access node like OLT, DSLAM is only a bridge device and has no IP interfaces of
a Layer3 DHCP relay, while option82 is still required by DHCP server when
receiving request from same VLAN. In this case, DHCP L2RA (layer2 relay agent)
feature of OLT should be enabled to insert option82
Target
Act as a relay agent most close to DHCP client, insert option 82 in upstream and
remove option 82 in downstream
85
6.7.2
The DHCP server responds with a DHCPOFFER message after applying its
OLTs. As the information of option82 has not been recorded by those OLTs before,
the message will be dropped by those OLTs.
4. The client receives this DHCPOFFER message and it broadcasts a
DHCPREQUEST message. OLT handles this message similar to how it handles a
DHCPDISCOVER message.
5.
The server receives the DHCPREQUEST message from the client and
86
6.
DHCPDISCOVER message.
6.8
Super VLAN
6.8.1
Introduction
Description
Super VLAN is also known as VLAN aggregation. A super VLAN involves multiple
sub-VLANs. It has a VLAN interface with an IP address assigned for layer 3
communications between sub-VLANs.
Target
If Layer 3 communication is required from a sub-VLAN, it uses the IP address of
the super VLAN as the gateway IP address. Thus, multiple sub-VLANs share the
same gateway address and thereby save IP address resource.
Application Scenario
Figure 6-7 shows the super VLAN application scenario. Three subscribers use
VLAN10, VLAN20, and VLAN30 for layer 3 routing. Super VLAN100 is created,
including three sub-VLANs: VLAN10, VLAN20, and VLAN30. The sub-VLANs
share one layer 3 interface for layer 3 forwarding.
87
Figure 6-7
6.8.2
6.9
Static Routing
6.9.1
Introduction
Description
A static route is a route that is created manually by a network administrator .
Target
Static routing can implement IP route forwarding in the simple layer-3 networking.
88
6.9.2
6.10 ECMP
6.10.1 Introduction
Description
(ECMP) is a routing strategy in which the network element will assign multiple
next hops for a specific IP. The network element will load balance the traffic by the
IP header message.
Target
Equal-Cost Multi-Path (ECMP) Routing improves reliability of IP route forwarding
by multi-path load balancing and link backup.
89
Application Scenario
Figure 6-8 shows the ECMP application scenario. The ZXA10 C300/C320 works
as the layer-3 router. Two route items, pointing to two next-hops, are configured to
route the IP address 190.1.1.1. The source IP address is selected as the load
balancing algorithm for IP packets from 136.1.0.0/16 subscribers. The IP route
from the ZXA10 C300/C320 to 190.1.1.1 is ECMP.
Figure 6-8
90
Figure 6-9
ECMP Principles
6.11 RIP
6.11.1 Introduction
Description
RIP is an IGP used to transmit routing information inside an AS. RIP is based on
distance vector algorithm. It uses the hop count as its routing metric.
Target
RIP is used in small layer 3 networks with less than 16 hops to implement dynamic
IP routing learning and selection.
K (1 k = 1024) routes
Triggering update
91
Poison reverse
Split horizon
Update timer
Invalid timer
Flush timer
6.12 OSPF
6.12.1 Introduction
92
Description
OSPF is a typical link-state routing protocol, operating within a routing domain. The
routing domain refers to an AS, which is a collection of networks that exchange
routing information through a specific routing policy or protocol. In an AS, all the
OSPF routers maintain the same database presenting the AS. The database
stores the link status information on the routing domain. The OSPF calculates the
OSPF routing table through this database.
As a link-state routing protocol, OSPF sends the LSA packet to all the routers in
the same domain, while the distance-vector routing protocol router sends some or
all of the routing tables to its neighboring routers.
Target
OSPF is used for dynamic IP learning and selection in a large or medium layer-3
network containing hundreds of routers.
K (1 K = 1024) routers
OSPFv2
Neighbor setup
The router that advertises OSPF sends the Hello packet through all the OSPF
interfaces. If two routers share one link and they can negotiate the Hello
packet parameters, neighbor relationship is set up between them. If the
parameters cannot be matched, the received Hello packet is discarded, and
the neighbor relationship cannot be set up. Hello packet parameters include
93
Routing flooding
Each router sends the LSA packet to its neighbors. LSA describes the
information on all the router links and interfaces, the router neighbors, and the
link status.
When a router receives an LSA packet from its neighbor, it re cords the LSA
information in its link state database, and then sends a copy of the LSA to the
other neighbors. The LSA packet is flooded in the entire area, and all the
routers then have the same link state database.
OSPF routing flooding is reliable, and it is implemented hop by hop.
Routing calculation
Each router takes itself as the root to calculate a non-loop topology through the
SPF algorithm. This topology presents the shortest path to each destination.
6.13 IS-IS
6.13.1 Introduction
Description
Intermediate System-to-Intermediate System (IS-IS) Protocol is an intradomain
Open System Interconnection (OSI) dynamic routing protocol specified in
International Organization for Standardization (ISO) 10589. The protocol is
designed to operate in OSI Connectionless Network Service (CLNS). Data is
carried using the protocol specified in ISO 8473.
Target
The IS-IS routing protocol is a link-state protocol, as opposed to distance-vector
protocols such as Interior Gateway Routing Protocol (IGRP) and Routing
Information Protocol (RIP). Link-state offers several advantages over
94
K (1 K = 1024) routers
SNP
MD5 authentication
FRR
Neighbor setup
IS-IS hello PDU is similar to the HELLO packet in OSPF protocol, which is
responsible to form adjacency between routers, discovers new neighbors and
detects the leaving of any neighbors.
Routing flooding
IS-IS routers uses LSA to exchange routing information, set up and maintain
link state database. A LSP indicates the important information related to a
router, including the area and the connected network. SNP is used to ensure
that LSPs can be transmitted reliably.
Routing calculation
95
IS-IS protocol also uses the Dijkstra SPF algorithm to calculate routes. Based
on the link state database, it uses the SPF algorithm to calculate the optimal
route and then adds the route to IP routing table.
6.14 BGP
6.14.1 Introduction
Description
Border Gateway Protocol (BGP) is an inter-domain routing protocol used between
ASs. By means of BGP, ASs can exchange the information of network reachability
between each other. The information is a list of ASs where a route passes through,
which is sufficient to set up a diagram to indicate the connection status of the ASs.
In this way, AS-based routing selection policy is available, and BGP also solves
the problem of route loop.
Target
BGP allows you to set up an interdomain routing system that automatically
guarantees the loop-free exchange of routing information between autonomous
systems.
CIDR
Route aggregation
MD5 authentication
EBGP, IBGP
96
Idle State
It is the initial state. The BGP starts initialization after the protocol is activated.
It resets the timer, launches the first TCP connection and enters state 2.
Connect state
The BGP starts TCP connection and waits for the message of TCP successful
connection. If the connection is successful, then the BGP enters OpenSent
state. Otherwise, the BGP enters Active state.
Active state
The BGP always tries to establish TCP connection. If the connection timer
times out, then the BGP returns to Connect state. If TCP connection is
successful, then BGP enters OpenSent state.
OpenSent state
TCP connection is established already. The BGP sends the first OPEN packet
and waits for the reply from the peer. BGP examines the reply packet. If the
BGP finds error, it will send a NOTIFICATION packet and return to Idle state. If
there is no error in the reply packet, BGP will send a KEEPALIVE packet.
KEEKALIVE timer starts timing. The BGP enters into OpenConfirm state.
OpenConfirm state
The BGP waits for KEEPALIVE packet and resets the KEEPALIVE timer.
When the BGP receives a KEEPALIVE packet, it enters Established state.
Established state
97
7 MPLS Feature
7.1
7.1.1
Introduction
Description
Multi-Protocol Label Switch, MPLS operates at a layer that lies between traditional
definitions of layer 2 (data link layer) and layer 3 (network layer). In an MPLS
network, data packets are assigned labels. Packet-forwarding decisions are made
solely on the contents of this label, without the need to examine the packet itself.
MPLS supports label stacking that can build overlay network architecture that
multi-service forwarding on same bearing network.
Target
OLT here can act as a LER(Label Edge Router), and setup MPLS tunnels by IP
route topology. User services are overlaid on this IP/MPLS network by PWE3
encapsulation that includes SAToP and Ethernet mode. The MPLS service in
C300 focuses on MPLS L2VPN application including wholesale, mobile backhaul
scenarios. The Multi-Protocol Label Switch (MPLS) architecture is used for
high-speed data switching. MPLS provides network data flow with capacities such
as destination finding, routing, switching, and forwarding.
Features& Specifications
Supporting
MPLS
L2VPN
Ethernet
services,
including
VPWS
and
VPLS/H-VPLS.
98
7.1.2
FEC forwarding equivalence class, a group of L3 packets which are forwarded in the
same manner (e.g., over the same path, with the same forwarding treatment)
LSR label switching router, an MPLS node which is capable of forwarding labeled L3
packets
LER label edge router, an MPLS node that connects an MPLS domain with a node
which is outside of the domain, either because it does not run MPLS, and/or because it is
in a different domain.
99
Figure 7-2
The label stack entries appear AFTER the data link layer headers, but BEFORE any
network layer headers.
The top of the label stack appears earliest in the packet, and
the bottom appears latest. The network layer packet immediately follows the label stack
entry which has the S bit set.
100
Figure 7-3
Management Plane
SSH
Application Protocol
MPLS
stp
vlan
L2 Protocol
Data Plane
Physical Layer
TC Layer
GEM
DBA
AES/FEC
OMCI
TM/Qos
Xpon <-> ETH
xPON Subsystem
VLAN handling
MAC Management
Ipv4/Ipv6 forwarding
IP Multicast
OAM
QOS
Routing
Load balancing
Redundancy
Performance
L2vpn Processing
PW handling
Lable handling
Routing
Load balancing
Redundancy
MPLS OAM
Qos/Cos
Performance
ETH Switch/Aggregation
subSystem
MPLS SubSystem
Physical Layer
Line Adaption
Transport
OAM
101
7.1.3
7.2
7.2.1
Introduction
Description
MPLS requires a set of procedures to enhance network layer packets with label
stacks, which thereby turns them into labeled packets. Routers/OLT that supports
MPLS is known as Label Switching Routers (LSRs). In order to transmit a labeled
packet on a particular data link, an LSR must support the encoding technique
which, when given a label stack and a network layer packet, produces a labeled
packet.
Features& Specifications
Both PSN label and PW label in C300 support static and dynamic distribution.
102
7.2.2
Static LSP:
C300 can support static LSP. As a LER, C300 mainly supports the static egress
LSP.
Static PW:
C300 supports static PW by assigning static ingress or egress label.
LDP:
C300 supports LDP in accordance with IETF standards and drafts, such as
RFC3036, RFC5036, RFC4447, and RFC4762.
7.3
LDP
7.3.1
Introduction
Description
The Label Distribution Protocol (LDP) is a protocol defined by the IETF (RFC 5036)
for the purpose of distributing labels in an MPLS environment.
Target
Label Distribution Protocol (LDP) is used for two Label Switch Routers (LSR)
exchange label mapping information. The two LSRs are called LDP peers and the
exchange of information is bi-directional. LDP is used to build and maintain LSP
databases that are used to forward traffic through Multiprotocol Label Switching
(MPLS) networks.
Features& Specifications
103
Abbreviation
LSP
7.3.2
PW
Pseudo Wire
LDP
DoU
Downstream Unsolicited
DoD
Downstream on Demand
LDP General
LDP label distribution is topology-driven.
LDP has two different label distribution modes:
Independent mode: LSR can, at any time, distribute label to its peers. In this
distribution pattern, LSR would distribute label to the upstream node before
receiving labels distributed by the downstream node.
Ordered mode: The only condition for LSR to distribute label to the upstream
node is to receive labels distributed by the downstream node.
104
Liberal reservation mode: LSR keeps all label mappings received from its peer
LSR, regardless of whether the LSR is the next hop for the advertised
mapping.
Conservative reservation mode: LSR only keeps label mappings received from
its peer LSR, which is the next hop LSR according to routing.
Path Vector
Hop Count
DP Graceful Restart
C300 supports Non-Stop Forwarding (NSF) and LDP Graceful Restart in
accordance with RFC3487. GR function is started by Initial message and used to
make sure that the data flow is not broken while the main and standby boards are
switching.
C300 acts as a Restarter: While the main control board and standby board are
switching, the new main board starts a keeping timer, and keeps all MPLS
switching entries which are marked as stale. The binding relationship between
FEC and label is recovered through the interaction between Restarter and Helper.
The MPLS switching entries will be deleted when the forwarding status keeping
timer is timeout in Restarter.
C300 acts as a Helper: While the session down event is captured, Helper will mark
all MPLS entries as stale, which is learned from Restarter. These entries will be
kept for a while (The value of the Recovery Time advertised in the FT Session TLV
is set to the (current) value of the timer at the point in which the Initialization
message carrying the FT Session TLV is sent.) If LDP session restart fails during
this period, MPLS entries marked as stale will be deleted. Otherwise, these
entries will be kept for a Recovery time. And during the Recovery time, Helper
interacts with Restarter and helps Restarter recover the MPLS switch entries,
which were marked as stale. Helper would delete the stale mark after receiving
105
the same label binding information from Restarter. The remaining entries marked
as stale will be deleted after Recovery time.
The data flow would not be interrupted by the mechanism described above.
By default, Helper mode is enabled after the successful GR negotiation. And it can
also be shut down by command.
Inter-Area LSP
As the increasing applications of MPLS L2VPN/L3VPN and the extension of MPLS
network, LSPs need to be established among different PE devices located in
different IGP domains.
RFC5036 recommends that the IP address of the FEC Element should exactly
match an entry in the IP Routing Information Base (RIB). A Label Switching Router
(LSR) receiving a Label Mapping message from a downstream LSR for a Prefix
SHOULD NOT use the label for forwarding unless its routing table contains an
entry that exactly matches the FEC Element.
Therefore, MPLS LSPs between Label Edge Routers (LERs) in different
areas/levels are not set up unless the specific (e.g., /32 for IPv4) loopback
addresses of all the LERs are redistributed across all areas.
The traditional solution is IGP route leaking. As a consequence, the potential
benefits that a multi-area domain may yield are significantly diminished since a lot
of addresses have to be redistributed by ABRs, and the number of IP entries in the
IGP Link State Database (LSDB), RIB, and Forwarding Information Base (FIB)
maintained by every LSR of the domain (whatever the area/level it belongs to)
cannot be minimized. Because C300 supports LDP Extension for Inter-Area LSPs
in accordance with RFC5283, this problem can be solved by taking the
Longest-Match Label Mapping Message Procedure, as shown below:
106
Figure 7-4
Inter-Area LSP
ABR1
PE1
10.1.1.1/32
10.1.1.0/24
10.1.1.0/24
10.1.1.1
PE2
ABR2
10.1.1.1/32
16
10.1.1.2/32
16
10.1.1.1/32 16 , 10.1.1.2/32
17
10.1.1.1/32 16 , 10.1.1.2/32
17
10.1.1.2/32
PE3
10.1.1.2
This figure shows the transmission path of 32-bits IGP routes and LDP labels. In
ABR1 and PE1, FEC 10.1.1.1/32 and FEC 10.1.1.2/32 cannot find an exactly
matched route, but they can use the longest-match method to find the route
10.1.1.0/24. So the outbound interface and the next hop information of this route
are used for both FECs to distribute labels.
7.4
MPLS L2 VPN
7.4.1
Introduction
Target
C300 uses MPLS L2VPN technology to support Ethernet point-to-point Services
(E-Line)Ethernet point-to-multipoint ServicesE-Treeand Ethernet multipoint-tomultipoint ServicesE-LAN.
107
Supporting MPLS Pseudowire (PW) and FEC types 128 and 129 in
accordance with RFC3985.
Acronyms
AII
SAI
TAI
108
path or MPLS tunnel. A PW for VPWS is just like a direct link between local AC and
remote AC, which is used for transparently transmitting layer2 frames.
VPLS Instance (VSI): VPLS instance, which is used to manage AC and PW.
Forwarders: Forwarder in PE is used to choose a PW to forward packets received
from AC, and vice versa. In fact, forwarder is the MAC switching table and member
table in VPLS.
Tunnels: Tunnels are used for carrying PW. One tunnel can carry many PWs. In
general, they are MPLS LSP tunnels used for transparently transmitting frames
between local PE and remote PE.
Encapsulation: The frames transmitted through PW are encapsulated by standard
PW encapsulation format and technology. There are two encapsulation modes:
Tagged mode and Raw mode.
Pseudowire Signaling Protocol: PW signaling protocol is the base for VPWS/VPLS
implementation. This signal protocol is used for establishing and maintaining PW.
Nowadays, the main PW signaling protocol is LDP.
7.4.2
Supporting FEC 128 type and 129 type, establishing PW through LDP
according to RFC4447.
Supporting
Multi-Segment
Pseudowire
(MS-PW)
in
accordance
with
draft-ietf-pwe3-segmented-pw-15.
109
Figure 7-5
C300 supports VPLS based on LDP in accordance with RFC4664, RFC4448 and
RFC4762.
Signaling Protocol
The VPLS service in C300 uses extension LDP signaling protocol to establish
session. VPLS information is carried in TLV field in LDP packet. FEC type 128 and
type 129 are supported. Target session type is needed for non-direct connection
devices to exchange VC signal information through LDP session.
As shown in the figure above, while one VSI is configured to PE1, and PE2 is
assigned to be its peer, a label will be allocated. After successfully establishing
LDP session, PE1 will send mapping message to PE2. After receiving mapping
110
message, PE2 will check whether the same VSI exists. If PE2 has the same VSI
and the same VCID and encapsulation type with PE1, PE1 and PE2 is in the same
VPN. After checking, the PW will be established in PE2. PE2 will also send
mapping message to PE1. After receiving mapping message, PE1 will do the same
check and then PW will be established in PE1. And then, a whole PW link is
created successfully.
While the VPN between PE1 and PE2 is broken, PE1 will send withdraw message
to PE2. After receiving withdraw message, PE2 removes PW and sends back to
PE1 with release message. After receiving release message, PE1 removes PW
and withdraw label.
Frames Switching
The VPLS network can be treated as a big switch crossing MPLS cloud. It
transparently switches frames through PWs established among VPN sites. PE
learns MAC addresses and creates a MAC switching table which contains
mappings between MAC address and AC and PW while switching frames. P
device switches MPLS frames according to MPLS label only and it does not care
about layer2 customer content. C300 can be PE device. After PSN tunnel and PW
have been established, C300 maintains L2VPN VSI and MAC table and switching
frames.
MAC Addresses Management
The VSI instance in VPLS network has the similar function of L2 Ethernet switch.
The L2 switching table needs to be created and maintained. Frames switching is
done according to this table. VSI supports L2 functions such as MAC address
learning, MAC address aging and MAC address flooding.
111
VSI would learn the MAC address in frames coming from CE.
Unused MAC address entries need to be deleted. A timer will be started just after
this entry is created. And then it will be deleted upon time out.
MAC address for unicast frames would be flooded in the whole VPLS network
before it is learned. The mechanism is also applied for broadcast and multicast
frames. While flooding, all AC and PW in the same VPN will be received.
112
PE-ID and relays MAC flush messages with the received PE-ID to all its peer PE
devices in accordance with draft-ietf-l2vpn-vpls-ldp-mac-opt.
H-VPLS
Figure 7-6
H-VPLS
113
Figure 7-7
Based on the Framework for Layer 2 Virtual Private Networks of the RFC4664
C300 OLT supports the Encapsulation Methods for Transport of Ethernet over
MPLS Networks defined in RFC4448, provides high-speed Layer 2 transparent
transmission to peer PE router of VPWS.
VPWS is mainly composed of PE routers, LDP and LSP Tunnel of the MPLS.
AS PE router, C300 OLT possesses and maintains link information of Layer 2
transparent transmission connected directly to it. C300 OLT is responsible for
making and removing labels on common packet of VPN clients, so that C300
should be an edge label switch router.
LSP tunnel through MPLS network should be defined between two PE routers and
should provide Tunnel Label transparently transmitting data between two PE
routers. At the same time, direct process of LDP label distribution protocol is also
defined between two PE routers to transmit virtual link information. Among them,
distributing VC Label through matching VCID is critical.
When data packet enters C300 OLT at the port of Layer 2 transparent transmission,
C300 OLT finds the corresponding Tunnel Label and VC Label through matching
VCID. C300 OLT will put two layers labels on the data packet. External layer is
Tunnel Label indicating the route from this PE router to destination PE router.
Internal layer is VC Label indicating which corresponding router port of VCID
belongs to on destination PE router. When C300 OLT receives packets from
114
pseudo wire, C300 OLT finds the corresponding L2VPN instance, removes the
labels and sends the packets to corresponding attachment circuit.
C300 OLT monitor Layer 2 protocol state at each portWhen a fault occurs, users
can cancel VC Label through LDP label distribution protocol process so that Layer
2 transparent transmission is shut off avoiding producing unidirectional unwanted
data stream.
7.5
MPLS Redundancy
7.5.1
Introduction
Target
The Redundancy feature enables you to configure your network to detect a failure
in the network and reroute the Layer 2 (L2) service to another endp oint that can
continue to provide service.
Features& Specifications
For MPLS service, C300 mainly supports PSN tunnel fast re-route and PW
redundancy. The method of PSN re-route is LDP FRR. PW redundancy is
accomplished by referring to draft-ietf-pwe3-redundancy and
draft-ietf-pwe3-redundancy-bit draft.
Supports PW redundancy
Abbreviations
VCCV Virtual Circuit Connectivity Verification
OAM
7.5.2
LDP FRR
C300 PSN protection function relies on LDP FRR technology. In DoU mode, when
the liberal reservation mode is used, C300 learns the labels distributed by the peer
115
PE, sets up the main LSP and reserves the label information of the backup path. In
DoD mode, for multiple paths, C300 actively requests for related next hop and
reserves path label. The fast PSN LSP switchover that is, the previous active
LSP switches the traffic to the backup LSP.can be initiated in the case of link fault
through associating the static route with the fault detection mechanisms like link
status, fast BFD.
Figure 7-8
LDP FRR
As shown in the above figure, when LSR1 detects LSR2 path fault through link or
BFD, the backup LSP through LSR3 is enabled to guarantee that the service traffic
can be switched over a new available path quickly.
116
PW Redundancy
Figure 7-9
PW Redundancy
117
7.6
Load Balancing
7.6.1
Introduction
Description:
To utilize the bandwidth of multiple data links efficiently, load balancing sets up a
bunch of equal-cost routings that have a same destination.
Features& Specifications:
Support the load balancing based on ECMP (Equal-Cost Multi-Path) technology
Abbreviations:
ECMP Equal-Cost Multi-Path
LER
7.6.2
7.7
MPLS OAM
7.7.1
Introduction
118
Description
Target
To help operators to monitor, analyze, detect fault, diagnose the services in the
MPLS network. MPLS OAM functions are provided, including connectivity test of
label switching path, MPLS forwarding failure fast isolation or avoidance.
Abbreviations
AIS
BFD
CV
Connectivity Verification
ME End Points
7.7.2
LSP Ping/Traceroute
LSP ping/traceroute is a method to detect the forwarding plane failure of MPLS
LSP. It serves as a solution for fast discovery and isolation of routing black-hole.
By using the packets which belong to a specific FEC, C300 can verify the integrit y
of the LSP (from Ingress LSR to Egress LSR) which is included in the FEC, and
119
pack the belonged FECs information into MPLS ping echo request message. An
MPLS ping packet
timestamp. By handling MPLS ping requests, MPLS have the same forwarding
mechanism of the FEC packet. In "ping" mode (basic connectivity check), the
packet should reach the end of the path, at which point it is sent to the control
plane of the egress LSR, which then verifies whether it is indeed an egress for the
FEC.
Figure 7-10
LSP Ping
5
4
2
1
88.3
6
1
P2 2
PE2
CE2
P1
MPLS
PE1
CE1
2
P3
P4
P5
LER
PE3
LSR
CE3
LER
As shown in this Figure 7-10, when PE1 initiates an MPLS echo request toward the
PE2, the procedure is:
Step 1PE1 initiates an MPLS echo request toward PE2 and sends it to the
next hop P1.
to P2 along the
LSP.
Step 3: P2 receives this MPLS echo request, pops the current MPLS label
(following penultimate hop popping) and sends the packet to PE2 along the
LSP.
Step 4: PE2 receives the MPLS echo request packet, processes MPLS echo
request, returns an MPLS echo reply packet to PE1 along the backward path.
120
Step 6: PE1 processes MPLS echo reply, and provides LSP path detecting
result.
When the LSP corresponding to the detected FEC communication fails, PE1 will
not receive MPLS echo reply from PE2. Then PE1 will provide the
failure report.
121
Figure 7-11
LSP Traceroute
LSP
1
PE1
P1
P2
PE2
2
LSP
MPLS Echo Request,TTL=1
3
PE1
4
P1
P2
PE2
6
PE1
7
P1
P2
PE2
MPLS Echo Reply
Step 1: PE1 initiates an MPLS echo request toward PE2, sets value of the
MPLS label TTL to 1, and sends this request packet to next hop
P1.
Step 2: P1 receives MPLS echo request with TTL=1, decreases the TTL value
from 1 to 0, which causes timeout, then sends it up to control plane to process.
P1 searches for download mapping according to the entrance label and sends
an MPLS echo reply containing its own download mapping information to PE1
on the control plane.
Step 3: When PE1 receives the MPLS echo reply and records the information,
the PE1 initiates a new MPLS echo request with TTL=2, which contains
download mapping information gained from the MPLS echo reply, and sends
to the next hop P1.
122
Step 4: P1 receives the MPLS echo request with TTL=2, decreases from 2 to 1,
forward it to next hop P2.
Step 6: When PE1 receives the MPLS echo reply and records the information,
the PE1 initiates a new MPLS echo request with TTL=3, which contains
download mapping information gained from the MPLS echo reply, and sends
to the next hop P1.
Step 7: P1 receives the MPLS echo request with TTL=3, decreases from 3 to 2,
forward it to next hop P2.
Step8: P2 receives the MPLS echo request with TTL=2, decreases from 2 to 1,
forward it to next hop PE2.
Step 9: PE2 receives the MPLS echo request with TTL=1, decreases from 1 to
0, which causes timeout, then sends it up to control plane to process. On the
control plane, PE2 searches for download mapping according to the entrance
label, finds it is egress LER of the LSP, and sends an MPLS echo reply to PE1.
Finally, PE1 receives the MPLS echo reply, and displays the result.
When the LSP corresponding to the detected FEC communication is broken, one
of LSRs will return an MPLS echo reply with corresponding echo return code. Then
PE1 displays the result according to the echo return code in the MPLS echo reply
or whether the MPLS echo reply is missing.
According to MPLS echo reply from routers on LSP path, PE1 will return
corresponding Echo Return Code. PE1 can give out the traceroute basing on the
received Echo Return Code within MPLS echo reply.
123
load balancing at the transit devices. Once the PE-to-PE paths are discovered, use
MPLS LSP ping and MPLS LSP TRACEROUTE to periodically test them.
When executing MPLS LSP Multipath Tree Trace on the source device, the OLT
needs to find the set of IP header destination addresses to use all possible output
paths. The source device starts path discovery by sending a transit r outer a bitmap
in an MPLS echo request. The transit router returns information in an MPLS echo
request that contains subsets of the bitmap in a downstream map (DS Map) in an
echo reply. The source device can then use the information in the echo reply to
interrogate the next device. The source device interrogates each successive router
until it finds one bitmap setting that is common to all devices along the path. The
device uses TTL expiry to interrogate the routers to find the common bits.
Figure 7-12
Adr:1,4
Adr:1,2,4,15
Ad
:1
,7
~5
,13
,15
LSR120
LSR130
Ad
Ad
r :2
,15
r: 3
,5,
7
LSR140
Ad
r:4
,13
Adr:0~15
Adr:15
Adr:7,13
Adr:7
Adr:14
LSR111
LSR131
LSR141
r:
Ad
LSR101
6,
0,
1
9,
1,
,1
10
9,
8,
6
r:
Ad
4
,1
12
Adr:6,9,12,14
LSR121
LSR132
LSR142
A router load balances MPLS packets based on the incoming label stack and the
source and destination addresses in the IP header. The outgoing label stack an d
IP header source address remain constant for each path being traced. The router
needs to find the set of IP header destination addresses to use all possible output
paths. This might require exhaustive searching of the 127.x.y.z/8 address space.
Once you discover all paths from the source LSR to the target or destination LSR
with MPLS LSP multipath tree trace, you can use MPLS LSP traceroute to monitor
these paths.
124
LSR150
RFC4950), which are inserted into ICMP Time Exceeded and Destination
Unreachable messages upon timeout , original router receives the timeout
message, and analyze MPLS Label Stack Object to acquire the MPLS
encapsulation status.
an encapsulation for the VCCV control channel messages that allows the
receiving PE to intercept, interpret, and process them locally as OAM
messages
PW ping has the same mechanism as LSP ping, to detect fault on PW forwarding
plane.
8 IPV6 Features
8.1
8.1.1
Introduction
Description
C300/C320 supports all basic functions and features required by IPv6.
Target
125
C300/C320 satisfies IPoE scenarios that defined in TR177, and supports all the
IPv6 functions in accordance with the definition of Access Node in T R177.
C300/C320 satisfies PPPoE scenarios that defined in TR187, and supports all the
IPv6 functions in accordance with the definition of Access Node in T R187.
As TR-187 has no additional requirement of Access Node based on TR-101,
C300/C320 fulfilled TR-101 requirements means compliance to TR-187 too.
Glossary
Access NodeThe Access Node, as described in TR-101, is distributed between
the OLT and ONU. The OLT and ONU share the responsibility for Access Node
requirements as specified in TR-101.
126
Abbreviations
8.1.2
127
Figure 8-2
Dual-Stack architecture
IPv4/IPv6 application
TCP
IGMP
IPv4
UDP
ICMPv4
EthType:0x0800
ICMPv6
MLD
ND
ARP
IPv6
EthType:0x0806
EthType:0x86DD
Ethernet
8.2
8.2.1
Introduction
Description
Similar to IPv4 static route, an IPv6 static route is a route that is created manually
by a network administrator .
128
Target
IPv6 Static routing can implement IPv6 route forwarding in the simple layer-3
networking.
8.2.2
8.3
8.3.1
Introduction
Description
C300/C320 can add user port information in RS packets to BRAS.
Target
While the SLAAC IPv6 address allocation method is used, C300/C320 can add
user port information in RS packets so that BRAS server can locate each single
user.
129
Compliant to RFC6788
Abbreviations
BRAS broadband remote Access server
NA neighbor advertisement
ND neighbor discovery
NS neighbor solicitation
SLAAC Stateless Address Auto Configuration
RA router advertisement
RS router solicitation
LIO Line Identification Option
8.3.2
130
While the RS packets sent by customers are crossing AN, OLT tunnels those
packets inside another IPv6 packet that original packets are left unmodified inside
the encapsulating packet.
The LIO information is added as destination option in new IP datagram by OLT.
The LIO information can be used to identify users information at C300/C320, such
as users port number, ONU number etc.
The OLT can identify tunneled RAs from BRAS by destination address,
FF02::10/128 (All-BBF-Access-Nodes, which is a reserved link-local scoped
multicast address) of the outer packets and the presence of a destination option
131
header with an LIO destination option. OLT removes the tunnel encapsulation and
forward RA to subscriber.
The LIO information added in tunneled ND packets is strictly complied with
TR-156s requirements Access-Node-Identifier Eth
Slot/Port/ONUID/Slot/Port[:VLAN-ID]
8.4
DHCPv6 relay
8.4.1
Introduction
Description
Similar to DHCPv4, support both DHCPv6 L3 relay and LDRA (layer2 relay).
Target
If subscriber gets IPv6 address through DHCPv6, and DHCPv6 servers are on
different network segments route from OLTs uplink, OLT can act as a DHCPv6 L3
relay and forward DHCP clients request to a specific DHCP server.
If OLT as a L2 bridge and has no L3 interfaces, according to the requirements
defined in TR177 N: 1 scenario, OLT can act as a DHCPv6 LDRA and insert
OLT/ONU port location information into DHCPv6 packets to make BRAS aware the
port information for each user.
Compliant to RFC3315
Each layer-3 VLAN interface can be configured with at most four DHCP
servers per group for load balance, and adopts polling modes to implement
mutual backup.
132
Compliant to RFC6221
OLT dont modify the source and destination IP address in DHCPv6 packets;
dont change the multicast packet to unicast packet. All multicast packets
would only be sent to network side.
If multicast DHCPv6 packets sent from BRAS, OLT as DHCP LDRA will only
forward to the specific user side, according to the interface-id in DHCPv6
packets
Glossary
Abbreviations
BRAS broadband remote Access server
DHCP dynamic host configuration protocol
LDRA
PD
8.4.2
133
Host
Host // Gateway
Gateway
Access
Access Node
Node
1. DHCP v6 Solicit
+IA_PD
6. DHCP v6 Advertise
+IA_PD: /56 prefix
7. DHCP v6 Request
+IA_PD: /56 prefix
12 .DHCP v6 Confirm
+IA_PD: /56 prefix
BNG
BNG
DHCPv6
DHCPv6 Server
Server
The DHCPv6 module in C300/C320 works as LDRA between client and server.
C300/C320 sends Relay-Forward message which contains Solicit and Request
information coming from client side to DHCP Server. If DHCPv6 Option18
(Interface-id option) is enabled, the Relay-Forward message will contain Option18
which is the port information in C300/C320. DHCPv6 server replies Relay-reply
messages for answering. While receiving Relay-reply message, C300/C320 will
delete Option18 sector, then reconstruct Advertise and Confirm messages,
and finally send them to client.
134
Figure 8-5
If OLT is a L2 LDRA, OLT will not change source and destination IP of clients
DHCPv6 message, client message will be copied to RELAY_FORWARD
messages Relay Message option (option 9). In content of RELAY_FORWARD
message, copy client IP to Peer Address field, fill unspecified address (: :/128) in
Link Address field
If OLT is a DHCPv6 L3 relay, OLT will change destination IP from multicast all
DHCP relay/server address to a DHCP server/relay unicast address, change
source IP from client IP to OLTs L3 interface IP. Client message will be copied to
RELAY_FORWARD messages Relay Message option (option 9). In
RELAY_FORWARD message content, copy client IP to Peer Address field and
OLTs IP address to Link Address field
The format of Option18 which inserted in DHCPv6 packet is strictly complied with
TR-156s definition (Access-Node-Identifier Eth
Slot/Port/ONUID/Slot/Port[:VLAN-ID])
8.5
8.5.1
Introduction
Description
IPv6 address binding function.
Target
135
Support IPv6 address and/or IPv6 address prefix legitimate binding with VLAN
interface by DHCPv6 snooping, static IP configuration or ND RA snooping.
8.5.2
136
Downstream ND NS filter, thats similar to ARP agent. OLT will change multicast NS
message from a multicast destination MAC to unicast MAC according to DHCP
binding table with Target address in NS message.
8.6
8.6.1
Introduction
Description
To control the ND packet forwarding according to configuration
Target
To decrease the amount of flooding ND packets
137
Abbreviations
MLD: Multicast Listener Discovery
ND: Neighbor Discovery
8.6.2
Table 8-1
ICMPv
6 type
Message
name
Destination IP address
Upstream
Downstream
Destination
Unreachable
Unicast
Forward
Forward
Packet
Big
Unicast
Forward
Forward
Time
Exceeded
Unicast
Forward
Forward
Parameter
Problem
Unicast
Forward
Forward
Too
Forward
Forward
129
Echo Reply
Unicast
Forward
Forward
All-routers multicast
Snoop(for
LIO
insertion)
Discard
Discard
Snoop(for
legitimate
binding)
Neighbor Discovery
138
133
Router
Solicitation
134
Router
Advertisemen
t
ICMPv
6 type
Message
name
Neighbor
Solicitation
135
Destination IP address
Upstream
Downstream
Unicast of target
Forward
Solicited-Node multicast
address corresponding
to the target
Forward(Snoo
p when NS
filter enabled,
like
ARP
agent)
Forward
136
Neighbor
Advertisemen
t
Forward(S
noop when
NA
anti-spoofi
ng
Forward
enabled(lik
e
ARP
anti-spoofi
ng)
137
Redirect
unicast
Discard
Forward
To prevent illegal steaming overflow, the legality of terminals and routers can be
identified by the use of forwarding control and monitoring of ND message which
are described in TR-177.
8.7
8.7.1
Introduction
Target
As under IPv4 environment, ZXA10 C300/C320 provides the common network
management features of IPv6, which implement access and management of an
IPv4/IPv6 dual stack capable network element through multiple protocols.
139
8.7.2
Support telnet6,ftp6
Application Layer
TCP/UDP
IPv4
IPv6
Data Transfer Layer
Physical Layer
For the IPv4&IPv6 dual stack supporting network elements, applications above
TCP/UDP Layer are universal. The Application Layer will determine whether to use IPv4
or IPv6 protocol stack according to the form of network elements IP address, the
features of Application Layer remain.
A large amount of services, which network elements provide, for instance multicast and
IPTV, are able to co-existence with dual stack protocols. Network managements of those
services are also capable of inter-operation, for example, users can gain access and
administrate the services of aIPv6 network under IPv4 environment.
9 QOS
9.1
Introduction
Description
QoS provides various techniques to guarantee service quality for specific user,
specific application.
140
Target
The SLA requirements of the service will be guaranteed through below QOS
elements:
PON DBA
Dropping the packet based on the color of the packet when the network
congestion.
Support H-QOS
Based on 802.1p
Based on GEM-PORT
141
SP
SP+DWRR/WFQ
DWRR/WFQ
Support to classify the traffic based on the key words of L2 to L7 in the packet
and to colorize the traffic according to trTCM (RFC 2698 or RFC 2697),
support over-booking;
9.2
The color is marked at the GPON line card and indicated by the DEI bit. The
rate limitation at the Core-control card will be color aware and the yellow
packets will be first dropped
142
Figure 9-1
Ingress traffic from UNI will be mapped to different T-CONT based on VLAN,
priority and etc
PON DBA will schedule the packets from the T-CONT to the OLT based on the
DBA parameters
The traffic will be mapped to the user Scheduler. The below is the action of the
traffic based on the user QoS profile:
Scheduling
Shaping
Coloring(DEI bit)
143
SP
SP+DWRR
DWRR
The uplink scheduler will drop the packet base on the color (DEI bit) with
WRED algorithm.
The connection between Core-control card and PON card is unblock in the
upstream direction
The connection between Core-control card and Uplink card is unblock in the
upstream direction
Figure 9-2
144
The connection between the uplink card and the Core-control card is
non-block;
The traffic will schedule at the connection between Core-control card and PON
card, the scheduler will drop the packet based on the packet color, yellow
packets will be dropped first;
The multicast traffic can be mapped into SCB queue to be scheduled with the
highest priority
10 Multicast
10.1 Multicast Overview
10.1.1
Introduction
Description
Multicast is a Point to multi-point communication technology. ZXA10 C300/C320
constructs multicast forwarding between the source port and the receiving port by
using IGMP/MLD snooping/proxy between the host and the router.
Target
ZXA10 C300/C320 effectively saves the bandwidth by multi-level replication and
management through the multicast traffic at the OLT /ONU for the business
development such as IPTV, Triple Play etc.
145
10.1.2
Introduction
Description
IGMP snooping is performed on a Layer-2 broadband access equipment to snoop
on the IGMP report/leave messages transmitted from upstream hosts and IGMP
146
10.2.2
IGMP snooping with proxy reporting has extended the following functions:
Last leave: blocks, absorbs and summarizes IGMP leave packets from IGMP
hosts. When the last user leaves the multicast group, summarized IGMP leave
message will be sent to the multicast router.
147
Query suppression: blocks and processes IGMP queries. In this method, the
IGMP specific query message will not transmit to the user side directly.
However the IGMP general query message will send to the user side by OLT.
Introduction
Description
In IGMP proxy mode, ZXA10 C300/C320 transmits query packets to a user and
responds to query packets from upper layer router. In other words, ZXA10
C300/C320 behaves as a proxy located between router and user.
10.3.2
148
Introduction
Description
ZXA10 C300/C320 acts as a multicast router to send the IGMP query message to
host periodically and at the meantime to respond the report message from the host.
Then construct the membership table and establish the multicast stream
forwarding table.
Target
ZXA10 C300/C320 has following functions:
Neither forward report/leave packets of users, nor respond the query packets
of the router.
10.4.2
149
10.5 IGMPv3
10.5.1
Introduction
Description
IGMP is the protocol used by IPv4 systems to report their IP multicast group
memberships to neighboring multicast routers. IGMPv3 is the latest version of
IGMP, adds support for source-filtering to implement SSM. The network
operators can exert the advantages of IGMPv3 to fulfill need of multiple content
providers for IPTV service.
10.5.2
Abbreviations
ASM:
Any-Source Multicast
SSM:
Specific-Source Multicast
150
Mode is include
Mode is exclude
10.6 MVLAN
10.6.1
Introduction
Description
MVLAN is a special VLAN to separate the multicast data from the unicast data.
Target
In practice, MVLAN is generally applied to distinguish and isolate different
multicast services from the different operators.
151
Each MVLAN support IGMP snooping, IGMP proxy mode and IGMP router
mode.
10.6.2
Source port: The port is connected to the multicast traffic source port. The
upstream report/leave packets can only be transmitted to the source port.
Receiving port: the port is connected to the multicast user. Each multicast
address of the MVLAN stands for a multicast group. The multicast group
members can join in and leave the group at anytime.
The general multicast users can join multicast group with any sources. ZXA10
C300/C320 supports multicast access control. It separates invalid multicast
service and valid source addresses by specific configuration.
Introduction
152
Description
Target
The channel management allows the users to watch the channels which have
been purchased, to preview or deny access of some channels which have not
been purchased. It will record the user action log and generate the CDR report to
the server for billing.
10.7.2
Preview: Users can view a portion of a program for a short period for several
times.
Deny: Users are not allowed to view any content of the program.
According to the configuration and status of the channel/user, it will record the user
action log and generate the CDR report to the server for billing.
153
Introduction
Description
Service package is a bound of several channels. It specifies the authority of the
channel in the package as Purchase or Preview. It is also a technique to control
the programs of the user demand.
Target
The service package has all the functions of the channel management but it is
more flexible to manage comparing the channel management.
10.8.2
154
Introduction
Description
According to ITU-T G.984.4 standard, several multicast MEs are defined to support
ONU dominated multicast, including multicast operations profile, multicast
subscriber configuration and multicast subscriber monitoring.
Target
ZXA10 C300/C320 implements the ONU dominated multicast based on the local
multicast privilege table.
10.9.2
Introduction
Description
Multicast Listener Discovery (MLD) is a subprotocol of Internet Control Message
Protocol version 6 (ICMPv6). MLD establishes and maintains the multicast group
membership between a user host and its directly neighboring multicast router. MLD
can be regarded as the Internet Group Management Protocol (IGMP) in IPv6, as
MLD and IPv6 IGMP have similar implementation.
155
MLD has two versions: MLDv1 and MLDv2. MLDv2 is fully compatible with MLDv1
and covers all basic concepts of MLDv1.
MLDv1 is derived from IGMPv2 and directly supports any-source multicast (ASM)
but requires source-specific multicast (SSM) mapping for supporting SSM.
MLDv2 is a translation of IGMPv3 for IPv6 semantics and directly supports ASM
and SSM.
Target
By using IPv6 multicast technologies, the network device can manage, control, and
forward IPv6 multicast services and in this way meets carriers' requirements for
provisioning IPv6 multicast services.
10.10.2
The binary 11111111 at the start of the address identifies the address as being a
multicast address.
156
The flgs is a set of 4 flags|0|R|P|T|. The high-order flag is reserved, and must be
initialized to 0.
T = 0 indicates a permanently-assigned ("well-known") multicast address, assigned by
the Internet Assigned Numbers Authority (IANA).
T = 1 indicates a non-permanently-assigned ("transient" or "dynamically" assigned)
multicast address.
The P flag's definition and usage can be found in [RFC3306].
The R flag's definition and usage can be found in [RFC3956].The scop is a 4-bit multicast
scope value used to limit the scope of the multicast group. The values are as follows:
0
reserved
Interface-Local scope
Link-Local scope
reserved
Admin-Local scope
Site-Local scope
(unassigned)
(unassigned)
Organization-Local scope
(unassigned)
A (unassigned)
B (unassigned)
C (unassigned)
D (unassigned)
157
E Global scope
F
reserved
RFC2464 defines a set of rules for mapping IPv6 multicast addresses to MAC addresses.
An IPv6 address is mapped to the MAC address 3333.XXXX.XXXX, with the 32 -bit
XXXX.XXXX copied from the least significant 32 bits of the IPv6 address
The MLDv2 protocol, when compared to MLDv1, adds support for "source filtering", i.e.,
the ability for a node to report interest in listening to packets *only* from specific source
addresses, as required to support Source-Specific Multicast [RFC3569], or from *all but*
specific source addresses, sent to a particular multicast address.MLDv2 is designed to
be interoperable with MLDv1.
Introduction
Description
MLD Snooping is an IPv6 multicast constrain mechanism that runs on Layer 2
devices to manage a control IPv6 multicast groups. By analyzing received MLD
messages, a Layer 2 device running MLD Snooping establishes mappings
between ports and multicast MAC addresses and forwards IPv6 multicast data
based on these mappings.
158
10.11.2
Introduction
Description
In MLD Proxy Mode, C300/C320 send query periodically to hosts instead of a
router, and response to the query from router for hosts.
159
Within the same multicast group, relay only the first Report message and last
Leave message.
C300/C320 sends periodically general-query message to all receiving ports.
In a non Fast-Leave occasion, it sends specific-query message to appointed ports.
10.12.2
Introduction
Description
C300/C320 send MLD Query message to the hosts instead of router, none of MLD
message interchange take place in between C300/C320 and uplink equipments.
Target
MLD Router mode is normally used in the occasion, in which multicast program
stream is directly forwarding to OLT, to reduce channel zapping time.
Features& Specifications
Not forwarding Report/Done message from the host, not responding query
from router.
160
10.13.2
1.1.1
Introduction
Description
ZXA10 C300/C320 STP supports three modes including: SSTP, RSTP and MSTP.
SSTP complies with IEEE802.1d standard. The bridge running SSTP module can
work with the bridges running RSTP module and MSTP module.
RSTP provides faster spanning tree convergence than STP after a topology
change. The configured redundant switch transits rapidly from 'Discard' to
'Forward' in the point-to-point connection.
MSTP extends the concepts of instances and VLAN mapping. Both SSTP and
RSTP can be considered the MSTP special cases. That means there's only the
instance of 0. MSTP also provides rapid aggregation of VLANs and load balancing.
In the modes of SSTP and RSTP, there is no VLAN. Each port has only one status:
The port has a consistent status while forwarding in different VLANs. In MSTP
mode, there are several spanning-tree instances: The port has different status
while transmitting in different VLANs. Inside the MST region, there are several
independent subtree instances to implement load balance.
161
Target
STP adopts certain algorithms to block some redundant paths and prevent
messages from proliferating and infinite recycling in the ring network.
IEEE802.1d
IEEE802.1w
IEEE802.1s
Glossary
BPDU: The BPDU is used for communication between bridges. STP BPDU is a
Layer-2 packet with the destination MAC of the STP multicast address
01-80-C2-00-00-00. All the bridges that support STP can receive and process the
received BPDU packets. The packets have all the information for Spanning Tree
computation.
Root Bridge: A root bridge is selected according to the smallest bridge ID which is
combined with bridge priority and MAC address.
Root Port: The root port is the BPDU port that receives information. Namely, the
root port is the least-cost path from the bridge to the root.
Designated Port: The designated bridge is the one with the least-cost path from the
network segment to the root.
MSTP Regions: All MST switches must be configured with the same MST
information. A group of switches within the same MST configurations make up
MST region. MST configuration, including region name, revision number and MST
VLAN-to-instance mapping, determines the switch location.
1.1.2
162
Avoid the loops in the topology network by setting the redundant switch port to
be Discard.
STP defines the concept of root bridge, root port, designated port, route cost etc. It
aims to get rid of the redundant loops by constructing a natural tree to implement
the link backup and find the best route. Spanning tree algorithm is applied to
construct the tree, as shown in Figure 11-1.
Figure 11-1
STP
Defects:
When the topology changes, the new configuration information is spread to the
whole network with a certain delay, known as forward delay with the default
time of 15 seconds. Before all the bridges receive the information of changes,
if the port in forwarding status in the old topology does not take action to
suspend forwarding in the new topology, there is possibly a temporary loop. In
order to solve the problem of temporary loop, the spanning tree adopts a policy
of timer. That's to add an interim status between the blocked status and
forwarding status to the port to learn the MAC address only but not to forward.
The time for the two switchovers is the same as the forward delay. Thus, the
temporary loop can be effectively avoided when the topology changes. But the
seemingly good solution cost at least double forward delay for the
convergence.
RSTP has made the improvement on the following 3 important points on the
basis of STP, which accelerate the convergence rate (The fastest is within 1
second).
163
First: RSTP sets an alternate port and a backup port for rapid switchover for
the root port and the specified port. When the root port/specified port is invalid,
the alternate port/backup port enters the forwarding status without delay. As
shown in Figure 35, all the bridges run RSTP and SW1 is the root bridge.
Suppose the SW2 Port 1 is the root port, then Port 2 can distinguish the
topology to be the alternate port of the root port and enters the blocked status.
When the links on Port 1 are invalid, Port 2 can immediately enter the
forwarding status without waiting for two times of forward delay.
Figure 11-2
RSTP
Second: On the point to point link which only connects two exchanging ports, the
specified port can enter the forwarding status without delay only after shaking
hands once with the downstream bridge. If the port is on a shared link which
connects over 3 bridges, the downstream bridge does not respond to the shaking
hands request from the specified port upstream. It can just wait for double forward
delay to enter the forwarding status.
Third: It defines the port directly connected to the terminal to be an edge port, not
the port connected to other bridges. The edge port can directly enter the
forwarding status without any delay. As the bridge can not know whether the port is
directly connected to the terminal, it needs to be configured manually.
Defects:
Both RSTP and STP belong to SST, which has its own defects as follows:
First, as there's only one spanning tree in the whole switching network, it takes
long time to converge in a larger network and the influence of the topology
changes is also great.
164
Suppose SW1 is the root bridge, solid line link is VLAN 10, dotted line link is
802.1Q trunk link connecting VLAN 10 and VLAN 20, as shown in Figure 11-3.
When SW2 is blocked, the VLAN 20 channel between SW1 and SW2 is broken.
Figure 11-3
Asymmetric Network
Third, the link does not bear any traffic when it is blocked. Therefore, it causes
the waste of the bandwidth, which is quite obvious in ring MAN.
As these defects can not be overcome by the SST, the MSTP which support VLAN
appears.
MSTP defines the concept of instance. To be simple, the STP/RSTP base on ports,
the PVST/PVST+ on VLANs and the MISTP on instances. The so called instance
is a collection of multiple VLANs. Binding multiple VLANs to an instance can save
the communication overhead the resource occupancy.
Map several VLANs with the same topology structure to an instance in application.
The forwarding statuses of these VLANs are up to the status of the corresponding
165
instances in MSTP. The VLANs of all the switched in the network must be
consistent with the instances mapped, otherwise the network connectivity is
influenced. In order to detect the mistakes, the MSTP BPDU brings the instance
numbers together with the information of the corresponding VLANs. MSTP does
not process STP/RSTP/PVST BPDU, therefore it is not compatible with
STP/RSTP.
MSTP assigns the switches supporting MSTP and not supporting MSTP in
different regions, which are MST domain and SST domain respectively. Run the
spanning tree with multiple instances inside the MST domain and IST compatible
with RSTP at the edge of the MST domain.
As shown in Figure 11-5, the switches inside the MST domain applies MSTP
BPDU to exchange topology information and the switches in the SST domain
applies STP/RSTP/PVST BPDU to exchange the topology information. At the
edge between the MST domain and the SST domain, SST equipment considers
the equipment interconnected is a RSTP equipment. While the MST equipment
status on the edge port is up to the IST status. That means that the spanning tree
status of all the VLANs on the port will be consistent.
Figure 11-5
MSTP has more obvious advantages compared to the former spanning tree
protocols. MSTP has VLAN understanding ability to share the load and to
implement quick switchover of the port status similar to the RSTP. Binding multiple
VLANs to an instance can decrease the resource occupancy. The MSTP is
downward compatible with STP/RSTP.
MSTP sets up and maintains the following two spanning trees:
In MST region, the MSTP maintains multiple spanning tree instances. Instance 0 is
a special instance, known as IST. Other MST instances are instance 1 to instance
15. The IST is the only spanning tree to receive and transmit BPDU packets. The
166
Spanning tree in the MST region is the CST sub-tree. CIST is the result of
spanning tree algorithm run by the switch, which supports 802.1D, 802.1W
and 802.1s protocols. The CIST inside the MST region and the CST outside
the region are the same.
11.2 LACP
1.1.3
Introduction
Description
Link Aggregation is also known as trunking. It combines several physical Ethernet
ports into one logical channel to get required bandwidth.
ZXA10 C300/C320 supports the following two link aggregation modes:
Static trunk: It directly adds several ports in a trunk group to form a logical
channel.
Target
The link aggregation has the following functions:
167
Nine trunk groups at most, each of which has 8 member ports at most.
1.1.4
The LACP long timeout is 30 seconds while the short timeout is 1 second.
trunk group
according to the port status. The opposite equipment of the ZXA10 C300/C320 to
168
the dynamic trunk must run LACP. They exchange LACPDU with each other to
inform the opposite of their system priority, system MAC, port priority, port number
and operation key. On receiving that information, the opposite chooses the port to
aggregate through comparing the information with the other information saved by
other ports. Thus, the two parties can be consistent in port-joining or exiting a
certain dynamic trunk group.
11.3 G.8032
1.1.5
Introduction
Description
The network is required to be highly reliable and stable in the scenarios such as mobile
backhaul, Digital Subscriber Line Access Multiplexer (DSLAM) convergence and
important enterprise/business application. The G.8032 protocol is the Ethernet Ring
Protection Switching (ERPS) protocol defined by the ITU-T. It provides high efficiency
and switching performance, and has been applied in the access network
Target
ERPS ensures the loop is recovered after multiple nodes or a single node is
recovered (from a fault).
ERPS supports multiple domains and multiple rings. For the C320 device, it
supports two physical rings and four logical rings. For the C300/C320 device, it
supports four physical rings and eight logical rings (low priority). For the
C300/C320 V2.0.0, crossover rings are not supported.
169
ERPS only supports physical ports forming a loop and does not support LAG
forming a loop. (The hardware does not support the function, but the standard
does not clarify it.)
ERPS detects links by using CCM packets defined in the ITU-T Y.1731, with a
frequency of 3.3 ms.
ERPS supports 16255 nodes. For the C300/C320 V2.0.0, only 16 nodes are
supported.
Manual switching and protection switching upon link failure can be finished
within 50 ms. (For the C320 device, the function may not be fulfilled due to
hardware limit.)
ERPS supports the Guard time/WTR timer, but not the Holdoff timer (010 s,
default: 0) or WTB timer (5 s). For the WTR timer, the time is 112 min, and
the default is 5 min. For the Guard timer, the time is 102000 ms, and the
default is 500 ms.
1.1.6
The C320 device can serve as an ordinary node or RPL Owner node.
170
Figure 11-6
Under normal conditions, a main control node (RPL Owner) is configured in each
Ethernet Ring in accordance with ERPS (G.8032), and the main control node blocks a
port in the ring, for example, a port of the Node D in Figure 5-2 is blocked. Therefore, the
Ethernet Ring is broken logically, and broadcast storms are avoided. The link connected
to the blocked port of Node D is called the Ring Protection Link (RPL), that is, the
standby link. The node responsible for blocking the link is called RPL Owner Node. The
node at the other end of the RPL is known as RPL Neighbor Node Other nodes in the
Ethernet Ring are transmitting nodes and the ports on these nodes are set to be in
forwarding status. Each node in the Ethernet Ring is capable of forwarding services and
APS switching control messages through a bridge between two ring ports or between the
local port and ring port.
When a link fails in the ring, the transmitting nodes adjacent to the failed link will detect
the link failure and send an SF message every 5 s through two ports in two reverse
directions. On obtaining this message, the RPL Owner unblocks the blocked port to
resume data forwarding. Other nodes in the ring flush and re -create the forwarding
address table (FDB) after receiving the SF message. The node with the blocked port will
set the blocked port to forwarding status.
171
After the failed link is restored, the nodes that detect the restored link send recovery
messages in two directions and keep blocking the ports adjacent to the restored link.
After receiving the recovery message, the RPL Owner waits for the WTR timer to expire
in order to ensure stable switching, and sends the message that the RPL port is
re-blocked to the nodes adjacent to the restored link. Obtaining the re -blocking message,
the nodes adjacent to the restored link unblock the ports that are blocked due to link
failure to recover the traffic
Introduction
Description
ZXA10 C300 TDM Service supports 1+1 automatic protection between STM-1 or
STM-4 uplink interfaces.
Target
When one of the following alarm is detected by the equipment, the automatic
protection switch is launched:
LOS alarm
LOF alarm
MS-AIS alarm
During
the
active/standby
switchover,
ZXA10
C300
supports
data
172
Glossary
E1: European 2.048 Mbps digital carrier
T1: signal transmitted in the DS-1 format at the rate of 1.544Mbps
Abbreviations
TDMTime Division Multiplexing
ONT Optical Line Terminal
ONUOptical Network Terminal
CESCircuit Emulation Service
IWFInterworking Function
11.4.2
Uplink 1
TDM traffic
to/from
ONU
OLT
Uplink 2
The TDM service protection is 1+1 mode protection, that is the TDM traffic was
transmitted in both two uplink ports in upstream direction and only one uplink port
is allowed to receive downstream traffic. When alarm occurred, the protection
takes into action by switching downstream traffic from one uplink port to the other
one so as to ensure the service is not interrupted in the receiving direction. Note
that this kind of switchover should be taken at either the ends of the TDM service
provider despite whatever network set between.
Solution
173
Under normal condition, the TDM service traffic is copied into two uplink port in
upstream direction and only receives one traffic in the downstream direction. When
uplink ports detect LOS or some of the other alarms, then transfer the port
information to the main control board, the main control board receive the
information, analyze it which protection group it belongs to, and write the slot and
port information down, and transfer the information to switch module, the switch
module configure the hardware and make the receiving traffic allowed in the other
port, forbidding the old one, then inform software for later proposal.
Introduction
Description
Setup backup GPON system and active/standby equipment simultaneously. When
the active equipment is faulty, switch the services over to the standby equipment.
Target
It is to improve the system liability.
1.1.8
The OLT only duplex system at the OLT side is shown in Figure 11-7. It backs up
the OLT and the optical fiber between the OLT and the optical splitter which has
174
two input/output ports. This configuration mode can only recover the redundancy at
the OLT side.
Figure 11-8 Type B: OLT-only Duplex System
The full duplex system is shown in Figure 13. It backs up OLT, ONU, optical splitter
and all optical fibers. This configuration mode has high reliability and recovers the
faults at any point by switching the over to the backup equipment.
Figure 11-9 Type C: Full Duplex System
Figure 14 shows the duplex system model for the dual parented access network.
The relevant part of the protection in the GPON system should be a part of the
protection between the ODN interface in the ONU and each ODN interface in the
two OLTs via the ODN, plus the signalling required to implement protection
functions upstream from the SNI.
175
R/S
OLT
ONU
UNI
LT
M
U
X
PON LT(1)
Switch
SNI LT(1)
ODN(1)
PON LT(1)
PON LT(0)
Network
OLT
ODN(0)
PON LT(0)
Switch
SNI LT(0)
11.6 UAPS
1.1.9
Introduction
Target
ZXA10 C300/C320 supports dual Ethernet interfaces or multiple Ethernet interface
uplinks to avoid the service interruption caused by single link fault. It improves the
reliability of the system and ensures the continuity of the services.
1.1.10
UAPS works in dual uplink scenario: Normally one link works at active mode
while another link works at backup state; when main link breaks down, backup
176
link will be switched on automatically, and active link can be switched back
after it is resumed.
Link state can be inspected by physical layer information or link layer (802.3AD,
BFD) information.
ZXA10 C300/C320 also supports switching UAPS links manually for the
12 Access Security
ZXA10 C300/C320 provides the following two sets of access security solutions:
177
Introduction
Description
Services for different users will not be interacted each other by using user isolation.
Target
Two targets need to be met: one is to protect the security of user s data and make
sure it will not be sniffered illegally; another one is to control users access so as to
ensure users access security is not attacked by other malicious users.
Service flow isolation in same port for different users by VLAN in layer 2
12.1.2
Solution
Implementation of isolation for different users (ONUs):
Just as shown in Figure 47, ONU1 and ONU2 can visit each other freely as
they are configured into the same interoperative group while ONU3 is
178
Figure 12-1
OLT Interface
Onu1
Onu2
Onu3
OLT Interface
Onu1
Onu2
Onu3
179
Introduction
Target
User identification and authentication technologies, such as PPPoE and DHCP,
have been matured and used widely. The main concern in telecommunication
industry is user port identification, also known as user line identification. If the user
can only be identified by user name in authentication server, that user can share its
user name and password so other users can access the network by the same,
which is not what the carriers expected and will suffer huge losses.
The user identification technology is the perfect choice for blocking the illegal
access.
Glossary
PPPoE: PPPoE Intermediate agent
DHCP Option82: A specific application of DHCP agent, which is defined in RFC
3046.
12.2.2
180
Figure 12-3
The field N indicates the length of the relay agent fields. The relay agent field
consists of sub-option, length, sub-option value and is encoded in a certain format,
as shown in Figure 12-5
181
Figure 12-5
182
Figure 12-7
Introduction
Target
MAC security is used for user security.
12.3.2
MAC Anti-flooding
183
Malicious users attack the access equipment by constructing packets with dynamic
source MAC addresses to exhaust the MAC addresses. Legitimate services will be
affected because MAC address forwarding table in the access equipment is full
and new MAC address can not be learned, so legitimate users packets will be
discarded or flooded.
The MAC anti-flooding function in ZXA10 C300/C320 will effectively resist the
malicious users DoS attacks by preventing the MAC addresses numbers to be
automatically learned on each port.
If the MAC addresses learned by port which are less than configured, new users
MAC addresses will be automatically learned and users packets will be forwarded
by ZXA10 C300/C320 forwarding module. On the contrary, if the MAC addresses
learned by port which are more than configured, new MAC addresses will be
ignored until the old MAC addresses are aged out and the packets will be
discarded.
Static MAC addresses and dynamic MAC addresses will be counted together when
MAC anti-flooding function is enabled in ZXA10 C300/C320.
MAC Anti-spoofing
The following two serious security problems need to be solved in broadband
services:
Physical loops may be formed either at the user side equipment or at the
network side switch, which caused large abnormal traffics in OLT equipment.
OLT will fail to learn the MAaddresses functionally so no user will be able to
access the network.
which has two types as below:
The mean reason of these problems is the repeated MAC addresses which cause
the migration of the switching chip MAC address learning and some users will fail
to access the network.
184
In order to prevent from MAC address spoofing and physical loops, MAC
anti-spoofing/anti-migration and protection function at the network side are
enabled in ZXA10 C300/C320 automatically.
Suppose the MAC address, which is initially learned on Port A, appears on Port B,
following procedures will be implemented in ZXA10 C300/C320 as below:
If both Port A and Port B are UNIs, the MAC address wont be migrated.
If Port A is a NNI and Port B is a UNI, the MAC address wont be migrated.
If Port A is a UNI and Port B is a NNI, the MAC address will be migrated to Port
B.
12.4 vMAC
12.4.1
Introduction
Target
Each MAC address on a Layer 2 network must be unique. The MAC address
allocation mechanism ensures global uniqueness of each address. However,
hackers use scanning tools to obtain existing MAC addresses, which allow hackers
to impersonate genuine users. The impersonation of a MAC address is known as
MAC spoofing. Duplicate MAC addresses exist in MAC spoofing; the same MAC
address appears on different ports of a switch, causing a MAC address transfer on
the switch. As a result, data is sent to the hacker's device instead of to the genuine
user.
185
The C300/C320 device supports source MAC address conversion. In the upstream
direction, the device uses the converted source MAC address to communicate with
the BNG server, and in the downstream direction, the device converts the source
MAC address reversely and sends data from the server to the user. The
C300/C320 device generates and coverts MAC addresses, ensuring the converted
MAC addresses are secure and unique. Users and servers are not perceptible to
the conversion operation. This technology is called virtual MAC.
The C300/C320 device supports the following two vMAC conversion modes:
1:1 vMAC: The C300/C320 device converts source MAC addresses on the user
side to new vMAC addresses, each of which is unique, in the ratio of one to one.
N:1 vMAC: The C300/C320 device converts a set of source MAC addresses on the
user side with the same features to a new vMAC address that is unique.
12.4.2
186
source
MAC table =Y
OLT
MAC table =A
BNG device,
MAC=Y
MAC table =B
OLT
source
MAC table =Y
Introduction
Target
IP spoofing exists in various IPoE access scenarios, including fabricating others IP
addresses, spoofing of services, or breakthrough the network without obtaining the
configuration information through DHCP, which hinder carriers management and
influence legitimate subscribers services, and threaten the security of subscribers
and the system.
ZXA10 C300/C320 provides IP security technology, which can effectively prevent
illegal users from IP spoofing.
187
12.5.2
DHCP snooping binding table inspects the messages from the unreliable area,
such as the user MAC addresses, IP address, leased time, VLAN-ID interface
and so on. Items in DHCP snooping binding table will be aged according to the
leased time.
DHCP snooping binding table in ZXA10 C300/C320 can be saved in the flash.
System will read the backup message from the flash after it is rebooted to
avoid abnormal services when the user's IP address is not released.
Table 12-1
188
Fields
Description
PORT
PVC
PVCID
Fields
Description
MAC
IP
User IP Address
Leadse-time
IP Address Lease-time
XID
Transaction ID
TimeStamp
Time Stamp
Vid
VLAN-ID
Gard
Binding IP Identifier
AgeTime
Aging Time
IP Source Guard
The IP source guard technology relies on the DHCP Snooping binding table
established and maintained by the DHCP snooping. The non-DHCP IP
packets on this port are filtered with its source IP addresses in this method.
ZXA10 C300/C320 listens to the protocol packets from and to the users and
the DHCP Server/Relay. Before the user gets the configuration information,
the upstream packets are to be discarded but it will keep the DHCP protocol
packets. Once ZXA10 C300/C320 detects DHCP ACK packets, it binds the
distributed IP, user's MAC address to the user port and enables to transmit the
upstream data packets. Meanwhile, it guarantees the consistency between the
upstream data packets and the bound IP, user MAC, otherwise it discards the
packets. When the DHCP leased time is expired, the bound are to be
cancelled, and the transmission of the upstream non-DHCP packets are to be
suspended.
189
Introduction
Target
As there is no restriction to the users, some users transmit the illegal protocol
packets upwards, which deteriorate the network equipment processing
performance. Sometimes, it will cause the system disordered, even the system
shutdown. If the malicious users excessively transmit protocol packets,
broadcasting packets upwards, no matter legal or illegal ones, the system
performance will still be deteriorated. The processing of the protocol and
broadcasting packets consume a great deal of equipment resources. ZXA10
C300/C320 supports suppression of excess packets and illegal packets to
strengthen the protection on the security of the system and the users.
12.6.2
190
Processing the top three types of methods consume a great deal of equipment
resources while the fouth method consumes the limited resources of the MAC
address table, therefore all four excessive packets need to be controlled. .
The process of the top three excessive packets supression as follows:
Match the specific packets features: specific protocol packets, broadcast ing
packets (or some with more specific features), multicasting packets (or some
with more specific features).
It the transmission rate exceeds the predefined rate, discard the packets.
191
ZXA10
C300/C320
equipment
processing
performance.
Sometimes, it will cause the system disordered, even shut the system down.
ZXA10 C300/C320 supports the illegal packets filtering as follows:
The upstream IGMP shouldn't have Query packets, and the downstream
shouldn't have the Report/Leave/Join packets.
The upstream DHCP shouldn't have Offer/ACK packets, and the downstream
shouldn't have the Discover/Request packets.
The upstream PPPoE shouldn't have PADO and PADS packets, while the
downstream shouldn't have PADI and PADR packets.
Generally, packet length less than 65 bytes are mini packets; those more than
1518 bytes are jumbo packets. In some specific situation, the length of the
jumbo frame can be as long as 9K bytes.
192
Introduction
Target
To avoid maliscious user attacking the equipments, ZXA10 C300/C320 provides a
powerful security protection mechanism in various aspects to effectively guarantee
users security and strengthen the stability of system operation.
Anti-DoS attack on the management channel: Count on the basis of the user
source MAC, the user packets are not allowed to be sent to the management
channel if the source MAC exceeds a certain threshold.
SSH
12.7.2
and then to decide the policy to process the data packets (to accept or to
discard). Thereby, it effectively restricts the network access of external
equipment to ZXA10 C300/C320 equipment.
193
ACL on the management channel is a special accessing policy for the network
management channel. The ZXA10 C300/C320 configures an IP address white
list. Only the hosts with the IP addresses on the white list can manage ZXA10
C300/C320. The management requested from other hosts is to be refused.
In-band configuration supports the rate limit on all packets and the other nine
packet types, such as ARP, BPDU, CFM, DHCP, ICMP, IGMP, PPPoE, SNMP,
VBAS etc. The out-of-band configuration supports the rate limitation on all
packets and packets types of ARP and ICMP.
SSH
SSH is used to provide secure remote login and network services on unsecure
network. The transmitted data can be encrypted through SSH, which
effectively prevents from middleman attacks, DNS spoofing and IP spoofing.
The application of SSH accelerates transmission speed as the transmitted
data are compressed.
Figure 12-9 shows ZXA10 C300/C320 SSH module position in the system.
194
Figure 12-9
SFTP
After enabling the anti-DoS function, the system dynamically counts the
packets transmitted to the management channel. It defines the users who
transmit excessive packets as MAC blacklist users and adds them to the
blacklist, sends trap alarms to them and discards their packets. If the packets
transmitted are less than 3 times of the normal packets value, check if the user
is on the blacklist. If the user is not the blacklist, the packets are transmitted to
the upper layer normally, otherwise the packets are discarded. The lower -layer
forwarding platform forwards the user packets normally.
The system periodically checks the statistics value and the blacklist. If the
user's MAC address ages out, remove the users from the blacklist. If the
statistics value is less than or equal to the normal value, the users will also be
cancelled from the blacklist. And their packets will be transmitted to the
management channel regularly.
In the common user mode, users can only view the configuration but cannot
modify any configuration. In the privilege user mode, users can view and
modify the configuration.
ZXA10 C300/C320 can create several common user accounts. The user can
login the system through the authenticated username and password. The
195
ZXA10
C300/C320
supports
local
and
remote
management
user
Introduction
Target
In N:1 VLAN forwarding mode, the user can communicate with each other on
layer-2, especially using ARP broadcasting packets.
MAC-Forced Forwarding (MACFF) is used to control unwanted broadcasting traffic
and host-to-host communication in N:1 VLAN domain. By replying the user ARP
request of the other host with the gateway MAC address, the OLT can direct
network traffic from hosts located on the same subnet but at different locations to
an upstream gateway device at layer-3 based on the IP header of the host packet.
This provides security at layer-2 as no traffic is able to pass directly between the
hosts.
196
12.8.2
Basic Theory
In traditional Ethernet network topology, VLAN is used on switch to separate the
hosts on layer-2 and enable the communication between layer-3 hosts. However,
when the number of hosts increases, the number of VLANs used also increases.
Also, it is required to assign different IP segments to each VLAN for Layer 3
communication, so the IPaddress distribution efficiency decreases.
To increase the efficiency, MACFF provides the solution to realize layer-2 and
layer-3 communication between the hosts within a broadcast domain.
MACFF captures ARP request message from Host, through ARP proxy and the
ARP response message is sent back with gateway MAC address. Using this, all
streams (with a subnet) are routed through gateway, so that the gateway can
supervise the stream. As a result, a more secured network is ensured.
As shown in Figure 12-10, Switch A and Switch B are Ethernet Access Nodes
(EAN) and a connection between the hosts (Switch A and Switch B) and Switch C
is setup. If the user configures the MACFF feature on EAN, it ensures that all the
streams from host (Switch A and Switch B) are transferred to the gateway through
Switch C and the layer-3 communication and layer-3 separation is also ensured.
Figure 12-10
For Host A, the MAC address of Host B is same as the gateway address, which
ensures that Host A and Host B are in the same segment, having the same VLAN.
The communication between them passes through the gateway, while they are
separated on layer-2 level.
The current MACFF has two modes:
197
Introduction
Description
DHCP snooping is applied to ensure security. DHCP snooping listens to the DHCP
exchange procedure of a specific ONT in a VLAN specified by ZXA10 C300/C320
and records the user IP/MAC relation of the ONT.
DAI is Dynamic ARP Inspection. If manipulated ARP requests or ARP responses
are received, whose IP-MAC assignment does not match an entry in the DHCP
Snooping Table, they must be rejected.
Target
The DHCP snooping has the following functions:
Administrator can view the user DHCP exchange relation through the DHCP
snooping function to locate the protocol problems of the user DHCP access
and finally exclude the fault.
The DHCP snooping can generate dynamic user IP/MAC database. Combine
it with the DAI function exchanged on the layer-3 to implement user IP
anti-spoofing function.
198
It has a database recording the binding relation between ONT and user
IP/MAC.
It can be configured by adding binding of users MAC, IP, ONT Id and VLAN.
Application Scenarios
On the layer-2 networking condition, DHCP snooping is implemented with a
specified VLAN to record the IP/MAC binding relation of the user.
On the layer-3 networking condition, ARP learning of the layer-3 interface VLAN is
disabled at the user side and the DHCP of the VLAN is enabled at the user side.
The user IP/MAC information learnt is set to the ARP table of the layer-3 interface
VLAN. DAI function is enabled to control user ARP.
Thus, it prevents the route forwarding of the user with an illegal IP address and the
illegal user with legitimate user IP address (but with different MAC) to implement
the anti-spoofing function of the IP address.
12.9.2
Basic Theory
On the layer-3 networking condition, ZXA10 C300/C320 enables DHCP snooping
on the VLAN10, as shown in Figure 12-11. Only after the user is assigned with
addresses the user IP/MAC information can be recorded. When detecting the user
is offline, ZXA10 C300/C320 deletes the user IP/MAC information.
199
Figure 12-11
DHCP Principle-1
Introduction
Target
The rogue ONU detection is a feature for detecting and isolating ONUs that send
optical signals in timeslots other than specified. .
GPON uses time division multiplexing (TDM) mechanism in the upstream direction.
Each ONU sends data upstream to the OLT at its own timeslot allocated by the
OLT. If an ONU sends optical signals at other ONUs' timeslots, the optical signals
of the ONU conflicts with those sent by other ONUs. As a result, the ommunication
of between the OLT and another ONU or all the ONUs is affected. Such an ONU
that sends optical signals upstream not at its allocated timeslot is called a rogue
ONU.
There are many types of rogue ONUs. Based on the time of optical signal
transmission, rogue ONUs can be classified into:
200
The OLT isolates the rogue ONU to ensure the normal services of other ONUs
.The OLT reports information about the faulty ONU to the NMS for the
operation, administration and maintenance (OAM) personnel to rectify the fault
in time.
12.10.2
201
the ONU is a rogue ONU, it will not send the Disable_Serial_Number (0x00) message to
the ONU, so the ONU will remain in O7 status and the power is off. Normal ONUs will be
restored to O2 status after receiving the Disable_Serial_Number (0xFF and 0x00)
message and then activated normally. Under special conditions, the OLT sends the
Disable_Serial_Number (0xFF and 0x00) message, but an ONU turns off the power
before receiving the Disable_Serial_Number (0x00) message. Therefore, the ONU will
remain in O7 status. After locating the rogue ONU and turning off the optical transmitter
power, the OLT should be able to turn on the optical transmitter power of the ONU and
make it go back to O2 status (the ONU is then activated, and the OLT can receive the
Serial_ Number_ONU message from the ONU).
In the detection of rogue ONUs, the OLT can record that the Disable_Serial_Number
message is sent to which ONUs that are connected to a PON interface. After completing
the detection, in accordance with the record, the OLT periodically sends the Disable
Serial Number (0x00) message to the ONUs, which receive the Disable_Serial_Number
(0xFF and 0x00) message but are not activated normally (the OLT does not receive the
Serial_Number_ONU message from the ONUs), to turn on their optical transmitter power
supplies. The period (Timer1) is the same for all possible ONUs, and the time is
configurable. The default is 30 s. When the OLT detects the Serial_Number_ONU
message from an ONU, it stops sending the Disable Serial Number message to the
ONU.
13
ACL
13.1 Introduction
Description
ACL is to classify and filter the packets accessed to the equipment according to the
predefined matching rules.
202
Target
ACL classification of data packets can be the reference to the subsequent QoS
process and is the prerequisite for the system to provide efficient and differentiated
services.
Table 13-1
4 Types of ACLs
Types
Range
Characteristics
Standard ACL
1 99
Extended ACL
100 199
Link ACL
200 299
ID,
Ethernet
protocol type
Hybrid ACL
300 700
Matching
rule:
free
combination of the 80
bytes in front of the
layer-2 data frame
Each ACL can define 128 rules and each type of ACL in system has maximum of
3500 rules.
Each port supports one ACL.
Glossary
Rule: To distinguish and identify the keywords of the data packets.
ACL: A sequential list of a series of rules and each rule decides an action to be
triggered once that rule is matched in ACL.
203
Match the data steam with rules in ACL in sequence. If the data steam
matches with a certain rule, related actions will be triggered and other rules will
not need to be matched. If the related action is to forward it, the subsequent
QoS processing is to be implemented.
204
Retagging priority: Tag the packet matched with the rules with priorities of TOS,
DSCP, CoS.
Retagging VLAN: Modify the VLAN ID of the packet matched with the rules.
Statistics: Count the data stream of the packet matched with the rules.
Limiting the rate: To limit the traffic rate of data stream matching with rules. Single
rate three color algorithms and the double rates three color algorithm will be used
in rate limitation.
Mirroring: Copy a packet matched with the rules to a specified port.
Redirection: Forward the packets matched with the rules to the specified ports.
Data stream is to be discarded if rules are not matched or the specified action
related to match rule is discarding.
Description
CES (circuit Emulation Services) is used to support traditional TDM service over
PSN in xPON system.
Target
The advantages of the low operation cost and the sole network management of the
PSN can extend the service scope of TDM for the operators.
205
Support Differential Timing and Adaptive Timing mode for service clock
synchronization..
Pseudo Wires create a transparent tunnel for all Layer 2 TDM information over
managed MPLS, IP or Ethernet networks
Figure 14-1
206
Introduction
Description
OLT Frequency Synchronization module can recover the frequency from all uplink
ports and T12 clock ports, and then select the best one as system clock based on
the Clock-source quality-level.
Target
ZXA10 C300/C320 supports network synchronization with master-slave
architecture. GPON System can provide the frequency and phase synchronization
for business customers and Node B backhauling.
System Clock
ports) ,
input
can
be selected
from
or
two T12
All 1GE and 10GE uplinks (NNI) can act as timing input for EEC frequency
synchronization via SyncE including Ethernet Synchronization Message
Channel (ESMC) with Synchronization Status Message (SSM) Quality Level
(QL) according to G.8261, G.8262 and G.8264.
Support frequency accuracy with +/- 4.6 ppm for entire span time under
hold-over conditions
Support frequency accuracy with +/- 4.6 ppm for entire span time under
free-running conditions
207
The T12 port has the characteristics including impedance 120 ohm
non-earthed, symmetrical and short-circuits proof.
T12 ports jitter and wander tolerance according to G.813 (8. noise tolerance)
Glossary
T12: Digital 2048 kHz clock interface
E12: 2048 Kbit/s interface
SyncE: Ethernet Physical Layer Synchronization
Abbreviations
OLT: Optical Line Terminal
ONT: Optical Network Terminal
ESMC: Ethernet Synchronization Message Channel
SSM: Synchronization Status Message
QL: Quality Level
PRC: Primary Reference Clocks
SSU: Synchronization Supply Units
SEC: Synchronous Equipment Clocks or SDH Equipment Clocks
EEC: Ethernet Equipment Clocks
15.1.2
208
source is abnormal, the PLL will use backup clock source. PLL output provides a
19.44M system clock to each line card. PLL has the hold-on and free-run function.
The following Figure 15-1 shows the architecture of the system frequency
synchronization function.
Figure 15-1 Frequency synchronization function Diagram
STM-1/E1/T1
SDH
LIU
CPLD
LOS
LOS
SyncE(GE)
GE
PHY
16K clock
SyncE clock
CPLD
LOS
LOS
Main
control
Card
Cpld
SELECT
SyncE(10GE)
10GE
PHY
relay
LOS
select
compar
ator
LOS
TCXO
+/4.6PPM
16K clock
2M clock
CPLD
E12
LOS
2M clock
E12
LIU
LOS
Software
control
priority
E12
relay
VCXO
CPLD
select
T12/E12(RJ45)
PLL
8K clock
16K clock
SyncE clock
T12
T12/E12(RJ45)
8K clock
E12
LIU
T12
SSM
_QL
module
2M clock
2M clock
2M clock
To line card
19.44M clock
To GPON ONU
GPON
OLT
MAC
PLL
To GPON card
15.2
15.2.1
Introduction
Description
The OLT phase synchronization module can recover the 1PPS signal from the
uplink port according to IEEE 1588 V2 standard, or from the external 1PPS+TOD
interface, and then for GPON, the 1PPS information is transferred to ONU
according to G.984.3 Amendment 2. The ONU can provide 1PPS interface or 1588
active port to the mobile base station like LTE, CDMA2000 and TD SCDMA which
need the phase synchronization information. For P2P Ethernet port in OLT, each
209
port supports working at IEEE 1588V2 master mode and connects directly to base
station.
Target
ZXA10 C300/C320 supports phase synchronization network to the mobile base
station.
The OLT has an IEEE1588-2008 Slave (SOOC) for phase extraction from
uplink signals.
The OLT has a 1PPS output from the selected IEEE1588-2008 signal
received.
The phase transfers between the OLT and the ONU. The GPON build-in time
transfer mechanism bases on G.984.3 Amendment 2 (11/2009).
The phase transfers between the P2P interfaces through IEEE 1588V2
The phase synchronization accuracy between the OLT and the ONU is +/50ns.
Glossary
1PPS: one pulse per second
Abbreviations
LTE: Long Term Evolution
BC: Boundary Clock
TC: Transparent Clock
SOOC: Slave Only Ordinary Clock
210
15.2.2
GE
PHY
SyncE(GE)
16K clock
SyncE clock
CPLD
LOS
SELECT
LOS
SyncE(10GE)
10GE
PHY
SyncE clock
LOS
16K clock
CPLD
8K clock
PLL
SSM 8K clock
_QL
module
VCXO
LOS
TCXO
Ethernet traffic
Switch
Ethernet traffic
1588V2 packet
19.44M clock
1588
slave
1PPS
OCXO
GPON
OLT
MAC
splitter
1PPS (75o/120o)
1PPS
SyncE(1588V2)
1588
master
GPON
ONU
MAC
G.984.3
Amendment 2
OCXO
211
15.3 NTP
15.3.1
Introduction
Description
NTP protocol is designed to synchronize clocks of computers over the Internet. It
provides a time synchronization mechanism to distribute Coordinated Universal
Time (UTC) over the Internet. NTP requires an NTP server and NTP client in which
NTP server providing the time basis.
Target
The ZXA10 C300/C320 implements the NTP client functions. It can synchronize
with the NTP servers time with the precision of seconds.
a free-running
Abbreviations
NTP Network Time Protocol
15.3.2
212
The NTP request packet arrives at the NTP server. The NTP server records
the arrival time T2 of the NTP request packet.
The NTP server sends the NTP response packet, which contains timestamps
T2 and T3 (T3 is when the NTP response packet leaves the NTP server).
The NTP response packet arrives at the ZXA10 C300/C320, and the ZXA10
C300/C320 records the arriving time T4.
The ZXA10 C300/C320 can calculate the transmission delay and clock offset
between the ZXA10 C300/C320 (NTP client) and NTP server. It then adjusts the
local clock to synchronize with the NTP server clock.
DELAY = (T4-T1) (T3-T2)
OFFSET = ((T2-T1) + (T3-T4))/2
16 Power Saving
16.1
Introduction
Description
There are three kinds of power saving measures in system including ONU Power
Saving Management, Line Card Power Saving Management and Port Power
Saving Management.
As for ONU Power Saving Management, three kinds of power saving mode,
including Fast Sleep Power Saving Mode, Deep Sleep Power Saving Mode,
Dozing Power Saving Mode and Power Shedding Mode, are supported according
to white paper in ITU-T G.Suppl. 45 GPON power conservation, and can be
configured at ONU level.
Line Card Power Saving Management and Port Power Saving Management are for
power saving measurements provided by OLT in line cards, PON interfaces and
uplink interfaces.
Target
213
Remote query for attributes of power off line card in Network Management
System (NMS).
16.2
OLT support the following ONU Power Saving Modes Management: Fast
Sleep Power Saving Mode, Deep Sleep power saving Mode, Dozing Power
Saving Mode and Power Shedding Mode.
214
Power down and power on are controlled by single chip in line card.
Unconfigured service line card can be configured to Power Down mode and
main switch control card can send command to single chip in line card.
Only single chip works when line card is configured in Power Down mode to
inspect configuration commands, while other parts of line card are in Power
Down state.
Offline alarm of line card can be sent to NMS as long as Power Down
command is executed successfully by line card. Restore alarm will be sent to
NMS when line card powers on successfully and state of line card returns to
normal.
Users can use NMS or CLI command (show card) to check if line card is at
Power Saving state.
If optical port didnt be used, Shut Down command can be applied to close
optical module.
215
Optical module will be opened and closed periodically after configured enable.
If no optical signal is received during open period, close period will be entered
alternately.
If optical signal is received during open period, Normal Work mode will be
entered.
Introduction
Description
ZXA10 C300/C320 supports optical link fault diagnostics based on a flexible
mechanism to meet operators different deployment requirements. In order to cut
down the CAPEX of FTTX network and reduce the complexity of deployment,
ZXA10 C300/C320 supports the fault diagnosis on built-in OLS technology basis,
which can realize the fiber fault demarcation; meanwhile, for high accuracy fiber
maintenance requirement, ZXA10 C300/C320 also supports the fault diagnosis on
OTDR (Optical Time-Domain Reflectometer) technology basis, which can locate
the accurate fiber failure position.
Target
ZXA10 C300/C320 supports the following fault diagnostic functions:
It supports the diagnosis of FTTX based broadband service failures and the
diagnosis includes connectivity diagnosis, stability diagnosis and quality
diagnosis. In case that these service failures happen, it can start the diagnosis
and find out whether the failure is located in access layer; furthermore, for
access layer failures, it can still locate the accurate failure position or scope,
and propose the correct solution per the diagnosis result.
216
When the FTTX service failures are caused by optical fiber link, it can
diagnose the link and find out the most possible fault reason via OLS
technology.
With the built-in OLS technology and expert knowledge supported, it can
realize the fiber fault demarcation, feeder fiber fault or distribution fiber fault
(inclusive of which branch fault);
cause, fiber broken, power attenuation, or transceiver failures; and for the
possible faults detected, it can propose the correct solution per the diagnosis
result.
With the external OTDR, it can perform high accurate fiber link fault diagnosis
to locate the real fault position and fault type or cause. The follow Table 17-1 is
the comparison between the OLS and OLS+OTDR.
Table 17-1
Main Function
OLS+OTDR
Solution
OLT/OLT
Abnormal
Module
ONU
Constant Light
Fault Diagnosis
Performance
Service
217
Main Function
OLS+OTDR
Solution
Prediction
Service Optimization
support
OUN fault diagnosis mainly includes MDU fault diagnosis, ONT fault diagnosis
not support
In case that MDU subscriber encounters service failure, it can start the MDU
diagnosis remotely to determine whether MDU is power off or its uplink fiber is
broken, whether the configuration is correct and whether the user port status is
normal, and then as per the diagnosis result the related solution is proposed.
Meanwhile, the MDU failure information, diagnosis result and related
subscriber information can be forwarded to the concerned maintenance
engineer via e-mail or SMS to realize the proactive maintenance.
In case of FTTH service failure, it can diagnose the ONT remotely to determine
whether ONT is power off or its uplink fiber is broken, whether the
configuration is correct and whether each UNI port status is normal, and then
as per the diagnosis result the related solution is proposed.
It can determine whether ONU is experiencing a rogue ONU issue: if yes, it will
try to locate the rogue ONU and turn it off.
218
17.2
219
18 Environment Monitor
18.1
Introduction
Description
This topic introduces ZXA10 C300/C320 environment monitoring functions.
Target
The environment monitoring equipment performs monitoring on environment
parameters
220
18.2
CICG
CICK
No.
1
(RJ45)
4
Out-of-band maintenance
interface
7
Pre-set interface
interface
221
19 Device management
19.1 Card Management
19.1.1
Introduction
Description
Cards are the physical fundermental to implement various services. The card
management refers to the unified management of cards resources on ZXA10
C300.
Target
Card management is used to promptly discover the change of the card running
status and thereby inform each service module without any delay. It presents to the
user with the card running status through running indicators especially alarm
indicators. The user can also query the card running status through the NM or
command lines.
19.1.2
222
If the user does not configure the card which is plugged in the shelf, the card
reports the alarm notification and informs the user to configure the card
correctly.
It supports offline configuration on cards and informs the user if the configured
card is not available.
Informs the service card to change status to online if the configured card runs
normally.
Reports the alarm to the user if the configured card type is not consistent with
the card in actual environment.
Introduction
Description
Version management refers to the management of software version of card. It is
responsible for downloading, upgrading and synchronizing the software version of
all the cards.
Target
ZXA10 C300/C320 implements downloading and upgrading of the card
BootRom/software version and synchronization of different versions of
active/standby main control and switch cards.
223
19.2.2
224
19.4.1 Introduction
Description
In the in-band management VPN, the associated in-band management protocols on the
device support the specified VPN instances so that management packets can be
received and forwarded using multiple virtual routes. In this way, the carrier can manage
and maintain remote devices through private IP addresses. This method not only saves
public IP addresses but also isolates the management network from the public network.
Target
Both the in-band management server and client be able to receive the connection
requests and data packets from VPN, to achieve in-band management VPN.
The out-of-band management interfaces cannot be assigned to the VPN. They always
belong to the public network. Therefore, only the in-band interfaces support VPN
management.
The following servers can receive VPN requests:
Telnet server
SSH server
SNMP AGENT
FTP client
SFTP client
SNMP TRAP
SYSLOG
225
Telnet client
19.4.2
19.5 SSH
19.5.1 Introduction
Description
Secure Shell (SSH) is formulated by the IETF Network Working Group. Based on the
application layer and transport layer, SSH provides security for remote login session and
other network services.
226
Target
Compared with the traditional network service programs that send passwords and data in
plaintext, SSH encrypts all the data before sending it. This avoids information disclosure
during remote management. Therefore, SSH is recommended. With the use of SSH, the
data transmission is speeded up because the data is compressed.
AES, DES, 3DES, and BLOWFISH encryption algorithms for SSH login.
A device can serve as an SSH server and at the same time as an SSH client to
log in to other devices.
19.5.2
One is password-based security authentication. The client can log in to the remote
host only with an account and password. All the data is encrypted. But it cannot
ensure the server to be logged in is the desired server because another server may
imitate the desired server.
227
SSH is a cryptographic protocol. It provides a secure channel only not data transmission.
Through the steps including version negotiation, key exchange, algorithm negotiation,
and user authentication, an SSH secure channel is set up. Any data transfer protocol can
transfer data in the channel. The tool used by the secure maintenance terminal provides
the SSH client function.
19.5.3
228
19.5.4
The client writes the local data onto the server in accordance with the returned file
handle.
Files can be downloaded through SFTP only after the SSH authentication is passed.
The file downloading flow is as follows:
The server and the client both verify the SFTP version in the SFTP stage.
The client closes the opened files after reading the data.
Description
229
Target
The supervisor can manage all the accounts and is allowed to execute all the
configuration and operation commands.
The administrator can manage all the operators, query the accounts and is
allowed to execute all the configuration and operation commands.
The operator can only perform data configuration and service provisioning,
and has no right to manage the accounts.
The user can only query the data, mainly for troubleshooting.
User name: 116 characters length, a space is not allowed. The allowed characters are
as follows:0123456789abcdefghijklmorqrstuvwxyz_
Password, 316 characters length. a space is not allowed. The allowed characters are as
follows:
0123456789abcdefghijklmnopqrstuvwxyz_ABCDEFGHIJKLMNOPQRST UVWXYZ`*-=~!
@#$%^&()_+[]{}|;':,./<> \\
19.6.2
230
access right of the command node. Therefore, users with high priority have the operation
rights of users with low priority.
Description
With the remote connection security feature, the IP firewall, or the service port of the
system is disabled to prevent the device from being attacked by illegal users or illegal
operations.
Target
IP firewall or disabling the service port can prevent the device from being attacked by
illegal users to ensure the security of devices.
19.7.2
231
Description
Logs can be classified into security event logs and operation logs.
A security event log is a log recorded by the system after a security event
occurs.
An operation log is a log about the user operation recorded by the system. It
records user login and logout information and other operations performed on
the system.
Generally, logs are queried through the CLI, syslog, or backup log file during
troubleshooting.
Operation logs and security event logs are reported to the NMS.
Target
Logs recorded help users obtain the overall system maintenance information for
timely troubleshooting.
19.8.2
Operation Log
The system records commands of successfully issued configurations from the CLI
or SNMP interface, that is, operation logs. Operation logs record both succe ssful
and failed operations. In logs of failed operations, the operation results can also be
recorded. By default, the system supports a maximum of N (configurable) operation
logs, which are saved in the order of time and are overwritten cyclically. After the
system is restarted, logs recorded are not lost.
232
Events are reminders to the user during the system running.When the level of a
security event is changed, whether the event is recorded may be changed. A
security event is recorded in the log only when its level is minor or higher.
Log Server
Logs can be reported to the log server using syslog in real time. Also, logs can be
transmitted to the file server through TFTP/FTP/SFTP at a specified time or when
the specified capacity is reached after the automatic uploading conditions are
configured. Integrity of logs must be ensured.
Description
Alarm and event management mainly involves recording and setting alarms and events
and collecting their statistics.
Target
Alarms and events of four severity levels: critical, major, minor, and warning
233
19.9.2
234
With the alarm and event filtering function, the user can configure the filtering conditions
so that the system reports only the alarms and events that pass the filtering. In this way,
the user can concentrate on the important and specified alarms and events. The alarms
and events can be filtered by alarm/event ID, severity level, and alarm/event type.
20 Reliability
20.1
20.1.1
Introduction
Target
The main control and switch module implements centralized processing on ZXA10
C300/C320 main control and switch card. In order to ensure the reliability of the
services, it is necessary for the main control and switch module to support 1:1
active/standby mode backup or 1+1 load-sharing mode to ensure the continuity of
services.
The switchover of the main control and switch module is as follows:
The control module implements real-time detection on the main modules in the
card. When detecting any hardware fault, the active card gives up and is
rebooted, and then the standby card is automatically switched over to be
active.
235
ZXA10 C300/C320 supports the following features of the main control and
switching protection:
20.1.2
Active/standby mode
As the core of the C300/C320, the active control board communicates with external
devices and implements functions of internal modules of the system. The standby
control board
does not communicate with external devices and only serves as a backup of the
active control board. During its operation, the active control board backs up all static
configurations and some dynamic configurations to the standby control board to
keep data synchronized between the two boards.
Redundancy backup of control boards protects services against a control board
failure. If two control boards are configured, services can be switched to the
standby control board when the active control board fails. Any of the following
conditions triggers a switchover between the active and standby control boards:
System upgrade. In this case, the operator resets the control boards and
performs the active/standby switchover manually.
236
Load-sharing mode
When the two control boards work in load sharing mode, redundancy backup
improves reliability of services as well as doubling bandwidth and enhancing data
forwarding performance.
On the forwarding plane, the active and standby control boards share loads.
Both boards forward data.
On the control plane, the two control boards work in the active/standby mode.
The CPU on the active control board manages the system and controls data
forwarding while the CPU on the standby control board is in the standby state.
Introduction
Description
ZXA10 C300 supports time and clock synchronization between active control
module and standby control module to ensure high reliability services of time and
clock. Seamless switch over is also supported.
237
20.3.2
B
1
a
(
M
B
1
T
P
i
r
P1
P
n
AC
T
P
y
X
i
S
I
P
I
P
Time and clock module is placed in the main switch and control card, and
control cards through the backplane card. Time and clock modules in both
active and standby switch and control card work simultaneously and lock the
same clock source. Time and clock module in line card choose and lock output
clock source based on active/standby state of main switch and control card
and quality of clock. Each time and clock module supports multi clock source
input, and chooses clock source based on clock quality and priority. When one
clock source got lost, another clock source can be switched over smoothly.
l
Similar to time and clock module, active and standby switch and control cards
both support 1588v2 SLAVE function. Time and clock module supporting
1588v2 can rescue clock by PTP protocol and pass 1PPS+TOD message to
line card, and then forward to ONU through PON protocol.
238
O
e
2
c
different kinds of clock source are passed to the active and standby switch and
cE
S
S
Glossary
ACL - Access Control List
AES - Advanced Encryption Standard
ANCP- Access Network Control Protocol
ARP - Address Resolution Protocol
AS - Application ServerAutonomous System
ATM - Asynchronous Transfer Mode
BER - Basic Encode RuleBit Error Rate
BPDU - Bridge Protocol Data Unit
BRAS - Broadband Remote Access Server
BSR - Bootstrap Router
CAR - Committed Access Rate
CDR - Call Detail RecordClock and Data Recovery
CES - Channel Element SubsystemCircuit Emulation Services
CIR - Committed Information Rate
CIST - Common and Internal Spanning Tree
CLI - Command Line InterfaceCommand Language InterpreterCalling Line
Identity
CPU - Central Processing UnitCentral Policy Unit
CRC - Cyclic Redundancy Check
CST - Common Spanning Tree
CoS - Class of Service
DBA - DataBase AgentDynamic Bandwidth Allocation
DHCP - Dynamic Host Configuration Protocol
239
240
241
242
243