Download the document - Support

HUAWEI NE9000 Core Router
V800R008C10
Product Description
Issue
01
Date
2016-08-30
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address:
Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
[email protected]
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
HUAWEI NE9000 Core Router
Product Description
About This Document
About This Document
Purpose
This document describes the NE9000 in terms of its product positioning and features,
architecture, technical specifications, supported FPICs, link features, service features, usage
scenarios, and operation and maintenance.
Note the following precautions:

The encryption algorithms DES/3DES/SKIPJACK/RC2/RSA (RSA-1024 or
lower)/MD2/MD4/MD5 (in digital signature scenarios and password encryption)/SHA1
(in digital signature scenarios) have a low security, which may bring security risks. If
protocols allowed, using more secure encryption algorithms, such as AES/RSA
(RSA-2048 or higher)/SHA2/HMAC-SHA2 is recommended.

Do not set both the start and end characters of a password to "%#%#". This causes the
password to be displayed directly in the configuration file.

To further improve device security, periodically change the password.
Related Version
The following table lists the product version related to this document.
Product Name
Version
NE9000
V800R008C10
U2000
V200R016C50
Intended Audience
This document is intended for:

Issue 01 (2016-08-30)
Network planning engineers
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
HUAWEI NE9000 Core Router
Product Description
About This Document

Hardware installation engineers

Commissioning engineers

Data configuration engineers

On-site maintenance engineers

Network monitoring engineers

System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates an imminently hazardous situation which, if not
avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, may result in minor or moderate injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Calls attention to important information, best practices and
tips.
NOTE is used to address information not related to
personal injury, equipment damage, and environment
deterioration.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
HUAWEI NE9000 Core Router
Product Description
Convention
About This Document
Description
vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by
vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by
vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by
vertical bars. Several items or no item can be selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n
times.
#
A line starting with the # sign is comments.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue
contains all updates made in previous issues.

Changes in Issue 01 (2016-06-30)
This issue is the first official release. The software version of this issue is
V800R008C10.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
HUAWEI NE9000 Core Router
Product Description
Contents
Contents
About This Document .................................................................................................................... ii
1 Product Positioning and Features .............................................................................................. 1
1.1 Product Positioning ....................................................................................................................................................... 1
1.2 Product Features ........................................................................................................................................................... 2
2 Architecture .................................................................................................................................... 7
2.1 Physical Architecture .................................................................................................................................................... 7
2.2 Logical Architecture ..................................................................................................................................................... 8
2.3 Software Architecture ................................................................................................................................................... 9
3 Technical Specifications ............................................................................................................ 11
3.1 Physical Parameters .................................................................................................................................................... 11
3.2 System Configurations ................................................................................................................................................ 12
3.3 Board Specifications ................................................................................................................................................... 13
4 Link Features ................................................................................................................................ 14
4.1 Ethernet Link Features ................................................................................................................................................ 14
5 Security Features ......................................................................................................................... 15
6 Service Features ........................................................................................................................... 19
6.1 Ethernet Features ........................................................................................................................................................ 19
6.1.1 Layer 2 Ethernet Features ........................................................................................................................................ 19
6.1.2 Layer 3 Ethernet Features ........................................................................................................................................ 19
6.2 IP Features .................................................................................................................................................................. 20
6.2.1 IPv4/IPv6 Dual Stack............................................................................................................................................... 20
6.2.2 IPv4 Features ........................................................................................................................................................... 20
6.2.3 IPv6 Features ........................................................................................................................................................... 20
6.2.4 IPv4/IPv6 Transition Technology ............................................................................................................................ 21
6.3 Routing Protocols ....................................................................................................................................................... 21
6.3.1 Unicast Routing Features ......................................................................................................................................... 21
6.3.2 Multicast Routing Features ...................................................................................................................................... 23
6.4 MPLS Features ........................................................................................................................................................... 23
6.5 VPN Features .............................................................................................................................................................. 25
6.5.1 Tunnel Policy ........................................................................................................................................................... 25
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
HUAWEI NE9000 Core Router
Product Description
Contents
6.5.2 VPN Tunnel ............................................................................................................................................................. 25
6.5.3 BGP/MPLS L3VPN................................................................................................................................................. 25
6.5.4 BGP/MPLS L2VPN................................................................................................................................................. 26
6.6 QoS Features............................................................................................................................................................... 26
6.7 Traffic Load Balancing ............................................................................................................................................... 28
6.8 Traffic Statistics Collection......................................................................................................................................... 28
6.9 Network Reliability .................................................................................................................................................... 29
7 Usage Scenarios ........................................................................................................................... 33
7.1 National Backbone Network Solution ........................................................................................................................ 33
7.2 Provincial Backbone Network Solution ...................................................................................................................... 34
7.3 IP Bearer Network Solution ........................................................................................................................................ 35
7.4 IPv6 Backbone Network Solution .............................................................................................................................. 37
8 Operation and Maintenance ..................................................................................................... 38
8.1 Operation and Maintenance ........................................................................................................................................ 38
8.1.1 System Configuration Management ........................................................................................................................ 38
8.1.2 System Management and Maintenance.................................................................................................................... 39
8.1.3 Device Operating Status Monitoring ....................................................................................................................... 39
8.1.4 System Service and Status Tracking ........................................................................................................................ 40
8.1.5 System Test and Diagnosis ...................................................................................................................................... 40
8.1.6 NQA......................................................................................................................................................................... 41
8.1.7 VS ............................................................................................................................................................................ 41
8.1.8 In-Service Debugging .............................................................................................................................................. 41
8.1.9 Upgrade Features ..................................................................................................................................................... 42
8.1.10 License ................................................................................................................................................................... 42
8.1.11 Other Features ........................................................................................................................................................ 42
8.2 NMS ........................................................................................................................................................................... 43
A Acronyms and Abbreviations .................................................................................................. 44
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vi
HUAWEI NE9000 Core Router
Product Description
1
1 Product Positioning and Features
Product Positioning and Features
About This Chapter
1.1 Product Positioning
1.2 Product Features
1.1 Product Positioning
The HUAWEI NE9000 Core Router (NE9000) is a large-capacity and high-performance
router designed by Huawei to provide carrier-class reliability. Based on the powerful versatile
routing platform (VRP), the NE9000 provides strong switching capabilities, dense ports, and
high reliability. NE9000s mainly serve as super-core nodes on carriers' backbone networks,
core nodes on metropolitan area networks (MANs), egresses in large-scale Internet Data
Centers (IDCs), and core nodes on large-scale enterprise networks.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
HUAWEI NE9000 Core Router
Product Description
1 Product Positioning and Features
1.2 Product Features
Powerful Forwarding Capability
Designed with a hardware-based forwarding engine, the NE9000 supports full-duplex
forwarding of IPv4, IPv6, and MPLS packets at line rate on all interfaces.
The NE9000 supports multicast traffic forwarding at line rate. The NE9000 hardware supports
two-level multicast traffic replication: replication from switch fabric units (SFUs) to line
processing units (LPUs) and replication from an LPU's forwarding engine to interfaces on the
LPU.
An LPU can buffer packets, ensuring that no packet is lost in the case of a traffic burst.
Well-Designed QoS Mechanism
The NE9000 provides the following QoS functions:

Issue 01 (2016-08-30)
Rule-based traffic classification: Traffic can be classified based on Layer 2, Layer 3, and
MPLS rules.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
HUAWEI NE9000 Core Router
Product Description
1 Product Positioning and Features

Differentiated services: Differentiated services are provided for traffic with different
differentiated services code point (DSCP) values, EXP values, 802.1p priorities, or IP
precedence.

Traffic marking: The DSCP values, EXP values, 802.1p priorities, or IP precedence of
specific traffic can be changed based on a pre-defined policy.

Traffic policing: All traffic or specific traffic on a specified interface can be monitored
for traffic limiting.

Congestion avoidance: Tail drop or weighted random early detection (WRED) can be
used to drop certain packets in a queue to prevent a queue overflow.

Congestion management: Priority queuing (PQ) and weighted fair queuing (WFQ) are
provided to ensure fair queue scheduling and preferential processing of services with a
higher priority.
These QoS functions ensure different delays, jitter, bandwidth, and packet loss rates for
different services, such as voice over IP (VoIP) and IPTV services, carried over an IP network.
Robust Security Design
The NE9000 provides multiple security features to protect the data of Internet service
providers (ISPs) and users. These features can protect services against denial of service (DoS)
attacks, unauthorized access, and traffic overload on the control plane. The NE9000 uses a
distributed structure that separates the data plane from the control plane, providing
industry-leading security performance.
The NE9000 provides the following security features:

Three user authentication modes: local authentication, Remote Authentication Dial In
User Service (RADIUS) authentication, and Huawei Terminal Access Controller Access
Control System (HWTACACS) authentication

Hardware-based packet filtering and sampling, which ensures high performance and high
scalability.

Plaintext authentication and message digest algorithm 5 (MD5) authentication of Open
Shortest Path First (OSPF), Intermediate System to Intermediate System (IS-IS), Routing
Information Protocol (RIP), and BGP packets

Access control lists (ACLs) based on the forwarding and control planes

Unicast reverse path forwarding (URPF), which checks the source address validity and
drops invalid packets that fail the check

Generalized TTL Security Mechanism (GTSM)

Traffic filtering based on the ACL carried in a BGP Flowspec route or the local policy
that the route attribute matches
Comprehensive IPv4/IPv6 Features
The NE9000 supports the IPv4/IPv6 dual stack , comprehensive IPv6 features, and smooth
transition from IPv4 to IPv6 networks.

Multiple types of IPv6 over IPv4 tunnels

Large-capacity routing tables and forwarding tables, meeting the requirements of VPN
PEs and future service expansion

Distributed forwarding of IPv4/IPv6 and MPLS packets

Inter-AS VPN scenarios, including Option A, Option B, and Option C
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
HUAWEI NE9000 Core Router
Product Description
1 Product Positioning and Features
Carrier-class Reliability and Manageability
The NE9000 offers carrier-class reliability and manageability.
The NE9000 also provides a powerful monitoring system. The main processing units (MPUs)
manage, monitor, and maintain the boards, fan modules, and power modules of the entire
system.
The NE9000 complies with Electromagnetic Compatibility (EMC) standards. The modular
design of the NE9000 achieves EMC isolation between boards.
The following table lists the features that the NE9000 provides to ensure carrier-class
reliability.
Table 1-1 High reliability features
Item
Description
System
protection
mechanism
The boards, power modules, and fan modules are hot-swappable.
The MPUs work in 1:1 backup mode.
Key components, such as power modules, fan modules, clock modules, and
management buses, work in backup mode.
Protection
against faults
If an exception occurs in the system, the system
automatically restarts and recovers.
If an exception occurs on a board, the system resets the
board.
The system provides protection against over-current and over-voltage on
power modules and interfaces.
The system provides protection against mis-insertion of boards.
Alarm
monitoring
Reliability
design

Alarm messages, alarm indications, operating status,
and alarm status of power modules can be queried.

Alarm messages, alarm indications, operating status,
and alarm status of the voltage and ambient
temperature can be queried.

Alarms of high or low receive optical power are
provided.
Control channels are separated from service channels so that the control
channels are congestion-free.
The system supports a complete fault detection mechanism for the system
and boards. Alarms can be notified using indicators or the network
management system (NMS).
Upgrade
reliability
The system supports in-service patching.
The system supports in-service upgrading of the BootROM.
The system supports error checking and correction (ECC) of the random
access memory (RAM).
Fault
Issue 01 (2016-08-30)
Data backup
The system supports hot backup of data between master
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
HUAWEI NE9000 Core Router
Product Description
Item
1 Product Positioning and Features
Description
tolerance
design
and slave units. If the master unit fails, the slave unit
automatically takes over, which ensures that no data is
lost.
The BootROM can be automatically upgraded and restored.
The system can back up configuration files to the remote File Transfer
Protocol (FTP) server.
The system can automatically select and run the correct configuration files.
System software exceptions can be monitored, automatically removed, and
recorded.
Operation
security
Passwords are used for system operations to ensure better security.
User levels and command levels can be configured to achieve hierarchical
command authorization.
The configuration terminal can be locked using commands to prevent
unauthorized users from using the terminal.
Messages are provided to prevent inappropriate operations. For example, if
a user runs a command that may affect system performance, the system
will prompt the user to determine whether to continue the operation.
Operation
and
maintenance
center
The system uses the universal NMS developed by Huawei.
Flexible VS Functions
The NE9000 supports virtual system (VS). VS is an important feature of new-generation IP
bearer devices and plays an active role in centralized operation and capital expenditure
(CAPEX) and operational expenditure (OPEX) reduction. Carriers can divide a large physical
system (PS) into multiple smaller separate VSs, optimizing physical resource allocation and
making networking more flexible.
VS can:

Reduce CAPEX and OPEX.

Flatten networks.

Support multi-service networks.
Different services are deployed on different VSs, forming a logical multi-service network.
This isolates different types of services to improve security and reliability.

Verify new services.
New services, such as IPv6 and video services, can be verified on VSs, which isolate
services and have no impact on the existing network applications.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5
HUAWEI NE9000 Core Router
Product Description
1 Product Positioning and Features
Ideal L2VPN Solution
The NE9000 supports the MPLS L2VPN technology. MPLS L2VPN transparently transmits
Layer 2 user data over an MPLS network. From a user's perspective, an MPLS network is a
Layer 2 switching network on which Layer 2 connections can be set up between nodes. MPLS
L2VPN can be classified as virtual private LAN service (VPLS) or virtual private wire service
(VPWS).
VPWS is a Layer 2 service bearer technology that transmits Layer 2 services by emulating
basic behaviors and features of services, such as Ethernet, synchronous optical network
(SONET), and synchronous digital hierarchy (SDH), on a packet switched network (PSN). As
a P2P L2VPN service provided over a public network, VPWS enables two sites to
communicate as if they were directly connected by a link. VPWS, however, does not allow
more than two sites to directly communicate.
VPLS uses the PSN to connect multiple Ethernet LAN segments, enabling them to work as a
single LAN. VPLS is also called transparent LAN service (TLS) or virtual private switched
network service (VPSNS). Different from common point-to-point L2VPN services, VPLS
enables a service provider to offer an Ethernet-based multipoint service to users over an
MPLS backbone network.
Easy Configuration Rollback
The NE9000 supports configuration rollback. Configuration rollback is an important
configuration management function because it can reduce the operation error rate and
improve device maintenance efficiency.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
HUAWEI NE9000 Core Router
Product Description
2 Architecture
2
Architecture
About This Chapter
2.1 Physical Architecture
2.2 Logical Architecture
2.3 Software Architecture
2.1 Physical Architecture
The NE9000 chassis consists of the following systems:

Power distribution system

Heat dissipation system

Network management system (NMS)

Functional host system
The functional host system is composed of the system backplane, MPUs, LPUs, SFUs, and
central management units (CMUs). It uses a network management interface to connect to the
NMS. The functional host system processes data, and monitors and manages the power
distribution system and heat dissipation system. Figure 2-1 shows the functional host system
of the NE9000.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
HUAWEI NE9000 Core Router
Product Description
2 Architecture
Figure 2-1 Functional host system
Backplane
Monitoring unit
Management unit
Ethernet
Ethernet
Monitoring
bus
Management
bus
Monitoring
bus
Management
bus
System
monitoring unit
Management bus
switching unit
System
monitoring unit
Physical
interface unit
Forwarding
unit
Serial link
group
Monitoring unit
Monitoring
bus
Management unit
Management
bus
Physical
interface unit
Forwarding
unit
Monitoring
bus
Management
bus
(Master)
System
monitoring unit
Management bus
switching unit
System
monitoring unit
Monitoring
bus
Management
bus
MPU
Switching network
monitoring unit
Switching network
control unit
MPU
(Slave)
SFU
Switching network
Serial link
group
Monitoring
bus
Management
bus
Monitoring unit
Central management units
(CMUs) (Master)
Monitoring
bus
Management
bus
Monitoring unit
Central management units
(CMUs)
(Slave)
2.2 Logical Architecture
The logical architecture of the NE9000 consists of the following planes:

Data plane

Control and management plane

Monitoring plane
Figure 2-2 shows the logical architecture.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
HUAWEI NE9000 Core Router
Product Description
2 Architecture
Figure 2-2 Logical architecture
LPU
Monitoring
plane
Monitoring
Unit
…
Management
unit
…
Monitoring unit
Management
unit
System
control unit
Management
unit
Data
plane
Central
management unit
Monitoring unit
Monitoring
Unit
Control and
management
plane
CMU
MPU
Switching network
management unit
Forwarding
unit
…
Forwarding
unit
LPU
Switching
network
SFU
2.3 Software Architecture
The NE9000 series routers provide a multi-process and full-service software architecture that
is reliable, scalable, and flexible.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
HUAWEI NE9000 Core Router
Product Description
2 Architecture
Figure 2-3 Software architecture
OI
I
M
R
B
P
T U
SSI RG S
G
I
C D
P I P M M D IP
P
M
P P
F S
P P
T
A P H V R
D
L
R P
U
P P L A N
C N
K
SSP
SMP
BOS
DRIVER
NP
LOGIC
Forwarding
Forwarding
B V
S P
A N
C S
L N
I M
P
N
E
T X
C P
O L
N
F
Acronyms and Abbreviations

SSP: Service Splitting Platform

BOS: Balance of System

SMP:System Management Plane

NP:Network Processor

BSA:Basic Service Area
\
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
HUAWEI NE9000 Core Router
Product Description
3 Technical Specifications
3
Technical Specifications
About This Chapter
3.1 Physical Parameters
3.2 System Configurations
3.3 Board Specifications
3.1 Physical Parameters
Table 3-1 Physical parameters of the NE9000
Item
Item
Dimensions (H x W x D)
2200 mm x 600 mm × 800 mm (49.5 U)
(Dimensions of the chassis body together with cable trays
and front and back attachments)
Installation
The NE9000 chassis is integrated in a cabinet and does not
need cabinet installation.
Weight
Empty chassis: 345 kg
Integrated chassis (delivered weight): 347.1 kg (DC)/340.7
kg (AC)
Maximum power
consumption
23KW
Heat dissipation
78430 BTU/hour
DC input
voltage
Rated voltage
-48 V to -60 V
Maximum
voltage range
-40 V to -72 V
240 V
HVDC
input
voltage
Rated voltage
240V
Maximum
voltage range
188V DC to 288V DC
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
HUAWEI NE9000 Core Router
Product Description
3 Technical Specifications
Item
Item
336 V
HVDC
input
voltage
Rated voltage
336V
Maximum
voltage range
260V DC to 400V DC
AC input
voltage
Rated voltage
200 V AC to 240 V AC
Input voltage
range
176 V AC to 290 V AC
System
reliability
MTBF (year)
14.88
MTTR (hour)
0.5
Operatin
g
temperat
ure
Long-term
0°C to 40°C
Short-term
-5°C to 50°C
Remarks
Temperature change rate limit: 30°C/hour
Storage temperature
-40°C to 70°C
Relative
operating
humidity
Long-term
5% RH to 85% RH, non-condensing
Short-term
5% RH to 95% RH, non-condensing
Relative storage humidity
5% RH to 100% RH, non-condensing
Long-term operating
altitude
Lower than 3000 meters
Storage altitude
Lower than 5000 m
3.2 System Configurations
Table 3-2 Product specifications of the NE9000
Item
Typical Configuration
Processor
Dominant frequency: 2.4 GHz, 10 core
Boot ROM
2*16 MB
DDR3 SDRAM
2*16 GB
NVRAM
512 KB
SSD card
8 GB
Switching capacity
74,473 Gbit/s (bidirectional)
Backplane capacity
215,040 Gbit/s (bidirectional)
Interface capacity
19,200 Gbit/s (full duplex)
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
HUAWEI NE9000 Core Router
Product Description
3 Technical Specifications
Item
Typical Configuration
Number of LPU slots
20
Number of MPU slots
2
Number of SFU slots
8
3.3 Board Specifications
The NE9000 provides 10GE, 40GE, and 100GE physical interfaces that can connect to
multiple network devices for different networking requirements.
Table 3-3 Specifications of boards supported by the NE9000
Board Name
Description
Silkscreen
MPU
Main Processing Unit N1(MPUN1)
NE9000 MPUN1
SFU
Switch Fabric Unit F for Single Chassis
(SFUI-F)
NE9000 SFUI-F
Boards
8-Port 100GBase-CFP2 Integrated Line
Process Unit (LPUI-1T)
NE9000 LPUI-1T
24-Port 40GBase-QSFP+ Integrated Line
Process Unit (LPUI-1T)
NE9000 LPUI-1T
60-Port 10GBase LAN/WAN-SFP+
Integrated Line Process Unit(LPUI-1T)
NE9000 LPUI-1T
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
HUAWEI NE9000 Core Router
Product Description
4 Link Features
4
Link Features
About This Chapter
4.1 Ethernet Link Features
4.1 Ethernet Link Features
NE9000 provide Layer 3 Ethernet interfaces, including 10GE optical interfaces, 40GE optical
interfaces and 100GE optical interfaces, and support IPv4/IPv6, MPLS, Multicast services,
and QoS.
The Layer 3 Ethernet interfaces on NE9000 support the following features:

Link Aggregation Control Protocol (LACP) (802.3ad)
NE9000 support link aggregation in static mode.


Issue 01 (2016-08-30)
Layer 3 Eth-Trunk
−
Ethernet interfaces on different CLCs can be bundled into an Eth-Trunk interface.
−
Ethernet interfaces on different boards in the same CLC can be bundled into an
Eth-Trunk interface.
−
An Eth-Trunk interface functions in a similar way as common Ethernet interfaces
and supports various types of services.
−
Member interfaces of an Eth-Trunk interface can work in active/standby mode, and
perform the active/standby switchover automatically based on link status.
−
Member interfaces of an Eth-Trunk interface can be manually added or deleted.
NE9000 can detect whether member interfaces are in the Up or Down state and
dynamically adjust the bandwidth of the Eth-Trunk accordingly.
Ethernet link detection
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
HUAWEI NE9000 Core Router
Product Description
5 Security Features
5
Security Features
Security Authentication
PPP supports PAP and CHAP authentication.
Routing protocols, including RIPv2, OSPF, IS-IS, and BGP, support plaintext authentication
and MD5 ciphertext authentication.
LDP and Resource Reservation Protocol (RSVP) support MD5 ciphertext authentication.
Simple Network Management Protocol (SNMP) supports SNMPv3 encryption and
authentication.
Local or remote login by means of Secure Shell (SSH) is supported.
The serial interface supports password authentication and AAA authentication.
The Telnet server supports password authentication and AAA authentication.
GTSM is applied to BGP, BGP6, OSPF, and LDP.
The control plane is associated with the forwarding plane to protect devices against invalid
packet attacks.
User right management based on user groups and tasks groups is supported.
Defense against ARP spoofing and ARP flooding is supported.
URPF Check
IPv4 and IPv6 support URPF.
Local Attack Defense
The NE9000 provides a uniform attack defense module to manage and maintain attack
defense policies of the entire system.
The NE9000 supports the following functions:

Attack source tracing and attack alarms
If the NE9000 is attacked, you can record attack packets using the attack source tracing
function and then analyze the packets to locate and defend against the attack. If the
NE9000 drops too many packets, the alarm function enables the router to display an
alarm indicating that too many packets are dropped.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
HUAWEI NE9000 Core Router
Product Description

5 Security Features
Whitelist
A whitelist contains a set of valid users or users with high priorities. By configuring the
whitelist, you can enable the NE9000 to protect existing services or user services with
high priorities.

Blacklist
A blacklist contains a set of unauthorized users. A blacklist can be self-defined based on
ACL rules, and is used to filter packets.

User-defined flow

Active link protection
The NE9000 uses the whitelist to protect TCP-based application-layer sessions.

Centralized configuration of CAR parameters
The NE9000 allows you to:

−
Configure CAR parameters for different LPUs in a centralized manner.
−
Use a uniform configuration interface to configure CAR parameters.
−
Configure protocol-specific CAR parameters.
Smallest packet compensation
The NE9000 can efficiently defend against attacks from small packets using the smallest
packet compensation function. After receiving a packet to be sent to the CPU, the
NE9000 checks the packet length:
−
If the packet is shorter than the preset minimum packet length, the router calculates
the rate at which packets are sent based on the preset minimum length.
−
If the packet is longer than the preset minimum packet length, the router calculates
the rate at which packets are sent based on the actual packet length.
BGP Flowspec
BGP Flowspec enables the NE9000 to:

Filter BGP traffic based on the ACL policy carried in BGP packets.

Filter BGP traffic based on the route attribute carried in BGP packets.
Local Mirroring
The mirroring function, conforming to international standards, may be used to analyze the
communication information of terminal customers for a maintenance purpose. Before enabling the
mirroring function, ensure that it is performed within the boundaries permitted by applicable laws and
regulations. Effective measures must be taken to ensure that information is securely protected.
In local mirroring, an LPU can be configured with a physical observing interface, multiple
logical observing interfaces, and multiple mirrored interfaces.
The NE9000 supports inter-board local mirroring. The observing and mirrored interfaces can
be configured on different boards.
The NE9000 supports upstream mirroring. All packets or packets that match specific rules
received by a mirrored interface are copied to a specified observing interface.
CAR can be used to limit the rate of mirrored packets on the mirrored interface.
The proportion of mirrored packets can be configured. For example, you can mirror only 10%
of a 100 Gbit/s traffic flow.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
HUAWEI NE9000 Core Router
Product Description
5 Security Features
NetStream
The NetStream function conforms to IETF RFC3954. For security risks, see IETF RFC3954. This
function involves analyzing the communications information of terminal customers. Before enabling the
function, ensure that it is performed within the boundaries permitted by applicable laws and regulations.
Effective measures must be taken to ensure that information is securely protected.
NetStream provides the following functions:

Accounting

Network planning and analysis

Network monitoring

Application monitoring and analysis

Detection of unusual traffic
The implementation of NetStream requires three devices: NetStream data exporter (NDE),
NetStream collector (NSC), and NetStream data analyzer (NDA).
The NE9000 can function as NDEs to sample packets, aggregate flows, and output flows. All
boards on the NE9000 support distributed NetStream. Specifically, the boards sample packets,
aggregate flows, and export flows.

Distributed NetStream: An LPU can sample packets, aggregate flows, and output flows
independently. Distributed NetStream supports load balancing among multiple
NetStream boards.
The NE9000 supports the following sampling functions:

Packet sampling on inbound and outbound interfaces (some boards support packet
sampling on inbound interface only)

Interface-based sampling and traffic-classifier-based sampling

Sampling of IPv4 unicast/multicast packets, fragmented packets, MPLS packets, MPLS
L3VPN packets, and IPv6 packets

Fixed packet sampling, random packet sampling, fixed interval sampling, and random
interval sampling

Sampling on various physical and logical interfaces, such as Ethernet interfaces.
The NE9000 supports the following flow aggregation and output functions:

IPv4 packets can be aggregated based on options such as as, as-tos, protocol-port,
protocol-port-tos, source-prefix, source-prefix-tos, destination-prefix,
destination-prefix-tos, prefix, and prefix-tos.

MPLS packets can be aggregated based on Layer 3 labels.

Collected statistics can be output in V5, V8, or V9 format. The 16-bit and 32-bit AS
numbers are supported, and can be configured using commands. If the packets are output
in the V9 format, both the 16-bit and 32-bit NetStream interface indexes are supported,
which can be set using commands as required.

Each type of aggregated flow can be output to eight network management servers.
Online Packet Header Capture
Based on your requirements to detect failures in telecom transmission, this feature may collect
or store some communication information about specific customers. Huawei cannot offer
services to collect or store this information unilaterally. Before enabling the function, ensure
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17
HUAWEI NE9000 Core Router
Product Description
5 Security Features
that it is performed within the boundaries permitted by applicable laws and regulations.
Effective measures must be taken to ensure that information is securely protected.
Online packet header capture is similar to the mirroring function. Packets are processed using
the mirroring process. Then replicated packets are sent to a CPU of an MPU and stored in the
CPU memory and CF card.
Online packet header capture provides the following functions:

Online packet header capture of forwarding packets

Online packet header capture of packets sent to a CPU

Profile Instance
The profile instance for online packet header capture defines the following parameters:
−
Duration:
Indicates the duration for capturing packet headers.
−
Number of captured packet headers:
Indicates the maximum number of packet headers to be captured.
−
Size of packet headers to be captured:
Indicates the size of a packet header capture file (storing captured packet headers).
Packet headers will no longer be captured if the size of the packet header capture
file exceeds the specified value.
−
Packet length:
Indicate the captured packet header length.

Online packet header capture based on ACL rules
A device supports online packet header capture based on ACL rules.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
18
HUAWEI NE9000 Core Router
Product Description
6 Service Features
6
Service Features
About This Chapter
6.1 Ethernet Features
6.2 IP Features
6.3 Routing Protocols
6.4 MPLS Features
6.5 VPN Features
6.6 QoS Features
6.7 Traffic Load Balancing
6.8 Traffic Statistics Collection
6.9 Network Reliability
6.1 Ethernet Features
Ethernet interfaces on NE9000 support Layer 2 and Layer 3 Ethernet features.
6.1.1 Layer 2 Ethernet Features
Ethernet interfaces on NE9000 can work in switched mode to support the following features:

Ethernet sub-interfaces

MAC address limit

Unknown unicast/multicast/broadcast suppression
6.1.2 Layer 3 Ethernet Features
Ethernet interfaces on NE9000 can work in routed mode to support the following features:

IPv4

IPv6

MPLS
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
19
HUAWEI NE9000 Core Router
Product Description
6 Service Features

Multicast

QoS

Ethernet sub-interfaces
6.2 IP Features
6.2.1 IPv4/IPv6 Dual Stack
The IPv4/IPv6 dual stack is highly interoperable and easy to implement. Figure 6-1 shows the
IPv4/IPv6 dual stack structure.
Figure 6-1 IPv4/IPv6 dual stack structure
IPv4/IPv6 application
TCP
UDP
IPv4
IPv6
Link layer
6.2.2 IPv4 Features
NE9000 support the following IPv4 features:

TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and
ARP

FTP server/client, TFTP client and SFTP Server/Client

Ping, network quality analysis (NQA), and tracert.
NQA can detect whether ICMP or TCP is enabled and test the response time of a service.

IP policy-based routing, which specifies the next hop based on packet attributes without
searching a routing table for routes

Flow-based next hop

Load balancing based on IP policy-based routing

Equal-cost multipath (ECMP)

Unequal-cost multipath (UCMP)
6.2.3 IPv6 Features
The NE9000 supports the following IPv6 features:
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20
HUAWEI NE9000 Core Router
Product Description
6 Service Features

IPv6 neighbor discovery (ND)

Path MTU (PMTU) discovery

TCP6, IPv6 ping, IPv6 tracert, and IPv6 socket

IPv6 policy-based routing
6.2.4 IPv4/IPv6 Transition Technology
NE9000 support the following functions:


IPv6 over IPv4 tunnels, including:
−
IPv6 manual tunnel
−
6to4 tunnel
−
6to4 relay tunnel
6PE and 6PE FRR
6.3 Routing Protocols
6.3.1 Unicast Routing Features
NE9000 support the following unicast routing features:

IPv4 routing protocols, including RIP, OSPF, IS-IS, and BGPv4

IPv6 routing protocols, including OSPFv3, IS-ISv6, and BGP4+

Static routes that are manually configured by the administrator to simplify network
configurations and improve network performance

Large-capacity routing table that can effectively support the operation of a MAN

Routing policies that can be used to select optimal routes

Import of routing information from other routing protocols

Application of a routing policy in advertising and receiving routes, and use of route
attributes to filter routes

Configuration of load balancing and maximum number of equal-cost routes

Password authentication and MD5 authentication to improve network security

Restart of protocol processes using command lines

RIPv1 (classful routing protocol) and RIPv2 (classless routing protocol)

Advertisement of a default route from RIP to its peers and setting of the route metric

RIP-triggered updates

Suppression of RIP packet sending and receiving on a specified interface

OSPF-BGP synchronization

OSPF-LDP synchronization

OSPF fast convergence, which can be achieved by the following means:
RIP
OSPF
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
21
HUAWEI NE9000 Core Router
Product Description
6 Service Features
−
Adjusting the interval of LSAs
−
Configuring OSPF NSR
−
Configuring BFD for OSPF

Non-stop forwarding (NSF) that ensures high reliability

Suppression of OSPF packet sending and receiving on a specified interface

OSPF I-SPF and IS-IS I-SPF (I-SPF calculates only changed routes rather than all routes
at a time)

OSPF GTSM

Two-level IS-IS in a routing domain

IS-IS I-SPF (I-SPF calculates only changed routes rather than all routes at a time)

IS-IS-LDP synchronization

IS-IS NSR

IS-IS multi-topology (MT)

IS-IS shortcut and advertise

Policy-based route selection by BGP when there are multiple routes to the same
destination

BGP route reflector (RR), which addresses the problem of high costs of full-mesh
connections between IBGP peers

Sending of BGP update packets that do not carry private AS numbers

Route dampening, which suppresses unstable routes (unstable routes are neither added to
the BGP routing table nor advertised to other BGP peers)

BGP fast convergence by means of the new route convergence mechanism and algorithm,
including:
IS-IS
BGP
−
Indirect next hop
−
Recursive on-demand (ROD)

BGP NSR

Four-byte AS number

BGP indirect next hop

IPv4 unicast address family

IPv4 multicast address family

IPv4 private address family

VPNv4 address family

IPv6 unicast address family

IPv6 private address family

VPNv6 address family

BGP DUAL AS

BGP confederation
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
22
HUAWEI NE9000 Core Router
Product Description
6 Service Features
6.3.2 Multicast Routing Features
The NE9000 provides the following multicast features:

Multicast protocols: Internet Group Management Protocol (IGMP, including IGMPv1,
IGMPv2, and IGMPv3), Protocol Independent Multicast-Sparse Mode (PIM-SM),
Multicast Source Discovery Protocol (MSDP), and Multi-protocol Border Gateway
Protocol (MBGP)

Reverse Path Forwarding (RPF)

PIM-SSM

Anycast rendezvous point (RP)

PIM-IPv6-SM and PIM-IPv6-SSM

Multicast listener discovery (MLD), which can be:
−
MLDv1 (defined in RFC 2710)
MLDv1 is derived from IGMPv2 and supports the Any-source multicast (ASM)
model. With the help of SSM mapping, MLDv1 supports the source-specific
multicast (SSM) model.
−
MLDv2 (defined in RFC 3810)
MLDv2 is derived from IGMPv3 and supports ASM and SSM models.

Multicast static routes

Configuration of multicast protocols on physical interfaces such as Ethernet, and
Eth-Trunk interfaces

Filtering of routes based on a routing policy in receiving, importing, and advertising
multicast routes, and filtering and forwarding of multicast packets based on a routing
policy in forwarding IP multicast packets

Addition and deletion of dummy entries
6.4 MPLS Features
The NE9000 supports MPLS and dynamic label switched paths (LSPs). Dynamic LSPs are
established dynamically by the Label Distribution Protocol (LDP) or Resource Reservation
Protocol (RSVP)-TE based on routing information.
Basic Features
The NE9000 supports the following MPLS functions:

Basic MPLS functions, service forwarding, and LDP (MPLS signaling distributes labels,
sets up LSPs, and transfers parameters used for LSP establishment)

LDP supports:

Issue 01 (2016-08-30)
−
Label distribution in DU mode
−
Label control in independent or ordered mode
−
Liberal label retention mode
−
Loop detection using the maximum number of hops or path vector
MPLS ping and tracert, and LSP availability check using MPLS Echo Request and
MPLS Echo Reply packets
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
23
HUAWEI NE9000 Core Router
Product Description
6 Service Features

MPLS QoS, mapping of the ToS field in IP packets to the EXP field in MPLS packets,
and MPLS uniform, pipe, and short pipe modes

MPLS trap

LDP GTSM

P2MP

Remote LFA
The NE9000 can serve as label edge routers (LERs) or label switching routers (LSRs):

An LER is an edge device on the MPLS network. It classifies services, distributes labels,
and adds or removes labels.

An LSR is a core router on the MPLS network. It switches and distributes labels.
MPLS TE
The MPLS TE technology integrates the MPLS technology with traffic engineering. It can
reserve resources by setting up LSPs for a specified path in an attempt to avoid network
congestion and balance network traffic.
If resources are scarce, MPLS TE can preempt the bandwidth resources of LSPs with low
priorities. This meets the demands of LSPs with large bandwidth or LSPs carrying important
services. In addition, when an LSP fails or a node is congested, MPLS TE can protect network
communication using the backup path and FRR.
MPLS TE provides the function to process various types of constrained route-label switched
paths (CR-LSPs).
CR-LSPs are classified into the following types:

RSVP-TE

Auto route
The auto route mechanism works in either of the following modes:

−
IGP shortcut: A device uses a TE tunnel for local route calculation and does not
advertise the TE tunnel to its peers as a route. Therefore, the peers of this device
cannot use the TE tunnel for route calculation.
−
Forwarding adjacency: A device uses a TE tunnel for local route calculation and
advertises the TE tunnel to its peers as a route. Therefore, the peers of this device
can use the TE tunnel for route calculation.
FRR
TE FRR switching can be completed within 50 ms, minimizing data loss caused by
network failures.

Auto FRR
Auto FRR is an extension of MPLS TE FRR. Auto FRR allows you to set up a bypass
tunnel for a primary tunnel. If the primary tunnel changes, the old bypass tunnel will be
automatically deleted and a new bypass tunnel will be set up.

CR-LSP backup
The NE9000 supports the following backup modes:
Issue 01 (2016-08-30)
−
Hot backup: A backup CR-LSP is set up immediately after a primary CR-LSP has
been set up. If the primary CR-LSP fails, MPLS TE switches traffic to the backup
CR-LSP immediately.
−
Common backup: A backup CR-LSP is set up when the primary CR-LSP fails.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
24
HUAWEI NE9000 Core Router
Product Description

6 Service Features
LDP over TE
On existing networks, not all devices support MPLS TE. Maybe only the core devices
support TE whereas the edge devices use LDP. In this case, LDP over TE can be
introduced. LDP over TE indicates that a TE tunnel is considered as a hop of the entire
LDP LSP.
6.5 VPN Features
6.5.1 Tunnel Policy
Tunnel policies are used to select tunnels based on destination IP addresses. Applications that
require tunnels select suitable tunnels based on tunnel policies. If no tunnel policy is
configured, the tunnel management module selects tunnels based on the default policy.
NE9000 support the following tunnel policies:

Tunnel type prioritizing policy
In a tunnel type prioritizing policy, you can specify the sequence in which tunnels are
selected, and the number of tunnels for load balancing. Among all tunnels to the same
destination, the tunnels with the highest priority will be selected as long as they are Up,
regardless of whether they have been selected by other services. The tunnels with lower
priorities will not be selected unless load balancing is required or the tunnels with higher
priorities are Down.

Tunnel binding policy
In a tunnel binding policy, you can bind a VPN to a specific MPLS TE tunnel, so that
traffic from the VPN is exclusively transmitted over the specified MPLS TE tunnel.
Tunnel binding policies can be used to ensure QoS for specified VPN services.
6.5.2 VPN Tunnel
NE9000 support the following types of VPN tunnels:

LSPs

TE tunnels
6.5.3 BGP/MPLS L3VPN
NE9000 implement BGP/MPLS L3VPN to provide end-to-end VPN solutions, allowing
carriers to provide flexible VPN services for users.
NE9000 support the following BGP/MPLS L3VPN features:

Inter-AS VPN
NE9000 support the following BGP/MPLS L3VPN features:
Issue 01 (2016-08-30)
−
VPN Instance to VPN Instance: The sub-interface between autonomous system
boundary routers (ASBRs) manages VPN routes. This solution is also called
Inter-Provider Backbones Option A.
−
EBGP redistribution of labeled VPN-IPv4 routes: ASBRs advertise labeled VPNv4
routes to each other through Multiprotocol External Border Gateway Protocol
(MP-EBGP). This solution is also called Inter-Provider Backbones Option B.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
25
HUAWEI NE9000 Core Router
Product Description
−

6 Service Features
Multi-hop EBGP redistribution of labeled VPN-IPv4 routes: PEs advertise labeled
VPN-IPv4 routes to each other through Multihop MP-EBGP. This solution is in
compliance with RFC 3107 and is also called Inter-Provider Backbones Option C.
IPv6 VPN
Currently, NE9000 support the following IPv6 VPN solutions:
−
Intranet VPN
−
Extranet VPN
−
Hub&Spoke
−
Inter-AS or Multi-AS Backbones VPN

Access to L3VPN by customer edges (CEs) through Layer 3 interfaces, such as Ethernet

Support for multiple types of routes between CEs and PEs, including static routes, BGP
routes, OSPF routes, and IS-IS routes

Multicast VPN

NG-MVPN
6.5.4 BGP/MPLS L2VPN
The NE9000 uses MPLS L2VPN to transparently transmit Layer 2 user traffic over MPLS
networks. From a user's perspective, an MPLS network is a Layer 2 switching network on
which Layer 2 connections can be set up between nodes.
MPLS L2VPN supports the following networking modes:

Pseudo wire emulation edge-to-edge (PWE3)

VPLS
6.6 QoS Features
NE9000 provide QoS functions.
QPPB
On NE9000, QoS Policy Propagation Through the Border Gateway Protocol (QPPB)
classifies packets and defines QoS policies based on the community attribute, IP-prefix,
AS_Path, or ACL. This reduces the need to modify configurations when there are changes in
network structure.
DiffServ Model
Multiple service flows can be aggregated into a behavior aggregate (BA), and forwarded
based on the same per-hop behavior (PHB), thereby simplifying service processing and
storage.
On the DiffServ core network, QoS is packet-specific, and therefore signaling is not required
for packet processing.
BA Classification
At present, NE9000 support BA classification on physical interfaces and their sub-interfaces,
and logical interfaces such as trunk interfaces.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26
HUAWEI NE9000 Core Router
Product Description
6 Service Features
Eight DiffServ domains are supported. PHB on outbound interfaces can be disabled. Eight
service queues are reserved on each interface.
BA classification can be based on:

8021p mapping

DSCP mapping

EXP mapping
MF Classification
Multi-field (MF) classification can be based on:

IPv4 rules: source IP address, destination IP address, IP protocol number, IP
fragmentation flag, DSCP, ToS + precedence, time-range, TCP/UDP source port number,
and TCP/UDP destination port number

Layer 2 rules: source MAC address, destination MAC address, 802.1p, or Etype

IPv6 rules: source IP address, destination IP address, IP protocol number, DSCP, ToS +
precedence, next header, TCP/UDP source port number, and TCP/UDP destination port
number

MPLS rule: EXP
NE9000 also support MF classification on logical interfaces, such as sub-interfaces and trunk
interfaces.
Traffic Policing
CAR is used to limit the traffic rate. CAR uses a token bucket to measure the traffic that pass
through an interface. Only the packets assigned with tokens can pass through the interface
within the specified time period. In this manner, the traffic rate is limited. CAR can limit the
rates of both incoming and outgoing traffic. In addition, CAR can control the rates of certain
types of traffic according to information such as the IP address, port number, and priority. The
traffic not meeting specified conditions is forwarded at the original rate.
CAR is mainly applied to network edge devices to ensure that core devices can process data
properly. NE9000 support CAR for both incoming and outgoing traffic.
Queue Scheduling
NE9000 can use first in first out (FIFO), PQ, and WFQ to schedule queues on interfaces.
Traffic Shaping
If network congestion occurs, traffic policing that uses the CAR technology can restrict traffic
by dropping packets that do not match specified rules. To prevent too many packets from
being dropped, the excess packets can be buffered and then sent out evenly under the control
of token buckets. This is called traffic shaping. Traffic shaping prevents too many packets
from being dropped and helps packets to match specified rules.
Traffic shaping is mainly used to control the volume of burst outgoing traffic over a certain
link so that the packets can be transmitted at an even rate. Generic traffic shaping (GTS) is a
technology used in traffic shaping. By shaping traffic that does not match specified rules, GTS
allows the matching between the upstream and downstream bandwidths.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27
HUAWEI NE9000 Core Router
Product Description
6 Service Features
Ethernet QoS
NE9000 support BA classification based on the 802.1p priority in VLAN packets. On the
ingress PE, the 802.1p priority in a Layer 2 packet is mapped to the precedence in an
upper-layer protocol packet, such as the IP DSCP value or the MPLS EXP value, thereby
providing the DiffServ service for the packets on the backbone network. On the egress PE, the
precedence of the upper-layer protocol packet is mapped to the 802.1p priority.
Enhanced ACL
Detailed information about packets can be viewed if they are matched based on ACLs.
6.7 Traffic Load Balancing
If there are multiple routes to the same destination, traffic can be load balanced among these
routes. You can select either equal-cost load balancing or unequal-cost load balancing based
on customer or network requirements.
Equal-Cost Load Balancing
NE9000 support equal-cost load balancing among Eth-Trunk member links. If there are
multiple equal-cost routes to the same destination, NE9000 support equal-cost load balancing
of traffic among these routes.
There are two types of equal-cost load balancing: session-by-session and packet-by-packet.
By default, session-by-session load balancing is used.
Unequal-Cost Load Balancing
NE9000 support the following unequal-cost load balancing modes:

Route-based load balancing: When the costs of different direct routes are the same, you
can configure the weight of each route for load balancing.

Interface-based load balancing: On an Eth-Trunk, you can configure the weight of each
member link for load balancing.

Link-bandwidth-based load balancing: Unequal-cost load balancing is performed on the
outbound interfaces of links based on link bandwidth. Traffic is shared between links
based on the bandwidth of each link. That is, less traffic is forwarded over
lower-bandwidth links, and more traffic is forwarded over higher-bandwidth links. This
prevents lower-bandwidth links from being congested and higher-bandwidth links from
being idle.
NE9000 support traffic load balancing among physical interfaces or among physical and
logical interfaces. In addition, the system can detect the changes of bandwidth on logical
interfaces caused by manual configuration or the status changes (Up/Down) of member links.
If the bandwidth of a logical interface changes, traffic will be rebalanced automatically.
6.8 Traffic Statistics Collection
The NE9000 provides various types of traffic statistics collection for different access users.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
HUAWEI NE9000 Core Router
Product Description
6 Service Features
Traffic statistics collection helps carriers analyze the network traffic model, provides
reference data for deploying and maintaining DiffServ TE, and supports volume-based
accounting of non-monthly flat fee subscribers.
Traffic Statistics Collection Based on QoS Policies
The NE9000 supports traffic statistics collection based on QoS policies on interfaces,
including Ethernet interfaces and their sub-interfaces, Eth-Trunk interfaces and their
sub-interfaces.
CAR Traffic Statistics Collection
The NE9000 provides QoS features such as traffic classification, traffic policing CAR, and
queue scheduling. Accordingly, QoS traffic statistics collection is provided:

In traffic classification, statistics on traffic that matches or does not match rules are
collected.

In traffic policing, traffic statistics collection is supported as follows:
−
Statistics on total traffic that matches the CAR rule are collected.
−
Statistics on traffic that is permitted or dropped based on the CAR rule are
collected.
−
Traffic statistics collection based on traffic policies is supported on interfaces.
−
If the same traffic policy is applied to different interfaces, the CAR traffic statistics
in the traffic policy are interface-specific.
Interface-based Traffic Statistics Collection
The NE9000 supports traffic statistics collection on interfaces and sub-interfaces.
Traffic Statistics Collection on TE Tunnels
When functioning as a PE on an MPLS TE network, the NE9000 can collect statistics on the
incoming and outgoing traffic in tunnels.
6.9 Network Reliability
Backup of Key Parts
An NE9000 can be equipped with a single MPU or dual MPUs (in backup mode). If two
MPUs are equipped, the two MPUs work in hot backup mode. The management network
interface on the slave MPU cannot be accessed by users, and the console interfaces cannot be
configured with any command. The slave MPU exchanges information (including heartbeat
messages and backup data) only with the master MPU.
The system supports two types of master/slave MPU switching: failover and switchover. A
failover is triggered either by a master MPU reset or by a serious master MPU fault. A
switchover is triggered by commands run on the console interface. You can also run
commands on the console interface to disable master/slave MPU switching.
NE9000 support backup of management buses and backup of power modules. In addition, the
LPUs, power modules, and fan modules are hot swappable.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
29
HUAWEI NE9000 Core Router
Product Description
6 Service Features
If a critical fault occurs on an NE9000, the router quickly takes responsive measures. As a
result, the mean time between failures (MTBF) is prolonged, and the impact of faults on
normal services is minimized.
High Reliability of LPUs
NE9000 support protocol backup on service interfaces of the same type. For example:

Member interfaces of an Eth-Trunk can be backed up inside a group.

Inter-board trunk bundling can be achieved:
−
Users can use dual links to connect to different LPUs. Inter-board trunk bundling
ensures high reliability of services.
−
Inter-board trunk bundling is achieved by means of high-performance hardware
engines, allowing traffic to be load-balanced among multiple links.
−
The hash algorithm balances the traffic on each link based on source and destination
IP addresses.
−
A seamless switchover is implemented in the case of a link failure, so that services
are still forwarded normally.
Transmission Alarm Customization and Suppression
Transmission alarm suppression can efficiently filter and suppress alarms, preventing
interfaces from frequently flapping. In addition, transmission alarm customization is provided
for you to control the impact of alarms on interface status by specifying which alarms can
cause interface status changes.
BFD
BFD is a detection mechanism used to monitor and rapidly detect the connectivity of
network-wide links or IP routes.
BFD sends detection packets at the same time from both ends of a bidirectional link to check
the link status in both directions. BFD can detect link faults within milliseconds. NE9000
support both single-hop and multi-hop BFD.
NE9000 support distributed BFD: Some LPUs can set up BFD sessions independent of other
LPUs.
The NE9000 support the following BFD applications:

BFD for Virtual Router Redundancy Protocol (VRRP)

BFD for FRR, including BFD for LDP FRR, BFD for IP FRR, and BFD for VPN FRR

BFD for static route

BFD for IS-IS
On an NE9000, the statically configured BFD session can be used to detect an IS-IS
neighbor relationship.
BFD detects faults on the links between IS-IS neighbors and rapidly reports the faults to
IS-IS, thereby triggering fast convergence of IS-IS routes.

BFD for IPv6 IS-IS
On an NE9000, IPv6 IS-IS can dynamically create and delete BFD sessions.

BFD for OSPF/BGP
On an NE9000, OSPF and BGP can dynamically create and delete BFD sessions.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
30
HUAWEI NE9000 Core Router
Product Description

6 Service Features
BFD for OSPFv3/BGP4+
On an NE9000, OSPFv3 and BGP4+ can dynamically create and delete BFD sessions.

BFD for PIM

BFD for Eth-Trunk
On an NE9000, BFD can detect a trunk and the member links of the trunk separately. In
other words, BFD can detect the connectivity of a trunk and also the connectivity of
important member links of the trunk.

BFD for LSP
BFD for LSP rapidly detects and reports faults on LSPs, TE tunnels, and PWs so that
MPLS services, such as VPN FRR and TE FRR, can be rapidly implemented.

BFD for P2MP (supported by LPUF-400s and LPUI-480s )
Ethernet OAM
NE9000 support Ethernet operation, administration and maintenance (OAM), which consists
of:

EFM OAM (Ethernet in the First Mile OAM)
−

NE9000 comply with 802.3ah to provide point-to-point fault management for
Ethernet links so that the faults on the first-mile direct Ethernet link at the user end
can be detected. Currently, NE9000 support automatic ND, link fault monitoring,
remote fault notification, and remote loopback configuration.
CFM OAM (Connectivity Fault Management)
−
Provides hierarchical MD and end-to-end fault management for Ethernet links.
VRRP
A VRRP backup group that consists of a group of routers on a LAN functions as a virtual
router. Hosts on the LAN only know the IP address of this virtual router and do not know the
IP address of any specific routers in the VRRP backup group. The hosts set their own default
next hop address to the IP address of the virtual router. This allows hosts on the LAN to
communicate with hosts on other networks through the virtual router.
VRRP dynamically associates the virtual router with a physical router that transmits services.
When the physical router fails, another router is selected to transmit services. The switchover
of services from the faulty router to the new router is transparent to users, which allows
non-stop communication between hosts on different networks.
FRR
NE9000 provide the following FRR features to improve reliability:

IP FRR
FRR can be completed within 50 ms, minimizing data loss caused by network failures.
FRR monitors and records the LPU and interface status in real time, and checks the
interface status in packet forwarding. When faults occur on an interface, the traffic on the
interface can be rapidly switched to another route. This prolongs the MTBF and reduces
the number of lost packets.

LDP FRR
LDP FRR can be completed within 50 ms, minimizing data loss caused by network
failures.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
31
HUAWEI NE9000 Core Router
Product Description

6 Service Features
TE FRR
TE FRR is used in MPLS TE for local protection. It is supported only on interfaces
working at 100 Mbit/s. TE FRR can be completed within 50 ms, minimizing data loss
caused by network failures.
TE FRR is only a provisional protective measure. If a protected LSP recovers or a new
LSP is established, traffic will be switched back to the recovered LSP or the newly
established LSP.
After TE FRR is configured for an LSP, the traffic will be switched to the protection link
and the ingress of the LSP attempts to establish a new LSP if a link or a node becomes
faulty.
TE FRR can be classified into the following types based on different protected objects:

−
Link protection
−
Node protection
BGP auto FRR
BGP auto FRR is used to protect BGP routes. If the primary link fails, traffic can be
switched to the backup link within 200 ms. BGP auto FRR is used in the following
typical application scenarios:

−
Intra-AS FRR
−
Inter-AS FRR
−
PE-CE protection
VPN FRR
VPN FRR can be completed within 50 ms, minimizing data loss caused by network
failures.
NSR
NE9000 provide the following non-stop routing (NSR) features:

NSR OSPFv2

NSR OSPFV3

NSR ISIS

NSR PIM SM

NSR PIM SSM

NSR LDPv4

NSR RSVP-TE

NSR BGP/BGP4+

NSR L3VPNV4

NSR static route

NSR direct route
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
32
HUAWEI NE9000 Core Router
Product Description
7 Usage Scenarios
7
Usage Scenarios
About This Chapter
7.1 National Backbone Network Solution
7.2 Provincial Backbone Network Solution
7.3 IP Bearer Network Solution
7.4 IPv6 Backbone Network Solution
7.1 National Backbone Network Solution
A national backbone network usually uses a partial full-mesh topology, as shown in Figure
7-1. It connects to international egresses in the upstream direction and connects to provincial
backbone networks and carrier networks in the downstream direction. NE9000have large
capacities and powerful routing and forwarding capabilities, meeting the requirements of the
national backbone network for core routers.
NE9000 support IPv6 and smooth upgrades, and provide excellent service scalability,
carrier-class stability, and strong compatibility. With strong QoS capabilities and complete
QoS solutions, NE9000 meet the multi-service bearer requirements of the IP backbone
network.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
33
HUAWEI NE9000 Core Router
Product Description
7 Usage Scenarios
Figure 7-1 Networking diagram for the national backbone network solution
NAP
NE9000/
NE5000E/NE40E
International
Egress
NE9000/
NE5000E/NE40E
NE9000/
NE5000E/NE40E
National
Backbone
Network
NE9000/
NE5000E/NE40E
International
Egress
NE9000/
NE5000E/NE40E
NE9000/
NE5000E/NE40E
NE40E
NE40E
Provincial Backbone
Network
NE40E
NE40E
Provincial Backbone
Network
7.2 Provincial Backbone Network Solution
Figure 7-2 shows the networking diagram for the provincial backbone network
solution.NE9000 are deployed at the core layer of the provincial backbone network. NE40Es
are deployed in prefectures and municipalities to aggregate the traffic of MANs, leased lines,
narrowband access, and IDCs.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
34
HUAWEI NE9000 Core Router
Product Description
7 Usage Scenarios
Figure 7-2 Networking diagram for the provincial backbone network solution
NE9000/NE5000E
NE9000/NE5000E
Provincial
backbone
10GE
NE9000/NE5000E
10GE
10GE
NE9000/NE5000E
10GE
City node
City node
NE5000E
/NE40E
POS 2.5G
POS 2.5G
NE5000E
/NE40E
GE
GE
NE40E
MAN
NE40E
Leased line
convergence
NE40E
Narrowband
access
NE40E
IDC
This solution applies to new deployment, capacity expansion, and the construction of
large-scale ISP provincial backbone networks. These ISP networks have advantages in
transmission resources, access services, and operation and maintenance costs. If transmission
resources are insufficient, you can reduce link bandwidth without changing the network
topology. The devices on the core layer support line rate forwarding of packets. Devices on
the entire network support MPLS VPN.
7.3 IP Bearer Network Solution
Figure 7-3 shows the networking diagram for the IP bearer network solution.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
35
HUAWEI NE9000 Core Router
Product Description
7 Usage Scenarios
Figure 7-3 Networking diagram for the IP bearer network solution
PJ1
Core layer
XA1
SY1
Convergence layer
SD1
Access layer
NJ1
SH1
WH1
GZ1
CR
NE9000/NE5000E
BR
NE40E
SoftX3000
AR
NE40E
SoftX3000
UMG8900
Considering the status quo of the existing bearer network, carriers need to construct a set of
core bearer networks to carry 3G and next generation network (NGN) services. With the
development of new services and technologies in a competitive market, the new IP bearer
network will become a next-generation multi-service bearer platform that supports NGN,
video conference, video phone, streaming media, enterprise interconnection, and 3G services.
The construction of the new IP bearer network is key for network convergence and
transformation.
In this solution, NE9000 function as core nodes, which forward data at a high speed and
ensure high reliability. NE40Es function as aggregation routers, which provide access for
NGN voice, signaling, network management, and VIP services.
This solution has the following characteristics:

The core layer uses a dual-plane structure. NE9000 are fully meshed.

NE40Es are dual-homed to NE9000.

Two devices working in backup mode are deployed at each important node.

MPLS VPN is deployed on the entire network to isolate different types of users and
services.

VPN FRR is deployed on each PE.

TE FRR and Interior Gateway Protocol (IGP) fast convergence are deployed on the
entire network.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
36
HUAWEI NE9000 Core Router
Product Description
7 Usage Scenarios
7.4 IPv6 Backbone Network Solution
#dc_ne_product_003039/fig_dc_ne_product_00303901 shows the networking diagram for the
IPv6 backbone network solution.
Figure 7-4 Networking diagram for the IPv6 backbone network solution
PE
NE40E
PE NE40E
PE
IPv6
Internet
IPv6/IPv4
NE40E
NE9000/
NE5000E/NE40E
IPv6 Core
PE
PE
NE40E
IPv6
IPv4
Internet
NE40E
IPv6 Edge
L3 Switch
L3 Switch
L2 Switch
MA 5200
SOHO IPv6
SOHO IPv6
Deploying the IPv6 backbone network solution does not affect the original IPv4 services,
such as IPv4 forwarding and MPLS VPN, and can meet the following requirements:

Interconnection between separate IPv6 networks

Interworking between IPv6 and IPv4 networks
The IPv6 backbone network solution can be implemented using either of the following
methods:

All routers on the backbone network support the IPv4/IPv6 dual stack. IPv4 services are
forwarded over IPv4, and IPv6 services are forwarded over IPv6.

The separate IPv6 networks can be interconnected over 6to4 or manually configured
Layer 3 tunnels. The core routers need to support only IPv4 forwarding and do not need
to be upgraded.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
37
HUAWEI NE9000 Core Router
Product Description
8 Operation and Maintenance
8
Operation and Maintenance
About This Chapter
8.1 Operation and Maintenance
8.2 NMS
8.1 Operation and Maintenance
8.1.1 System Configuration Management
Configuration Mode
NE9000 support the following configuration modes:

Command line configuration
In this mode, you can log in to an NE9000 through the console interface or by means of
Telnet to perform configurations.

NE9000 support the configuration rollback function.
Intelligent Configuration
As new types of services emerge, there are higher requirements on devices. For example, it is
required that services take effect after being configured, invalid configurations be rolled back,
and the impact on existing services be minimized. NE9000 support the following
configuration features:

Configuration commitment and rollback
If the activated configuration results in performance deterioration, running a related
command can roll the NE9000 back to the previous configuration. Compared with
deleting every single command, the configuration rollback function allows faster and
more convenient configuration restoration.

Configuration commitment prompt
After the configuration takes effect, the NE9000 adds it to the running database. If the
same configuration is added, the router generates a message.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
38
HUAWEI NE9000 Core Router
Product Description
8 Operation and Maintenance
8.1.2 System Management and Maintenance
NE9000 provide the following powerful system management and maintenance functions:

Board detection, hot swap detection, Watchdog, board resetting, RUN indicator and
debugging indicator control, fan and power supply control, master/slave switchover
control, and version query

Local and remote loading and upgrade of software and data, and configuration rollback,
backup, saving, and clearing

Hierarchical user authority management, operation log management, command line
online help, and command comments

Multi-user operation

Multi-layer information collection, including interface, Layer 2, and Layer 3 information

Hierarchical management, alarm classification, and alarm filtering
8.1.3 Device Operating Status Monitoring
An NE9000 uses the information center to monitor operating status.
Syslog is a sub-function of the information center. Syslog runs atop UDP. It outputs
information to a log host through port 514.
The information center can receive and process the following types of information:

Log information

Debugging information

Trap information
Information has eight severity levels. A lower level indicates higher severity.
Level
Severity
Description
0
Emergency
A fatal exception occurs on the device, which causes the
system to be unable to run properly unless the device is
restarted. For example, program exceptions or memory usage
errors are detected.
1
Alert
A serious exception occurs on the device, which requires
immediate actions. For example, the memory usage of the
device reaches the upper threshold.
2
Critical
A critical exception occurs on the device, which requires
immediate actions and cause analysis. For example, the
memory usage falls below the lower threshold, the
temperature falls below the alarm threshold, BFD detects that
a device is unreachable or error messages are generated by
the local device.
3
Error
A misoperation or abnormal process occurs on the device,
which does not affect subsequent services but requires
attention and cause analysis. For example, incorrect
commands or passwords are entered, or error protocol
packets received by other devices are detected.
4
Warning
An exception that may result in a fault occurs on the device,
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
39
HUAWEI NE9000 Core Router
Product Description
Level
8 Operation and Maintenance
Severity
Description
which requires attention. For example, a routing process is
disabled, BFD detects packet loss, or error protocol packets
are detected.
5
Notice
A key operation is performed to keep the device running
properly. For example, the shutdown command is run on an
interface, neighbor discovery occurs, or the status of the
protocol state machine changes.
6
Informational
A routine operation is performed. For example, a display
command is run.
7
Debugging
A routine operation is performed, and no action is required.
The information center supports 10 channels, of which Channel 0 to Channel 5 have their
default channel names. By default, the six channels (Channel 0 to Channel 5) correspond to
six directions at which information is output. The log information on the Cfcard is output to a
log file through Channel 9 by default. That is, a total of seven default output directions are
supported.
When multiple log hosts are configured, you can configure log information to be output to
different log hosts through one or multiple channels. For example, you can configure some
log information to be output to a log host through Channel 2 (loghost), and some log
information to a log host through Channel 6. In addition, you can change the name of Channel
6. This facilitates the management of information channels.
8.1.4 System Service and Status Tracking
NE9000 support system service and status tracking. NE9000 can:

Monitor the changes of the state machines for routing protocols.

Monitor the changes of the LDP state machine.

Monitor the changes of the VPN state machine.

Monitor the protocol packets sent by the NP, and display detailed information about the
packets by enabling debugging.

Detect and collect statistics on abnormal packets.

Report a message when the exception handling process takes effect.

Collect statistics on the resources used by each feature.
8.1.5 System Test and Diagnosis
NE9000 provide a debugging function, which records key events, packet processing, packet
resolution, and status switch during service operation. The debugging function helps to debug
devices and networks. Debugging can be enabled or disabled using a console based on a
specified service (such as a routing protocol) and a specified interface (information about the
routing protocol on the specified interface).
Software detection and diagnosis supported on NE9000 provides a trace function, which
records key events, such as task switching, task interruptions, queue read and write, and
system exceptions. If an NE9000 is restarted after a fault occurs, the trace information can be
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
40
HUAWEI NE9000 Core Router
Product Description
8 Operation and Maintenance
accessed and used for fault location. The trace function can be enabled or disabled by running
commands on the console.
NE9000 also allow you to query the CPU usage of MPUs and LPUs.
The debugging and trace information on NE9000 is classified into different levels and output
to different destinations, such as the console, Syslog server, or SNMP trap module, based on
these levels.
8.1.6 NQA
NE9000 provide NQA. NQA measures the performance of different protocols running on the
network. Carriers can collect network operation indicators in real time, such as the total delay
of Hypertext Transfer Protocol (HTTP), TCP connection delay, DNS resolution delay, file
transfer rate, FTP connection delay, and DNS resolution error rate. By monitoring these
indicators, carriers can provide users with network services of different levels, and charge
users accordingly. NQA is also an effective tool for diagnosing and locating network faults.
NE9000 provide the following NQA functions:

LSP ping, LSP traceroute, and MPLS jitter

NQA-MIB, which enables all NQA functions to be managed using the NMS
8.1.7 VS
With the increasing demand on network services and the diversified types of network services,
network management becomes more and more difficult, and the requirements for service
isolation, security, and reliability become greater.
In addition, with further development of distributed routing and switching systems, the
service processing capability of a single physical system (PS) has reached a new level.
The network administrator divides a PS into several VSs using hardware and software
simulation; each VS then performs routing tasks independently. Different VSs share software
and hardware resources except for interfaces. This means that different VSs can share the
same main control and interface boards, but each interface can belong to only one VS. A VS is
equivalent to an independent PS in terms of available functions.
With VS techniques, a single PS exerts strong service processing capabilities to simplify
networking and network management and enhance service security and reliability.
As an important feature of new-generation IP bearer devices, VS helps implement unified
operation of services for carriers and reduce the CAPEX and OPEX. A carrier divides a
large-sized PS into multiple separate and small VSs, improving capital allocation and
implementing horizontal or vertical network integration.
For details about VS, see "VS" in HUAWEI NE9000 Core Router Feature Description System Management.
8.1.8 In-Service Debugging
NE9000 support interface mirroring, which maps specific traffic to a monitoring interface. In
addition, NE9000 support in-service debugging, which allows maintenance personnel to
debug and analyze network operating status.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
41
HUAWEI NE9000 Core Router
Product Description
8 Operation and Maintenance
8.1.9 Upgrade Features
In-service Upgrade
NE9000 support in-service software upgrade and in-service patching. By means of in-service
patching, you can upgrade only the features to be modified.
System Upgrade
The process of upgrading NE9000 is improved. The entire process can be completed with a
single command, saving time for you. The upgrade progress can be displayed, and you can
view the upgrade result after the upgrade is complete.
Rollback Function
During a system upgrade, if the new system software cannot start the system, the software in
the last successful startup can be used instead.
The rollback function provided by the NE9000 can prevent services from being affected by
system upgrade failures.
8.1.10 License
As software functions of NE9000 are increasingly diversified and software costs occupy a
larger proportion of the total costs, the service model currently provided can no longer meet
the following requirements of carriers:

Lower purchasing costs

Effective control over the capacities and functions of devices during system upgrades
and capacity expansion
To address different user requirements, NE9000 provide a license authorization management
platform called global trotter license (GTL). License authorization has the following
advantages:

Allows you to purchase only required service functional modules, reducing purchasing
costs.

Allows you to extend device functions and expand device capacities by purchasing new
licenses.
8.1.11 Other Features
NE9000 also support the following features:

Hierarchical commands can be configured to prevent unauthorized users from logging in
to routers.

You can enter a question mark (?) to obtain online help.

Rich and detailed debugging information can be provided to diagnose network faults.

The DosKey-like function can be configured so that a specific historical command can
be run.

The command resolver supports fuzzy match of keywords. For example, if the display
command needs to be resolved, you only need to input an exact matching string disp.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
HUAWEI NE9000 Core Router
Product Description
8 Operation and Maintenance
8.2 NMS
NE9000 support SNMP-based operation and management performed by the NMS.
NE9000 support the following SNMP versions:

SNMPv1
SNMPv1 supports community-name- or MIB-view-based access control.

SNMPv2c
SNMPv2c supports community-name- or MIB-view-based access control.

SNMPv3
SNMPv3 inherits the basic functions of SNMPv2c, defines a management frame, and
introduces a user-based security model (USM) to provide a more secure access control
mechanism for users.
SNMPv3 supports the following functions:
User group
Group-based access control
User-based access control
Authentication and encryption
NE9000 use Huawei iManager U2000. The U2000 is a unified NMS that covers multiple
domains to minimize operation and maintenance costs for customers and bring more network
benefits. The U2000 supports SNMPv1/v2c/v3 and the client/server model, runs
independently on many operating systems, such as Windows NT/2000/XP/2003 server/2007
server, UNIX (SUN, HP, and IBM), and provides a multi-lingual graphical user interface.
To be oriented toward future network development trends, the U2000 combines all-IP and
fixed mobile convergence (FMC) and manages bearer and access equipment in a centralized
manner. The U2000 can perform not only integrated management of multi-domain equipment
but also integrated management at the element and network management layers. The U2000
has revolutionized layer-based management to meet the requirements of the transition from
the existing vertical network to the flattened horizontal network.
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
43
HUAWEI NE9000 Core Router
Product Description
A Acronyms and Abbreviations
A
Acronyms and Abbreviations
Numerics
6PE
IPv6 provider edge
6VPE
IPv6 VPN provider edge
A
ACL
access control list
ARP
Address Resolution Protocol
AS
autonomous system
ASBR
autonomous system boundary router
ASM
any-source multicast
B
BA
behavior aggregate
BFD
Bidirectional Forwarding Detection
BGP
Border Gateway Protocol
BGP4+
Border Gateway Protocol for IPv6
C
CAPEX
capital expenditure
CAR
committed access rate
CCC
cluster central chassis
CE
customer edge
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
44
HUAWEI NE9000 Core Router
Product Description
A Acronyms and Abbreviations
CHAP
Challenge Handshake Authentication Protocol
CLC
cluster line-card chassis
CR-LSP
constraint-based routed label switched path
D
DNS
domain name service
DoS
denial of service
DSCP
differentiated services code point
DU
downstream unsolicited
E
ECC
error checking and correcting
ECU
electrical cross unit
ECMP
equal-cost multipath
EFMA
Ethernet in the First Mile Alliance
EMC
Electromagnetic Compatibility
F
FIFO
first in first out
FRR
fast reroute
FTP
File Transfer Protocol
G
GTL
global trotter license
GTS
generic traffic shaping
GTSM
Generalized TTL Security Mechanism
H
HDLC
High-level Data Link Control
HTTP
Hypertext Transport Protocol
HWTACACS
Huawei Terminal Access Controller Access Control System
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
45
HUAWEI NE9000 Core Router
Product Description
A Acronyms and Abbreviations
I
ICMP
Internet Control Message Protocol
ICU
internal communication unit
IDC
Internet data center
IGMP
Internet Group Management Protocol
IGP
Interior Gateway Protocol
IPCP
Internet Protocol Control Protocol
IS-IS
Intermediate System to Intermediate System
ISP
Internet Service Provider
ISSU
In-service Software Upgrade
I-SPF
incremental shortest path first
L
LACP
Link Aggregation Control Protocol
LCD
liquid crystal display
LCP
Link Control Protocol
LDP
Label Distribution Protocol
LER
label edge router
LPU
line interface processing unit
LSA
link-state advertisement
LSP
label switched path
LSR
label switching router
M
MAC
metropolitan area network
MBGP
Multiprotocol Border Gateway Protocol
MD5
message digest algorithm 5
MIB
management information base
MF
multi-field
MLD
multicast listener discovery
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
46
HUAWEI NE9000 Core Router
Product Description
A Acronyms and Abbreviations
MPLS
Multiprotocol Label Switching
MP-EBGP
Multiprotocol External Border Gateway Protocol
MPLSCP
Multiprotocol Label Switching Control Protocol
MPU
main processing unit
MSDP
Multicast Source Discovery Protocol
MTBF
mean time between failures
N
ND
neighbor discovery
NDA
NetStream data analyzer
NDE
NetStream data exporter
NGN
next generation network
NMS
network management system
NQA
network quality analysis
NSC
NetStream collector
NSF
non-stop forwarding
NSR
non-stop routing
O
OAM
operation, administration and maintenance
OFC
optical flexible card
O&M
operation and maintenance
OPEX
operational expenditure
OSPF
Open Shortest Path First
P
PAP
Password Authentication Protocol
PE
provider edge
PHB
per-hop behavior
PIM-SM
Protocol Independent Multicast-Sparse Mode
PIM-SSM
Protocol Independent Multicast Source-Specific Multicast
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
47
HUAWEI NE9000 Core Router
Product Description
A Acronyms and Abbreviations
PMTU
Path MTU
PPP
Point-to-Point Protocol
PQ
priority queuing
PS
physical system
PSN
packet switched network
PWE3
pseudo wire emulation edge-to-edge
Q
QoS
quality of service
QPPB
QoS Policy Propagation Through the Border Gateway
Protocol
R
RADIUS
Remote Authentication Dial In User Service
RAM
random access memory
RIP
Routing Information Protocol
RIPng
Routing Information Protocol Next Generation
ROD
recursive on-demand
RP
rendezvous point
RPF
reverse path forwarding
RR
route reflector
RSVP
Resource Reservation Protocol
S
SFU
switch fabric unit
SFE
Switching Fabruc Extend
SDH
synchronous digital hierarchy
SNMP
Simple Network Management Protocol
SONET
synchronous optical network
SSM
source-specific multicast
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
48
HUAWEI NE9000 Core Router
Product Description
A Acronyms and Abbreviations
T
TCP
Transfer Control Protocol
TE
traffic engineering
TFTP
Trivial File Transfer Protocol
TLS
transparent LAN service
ToS
Type of Service
U
UCMP
unequal-cost multipath
UDP
User Datagram Protocol
URPF
unicast reverse path forwarding
USM
user-based security model
V
VLAN
virtual local area network
VoIP
voice over IP
VPLS
virtual private LAN service
VPSNS
virtual private switched network service
VPWS
virtual private wire service
VRP
versatile routing platform
VRRP
Virtual Router Redundancy Protocol
VS
virtual system
W
WFQ
Weighted Fair Queuing
WRED
Weighted Random Early Detection
Issue 01 (2016-08-30)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
49