Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the Huawei S6700 Product Characteristics.
S6700 Product Characteristics
The S6700 series Ethernet switches (S6700 for short) are next-generation 10G fixed switches. The S6700 can function as an access switch in an Internet data center (IDC) or a core switch on a campus network.
The S6700 has industry-leading performance and provides line-speed 10GE access ports and line-speed 40GE uplink ports (40GE is supported since V200R008C00). It can be used in a data center to provide 10 Gbit/s access to servers or function as a core switch on a campus network to provide 40 Gbit/s traffic aggregation. In addition, the S6700 provides a wide variety of services, comprehensive security policies, and various QoS features to help customers build scalable, manageable, reliable, and secure data centers.
Enabling networks to be more agile for services
The high-speed Ethernet Network Processor (ENP) embedded in the S6720-HI is tailored for Ethernet. The chip’s flexible packet processing and traffic control capabilities can meet current and future service requirements, helping build a highly scalable network.
The ENP has a fully programmable architecture, on which enterprises can define their own forwarding models, forwarding behaviors, and lookup algorithms. Microcode programmability makes it possible to provide new services within six months, without the need of replacing the hardware. In contrast, traditional ASIC chips use a fixed forwarding architecture and follow a fixed forwarding process. For this reason, new services cannot be provisioned until new hardware is developed to support the services one to three years later.
Delivering abundant services more agilely
The S6720-HI integrates the AC function, so customers do not need to buy independent AC devices or hardware components.
With the unified user management function, the S6720-EI, S6720S-EI, and S6720-HI authenticate both wired and wireless users, ensuring a consistent user experience no matter whether they are connected to the network through wired or wireless access devices. The unified user management function supports various authentication methods, including 802.1X, MAC address, and Portal authentication, and is capable of managing users based on user groups, domains, and time ranges. These functions visualize user and service management and boost the transformation from device-centric management to user-centric management.
The S6720 provides excellent quality of service (QoS) capabilities and supports queue scheduling and congestion control algorithms. Additionally, it adopts innovative priority queuing and multi-level scheduling mechanisms to implement fine-grained scheduling of data flows, meeting service quality requirements of different user terminals and services.
Providing fine granular network management more agilely
The S6720-HI uses the Packet Conservation Algorithm for Internet (iPCA) technology that changes the traditional method of using simulated traffic for fault location. iPCA technology can monitor network quality for any service flow anywhere, anytime, without extra costs. It can detect temporary service interruptions in a very short time and can identify faulty ports accurately. This cutting-edge fault detection technology turns “extensive management” to “fine granular management.”
The S6720-HI supports Two-Way Active Measurement Protocol (TWAMP) to accurately check any IP link and obtain the entire network’s IP performance. This protocol eliminates the need of using a dedicated probe or a proprietary protocol.
The S6720-HI supports SVF and functions as a parent switch. With this virtualization technology, a physical network with the “Small-sized core/aggregation switches + Access switches + APs” structure can be virtualized into a “super switch”, offering the industry’s simplest network management solution.
Large-Capacity, High-Density, 10 Gbit/s Access and 40 Gbit/s Uplink
To provide sufficient bandwidth for users, many servers use 10G network adapters, especially servers in data centers. The S6700 can be used in data centers to provide high forwarding performance and 10GE ports.
The S6700 has the highest density of 10GE ports and largest switching capacity among counterpart switches. These ports support 1GE and 10GE access and can identify optical module types, maximizing the return on investment and allowing users to deploy service flexibly.
The S6700 has a large buffer capacity and uses advanced buffer scheduling mechanism to ensure non-blocking transmission of high traffic volume in data centers.
Comprehensive Security Control Policies
The S6700 provides multiple security measures to defend against Denial of Service (DoS) attacks (such as SYN, Land, Smurf, and ICMP Flood), attacks to networks (STP BPDU/root attacks), and attacks to users (bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, DHCP request flood attacks, and attacks with variable CHADDR field of packets). DHCP snooping discards invalid packets that do not match any binding entries, such as ARP spoofing packets and IP spoofing packets. This prevents man-in-the-middle attacks that hackers initiate using ARP packets. The interface connected to a DHCP server can be configured as a trusted interface to protect the system against bogus DHCP server attacks.
The S6700 supports strict ARP learning, which prevents ARP spoofing from exhausting ARP entries to ensure normal Internet normally access. The switch also provides IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing. The unicast reverse path forwarding (URPF) function protects a network against source address spoofing attacks by reversely checking packet transmission paths.
The S6700 supports centralized MAC address authentication and 802.1X authentication. It authenticates users based on static or dynamic bindings of information such as the user name, IP address, MAC address, VLAN ID, interface number, and antivirus software installation flag. VLANs, QoS policies, and ACLs can be applied to users dynamically. The S6700 can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries using bogus source MAC addresses. This function minimizes packet flooding that occurs when MAC addresses of users cannot be found in the MAC address table.
Comprehensive Reliability Mechanisms
The S6700 supports redundant power supplies. You choose a single power supply or use two power supplies to ensure power reliability. With two swappable fans, the S6700 has a longer MTBF time than counterpart switches. The S6700 supports multi-process MSTP that enhances the existing STP, RSTP, and MSTP implementation by increasing the number of MSTIs supported on a network. It also supports enhanced Ethernet reliability technologies such as Smart Link and RRPP, which implement millisecond-level protection switching to ensure network reliability. Smart Link and RRPP both support multiple instances to implement load balancing among links, improving the bandwidth efficiency.
The S6700 supports enhanced trunk (E-Trunk) that enables a CE to be dual-homed to two PEs using Eth-Trunk links. This implements inter-device link aggregation and link load balancing, and greatly improves reliability of access devices.
The S6700 supports the Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer of an Ethernet network. SEP features simplicity, high reliability, high switching performance, convenient maintenance, and flexible topology, enabling users to manage and plan networks conveniently.
The S6700 supports G.8032, also called Ethernet Ring Protection Switch (ERPS). ERPS is based on traditional Ethernet MAC and bridging functions and uses mature Ethernet OAM and Ring Automatic Protection Switching (Ring APS or R-APS) technologies to implement fast protection switching on Ethernet networks. ERPS supports multiple services and provides flexible networking, reducing the OPEX and CAPEX. Two S6700s can form a VRRP group to ensure nonstop communication. Multiple equal-cost routes to an upstream device can be configured on the S6700 to provide route redundancy. When an active route is unreachable, traffic is switched to a backup route.
Extensive QoS Control Mechanisms
The S6700 implements complex traffic classification based on packet information such as the 5-tuple, IP preference, ToS, DSCP, IP protocol type, ICMP type, TCP source port, VLAN ID, Ethernet protocol type, and CoS. ACLs can be applied to inbound or outbound direction to filter packets. The S6700 supports a per flow two-rate three-color CAR. Each port supports eight priority queues, multiple queue scheduling algorithms such as WRR, WDRR, PQ, WRR+PQ, and WDRR+PQ, and congestion avoidance algorithm WRED. All of these ensure the quality of voice, video, and data services.
The S6700 supports the intelligent stack (iStack) function that allows switches far from each other to set up a stack. A port of the S6700 can be configured as a stack port for flexible stack deployment. The distance between stacked switches is further increased when the switches are connected with optical fibers. Compared with a single device, iStack provides higher expansibility, reliability, and performance. New member switches can be added to a stack without interrupting services when the system capacity needs to be increased or a member switch fails. Compared with stacking of modular switches, iStack can increase system capacity and port density without restricted by the hardware structure. Multiple stack switches are managed as one logical device with a single IP address, which greatly reduces system expansion, operation, and maintenance costs.
The S6700 supports automatic configuration, plug-and-play, USB-based deployment, and batch remote upgrade. These capabilities simplify device management and maintenance while reducing maintenance costs. The S6700 supports SNMPv1/v2c/v3 and provides flexible device management methods. You can manage the S6700 using the CLI, Web system, or Telnet. The NQA function helps you with network planning and upgrades. In addition, the S6700 supports NTP, SSH v2, HWTACACS, RMON, log hosts, and port-based traffic statistics collection. The switch supports GVRP, which dynamically distributes, registers, and propagates VLAN attributes to reduce the manual configuration workload of network administrators and ensure correct VLAN configuration.
The S6700 supports MUX VLAN that isolates Layer 2 traffic between interfaces in a VLAN. Interfaces in a subordinate separate VLAN can communicate with interfaces in the principal VLAN but cannot communicate with each other. This function prevents communication between network devices connected to certain interfaces or interface groups but allows the devices to communicate with the default gateway. MUX VLAN is usually used on an enterprise intranet to isolate user interfaces from each other but allow them to communicate with server interfaces.
The S6700 supports BFD, which provides millisecond-level fault detection for protocols such as OSPF, IS-IS, VRRP, and PIM to improve network reliability. Complying with IEEE 802.3ah and 802.1ag, the S6700 supports point-to-point Ethernet fault management and can detect faults in the last mile of an Ethernet link to users. Ethernet OAM improves the Ethernet network management and maintenance capabilities and ensures a stable network.
Various IPv6 Features
The S6700 hardware supports IPv4/IPv6 dual stack and IPv6 over IPv4 tunnels (including manual tunnels, 6to4 tunnels, and ISATAP tunnels). S6700 switches can be deployed on IPv4 networks, IPv6 networks, or networks that run both IPv4 and IPv6. This makes networking flexible and enables smooth network migration from IPv4 to IPv6.
The S6700 supports various IPv6 routing protocols including RIPng and OSPFv3. It uses the IPv6 Neighbor Discovery Protocol (NDP) to manage packets exchanged between neighbors. It also provides the Path MTU Discovery (PMTU) mechanism to select a proper MTU on the path from the source to the destination, optimizing network resources and obtaining the maximum throughput.
Huawei provides the Cloud Managed Network Solution based on a public cloud. The S6720-EI/S6720S-EI/S6720-HI/S6720-SI/S6720S-SI (since V200R012C00) and S6720S-LI (since V200R013C00) can be managed by a cloud management platform. In the Huawei Cloud Managed Network solution, cloud-managed switches are plug-and-play. They automatically connect to the cloud management platform and use bidirectional certificate authentication to ensure management channel security. The cloud-managed switches provide the NETCONF and YANG interfaces, through which the cloud management platform delivers configurations to them. In addition, remote maintenance and fault diagnosis can be performed on the cloud-managed switches using the cloud management platform.
The S6720-EI, S6720S-EI, and S6720-HI support VXLAN L2 and L3 gateway functions, which can be configured using NETCONF/YANG. Based on this feature, multiple service networks or tenant networks can be deployed together on the same physical network. Service networks or tenant networks are isolated from each other, achieving one network for multiple purposes. This helps meet data bearing requirements of different services or customers while reducing network construction costs and improving network resource utilization efficiency.
The S6720-HI supports the IEEE 1588v2 protocol, which implements low-cost, high-precision, and high-reliability time and clock synchronization. This feature can meet strict requirements of power and transportation industry customers on time and clock synchronization.
Open Programmability System (OPS)
The S6720 provides open interfaces, and customers can make executable Python scripts based on specified events to implement intelligent device management, lowering O&M costs and simplifying operations.
As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.
For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.