Huawei S6700 Product Characteristics

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the Huawei S6700 Product Characteristics.

S6700 Product Characteristics

The S6700 series Ethernet switches (S6700 for short) are next-generation 10G fixed switches. The S6700 can function as an access switch in an Internet data center (IDC) or a core switch on a campus network.

The S6700 has industry-leading performance and provides line-speed 10GE access ports and line-speed 40GE uplink ports (40GE is supported since V200R008C00). It can be used in a data center to provide 10 Gbit/s access to servers or function as a core switch on a campus network to provide 40 Gbit/s traffic aggregation. In addition, the S6700 provides a wide variety of services, comprehensive security policies, and various QoS features to help customers build scalable, manageable, reliable, and secure data centers.

Enabling networks to be more agile for services

The high-speed Ethernet Network Processor (ENP) embedded in the S6720-HI is tailored for Ethernet. The chip’s flexible packet processing and traffic control capabilities can meet current and future service requirements, helping build a highly scalable network.

The ENP has a fully programmable architecture, on which enterprises can define their own forwarding models, forwarding behaviors, and lookup algorithms. Microcode programmability makes it possible to provide new services within six months, without the need of replacing the hardware. In contrast, traditional ASIC chips use a fixed forwarding architecture and follow a fixed forwarding process. For this reason, new services cannot be provisioned until new hardware is developed to support the services one to three years later.

Delivering abundant services more agilely

The S6720-HI integrates the AC function, so customers do not need to buy independent AC devices or hardware components.

With the unified user management function, the S6720-EI, S6720S-EI, and S6720-HI authenticate both wired and wireless users, ensuring a consistent user experience no matter whether they are connected to the network through wired or wireless access devices. The unified user management function supports various authentication methods, including 802.1X, MAC address, and Portal authentication, and is capable of managing users based on user groups, domains, and time ranges. These functions visualize user and service management and boost the transformation from device-centric management to user-centric management.

The S6720 provides excellent quality of service (QoS) capabilities and supports queue scheduling and congestion control algorithms. Additionally, it adopts innovative priority queuing and multi-level scheduling mechanisms to implement fine-grained scheduling of data flows, meeting service quality requirements of different user terminals and services.

Providing fine granular network management more agilely

The S6720-HI uses the Packet Conservation Algorithm for Internet (iPCA) technology that changes the traditional method of using simulated traffic for fault location. iPCA technology can monitor network quality for any service flow anywhere, anytime, without extra costs. It can detect temporary service interruptions in a very short time and can identify faulty ports accurately. This cutting-edge fault detection technology turns “extensive management” to “fine granular management.”

The S6720-HI supports Two-Way Active Measurement Protocol (TWAMP) to accurately check any IP link and obtain the entire network’s IP performance. This protocol eliminates the need of using a dedicated probe or a proprietary protocol.

The S6720-HI supports SVF and functions as a parent switch. With this virtualization technology, a physical network with the “Small-sized core/aggregation switches + Access switches + APs” structure can be virtualized into a “super switch”, offering the industry’s simplest network management solution.

Large-Capacity, High-Density, 10 Gbit/s Access and 40 Gbit/s Uplink

To provide sufficient bandwidth for users, many servers use 10G network adapters, especially servers in data centers. The S6700 can be used in data centers to provide high forwarding performance and 10GE ports.

The S6700 has the highest density of 10GE ports and largest switching capacity among counterpart switches. These ports support 1GE and 10GE access and can identify optical module types, maximizing the return on investment and allowing users to deploy service flexibly.

The S6700 has a large buffer capacity and uses advanced buffer scheduling mechanism to ensure non-blocking transmission of high traffic volume in data centers.

Comprehensive Security Control Policies

The S6700 provides multiple security measures to defend against Denial of Service (DoS) attacks (such as SYN, Land, Smurf, and ICMP Flood), attacks to networks (STP BPDU/root attacks), and attacks to users (bogus DHCP server attacks, man-in-the-middle attacks, IP/MAC spoofing attacks, DHCP request flood attacks, and attacks with variable CHADDR field of packets). DHCP snooping discards invalid packets that do not match any binding entries, such as ARP spoofing packets and IP spoofing packets. This prevents man-in-the-middle attacks that hackers initiate using ARP packets. The interface connected to a DHCP server can be configured as a trusted interface to protect the system against bogus DHCP server attacks.

The S6700 supports strict ARP learning, which prevents ARP spoofing from exhausting ARP entries to ensure normal Internet normally access. The switch also provides IP source check to prevent DoS attacks caused by MAC address spoofing, IP address spoofing, and MAC/IP spoofing. The unicast reverse path forwarding (URPF) function protects a network against source address spoofing attacks by reversely checking packet transmission paths.

The S6700 supports centralized MAC address authentication and 802.1X authentication. It authenticates users based on static or dynamic bindings of information such as the user name, IP address, MAC address, VLAN ID, interface number, and antivirus software installation flag. VLANs, QoS policies, and ACLs can be applied to users dynamically. The S6700 can limit the number of MAC addresses learned on an interface to prevent attackers from exhausting MAC address entries using bogus source MAC addresses. This function minimizes packet flooding that occurs when MAC addresses of users cannot be found in the MAC address table.

Comprehensive Reliability Mechanisms

The S6700 supports redundant power supplies. You choose a single power supply or use two power supplies to ensure power reliability. With two swappable fans, the S6700 has a longer MTBF time than counterpart switches. The S6700 supports multi-process MSTP that enhances the existing STP, RSTP, and MSTP implementation by increasing the number of MSTIs supported on a network. It also supports enhanced Ethernet reliability technologies such as Smart Link and RRPP, which implement millisecond-level protection switching to ensure network reliability. Smart Link and RRPP both support multiple instances to implement load balancing among links, improving the bandwidth efficiency.

The S6700 supports enhanced trunk (E-Trunk) that enables a CE to be dual-homed to two PEs using Eth-Trunk links. This implements inter-device link aggregation and link load balancing, and greatly improves reliability of access devices.

The S6700 supports the Smart Ethernet Protection (SEP) protocol, a ring network protocol applied to the link layer of an Ethernet network. SEP features simplicity, high reliability, high switching performance, convenient maintenance, and flexible topology, enabling users to manage and plan networks conveniently.

The S6700 supports G.8032, also called Ethernet Ring Protection Switch (ERPS). ERPS is based on traditional Ethernet MAC and bridging functions and uses mature Ethernet OAM and Ring Automatic Protection Switching (Ring APS or R-APS) technologies to implement fast protection switching on Ethernet networks. ERPS supports multiple services and provides flexible networking, reducing the OPEX and CAPEX. Two S6700s can form a VRRP group to ensure nonstop communication. Multiple equal-cost routes to an upstream device can be configured on the S6700 to provide route redundancy. When an active route is unreachable, traffic is switched to a backup route.

Extensive QoS Control Mechanisms

The S6700 implements complex traffic classification based on packet information such as the 5-tuple, IP preference, ToS, DSCP, IP protocol type, ICMP type, TCP source port, VLAN ID, Ethernet protocol type, and CoS. ACLs can be applied to inbound or outbound direction to filter packets. The S6700 supports a per flow two-rate three-color CAR. Each port supports eight priority queues, multiple queue scheduling algorithms such as WRR, WDRR, PQ, WRR+PQ, and WDRR+PQ, and congestion avoidance algorithm WRED. All of these ensure the quality of voice, video, and data services.

High Scalability

The S6700 supports the intelligent stack (iStack) function that allows switches far from each other to set up a stack. A port of the S6700 can be configured as a stack port for flexible stack deployment. The distance between stacked switches is further increased when the switches are connected with optical fibers. Compared with a single device, iStack provides higher expansibility, reliability, and performance. New member switches can be added to a stack without interrupting services when the system capacity needs to be increased or a member switch fails. Compared with stacking of modular switches, iStack can increase system capacity and port density without restricted by the hardware structure. Multiple stack switches are managed as one logical device with a single IP address, which greatly reduces system expansion, operation, and maintenance costs.

Convenient Management

The S6700 supports automatic configuration, plug-and-play, USB-based deployment, and batch remote upgrade. These capabilities simplify device management and maintenance while reducing maintenance costs. The S6700 supports SNMPv1/v2c/v3 and provides flexible device management methods. You can manage the S6700 using the CLI, Web system, or Telnet. The NQA function helps you with network planning and upgrades. In addition, the S6700 supports NTP, SSH v2, HWTACACS, RMON, log hosts, and port-based traffic statistics collection. The switch supports GVRP, which dynamically distributes, registers, and propagates VLAN attributes to reduce the manual configuration workload of network administrators and ensure correct VLAN configuration.

The S6700 supports MUX VLAN that isolates Layer 2 traffic between interfaces in a VLAN. Interfaces in a subordinate separate VLAN can communicate with interfaces in the principal VLAN but cannot communicate with each other. This function prevents communication between network devices connected to certain interfaces or interface groups but allows the devices to communicate with the default gateway. MUX VLAN is usually used on an enterprise intranet to isolate user interfaces from each other but allow them to communicate with server interfaces.

The S6700 supports BFD, which provides millisecond-level fault detection for protocols such as OSPF, IS-IS, VRRP, and PIM to improve network reliability. Complying with IEEE 802.3ah and 802.1ag, the S6700 supports point-to-point Ethernet fault management and can detect faults in the last mile of an Ethernet link to users. Ethernet OAM improves the Ethernet network management and maintenance capabilities and ensures a stable network.

Various IPv6 Features

The S6700 hardware supports IPv4/IPv6 dual stack and IPv6 over IPv4 tunnels (including manual tunnels, 6to4 tunnels, and ISATAP tunnels). S6700 switches can be deployed on IPv4 networks, IPv6 networks, or networks that run both IPv4 and IPv6. This makes networking flexible and enables smooth network migration from IPv4 to IPv6.

The S6700 supports various IPv6 routing protocols including RIPng and OSPFv3. It uses the IPv6 Neighbor Discovery Protocol (NDP) to manage packets exchanged between neighbors. It also provides the Path MTU Discovery (PMTU) mechanism to select a proper MTU on the path from the source to the destination, optimizing network resources and obtaining the maximum throughput.

Cloud-based Management

Huawei provides the Cloud Managed Network Solution based on a public cloud. The S6720-EI/S6720S-EI/S6720-HI/S6720-SI/S6720S-SI (since V200R012C00) and S6720S-LI (since V200R013C00) can be managed by a cloud management platform. In the Huawei Cloud Managed Network solution, cloud-managed switches are plug-and-play. They automatically connect to the cloud management platform and use bidirectional certificate authentication to ensure management channel security. The cloud-managed switches provide the NETCONF and YANG interfaces, through which the cloud management platform delivers configurations to them. In addition, remote maintenance and fault diagnosis can be performed on the cloud-managed switches using the cloud management platform.

VXLAN features

The S6720-EI, S6720S-EI, and S6720-HI support VXLAN L2 and L3 gateway functions, which can be configured using NETCONF/YANG. Based on this feature, multiple service networks or tenant networks can be deployed together on the same physical network. Service networks or tenant networks are isolated from each other, achieving one network for multiple purposes. This helps meet data bearing requirements of different services or customers while reducing network construction costs and improving network resource utilization efficiency.

Clock synchronization

The S6720-HI supports the IEEE 1588v2 protocol, which implements low-cost, high-precision, and high-reliability time and clock synchronization. This feature can meet strict requirements of power and transportation industry customers on time and clock synchronization.

Open Programmability System (OPS)

The S6720 provides open interfaces, and customers can make executable Python scripts based on specified events to implement intelligent device management, lowering O&M costs and simplifying operations.

Related Content

Support Community

• Introduction to Huawei Fixed Switches

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

Huawei Tips on Identfying Fixed Switch Models and Versions

HongTelecom introduced the full series of fixed switches in the last thread. There are so many models in so many series. Do you get a headache distinguishing one switch from another or picking the one you need? Don’t worry. You will get all your questions answered in this thread.

Question 1: Do you know how to choose a model among fixed switches? Which are Layer 2 switches? Which are Layer 3 switches?

All the S1700s are Layer 2 switches, some of which provide 100M downstream ports and some provide GE downstream ports. You can distinguish these switches from their product names. The switches with a “G” in their product names have GE downstream ports, for example, S1700-52GFR-4P-AC. The switches without “G” in their product names have 100M downstream ports.

All the S2700s are Layer 2 100M switches.

All the S3700s are Layer 3 100M switches.

The S5700-LI, S5700S-LI and S5710-LI series of the S5700s are Layer 2 GE switches (switches with “LI” in the name are Layer 2 switches), and the rest of the S5700s are Layer 3 GE switches.

The S6700s are Layer 3 10GE switches.

Question 2: Do you know the function of cards? Which models support cards and how to identify them?

When the fixed interfaces on the switches cannot meet the needs of users, cards of a specified type can be used. Cards are usually optional, providing more functions and applications, such as high-speed uplink interfaces and stack cards.

Series	Support for Cards
S1700	Not supported
S2700	Not supported
S3700	Only supported by the HI series
S5700	Supported by models other than the S5700-Li, S5700S-LI and S5700-26X-SI-12S-AC
S6700	Not supported

Here’s a method to quickly determine whether a switch supports cards: check whether its name contains a C. For example, the S5700-28C-EI supports cards.

There are several exceptions: The S5700-24TP and S5700-48TP of the S5700-SI series do not support service cards but they support stack cards, although there is no “C” in their names.

List of cards:

Question 3: Do you know which models support PoE power supply? How many interfaces at most do they support?

Switches with PWR in the name support PoE power supply, such as the S5710-52C-PWR-EI.

PoE switches provide power for powered devices (PDs) over Ethernet electrical interfaces. All the PoE switches comply with IEEE 802.3af and 802.3at. IEEE 802.3af supports a maximum of 15.4 W power and the IEEE 802.3at supports a maximum of 30 W power. The PDs connected to a switch determine which standard the switch should comply with, and the switch is auto-sensing.

The number of interfaces that can provide PoE power supply on a switch depends on the power module used, the corresponding standard, and the switch’s own limitations. Here, I’m providing the maximum number of interfaces that each series can support theoretically. See the Hardware Description of the corresponding product for details.

Series	Maximum Number of PoE Interfaces (IEEE 802.3af)	Maximum Number of PoE Interfaces (IEEE 802.3at)
S1700	Not supporting PoE
S2700	8/16/24/48	4/8/12/24
S3700	8/16/24/48	4/8/12/24
S5700	8/12/16/24/48	4/6/8/12/24/26/48
S6700	Not supporting PoE

If you want to know more about the switch product names, see the naming conventions of switches at the following website: http://forum.huawei.com/enterprise/thread-207241.html

Question 4: Do you know the software versions of switches? What is the mapping between software versions and switch models?

Huawei releases two sets of software versions for SMB switches (S1700) and non-SMB switches (S2700/3700/5700/6700). The two sets of software versions are unrelated.

The figures and tables below demonstrate switches’ software version evolution and mapping between software versions and switch models.

S1700: The three software versions are independent of each other. Upgrades and downgrades cannot take place among the three versions. For example, an S1700 switch cannot upgrade from V1R6C00 to V1R7C00.

S2700/3700/5700/6700: The following table shows the mapping between software versions and switch models. The same model can be upgraded and degraded among the supported software versions.

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.

Introduction to Huawei Fixed Switches

Huawei Campus Switch includes S1700, S2300, S2700, S3300, S3700, S5300, S5700, S600-E, S6300, S6700, S7700, S7900, S9300, S9300X, S9700, S12700 Series. In this article, HongTelecom will introduce the Huawei Fixed Switches .

Distinguish Switch Models Based on Layer 3 Features

Huawei fixed switches consist of the S1700, S2700, S3700, S5700 and S6700 series.

Figure 1 S2700, S3700 and S5700

In terms of product functions, the S1700, S2700, S5700LI are Layer 2 switches, while the S3700, S5700 (except the S5700LI) and S6700 are Layer 3 switches.

(Compared with Layer 2 switches, Layer 3 switches support Layer 3 features such as dynamic routing protocols in addition to Layer 2 features. I have made a summary in the Tips at the bottom of the post to tell you what Layer 3 features are.)

Diversified S5700 Models Adapt to Customers’ Requirements

The S5700 series is the first series developed by Huawei for enterprise networking and has the most product models. Why is the S5700LI a Layer 2 switch, different from other S5700s?

The S5700LI, which is a lightweight S5700 model and a star product of Huawei, is designed to accommodate customized demands of various projects. For example, in a project, the customer wanted a bargain because he just wanted to use S5700s for transparent transmission and did not need Layer 3 features on the switch. But he also pointed out that the S5700 must have forty-eight GE electrical interfaces.

Figure 2 S5700LI&SI&EI&HI

While there are demands for lightweight S5700s, there are demands for enhanced S5700s. Therefore, Huawei developed an enhanced version (S5700EI) and an advanced version (S5700HI). In addition, the standard version of the S5700 was renamed S5700SI following consistent naming conventions. The richness of functions and features provided by these versions is in the following order: S5700LI < S5700SI < S5700EI < S5700HI. The following table lists their support for differences features.

Supported Feature	Switch Model
	S5700LI	S5700SI	S5700EI	S5700HI
RIP/RIPng	N	Y	Y	Y
OSPF/BGP/PIM/ Netstream	N	N	Y	Y
MPLS/Netstream/Hardware-based Ethernet OAM/BFD	N	N	N	Y

 

S6700, Keystone in the Era of the 10GE Ports

Huawei developed the S6700EI based on the S5700 to embrace the era of 10GE ports.

Figure 3 S6700EI

The S6700 is one of the switches featuring an industry-leading performance and provides a maximum of 48 line-rate 10GE ports.

l  In data centers, the S6700 switches function as access switches to provide 10G access.

l  On a campus network, the S6700 switches connect to access switches through GE interfaces, and connect to core switches through 10GE optical interfaces, providing a large switching capacity. The network provides 10 Gbit/s rate for the backbone layer and 100 Mbit/s access rate for terminals, meeting requirements for high bandwidth and multi-service operations.

S2750, Designed for 100M-to-the-Desktop Access

While the S6700 switches provide a solution to the 10GE backbone, Huawei developed the 100M switch S2750 as a solution to 100M-to-the-desktop.

Figure 4 S2750EI

On a campus network, the S2750 switches connect to terminals using 100M electrical interfaces, and connect to aggregation switches using GE interfaces. With functions such as PoE, voice VLAN and NAC, the S2750 provides various desktop access functions.

Summary of Fixed Switches’ Network Locations

The S3700 also has 100M downstream interfaces and can be considered an S2700 with some Layer 3 features. Huawei has stopped releasing new versions of the S3700 since 2014. The S1700 can be seen as a hardware branch model of the S2700. Here, I am not going to waste your time nagging more. In conclusion, the following table lists the recommended deployment locations of Huawei fixed switches on networks:

Recommended deployment locations	S1700	S2700	S5700	S6700
SOHO/Terminal	Access	Access	–	–
Small campus	–	Access layer	Aggregation layer/Access layer	–
Medium campus	–	–	Access layer	Aggregation layer
Large campus	–	–	Access layer	Aggregation layer
Data center	–	–	–	Access layer

Figure 5 Locations of the S5700 on a large enterprise network

[Tips]

Question: What are Layer 3 features?

Answer: Layer 3 features include URPF, BFD, VRRP, sub-interfaces, switching between Layer 2 and Layer 3 interfaces, E-Trunk, VLAN aggregation, MSTP multi-process, redirection, DHCPv6 servers, DHCPv6 relay, MDNS relay, Bonjour relay, PIM, multicast route management, MRM, NAP, observing port groups, MPLS, LDP, RSVP, Seamless, GRE, L3VPN, VLL, PWE3, VPLS, PW, RIP, IS-IS, OSPF, BGP, routing policy, and policy-based routing (PBR).

About Us

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.
For real pictures of related product, visit the HongTelecom Gallery.
To buy related product, visit the HongTelecom Online Shop.