8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
1/57
CloudEngine 6800&5800 Series Switches
V100R002C00
Product Description
Issue 03
Date 2013-12-01
HUAWEI TECHNOLOGIES CO., LTD.
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
2/57
Copyright Huawei Technologies Co., Ltd. 2013. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://enterprise.huawei.com
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
i
http://enterprise.huawei.com/8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
3/57
About This Document
Intended Audience
This document describes the positioning, characteristics, usage scenarios, functions, system
architecture, operations and maintenance, and specifications of CloudEngine (CE) switches.
This document helps you understand the characteristics and features of CE switches.
This document is intended for:
l Network planning engineers
l Hardware installation engineers
l Commissioning engineers
l Data configuration engineers
l Onsite maintenance engineers
l Network monitoring engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation
which, if not avoided, will result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, may result in minor or
moderate injury.
CloudEngine 6800&5800 Series Switches
Product Description About This Document
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
ii
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
4/57
Symbol Description
Indicates a potentially hazardous situation
which, if not avoided, could result in
equipment damage, data loss, performancedeterioration, or unanticipated results.
NOTICE is used to address practices not
related to personal injury.
NOTE Calls attention to important information, best
practices and tips.
NOTE is used to address information not
related to personal injury, equipment damage,
and environment deterioration.
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 03 (2013-12-01)
This is the third commercial release.
Issue 02 (2013-11-20)
This is the second commercial release.
Issue 01 (2013-08-01)
Initial commercial release.
CloudEngine 6800&5800 Series Switches
Product Description About This Document
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
iii
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
5/57
Contents
About This Document.....................................................................................................................ii
1 Product Positioning and Characteristics...................................................................................1
1.1 Product Positioning.........................................................................................................................................................2
1.2 Product Characteristics...................................................................................................................................................21.2.1 High Performance and High Port Density...................................................................................................................2
1.2.2 Front-to-Rear/Rear-to-Front Ventilation Channels.....................................................................................................3
1.2.3 Simplified Operations and Maintenance.....................................................................................................................4
1.2.4 Easy-to-Deploy, Easy-to-Maintain High-Performance Stacking................................................................................5
1.2.5 Abundant Data Center Service Features......................................................................................................................5
2 Typical Applications.....................................................................................................................7
2.1 ToR Application.............................................................................................................................................................8
2.2 EoR Application.............................................................................................................................................................9
3 Structures of CE6800&5800 Series Switches..........................................................................10
4 Product Features...........................................................................................................................14
4.1 Feature List...................................................................................................................................................................15
4.2 Ethernet Features..........................................................................................................................................................20
4.2.1 Link Aggregation.......................................................................................................................................................20
4.2.2 Interface-based Flow Control....................................................................................................................................21
4.2.3 Traffic Suppression....................................................................................................................................................21
4.2.4 VLAN........................................................................................................................................................................21
4.2.5 QinQ..........................................................................................................................................................................22
4.3 STP/RSTP/MSTP.........................................................................................................................................................22
4.3.1 STP and RSTP...........................................................................................................................................................22
4.3.2 MSTP.........................................................................................................................................................................22
4.3.3 MSTP Protection.......................................................................................................................................................23
4.4 Port Security.................................................................................................................................................................23
4.5 Link Detection..............................................................................................................................................................24
4.6 IP Features....................................................................................................................................................................24
4.6.1 IPv4/IPv6 Dual-Stack................................................................................................................................................24
4.6.2 IPv4............................................................................................................................................................................24
4.6.3 IPv6............................................................................................................................................................................25
CloudEngine 6800&5800 Series Switches
Product Description Contents
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
iv
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
6/57
4.7 Routing.........................................................................................................................................................................25
4.8 Multicast.......................................................................................................................................................................25
4.8.1 Layer 2 Multicast.......................................................................................................................................................25
4.8.2 Layer 3 Multicast.......................................................................................................................................................26
4.9 QoS...............................................................................................................................................................................27
4.9.1 Traffic Classification.................................................................................................................................................27
4.9.2 Access Control and Re-Marking...............................................................................................................................28
4.9.3 Traffic Policing..........................................................................................................................................................28
4.9.4 Congestion Management...........................................................................................................................................28
4.9.5 Congestion Avoidance...............................................................................................................................................29
4.9.6 Rate-limiting on an Interface.....................................................................................................................................29
4.9.7 Two-Rate-Three-Color..............................................................................................................................................29
4.10 Security.......................................................................................................................................................................30
4.10.1 DeviceSecurity........................................................................................................................................................30
4.10.2 ServiceSecurity.......................................................................................................................................................31
4.11 MAC-Forced Forwarding...........................................................................................................................................32
4.12 DHCP..........................................................................................................................................................................33
4.13 NetworkManagement................................................................................................................................................34
4.13.1 LLDP.......................................................................................................................................................................34
4.13.2 NQA.........................................................................................................................................................................34
4.13.3 NetStream................................................................................................................................................................35
4.13.4 sFlow.......................................................................................................................................................................36
4.14 Smart Link and Multi-Instance...................................................................................................................................36
4.15 Stacking......................................................................................................................................................................37
4.16 Data Center Features..................................................................................................................................................37
4.16.1 TRILL......................................................................................................................................................................37
4.16.2 DCB.........................................................................................................................................................................38
4.16.3 FCoE........................................................................................................................................................................38
4.16.4 VM Detection..........................................................................................................................................................38
4.16.5 Forwarding Based on the VEPA.............................................................................................................................39
5 Operation Maintenance and Network Management ...........................................................405.1 Maintenance and Management.....................................................................................................................................41
5.1.1 Configuration Modes.................................................................................................................................................41
5.1.2 Monitoring and Maintenance.....................................................................................................................................41
5.1.3 Diagnosis and Debugging..........................................................................................................................................42
5.1.4 Software Upgrade and In-Service Patching...............................................................................................................43
5.1.5 Hardware Fault Handling..........................................................................................................................................43
5.2 eSight............................................................................................................................................................................43
6 System Parameters.......................................................................................................................45
6.1 Specifications................................................................................................................................................................46
CloudEngine 6800&5800 Series Switches
Product Description Contents
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
v
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
7/57
1Product Positioning and CharacteristicsAbout This Chapter
1.1 Product Positioning
1.2 Product Characteristics
CloudEngine 6800&5800 Series Switches
Product Description 1 Product Positioning and Characteristics
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
1
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
8/57
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
9/57
l CE5810-24T4S-EI:Provides twenty-four 10/100/1000BASE-T Ethernet ports, four 10G
SFP+ Ethernet optical ports.
l CE5810-48T4S-EI:Provides forty-eight 10/100/1000BASE-T Ethernet ports, four 10G
SFP+ Ethernet optical ports.
l CE5850-48T4S2Q-EI: Provides forty-eight 10/100/1000BASE-T Ethernet ports, four 10G
SFP+ Ethernet optical ports, and two 40G QSFP+ Ethernet optical ports.
l CE6850-48S4Q-EI: Provides forty-eight 10G SFP+ Ethernet optical ports and four 40G
QSFP+ Ethernet optical ports
l CE6850-48T4Q-EI: Provides forty-eight 10G BASE-T Ethernet ports and four 40G QSFP
+ Ethernet optical ports
CE6800&5800 switches provide high-performance 40GE ports, which can connect to high-
density 40GE line processing units (LPUs) on CE12800 switches to construct full-40G data
center networks.
1.2.2 Front-to-Rear/Rear-to-Front Ventilation Channels
CE6800&5800 switches use front-to-rear/rear-to-front ventilation channels. This design isolates
cold air from hot air channels, improves heat dissipation efficiency, and lowers power
consumption, without the need to reconstruct racks in the data center equipment room.
Figure 1-2and Figure 1-3show the front-to-rear/rear-to-front ventilation channels on
CE6800&5800 switches. The airflow direction in the ventilation channels can be changed by
configuring fan modules and power modules.
Figure 1-2Front-to-rear ventilation channels
CloudEngine 6800&5800 Series Switches
Product Description 1 Product Positioning and Characteristics
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
3
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
10/57
Figure 1-3Rear-to-front ventilation channels
1.2.3 Simplified Operations and Maintenance
CE6800&5800 switches' architecture separates the data plane from the management plane.
l The management ports, fan modules, and power modules are at the front side of the switch
for easy maintenance.
l The data ports are at the rear side of the switch to facilitate cabling and maintenance.
CE6800&5800 switches optimize indicators in the following aspects to facilitate easy
maintenance of data center networks with high device densities:
l Redundant system indicator
CE6800&5800 switches have system indicators on both the front side (with management
ports) and rear side (with data ports). These system indicators show the system status andstack status, helping administrators easily monitor the system status.
l Easy-to-read port indicator
Innovative 40G port indicators clearly show the running status of 40GE ports that have
been converted into four 10GE ports.
l Easy-to-maintain stack indicator
The stack indicator shows the role and ID of the switch in a stack system, helping
administrators maintain the stack system.
l Innovative positioning indicator
CE6800&5800 switches have a positioning indicator that allows administrators to remotely
position a switch quickly. Administrators can turn on switches' positioning indicators
CloudEngine 6800&5800 Series Switches
Product Description 1 Product Positioning and Characteristics
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
4
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
11/57
through the network management system (NMS) or console so that they can quickly find
the switches that require maintenance. Positioning indicators are blue, making them easy
to find.
1.2.4 Easy-to-Deploy, Easy-to-Maintain High-PerformanceStacking
A maximum of 16 CE6800&5800 switches can be added to a stack system. The stack system
has the following advantages:
l High performance
A stack system provides more than 768 GE/10GE ports.
l High bandwidth
Stacked CE5800 switches support 80 Gbit/s stack bandwidth, and stacked CE6800 switches
support 160 Gbit/s stack bandwidth, making a stacking bandwidth bottleneck unlikely tooccur.
l Fast recovery
The ring stack topology allows for system recovery within 200 ms.
l Easy to deploy and maintain
The pre-deployment and offline configuration functions allow users to plan and pre-
configure the system and add devices on demand. This feature offers a Pay As You
Grow solution.
Users can specify device IDs in a stack system to easily identify, locate, and maintain
devices.
Indicators clearly identify the role and status of the device in a stack system. With these
indicators, users can complete basic maintenance tasks on a stack system without a PC.
l Simple upgrade
A stack system supports quick software upgrades and automatic software upgrades,
simplifying the upgrade process and reducing workload.
1.2.5 Abundant Data Center Service Features
CE6800&5800 switches have a wide range of data center service features, including the
following:l Fiber Channel over Ethernet (FCoE) and Data Center Bridging (DCB)
FCoE, Data Center Bridging Exchange (DCBX) in 802.1Qaz, Priority-based Flow
Control (PFC) in 802.1Qbb, and Enhanced Transmission Selection (ETS) in 802.1Qaz
allow fiber channels (FCs) to run on a converged lossless Enhanced Ethernet, thereby
lowering networking costs.
FCoE and DCB can seamlessly interconnect with the existing FC infrastructure,
protecting investments in the FC storage area network (FC SAN).
NOTE
Only CE6800 supports FCoE and DCB.
l Virtualization and virtual machine (VM) access
CloudEngine 6800&5800 Series Switches
Product Description 1 Product Positioning and Characteristics
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
5
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
12/57
Server virtualization improves data center efficiency.
VM detection enables switches to automatically migrate network policies during VM
migrations, so network sources can be allocated on demand. With the technologies that
enable large Layer 2 networking, VMs can migrate freely across the entire data center
network.
l Transparent Interconnection of Lots of Links (TRILL)
TRILL is an Internet Engineering Task Force (IETF) standard that allows for super
large, flexible networking.
TRILL implements multi-path load balancing to balance traffic among multiple paths
in response to service requirements.
TRILL can quickly detect network changes and complete network convergence within
a short time.
CloudEngine 6800&5800 Series Switches
Product Description 1 Product Positioning and Characteristics
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
6
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
13/57
2Typical ApplicationsAbout This Chapter
2.1 ToR Application
2.2 EoR Application
CloudEngine 6800&5800 Series Switches
Product Description 2 Typical Applications
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
7
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
14/57
2.1 ToR Application
Top of rack (ToR) is a cabling mode in a server cabinet. Switches deployed in ToR mode are
called ToR switches. The ToR mode applies to data center networks with high server densities.
As shown in Figure 2-1, ToR switches are deployed at the top of server cabinets. Two ToR
switches in two adjacent server cabinets form a stack system, and servers are dual-homed to the
two ToR switches. The access ports on the two ToR switches constitute a link aggregation group
(LAG).
Figure 2-1ToR application
Aggregation Switch
RACK
Switch
Server
Server
Server
Server
Server
Server
Server
Server
Switch
Server
Server
Server
Server
Server
Server
Server
Server
RACK
ToR networking has the following advantages:
l The stack system can eliminate bandwidth bottlenecks. In the stack system, ToR switches
are stacked using 10GE/40GE ports, and all stack cables work in Active state, greatly
improving stack bandwidths.
l The access reliability of the stack system is high. Master and backup ports on servers are
connected to two ToR switches simultaneously, and the access ports on the two ToR
switches work in LAG mode. Therefore, the Spanning Tree Protocol (STP) is not required,
and a switchover is completed within 100 ms once a fault has occurred.
l ToR switches support 40GE uplink ports that can be used together with high-density 40GE
LPUs on CE12800 switches to construct high-performance 40GE data center networks.
CloudEngine 6800&5800 Series Switches
Product Description 2 Typical Applications
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
8
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
15/57
2.2 EoR Application
End of row (EoR) is a cabling mode in a server cabinet. Switches deployed in EoR mode arecalled EoR switches.
The EoR mode applies to data center networks with low densities of servers. At the end of each
row of server cabinets, there are two network cabinets where access switches are installed.
Servers in cabinets along the row share these access switches. As shown in Figure 2-2, access
switches in the network cabinets form a stack system and provide high access port densities.
Figure 2-2EoR application
40G
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
Switch
EoR networking has the following advantages:
l High access port densities. A maximum of 16 CE6800&5800 switches can be added to a
stack system and provide more than 768 GE/10GE access ports.
l Improved user experience. CE6800&5800 switches use the same operating system as the
CE12800 and support chassis architecture. After being stacked, CE6800&5800 switches
can work as a chassis switch and provide the same application experience as the CE12800.
l Super-high stack bandwidth. The EoR networking mode eliminates the stack system
bottleneck to the maximum extent and improves performance of the entire system.
CloudEngine 6800&5800 Series Switches
Product Description 2 Typical Applications
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
9
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
16/57
3Structures of CE6800&5800 Series SwitchesFront View
Figure 3-1, Figure 3-2, Figure 3-3, Figure 3-4, and Figure 3-5show front views (power supply
side) of CE6800&5800 chassis.
Figure 3-1CE5850-48T4S2Q-EI front view (power supply side)
1 23 45 6 87
Figure 3-2CE6850-48S4Q-EI front view (power supply side)
1 23 45 6 87
Figure 3-3CE6850-48T4Q-EI front view (power supply side)
1 23 456 87
Figure 3-4CE5810-24T4S-EI front view (power supply side)
1 23 456 87
CloudEngine 6800&5800 Series Switches
Product Description 3 Structures of CE6800&5800 Series Switches
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
10
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
17/57
Figure 3-5CE5810-48T4S-EI front view (power supply side)
1 23 456 87
l 1. Power supply slot 1
l 2. Power supply slot 2
Available power modules:
l CE5800: 150 W AC power
module, 350 W DC power
module
l CE6850-48S4Q-EI: 350 WAC power module, 350 W
DC power module
l CE6850-48T4Q-EI: 350 W
AC power module, 600 W
AC power module
l 3. Fan slot 1
l 4. Fan slot 2
Available fans:
l CE5810: FAN-40SB series
fan modules
l CE5850: FAN-40EA series
fan modulesl CE6850: FAN-40EA series
fan modules
NOTE
Earlier versions of the
CE5850-48T4S2Q-EI use the
FAN-40SA serial fan modules.
5. Console port
NOTE
This port is used for first-
time login or local device
configuration.
6. ETH management port
NOTE
This port is used for local or remote
device configuration.
7. Bar code label
NOTE
This label is drawable, and you
can pull it outward to view the barcode and MAC address of the
switch.
8. USB port
NOTE
This port is used for device
deployment, configurationfile transfer, and upgrade.
Rear View
Figure 3-6, Figure 3-7, Figure 3-8, Figure 3-9, and Figure 3-10show rear views (port side)
of CE6800&5800 chassis.
Figure 3-6CE5850-48T4S2Q-EI rear view (port side)
51 4
Figure 3-7CE6850-48S4Q-EI rear view (port side)
3 6
CloudEngine 6800&5800 Series Switches
Product Description 3 Structures of CE6800&5800 Series Switches
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
11
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
18/57
Figure 3-8CE6850-48T4Q-EI rear view (port side)
2 6
Figure 3-9CE5810-24T4S-EI rear view (port side)
7 4
Figure 3-10CE5810-48T4S-EI rear view (port side)
1 4
1. Forty-eight
10/100/1000BASE-T Ethernetelectrical ports
2. Forty-eight 10GBASE-T
Ethernet electrical portsNOTE
When a CE6850-48T4Q-EI switch
uses 350 W AC power modules and
all its ports are in use, the length of
each network cable used on the
switch cannot exceed 30 m.
3. Forty-eight 10GE
SFP+ Ethernet opticalports
4. Four 10GE SFP+ Ethernet
optical ports
5. Two 40GE QSFP+ Ethernet
optical ports
NOTE
A 40GE QSFP+ port of a
CE5850-48T4S2Q-EI switch
cannot be converted into four 10GE
SFP+ ports.
6. Four 40GE QSFP+
Ethernet optical ports
NOTE
A 40GE QSFP+ port of a
CE6800 switch can be
converted into four 10GE
SFP+ ports.
7. Twenty-four
10/100/1000BASE-T Ethernet
electrical ports
- -
Side View
Figure 3-11, Figure 3-12, Figure 3-13, and Figure 3-14show side views of CE6800&5800
chassis.
CloudEngine 6800&5800 Series Switches
Product Description 3 Structures of CE6800&5800 Series Switches
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
12
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
19/57
Figure 3-11CE5850-48T4S2Q-EI, CE5810-24T4S-EI, and CE5810-48T4S-EI side view (left
side)
1 2
1 1
2
2 2
Figure 3-12CE5850-48T4S2Q-EI, CE5810-24T4S-EI, and CE5810-48T4S-EI side view (right
side)
12
1 1
2
2 2 3
Figure 3-13CE6850-48T4Q-EI and CE6850-48S4Q-EI side view (left side)
1 2
1 1
2
2 24 4
4 4
Figure 3-14CE6850-48T4Q-EI and CE6850-48S4Q-EI side view (right side)
12
1 1
2
2 2 4 4
4 4
3
1. Three port-side
mounting holes for
mounting brackets
2. Four power-supply-
side mounting holes
for mounting brackets
3. Ground screw 4. Four middle
mounting holes for
mounting brackets
CloudEngine 6800&5800 Series Switches
Product Description 3 Structures of CE6800&5800 Series Switches
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
13
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
20/57
4Product FeaturesAbout This Chapter
4.1 Feature List
4.2 Ethernet Features
4.3 STP/RSTP/MSTP
4.4 Port Security
4.5 Link Detection
4.6 IP Features
4.7 Routing
4.8 Multicast
4.9 QoS
4.10 Security
4.11 MAC-Forced Forwarding
4.12 DHCP
4.13 Network Management
4.14 Smart Link and Multi-Instance
4.15 Stacking
4.16 Data Center Features
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
14
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
21/57
4.1 Feature List
Table 4-1lists the features supported by CE6800&5800 switches.
Table 4-1Features supported by CE6800&5800 switches
Feature Description
Ethernet Ethernet l Operating modes of full-duplex and auto-negotiation
l Operating rates of an Ethernet interface, including 10 Mbit/
s, 100 Mbit/s, 1000 Mbit/s, 10 Gbit/s, 40 Gbit/s, and auto-
negotiation
NOTE
l GE electrical interfaces support the operating rates of 10 Mbit/s, 100 Mbit/s, and 1000 Mbit/s.
l 10GE electrical interfaces support the operating rates of 100
Mbit/s, 1000 Mbit/s, and 10 Gbit/s.
l 10GE optical interfaces support the operating rates of 1000
Mbit/s and 10 Gbit/s.
l 40GE optical interfaces support only the operating rate of 40
Gbit/s.
l Flow control on interfaces
NOTE
10GE/40GE optical interfaces do not support flow control.
l Jumbo frames
l Link aggregation
l Load balancing among links within a trunk
l Interface isolation and forwarding restrictions
l Broadcast storm suppression
Virtual Local
Area
Network
(VLAN)
l Multiple interface types: access, trunk, hybrid, and 802.1Q-
in-802.1Q (QinQ)
l Multiple access modes: access, trunk, hybrid, and QinQ
l VLAN assignment: port-based, MAC address-based VLAN
assignment
l VLAN aggregation
l MUX VLAN
Media
Access
Control
(MAC)
l Automatic learning and aging of MAC addresses
l Static, dynamic, and blackhole MAC address entries
l Packet filtering based on source MAC addresses
l Interface-based MAC learning limiting
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
15
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
22/57
Feature Description
Link Layer
Discovery
Protocol(LLDP)
Support for LLDP
Virtual
interface
configuratio
n table
(VCT)
Support for VCT
Ethernet
loop
protection
Multiple
Spanning
Tree
Protocol(MSTP)
l Spanning Tree Protocol (STP)
l Rapid Spanning Tree Protocol (RSTP)
l MSTP
l Bridge protocol data unit (BPDU) protection, root
protection, and loop protection
l Partitioned STP and Layer 2 protocol transparent
transmission
IP features Address
Resolution
Protocol
(ARP)
l Static and dynamic ARP entries
l ARP in a VLAN
l Aging of ARP entries
l ARP and Reverse Address Resolution Protocol (RARP)
l ARP proxy
l Auto-detection
IPv6 l IPv4/IPv6 dual-stack
l Neighbor Discovery (ND)
Dynamic
Host
Configuratio
n Protocol
(DHCP)
l DHCP server
l DHCP relay
l DHCP snooping
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
16
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
23/57
Feature Description
IP
forwardin
g
Unicast
routing
l IPv4/IPv6 static routing
l Routing Information Protocol version 1 (RIP-1), RIP-2, and
RIPng
l )Open Shortest Path First (OSPF), including OSPFv2 and
OSPFv3
l Intermediate System to Intermediate System (IS-IS)
l Border Gateway Protocol 4.0 (BGP4) and Border Gateway
Protocol for IPv6 (BGP4+)
l Routing protocol
l Policy-based routing
l Unicast Reverse Path Forwarding (URPF) check
lVirtual Routing Forwarding (VRF)
VPN l Virtual Routing Forwarding (VRF)
Multicast
routing
l Internet Group Management Protocol Version 1/2/3
(IGMPv1/v2/v3)
l PIM-SM (IPv4) and PIM-SM (IPv6)
l PIM-SSM (IPv4) and PIM-SSM (IPv6)
l MLDv1 and MLDv2
l MLD SSM Mapping
l Multiprotocol BGP (MBGP)
l Multicast Source Discovery Protocol (MSDP)
l Multicast routing policies
l Reverse Path Forwarding (RPF)
l Bidirectional PIM
Device
reliability
Bidirectional
Forwarding
Detection
(BFD)
l Basic BFD functions
l BFD for OSPF
l BFD for IS-IS
l BFD for BGP
l BFD for PIM
l BFD for static routing
l BFD for VRRP
Others l Virtual Router Redundancy Protocol (VRRP)
l Device Link Detection Protocol (DLDP)
l Smart Link
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
17
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
24/57
Feature Description
Layer 2
multicast
features
Layer 2
multicast
l IGMP snooping
l IGMP proxy
l Fast leave
l Multicast traffic control
l Multicast VLAN
QoS
features
Traffic
classification
l Traffic classification based on combination of the L2
protocol header, IP 5-tuple, outbound interface, and 802.1p
priority
l Traffic classification based on the C-VID and C-PRI of QinQ
packets
Traffic
behavior
l Access control after traffic classification
l Traffic policing based on traffic classifiers
l Re-marking based on the traffic classification result
l Class-based packet queuing
l Association between traffic classifiers and traffic behaviors
Queue
scheduling
l Priority queuing (PQ) scheduling
l Deficit round robin (DRR) scheduling
l PQ+DRR scheduling
l Weighted round robin (WRR) scheduling
l PQ+WRR scheduling
Congestion
avoidance
Weighted Random Early Detection (WRED)
Rate limiting
on outbound
interfaces
Rate limiting on outbound interfaces
Virtualizat
ion
Many-to-one
virtualizatio
n
l Intelligent Stack (iStack)
l Stack split and merge
l Dual-active detection
l Version and configuration synchronization
Data
center
features
Transparent
Interconnecti
on of Lots of
Links
(TRILL)
TRILL features
NOTE
CE5810 does not support TRILL.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
18
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
25/57
Feature Description
Data Center
Bridging
(DCB)
l Data Center Bridging Exchange Protocol (DCBX)
l Priority-based Flow Control (PFC)
l Enhanced Transmission Selection (ETS)
NOTE
Only CE6800 supports DCB.
Fiber
channel over
Ethernet
(FCoE)
FIP Snooping Bridge (FSB)
NOTE
Only CE6800 supports FCoE.
Virtual
awareness
l Virtual awareness
l Automatic policy deployment
l Automatic policy migration
Forwarding
mode based
on the
Virtual
Ethernet Port
Aggregator
(VEPA)
Forwarding mode based on the VEPA
Configura
tion and
maintenance
Terminal
service
l Command line configuration
l Error messages and online help in English and Chinese
l Login through console and Telnet terminals
l Send function and data communications between terminal
users
File system l Directory and file management
l File upload and download using File Transfer Protocol (FTP)
and Trivial File Transfer Protocol (TFTP)
Debugging
and
maintenance
l Unified management of logs, alarms, and debugging
information
l Electronic labels
l User operation logs
l Detailed debugging information for network fault diagnosis
l Network test tools such as tracert and ping commands
l Port mirroring and traffic mirroring
Version
upgrade
l Device software loading and in-service software loading
l In-service upgrade using the basic input/output system
(BIOS) menu
l In-service patching
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
19
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
26/57
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
27/57
l Destination MAC address
l Source and destination MAC addresses
l Source IP address
l
Destination IP addressl Source and destination IP addresses
l Transport-layer source port
l Transport-layer destination port
l Transport-layer source and destination ports
l User-defined load balancing modes for Layer 2 packets, IPv4 packets, and MPLS packets
Link aggregation technology increases transmission bandwidth and improves link reliability
efficiently and cost-effectively, without the need to upgrade hardware.
4.2.2 Interface-based Flow ControlFlow control based on interfaces is a method for congestion management. CE6800&5800
switches implement flow control on interfaces using a hardware backpressure mechanism. When
an interface works in full-duplex mode, CE6800&5800 switches implement flow control on the
interface in accordance with the IEEE 802.3x standard.
When congestion occurs, CE6800&5800 switches send consecutive Pause frames to the
upstream device, requesting the upstream device to stop sending data for a specified period of
time. When the upstream device receives the Pause frames, it reduces the volume of traffic sent
from its outbound interface. Interface-based flow control takes effect on all traffic types.
4.2.3 Traffic Suppression
Traffic suppression limits the number of unknown unicast packets, multicast packets, and
broadcast packets to within a proper range to ensure network efficiency.
On the CE6800&5800 series switches, you can configure traffic limits for unknown unicast
packets, multicast packets, and broadcast packets. When the rate of these packets on an interface
or a VLAN exceed the limits, the switches drop excess packets to control the traffic rate within
a proper range, ensuring normal operations of network services.
The CE6800&5800 series switches can also control the percentages of unknown unicast packets,
multicast packets, and broadcast packets on an interface.
4.2.4 VLAN
A local area network (LAN) can be divided into several logical LANs. Each logical LAN is a
broadcast domain, called a virtual LAN or VLAN. To put it simply, devices on a LAN are
logically grouped into different LAN segments, regardless of their physical locations. VLANs
isolate broadcast domains on a LAN.
VLAN Aggregation
To implement communication between VLANs on CE6800&5800 switches, users can configure
VLANIF interfaces and assign an IP address to each VLANIF interface. This implementation,
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
21
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
28/57
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
29/57
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
30/57
l Dynamic or static MAC addresses in the DHCP snooping table
l Dynamic MAC addresses that are learned before the number of learned MAC addresses
reaches the upper limit
When an interface receives frames with invalid source MAC addresses, CE6800&5800 switchesdiscard the frames or generate an alarm.
4.5 Link Detection
CE6800&5800 switches support link detection. This link detection feature provides two means
to detect link faults on LANs: loopback detection and virtual cable test (VCT).
l Loopback detection is used to detect whether loops exist on a LAN. CE6800&5800
switches send specific packets to detect loops over the entire LAN.
l VCT is used to estimate network cable length and locate failure points on the cable.
CE6800&5800 switches simulate radar to detect cable faults and locate the failure points
along a single link.
4.6 IP Features
NOTE
If you need IPv6 features on CE12800 switches, buy licenses from Huawei.
4.6.1 IPv4/IPv6 Dual-Stack
IPv4/IPv6 dual-stack features good interoperability and easy implementation. Figure 4-1shows
the IPv4/IPv6 dual-stack structure.
Figure 4-1IPv4/IPv6 dual-stack structure
IPv4/IPv6 Application
TCP UDP
Link Layer
I P v 4 I P v 6
4.6.2 IPv4
The CE6800&5800 supportthe following IPv4 features:
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
24
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
31/57
l TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and
ARP
l Static DNS, which the DNS server address manually specified
l FTP server/client and TFTP client
l DHCP relay, DHCP server, and DHCP snooping
l Ping, tracert, and NQA.
l Bidirectional Forwarding Detection (BFD) features, including BFD for OSPF, BFD for
ISIS, BFD for BGP, and BFD for PIM
4.6.3 IPv6
The CE6800&5800 supportthe following IPv6 features:
l IPv6 Neighbor Discovery (ND)
l Path MTU Discovery (PMTU)
l TCP6, ping IPv6, tracert IPv6, socket IPv6, UDP6, and Raw IP6
4.7 Routing
The CE12800 supports the following routing features:
l Static routes that are manually configured by the administrator to simplify network
configurations and improve network performance
l IPv4 routing protocols, including RIPv1/v2, OSPF, IS-IS (IPv4), and BGP
l IPv6 routing protocols, including RIPng, OSPFv3, IS-IS (IPv6), and BGP4+
l Virtual routing forwarding (VRF) multi-instance and IP address overlapping
l Optimal route selection using routing policies
4.8 Multicast
4.8.1 Layer 2 Multicast
The CE6800&CE5800 series switches support Layer 2 multicast (IP multicast at the data link
layer). Layer 2 multicast implements on-demand forwarding of multicast data within a broadcast
domain. This feature conserves network bandwidth and improves security of data transmission.
The CE6800&CE5800 series switches support the following Layer 2 multicast functions:
l IGMP snooping: This function is deployed on a switch between hosts and a multicast router.
The switch not only supports static multicast forwarding entries, but also generates dynamic
Layer 2 multicast forwarding entries with multicast groups, VLANs, and outbound
interfaces by listening to IGMP messages exchanged between the hosts and multicast
router. When the CE6800&CE5800 series switches receive multicast cast data packets,
they forward the packets to the receivers in the corresponding VLAN according to the Layer
2 forwarding table.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
25
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
32/57
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
33/57
join the rendezvous point tree (RPT) of the nearest RP. In this manner, load balancing is
implemented among the RPs. When an RP fails, sources and receivers registered with this
RP choose another nearest RP. This RP redundancy mechanism enhances network
reliability.
l Multicast static routes
l Route filtering: The multicast routing module can filter multicast routes it receives and
advertises using routing policies. It can also use routing policies to filter and forward IP
multicast packets.
l Reverse path forwarding (RPF) check.
4.9 QoS
CE6800&5800 switches provide a class-based QoS mechanism and support 802.1p priorities
for minimizing end-to-end delay and jitter and optimizing bandwidth.
CE6800&5800 switches classify traffic based on specific rules and take actions on traffic to
better support value-added services such as next generation network (NGN) services, IPTV, and
broadband access. The actions include priority re-marking, traffic policing, congestion
management, congestion avoidance, and rate limiting on an interface.
4.9.1 Traffic Classification
Traffic classification assesses packet header information against a set of rules to identify packets
of a certain type. For example, the 802.1p priority of packets sent by the operating support system
(OSS) and NMS is set to 7; the 802.1p priority of voice over IP (VoIP) packets is set to 6; the
802.1p priority of broadcast TV (BTV) packets and video on demand (VoD) packets is set to 5
or 4; the 802.1p priority of packets sent by virtual private network (VPN) users is set to 3, 2, or
1 according to the level of VPN users; and the 802.1p priority of Internet access service packets
is set to 0. Packets are classified based on their 802.1p priorities.
CE6800&5800 switches use a hardware classifier to ensure line-rate transmission of service data
on interfaces.
Users can define rules to classify packets and specify the relationships between rules.
l and: Packets match a traffic classifier only when the packets match all the rules.
l or: Packets match a traffic classifier as long as the packets match one of the rules.
Table 4-2describes the traffic classification rules.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
27
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
34/57
Table 4-2Traffic classification rules
Layer Traffic Classification Rule
Layer 2 l VLAN ID in the outer tag of a VLAN packet
l VLAN ID in the inner tag of a VLAN packet
l 802.1p priority in the outer tag of a VLAN packet
l 802.1p priority in the inner tag of a VLAN packet
l Source MAC address
l Destination MAC address
Layer 3 l DSCP priority in IP packets
l IP precedence in IP packets
l IP protocol type
Layer 4 l TCP SYN flag in TCP packets
Others l Inbound interface
l Outbound interface
l ACL
4.9.2 Access Control and Re-Marking
After traffic classification, CE6800&5800 switches perform access control on packets bypermitting or rejecting the packets. When packets are permitted, CE6800&5800 switches re-
mark the following information in the packets:
l 802.1p priority (PRI field in the VLAN tag)
l DSCP field
l Precedence field of IP packets
4.9.3 Traffic Policing
CE6800&5800 switches use a token bucket algorithm to police and control incoming traffic,implementing the committed access rate (CAR).
The traffic rate is controlled by limiting the speed at which tokens are placed in the token bucket.
When the traffic rate exceeds the upper limit, CE6800&5800 switches discard excess traffic so
that the traffic remains within an acceptable range. This function saves network resources and
protects the investments of customers.
4.9.4 Congestion Management
CE6800&5800 switches use queue scheduling technologies to implement congestion
management. Each outbound interface on CE6800&5800 switches has eight queues. After
packets are classified, they enter the appropriate queues based on their priorities.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
28
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
35/57
CE6800&5800 switches support the following queue scheduling policies:
l PQ
l WRR
lDRR
l PQ+WRR
l PQ+DRR
4.9.5 Congestion Avoidance
To remove congestion, a switch quickly discards packets to release queue resources and does
not put packets in long-delay queues.
The CE6800&5800 switches support the Weighted Random Early Detection (WRED)
algorithm. WRED monitors packets in each queue, compares the queue length with upper and
lower drop thresholds, and when congestion occurs, processes packets in queues based on thefollowing rules when congestion occurs:
l When the length of a queue is smaller than the lower drop threshold, no packet is discarded.
l When the length of a queue is between the upper drop threshold and the lower drop
threshold, WRED discards packets randomly based on the maximum drop probability.
l When the length of a queue exceeds the upper drop threshold, all packets in the queue are
discarded.
4.9.6 Rate-limiting on an Interface
Rate-limiting an interface proactively adjusts the rate of traffic on the interface in order to preventburst traffic and lower the packet loss rate. CE6800&5800 switches use a token bucket and a
buffer to rate-limit interfaces, implementing traffic shaping. When the rate of packets exceeds
the rate limit, CE6800&5800 switches buffer excess packets and send them after the traffic rate
falls below the rate limit. In this manner, the packet transmission rate is smoothed.
4.9.7 Two-Rate-Three-Color
CE6800&5800 switches control traffic based on the traffic classification results and discard
excess packets when the rate of packets exceeds the rate limit. CE6800&5800 switches support
two-rate-three-color markers. Users can set the following parameters on CE6800&5800
switches:
l Committed information rate (CIR), which is the average rate of traffic that can pass through
an interface
l Committed burst size (CBS), which is the average volume of burst traffic that can pass
through an interface
l Peak information rate (PIR), which is the maximum rate of traffic that can pass through an
interface
l Peak burst size (PBS), which is the maximum volume of burst traffic that can pass through
an interface
In addition, CE6800&5800 switches can mark packets red, green, or yellow according to the
traffic volume, map behaviors (such as permit or deny) to the colors, and re-mark packets.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
29
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
36/57
4.10 Security
CE6800&5800 switches ensure both device security and service security.
4.10.1 Device Security
Hierarchical Command Protection
CE6800&5800 switches authenticate users when they are logging in to CE6800&5800 switches
in Telnet mode from an Ethernet interface. Only authenticated users can configure and maintain
CE6800&5800 switches.
CE6800&5800 switches use a hierarchical protection mode for commands, and define four
command levels in ascending order: visit level, monitoring level, configuration level, andmanagement level. Users are also classified corresponding to the four command levels. Users
can use only the commands at the same or lower level than their own levels. This implementation
effectively controls user rights.
CE6800&5800 switches can combine command levels and user levels to extend to 16 total levels
for more finely grained user management.
Remote SSH Login
CE6800&5800 switches support Secure Shell (SSH). On an insecure network, SSH provides a
security guarantee and authentication functions for user logins and defends against multiple
attacks.
SNMP Encrypted Authentication
CE6800&5800 switches support encrypted authentication through Simple Network
Management Protocol version 3 (SNMPv3). When CE6800&5800 switches are managed by the
network management system (NMS) through SNMP, the encrypted authentication mode in the
user-based security model (USM) can be used to ensure switch security.
AAA
CE6800&5800 switches support Authentication, Authorization, and Accounting (AAA).
Together with hierarchical command protection, CE6800&5800 switches can authenticate and
authorize login users. In addition, CE6800&5800 switches can authenticate NMS users. The
AAA mechanism enables CE6800&5800 switches to prevent unauthorized access.
CE6800&5800 switches support multiple authentication methods such as local, Remote
Authentication Dial-In User Service (RADIUS), and Huawei Terminal Access Controller
Access Control System (HWTACACS) authentication modes.
CPU Attack Defense
CE6800&5800 switches can filter the protocol packets and management packets sent to the CPU
based on the protocol ID, port number, or combination of the port number and VLAN ID. This
filtering protects CPU channels from denial of service (DoS) attacks.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
30
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
37/57
4.10.2 Service Security
VLAN Assignment
CE6800&5800 switches support division of a LAN into multiple VLANs. Devices in different
VLANs cannot communicate with each other. This function isolates broadcast domains and
improves service security.
MAC Address Learning Limit on Interfaces
Users can set the maximum number of MAC addresses that a CE6800&5800 interface can learn,
to prevent hackers from initiating source MAC address attacks from the interface. This setting
ensures that the MAC address entries on CE6800&5800 switches will not be used up.
Blackhole MAC Address Entry
CE6800&5800 switches support blackhole MAC address entries. When receiving a packet,
CE6800&5800 switches compare the source or destination MAC address of the packet with
MAC address entries. If the source or destination MAC address of the packet is a blackhole
MAC address entry, CE6800&5800 switches discard the packet.
Once detecting that packets with a specific MAC address are prone to attacks, users can set a
blackhole MAC entry to filter out packets with this MAC address. This setting defends
CE6800&5800 switches against MAC address attacks.
MAC Table LookupTo improve interface security, CE6800&5800 switches support MAC table lookup based on
VLAN IDs and MAC addresses to improve interface security. The network administrator can
add static entries to the MAC address table. A static entry defines the mapping between a MAC
address and an interface. In this way, devices with specific MAC addresses are bound to
interfaces, which defends CE6800&5800 switches against attacks from packets with forged
MAC addresses.
Port Isolation
Port isolation prevents interfaces on the same CE6800&5800 switches from sending Layer 2
packets to each other. CE6800&5800 switches support unidirectional and bidirectional portisolation. Port isolation ensures security of user networks and helps construct cost-effective,
intelligent community networks. Port isolation also effectively controls broadcast packets and
increases network throughput.
Packet Filtering
Packet filtering is used to filter out invalid or unwanted packets.
CE6800&5800 switches can filter out packets based on user-defined rules, for example, by
checking the MAC address, IP address, port number, and VLAN ID of packets. Packet filtering
does not check the session status or analyze data. The packet filtering technology enables
CE6800&5800 switches to effectively control the packets that pass through.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
31
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
38/57
4.11 MAC-Forced Forwarding
The access layer provides network connections between the user-side hosts and the telecomcarrier-side access routers (ARs), including the reliable connections between the hosts and the
Internet or other IP networks.
The access layer is divided into the user network and aggregation network. The user network is
connected to an access node (AN) through a subscriber line (which is a physical line), and the
AN connects the subscriber line to the aggregation network. Therefore, the AN is the edge
between the subscriber line and the aggregation network. The aggregation network centralizes
and aggregates user traffic. Figure 4-2shows the connections at the access layer.
Figure 4-2Connections at the access layer
Switch CSwitch A
Switch B
EAN
EAN
EAN
Gateway
Flow through Gateway
Flow not through Gateway
Server ServerServerServer
Users have the following requirements atthe access layer:
l CE6800&5800 switches must perform Layer 3 forwarding for traffic of different user hosts
in different networks. In this way, switches can filter, schedule, and charge user traffic.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
32
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
39/57
l IPv4 address assignment efficiency needs to be improved to save IPv4 addresses. The
address assignment effectiveness also needs to be improved if addresses are assigned from
a large address pool but not from a small and independent network segment.
To implement user isolation at the access layer and meet the preceding requirements, the MAC-
Forced Forwarding (MFF) protocol is introduced.
MFF is a security protocol and it ensures that user hosts accessing a device with the same media
are isolated at Layer 2. When MFF is running, its security program applies to any shared access
media.
In addition to Layer 2 isolation, the AN running MFF discards any upstream broadcast packets
except for DHCP packets and ARP request packets. Especially, the AN discards DHCP Reply
packets received through the subscriber line and rate-limits the DHCP Broadcast packets.
The AN running MFF must track the IPv4 addresses allocated to the subscriber line. This is to
discard upstream traffic that uses forged source IPv4 addresses.
4.12 DHCP
DHCP Snooping
CE6800&5800 switches can be deployed between the DHCP server and client to listen DHCP
packets that are exchanged. Based on the listening result, CE6800&5800 switches create an IP
+MAC+PORT+VLAN binding table to suppress invalid packets.
In addition, CE6800&5800 switches support the Option 82 field for collecting accurate locations
of DHCP clients.
l After receiving a Request packet from a DHCP client, CE6800&5800 switches append the
Option 82 field to the Request packet. Then, CE6800&5800 switches forward the packet
to the DHCP server. The DHCP server allocates IP addresses based on the Option 82 field.
l The DHCP server appends the Option 82 field to a Reply packet and sends the reply packet
to CE6800&5800 switches. CE6800&5800 switches parse the Option 82 field, determine
the target interface, remove the Option82 field, and then forward the packet to a user.
On CE6800&5800 switches, Option 82 is implemented in two modes: Option 82 insert and
Option 82 rebuild.
The Option 82 field contains the user circuit ID that carries the user device name, inner and outerVLAN IDs, and port number. Therefore, the Option 82 function effectively prevents attackers
from modifying DHCP packets.
DHCP Relay
The DHCP client and DHCP server broadcast DHCP packets during IP address allocation.
Therefore, DHCP applies only to scenarios when the DHCP client and DHCP server are on the
same subnet. To implement dynamic host configuration, users must configure a DHCP server
on each network segment, which increases costs.
The DHCP relay function is introduced to resolve this problem. By using DHCP relay, a DHCP
client in a subnet can communicate with the DHCP server in another subnet and finally obtain
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
33
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
40/57
an IP address. In this manner, DHCP clients on multiple network segments can share one DHCP
server. This reduces costs and facilitates centralized management.
DHCP Server
A DHCP server processes requests for address allocation, address lease extending, and address
release from DHCPv6 clients or DHCPv6 relay agents, and allocates IP addresses and other
network configuration parameters to DHCP clients.
The switch can function as a DHCP server and uses a global IP address pool to allocate IP
addresses. You can configure the following DHCP server functions on the switch:
l Configure and IP address pool, address lease, DNS server address, NetBIOS server address,
domain name suffix, and other network parameters. The DHCP server then dynamically
allocates IP addresses and other network configuration parameters to DHCP clients.
l Exclude some IP addresses in the address pool so that they will not be dynamically allocated
to clients.
l Bind IP addresses in the address pool to MAC addresses so that fixed IP addresses can be
allocated to servers or hosts used for special purpose on the network.
l Configure the DHCP server to check whether an IP address is in use by sending ping packets
before allocating the IP address to a client.
4.13 Network Management
4.13.1 LLDP
CE6800&5800 switches support the Link Layer Discovery Protocol (LLDP) that conforms to
IEEE 802.1ab. LLDP is a link layer protocol that a device uses to obtain information about
neighboring devices.
Using LLDP, the local NMS can obtain link-layer information of all devices on the local network
and details about the network topology. This expands the network management scope.
The LLDP-enabled interfaces on a CE6800&5800 periodically notify the neighboring devices
of the local interface status. When the status of an interface changes, the interface sends a status
update message to the directly connected neighboring device. The neighboring device stores the
status update message in the standard SNMP MIB. Then the NMS obtains link-layer information
of the network from the MIB to calculate the topology of the entire network.
4.13.2 NQA
With the launch of more value-added services, telecom carriers and users alike require
increasingly high QoS. Especially with the advent of voice over IP (VoIP) and video over IP
services, telecom carriers and users all tend to require Service Level Agreements (SLAs). To
ensure users with the committed bandwidth, telecom carriers need to collect statistics about
delay, jitter, and packet loss of devices. These statistics help analyze network performance in
timely fashion.
CE6800&5800 switches provide the network quality analysis (NQA) function to meet the
preceding requirements. NQA measures the performance of different protocols running on the
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
34
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
41/57
network. With NQA, telecom carriers can collect network operation indexes in real time, such
as TCP connection delay and file transfer rate. Based on these indexes, telecom carriers can
provide differentiated network services and charge differently for them. NQA is also an effective
tool for diagnosing network faults.
4.13.3 NetStream
As bandwidth on the Internet increases fast, users need to manage their network resources more
refinedly. NetStream technology can collect statistics about network traffic and usage of network
resources by sampling network traffic. This technology enables network administrators to obtain
detailed records about traffic on their data networks.
Figure 4-3NetStream networking diagram
NDE
NetStream
NSCNSC
NDA
NDA
NetStream traffic
traffic
NDE: NetStream Data Exporter NSC: NetStream Collector NDA: NetStream Data Analyzer
NetStream provides the following functions:
l Network management and planning
l Enterprise accounting and department billing
l ISP billing
l Data storage
l Business data collection
An IP a connectionless protocol, a service data flow on an IP network is a group of IP packets
that may be sent from any terminal to another terminal. Most data flows on an IP network are
temporary and bidirectional.
NetStream identifies flows of different services based on 7-tuple information consisting of the
destination IP address, source IP address, destination port number, source port number, protocol
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
35
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
42/57
ID, Type of Service (ToS), and inbound or outbound interface. After identifying data flows,
NetStream collects statistics for each service separately.
The NDE periodically sends the collected traffic statistics to the NSC. NSC processes the traffic
statistics and sends the statistics to the NDA. NDA analyzes the statistics, generates reports for
accounting and networking planning.
CE6800&CE5800 switches can work as an NDE and support packet-based random sampling to
sample IPv4, IPv6, and MPLS packets. The switches can create original traffic, flexible traffic,
and aggregation traffic and encapsulate NetStream packets V5, V8, or V9 format. They support
the Distributed NetStream model.
4.13.4 sFlow
Sampled Flow (sFlow) is a traffic monitoring technology that samples packets for traffic
statistics collection and analysis.
sFlow provides interface-based traffic analysis and displays traffic statistics in graphs or reports,
facilitating preventive maintenance on enterprise networks, especially for enterprises that do not
have specialized network administrators.
NetStream technology also provides traffic analysis function. As NetStream is implemented
based on traffic information, network devices must collect traffic statistics and save the collected
statistics in their buffers. Statistics are sent to the NetStream Collector (NSC) when their buffers
are full or when the traffic aging time expires. In sFlow application, network devices only need
to sample packets and do not need to save traffic statistics in their buffers. Traffic analysis is
completed by a remote collector. sFlow has the following advantages over NetStream:
l Fewer sources consumed and lower costs: Network devices do not need to save traffic
statistics in their buffers, reducing the network resources consumed and lowering costs.
l Flexible, on-demand collector deployment: Network traffic statistics collection and
analysis are completed by the collector. The traffic collection and analysis functions can
be flexibly configured on the collector according to network characteristics.
4.14 Smart Link and Multi-Instance
Dual-homing is a commonly used networking model. A dual-homing network usually runs the
Spanning Tree Protocol (STP) protocol to implement link redundancy. However, STP
convergence speed is low.
Smart Link can implement fast link switchover while providing redundancy protection. On a
dual-homed device, when the active link fails, the device switches traffic to the standby link to
ensure normal traffic forwarding.
Smart Link is specific to dual-homing networking and features fast convergence (subsecond
convergence), simple configuration, and easy user operation.
Smart Link multi-instance allows you to associate a Smart Link Group with multiple instances
bound to different VLAN ranges. Configure the standby link (using a command) to forward
traffic of some instances. Then data traffic of different VLANs is transmitted over different
paths, realizing loading balancing.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
36
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
43/57
4.15 Stacking
Stacking enables switches located in the same place to form a reliable switch group by way ofhigh-speed uplink interfaces. CE6800&5800 switches implement stacking by multiplexing
10GE/40GE uplink interfaces as stack interfaces. After being stacked, CE6800&5800 switches
can be uniformly managed and maintained, which reduces maintenance costs.
Stack interfaces on CE6800&5800 switches can be bonded to improve bandwidth and to enhance
stacking reliability.
Member switches in a stack system have three roles:
l Master switch
A stack system has only one master switch. The master switch manages the entire stack
system by assigning stack IDs to member switches, collecting information about the stacktopology, and advertising information to all the member switches.
l Standby switch
When the master switch fails, the standby switch becomes the master switch and takes over
all services.
l Slave switch
In a stack system, all member switches except for the master switch are slave switches.
4.16 Data Center Features
4.16.1 TRILL
In the cloud computing era, server virtualization technology is widely used in data centers. VMs
must be able to dynamically migrate within a wide range to enhance service reliability and lower
IT costs. Moreover, collaborative computing between servers generates a large volume of east-
west traffic. Therefore, fat-tree networking is required to implement non-blocking data
forwarding. These service requirements lead to the birth of large Layer 2 networking.
Transparent Interconnection of Lots of Links (TRILL) is introduced to build large Layer 2
networks.
TRILL is an IETF standard to implement large Layer 2 networking. Data packets are
encapsulated in TRILL headers with a TTL value to prevent packet loops. RPF check performed
on multicast packets also effectively prevents broadcast storms caused by loops. Packets are
forwarded along multiple paths to improve bandwidth efficiency. TRILL supports shared links
and can seamlessly interconnect with traditional Layer 2 networks. In addition, many TRILL
parameters are generated automatically, simplifying TRILL deployment. TRILL supports
unicast and multicast services simultaneously and features easy operation and maintenance
(O&M). TRILL is applicable to building large Layer 2 networks. It has the same characteristics
as traditional Layer 2 networks: plug-and-play and flexible deployment. TRILL also addresses
many issues of traditional Layer 2 networks. For example, bandwidth efficiency is low, STP
convergence is slow, and every switch needs to learn MAC addresses from devices on the entire
network.
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
37
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
44/57
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
45/57
Figure 4-4Virtual awareness solution
Network
administrator
Switch
NIC
Hardware
Virtual Switch
VM VM VM
NIC
Hardware
Virtual Switch
VM VM VM
nCenter
vCenter
The CE6800&5800 series switches support the following virtual awareness features:
l Manage and control VMs, and quickly obtain VM migration information from the vCenter.
l Automatically deploy and migrate VM policies. When a VM goes online, the switch
automatically deploys a VM policy for the VM; when a VM goes offline, its VM policy is
automatically deleted; when a VM is migrated, the switch deploys the VM policy on the
new access interface.
4.16.5 Forwarding Based on the VEPA
In server virtualization scenarios, virtual machines (VMs) on the same server cannot directly
communicate with each other.
In the Virtual Edge Port Aggregator (VEPA) service model, all traffic exchanged between VMs
on the same server must be forwarded by the upstream CE6800&5800 switches. This is the
VEPA-based traffic model. VEPA-based forwarding ensures that theCE6800&5800 series
switches can correctly forward traffic to the destination VMs on the same port. Figure 4-5shows
the VEPA-based traffic model.
Figure 4-5VEPA-based traffic model
Hypervisor
VM1 VM2 VM3
Server
VEPA
Switch
CloudEngine 6800&5800 Series Switches
Product Description 4 Product Features
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
39
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
46/57
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
47/57
5.1 Maintenance and Management
5.1.1 Configuration Modes
Configuration Methods
CE6800&5800 switches support the following configuration and management methods:
l Command line
Users can log in to the console port on CE6800&5800 switches from a console terminal
and then configure various features and parameters in the command-line interface (CLI).
l NMS configuration
Users can configure and manage CE6800&5800 switches using SNMP through a network
management system (NMS) workstation.
Login Modes
CE6800&5800 switches provide a console port for users to configure CE6800&5800 switches
locally or remotely. Users can connect a console terminal to the console port through a serial
port.
In addition, users can log in to CE6800&5800 switches' service interfaces through Telnet,Stelnet, or SSH for configuration and management.
For user logins, CE6800&5800 switches support multiple authentication modes, including non-
authentication, local authentication, and AAA authentication.
5.1.2 Monitoring and Maintenance
Hardware Monitoring
CE6800&5800 switches provide the following hardware monitoring functions:
l Re-detect hardware faults to prevent incorrect detection caused by intermittent interference.
l Checks version mapping automatically when the CE6800&5800 system is running.
Device Management and Maintenance
CE6800&5800 switches provide the following device management and maintenance functions:
l Support online help for the command line in English and Chinese.
l Provide hierarchical commands and user rights management.
l Provide an information center to uniformly manage logs, alarms, and debugging
information and redirect information as required.
CloudEngine 6800&5800 Series Switches
Product Description 5 Operation Maintenance and Network Management
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
41
8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03
48/57
l Provide electronic labeling. Users can query basic information about the main control
boards, optical modules, and fan modules on the CLI, and back up the information to an
external server using FTP or TFTP.
l Display the system version, module status, ambient temperature, CPU usage, and memory
usage.
5.1.3 Diagnosis and Debugging
Ping and tracert
On traditional IP networks, CE6800&5800 switches provide the following tools to check
network connectivity:
l Ping
lTracert
These tools test network connectivity and record the transmission paths of packets to help locate
faults.
Debugging
CE6800&5800 switches provide various debugging commands for each software feature. Each
debugging command supports multiple parameters and can be flexibly controlled. Debugging
commands can display the detailed information about process handling, packets received and
transmitted, and error checking of features.
Black Box
CE6800&5800 switches provide a black box function to record information on feature modules,
tasks, and events. To facilitate fault location, the black box records the dying gasp, process status,
and function calling track.
VCT
After a user runs the virtual cable test (VCT) command on an interface of CE6800&5800
switches, the interface sends a testing signal. According to time domain reflectometry (TDR)
theory, the interface receives the reflected signal a while after sending the testing signal. Based
on the characteristics of the reflected signal, the user can infer the cable status.
Mirroring Functions
CE6800&5800 switches support the following mirroring functions.
l Port mirroring
CE6800&5800 switches copy packets from the mirrored port to the mirroring port for
analysis and monitoring.
l Flow mirroring
CE6800&5800 switches copy all traffic on the mirrored port to the mirroring port for
analysis and monitoring.
CloudEngine 6800&5800 Series Switches
Product Description 5 Operation Maintenance and Network Management
Issue 03 (2013-12-01) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
42