NE40E Product Description (V600R003C00 - 02) PDF

HUAWEI NetEngine40E Universal Service Router
V600R003C00
Product Description
Issue 02
Date 2011-08-12
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 02 (2011-08-12) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
Product Description About This Document
About This Document
Purpose
This document describes the product positioning and features, product architecture, link features,
service features, application scenarios, operation and maintenance, and technical specifications
of the HUAWEI NetEngine40E device.
This document provides an overall description of the HUAWEI NetEngine40E device, which
helps intended readers get a general understanding of all the product features.
Related Versions
The following table lists the product versions related to this document.
Product Name Version
HUAWEI NetEngine40E V600R003C00

Universal Service Router
Intended Audience
This document is intended for:
l Network planning engineers

l Hardware installation engineers
l Commissioning engineers
l Data configuration engineers
l On-site maintenance engineers
l Network monitoring engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Issue 02 (2011-08-12) Huawei Proprietary and Confidential ii

Product Description About This Document
Symbol Description
Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.
DANGER
Indicates a hazard with a medium or low level of risk, which

if not avoided, could result in minor or moderate injury.
WARNING
Indicates a potentially hazardous situation, which if not

avoided, could result in equipment damage, data loss,
CAUTION
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
time.
NOTE Provides additional information to emphasize or supplement

important points of the main text.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Changes in Issue 02 (2011-08-12)

The second commercial release has the following updates:
l Service Features
– 7.14 Clock. The performance monitoring function on Passive ports of a 1588v2 device
is added.
l Operation and Maintenance
– 9.6 System Test and Diagnosis. The packet capture function is added.
Changes in Issue 01 (2011-05-30)

Initial field trial release.
Issue 02 (2011-08-12) Huawei Proprietary and Confidential iii

Product Description Contents
Contents
About This Document.....................................................................................................................ii

1 New Features of V600R003C00...................................................................................................1
2 Product Positioning.......................................................................................................................3
2.1 Product Positioning.............................................................................................................................................4
3 Product Architecture.....................................................................................................................5
3.1 Physical Architecture..........................................................................................................................................6
3.2 Logical Architecture...........................................................................................................................................6
3.3 Software Architecture.........................................................................................................................................7
3.4 Data Forwarding Process....................................................................................................................................9
4 Technical Specifications.............................................................................................................11
5 Boards............................................................................................................................................14
5.1 FPIC..................................................................................................................................................................15
5.2 LPUI-40............................................................................................................................................................18
5.3 LPUI-41............................................................................................................................................................18
5.4 LPUI-100..........................................................................................................................................................19
5.5 LPUS-41...........................................................................................................................................................19
5.6 SPU...................................................................................................................................................................20
6 Link Features................................................................................................................................21
6.1 E1/CE1/T1/CT1/E3/T3/CT3 Link Features.....................................................................................................22
6.2 Ethernet Link Features......................................................................................................................................22
6.3 POS Link Features............................................................................................................................................23
6.4 CPOS Link Features.........................................................................................................................................24
6.5 ATM Link Features..........................................................................................................................................25
6.6 FR Link Features..............................................................................................................................................26
7 Service Features...........................................................................................................................27
7.1 Ethernet Features..............................................................................................................................................28
7.1.1 Layer 2 Ethernet Features........................................................................................................................28
7.1.2 Layer 3 Ethernet Features........................................................................................................................28
7.1.3 QinQ Features..........................................................................................................................................28
7.1.4 Flexible Access to VPNs.........................................................................................................................29
Issue 02 (2011-08-12) Huawei Proprietary and Confidential iv

7.1.5 RRPP Link Features................................................................................................................................30

7.1.6 RSTP/MSTP Features..............................................................................................................................30
7.1.7 BPDU Tunneling Features.......................................................................................................................30
7.2 IP Features........................................................................................................................................................30
7.2.1 IPv4/IPv6 Dual Stack..............................................................................................................................30
7.2.2 IPv4 Features...........................................................................................................................................31
7.2.3 IPv6 Features...........................................................................................................................................31
7.2.4 GRE.........................................................................................................................................................32
7.2.5 IPv4/IPv6 Transition Technology...........................................................................................................32
7.2.6 IPSEC......................................................................................................................................................32
7.3 Routing Protocol...............................................................................................................................................33
7.3.1 Unicast Routing.......................................................................................................................................33
7.3.2 Multicast Routing....................................................................................................................................34
7.4 MPLS................................................................................................................................................................36
7.5 VPN Features....................................................................................................................................................39
7.5.1 Tunnel Policy...........................................................................................................................................39
7.5.2 VPN Tunnel.............................................................................................................................................39
7.5.3 MPLS L2VPN.........................................................................................................................................40
7.5.4 BGP/MPLS L3VPN................................................................................................................................42
7.6 QoS...................................................................................................................................................................43
7.7 Load Balancing.................................................................................................................................................47
7.8 Traffic Statistics................................................................................................................................................48
7.9 MSE..................................................................................................................................................................49
7.10 iVSE................................................................................................................................................................50
7.11 Security Features............................................................................................................................................51
7.12 IP RAN Features.............................................................................................................................................57
7.13 Network Reliability........................................................................................................................................57
7.14 Clock...............................................................................................................................................................63
8 Applicable Environment............................................................................................................66
8.1 Application on an IP Bearer Network..............................................................................................................67
8.2 Application on an IPTV Bearer Network.........................................................................................................68
8.3 Application on a Multi-Service IP MAN.........................................................................................................69
8.4 Application on an IPv6 Backbone Network.....................................................................................................70
8.5 IP RAN Solution...............................................................................................................................................71
8.6 iVSE Solution...................................................................................................................................................73
9 Operation and Maintenance......................................................................................................76

9.1 System Configuration Modes...........................................................................................................................77
9.2 System Management and Maintenance............................................................................................................77
9.3 Device Running Status Monitoring..................................................................................................................77
9.4 HGMP...............................................................................................................................................................79
9.5 System Service and Status Tracking................................................................................................................79
9.6 System Test and Diagnosis...............................................................................................................................79
Issue 02 (2011-08-12) Huawei Proprietary and Confidential v

9.7 NQA..................................................................................................................................................................80
9.8 In-Service Debugging.......................................................................................................................................80
9.9 Upgrade Features..............................................................................................................................................81
9.10 License............................................................................................................................................................81
9.11 Other Operation and Maintenance Features...................................................................................................81
10 NMS.............................................................................................................................................83
A Acronyms and Abbreviations..................................................................................................85
Issue 02 (2011-08-12) Huawei Proprietary and Confidential vi

Product Description 1 New Features of V600R003C00
1 New Features of V600R003C00
New Hardware or Features Where to Place
LPUF-40 and Its FPICs: 5.1 FPIC

l 20-Port 10/100/1000Base-RJ45 Flexible
Card(P40)
l 4-Port 10GBase LAN/WAN-XFP
Flexible Card(P40,Occupy one sub-slot)
LPUF-100 and Its FPICs:
l 5-port 10GBase WAN/LAN-SFP flexible
card A (P100-A, supporting 1588v2)
l 24-Port 100/1000Base-X-SFP Flexible
Card(P100,Occupy two sub-slots)
l 48-port 100/1000Base-CSFP flexible
card (P100)
Issue 02 (2011-08-12) Huawei Proprietary and Confidential 1

Product Description 1 New Features of V600R003C00
New Hardware or Features Where to Place
l 8-port 10GBase LAN/WAN-XFP 5.3 LPUI-41

Integrated Line Processing Unit
(LPUI-41)
l 4-port 10GBase LAN/WAN-XFP
(LPUI-41)
l 48-port 100/1000Base-X-SFP Integrated
Line Processing Unit (LPUI-41)
l 2-port 10GBase LAN/WAN-XFP and 24-
port 100/1000Base-X-SFP Integrated
l 4-port 10GBase LAN/WAN-XFP
(LPUI-41, supporting 1588v2)
l 40-port 100/1000Base-X-SFP Integrated
Line Processing Unit (LPUI-41,
supporting 1588v2)
l 2-port 10GBase LAN/WAN-XFP and 20-
port 100/1000Base-X-SFP Integrated
Line Processing Unit (LPUI-41,
supporting 1588v2)
l 10-port 10GBase LAN/WAN-XFP 5.4 LPUI-100

(LPUI-100, supporting 1588v2)
l 16-port 10GBase LAN-SFP Integrated
l 8-Port 10GBase LAN/WAN-XFP Line 5.5 LPUS-41

Processing Unit S(LPUS-41)
l 4-Port 10GBase LAN/WAN-XFP Line
l 48-Port 100/1000Base-X-SFP Line
Integrated Versatile Service Unit 20 A 5.6 SPU

(VSUI-20-A)
IPSEC 7.2.6 IPSEC
IP RAN 7.12 IP RAN Features
NSR 7.13 Network Reliability

Product Description 2 Product Positioning
2 Product Positioning
About This Chapter
2.1 Product Positioning

Product Description 2 Product Positioning
2.1 Product Positioning

Huawei HUAWEI NetEngine40E Universal Service Router (hereinafter referred to as the
NE40E) is a high-end router with 10-Gbit/s interfaces designed for core and backbone networks.
The NE40E is positioned as the edge or convergence router on the IP backbone network.
Based on the powerful Versatile Routing Platform (VRP), the NE40E features the following:
l Rich services
l Large capacity
l High performance
l High availability
The NE40E can be classified into the NE40E-X16, NE40E-X8, NE40E-X3, and NE40E-8.
NE40E-X16 NE40E-X8 NE40E-X3(DC)
NE40E-X3(AC) NE40E-8

Product Description 3 Product Architecture
3 Product Architecture
About This Chapter
3.1 Physical Architecture

3.2 Logical Architecture
3.3 Software Architecture
3.4 Data Forwarding Process

3.1 Physical Architecture

The physical architecture includes the following systems:
l Power distribution system

l Functional host system
l Heat dissipation system
l Network management system
All systems except the network management system (NMS) are located in an integrated cabinet.
The power distribution system consists of power modules working in 1+1 backup mode.
The following describes only the functional host system.
The functional host system comprises the system backplane, /Main Processing Units (MPUs),
Line Processing Units (LPUs), and Switch and Fabric Units (SFUs). It is connected to the NMS
through NMS interfaces. The functional host system processes data as well as monitors and
manages the entire system, including the power distribution system and heat dissipation system.
Figure 3-1 shows the functional host system of the NE40E.
Figure 3-1 Functional host system

Backplane
Monitoring
Monitoring bus System
Monitoring unit bus Management monitoring unit
bus Management bus
Management switching unit
Management unit bus
(1) MPU
System
POS/ contorlling unit (Master)
Ethernet Physical Forwarding
interface unit unit Monitoring
Serial link bus System
group Management monitoring unit
bus Management bus
switching unit
(1) System MPU

Monitoring controlling unit (Slave)
Monitoring unit bus
Monitoring
Management bus Switching network
Management unit
bus Management monitoring unit
bus Switching network
control unit
POS/
Ethernet Physical Forwarding
unit Switching
interface unit Serial link network
group
SFU module
(1) The link connects to the managment bus switching unit of another MPU
3.2 Logical Architecture

The logical architecture of the NE40E consists of the following planes:
l Data plane
l Control and management plane

l Monitoring plane
Figure 3-2 shows the logical architecture.
Figure 3-2 Logical architecture

LPU MPU LPU
Monitoring Monitoring
unit unit
Monitoring
plane System
monitoring unit Monitoring
Monitoring unit
unit
Management Management
System
unit unit
Control and controlling unit
management
plane Management Management
Switching
unit unit
network
control unit
Forwarding Forwarding
unit unit
Data plane
Switching
Forwarding network Forwarding
unit unit
LPU LPU
l The data plane is responsible for high speed processing and non-blocking switching of data
packets. It encapsulates or decapsulates packets, forwards IPv4/IPv6/MPLS packets,
performs QoS as well as scheduling and internal high-speed switching, and collects
statistics.
l The control and management plane completes all control and management functions for
the system and is the core of the entire system. Control and management units process
protocols and signals, and maintain, manage, report on, and control system status.
l The monitoring plane monitors the ambient environment to ensure secure and stable
operation of the system. It detects voltage levels, controls system power-on and-off,
monitors temperature, and controls fan modules. When a unit fails, the monitoring plane
isolates the faulty unit promptly so that other parts of the system can continue to run
normally.
3.3 Software Architecture

Figure 3-3 and shows the software architecture of the NE40E.

Figure 3-3 Software architecture
Power FAN
Monitoring Monitoring
RPS RPS
SNMP
Master Slave
IPC
LPU
FSU FSU FSU FSU
EFU EFU
EFU EFU
LPU LPU LPU PIC
Software of the NE40E consists of the Routing Process System (RPS), power monitoring system,
fan monitoring system, Forwarding Support Unit (FSU), and Express Forwarding Unit (EFU).
l The RPS, which includes IPOS software, VRP software, and product-adaptation software,
is the control and management module that runs on the MPU. The RPS on the active MPU
and the one on the standby MPU back up each other. RPSs support IPv4/IPv6, MPLS, LDP,
and routing protocols, calculate routes, establish LSPs and multicast distribution trees,
generate unicast, multicast, and MPLS forwarding tables, and they deliver information
concerning all the preceding mentioned to the LPU.
l The FSU implements the functions of the link layer and some functions of the IP protocol
stack on interfaces.
l The EFU performs hardware-based IPv4/IPv6 forwarding, multicast forwarding, MPLS
forwarding, and has a statistics functions.

3.4 Data Forwarding Process

Figure 3-4 Data forwarding process
PIC
Datagram Datagram
Processing on the incoming Processing on the outgoing

interface interface
Downstream traffic
Upstream traffic classification
classification
PFE IPv4 unicast Searching the Packet

IPv4 unicast
IPv4 multicast routing table to encapsulation
IPv4 multicast
MPLS forward packets and forwarding
MPLS
IPv6 in the
IPv6
MAC downstream
Congestion Queue
QoS in the management scheduling QoS in the
upstream Queue Congestion downstream
scheduling management
TM Multicast replication
Packet fragmentation Packet reassembly
Micro cell Micro cell

SFU
As shown in Figure 3-4, the Packet Forwarding Engine (PFE) adopts a Network Processor (NP)
or an Application Specific Integrated Circuit (ASIC) to implement high-speed packet routing.
External memory types include Static Random Access Memory (SRAM), Dynamic Random
Access Memory (DRAM), and Net Search Engine (NSE). The SRAM stores forwarding entries;
the DRAM stores packets; the NSE performs non-linear searching.
Data forwarding processes can be divided into upstream and downstream processes based on
the direction of the data flow.
l Upstream process: The Physical Interface Card (PIC) encapsulates packets to frames and
then sends them to the PFE. On the PFE of the inbound interface, the system decapsulates
the frames and identifies the packet types. It then classifies traffic according to the QoS
configurations on the inbound interface. After traffic classification, the system searches the
Forwarding Information Base (FIB) for the outbound interfaces and next hops of packets
to be forwarded. To forward an IPv4 unicast packet, for instance, the system searches the
FIB for the outbound interface and next hop according to the destination IP address of the

packet. Finally, the system sends the packets containing information about outbound
interfaces and next hops to the traffic management (TM) module.
l Downstream process: Information about packet types that have been identified in the
upstream process and about the outbound interfaces is encapsulated through the link layer
protocol and the packets are stored in corresponding queues for transmission. If an IPv4
packet whose outbound interface is an Ethernet interface, the system needs to obtain the
MAC address of the next hop. Outgoing traffic is then classified according to the QoS
configurations on the outbound interfaces. Finally, the system encapsulates the packets
with new Layer 2 headers on the outbound interfaces and sends them to the PIC.

Product Description 4 Technical Specifications
4 Technical Specifications
Table 4-1 Technical specifications

Item NE40E-X16 NE40E-X8 NE40E-X3 NE40E-8
Dimensions (width x 442 mm x 650 442 mm x 650 DC chassis: 442 mm x 669

depth x height, chassis mm x 1420 mm x 620 mm 442 mm x 650 mm x 886 mm
main body dimensions) mm (17.40 in. (17.40 in. x mm x 175 mm (17.40 in. x
x 25.59 in. x 25.59 in. x (17.40 in. x 26.34 in. x
55.91 in.) 24.41 in.) 25.59 in. x 34.88 in.)
6.89 in.)
AC chassis:
442 mm x 650
mm x 220 mm
(17.40 in. x
25.59 in. x
8.66 in.)
Dimensions (width x 442 mm x 770 442 mm x 770 DC chassis:

depth x height, chassis mm x 1420 mm x 620 mm 442 mm x 750
dimensions including mm (17.40 in. (17.40 in. x mm x 175 mm
the chassis's front and x 30.31 in. x 30.31 in. x (17.40 in. x
rear assembly and cable 55.91 in.) 24.41 in.) 29.53 in. x
racks) 6.89 in.)
AC chassis:
442 mm x 750
mm x 220 mm
(17.40 in. x
29.53 in. x
8.66 in.)
Installation Mounted in an N68E cabinet or a standard 19-inch cabinet

Weight (in full 267 kg 130 kg DC chassis: 147 kg (324.14

configuration) (588.74 lb) (286.65 lb) l 36kg lb)
(79.38 lb)
(LPUF-21
)
l 41kg
(90.41 lb)
(LPUF-40
)
AC chassis:
l 46kg
(101.43 lb)
(LPUF-21
)
l 51kg
(112.46 lb)
(LPUF-40
)
Maximum power 6500 W 3300 W 1100 W 2200 W
Heat dissipation 21089 BTU/ 10707 BTU/ 3569 BTU/ 7137 BTU/
hour hour hour hour
MTBF(year) 22.53 22.41 22.78 21.82
MTTR(hour) 0.5 0.5 0.5 0.5
Reliability 0.999997467 0.999997453 0.9999975 0.999997384
Total number of slots 22 11 5 12
Number of service slots 16 8 3 8
Forwarding capacity 3200 Mpps 1600 Mpps 300 Mpps 400 Mpps
Switching capacity 12.58Tbit/s 7.08Tbit/s 1.08 Tbit/s 640 Gbit/s

(bidirectional) (bidirectional) (bidirectional) (bidirectional)
Backplane bandwidth 30 Tbit/s 15 Tbit/s 1.35 Tbit/s 2 Tbit/s
Interface capacity 3.2 Tbit/s 1.6 Tbit/s 240 Gbit/s 320 Gbit/s
(bidirectional) (bidirectional) (bidirectional) (bidirectional) (bidirectional)
SDRAM 2 GB (The 2 GB (The 2 GB 2 GB

capacity can capacity can
be extended to be extended to
4 GB.) 4 GB.)
Flash 32 MB 32 MB 32 MB 32 MB

CF Card Two 1-GB CF Two 1-GB CF Two 1-GB CF Two 512-MB

cards on each cards on each cards on each CF cards on
MPU MPU MPU each MPU
DC input Rated -48 V

voltage voltage
Maxim -38 V to -72 V

um
voltage
range
AC input Rated 220 V

voltage voltage
Maxim 90 V to 275 V 90 V to 275 V 90 V to 275 V 90 V to 275 V

um 175 V to 275 175 V to 275 V 175 V to 275 175 V to 275
voltage V (recommend) V V
range (recommend) (recommend) (recommend)
Ambient Long- 0°C to 45°C (32°F to 113°F)

temperature term
Short- -5°C to 55°C (23°F to 131°F)

term Remarks: Maximum change of temperature during a one hour
period: 30°C (86°F)
Storage -40°C to 70°C (-40°F to 158°F)

temperature
Relative Long- 5% RH to 85% RH, non-condensing

ambient term
humidity
Short- 5% RH to 95% RH, non-condensing
term
Relative 0% RH to 95% RH, non-condensing

storage
humidity
Elevation 3000 m or less (9842.40 ft or less)

limit for
long-term
work
Storage 5000 m or less (16404 ft or less)

elevation
limit

Product Description 5 Boards
5 Boards
About This Chapter
5.1 FPIC
5.2 LPUI-40
5.3 LPUI-41
5.4 LPUI-100
5.5 LPUS-41
5.6 SPU

5.1 FPIC
LPUF-10 and Its FPICs
The LPUF-10 provides four sub-slots and supports a maximum of 10 Gbit/s bandwidth.
The LPUF-10 FPICs support hot swapping and automatic configuration restoration. The
LPUF-10 support installation of different types of FPICs.
Table 5-1 LPUF-10 FPICs
FPIC Name Remarks
1-Port OC-192c/STM-64c POS-XFP Occupies two sub-slots.

Flexible Card
1-Port OC-48c/STM-16c POS-SFP Occupies one sub-slot.

Flexible Card
8-Port 100/1000Base-X-SFP Flexible Occupies one sub-slot.

Card
2-Port OC-12c/STM-4c ATM-SFP Occupies one sub-slot.

Flexible Card
4-Port OC-3c/STM-1c ATM-SFP Occupies one sub-slot.

Flexible Card

Flexible Card

Flexible Card

Flexible Card

Flexible Card

Flexible Card

Flexible Card
2-Port Channelized OC-3c/STM-1c Occupies one sub-slot.

POS-SFP Flexible Card
4-Port Clear Channel E3/Channelized Occupies one sub-slot.

T3-SMB Flexible Card
24-Port Channelized E1/T1-DB100 Occupies one sub-slot.

Flexible Card

FPIC Name Remarks
8-Port 100/1000Base-X-SFP Flexible Occupies one sub-slot and supports 1588v2.

Card A(P10-A)

The LPUF-21 provides two sub-slots, and supports FPIC hot-swapping and a maximum of 20
Gbit/s bandwidth.
The LPUF-21 has two models: LPUF-21-A and LPUF-21-B. The LPUF-21-A supports all
software features provided by the NE40E; the LPUF-21-B does not support L3VPN, MVPN, or
IPv6. LPUF-21-B can be upgraded with licenses to support all functions of the LPUF-21-A.
Table 5-2 LPUF-21 FPICs

FPIC Name Remarks
1-Port 10GBase WAN/LAN-XFP Flexible Card Occupies one sub-slot.
12-Port 100/1000Base-SFP Flexible Card Occupies one sub-slot.
12-Port 10/100/1000Base-RJ45 Flexible Card Occupies one sub-slot.
1-Port 10GBase WAN/LAN-XFP Flexible Card Occupies one sub-slot and

supports 1588v2.
12-Port 100/1000Base-SFP Flexible Card A Occupies one sub-slot and

supports 1588v2.
1-Port OC-192c/STM-64c POS-XFP Flexible Card Occupies one sub-slot.
40-Port 10/100/1000Base-RJ45 Flexible Card Occupies two sub-slots.
40-Port 100/1000Base-SFP Flexible Card Occupies two sub-slots.
4-Port 10GBase WAN/LAN-XFP Flexible Card Occupies two sub-slots.
2-Port 10GBase LAN/WAN-XFP+20-Port Occupies two sub-slots.

100/1000Base-X-SFP Flexible Card
1-Port 10GBase LAN/WAN-XFP Flexible Card B(P20- Occupies one sub-slot.

B)
12-Port 100/1000Base-X-SFP Flexible Card B(P20-B) Occupies one sub-slot.
1-Port 10GBase LAN/WAN-XFP Flexible Card E(P20- Occupies one sub-slot.

E)
10-Port 1000Base-X-SFP Flexible Card E(P20-E) Occupies one sub-slot.


The LPUF-40 provides two sub-slots, and supports FPIC hot-swapping and a maximum of 40
Gbit/s bandwidth..
The LPUF-40 has two models: LPUF-40-A and LPUF-40-B. The LPUF-40-A supports all
software features provided by the NE40E. The LPUF-40-B does not support L3VPN, MVPN,
or IPv6, but can be upgraded with licenses to support all functions of the LPUF-40-A.
The LPUF-40 and its FPICs can be used only on the NE40E-X16, NE40E-X8 and NE40E-X3.
Table 5-3 FPICs supported by the LPUF-40
FPIC Remarks
2-port 10GBase LAN/WAN-XFP flexible It occupies one subcard slot.

card (P40)
20-port 10/100/1000Base-RJ45 flexible card It occupies one subcard slot.

(P40)
2-Port 10GBase LAN/WAN-XFP Flexible It occupies one subcard slot.

Card B(P40-B)
20-Port 100/1000Base-X-SFP Flexible Card It occupies one subcard slot.

B(P40-B)

20-port 100/1000Base-X-SFP flexible card A It occupies one subcard slot.

(P40-A, supporting 1588v2)
20-port 100/1000Base-X-SFP flexible card It occupies one subcard slot.

(P40)

card (P40)

The LPUF-100 provides four subcard slots. The FPICs of the LPUF-100 support hot swapping.
The LPUF-100 supports a maximum of 100 Gbit/s bandwidth.
The LPUF-100 and its FPICs can be used only on the NE40E-X16 and NE40E-X8.
Table 5-4 FPICs supported by the LPUF-100
FPIC Remarks
1-port OC-768c/STM-256c POS-2KM-LC It occupies two subcard slots.

flexible card A (P100)
4-port 10GBase LAN-SFP flexible card A It occupies two subcard slots.

(P100-A, supporting 1588v2)

FPIC Remarks
5-port 10GBase LAN/WAN-SFP flexible It occupies two subcard slots.

5-port 10GBase LAN/WAN-SFP flexible It occupies two subcard slots.

card E (P100-E)
24-Port 100/1000Base-X-SFP Flexible Card It occupies two subcard slots.

(P100)
48-port 100/1000Base-CSFP flexible card It occupies two subcard slots.

(P100)
5.2 LPUI-40
The LPUI-40 can be used only on the NE40E-X16, NE40E-X8 and NE40E-X3.
Table 5-5 LPUI-40

Board Name Remarks
4-port 10GBase LAN/WAN-XFP Integrated -

40-port 100/1000Base-X-SFP Integrated -

5.3 LPUI-41
The LPUI-41 can be used only on the NE40E-X16, NE40E-X8, NE40E-X3.
Table 5-6 LPUI-41

Board Name Remarks
8-port 10GBase LAN/WAN-XFP Integrated -

4-port 10GBase LAN/WAN-XFP Integrated –

48-port 100/1000Base-X-SFP Integrated –

2-port 10GBase LAN/WAN-XFP and 24- –

port 100/1000Base-X-SFP Integrated Line
Processing Unit (LPUI-41)

Board Name Remarks
4-port 10GBase LAN/WAN-XFP Integrated –

Line Processing Unit (LPUI-41, supporting
1588v2)
40-port 100/1000Base-X-SFP Integrated –

Line Processing Unit (LPUI-41, supporting
1588v2)
2-port 10GBase LAN/WAN-XFP and 20- –

port 100/1000Base-X-SFP Integrated Line
Processing Unit (LPUI-41, supporting
1588v2)
5.4 LPUI-100
The LPUI-100 can be used only on the NE40E-X16 and NE40E-X8.
Table 5-7 LPUI-100

Board Name Remarks
1-port 100GBase-CFP Integrated Line -

10-port 10GBase LAN/WAN-XFP -

Integrated Line Processing Unit (LPUI-100,
supporting 1588v2)
16-port 10GBase LAN-SFP Integrated Line -

5.5 LPUS-41
The LPUS-41 can be used only on the NE40E-X16, NE40E-X8 and NE40E-X3.
Table 5-8 LPUS-41

Board Name Remarks
8-Port 10GBase LAN/WAN-XFP Line –

4-Port 10GBase LAN/WAN-XFP Line –

48-Port 100/1000Base-X-SFP Line –


5.6 SPU
Table 5-9 SPU
Board Name Remarks
Versatile service processing unit C -
Flexible Card Versatile Service Unit 10 -

(VSUF-10)
Integrated Versatile Service Unit 20 A -

(VSUI-20-A)

Product Description 6 Link Features
6 Link Features
About This Chapter
6.1 E1/CE1/T1/CT1/E3/T3/CT3 Link Features

6.2 Ethernet Link Features
6.3 POS Link Features
6.4 CPOS Link Features
6.5 ATM Link Features
6.6 FR Link Features

6.1 E1/CE1/T1/CT1/E3/T3/CT3 Link Features

The NE40E provides E1, CE1, T1, CT1, E3, T3, and CT3 interfaces.
Serial interfaces can be channelized from E1/CE1/T1/CT1/E3/T3/CT3 interfaces. E1/CE1/T1/

CT1/E3/T3/CT3 interfaces and their serial interfaces support the following functions:
l PPP
l HDLC
l CRTP/ECRTP
l Interface loopback, including local loopback and remote loopback
l Configuration of the MTUs for IPv4 and MPLS packets
E1/CE1/T1/CT1 interfaces and their serial interfaces support the following link protocols:
l ATM
l TDM
l ATM IMA
PPP on serial interfaces supports the following protocols:
l LCP
l IPCP
l MPLSCP
l PAP
l CHAP
PPP on serial interfaces supports ML-PPP.
6.2 Ethernet Link Features

The NE40E provides the following features on Ethernet interfaces:
l Flow control and auto negotiation of rates

l Bundling of up to 16 physical Ethernet interfaces
l The formed Eth-Trunk interface functions the same as a common Ethernet interface in
supporting services.
l Bundling of interfaces of different rates
l Binding of interfaces on different boards into one Eth-Trunk
l Eth-Trunk member interfaces in active/standby mode
The NE40E can perform active/standby switchover automatically on Eth-Trunk member
interfaces when the link status of interfaces changes.
l Addition or deletion of member interfaces to or from an Eth-Trunk interface
The NE40E can sense the Up or Down status of member interfaces, thus dynamically
changing the bandwidth of the Eth-Trunk.
l Layer 2 and Layer 3 Eth-Trunk interfaces

E-Trunk, that is, Eth-Trunk interface whose member interfaces reside on different devices
l Association between Eth-Trunk links and BFD
l LACP defined in 802.3ad
The Link Aggregation Control Protocol (LACP) maintains link status according to interface
status. LACP adjusts or disables link aggregation in the case of aggregation changes.
l Virtual Ethernet interfaces
The NE40E supports virtual Ethernet (VE) interfaces. After an ATM Permanent Virtual
Circuit (PVC) is mapped to a manually-created VE interface, Ethernet frames can be
transmitted over the ATM Adaptation Layer (AAL5). This enables the VE interface to
provide Layer 2 switched services and Layer 3 IP services.
l Ethernet clock synchronization
l 1588v2 clock
l VLAN sub-interfaces
6.3 POS Link Features

The NE40E provides the following POS features:
l SDH/SONENT encapsulation
l Point-to-Point Protocol (PPP) on POS interfaces
PPP supports the following protocols:
– Link Control Protocol (LCP)
– Internet Protocol Control Protocol (IPCP)
– Multi-Protocol Label Switching Control Protocol (MPLSCP)
– Password Authentication Protocol (PAP)
– Challenge Handshake Authentication Protocol (CHAP)
l High-level Data Link Control (HDLC) on POS interfaces
l FR on POS interfaces
l POS sub-interfaces
POS sub-interfaces support point-to-point (P2P) .
l IP-Trunk
The NE40E supports the following IP bundling modes:
– Inter-board IP bundling
– Inter-chassis IP bundling
– IP bundling of channels of different rates
– Dynamic creating and removing of IP-Trunk interfaces
– Bundling of a physical channel into an IP-Trunk by using commands on physical
interfaces
l Configuration of the MTUs for IPv4, IPv6, and MPLS packets
POS interfaces support SDH alarms at the section layer, line layer, and path layer.

The troubleshooting procedure for POS interfaces is as follows:
l A POS interface prompts a fault and then notifies the control software on the board of the
fault.
l The control software of the board confirms the fault, updates the interface status, and then
notifies the MPU of the interface status.
l The MPU instructs the routing protocol to perform route convergence.
To ensure fast route convergence and network stability, the SPF timer and LSP timer need to be
configured on the POS interface to function together with route convergence.
6.4 CPOS Link Features

The NE40E provides the following CPOS features:
l Channelization
The channelization granularity of CPOS interfaces is as follows:
– A 155 Mbit/s CPOS interface can be channalized into 63 E1 channels, 84 T1 channels,
or N x 64 kbit/s channels.
– A 155 Mbit/s CPOS interface can be channelized into 3 E3/T3 channels.
The E1 interface channalized from a CPOS interface, in compliance with SAToP, can
transparently transmit unstructured TDM services through PWs on an MPLS network.
The E1 interface channalized from a CPOS interface, in compliance with CESoPSN, can
transparently transmit structured TDM services through PWs on an MPLS network.
l PPP/HDLC/ATM/TDM/ATM IMA
The NE40E provides CPOS interfaces at 155 Mbit/s. At the link layer, CPOS interfaces
support the following protocols:
– PPP
– HDLC
– TDM
– ATM
– ATM IMA
– FR
PPP on CPOS interfaces supports the following protocols:
– LCP
– IPCP
– MPLSCP
– MP
– PAP
– CHAP
l CRTP/ECRTP on 155 Mbit/s CPOS interfaces and 64 kbit/s, E1, T1, T3, and E3 interfaces
channelized from a 155 Mbit/s CPOS interface

6.5 ATM Link Features

The NE40E provides the following ATM features:
l SDH/SONENT encapsulation
ATM interfaces on the NE40E support SONET/SDH encapsulation and the SONET/SDH
overhead configuration and physical layer alarms.
l Permanent Virtual Path (PVP) or PVC
PVPs or PVCs can be created on ATM interfaces:
– VP/VC-based traffic shaping
– User-to-Network Interface (UNI) signaling
– Multiprotocol Encapsulation over ATM Adaptation Layer 5 in RFC 1483
– Classical IP and ARP over ATM in RFC 1577
– F4 or F5 End to End Loopback OAM
OAM functions in detecting the status of PVPs or PVCs.
– AAL5
– Nonreal-time Variable Bit Rate (nrt_VBR)
– Unspecified Bit Rate (UBR)
– Real-time Variable Bit Rate (rt_VBR)
– Constant Bit Rate (CBR)
l IPoA
The NE40E supports the following modes in setting up the mapping between a PVC and
the IP address of the peer device:
– Static mapping
– Inverse Address Resolution Protocol (InARP)
l IPoEoA access
l ATM sub-interfaces
l 1483B
1483B supported by the NE40E is applicable to IPoEoA. IPoEoA indicates that Ethernet
packets are carried over AAL5 and IP packets are carried over the Ethernet. This
implements Layer 2 forwarding of IPoEoA packets between the Ethernet and PVC. By
converging the ATM backbone network and the IP network, IPoEoA supports various
Ethernet and IP services.
l ATM cell relay
The NE40E supports PVC-based or PVP-based ATM cell relay and AAL5 SDU relay. The
NE40E supports the following ATM cell relay modes:
– Interface-based ATM cell relay
– 1-to-1 VCC cell relay
– N-to-1 VCC cell relay
– 1-to-1 VPC cell relay
– N-to-1 VPC cell relay

– ATM AAL5-SDU VCC transport

l Configuration of the MTUs for IPv4 and MPLS packets
l Line clocks
l Scrambling and descrambling of transmitted data
l Configuration of the shutdown and undo shutdown commands on ATM interfaces
l Configuration of the shutdown and undo shutdown commands on PVCs/PVPs
l Configuration of the shutdown and undo shutdown commands on sub-interfaces
l AAL5 SNAP encapsulation
l Cell relay and IWF on different sub-interfaces of the same ATM interface
6.6 FR Link Features

The following FR features are supported by POS, CPOS-E1, CPOS-T1, E1, and T1 interfaces
on the LPUG, LPUF-10, LPUF-21, and LPUF-40:
l Data Link Control Identifier (DLCI)
l PVC
l FR address mapping
l Local Management Interface (LMI)
l FR sub-interfaces
The NE40E supports sub-interfaces on 10G POS interfaces and inter-AS VPN Option A.

Product Description 7 Service Features
7 Service Features
About This Chapter
7.1 Ethernet Features

7.2 IP Features
7.3 Routing Protocol
7.4 MPLS
7.5 VPN Features
7.6 QoS
7.7 Load Balancing
7.8 Traffic Statistics
7.9 MSE
7.10 iVSE
7.11 Security Features
7.12 IP RAN Features
7.13 Network Reliability
7.14 Clock

7.1 Ethernet Features

7.1.1 Layer 2 Ethernet Features
On the NE40E, Ethernet interfaces can work in switched mode at Layer 2 and support VLAN,
VPLS, and QoS services. Functioning as UNIs, Layer 2 Ethernet interfaces support MPLS VPN
services.
The NE40E provides the following Layer 2 Ethernet features:
l Default VLAN
l VLAN trunk
l VLANIF interfaces
l VLAN aggregation
l Inter-VLAN port isolation
l Ethernet sub-interfaces
l VLAN aggregated sub-interfaces
l Port number-based VLAN division
l VLAN mapping
l VLAN stacking
l MAC address limit
l Unknown unicast/multicast/broadcast suppression
l Spanning Tree Protocol (STP)/Rapid Spanning Tree Protocol (RSTP)
l Multiple Spanning Tree Protocol (MSTP)
l RRPP with switching time less than 50 ms
7.1.2 Layer 3 Ethernet Features

The NE40E provides the following Layer 3 Ethernet features:
l IPv4
l IPv6
l MPLS
l Multicast
l VLAN sub-interfaces
l QoS
l Ethernet sub-interfaces
l VLAN aggregation sub-interfaces
7.1.3 QinQ Features

The NE40E provides abundant QinQ features to satisfy different networking requirements. The
QinQ features are as follows:
l Identification of double VLAN tags (inner VLAN tag and outer VLAN tag)

l Change of the outer VLAN ID

l Removal of double VLAN tags and then addition of new double VLAN tags
l QinQ mapping for the outer VLAN tag
l QinQ interface supporting 802.1ag
l Change of the EtherType value and 802.1p priority in the outer VLAN tag; copy of the
802.1p priority in the inner VLAN tag to the outer VLAN tag of double-tagged packets
l Traffic classification based on the 802.1p priorities in the outer VLAN tags of packets
l Rate limit on interfaces based on the 802.1p priorities in both inner and outer VLAN tags
l Interface-based QinQ
Interface-based QinQ is applicable to the following scenarios:
– Access to a VPLS network to transparently transmit VLAN packets
– Access to an L2VPN or PWE3 to transparently transmit VLAN packets
l VLAN-based QinQ
l QinQ termination
l EType in the outer tag of QinQ packets used for interoperation with devices of other vendors
l Multicast QinQ
l QinQ-based VLAN swapping
l VLAN stacking can be applied in the following scenarios:
– Access to VPLS
– Access to VLL or PWE3
l Translation sub-interface supporting 1to1, 1to2, 2to1, 2to2 VLAN tag translation
l Sub-interface for QinQ VLAN tag termination supporting VLAN tag swapping
l Sub-interface for dot1q VLAN tag termination, sub-interface for QinQ VLAN tag
termination, QinQ stacking sub-interface, and translation sub-interface supporting the
block action
l ACLs based on double VLAN tags and 802.1p precedence
l Sub-interfaces for QinQ VLAN tag termination accessing a VPLS network in symmetrical
mode supporting HQoS
l Sub-interface for QinQ VLAN tag termination and sub-interface for dot1q VLAN tag
termination supporting IPv6 routing protocols
termination supporting BFDv6
l Dynamic QinQ triggered by ND/DHCPv6 in IPv6 scenarios
termination supporting VRRPv6
l Sub-interface for QinQ VLAN tag termination IPv4 URPF
l Sub-interface for QinQ VLAN tag termination IPv6 URPF
7.1.4 Flexible Access to VPNs

In traditional access identification, user information or service information is identified through
a single tag or double tags. For example, the inner tag indicates user information and the outer
tag indicates service information. Different interfaces are configured with different double tags
to access different VPNs. In some scenarios, the access device does not support QinQ or a single

tag is used for multiple services. In this case, the access device may add service access
information to the 802.1p or DSCP field. Then, the NE40E connected to the access device needs
to use the 802.1p or DSCP value to identify access users. This helps configure the accesses to
different VPNs and set up different QoS scheduling policies.
7.1.5 RRPP Link Features

The Rapid Ring Protection Protocol (RRPP) supports the following functions:
l Polling mechanism
l Link status change notification
l Mechanism of checking the channel status of the sub-ring protocol packets on the major
ring
7.1.6 RSTP/MSTP Features

The NE40E supports the following:
l RSTP
l MSTP
MSTP provides BPDU protection to defend against such attacks. After the BPDU protection is
enabled, the switch shuts down the edge port that receives BPDUs. At the same time, the switch
informs the NMS of the situation. The edge port can be enabled by the network administrator.
NE40E can restrict the sending of Layer 2 and Layer 3 protocol packets such as RSTP and DHCP
through CP-CAR. This avoids influencing device performance.
7.1.7 BPDU Tunneling Features

The NE40E supports BPDU tunneling in the following modes:
l Port-based BPDU tunneling
l VLAN-based BPDU tunneling
l QinQ-based BPDU tunneling
l VLL-based transparent transmission of BPDUs
l VPLS-based transparent transmission of BPDUs
7.2 IP Features
7.2.1 IPv4/IPv6 Dual Stack
The IPv4/IPv6 dual stack can be easily implemented and can smoothly interoperate with other
protocols. Figure 7-1 shows the structure of the IPv4/IPv6 dual stack.

Figure 7-1 IPv4/IPv6 dual stack
IPv4/IPv6 Application
TCP UDP
IPv4 IPv6
Link Layer
IPv4/IPv6 dual stack (including dual-stack VPN) is supported on the same interface.
7.2.2 IPv4 Features

The NE40E supports the following IPv4 features:
l TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and
ARP
l Static DNS and specified DNS server
l FTP server/client and TFTP client
l DHCP relay agent and DHCP server
l Suppression of DHCP flooding
l Ping, tracert, and NQA
NQA can detect the status of ICMP, TCP, UDP, DHCP, FTP, HTTP, and SNMP services
and test the response time of the services. The system supports NQA in UDP jitter and
ICMP jitter tests by sending and receiving packets on LPUs. The minimum interval at which
packets are transmitted can be 10 ms. Each LPU supports up to 100 concurrent jitter tests.
The entire system supports up to 1000 concurrent jitter tests.
l IP policy-based routing (PBR) and flow-based next hop to which packets are forwarded
l IP PBR-based load balancing
l Load balancing in unequal cost multiple path (UCMP) mode
l Configuration of secondary IP addresses for all physical and logical interfaces
Each interface can be configured with a maximum of 255 secondary IP addresses with 31-
bit masks.
7.2.3 IPv6 Features

The NE40E supports the following IPv6 features:
l IPv6 Neighbor Discovery (ND)

l Path MTU Discovery (PMTU)
l TCP6, ping IPv6, tracert IPv6, and socket IPv6
l Static IPv6 DNS and specified IPv6 DNS server
l TFTP IPv6 client

l IPv6 PBR
l Telnet and SSH
7.2.4 GRE
Generic Routing Encapsulation (GRE) is applicable to the following:
l Transmission of data of a multi-protocol local network through a single-protocol backbone

networkEnlargement of the operation scope of the network with a limited number of hops
l Connection of discontinuous subnets to establish a VPN
l Access of a CE to an MPLS VPN through a GRE tunnel
When applying a GRE tunnel, ensure that the NE40E is installed with a GRE license file and an
SPUC, and the service mode of the SPUC is set to tunnel. GRE tunnels are independent of
physical interfaces.
7.2.5 IPv4/IPv6 Transition Technology

The NE40E provides the following IPv4/IPv6 transition technologies:
l IPv6 over IPv4 tunnel

The NE40E adopts the following IPv6 over IPv4 tunnel modes:
– IPv6 manual tunnel
– IPv6 over IPv4 GRE tunnel
– IPv4 over IPv6 automatic tunnel
– 6 to 4 tunnel
l IPv4 over IPv6 tunnel
l 6PE and 6vPE
7.2.6 IPSEC
The NE40E supports the following functions:
l 1:1 dual-system hot backup

l Transport mode and tunnel mode
l IKEv1 and IKEv2
l GRE over IPsec
l NAT Traversal
l VPN IPSec
l Packet fragmentation and reassembly
l Keepalive and DPD for peer detection
l Dynamic remote IPSec access
l IPSec PKI(Public Key Infrastructure)
l Pre-share-key

7.3 Routing Protocol

7.3.1 Unicast Routing
The NE40E supports the following unicast routing features:
l IPv4 routing protocols, including RIP, OSPF, IS-IS, and BGP4
l IPv6 routing protocols, including Routing Information Protocol Next Generation (RIPng),
OSPFv3, IS-ISv6, and BGP4+
l Static routes that are manually configured by the administrator to simplify network
configurations and improve network performance
l Large-capacity routing table to effectively support the operation of a MAN.
l Selection of the optimal route through the perfect routing policy
l Import of routing information of other protocols
l Use of routing policies in advertising and receiving routes and filtering of routes through
route attributes
l Support for load balancing and configuring the maximum number of equal-cost routes 32-
channel load balancing of IPv6 routes on the LPUF-10/LPUF-21/LPUF-40/LPUF-41
l Password authentication and MD5 authentication to improve network security
l Restart of protocol processes through command lines
l RIP-1 (classful routing protocol) and RIP-2 (classless routing protocol)
l Advertisement of a default route from a RIP-enabled device to its peers and setting of the
metric of this route
l RIP-triggered updates
l Disabling a specified interface from sending or receiving OSPF or RIP packets
l Association between OSPF and BGP
l Association between OSPF and LDP
l Fast OSPF convergence, which can be implemented in the following manners:
– Adjusting the interval at which LSAs are sent
– Enabling OSPF GR
– Configuring BFD for OSPF
l OSPF I-SPF and IS-IS I-SPF (I-SPF re-calculates only the affected routes of a shortest path
tree (SPT) rather the entire SPT)
l OSPF PRC
l OSPF calculation of link costs based on the reference bandwidth
Link costs can be manually configured or automatically calculated by the system based on
the reference bandwidth by using the following formula:
Link cost = Reference bandwidth/Interface bandwidth
The integer of the calculated result is the link cost. If the calculated result is smaller than
1, the cost is 1. The link cost can be changed by changing the reference bandwidth. By
default, the reference bandwidth of the NE40E is 100 Mbit/s. The value can be changed to
one in the range of 1 to 2147483648 in Mbit/s by running commands.
l Two-level IS-IS in a routing domain

l Association between IS-IS and LDP

l IS-IS GR, OSPF GR and BGP GR, which ensure high reliability with Non-Stop Forwarding
(NSF)
l BGP indirect next hop and dynamic update peer-groups
l Policy-based route selection by BGP when there are multiple routes to the same destination
l BGP route reflector (RR), which addresses the problem of high costs of full-mesh
requirement when there are many IBGP peers
l Sending of BGP Update packets that carry no private AS number
l IPv6 indirect next hop
l Route dampening, which suppresses unstable routes (unstable routes are neither added to
the BGP routing table nor advertised to other BGP peers)
l Routing protocol
l BGP fast convergence
The NE40E adopts a new route convergence mechanism and algorithm, which speeds up
convergence of BGP routes. The features are as follows:
– Indirect next hop
– On-demand route iteration
l BGP load balancing in multi-homing networking
l Non-Stop Routing (NSR)
The NE40E supports the following NSR modes:
– IS-IS NSR
– BGP NSR
The formula for calculating the bandwidth occupies by LSAs on interfaces in the same area is
as follows:
Assume that there are 10000 routes, Ethernet interfaces are used, and the MTU of the Ethernet
interfaces is 1500 bytes. In this case, the Ethernet frame header is of 18 bytes, and each LSA is
of 44 bytes. Each LSA carries information about a route.
(1500-18)/44=44. The preceding formula indicates that an Ethernet frame can carry information
about 33 routes. In this case, 228 Ethernet frames are required to carry information about 10000
routes.
7.3.2 Multicast Routing

The NE40E provides the following multicast features:
l Multicast protocols
Multicast protocols include the Internet Group Management Protocol (IGMP) ( IGMPv1,
IGMPv2 and IGMPv3), Protocol Independent Multicast-Dense Mode (PIM-DM), Protocol
Independent Multicast-Sparse Mode (PIM-SM), Multicast Source Discovery Protocol
(MSDP), and Multi-protocol Border Gateway Protocol (MBGP).
l Reverse Path Forwarding (RPF)
l PIM-SSM
l Anycast RP
l IPv6 multicast routing protocols

l IPv6 multicast routing protocols include PIM-IPv6-DM, PIM-IPv6-SM, and PIM-IPv6-

SSM.
l MLD
Multicast Listener Discovery (MLD) has the following versions:
– MLDv1 defined in RFC 2710
MLDv1 supports Any-Source Multicast (ASM) directly and supports Source-Specific
Multicast (SSM) together with SSM mapping.
– MLDv2 defined in RFC 3810
MLDv2 supports ASM and SSM directly.
l Multicast static routes
l Configuration of multicast protocols on physical interfaces such as Ethernet and POS
interfaces, and Trunk interfaces.
l Filtering of routes based on the routing policy when the multicast routing module receives,
imports, or advertises multicast routes and filtering and forwarding of multicast packets
based on the routing policy when IP multicast packets are forwarded
l Multicast VPN
The multicast domain (MD) scheme is used to implement this function.
l Addition and deletion of dummy entries
l Query of PIM neighbors and number of control messages
l Filtering of PIM neighbors, control of the forwarding boundary, and control of the BSR
service and management boundary
l Filtering and suppression of PIM Register messages
l MSDP authentication
l IGMP packet rate limiting and IGMP proxy
l Prompt leave of IGMP and MLD group members and the use of group-policies to restrict
the setup of forwarding entries
l Configuration of ACLs, including source address-based packet filtering, control of
multicast group number, setup of multicast forwarding entries, and Switch-MDT switching,
to ensure multicast security
l Multicast group-based, multicast source-based, multicast source/group-based, stable-
preferred, and balance-preferred load splitting
l IGMP snooping
The NE40E supports IGMP snooping on Layer 2 interfaces, Layer 3 interfaces, QinQ
interfaces, STP topologies, RRPP rings, and VPLS PWs.
l Multicast flow control
The NE40E discards or broadcasts unknown multicast packets in the VLAN to which the
receiving interface belongs. Unknown multicast packets are packets that have no
corresponding forwarding entries in the multicast forwarding table.
In addition, the NE40E restricts the maximum percentage of multicast flows on Ethernet
interfaces to control multicast traffic.
l VSI-based IGMP CPCAR
l Distributed multicast
l Maximum delay of less than 4 ms for multicast fast join and fast leave

l Multicast VLAN
The NE40E supports multicast VLAN and VLAN-based 1+1 protection of multicast traffic.
l Multicast over GRE
l Multicast VPN
For details, see section "7.5 VPN Features".
l Multicast CAC
The NE40E supports multicast Call Admission Control (CAC). When multicast CAC rules
are configured, the number of multicast groups and bandwidth are restricted for IGMP
snooping on interfaces or the entire system.
7.4 MPLS
The NE40E supports MPLS features, and static and dynamic LSPs. Static LSPs require that the
administrator configure the Label Switch Routers (LSRs) along the LSPs and set up LSPs
manually. Dynamic LSPs are set up dynamically in accordance with the routing information
through the Label Distribution Protocol (LDP) and RSVP-TE.
The delay for MPLS packets can be controlled in the following aspects:
l In the case that there is no traffic congestion, the NE40E adopts a high-speed processor to
ensure line-rate forwarding and low delay.
l In the case of traffic congestion, the NE40E ensures preferential forwarding and low delay
for traffic with high priority through mechanisms such as QoS, HQoS, MPLS TE, and DS-
TE.
MPLS is supported on all interfaces of the NE40E.
Basic MPLS Functions

The NE40E supports the following MPLS functions:
l Basic MPLS functions, service forwarding, and LDP
MPLS distributes labels, sets up LSPs, and transfers parameters used for setting up LSPs.
l A maximum of four MPLS labels
l LDP
– Downstream Unsolicited (DU) and Downstream on Demand (DoD) label advertisement
modes
– Independent and ordered label distribution control modes
– Liberal and conservative label retention modes
– Loop detection mechanism by using the maximum number of hops and path vector
– Basic discovery mechanism and extended discovery mechanism of LDP sessions
l MPLS ping and tracert and detection of the availability of an LSP through the exchange of
MPLS Echo Request packets and MPLS Echo Reply packets
l LSP bandwidth alarm function and LSP-based traffic statistics function that is used to
calculate bandwidth usage
l Packet-by-packet load balancing of MPLS packets
l Configuration of 32-channel or 64-channel load balancing (on the ingress and transit nodes)
that is controlled by the PAF file, with 64-channel load balancing applicable to IP

forwarding, IP packet forwarding over LDP LSPs (including L3VPN), and packet
forwarding on P nodes
l Management functions such as the LSP loop detection mechanism
l MPLS QoS, mapping from the ToS field in IP packets to the EXP field in MPLS packets,
and MPLS uniform, pipe, and short pipe modes
l Static configuration of LSPs and label forwarding based on traffic classification
l MPLS trap function
l Modification of MPLS MTUs
l Association between LDP and IGP, which shortens traffic loss to the minimum through the
synchronization between the LDP status and IGP status in case of network faults
l NE40E functioning as a Label Edge Router (LER) or an LSR
An LER is an edge device on an MPLS network that connects the MPLS network to other
networks. The LER classifies services, distributes labels, encapsulates or removes multi-
layer labels. When functioning as an egress, the NE40E supports PHP. That is, the
NE40E allocates an explicit null label or an implicit null label to the penultimate hop.
An LSR is a core router on an MPLS network. The LSR switches and distributes labels.
l Establishment of LSPs between NE40Es of different IS-IS levels and between the
NE40E and non-Huawei devices through LDP
l MPLS supported by the NE40E complies with the following standards:
– RFC 3031
– RFC 3032
– RFC 3034
– RFC 3035
– RFC 3036
– RFC 3037
The NE40E supports CR-LDP and RSVP-TE and can interoperate with non-Huawei
devices through CR-LDP or RSVP-TE.
MPLS TE
The MPLS TE technology combines the MPLS technology with traffic engineering. It can
reserve resources by setting up LSP tunnels for a specified path in an attempt to avoid network
congestion and balance network traffic.
In the case of resource scarcity, MPLS TE allows the preemption of bandwidth resources of
LSPs with low priorities. This meets the demands of important services or the LSPs with large
bandwidth. When an LSP fails or a node is congested, MPLS TE can ensure smooth network
communication through the backup path and the fast reroute (FRR) function. Through automatic
re-optimization and bandwidth adjustment, MPLS TE improves the self-adaptation capability
of tunnels and properly allocates network resources.
The process of updating the network topology through the TEDB is as follows: When a link
goes Down, the CSPF failed link timer is enabled. If the IGP route is deleted or the link is changed
within the timeout period of the CSPF failed link timer, CSPF deletes the timer and then updates
the TEDB. If the IGP route is not deleted or the link is not changed after the timeout period of
the CSPF failed link timer expires, the link is considered Up.
MPLS TE provides the following functions:

l Processing of static LSPs

MPLS can create and delete static LSPs, which require bandwidth but are manually
configured.
l Processing of Constrained Route-Label Switched Path (CR-LSP) of various types and route
calculation through the CSPF algorithm
CR-LSPs are classified into the following types:
l RSVP-TE
RSVP authentication complies with RFC 3097.
l Auto routing
Auto routing works in either of the following modes:
– IGP shortcut: An LSP is not advertised to neighboring routers. Therefore, other routers
cannot use the LSP.
– Forwarding adjacency: An LSP is advertised to neighboring routers. Therefore, other
routers can use the LSP.
l Fast reroute (FRR)
The switchover through FRR is within 50 ms, which minimizes the data loss when network
faults occur.
l Auto FRR
Auto FRR is an extension to MPLS TE FRR. You can create a bypass tunnel that meets
the requirement on the LSP by configuring the attributes of the bypass tunnel, global auto
FRR, and auto FRR on the interface of the primary tunnel. With the change of the primary
tunnel, the previous bypass tunnel is deleted automatically. Then, a new bypass tunnel that
meets the requirement is set up.
l Backup CR-LSP
The NE40E supports the following backup modes:
– Hot backup
A backup CR-LSP is established immediately after the primary CR-LSP is established.
When the primary CR-LSP fails, MPLS TE switches traffic immediately to the backup
CR-LSP.
– Ordinary backup
A backup CR-LSP is set up when the primary CR-LSP fails.
l LDP over TE
In existing networks, not all devices support MPLS TE. It is possible that only the devices
at the network core support TE and the devices at the network edge use LDP. The
application of LDP over TE is therefore put forward. With LDP over TE, the TE tunnel is
considered as a hop of the entire LDP LSP. Through forwarding adjacency, one MPLE TE
tunnel can be considered as a virtual link and advertised to an IGP network.
l Make-before-break
Make-before-break is a technology for ensuring highly reliable CR-LSP switchover. The
original path is not deleted until a new path has been created. Before a new CR-LSP is
created, the original CR-LSP is not deleted. After a new CR-LSP has been created, the
traffic is switched to the new CR-LSP first, and then the original CR-LSP is deleted. This
ensures non-stop traffic forwarding.
l DS-TE
DS-TE implemented on the NE40E supports the Non-IETF mode and the IETF mode.

– The Non-IETF (non-standard) mode supports two CTs (CT0 and CT1), eight priorities
(0-7), and two bandwidth constraint models (RDM and MAM).
The CT here refers to the class type of a corresponding service flow. The priority here
refers to the LSP preemption priority.
– The IETF (standard) mode supports eight CTs (CT0 through CT7), eight priorities (0-7),
and three bandwidth constraint models (RDM, MAM, and Extended).
DS-TE supports TE FRR, hot standby, protection switchover, and CT-based traffic
statistics collection.
MPLS OAM
MPLS OAM functions are as follows:
l MPLS OAM detection

MPLS OAM sends CV/FFD and BDI packets along an LSP to be detected and its reverse
LSP to detect its connectivity.
l OAM auto protocol
l Protection switching
7.5 VPN Features

7.5.1 Tunnel Policy
Tunnel policies are used to select tunnels according to destination IP addresses. Tunnels are
selected according to tunnel policies as required. If no tunnel policy is created, the tunnel
management module searches for a tunnel according to the default tunnel policy.
The NE40E supports the following tunnel policies:
l Tunnel policy in select-sequence mode

In this mode, you need to specify the sequence in which the tunnel types are selected and
the number of tunnels carrying out load balancing. If a tunnel listed earlier is Up, it is
selected regardless of whether other services have selected it. The tunnels listed later are
not selected except in case of load balancing or when the preceding tunnels are all Down.
l VPN tunnel binding
VPN tunnel binding means that the peer end of the VPN on the PE of the VPN backbone
network is associated with a certain MPLS TE tunnel. The data from the VPN to the peer
PE is transmitted through the dedicated TE tunnel. The bound TE tunnel carries only
specified VPN services. This ensures QoS of the specified VPN services.
7.5.2 VPN Tunnel

The NE40E supports the following types of VPN tunnels:
l LSPs
l GRE tunnels
l TE tunnels

7.5.3 MPLS L2VPN

The NE40E provides L2VPN services over an MPLS network where the ISP can provide
L2VPNs over different media.
VLL
The NE40E supports the following VLL functions:
l Martini VLL
The Martini mode supports double labels. The inner label adopts extended LDP for
signaling in compliance with RFC 4096.
The type of VC FEC is 128. VC encapsulation types include 0x0004 Ethernet Tagged Mode,
0x0005 Ethernet, and 0x000B IP Layer2 Transport.
l Kompella VLL
VC encapsulation types of Kompella VLL include ATM-1to1-VCC, ATM-1to1-VPC,
ATM-AAL5-SDU, ATM-nto1-VCC, ATM-nto1-VPC, ATM-trans-cell, FR, Ethernet,
HDLC, PPP, VLAN, and IP-interworking.
Kompella VLL supports the local inter-board switching of packets in 802.1Q mode.
Kompella VLL supports inter-AS VPN.
l CCC VLL
CCC VLL supports the local inter-board switching of packets in 802.1Q mode
l SVC VLL
l VLL heterogeneous interworking
VLL heterogeneous IP-interworking is used when the link types of CEs on both ends of an
L2VPN link are different. In MPLS L2VPN heterogeneous IP-interworking, after receiving
a frame from a CE, a PE decapsulates the link-layer packet and transmits the IP packet
across an MPLS network. The IP packet is transparently transmitted to the peer PE. The
peer PE re-encapsulates IP packet according to its link layer protocol and transmits the
packet to the connected CE. The link-layer control packet sent by the CE is processed by
the PE and is not transmitted through the MPLS network. All non-IP packets such as MPLS
and IPX packets are discarded.
l Transparent transmission of certain types of link layer protocol packets
Interfaces can be configured to transparently transmit certain types of link layer protocol
packets, such as BPDUs, STP packets, LLDP packets, UDLD packets, CDP packets, and
HGMP packets.
l Inter-AS VLL
– SVC VLL, Martini VLL, and Kompella VLL can implement inter-AS L2VPN Option
A (VRF-to-VRF).
– Option B requires the switching of both inner and outer labels on the ASBR, and is
therefore not suitable for the VLL.
– Option C is the best solution.
l VLL over TE ECMP
VPLS
In a VPLS network, PEs can be all connected to each other and enabled with split horizon to
prevent Layer 2 loops.

The implementations of VPLS control plane through BGP and LDP are called Kompella VPLS
and Martini VPLS respectively.
l Kompella VPLS
Kompella VPLS has good scalability. With Kompella VPLS, BGP is adopted for signaling,
and VPN targets are configured to implement automatic discovery of VPLS members.
Therefore, the addition or deletion of PEs requires few additional operations.
l Martini VPLS
Martini VPLS has poor scalability. With Martini VPLS, LDP is adopted for signaling, and
the peers of a PE need to be manually specified. PEs in a VPLS network are all connected
to each other. Therefore, adding a new PE requires configurations on all the other associated
PEs to be modified.A pseudo wire (PW) is actually a point-to-point link. This means that
using LDP to create, maintain, and delete the PW is more effective.
The NE40E supports the following VPLS functions:
l Access to the VPLS network in QinQ mode
l HVPLS
l IGMP snooping for VPLS
l One MAC address space for each VSI
l VPLS learns MAC addresses in the following modes:
– Unqualified mode: In this mode, a VSI can contain multiple VLANs sharing a MAC
address space and a broadcast domain. When learning MAC addresses, VPLS also needs
to learn VLAN IDs.
– Qualified mode: In this mode, a VSI has only one VLAN, which has an independent
MAC address space and a broadcast domain. When learning MAC addresses, VPLS
does not need to learn VLAN IDs.
l VPLS/HVPLS equal-cost load balancing
l Fast switching of multicast traffic
l mVPLS
l STP over PW
l STP over VPLS
l Transparent transmission of certain types of link layer protocol packets
Interfaces can be configured to transparently transmit certain types of link layer protocol
packets, such as BPDUs, STP packets, LLDP packets, UDLD packets, CDP packets, and
HGMP packets.
l Ethernet loop detection
PWE3
The NE40E supports the following PWE3 functions:
l Virtual Circuit Connectivity Verification PING (VCCV-PING)
The NE40E supports the manual LDP PW connectivity detection on the UPE, including
the connectivity of static PWs, dynamic PWs, single-hop PWs, and multi-hop PWs.
l PW template
The NE40E supports the binding between a PW and a PW template, and the reset of PWs.
The NE40E supports heterogeneous interworking.

Currently, the NE40E supports the transparent transmission of the following packets
through PWE3: ATM AAL5 SDU VCC transport, Ethernet, HDLC, ATM n-to-one VCC
cell transport, IP Layer 2 transport, and ATM one-to-one VCC cell mode.
l ATM cell relay
l PW redundancy
l ATM IWF
ATM IWF runs on an L2VPN in CCC local connection mode or an L2VPN in PW mode.
l The NE40E supports the circuit emulation service (CES) by using Pseudo-Wire Emulation
Edge to Edge (PWE3).
The CES is classified into the Structure-aware TDM Circuit Emulation Service over Packet
Switched Network (CESoPSN) and Structure-Agnostic TDM over Packet (SAToP)
service.
7.5.4 BGP/MPLS L3VPN

The NE40E supports MPLS/BGP L3VPN, providing an end-to-end VPN solution for carriers.
Carriers can provide VPN services for users as a new value-added service. The NE40E supports
the following BGP/MPLS L3VPN functions:
l Access of a CE to an L3VPN through Layer 3 interfaces such as Ethernet, POS, and

VLANIF interfaces
l Static routes, BGP, RIP, OSPF, or IS-IS running between a CE and a PE
l Carrier's carrier
l Inter-AS VPN
The NE40E supports the following inter-AS VPN solutions described in RFC 2547bis:
– VPN instance to VPN instance, also called Inter-Provider Backbones Option A
In Option A, sub-interfaces connecting the Autonomous System Boundary Routers
(ASBRs) manage VPN routes.
– EBGP redistribution of labeled VPN-IPv4 routes, also called Inter-Provider Backbones
Option B
In Option B, ASBRs advertise labeled VPN-IPv4 routes to each other through MP-
EBGP.
– Multihop EBGP redistribution of labeled VPN-IPv4 routes, also called Inter-Provider
Backbones Option C
In Option C, PEs advertise labeled VPN-IPv4 routes to each other through Multihop
MP-EBGP.
l Multicast VPN
l IPv6 VPN
The NE40E supports the following IPv6 VPN networking solutions:
– Intranet VPN
– Extranet VPN
– Hub&Spoke
– Inter-AS or multi-AS backbones VPN
– Carriers' carrier
l HoVPN

l Resource reservation VPN (RRVPN)

l Multi-role host
7.6 QoS
On the NE40E, you can collect traffic statistics on the packets on which QoS is performed and
view the statistics result through corresponding display commands.
The NE40E supports the following QoS functions:
Diff-Serv Model
Multiple service flows can be aggregated into a Behavior Aggregate (BA) and then processed
based on the same Per-Hop Behavior (PHB). This simplifies the processing and storage of
services.
On the Diff-Serv core network, packet-specific QoS is provided. Therefore, signaling processing
is not required.
Simple Traffic Classification

Currently, the NE40E supports simple traffic classification not only on physical interfaces and
sub-interfaces but also on logical interfaces such as member interfaces of VLANIF and trunk
interfaces.
Complex Traffic Classification

The NE40E performs complex traffic classification based on the following information:
l Layer 2 and Layer 3 information of packets

l Source MAC address, destination MAC address, link layer protocol number, and 802.1p
value (of tagged packets) in the Ethernet frame header; IP precedence, DSCP, or ToS value,
source IP address prefix, destination IP address prefix, protocol number, fragmentation
flag, TCP SYN flag, TCP/UDP source port number or port range, and TCP/UDP destination
port number or port rang of IPv4 packets
l Information carried in IPv6 packets
l In addition to physical interfaces, traffic classification can be performed on logical
interfaces, including sub-interfaces and trunk interfaces.
Traffic Policing
CAR is mainly used for rate limit. In the implementation of CAR, a token bucket is used to
measure the data flows that pass through the interfaces on a router so that only the packets
assigned with tokens can go through the router in the specified time period. In this manner, the
rates of both incoming and outgoing traffic are controlled. In addition, the rate of certain types
of data flows can be controlled based on the information such as the IP address, port number,
and priority. Rate limit is not performed on the data flows that do not meet the specified
conditions, and such data flows are forwarded at the original interface rate.
CAR is mainly implemented at the edge of a network to ensure that core devices on the network
process data properly. The NE40E supports CAR for both incoming and outgoing traffic.

Queue Scheduling
The NE40E supports FIFO, PQ, and WFQ for queue scheduling on interfaces.
The NE40E maps packets of different priorities to different queues and adopts Round Robin
(RR) on each interface for queue scheduling.
Priority Queues (PQs) are classified into four types: top PQs, middle PQs, normal PQs, and
bottom PQs. They are ordered in descending order of priorities. When packets leave queues, PQ
allows the packets in the top PQ to go first. Packets in the top PQ are sent as long as there are
packets in this PQ. The NE40E sends packets in the middle PQ only when all packets in the top
PQ are sent. Similarly, the NE40E sends packets in the normal PQ only when all packets in the
middle PQ are sent; the NE40E sends packets in the bottom PQ only when all packets in the
normal PQ are sent. As a result, the packets in the PQ of a higher priority are always sent
preferentially, which ensures that packets of key services are processed preferentially when the
network is congested. Packets of common services are processed when the network is idle. In
this manner, the quality of key services is guaranteed, and the network resources are fully
utilized.
Weight Fair Queuing (hereinafter referred to as WFQ) is a complex queuing process, which
ensures that the services with the same priority are fairly treated and the services with different
priorities are weighted. The number of WFQ queues can be pre-set and is allowed to range from
16 to 4096. WFQ weights services based on their requirements for the bandwidth and delay. The
weights are determined by the IP precedence in the IP packet headers. With WFQ, the NE40E
implements dynamic traffic classification based on quintuples or ToS values. The packets with
the same quintuple (source IP address, destination IP address, source port number, destination
port number, and protocol number) or ToS value belong to the same flow. Packets in one flow
are placed in one queue through the Hash algorithm. When flows enter queues, WFQ
automatically places different flows into different queues based on the Hash algorithm. When
flows leave queues, WFQ allocates bandwidths to flows on the outbound interface based on
different IP precedence of the flows. The smaller the precedence value of a flow, the smaller the
bandwidth of the flow. In this manner, services of the same precedence are treated fairly; services
of different precedence are treated based on their weights.
Congestion Avoidance
Congestion avoidance is a traffic control mechanism used to avoid network overload by adjusting
network traffic. With this mechanism, the NE40E can monitor the usage of network resources
(such as queues and buffers in the memory) and discard packets when the network congestion
intensifies.
Random Early Detection (RED) or Weighted Random Early Detection (WRED) algorithms are
frequently used in congestion avoidance.
The RED algorithm sets the upper and lower limits for each queue and specifies the following
rules:
l When the length of a queue is below the lower limit, no packet is discarded.
l When the length of a queue exceeds the upper limit, all the incoming packets are discarded.
l When the length of a queue is between the lower and upper limits, the incoming packets
are discarded randomly. A random number is set for each received packet, and the random
number is compared with the drop probability of the current queue. The packet is discarded
when the random number is larger than the drop probability. The longer the queue, the
higher the drop probability. The drop probability, however, has an upper limit.

Unlike RED, the random number in WRED is based on the IP precedence of IP packets. WRED
keeps a lower drop probability for the packets that have a higher IP precedence.
RED and WRED employ the random packet drop policy to avoid global TCP synchronization.
The NE40E adopts WRED to implement congestion avoidance.
The NE40E supports congestion avoidance in both inbound and outbound directions of an
interface. The WRED template is applied in the outbound direction; the default scheduling policy
in the system is applied in the inbound direction. In addition, WRED can be applied to the
Multicast Tunnel interface (MTI) that is bound to the distributed multicast VPN on the
NE40E.
The NE40E supports congestion avoidance based on services. The NE40E reserves on each
interface eight service queues, that is, BE, AF1, AF2, AF3, AF4, EF, CS6, and CS7. The
NE40E colors packets with red, yellow, and green to identify the priorities of packets and discard
certain packets.
HQoS
The NE40E supports the following HQoS functions:
l Provides five levels of scheduling modes to ensure diverse services.

l Sets parameters such as the maximum queue length, WRED, low delay, SP/WRR, CBS,
PBS, and statistics function for each queue.
l Sets parameters such as the CIR, PIR, number of queues, and algorithm for scheduling
queues for each user.
l Provides the traffic statistics function. Users can learn the bandwidth usage of services and
properly distribute the bandwidth by analyzing traffic.
l Supports HQoS in the VPLS, L3VPN, VLL, and TE scenarios.
l Supports interface-based, VLAN-based, user-based, and service-based HQoS.
QPPB
QPPB is the abbreviation of QoS Policy Propagation Through the Border Gateway Protocol.
The receiver of BGP routes performs the following operations:
l Sets QoS parameters such as IP precedence and traffic behavior for a BGP route based on
the attributes of the route.
l Classifies traffic according to QoS parameters and sets the QoS policy for the classified
traffic.
l Forwards packets according to the locally configured QoS policies to propagate QoS
policies through BGP.
The receiver of BGP routes can set QoS parameters (IP precedence and associated traffic
behavior) based on the following attributes:
l ACL
l AS path list in routing information
l Community attribute list in routing information
l Metrics in routing information
l IP prefix list

QoS for Ethernet

l Layer 2 simple traffic classification
The NE40E performs simple traffic classification according to the 802.1p field in VLAN
packets. On the ingress PE, the 802.1p priority in a Layer 2 packet is mapped to the
precedence defined by the upper layer protocol, such as the IP DSCP value or the MPLS
EXP value. In this manner, Diff-Serv is implemented for the packets on the backbone
network. On the egress PE, the precedence of the upper layer protocol is mapped back to
the 802.1p priority.
l QinQ simple traffic classification
In the QinQ implementation, the 802.1p values in both inner and outer VLAN tags need to
be detected. The NE40E can detect the 802.1p value by the following means:
– Ignores the 802.1p value in the inner VLAN tag and sets a new 802.1p value in the outer
VLAN tag.
– Automatically converts the 802.1p value in the inner VLAN tag into the 802.1p value
in the outer VLAN tag.
– Sets a new 802.1p value in the outer VLAN tag according to the 802.1p value in the
inner VLAN tag.
Based on the preceding methods and the mapping of the inner VLAN tag to the outer VLAN
tag, QinQ supports 802.1p re-marking in the following modes:
– Specifying a given value.
– Adopting the 802.1p value in the inner VLAN tag.
– Mapping the 802.1p value in the inner VLAN tag to the 802.1p value in the outer VLAN
tag. The 802.1p values in multiple inner VLAN tags of different packets can be mapped
to the 802.1p value in one outer VLAN tag; whereas the 802.1p value in one inner
VLAN tag cannot be mapped to the 802.1p values in multiple outer VLAN tags of
different packets.
ATM QoS
The NE40E supports the following ATM QoS functions:
l ATM simple traffic classification

With ATM simple traffic classification enabled on an interface, a PVC, or a PVP, the CoS
and CLP value of incoming traffic can be mapped to the internal priority of a router; the
internal priority can be mapped back to the CoS and CLP value on the interface where the
traffic is forwarded. In this manner, various QoS services are implemented on different
ATM networks.
ATM simple traffic classification supports ATM cell relay, 1483R, and 1483B. The 1483R
protocol is used to encapsulate IP packets into IPoA packets. The 1483B protocol is used
to encapsulate Ethernet frames into IPoEoA packets.
l ATM forced traffic classification
Although ATM cells carry precedence information, it is very difficult to implement services
such as IPoA, ATM cell relay, and IWF simple traffic classification based on such
precedence information. Alternatively, forced traffic classification can be adopted. That is,
you can run a command to configure forced traffic classification on the inbound interface
to set the precedence and color for the traffic of a specific PVC, an interface (including the
main interface and the sub-interface), or a PVP. Then, the traffic is forwarded to the
outbound interface carrying the specified precedence and color.

Forced traffic classification is supported on ATM physical interfaces, ATM sub-interfaces,

and ATM PVCs and ATM PVPs.
MPLS HQoS
MPLS QoS is a complete L2VPN/L3VPN QoS solution. It resorts to various QoS techniques to
meet the diversified and delicate QoS demands of VPN users. MPLS QoS provides relative QoS
on the MPLS Diff-Serv network and end-to-end QoS on the MPLE TE network. In actual
applications, the following QoS policies are supported.
l QPPB applied to an L3VPN
l MPLS Diff-Serv applied to an L2VPN/L3VPN
l MPLS TE applied to an L2VPN/L3VPN
l MPLS DS-TE applied to an L2VPN/L3VPN
l VPN-based QoS applied to the network side of an L2VPN/L3VPN
7.7 Load Balancing

In a scenario where there are multiple equal-cost routes to the same destination, the NE40E can
balance traffic among these routes. The NE40E provides equal-cost load balancing and unequal-
cost load balancing, which can be selected as required. In equal-cost load balancing mode, traffic
is evenly load-balanced among different routes. In unequal-cost load balancing mode, traffic is
load-balanced among different routes based on the proportion of bandwidth of each interface.
Equal-Cost Load Balancing

The NE40E can implement equal-cost load balancing on the traffic transmitted through the
member links of an IP-Trunk or an Eth-Trunk. When there are multiple equal-cost routes to the
same destination, the NE40E can evenly balance traffic among these routes.
Load balancing can be implemented in either session-by-session or packet-by-packet mode. By
default, the session-by-session load balancing mode is adopted.
Unequal-Cost Load Balancing

The NE40E supports the following unequal-cost load balancing modes:
l Load balancing based on routes
When the costs of different direct routes are the same, you can configure a weight for each
route for load balancing.
l Load balancing based on interfaces
For an IP-Trunk or an Eth-Trunk, you can configure a weight for each member link for
load balancing.
l Load balancing based on link bandwidth for IGP
In this mode, unequal-cost session-by-session load balancing is performed on the outbound
interfaces of paths carrying out load balancing. The proportion of traffic transmitted along
each path is approximate to or equal to the proportion of bandwidth of each link. This mode
fully considers the link bandwidth. In this manner, the case that links with low bandwidth
are overloaded whereas links with high bandwidth are idle does not exist.
The NE40E can balance traffic between physical interfaces or between physical interfaces and
logical interfaces. In addition, the NE40E can detect the changes of logical interface bandwidth

due to manual configuration of new member links or the status changes of member links. When
the bandwidth of a logical interface changes, traffic is automatically load-balanced based on the
new bandwidth proportion.
7.8 Traffic Statistics

The NE40E collects the statistics on access services for various users with multiple statistic
functions. The traffic statistics functions are as follows:
The traffic statistics functions are as follows:
l Helps carriers analyze the traffic model of the network.

l Provides reference data for carriers to deploy and maintain Diff-Serv TE.
l Supports traffic-based accounting for non-monthly rental users.
URPF Traffic Statistics

The NE40E collects statistics on the forwarded traffic based on URPF and the traffic discarded
during the URPF check.
ACL Traffic Statistics

The NE40E supports the ACL traffic statistics function. When the created ACLs are applied to
QoS and PBR, the NE40E can collect statistics based on ACLs after the ACL traffic statistics
function is enabled. The NE40E also provides commands to query the number of matched
packets and bytes.
CAR Traffic Statistics

The NE40E provides diverse QoS functions such as traffic classification, traffic policing (CAR),
and queue scheduling. For these specific functions, the NE40E provides the following QoS
traffic statistics functions:
l In traffic classification, the system can collect statistics on the traffic that matches rules
and fails to match rules.
l The traffic statistics function for traffic policing is implemented in the following manners:
– Collects the statistics on the total traffic that matches the CAR rule.
– Collects the statistics on the traffic that is permitted or discarded by the CAR rule.
– Supports the interface-based traffic statistics.
– Supports interface-based CAR traffic statistics when the same traffic policy is applied
to different interfaces.
HQoS Traffic Statistics

The NE40E can collect the following HQoS traffic statistics:
l Statistics on the number of forwarding packets, bytes, and discarded packets of a user queue
which includes eight flow queues of different priorities
l Statistics on the number of forwarded packets, bytes, and discarded packets of a user group
queue

l Statistics on the number of forwarded packets, bytes, and discarded packets of eight queues
of different priorities on an interface
Interface-Based Traffic Statistics

Traffic statistics can be collected on all interfaces, including physical interfaces, sub-interfaces,
loopback interfaces, null interfaces, logical channel interfaces, and virtual Ethernet interfaces.
Statistics on IPv4 and IPv6 packets, including unicast packets, multicast packets, and broadcast
packets, can also be collected.
Statistics on all protocol packets that are supported can be collected, such as MPLS packets,
ARP packets, IGP packets, BGP packets, PIM packets, and DHCP packets.
The NE40E uses the 64-bit register to store the interface-based traffic statistics. For example,
the register can store the traffic statistics on a 10G interface for 58.5 years.
VPN Traffic Statistics

On a VPLS network, the NE40E, functioning as a PE, can collect statistics on incoming and
outgoing traffic of L2VPN users that are connected to the NE40E.
On an L3VPN, the NE40E, functioning as a PE, can collect statistics on incoming and outgoing
traffic of various types of access users. The access users include:
l Users that access the network through interfaces including logical interfaces
l Multi-role hosts
l Users that access the network through the VPLS/VLL
l When MPLS HQoS services are configured, the NE40E, functioning as an ingress PE, can
collect statistics on the traffic that is sent by the network side.
Traffic Statistics on TE Tunnels

The NE40E, functioning as a PE on an MPLS TE network, can collect statistics on incoming
and outgoing traffic of a tunnel. When a VPN is statically bound to a TE tunnel, the NE40E can
collect statistics on traffic of each RRVPN over the TE tunnel and the total traffic over the TE
tunnel.
Statistics can be collected on traffic of each CT on a DS-TE tunnel.
7.9 MSE
IPv4-Based IPoX User Access
The NE40E supports the following IPv4-based IPoX user access functions:
l IP over Ethernet over VLAN (IPoEoVLAN) and IP over Ethernet over QinQ (IPoEoQ)
l ARP trigger, IP trigger, and DHCP trigger, which indicate the modes for triggering user
access by sending ARP packets, IP packets, and DHCP packets respectively
l Web authentication, fast authentication, bind authentication
l Default domain and roaming domain
l Typical options such as Option 60 and Option 82

l Static users
l IPv4 address allocation
l Captive portal
AAA
The NE40E supports the following Authentication, Authorization, and Accounting (AAA)
functions:
l Flexible AAA schemes

Authentication schemes include non-authentication, local authentication, remote
authentication, and any combination of these modes.
Authorization schemes include HWTACACS authorization, authorization through
authentication, local authorization, and online authorization.
Accounting schemes include non-accounting, remote accounting through Remote
Authentication Dial In User Service (RADIUS)/RADIUS+ or Terminal Access Controller
Access Control System (TACACS), and pre-paid accounting.
l Domain management
l IPv4&IPv6 user management
l Local billing
RADIUS
The NE40E supports flexible RADIUS/RADIUS+ authentication, authorization, and
accounting.
Address Management
The NE40E supports the following address management functions:
l IPv4 address pool management through the DHCP server, DHCP relay agent, and DHCP
proxy
Reliability
The NE40E supports the following reliability functions:
l User access through a trunk interface whose member interfaces reside on the same LPU
User Security
The NE40E supports the following user security functions:
l IP-based or IP+MAC-based bogus user access

l MAC address-based CAR
7.10 iVSE
The NE40E supports the following iVSE functions:

l Fast channel change (FCC) and retransmission (RET) of BTV programs on L3/L3VPN/
VPLS networks
l Video Quality of Experience (VQE), including Media Delivery Index (MDI) and V-MOS
2.0
l Integrated quality monitoring of BTV and VOD programs on L3/L3VPN/L2VPN networks
l Interconnection with other Huawei devices in providing IPTV services
l Simple Object Access Protocol (SOAP)
l Entitlement Control Message Protocol (ECMP)
l Dynamic Inspection Protocol (DIP)
l Processing FCC requests scheduled by the Request Routing Server (RRS)
l Selective transmission of video data through FCC
l Distributed MDI quality monitoring of BTV and VOD programs on the LPUF-21/
LPUF-40/LPUF-41 on L3/L3VPN/L2VPN networks
l Distributed VMOS2.0 quality monitoring of BTV and VOD programs on the LPUF-41 on
L3/L3VPN/L2VPN networks
l Configuration of BTV channels
l Configuration of VOD programs
7.11 Security Features

Security Authentication
The NE40E supports the following security authentication functions:
l AAA
l PAP and CHAP in PPP
l Plain text authentication and MD5 encrypted text authentication supported by routing
protocols that include RIPv2, OSPF, IS-IS, and BGP
l MD5 encrypted text authentication supported by LDP and RSVP
l SNMPv3 encryption and authentication
URPF
The NE40E supports URPF for IPv4/IPv6 traffic.
MAC Address Limit

The NE40E supports the following MAC address limit functions:
l Limit on the number of MAC addresses that can be learned

l Limit on the speed of MAC address learning
l Limit on interface-based MAC address learning
l Limit on PW-based MAC address learning
l Limit on VLAN+interface-based MAC address learning
l Limit on interface+VSI-based MAC address learning

l Limit on QinQ-based MAC address learning
MAC entries in a MAC address table are classified into three types:
l Dynamic entries
Dynamic entries are learnt by interfaces and stored in hardware of LPUs. Dynamic entries
age. Dynamic entries will be lost in the case of the system reset, LPU hot swap, or LPU
reset.
l Static entries
Static entries are configured by users and delivered to LPUs. Static entries do not age. After
static entries are configured and saved, they are not lost in the case of the system reset, LPU
hot swap, or LPU reset.
l Blackhole entries
Blackhole entries are used to filter out the data frames that contain specific destination
MAC addresses. Blackhole entries are configured by users and delivered to LPUs.
Blackhole entries do not age. After blackhole entries are configured and saved, they will
not be lost in the case of the system reset, LPU hot swap, or LPU reset.
MAC Entry Deletion

The NE40E provides the following MAC entry deletion functions:
l Interface+VSI-based MAC entry deletion

l Interface+VLAN-based MAC entry deletion
l Trunk-based MAC entry deletion
l Outbound QinQ interface-based MAC entry deletion
Unknown Traffic Limit

With the unknown traffic limit, the NE40E implements the following operations on a VPLS or
Layer 2 network:
l Manages user traffic.

Boards that are not LPUI-41s or LPUF-100s manage only the traffic of VSI and VLAN
users.
l Allocates bandwidth to users.
In this manner, the network bandwidth is reasonably used and the network security is guaranteed.
IGMP Snooping
The NE40E supports IGMP snooping on Layer 2 interfaces, Layer 3 interfaces, QinQ interfaces,
STP topologies, RRPP rings, and VPLS PWs.
DHCP Snooping
DHCP snooping is mainly used to prevent DHCP Denial of Service (DoS) attacks, bogus DHCP
server attacks, ARP middleman attacks, and IP/MAC spoofing attacks when DHCP is enabled
on the NE40E.
The working mode of DHCP snooping varies with the attack type, as shown in Table 7-1.

Table 7-1 Attack types and DHCP snooping working modes
Attack Type DHCP Snooping Anti-Attack Working

Mode
DHCP exhaustion attack MAC address limit
Bogus DHCP server attack Trusted/untrusted
Middleman attack and IP/MAC spoofing DHCP snooping binding table

attack
DoS attack by changing the value of the Check on the CHADDR field in DHCP packets
Client Hardware Address (CHADDR) field
Local Attack Defense

The NE40E provides a uniform local attack defense module to manage and maintain the attack
defense policies of the whole system, thus offering an all-around attack defense solution that is
operable and maintainable to users.
The NE40E supports the following attack defense functions:
l Whitelist
l Blacklist
l CPU Total CAR
l IGMP VLAN CAR
l User-defined flow
l Active link protection (ALP)
The NE40E protects the TCP-based application-layer data such as session data with the
whitelist function.
l Uniform configuration of CAR parameters
The NE40E provides the following methods of configuring CAR parameters:
– Same CAR parameters configured on different LPUs
– Same configuration interface for users
– Configuration of protocol-specific CAR parameters, making the user interface more
friendly
l Smallest packet compensation
The NE40E can efficiently defend the network against the attacks of small packets with
the smallest packet compensation function. After receiving packets, the system checks the
lengths of packets before sending them to the CPU.
– If the packet length is smaller than the preset minimum packet length, the system
calculates the sending rate with the pre-set minimum length.
– If the packet length is greater than the pre-set minimum packet length, the system
calculates the sending rate with the actual packet length.
l Association between the application layer and lower layers
l Local URPF

l Management and service plane protection

l Defense against TCP/IP packet attacks
The NE40E provides defense measures against attacks by sending the following types of
packets on TCP/IP networks:
– Malformed packets
Null IGMP packets, packets with invalid TCP flag bits, LAND attack packets, IP packets
whose payloads are null, and smurf attack packets.
– Fragmented packets
Packets with a huge number of fragments or packets that have a large offset value,
repetitive fragmented packets, tear Drop, syndrop, nesta, fawx, bonk, NewTear, Rose,
ping of death, and Jolt attacks
– TCP SYN
– UDP flood
l Attack source tracing
When the NE40E is attacked, it obtains and stores suspicious packets, and then displays
the packets in a certain form through command lines or offline tools. This helps locate the
attack source easily.
When attacks occur, the system automatically removes the data encapsulated at upper layers
of the transmission layer and then caches the packets in memory. When there are a certain
number of packets in the cache, for example, 20000 packets on each LPU, the earliest
cached packets are overridden when more packets are cached.
GTSM
On the current network, attackers forge valid packets to attack routers, which overloads the
routers and consumes limited resources such as the CPU on the MPU. For example, an attacker
forges BGP protocol packets and continuously sends them to a router. After the LPU of the
router receives the packets, it finds that the packets are destined to itself and then sends the
packets directly to the BGP processing module on the MPU without checking the validity of the
packets. As a result, the system is abnormally busy processing these forged valid packets and
the CPU usage is high.
To guard against the preceding attacks, the NE40E provides the Generalized TTL Security
Mechanism (GTSM). The GTSM protects services above the IP layer by checking whether the
TTL value in the IP header is within a specified range. In actual applications, the GTSM is mainly
used to protect the TCP/IP-based control plane such as the routing protocol against attacks of
the CPU-utilization type such as CPU overload.
The NE40E supports BGP GTSM, OSPF GTSM, and LDP GTSM.
ARP Attack Defense

The NE40E supports the following ARP attack defense functions:
l Interface-based ARP entry restriction

l Timestamp suppression based on the destination IP address and source IP address of an
ARP packet
l The destination address check for the ARP packet

The system checks whether the destination IP address of the ARP packet received on the
interface is correct. If the destination IP address is correct, the packet is sent to the CPU;
otherwise, the packet is discarded.
l ARP bidirectional isolation
l Filtration of invalid ARP packets
The NE40E filters out the following types of ARP packets:
– Invalid ARP packets
Invalid ARP packets include ARP request packets with the destination MAC addresses
being unicast addresses, ARP request packets with the source MAC addresses being
non-unicast addresses, and ARP reply packets with the destination MAC addresses
being non-unicast addresses.
– Gratuitous ARP packets
– ARP request packets with valid MAC addresses
You can use commands to filter out one or more previously mentioned invalid packets.
l Dynamic CAR for ARP packets
Local Mirroring
In local mirroring, an LPU can be configured with a physical observing port, multiple logical
observing ports, and multiple mirrored ports.
Local mirroring can be inter-LPU mirroring, which means that the observing port and mirrored
port reside on different LPUs.
Remote Mirroring
The NE40E provides MPLS LSPs, MPLS TE tunnels, and GRE tunnels for remote mirroring.
In remote mirroring, an LPU can be configured with multiple observing ports and mirrored ports.
In remote mirroring, mirroring packets can be intercepted.
Netstream
NetStream provides the following functions:
l Accounting
l Network planning and analysis
l Network monitoring
l Application monitoring and analysis
l Abnormal traffic detection
NetStream involves three devices: the NetStream Data Exporter (NDE), the NetStream Collector
(NSC), and the NetStream Data Analyzer (NDA).
The NE40E functions as an NDE to sample packets and aggregate and output flows. NetStream
on the NE40E is classified into distributed NetStream and integrated NetStream based on where
to collect packets and process flows.
l Distributed NetStream
Certain LPUs can sample packets and aggregate and output flows by themselves.

l Integrated NetStream
Certain LPUs do not process flows. They only sample packets and send the sampled packets
to the NetStream SPU for integrated flow aggregation and output.Integrated NetStream
supports load balancing among multiple NetStream boards.
The NE40E supports the following functions in terms of sampling:
l Sampling on the inbound and outbound interfaces
l Certain LPUs support sampling on only inbound interfaces.
l Interface-based sampling and traffic-classification-based sampling
l Sampling of the IPv4 unicast/multicast packets, fragmented packets, MPLS packets, MPLS
L3VPN packets, and L2VPN VLL packets
l Regular packet sampling, random packet sampling, sampling at regular time, and sampling
at random time
l Sampling on various types of physical and logical interfaces such as POS interfaces,
Ethernet interfaces, VLAN sub-interfaces, serial/MP/FR PVC/FR MP interfaces
channelized from CPOS interfaces, ATM interfaces, FR interfaces, trunk interfaces,
VLANIF interfaces, and GRE interfaces
The NE40E provides the following functions in terms of aggregation and output:
l IPv4 packets can be aggregated based on the AS number, AS-ToS, protocol-port, protocol-
port-ToS, source-prefix, source-prefix-ToS, destination-prefix, destination-prefix-ToS,
prefix, prefix-ToS, and VLAN ID.
l MPLS packets can be aggregated based on Layer 3 labels.
l The generated statistics can be output in v5, v8, or v9 format with 16-bit or 32-bit AS
numbers, which can be set through commands. When packets are output in the v9 format,
both the 16-bit and 32-bit interface indexes are supported, and can be set through commands
as required.
l Each type of aggregated flows can be output to two NMS servers if configured.
NE40E supports NetStream IPv4 and NetStream IPv6.
Lawful Interception
Lawful interception indicates that law enforcement agencies lawfully intercept user information
after being authorized.
Lawful interception on the NE40E is used to listen to the devices on operators' networks. The
NE40E provides X1 and X3 interfaces that are connected to the signaling and data interfaces
respectively on Lawful Interception Gateways (LIGs). The X3 interfaces on the NE40E can be
connected to a maximum of 10 LIGs.
SSHv2
The NE40E supports the STelnet client and server and the SFTP client and server. Both support
SSH 1.5 and SSH 2.0.

7.12 IP RAN Features

PNP
NOTE
The plug-and-play function only can be configured on the X3 models of the NE40E.
Plug-and-Play (PNP) enables new devices to be automatically identified by the NMS and be
commissioned remotely by using the NMS.
On an IP RAN network deployed with a large number of devices, the device deployment costs,
especially the costs of on-site software commissioning, are high. This greatly harms the growth
of profits. To address this issue, Huawei puts forward the PNP solution.
The PNP feature effectively reduces the on-site software commissioning time, frees engineers
from working in bad outdoor environments, and greatly speeds up the project process and
improves project quality.
Y.1731
Y.1731 supports the following functions:
l Single-ended frame loss statistics collection, two-ended frame loss statistics collection,
one-way frame delay, two-way frame delay and one-way jitter
l VLL Alarm Indication Signal (AIS) and VPLS AIS
l Multicast MAC ping
MPLS-TP OAM
MPLS-TP OAM supports the following functions:
l Basic connectivity detection

l LoopBack (LB)
l Remote Defect Indication (RDI)
l Single-ended frame loss statistics collection and two-ended frame loss statistics collection
l One-way frame delay and two-way frame delay
l APS 1:1
7.13 Network Reliability

NSR
NE40Esupports the following techniques of Non-Stop Routing (NSR).
l NSR OSPF
l NSR LDP
l NSR RSVP-TE

l NSR PIM
l NSR PPP
l NSR ARP
l NSR LACP
l NSR for L2VPN
l NSR for L3VPN
l ISIS/ISIS6 NSR
l BGP/BGP4+ NSR
l Multicast (PIM/MSDP) NSR
l NSR for IPv6
APS
The NE40E supports the following Automatic Protection Switching (APS) functions:
l 1+1 unidirectional modeand 1:1 bidirectional mode

l Manual switching of APS groups
l Forcible switching of APS groups
l Locking of traffic on the working link of an APS group
l Interface-based APS
l Intra-LPU or inter-LPU APS
l Inter-device APS, that is, Enhanced APS (E-APS)
l Addition of the working and protect interfaces of an APS group to a trunk so that all services
are configured on the trunk
FRR
The NE40E provides multiple fast reroute (FRR) features. You can deploy FRR as required to
improve network reliability.
l IP FRR
FRR switching can be complete in 50 ms. In this manner, the data loss caused by network
failures is minimized to a great extend.
FRR supported by the NE40E enables the system to monitor and save the status of LPUs
and interfaces in real time and to check the status of interfaces during packet forwarding.
When faults occur on an interface, the system can rapidly switch the traffic to another pre-
set route, thus reducing time between failures and the packet loss ratio.
l LDP FRR
LDP FRR switching can be complete in 50 ms.
l Hybrid FRR
Hybrid FRR is a combination of IP FRR and VPN FRR of IP routes and VPN routes in a
same VPN instance.
On a bearer network where a CE is dual-homed to two PEs, IP FRR is deployed between
the CE and each PE. If there are multiple voice VPNs and the two PEs are connected through
a POS link, you cannot bind sub-interfaces to different VPN instances to provide a backup
link for the traffic, because the NE40E does not support POS sub-interfaces.

In this case, a BGP VPNv4 peer relationship can be set up between the two PEs. Therefore,
the backup path, in the form of a private route, is exchanged between the two PEs. The
VPNv4 route then functions as a backup of the IP routes between the CE and each PE. This
implements FRR and switches traffic within 50 ms.
l TE FRR
TE FRR is an MPLS TE technology used to protect local networks. Only the interfaces
with a transmission rate of over 100 Mbit/s support TE FRR. TE FRR switching can be
complete within 50 ms. It can minimize data loss when network failures occur.
TE FRR protects traffic only temporarily. When the protected LSP becomes normal or a
new LSP is established, traffic is switched back to the original protected LSP or the newly
established LSP.
When a link or a node on the LSP fails, traffic is switched to the protection link and the
ingress node of the LSP attempts to establish a new LSP, if an LSP is configured with TE
FRR.
With different protected objects, TE FRR is classified into the following types:
– Link protection
– Node protection
l Auto FRR
Auto FRR is an extension of MPLS TE FRR. It automatically creates a bypass tunnel that
meets the requirements for the LSP through the configuration of the attributes of the bypass
tunnel, global auto FRR attributes, and interface-based auto FRR attributes on the interface
of the primary tunnel. When the primary tunnel changes to another path, the previous bypass
tunnel is automatically deleted. Then, a bypass tunnel that meets the requirements is set up.
l VLL FRR
VLL FRR switching can be complete in 50 ms.
l VPN FRR
VPN FRR switching can be complete in 50 ms.
Backup of Key Parts

The NE40E-X16 supports backup of key modules.
l The NE40E-X16 has two MPUs that work in 1:1 backup mode.
l The NE40E-X16 has four SFUs that work in 3+1 backup mode. When one SFU becomes
faulty, the other three are responsible for data switching on the device. Traffic switching
on SFUs does not cause LPUs to be reset, or trigger the re-calculation of routes.
l The NE40E-X16 has eight PEMs on the back, working in 4+4 backup mode.
l NE40E-X16 has four fan modules. Each fan module contains a fan. The NE40E-X16 has
two heat dissipation areas. Each heat dissipation area has two fan modules working in 1+1
backup mode. If one of the fan modules becomes faulty and the ambient temperature is
below 40°C, the system can still work properly in a short period.
The NE40E-X8 supports backup of key modules.
l The NE40E-X8 has two SRUs that work in 1:1 backup mode.
l The NE40E-X8 has three SFUs working in 2+1 backup mode. Two of the SFUs are
integrated on two SRUs. When one SFU becomes faulty, the other two are responsible for

data switching on the device. Traffic switching on SFUs does not cause LPUs to be reset,
or trigger the re-calculation of routes.
l The NE40E-X8 has four PEMs on the back, working in 2+2 backup mode.
l NE40E-X8 has two fan modules. Each fan module contains a fan. The fan modules work
in 1+1 backup mode. When one module becomes faulty and the ambient temperature is
below 40°C, the system can still work properly in a short period.
The NE40E-X3 has two MPUs that work in 1:1 backup mode.
The NE40E can be equipped with one MPU/SRU or two MPUs/SRUs. The MPUs support hot
backup. If the device is configured with two MPUs/SRUs, the master MPU/SRU works and the
slave MPU/SRU is in the standby state. The management network interface on the slave MPU/
SRU cannot be accessed by users, and the console and AUX interfaces cannot be configured
with any command. The slave MPU/SRU exchanges information (including heartbeat messages
and backup data) with only the master MPU/SRU.
The system supports two types of master/slave switchover of MPUs/SRUs: failover and
switchover. The failover is triggered by serious faults in the master MPU/SRU or the reset of
the master MPU/SRU. The switchover is triggered by commands that are run on the console
interface. You can also forbid the master/slave switchover of the MPUs/SRUs by using
commands on the console interface. The system generates alarms, records the faults in the log
file, and reports the alarms to the NMS. The cause of the master/slave switchover and the
associated operations are recorded in the system diagnosis information base for users to analyze.
The system provides two clock boards in master/slave backup mode. If the system detects that
the master clock board becomes faulty or is reset through a command, the system automatically
performs the master/slave switchover of clock boards. The master/slave switchover of clock
boards does not result in phase offsets or interrupt services.
The master/slave switchover time of each key part is less than 100 us.
High Reliability of LPUs

The NE40E supports backup of key service interfaces of the same type through protocols.
l Supports VRRP on Ethernet interfaces. With extended VRRP, two interfaces located on a
same NE40E or two NE40Es can back up each other. This ensures high reliability of the
interfaces.
l Supports backup of Eth-Trunk or IP-Trunk member interfaces, or backup of Eth-Trunk or
IP-Trunk member interfaces and non-member interfaces.
l Supports the bundling of interfaces on different LPUs into a trunk.
You can access different LPUs through double links and bundle interfaces on different
LPUs into a trunk to ensure high reliability of services.
Inter-LPU bundling is implemented by high-performance hardware engines, thus ensuring
load balancing of packets among different links.
The Hash algorithm based on the combination of the source and destination IP addresses
load-balances traffic evenly on links.
Seamless switchover is implemented in the case of a link failure so that services are
forwarded without interruption.
Through extended protocols, the NE40E backs up key service interfaces. In this manner, core
routers can monitor and back up the running status of interfaces when they carry LAN, MAN,
or WAN services. Therefore, the routing table is not affected when the status of the backup
interface needs to be changed and services recover rapidly.

Transmission Alarm Suppression

Transmission alarm suppression can efficiently filter and suppress alarm signals. This prevents
interfaces from frequently flapping. In addition, transmission alarm customization enables the
control over the impact brought by alarms on the interface status.
Transmission alarm customization and suppression implement the following functions:
l Customizes alarms. This can specify the alarms that can cause the change of the interface
status.
l Suppresses alarms. This can filter out the burr and prevent the network from frequently
flapping.
Dual-System Hot Backup

The NE40E supports the following dual-system hot backup functions:
l 1+1 or 1:1 hot backup of ARP traffic
Ethernet OAM Fault Management

Ethernet OAM fault management includes the following functions:
l Ethernet in the First Mile OAM (EFM OAM)

Conforming to IEEE 802.3ah, the NE40E supports point-to-point Ethernet fault
management to detect faults in the last mile of the direct link on the user side of the Ethernet.
Currently, the NE40E supports OAM discovery, link monitoring, remote fault notification,
and remote loopback, as defined in IEEE 802.3ah.
l Connectivity Fault Management OAM (CFM OAM)
The following describes end-to-end Ethernet fault management in two aspects.
– Hierarchical MD
Each MD has a level that ranges from 0 to 7. The greater the value, the higher the level.
The 802.1ag packets from a low-level MD are discarded when entering a high-level
MD. The 802.1ag packets from a high-level MD can be transmitted through a low-level
MD.
– End-to-end fault detection and location
The NE40E realizes end-to-end Ethernet fault management by conforming to IEEE
802.1ag or not.
The NE40E supports MAC ping and MAC trace by transmitting Loop Back (LB) and
Link Trace (LT) messages defined in IEEE 802.1ag to locate faults.
Fault detection and location not conforming to IEEE 802.1ag include general MAC ping
and general MAC trace.
Ethernet OAM Performance Management

Conforming to ITU-T Y.1731, the NE40E supports Ethernet OAM performance management
by inserting the timestamp into 802.1ag LB messages to measure the delay, jitter, and packet
loss ratio when the messages are transmitted. In this manner, the NE40E can detect the end-to-
end performance of traffic in a specified time period and on a specified network segment. The
NE40E can measure performance parameters at scheduled time and output report containing the
network management information.

By using performance management tools, the ISP can monitor the network status in real time
through the NMS. The ISP then check whether the forwarding capacity of the network complies
with the Service Level Agreement (SLA) signed with users and locate faults. The ISP does not
need to carry out detection on the user side, which greatly decreases maintenance costs.
VRRP
VRRP dynamically associates the virtual router with a physical router that carries services. When
the physical router fails, another router is elected to take over services. Failover is transparent
to users and thus the internal network and the external network can communicate without
interruption.
The NE40E supports the following VRRP functions:
l mVRRP
l VGMP
l E-VRRP
l VRRP For IPv6
GR
Graceful Restart (GR) is a key technology in implementing HA. It is designed based on NSF.
GR switchover and subsequent restart can be performed by the administrator or triggered by
faults. GR neither deletes the routing information from the routing table or the FIB nor resets
the board during the switchover when faults occur. This prevents the service interruption of the
entire system.
The NE40E supports system-level GR and protocol-level GR. Protocol-based GR includes:
l BGP GR
l OSPF GR
l IS-IS GR
l MPLS LDP GR
l Martini VLL GR
l Martini VPLS GR
l L3VPN GR
l RSVP GR
l PIM GR
BFD
BFD is a detection mechanism used uniformly in an entire network. It is used to rapidly detect
and monitor the connectivity of links or IP routes in a network.
BFD sends detection packets at both ends of a bidirectional link to check the link status in both
directions. The defect detection is implemented at the millisecond level. The NE40E supports
single-hop BFD and multi-hop BFD.
BFD of the NE40E supports the following applications.
l BFD for VRRP

The system uses BFD to detect and monitor the connectivity of links or IP routes in a
network. The rapid VRRP switchover is thus triggered.
l BFD for FRR
– BFD for LDP FRR
– LDP FRR switchover is triggered after BFD detects faults on protected interfaces.
– BFD for IP FRR and BFD for VPN FRR
– IP FRR and VPN FRR are triggered after BFD detects faults and reports fault
information to the upper layer applications.
l BFD for static routes
l BFD for IS-IS
The NE40E supports detection on the IS-IS adjacency by using the BFD session that is
configured statically.
BFD detects the fault of the link between the adjacent IS-IS nodes and rapidly reports the
fault to IS-IS. Thus fast convergence of IS-IS routes is performed.
l BFD for OSPF/BGP
The NE40E supports OSPF and BGP in dynamically setting up and deleting the BFD
session.
l BFD for PIM
BFD detection on IP-Trunks and Eth-Trunks
On the NE40E, BFD can detect a trunk and the member links of the trunk independently.
That is, it can detect the connectivity of the trunk and that of an important member link of
the trunk.
l BFD for LSP
BFD for LSP performs fast fault detection of the LSP, the TE tunnel, and the PW. In this
manner, BFD for LSP implements fast switchover of MPLS services such as VPN FRR,
TE FRR, and VLL FRR.
l BFD for Dot1q sub-interface
l BFD for mVSI
l Multi-hop BFD
l BFD For IPv6
BFD for OSPFv3, BFD for ISISv6, BFD for BGP4+, and BFDv6 for default IPv6
l BFD for VPLS PW
l BFD for VPLS/VLL PW
7.14 Clock
The NE40E supports the following clock features:
l CES ACR
l CES DCR
l Ethernet clock synchronization
l The Ethernet interfaces on the LPUF-10 and LPUF-21 of the NE40E provide Ethernet clock
synchronization so that the clock quality and stratum of the network can be guaranteed.
l 1588v2

The 1588v2 feature:

– Supports the input and output of the externally synchronized time.
– Supports 10M/100M/1000M/10G Ethernet interfaces and auto sensing of 10M/100M/
1000M Ethernet interfaces.
– Supports Eth-Trunk.
– Supports OC, BC, E2ETC, P2PTC, E2ETCOC, P2PTCOC and TCandBC.
– Allows the NE40E to function as a GrandMaster.
– Supports slave-only when functioning as an OC.
– Supports the dynamic BMC algorithm.
– Supports two delay measurement methods: Delay and PDelay
– Supports one-step mode and two-step mode in which 1588v2 packets that are used by
1588v2 devices to perform time synchronization are timestamped..
– Supports multicast MAC encapsulation (the VLAN and 802.1p priority are
configurable).
– Supports multicast UDP encapsulation (the source IP address, VLAN, and DSCP
priority are configurable).
– Supports unicast MAC encapsulation (the destination MAC, VLAN, and 802.1p priority
are configurable).
– Supports the performance monitoring function on Passive ports of a 1588v2 device.
– Supports unicast UDP encapsulation (the source IP address, destination IP address,
destination MAC, VLAN, and DSCP priority are configurable).
– Uses the clock recovered through the Precision Time Protocol (PTP) as the clock source
and supports the algorithm for dynamic clock source selection (based on the priority
and clock stratum).
– Implements clock recovery that complies with G.813.
– Implements frequency recovery that meets the requirements of the SDH equipment
clock (SEC) in G.823.
l 1588 ACR
– Supports frequency synchronization only.
– Supports the change of selected clock sources.
– Supports unicast UDP encapsulation (and the DSCP field).
– Complies with Recommendation G.8261 in terms of service modeling and networking
and performs clock recovery with accuracy that is prescribed by G.823.
– Supports 1588v2 header overlapping without affecting forwarding capabilities.
– Supports switchover between master and slave MPUs/SRUs without affecting services.
– Supports hot swapping of LPUs and sub-cards.
l Network Time Protocol (NTP) clock
The NE40E supports the following working modes of NTPv4:
– Server/client mode
– Peer mode
– Broadcast mode
– Multicast mode
The NE40E supports two NTP security mechanisms:

– Access authority
The NE40E provides four levels of access control. After receiving an NTP access
request packet, the NE40E matches it from the lowest access control level to the highest
access control level. The first successfully matched access control level takes effect.
The matching order is as follows:
peer: indicates the minimum access control. The remote end can send a time request
and a control query to the local end. The local clock can also be synchronized with the
clock of the remote server.
server: indicates that the remote end can send a time request and a control query to the
local end. The local clock, however, is not synchronized with the clock of the remote
server.
synchronization: indicates that the remote end can only send a time request to the local
end.
query: indicates the maximum access control. The remote end can only send a control
query to the local end.
l Authentication
When configuring NTP authentication, note the following rules:
The NTP authentication must be configured on both the client and the server; otherwise,
the authentication does not take effect. If NTP authentication is enabled, keys must be
configured and declared reliable.
The server and the client must be configured with the same key.
l Internal clock
The NE40E provides an internal clock and can extract clock information from LPUs. The
clock precision reaches 4.6 ppm, that is, 0.00002s.

Product Description 8 Applicable Environment
8 Applicable Environment
About This Chapter
8.1 Application on an IP Bearer Network

8.2 Application on an IPTV Bearer Network
8.3 Application on a Multi-Service IP MAN
8.4 Application on an IPv6 Backbone Network
8.5 IP RAN Solution
8.6 iVSE Solution

8.1 Application on an IP Bearer Network

Figure 8-1 shows the application on an IP bearer network.
Figure 8-1 Application on an IP bearer network

Core layer
Convergence layer
Access layer
CR
NE5000E
BR
NE80E SoftX3000
AR
NE40E
SoftX3000
UMG8900
CR:Core Router BR(ER): Edge Router AR: Access Router
Directed at the condition of the existing bearer network and oriented at the NGN bearer network
and the 3G services, it is necessary for carriers to set up a core bearer network to carry NGN
multi-services. In the new market competition environment, with the development of new
services and technologies, the newly built bearer network will become the next-generation multi-
service bearer platform that supports voice, data, and video transmission. Specifically, the newly
built bearer network will carry NGN, video conference, video phone, streaming media, enterprise
interconnection, and 3G services. It will bring about the milestone of network transformation
and network convergence for carriers.
In this solution, the NE5000E acts as the core router to forward data at a high speed and ensure
high reliability; the NE80E/40E acts as the convergence router to converge NGN voice,
signaling, NMS, and customer services.
This application has the following characteristics:
l The core layer uses double planes. The NE5000Es are fully meshed.
l The NE80E is dual-homed to the NE5000Es.
l Two devices are deployed at an important node to back up each other.
l MPLS VPN is uniformly planned, which implements user isolation and service isolation.

l VPN FRR is deployed on all PEs.

l High reliability technologies such as TE FRR, GR, BFD for VRRP, and IGP fast
convergence are used on the network.
8.2 Application on an IPTV Bearer Network

Figure 8-2 Application on an IPTV bearer network
CS NMS
DiffServ, multicast fast Dynamic IP+MAC+VLAN

convergence, Anycast RP Core bearer binding, strict URPF,
provides reliability network ensuring access security
BAS
ES
NE80E
/NE40E
QinQ, 4K x 4K VLANs,
isolated unicast services, Convergence Selective QinQ, dedicated
secure access switch multicast VLAN，avoiding
replication on the gateway
Multicast replication on
Multicast switch,
the edge, ensuring high
saving reconstruction
efficiency and
expense
controllable multicast
DSLAM Multicast switch
End switch
Home Home
gateway gateway
TV PC TV PC
This application has the following characteristics:

l The IPTV bearer network and the original MAN access network share the same platform.
The IPTV bearer network is thus integrated in the entire network structure of carriers.
l At the core layer, the high-end router NE80E/40E is used to build an MPLS VPN and
construct the logical plane for various services. In addition, the NE80E/40E forwards data
at a high speed and provides high-performance QoS.
l The BRAS at the service control layer is deployed as follows:

– In the early phase of the development of IPTV services, normal services and IPTV
services access the same BRAS and traffic streams are distributed. In this manner, little
change is performed on the entire network and new services are deployed promptly.
– With the deployment of large-scale services, dedicated IPTV BRASs are required.
Broadband access services access the original BRAS; IPTV services access the
dedicated IPTV BRAS. In this manner, IPTV services and other services are free from
interacting on each other; the requirements of high-volume traffic of IPTV services are
satisfied. In addition, the powerful control capability of the BRAS ensures the secure
access of IPTV services. IPTV services and other services are distributed on the
convergence-layer devices.
8.3 Application on a Multi-Service IP MAN

Figure 8-3 Application on a multi-service IP MAN
Backbone Internet
network backbone IP bearer
network network
IP MAN Egress router
MAN core
ASBR-PE
network
BRAS USR
Service control layer
Access
IP broadband access network network Customer and NGN access
network
Broadband Customer
NGN service
access service
As shown in Figure 8-3, an IP MAN is classified into the core layer, service control layer, and
access layer.
The NE40E is usually deployed as the core node on IP backbone networks, IP MANs, and large-
scale IP networks. In this application, the NE80E is deployed on the egress of an IP MAN core
network.
The NE40E is usually deployed as the core or convergence node on IP MANs. In this application,
theNE40E is deployed as the convergence node on an IP MAN core network. The core layer is
responsible for high-performance and large-capacity data forwarding. It requires a simple

network structure and secure and reliable transmission of multiple services. Huawei enables IP/
MPLS at the core layer and allows a physical network to implement multiple logical service
bearer planes through the MPLS VPN technology. To ensure network security and reliability,
Huawei adopts many reliability techniques at the core layer, such as high reliability of devices
and networks, and inter-AS high reliability. Huawei provides core-layer devices of large
capacities, high-density interfaces, and high forwarding performance, answering the
requirements of the core layer.
The NE40E provides the following features that can answer the demands of the core layer of
the MAN:
l The NE40E has a powerful switching capacity. The interface capacity of a single system
reaches 640 Gbit/s. The NE40E provides 10-Gbit/s interfaces at line speed and high-density
GE interfaces. This meets the requirements for large-capacity and high-performance
forwarding on the core network.
l The NE40E provides powerful routing capabilities and various routing protocols. The
NE40E supports IP/MPLS and provides multiple VPN solutions such as BGP/MPLS
L3VPN and MPLS L2VPN. In this manner, multiple services are carried over the logical
bearer plane of the core network. Service isolation and security are thus implemented.
l The NE40E supports inter-AS VPN Option A/B/C. This guarantees the reliable running of
inter-AS services.
l The NE40E provides carrier-class reliability, such as redundancy of key modules and in-
service patching. In addition, the NE40E provides various FRR techniques, such as IP FRR,
LDP FRR, and TE FRR.
8.4 Application on an IPv6 Backbone Network

Figure 8-4 Application on an IPv6 backbone network
PE
PE PE
NE80E NE80E
IPv6 Internet
IPv6/IPv4 NE80E
NE5000E/80E
IPv6 Core 5000E/80E
PE PE
NE5000E/80E
NE80E/40E NE80E/40E IPv4 Internet
IPv6
IPv6 EDGE
L3 Switch L3 Switch
MA 5200 L2 Switch
SOHO IPv6 SOHO IPv6

The IPv6 application on a backbone network does not affect the original IPv4 services such as
IPv4 forwarding and MPLS VPN. The application needs to solve the following problems:
l Interconnection between IPv6 islands
l Interworking between IPv6 and IPv4 networks
To address the preceding problems, The NE40E applies IPv6 key technologies in the following
combinations:
l All the routers on the backbone network support the IPv4/IPv6 dual stack. In this case, IPv4
services are forwarded over IPv4, whereas IPv6 services are forwarded over IPv6. Both
problems can be solved.
l The interconnection between IPv6 islands can be implemented through L3 tunnels by
applying manually configured tunnels or 6to4 tunnels. The core router needs to support
only IPv4 forwarding and does not need to be upgraded.
l The interconnection between IPv6 islands can be implemented through MPLS L2 tunnels
by applying MPLS L2VPN techniques such as VPLS and CCC. The core router needs to
support only MPLS forwarding. The interworking between IPv6 and IPv4 networks can be
implemented by configuring NAT-PT on gateways.
8.5 IP RAN Solution

Access Solutions
Services of the 2G RAN network, mainly a small number of voice services, are transmitted over
TDM links. Usually one to three E1 interfaces on a BTS are connected to a BSC. Some mobile
carriers do not have fixed network infrastructure, and have to lease E1 lines of fixed-line
networks, which costs a lot. Services between the BTSs and BSCs in the same city can be
transparently transmitted over TDM links in a Metro Ethernet (ME) network.
For a 2G RAN network, a Packet Switching Network (PSN) is constructed through NE40Es
between the BTSs and a BSC. The NE40E is connected to the BTSs in the downstream through
n x E1 links, and to the BSC in the upstream through n x E1 links or 155-Mbit/s links.
Mobile providers worldwide have been constructing the Radio Access Network (RAN)
continuously. The 2G RAN network is based on TDM/SDH, and thus it has a lower utilization
of bandwidth, is hard to expand, and is inflexible to configure. Therefore, IP RAN is a trend.
UMTS R99/R4 defines ATM as the protocol used during the transmission of the services
between the Node B and RNC, with E1 IMA interfaces connecting the two ends. Figure 8-5
shows the networking diagram.

Figure 8-5 2G/3G RAN solution
E1
TD
M*
N Router
Router
E1 TDM E1 TDM*N
BSC
MPLS over SDH/ME
N *E1(ATM IMA) N *E1(ATM IMA)
Router Router RNC

Node B A)
IM
T M
(A
* E1
N Transparent transmission
of ATM cells through PWE3
Node B Transparent transmission

of TDM services
Deploying devices on a Metro Ethernet-based MPLS network can solve the problem of
bandwidth multiplexing. Node B is connected to the NE40E that supports E1 IMA interfaces.
After the NE40E terminates IMA, the high-speed ATM cell flow is transparently transmitted
through ATM PWE3 to the NE40E at the RNC side. Then, the NE40E at the RNC side divides
the high-speed ATM cell flow into n x E1 links, and sends multiple channels of low-speed cells
to the RNC. For the Node B and RNC, the NE40E and MPLS network are transparent. That is,
multiple E1 interfaces on the Node B and RNC are directly connected through the TDM link.
1588v2 Clock Solution

As shown in Figure 8-6, the bearer network synchronizes its time through the GPS or external
time sources, and then provides the clock or time externally; the nodes support multicast MAC
encapsulation.
The nodes in the bearer network can trace a BITS clock. All the nodes on the network serve as
boundary clocks (BCs), and all the BCs support the peer delay mechanism to be adapted to fast
switchover of links. The nodes that do not support IEEE 1588 can be configured to support GPS
if these nodes are connected through POS or ATM links. BCs send clock signals to the Node B
that support IEEE 1588 through multicast MAC addresses. The Node B that does not support
IEEE 1588 synchronizes frequency through Ethernet clock synchronization or through WAN
interfaces.

Figure 8-6 1588v2 clock solution
GPS GPS
POS
BC BC
1588v2 1588v2
GE GE
BC BC
FE E1 E1 FE
1588v2 1588v2
Node B Node B Node B Node B

with 1588v2 without 1588v2 without 1588v2 with 1588v2
8.6 iVSE Solution

In traditional IPTV solutions of the NE40E, some video problems, such as slow switchover of
channels, mosaic, static frames, and dark screen, persist. These problems affect user experience
greatly. In addition, operators lack effective means of monitoring the quality of video services.
By applying the iVSE function, the NE40E can provide fast switchover of video services,
retransmission of lost video packets, and monitoring of video quality.
When the user switches channels, the STB sends a fast switchover request to the iVSE-capable
NE40E. Then, the NE40E fast pushes channel data to the STB and reports new channels. The
STB sends the IGMP adding request to the DSLAM or multicast switch. Finally, the DSLAM
or multicast switch pushes multicast data of new channels to the STB.

Figure 8-7 iVSE solution

Middlewar
AAA server Policy server
e
IP/MPLS Core
NE40E
IP/MPLS Edge
soft switch
NE40E NE40E
VoIP
VoD server
gateway
Metro
Network PSTN
L3
DSLAM DSLAM
IAD IAD
After detecting packet loss according to received channel data, the STB sends the retransmission
request to the NE40E. Then, the NE40E searches the cached channel data for the packets to be
retransmitted and retransmits these packets to the STB.
The iVSE-capable NE40E can monitor video quality by calculating the quality data of video
from the source and then drawing a conclusion on video quality on the NE40E. The result
contains the quality of video flows on the NE40E.

Figure 8-8 iVSE solution

Access Ethernet Aggregation Edge Core Application
Distribution I n t e rn e t
node
BRAS Internet
DSLAM
CMTS Aggregafion
P/PE
Node
P/PE SoftX
VoD ES
Distribution P/PE
node
AccSwitch PE VoD CS
As the aggregation node and distribution node, the NE40E accesses the IPTV service and
forwards IPTV packets on Layer 3. In this scenario, after iVSE is applied to the aggregation
node and distribution node, fast switchover of videos, retransmission of lost video packets, and
monitoring of video quality can be provided.
l When the user switches channels, the STB sends a fast switchover request to the iVSE-
capable NE40E. Then, the NE40E fast pushes channel data to the STB and reports new
channels. The STB sends the IGMP adding request to the DSLAM or multicast switch.
Finally, the DSLAM or multicast switch pushes multicast data of new channels to the STB.
l After detecting packet loss according to received channel data, the STB sends the
retransmission request to the NE40E. Then, the NE40E searches the cached channel data
for the packets to be retransmitted and retransmits these packets to the STB.
l In addition, the iVSE-capable NE40E can monitor video quality by calculating the quality
data of program flows from the source and then drawing a conclusion on video quality on
the NE40E.
As the aggregation node and distribution node, the NE40E accesses the IPTV service and then
transparently transmits IPTV packets to the BRAS or integrated PEs through VPLS. In this
scenario, after monitoring of video quality is applied to the aggregation nodes and distribution
nodes separately, end-to-end monitoring of video quality can be provided.
l When monitoring of video quality is deployed on a distribution node, the IPTV flows are
monitored and calculated before they enter the VPLS tunnel. The calculated result shows
the quality of the IPTV flows on the distribution node.
l When monitoring of video quality is deployed on an aggregation node, the IPTV flows are
monitored and calculated after they leave the VPLS tunnel. The calculated result shows the
quality of the IPTV flows on the aggregation node.
l When monitoring of video quality is deployed on both distribution nodes and aggregation
nodes, you can deploy monitoring of video quality on the ingress and egress of VPLS
tunnels, that is, distribution nodes and aggregation nodes, to check video quality on each
segment. By checking video quality on each segment, you can locate the causes of poor
video quality.

Product Description 9 Operation and Maintenance
9 Operation and Maintenance
About This Chapter
9.1 System Configuration Modes

9.2 System Management and Maintenance
9.3 Device Running Status Monitoring
9.4 HGMP
9.5 System Service and Status Tracking
9.6 System Test and Diagnosis
9.7 NQA
9.8 In-Service Debugging
9.9 Upgrade Features
9.10 License
9.11 Other Operation and Maintenance Features

9.1 System Configuration Modes

The NE40E supports two configuration modes: command line configuration and NMS
configuration.
You can configure the NE40E by using command lines through the following:
l Console interface
l Auxiliary (AUX) port
l Telnet
As a command input interface, the console interface can send command lines to the control plane.
As a debugging interface, the console interface can receive debugging information from the
control plane and data plane, and deliver debugging commands and control commands.
The NMS configuration supports the configuration through the SNMP-based NMS.
9.2 System Management and Maintenance

The NE40E provides powerful system management and maintenance functions:
l Plug and play

l Board detection, hot swap detection, Watchdog, board resetting, RUN indicator and
debugging indicator control, fan and power supply control, master/slave switchover
control, and version query
l Local and remote loading and upgrade of software and data, and functions such as version
rollback, backup, saving, and clearing of version information
l Hierarchical user authority management, operation log management, command line online
help, and comments after the commands
l Supports inband and outband NMS interfaces.
l Three user authentication modes: local authentication, RADIUS authentication, and
HWTACACS authentication, which authenticate and authorize users through command
lines and SNMP.
l Plug and Play
l Multi-user operation
l Query on Layer 2 or Layer 3 interfaces
l Hierarchical management, alarm classification, and alarm filtering
l Support of the shutdown and undo shutdown commands on interfaces and optical modules
9.3 Device Running Status Monitoring

The running status of the NE40E can be monitored through the information center.
Syslog is a sub-function of the information center. Syslog is over UDP. It outputs log information
to the log host through port 514.
The information center receives and processes the following types of information:

l Log information
l Debugging information
l Trap information
Information is classified into eight severity levels. The lower the level, the higher the severity.
The following table shows the detailed information.
Lev Seve Description

el rity
0 Emer A fatal exception occurs on the device. The system is unable to function
gency properly and must be restarted. For example, the device is restarted due to
program exceptions or memory usage errors are detected.
1 Alert A serious exception occurs on the device, which requires immediate actions.
For example, the memory usage of the device reaches the upper threshold.
2 Critic A critical exception occurs on the device, which needs to be handled and
al analyzed. For example, the memory usage exceeds the alarm threshold; the
temperature exceeds the alarm threshold; and Bidirectional Forwarding
Detection (BFD) detects that a device is unreachable or detects error messages
generated by the local device.
3 Error Improper operation is performed or abnormal process occurs on the device,

which does not affect subsequent services but requires attention and cause
analysis. For example, users enter incorrect commands or passwords; error
protocol packets are received by other devices.
4 Warn An abnormality that may cause the device to malfunction occurs on the
ing device, which requires attention. For example, a routing process is disabled
by the user; BFD detects packet loss; and error protocol packets are detected.
5 Notic A key operation is performed to keep the device running normally. For
e example, the user runs the shutdown command on the interface, a neighbor
is discovered, and the protocol state machine changes status.
6 Infor A routine operation is performed. For example, the user runs a display
matio command.
nal
7 Debu A routine operation is performed, which requires no action.

gging
The information center supports 10 channels, of which channels 0 through 5 each have a default
channel name. By default, the six channels correspond to six directions in which information is
output. The log information on the CF card is output to log files through Channel 9 by default.
This means that a total of seven default output directions are supported.
When multiple log hosts are configured, you can configure log information to be output to
different log hosts through one channel or multiple channels. For example, you can configure
some log information to be output to a log host through Channel 2 (loghost), and some log
information to a log host through Channel 6. In addition, you can change the name of Channel
6 to implement the desired channel management.

The NE40E stores all alarms in a log file, and provides the CF card to store the log file. How
long the alarms can be stored depends on the number of the alarms. Generally, the alarms can
be stored for months.
9.4 HGMP
The NE40E supports the Huawei Group Management Protocol (HGMP). HGMP is a cluster
management protocol developed by Huawei.
HGMP is used to group Layer 2 devices that are connected to the NE40E into a unified
management domain, that is, a cluster. HGMP supports automatic collection of network
topologies and provides integrated maintenance and management channels. In this manner, a
cluster uses only one IP address for external communications, simplifying device management
and saving IP addresses.
9.5 System Service and Status Tracking

The NE40E provides the following functions for tracking system services and status:
l Monitors the change of the state machine of routing protocols.
l Monitors the change of the state machine of MPLS LDP.
l Monitors the change of the state machine of a VPN.
l Monitors the types of protocol packets sent by the forwarding engine to the control plane
and displays detailed information about packets by enabling debugging.
l Detects and collects the statistics on malformed packets.
l Supports HGMP.
l Displays a notification when the processing of abnormality starts.
l Collects the statistics on the resources used by each feature.
9.6 System Test and Diagnosis

The NE40E supports the debugging of running services, including online recording of key
events, packet processing, packet parsing, and status switching of services at specified time,
which serves as powerful support for device commissioning and networking. Debugging can be
enabled or disabled through the console interface for specific service (information about a
routing protocol) or specific interface (information about a routing protocol on a specific
interface).
The NE40E provides the system-based trace function to detect and diagnose running software,
online recording of important events such as task switchover and interruption, queue reading
and writing, and system abnormality. If the system is restarted after a fault occurs, the NE40E
can read trace information that functions as a reference for fault location. Trace can be enabled
and disabled through commands on the console interface.
In addition, the NE40E supports real-time query about CPU usage of the MPU and LPU.
Debugging and trace information provided by the NE40E is classified into different levels.
Sensitive information with different levels can be output to different destinations as configured.
For example, information can be output to the console interface, Syslog server, or SNMP agent
to trigger traps.

When voice services on the network deteriorate, or mosaics appear in some videos, the
NE40E may have sent or received incorrect packets or have lost packets. You can capture packets
to locate the problems. The packet capture function can be used to capture the packets sent to
the CPU, and the packets forwarded in the inbound or outbound direction. Compared with the
port mirroring function, the packet capture function is easier and faster to configure.
9.7 NQA
The NE40E supports Network Quality Analysis (NQA).NQA measures the performance of
different protocols running on the network. In that case, carriers can collect the operation index
of networks in real time, such as:
l Total delay of the HTTP
l Delay in TCP connection
l Delay in DNS resolution
l File transmission speed
l Delay in FTP connection
l DNS resolution error ratio Taking control of these indexes, carriers can provide network
services of different levels and charge differently. NQA is also an effective tool for
diagnosing and locating a network fault.
NQA supports the following functions:
l PWE3 tracert
l Multicast ping
l Multicast tracert
l CE-ping (ping the host from a VPLS PW)
l VPLS MAC ping and VPLS MAC trace
l VPLS MAC purge and VPLS MAC populate
l LSP ping, LSP tracerout, and MPLS jitter
l Verification of DNS functions through DISMAN-NSLOOKUP-MIB
l NMS management over all NQA functions through NQA-MIB
l Transmission of consecutive 3000 simulated voice packets in one test
l Minimum transmission intervals at 10 ms
9.8 In-Service Debugging

The NE40E provides port mirroring to map specific traffic to a certain monitoring interface. In
this case, in-service debugging can be performed for the advanced maintenance engineers to
debug and analyze the operation status of the network.

9.9 Upgrade Features

In-Service Upgrade
The NE40E supports in-service upgrade of software. At the same time, the NE40E provides
online patching for the system software. You can upgrade only the features that need to be
improved.
One-Command System Upgrade

The upgrade process of the NE40E is optimized. You can use one command to complete the
upgrading. Thus, you can save time. During the upgrading process, the progress is displayed.
After the upgrading is complete, you can view the results.
Software Version Rollback

During the upgrading process, if the system fails to start by using the new system software, the
system software in the last successful startup is adopted.
The rollback function provided by the NE40E prevents the services from being affected by the
failure in system upgrade.
9.10 License
With the variation of the NE40E software functions and higher ratio of software cost occupying
the overall cost, the current service mode cannot satisfy the development requirements of
customers and carriers.
l Common users need to reduce the purchase cost.

l Upgrade and expansion users need to effectively control the capacity and functions.
To satisfy the requirements of different users, the NE40E needs to implement the flexible
authorization to service modules.
For the authorization control of service modules, the NE40E provides the License authorization
management platform through the Global Trotter License (GTL). Through the License
authorization mode:
l Common users can purchase service modules as required and reduce the purchase cost.
l Upgrade and expansion users can expand the capacity, and support and maintain the
functions by applying for a new License.
9.11 Other Operation and Maintenance Features

The NE40E supports the following configuration features in addition to the preceding features:
l Provides hierarchical commands to prevent unauthorized users from logging in to a device.

l Users can type in a question mark "?" to obtain online help.
l Provides detailed debugging information to diagnose network faults.

l Provides DosKey-like functions to run a history command.

l Provides command line descriptors for partial match of keywords not conflicting with
keywords of other command lines. For example, you can enter "disp" for the display
command.

Product Description 10 NMS
10 NMS
SNMP
The NE40E supports device operation and management by the network management station
through SNMP.
The NE40E supports SNMPv1, SNMPv2c, and SNMPv3.
l SNMPv1
SNMPv1 supports community name-based and MIB view-based access control.
l SNMPv2c
SNMPv2c supports community name-based and MIB view-based access control.
l SNMPv3
SNMPv3 inherits the basic functions of SNMPv2c, defines a management frame, and
introduces a User-based Security Model (USM) to provide a more secure access control
mechanism for users.
SNMPv3 supports user groups, user group-based access control, user-based access control,
and authentication and encryption mechanisms.
NMS
The NE40E adopts Huawei iManager U2000 network management system. It supports
SNMPv1/v2c/v3 and the client/server architecture. The network management system can run
independently on many operation systems, such as Windows NT/2000/XP, UNIX (Sun, HP, and
IBM). The NE40E also provides a multi-lingual graphical user interface.
LLDP
The Link Layer Discovery Protocol (LLDP) is a Layer 2 protocol defined in IEEE 802.1ab.
LLDP specifies that the status information is stored on all interfaces and the device can send its
status to the neighbor stations. The interfaces can also send information about changes in the
status to the neighbor stations as required. The neighbor stations then store the received
information in the standard SNMP MIB. The NMS can search for Layer 2 information in the
MIB. As specified in the IEEE 802.1ab standard, the NMS can also discover unreasonable Layer
2 configurations based on information provided by LLDP.
When LLDP runs on the devices, the NMS can obtain Layer 2 information about all the devices
to which it connects and detailed network topology information. This is helpful to the rapid

Product Description 10 NMS
expansion of the network and acquirement of detailed network topologies and changes. LLDP
also helps discover unreasonable configurations on networks and reports the configurations to
the NMS. This removes incorrect configurations in time.

Product Description A Acronyms and Abbreviations
A Acronyms and Abbreviations
A
AAA Authentication, Authorization and Accounting
AAL5 ATM Adaptation Layer 5
AC Access Controller
ACL Access Control List
AF Assured Forwarding
ANSI American National Standard Institute
AP Access Point
ARP Address Resolution Protocol
ASBR Autonomous System Boundary Router
ASIC Application Specific Integrated Circuit
ATM Asynchronous Transfer Mode
AUX Auxiliary (port)
B
BE Best-Effort
BGP Border Gateway Protocol
BGP4 BGP Version 4
C
CAR Committed Access Rate
CBR Constant Bit Rate
CE Customer Edge

CHAP Challenge Handshake Authentication Protocol

CoS Class of Service
CPU Center Processing Unit
CR-LDP Constrained Route - Label Distribution Protocol
D
DAA Destination Address Accounting
DC Direct Current
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
DS Differentiated Services
E
EACL Enhanced Access Control List
EF Expedited Forwarding
EMC EElectroMagnetic Compatibility
F
FCC Fast Channel Change
FE Fast Ethernet
FEC Forwarding Equivalence Class
FIB Forward Information Base
FIFO First In First Out
FR Frame Relay
FTP File Transfer Protocol
G
GE Gigabit Ethernet
GRE Generic Routing Encapsulation
GTS Generic Traffic Shaping

HA High availablity
HDLC High level Data Link Control
HTTP Hyper Text Transport Protocol
I
iVSE Integrated Value-added Service Engine
ICMP Internet Control Message Protocol
IDC Internet Data Center
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IPoA IP Over ATM
IPTN IP Telephony Network
IPTV Internet Protocol Television
IPv4 IP version 4
IPv6 IP version 6
IPX Internet Packet Exchange
IS-IS Intermedia System-Intermedia System;
ISP Interim inter-switch Signaling Protocol
ITU International Telecommunication Union - Telecommunication
Standardization Sector
L
LAN Local Area Network
LCD Liquid Crystal Display
LCP Link Control Protocol
LDP Label Distribution Protocol
LER Label switching Edge Router
LPU Line Processing Unit
LSP Label Switched Path
LSR Label Switch Router

M
MAC Media Access Control
MBGP Multiprotocol Border Gateway Protocol
MD5 Message Digest 5
MIB Management Information Base
MP Multilink PPP
MPLS Multi-protocol Label Switch;
MSDP Multicast Source Discovery Protocol
MSTP Multiple Spanning Tree Protocol
MTBF Mean Time Between Failures
MTTR Mean Time To Repair
MTU Maximum Transmission Unit
N
NAT Network Address Translation
NLS Network Layer Signaling
NP Network Processor
NTP Network Time Protocol
NVRAM Non-Volatile Random Access Memory
O
OSPF Open Shortest Path First
P
PAP Password Authentication Protocol
PE Provider Edge
PFE Packet Forwarding Engine
PIC Parallel Interference Cancellation
PIM-DM Protocol Independent Multicast-Dense Mode
PIM-SM Protocol Independent Multicast-Sparse Mode
POP Point Of Presence

POS Packet Over SDH/SONET

PPP Point-to-Point Protocol
PQ Priority Queue
PT Protocol Transfer
PVC Permanent Virtual Channel
Q
QoE Quality of Experience
QoS Quality of Service
R
RADIUS Remote Authentication Dial in User Service
RAM Random-Access Memory
RED Random Early Detection
RFC Requirement for Comments
RH Relative Humidity
RIP Routing Information Protocol
RMON Remote Monitoring
ROM Read Only Memory
RP Rendezvous Point
RPR Resilient Packet Ring
RSVP Resource Reservation Protocol
RSVP-TE RSVP-Traffic Engineering
S
SAP Service Advertising Protocol
SCSR Self-Contained Standing Routing
SDH Synchronous Digital Hierarchy
SDRAM Synchronous Dynamic Random Access Memory
SFU Switch Fabric Unit
SLA Service Level Agreement
SNAP SubNet Attachment Point

SNMP Simple Network Management Protocol

SONET Synchronous Optical Network
SP Strict Priority
SPI4 SDH Physical Interface
SSH Secure Shell
STM-16 SDH Transport Module -16
SVC Switching Virtual Connection
T
TCP Transfer Control Protocol
TE Traffic Engineering
TFTP Trivial File Transfer Protocol
TM Traffic Manager
ToS Type of Service
TP Topology and Protection packet
U
UBR Unspecified Bit Rate
UDP User Datagram Protocol
UNI User Network Interface
UTP Unshielded Twisted Pair
V
VBR-NRT Non-Real Time Variable Bit Rate
VBR-RT Real Time Variable Bit Rate
VC Virtual Circuit
VCI Virtual Channel Identifier
VDC Variable Dispersion Compensator
VLAN Virtual Local Area Network
VLL Virtual Leased Line
VPI Virtual Path Identifier
VPLS Virtual Private LAN Service

VPN Virtual Private Network

VRP Versatile Routing Platform
VRRP Virtual Router Redundancy Protocol
W
WAN Wide Area Network
WFQ Weighted Fair Queuing
WRED Weighted Random Early Detection
WRR Weighted Round Robin


NE40E Product Description (V600R003C00 - 02) PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NE40E Product Description (V600R003C00 - 02) PDF

Uploaded by

Copyright:

Available Formats

HUAWEI NetEngine40E Universal Service Router

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 02 (2011-08-12) Huawei Proprietary and Confidential i

About This Document

Product Name Version

HUAWEI NetEngine40E V600R003C00

l Network planning engineers

Issue 02 (2011-08-12) Huawei Proprietary and Confidential ii

Indicates a hazard with a high level of risk, which if not

Indicates a hazard with a medium or low level of risk, which

Indicates a potentially hazardous situation, which if not

NOTE Provides additional information to emphasize or supplement

Changes in Issue 02 (2011-08-12)

Changes in Issue 01 (2011-05-30)

Issue 02 (2011-08-12) Huawei Proprietary and Confidential iii

About This Document.....................................................................................................................ii

Issue 02 (2011-08-12) Huawei Proprietary and Confidential iv

7.1.5 RRPP Link Features................................................................................................................................30

9 Operation and Maintenance......................................................................................................76

Issue 02 (2011-08-12) Huawei Proprietary and Confidential v

Issue 02 (2011-08-12) Huawei Proprietary and Confidential vi

1 New Features of V600R003C00

New Hardware or Features Where to Place

LPUF-40 and Its FPICs: 5.1 FPIC

Issue 02 (2011-08-12) Huawei Proprietary and Confidential 1

New Hardware or Features Where to Place

l 8-port 10GBase LAN/WAN-XFP 5.3 LPUI-41

l 10-port 10GBase LAN/WAN-XFP 5.4 LPUI-100

l 8-Port 10GBase LAN/WAN-XFP Line 5.5 LPUS-41

Integrated Versatile Service Unit 20 A 5.6 SPU

IPSEC 7.2.6 IPSEC

IP RAN 7.12 IP RAN Features

NSR 7.13 Network Reliability

Issue 02 (2011-08-12) Huawei Proprietary and Confidential 2

About This Chapter

2.1 Product Positioning

Issue 02 (2011-08-12) Huawei Proprietary and Confidential 3

2.1 Product Positioning

NE40E-X16 NE40E-X8 NE40E-X3(DC)

Issue 02 (2011-08-12) Huawei Proprietary and Confidential 4

About This Chapter

3.1 Physical Architecture

Issue 02 (2011-08-12) Huawei Proprietary and Confidential 5

3.1 Physical Architecture

l Power distribution system

The following describes only the functional host system.

Figure 3-1 Functional host system

(1) System MPU

3.2 Logical Architecture

Issue 02 (2011-08-12) Huawei Proprietary and Confidential 6

Figure 3-2 Logical architecture

3.3 Software Architecture

Issue 02 (2011-08-12) Huawei Proprietary and Confidential 7

Figure 3-3 Software architecture

LPU LPU LPU PIC

Issue 02 (2011-08-12) Huawei Proprietary and Confidential 8

3.4 Data Forwarding Process

Processing on the incoming Processing on the outgoing

PFE IPv4 unicast Searching the Packet

Packet fragmentation Packet reassembly

Micro cell Micro cell