Académique Documents
Professionnel Documents
Culture Documents
V800R006C02
Feature Description
Issue 03
Date 2010-01-28
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Purpose
This document describes the key features (including VDSL2, SHDSL, PPPoA, IPoA, VLAN,
ACL, QoS, and security features) of the SmartAX MA5606T (hereinafter referred to as the
MA5606T) in detail from the following aspects:
l Definition
l Purpose
l Specification
l Availability
l Principle
l Reference
This document also provides the glossary, acronyms and abbreviations, as well as references
concerning these features of the MA5606T.
After reading this document, you can learn about the definitions and purposes of the various
features of the MA5606T, and also the support of these features by the MA5606T and the
references on these features. In this way, you can know the feature list of the MA5606T and
understand the implementation of these features on the MA5606T.
Related Versions
The following table lists the product versions related to this document.
MA5606T V800R006C02
Intended Audience
The intended audience of this document is:
Organization
This document consists of the following parts and is organized as follows.
Topic… Describes…
6 PPPoA Access PPPoA access is an access mode in which users can transmit
PPPoA packets to the PPPoE server based on Ethernet.
8 P2P FE Optical Access Point-to-point (P2P) Ethernet optical access refers to the
P2P FTTH access provided by the P2P Ethernet optical
access board and the ONT, which meets the requirements
for the application of the next generation access device
under the integration of video, voice, and data services.
Topic… Describes…
11 DNS Client The DNS client feature enables the user who logs in to the
local device to communicate with other devices by using the
domain name.
13 ACL The access control list (ACL) is used to filter the specific
data packets based on a series of matching rules contained
in the ACL.
Topic… Describes…
26 Overload Control Overload occurs when the usage of the CPU and DSP
resources increases and reaches a certain threshold in the
case that a large number of AG calls occur concurrently. In
this case, calls cannot be processed normally. Overload
control refers to the control over calls, which ensures that
the calls from guaranteed subscribers and emergency call
subscriber are processed in time, improving the system
stability and usability.
A Acronyms and The acronyms and abbreviations related to all the features
Abbreviations of the MA5606T
Conventions
Symbol Conventions
The following symbols may be found in this document. They are defined as follows
Symbol Description
Symbol Description
General Conventions
Convention Description
Command Conventions
Convention Description
GUI Conventions
Convention Description
Convention Description
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl
+Alt+A means the three keys should be pressed
concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.
Mouse Operation
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Issue 03 (2010-01-28)
Based on issue 02 (2009-08-13), certain contents are optimized.
Issue 02 (2009-08-13)
Compared with Issue 01 (2009-06-25), this issue has the following new contents:
Issue 01 (2009-06-25)
This is the first release of the MA5606T V800R006C02.
Contents
2 VDSL2 Access.............................................................................................................................2-1
2.1 Introduction.....................................................................................................................................................2-2
2.2 Principle.......................................................................................................................................................... 2-3
2.3 Reference.........................................................................................................................................................2-5
3 ADSL2+ Access...........................................................................................................................3-1
3.1 Introduction.....................................................................................................................................................3-2
3.2 Principle.......................................................................................................................................................... 3-4
3.3 Reference.........................................................................................................................................................3-7
4 SHDSL..........................................................................................................................................4-1
4.1 ATM SHDSL Access......................................................................................................................................4-2
4.1.1 Introduction............................................................................................................................................4-2
4.1.2 Principle................................................................................................................................................. 4-3
4.1.3 Reference................................................................................................................................................4-5
4.2 EFM SHDSL Access.......................................................................................................................................4-5
4.2.1 Introduction............................................................................................................................................4-6
4.2.2 Principle................................................................................................................................................. 4-7
4.2.3 Reference................................................................................................................................................4-9
5 DLM/DSM...................................................................................................................................5-1
5.1 Introduction.....................................................................................................................................................5-2
5.2 Principle.......................................................................................................................................................... 5-4
5.3 Reference.........................................................................................................................................................5-5
6 PPPoA Access..............................................................................................................................6-1
6.1 Introduction.....................................................................................................................................................6-2
6.2 Principle.......................................................................................................................................................... 6-2
6.3 Reference.........................................................................................................................................................6-3
7 IPoA Access.................................................................................................................................7-1
7.1 Introduction.....................................................................................................................................................7-2
7.2 Principle..........................................................................................................................................................7-2
7.3 Reference.........................................................................................................................................................7-3
9 VLAN............................................................................................................................................9-1
9.1 Standard VLAN...............................................................................................................................................9-2
9.1.1 Introduction............................................................................................................................................9-2
9.1.2 Principle.................................................................................................................................................9-3
9.1.3 Reference................................................................................................................................................9-4
9.2 Smart VLAN...................................................................................................................................................9-4
9.2.1 Introduction............................................................................................................................................9-4
9.2.2 Principle.................................................................................................................................................9-5
9.2.3 Reference................................................................................................................................................9-5
9.3 MUX VLAN...................................................................................................................................................9-5
9.3.1 Introduction............................................................................................................................................9-6
9.3.2 Principle.................................................................................................................................................9-7
9.3.3 Reference................................................................................................................................................9-7
9.4 QinQ VLAN....................................................................................................................................................9-7
9.4.1 Introduction............................................................................................................................................9-7
9.4.2 Principle.................................................................................................................................................9-8
9.4.3 Reference................................................................................................................................................9-9
9.5 VLAN Stacking.............................................................................................................................................9-10
9.5.1 Introduction..........................................................................................................................................9-10
9.5.2 Principle...............................................................................................................................................9-11
9.5.3 Reference..............................................................................................................................................9-12
10 HWTACACS........................................................................................................................... 10-1
10.1 Introduction.................................................................................................................................................10-2
10.2 Principle......................................................................................................................................................10-3
10.3 Reference.....................................................................................................................................................10-4
13 ACL........................................................................................................................................... 13-1
13.1 Introduction.................................................................................................................................................13-2
13.2 Principle......................................................................................................................................................13-3
14 QoS............................................................................................................................................14-1
14.1 QoS Overview.............................................................................................................................................14-3
14.1.1 Introduction........................................................................................................................................14-3
14.1.2 Principle.............................................................................................................................................14-4
14.2 PQ................................................................................................................................................................14-4
14.2.1 Introduction........................................................................................................................................14-5
14.2.2 Principle.............................................................................................................................................14-5
14.3 WRR............................................................................................................................................................14-6
14.3.1 Introduction........................................................................................................................................14-6
14.3.2 Principle.............................................................................................................................................14-6
14.4 CoS Priority Re-marking.............................................................................................................................14-7
14.4.1 Introduction........................................................................................................................................14-7
14.4.2 Principle.............................................................................................................................................14-7
14.5 Flexible Mapping Between CoS Priorities and Scheduling Queues...........................................................14-8
14.5.1 Introduction........................................................................................................................................14-8
14.5.2 Principle.............................................................................................................................................14-8
14.6 trTCM..........................................................................................................................................................14-9
14.6.1 Introduction........................................................................................................................................14-9
14.6.2 Principle...........................................................................................................................................14-10
14.7 Rate Limitation Based on Port and CoS....................................................................................................14-11
14.7.1 Introduction......................................................................................................................................14-12
14.7.2 Principle...........................................................................................................................................14-12
15 ANCP........................................................................................................................................15-1
15.1 Introduction.................................................................................................................................................15-2
15.2 Principle......................................................................................................................................................15-2
15.3 Reference.....................................................................................................................................................15-5
16 MSTP........................................................................................................................................16-1
16.1 Introduction.................................................................................................................................................16-2
16.2 Principle......................................................................................................................................................16-3
16.3 Reference.....................................................................................................................................................16-7
17 Multicast..................................................................................................................................17-1
17.1 Overview.....................................................................................................................................................17-2
17.1.1 Introduction........................................................................................................................................17-2
17.1.2 Principle.............................................................................................................................................17-3
17.1.3 Reference............................................................................................................................................17-4
17.2 IGMP Snooping...........................................................................................................................................17-5
17.2.1 Introduction........................................................................................................................................17-5
17.2.2 Principle.............................................................................................................................................17-6
17.3 IGMP Proxy................................................................................................................................................17-6
17.3.1 Introduction........................................................................................................................................17-6
17.3.2 Principle............................................................................................................................................. 17-7
17.4 Multicast VLAN Management....................................................................................................................17-8
17.4.1 Introduction........................................................................................................................................17-8
17.4.2 Principle............................................................................................................................................. 17-9
17.5 Program Management...............................................................................................................................17-10
17.5.1 Introduction......................................................................................................................................17-10
17.5.2 Principle...........................................................................................................................................17-11
17.6 User Management.....................................................................................................................................17-11
17.6.1 Introduction......................................................................................................................................17-11
17.6.2 Principle...........................................................................................................................................17-12
18 Triple Play...............................................................................................................................18-1
18.1 Features of Triply Play................................................................................................................................18-2
18.1.1 Introduction........................................................................................................................................18-2
18.1.2 Principle............................................................................................................................................. 18-2
18.1.3 Reference............................................................................................................................................18-3
18.2 Single-PVC for Multiple Services...............................................................................................................18-3
18.2.1 Introduction........................................................................................................................................18-4
18.2.2 Principle............................................................................................................................................. 18-4
18.3 Multi-PVC for Multiple Services................................................................................................................18-6
18.3.1 Introduction........................................................................................................................................18-7
18.3.2 Principle............................................................................................................................................. 18-7
20 System Security......................................................................................................................20-1
20.1 Introduction to System Security..................................................................................................................20-2
20.1.1 Introduction........................................................................................................................................20-2
20.1.2 Principle............................................................................................................................................. 20-3
20.2 Anti-DoS Attack..........................................................................................................................................20-4
20.2.1 Introduction........................................................................................................................................20-4
20.2.2 Principle............................................................................................................................................. 20-5
20.3 MAC Address Filtering...............................................................................................................................20-5
20.3.1 Introduction........................................................................................................................................20-6
20.3.2 Principle............................................................................................................................................. 20-6
20.4 Firewall Black List......................................................................................................................................20-7
20.4.1 Introduction........................................................................................................................................20-7
20.4.2 Principle............................................................................................................................................. 20-7
20.5 Firewall........................................................................................................................................................20-8
20.5.1 Introduction........................................................................................................................................20-8
21 User Security...........................................................................................................................21-1
21.1 PITP.............................................................................................................................................................21-3
21.1.1 Introduction........................................................................................................................................21-3
21.1.2 Principle.............................................................................................................................................21-4
21.1.3 Reference..........................................................................................................................................21-11
21.2 DHCP option82.........................................................................................................................................21-11
21.2.1 Introduction......................................................................................................................................21-11
21.2.2 Principle...........................................................................................................................................21-12
21.2.3 Reference..........................................................................................................................................21-14
21.3 DHCP Sub-Option90.................................................................................................................................21-14
21.3.1 Introduction......................................................................................................................................21-14
21.3.2 Principles..........................................................................................................................................21-15
21.3.3 Reference..........................................................................................................................................21-16
21.4 RAIO.........................................................................................................................................................21-17
21.4.1 Introduction......................................................................................................................................21-17
21.4.2 Principle...........................................................................................................................................21-18
21.4.3 Reference..........................................................................................................................................21-24
21.5 IP Address Binding...................................................................................................................................21-24
21.5.1 Introduction......................................................................................................................................21-25
21.5.2 Principle...........................................................................................................................................21-25
21.6 MAC Address Binding..............................................................................................................................21-25
21.6.1 Introduction......................................................................................................................................21-26
21.6.2 Principle...........................................................................................................................................21-26
21.7 VMAC.......................................................................................................................................................21-27
21.7.1 Introduction......................................................................................................................................21-27
21.7.2 Principle...........................................................................................................................................21-28
21.8 SMAC........................................................................................................................................................21-30
21.8.1 Introduction......................................................................................................................................21-30
21.8.2 Principles..........................................................................................................................................21-31
21.8.3 Reference..........................................................................................................................................21-33
21.9 Anti-MAC Spoofing..................................................................................................................................21-33
21.9.1 Introduction......................................................................................................................................21-33
21.9.2 Principle...........................................................................................................................................21-34
21.10 Anti-IP Spoofing.....................................................................................................................................21-35
21.10.1 Introduction....................................................................................................................................21-35
21.10.2 Principle.........................................................................................................................................21-36
23 Ethernet OAM.........................................................................................................................23-1
23.1 Ethernet CFM OAM....................................................................................................................................23-2
23.1.1 Introduction........................................................................................................................................23-2
23.1.2 Principle............................................................................................................................................. 23-3
23.1.3 Reference............................................................................................................................................23-5
23.2 Ethernet EFM OAM....................................................................................................................................23-5
23.2.1 Introduction........................................................................................................................................23-6
23.2.2 Principle............................................................................................................................................. 23-6
23.2.3 Reference............................................................................................................................................23-8
24 VoIP..........................................................................................................................................24-1
24.1 Basic Features of VoIP................................................................................................................................24-2
24.1.1 Introduction........................................................................................................................................24-2
24.1.2 Reference............................................................................................................................................24-3
24.2 VoIP (H.248)...............................................................................................................................................24-3
24.2.1 Introduction........................................................................................................................................24-4
24.2.2 Principle............................................................................................................................................. 24-4
24.3 VoIP (MGCP)............................................................................................................................................. 24-5
24.3.1 Introduction........................................................................................................................................24-6
24.3.2 Principle............................................................................................................................................. 24-6
24.4 VoIP (SIP)...................................................................................................................................................24-7
24.4.1 Introduction........................................................................................................................................24-8
24.4.2 Principle............................................................................................................................................. 24-8
25 ISDN.........................................................................................................................................25-1
25.1 ISDN Feature Description...........................................................................................................................25-2
25.1.1 Introduction........................................................................................................................................25-2
25.1.2 Principle............................................................................................................................................. 25-3
25.1.3 Reference............................................................................................................................................25-7
25.2 Basic Rate Adaptation (BRA).....................................................................................................................25-7
25.2.1 Introduction........................................................................................................................................25-7
25.2.2 Principle............................................................................................................................................. 25-8
25.3 Primary Rate Adaptation (PRA)................................................................................................................. 25-9
25.3.1 Introduction......................................................................................................................................25-10
25.3.2 Principle...........................................................................................................................................25-10
26 Overload Control....................................................................................................................26-1
26.1 MG Overload Control................................................................................................................................. 26-2
26.1.1 Introduction........................................................................................................................................26-2
26.1.2 Principles............................................................................................................................................26-3
26.1.3 Reference............................................................................................................................................26-9
26.2 Upstream Bandwidth Overload Control......................................................................................................26-9
26.2.1 Introduction......................................................................................................................................26-10
26.2.2 Principles..........................................................................................................................................26-10
Figures
Tables
GPON upstream transmission means transmission of data through the GPON interface which is
the upstream interface.
1.1 Introduction
This topic describes the definition, purpose, specification, and availability of GPON upstream
transmission.
1.2 Principle
This topic describes the implementation principles of GPON upstream transmission.
1.3 Reference
This topic describes the reference documents of GPON upstream transmission.
1.1 Introduction
This topic describes the definition, purpose, specification, and availability of GPON upstream
transmission.
Definition
As a box-type mini DSLAM, the MA5606T is used to provide digital subscriber line (DSL)
broadband access to a small number of subscribers. To adapt to various networking modes, the
MA5606T provides gigabit-capable passive optical network (GPON) upstream ports. In this
way, the MA5606T, together with the optical line terminal (OLT), plays an important role in a
GPON network.
Purpose
The MA5606T supports GPON upstream ports. As a multi-dwelling unit (MDU), the MA5606T
takes full advantage of the wide coverage, flexible networking, and low maintenance cost of the
GPON network. The MA5606T, together with the OLT, provides high-bandwidth broadband
access for subscribers. Moreover, the MA5606T increases the number of subscribers of the OLT.
Specification
The MA5606T supports the following GPON upstream transmission specifications:
l CoS-based transmission container (T-CONT) queue mapping and scheduling
l Support of a GPON upstream port with a downstream rate of 2.488 Gbit/s and an upstream
rate of 1.244 Gbit/s.
l Support of eight T-CONTs with up to 32 GEM ports.
l Support of service configuration and management by the OLT to the MA5606T through
the OMCI.
Availability
l Hardware support
The GP1A board supports GPON upstream transmission.
l License support
The feature of GPON upstream transmission is a basic feature of the MA5606T. Therefore,
the corresponding service is provided without a license.
1.2 Principle
This topic describes the implementation principles of GPON upstream transmission.
The GPON upstream port of the MA5606T sends the Serial_Number_ONT PLOAM messages
to the OLT for registration. The OLT determines whether to register it according to the internal
serial number database.
After the MA5606T registers with the OLT successfully, the OLT allocates T-CONTs to the
MA5606T. The index of a T-CONT is an allocation ID (Alloc-ID) which ranges from 0 to 4095.
The MA5606T supports up to eight T-CONTs. The OLT allocates bandwidth and sets bandwidth
parameters for these T-CONTs.
The upstream data packets from the switching fabric are mapped to the specified GEM port
through the classifier, and then mapped to the T-CONT.
The rule for the classifier is VLAN plus 802.1p priority.
You can configure the mapping actions of various traffic through the CLI or the element
management system (EMS).
1.3 Reference
This topic describes the reference documents of GPON upstream transmission.
The following lists the reference documents of GPON upstream transmission:
l ITU-T G.984.2, Gigabit-capable Passive Optical Networks (GPON): Physical Media
Dependent (PMD) Layer Specification
l ITU-T G.984.3, Gigabit-capable Passive Optical Networks (GPON): Transmission
Convergence Layer Specification
2 VDSL2 Access
VDSL2 supports a high bandwidth (symmetric rates of up to 100 Mbit/s). It addresses the
requirement for short distance and high rate of the next generation FTTx access scenarios.
2.1 Introduction
This topic describes the definition, purpose, specification, and availability of VDSL2 access.
2.2 Principle
This topic describes the implementation principles of VDSL2 access.
2.3 Reference
This topic describes the reference documents of VDSL2 access.
2.1 Introduction
This topic describes the definition, purpose, specification, and availability of VDSL2 access.
Definition
Very High Speed Digital Subscriber Line (VDSL) is a transmission technology that is used to
provide high-speed private line access over the twisted pair in the asymmetric or symmetric
mode.
Purpose
VDSL2 supports a high bandwidth (symmetric rates of up to 100 Mbit/s). VDSL2 provides
multiple spectrum profiles and encapsulation modes. It meets the requirement for short distance
and high rate of the next generation FTTx access scenarios.
Specifications
Availability
l Hardware support
– The VDSA (VDSL2 over POTS) board supports 8b and 17a, and is compatible with 8a,
8c, 8d, 12a and 12b spectrum profiles.
– The 24-channel VDRD board supports 30a spectrum profile.
– The VDTF (VDSL2 over ISDN) board supports 8a, 8b, 8c, 8d, 12a, 12b, and 17a
spectrum profiles.
– The VDMF (VDSL2 over POTS) board supports 8a, 8b, 8c, 8d, 12a, 12b, and 17a
spectrum profiles.
– The VDNF (VDSL2 over ISDN) board supports 8b and 17a spectrum profiles.
– The modem must support the VDSL2 protocol.
l License support
The number of VDSL2 ports supported by the MA5606T is under license. Therefore, the
license is required for accessing the corresponding service.
2.2 Principle
This topic describes the implementation principles of VDSL2 access.
VDSL2 Compatibility
The International Telecommunications Union (ITU) specifies that VDSL2 must use the discrete
multi-tone (DMT) modulation method. VDSL2 is compatible with ADSL and ADSL2+.
Because VDSL is not widely applied, VDSL2 is not compatible with VDSL.
The system architecture of VDSL2 is similar to that of ADSL. VDSL2 supports three
independent application models:
gO a b gR
NTR-TC
NTR-TC
IO U IR
8-kHz 8-kHz
NTR NTR
MPS-TC
MPS-TC
MPS -
VME
OAM
VME
OAM
VME
interface interface
PMS - TC
PMS - TC
User application interfaces
TPS- #0
PMD
PMD
PMD
TPS-TC #1 TPS-TC
TPS-TC #1 TPS-TC
I/F I/F
I/F I/F
Unspecified Main body and Main body Main body and Unspecified
Annexes Annexes
The VDSL2 board of the MA5606T provides these function modules as specified by G993.2.
In addition, the MA5606T provides a VDSL2 management module in compliance with G997.1
and TR090, thus supporting line management based on the line, channel and spectrum profile
to address different requirements.
2.3 Reference
This topic describes the reference documents of VDSL2 access.
The following lists the reference documents of VDSL2 access:
l ITU-T G.993.1: Very high speed digital subscriber line transceivers
l ITU-T G.993.2: Very high speed digital subscriber line 2
3 ADSL2+ Access
3.1 Introduction
This topic describes the definition, purpose, specification, glossary, and also acronyms and
abbreviations related to ADSL2+ access.
3.2 Principle
This topic describes the operating principles of ADSL2+ access.
3.3 Reference
This topic describes the reference documents of ADSL2+ access.
3.1 Introduction
This topic describes the definition, purpose, specification, glossary, and also acronyms and
abbreviations related to ADSL2+ access.
Definition
Asymmetrical digital subscriber loop (ADSL) is an asymmetric transmission technology that is
used to transmit data at high speed over the twisted pair.
ADSL2+ is an extension of ADSL. The upstream rate of ADSL2+ reaches 2.5 Mbit/s, and the
downstream rate reaches 24 Mbit/s. The maximum reach of ADSL2+ is 6.5 km.
Purpose
The ADSL technology adopts asymmetric transmission to provide high-speed dada access
service.
Specification
The MA5606T supports the following specifications:
Availability
l Hardware Support
– The ADIF/ADLF, ADPD/ADQD boards support this feature.
– The modem must support the ADSL/ADSL2+ protocols.
l License Support
The number of ADSL2+ ports supported by the MA5606T is under license. Therefore, the
license is required for accessing the corresponding service.
Glossary
Table 3-1lists the glossary of technical terms related to ADSL2+ access.
Glossary Definition
CO Central Office
3.2 Principle
This topic describes the operating principles of ADSL2+ access.
l TPS-TC
– TPS-TC is related to specific application. It performs the mapping of the user interface
data and the control signals to and from the TPS-TC synchronization data interface.
– TPS-TC sends and receives control signals through the payload channel of the PMS-
TC layer.
– The MPS-TC function module provides a procedure for ADSL transceiver unit (ATU)
management. The MPS-TC function module communicates with the higher level
function entity of the management plane. The management messages are exchanged
between the MPS-TC function entities of the ATU through the ADSL payload channel.
l PMS-TC
– PMS-TC multiplexes of the ADSL payload and the TPS-TC data traffic.
– The basic functions are: framing, frame synchronization, scrambling/descrambling,
forward error correction (FEC), and error check.
– It provides a payload channel for delivering control messages of the TPS-TC, PMS-TC
and PMD layers in addition to the messages from the management interface.
l PMD
– The basic functions are: regular element generation and recovery, coding/decoding,
modulation/demodulation, echo cancellation, line equalization, and link start.
– The PMD layer also sends and receives control messages through the payload channel
of the PMS-TC
ADSL Principles
ADSL provides a total bandwidth of 1.104 MHz. By using DMT, ADSL splits the bandwidth
into 256 tones (0-255). Since ADSL over POTS is different from ADSL over ISDN, the division
of the 256 tones is different.
Figure 3-2 shows the tones and bandwidth for ADSL over POTS.
0 6 32 255
l The 0-5 are reserved to transmit the 4 kHz analog voice signals.
l The 6-31 are used to transmit uplink data over the bandwidth of 26-138 kHz.
l The 32-255 are used to transmit downlink data over the bandwidth of 138-1104 kHz.
Figure 3-3 shows the tones and bandwidth for ADSL over ISDN.
0 32 64 255
l Tones 0-31 are reserved to transmit the 120 kHz ISDN signals.
l Tones 32-63 are used to transmit uplink data over the bandwidth of 138-276 kHz.
l Tones 64-255 are used to transmit downstream data over the bandwidth of 276-1104 kHz.
NOTE
Each ADSL tone can transmit datagram of 1-15 bits. The actual capacity of each tone depends
on the real-time transmission performance such as the attenuation, delay and noise.
ADSL2+ Principles
ADSL2+ extends the bandwidth of ADSL to 2.208 MHz and uses DMT to split the bandwidth
into 512 tones (0-511). Figure 3-4 shows the tones and bandwidth of ADSL2+.
When the data transmission mode is Annes A, Annex B, or Annex L, the tones are allocated as
follows:
l Tones 0-5 are reserved to transmit the 4 kHz analog voice signals.
l – Annex A/Annex L: Sub-carriers 6-31 are used to transmit the upstream data at the
frequency of 26-138 kHz.
– Annex B: Sub-carriers 6-31 are used to transmit the upstream data at the frequency of
120-276 kHz.
l Tones 32-511 are used to transmit downstream data over the bandwidth of 138-2208 kHz.
When the data transmission mode is Annes M, the tones are allocated as follows:
l Tones 0-5 are reserved to transmit the 4 kHz analog voice signals.
l Sub-carriers 6-63 are used to transmit the upstream data at the frequency of 26 kHz-f1,
where f1 ranges from 138 kHZ through 276 kHZ.
l Tones 64-511 are used to transmit downstream data over the bandwidth of 256-2208 kHz.
3.3 Reference
This topic describes the reference documents of ADSL2+ access.
The following lists the reference documents of ADSL2+ access;
l G992.1 Asymmetric digital subscriber line (ADSL) transceivers
l G992.3 Asymmetric digital subscriber line transceivers 2 (ADSL2)
l G992.5 Asymmetric Digital Subscriber Line (ADSL) transceivers - Extended bandwidth
ADSL2 (ADSL2plus)
4 SHDSL
SHDSL is an xDSL access technology, just like ADSL and VDSL. SHDSL provides the
symmetric upstream and downstream rates.
4.1.1 Introduction
This topic describes the definition, purpose, specification, limitation, glossary, and also
acronyms and abbreviations of the ATM SHDSL access feature.
4.1.2 Principle
This topic describes the operating principles of the ATM SHDSL access feature.
4.1.3 Reference
This topic describes the reference documents of the ATM SHDSL access feature.
4.1.1 Introduction
This topic describes the definition, purpose, specification, limitation, glossary, and also
acronyms and abbreviations of the ATM SHDSL access feature.
Definition
SHDSL is an xDSL access technology, just like ADSL and VDSL. SHDSL provides the
symmetric upstream and downstream rates.
The symmetric upstream and downstream rates of ATM SHDSL determine that bi-directional
rates of the supported service must be basically the same. In addition, ATM SHDSL features a
longer transmission distance. Hence, ATM SHDSL can be widely used.
Purpose
ATM SHDSL provides symmetric broadband access services for subscribers to meet the
requirement for high downstream rate from SOHO subscribers. ATM SHDSL applications are
similar to ADSL applications and the ATM SHDSL and ADSL applications are mutually
complementary.
Specification
l Single-pair, two-pair SHDSL Line rate in the single-pair mode ranges from 192 kbit/s to
2312 kbit/s, and line rate in the two-pair mode doubles the line rate in the single-pair mode
The rate adjustment granularity is 16 kbit/s.
l The SHLB board supports the single-pair and two-pair modes.
l Network timing reference (NTR) clock
l Automatic rate adjustment according to the line conditions during initialization
l Reporting of the alarms and maintenance information of lines
l PPPoE+ sub option
l Dynamic adjustment of the specifications of the SHDSL line profile and alarm profile
l Power-saving of the xDSL line
Availability
Hardware Support
None
License Support
The port rate measurement function supported by the MA5606T is under license. Therefore, the
corresponding service is also under license.
Glossary
None
Table 4-1 Acronyms and abbreviations of the ATM SHDSL access feature
Acronym/Abbreviation Full Name
4.1.2 Principle
This topic describes the operating principles of the ATM SHDSL access feature.
S/T
User
Terminal
U-R U-C U-R U-C U-R U-C V
CO
..
.
.. Optional
.
T1541150-00
Optional (114701)
One SHDSL system consists of an STU-C, an STU-R, and a subscriber terminal. Multiple
repeaters can be added to the line between the STU-C and the STU-R.
Terminal Model
The SHDSL terminal model consists of the following parts:
l PDM module
– The PDM module implements functions such as: Regular code element generation and
recovery, coding/decoding, modulation/demodulation, echo control, linear
equalization, and link start
– SHDSL mainly uses the trellis coded pulse amplitude modulation (TC-PAM)
technology.
l PMS-TC module
The PMS-TC module implements functions such as: framing, frame synchronization
scrambling, and descrambling
l TPS-TC module
The TPS-TC module implements functions such as: mapping and encapsulation of data
frames, multiplexing and demultiplexing, timing alignment of multiple subscriber data
channels
l I/F interface of the device at the central office
– It mainly provides the ATM port.
– The ATM port is used for transmitting ATM cells over the ATM network, or according
to the carried packets, transmitting Ethernet packets encapsulated by the SAR module
or E1/V3.5 signals over the Ethernet network.
l I/F interface of the device on the subscriber side
It corresponds to the I/F interface of the device at the central office. In general, the I/F
interface is used for providing Ethernet ports or E1/V.35 ports.
When the MA5606T uses the SHLB board, the TC-PAM encoding technology is shown as the
following table.
Compliant Describes...
Standards
When the MA5606T uses the SHLB board, the TC-PAM encoding technology is shown as the
following table.
The SHLB board of the MA5606T is based on ATM. The board provides the Ethernet port (for
broadband access) or E1/V.35 port (for private line access) for connecting subscriber terminals.
In the upstream direction, the board is connected to the metropolitan area network (MAN)
through the upstream board.
IPTV server
FE/GE 0/8
I I S
P P D
MA5606T MM L
B
Modem Modem
PC_A PC_B
4.1.3 Reference
This topic describes the reference documents of the ATM SHDSL access feature.
The following lists the reference documents of this feature:
l ITU-T Recommendation G.991.2 (2001), Single-pair high-speed digital subscriber line
(SHDSL) transceivers
4.2.1 Introduction
This topic describes the definition, purpose, specification, limitation, glossary, and also
acronyms and abbreviations of the Ethernet in the first mile (EFM) SHDSL access feature.
4.2.2 Principle
This topic describes the operating principles of the EFM SHDSL access feature.
4.2.3 Reference
This topic describes the reference documents of the EFM SHDSL access feature.
4.2.1 Introduction
This topic describes the definition, purpose, specification, limitation, glossary, and also
acronyms and abbreviations of the Ethernet in the first mile (EFM) SHDSL access feature.
Definition
SHDSL is an xDSL access technology, just like ADSL and VDSL. SHDSL provides the
symmetric upstream and downstream rates.
EFM SHDSL integrates the advantages of the SHDSL technology and the ADSL technology.
That is, EFM SHDSL can provide traditional voice service and high rate Internet access service
over common twisted pairs to meet the requirements for high definition TV service and VoD
service from subscribers, which suit the last mile access for broadband to the campus.
Purpose
The utilization ratio of the EFM access service is high when the activation rates of the ATM and
EFM access services are the same. Hence, if the subscriber terminal supports ATM and EFM
SHDSL access services simultaneously, the EFM SHDSL access service is preferred.
Specification
l A maximum transmission distance of 6 km
l Network timing reference (NTR) clock
l Ethernet access service
l Automatic rate adjustment according to the line conditions during initialization
l Reporting the alarms and maintenance information of lines
l Four modes of binding EFM ports: single-pair (one port), two-pair (two ports), three-pair
(three ports), and four-pair (four ports)
l Line rate ranging from 192 kbit/s to 5696 kbit/s in the single-pair mode
l The line rate of the bound two, three, or four EFM ports is double, triple, or quadruple the
line rate of a single port. Each port in an EFM binding group can be activated or deactivated
independently. Hence, in a specific application, the line rate of the binding group varies
according to the number of the activated ports in the group.
l Power-saving of the xDSL line
Glossary
None
Table 4-3 Acronyms and abbreviations of the EFM SHDSL access feature
4.2.2 Principle
This topic describes the operating principles of the EFM SHDSL access feature.
S/T
User
Terminal
U-R U-C U-R U-C U-R U-C V
CO
..
.
.. Optional
.
T1541150-00
Optional (114701)
One SHDSL system consists of an STU-C, an STU-R, and a subscriber terminal. Multiple
repeaters can be added to the line between the STU-C and the STU-R.
Terminal Model
The SHDSL terminal model consists of the following parts:
l PDM module
– The PDM module implements functions such as: Regular code element generation and
recovery, coding/decoding, modulation/demodulation, echo control, linear
equalization, and link start
– SHDSL mainly uses the trellis coded pulse amplitude modulation (TC-PAM)
technology.
l PMS-TC module
The PMS-TC module implements functions such as: framing, frame synchronization
scrambling, and descrambling
l TPS-TC module
The TPS-TC module implements functions such as: mapping and encapsulation of data
frames, multiplexing and demultiplexing, timing alignment of multiple subscriber data
channels
l I/F interface of the device at the central office
– Providing ATM ports or circuit interfaces
– The ATM port is used for transmitting ATM cells over the ATM network, or according
to the carried packets, transmitting Ethernet packets encapsulated by the SAR module
or E1/V3.5 signals over the Ethernet network or E1 links.
– The circuit interface is used for transmitting E1 or V.35 signals directly through the
time division multiplexing (TDM) network.
l I/F interface of the device on the subscriber side
It corresponds to the I/F interface of the device at the central office. In general, the I/F
interface is used for providing Ethernet ports (for delivering ATM cells processed by the
SAR module) or E1/V.35 ports.
IPTV
LAN Switch
FE/GE 0/7
SS S
CC H
MA5606T UU L
B
Modem Modem
PC_A PC_B
4.2.3 Reference
This topic describes the reference documents of the EFM SHDSL access feature.
The following lists the reference documents of this feature:
l ITU-T Recommendation G.991.2 (2001), Single-pair high-speed digital subscriber line
(SHDSL) transceivers
5 DLM/DSM
This topic describes the DLM/DSM feature in its introduction, principles, and reference.
5.1 Introduction
This topic provides the definition, purpose, specifications, limitations, glossary, and acronyms
and abbreviations of the DLM/DSM feature.
5.2 Principle
This topic describes the working principles of the DLM/DSM feature.
5.3 Reference
This topic provides the reference documents of the DLM/DSM feature.
5.1 Introduction
This topic provides the definition, purpose, specifications, limitations, glossary, and acronyms
and abbreviations of the DLM/DSM feature.
Definition
Line optimization refers to improving the line quality and performance by adjusting line
parameters. It is one solution to dynamic line optimization, and is mainly implemented through
the N2510.
The N2510 provides line test and protection for carriers' copper cables, featuring the following:
Purpose
Line optimization aims at implementing dynamic management of lines, including the following
functions:
l Collecting the line information
l Locating the line fault
l Managing the optimization profile
Specifications
The MA5606T supports the following specifications of the DLM/DSM feature.
– Power management parameters, including whether the transition to the idle state is
allowed, whether the transition to the low power state is allowed, the shortest time for
a line to be in the full-power state, the minimum time between entry into the L2 low
power state and the first L2 low power trim request and between two consecutive L2
power trim requests, each transmit power reduction in the L2 power state, and the
maximum aggregate transmit power reduction that is allowed in the L2 power state
– Upstream/downstream sub-carrier blackout parameters
– Mode-related parameters, including transmission mode, maximum upstream/
downstream aggregate nominal transmit power, upstream/downstream PSD mask, and
maximum upstream/downstream aggregate nominal transmit power
l Bind of an optimization profile to a port and unbinding of an optimization profile from a
port
l Query of the optimization profile bound to a port
Limitation
When configuring an optimization profile, make sure that the parameters meet the following
conditions:
l For the upstream SNR: maximum SNR margin ≥ target SNR margin ≥ minimum SNR
margin
l For the power status parameter: each transmit power reduction in the L2 power state ≤
maximum aggregate transmit power reduction that is allowed in the L2 power state
Glossary
Glossary Description
Noise margin The SNR margin refers to the space that is reserved when the
system allocates bits. When decrease of the SNR caused by
the environment change does not exceed the SNR margin, the
BER can be guaranteed to be less than 10-7.
Availability
l Hardware Support
The VDSA, VDTF, VDNF and VDMF boards support the DLM/DSM feature.
l License Support
The DLM/DSM feature is an optional feature of the MA5606T, and the corresponding
service is under license. The following resources are under license:
– VDSL port
– AnnexM resources
– INP+ resources
– Resources bound to the optimization profile
5.2 Principle
This topic describes the working principles of the DLM/DSM feature.
xml xml
N2000BMS
xml
N2510
OLT DSLAM
VDSL2
DSLAM USER
USER
5.3 Reference
This topic provides the reference documents of the DLM/DSM feature.
The following lists the reference documents of this feature:
l Description of MA5600 V800R062 xDSL Feature Software Requirements and
Specifications
l Details About VDSL2 Parameters
6 PPPoA Access
PPPoA access is an access mode in which users can transmit PPPoA packets to the PPPoE server
based on Ethernet.
6.1 Introduction
This topic describes the definition, purpose, specification, and availability of PPPoA access.
6.2 Principle
This topic describes the implementation principles of PPPoA access.
6.3 Reference
This topic describes the reference documents of PPPoA access.
6.1 Introduction
This topic describes the definition, purpose, specification, and availability of PPPoA access.
Definition
Point-to-Point Protocol over ATM Adaptation Layer 5 (PPPoA) access is an access mode in
which users can transmit PPPoA packets to the PPPoE server, that is, the upper layer broadband
remote access server (BRAS) based on Ethernet.
The access device needs to handle the PPPoA packets from users and the PPPoE packets of the
PPPoE server to realize the interworking function (IWF) between PPPoA packets and PPPoE
packets.
Purpose
PPPoA access is used to realize the IWF between PPPoA and PPPoE for the transition from the
ATM network to the IP network.
Specification
The MA5606T supports the following PPPoA specifications:
l PPP LLC and PPP VC-MUX encapsulation modes, and auto-sensing of the two modes
l PPP MRU≥1492 bytes
l Up to 128 PPPoA users
Availability
l Hardware support
All the ATM service boards support PPPoA access.
l License support
The conversion from PPPoA to PPPoE is an optional feature of the MA5606T. Therefore,
the license is required for accessing the corresponding service.
6.2 Principle
This topic describes the implementation principles of PPPoA access.
Figure 6-1 shows the process of converting PPPoA packets into PPPoE packets.
State=disconnected
LCP Config-Req
PPPoE PADI
PPPoE PADO
PPPoE
PPPoE PADR Discovery stage
PPPoE PADS
State=connected
PPP packet
PPPoE (PPP packet) PPPoE
. Session stage
.
.
.
.
PPP packet .
PPPoE (PPP packet) PPP session
terminates
RG Access
BRAS
Node
6.3 Reference
This topic describes the reference documents of PPPoA access.
7 IPoA Access
IPoA access is an access mode in which the payloads of IP packets are converted into Ethernet
frames for upstream transmission to the upper layer network, and the downstream IPoE packets
are converted into IPoA packets and then forwarded to users.
7.1 Introduction
This topic describes the definition, purpose, specification, and availability of IPoA access.
7.2 Principle
This topic describes the implementation principles of IPoA access.
7.3 Reference
This topic describes the reference documents of IPoA access.
7.1 Introduction
This topic describes the definition, purpose, specification, and availability of IPoA access.
Definition
IPoA access is an access mode in which:
l The IPoA packets are analyzed and the payloads of IP packets are converted into Ethernet
frames for upstream transmission to the upper layer network.
l The downstream IPoE packets are converted into IPoA packets and then forwarded to users.
Purpose
IPoA access is usually used for leased line access for the transition from the ATM network to
the IP network.
Specification
The MA5606T supports the following IPoA specifications:
l Compliance with RFC2684 to support IPoA static users
l Compliance with RFC1577 to support IPoA dynamic users
l Up to 128 IPoA users
l Up to 512 different user gateways
l Automatic discovery of the LLC-IP encapsulation mode
l L2 and L3 IPoA applications
Availability
l Hardware support
– All the ATM service boards support IPoA access.
– The modem must support RFC2684 or RFC1577.
l License support
The conversion from IPoA to IPoE is an optional feature of the MA5606T. Therefore, the
license is required for accessing the corresponding service.
7.2 Principle
This topic describes the implementation principles of IPoA access.
L2 IPoA
In this scenario, the MA5606T works in L2 routing mode. The IP address of the default user
gateway is the IP address of the upper layer router. The MA5606T converts IPoA packets into
IPoE packets without the L3 routing function.
The user gateways of IPoA must be configured by the administrator, and multiple IPoA users
can use the same gateway.
L3 IPoA
In this scenario, the MA5606T works in L3 routing mode. The IP address of the default user
gateway is the IP address of the L3 interface of the MA5606T. The MA5606T converts IPoA
packets into IPoE packets, and forwards them according to the destination IP addresses.
The user gateways of IPoA must be configured by the administrator, and multiple IPoA users
can use the same gateway.
If the modem supports only ATM Adaptation Layer 5 (AAL5) frames encapsulated in VC-IP
mode, the MA5606T cannot obtain the IP address of the modem. In this case, the administrator
of the MA5606T shall configure the source IP address of the static user.
If dynamic IPoA user terminals comply with RFC1577, the MA5606T can obtain the IP address
of the WAN interface in the modem through the ATM ARP packets.
Process
The MA5606T allocates a source MAC address for each IPoA user, and obtains the MAC address
of the user gateway through the ARP protocol. These two MAC addresses are the source and
destination MAC addresses of Ethernet frames for conversion between ATM packets and
Ethernet frames.
IP IP IP IP
7.3 Reference
This topic describes the reference documents of IPoA access.
Point-to-point (P2P) Ethernet optical access refers to the P2P FTTH access provided by the P2P
Ethernet optical access board and the ONT, which meets the requirements for the application of
the next generation access device under the integration of video, voice, and data services.
8.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of P2P FE
optical access.
8.2 Principle
This topic describes the implementation principles of P2P FE optical access.
8.3 Reference
This topic describes the reference documents of P2P FE optical access.
8.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of P2P FE
optical access.
Definition
Point-to-point (P2P) FE optical access means the point-to-point FTTH access provided by the
MA5606T based on the combination between its P2P FE optical access board and the ONTs.
Purpose
P2P FE optical access solution provides P2P FTTH access services. It is especially suitable for
the residential neighborhoods with fiber to the home, and can provide the bandwidth of 100
Mbit/s to satisfy the users' requirements for the next generation access equipment which
integrates video, voice, and data services.
Specification
Limitation
Availability
l Hardware support
The OPFA board and the FE ONTs need to support the feature of P2P FE optical access.
l License support
The feature of P2P FE optical access is the basic feature of the MA5606T. Therefore, no
license is required for accessing the corresponding service.
8.2 Principle
This topic describes the implementation principles of P2P FE optical access.
MA5606T
MCU
FE
P2P ONT
STB
Phone
PC IPTV
The upstream packets sent from the user end are processed as follows:
1. After modulation on the ONT, the upstream packets are sent to the OPFA board of the
MA5606T through a fiber.
2. The OPFA board processes the upstream packets according to the user's configuration, and
then sends the processed packets to the control board of the MA5606T through the
backplane bus.
3. After receiving the packets, the control board forwards the packets to the upper layer
network through the upstream port.
The downstream packets sent from the network end are processed as follows:
1. After the downstream packets from the upper layer network reach the control board of the
MA5606T through the upstream port.
2. The control board forwards the packets to the OPFA interface board through the backplane
bus according to the learning results during the upstream forwarding.
3. The OPFA board processes the downstream packets, and sends the processed packets to
the user end.
8.3 Reference
This topic describes the reference documents of P2P FE optical access.
For the standards compliance of the feature of P2P FE optical access, see "Standards
Compliance" in the MA5606T Product Description.
9 VLAN
Virtual local area network (VLAN) is a technology used to form virtual workgroups by logically
grouping the devices of a LAN.
9.1.1 Introduction
This topic provides information about the standard VLAN feature, including its definition,
purpose, and specification.
9.1.2 Principle
This topic describes the implementation principle of the standard VLAN feature.
9.1.3 Reference
This topic describes the reference documents of the standard VLAN feature.
9.1.1 Introduction
This topic provides information about the standard VLAN feature, including its definition,
purpose, and specification.
Definition
Virtual local area network (VLAN) is a technology used to form virtual workgroups by logically
grouping the devices of a LAN. The IEEE issued draft IEEE 802.1Q in 1999, aiming at
standardizing VLAN implementations.
A standard VLAN is a kind of VLAN which contains multiple interconnected standard Ethernet
ports. Logically, all the ports in a standard VLAN are equal.
Purpose
All the Ethernet ports in a standard VLAN can communicate with each other. An Ethernet port
in a standard VLAN is isolated from an Ethernet port in another standard VLAN.
The standard VLAN is primarily used for subtending. The MA5606T supports the Ethernet
subtending networking. Several access devices in different tiers can be subtended through the
GE/FE ports, which can extend the network coverage and satisfy the requirements for large
access capacity.
Specification
The MA5606T supports up to 4K standard VLANs.
Limitation
For the MA5606T, a standard VLAN can include only the standard Ethernet ports provided by
the boards in the GIU slots.
Availability
l Hardware support
No additional hardware is required for supporting the standard VLAN feature.
l License support
The standard VLAN feature is the basic feature of the MA5606T. Therefore, no license is
required for accessing the corresponding service.
9.1.2 Principle
This topic describes the implementation principle of the standard VLAN feature.
The standard VLAN can be planned according to the following parameters:
l Port
l MAC address
l Protocol type
l IP address mapping
l Multicast
l Policy
Unless otherwise stated, the VLAN described herein is based on ports, which is a common way
for planning VLANs in the telecom industry.
The standard VLAN strictly complies with the IEEE 802.1Q standard. In the IEEE 802.1Q
standard, the format of an Ethernet frame is modified by adding the 4-byte 802.1Q tag between
the source MAC address field and the protocol type field. See Figure 9-1 for details.
802.1Q Tag
Destination Source Length/ FCS
PRI/CFI/ Data
Address Address Type Type (CRC-32)
VID
46 bytes
6 bytes 6 bytes 4 bytes 2 bytes 4 bytes
~1517 bytes
A 802.1Q tag contains four bytes. Table 9-1 shows their meanings and purposes.
9.1.3 Reference
This topic describes the reference documents of the standard VLAN feature.
The following lists the reference documents of the standard VLAN feature:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks
9.2.1 Introduction
This topic provides information about the smart VLAN feature, including its definition, purpose,
and specification.
9.2.2 Principle
This topic describes the implementation principles of the smart VLAN feature.
9.2.3 Reference
This topic describes the reference documents of the smart VLAN feature.
9.2.1 Introduction
This topic provides information about the smart VLAN feature, including its definition, purpose,
and specification.
Definition
A smart VLAN is a VLAN that contains multiple upstream ports and multiple service ports.
These service ports are isolated from each other.
Purpose
A smart VLAN can serve multiple xDSL users, thus saving the VLAN resources in the system.
Specification
The MA5606T supports up to 4K smart VLANs. There is no limit to the number of the upstream
ports and that of the service ports in each smart VLAN.
Limitation
The basic limitations of the smart VLAN feature are as follows:
l If a VLAN contains an L3 interface, to delete the VLAN, you need to delete the interface
first.
l If a VLAN contains a service port, to delete the VLAN, you need to delete the service port
first.
Availability
l Hardware support
No additional hardware is required for supporting the smart VLAN feature.
l License support
The smart VLAN feature is the basic feature of the MA5606T. Therefore, no license is
required for accessing the corresponding service.
9.2.2 Principle
This topic describes the implementation principles of the smart VLAN feature.
In addition to all the features of a standard VLAN, a smart VLAN has the following features:
l There are two port types in the smart VLAN, upstream ports and service ports, which are
not treated equally.
– The service ports are isolated from each other in terms of traffic.
– The upstream ports can interconnect with each other.
– The service port and the upstream port can interconnect with each other.
l The broadcast domain of the upstream port of the smart VLAN covers all the ports of the
VLAN. The broadcast domain of the service port, however, contains only the upstream
port. In contrast, the broadcast domain of each port of the standard VLAN covers all the
ports in the VLAN.
9.2.3 Reference
This topic describes the reference documents of the smart VLAN feature.
The following lists the reference documents of the smart VLAN feature:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks.
The MUX VLAN is used when users are distinguished according to VLANs. This topic provides
introduction to this feature and describes the principles and reference documents of this feature.
9.3.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of MUX
VLAN.
9.3.2 Principle
This topic describes the implementation principles of the MUX VLAN feature.
9.3.3 Reference
This topic describes the reference documents of the MUX VLAN feature.
9.3.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of MUX
VLAN.
Definition
A MUX VLAN is a VLAN that contains one or more upstream ports, but contains only one
service port.
Purpose
One-to-one mapping can be set up between a MUX VLAN and an access user. Hence, a MUX
VLAN can uniquely identify an access user. The MUX VLAN is used when users are
distinguished according to VLANs.
Specification
Limitation
Availability
l Hardware support
No additional hardware is required for supporting the MUX VLAN feature.
l License support
The MUX VLAN feature is the basic feature of the MA5606T. Therefore, no license is
required for accessing the corresponding service.
9.3.2 Principle
This topic describes the implementation principles of the MUX VLAN feature.
One MUX VLAN corresponds to one service port. Therefore, MUX VLANs can be used to
differentiate the users.
9.3.3 Reference
This topic describes the reference documents of the MUX VLAN feature.
The following lists the reference documents of the MUX VLAN feature:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks.
9.4.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of QinQ
VLAN.
9.4.2 Principle
This topic describes the implementation principles of the QinQ VLAN feature.
9.4.3 Reference
This topic describes the reference documents of the QinQ VLAN feature.
9.4.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of QinQ
VLAN.
Definition
QinQ, that is, 802.1Q in 802.1Q, is a visualized name for the tunnel protocol encapsulated based
on IEEE 802.1Q. For a VLAN packet that has the QinQ attribute, it contains two VLAN tags:
inner VLAN tag from the private network and outer VLAN tag from the MA5606T.
Through the outer VLAN tag, an L2 VPN tunnel can be set up to transparently transmit service
data from private networks to public networks.
Purpose
The core of QinQ is to encapsulate the VLAN tag of the private network packet to the VLAN
tag of the public network. The packet carrying two VLAN tags in the form of IEEE 802.1Q is
forwarded to the user, after passing the operator's backbone network.
In a word, the QinQ VLAN provides the users with a simple L2 VPN leased line service, which
extends the coverage of the private network to some extent.
The leased line service herein refers to the private network service which is transparently
transmitted to the peer network end, for example, the Intranet service.
Specification
l The MA5606T supports up to 4K QinQ VLANs.
l The MA5606T supports smart QinQ and Mux QinQ.
Limitation
The attribute of the following VLANs cannot be QinQ:
l Super VLAN
l Sub VLAN
l A VLAN containing an L3 interface
l Default VLAN in the system
l Standard Vlan
Availability
l Hardware support
No additional hardware is required for supporting the QinQ VLAN feature.
l License support
The QinQ VLAN feature is the basic feature of the MA5606T. Therefore, no license is
required for accessing the corresponding service.
9.4.2 Principle
This topic describes the implementation principles of the QinQ VLAN feature.
Figure 9-2 shows the QinQ VLAN service process of the MA5606T.
L2/L3 L2/L3
VLAN 3 VLAN 2
Modem Modem
L2 L2
By QinQ VLAN, the MA5606T implements the user interconnection of the same private network
(VLAN 1 or VLAN 2) in different areas. The following describes the service packet processing.
1. The user PC sends an untagged packet to the upstream direction.
2. The L2 LAN switch adds the VLAN tag (VLAN 1 or VLAN 2) of the private network to
the packet, and then sends the packet to the MA5606T.
3. The MA5606T adds the VLAN tag (VLAN 3) of the public network to the packet, and then
sends the packet to the upper layer network.
4. The upper layer network device transmits the packet based on the VLAN tag (VLAN 3) of
the public network.
5. Upon receiving the packet, the peer end MA5606T extracts the VLAN tag (VLAN 3) of
the public network, and then sends the packet to the LAN switch at the same end.
6. The LAN switch identifies and extracts the VLAN tag (VLAN 1 or VLAN 2) of the private
network, and then sends the untagged packet to the user in the VLAN of the private network.
In this way, users 1 and 2 in VLAN 2 can interconnect with each other, or users 3 and 4 in VLAN
1 can interconnect with each other.
9.4.3 Reference
This topic describes the reference documents of the QinQ VLAN feature.
The following lists the reference documents of the QinQ VLAN feature:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks.
l IEEE P802.1ad: Virtual Bridged Local Area Networks— Amendment 4: Provider Bridges
9.5.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of VLAN
stacking.
9.5.2 Principle
This topic describes the implementation principles of the VLAN stacking feature.
9.5.3 Reference
This topic describes the reference documents of the VLAN stacking feature.
9.5.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of VLAN
stacking.
Definition
VLAN stacking is a stacking based on the IEEE 802.1 Q tag.
The purpose of the VLAN stacking is to add two VLAN tags in the form of IEEE 802.1Q to
untagged user packets or to convert tagged user packets into the packets with two VLAN tags
in the form of IEEE 802.1Q. The packet carrying two VLAN tags is forwarded to the broadband
remote access server (BRAS) for authentication, after passing the operator's backbone network.
Alternatively, when the packet is forwarded to the BRAS, the outer VLAN tag is extracted, and
the inner VLAN tag is used to identify the user.
Purpose
For a VLAN packet that has the stacking attribute, it contains two VLAN tags: inner VLAN tag
and outer VLAN tag allocated by the MA5606T.
The VLAN stacking feature can be used to improve the reuse of the network-side VLAN (outer
VLAN) and used for the wholesale service.
l The reuse of VLANs is improved by two VLAN tags.
l The outer VLAN tag is used to identify to which Internet Service Provider (ISP) the user
belongs, and the inner VLAN tag is used to identify the user. In this way, different users
can get access to their own ISPs.
The wholesale service refers to a service in which users can be connected to their own ISPs in
batches according to the specified rules when there are multiple ISPs in the L2 MAN.
Specification
l Up to 4K stacking VLANs
Limitation
The attribute of the following VLANs cannot be VLAN stacking:
l Super VLAN
l Sub VLAN
l A VLAN contains an L3 interface
l Default VLAN in the system
l Standard Vlan
Availability
l Hardware support
No additional hardware is required for supporting the VLAN stacking feature.
l License support
The VLAN stacking feature is an optional feature of the MA5606T. Therefore, the license
is required for accessing the corresponding service.
9.5.2 Principle
This topic describes the implementation principles of the VLAN stacking feature.
If the VLAN stacking is used to increase the VLAN quantity or to identify users, the BRAS is
required.
If the VLAN stacking is used to provide the multi-ISP wholesale service, the upper layer network
shall work in L2 mode to forward user packets based on VLAN and MAC address directly.
Figure 9-3 shows the VLAN stacking service process of the MA5606T.
ISP1 ISP2
MAN
L2/L3
SP VLAN 1 C VLAN 2 SP VLAN 2 C VLAN 2
Modem Modem
MA5606T
Enterprise A
Enterprise B
NOTE
By different VLAN stacking, the MA5606T connects the users of enterprise A to ISP1, and the
users of enterprise B to ISP2. The following describes the service process.
1. The user sends the untagged packets to the upstream direction. The packets reach the
MA5606T after passing through the Modem.
2. The MA5606T adds two VLAN tags to the untagged packets.
NOTE
9.5.3 Reference
This topic describes the reference documents of the VLAN stacking feature.
The following lists the reference documents of the VLAN stacking feature:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks.
10 HWTACACS
10.1 Introduction
This topic provides the definition, purpose, specifications, limitation, and availability of the
HWTACACS feature.
10.2 Principle
This topic describes the working principles of the HWTACACS feature.
10.3 Reference
This topic provides the reference documents of the HWTACACS feature.
10.1 Introduction
This topic provides the definition, purpose, specifications, limitation, and availability of the
HWTACACS feature.
Definition
HWTACACS is a security protocol with enhanced functions based on TACACS (RFC1492).
Similar to the RADIUS protocol, HWTACACS implements AAA functions for multiple
subscribers by communicating with the HWTACACS server in the client/server (C/S) mode.
Purpose
HWTACACS is used for the authentication, authorization, and accounting of the 802.1x access
subscribers and administrators.
Specifications
The MA5606T supports the following HWTACACS specifications:
Limitation
None
Availability
l Hardware Support
No additional hardware is required for supporting this feature.
l License Support
The HWTACACS feature is a basic feature of the MA5606T. Therefore, no license is
required for accessing the corresponding service.
10.2 Principle
This topic describes the working principles of the HWTACACS feature.
HWTACACS features more reliable transmission and encryption than RADIUS and is more
suitable for security control. Table 10-1 shows the major differences between HWTACACS
and RADIUS.
HWTACACS RADIUS
Encrypts the entire body of the packet Encrypts only the password field of the
except the standard HWTACACS header. authentication packet.
HWTACACS supports the authentication of the user level upshift. After logging in to the router
through telnet or SSH, a user can run the super command to upshift or downshift the user level
in the user mode. Then, the router authenticates the user password.
Figure 10-1 shows the process of the HWTACACS authentication of the user level upshift.
Figure 10-1 Process of the HWTACACS authentication of the user level upshift
NOTE
l When the router authenticates the user level upshift, the user passwords at different levels can be
different.
l When the router authenticates the user level upshift through HWTACACS, the user passwords at
different levels are the same.
The router sends the user password to the HWTACACS server for authentication. If the
authentication is successful, the user level can be upshifted. Otherwise, the user level cannot be
upshifted. The modification of the privilege user level takes effect on only this login.
If the router does not receive the authentication result of user level upshift from the HWTACACS
server within the preset timeout time, the authentication times out and the user level cannot be
upshifted.
10.3 Reference
This topic provides the reference documents of the HWTACACS feature.
The following lists the reference documents of this feature:
l RFC1492
l RFC2865
11 DNS Client
The DNS client feature enables the user who logs in to the local device to communicate with
other devices by using the domain name.
11.1 Introduction
This topic provides the definition, purpose, specifications, limitation, and availability of the DNS
client feature.
11.2 Principle
This topic describes the working principles of the DNS client feature.
11.3 Reference
This topic provides the reference documents of the DNS client feature.
11.1 Introduction
This topic provides the definition, purpose, specifications, limitation, and availability of the DNS
client feature.
Definition
TCP/IP not only provides IP addresses to identify devices, but also specifies a special naming
mechanism for hosts which is in the form of character strings. This is the domain name system
(DNS). DNS adopts a hierarchical naming method to specify a meaningful name for each device
on the network, and sets a DNS server on the network to establish mappings between domain
names and IP addresses. In this way, you can use the meaningful and easy-to-remember domain
names other than complex IP addresses.
The domain name resolution can be dynamic resolution or static resolution. In the case of
dynamic resolution, a special DNS server is required for receiving the domain name resolution
requests from subscribers. The server first resolves a domain name within the local database. If
the domain name does not belong to this domain, the server returns the resolution result to the
client by using the recursive resolution or iterative resolution method. The resolution result may
be an IP address or the message "the domain name does not exist", which will be returned to the
client. An address resolver on the DNS client is used to enable the user program to access the
DNS server.
Figure 11-1 shows the relations between the user program, resolver, DNS server, and the cache
on the resolver. The resolver and the cache are integrated to form the DNS client, which receives
the DNS queries from the user program and responds to the queries. In general, the user program,
cache, and resolver are on the same host while the DNS server is on a different one.
Request Request
User program Resolver
Response
Response
DNS
Save Read Server
Local DNS
Cache
host Client
Purpose
On the MA5606T, the DNS client is mainly used for resolving the IP address of the call server
for the VoIP feature.
Specifications
The MA5606T supports the following DNS client specifications:
Limitation
None
Availability
l Hardware Support
No additional hardware is required for supporting this feature.
l License Support
The DNS client feature is a basic feature of the MA5606T. Therefore, no license is required
for accessing the corresponding service.
11.2 Principle
This topic describes the working principles of the DNS client feature.
DNS is a mechanism that uses a special DNS server for dynamically resolving the domain name.
The DNS server provides mappings from domain names to IP addresses and receives the domain
name resolution requests from DNS clients.
DNS Server
A device that is specially used for running the domain name resolution server program is called
a DNS server. The root DNS server contains the information about the root and top-level domain.
DNS requires each DNS server to know the IP address of at least one root DNS server. The DNS
client must also know how to contact at least one DNS server.
– Iterative resolution: If the DNS server cannot provide the resolution result, it indicates
the next DNS server for the client to contact in the response packet sent to the client.
Then, the client sends a query request to the specified DNS server.
Request Request
User program Resolver
Response
Response
DNS
Save Read Server
Local DNS
Cache
host Client
Cache
If the resolver sends every resolution request with a non-local domain name to the root DNS
server, it will result in a large query overhead. To reduce the overhead of the queries for non-
local domain names, the DNS server uses a cache. Every mapping between a dynamically
resolved domain name and the IP address is saved in the dynamic domain name cache of the
memory. Then, when the same domain name is queried next time, it can be directly read from
the cache rather than being requested from the root DNS server. Each DNS server maintains a
record of recently-used domain names in the local cache, and at the same time caches the IP
address of the corresponding server from which the domain name mapping is obtained.
When the mappings between domain names and IP addresses change, the information in the
cache is no longer correct. To ensure the correctness of the information in the cache, the DNS
server specifies a TTL value in the DNS response packet. The TTL value represents the valid
time for the binding between the resolved domain name and the IP address. The mapping between
the domain name and the IP address saved in the cache of the client ages after a period of time
and is deleted, thus guaranteeing that the latest information can be obtained from the DNS server.
The DNS servers installed with different operating systems have corresponding values of aging
time. The client obtains the aging time from the DNS protocol packets.
The host also has a cache, which is used for maintaining the bindings between the recently-used
domain names and IP addresses. The host uses the DNS server for query only when the host
cannot find the domain name to be resolved in the cache.
DNS Suffix
The dynamic DNS supports the domain name suffix list. With this function, you can preset some
domain name suffixes. Then, in the domain name resolution, you only need to enter partial fields
of domain names, and the system automatically adds different suffixes to the domain names for
resolution. For example, to query domain name huawei.com, you can configure com in the suffix
list, and then enter huawei. Then, the system automatically connects the entered domain name
to the suffix to form domain name huawei.com for performing a query.
When the domain name suffix is used, the following situations may occur:
l If the domain name that you enter does not contains a ., for example, huawei, the system
considers this as a host name and adds the suffix to it for performing a query. If all the
queries for domain names fail, the system finally uses the domain name that you first entered
for performing a query.
l If the domain name that you enter contains ., for example, www.huawei, the system directly
uses this domain name for performing a query. If the query fails, the system adds the suffixes
one by one and then performs the query.
l If the domain name that you enter ends with ., for example, huawei.com., the system first
removes the ending . from the domain name and uses the remaining part for performing a
query. If the query fails, the system tries matching the domain name with the domain name
list and then performs the query.
11.3 Reference
This topic provides the reference documents of the DNS client feature.
The following lists the reference documents of this feature:
l RFC1034: Domain Names - Concepts and Facilities
l RFC1035: Domain Names - Implementation and Specification
12.1 Introduction
This topic provides the definition, purpose, specifications, limitation, and availability of the
feature of transparent transmission of protocol packets.
12.2 Principle
This topic describes the working principles of the feature of transparent transmission of protocol
packets.
12.1 Introduction
This topic provides the definition, purpose, specifications, limitation, and availability of the
feature of transparent transmission of protocol packets.
Definition
Transparent transmission of protocol packets refers to the transparent transmission of user
private network packets in the public network.
Purpose
This feature is used to implement the transparent transmission of user private network packets
in the public network. For example, the BPDU packets of a VIP user's private network can be
transparently transmitted in the public network through the QinQ function.
Specifications
The MA5606T supports the following transparent transmission specifications:
Limitation
None
Availability
l Hardware Support
The xDSL, and GPON boards support this feature.
l License Support
The feature of transparent transmission of protocol packets is a basic feature of the
MA5606T. Therefore, no license is required for accessing the corresponding service.
12.2 Principle
This topic describes the working principles of the feature of transparent transmission of protocol
packets.
The transparent transmission feature supports the following two service models:
l Transparent transmission of the BPDU packets in a specified VLAN
l Transparent transmission of the VTP-CDP and RIP packets in a specified VLAN
c200-0000 through 0180-c200-002f. In the case of MSTP, the destination MAC address of the
BPDUs in the carrier network (public network) is 0180-c200-0008.
13 ACL
The access control list (ACL) is used to filter the specific data packets based on a series of
matching rules contained in the ACL.
13.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of ACL.
13.2 Principle
This topic describes the implementation principles of the ACL feature.
13.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of ACL.
Definition
The access control list (ACL) is used to filter the specific data packets based on a series of
matching rules contained in the ACL, and therefore identify the filtering objects. After the
filtering objects are identified, the corresponding data packets are permitted to pass or discarded
based on the preset rules.
Purpose
The packet filtering based on ACLs is the prerequisite for carrying out quality of service (QoS).
ACL together with QoS improves the system security.
Specification
The MA5606T supports the following ACL specifications:
l ACLs are numbered from 2000 to 5999, and up to 4000 ACLs can be defined. Each ACL
can have 64 rules. Table 13-1 describes the four types of ACLs.
l Issuing 1024 ACL rules by the system software, with a maximum number of 128 user-
defined ACL rules and a maximum number of 896 non-user-defined ACL rules
l The user can configure matching of the first 80 bytes in the packet based on the rules.
Multiple fields can be configured at the same time.
l Up to 64(MCUA) ACLs can be activated and validated for the MA5606T.
Limitation
In the case that the ACL rules do not conflict with each other, the ACL rules activated earlier
have lower priorities, while the ACL ruls activated later have higher priorities.
Availability
l Hardware support
No additional hardware is required for supporting the ACL feature.
l License support
The ACL feature is an optional feature of the MA5606T. Therefore, the license is required
for accessing the corresponding service.
13.2 Principle
This topic describes the implementation principles of the ACL feature.
The system matches and processes the input packets according to the ACLs.
l If the packets match the ACLs, they are forwarded for further processing, such as:
– Packet filtering
The system determines whether to discard the packets depending on whether the packets
match with the ACLs.
– Priority tagging
The system tags priority on the packets that match the ACLs. The tags include the TOS,
DSCP and 802.1p tags.
– Traffic limiting
The system limits the rate of the packets that match the ACLs.
– Port rate limiting
The system limits the rate for the packet transmission on an Ethernet port.
– Traffic statistics
The system collects statistics on the packets that match the ACLs.
– Packet redirection
The system redirects the packets that match the ACLs to another port (that is, the original
destination port no longer receives or forwards the packets).
– Packet mirroring
The system mirrors the packets that match the ACLs to another port (that is, the packets
are duplicated to another port).
Eventually, the packets are forwarded and generated.
l The MA5606T discards or forwards the packets that do not match with the ACLs.
Packet filtering
Priority tagging
Traffic limiting
Port rate limiting
…
Discard
Discarded
packets
14 QoS
QoS refers to quality of service. Settings of different QoS parameters, such as service availability,
time delay, jitter, and loss rate, provide users with high quality services.
To manage the bandwidth for the service, you can configure the rate limitation based on port
and CoS. This topic provides introduction to this feature and describes the principles of this
feature.
14.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of QoS.
14.1.2 Principle
This topic describes the implementation principles of the QoS feature.
14.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of QoS.
Definition
QoS refers to quality of service. Settings of different QoS parameters, such as service availability,
time delay, jitter, and loss rate, guarantee the end-to-end quality of services.
Purpose
QoS aims at utilizing the limited network resources by providing differentiated qualities for
different services.
Specification
The MA5606T supports the following QoS specifications:
l Flexible queue mapping
l Two rate three color marker (trTCM) to adapt different traffic profiles
l 802.1p re-marking
l Rate limitation to both upstream and downstream traffic streams based on the port + CoS
mode to implement the committed access rate (CAR) function
l Up to eight queues (corresponding to eight service streams) for each port
l The queue scheduling methods such as:
– Strict Priority Queuing (PQ)
– Weighted Round Robin (WRR)
– PQ+WRR
l Configuring the inner VLAN priority during configuration of an IP traffic profile
Only priorities 0-7 are supported.
l Cancellation of the option for setting the inner VLAN priority as the queuing trustful
priority
Only local and tag-setting are supported.
l Configuring the source of the outer VLAN priority
Availability
l Hardware support
No additional hardware is required for supporting the QoS feature.
l License support
The QoS feature is the basic feature of the MA5606T. Therefore, the corresponding service
is provided with no license.
14.1.2 Principle
This topic describes the implementation principles of the QoS feature.
The QoS can be implemented through the following strategies:
l Flexible configuration of the packet priority based on the flow:
– Trusting user 802.1p. (If the user packet does not have the 802.1p tag, 3 is selected)
– Trusting user ToS. (If the user packet does not have the ToS tag, 3 is selected)
– Trusting the default flow priority.
l CAR rate limiting based on the flow:
trTCM (RFC2698) is adopted. The color is marked on the DEI bit of the Ethernet priority
field. 0 indicates green. 1 indicates yellow. Red packets are all discarded. Two modes are
supported globally: color-blind and color-aware. trTCM supports Ethernet profiles defined
in MEF10. You can obtain different traffic profiles by modifying the associated parameters.
l Modification of the 802.1p of the output packets based on the flow:
– Trusting user 802.1p. (If the user packet does not have the 802.1p tag, 3 is selected)
– Trusting user ToS. (If the user packet does not have the ToS tag, 3 is selected)
– Trusting the default flow priority.
l Queue scheduling
In case of network congestion, multiple packets compete for the network resources. In this
case, queue scheduling is used to solve the problem.
14.2 PQ
By PQ, each queue is given with a different priority. During the scheduling, the packets in the
highest-priority queue are served first. This topic provides introduction to this feature and
describes the principles of this feature.
14.2.1 Introduction
This topic describes the definition, purpose, and specification of PQ.
14.2.2 Principle
This topic describes the implementation principles of the PQ feature.
14.2.1 Introduction
This topic describes the definition, purpose, and specification of PQ.
Definition
By PQ, each queue is given with a different priority. During the scheduling, the packets in the
highest-priority non-empty queue are served first, and then the packets in the next lower-priority
queue are served. PQ handles the packets of different queues by strictly following the order from
higher priorities to lower priorities. The packets in the queue of the lower priority are sent only
when a queue of the higher priority becomes empty.
Purpose
PQ solves the problem that multiple service streams contend for the resources during network
congestion.
Specification
Each port supports up to eight priority queues. For some earlier versions (H808ANLF/ANIF/
ANLE or H802SHLB), each port supports only four priority queues.
14.2.2 Principle
This topic describes the implementation principles of the PQ feature.
PQ aims at giving a strict priority to the important traffic. The important traffic is given
preferential and fast treatment in case of network congestions.
In PQ, the packets are placed in queues of different priorities. The traffic with a higher priority
gets preference over that of a lower priority. Therefore, packets in queues of a higher priority
are sent first. When a queue of a higher priority is empty, the packets in the queue of a lower
priority are sent then.
Figure 14-1 shows the schematic diagram of PQ.
Based on PQ, the packets for the important services can be put into the queues of higher priorities,
while the packets for the less important services can be put into the queues of lower priorities.
This guarantees that the packets for the important services are served earlier than those for the
less important services (such as E-mail service). The packets for the less important services are
sent using idle intervals during which no packets for the important services are processed.
A disadvantage of PQ is that, during network congestion, the packets in the queues of lower
priorities might be discarded if packets exist in the queues of higher priorities for a long period
of time.
14.3 WRR
By WRR, each queue is assigned with a weighted value, representing the number of packets
serviced in one cycle queue. One packet is sent in one scheduling. WRR guarantees that the
bandwidth used by different queues is consistent with the preset ratio. This topic provides
introduction to this feature and describes the principles of this feature.
14.3.1 Introduction
This topic describes the definition, purpose, and specification of WRR.
14.3.2 Principle
This topic describes the implementation principles of the WRR feature.
14.3.1 Introduction
This topic describes the definition, purpose, and specification of WRR.
Definition
By WRR, each queue is assigned with a weighted value, representing the number of packets
serviced in one cycle queue. One packet is sent in one scheduling. WRR guarantees that the
bandwidth used by different queues is consistent with the preset ratio.
Purpose
WRR solves the problem that multiple service streams contend for the resources during network
congestion.
Specification
Each port supports up to eight priority queues. For some earlier versions (H808ANLF/ANIF/
ANLE or H802SHLB), each port supports only four priority queues.
14.3.2 Principle
This topic describes the implementation principles of the WRR feature.
WRR scheduling ensures that certain services for each queue by polling scheduling among
different queues.
Assume that each port has four priority queues. By WRR each queue is assigned with a weighted
value among w3, w2, w1 and w0 in descending order. The weighted value indicates the ratio of
resources that one queue can get.
Use a 100 Mbit/s port as an example. Assign the weighted value of its WRR algorithm to 36,
30, 18 and 16 (corresponding to w3, w2, w1 and w0 respectively). This guarantees the minimum
bandwidth of 14 Mbit/s to the queue of the lowest priority. In this way, the packets in the queue
of the lowest priority can be served.
Assume that each port has eight priority queues. By WRR each queue is assigned with a weighted
value among w7, w6, w5, w4, w3, w2, w1 and w0 in descending order. The weighted value
indicates the ratio of resources that one queue can get.
Use a 100 Mbit/s port as an example. Assign the weighted value of its WRR algorithm to 13,
10, 8, 15, 16, 14, 13 and 11 (corresponding to w7, w6, w5, w4, w3, w2, w1 and w0 respectively).
This guarantees the minimum bandwidth of 11 Mbit/s to the queue of the lowest priority. In this
way, the packets in the queue of the lowest priority can be served.
l The undeserving long-time waiting that might occur in the PQ algorithm can be avoided
by using the WRR algorithm.
l Time allocated to each WRR queue is not fixed. When no traffic is available in one queue,
the bandwidth resource is switched to the next queue immediately. Therefore, the
bandwidth resource is efficiently used.
14.4.1 Introduction
This topic describes the definition, purpose, and specification of CoS priority re-marking.
14.4.2 Principle
This topic describes the implementation principles of the CoS priority re-marking.
14.4.1 Introduction
This topic describes the definition, purpose, and specification of CoS priority re-marking.
Definition
CoS priority re-marking means re-marking the CoS priorities (802.1p field) of the packets.
Purpose
The CoS priority re-marking feature is used to differentiate the priorities of multiple services,
and thus provide different QoS for different services. For example, a higher priority can be
marked for the voice service. In this way, the delay of the voice service is reduced.
Specification
The MA5606T supports the following CoS priority re-marking specifications:
14.4.2 Principle
This topic describes the implementation principles of the CoS priority re-marking.
14.5.1 Introduction
This topic describes the definition and purpose of flexible mapping between CoS priorities and
scheduling queues.
14.5.2 Principle
This topic describes the implementation principles of the flexible mapping between CoS
priorities and scheduling queues.
14.5.1 Introduction
This topic describes the definition and purpose of flexible mapping between CoS priorities and
scheduling queues.
Definition
Flexible mapping between CoS priorities and scheduling queues indicates that the access device
supports flexible configuration of mappings between priorities and queues. Based on this feature,
you can specify the packets of a certain priority to a specified queue.
Purpose
This feature satisfies the specific requirements of the carries for service management. For
example, if priorities 4 and 5 are for the voice service, then you can map priorities 4 and 5 to
queue 6 to guarantee that the voice service can be scheduled with priority.
14.5.2 Principle
This topic describes the implementation principles of the flexible mapping between CoS
priorities and scheduling queues.
When scheduling the ingress Ethernet packets, use a certain priority to determine the ingress
queue. The priority is called the packet service priority. In general, the priority is the priority
carried in the packet (such as the 802.1p field).
By default, the relationship between the packet service priority and the ingress queue is fixed.
That is, the packets with priority 7 enter queue 7 (of the highest priority), the packets with priority
6 enter queue 6, and the rest may be deduced by analogy.
In actual networking, the configurations different from the earlier mentioned default setting may
be required. For example, priorities 1, 2, 3, 4, and 5 are used, in which priorities 1 and 2 are for
the data service, priority 3 is for the video service, and priorities 4 and 5 are for the voice service;
and the configured queues are 0, 2, 4, and 6.
Table 14-1 shows the mappings between the configured priorities and queues.
Table 14-1 Mapping between the packet service priority and the queue
Packet Service Priority Queue Priority
Default Configuration in a
Certain Application
7 7 -
6 6 -
5 5 6
4 4 6
3 3 4
2 2 2
1 1 0
0 0 -
14.6 trTCM
A Two Rate Three Color Marker (trTCM) is a marker defined by RFC2698. The trTCM can be
used as a component in a Diffserv traffic conditioner, and meters an IP packet stream and marks
its packets. This topic provides introduction to this feature and describes the principles of this
feature.
14.6.1 Introduction
This topic describes the definition, purpose, specification, and limitation of trTCM.
14.6.2 Principle
This topic describes the implementation principles of the trTCM feature.
14.6.1 Introduction
This topic describes the definition, purpose, specification, and limitation of trTCM.
Definition
A Two Rate Three Color Marker (trTCM) is a marker defined by RFC2698. The trTCM can be
used as a component in a Diffserv traffic conditioner, and meters an IP packet stream and marks
its packets.
The MA5606T supports the trTCM to meter an Ethernet frame stream and marks its frames.
Purpose
The trTCM can be used for traffic policing and marking for the purpose of more effective
bandwidth management. Based on the static bandwidth, the trTCM can guarantee the basic
bandwidth, namely, committed information rate (CIR) for users. When the network is idle, the
trTCM allows users to obtain extra bandwidth, namely, peak information rate (PIR). In this way,
the trTCM improves the utilization ratio of the network resources.
Specification
The MA5606T supports the following trTCM specifications:
l A packet is marked green if it does not exceed the CIR. Such a packet is allowed to pass.
l A packet is marked red if it exceeds the PIR. Such a packet is discarded.
l A packet is marked yellow if it exceeds the CIR but does not exceed the PIR. Such a packet
is discarded in case of network congestion.
Limitation
Because the MA5606T implements the QoS technology at the Ethernet layer, the MA5606T
does not support marking of IP packet headers, but supports marking of Ethernet frame headers.
14.6.2 Principle
This topic describes the implementation principles of the trTCM feature.
RFC2698 trTCM implements the two rate three color marker by using two token buckets. The
related parameters are as follows:
l CIR: Committed Information Rate, in Kbps.
l CBS: Committed Burst Size, in Kbps.
l PIR: Peak Information Rate, in bytes/s (required to be equal to or exceed the CIR).
l PBS: Peak Burst Size, in bytes.
l CM: Color Mode, in either Color-Blind or Color-Aware, which indicates whether to
identify the colors of the incoming packets.
Figure 14-2 shows the principle of two token buckets.
CIR
Token Bucket P
PBS
Initially, there are two independent token buckets, P and C. The maximum size of the token
bucket P is PBS and the maximum size of the token bucket C is CBS. The token buckets P and
C are initially (at time 0) full, that is, the token count Tp(0) = PBS and the token count Tc(0) =
CBS.
Thereafter, the token count Tp is incremented by one PIR times per second up to PBS and the
token count Tc is incremented by one CIR times per second up to CBS.
The following uses Tp(t) and Tc(t) to represent the number of tokens in token buckets P and C
respectively at time 0.
l In the Color-Blind mode, when a packet of size B bytes arrives at time t, the following
happens:
– If Tp(t)-B < 0, the packet is red, else;
– If Tc(t)-B < 0, the packet is yellow and Tp is decremented by B, else;
– The packet is green and both Tp and Tc are decremented by B.
l In the Color-Aware mode, when a packet of size B bytes arrives at time t, the following
happens:
– If the packet has been precolored as red or if Tp(t)-B < 0, the packet is red, else;
– If the packet has been precolored as yellow or if Tc(t)-B < 0, the packet is yellow and
Tp is decremented by B, else;
– The packet is green and both Tp and Tc are decremented by B.
14.7.1 Introduction
This topic describes the definition, purpose, and limitation of rate limitation based on port and
CoS.
14.7.2 Principle
This topic describes the implementation principles of rate limitation based on port and CoS.
14.7.1 Introduction
This topic describes the definition, purpose, and limitation of rate limitation based on port and
CoS.
Definition
When the CoS priority is used to indicate the class of service, to manage the bandwidth of the
services, you can configure the rate limitation parameters based on port and CoS, including the
CIR, CBS, PIR, PBS, and meter and mark the packets based on the trTCM.
Purpose
The purpose of this feature is to manage the bandwidth of the service identified by the CoS
priority.
Limitation
The system supports rate limitation only at the board level. That is, the rates of all the ports in
a service board are limited in the same way.
14.7.2 Principle
This topic describes the implementation principles of rate limitation based on port and CoS.
When rate limitation based on port and CoS priorities is configured on the MA5606T, the packets
passing through each port is classified into eight traffic streams according to the CoS priorities
(0-7). Based on these traffic streams, the packets are metered and marked in trTCM mode
according to the configured parameters.
By default, the rate of any traffic stream for which no rate limitation parameter is configured is
unlimited.
15 ANCP
ANCP refers to the Access Node Control Protocol which is used to implement the functions
such as topology discovery and line configuration of user ports, and also Layer 2 Control Protocol
(L2C) OAM.
15.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of ANCP.
15.2 Principle
This topic describes the implementation principles of ANCP.
15.3 Reference
This topic describes the reference documents of ANCP.
15.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of ANCP.
Definition
ANCP refers to the Access Node Control Protocol. An access device exchanges messages with
a BRAS through ANCP to implement the functions such as topology discovery, line
configuration of user ports, and also L2C OAM.
Purpose
Applying ANCP reduces the operating expenditures (OPEX) of carriers.
Specification
The MA5606T supports the following ANCP specifications:
l Topology discovery
l Line configuration
l OAM
l A partition (partition 0)
l two ANCP sessions
l Reporting of traps which indicate the change of the ANCP session status
l Selecting the ID of the start ANCP port through the CLI
l Reporting the topology information about one physical port only once
Limitation
None
Availability
l Hardware support
No additional hardware is required for supporting the ANCP feature.
l License support
The ANCP feature is the basic feature of the MA5606T. Therefore, no license is required
for accessing the corresponding service.
15.2 Principle
This topic describes the implementation principles of ANCP.
The ANCP feature complies with GSMP V3 (RFC3292) and is implemented based on "draft-
wadhwa-gsmp-l2control-configuration-01."
Figure 15-1 shows the process of the ANCP topology discovery and parameter configuration.
Figure 15-1 Process of the ANCP topology discovery and parameter configuration
9-Business logic
8-Sync rate to
RADIUS in RADIUS server
access-request
5-Access loop 10-Service
4-Port up message parameters
VSAs
STB 3-HG turned on, stored
synchronized with 1-ANCP session
TV MSAN established
The process of the ANCP topology discovery and parameter configuration is as follows:
1. The MA5606T and the BRAS establish an ANCP session. For the session establishment,
refer to GSMP V3 in "15.3 Reference."
2. The MA5606T and the BRAS negotiate their ANCP capability by exchanging the ANCP
capability messages.
3. After the home gateway of a subscriber starts up, the MA5606T senses that the subscriber
line is activated. The home gateway and the MA5606T then synchronize the DSL line
parameters.
4. After synchronizing the line parameters, the MA5606T reports to the BRAS the user port
UP event that carries the line parameters of the MA5606T. For the format of the parameters,
refer to ANCP in "15.3 Reference."
5. After receiving the port UP event, the BRAS records the Access-loop-id and the topology
and parameter information of the subscriber.
6. The BRAS adjusts QoS policies based on the reported line parameters.
7. After the subscriber gets online, the PPPoE or DHCP session has been established. The
BRAS performs the Access-loop-id matching and QoS processing based on the PPPoE
Intermediate Agent or DHCP option82 message.
8. During the subscriber authentication for getting online, if finding the line parameters
reported by ANCP, the BRAS shall report these line parameters to the RADIUS server
when exchanging messages with the RADIUS server.
9. The RADIUS server exchanges the reported line parameters with the background OSS to
complete the business logic processing, and delivers the subscriber QoS policies (such as
using a new line profile) based on the subscriber information.
10. If the BRAS and the RADIUS server do not exchange messages, the BRAS directly delivers
the subscriber QoS policies (such as using a new line profile) based on the locally
configured policies and the parameters obtained by ANCP.
Figure 15-2 shows the process of modifying the line parameters during a subscriber service
update.
Figure 15-2 Process of modifying the line parameters during a subscriber service update
infoX SSS
3-Business logic
Portal Policy
server server
RADIUS server
2-Service
on demand 4-Change of
authorization
1-Subscriber logs in
(PPPoE/DHCP session)
PC
STB
TV Home BRAS
MA5606T VoD server
gateway
5-Line configuration
message
Phone
Softswitch
The process of modifying the line parameters during a subscriber service update is as follows:
1. An ANCP session is established between the MA5606T and the BRAS, and a subscriber
accesses the BRAS.
2. The subscriber orders the required service on the portal server.
3. The portal server and the policy server deliver the name of the required profile through the
COPS protocol, or the RADIUS server delivers the name of the required profile through
the RADIUS protocol.
4. The BRAS delivers the received profile name to the MA5606T through ANCP.
5. The MA5606T uses the new profile to activate the user port to implement the ordered
service.
RADIUS server
3-L2c OAM message
15.3 Reference
This topic describes the reference documents of ANCP.
The following lists the reference documents of ANCP:
16 MSTP
The Multiple Spanning Tree Protocol (MSTP) is compatible with STP and RSTP.
16.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of MSTP.
16.2 Principle
This topic describes the implementation principles of MSTP.
16.3 Reference
This topic describes the reference documents of MSTP.
16.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of MSTP.
Definition
The Spanning Tree Protocol (STP) applies to a loop network to realize path redundancy through
certain algorithms. STP also prunes a loop network into a loop-free tree network. This helps to
avoid proliferation and infinite loop of packets in the loop network.
The Rapid Spanning Tree Protocol (RSTP) is an improvement on STP. The rapidness of RSTP
relies on the greatly shortened delay for the designated port and the root port to turn into the
forwarding state in a certain condition. For details, see "Principles of RSTP" in "16.2
Principle." This helps to shorten the time for stabilizing the network topology.
The Multiple Spanning Tree Protocol (MSTP) is compatible with STP and RSTP.
Purpose
Although STP can prune a loop network into a loop-free network, it fails to transit fast. Even a
port in a point-to-point link or an edge port has to wait double Forward Delay time before it can
turn into the forwarding state.
RSTP features fast convergence; however, like STP, RSTP still has the following defects:
l All the bridges in a local area network (LAN) share a same spanning tree, and fail to block
redundant links by VLAN.
l The packets of all the VLANs are forwarded along the same spanning tree. Therefore, load
sharing of data traffic cannot be implemented between VLANs.
MSTP can remedy the defects of STP and RSTP. It not only realizes fast convergence, but also
enables traffic of different VLANs to be forwarded along their respective paths. This helps to
provide a better load sharing mechanism for redundant links.
MSTP sets VLAN mapping tables (relation tables between VLANs and spanning trees) to
associate VLANs and spanning trees. MSTP divides a switching network into multiple regions.
Each region contains multiple spanning trees, and each spanning tree is independent from any
other one.
MSTP prunes a loop network to a loop-free tree network to avoid proliferation and infinite loop
of packets in the loop network. It also provides multiple redundant paths for data forwarding to
realize load sharing of VLAN data during forwarding.
Specification
The MA5606T supports the following MSTP specifications:
l Loop protection
l ring check
Limitation
Due to difference in protocols, RSTP and MSTP shall comply with the following limitations
when cooperating to realize fast transition:
l The bridge running MSTP works as the upstream device.
l The bridge running RSTP works as the downstream device.
Otherwise, when the network topology changes, fast transition of a port cannot be realized.
Availability
l Hardware support
The control board supports the MSTP feature.
l License support
The MSTP feature is the basic feature of the MA5606T. Therefore, no license is required
for accessing the corresponding service.
16.2 Principle
This topic describes the implementation principles of MSTP.
Principles of STP
STP determines the topology of a network by transmitting a certain special message
(configuration message as defined in IEEE 802.1D) between bridges. A configuration message
contains sufficient information to enable the bridge to complete the calculation of the spanning
tree.
The following defines the designated port and the designated bridge:
l For a bridge (such as bridge A), the designated bridge is a bridge that is directly connected
to bridge A and forwards data packets to bridge A. The designated port is the port in the
designated bridge through which the data packets are forwarded to bridge A.
l For a LAN, the designated bridge is a bridge that forwards data packets to the LAN. The
designated port is the port in the designated bridge through which the data packets are
forwarded to the LAN.
Figure 16-1 shows a schematic drawing of the designated bridge and the designated port.
AP1 AP2
BP1 CP1
Switch C
Switch B
Priority: 1 Priority: 2
BP2 CP2
l AP1, AP2, BP1, BP2, CP1, and CP2 are ports in Switch A, Switch B, and Switch C
respectively.
l Switch A forwards data to Switch B through port AP1, and then the designated bridge of
Switch B is Switch A, and the designated port is port AP1 in Switch A.
l Switch B and Switch C are connected to the LAN. If Switch B forwards data packets to the
LAN, the designated bridge of the LAN is Switch B, and the designated port is port BP2
in Switch B.
1. In network initialization, all the bridges work as the root bridge of the spanning tree.
2. The designated port of a bridge takes the hello time as the interval for sending its
configuration messages. If the port that receives the configuration message is a root port,
the bridge increases the message age contained in the configuration message by degrees
and enables the timer to time the configuration message.
3. If a path fails, the root port on this path receives new configuration messages no longer,
and the old configuration messages are discarded due to timeout. This results in
recalculation of the spanning tree. A new path then is created to replace the faulty path and
recover the network connectivity.
The new configuration message upon the recalculation, however, will not immediately spread
throughout the entire network. In this case, the old root port and designated port that fail to
discover the topology change will forward their data along the old paths. If the selected root port
and designated port forwards data immediately, a temporary loop may be created.
Therefore, STP adopts a state transition mechanism. That is, the root port and the designated
port have to experience a transition state before they can re-forward data. The transition state
turns into the forwarding state upon Forward Delay. This delay guarantees that the new
configuration message has spread throughout the entire network.
Defects of STP
l In case of topology change or link failure, a port has to wait double Forward Delay time
before it can turn from the blocking state to the forwarding state. Therefore, in case of
topology change, double Forward Delay time (at least scores of seconds) is required to
restore the network connectivity.
l The entire bridged LAN uses a single spanning tree instance. Therefore, when the network
is large, a longer convergence time may be required or the topology changes frequently.
Principles of RSTP
RSTP is an improvement on STP. The rapidness of RSTP relies on the greatly shortened delay
for the designated port and the root port to turn into the forwarding state in a certain condition.
This helps to shorten the time for stabilizing the network topology.
In comparison with STP, RSTP improves in the following aspects:
l First improvement:
– The alternate port and backup port are set for rapid switching of the root port and
designated port.
– When the root port fails, the alternate port quickly switches to the new root port and
turns into the forwarding state without delay.
– When the designated port fails, the backup port quickly switches to the new designated
port and turns into the forwarding state without delay.
l Second improvement:
– In a point-to-point link connected with two switching ports, a designated port turns into
the forwarding state without delay after one handshake with the downstream bridge.
– In a shared link connected with at least three bridges, the downstream bridge does not
respond to the handshake request sent from the upstream designated port, and the
designated port has to wait double Forward Delay time before it turns into the
forwarding state.
l Third improvement:
– A port that is directly connected to a terminal and is not connected to any other bridge
is defined as an edge port. The edge port can directly turn into the forwarding state
without delay.
– Because a bridge does not know whether a port is directly connected to a terminal, the
edge port must be configured manually.
The bridges that adopt RSTP are compatible with the bridges which adopt STP. The bridges that
adopt RSTP can identify both STP and RSTP packets and apply them to calculation of the
spanning tree.
Defects of RSTP
Although RSTP features fast convergence, like STP, RSTP still has the following defects:
All the bridges in a LAN share a same spanning tree, and thus the packets of all the VLANs
cannot be forwarded equally. Furthermore, the packets of some VLANs cannot be forwarded.
Principles of MSTP
MSTP can remedy the defects of STP and RSTP. It not only realizes fast convergence, but also
enables traffic of different VLANs to be forwarded along their respective paths. This helps to
provide a better load sharing mechanism for redundant links.
MSTP sets VLAN mapping tables (relation tables between VLANs and spanning trees) to
associate VLANs and spanning trees. MSTP divides a switching network into multiple regions.
Each region contains multiple spanning trees, and each spanning tree is independent of any other
one.
Multiple spanning trees can run on each bridge to forward the packets of different VLANs.
MSTP divides the entire L2 network into multiple spanning tree (MST) regions. These regions
and the other bridges and LANs are connected into a single common spanning tree (CST).
Multiple spanning trees are created in a region through calculation. Each spanning tree is defined
as a multiple spanning tree instance (MSTI). MSTI 0 is defined as an internal spanning tree
(IST). MSTP connects all bridges and LANs with a single common and internal spanning tree
(CIST) which consists of the CST and the IST.
Like RSTP, MSTP calculates the spanning tree according to the configuration message. The
configuration message, however, contains the message of MSTP on the bridge.
l Calculation of CIST
– Select a bridge with the highest priority within the entire network as the CIST root by
comparing the configuration messages.
– In each MST region, MSTP creates an IST through calculation. Meanwhile, MSTP
regards each MST region as a single bridge, and then creates a CST between regions.
– The CST and the IST forms the CIST that connects all the bridges in a bridge network.
Select a bridge with the highest priority within the entire network as the CIST root by
comparing the configuration messages. In each MST region, MSTP creates an IST through
calculation. Meanwhile, MSTP regards each MST region as a single bridge, and then creates
CST between regions.
l Calculation of MSTI
In an MST region, MSTP creates different MSTIs for different VLANs according to the
mapping relation between the VLANs and the spanning tree instances. Each spanning tree
is calculated independently. The process is similar to that in which the RSTP calculates the
spanning tree.
MSTP is compatible with STP and RSTP. The bridges that adopt MSTP can identify both STP
and RSTP packets and apply them to calculation of the spanning tree.
Besides the basic functions of MSTP, the MA5606T provides some special functions, such as:
l BPDU protection
For an access device, the access port is generally connected to a terminal (such as a PC) or
file server. In this case, the access port is set to an edge port for the purpose of fast transition.
When receiving a configuration message (BPDU), the edge port switches to a non-edge
port automatically, the spanning tree is re-calculated and the topology changes accordingly.
In normal conditions, an edge port cannot receive STP configuration messages. If the bridge
is maliciously attacked by forged configuration messages, the network will be attacked.
The BPDU protection function can prevent such network attacks.
After the BPDU protection function is enabled on the MA5606T, if an edge port receives
a configuration message, the system shuts down the edge port, and notifies the network
management system of the related information. Only network administrators can enable
the port that is shut down.
It is recommended that you enable the BPDU protection function on the MA5606T which
is configured with an edge port.
l Root protection
A bridge maintains the states of the root port and other blocked ports by continuously
receiving BPDUs from the upstream bridge.
In case of link congestion or failure, these ports fail to receive BPDUs from the upstream
bridge. For this reason, the bridge will re-select its root bridge. The previous root bridge
switches to the designated port, and the blocked ports turn to the forwarding state. As a
result, loops are created in the switching network.
The loop protection function is a solution to this problem.
After receiving the BPDUs (excluding the TCN packets) again, a port under loop protection
normally processes the packets, selects the role, and resets the forwarding state of the port.
The port is not always in the blocked state.
When the loop protection function is enabled, if the root port switches to a non-root port,
it will turn into the discarding state, and the blocked ports will remain in the discarding
state. Therefore, no packets are forwarded, and no loop is created in the network.
NOTE
16.3 Reference
This topic describes the reference documents of MSTP.
17 Multicast
Multicast refers to the point-to-multipoint communication in which the multicast source sends
the information to a certain subset of all the network nodes.
17.1 Overview
Multicast refers to the point-to-multipoint communication in which the multicast source sends
the information to a certain subset of all the network nodes. This topic provides introduction to
this feature and describes the principles and reference documents of this feature.
17.2 IGMP Snooping
IGMP snooping is a type of multicast control mechanism that works in the data link layer. It is
used to manage and control multicast. This topic provides introduction to this feature and
describes the principles of this feature.
17.3 IGMP Proxy
IGMP proxy is a function by which in a tree topology, the MA5606T works as an IGMP proxy
to forward the multicast protocol packets, but does not establish routes for multicast forwarding.
This topic provides introduction to this feature and describes the principles of this feature.
17.4 Multicast VLAN Management
Multicast VLAN defines certain important contents of controllable multicast, such as multicast
programs and users. This topic provides introduction to this feature and describes the principles
of this feature.
17.5 Program Management
Program management indicates the management of program attributes, including the program
bandwidth and preview parameters. This topic provides introduction to this feature and describes
the principles of this feature.
17.6 User Management
User management indicates the configuration of valid multicast users, authentication of the users
when they log in, and CAC bandwidth checks. This topic provides introduction to this feature
and describes the principles of this feature.
17.1 Overview
Multicast refers to the point-to-multipoint communication in which the multicast source sends
the information to a certain subset of all the network nodes. This topic provides introduction to
this feature and describes the principles and reference documents of this feature.
17.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of multicast.
17.1.2 Principle
This topic describes the implementation principles of multicast.
17.1.3 Reference
This topic describes the reference documents of multicast.
17.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of multicast.
Definition
Multicast refers to the point-to-multipoint communication in which the multicast source sends
the information to a certain subset of all the network nodes.
Controllable multicast allows an access device to determine if a user has the authority to watch
programs by identifying the user request packets. In this way, the access device controls and
forwards the multicast services.
Purpose
The MA5606T provides the IPTV service by adopting the multicast technology.
By adopting controllable multicast, the access device manages and controls multicast users. This
helps to satisfy carriers' requirements for video services provisioning, and to enable the multicast
services to be operable and manageable.
The core of the multicast technology is duplication of the packets at the place nearest to the
receiver, thus lowering the multicast traffic on the network.
Specification
l IGMP V2/V3
l IGMP proxy
l IGMP snooping
l PIM-SSM forwarding
l Tree network
l MSTP ring network
Availability
l Hardware support
No additional hardware is required for supporting the multicast feature.
l License support
– The number of the multicast users supported by the MA5606T is under license.
Therefore, the license is required for accessing the corresponding service.
– The number of the multicast programs that can be ordered by the users of the
MA5606T is under license. Therefore, the license is required for accessing the
corresponding service.
– The MA5606T supports the license to control the number of multicast users or the
number of multicast programs at a time.
17.1.2 Principle
This topic describes the implementation principles of multicast.
Figure 17-1 shows a typical multicast application in a tree topology.
STB STB
Layer 2 forwarding is adopted for the multicast application on the access equipment. The
MA5606T forwards the multicast traffic based on VLAN + multicast MAC.
In a ring network, the device enabled with RSTP/MSTP realizes path redundancy using certain
algorithms, and dynamically prunes the ring network into a loop-free tree network.
17.1.3 Reference
This topic describes the reference documents of multicast.
The following lists the reference documents of multicast:
l TR101: Technical Report DSL Forum TR-101 Migration to Ethernet-Based DSL
Aggregation April 2006
l RFC 1112: Deering, S., "Host Extensions for IP Multicasting", STD 5, RFC 1112, August
1989
l RFC-2236: Fenner, W., "Internet Group Management Protocol, Version 2", RFC 2236,
November 1997
l RFC 3376: B. Cain., "Internet Group Management Protocol, Version 3 ", RFC
3376,October 2002
17.2.1 Introduction
This topic describes the definition, purpose, specification, and limitation of IGMP snooping.
17.2.2 Principle
This topic describes the implementation principles of IGMP snooping.
17.2.1 Introduction
This topic describes the definition, purpose, specification, and limitation of IGMP snooping.
Definition
IGMP snooping is a type of multicast control mechanism that works in the data link layer. It is
used to manage and control multicast groups and effectively restrains the spread of multicast
data in the L2 network.
Purpose
The MA5606T supports IGMP snooping feature to realize the multicast management in the L2
network, thus effectively restraining the spread of the multicast data in L2.
Specification
The MA5606T supports the following IGMP snooping specifications:
l IGMP V2/V3 snooping
IGMP V3 supports only the packets in Include mode according to TR101.
l IGMP snooping over IPoE
l IGMP snooping over PPPoE
l A querier that supports the general query and group-specific query mechanism
l SSM forwarding
l Tree and ring networks
l Snooping report proxy
l Snooping leave proxy
Limitation
The MA5606T has the following IGMP snooping limitations:
l To guarantee the transmission quality of the programs ordered by the users, and to prevent
unknown multicast programs from occupying the user line bandwidth, MA5606T shall
suppress the unknown multicast at the network end. By default, the unknown multicast is
suppressed.
l To satisfy the multicast leased line requirements, set the user port so that it allows the
unknown multicast traffic to pass.
17.2.2 Principle
This topic describes the implementation principles of IGMP snooping.
l Process for a multicast user to get online and offline
In IGMP snooping mode, the MA5606T switches the packets for joining and leaving a
multicast group to the upstream VLAN, and then forwards the packets to the multicast
router.
In IGMP snooping mode, the MA5606T acts as a querier. Upon receiving the query packets
from the multicast router, the MA5606T sends a query packet to the user. If there is no
response within the specified duration, the MA5606T deletes the local multicast forwarding
entry. Consequently, the multicast router deletes the forwarding entry from its own
database.
Upon receiving a user' s leave packet, the upper layer router sends a group-specific query
packet to the user. If there is no response from the user within a specified duration, the
router deletes the user from the multicast group.
l Snooping report proxy and leave proxy
When a user gets online and sends a request packet for joining a program, the MA5606T
switches the packet to multicast VLAN and then forwards it to the multicast router. The
subsequent request packets from the user for joining the program are not forwarded to the
multicast router.
When the user gets offline, the MA5606T forwards only the last leave packet to the
multicast router to tell it not to forward the related multicast traffic any longer.
If report proxy is enabled, the MA5606T responds to the query of the multicast router.
l IGMP snooping over PPPoE
If a PPPoE user needs to be authenticated by the BRAS and needs to receive multicast
traffic, the MA5606T must support IGMP snooping over PPPoE, which complies with the
definition of IGMP ECHO in TR101. The MA5606T forwards a PPPoE-encapsulated
IGMP packet to the BRAS, and also generates an IPoE IGMP packet and forwards the
packet to the multicast router.
17.3.1 Introduction
This topic describes the definition, purpose, and specification of IGMP proxy.
17.3.2 Principle
This topic describes the implementation principles of IGMP proxy.
17.3.1 Introduction
This topic describes the definition, purpose, and specification of IGMP proxy.
Definition
IGMP proxy is a function by which in a tree topology, the MA5606T works as an IGMP proxy
to forward the multicast protocol packets, but does not establish routes for multicast forwarding.
l For the multicast hosts, the access device serves as a multicast router to collect and maintain
the membership in the multicast group by:
– Receiving the join and leave packets from the hosts connecting with the downstream
port
– Checking regularly whether there is a member belonging to some multicast group on
the downstream port
l For the multicast router, the access device serves as a multicast host. It informs the multicast
router that it wants to join or leave a certain specific multicast group by sending the join or
leave packets.
Purpose
IGMP proxy enables the L2 device to support multicast service. In addition, it helps to decrease
the packets for joining and leaving a multicast group, thus lowering the multicast traffic at the
network side.
Specification
17.3.2 Principle
This topic describes the implementation principles of IGMP proxy.
1. When an IGMP user intends to order a video program, the user must send an IGMP request
to the IGMP proxy for joining the multicast group corresponding to the program.
2. Upon receiving the request, the MA5606T forwards the request packet to the multicast
router for applying for multicast traffic if the user is the first one to watch the program. If
the multicast traffic is being delivered, the MA5606T forwards the traffic directly to the
user.
3. The MA5606T sends group-general query packets to all online IGMP users at regular
intervals. If it fails to receive any response from a user within a certain period, it considers
that the user has left the multicast group, and deletes the user from the multicast group. If
the user is the last one in the group, the MA5606T sends leave packets to the multicast
router.
4. Meanwhile, when receiving a general query from the multicast router, the MA5606T
reports the current multicast state to the router.
17.4.1 Introduction
This topic describes the definition, purpose, specification, and limitation of multicast VLAN
management.
17.4.2 Principle
This topic describes the implementation principles of multicast VLAN management.
17.4.1 Introduction
This topic describes the definition, purpose, specification, and limitation of multicast VLAN
management.
Definition
Multicast VLAN defines some important contents of controllable multicast, such as multicast
programs and users.
Purpose
By leasing multicast VLANs to ISPs, customers can manage the ISPs.
Specification
The MA5606T supports the following multicast VLAN management specifications:
Limitation
Because the system permits transparent transmission of unknown multicast packets, and the
multicast address of unknown multicast may overlap with the address of the controllable
program, make sure that the user VLAN does not overlap with the multicast VLAN. Otherwise,
unknown multicast packets are forwarded based on the multicast forwarding table.
17.4.2 Principle
This topic describes the implementation principles of multicast VLAN management.
Working Mode
The multicast VLAN is mainly used to support networking of different ISPs. The working mode
of the multicast VLAN can be IGMP proxy or IGMP snooping.
In IGMP V3, the join packets can carry the programs which belong to different VLANs.
l If the VLAN works in IGMP proxy mode, the original packets of users are segmented and
sent from the corresponding multicast VLANs.
l If the VLAN works in IGMP snooping mode, make sure that multiple records in a report
packet do not match multicast VLANs in different snooping modes. Otherwise, the
forwarding of packets causes flooding of IGMP packets. The system processes the first
record in the IGMP packet or discards the packet.
IGMP Version
The IGMP version is configured for each VLAN. This guarantees compatibility of different
versions. The IGMP version of a multicast VLAN can be IGMP V2 or IGMP V3. By default, it
is IGMP V3.
l IGMP V3 is compatible with IGMP V2/V1, and IGMP V2 is compatible with IGMP V1,
Forward compatibility, however, is not supported.
– Based on the existing service applications, the MA5606T supports access of IGMP V3
terminals, and processes IGMP V2 packets, but does not support IGMP V1.
– For the IGMP V3 terminals, the IGMP V2 query packets are sent manually to enable
these terminals to work in IGMP V2 mode.
l IGMP V2: Only IGMPv2 is supported.
l Static programs
– For a multicast group which the users join through the IGMP requests, the program
table is searched based on the address of the multicast group and the source IP address
(for IGMP V3 only).
– In the case of matching, the multicast forwarding is permitted from the multicast VLAN
to the user port, and the upstream IGMP packets are also forwarded through the multicast
VLAN.
l Dynamic programs
– Based on the join requests, the multicast addresses are obtained to dynamically generate
programs.
– The dynamically generated programs do not provide the user-side and network-side
CAC bandwidth control, preview, and pre-join functions.
Multicast Users
According to the description in TR101, a multicast user can order the programs of a multicast
VLAN only when the user is a member of the multicast VLAN.
17.5.1 Introduction
This topic describes the definition, purpose, specification, and limitation of program
management.
17.5.2 Principle
This topic describes the implementation principles of program management.
17.5.1 Introduction
This topic describes the definition, purpose, specification, and limitation of program
management.
Definition
Program management indicates the management of program attributes, including the program
bandwidth and preview parameters.
Purpose
Program management is to set the attributes of a program.
Specification
The MA5606T supports the following program management specifications:
l Setting the preview parameters
l Up to 4K static programs
l The system supports up to 2K programs, and each multicast VLAN supports up to 4K
programs.
l Prejoin of a static program
l Setting the priority of a static program
l Setting the bandwidth of a static program
l Hierarchical multicast program management, that is, the bandwidth and the number of
concurrently available programs for the multicast users vary with their authorities.
Limitation
To preview a program, a multicast user must have the right to preview the program.
17.5.2 Principle
This topic describes the implementation principles of program management.
Preview
The program preview is to control the times, duration, and interval for a user to watch a program.
This allows the user to have basic knowledge about the program, but does not have the right to
watch the complete program.
A user with the preview authority can preview the program only for a fixed duration. When the
duration expires, the user gets offline. After the preview interval, the user can preview the
program again. The number of previews available for a user in a day cannot exceed the preset
number of previews.
Prejoin
The program prejoin feature enables the MA5606T to send request packets to the multicast router
for joining a multicast group if there is no online user. This helps in delivering the multicast
traffic to the MA5606T in advance, thus shortening the wait time for a user to order a program.
Priority
When forwarding multicast traffic, the MA5606T schedules the traffic on the user port according
to the specified priority. This guarantees the quality of the program.
Bandwidth
Both the connection admission control (CAC) at the user side and that at the network side are
based on the total bandwidth occupied by the online programs of a user or an upstream port. The
bandwidth determines whether a new program can be played. If the bandwidth occupied by the
online programs and that of a new program exceeds the specified CAC, the user cannot play the
new program.
17.6.1 Introduction
This topic describes the definition, purpose, and specification of user management.
17.6.2 Principle
This topic describes the implementation principles of user management.
17.6.1 Introduction
This topic describes the definition, purpose, and specification of user management.
Definition
User management indicates the configuration of valid multicast users, authentication of the users
when they log in, and CAC bandwidth checks.
Purpose
User management pertains to controlling and preventing illegal users from watching controlled
programs.
Specification
The MA5606T supports the following user management specifications:
l Each physical port on the xDSL service board supports eight multicast user.
l The IGMP bearer channel and the multicast service bearer channel of a multicast user can
be defined separately.
l Up to 2K authority profiles can be configured.
l The program authority can be any one of watch, preview, forbidden and idle.
l A multicast user can be bound with up to 512 authority profiles.
l CAC at the user side is supported.
l The fast leave feature is supported.
l A multicast user can watch up to 32 programs concurrently.
17.6.2 Principle
This topic describes the implementation principles of user management.
Multicast CAC
Multicast CAC means control of a user's ordering a program based on the bandwidth of a
subscriber line. When ordering a multicast program, a user knows the program bandwidth from
the MA5606T. The MA5606T checks whether the user bandwidth is sufficient for playing a new
program. If yes, the user can order the program. If no, the user fails to order the program.
Fast Leave
Fast leave indicates that the MA5606T deletes a user from a multicast group without any query
if it receives the IGMP leave packet.
Program Authority
The program authority is defined in an authority profile. You can control the authorities by
binding a user with different authority profiles.
The program authority can be forbidden, preview, watch, and idle in a descending order. The
system administrator is authorized to configure the authority.
18 Triple Play
Triple play is a service provisioning mode in which integrated services can be provided to a user.
Currently, the prevailing integrated services include the high-speed Internet access service, voice
over IP (VoIP) service, and IPTV service.
18.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of triple play.
18.1.2 Principle
This topic describes the implementation principles of triple play.
18.1.3 Reference
This topic describes the reference documents of triple play.
18.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of triple play.
Definition
Triple play is a service provisioning mode in which integrated services can be provided to a user.
Currently, the prevailing integrated services include the high-speed Internet access service, voice
over IP (VoIP) service, and IPTV service.
Purpose
The early broadband access provides only the high-speed Internet access service. As the Internet
is rapidly developing, it can offer much richer services, such as video (IPTV) services. The
development of multiple access modes such as ADSL2+ and VDSL2 access, and the
improvement of broadband access also lay a solid foundation for provisioning the video service.
Specification
The MA5606T supports the following triple play modes:
l Single-PVC for multiple services
l Multi-PVC for multiple services
Availability
l Hardware support
No additional hardware is required for supporting the triple play feature.
l License support
The triple play feature is the basic feature of the MA5606T. Therefore, no license is required
for accessing the corresponding service.
18.1.2 Principle
This topic describes the implementation principles of triple play.
The main concern of triple play is how to handle different priorities of different services in a
user port, and to reduce the mutual effect to the lowest level.
l VoIP service
Because the bandwidth and delay of the VoIP service are low, the priority of the VoIP
service is the highest among the triple play services.
NOTE
A high bit error ratio or packet loss ratio causes loss to video frames, thus affecting the program
quality.
l High-speed Internet access
Because common Internet access services, such as web browsing, require neither a strong
real-time performance nor a low packet loss ratio, the priority of the high-speed Internet
access service is the lowest among the triple play services.
NOTE
For the Internet access service, the retransmission mechanism is usually available to guarantee
transmission reliability. Therefore, the Internet access service does not require a low packet loss ratio
like the IPTV service.
To manage the three services in a port conveniently, the MA5606T supports three VLANs for
an upstream interface, one for the VoIP service, one for the IPTV service, and another for the
high-speed Internet access service.
NOTE
When the services are differentiated by Ethernet type (IPoE/PPPoE), the service data goes upstream through
only two different VLANs.
18.1.3 Reference
This topic describes the reference documents of triple play.
For standards and recommendations, see the section, "Standards Compliance" in the
MA5606T Product Description.
18.2.1 Introduction
This topic describes the definition, purpose, specification, and limitation of single-PVC for
multiple services.
18.2.2 Principle
This topic describes the implementation principles of single-PVC for multiple services.
18.2.1 Introduction
This topic describes the definition, purpose, specification, and limitation of single-PVC for
multiple services.
Definition
Single-PVC for multiple services is a triple play mode in which a single PVC is adopted for
carrying multiple services from the access device to each DSL user terminal.
Purpose
In the case of single-PVC for multiple services, the DSL user terminal can be easily maintained
because only one PVC is created, and the DSL user terminal does not have to support the binding
between the PVC and the Ethernet port.
Specification
The MA5606T supports the following specifications of single-PVC for multiple services:
l Services can be differentiated by Ethernet encapsulation mode (IPoE/PPPoE).
l Services can be differentiated by VLAN IDs carried in the packets from the DSL user
terminal.
l Services can be differentiated by 802.1p values carried in the packets from the DSL user
terminal.
l Services can be differentiated by 802.1p values of Ethernet frames + VLAN ID.
l Services can be differentiated by Ethernet encapsulation type (IPoE/PPPoE) + VLAN ID.
l Each DSL user port supports up to eight different services.
Limitation
At a time, one DSL port supports only one mode in which multiple services are differentiated.
18.2.2 Principle
This topic describes the implementation principles of single-PVC for multiple services.
The Internet access service, VoIP and IPTV services are carried by a single PVC to the user.
That is, each xDSL port is configured with only one PVC. At the network end, three VLANs
are created for the upstream interface to carry different types of services.
l Figure 18-1 shows the implementation principles of single-PVC for multiple services if
these services are differentiated by IPoE/PPPoE.
Figure 18-1 Single-PVC for multiple services which are differentiated by IPoE/PPPoE
DHCP Home
gateway MA5606T
Phone
ADSL ADSL0 Internet
DHCP GE/FE LAN
VLAN BRAS
Switch
STB 1PVC VoIP
VoIP VPN
PPPoE VLAN
Router
PC Home Video
Video
gateway VLAN VPN
DHCP Router
Phone
DHCP
STB 1PVC VoIP traffic
Video traffic
ADSLN Internet traffic
PPPoE
PC
– The home gateway is used for the DSL user terminal to integrate the three types of
services over a single PVC.
– In general, the PC for the high-speed Internet access adopts PPPoE. The set top box
(STB) for the IPTV service and the Phone for the VoIP service adopt IPoE. The home
gateway integrates the three types of services and sends the integrated services over a
single PVC to the MA5606T.
– According to the Ethernet encapsulation mode of the packets received, the MA5606T
divides the service traffic in the single PVC to two different types of service traffic. One
is the PPPoE service traffic and the other is the IPoE service traffic. Each type of service
traffic goes to the upstream direction over a different VLAN.
– For an MA5606T, all the PPPoE service traffic goes to the upstream direction over a
VLAN, and all the IPoE service traffic goes to the upstream direction over another
VLAN.
l Figure 18-2 shows the implementation principles of single-PVC for multiple services if
these services are differentiated by VLAN ID and 802.1p value carried in the packets from
the DSL user terminal.
Figure 18-2 Single-PVC for multiple services which are differentiated by VLAN IDs and
802.1p values
Home
DHCP gateway
MA5606T
Phone
ADSL ADSL0 Internet
GE/FE LAN BRAS
DHCP VLAN Switch
STB 1PVC VoIP
VoIP VPN
PPPoE VLAN
Router
PC Home Video
gateway VPN
DHCP Video Router
Phone VLAN
DHCP
STB 1PVC VoIP traffic
Video traffic
ADSLN Internet traffic
PPPoE
PC
– The home gateway adopts for the DSL user terminal to provide three Ethernet ports to
connect to the Phone for the VoIP service, the STB for the IPTV service, and the PC
for the high-speed Internet access. Each port is bound with a VLAN ID and a 802.1p
value (That is, the data flow from the port is labeled with this VLAN ID and 802.1p
value.) Then, the home gateway encapsulates the data flow into ATM cells, and sends
them over a single PVC to the MA5606T for processing.
– The MA5606T decapsulates the ATM cells into the data flow, and divides the data flow
into three data flows according to the VLAN IDs and the 802.1p values carried in the
data flow. Then, the MA5606T maps the three services to three different upstream
VLANs according to the VLAN IDs and the 802.1p values.
– To differentiate services by VLAN IDs and the 802.1p values, make sure that the three
VLANs from the DSL user terminal (home gateway) of each MA5606T are different.
18.3.1 Introduction
This topic describes the definition, purpose, and specification of multi-PVC for multiple
services.
18.3.2 Principle
This topic describes the implementation principles of multi-PVC for multiple services.
18.3.1 Introduction
This topic describes the definition, purpose, and specification of multi-PVC for multiple
services.
Definition
Multi-PVC for multiple services is a triple play mode in which multiple PVCs are adopted for
carrying multiple services from the access device to each DSL user terminal.
Purpose
This triple play mode is compatible with the existing operations, administration and maintenance
(OAM) system.
Specification
The MA5606T supports the following specifications of multi-PVC for multiple services:
l Each xDSL port supports up to eight PVCs.
l Each service board supports up to 512 PVCs.
18.3.2 Principle
This topic describes the implementation principles of multi-PVC for multiple services.
The Internet access services, VoIP and IPTV services are carried by different PVCs to the user.
That is, each xDSL port is configured with at least three PVCs. At the network end, three VLANs
are created for the upstream interface to carry different types of services.
Figure 18-3 shows the implementation principles of multi-PVC for multiple services.
DHCP/
PPPoE
STB 3PVC
ADSLN VoIP traffic
Video traffic
PPPoE Internet traffic
PC
l The home gateway must be adopted for the DSL user terminal to provide three Ethernet
ports to connect to the Ephone for the VoIP service, the STB for the IPTV service, and the
PC for the high-speed Internet access.
l Each Ethernet port is bound with a PVC (That is, the data flow from the port is labeled with
the VPI/VCI of this PVC). Then, the home gateway sends the data flow from this port to
the MA5606T over the PVC for processing.
l After receiving the packets from the PVC, the MA5606T converts them into the data flow,
labels the data flow with a certain service VLAN, and then sends the labeled data flow to
the upper layer device.
Ethernet link aggregation refers to aggregation of multiple Ethernet ports together to form a port
to provide higher bandwidth and link security.
19.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of Ethernet
link aggregation.
19.2 Principle
This topic describes the implementation principles of the Ethernet link aggregation feature.
19.3 Reference
This topic describes the reference documents of Ethernet link aggregation.
19.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of Ethernet
link aggregation.
Definition
Ethernet link aggregation refers to aggregation of multiple Ethernet ports together to form a port
to provide higher bandwidth and link security.
The Link Aggregation Control Protocol (LACP) based on IEEE802.3ad is a protocol for
realizing link aggregation. Using LACP, the Ethernet ports of different devices can be
automatically aggregated without interventions from the user, and the link layer failure of the
ports can be detected to implement link aggregation control.
IEEE 802.3ad is a standard related to Ethernet link aggregation. According to the configuration
modes, link aggregation is classified into the following types:
l Manual link aggregation
l Static link aggregation
l Dynamic link aggregation
Purpose
In manual link aggregation mode, because LACP is not used, the devices at both ends of a link
do not thoroughly negotiate the aggregation with each other. In this case, they fail to control the
aggregation accurately and effectively. In fact, they determine whether an aggregation is
performed according to the states (down and up) of the physical ports.
For example, if a user mistakenly connects a link to two ports on different devices, or two ports
in the same device which cannot be aggregated, the system cannot detect this action. In addition,
manual link aggregation works only in load sharing mode, and the applications of the manual
link aggregation are restricted.
Dynamic link aggregation features automatic link aggregation without manual intervention,
which adds the plug-and-play function to a device. In actual applications, however, this
aggregation mode is too flexible to help users use this mode conveniently. For example, because
the link aggregation group is created by a device dynamically, the LAG ID may change if the
device restarts. As a result, the managing of devices becomes difficult.
Static link aggregation has the advantages of both manual link aggregation and dynamic link
aggregation. Therefore, this mode has the following features:
l Easy use and management
l Accurate and effective link control
The LAG and its member ports are manually managed. That is, a user controls the creation and
deletion of a LAG, as well as member ports' entry into or exit from the LAG. The device neither
automatically performs these tasks nor modifies the configuration data of the user.
However, in a static LAG, the member ports may be in two states: selected and standby. A
selected port is an operating port which carries traffic. On the contrary, a standby port carries
no traffic. Therefore, not all the member ports in the static LAG work at the same time, and the
selected and standby states vary with the device operation and the change of external
environment. Therefore, static dynamic aggregation can be either load sharing aggregation or
non-load sharing aggregation.
The features as described herein are related to implementation of static link aggregation through
LACP.
Specification
Limitation
The Ethernet link aggregation of the MA5606T has the following limitations:
l Only the ports of the same type (including port type, operating mode, and rate) can be
aggregated together to form a LAG.
l Dynamic link aggregation is not supported.
Availability
l Hardware support
The control board (MCUA) of the MA5606T supports Ethernet link aggregation.
l License support
The Ethernet link aggregation feature is the basic feature of the MA5606T. Therefore, no
license is required for accessing the corresponding service.MA5606T
19.2 Principle
This topic describes the implementation principles of the Ethernet link aggregation feature.
This topic describes how to activate, modify, and deactivate manual link aggregation.
Figure 19-1 shows manual link aggregation involving two ports in the control board.
Switch
Aggregation
MA5606T
MPW MCU
Two upstream ports of the MA5606T are aggregated together to form a LAG. The peer switch
adds the two ports connected to the two aggregated ports into the LAG.
If the two ports of the MA5606T are in the normal state, the traffic between the MA5606T and
the switch is shared by the two links according to the source MAC address or the combination
of the source MAC address and the destination MAC address.
However, if a port of the MA5606T fails or the corresponding link fails, the control board of the
MA5606T will not distribute traffic to the faulty port.
Switch
LACP
Aggregation
MA5606T
MPW MCU
If a member port in the LAG is in the selected state, the traffic is distributed to this port. If the
port is in the standby state, the traffic is not distributed to this port.
The selected and standby states are the states of the aggregation ports maintained at LACP
protocol layer, not the physical states of the ports. If the physical states of the ports change, the
states of the ports at the LACP protocol layer also change. For example, if an aggregation port
fails, the state of the port at the LACP protocol layer will changes to the standby state.
Not only the state change of the physical port, but also the exchange of LACPDUs can result in
a change in the state of the port at the LACP protocol layer. For example, when a port receives
a LACPDU from the peer end, its state may change.
Therefore, LACP can improve the link aggregation security by checking:
l The change in the states of the physical ports
l Board failure
l Port forwarding failure
l The change in the states of the aggregation port at the peer end
LACP also supports such mechanisms as system priority, port priority, and short or long period.
l System priority
In LACP, the system priority is used for controlling the master/slave relation of the
connected devices. The slave device must select the selected port according to the
selection result of the master device. Otherwise, the two devices cannot communicate
with each other.
l Port priority
Port priority is used for selecting the master port and the slave port.
l Timeout
To guarantee the LACP check sensitivity, IEEE 802.3ad defines two timeouts: short
timeout and long timeout. The two timeout values can be adjusted. A device cannot use
the short timeout to exchange information with the peer device unless the peer device
notifies the device of using the short timeout. Otherwise, the device always uses the
long timeout to exchange and transmit information.
The MA5606T supports the following timeout values:
19.3 Reference
This topic describes the reference documents of Ethernet link aggregation.
The following lists the reference documents of Ethernet link aggregation:
l IEEE 802.3ad Link Aggregation
20 System Security
20.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of system security.
20.1.2 Principle
The topic describes the operating principles of system security.
20.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of system security.
Definition
The MA5606T supports security settings to prevent attacks initiated by the network to the
MA5606T itself and users in the network. The MA5606T supports the following security
features:
l Anti-Denial of Service (DoS) attack
l Anti-ICMP/IP attack
l Source route filtering
l MAC address filtering
l Firewall black list
l Firewall
l Configuration of acceptable/refused address segments
Purpose
Figure 20-1 shows the system security application model of the MA5606T.
Carrier's network
RG
Network device
MA5606T
Broadband user
Remote user
This topic describes how the MA5606T protects itself from attacks initiated by a broadband
user. Some features (such as the firewall feature) of the MA5606T can also prevent a remote
user from attacking the system.
In addition, the MA5606T protects the network equipment from attacks. This helps guarantee
the security of the carrier's network.
Specification
Availability
l Hardware support
No additional hardware is required for supporting the system security feature.
l License support
The system security feature is the basic feature of the MA5606T. Therefore, no license is
required for accessing the corresponding service.
20.1.2 Principle
The topic describes the operating principles of system security.
l Anti-DoS attack
The MA5606T detects and controls the number of packets sent from a user to the CPU
of the main control board. This avoids attacks on the CPU caused by an excessively
large number of packets.
l Anti-ICMP/IP attack
The MA5606T identifies and discards the ICMP/IP packets with their destination IP
addresses the same as the IP address of the MA5606T.
l Source route filtering
The MA5606T identifies and discards the IP packets with specified source route options.
The MA5606T identifies and discards the packets with the specified source MAC/
DMAC (Destination MAC) addresses.
l Firewall black list
The MA5606T filters the service packets with the source IP addresses in the firewall
black list.
l Firewall
The MA5606T filters data packets based on the ACL rule. This prevents unauthorized
users from accessing the MA5606T.
l Configuration of acceptable/refused address segments
The MA5606T checks if the IP address of a login user is in the acceptable address
segments. This prevents users of unauthorized address segments from accessing the
MA5606T.
20.2.1 Introduction
This topic describes the definition, purpose, specification, and limitation of anti-DoS attack.
20.2.2 Principle
This topic describes the implementation principles of the anti-DoS attack feature.
20.2.1 Introduction
This topic describes the definition, purpose, specification, and limitation of anti-DoS attack.
Definition
Anti-DoS attack means defensive measures taken by the MA5606T to control and limit the
number of control packets from a user.
A DoS attack occurs when users send an excessively large number of control packets purposely
to the system to overload it.
Purpose
A DoS attack:
l Endangers the normal operation of the access system
l Prevents the system from receiving normal service requests from the legal users.
l Suspends the system
To protect the MA5606T, you can enable the MA5606T to limit the number of control packets
from a user. In this way, the MA5606T discards excessive control packets.
For a user initiating DoS attacks, the MA5606T adds the user to the DoS attack black list and
stops receiving control packets from the user.
For a user in the black list, the administrator can force the user to get offline.
Specification
The MA5606T supports the following anti-DoS attack specifications:
l Anti-DoS attacks in the form of various control packets such as:
– PPPoE discovery packets
– DHCP packets
– ARP packets
– ICMP packets
– IGMP packets
– PPP LCP packets
– BPDU packets
l Up to 256 users in a DoS attack black list of DoS attack
l Report of an alarm when a DoS attack occurs or when it ends
Limitation
For the OPFA board, the MA5606T detects if a DoS attack occurs by checking the physical port.
20.2.2 Principle
This topic describes the implementation principles of the anti-DoS attack feature.
The MA5606T prevents DoS attacks in the following ways:
l The MA5606T maintains a black list of DoS attackers. For the users in the DoS attack black
list, the administrator can force the user to get offline by deactivating the corresponding
port or by other methods.
l With the anti-DoS attack switch enabled, the MA5606T detects if a DoS attack occurs and
ends in this way:
– The MA5606T detects the packets from a user port to the control module. If the number
of packets exceeds the average number of control packets for normal services, the
MA5606T confirms that a DoS attack occurs.
– When a DoS attack occurs from a user port, the MA5606T adds the port to the DoS
attack black list, and discards the protocol packets from the port.
– When the MA5606T detects that the user stops DoS attacks, the MA5606T deletes the
port from the DoS attack black list, and allows transmission of the packets to the control
module.
20.3.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of MAC
address filtering.
20.3.2 Principle
This topic describes the implementation principles of the MAC address filtering feature.
20.3.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of MAC
address filtering.
Definition
MAC address filtering is a system security mechanism by which the MA5606T checks the source
or destination MAC address of user packets. The source or destination MAC address cannot be
either the well-known MAC address or the MAC address of network equipment.
Purpose
MAC address filtering is used to specify the source or destination MAC addresses not allowed
for user packets. This is to prevent users from forging the MAC address of network equipment
to attack the carrier's network.
Specification
The MA5606T supports filtering of four addresses or MAC address segments.
Limitation
The MAC address filtering and anti-MAC spoofing feature can be enabled at the same time. If
both are enabled, the feature of MAC address filtering has a higher priority.
Availability
l Hardware support
No additional hardware is required for supporting the MAC address filtering feature.
l License support
The MAC address filtering feature is the basic feature of the MA5606T. Therefore, no
license is required for accessing the corresponding service.
20.3.2 Principle
This topic describes the implementation principles of the MAC address filtering feature.
The principle for implementing the MAC address filtering feature is as follows:
l To prevent a user from forging a MAC address of the network equipment, set the MAC
address as the one to be filtered.
l When the user packets travel in the upstream direction, the MA5606T checks their source
MAC address. If the source MAC address is the same as the MAC address configured at
the network end, the MA5606T discards these user packets.
20.4.1 Introduction
This topic describes the definition, purpose, specification, and limitation of the firewall black
list.
20.4.2 Principle
This topic describes the implementation principles of the firewall black list feature.
20.4.1 Introduction
This topic describes the definition, purpose, specification, and limitation of the firewall black
list.
Definition
A firewall black list is an IP address list. The system filters the service packets whose source IP
address is in the firewall black list. This enhances system security and network security.
Purpose
Firewall black list is used to specify malicious users for preventing attacks on the MA5606T.
Specification
The MA5606T supports the following firewall black list specifications:
l Up to 2000 IP addresses can be manually configured in the firewall black list.
l When configuring the firewall black list, you can specify the aging time of an IP address.
The duration is in the range of 1-1000 minutes. If the aging time is not specified, the IP
address does not age.
Limitation
An ACL rule is applicable when the firewall black list feature is enabled. In this case, the ACL
rule has a higher priority.
20.4.2 Principle
This topic describes the implementation principles of the firewall black list feature.
The principle for implementing the firewall black list feature is as follows:
l For the packets with the source IP address specified in the firewall black list, the
MA5606T discards the packets.
l For the packets that match a specified ACL rule, if the rule allows the packets to pass
through, the MA5606T transmits the packets upstream even if the IP address is in the
firewall black list. If the rule forbids the packets to pass through, the MA5606T discards
the packets.
20.5 Firewall
The firewall feature enables the MA5606T to filter data packets based on an ACL rule. This
prevents unauthorized users from accessing the MA5606T. This topic provides introduction to
this feature and describes the principles of this feature.
20.5.1 Introduction
This topic describes the definition, purpose, specification, and limitation of firewall.
20.5.2 Principle
This topic describes the implementation principles of the firewall feature.
20.5.1 Introduction
This topic describes the definition, purpose, specification, and limitation of firewall.
Definition
The firewall feature enables the MA5606T to filter data packets based on an ACL rule. This
prevents unauthorized users from accessing the MA5606T.
Purpose
An unauthorized users might access an MA5606T through its maintenance network port
(outband) or service channel (inband) to configure the MA5606T illegally. This affects the
operation of the MA5606T and the carrier's network.
By setting the firewall, only authorized users can maintain the MA5606T through its
maintenance network port (outband) or service channel (inband).
Specification
The MA5606T supports the following firewall specifications:
l The firewall feature can be enabled on the maintenance network port and every VLAN
interface.
l ACL rules used for filtering ingress and egress data packets can be configured respectively.
Limitation
The MA5606T firewall has the following limitations:
l The firewall feature enables the MA5606T to filter data packets based on ACL rules,
provided that the rules exist. If the rules do not exist, the MA5606T transmits or discards
the packets according to the default rule.
l The ACL rules applying to the firewall must be a basic ACL rule or an advance ACL rule.
20.5.2 Principle
This topic describes the implementation principles of the firewall feature.
The principle for implementing the firewall feature is as follows:
1. If the firewall feature is enabled, when a user logs in to the MA5606T through its
maintenance network port or a service channel, the MA5606T judges whether the user is
allowed to access the system according to the configured ACL rules. If the user packets do
not match the ACL rules, the MA5606T discards the packets.
2. An ACL rule specifies a group of IP addresses, protocol types, or ports allowed or forbidden
to access the system.
21 User Security
User security is a mechanism which guarantees the security of operation users and access users.
21.1 PITP
The Policy Information Transfer Protocol (PITP) is a protocol for transferring the policy
information between the access equipment and the BRAS in an L2 P2P communication mode.
PITP is used to transfer the information on a user's access location. This topic provides
introduction to this feature and describes the principles and reference documents of this feature.
21.2 DHCP option82
DHCP option82 is similar to PPPoE+ as a user security mechanism. The information on a user's
access location is added into the DHCP request packets initiated by a user for user authentication.
This topic provides introduction to this feature and describes the principles and reference
documents of this feature.
21.3 DHCP Sub-Option90
DHCP Sub-Option90 cooperates with DHCP Option82. You can enable DHCP sub-Option90
only when DHCP Option82 is enabled. This topic provides introduction to this feature and
describes the availability, principle, implementation, and reference of this feature.
21.4 RAIO
In the case that PTIP and DHCP option82 are enabled, RAIO refers to the information on a user's
access location provided by the MA5606T in the VBAS response packet, PPPoE discovery
packet and DHCP option82 packet for the BRAS to authenticate a user. This topic provides
introduction to this feature and describes the principles and reference documents of this feature.
21.5 IP Address Binding
IP address binding indicates the binding between an IP address and a service port. The
MA5606T allows only the upstream packets with the source address the same as the one bound
to pass through. This topic provides introduction to this feature and describes the principles and
reference documents of this feature.
21.6 MAC Address Binding
MAC address binding indicates the binding between a MAC address and a service port. Thus,
only the packets with the specified MAC address can be transmitted over the network. This topic
provides introduction to this feature and describes the principles and reference documents of
this feature.
21.7 VMAC
Virtual MAC (VMAC) is the source MAC address allocated by the access device. In transmission
of the user packets, the access device replaces the source MAC address of the user packets with
the VMAC address. This topic provides introduction to this feature and describes the principles
and reference documents of this feature.
21.8 SMAC
The SMAC feature, also known as the PPPoE single-MAC, is one of the security features
supported by the MA5606T. This topic provides the definition, principles, and reference of the
SMAC feature.
21.9 Anti-MAC Spoofing
Anti-MAC spoofing attack means the system takes measures to prevent a user from attacking
the system using a forged MAC address. This topic provides introduction to this feature and
describes the principles and reference documents of this feature.
21.10 Anti-IP Spoofing
Anti-IP spoofing attack is a user security mechanism in which the system takes measures to
prevent a user from attacking the system using a forged IP address. This topic provides
introduction to this feature and describes the principles and reference documents of this feature.
21.1 PITP
The Policy Information Transfer Protocol (PITP) is a protocol for transferring the policy
information between the access equipment and the BRAS in an L2 P2P communication mode.
PITP is used to transfer the information on a user's access location. This topic provides
introduction to this feature and describes the principles and reference documents of this feature.
21.1.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of PITP.
21.1.2 Principle
This topic describes the implementation principles of the PITP feature.
21.1.3 Reference
This topic describes the reference documents of PITP.
21.1.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of PITP.
Definition
The Policy Information Transfer Protocol (PITP) is a protocol for transferring the policy
information between the access equipment and the BRAS in an L2 P2P communication mode.
PITP is used to transfer the information on a user's access location. PITP, namely, Relay Agent
Information Option (RAIO), involves:
l PPPoE+ mode (P mode for short)
In this mode, the MA5606T adds a user's port information to the PPPoE Discovery packet
for the BRAS to authenticate the user.
l Virtual Broadband Access Server (VBAS) mode (V mode for short)
In this mode, the BRAS initiates the query of a user's port information from the
MA5606T.
Purpose
For the MA5606T, PITP provides the upper layer authentication server (such as BRAS) with
the information about the ports of users. After the BRAS obtains the port information, it
authenticates the binding of the user account with the access port to avoid theft and roaming of
user accounts.
Specification
PITP takes effect only when it is enabled in all the following levels:
l Global level
l Port level
l Service port level
Limitation
The MA5606T PITP has the following limitations:
l Only one PITP mode can be enabled at a time.
l The V mode protocol type cannot be the standard Ethernet protocol type.
l The V mode Ethernet protocol type cannot be configured in PITP V mode. To modify the
default VBAS protocol type, disable V mode first.
Availability
l Hardware support
No additional hardware is required for supporting the PITP feature.
l License support
The PITP feature is the basic feature of the MA5606T. Therefore, no license is required
for accessing the corresponding service.
21.1.2 Principle
This topic describes the implementation principles of the PITP feature.
Implementation of V Mode
Figure 21-1 shows the PPPoE dialup process in PITP V mode.
1 PADI
Discovery
2 PADO
3 PADR
4 PADS
7 LCP negotiation
Session
8 Authentication
packet 9 Request packet
with user port
information
10 Access
accepted packet
11 Authentication
pass packet
12 Data transmission
After the PITP V mode is enabled, the PPPoE dialup process is as follows: (The words in blue
in the above figure also describe this process.)
1. After the PPPoE discovery stage, the BRAS sends VBAS request packets to the
MA5606T for the physical location of the user.
2. After receiving the request packets, the MA5606T searches the user's access location
information (shelf/slot/port number) according to the MAC address and VLAN information
contained in the request packets.
3. If finding the information, the MA5606T adds it to the VBAS response packets and then
sends the packets to the BRAS. If not, the MA5606T does not respond.
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# | Version | Reserve |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# | Session ID |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# | Src Addr |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# | Dst Addr |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+- +- +- +- +- +
The Ethernet protocol type of a VBAS packet is configurable. By default, it is 0x8200. Table
21-1 lists the meaning of each field in a VBAS packet.
Field Meaning
Trans Info Type Two bytes. It is 1 for both request and response packets. It
indicates the type of physical port information. This field will
be extended with other information later.
Session ID Four bytes. This field is filled by the BRAS and it must be
consistent in a request packet and in the associated response
packet.
Addr Len Length of the hardware address. 1 byte. It is 6 for both request
and response packets.
Info Len One byte. It is 4 for both request and response packets.
Field Meaning
Dst Vlan Two bytes. This field is the same as the source VLAN ID in a
request packet.
Implementation of P Mode
1 PADI PADI+Tag
Discovery
2 PADO PADO+Tag
3 PADR PADR+Tag
4 PADS PADS+Tag
5 LCP negotiation
6 Authentication
packet 7 Request packet
with user port
information
Session
10 Access
accepted packet
9 Authentication
pass packet
10 Data transmission
In PITP P mode, the MA5606T adds the information on a user's access location into PPPoE
discovery packets for user authentication at the upper layer server.
The difference of PPPoE dialup between the case that P mode is enabled and that P mode is
disabled lies in (The words in blue in the above figure also describe this process.):
l At the PPPoE discovery stage, the PPPoE packets sent between the MA5606T and the
BRAS contain the information on a user's access location. The MA5606T receives the
PPPoE packets from a user and adds the access location information into the packets. After
that, it forwards the packets to the BRAS. Upon receiving the PPPoE packets containing
the access location information from the BRAS, the MA5606T extracts the information
and then forwards the packets to the user.
NOTE
Note that the packets from the BRAS do not necessarily contain the information on a user's access
location.
l If the PPPoE user needs to be authenticated on the RADIUS server, the BRAS extracts the
access location information from the PPPoE packets from the MA5606T and then adds the
information into the authentication request packets for authentication.
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LENGTH | PAYLOAD ~
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| TAG_TYPE | TAG_LENGTH |
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| TAG_VALUE ... ~
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
VER It is 1.
TYPE It is 1.
CODE This field indicates the packet type at the PPPoE discovery
stage. The correlation between this field and the packet type
is as follows:
l PADI: 0x09
l PADO: 0x07
l PADR: 0x19
l PADS: 0x65
l PADT: 0xa7
Figure 21-6 shows the format of the vendor tag (PPPoE+ tag) specified by the forum.
The MA5606T supports the vendor tags in different formats. For details, see the section "21.4
RAIO."
21.1.3 Reference
This topic describes the reference documents of PITP.
21.2.1 Introduction
This topic describes the definition, purpose, specification, and availability of DHCP option82.
21.2.2 Principle
This topic describes the implementation principles of the DHCP option82 feature.
21.2.3 Reference
This topic describes the reference documents of DHCP option82.
21.2.1 Introduction
This topic describes the definition, purpose, specification, and availability of DHCP option82.
Definition
DHCP option82 is similar to PPPoE+ as a user security mechanism. The information on a user's
access location is added into the DHCP request packets initiated by a user for user authentication.
Purpose
DHCP option82 enables the DHCP request packets to carry the information on a user's access
location for user authentication.
Specification
DHCP option82 takes effect only when it is enabled at all the following levels:
l Global level
l Port level
l Service port level
Availability
l Hardware support
No additional hardware is required for supporting the DHCP Option82 feature.
l License support
The DHCP Option82 feature is an optional feature of the MA5606T. Therefore, the license
is required for accessing the corresponding service.
21.2.2 Principle
This topic describes the implementation principles of the DHCP option82 feature.
Principle
Figure 21-7 shows the DHCP process when DHCP option82 is enabled.
Offer(+Option82)
Offer
Request
Request+Option82
ACK(+Option82)
ACK
Data transmission
Release
The principle of DHCP option82 is similar to that of PPPoE+. The difference lies in that when
a user requests for configuration, the MA5606T adds the information on the user's access location
into the DHCP request packets from the user for authentication at the upper layer.
For DHCP option82, you need to concern only about the option field in a DHCP packet, which
is detailed in this topic.
This field length is changeable. This field contains the following initial configurations for
terminals and network configurations:
l IP features
l Domain name
l Specific information for identifying a terminal
l IP address of the default gateway
l IP address of the default gateway
l IP address of the WINS server
l A user's valid lease term for an IP address
Table 21-3 lists the meanings of each field in a DHCP option82 packet.
Field Meaning
Code One byte. This field is in the CLV format, used to uniquely
identify the following information.
Agent Information Field This field indicates the information in bytes. The length is
specified by the length field.
option82 contains multiple sub options, which are contained in the value filed of option82.
This sub option is used to identify the local circuit identifier of DHCP proxy for receiving
DHCP packets from a user. This field might contain router interface No. and ATM PVC
No. The identifier is 1.
l Remote ID (RID)
This sub option is used to identify the remote host of a circuit. This field might contain the
ATM address of a remote incoming and the modem ID. The identifier is 2.
The MA5606T supports option82 in different formats. For details, see the section "21.4
RAIO."
21.2.3 Reference
This topic describes the reference documents of DHCP option82.
21.3.1 Introduction
This topic describes the definition, purpose, specification, limitations, glossary, and also
acronyms and abbreviations related to the DHCP Sub-Option90 feature.
Definition
DHCP Sub-Option90 cooperates with DHCP Option82. You can enable DHCP sub-Option90
only when DHCP Option82 is enabled. Fill the DHCP request packet initialized by the user with
the port mode, single-PVC multi-VLAN type, and user encapsulation type, to cooperate user
authentication of the upper layer server.
Purpose
In the DHCP request packet, carry the service port mode, single-PVC multi-VLAN type and
user encapsulation type.
Specifications
DHCP Sub-Option90 is a global switch. The system adds the Sub-Option90 information to the
upstream DHCP packet only when DHCP Option82 and DHCP Sub-Option90 are enabled.
Glossary
None
21.3.2 Principles
This topic describes the operating principles of the DHCP Sub-Option90.
Basic Principles
Figure 21-10 shows the DHCP process when the DHCP Sub-Option90 is enabled.
Offer (+Option90)
Offer
Request
Request + Option90
ACK (+Option90)
ACK
Data transmission
Release
The DHCP Sub-Option90 is valid only when the DHCP Option82 is enabled. When the user
applies the DHCP Sub-Option90 configuration, the Sub-Option90 information is added in the
DHCP packet that is sent from the user side to the upper layer server for authentication. Other
configuration process is the same as common DHCP process.
+ --------------------
+ -----------------+ ----------------+ ----------------+ ---------------------
+
Table 21-4 shows the details of each field in the DHCP Sut-Option90 packet.
Field Description
DataLink It indicates that the port mode is ATM or Ethernet. When the
port type is ATM, this field is 0. When the port type is Ethernet,
this field is 1.
NOTE
21.3.3 Reference
This topic describes the reference documents of the DHCP sub-option90 feature.
21.4 RAIO
In the case that PTIP and DHCP option82 are enabled, RAIO refers to the information on a user's
access location provided by the MA5606T in the VBAS response packet, PPPoE discovery
packet and DHCP option82 packet for the BRAS to authenticate a user. This topic provides
introduction to this feature and describes the principles and reference documents of this feature.
21.4.1 Introduction
This topic describes the definition, purpose, specification, and availability of RAIO.
21.4.2 Principle
This topic describes the implementation principles of the RAIO feature.
21.4.3 Reference
This topic describes the reference documents of RAIO.
21.4.1 Introduction
This topic describes the definition, purpose, specification, and availability of RAIO.
Definition
In the case that PTIP and DHCP option82 are enabled, RAIO refers to the information on a user's
access location provided by the MA5606T in the VBAS response packet, PPPoE discovery
packet and DHCP option82 packet for the BRAS to authenticate a user.
Purpose
RAIO indicates the access location of a user, which is provided by the MA5606T to the BRAS,
and based on which the BRAS authenticates the user.
Specification
RAIO contains the PITP tag and DHCP option82 tag. Because RAIO has not standardized yet,
the formats required by different carriers vary. Hence, multiple RAIO modes are provided to
meet different carriers' needs.
l user-defined
l ft
Availability
l Hardware support
No additional hardware is required for supporting the RAIO feature.
l License support
The RAIO feature is the basic feature of the MA5606T. Therefore, no license is required
for accessing the corresponding service.
21.4.2 Principle
This topic describes the implementation principles of the RAIO feature.
The following describes the RAIO modes, and the fields of each mode.
Common
l CID: In general, this field is used to identify the attributes of a device (global information).
The format varies with the access mode. Table 21-5 shows the CID formats in various
access modes.
ATM port Device name atm shelf No./slot No./sub slot No./port No.:
vpi.vci
VDSL/LAN access Device name eth shelf No./Slot No./Sub Slot No./Port No.:
User's VLAN ID
– If the device name field is the default name MA5606T, the MAC address of the
MA5606T is entered in this field. The format is 00E0FC000001 in upper case.
– If the device name is not MA5606T, the actual name of the device is used to fill the
device name field.
l RID: In general, this field is used to identify the access information of a user (local
information). The format can be customized. For the MA5606T, this field is null, which
means the RID sub option contains only the Code and Len fields.
The following is an example of RAIO field in common mode:
l CID --------> 00E0FC112233 atm 0/12/0/49:0.35
l RID --------> NULL
In this mode, this field for upstream/downstream ADSL activation rate is added at the end of
the CID default format. Currently, only the ADSL2+ board supports this mode.
Port-userlabel
In this mode, the CID field carries a customized description of a user's access location, besides
the description contained in common mode. The RID field also needs to carry the customized
description (Label), the length of which is up to 32 bytes.
Service-port-userlabel
The CID field supports ATM/ETH/xPON access. The RID field carries the information on a
user's flow.
Dslforum-default
It is the default mode specified by the DSL forum. CID supports ATM/ETH/xPON access. The
RID field is null.
Table 21-7 lists the RAIO fields in dslforum-default mode.
User-defined
This mode allows a user to specify the format of the CID/RID string. The following describes
the syntax of user-defined mode.
l Only the resolution of keyword sets and separator sets that have been defined in the
MA5606T is supported. The keyword sets involve the minimum sets of keywords defined
by TR-101 and the IAS extended keyword sets. For details, see Table 21-8.
l Maximum width
The maximum number of columns occupied by the pertaining data of a keyword. Note
that the maximum width defined in the MA5606T is greater than that specified by the
recommendations. This is because certain manufacturers require more width. The name
of an access node, namely ANID, has a maximum width of 50 bytes, which is limited
by the maximum length of the system name.
l Configurable width
The maximum number of columns occupied by the pertaining data of a keyword can
be configured. This applies to the case that the number of columns occupied does not
reach the configured width and 0 is added in front of the keyword. The syntax is keyword
0m. m indicates the number of columns occupied. For example, slot03 indicates this
field length of keyword slot is 3. If the length does not reach 3, add 0. In this way, if
the slot number is 2, it is represented by 002 in a packet.
Note that m must be lower than the maximum width. If the number of columns occupied
by the data is greater than m, output the actual number of columns.
l If a user defines the RAIO format based on the CID, the format string must contain the
name of the access node, namely, the ANID.
l The keyword of interface type is used to identify the type of different interfaces.
l The format string is not allowed to contain the keywords applicable to different types of
interfaces. For example, the string cannot contain keywords VPI or Gemport concurrently,
or Eth or VCI concurrently.
l If the interface type is not specified, the pertaining CID/RID field of the interface is null.
l The separators indicate the pertaining symbols when a user input the RAIO string. The
symbols are added to the CID/RID field. Table 21-9 shows the RAIO separators defined
in the MA5606T.
Separator Symbol
. Period "."
: Colon ":"
- Hyphen "-"
l Other rules
– A string of 1-127 characters; lower case.
– The CID string must contain the ANID.
– The ANID must be in front of the keyword of interface type.
– All separators in front of the keyword ANID contained in the CID string, and the RAIO
separators (if any) of the system name represented by ANID, and the one separator after
ANID serve as the basis for downstream packets to identify ANID.
Assume that:
l System name: DSLAM01
l Slot No.: 3
l Port No.: 15
l VPI: 0
l VCI: 35
l Priority: 6
21.4.3 Reference
This topic describes the reference documents of RAIO.
to pass through. This topic provides introduction to this feature and describes the principles and
reference documents of this feature.
21.5.1 Introduction
This topic describes the definition, purpose, specification, and availability of IP address binding.
21.5.2 Principle
This topic describes the implementation principles of the IP address binding feature.
21.5.1 Introduction
This topic describes the definition, purpose, specification, and availability of IP address binding.
Definition
IP address binding indicates the binding between an IP address and a service port. The
MA5606T allows only the upstream packets with the source address the same as the one bound
to pass through.
Purpose
The IP address binding feature guarantees the authentication security and carriers' profits.
Specification
The MA5606T supports the following IP address binding specifications:
Static binding. The system supports binding of up to 1024 traffic streams. Each traffic stream
can be bound with 1-8 IP addresses.
Availability
l Hardware support
No additional hardware is required for supporting the IP address binding feature.
l License support
The IP address binding feature is the basic feature of the MA5606T. Therefore, no license
is required for accessing the corresponding service.
21.5.2 Principle
This topic describes the implementation principles of the IP address binding feature.
After a service port is bound with an IP address, the service forwarding module checks the source
IP address of user packets. If the address is not the same as that bound with the port, the
MA5606T discards the packets. Otherwise, the MA5606T allows the packets to pass through.
21.6.1 Introduction
This topic describes the definition, purpose, specification, and availability of MAC address
binding.
21.6.2 Principle
This topic describes the implementation principles of the MAC address binding feature.
21.6.1 Introduction
This topic describes the definition, purpose, specification, and availability of MAC address
binding.
Definition
MAC address binding indicates the binding between a MAC address and a service port. Thus,
only the packets with the specified MAC address can be transmitted over the network.
Purpose
The MAC address binding feature can effectively avoid illegal access.
Specification
The MA5606T supports the following MAC address binding specifications:
Static binding. The system supports binding of up to 1024 static MAC addresses. The number
of MAC addresses that can be bound with a traffic stream is not limited.
Availability
l Hardware support
No additional hardware is required for supporting the MAC address binding feature.
l License support
The MAC address binding feature is the basic feature of the MA5606T. Therefore, no
license is required for accessing the corresponding service.
21.6.2 Principle
This topic describes the implementation principles of the MAC address binding feature.
To realize the binding between a MAC address and a service port, do as follows:
l Set the maximum number of MAC addresses that can be learned by a service port to 0.
l Set the static MAC address of the service port.
In this way, the service forwarding module does not learn the MAC address of the user packets.
In addition, if the MAC address is not the same as any of the static MAC address configured for
the service port, the MA5606T discards the packets.
Hence, only the packets with the specified MAC address can pass through the service port.
21.7 VMAC
Virtual MAC (VMAC) is the source MAC address allocated by the access device. In transmission
of the user packets, the access device replaces the source MAC address of the user packets with
the VMAC address. This topic provides introduction to this feature and describes the principles
and reference documents of this feature.
21.7.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of VMAC.
21.7.2 Principle
This topic describes the implementation principles of the VMAC feature.
21.7.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of VMAC.
Definition
VMAC is the source MAC address allocated by the access device. In transmissions of the user
packets, the access device replaces the source MAC address of the user packets with the VMAC
address. In the upstream direction, the user source MAC address is replaced with the VMAC
address for transmissions in the network. In the downstream direction, the VMAC address is
replaced with the user source MAC address.
1:1 VMAC is a mechanism in which a user source MAC address is replaced with a VMAC
address allocated by the device.
VMAC is used to prevent user source MAC address spoofing, network-side BRAS MAC address
spoofing, and user source MAC address conflict.
Purpose
To protect the system and the carrier's network, VMAC can be enabled for the PPPoE and DHCP
access users. On the MA5606T, the user-side MAC address is replaced with a VMAC address
in the MAC address pool. In this way, the unreliable MAC addresses cannot access the carrier's
network, and the user-side MAC address conflict can be avoided.
In addition, a VMAC address can carry the information on a user port to identify the user port.
Specification
The system allocates up to 32 VMAC addresses for each physical port.
Limitation
Except that the DSLAM ID must be configured, other information related to the format of a
VMAC address is automatically generated. Figure 21-12 shows the format of a VMAC address.
Reserve DSLAM ID
1 0
1 1 0
Availability
l Hardware support
All the broadband access service boards support the VMAC feature.
l License support
The VMAC feature is an optional feature of the MA5606T. Therefore, the license is
required for accessing the corresponding service.
21.7.2 Principle
This topic describes the implementation principles of the VMAC feature.
In a current IP access network based on the L2 Ethernet forwarding, because the MA5606T is
mainly based on the L2 forwarding, unreliable user-side MAC address results in MAC address
spoofing, which affects the normal provisioning of the user service.
To solve this problem, the MA5606T provides the VMAC function to prevent MAC address
spoofing and to support the query of the information on the user port and the lines.
1. The mapping relation is established between MAC U and MAC X. The service board learns
the source MAC address of the upstream packets, and then selects MAC X from the 32
VMAC addresses allocated to the port to replace the source MAC address in the upstream
packets, and establishes the mapping relation between MAC U and MAC X.
2. The service board learns the user-side source MAC address.
3. MAC X ages periodically. In case of aging, the relation between MAC U and MAC X is
cancelled.
4. The MA5606T learns source MAC X of the upstream packets.
5. The MA5606T forwards the packets based on VLAN+DMAC of the downstream streams,
where DMAC is MAC X. If a DMAC address is a broadcast MAC address, the packets are
broadcast within the VLAN.
6. The service board forwards the packets based on VLAN+DMAC, where DMAC is MAC
X. When the packets are forwarded to the user port, MAC X is replaced with MAC U. If
a DMAC address is a broadcast MAC address, the packets are broadcast within the VLAN.
21.8 SMAC
The SMAC feature, also known as the PPPoE single-MAC, is one of the security features
supported by the MA5606T. This topic provides the definition, principles, and reference of the
SMAC feature.
21.8.1 Introduction
This topic provides the definition, purpose, specifications, limitation, and availability of the
SMAC feature.
21.8.2 Principles
This topic describes the working principles of the SMAC feature.
21.8.3 Reference
This topic provides the reference documents of the SMAC feature.
21.8.1 Introduction
This topic provides the definition, purpose, specifications, limitation, and availability of the
SMAC feature.
Definition
The SMAC feature, also known as the PPPoE single-MAC, is one of the security features
supported by the MA5606T.
Purpose
To reduce the number of MAC addresses at the convergence layer, thus lowering the
requirements for the MAC address entries of the convergence-network devices, you can enable
the SMAC function. SMAC can prevent insecure actions, such as the forwarding of the
convergence network caused by forged MAC addresses of subscribers.
Specifications
The MA5606T supports the following SMAC specifications:
l Globally setting and querying the single-MAC allocation mode of the PPPoE subscriber
l Globally setting and querying the single-MAC allocation mode of the PPPoA subscriber
l Creating and deleting the entry of the PPPoE single-MAC online subscriber
l Setting and querying the MAC address of the board
l Querying and clearing the statistics of the PPPoE single-MAC subscriber packets
l Setting and querying the number of single-MAC sessions for an xDSL port
l Setting and querying the number of single-MAC sessions for a GPON traffic stream
l Co-existence of PPPoE single-MAC, PPPoA single-MAC, and PPPoE+
Limitation
l PPPoE single-MAC and anti MAC spoofing are mutually exclusive. If they are enabled at
the same time, PPPoE single-MAC takes precedence over anti MAC spoofing.
l If you change the MAC address allocation mode when there are online PPPoE subscribers,
the subscribers will get offline.
Availability
l Hardware Support
The xDSL, OPFA, and GPON service boards support this feature.
The ETHA/ETHB board does not support this feature.
l License Support
SMAC is a basic feature of the MA5606T. Therefore, no license is required for accessing
the corresponding service.
21.8.2 Principles
This topic describes the working principles of the SMAC feature.
The SMAC feature is a security solution put forth by Huawei.
The SMAC system architecture supports the following two independent application models:
l PPPoA single-MAC service model
l PPPoE single-MAC service model
LCP negotiation
PPPoE PADI
IP DSLAM caches LCP packet
and assigns a MAC address for PPPoE PADO
the PPPoA connection from
the pre-configured PPPoE PADR
MAC pool.
PPPoE PADS
IP DSLAM sends cached
Session ID setup
LCP packet through
the PPPoE tunnel. PPP LCP over PPPoE
Terminal and BRAS set up PPP link through the PPPoE tunnel.
Data Data
PPP PPP
AAL5/1483B PPPoE
ATM PVC Ethernet
Session ID setup
1. After you set the MAC address allocation mode to the single-MAC mode, the PPPoE
sessions of all the boards globally adopt the MAC address of the board as the source MAC
address.
2. At the PPPoE discovery stage, the PPPoE packets exchanged between the MA5606T and
the BRAS contain the Relay-Session-ID of the subscriber. After receiving a PPPoE packet
from the subscriber, the MA5606T replaces the source MAC address of the packet with
the single-MAC address of the board, inserts the Relay-Session-ID of the subscriber into
the packet, and then forwards the packet to the BRAS. The Relay-Session-ID is mainly the
index of the subscriber on the host.
3. After receiving the PPPoE packet containing the Relay-Session-ID of the subscriber from
the BRAS, the MA5606T analyzes the Relay-Session-ID, replaces the source MAC address
of the PPPoE packet with the MAC address of the PPPoE subscriber, and then forwards
the packet to the subscriber.
4. When the PPPoE discovery stage is terminated, the MA5606T generates the SMAC
hardware forwarding entry. In the follow-up operations, the MA5606T forwards the service
data according to the Session-ID of each PPPoE session.
5. At the PPPoE discovery stage, if the subscriber packet carries the subscriber Relay-Session-
ID, the PPPoE response packet sent by the BRAS needs to carry the subscriber Relay-
Session-ID.
21.8.3 Reference
This topic provides the reference documents of the SMAC feature.
21.9.1 Introduction
This topic describes the definition, purpose, specification, and availability of anti-MAC
spoofing.
21.9.2 Principle
This topic describes the implementation principles of the anti-MAC spoofing feature.
21.9.1 Introduction
This topic describes the definition, purpose, specification, and availability of anti-MAC
spoofing.
Definition
MAC spoofing attack means that a user forges a valid MAC address to attack a system.
If the forged MAC address is the MAC address of a valid user, the attack affects services of the
user.
If the forged MAC address is the MAC address of a system, or a large number of forged packets
of different MAC addresses are sent to the system, the attack might affect the system operation.
The system might even get down due to the attack.
Anti-MAC spoofing attack means the system takes measures to prevent a user from attacking
the system using a forged MAC address.
Purpose
To guarantee the system security and carriers' network security, the MA5606T prevents the MAC
spoofing attack in the following ways:
l For PPPoE and DHCP access users, the MA5606T disables the dynamic MAC address
learning feature, and allows only the packets of trusty MAC addresses to pass through a
port. This avoids a large number of packets of suspect MAC addresses from entering
carriers' networks.
l The MA5606T can detect and forbid a malicious user to forge the MAC address of an online
valid user. This guarantees that the services provisioned to all the valid users are not
affected.
Specification
The MA5606T supports the following anti-MAC spoofing specifications:
Dynamic binding. The system supports binding of up to 8K dynamic MAC addresses:
l The system can be bound with up to 8K traffic streams.
l Each traffic stream can be bound with up to eight MAC addresses.
l If each traffic stream is bound with eight MAC addresses, then the system can be bound
with up to 1024 traffic streams.
l Disable the MAC address learning function.
Availability
l Hardware support
All the broadband access service boards support the anti-MAC spoofing feature.
l License support
The anti-MAC spoofing feature is the basic feature of the MA5606T. Therefore, no license
is required for accessing the corresponding service.
21.9.2 Principle
This topic describes the implementation principles of the anti-MAC spoofing feature.
1. With the anti-MAC spoofing switch enabled, the MA5606T binds the user account with
the user's MAC address according the PPPoE packets received.
2. The MA5606T discards the data packets sent before the binding.
3. If the source MAC address contained in the data packets is the same as the one bound, the
MA5606T transmits the packets in the upstream direction, or else the MA5606T discards
the packets.
4. When the user gets offline, the MA5606T cancel the binding between the user account and
the MAC address.
21.10.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of anti-IP
spoofing.
21.10.2 Principle
This topic describes the implementation principles of the anti-IP spoofing feature.
21.10.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of anti-IP
spoofing.
Definition
IP spoofing attack means that a user forges a valid IP address to attack a system.
Anti-IP spoofing attack means the system takes measures to prevent a user from attacking the
system using a forged IP address.
Purpose
To guarantee the system security and carriers' network security, the MA5606T needs to prevent
the IP spoofing attack.
For DHCP access users, the MA5606T enables the feature of anti-IP spoofing, and allows only
the packets of trusty IP addresses allocated by the DHCP server to pass through a port. This
avoids the packets of forged or suspect IP addresses from entering carriers' networks.
Specification
The MA5606T supports the following anti-IP spoofing specifications:
Dynamic binding.
Limitation
Do not manually configure the binding between the user account and the IP address for a DHCP
user. The anti-IP spoofing feature allows the MA5606T to control the packets from the user.
For a user with a static IP address, the static IP address needs to be bound manually. In this way,
the MA5606T can control the IP address over the network.
Availability
l Hardware support
No additional hardware is required for supporting the anti-IP spoofing feature.
l License support
The anti-IP spoofing feature is the basic feature of the MA5606T. Therefore, no license is
required for accessing the corresponding service.
21.10.2 Principle
This topic describes the implementation principles of the anti-IP spoofing feature.
The MA5606T realizes the anti-IP address spoofing in the following way:
1. With the anti-IP spoofing switch enabled, the MA5606T binds the user account with the
user's IP address according the DHCP packets received to generate the IP binding list.
2. The MA5606T discards the data packets sent before the binding.
3. If the source IP address contained in the data packets is the same as the one bound, the
MA5606T transmits the packets in the upstream direction, or else the MA5606T discards
the packets.
4. The system filters the IP packets based on the IP binding list. Meanwhile, the system filters
the user ARP packets.
l If the IP packets with a certain source IP address are allowed to pass, the ARP packets
with the same source IP address are also allowed to pass.
l If the IP packets with a certain source IP address cannot pass, neither can the ARP
packets with the same source IP address pass.
5. When the user gets offline, the MA5606T cancel the binding between the user account and
the IP address.
A subtended network configuration is a configuration in which the MA5606T series devices are
subtended in several tiers through the FE/GE ports.
22.1 Introduction
This topic describes the definition, purpose, specification, limitations, glossary, and also
acronyms and abbreviations related to a subtended network configuration.
22.2 Principle
This topic describes the operating principles of a subtended network configuration.
22.3 Reference
This topic describes the reference documents of a subtended network configuration.
22.1 Introduction
This topic describes the definition, purpose, specification, limitations, glossary, and also
acronyms and abbreviations related to a subtended network configuration.
Definition
A subtended network configuration is a configuration in which the MA5606T series devices are
subtended in several tiers through the FE/GE ports.
Purpose
Subtended network configurations make the networking of the MA5606Ts more flexible, thus
saving the upstream optical fiber resources of the access point. The remote subtended network
configurations save the convergence equipment resource, simplify the networking, and facilities
the service configuration.
Specification
l The subtending ports of the MA5606T are provided by the MCUC board.
l Each MCUC board provides GE/FE/GPON optical port as the upstream ports or subtending
ports.
l It is recommended that up to seven nodes can be included in an RSTP/MSTP subtended
network.
Glossary
Table 22-1 lists the glossary of technical terms related to a subtended network configuration.
Glossary Definition
22.2 Principle
This topic describes the operating principles of a subtended network configuration.
22.3 Reference
This topic describes the reference documents of a subtended network configuration.
The following lists the reference documents of a subtended network configuration:
l IEEE 802.1w Rapid Spanning Tree
23 Ethernet OAM
Operations, administration and maintenance (OAM) means a tool for monitoring and diagnosing
network faults.
23.1.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of Ethernet
CFM OAM.
23.1.2 Principle
This topic describes the implementation principles of Ethernet CFM OAM.
23.1.3 Reference
This topic describes the reference documents of Ethernet CFM OAM.
23.1.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of Ethernet
CFM OAM.
Definition
In a broad sense, operations, OAM means a tool for monitoring and diagnosing network faults.
Ethernet OAM is defined as Connectivity Fault Management in IEEE 802.1ag to provide an
end-to-end fault detection and diagnosis solution.
Purpose
Ethernet is a widely used local area network technology because of its rich bandwidth, low cost,
convenience for plug-and-play, and support of multipoint operations.
As the Ethernet technology is gradually developing from carriers' networks to metropolitan area
networks (MANs) and wide area networks (WANs), the network management and maintenance
are increasingly important. Currently, however, Ethernet has no carrier-class management
capability, and thus fails to detect the L2 network faults.
Ethernet OAM provides an end-to-end fault detection solution to monitor, diagnose, and
troubleshoot the Ethernet.
Specification
The MA5606T supports the following Ethernet OAM specifications:
l Up to three maintenance domains (MDs)
l Up to 48 maintenance associations (MAs)
l Up to 48 MAs in an MD
l Support of a maintenance end point (MEP) and up to six remote maintenance end points
(RMEPs) by each MA
l LB and CC functions for a user-side CVLAN
l Transparent transmission of ETH OAM CFM packets from the user side to the network
side
Limitation
Availability
l Hardware support
The control board (MCUA) supports the Ethernet CFM OAM feature.
l License support
The Ethernet CFM OAM feature is an optional feature of the MA5606T. Therefore, the
license is required for accessing the corresponding service.
23.1.2 Principle
This topic describes the implementation principles of Ethernet CFM OAM.
NOTE
The MEP refers to the port in the MA5606T herein unless otherwise specified.
Ethernet CFM
Ethernet CFM includes connectivity check, loopback detection, and linktrace (LT).
To connect two MA5606Ts, configure the two MA5606Ts in the same MA (MA 0) of the same
MD (MD 0), and configure MA5606T-1 (MEP ID: 300) and MA5606T-2 (MEP ID: 5606) as
two MEPs. After Ethernet OAM is enabled, all MEPs initiatively send connectivity check
messages at intervals and receive the connectivity check messages from other MEPs.
Connectivity Check
The network connectivity is monitored through the connectivity check messages transmitted at
intervals to a multicast domain. The process is as follows:
As shown in Figure 23-1, if link 1 fails, MEP 5606 will fail to receive any connectivity check
message from MEP 300 within a certain period of time. In this case, MEP 5606 reports a message
loss alarm. In this way, the users of MA5606T-2 can know the connectivity with other networks
(such as the network in which MA5606T-1 is located).
A loop message is sent from an MEP to a specified MIP or MEP to help locate the fault. The
MIP or MEP ahead of the fault location can respond to the loopback message, but the MIP or
MEP after the fault location fails to respond to the loopback message. In this way, the fault is
located accurately.
An LT message is used for checking the MIP path between two MEPs. All the MIPs in a link
respond to the MEP that initiates an LT message, and forward the LT message until the message
reaches the destination MIP/MEP.
If the destination point is an MEP, each MIP in an MA responds to the source MEP. Through
the received response, the source MEP knows the MAC addresses and locations of all the MIPs
as well as the link where the fault has occurred.
Figure 23-3 shows the LT.
Figure 23-3 LT
MIP-1
MEP 300
MIP-0 MIP-2 MEP 5606
LT message
LT response
23.1.3 Reference
This topic describes the reference documents of Ethernet CFM OAM.
The following lists the reference documents of Ethernet CFM OAM:
l IEEE P802.1ag/D6.0, Connectivity Fault Management
23.2.1 Introduction
This topic describes the definition, purpose, specification, and availability of Ethernet EFM
OAM.
23.2.2 Principle
This topic describes the implementation principles of the Ethernet EFM OAM feature.
23.2.3 Reference
This topic describes the reference documents of Ethernet EFM OAM.
23.2.1 Introduction
This topic describes the definition, purpose, specification, and availability of Ethernet EFM
OAM.
Definition
OAM provides the capability for the network administrators to monitor the network health
conditions and to locate the faulty links and the faults.
Ethernet of First Mile (EFM) OAM is defined in IEEE 802.3ah Clause 57 by the IEEE EFM
Workgroup. It is an important part of Ethernet OAM. Ethernet EFM OAM provides a mechanism
for monitoring links, such as remote defect indication (RDI) and remote loopback control. It is
a mechanism at the datalink layer, as a complement of the higher layer applications.
Purpose
The MA5606T supports EFM OAM to obtain the alarm information such as RDI from the
Ethernet terminals and supports the exchange of the OAM Packet Data Units (OAMPDUs) to
obtain the information about the terminal device vendors.
Specification
The MA5606T supports the following Ethernet EFM OAM specifications:
l The MA5606T supports transmission, reception, and processing of Information
OAMPDUs to perform the OAM discovery and obtain the information about the terminal
device vendors.
l The MA5606T supports resolution of the received Event Notification OAMPDUs.
l The MA5606T supports remote loopback and the multiplexer state machine.
l The MA5606T supports transparent transmission of 802.3ah OAMPDUs from the user side
to the network side when the BPDU transparent transmission function is enabled.
Availability
l Hardware support
The OPFA, VDSA/VDTF, VDRD, VDMF and VDNF supports the Ethernet EFM OAM
feature.
l License support
The Ethernet EFM OAM feature is an optional feature of the MA5606T. Therefore, the
license is required for accessing the corresponding service.
23.2.2 Principle
This topic describes the implementation principles of the Ethernet EFM OAM feature.
Figure 23-4 shows the networking of an Ethernet EFM OAM application.
Ethernet link
ONU
OLT
Similar to the LACP packets, the EFM OAM packets are exchanged between two neighboring
entities on a link, and are not forwarded out of the link.
OAMPDUs
In addition to the RDI, remote loopback, and link detection functions, EFM OAM is also a
discovery mechanism, namely, an extended mechanism to the higher layer applications. The
earlier mentioned functions are implemented by the exchange of the following types of
OAMPDUs between two neighboring entities on an Ethernet link.
l Information OAMPDUs: They are used to transmit the OAM status information to the
remote end, including the OAM capability, Multiplexer and Parser status of the local end,
and whether the local end meets the OAM status requirement of the remote end. The OAM
capability herein refers to:
– Whether the unidirectional transmission is supported because this capability directly
determines whether RDI is supported.
– Whether the response to the variable request is supported. That is, whether the query of
the local end information is supported.
– Whether remote loopback is supported. That is, whether the local end changes to the
loopback state based on the setting on the remote end.
– Whether the link resolution event is supported. That is, whether the link events from
the remote end can be processed.
Information PDUs also include the Organizationally Unique Identifier (OUI) field, and the
Vendor Specific Information field, through which the vendor information of the remote
end is obtained.
l Event Notification OAMPDUs: They are used to notify the remote end of specific events,
such as how many errored frames are received in a certain period and what is the threshold
of the errored frames.
l Variable Request OAMPDUs: They are used to query one or more MIB variables to the
remote end, such as the number of correctly received or transmitted frames.
l Variable Response OAMPDUs: They are used to return one or more MIB variables to the
remote end after the Variable Request OAMPDUs are received.
l Loopback Control OAMPDUs: They are used to control the loopback state of the remote
end. When the remote end is in the loopback state, the data frames received by the remote
end are looped back to the local end, except OAMPDUs.
23.2.3 Reference
This topic describes the reference documents of Ethernet EFM OAM.
The following lists the reference documents of Ethernet EFM OAM:
l IEEE 802.3ah: Operations, Administration, and Maintenance (OAM)
24 VoIP
The VoIP service is a solution in which the voice compression technology is adopted and the
voice service is transmitted over the IP network.
24.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of VoIP.
24.1.2 Reference
This topic describes the reference documents of VoIP.
24.1.1 Introduction
This topic describes the definition, purpose, specification, and availability of VoIP.
Definition
The voice over IP (VoIP) service is a solution in which the voice compression technology is
adopted and the voice service is transmitted over the IP network.
l PC to PC
The target users are teenagers.
l PC to phone
The target users are middle-aged and young people (such as international students) who
are sensitive to the communication prices.
l Phone to phone
The target users are traditional POTS users. The voice service is provided by the carrier
through the NGN softswitch network.
The description herein is based on the VoIP service in phone to phone mode.
Purpose
The voice service that is processed by the voice compression technology and transmitted over
the IP network can save the bandwidth resource and reduce the costs.
Specification
The MA5606T supports the following VoIP specifications:
– The fault of the DSP resources on a subscriber board does not affect users on other
boards.
l Table 24-1 lists the supported services.
Availability
l Hardware support
The VoIP forwarding logic subboard (FLBA) is required for supporting the VoIP feature.
l License support
The ACL feature is an optional feature of the MA5606T. Therefore, the license is required
for accessing the corresponding service.
24.1.2 Reference
This topic describes the reference documents of VoIP.
The following lists the reference documents of VoIP:
l ITU-T.H.248 Annex M2: Media Gateway resource congestion handling package
l ITU-T.H.248 Annex M4: H.248 packages for H.323 and H.324 interworking
l RFC3435: Media Gateway Control Protocol (MGCP) Version 1_0
l RFC3660: Basic Media Gateway Control Protocol (MGCP) Packages
l RFC3661: Media Gateway Control Protocol (MGCP) Return Code Usage
l IETF RFC 3261: Session Initiation Protocol
l TISNPAN TS 183 043: TISPAN NGN IMS-based PSTN/ISDN Emulation Call Control
Protocols Stage 3
24.2.1 Introduction
This topic describes the definition, purpose, and specification of VoIP based on the H.248
protocol.
24.2.2 Principle
This topic describes the implementation principles of VoIP based on the H.248 protocol.
24.2.1 Introduction
This topic describes the definition, purpose, and specification of VoIP based on the H.248
protocol.
Definition
H.248 is a gateway control protocol. The media gateway controller (MGC, namely, the
softswitch) controls the media gateways (MGs) through the H.248 protocol so that various media
can communicate with each other. The ITU-T issued the first standard H.248: Version 1 of the
H.248 protocol in June, 2006.
H.248-based VoIP feature refers to the interconnection inside the IP network through H.248,
which provides the VoIP service.
Compared with the Media Gateway Control Protocol (MGCP), the H.248 protocol has the
following advantages:
l The H.248 protocol supports more types of access technologies.
l The H.248 protocol overcomes the description shortcomings of the MGCP protocol, and
supports the larger-scale network applications. Moreover, the H.248 protocol is more
flexible because the protocol can be easily expanded.
l The MGCP messages are borne on only the User Datagram Protocol (UDP), but the H.248
messages can be borne by various protocols, such as UDP, TCP, and the Simple Control
Transmission Protocol (SCTP).
24.2.2 Principle
This topic describes the implementation principles of VoIP based on the H.248 protocol.
Figure 24-1 shows the principle of the VoIP feature based on the H.248 protocol.
Figure 24-1 Principle of the VoIP feature based on the H.248 protocol
Softswitch (MGC)
H.248 H.248
MA5606T-0 MA5606T-1
Call
RTP Stream
Context
A0 A1
24.3.1 Introduction
This topic describes the definition, purpose, and specification of VoIP based on the MGCP
protocol.
24.3.2 Principle
This topic describes the implementation principles of VoIP based on the MGCP protocol.
24.3.1 Introduction
This topic describes the definition, purpose, and specification of VoIP based on the MGCP
protocol.
Definition
The MGCP protocol formulated by the IETF defines a call control structure in which call control
and service bearing are separated. The call control function is independent of the gateway, and
is processed by the MGC.
Therefore, essentially the MGCP protocol is a master/slave protocol. That is, the MG establishes
various service connections under control of the MGC.
24.3.2 Principle
This topic describes the implementation principles of VoIP based on the MGCP protocol.
Figure 24-2 shows the principle of the VoIP feature based on the MGCP protocol.
Figure 24-2 Principle of the VoIP feature based on the MGCP protocol
Softswitch (MGC)
MGCP MGCP
MA5606T-0 MA5606T-1
Call
RTP Stream
Context
EP0 EP1
1. MA5606T-0 detects that user EP0 picks up the telephone, and then reports the off-hook
event to the softswitch through the Notify command.
2. After receiving the off-hook event, the softswitch sends the digitmap to MA5606T-0,
requires MA5606T-0 to play the dial tone for user EP0, and then detects the number
receiving.
3. When user EP0 dials a number, MA5606T-0 receives the number according to the digitmap
delivered by the softswitch, and reports the matching results to the softswitch.
4. The softswitch sends the CRCX command to the MA5606T-0 for establishing a connection
on the EP0 port.
5. MA5606T-0 distributes source for the connection, and responds to the softswitch. The
session description in the response provides the information on the grouping requirement
from the peer end, such as the IP address or the UDP port number.
6. The softswitch sends the CRCX command to the MA5606T-1 for establishing a connection
on the EP1 port.
7. MA5606T-1 distributes source for the connection, and responds to the softswitch. The
session description in the response provides the information on the grouping requirement
from the peer end, such as the IP address or the UDP port number.
8. MA5606T-1 detects that user EP1 picks up the telephone, and then sends the Notify
message to the softswitch. The softswitch runs the MDCX command to stop the ring-back
tone of user EP0 and the ringing of user EP1.
9. The softswitch runs the MDCX command to deliver the session description of
MA5606T-1 to user EP0, and then users EP0 and EP1 can communicate with each other.
10. MA5606T-0 detects that user EP0 puts down the telephone, and then reports the on-hook
event to the softswitch through the NTFY command.
11. The softswitch sends the MDCX command to MA5606T-0 and MA5606T-1 respectively
to modify the RTP as "receive only."
12. The softswitch sends the MDCX command to MA5606T-1 to require the busy tone for user
EP1, and detects the on-hook event.
13. The softswitch sends the DCLX command to the MA5606T-0, releasing the resources
applied for user EP0's call.
14. MA5606T-0 detects that user EP1 puts downs the telephone, and then reports the on-off
event to the softswitch through the Notify command.
15. The softswitch sends the DCLX command to MA5606T-1, releasing the resources applied
for user EP1's call.
16. The call between users EP0 and EP1 ends and all the resources are released.
24.4.1 Introduction
This topic describes the definition, purpose, and specification of VoIP that is implemented based
on the SIP protocol.
24.4.2 Principle
This topic describes the implementation principles of VoIP based on the SIP protocol.
24.4.1 Introduction
This topic describes the definition, purpose, and specification of VoIP that is implemented based
on the SIP protocol.
Definition
The IP multimedia core network subsystem (IMS) is a subsystem that is proposed in the 3rd
Generation Partnership Project (3GPP) Release 5 to support the IP multimedia service. The IMS
includes all the core network elements that provide the audio, video, text, and instant messaging
services, and has been developed to a subsystem independent of any specific access network.
SIP is a control-layer protocol of the IMS and also one of the framework protocols stipulated
by the IETF for the multimedia communication system. SIP is an application-layer protocol for
creating, modifying, and terminating multimedia sessions. Used with other IETF protocols such
as Real-time Transport Protocol (RTP), Real-time Transport Control Protocol (RTCP), SDP,
Real-Time Streaming Protocol (RTSP), DNS and SCTP/TCP, SIP is used to complete session
establishment and media negotiation.
VoIP based on the SIP protocol is a solution in which the PSTN network and the IP network are
interconnected through the SIP protocol based on the IMS architecture to implement the VoIP
service.
NOTE
The PSTN herein refers to the PSTN service that is implemented based on the SIP protocol in an IMS
architecture and whose media bearer network is the IP packet switched network.
24.4.2 Principle
This topic describes the implementation principles of VoIP based on the SIP protocol.
In an IMS architecture, the MA5606T works as a voice over IP gateway (VGW). In the
downstream direction, the MA5606T connects to the VoIP user terminals. In the upstream
direction, the MA5606T connects to the IMS network through the Gm interface based on the
SIP protocol. Working with the IMS core network, the MA5606T provides the VoIP services,
including:
l Basic voice service
l Three-way calling
l Call waiting
l Caller identification display
l Message indicator service
l Malicious communication identification (MCID)
l Call transfer
l Conference call
Figure 24-3 illustrates the principles for implementing the VoIP feature based on the SIP
protocol.
Figure 24-3 Principles for implementing the VoIP feature based on the SIP protocol
SIP SIP
MA5606T-0
MA5606T- 1
Call
RTP Stream
A0 A1
1. MA5606T-0 detects that user A0 picks up the telephone, and then plays the dial tone for
user A0.
2. User A0 dials a telephone number, meanwhile MA5606T-0 stops playing the dial tone and
receives the number based on the local number list.
3. After receiving the number, MA5606T-0 reports the called number to the IMS core network
through an Invite message. The Invite message contains the session description which
provides the information required for the peer end to send packets to MA5606T-0, including
the IP address/UDP port number and the codec format.
4. The IMS core network finds MA5606T-1 to which the called party belongs based on the
called number and then forwards the Invite message.
5. MA5606T-1 finds called party A1 based on the related information in the Invite message,
and then delivers the ringing command. Meanwhile, user A1 hears the ringing tone and
MA5606T-1 sends a 180 Ringing message to the IMS core network.
6. The IMS core network forwards the 180 Ringing message to MA5606T-0, and then
MA5606T-0 sends the ringback tone to calling party A0.
7. MA5606T-1 detects that user A1 picks up the telephone, and then sends a 200 OK message
to the IMS core network. The 200 OK message contains the session description which
provides the information required for the peer end to send packets to MA5606T-1, including
the IP address/UDP port number and the codec format.
8. The IMS core network forwards the 200 OK message to MA5606T-0 to establish a session.
9. MA5606T-1 detects that user A1 puts down the telephone, and releases the resources for
the session established for user A1, and then reports a BYE message to the IMS core
network.
10. The IMS core network forwards the BYE message to MA5606T-0.
11. MA5606T-0 sends a response to the IMS core network and plays the busy tone for user
A0.
12. User A0 puts down the telephone, and MA5606T-0 releases the resources for the session
established for user A0.
13. The session between users A0 and A1 ends, and all the resources are released.
Three-Way Calling
Three-way calling is a service in which when you are talking on phone with the second party
and if you want to add the third party for talking, you can dial the telephone number of the third
party for three-party talking or separately talking with the third party without interrupting the
talking with the second party.
Call Waiting
Call waiting is a service in which if a calling party places a call to a called party which is otherwise
engaged, and the called party has the call waiting feature enabled, the called party is able to
suspend the current telephone call and switch to the new incoming call, and can then negotiate
with the new or current calling party an appropriate time to ring back if the message is important,
or to quickly handle a separate incoming call.
MCID
MCID is a service offered to the called party who can apply to the telephone exchange for
identifying the telephone number of the calling party in case of a malicious call, and then the
telephone exchange can identify the telephone number of the calling party who initiates the
malicious call through certain operations.
Call Transfer
Call transfer is a service offered to the called party who can transfer a coming call to a temporary
user by hooking so that the calling party can communicate with a new called party.
Conference Call
Conference call is a service offered by the VGW such as the MA5606T for communication
among three or more parties. The conference call can be a common reference call, a tandem
25 ISDN
25.1.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of ISDN.
25.1.2 Principle
This topic describes the implementation principles of the ISDN feature.
25.1.3 Reference
This topic describes the reference documents of the ISDN.
25.1.1 Introduction
This topic describes the definition, purpose, specification, limitation, and availability of ISDN.
Definition
The integrated services digital network (ISDN) is a Consultative Committee of International
Telegraph and Telephone (CCITT) standard, providing integrated transmission of voice, video,
and data. The ISDN enables a simultaneous transmission of voice, video and data on the data
channel.
The ISDN supports the joint switchover of H.248 and IUA and the overload control of ISDN
emergency call.
The B channel is used to bear services, and the D channel is used to bear the call control signaling
and maintenance management signaling.
Purpose
The MA5606T supports the ISDN access to provide the integrated services of voice, video, and
data for users.
Specification
The MA5606T supports the following ISDN specifications:
Limitation
Currently, only the ISDN service based on the H.248 protocol is supported.
Availability
l Hardware support
The DSRD and DSRE boards support the ISDN BRA feature.
The EDTB supports the ISDN PRA feature.
l License support
The number of the ISDN ports supported by the MA5606T is under license. Therefore, the
license is required for accessing the corresponding service.
25.1.2 Principle
This topic describes the implementation principles of the ISDN feature.
Media
stream
H.248 signaling
traffic MG
Peer device
E1
NT1
PBX
TA
BRA user
PRA user
The ISDN users include the BRA users and the PRA users.
l The BRA users can connect the ISDN telephone with the NT1 directly, or connect the
common telephone through the TA. On the MG side, the BRA users access the network
through the BRA port. NT1 and the MG are connected by a POTS line.
l The PRA users access the network through the E1 port with the PBX. The PBX and the
gateway are connected by an E1 cable.
SETUP
SETUP ACK
SG{cg/dt}
IMFOMATION
SG{}
IMFOMATION
CALL PROCEEDING
ADD
NOTE
In the figure, the blue line is the H.248 signaling, and the red line is the Q.931 signaling.
SG{cg/rt}
CONNECT
SG{}
RELEASE
MOD
RELEASE COMPLETE
CONNECT
In conversation
NOTE
In the figure, the blue line is the H.248 signaling, and the red line is the Q.931 signaling.
In the primitive Q.931, the gateway is not involved in the call control. The call control gateway
only separates the terminal Q.931 primitive from the Q.921 packets, encapsulates the Q.931
primitive to the IUA information packet, and then sends the packets to the softswitch.
The DSP channel resources that the gateway manage are distributed and released according to
the H.248 signaling or the MGCP signaling delivered by the softswitch in the call process.
10. After receiving the call, the called party starts ringing and sends ALERTING. If the
ALERTING reaches the calling party, the call is connected.
11. The softswitch delivers the ringing tone to the calling party through the modify command.
12. The called party hooks off and sends CONNECT. If the CONNECT reaches, the call is
connected.
13. The calling party responds CONNECT_ACK.
14. The softswitch stops the ringing tone through the modify command.
15. The softswitch modifies the RTP remote attribute on the calling party through the
modify command.
16. The call setup ends.
RELEASE COMPLETE
DISCONNECT
SUB
SUB ACK
NOTE
In the figure, the blue line is the H.248 signaling, and the red line is the Q.931 signaling.
25.1.3 Reference
This topic describes the reference documents of the ISDN.
25.2.1 Introduction
This topic describes the definition, purpose, and specification of BRA.
25.2.2 Principle
This topic describes the implementation principles of the ISDN BRA feature.
25.2.1 Introduction
This topic describes the definition, purpose, and specification of BRA.
Definition
BRA refers that the ISDN users access the MG through the BRI by the H.248 protocol.
Purpose
The BRA provides the BRA access, performs multimedia communication (voice, video, and
data) from point to point or from point to multipoint.
Specification
The MA5606T supports the following BRA services:
l One port connects up to eight terminals. Only two ports, however, can be used
simultaneously.
25.2.2 Principle
This topic describes the implementation principles of the ISDN BRA feature.
Peer device MG
NT1
NT1
User Access
Entering the AN from the MG side, the BRA user call from the deactivated state experiences
four stages: activation, TEI application, layer 2 link setup, and layer 3 call control. If the port
terminal is activated, or the TEI is distributed, or the link is set up, skip to next stage.
Call Control
According to the signaling round-trip control, the call signaling on the MG is sent to the
softswitch through the IUA (as the red line in the figure). The softswitch delivers the media
control information through the H.248 protocol, and controls the resources on the MG (as the
blue line in the figure), such as the B channel, context (H.248), and terminal.
Create an IUA service environment on the MG and MGC sides. Bear the Q.931 signaling on the
DSL board to the SCTP link, pack the signaling through the IUA protocol stack, and then send
the packet to the MGC. Switch the Q.931 signaling on the MGC side. The MGC sends the Q.
931 signaling to the peer end through the SCTP link to perform ISDN signaling call.
Working Mode
The BRA working modes include point to multipoint (P2MP) and point to point (P2P).
l Under the P2MP mode, one NT1 can connect to multiple terminals. Multiple layer 2 links
can be created at the same time, and up to two users can call simultaneously. If no call
service exists, the system can deactivate automatically to save the power.
l Under the P2P mode, one NT1 can connect to one terminal only. The layer 2 link is always
set up to ensure the service bearing at any moment. No matter the call service exists, the
link is activated.
25.3.1 Introduction
This topic describes the definition, purpose, and specification of PRA.
25.3.2 Principle
This topic describes the implementation principles of the ISDN PRA feature.
25.3.1 Introduction
This topic describes the definition, purpose, and specification of PRA.
Definition
The PRA refers to that the ISDN users access the MG through the PRI by using the H.248
protocol.
Purpose
The PRA user access is supported on the MG. The central offices can access the PRA users
through the mini-switch PBX. For the internal users, they can communicate with each other. For
the external users, they can communicate with the PSTN users.
Specification
The MA5606T supports the following PRA services:
l Timeslot 0 is used for frame synchronization, and timeslot 16 is used for signaling
transmission as the D channel. Other timeslots are used for service data transmission as the
B channel.
l Up to 4 ISDN PRA users are supported.
25.3.2 Principle
This topic describes the implementation principles of the ISDN PRA feature.
The PRA call process is the same as the BRA call process. For the BRA call process, refer to
25.2.2 Principle.
After one PRA user is configured, 32 timeslots with the rate of 64 kbit/s are provided. In which,
timeslots 1-15 , 17-31 are for the B channel, timeslot 16 is for the D channel, and timeslot 0 is
for the frame synchronization.
For a PRA user, the TEI of the layer 2 link is 0.
For a PRA user, the working mode and power supply mode are not involved. The terminal is
powered by the PBX.
26 Overload Control
Overload occurs when the usage of the CPU and DSP resources increases and reaches a certain
threshold in the case that a large number of AG calls occur concurrently. In this case, calls cannot
be processed normally. Overload control refers to the control over calls, which ensures that the
calls from guaranteed subscribers and emergency call subscriber are processed in time,
improving the system stability and usability.
26.1.1 Introduction
This topic describes the definition, purpose, and specifications of the MG overload control
feature.
Definition
MG overload control is a method used by the MA5606T to detect overload and process new
calls according to a certain algorithm or rule to ensure normal running of the device when some
abnormalities cause the call proceeding capability to decline or the proceeding delay to increase.
Purpose
Overload control is used for the following purposes:
Specifications
The MG overload control (H.248) is supported.
Glossary
Leaky bucket algorithm There is a water leak valve at the bottom of the leaky bucket
with a certain capacity. The water that flows from the valve is
called leak rate. When water flows out, the leaky bucket
casually receives uncertain quantities of water that is poured
into it. To prevent the liquid in the leaky bucket from
exceeding the capacity of the leaky bucket and over flowing,
control the newly poured water according to the leak rate.
Based on the preceding leaky bucket model, the leaky bucket
algorithm adjusts the leak rate of the system and control the
new calls entering the system to avoid abnormalities
(overflow) in the case of large volume of traffic.
MG Media gateway
26.1.2 Principles
This topic describes the working principles of the MG overload control feature.
Caller
Figure 26-1 shows the overload control process when the subscriber acts as a caller.
N
Whether a common
subscriber port?
Y
Common call
Whether is an N
emergency call
allowed?
Return OK Y
The local plays the dialing tone
and receives the number.
Y N Whether is overload
not eliminated or
port not preferred? ?
Save the subscriber dialing number in
the bffer, and clear the information Y
about digitmap matching
Report the subscriber off-hook The local plays the busy tone to
information saved in the buffer, and wait the subscriber. Return Failed
for the MGC to deliver digitmap
Return Failed
Return OK
The MA5606T adopts the port priority and call priority as the decision criteria of the overload
control. The process of the MG overload control is as follows:
1. The user picks up the phone and then the MG checks whether the overload is block-level
overload. If yes, the MG directly rejects the call. If not, the MG proceeds with step 2.
2. The MG checks whether the overload is restriction-level overload. If not, the MG proceeds
with step 8. If yes, the MG proceeds with step 3.
3. The MG checks whether the user is a common user. If not, the MG proceeds with step 8.
If yes, the MG proceeds with step 4.
4. The MG check whether the emergency call is allowed. If yes, the MG plays the dialing
tone and receives the phone number, and then proceeds with step 5.
5. The MG checks whether the received phone number matches the emergency call digitmap.
If yes, the MG proceeds with step 6. If not, the MG proceeds with step 7.
6. The MG reports the user off-hook information saved in the buffer to the MGC and waits
for the MGC to deliver the digitmap and then the MG can run the normal process.
7. The MG checks whether the overload is cleared. If not, the MG plays the busy tone to the
user and rejects the call. If yes, the MG proceeds with step 6.
8. The MG enters the normal process of calls.
Callee
The overload control process when the subscriber acts as the callee is the same as that when the
subscriber acts as the caller, except that after the peer call enters the MG, the MA5606T adopts
only the call priority as the decision criterion for overload control.
POWER-DIALER Processing
The MG overload control adopts the leaky bucket algorithm. The system processing capability
is supposed to be the leak rate of a leaky bucket and new calls be the water poured into the leaky
bucket. The water in the leaky bucket flows out when time goes by. If during a period too much
water is poured into the leaky bucket, causing the water level to exceed the limit of the leaky
bucket, the system takes measures to reject certain new calls and to maintain the water level of
the leaky bucket under the security level.
In the case of detection and rejection of the user that frequently and quickly picks up and hangs
up the phone, Figure 26-2 shows the principles for processing the POWER-DIALER.
No
Message
count exceeds the No
threshold?
Yes
Detection No
Detection time exceeds the Message passes
No
time exceeds the threshold?
threshold?
Yes
Yes
During detection
No
time, average messages
(offhook) exceed the set
value?
Yes
Detection time
Yes
exceeds the
threshold?
Figure 26-3 MG overload control process-Off-hook and on-hook of the PSTN subscriber
Message from PSTN port
received
Offhook/Onhook
No
/Hooking/Pulse Passed
dialing message?
Yes
In
Yes
POWER DIALER Discarded
-
state?
No
Offhook
message Hooking message
Check message type
No
Yes
Not in In offhook queue?
In OFF-HOOK or the
In ON-HOOK queue
ON-OFF-HOOK pending
queue queue No
hooking messages that are not in the Pending queue are allowed to pass when the port is
in the off-hook state.
5. The messages that are generated in the pulse dialing mode are allowed to pass only when
the port is not in the Pending queue.
Offhook/Onhook Yes
state of the port
recorded?
No
No Previous offhook No
Offhook message?
message rejected?
Yes Yes
The message Reject the Record port state (initial
passes message state:Idle)
Yes
Released message
Is it the
No Restart the30s
Yes released
In offhook state? timer
message?
Pass
No The message passes Yes
and set the setup
Pass the No
leaky bucket? retransmit flag to
false. Clear the port state
Set the message state to and stop the 30s
timer
filter and start the 10s
Yes
timer. The entry is deleted
if the start fails.
Compared with the PSTN caller control process, the ISDN caller control process is more
complicated. This is mainly caused by status judgment. The brief control process is as follows:
1. The messages reported by the ISDN port are processed according to the port status and the
reported messages. If the message is the first SETUP message of the port, the message
enters the leaky bucket to determine whether it can pass or not. If the message passes the
judgment, the port message status is recorded as Idle; if the message does not pass the
judgment, the port message status is recorded as Filter.
2. The following messages of the port are judged according to the port status. If the port is in
the Idle state, the messages are allowed to pass and the port message status changes
according to the message type. If the port is in the Filter state, the messages are not allowed
to pass and the port message status changes according to the message type.
Network-side message is
received
Can
incoming calls pass Yes
The message passes
through the leaky
bucket?
No
Is the softswitch No
The message is rejected
support H248.11?
Yes
26.1.3 Reference
This topic provides the reference documents of the MG overload feature.
26.2.1 Introduction
This topic describes the definition, purpose, and specifications of the feature of upstream
bandwidth overload control.
26.2.2 Principles
This topic describes the working principles of the feature of upstream bandwidth overload
control.
26.2.1 Introduction
This topic describes the definition, purpose, and specifications of the feature of upstream
bandwidth overload control.
Definition
When the bandwidth traffic on the access side of the MG reaches or exceeds the limit and affects
the service, calls are restricted by using the bandwidth traffic on the MG side, and the bandwidth
occupied by the current call in the system is calculated to control the call traffic of the MG.
Purpose
Upstream bandwidth overload control aims at ensuring the maximum satisfaction of the call
user, and the normal call voice quality.
Specifications
The MA5606T supports the following specifications for upstream bandwidth overload control:
l Range of the maximum upstream bandwidth (unit: 100 kbit/s): 2-1000
l Range of the bandwidth reserved for the emergency call (unit: 100 kbit/s): 1-999
26.2.2 Principles
This topic describes the working principles of the feature of upstream bandwidth overload
control.
Calls are divided into two categories when the MG uses the upstream bandwidth for call
restriction:
l Category 1: Common calls from the common port subscribers
l Category 2: Calls from the uncommon port subscribers or emergency calls from the
common port subscribers
When supporting upstream bandwidth overload control, the MG reserves certain bandwidth for
the calls from category 2 subscribers. When the call bandwidth reaches the restriction level, the
MG rejects the calls from category 1 subscribers and allows calls from category 2 subscribers.
Figure 26-6 shows the processing on user off-hook in the case of upstream bandwidth overload
control.
Figure 26-6 Processing on user off-hook in the case of upstream bandwidth overload control
No Bandwidth
call restriction
enabled? No
Yes
No Urgent digitmap No
Insufficient
is configured?
bandwidth?
Yes Yes
Normal connection
Return Failed
Return OK
Figure 26-7 shows the processing on the callee in the case of upstream bandwidth overload
control.
Figure 26-7 Processing on the callee in the case of upstream bandwidth overload control
Enter the process for called
user
No Bandwidth call
restriction enabled?
Yes
No
Insufficient
bandwidth?
Yes
The call No
is with high priority or
urgent?
Normal connection
Return OK
26.3.1 Introduction
This topic describes the definition, purpose, and specifications of the MGC overload control
feature.
26.3.2 Principles
This topic describes the working principles of the MGC overload control feature.
26.3.1 Introduction
This topic describes the definition, purpose, and specifications of the MGC overload control
feature.
Definition
MGC overload refers to the overload generated when the call volume of each area increases
instantly, or in some abnormal cases, when the MGC processing loading is too heavy. In this
case, normal calls may even be affected.
Purpose
The MGC overload control aims at preventing the MGC overload, or when the MGC is
overloaded, helping the MGC to restrict its call volume and handle the overload.
Specifications
By default, the MA5606T supports this feature. You can enable or disable this feature through
the CLI.
26.3.2 Principles
This topic describes the working principles of the MGC overload control feature.
MG 1 MG 2 MG N
The MGC controls each MG through signaling and each MG reports the received call to the
MGC for processing. In this case, even if the call volume increase is small for each MG, the call
volume increase may be very large for the MGC, causing the MGC overload.
To prevent the MGC from entering the overload state, the MG's cooperation is required for
restricting the call volume. The MG supports the etsi-nr packet of the MGC to cooperate with
the MGC to restrict the call volume.
When supporting the MGC to restrict user calls, the MG processes the calls according to the
user priority. In the MA5606T, users are divided into three categories (CAT3: common user;
CAT2: next highest priority user; CAT3: highest priority user).
If the MA5606T receives the user off-hook message after the MGC overload control is enabled
on the MG, based on the user priority and the call pass rate delivered by the MGC, the
MA5606T uses the leaky bucket algorithm to determine whether to allow the current call or not.
The MG will record the statistics related to the leaky bucket.
whether to report off-hook as well when the MG directly reports the phone number that matches
the emergency call digitmap. The etsi_nr packet is processed as follows:
l The MG resolves the etsi_nr packet delivered from the MGC. If the etsi_nr packet is not
delivered to the Root node, the MG replies to the softswitch that the H.248 syntax is
incorrect.
l The MG processes the two attributes of the etsi_nr packet as follows:
– If the softswitch does not issue the packet, the default value of interface notrat is -1.0,
and that of OffHookNot is Required.
– If there is the notrat attribute and the attribute value is the correct floating point number,
the packet is processed based on the attribute value as follows:
– If notrat ≥ 0.0, the MG determines based on the leaky bucket algorithm whether to
report the off-hook of the caller to the MGC.
– If notrat < 0.0, the MG uses the static leaky rate that is configured through the CLI.
– If there is the notrat attribute but the attribute value is not the correct floating point
number, the H.248 syntax error is returned.
– If there is the OffHookNot attribute, the MG based on the OffHookNot attribute value
sets whether to report the off-hook message saved in the buffer for the emergency call
of common users to the MGC.
26.4.1 Introduction
This topic provides the definition, purpose, specifications, limitations, glossary, and acronyms
and abbreviations of the feature of broadband packets overload control.
26.4.2 Principles
This topic describes the working principles of the feature of broadband packets overload control.
26.4.1 Introduction
This topic provides the definition, purpose, specifications, limitations, glossary, and acronyms
and abbreviations of the feature of broadband packets overload control.
Definition
When a large number of service packets are processed concurrently, the utilization ratio of
system resources increases sharply. When the service quantity exceeds the maximum bearing
capability of the system, overload occurs. In this case, without control, the service processing
capability of the system may be below the capability of the idle system, or, even worse, the entire
system is down. Therefore, the system must have a mechanism for checking whether the system
is overloaded. If it is overloaded, the system discards certain tasks according to rules to reduce
the system payload and to ensure that certain services in the system run in the normal state.
There are many methods for overload control. Broadband packets overload control is one of
them. When the system CPU usage exceeds the threshold, the system discards certain packets
according to preset rules.
Purpose
The MA5606T supports broadband and narrowband services concurrently. When the system
traffic is heavy, the voice service needs to be guaranteed first to ensure the connection of the
ongoing conversation. Provided that the voice service is guaranteed, the packets of the broadband
service are processed according to the priority.
Specifications
l The leaky bucket thresholds such as the CPU usage can be set to 30-99. By default, the
first-level threshold is 80 and the second-level threshold is 90.
l The leaky bucket adjustment factor can be set to 1-1000. By default, it is 20.
l Each of the eight WRR weights is configurable from 1 to 100.
l For eight WRR queues, the mapping between the 802.1p priority and queue ID is
configurable.
Availability
l Hardware Support
None
l License Support
The feature of broadband packets overload control is a basic feature of the MA5606T.
Therefore, the corresponding service is provided with no license.
26.4.2 Principles
This topic describes the working principles of the feature of broadband packets overload control.
l Current leak rate of the leaky bucket (L): The current leak rate is dynamically adjusted
according to the CPU usage, ranging from 1 to 2000. By default, it is 800, in the unit
of PPS.
l Adjustment factor (S): namely, the adjustment step. The smaller the step, the faster the
leak rate is upshifted or downshifted, and the larger the jitter of the leaky bucket. On
the contrary, the larger the step, the slower the adjustment speed, and the smaller the
jitter. The adjustment step ranges from 1 to 1000. By default, it is 20.
A
ABR Area Border Router
AC Attachment Circuit
ACL Access Control List
ANCP Access Node Control Protocol
ARP Address Resolution Protocol
AS Autonomous System
ASBR Autonomous System Boundary Router
B
BPDU Bridge Protocol Data Unit
BRAS Broadband Remote Access Server
C
CAC Connection Admission Control
CAR Committed Access Rate
CBR Constant Bit Rate
CBS Committed Burst Size
CC Continuity Check Message
CE Customer Edge
CFM Connectivity Fault Management
CIR Committed Information Rate
CLI Command Line Interface
CM Color Mode
CoS Class of Service
CST Common Spanning Tree
CIST Common and Internal Spanning Tree
CSPF Constraint Shortest Path First
D
DHCP Dynamic Host Configuration Protocol
DHCP Relay Dynamic Host Configuration Protocol Relay
DHCP option82 DHCP relay agent option 82
DMT Discrete Multi-Tone
DoS Denial of Service attack
DSLAM Digital Subscriber Line Access Multiplexer
E
EFM Ethernet of First Mile
F
FTTB Fiber To The Building
FTTH Fiber To The Home
FTTx Fiber To The x
FTP File Transfer Protocol
G
GEM GPON Encapsulation Mode
GPON Gigabit-capable Passive Optical Network
GSMP General Switch Management Protocol
H
HDSL High-speed digital subscriber line
HQoS Hierarchical QoS
I
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol
IPoA Internet Protocol Over ATM
IPoE IP over Ethernet
IST Internal Spanning Tree
IWF Interworking Function
L
LB Loopback
LT Linktrace
M
MIB Management Information Base
MSTP Multiple Spanning Tree Protocol
MSTR Multiple Spanning Tree Regions
MSTI Multiple Spanning Tree Instance
N
NTP Network Time Protocol
NRT-VBR Non-Real Time Variable Bit Rate
O
OAM Operations Administration and Maintenance
OAMPDU OAM Packet Data Unit
ODN Optical Distribution Network
OLT Optical Line Terminal
OMCI Optical Network Termination Management and Control Interface
ONU Optical Network Unit
ONT Optical Network Terminal
OPEX Operating Expenditures
OSPF Open Shortest Path First
OSS Operation Support System
P
P2P Point To Point
PBS Peak Burst Size
Q
QinQ 802.1Q in 802.1Q
QoS Quality of Service
R
RAIO Relay Agent Information Option
RDI Remote Default Indication
RFI Radio Frequency Interference
RIP Routing Information Protocol
RSTP Rapid Spanning Tree Protocol
RT-VBR Real Time Variable Bit Rate
S
SFTP Secure File Transfer Protocol
SNMP Simple Network Management Protocol
SSH Secure Shell
STP Spanning Tree Protocol
SHDSL Single-line high speed digital subscriber line
SHDSL.bis Single-line high speed digital subscriber line.bis
T
T-CONT Transmission Containers
TC-PAM Trellis Coded Pulse Amplitude Modulation
TDM Time Division Multiple
TDMA Time Division Multiple Access
TDMoGEM TDM over GEM
TFTP Trivial File Transfer Protocol
TLV Type, Length, Value
ToS Type of Service
trTCM Two Rate Three Color Marker
U
UBR Unspecified Bit Rate
V
VBAS Virtual Broadband Access Server
VLAN Virtual LAN
W
WRR Weighted Round Robin
X
xDSL x Digital Subscriber Line