Quick Start - SPU (V100R003C00 - 02)

Quidway S9300 Terabit Routing Switch
V100R003C00
Quick Start - SPU
Issue 02
Date 2010-07-15
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2010. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 02 (2010-07-15) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
Quick Start - SPU About This Document
About This Document
Intended Audience
This document is intended for:
l Hardware installation engineers
l Commissioning engineers
l On-site maintenance engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.
DANGER
Indicates a hazard with a medium or low level of risk, which

if not avoided, could result in minor or moderate injury.
WARNING
Indicates a potentially hazardous situation, which if not

avoided, could result in equipment damage, data loss,
CAUTION
performance degradation, or unexpected results.
TIP Indicates a tip that may help you solve a problem or save
time.
NOTE Provides additional information to emphasize or supplement

important points of the main text.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Issue 02 (2010-07-15) Huawei Proprietary and Confidential iii

About This Document Quick Start - SPU
Changes in Issue 02 (2010-07-15)

Based on issue 01 (2010-04-30), the document is updated as follows:
The following information is modified:
1 Overview of the SPU.
Changes in Issue 01 (2010-04-30)

Initial commercial release.
iv Huawei Proprietary and Confidential Issue 02 (2010-07-15)

Quick Start - SPU Contents
Contents
About This Document...................................................................................................................iii

1 Overview of the SPU.................................................................................................................1-1
1.1 Introduction to the SPU...................................................................................................................................1-2
1.2 Functions and Typical Applications of the SPU.............................................................................................1-2
2 Hardware Structure of the SPU...............................................................................................2-1

2.1 Panel................................................................................................................................................................2-2
2.2 Description of Interfaces on the SPU..............................................................................................................2-3
2.3 Attributes of Interfaces on the SPU.................................................................................................................2-3
2.4 Technical Specifications.................................................................................................................................2-4
3 Logging In to the SPU...............................................................................................................3-1

3.1 Logging In to the SPU Through the Console Interface...................................................................................3-2
3.2 Logging In to the SPU Through the Console Interface of the SPU That Is Redirected from MPU...............3-5
3.3 Logging In to the SPU Through Telnet...........................................................................................................3-6
4 Service Features of the SPU......................................................................................................4-1

5 Replacing an SPU....................................................................................................................... 5-1
6 Technical Specifications of the SPU.......................................................................................6-1
6.1 System Configurations of the SPU..................................................................................................................6-2
6.2 Technical Specifications of the SPU...............................................................................................................6-2
Issue 02 (2010-07-15) Huawei Proprietary and Confidential v

Quick Start - SPU Figures
Figures
Figure 1-1 Processing packets by the SPU...........................................................................................................1-2

Figure 1-2 Networking of server load balancing..................................................................................................1-3
Figure 1-3 Networking of egress link load balancing..........................................................................................1-4
Figure 1-4 Networking of IPSec..........................................................................................................................1-4
Figure 1-5 Networking of NAT............................................................................................................................1-5
Figure 1-6 Networking of the virtual firewall......................................................................................................1-6
Figure 1-7 Networking of the firewall in transparent mode.................................................................................1-7
Figure 1-8 Networking of firewalls in backup mode...........................................................................................1-8
Figure 1-9 Monitoring MPLS network traffic......................................................................................................1-9
Figure 1-10 Monitoring traffic carried by a tunnel............................................................................................1-10
Figure 2-1 VAMPA panel....................................................................................................................................2-2
Figure 3-1 Logging in to the SPU through the console interface.........................................................................3-2
Figure 3-2 Setting up a new connection...............................................................................................................3-3
Figure 3-3 Configuring the connected interface...................................................................................................3-3
Figure 3-4 Setting communication parameters.....................................................................................................3-4
Figure 3-5 Selecting a terminal type....................................................................................................................3-5
Figure 3-6 Networking of redirecting to the console interface of the SPU through the MPU of the S9300.......3-6
Figure 3-7 Logging in to the SPU through Telnet on the PC...............................................................................3-7
Figure 5-1 Schematic diagram of removing an SPU............................................................................................5-2
Figure 5-2 Schematic diagram of installing an SPU............................................................................................5-3
Issue 02 (2010-07-15) Huawei Proprietary and Confidential vii

Quick Start - SPU Tables
Tables
Table 2-1 Buttons and indicators on the VAMPA panel......................................................................................2-2

Table 2-2 Interfaces on the VAMPA and their functions.....................................................................................2-3
Table 2-3 Serial interface attributes......................................................................................................................2-3
Table 2-4 Ethernet interface attributes................................................................................................................. 2-3
Table 2-5 Technical specifications of the VAMPA............................................................................................. 2-4
Table 3-1 Communication parameters................................................................................................................. 3-4
Table 6-1 System configurations of the SPU....................................................................................................... 6-2
Table 6-2 Software service features and hardware technical specifications of the SPU......................................6-2
Issue 02 (2010-07-15) Huawei Proprietary and Confidential ix

Quick Start - SPU 1 Overview of the SPU
1 Overview of the SPU
About This Chapter
Functioning as the value-added service (VAS) board of the S9300, the Service Process Unit
(SPU) provides service functions such as load balancing, firewalls, Network Address Translation
(NAT), IP Security (IPSec), and NetStream, thus meeting requirements of different application
scenarios for diverse industry networks.
NOTE
The release of Russia does not provide the IPSec VPN function.
1.1 Introduction to the SPU

The SPU provides service functions such as load balancing, firewalls, NAT, IPSec, NetStream
in diverse network application scenarios. These functions are mainly used on industry networks.
1.2 Functions and Typical Applications of the SPU
The SPU can be installed in any LPU slot of the S9300 to process the packets that are transmitted
from the MPU of the S9300. The SPU is applicable to load balancing, NAT, firewall, IPSec,
and NetSream solutions.
Issue 02 (2010-07-15) Huawei Proprietary and Confidential 1-1

1 Overview of the SPU Quick Start - SPU
1.1 Introduction to the SPU

The SPU provides service functions such as load balancing, firewalls, NAT, IPSec, NetStream
in diverse network application scenarios. These functions are mainly used on industry networks.
In modern enterprises, video conferences and video monitoring devices are widely used; shared
files such as pictures and high-definition video files are transmitted on intranets; servers and
storage devices need to back up data periodically. With the preceding requirements of
enterprises, people raise higher requirements for the reliability, security, and simplified operation
and management of industry networks.
As the VAS unit of the S9300, the SPU provides diverse VAS functions for industry networks,
such as load balancing, IPSec VPN, NAT, firewalls, and two-node cluster backup. In addition,
the SPU provides solutions to the network security of communities, interconnection between
communities, and wireless local area networks (WLANs). The SPU provides the high-efficient
load balancing solution, which accelerates the response speed of the IT system, shortens the
application delay, and balances the traffic on network devices. In this manner, the service
reliability can be improved and services can be expanded flexibly. Multiple firewalls and the
IPSec VPN facilitates integration of the VLAN switching technology of switches with security
network technologies, thus providing security services and implementing the secure and
encrypted interaction among departments of customers. NetStream provides data support for
charging and settlement, network planning, and network operation and management for most
carriers.
1.2 Functions and Typical Applications of the SPU

The SPU can be installed in any LPU slot of the S9300 to process the packets that are transmitted
from the MPU of the S9300. The SPU is applicable to load balancing, NAT, firewall, IPSec,
and NetSream solutions.
Currently, the SPU supports only one board, namely, VAMPA, which is installed in the LPU
slot of the S9300. The system transmits the packets to be processed to the SPU. Then the SPU
processes the packets related to the VASs. Figure 1-1 shows the processing procedure.
Figure 1-1 Processing packets by the SPU
Receiving Transmitting
LPU
Packets Packets
Switching Packets MPU
Processing Packets SPU
1-2 Huawei Proprietary and Confidential Issue 02 (2010-07-15)

The VAMPA provides the following functions:

l Service functions
– IPSec VPN, firewall/NAT, load balancing, and NetStream
– Data processing capability of 10 Gbit/s
– Routing and addressing for packets
– Traffic management, congestion control, and forwarding scheduling for packets
– Line-speed forwarding of packets
l Debugging functions
– Configuration and alarm
– Board environment monitoring
– Watchdog
– Hierarchical reset
– Commissioning
The SPU is applicable to the following solutions.
Load Balancing
l Server load balancing
Figure 1-2 Networking of server load balancing
Intranet
Intranet ServerA
User Switch
External
Network ServerB
ServerC
As shown in Figure 1-2, an Intranet user accesses the internal server that is deployed in
the group of load balancing servers through the external network. The group is composed
of three servers. As the load balancing (LB) device, the Switch implements load balancing
at layers from L4 to L7. The service load varies according to servers. When one or more
servers are faulty, the system automatically switches services to normal servers so that
services are not interrupted. In this manner, network faults are reduced and the reliability
of service processing is improved.
l Egress link load balancing

Figure 1-3 Networking of egress link load balancing
RouterA
ISP1
External
Network
Intranet Switch
user
RouterB ISP2
As shown in Figure 1-3, an enterprise rents links of multiple carriers as egresses between
the Intranet and the external network. The bandwidth and delay vary according to carriers.
You can configure the Switch (SPU) to select the optimal link according to requirements
for external network access of different enterprise users. The Switch also supports the
reverse NAT function.
IPSec
Figure 1-4 Networking of IPSec
SwitchA SwitchB
Internet
Intranet Intranet
User A User B
As shown in Figure 1-4, an IPSec tunnel is set up between Switch A and Switch B. In this way,
data flows of intranet user A and intranet user B can be protected when being transmitted on
insecure networks. IPSec allows network users or administrators to control the granularity of
security services between peers. The Security Association (SA) can be established manually or
in IKE negotiation mode. The SA provides security protection for different data flows.

NAT
Figure 1-5 Networking of NAT
Internet
10.1.1.1/24 Intranet
PC2
PC1
10.1.2.1/24
WWW FTP SMTP
As shown in Figure 1-5, IP addresses of PC1 and PC2 on the intranet can be mapped to the
public IP addresses on the external network through NAT. In this way, users on private networks
can access external networks, thus saving public IP addresses. The NAT mapping table is used
to limit hosts on internal networks that access hosts on external networks.
By configuring the internal servers, you can map the corresponding external IP addresses and
port numbers to internal servers. In this manner, users on external networks can access internal
servers. For example, an enterprise provides World Wide Web (WWW), File Transfer Protocol
(FTP), and Simple Mail Transfer Protocol (SMTP) services externally.
Firewall
l Virtual firewall

Figure 1-6 Networking of the virtual firewall
Internet
Switch
VLAN2 VLAN3 VLAN4
Interior Interior Interior

Subnetwork Subnetwork Subnetwork
FTP WWW Telnet

Server Server Server
As shown in Figure 1-6, an intranet can be divided into multiple subnets through VLANs.
The Switch (SPU) configures a virtual firewall for each subnet. The server on each subnet
can access external networks through the Switch and provide different services externally.
l Firewall in transparent mode

Figure 1-7 Networking of the firewall in transparent mode
PC A
Zone A
VLAN 10
PC B
Switch VLAN 20
Zone B
VLAN 30
PC C
Zone C
As shown in Figure 1-7, the Switch functions as the firewall in transparent mode. In this
case, all interfaces are L2 interfaces and the network is divided into multiple access zones
through different VLANs. All PCs in a zone share the same network segment. The packet
filtering, attack defense, and traffic monitoring policies are defined for different VLANs
on the Switch. For example, PC A can access Zone B and Zone C. PC B can send packets,
whereas the packets cannot pass the firewall.
l Firewalls in backup mode

Figure 1-8 Networking of firewalls in backup mode
SPU1
SPU2
Internet
Switch
PC 1 PC 2
As shown in Figure 1-8, SPU 1 and SPU 2 are installed on the Switch. VRRP is enabled
on these two SPUs to provide a virtual IP address for the switch and thus to back up services.
When SPU 1 functions as the master, data flows are transmitted to the Internet through
SPU 1. At the same time, data is synchronized from SPU 1 to SPU 2. After SPU 1 becomes
faulty, data flows are transmitted to the Internet through SPU 2.
NetStream
l Monitoring MPLS network traffic

Figure 1-9 Monitoring MPLS network traffic
PE
AS 200
P Web Server
Mail Server
PE
PE
PE
FTP Server
AS 100
NSC&NDA
PE PE
PC PC PC
As shown in Figure 1-9, users can collect statistics on IP traffic from MPLS to IP (IPv4
or IPv6) and from IP (IPv4 or IPv6) to MPLS by deploying NetStream on user-side
interfaces of PEs. Users can also collect statistics on MPLS packets by deploying NetStream
on network-side interfaces of PEs and P devices. According to the analysis result of the
statistics, users can understand the composition and mode of the MPLS service accurately.
l Monitoring traffic carried by a tunnel

Figure 1-10 Monitoring traffic carried by a tunnel
Web Server
Mail Server
AS 100
Tunnel FTP Server
AS 100
NSC&NDA
PC PC PC
As shown in Figure 1-10, if a user collects statistics on the traffic transmitted through a
tunnel on physical interfaces of the switch, the user cannot differentiate the traffic carried
by the tunnel. In this case, the user needs to collect traffic statistics by using NetStream
twice, that is, before the traffic enters the tunnel and after the traffic exits the tunnel. In this
way, the user can accurately analyze the traffic composition in the tunnel.

Quick Start - SPU 2 Hardware Structure of the SPU
2 Hardware Structure of the SPU
About This Chapter
This topic describes hardware information about the VAMPA. Currently, the SPU supports only
the VAMPA.
2.1 Panel
This topic describes the appearance of the SPU, including interfaces, indicators and the colors
and blinking states of interface and board indicators.
2.2 Description of Interfaces on the SPU
This topic describes types, quantity, and functions of interfaces on the SPU.
2.3 Attributes of Interfaces on the SPU
This topic describes connector types, attributes, operation modes, and compliance standards of
the interfaces on the panel.
2.4 Technical Specifications
This topic describes technical specifications of the SPU, such as board dimensions, panel
dimensions, maximum power consumption, and weight.

2 Hardware Structure of the SPU Quick Start - SPU
2.1 Panel
This topic describes the appearance of the SPU, including interfaces, indicators and the colors
and blinking states of interface and board indicators.
Currently, the SPU supports only the VAMPA.
The VAMPA is installed horizontally. A serial interface (identified as CON) and an FE electrical
interface (identified as ETH) are located on the panel. Figure 2-1 shows the panel.
Figure 2-1 VAMPA panel
1. ACT indicator 2. LINK indicator
The board indicator RUN/ALM and interface indicators ACT and LINK are located on the
VAMPA panel. Table 2-1 describes the colors and blinking states of the indicators.
Table 2-1 Buttons and indicators on the VAMPA panel

Indicator/Button Color Description
RUN/ALM Green If the indicator is on, it indicates that the board is

powered on but the software is not running.
If the indicator blinks slowly (0.5 Hz), it indicates
that the system runs normally.
If the indicator blinks quickly (4 Hz), it indicates that
the system is being started.
Red If the indicator is on, it indicates that the board is

faulty.
Orange If the indicator is on, it indicates that the board is

installed in the slot and is powered on.
ACT Amber If the indicator blinks, it indicates that data is being

transmitted or received.
If the indicator is off, it indicates that no data is being
transmitted or received.
LINK Green-yellow If the indicator is on, it indicates that the link is

connected.
If the indicator is off, it indicates that the link is
blocked.

Quick Start - SPU 2 Hardware Structure of the SPU
2.2 Description of Interfaces on the SPU

This topic describes types, quantity, and functions of interfaces on the SPU.
Table 2-2 describes types and functions of interfaces on the VAMPA.
Table 2-2 Interfaces on the VAMPA and their functions
Interface Quantity Description
Console interface 1 Provides a serial interface. A user can log in to the local
SPU by connecting the serial interface on the host and
the console interface on the SPU through a cable to
configure the SPU locally.
Ethernet interface 1 Provides an FE electrical interface. A user can log in to

the SPU through Telnet to configure the SPU.
2.3 Attributes of Interfaces on the SPU

This topic describes connector types, attributes, operation modes, and compliance standards of
the interfaces on the panel.
Table 2-3 and Table 2-4 describe attributes of the interfaces on the panel.
Table 2-3 Serial interface attributes
Attribute Description
Connector type RJ45
Interface attribute RS232
Compliance standard EIA/TIA-232
Table 2-4 Ethernet interface attributes
Attribute Description
Connector type RJ45
Interface attribute 10BASE-T/100BASE-TX
Operation mode Full duplex
Compliance standard IEEE 802.3

2 Hardware Structure of the SPU Quick Start - SPU
2.4 Technical Specifications

This topic describes technical specifications of the SPU, such as board dimensions, panel
dimensions, maximum power consumption, and weight.
Table 2-5 describes technical specifications of the VAMPA.
Table 2-5 Technical specifications of the VAMPA

Parameter Description
Board dimensions 426.80 mm x 394.70 mm x 35.10 mm (width

x depth x height)
Maximum power consumption 153.27 w
Board weight 2.6 kg

Quick Start - SPU 3 Logging In to the SPU
3 Logging In to the SPU
About This Chapter
A user can log in to the SPU in either of the following ways: logging in to the SPU through the
console interface; logging in to the SPU through Telnet; logging in to the MPU of the S9300 for
redirection, and then logging in to the SPU through the console interface of the SPU.
3.1 Logging In to the SPU Through the Console Interface

If a user cannot log in to the MPU of the S9300, the user needs to log in to the SPU through the
console interface for the first time. This topic describes how to log in to the SPU on a PC through
the console interface.
3.2 Logging In to the SPU Through the Console Interface of the SPU That Is Redirected from
MPU
If a user has logged in to the MPU of the S9300, the user can log in to the SPU after redirection
to the console interface of the SPU.
3.3 Logging In to the SPU Through Telnet
This topic describes how to log in to the SPU through Telnet.

3 Logging In to the SPU Quick Start - SPU
3.1 Logging In to the SPU Through the Console Interface

If a user cannot log in to the MPU of the S9300, the user needs to log in to the SPU through the
console interface for the first time. This topic describes how to log in to the SPU on a PC through
the console interface.
Networking Requirements
When logging in to the SPU through the console interface, a user needs to connect the console
interface on the SPU to the RS232 interface on the host through a serial cable, as shown in
Figure 3-1.
Figure 3-1 Logging in to the SPU through the console interface

RS232 Console
interface Console Cable interface
Procedure
Step 1 Connect the PC with the SPU through a serial cable according to Figure 3-1.
Step 2 Enable the HyperTerminal on the PC.
Choose Start > All Programs > Accessories > Communications > HyperTerminal to start
the HyperTerminal.
Step 3 Set up a new connection.
As shown in Figure 3-2, enter the name of the new connection in the Name text box and choose
an icon. Click OK.

Figure 3-2 Setting up a new connection
Step 4 Configure the connected interface.

In the Connect window shown in Figure 3-3, select an interface from the Connect drop-down
list box according to the interface on the PC or terminal. Then click OK.
Figure 3-3 Configuring the connected interface
Step 5 Set communication parameters.

In the COM1 Properties window shown in Figure 3-4, set communication parameters
according to Table 3-1.

NOTE
In the Windows operating systems of some versions, Bit per second may be called Baud rate and Flow
control may be called Traffic control.
Figure 3-4 Setting communication parameters
Table 3-1 Communication parameters
Parameter Value
Bit per second (baud) 9600
Data bit 8
Parity check None
Stop bit 1
Flow control (traffic control) None
Step 6 After starting the HyperTerminal, choose File > Attributes to display the COMM1
Properties dialog box, as shown in Figure 3-5. Click the Settings tab, and select Auto detect
or VT100 from the Emulation drop-down list box. Click OK to complete the settings.

Figure 3-5 Selecting a terminal type
After the preceding settings, press Enter. If the <Quidway> prompt is displayed, it indicates
that you have logged in to the SPU. In this case, you can enter commands to configure or manage
the SPU.
----End
3.2 Logging In to the SPU Through the Console Interface of

the SPU That Is Redirected from MPU
If a user has logged in to the MPU of the S9300, the user can log in to the SPU after redirection
to the console interface of the SPU.
A user can log in to the MPU of the S9300 through a serial interface or through Telnet, and then
run the corresponding command for redirection. Then the user redirects the login process to the
console interface of the SPU as prompted and logs in to the SPU through the console interface,
as shown in Figure 3-6.

Figure 3-6 Networking of redirecting to the console interface of the SPU through the MPU of
the S9300
Login Redirection Console

interface of
the SPU
PC S9300
Procedure
Step 1 Log in to the MPU of the S9300.
Step 2 Run the following command in the user view: spu connect slot slot-num.
slot-num indicates the number of the slot where the SPU is installed on the S9300.
The following message is displayed:

******************************************************
* Slot 2 output to mainboard *
******************************************************
Press Ctrl+D to quit
Step 3 Press Enter. The system displays the following information:

The console can not be used now, pleae press Ctrl+Y.
Press Ctrl+Y. The system redirects you to the serial interface of the SPU so that you can log in
to the SPU.
NOTE
To return to the MPU of the S9300, press Ctrl+D.

The serial interface of the SPU can be used as:
l Ingress for redirecting to the SPU from the MPU of the S9300
l Ingress for logging in to the SPU
You can press Ctrl+Y to switch the roles of the serial interface on the SPU. The serial interface can be
function as either the ingress for redirecting to the SPU from the MPU of the S9300 or the ingress for
logging in to the SPU .
----End
3.3 Logging In to the SPU Through Telnet

This topic describes how to log in to the SPU through Telnet.
Telnet supports local and remote login, facilitating maintenance. After setting the Telnet user
of the SPU, a user can log in to the SPU through Telnet from the Ethernet interface or service
interfaces such as XGE sub-interface or the Eth-Trunk sub-interface whose member interfaces
are XGE interfaces, as shown in Figure 3-7.

Figure 3-7 Logging in to the SPU through Telnet on the PC

PC
STC
SPU
PC Crossover
STC cable
SPU
HUB
Crossover
PC cable or
STC optical fiber
SPU
L2 Switch
NOTE
The SPU is a board installed on the S9300. Generally, the ETH port of the SPU is not used to connect to
the network; therefore, the service interface of the SPU is usually used for logging in to the SPU through
Telnet.
In this way, you can configure the user name and password of the Telnet user on the SPU. The
method for configuring a Telnet user on the SPU is the same as that for configuring a Telnet
user on the S9300. For details, see the Quidway S9300 Terabit Routing Switch Configuration
Guide - Basic Configuration.
If you do not configure the Telnet user on the SPU, the user name and password are absent for
the first login through Telnet.
Procedure
Step 1 Set the IP address of the Ethernet interface of the SPU.
You can log in to the SPU by using the following methods:

l Using the console port of the SPU
l Redirecting to the SPU from the S9300
After logging in to the SPU, do as follows:
l Assign an IP address to the ETH port.

1. Run the system-view command to enter the system view.
2. Run the interface interface-type interface-number command to enter the interface view.
Here, Ethernet 0/0/0 is used.
3. Run the ip address ip-address { mask | mask-length } command to set the IP address
of the interface.
l Assign an IP address to the service interface.

The service interface of the SPU is the Eth-Trunk sub-interface whose member interfaces
are XGE interfaces or the XGE sub-interface. The configuration methods of the Eth-Trunk
interface and the XGE sub-interface are different. The details are as follows:
– Assign an IP address to the XGE sub-interface.
2. Run the interface xgigabitethernet interface-number.subinterface-number
command to enter the XGE sub-interface view.
3. Run the ip address ip-address { mask | mask-length } [ sub ] command to assign an
IP address to the XGE sub-interface.
– Assign an IP address to the Eth-Trunk sub-interface whose member interfaces are XGE
interfaces.
2. Run the interface eth-trunk trunk-id command to enter the Eth-Trunk interface
view.
3. Run the trunkport xgigabitethernet { interface-number1 [ to interface-
number2 ] } &<1-8> command to add two virtual interfaces of the SPU to the Eth-
Trunk interface to complete link aggregation.
4. Run the quit command to exit the Eth-Trunk interface view.
5. Run the interface eth-trunk trunk-id.subtrunk-id command to enter the Eth-Trunk
sub-interface view.
6. Run the ip address ip-address { mask | mask-length } [ sub ] command to assign an
IP address to the Eth-Trunk sub-interface.
Step 2 Log in to the SPU through Telnet.
A user can log in to the SPU on the local PC or terminal through Telnet.
1. Open the Command Prompt window on the PC.
Choose Start > Programs > Accessories > Command Prompt. The Command
Prompt window is displayed.
The Command Prompt window displays the following messages:
Microsoft Windows XP [version 5.1.2600]
(c) Versions 1985-2001 Microsoft Corp.
C:\>
2. Access the Telnet client.

At the prompt C:\>, enter Telnet. The Command Prompt window displays the following
messages:
Microsoft Windows XP [Versions 5.1.2600]
(c) Version 1985-2001 Microsoft Corp.
C:\> telnet
Press Enter to access the Telnet client. The Command Prompt window displays the
following messages:
Welcome to use Microsoft Telnet Client
Escape character is ¡¯CTRL+]¡¯
Microsoft Telnet>
3. Connect the Telnet server.

At the prompt Microsoft Telnet>, enter the following command to connect to the Telnet
server. The format is as follows:

open { ip-address | host-name } [ port ]

ip-address: specifies the IP address of a Telnet server.
host-name: specifies the host name of a Telnet server.

port: specifies the number of the interface for the Telnet service on a Telnet server. The
default value is 23.
Exampe:
# Connect to the SPU whose IP address is 1.1.1.1. The default port number is 23.
Welcome to use Microsoft Telnet Client
Escape character is '[CTRL+]'
Microsoft Telnet> open 1.1.1.1
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
Info: The max number of VTY users is 20, and the number
of current VTY users on line is 1.
<Quidway>
----End

Quick Start - SPU 4 Service Features of the SPU
4 Service Features of the SPU
This topic describes all the features supported by the SPU according to the feature description
in each volume (basic configuration, Ethernet, IP service, IP routing, QoS, security, reliability,
device management, network management, and VPN).
Basic Configuration
Feature Description Support Remarks
ed by
the SPU
Only
File A file system manages No The feature of the SPU is the same as that
system files and directories in the of the S9300. For details, see
storage device. In the file Management of Configuration Files in the
system, you can create, Quidway S9300 Terabit Routing Switch
delete, modify, and Configuration Guide - Basic
rename a file or a Configuration.
directory, and display
contents of a file.
Login In the case that the No The feature of the SPU is the same as that
throug network is unreachable, a of the S9300. To log in to the SPU through
h the user needs to log in to the the console interface, see 3.1 Logging In
Console SPU through the console to the SPU Through the Console
interfac interface. Interface.
e
Login In the case that the No The feature of the SPU is the same as that
throug network is reachable, a of the S9300 in some aspects. The
h Telnet user can log in to the SPU difference is as follows: A user can
on the local PC or configure the IP address of the Ethernet
through Telnet. interface on the SPU by logging in to the
MPU of the S9300. To log in to the SPU
through Telnet, see 3.3 Logging In to the
SPU Through Telnet.

4 Service Features of the SPU Quick Start - SPU

ed by
the SPU
Only
SSH The SSH supports secure No The feature of the SPU is the same as that
login local and remote login. of the S9300. For details, see
The SPU supports the Configuration of the SSH Server and
route iteration by the Client in the Quidway S9300 Terabit
BGP. Routing Switch Configuration Guide -
Basic Configuration.
Ethernet
ed by
the SPU
Only
MAC A MAC address table No The feature of the SPU is the same as that
stores the MAC of the S9300. For details, see MAC
addresses of other Address Table Configuration in the
devices learned by the Quidway S9300 Terabit Routing Switch
S9300, VLAN IDs, and Configuration Guide - Ethernet.
outbound interfaces that
are used to send data.
Before forwarding the
data, the SPU searches
the MAC address table
based on the destination
MAC address and the
VLAN ID of the data to
find the corresponding
outgoing interface
rapidly. This reduces the
number of broadcast
packets.
ARP The Address Resolution No The feature of the SPU is the same as that
Protocol (ARP) provides of the S9300. For details, see ARP
a mapping between an IP Configuration in the Quidway S9300
address and a MAC Terabit Routing Switch Configuration
address. Guide - Ethernet.


ed by
the SPU
Only
Link Link aggregation refers No The feature of the SPU is the same as that
aggrega to a method of binding a of the S9300. For details, see Link
tion group of physical Aggregation Configuration in the
interfaces together as a Quidway S9300 Terabit Routing Switch
logical interface to Configuration Guide - Ethernet.
increase the bandwidth.
By setting up a link
aggregation group
between two devices,
you can obtain higher
bandwidth and
reliability.
IP Services
Feature Description Suppor Remarks
ted by
the SPU
Only
IP This feature provides IP No The SPU supports setting IP addresses on

address addresses of interfaces. sub-interfaces and tunnel interfaces only.
setting For the configuration method, see the
Configuration Guide - IP Services.
IP Routing
ted by
the SPU
Only
IPv4 This feature provides No The feature of the SPU is the same as that
unicast IPv4 static and dynamic of the S9300. For details, see the Quidway
static routing protocols to S9300 Terabit Routing Switch
routes, implement interworking Configuration Guide - IP Routing.
RIP, at Layer 3.
OSPF,
IS-IS,
and
BGP


ted by
the SPU
Only
Routing A routing policy is used No The feature of the SPU is the same as that
policies to change the path that the of the S9300. For details, see the Quidway
and traffic passes through. S9300 Terabit Routing Switch
policy- Different from the Configuration Guide - IP Routing.
based routing mechanism based
routing on the destination
addresses of IP packets,
the policy-based routing
is a mechanism based on
the customized routing
policies.
Route The route iteration is a No The feature of the SPU is the same as that
iteration process of finding a of the S9300. For details, see the Quidway
dependent route S9300 Terabit Routing Switch
according to the next hop Configuration Guide - IP Routing.
address. The SPU
supports route iteration
by the BGP.
QoS
ted by
the SPU
Only
Names During traffic No The feature of the SPU is the same as that
of the classification, packets of the S9300. For details, see the Quidway
traffic sharing common features S9300 Terabit Routing Switch
classific are classified into a class Configuration Guide - QoS.
ation, by matching the
traffic information carried in
behavio packets with the specific
r, and rule. The packets of the
traffic same class provide QoS
policy services for traffic of the
same type, and thus
provide differentiated
services for different
services.


ted by
the SPU
Only
Priority The packets are sent to No The feature of the SPU is the same as that
mappin different interface queues of the S9300. For details, see the Quidway
g according to the internal S9300 Terabit Routing Switch
priority, and then traffic Configuration Guide - QoS.
shaping, congestion
avoidance, and queue
scheduling are performed
for the queues.
Security
ted by
the SPU
Only
ACL The ACL classifies No The feature of the SPU is the same as that
packets based on the of the S9300. For details, see the Quidway
rules defined by the ACL. S9300 Terabit Routing Switch
After these rules are Configuration Guide - Security.
applied to interfaces, the
device can determine
which packets to accept
and which to deny.
IPSec By establishing the SA, Yes -

data can be encrypted and
data sources can be
authenticated at the IP
layer to ensure
confidentiality, data
integrity, data source
authentication, and anti-
replay for packets during
transmission across the
network.


ted by
the SPU
Only
URPF URPF obtains the source No The feature of the SPU is the same as that
IP address and the of the S9300. For details, see the Quidway
inbound interface of the S9300 Terabit Routing Switch
packet and checks Configuration Guide - Security.
whether the inbound
interface corresponding
to the source IP address in
the forwarding table
matches the actual
inbound interface of the
packet. If they do not
match, URPF considers
the source IP address as a
pseudo address and
discards the packet. In
this way, URPF can
efficiently protect the
network against vicious
attacks initiated by
modifying the source
address.
NAT The NAT maps a few Yes -

public IP addresses to
more private IP
addresses. This can
temporarily solve the
problems resulted from
IP address shortage.
Firewall The firewalls are Yes -

deployed to prevent
against most attacks from
external networks by
using packet filtering,
whitelists, blacklists, and
attack defense. In this
way, the security risks
confronted during
transmission across
networks can be avoided.

Reliability
ted by
the SPU
Only
BFD The Bidirectional No The feature of the SPU is the same as that
Forwarding Detection of the S9300. For details, see the Quidway
(BFD) is a detection S9300 Terabit Routing Switch
mechanism used Configuration Guide - Reliability.
uniformly on an entire
network. It is used to
rapidly detect and
monitor the connectivity
of links or IP routes on a
network. A
communication failure
between adjacent
systems must be detected
quickly and the standby
tunnel must be created
faster for communication
recovery.
VRRP By separating physical No The feature of the SPU is the same as that
devices from logical of the S9300. For details, see the Quidway
devices, the Virtual S9300 Terabit Routing Switch
Router Redundancy Configuration Guide - Reliability.
Protocol (VRRP)
implements route
selection among multiple
egress gateways. In this
manner, services are not
affected when a gateway
is faulty, and the
configuration of the
routing protocol does not
need to be changed.
Load The load balancing Yes -

balancin function allocates traffic
g to multiple network
devices or links through
the specific load
balancing algorithm. In
this manner, the overall
network performance is
improved.


ted by
the SPU
Only
Two- An active device and a Yes -

node standby device run
cluster simultaneously to back
backup up the link data of the
other party. When a
device is faulty, data
flows can be switched to
another device smoothly.
This prevents service
interruption.
Device Management
ted by
the SPU
Only
Interfac A packet passing through No The feature of the SPU is the same as that
e a mirroring interface is of the S9300. For details, see the Quidway
mirrorin copied and then sent to a S9300 Terabit Routing Switch
g specified observing Configuration Guide - Device
interface for analysis and Management.
monitoring.
Board Manage registration, Yes -

and initialization, and
interfac initiation of boards.
e Manage interface
manage attributes.
ment

Network Management
ted by
the SPU
Only
NetStre NetStream is a No Another NetStream with other

am technology of collecting specifications supported by the S9300 is
and releasing statistics also supported by the SPU. For details, see
about network traffic. It the Quidway S9300 Terabit Routing
classifies the statistics Switch Configuration Guide - Network
about traffic flows and Management.
resource usage on the
network. NetStream also
manages the network and
conducts charging based
on types of services and
QoS.
Ping and The ping command is No The feature of the SPU is the same as that
Tracert used to check network of the S9300. For details, see the Quidway
connectivity and whether S9300 Terabit Routing Switch
a host is reachable. Configuration Guide - Network
Tracert is used to check Management.
IP addresses and the
number of gateways
between the source and
the destination. Tracert is
helpful in testing network
reachability and locating
the fault on the network.
SNMP SNMP defines how No

management information The feature of the SPU is the same as that
is transmitted between of the S9300. For details, see the Quidway
the network management S9300 Terabit Routing Switch
station and the agent Configuration Guide - Network
through the MIB. Management.

VPN
ted by
the SPU
Only
GRE GRE uses the tunnel No The feature of the SPU is the same as that
technololgy to of the S9300. For details, see the Quidway
encapsulate packets of S9300 Terabit Routing Switch
some network protocols Configuration Guide - VPN.
such as IP and IPX. In
this manner, the
encapsulated packets can
be transmitted on
networks supporting
other protocols such as
IP.

Quick Start - SPU 5 Replacing an SPU
5 Replacing an SPU
This topic describes precautions and procedure for replacing an SPU.
Precautions
Before replacing an SPU, pay attention to the following points:
Before replacing an SPU, prepare an SPU with the same specifications of the SPU to be replaced.
Tools
l ESD-preventive wrist straps or gloves
l ESD-preventive bag
Procedure
Step 1 Check the position of the SPU to be replaced.
Before removing the SPU that you need to replace, check the position of the the cabinet, chassis,
and slot where the SPU is installed.
l An S9312 has 12 LPU slots, which are numbered from 1 to 12.

Find out the SPU to be replaced in the chassis and attach a label to identify the SPU.
Step 2 Check whether there is any bent pin in the connector of the new SPU.
Step 3 Remove the cable from the SPU.
Step 4 Remove the SPU to be replaced from the chassis.

1. Wear ESD-preventive wrist straps and connect the grounding terminal to the ESD jack on
the chassis.
2. Hold the left and right ejector levers of the board with your hands. Press the springs of the
ejector levers to loosen the ejector levers. Turn the ejector levers of the SPU outwards.
When the ejector levers and the panel form a 45-degree angle, the SPU is removed from
the backplane, as shown in (2) of Figure 5-1.

5 Replacing an SPU Quick Start - SPU
CAUTION
l During the operation, remove the SPU slowly and smoothly to prevent it from colliding
with other boards and causing failures of the running boards.
l When swapping an SPU, do not touch the parts on the SPU to prevent it from being
damaged.
3. Hold the two ejector levers and pull out the SPU smoothly from the chassis along the guide
rail of the slot, as shown in (2) of Figure 5-1.
4. Place the removed board in the ESD-preventative bag.
Figure 5-1 Schematic diagram of removing an SPU
Step 5 Install the new SPU into the chassis.

1. Take out the new SPU from the ESD-preventive bag.
CAUTION
l During the operation, install the SPU slowly and smoothly to prevent it from colliding
with other boards and causing failures of the running boards.
l When swapping an SPU, do not touch the parts on the SPU to prevent it from being
damaged.
2. Hold the two ejector levers and insert the SPU smoothly into the chassis along the guide
rail of the slot, as shown in (1) of Figure 5-2. Push the SPU until the bayonets of the ejector
levers touch the edges of the chassis.
3. Secure the bayonets of the ejector levers on the edges of the chassis, and then push the
ejector levers inwards until you hear a click, as shown in (2) of Figure 5-2.

Quick Start - SPU 5 Replacing an SPU
Figure 5-2 Schematic diagram of installing an SPU
Step 6 Connect the cables to the corresponding interfaces in the original sequence.
Step 7 Check the running status of the new SPU.
In normal situations, after the new SPU is installed into the chassis, the SPU automatically
communicates with the MPU. In this case, check the running status of the new SPU as follows:
l If the RUN/ALM indicator on the panel of the SPU is green and blinks at the frequency of
0.5 Hz, it indicates that the SPU is running normally.
l You can check the alarms. In normal situations, the system does not generate any alarm
related to the new SPU.
l Run the display device command on the client after logging in to the SPU to view the running
status of the new SPU. If the output is displayed as follows, it indicates that the SPUs in the
corresponding slots are running normally.
<Quidway> display device
Step 8 Check service operations.
----End
Postrequisite
After finishing the replacement, put all the tools away. If an SPU that is replaced is confirmed
to be faulty, maintainers should fill in the Faulty Card for Repair, and mail the card and the
faulty SPU together to Huawei local office for timely maintenance.

Quick Start - SPU 6 Technical Specifications of the SPU
6 Technical Specifications of the SPU
About This Chapter
This topic describes system parameters and technical specifications of the SPU.
6.1 System Configurations of the SPU

This topic describes the processor, DRAM, flash, CF card, and forwarding capability of the
SPU.
6.2 Technical Specifications of the SPU
This topic describes the software service features (Ethernet services, QoS, ACL, L3VPN, IP
unicast, and reliability services) and hardware (integrated system reliability) technical
specifications of the SPU.

6 Technical Specifications of the SPU Quick Start - SPU
6.1 System Configurations of the SPU

This topic describes the processor, DRAM, flash, CF card, and forwarding capability of the
SPU.
Table 6-1 describes system configurations of the SPU.
Table 6-1 System configurations of the SPU
Description Example Remarks
Processor Two multi-kernal CPUs. Two CPUs

Each CPU is configured with
16 kernals. The dominant
frequency is 600 MHz.
DDR2 DRAM 16 GB (8 bit, 2 x 4 GB). Each -

CPU is connected to a
memory of 8 GB.
Flash 64 MB -
CF card 512 MB A CF card serves as a mass

storage device to save data
files and logs.
Forwarding capability 10 Gbit/s -
6.2 Technical Specifications of the SPU

This topic describes the software service features (Ethernet services, QoS, ACL, L3VPN, IP
unicast, and reliability services) and hardware (integrated system reliability) technical
specifications of the SPU.
Table 6-2 describes the software service features and hardware technical specifications of the
SPU.
Table 6-2 Software service features and hardware technical specifications of the SPU
Attribute Service Feature Technical Specification
Ethernet service Number of MAC addresses 128,000

performance
Number of trunk groups and Two trunk groups, each of which
maximum number of interfaces supports a maximum of two
supported by each trunk group interfaces
Rate of learning MAC addresses 3000 addresses/second
Number of ARPs 16,000
QoS performance CAR 8 kbit/s

Quick Start - SPU 6 Technical Specifications of the SPU
Attribute Service Feature Technical Specification
ACL ACLv4 Global: 32 thousand
VPN VRF 1000
VPN route 230,000
IP unicast Routing entries 230 thousand
IPv4 FIB 144 thousand
Reliability BFD Number of static sessions of the

service BFD: 32
Minimum fault discovery interval:
less than 100 ms
VRRP l VRRP groups: 255

l VRRP management groups: 16
l Virtual IP addresses in each
VRRP group: 16
l Minimum switchover interval:
3s if the BFD is not used; 100 ms
if BFD for VRRP is used.


Quick Start - SPU (V100R003C00 - 02)

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Quick Start - SPU (V100R003C00 - 02)

Transféré par

Droits d'auteur :

Formats disponibles

Quidway S9300 Terabit Routing Switch

Quick Start - SPU

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 02 (2010-07-15) Huawei Proprietary and Confidential i

About This Document

Indicates a hazard with a high level of risk, which if not

Indicates a hazard with a medium or low level of risk, which

Indicates a potentially hazardous situation, which if not

NOTE Provides additional information to emphasize or supplement

Issue 02 (2010-07-15) Huawei Proprietary and Confidential iii

Changes in Issue 02 (2010-07-15)

Changes in Issue 01 (2010-04-30)

iv Huawei Proprietary and Confidential Issue 02 (2010-07-15)

About This Document...................................................................................................................iii

2 Hardware Structure of the SPU...............................................................................................2-1

3 Logging In to the SPU...............................................................................................................3-1

4 Service Features of the SPU......................................................................................................4-1

Issue 02 (2010-07-15) Huawei Proprietary and Confidential v

Figure 1-1 Processing packets by the SPU...........................................................................................................1-2

Issue 02 (2010-07-15) Huawei Proprietary and Confidential vii

Table 2-1 Buttons and indicators on the VAMPA panel......................................................................................2-2

Issue 02 (2010-07-15) Huawei Proprietary and Confidential ix

1 Overview of the SPU

About This Chapter

1.1 Introduction to the SPU

Issue 02 (2010-07-15) Huawei Proprietary and Confidential 1-1

1.1 Introduction to the SPU

1.2 Functions and Typical Applications of the SPU

Figure 1-1 Processing packets by the SPU

Switching Packets MPU

Processing Packets SPU

1-2 Huawei Proprietary and Confidential Issue 02 (2010-07-15)

The VAMPA provides the following functions:

The SPU is applicable to the following solutions.

Figure 1-2 Networking of server load balancing

Issue 02 (2010-07-15) Huawei Proprietary and Confidential 1-3

Figure 1-3 Networking of egress link load balancing

Figure 1-4 Networking of IPSec

1-4 Huawei Proprietary and Confidential Issue 02 (2010-07-15)

Figure 1-5 Networking of NAT

WWW FTP SMTP

Issue 02 (2010-07-15) Huawei Proprietary and Confidential 1-5

Figure 1-6 Networking of the virtual firewall

VLAN2 VLAN3 VLAN4

Interior Interior Interior

FTP WWW Telnet

1-6 Huawei Proprietary and Confidential Issue 02 (2010-07-15)

Figure 1-7 Networking of the firewall in transparent mode

Issue 02 (2010-07-15) Huawei Proprietary and Confidential 1-7

Figure 1-8 Networking of firewalls in backup mode

1-8 Huawei Proprietary and Confidential Issue 02 (2010-07-15)

Figure 1-9 Monitoring MPLS network traffic

Issue 02 (2010-07-15) Huawei Proprietary and Confidential 1-9

Figure 1-10 Monitoring traffic carried by a tunnel

Tunnel FTP Server

1-10 Huawei Proprietary and Confidential Issue 02 (2010-07-15)

2 Hardware Structure of the SPU

About This Chapter

Issue 02 (2010-07-15) Huawei Proprietary and Confidential 2-1

Figure 2-1 VAMPA panel