H3C SR6600 Router Series

H3C SR6600 multi-core router series is a set of core routers provided by H3C for carrier, governments, power, finance, education, and enterprise customers. It is the first router series that uses the multi-core multi-threading architecture. Its brand-new hardware platform and service-oriented design meet the diversified requirements of users for future expansion, suiting the IT construction status quo and development trend.

The series uses a distributed architecture for processing all services. All services are provided by the FIP modules. No extra service modules are required. The H3C Apollo core chipset integrates routing and service processing to ensure high performance service forwarding. The SR6600 uses Comware V7 network operating system that allows for multiple CPUs, distributed computing, modular design, high available architecture, virtualization, and openness.

The SR6600 series has two models: SR6604 and SR6608.

Learn more Show less
SR6604
SR6604
SR6608
SR6608
  • Features
  • Specification
  • Ordering Information
  • Resources
  • Software

Features

First multi-core high-end router in the industry

The series is the first router series that uses the multi-core multi-threading architecture. This architecture greatly improves performance, agility, and programmability and brings ease of use, enabling the series to provide flexible L4 to L7 features. Hardware acceleration speeds up processing of security services and services at the link layer, allowing processors to focus on critical L4 to L7 services.

With all the features, the series can respond well to new services in the future and perfectly adapt itself to network development.

New generation network operating system

* Multiple cores, symmetrical multi-processing (SMP), Comware V7 platform, and independent processing allow for dynamic loading and independent upgrade. Sophisticated management ensures system availability and performance.

* Comware V7 platform ensures the performance for key services in real time by reserving dedicated CPU sets for key services. Priority scheduling ensures that the key services that require real-time processing are processed even when the CPU is highly loaded.

* Comware V7 supports distributed computing. Global protocols such as MPLS and BGP can be distributed to CPUs on different MPUs. Distributed computing ensures high system performance.

Fully distributed processing architecture

Separation of routing engine, service engine, and forwarding engine, and separation of the control plane and service plane ensure that services are not interrupted during active and standby MPU switchover. NAT, IPSec, and NetStream services are processed independently by the separate engines, which improves system processing performance and ensures high availability.

WAN IRF2

Intelligent Resilient Framework 2 (IRF2) virtualizes two SR6600 routers into one device. IRF2 virtualization reduces network maintenance costs, simplifies network configuration, and improves link bandwidth and device utilization.

Link aggregation on distributed devices provides load balancing and backup for multiple uplinks. Aggregation links support various services, such as QoS, NetStream analysis, NAT, and data encryption.

Patented stateful failover technology enables real-time backup and uninterrupted Layer 3 forwarding on the control plane and data plane. Stateful failover increases reliability and performance of the virtual architecture, reduces single point of failure, and prevents service interruption.

High port density and enhanced aggregation capability

With the RPE-X3 architecture and four-slot service modules, the series can support a maximum of 16 high-speed MIC-X interface modules and provide the best WAN port aggregation capability among routers of the same kind.

Industry-leading encryption performance

All the service modules of the series are encrypted by the built-in hardware to achieve high-performance IPSec encryption. This ensures secure transmission of traffic in WANs and the internal network without increasing the cost.

Outstanding routing capability

The series provides large capacity for routing entries, various routing policies, and advanced policy routing. Outstanding routing performance ensures flexible control and scheduling, meeting various service requirements for carriers and enterprises. The SR6600 supports IPv4 and IPv6 static and dynamic routing protocols, such as RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-ISv6, and BGP/BGP4+.

Abundant VPN features

The series supports L2TP, IPsec, GRE, and independent encryption core to enhance encryption performance and increase tunnel capacity to meet encryption gateway requirements. These features enhance transmission security without increasing costs.

Traditional VPN is less flexible because an access device cannot obtain the public IP address of the peer end during the registration. Traditional VPN is hard to maintain because it requires N2 connections for a full meshed network. The series provides the Auto Discovery Virtual Private Network (ADVPN) solution. ADVPN allows the access routers that use dynamic IP addresses to build VPNs between branches. ADVPN increases network flexibility and simplifies maintenance operation. ADVPN also supports features such as NAT traversal, security authentication, IPsec encryption, and multi-VPN domains.

To remove complexities caused by the exponential increase of IKE SAs and IPSec SAs, the series uses the GDVPN solution that offers a group-based IPSec model. GDVPN encapsulates a new IP header that is the same as the original IP header for packets without changing the original IP header, retaining the original routing structure and enhancing QoS performance. GDVPN uses tunnel-less connections and performs one-time encryption on each multicast packet instead of sending an encryption packet to each peer, which improves multicast efficiency.

The SR6600 supports MPLS features such as L2VPN, L3VPN, and MPLS TE, and can cooperate with other router models to provide various high-performance and secure MPLS VPN solutions.

All-around network security protection

The series ensures service security by using FIP modules. FIP modules cooperate with the RSE-X3 MPU and Comware V7 software to take over all the services on traditional service modules, which reduces costs and simplifies management.

The routers provide the following built-in security features:

* Firewall features—Packet filtering firewall, status firewall, attack packet filtering, and log filtering. ACL accelerating algorithm minimizes the ACL filtering impact on firewall performance.

* Built-in anti-attack features:

* Anti-single packet attacks—Protects the networks against single packet attacks, such as the Fraggle, ICMP redirect, ICMP unreachable, LAND, large ICMP, route record, smurf, source route, TCP flag, Tracert, and WinNuke.

* Anti-scanning attacks—Prevents attackers from scanning the host IP addresses and ports to avoid topology and service detecting.

* Anti-flooding attacks—Prevents SYN flood, ICMP flood, and UDP flood.

* Blacklist features—Filters attacking packets based on source IP addresses. Filters out the attacking packets sent from specific source IP addresses.

* User tracking—Monitors user behaviors based on the logs and the IMC UBAS solution.

Smart bandwidth management

In primary/backup networks, smart bandwidth management routes traffic to the backup network based on the policies when traffic load on the primary network is heavy.

Smart bandwidth management provides the following features:

* Unequal cost multiple path (UCMP)—Manages bandwidth usage based on weight. Traffic is directed to paths based on the bandwidth of the path.

* Bandwidth reservation and resource sharing—Bandwidth is reserved for services. Remaining bandwidth is used for traffic burst after the reserved bandwidth is used up.

* Hierarchical CAR—Allows for bandwidth reallocation, improving bandwidth utilization.

Carrier-class availability

The series uses distributed architecture and provides redundancy for MPUs, switching fabric modules, power modules and hot-swapping for MPUs, services cards, and power modules. The control plane and service plane are separated. Faulty hardware is automatically isolated.

The series provides various high availability software features listed in the following table.

Specification

Hardware specifications

Item

SR6604

SR6608

Chassis

Integrated chassis, which can be installed in a 19-inch rack. Distributed service architecture.

Integrated chassis, which can be installed in a 19-inch rack. Distributed service architecture.

MPU slots

2 (1+1 redundancy)

2 (1+1 redundancy)

Service module slots

2

4

Maximum interface module slots on service modules

8

16

Forwarding Performance IMIX Mbps

80 Gbps

160 Gbps

Forwarding capacity

30 Mpps

60 Mpps

Power module

1+1 redundancy

Smart power management

1+1 redundancy

Smart power management

Rated AC power

100 to 240 VAC @ 50 Hz/60 Hz

100 to 240 VAC @ 50 Hz/60 Hz

Rated DC power

–48 to –60 VDC

–48 to –60 VDC

Operating altitude

–60 to +5000 m (–196.85 to +16404.20 ft)

–60 to +5000 m (–196.85 to +16404.20 ft)

EMC

FCC Part 15 (CFR 47) CLASS A

ICES-003 CLASS A

VCCI CISPR32 CLASS A

CISPR 32 CLASS A

EN 55032 CLASS A

AS/NZS CISPR32 CLASS A

CISPR 24

EN 55024

EN 61000-3-2

EN 61000-3-3

EN 61000-6-1

ETSI EN 300 386

EN 301 489-1

EN 301 489-17

FCC Part 15 (CFR 47) CLASS A

ICES-003 CLASS A

VCCI CISPR32 CLASS A

CISPR 32 CLASS A

EN 55032 CLASS A

AS/NZS CISPR32 CLASS A

CISPR 24

EN 55024

EN 61000-3-2

EN 61000-3-3

EN 61000-6-1

ETSI EN 300 386

EN 301 489-1

EN 301 489-17

Security

UL 60950-1

CAN/CSA C22.2 No 60950-1

IEC 60950-1

EN 60950-1/A11

AS/NZS 60950

EN 60825-1

EN 60825-2

FDA 21 CFR Subchapter J

GB 4943

UL 60950-1

CAN/CSA C22.2 No 60950-1

IEC 60950-1

EN 60950-1/A11

AS/NZS 60950

EN 60825-1

EN 60825-2

FDA 21 CFR Subchapter J

GB 4943

Software specifications

Item

SR6608

Layer 2 Protocol

ARP: Dynamic ARP, static ARP, proxy ARP, and gratuitous ARP

Ethernet and sub interface VLAN

PPPoE server

QinQ termination

VLAN

Port mirroring

IP service

TCP, UDP, IP option, and IP unnumber

Policy routing

Layer 3 Ethernet interface binding

IP routing

Static routing

RIPv1, RIPv2, OSPFv2, BGP, IS-IS, EIGRP

Recursive route

ECMP

UCMP

BGP GTSM

ISIS MTR

IPv4 multicast

IGMPv1/v2/v3

PIM-DM, PIM-SM, PIM-SSM

MSDP

MBGP

Static multicast routing

Multicast host tracking

IP application

DHCP server, DHCP relay, and DHCP client

DNS client

NTP server and client

Telnet server and client

TFTP server and client

FTP server and client

UDP helper

IPv6

Basic functions: IPv6 ND, IPv6 PMTU, dual stack forwarding, IPv6 ACL, and DHCPv6 server/proxy

IPv6 tunnel technologies, IPv6 manual tunnels, IPv6-over-IPv4, GRE tunnels, automatic IPv4-compatible IPv6 tunnels, 6to4 tunnels, ISATAP tunnels, and 6PE

6VPE (IPv6 MPLS L3VPN)

NATPT

Static routing

Dynamic routing protocols: RIPng, OSPFv3, IS-ISv6, and BGP4+

IPv6 multicast protocols: MLDv1/v2, PIM6-DM, PIM6-SM, and PIM6-SSM

QoS

Flow classification based on port, MAC address, IP address, IP priority, DSCP priority, TCP/UDP, and protocol type

Traffic management: CAR rate limiting and configurable granularity

Rate limiting based on the source and destination addresses (supporting network segment limiting)

GTS traffic shaping

Priority marking/remarking

Queue scheduling mechanisms: FIFO, PQ, CQ, WFQ and RTPQ, and CBWFQ

Congestion avoidance: Tail-Drop and WRED

LR rate limiting

MPLS QoS

IPv6 QoS

QoS policy propagation on BGP (QPPB)

Security

Time-based access control

Packet filtering firewall

ASPF state firewall

Local TCP anti-attack

Control plane rate limiting

URPF

Web filtering

Hierarchical user management and password protection

AAA

RADIUS

TACACS+

Portal authentication (EAD association and portal fail-permit)

PKI certificate

SSH 1.5/2.0

RSA

IPsec, IPsec multi-instance, and IKE

BGP/BGP4+ (supporting GTSM)

Password control

Attack detection and defense

IP service features

NAT, NAT multi-instance, VPN NAT, and NAT logs

Session limiting

GRE tunnel (one-to-many application)

IPsec tunnel

L2TP tunnel

NetStreamv5/v8/v9 format and IPv4/IPv6/MPLS packet statistics

ADVPN

GDVPN

EVI

SDN

MPLS

L3VPN: Multi-AS MPLS (Option1/Option2/Option3), hierarchical MPLS VPN, hierarchical PE (HoPE), dual-homing CE, MCE, and multi-role host

L2VPN: VPLS, Martini, Kompella, CCC, and SVC

VPLS/H-VPLS

MPLS TE and RSVP TE

Multicast VPNs, NG-MVPN

SDN

BGP-LS

Segment-routing

VXLAN

EVPN

Availability

Redundancy backup for critical components including MPUs and power modules

VRRP/VRRPv3

FRR

IGP fast convergence

BFD

ISSU

IRF2

GR

NSR

NSF

EAA

Ethernet OAM

Software hot fixes

Hot swapping for MPUs, line cards, interface modules, power modules, and fan trays

Management and maintenance

Command line configuration

Configuration through the console port

Remote configuration and maintenance through Telnet

SNMPv1/v2/v3

Web-based configuration and management

RMON, supporting 1, 2, 3, or 9 MIB groups

System logs

Alarm classification

Ping and Tracert

NQA (supporting association with VRRP, policy routing, and static routing)

Fan status detection, maintenance, and notifications

Power module status detection, maintenance, and notification

CF card status detection and maintenance

Ambient temperature detection and notification

File system

FAT format

CF card

USB (connecting external storage device)

Loading and upgrading

Xmodem

FTP and TFTP

Ordering Information

Item

Description

Remarks

Chassis

H3C SR6604 router

H3C SR6608 router

Power module

H3C PSR650A DC power module, 650W

H3C PSR650D AC power module, 650W

MPU

MPU RPE-X3 (2G DDR3, 1CON&AUX, 1GE Mgt, 1MiniUSBCON, 1USB)

Carrier

SR6600 Chassis Accessories(for RPE-X3)

Switching fabric module

H3C SR6600 switching fabric module

Service module

RT-FIP-380 multi-service FIP module

MIC-X interface module

4-port GE optical + 4-port GE copper interface module (SFP, LC, RJ45)(MIC-X)

8-port GE optical interface module (SFP, LC)(MIC-X)

8-port GE copper interface module (RJ-45)(MIC-X)

10-port GE optical interface module (SFP, LC)(MIC-X)

4-port GE optical interface module (SFP+, LC)(MIC-X)

2-port 10GE optical interface module (SFP+, LC)(MIC-X)

4-port 10GE optical interface module (SFP+, LC)(supports LAN/WAN mode)(MIC-X)

Resources

Software