First multi-core high-end router in the industry
The series is the first router series that uses the multi-core multi-threading architecture. This architecture greatly improves performance, agility, and programmability and brings ease of use, enabling the series to provide flexible L4 to L7 features. Hardware acceleration speeds up processing of security services and services at the link layer, allowing processors to focus on critical L4 to L7 services.
With all the features, the series can respond well to new services in the future and perfectly adapt itself to network development.
New generation network operating system
Multiple cores, symmetrical multi-processing (SMP), Comware V7 platform, and independent processing allow for dynamic loading and independent upgrade. Sophisticated management ensures system availability and performance.
Comware V7 platform ensures the performance for key services in real time by reserving dedicated CPU sets for key services. Priority scheduling ensures that the key services that require real-time processing are processed even when the CPU is highly loaded.
Comware V7 supports distributed computing. Global protocols such as MPLS and BGP can be distributed to CPUs on different MPUs. Distributed computing ensures high system performance.
Fully distributed processing architecture
Separation of routing engine, service engine, and forwarding engine, and separation of the control plane and service plane ensure that services are not interrupted during active and standby MPU switchover. NAT, IPSec, and NetStream services are processed independently by the separate engines, which improves system processing performance and ensures high availability.
Intelligent Resilient Framework 2 (IRF2) virtualizes two SR6600 routers into one device. IRF2 virtualization reduces network maintenance costs, simplifies network configuration, and improves link bandwidth and device utilization.
Link aggregation on distributed devices provides load balancing and backup for multiple uplinks. Aggregation links support various services, such as QoS, NetStream analysis, NAT, and data encryption.
Patented stateful failover technology enables real-time backup and uninterrupted Layer 3 forwarding on the control plane and data plane. Stateful failover increases reliability and performance of the virtual architecture, reduces single point of failure, and prevents service interruption.
High port density and enhanced aggregation capability
With the RPE-X3 architecture and four-slot service modules, the series can support a maximum of 16 high-speed MIC-X interface modules and provide the best WAN port aggregation capability among routers of the same kind.
Industry-leading encryption performance
All the service modules of the series are encrypted by the built-in hardware to achieve high-performance IPSec encryption. This ensures secure transmission of traffic in WANs and the internal network without increasing the cost.
Outstanding routing capability
The series provides large capacity for routing entries, various routing policies, and advanced policy routing. Outstanding routing performance ensures flexible control and scheduling, meeting various service requirements for carriers and enterprises. The SR6600 supports IPv4 and IPv6 static and dynamic routing protocols, such as RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-ISv6, and BGP/BGP4+.
Abundant VPN features
The series supports L2TP, IPsec, GRE, and independent encryption core to enhance encryption performance and increase tunnel capacity to meet encryption gateway requirements. These features enhance transmission security without increasing costs.
Traditional VPN is less flexible because an access device cannot obtain the public IP address of the peer end during the registration. Traditional VPN is hard to maintain because it requires N2 connections for a full meshed network. The series provides the Auto Discovery Virtual Private Network (ADVPN) solution. ADVPN allows the access routers that use dynamic IP addresses to build VPNs between branches. ADVPN increases network flexibility and simplifies maintenance operation. ADVPN also supports features such as NAT traversal, security authentication, IPsec encryption, and multi-VPN domains.
To remove complexities caused by the exponential increase of IKE SAs and IPSec SAs, the series uses the GDVPN solution that offers a group-based IPSec model. GDVPN encapsulates a new IP header that is the same as the original IP header for packets without changing the original IP header, retaining the original routing structure and enhancing QoS performance. GDVPN uses tunnel-less connections and performs one-time encryption on each multicast packet instead of sending an encryption packet to each peer, which improves multicast efficiency.
The SR6600 supports MPLS features such as L2VPN, L3VPN, and MPLS TE, and can cooperate with other router models to provide various high-performance and secure MPLS VPN solutions.
All-around network security protection
The series ensures service security by using FIP modules. FIP modules cooperate with the RSE-X3 MPU and Comware V7 software to take over all the services on traditional service modules, which reduces costs and simplifies management.
The routers provide the following built-in security features:
Firewall features—Packet filtering firewall, status firewall, attack packet filtering, and log filtering. ACL accelerating algorithm minimizes the ACL filtering impact on firewall performance.
Built-in anti-attack features:
Anti-single packet attacks—Protects the networks against single packet attacks, such as the Fraggle, ICMP redirect, ICMP unreachable, LAND, large ICMP, route record, smurf, source route, TCP flag, Tracert, and WinNuke.
Anti-scanning attacks—Prevents attackers from scanning the host IP addresses and ports to avoid topology and service detecting.
Anti-flooding attacks—Prevents SYN flood, ICMP flood, and UDP flood.
Blacklist features—Filters attacking packets based on source IP addresses. Filters out the attacking packets sent from specific source IP addresses.
User tracking—Monitors user behaviors based on the logs and the IMC UBAS solution.
Smart bandwidth management
In primary/backup networks, smart bandwidth management routes traffic to the backup network based on the policies when traffic load on the primary network is heavy.
Smart bandwidth management provides the following features:
Unequal cost multiple path (UCMP)—Manages bandwidth usage based on weight. Traffic is directed to paths based on the bandwidth of the path.
Bandwidth reservation and resource sharing—Bandwidth is reserved for services. Remaining bandwidth is used for traffic burst after the reserved bandwidth is used up.
Hierarchical CAR—Allows for bandwidth reallocation, improving bandwidth utilization.
The series uses distributed architecture and provides redundancy for MPUs, switching fabric modules, power modules and hot-swapping for MPUs, services cards, and power modules. The control plane and service plane are separated. Faulty hardware is automatically isolated.
The series provides various high availability software features listed in the following table.