Advanced system architecture
The system architecture incorporates the following advanced designs:
Clos multistage and multi-plane switching architecture—delivers great bandwidth scalability.
Orthogonal interconnection of switching fabric modules and service modules—Traffic between service modules is sent directly to the switching fabric modules through the orthogonal interconnectors, without cabling on the backplane, which significantly reduces signal loss and improves bandwidth efficiency. This design offers great bandwidth and capacity scalability, allowing the system capacity to be expanded to 100 Tbps.
Compliant with 40GE and 100GE Ethernet standards—Enables the system to satisfy the growing demands of non-blocking campus networks.
Switching fabric module independency and redundancy—Independence between switching fabric modules and control engines maximizes the system availability and ensures bandwidth expansion.
Fan tray and power module redundancy—Guards the switch against unexpected fan tray and power module failures and significantly enhances system availability.
The switch innovatively uses distributed control engines, detection engines, and maintenance engines to deliver powerful control capability and millisecond-level HA.
Distributed control engines—Each service module is integrated with a strong control and processing system. It can efficiently process varieties of protocol packets and control packets, and provide refined control for protocol packets to safeguard against protocol packet attacks.
Distributed detection engines—Each service module can use BFD and OAM to detect faults in milliseconds and interact with control plane protocols for fast failover and convergence to ensure service continuity.
Distributed maintenance engines—The intelligent CPU system supports intelligent power management and online status monitoring of key components. It can power on and off modules in sequence, which reduces power impulse, electromagnetic radiation, and power consumption, and prolongs the device lifespan.
H3C Intelligent Resilient Framework 2 technology
H3C Intelligent Resilient Framework 2 (IRF 2) virtualizes multiple S10500X switches into one logical switch called an IRF fabric. IRF improves system performance and delivers the following benefits:
High availability—The H3C proprietary routing hot backup technology ensures redundancy and backup of all information on the control and data planes and non-stop Layer 3 data forwarding in an IRF 2 fabric. It also eliminates single point of failure and ensures service continuity.
Redundancy and load balancing—The distributed link aggregation technology supports load sharing and mutual backup among multiple uplinks, which enhances the network redundancy and improves link resources usage.
Simplified topology and easy management—An IRF fabric appears as one node and is accessible at a single IP address on the network. This simplifies network device and topology managements, improves operating efficiency, and reduces maintenance cost.
Intelligent Resilient Framework 3.1 (IRF 3.1) technology
IRF3.1 technology is based on industry standard IEEE 802.1BR standard. IRF3.1 includes core switch-CB (Controlling
Brige) and access switch-PE (Port extender), IRF3.1 can virtualizes core and access switches into one logical device.
IRF3.1 delivers the following benefits:
Plug and play working mechanism.
Increased I/O ports and centralized maintenance and management.
Can work with IRF2.0 to further enhance the reliability of CB and PE.
Reduced network management nodes.
Simplified cable deployment.
Data plane virtualization.
Abundant data center solutions
The switch offers a wide range of solutions for data center virtualization and network convergence, including:
TRansparent Interconnection of Lots of Links (TRILL)—Combine the simplicity and flexibility of Layer 2 switching with the stability, scalability, and rapid convergence capability of Layer 3 routing, to provide highest port density and flat network topology for addressing massive server accesses at data centers.
Ethernet Virtual Interconnect (EVI)—A MAC-in-IP technology that provides Layer 2 connectivity between distant Layer 2 network sites across an IP routed network. Simple to deploy and compatible with existing networks, EVI solutions protect user investment.
Virtual eXtensible LAN (VXLAN)—A MAC-in-UDP technology that provides Layer 2 connectivity between distant network sites across an IP network. It also enables service isolation between different tenants.
Edge Virtual Bridging (EVB)—Uses the Virtual Ethernet Port Aggregator (VEPA) mode to switch traffic of VMs to a physical switch connected to the server for processing. This not only ensures traffic forwarding between VMs, but also enables VM traffic policing and access control policy deployment.
Fibre Channel over Ethernet (FCoE)—Integrates heterogeneous LANs and storage networks in data centers. In conjunction with Converged Enhanced Ethernet (CEE), FCoE combines the frontend network with the backend networking architecture, and integrates data, computing, and storage networks in data centers, to significantly reduce the costs for building and expanding data centers.
MP-BGP EVPN (Multiprotocol Border Gateway Protocol Ethernet Virtual Private Network) uses standard-based BGP protocol as the control plane for VXLAN overlay networks, providing BGP based VTEP auto peer discovery and end-host reachability information distribution. MP-BGP EVPN delivers many benefits, such as eliminating traffic flooding, reducing full mesh requirements between VTEPs via the introduction of BGP RR, achieving optimal flow based end to end load sharing and more.
Distributed Resilient Network Interconnect (DRNI) virtualizes two physical devices into one system through multi chassis link aggregation. It provides device-level redundancy and load sharing and enhances the system availability.
All-round IPv6 solutions
The switch offers comprehensive IPv6 features, including:
IPv6 routing—IPv6 static routing, RIPng, OSPFv3, IS-ISv6, and BGP4+.
IPv4-to-IPv6 transition—IPv6 manual tunnel, 6to4 tunnel, ISATAP tunnel, GRE tunnel, and IPv4-compatible automatic tunnel configuration.
Media Access Control Security (MACsec)
The switch supports hardware-level encryption technology MACsec (802.1AE), which is an industry-standard security technology that provides secure communication for all traffic on Ethernet links. Compared with traditional application based software encryption technology, MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats.