Open application architecture
In H3C open application architecture (OAA), the switch can accommodate high-performance OAP modules to offer dedicated services such as firewall, IPS, or load balancing in addition to conventional forwarding services. By installing OAP modules, the customers can use the switch as a multiservice device without having to buy separate service appliances, such as a firewall device.
High-density 10GE forwarding
The switch offers high-density 10GE forwarding and can expand 10GE ports flexibly. It provides 48/24 10/1GE autosensing SFP+ ports, two QSFP28 or QSFP+ ports onboard, and two expansion slots that support up to 11 kinds of modules range from GE to 10GE, 25GE, 40GE, 100GE and Multi-giga ports. Using a QSFP+ to SFP+ splitter cable, you can split a QSFP+ port into four line-rate 10GE SFP+ ports. Max 72*10GE supported on one single switch.
Embedded Access Controller
H3C S6520X-HI implements the WLAN function by installing an AC feature pack on the main control unit, thereby implementing both the wired function and the WLAN function on a single device. Embedded AC is a low-cost WLAN solution, save overall investment, improve forwarding capacity, realized a true unified wired and wireless solution in Campus. Max.256 AP supported on one single switches.
H3C Intelligent Resilient Framework 2 (IRF2)
H3C Intelligent Resilient Framework 2 (IRF 2) virtualizes multiple S6520X-HI switches into one virtual switch and provides the following benefits:
- Scalability—IRF 2 allows you to add devices to the IRF 2 system easily. It provides a single point of management, enables switch plug-and-play, and supports software auto-update for software synchronization from the master to the new member devices. It brings business agility with lower total cost of ownership by allowing new switches to be added to the fabric without network topology change as business grows.
- High availability—The H3C proprietary routing hot backup technology ensures redundancy and backup of all information on the control and data planes and non-stop Layer 3 data forwarding in an IRF 2 fabric. It also eliminates single point of failure and ensures service continuity.
- Redundancy and load balancing—The distributed link aggregation technology supports load sharing and mutual backup among multiple uplinks, which enhances the network redundancy and improves link resources usage.
- Flexibility and resiliency—The switch uses standard GE ports instead of specialized ports for IRF links between IRF member devices. This allows customers to assign bandwidth as needed between uplink, downlink, and IRF system connections. In addition, an S6520X-HI IRF fabric can span a rack, multiple racks, or multiple campuses.
Intelligent Resilient Framework 3.1 (IRF 3.1)
Intelligent Resilient Framework 3.1 technology (IRF 3.1) is implemented based on IEEE 802.1BR. It integrates lower-layer devices (PEXs) such as access devices with a higher-layer IRF fabric (parent fabric) to provide high-density, low-cost connectivity at the access layer. You can manage and configure the PEXs from the parent fabric as if they were interface modules on the parent fabric.
IRF 3.1 brings the following benefits: Single point of management; Unified security policy; Simplified network topology; Simplified service deployments; Easy scalability and maintenance.
Wide range of advanced features
The switch offers a wide range of features, including:
- Modular hardware and software design—The switch uses modular, hot swapping, and redundancy design for hardware, including power modules and fan trays. The switch also uses modular design for software, which enables feature installation and removal on an as-needed basis. Refined physical architecture and optimized software workflows greatly reduce the end-to-end packet processing delay.
- Software-defined networking (SDN)—An innovative network architecture that separates the control plane from the forwarding plane, typically by using OpenFlow. SDN significantly simplifies network management, reduces maintenance complexities and costs, enables flexible traffic management, and offers a good platform for network and application innovations.
- Virtual eXtensible LAN (VXLAN)—A MAC-in-UDP technology that provides Layer 2 connectivity between distant network sites across an IP network. VXLAN enables long-distance virtual machine and data mobility and is typically used in data centers and the access layer of campus networks for multitenant services. The H3C implementation of VXLAN supports automatic VXLAN tunnel establishment with EVPN.
- Ethernet Virtual Private Network (EVPN) is a Layer 2 VPN technology that provides both Layer 2 and Layer 3 connectivity between distant network sites across an IP network. EVPN uses MP-BGP in the control plane and VXLAN in the data plane.
- EVPN provides the following benefits: Configuration automation; Separation of the control plane and the data plane; Integrated routing and bridging (IRB).
- In-Service Software Upgrade (ISSU) and Operation, Administration, and Maintenance (OAM)—Ensure business continuity and improve Ethernet management and maintainability.
Comprehensive security control policies
The switch supports AAA authentications (including RADIUS authentication) and dynamic or static binding of user identifiers such as user account, IP address, MAC address, VLAN, and port number.
Using the switch in conjunction with H3C IMC, you can manage and monitor online users in real time and take prompt action on illegitimate behaviors.
The switch offers a large number of inbound and outbound ACLs and VLAN-based ACL assignment. This simplifies configurations and saves ACL resources.
MACsec is an ideal hop-by-hop link-layer security protocol for Ethernet networks, which are typically insecure. It provides the following services:
- Data encryption—Encrypts data over the Ethernet link to protect data against security issues such as eavesdropping.
- Anti-replay—Prevents packets from being intercepted and modified en route to protect the network against unauthorized access.
- Tampering protection—prevents packet tampering to protect data integrity.
MACsec supports the following deployments:
- Client-oriented—Protects data transmission over the link between the client and its access device.
- Device-oriented mode—Protects data transmission over the link between two peering devices.
The switch can cooperate with H3C iNode client and core switches such as S10500 and S7500E to provide a complete MACsec solution.
In addition to node and link protection, the switch offers the following hardware high availability features:
- 1+1 power module redundancy and 1+1 fan tray redundancy.
- Hot-swappable interface modules.
- Automatic power and fan tray status monitoring and alarming mechanisms.
- Automatic fan speed adjustment based on the change in temperature.
- Self-protection mechanisms that protect power modules against overcurrent, overvoltage, and overtemperature conditions.
Outstanding management capacity
The switch provides a variety of management features and is easy to manage. It offers the following device management features:
- Provides multiple management interfaces, including the console port, out-of-band management Ethernet port, and USB port.
- Supports configuration and management from CLI or a general-purpose Web-based manager, including H3C IMC Intelligent Management Center.
- Supports multiple access methods, including SNMPv1/v2c/v3, Telnet, and more secure SSH 2.0 and SSL.
- Uses OAM to enhance system management capability.
- Supports FTP for system upgrade.
Smart Management Center (SmartMC)
SmartMC is H3C’s latest offering and innovation that helps small and middle size enterprise network to address management issue and is free of charge, easy to use web management tool. SmartMC is embedded network management tool into the switch, it includes commander switches and other access switches.
SmartMC delivers the following benefits:
- Intelligent operation: once the switch is powered on and SmartMC function is enabled, topology will be created automatically and user can go enhanced web GUI to check the latest status.
- Centralized management: all management can be achieved via commander switch such as centralized configuration backup, and software version management, increasing working efficiency.
- One key device replacement: in case of one switch failure, the new added same type switch can download the same configuration and work as old switch immediately