H3C SR6602-X Compact Aggregation Service Router
- H3C SR6602-X1 Router
- H3C SR6602-X2 Router
- H3C SR6602-X1/X2 Rear View
Industry-leading development concept
The H3C SR6602-X router is based on the industry-leading compact design, not only providing high density integrated high-speed ports on the 2U height chassis, supporting for FIP-20 and FIP-10 flexible interface platforms, but also achieving hot swappable and redundant power supplies and hot swappable fan modules, Thereby ensuring compatibility of the service modules and protecting customer’s investment while guaranteeing high reliability and network configuration flexibility.
The H3C SR6602-X router interface platform has a flexible design with a strong expansion capability. FIP-10 can support four MIM and FIP-20 can support two HIM or two MIM, and support for HIM and MIM mixed configuration.
SR6602-X supports 10GE, GE, FE, POS OC-48/OC-12/OC-3, cPOS OC-3 (channelized to E3/T3 or E1/T1), ATM OC- 3, E3/T3, E1/T1, Serial and other WAN interfaces. Rich interface type makes SR6602-X not not only as a WAN aggregation router, but also as a local area network core router. Such a router can meet flat networking needs, reducing network tiers, to protect user investment.
The SR6602-X file system provides a wide variety of storage media, supporting CF card and USB, in addition to meeting growing customer demand for storage capacity, at the same time providing users with flexible storage and different interfaces for file management.
The H3C SR6602-X router supports a large-capacity routing table, while supporting rich routing policies and powerful policy based routing. SR6602-X allows flexible control and scheduling of network traffic, to meet different business characteristics for the Enterprise and carrier market. In addition, H3C SR6602-X also fully supports IPv4/IPv6 static routing and dynamic routing protocols, such as RIP/RIPng, OSP /OSPFv3, IS-IS/IS-ISv6, BGP/BGP4 + and more.
With the public IP address resource depletion as well as the proliferation of user scale, performance requirements of NAT gateway is gradually increasing from campus network users. The H3C SR6602-X with its advanced high-performance multi-core processing technology provides dedicated core to process NAT forwarding. NAT forwarding performance can reach over 10Gbps with concurrent 2,000,000 NAT connections, 256 bytes and mixed IMIX Internet packets. The powerful NAT forwarding performance meets the challenges of large campus network gateway performance requirements, as well as other future network expansion requirements.
At the same time, more and more companies want to use public networks to set up VPNs to connect geographically separated branches. SR6602-X supports comprehensive L2TP, IPSec and GRE tunneling technology. Independent hardware encryption and hardware kernel, providing 8Gbps IPSec data encryption processing power without increasing the investment, 6000 IPSec tunnel, 18000 L2TP tunnel and 4000 GRE tunnels. High-performance encryption capabilities and a large capacity can meet a variety of large tunnel encryption gateway requirements and ensure user data security in the WAN transportation.
In addition, traditional VPN technology has some shortcomings in terms of flexibility and maintainability. For example, enterprise branch offices commonly use a dynamic address once accessing the public network, so one end cannot know the public addresses of the peer in advance and so on. H3C’s response to these customers' business needs is to provide a professional DVPN (Dynamic Virtual Private Network) Solution: VAM (VPN Address Management) protocols to collect, maintain, and distribute dynamic public IP addresses and other information, solving the problem that cannot obtain peer public addresses in advance. DVPN establishes VPNs between various branches in the case of the enterprise network accessing the public network using a dynamic address. The networking flexibility and maintenance workload has been greatly improved, and also offers many rich features such as: DVPN packet NAT traversal, security authentication, IPSec packet encryption and multi-VPN domain and more.
EVI (Ethernet Virtualization Interconnect) - EVI is a MAC-in-IP technology that provides Layer 2 connectivity between distant Layer 2 network sites across an IP routed network. It is used for connecting geographically dispersed sites of a virtualized large-scale data center that requires Layer 2 adjacency.
WAN carries an important range of business traffic. Due to the presence of WAN high convergence ratio itself, congestion, delay, packet loss and other characteristics, how to maximize the use of network bandwidth resources in such an environment, improving system transmission reliability, is an important issue for WAN equipment. H3C leverages years of enterprise network experience, and has accumulated numerous requirements for enterprise network bandwidth applications, and formed a complete set of service bandwidth management mechanisms after analysis and research.
Active/Standby Network Bandwidth Management: in case of the resource constraints of main network connection, a portion of the data traffic re-routing to the backup network for data transmission according to pre defined routing policy. The idle resources can be fully utilized up to100%.
UCMP (Unequal Cost Multipath) intelligent load sharing: UCMP is different from traditional ECMP. Its greatest feature is the use of weights to distinguish the use of bandwidth, making two different bandwidths egress tunnels to bear different data traffic flows according to the different bandwidth.
Bandwidth reservation and resources sharing: the network can be divided into certain exclusive bandwidths for each department to ensure business-critical QoS, with the remaining bandwidth shared, to meet unexpected traffic demands.
Improve bandwidth utilization with hierarchical CAR: Multi-level CAR processing techniques, through multi-level processing sees bandwidth re-allocation, bandwidth utilization increase dramatically.
Advanced hierarchical queuing scheduling HQoS (Hierarchical Quality of Service): With the expansion of user numbers, increase of service types, network devices cannot only distinguish traffic, but are also capable of handling multiple users, a variety of services, a variety of flows and other transport objects for unified management and hierarchical scheduling. Obviously, it is difficult to achieve these requirements via traditional QoS technology. HQoS adopts the multi-layer scheduling queues, such as physical level, logical level, application or service level, and other scheduling levels. Each level can use the different features for traffic management to achieve multi-level traffic management, which can better help carriers to achieve multi-user, multi- service management.
SR6602-X builds a variety of security features to provide users with a full range of network security:
Comprehensive firewall features: support packet filtering firewall, stateful inspection firewall, packet filtering various attacks, and the provision of a log filter. Specific ACL acceleration algorithm eliminates firewall performance degradation by applying the number of ACL filtering rules.
Comprehensive built-in means anti-attack measures.
Supports a variety of ARP anti-attack techniques, such as: ARP rate-limit, ARP DHCPR security authentication, ARP authorization, ARP active acknowledgment, source MAC consistency check and protection and more, which can be a good protection mechanism against rampant ARP attacks within the network, ensure network stability.
Single-packet attack protection: Effective protection against Fraggle, ICMP Redirect, ICMP Unreachable, LAND, Large ICMP, Route Record, Smurf, Source Route, TCP Flag, Tracert, WinNuke single-packet attacks and other Single-packet attacks.
Scanning attack protection: the attacker uses the network scanning tools to scan host addresses or ports, detection of the target system network topology and the type of service is enabled on the target system to prepare for further intrusion.
Flooding attack protection: effectively prevents SYN Flood attacks, ICMP Flood attack, and UDP Flood.
Blacklist features: an attack protection feature based on source IP addresses for packet filtering. Based on the same ACL (Access Control List) for packet filtering, blacklist is a more simple method for matching rules, which can achieve high-speed packet filtering, thus effectively filtering packets from specific IP addresses.
Traffic statistics assisted attack protection: Statistics and analysis for session established between internal and external network, which helps network administrators grasp the statistics of various types of network sessions in real-time, and provides a basis for an effective attack protection strategy.
Support URL filtering, to prevent users from accessing unauthorized websites.
Complete user behavior tracking records: Support comprehensive logging, together with H3C iMC UBA (User Behavior Auditor) solution that can enable network administrators easily monitor the behavior of Internet users and ensure the safety operation of the network.
SR6602-X adheres to the high-end design concept to provide users with comprehensive reliability guarantee: in hardware, providing hot swappable redundant power supplies, with AC or DC power input, and ensuring operation in case of single power failure. All interface modules support the hot swappable capability, ensuring uninterrupted services in the case of plug or replace individual modules, and provides hot patching technology to achieve a smooth software upgrade.
Support MPLS TE Fast ReRoute (FRR), with Fast Routing Backup (FRB) features, combined with Bidirectional Forwarding Detection (BFD) functions, to achieve fast link switchover.
Support IP FRR, working with static routing/policy routing/PBR/RIP/IS-IS/OSPF, combined with BFD functions, to achieve fast routing link switchover.
Support IGP fast convergence.
Supports Virtual Routing Redundancy Protocol (VRRP), combined with a BFD fault detection mechanism to achieve fast VRRP switchover. In addition, supporting Virtual Router Redundancy Protocol Extended (VRRPE), multiple virtual routers can achieve load balancing.
Supports OSPF/IS-IS/BGP/MPLS LDP/MPLS RSVP-TE GR (Graceful Restart) functions to achieve nonstop forwarding.
4 GE optical/electrical Combo
4 GE optical/electrical Combo +2×10GE SFP+
1, support FIP-10/20
Service module slots
FIP-10 supports four MIM slot, FIP-20 supports two HIM/MIM slot
Default 2GB, up to 4GB
Default 4GB, up to 4GB
In-Band management port
SAE (Synchronous mode)
Dimensions (W × D × H)
Rated input voltage
AC Rated voltage range: 100 ~ 240V 50/60Hz
DC Rated voltage range: -48 ~-60V
-60m ~ 4km
Layer 2 protocol
Dynamic and static ARP
Ethernet, sub-interfaces VLAN
IEEE802.3ad LACP Layer 2 aggregation
MP (Hardware MP in CL2P/CL1P, and software MP in other modules)
POS trunk (POS link aggregation)
Layer 3 Ethernet interface LLDP
ATM: IPoA, PPPoA server, IPoEoA, PPPoEoA server
TCP, UDP, IP Option, IP unnumbered
Policy Based Routing
Layer 3 Ethernet interfaces binding
POS interface binding
Dynamic routing protocols: RIPv1/v2, OSPFv2, BGP, IS-IS
ECMP (Equal Cost Multipath)
UCMP (Unequal Cost Multipath)
ISIS MTR (Multitopology Routing)
PIM-DM, PIM-SM, PIM-SSM
Multicast Static Routes
Multicast host tracking function
Basic features: IPv6 ND, IPv6 PMTU, dual-stack forwarding, IPv6 ACL, DHCPv6 Server/Proxy
IPv6 tunnel: manually configured IPv6 tunnel, IPv6-over-IPv4, GRE tunnel, automatic IPv6 over IPv4 tunnel, 6to4 tunnel, ISATAP tunnel, 6PE
6VPE (IPv6 MPLS L3VPN)
Dynamic routing protocols: RIPng, OSPFv3, IS-ISv6, BGP4+
IPv6 multicast protocol: MLDv1/v2, PIM6-DM, PIM6-SM, PIM6-SSM
Traffic classification: based on port, MAC address, IP address, IP priority, DSCP priority, TCP / UDP port number, protocol type and more
Traffic policing: CAR rate limit, granularity configurable
Rate limiting based on source/destination address (supporting subnet-based rate limiting)
GTS traffic shaping
Priority Mark / Remark
Queue scheduling mechanisms: FIFO, PQ, CQ, WFQ, RTPQ, CBWFQ
Congestion avoidance algorithm: Tail-Drop, WRED
LR rate limiting
Hierarchical QoS (H-QoS)
QPPB (QoS Policy Propagation on BGP)
Time-based access control
Packet filtering firewall
Stateful firewall ASPF
TCP attack prevention on local host
Control Plane rate limiting
Virtual defragment reassembly
Hierarchical user management and password protection
Portal authentication (supporting collaboration with EAD, portal authentication bypass)
IPSec, IPSec multi-instance, IKE
BGP/BGP4 + support GTSM
Attack detection and protection
NAT, NAT multi-instance, VPN NAT, NAT session log
GRE tunnel (supporting point to multi-point applications)
NetStream (supporting v5/v8/v9 packet frames; supporting IPv4, IPv6 and MPLS packets)
DVPN (Dynamic VPN)
EVI (Ethernet Virtualization Interconnect)
L3VPN: Inter-domain MPLS VPN (Option1/2/3), nested MPLS VPN, Hierarchy PE (HoPE), CE dual homing, MCE, multi-role host
L2VPN: VPLS, Martini, Kompella, CCC and SVC mode
VPLS / H-VPLS
MPLS TE, RSVP TE
VRRP / VRRPv3
VRRPE (VRRP Extended)
MPLS TE FRR (Fast ReRoute)
IP FRR (Fast ReRoute): Static Routing/Policy Based Routing/RIP/IS-IS/OSPF
IGP fast convergence
BFD: Static Routing/RIP/OSPF/ISIS/BGP/VRRP/TE FRR/IPv6
In-service Hot patch
Hot swappable interface modules, fan modules and power modules
Configuration at the CLI
Configuration through the console port
Telnet for configuration and remote maintenance through Ethernet port
Dialing up for configuration and remote maintenance via Modem through AUX port
Support RMON (group 1, 2, 3 and 9 MIB)
Support system logs
Supports hierarchical alarms
Supports Ping and Tracert
NQA: supporting collaboration with VRRP, policy routing, and static routing
Fan status detection, maintenance and alarm
Power status detection, maintenance and alarm
CF card status detection and maintenance
Temperature detection and alarm
Supports the FAT file system format
Support CF card
Supports USB external storage devices
Support Dual Images
Uploading and upgrading
Loading/upgrading through the XModem protocol
Loading/upgrading through FTP, and TFTP
Network application 1: Gateway for government industry
The SR6602-X can serve as aggregation router at headquarters. Powerful performance and flexible configuration can provide customers with over 1M large routing table dual stack of IPv4 and IPv6. SR6602-X also provides hardware, and software carrier-class reliability features to ensure network reliability.
Network application 2: VPN gateway for financial industry
SR6602-X comes with independent hardware encryption engine, and also has a powerful multi-core forwarding performance. The IPSec VPN encryption performance can reach up to 8Gbps and up to 6000 tunnels, so it is very suitable to work as IPSec VPN gateway for the financial industry.
· SR6602-X builds IPSec tunnel connections to a large number of branch networks through Internet access, In order to ensure the safety of branch network access. IPSec VPN tunnels are established between each branch and headquarter.
· IPSec tunnels terminate on SR6602-X. Branches connect to the backbone network via IP or MPLS network.
Network application 3: Gateway for campus network
One SR6602-X2 is connected to the education network and carrier network via four fixed GE interfaces respectively, using two fixed 10GE interfaces to connect to the campus network core switches.
SR6602-X2 can provide high performance over 2M concurrent sessions, which can serve as the NAT gateway perfectly for the whole campus network.
SR6602-X2 also features comprehensive IPv6, allowing the education network to deploy dual stack IPv4/IPv6 transition technology, NAT-PT, IPv6 multicast various IPv6 applications easily achieve a smooth transition to IPv6 networks.