For Hong Kong, China

H3C SR6602-X Compact Aggregation Service Router

HomeProducts & TechnologyEnterprise ProductsRoutersH3C SR6602-X Compact Aggregation Service Router
H3C SR6602-X1 Router
H3C SR6602-X2 Router
H3C SR6602-X1/X2 Rear View

The H3C SR6602-X is a high-end compact Aggregation Service Router for enterprise network and carrier customers, targeting at medium-sized vertical network aggregation, high-end business users and large branches operator-managed high-performance CPE market. The product works as a corporate VPN, NAT, IPSec and other services gateway. Along with other H3C networking products, it provides a comprehensive network solution to users in multiple industries from the government, finance, utilities, operators and medium-sized enterprises.

The H3C SR6602-X router is the first of its kind in the industry to provide fixed 10GE interfaces, with a new generation of higher-performance multi-core processing chip, enabling 10GE wire-speed processing performance. H3C SR6602-X software uses sophisticated commercial H3C Comware operating system and hardware is based on a new flexible interface design to maximize investment protection, fully meet the networking requirements of users in different industries while ensuring high performance and flexible configuration.

H3C SR6602-X series contains SR6602-X1 and SR6602-X2. SR6602-X1 provides 4GE fixed Combo interfaces and one service slot, supporting pluggable redundant power supply. SR6602-X2 provides 4GE fixed Combo, 2-port fixed 10GE and one service slot, supporting pluggable redundant power supply. SR6602-X uses the new FIP-20 and FIP-10 flexible interface platform. FIP-20 supports SR6600 High-speed Interface Module (HIM). FIP-10 is compatible with MSR series routers Multifunctional Interface Module (MIM) module to meet the user upgrade from narrowband to broadband access needs.

Industry-leading development concept

The H3C SR6602-X router is based on the industry-leading compact design, not only providing high density integrated high-speed ports on the 2U height chassis, supporting for FIP-20 and FIP-10 flexible interface platforms, but also achieving hot swappable and redundant power supplies and hot swappable fan modules, Thereby ensuring compatibility of the service modules and protecting customer’s investment while guaranteeing high reliability and network configuration flexibility.

Rich and flexible interface design

The H3C SR6602-X router interface platform has a flexible design with a strong expansion capability. FIP-10 can support four MIM and FIP-20 can support two HIM or two MIM, and support for HIM and MIM mixed configuration.

SR6602-X supports 10GE, GE, FE, POS OC-48/OC-12/OC-3, cPOS OC-3 (channelized to E3/T3 or E1/T1), ATM OC- 3, E3/T3, E1/T1, Serial and other WAN interfaces. Rich interface type makes SR6602-X not not only as a WAN aggregation router, but also as a local area network core router. Such a router can meet flat networking needs, reducing network tiers, to protect user investment.

The SR6602-X file system provides a wide variety of storage media, supporting CF card and USB, in addition to meeting growing customer demand for storage capacity, at the same time providing users with flexible storage and different interfaces for file management.

Powerful routing capabilities

The H3C SR6602-X router supports a large-capacity routing table, while supporting rich routing policies and powerful policy based routing. SR6602-X allows flexible control and scheduling of network traffic, to meet different business characteristics for the Enterprise and carrier market. In addition, H3C SR6602-X also fully supports IPv4/IPv6 static routing and dynamic routing protocols, such as RIP/RIPng, OSP /OSPFv3, IS-IS/IS-ISv6, BGP/BGP4 + and more.

Professional routing gateway

With the public IP address resource depletion as well as the proliferation of user scale, performance requirements of NAT gateway is gradually increasing from campus network users. The H3C SR6602-X with its advanced high-performance multi-core processing technology provides dedicated core to process NAT forwarding. NAT forwarding performance can reach over 10Gbps with concurrent 2,000,000 NAT connections, 256 bytes and mixed IMIX Internet packets. The powerful NAT forwarding performance meets the challenges of large campus network gateway performance requirements, as well as other future network expansion requirements.

At the same time, more and more companies want to use public networks to set up VPNs to connect geographically separated branches. SR6602-X supports comprehensive L2TP, IPSec and GRE tunneling technology. Independent hardware encryption and hardware kernel, providing 8Gbps IPSec data encryption processing power without increasing the investment, 6000 IPSec tunnel, 18000 L2TP tunnel and 4000 GRE tunnels. High-performance encryption capabilities and a large capacity can meet a variety of large tunnel encryption gateway requirements and ensure user data security in the WAN transportation.

In addition, traditional VPN technology has some shortcomings in terms of flexibility and maintainability. For example, enterprise branch offices commonly use a dynamic address once accessing the public network, so one end cannot know the public addresses of the peer in advance and so on. H3C’s response to these customers' business needs is to provide a professional DVPN (Dynamic Virtual Private Network) Solution: VAM (VPN Address Management) protocols to collect, maintain, and distribute dynamic public IP addresses and other information, solving the problem that cannot obtain peer public addresses in advance. DVPN establishes VPNs between various branches in the case of the enterprise network accessing the public network using a dynamic address. The networking flexibility and maintenance workload has been greatly improved, and also offers many rich features such as: DVPN packet NAT traversal, security authentication, IPSec packet encryption and multi-VPN domain and more.

EVI (Ethernet Virtualization Interconnect) - EVI is a MAC-in-IP technology that provides Layer 2 connectivity between distant Layer 2 network sites across an IP routed network. It is used for connecting geographically dispersed sites of a virtualized large-scale data center that requires Layer 2 adjacency.

Intelligent service bandwidth management

WAN carries an important range of business traffic. Due to the presence of WAN high convergence ratio itself, congestion, delay, packet loss and other characteristics, how to maximize the use of network bandwidth resources in such an environment, improving system transmission reliability, is an important issue for WAN equipment. H3C leverages years of enterprise network experience, and has accumulated numerous requirements for enterprise network bandwidth applications, and formed a complete set of service bandwidth management mechanisms after analysis and research.


Active/Standby Network Bandwidth Management: in case of the resource constraints of main network connection, a portion of the data traffic re-routing to the backup network for data transmission according to pre defined routing policy. The idle resources can be fully utilized up to100%.

UCMP (Unequal Cost Multipath) intelligent load sharing: UCMP is different from traditional ECMP. Its greatest feature is the use of weights to distinguish the use of bandwidth, making two different bandwidths egress tunnels to bear different data traffic flows according to the different bandwidth.

Bandwidth reservation and resources sharing: the network can be divided into certain exclusive bandwidths for each department to ensure business-critical QoS, with the remaining bandwidth shared, to meet unexpected traffic demands.

Improve bandwidth utilization with hierarchical CAR: Multi-level CAR processing techniques, through multi-level processing sees bandwidth re-allocation, bandwidth utilization increase dramatically.

Advanced hierarchical queuing scheduling HQoS (Hierarchical Quality of Service): With the expansion of user numbers, increase of service types, network devices cannot only distinguish traffic, but are also capable of handling multiple users, a variety of services, a variety of flows and other transport objects for unified management and hierarchical scheduling. Obviously, it is difficult to achieve these requirements via traditional QoS technology. HQoS adopts the multi-layer scheduling queues, such as physical level, logical level, application or service level, and other scheduling levels. Each level can use the different features for traffic management to achieve multi-level traffic management, which can better help carriers to achieve multi-user, multi- service management.

Comprehensive network security

SR6602-X builds a variety of security features to provide users with a full range of network security:

Comprehensive firewall features: support packet filtering firewall, stateful inspection firewall, packet filtering various attacks, and the provision of a log filter. Specific ACL acceleration algorithm eliminates firewall performance degradation by applying the number of ACL filtering rules.

Comprehensive built-in means anti-attack measures.

Supports a variety of ARP anti-attack techniques, such as: ARP rate-limit, ARP DHCPR security authentication, ARP authorization, ARP active acknowledgment, source MAC consistency check and protection and more, which can be a good protection mechanism against rampant ARP attacks within the network, ensure network stability.

Single-packet attack protection: Effective protection against Fraggle, ICMP Redirect, ICMP Unreachable, LAND, Large ICMP, Route Record, Smurf, Source Route, TCP Flag, Tracert, WinNuke single-packet attacks and other Single-packet attacks.

Scanning attack protection: the attacker uses the network scanning tools to scan host addresses or ports, detection of the target system network topology and the type of service is enabled on the target system to prepare for further intrusion.

Flooding attack protection: effectively prevents SYN Flood attacks, ICMP Flood attack, and UDP Flood.

Blacklist features: an attack protection feature based on source IP addresses for packet filtering. Based on the same ACL (Access Control List) for packet filtering, blacklist is a more simple method for matching rules, which can achieve high-speed packet filtering, thus effectively filtering packets from specific IP addresses.

Traffic statistics assisted attack protection: Statistics and analysis for session established between internal and external network, which helps network administrators grasp the statistics of various types of network sessions in real-time, and provides a basis for an effective attack protection strategy.

Support URL filtering, to prevent users from accessing unauthorized websites.

Complete user behavior tracking records: Support comprehensive logging, together with H3C iMC UBA (User Behavior Auditor) solution that can enable network administrators easily monitor the behavior of Internet users and ensure the safety operation of the network.

Carrier-class reliability design

SR6602-X adheres to the high-end design concept to provide users with comprehensive reliability guarantee: in hardware, providing hot swappable redundant power supplies, with AC or DC power input, and ensuring operation in case of single power failure. All interface modules support the hot swappable capability, ensuring uninterrupted services in the case of plug or replace individual modules, and provides hot patching technology to achieve a smooth software upgrade.

Support MPLS TE Fast ReRoute (FRR), with Fast Routing Backup (FRB) features, combined with Bidirectional Forwarding Detection (BFD) functions, to achieve fast link switchover.

Support IP FRR, working with static routing/policy routing/PBR/RIP/IS-IS/OSPF, combined with BFD functions, to achieve fast routing link switchover.

Support IGP fast convergence.

Supports Virtual Routing Redundancy Protocol (VRRP), combined with a BFD fault detection mechanism to achieve fast VRRP switchover. In addition, supporting Virtual Router Redundancy Protocol Extended (VRRPE), multiple virtual routers can achieve load balancing.

Supports OSPF/IS-IS/BGP/MPLS LDP/MPLS RSVP-TE GR (Graceful Restart) functions to achieve nonstop forwarding.

Hardware Specifications




Forwarding performance


Fixed Interface

4 GE optical/electrical Combo

4 GE optical/electrical Combo +2×10GE SFP+


1, support FIP-10/20

Service module slots

FIP-10 supports four MIM slot, FIP-20 supports two HIM/MIM slot


Default 2GB, up to 4GB

Default 4GB, up to 4GB







Concole port


In-Band management port




10/100/1000BASE-T RJ45

10/100BASE-TX RJ45

100/1000BASE-X SFP





SAE (Synchronous mode)







Dimensions (W × D × H)




Rated input voltage

AC Rated voltage range: 100 ~ 240V 50/60Hz

DC Rated voltage range: -48 ~-60V

Maximum power


Operating temperature

: 0~45℃

Operating humidity

5~95% (non-condensing)

Operating altitude

-60m ~ 4km

Software Specifications



Layer 2 protocol

Dynamic and static ARP

Proxy ARP

Multicast ARP

Gratuitous ARP

Ethernet, sub-interfaces VLAN

IEEE802.3ad LACP Layer 2 aggregation

QinQ termination

PPPoE Server


MP (Hardware MP in CL2P/CL1P, and software MP in other modules)

FR protocol

MFR protocol

FR switching

HDLC protocol

POS trunk (POS link aggregation)

Layer 3 Ethernet interface LLDP

ATM: IPoA, PPPoA server, IPoEoA, PPPoEoA server

IP services

TCP, UDP, IP Option, IP unnumbered

Policy Based Routing

Layer 3 Ethernet interfaces binding

POS interface binding

IP routing

Static Routing

Dynamic routing protocols: RIPv1/v2, OSPFv2, BGP, IS-IS

Route iteration

Routing Policy

ECMP (Equal Cost Multipath)

UCMP (Unequal Cost Multipath)


ISIS MTR (Multitopology Routing)

IPv4 multicast





Multicast Static Routes

Multicast host tracking function

IP application

DHCP Server/Relay/Client

DNS Client

NTP Server/Client

Telnet Server/Client

TFTP Client

FTP Server/Client

UDP Helper


Basic features: IPv6 ND, IPv6 PMTU, dual-stack forwarding, IPv6 ACL, DHCPv6 Server/Proxy

IPv6 tunnel: manually configured IPv6 tunnel, IPv6-over-IPv4, GRE tunnel, automatic IPv6 over IPv4 tunnel, 6to4 tunnel, ISATAP tunnel, 6PE



Static Routing

Dynamic routing protocols: RIPng, OSPFv3, IS-ISv6, BGP4+

IPv6 multicast protocol: MLDv1/v2, PIM6-DM, PIM6-SM, PIM6-SSM


Traffic classification: based on port, MAC address, IP address, IP priority, DSCP priority, TCP / UDP port number, protocol type and more

Traffic policing: CAR rate limit, granularity configurable

Rate limiting based on source/destination address (supporting subnet-based rate limiting)

GTS traffic shaping

Priority Mark / Remark

Queue scheduling mechanisms: FIFO, PQ, CQ, WFQ, RTPQ, CBWFQ

Congestion avoidance algorithm: Tail-Drop, WRED

LR rate limiting


IPv6 QoS

Hierarchical QoS (H-QoS)

QPPB (QoS Policy Propagation on BGP)



ACL acceleration

Time-based access control

Packet filtering firewall

Stateful firewall ASPF

TCP attack prevention on local host

Control Plane rate limiting

Virtual defragment reassembly


Web Filtering

Hierarchical user management and password protection




Portal authentication (supporting collaboration with EAD, portal authentication bypass)

PKI certificates

SSH 1.5/2.0


IPSec, IPSec multi-instance, IKE

BGP/BGP4 + support GTSM

Password Control

Attack detection and protection

IP features

NAT, NAT multi-instance, VPN NAT, NAT session log

Connection limit

GRE tunnel (supporting point to multi-point applications)

L2TP tunnel

NetStream (supporting v5/v8/v9 packet frames; supporting IPv4, IPv6 and MPLS packets)

DVPN (Dynamic VPN)

EVI (Ethernet Virtualization Interconnect)


L3VPN: Inter-domain MPLS VPN (Option1/2/3), nested MPLS VPN, Hierarchy PE (HoPE), CE dual homing, MCE, multi-role host

L2VPN: VPLS, Martini, Kompella, CCC and SVC mode



Multicast VPN



VRRPE (VRRP Extended)

MPLS TE FRR (Fast ReRoute)

IP FRR (Fast ReRoute): Static Routing/Policy Based Routing/RIP/IS-IS/OSPF

IGP fast convergence



In-service Hot patch

Hot swappable interface modules, fan modules and power modules

Management and


Configuration at the CLI

Configuration through the console port

Telnet for configuration and remote maintenance through Ethernet port

Dialing up for configuration and remote maintenance via Modem through AUX port

SNMP v1/v2c/v3

Web management

Support RMON (group 1, 2, 3 and 9 MIB)

Support system logs

Supports hierarchical alarms

Supports Ping and Tracert

NQA: supporting collaboration with VRRP, policy routing, and static routing

Fan status detection, maintenance and alarm

Power status detection, maintenance and alarm

CF card status detection and maintenance

Temperature detection and alarm

File system

Supports the FAT file system format

Support CF card

Supports USB external storage devices

Support Dual Images

Uploading and upgrading

Loading/upgrading through the XModem protocol

Loading/upgrading through FTP, and TFTP

Network application 1: Gateway for government industry

The SR6602-X can serve as aggregation router at headquarters. Powerful performance and flexible configuration can provide customers with over 1M large routing table dual stack of IPv4 and IPv6. SR6602-X also provides hardware, and software carrier-class reliability features to ensure network reliability.

Network application 2: VPN gateway for financial industry

SR6602-X comes with independent hardware encryption engine, and also has a powerful multi-core forwarding performance. The IPSec VPN encryption performance can reach up to 8Gbps and up to 6000 tunnels, so it is very suitable to work as IPSec VPN gateway for the financial industry.

· SR6602-X builds IPSec tunnel connections to a large number of branch networks through Internet access, In order to ensure the safety of branch network access. IPSec VPN tunnels are established between each branch and headquarter.

· IPSec tunnels terminate on SR6602-X. Branches connect to the backbone network via IP or MPLS network.

Network application 3: Gateway for campus network

One SR6602-X2 is connected to the education network and carrier network via four fixed GE interfaces respectively, using two fixed 10GE ​​interfaces to connect to the campus network core switches.

SR6602-X2 can provide high performance over 2M concurrent sessions, which can serve as the NAT gateway perfectly for the whole campus network.

SR6602-X2 also features comprehensive IPv6, allowing the education network to deploy dual stack IPv4/IPv6 transition technology, NAT-PT, IPv6 multicast various IPv6 applications easily achieve a smooth transition to IPv6 networks.

Are you an H3C partner? Log in to see additional resources.
You can find excellent H3C partners, or you can become one of them to build a
partnership with H3C and share success together.