Advanced technologies
The router runs H3C's state-of-the-art Comware network operating system, provides intelligent service scheduling management mechanism, and supports loose coupling of service modules and dynamic loading of processes and patches.
The high-performance multicore processor with the non-blocking switching architecture enhances the concurrent service processing capability significantly.
The OAA architecture supports open applications such as CVK, VMware, WAN optimization, Lync, and third-party services.
Dual MPU system architecture allows millisecond MPU switchover and process-level backup.
Integrated routing and switching fabric technology and separation of routing and switching planes help achieving 10 Gbps data transmission.
Multiple protocol processing engines, such as data encryption engine.
Powerful security features
Service security
● Packet filtering, including stateful filtering, MAC address filtering, IP and port number filtering, and time based filtering.
● Real-time traffic analysis.
Network security
● Comprehensive VPN technologies, including IPsec, L2TP, GRE, ADVPN, MPLS VPN, and combinations of multiple VPN technologies.
● Routing protocol security protection, such as OSPF/RIP/IS-IS/BGP authentication, OSPFv3/RIPng/IS-ISv6/BGP IPS encryption, and rich routing policy control functions.
End device access security
● Integrated terminal access binding authentication, including EAD security check authentication, 802.1X authentication, endpoint MAC address authentication, Web-based portal authentication, endpoint access static binding, and MAC address auto-learning and binding.
● ARP attack protection, including source MAC address binding, ARP defense against IP packet attacks, address conflict detection and protection, ARP packet rate limit, ARP detection, ARP packet source MAC consistency check, ARP source suppression, ARP active acknowledgment.
Device management security
● Role-based access control that allocates resources based on roles, and provides users and roles mapping.
● Control plane traffic control and filtering based on protocol type, queue, known protocol and specific protocol.
● Remote security management, such as SNMPv3, SSH, and HTTPS remote management.
● Behavior control and audit, including AAA server central authentication, command line authority and real-time report of operation records.
Granular control
Uses granular identification and control to rate limit and filter application layer services and ensure bandwidth and provides detailed network statistics for network optimization.
Supports equal cost multiple path (ECMP) and unequal cost multiple path (UCMP) load balancing. UCMP allows the device to perform bandwidth-based load balancing.
Performs load balancing based on bandwidth, user, user group, service, or application by using asymmetric link, traffic load balancing, and multi-topology dynamic routing technologies.
Supports flexible bandwidth sharing based on service, user, user group, link, and user bandwidth.
Intelligent network management
Comprehensive network management methods—Supports command line and SNMP.
Zero-configuration setup and configuration rollback—enables zero-configuration batch device startup, and automatic fallback in the event of configuration errors.
Comware embedded EAA function—Monitors the internal events and status of the system's software and hardware components. If a fault occurs, it collects diagnostic information and attempts to make automatic repairs as well as sending the diagnostic information to a specific email address.
Configuration from a USB drive—provides a USB console port and supports booting and automatic configuration loading from a USB drive.
High availability
Supports 1+1 MPU redundancy.
Supports hot swapping of interface modules and 1+1 CF card backup.
Separation of the control place and forwarding plain maximizes the fault isolation capability and enhances system reliability.
Independent hardware processing module for the monitoring system and programmable components that supports online upgrade and auto loading to strengthen product reliability.
Supports bidirectional forwarding detection (BFD), which can detect faults in milliseconds and can collaborate with static routing, RIP/OSPF/BGP/ISIS dynamic routing, VRRP, and interface backup through the track module.
Supports network quality analyzer (NQA), which can collaborate with static routing, VRRP, and interface backup through the track module.
Supports multi-device redundancy and load balancing (VRRP/VRRPE).
Supports fast reroute, and GR/NSR.
Network virtualization
Intelligent Resilient Framework 2 (IRF2)—virtualizes two devices into one logical device. This technology significantly decreases networking complexity, reduces the operation and maintenance cost, enhances bandwidth and equipment utilization, and improves management efficiency.
Multichassis link aggregation—enables the device to perform load balancing and backup among multiple uplinks to increase reliability of the overall network architecture and enhance link resources efficiency.
Cloud interconnection
The device can use VXLAN to provide Layer 2 network connectivity between data centers. The VXLAN solutions are easy to deploy and cost efficient. You just need to deploy one or more VXLAN-capable devices on the site edge and no modifications for the enterprise or the service provider networks are required. The VXLAN solution combined with the IPSec solution can enhance the data transmission security between data centers over the public network.
Environment friendly
Fully compliant with the RoHS standard.
Space efficient by using separate airflow aisles designed in unique L shape for the system and power modules.
Minimizes fan tray noises and power consumption by fan tray redundancy, multi-level fan speed regulation, and fan speed adaption to the internal temperatures.
Minimizes the system power consumption by intelligent power management and flexible HMIM/MPU/interface module energy saving policy.