Country / Region
Country / Region
The H
The H
H
The following contents are complex, and it is recommended to browse on PC.
Enter c.h3c.com.cn on the PC browser and operate according to the page to synchronize to the PC and continue browsing.
Continue by mobile
The H3C SR6602-X router is based on the industry-leading compact design, not only providing high density integrated high-speed ports on the 2U height chassis, supporting for FIP-20 and FIP-10 flexible interface platforms, but also achieving hot swappable and redundant power supplies and hot swappable fan modules, Thereby ensuring compatibility of the service modules and protecting customer’s investment while guaranteeing high reliability and network configuration flexibility.
The H3C SR6602-X router interface platform has a flexible design with a strong expansion capability. FIP-10 can support four MIM and FIP-20 can support two HIM or two MIM, and support for HIM and MIM mixed configuration.
SR6602-X supports 10GE, GE, FE, POS OC-48/OC-12/OC-3, cPOS OC-3 (channelized to E3/T3 or E1/T1), ATM OC- 3, E3/T3, E1/T1, Serial and other WAN interfaces. Rich interface type makes SR6602-X not not only as a WAN aggregation router, but also as a local area network core router. Such a router can meet flat networking needs, reducing network tiers, to protect user investment.
The SR6602-X file system provides a wide variety of storage media, supporting CF card and USB, in addition to meeting growing customer demand for storage capacity, at the same time providing users with flexible storage and different interfaces for file management.
The H3C SR6602-X router supports a large-capacity routing table, while supporting rich routing policies and powerful policy based routing. SR6602-X allows flexible control and scheduling of network traffic, to meet different business characteristics for the Enterprise and carrier market. In addition, H3C SR6602-X also fully supports IPv4/IPv6 static routing and dynamic routing protocols, such as RIP/RIPng, OSP /OSPFv3, IS-IS/IS-ISv6, BGP/BGP4 + and more.
With the public IP address resource depletion as well as the proliferation of user scale, performance requirements of NAT gateway is gradually increasing from campus network users. The H3C SR6602-X with its advanced high-performance multi-core processing technology provides dedicated core to process NAT forwarding. NAT forwarding performance can reach over 10Gbps with concurrent 2,000,000 NAT connections, 256 bytes and mixed IMIX Internet packets. The powerful NAT forwarding performance meets the challenges of large campus network gateway performance requirements, as well as other future network expansion requirements.
At the same time, more and more companies want to use public networks to set up VPNs to connect geographically separated branches. SR6602-X supports comprehensive L2TP, IPSec and GRE tunneling technology. Independent hardware encryption and hardware kernel, providing 8Gbps IPSec data encryption processing power without increasing the investment, 6000 IPSec tunnel, 18000 L2TP tunnel and 4000 GRE tunnels. High-performance encryption capabilities and a large capacity can meet a variety of large tunnel encryption gateway requirements and ensure user data security in the WAN transportation.
In addition, traditional VPN technology has some shortcomings in terms of flexibility and maintainability. For example, enterprise branch offices commonly use a dynamic address once accessing the public network, so one end cannot know the public addresses of the peer in advance and so on. H3C’s response to these customers' business needs is to provide a professional DVPN (Dynamic Virtual Private Network) Solution: VAM (VPN Address Management) protocols to collect, maintain, and distribute dynamic public IP addresses and other information, solving the problem that cannot obtain peer public addresses in advance. DVPN establishes VPNs between various branches in the case of the enterprise network accessing the public network using a dynamic address. The networking flexibility and maintenance workload has been greatly improved, and also offers many rich features such as: DVPN packet NAT traversal, security authentication, IPSec packet encryption and multi-VPN domain and more.
EVI (Ethernet Virtualization Interconnect) - EVI is a MAC-in-IP technology that provides Layer 2 connectivity between distant Layer 2 network sites across an IP routed network. It is used for connecting geographically dispersed sites of a virtualized large-scale data center that requires Layer 2 adjacency.
WAN carries an important range of business traffic. Due to the presence of WAN high convergence ratio itself, congestion, delay, packet loss and other characteristics, how to maximize the use of network bandwidth resources in such an environment, improving system transmission reliability, is an important issue for WAN equipment. H3C leverages years of enterprise network experience, and has accumulated numerous requirements for enterprise network bandwidth applications, and formed a complete set of service bandwidth management mechanisms after analysis and research.
Including:
Active/Standby Network Bandwidth Management: in case of the resource constraints of main network connection, a portion of the data traffic re-routing to the backup network for data transmission according to pre defined routing policy. The idle resources can be fully utilized up to100%.
UCMP (Unequal Cost Multipath) intelligent load sharing: UCMP is different from traditional ECMP. Its greatest feature is the use of weights to distinguish the use of bandwidth, making two different bandwidths egress tunnels to bear different data traffic flows according to the different bandwidth.
Bandwidth reservation and resources sharing: the network can be divided into certain exclusive bandwidths for each department to ensure business-critical QoS, with the remaining bandwidth shared, to meet unexpected traffic demands.
Improve bandwidth utilization with hierarchical CAR: Multi-level CAR processing techniques, through multi-level processing sees bandwidth re-allocation, bandwidth utilization increase dramatically.
Advanced hierarchical queuing scheduling HQoS (Hierarchical Quality of Service): With the expansion of user numbers, increase of service types, network devices cannot only distinguish traffic, but are also capable of handling multiple users, a variety of services, a variety of flows and other transport objects for unified management and hierarchical scheduling. Obviously, it is difficult to achieve these requirements via traditional QoS technology. HQoS adopts the multi-layer scheduling queues, such as physical level, logical level, application or service level, and other scheduling levels. Each level can use the different features for traffic management to achieve multi-level traffic management, which can better help carriers to achieve multi-user, multi- service management.
SR6602-X builds a variety of security features to provide users with a full range of network security:
Comprehensive firewall features: support packet filtering firewall, stateful inspection firewall, packet filtering various attacks, and the provision of a log filter. Specific ACL acceleration algorithm eliminates firewall performance degradation by applying the number of ACL filtering rules.
Comprehensive built-in means anti-attack measures.
Supports a variety of ARP anti-attack techniques, such as: ARP rate-limit, ARP DHCPR security authentication, ARP authorization, ARP active acknowledgment, source MAC consistency check and protection and more, which can be a good protection mechanism against rampant ARP attacks within the network, ensure network stability.
Single-packet attack protection: Effective protection against Fraggle, ICMP Redirect, ICMP Unreachable, LAND, Large ICMP, Route Record, Smurf, Source Route, TCP Flag, Tracert, WinNuke single-packet attacks and other Single-packet attacks.
Scanning attack protection: the attacker uses the network scanning tools to scan host addresses or ports, detection of the target system network topology and the type of service is enabled on the target system to prepare for further intrusion.
Flooding attack protection: effectively prevents SYN Flood attacks, ICMP Flood attack, and UDP Flood.
Blacklist features: an attack protection feature based on source IP addresses for packet filtering. Based on the same ACL (Access Control List) for packet filtering, blacklist is a more simple method for matching rules, which can achieve high-speed packet filtering, thus effectively filtering packets from specific IP addresses.
Traffic statistics assisted attack protection: Statistics and analysis for session established between internal and external network, which helps network administrators grasp the statistics of various types of network sessions in real-time, and provides a basis for an effective attack protection strategy.
Support URL filtering, to prevent users from accessing unauthorized websites.
Complete user behavior tracking records: Support comprehensive logging, together with H3C iMC UBA (User Behavior Auditor) solution that can enable network administrators easily monitor the behavior of Internet users and ensure the safety operation of the network.
SR6602-X adheres to the high-end design concept to provide users with comprehensive reliability guarantee: in hardware, providing hot swappable redundant power supplies, with AC or DC power input, and ensuring operation in case of single power failure. All interface modules support the hot swappable capability, ensuring uninterrupted services in the case of plug or replace individual modules, and provides hot patching technology to achieve a smooth software upgrade.
Support MPLS TE Fast ReRoute (FRR), with Fast Routing Backup (FRB) features, combined with Bidirectional Forwarding Detection (BFD) functions, to achieve fast link switchover.
Support IP FRR, working with static routing/policy routing/PBR/RIP/IS-IS/OSPF, combined with BFD functions, to achieve fast routing link switchover.
Support IGP fast convergence.
Supports Virtual Routing Redundancy Protocol (VRRP), combined with a BFD fault detection mechanism to achieve fast VRRP switchover. In addition, supporting Virtual Router Redundancy Protocol Extended (VRRPE), multiple virtual routers can achieve load balancing.
Supports OSPF/IS-IS/BGP/MPLS LDP/MPLS RSVP-TE GR (Graceful Restart) functions to achieve nonstop forwarding.
SR6602-X1 | SR6602-X2 | |
Forwarding performance | 240Mpps | |
Fixed Interface | 4 GE optical/electrical Combo | 4 GE optical/electrical Combo +2×10GE SFP+ |
Slot | 1, support FIP-10/20 | |
Service module slots | FIP-10 supports four MIM slot, FIP-20 supports two HIM/MIM slot | |
Memory | Default 2GB, up to 4GB | Default 4GB, up to 4GB |
Flash | 8M | |
USB | 1 | |
AUX | 1 | |
Concole port | 1 | |
In-Band management port | 1 | |
Interfaces | 10GE 10/100/1000BASE-T RJ45 10/100BASE-TX RJ45 100/1000BASE-X SFP E3/CE3 T3/CT3 E1/CE1 T1/CT1 SAE (Synchronous mode) OC3-CPOS OC3-POS OC12-POS OC48-POS OC3-ATM RPR | |
Dimensions (W × D × H) | 440×480×88mm | |
Weight | 12.1kg | |
Rated input voltage | AC Rated voltage range: 100 ~ 240V 50/60Hz DC Rated voltage range: -48 ~-60V | |
Maximum power | 300W | |
Operating temperature | : 0~45℃ | |
Operating humidity | 5~95% (non-condensing) | |
Operating altitude | -60m ~ 4km |
Software Specifications
Function | |
Layer 2 protocol | Dynamic and static ARP Proxy ARP Multicast ARP Gratuitous ARP Ethernet, sub-interfaces VLAN IEEE802.3ad LACP Layer 2 aggregation QinQ termination PPPoE Server PPP MP (Hardware MP in CL2P/CL1P, and software MP in other modules) FR protocol MFR protocol FR switching HDLC protocol POS trunk (POS link aggregation) Layer 3 Ethernet interface LLDP ATM: IPoA, PPPoA server, IPoEoA, PPPoEoA server |
IP services | TCP, UDP, IP Option, IP unnumbered Policy Based Routing Layer 3 Ethernet interfaces binding POS interface binding |
IP routing | Static Routing Dynamic routing protocols: RIPv1/v2, OSPFv2, BGP, IS-IS Route iteration Routing Policy ECMP (Equal Cost Multipath) UCMP (Unequal Cost Multipath) BGP GTSM ISIS MTR (Multitopology Routing) |
IPv4 multicast | IGMPv1/v2/v3 PIM-DM, PIM-SM, PIM-SSM MSDP MBGP Multicast Static Routes Multicast host tracking function |
IP application | DHCP Server/Relay/Client DNS Client NTP Server/Client Telnet Server/Client TFTP Client FTP Server/Client UDP Helper |
IPv6 | Basic features: IPv6 ND, IPv6 PMTU, dual-stack forwarding, IPv6 ACL, DHCPv6 Server/Proxy IPv6 tunnel: manually configured IPv6 tunnel, IPv6-over-IPv4, GRE tunnel, automatic IPv6 over IPv4 tunnel, 6to4 tunnel, ISATAP tunnel, 6PE 6VPE (IPv6 MPLS L3VPN) NATPT Static Routing Dynamic routing protocols: RIPng, OSPFv3, IS-ISv6, BGP4+ IPv6 multicast protocol: MLDv1/v2, PIM6-DM, PIM6-SM, PIM6-SSM |
QoS | Traffic classification: based on port, MAC address, IP address, IP priority, DSCP priority, TCP / UDP port number, protocol type and more Traffic policing: CAR rate limit, granularity configurable Rate limiting based on source/destination address (supporting subnet-based rate limiting) GTS traffic shaping Priority Mark / Remark Queue scheduling mechanisms: FIFO, PQ, CQ, WFQ, RTPQ, CBWFQ Congestion avoidance algorithm: Tail-Drop, WRED LR rate limiting MPLS QoS IPv6 QoS Hierarchical QoS (H-QoS) QPPB (QoS Policy Propagation on BGP) |
Security | ACL ACL acceleration Time-based access control Packet filtering firewall Stateful firewall ASPF TCP attack prevention on local host Control Plane rate limiting Virtual defragment reassembly URPF Web Filtering Hierarchical user management and password protection AAA RADIUS TACACS Portal authentication (supporting collaboration with EAD, portal authentication bypass) PKI certificates SSH 1.5/2.0 RSA IPSec, IPSec multi-instance, IKE BGP/BGP4 + support GTSM Password Control Attack detection and protection |
IP features | NAT, NAT multi-instance, VPN NAT, NAT session log Connection limit GRE tunnel (supporting point to multi-point applications) L2TP tunnel NetStream (supporting v5/v8/v9 packet frames; supporting IPv4, IPv6 and MPLS packets) DVPN (Dynamic VPN) EVI (Ethernet Virtualization Interconnect) |
MPLS | L3VPN: Inter-domain MPLS VPN (Option1/2/3), nested MPLS VPN, Hierarchy PE (HoPE), CE dual homing, MCE, multi-role host L2VPN: VPLS, Martini, Kompella, CCC and SVC mode VPLS / H-VPLS MPLS TE, RSVP TE Multicast VPN |
Reliability | VRRP / VRRPv3 VRRPE (VRRP Extended) MPLS TE FRR (Fast ReRoute) IP FRR (Fast ReRoute): Static Routing/Policy Based Routing/RIP/IS-IS/OSPF IGP fast convergence BFD: Static Routing/RIP/OSPF/ISIS/BGP/VRRP/TE FRR/IPv6 GR: OSFP/BGP/IS-IS/LDP/RSVP In-service Hot patch Hot swappable interface modules, fan modules and power modules |
Management and maintenance | Configuration at the CLI Configuration through the console port Telnet for configuration and remote maintenance through Ethernet port Dialing up for configuration and remote maintenance via Modem through AUX port SNMP v1/v2c/v3 Web management Support RMON (group 1, 2, 3 and 9 MIB) Support system logs Supports hierarchical alarms Supports Ping and Tracert NQA: supporting collaboration with VRRP, policy routing, and static routing Fan status detection, maintenance and alarm Power status detection, maintenance and alarm CF card status detection and maintenance Temperature detection and alarm |
File system | Supports the FAT file system format Support CF card Supports USB external storage devices Support Dual Images |
Uploading and upgrading | Loading/upgrading through the XModem protocol Loading/upgrading through FTP, and TFTP |
The SR6602-X can serve as aggregation router at headquarters. Powerful performance and flexible configuration can provide customers with over 1M large routing table dual stack of IPv4 and IPv6. SR6602-X also provides hardware, and software carrier-class reliability features to ensure network reliability.
SR6602-X comes with independent hardware encryption engine, and also has a powerful multi-core forwarding performance. The IPSec VPN encryption performance can reach up to 8Gbps and up to 6000 tunnels, so it is very suitable to work as IPSec VPN gateway for the financial industry.
· SR6602-X builds IPSec tunnel connections to a large number of branch networks through Internet access, In order to ensure the safety of branch network access. IPSec VPN tunnels are established between each branch and headquarter.
· IPSec tunnels terminate on SR6602-X. Branches connect to the backbone network via IP or MPLS network.
One SR6602-X2 is connected to the education network and carrier network via four fixed GE interfaces respectively, using two fixed 10GE interfaces to connect to the campus network core switches.
SR6602-X2 can provide high performance over 2M concurrent sessions, which can serve as the NAT gateway perfectly for the whole campus network.
SR6602-X2 also features comprehensive IPv6, allowing the education network to deploy dual stack IPv4/IPv6 transition technology, NAT-PT, IPv6 multicast various IPv6 applications easily achieve a smooth transition to IPv6 networks.