ZXR10 5950 GE Intelligent Switch

Product Description
 ZXR10 5950 GE Intelligent Switch Product Description

ZXR10 5950 GE Intelligent Switch Product Description

Version Date Author Reviewer Notes

May 19th, Jiang

V1.0 Yuan Zhiyong First version
2016 Xinhong
Oct. 24th, Jiang
V1.1 Yuan Zhiyong Update based on 5950 feature list.
2016 Xinhong
Nov. 7th, Jiang
V1.2 Update of some physical specifications.
2016 Xinhong
Jan. 12th, Jiang Update the document according to review
V1.3
2017 Xinhong comments.

© 2023 ZTE Corporation. All rights reserved.

ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to be disclosed or used
without the prior written permission of ZTE.
Due to update and improvement of ZTE products and technologies, information in this document is subjected to
change without notice.

ZTE Confidential & Proprietary 1

ZXR10 5950 GE Intelligent Switch Product Description

TABLE OF CONTENTS

1 Overview ............................................................................................................ 2

2 Highlights........................................................................................................... 5
2.1 Diversified Port Combinations .............................................................................. 5
2.2 Flexible Configuration of Hardware Table Items ................................................... 5
2.3 sFlow ................................................................................................................... 6
2.4 ERPS V1.0........................................................................................................... 7
2.5 ZESR ................................................................................................................... 8
2.6 VRRP/VRRPE ..................................................................................................... 8
2.7 EEE Energy Saving ............................................................................................. 9
2.8 Sub-card Hot Swapping ....................................................................................... 9

3 Introduction to Functions ............................................................................... 10

3.1 L2 Functions ...................................................................................................... 10
3.1.1 MAC Address Management ............................................................................... 10
3.1.2 Port Security Protection ..................................................................................... 10
3.1.3 Basic VLAN Functions ....................................................................................... 11
3.1.4 QinQ .................................................................................................................. 12
3.1.5 PVLAN ............................................................................................................... 12
3.1.6 VLAN Translation ............................................................................................... 13
3.1.7 Super VLAN ....................................................................................................... 14
3.1.8 Spanning Tree Protocol ..................................................................................... 14
3.1.9 Link aggregation ................................................................................................ 16
3.1.10 Port Mirroring ..................................................................................................... 17
3.1.11 IGMP Snooping ................................................................................................. 17
3.1.12 ERPS V1.0 (G.8032) .......................................................................................... 18
3.1.13 sFlow ................................................................................................................. 18
3.2 L3 Functions ...................................................................................................... 19
3.2.1 IPv4 Protocols.................................................................................................... 19
3.2.2 VRRP/VRRPE ................................................................................................... 19
3.2.3 DHCP ................................................................................................................ 20
3.2.4 IPv4 Routing Protocol ........................................................................................ 22
3.2.5 IPv6 ................................................................................................................... 25
3.2.6 IPTV................................................................................................................... 27
3.3 Security Control Functions ................................................................................. 28
3.4 SNMP Network Management Functions ............................................................ 28
3.5 QoS of 5950 Series Switch ................................................................................ 30
3.5.1 ZXR10 5950 QoS Implementation ..................................................................... 30
3.6 Reliability Guarantee.......................................................................................... 39

2 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

3.6.1 Switching Main Processing Module Protection ................................................... 39

3.6.2 System Supervision Protection .......................................................................... 39
3.6.3 Network Detection System ................................................................................. 39
3.6.4 Ethernet Intelligent Protection ............................................................................ 40
3.6.5 L3 Route Protection ........................................................................................... 40
3.7 Security and Authentication ................................................................................ 40
3.7.1 ACL.................................................................................................................... 40
3.7.2 Equipment Authentication .................................................................................. 42
3.7.3 Access Security ................................................................................................. 43
3.7.4 Network Security ................................................................................................ 45
3.7.5 Network Traffic Analysis..................................................................................... 47
3.8 Alarm Statistics .................................................................................................. 47
3.9 VSC 2.0 ............................................................................................................. 47
3.10 PoE .................................................................................................................... 47
3.11 Cross-device Link Aggregation (MC-LAG) ......................................................... 48

4 System Structure............................................................................................. 48
4.1 Product Appearance .......................................................................................... 48
4.2 Hardware Structure ............................................................................................ 52
4.2.1 System Hardware Structure ............................................................................... 52
4.2.2 Switching Control Module .................................................................................. 53
4.2.3 Power Supply Module ........................................................................................ 55
4.2.4 Interface Module ................................................................................................ 56
4.2.5 Fan Module ........................................................................................................ 56
4.3 Software Structure ............................................................................................. 57
4.3.1 Introduction to Structure ..................................................................................... 57
4.3.2 Software Features.............................................................................................. 58
4.3.3 Network Management and O&M Subsystem...................................................... 60

5 Technical Specifications ................................................................................. 60

5.1 Physical Specifications....................................................................................... 60
5.2 Basic Specifications ........................................................................................... 64

6 Networking Modes .......................................................................................... 68

6.1 Enterprise Network/Community Network Applications ........................................ 68
6.2 L2 Access Application ........................................................................................ 69

7 Abbreviations .................................................................................................. 69

ZTE Confidential & Proprietary 3

ZXR10 5950 GE Intelligent Switch Product Description

FIGURES

Figure 2-1 SFlow frame ...................................................................................................... 7

Figure 3-1 First In First Out Queuing ..................................................................................32
Figure 3-2 Strict Priority Queuing .......................................................................................33
Figure 3-3 Weighted Round Robin Queuing ......................................................................34
Figure 3-4 Deficit Weighted Round Robin Queuing ............................................................34
Figure 3-5 Basic processing procedure of CIR implementing traffic control ........................36
Figure 3-6 TS basic processing .........................................................................................37
Figure 3-7 QoS processing ................................................................................................38
Figure 4-1 ZXR10 5950-36TM front panel..........................................................................48
Figure 4-2 ZXR10 5950-36PM front panel .........................................................................48
Figure 4-3 ZXR10 5950-60TM front panel..........................................................................49
Figure 4-4 ZXR10 5950-60PM front panel .........................................................................49
Figure 4-5 ZXR10 5950-36CM front panel .........................................................................49
Figure 4-6 ZXR10 5950 system hardware principle diagram ..............................................53
Figure 4-7 5950-36TM/5950-60TM back panel power board..............................................55
Figure 4-8 5950-36PM/5950-60PM back panel power board .............................................55
Figure 4-9 8-port 10GE interface board diagram ................................................................56
Figure 4-10 New-generation ZXROS 5.0 software platform system diagram .....................57
Figure 6-1 MAN networking ...............................................................................................68
Figure 6-2 L2 access application........................................................................................69

4 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

TABLES

Table 4-1 ZXR10 5950-36TM/5950-36PM/5950-60TM/5950-60PM/5950-36CM front panel

FE electrical interface board features ...................................................................................50
Table 4-2 ZXR10 5950 series switch panel indicators ........................................................50
Table 4-3 Optical electrical interface features ....................................................................50
Table 4-4 Main Processing Unit principle diagram .............................................................55

ZTE Confidential & Proprietary 1

ZXR10 5950 GE Intelligent Switch Product Description

1 Overview
ZXR10 5950 series product is all-GE intelligent Ethernet switch promoted by ZTE to fully
meet the demands in secure IP switching, all-GE network and high QoS guarantee. This
series switch provides complete IPv4 and IPv6 routing protocols, VLAN control, all-GE
traffic switching, QoS guarantee, traffic limit, 802.1X secure access, anti-virus capability,
as well as complete service control and user management capability. These intelligent
features make it suitable all-GE aggregation L3 switch in the all-GE office network, all-GE
service network, and premise network that focus on service management control and
network security assurance abilities.

ZXR10 5950 series high/medium-end all-GE intelligent routing switch product is mainly
positioned at the access or aggregation layer of the enterprise network and broadband IP
MAN, providing medium/low-density all-GE Ethernet ports. It’s perfect as the user side
access equipment in informatized intelligent community, office building, hotel, campus
and enterprise network (government network), or the aggregation equipment in the
medium network. It can provide users with high-speed, efficient, and cost-effective
aggregation solution. It can use different optical and electrical port combinations based
on the practical needs to implement aggregation; so that it’s very suitable to work as the
all-GE network aggregation and access equipment in large enterprise, high-level
community, hotel, and university campus network.

ZXR10 5950 series switch includes 5 models: 5950-60TM, 5950-36TM, 5950-60PM,

5950-36PM, and 5950-36CM.

ZXR10 5950 series intelligent secure Ethernet switch has the following features:

 Carrier-class reliability

 Support out-built power supply redundancy and board hot-swapping with

physical layer redundancy.

 Support LACP and route load sharing with protocol layer redundancy.

 Support multiple network reliability protection technologies of

VRRP/ZESR/STP/RSTP/MSTP/LACP.

2 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

 Use ZTE patented technology – ZESR (ZTE Ethernet Smart Ring) to

implement Ethernet ring protection.

 Support VSC 2.0 (Virtual Stacking Cluster), make multiple switches into a
Cluster system, expand the overall switching capacity and port density, make
combinations based on the demands, provide super powerful scalability and
easy management.

 Use ZTE ROSNG distributed large routing platform, provide good upgrade
capability, protect the customer’s prior investment, and meet the customer’s
potential demands in new functions in the future.

 Complete protocol supporting capability and route supporting capability

 Support complete L2 protocols and IPv4/IPv6 routing protocols; be competent

in various complicated network environment.

 Support 802.1x user authentication accounting; support RADIUS and 802.1x

transparent transmission.

 Support 4k 802.1q based standard VLAN; support PVLAN, QinQ, Selective

QinQ, and Super VLAN.

 Support IPv4/IPv6 dynamic routing protocol, including RIP v1/v2/v3, OSPF

v2/v3, BGP-4/BGP4+, and IS-IS/IS-IS v6.

 Support PIM-SM, PIM-DM, PIM-SSM and IGMP multicast routing protocol.

 Support complete controllable multicast protocol; support IGMP

Snooping/Filter/Fast Leave/Proxy; support IGMP v1/v2/v3; support CAC
channel access control, PRV channel preview, CDR call statistics, multicast
VLAN registration, and multicast service management.

 Powerful security and QoS performance

 Use industry leading ASIC hardware forwarding to guarantee the wire-speed

forwarding and filtering capability of the port.

ZTE Confidential & Proprietary 3

ZXR10 5950 GE Intelligent Switch Product Description

 Provide complete QoS strategy and multiple queue scheduling algorithms;

support Tail Drop and port traffic shaping; provide 8-level priority queue, and
packet coloring.

 Support IEEE 802.3 traffic control, and CAR (Committed Access Rate); GE
port traffic limit granularity is 10kbit/s; and 10G port traffic limit granularity is
100kbit/s.

 Support powerful hardware ACL functions; provide ACL based on VLAN, L2,
L3, L4, and hybrid ACL; support ACL time division.

 Support MAC address binding, MAC address filtering and broadcast storm
suppression.

 Support anti-DDos attack features such as LAND attack detection, SYN Flood
(TCP SYN) Detection, Ping Flood (ICMP Echo) Detection, Ping of Death
Detection, Teardrop attack detection, and URPF; support CPU anti-attack
protection, CPU overload protection, Spanning Tree Root Guard, BPDU attack
protection, and ARP attack protection.

 Support uRPF unicast reverse route detection, and anti-source address

spoofing attack

 Support OSPF/RIP/BGP/IS-IS MD5 cipher text check.

 Support IP source Guard.

 Simple and Unified network management functions

 Support RFC1213 SNMP (Simple Network Management Protocol).

 Support ZGMP (ZTE Group Management Protocol).

 Inband network management can use Telnet based configuration

management (CLI command line interface) or SNMP based configuration
management (graphical interface); support ICT Web network management.

4 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

2 Highlights

2.1 Diversified Port Combinations

ZXR10 5950 supports multiple uplink expanded card. It provides high-density GE/10GE
uplink interfaces; and supports 2*40G stacking ports. 5950 series switch has the front
panel with 4 fixed 10GE SFP+ optical ports; and the back panel with an expanded slot,
which meet the practical needs in bandwidth upgrade of different customers to protect
their investment.

The expanded card types are as follows:

1. 8-port 10G optical expanded card

2. 8-port 10G electrical expanded card

3. 8-port GE optical expanded card

4. 8-port GE electrical expanded card

5. 2-port 40GE expanded card

6. 2-port 40GE stacking expanded card

2.2 Flexible Configuration of Hardware Table Items

ZXR10 5950 supports flexible hardware forwarding table item distribution. L2 and L3
hardware table items are preset. Users can select different configuration based on
practical needs. Thus it can meet diversified needs in switch table item of different users
and suit wider application scenarios. ZXR10 5950 supports the following flexible
configurations:

1. When ZXR10 5950 works as L2 access device, it can support up to 64K MAC and
provide large-capacity MAC table items based on the practical scenario.

ZTE Confidential & Proprietary 5

ZXR10 5950 GE Intelligent Switch Product Description

2. When ZXR10 5950 works as L3 device, it can be configured as big route to support
up to 120K segment routes.

2.3 sFlow

With the continuous development of network service application in business environment,

the network scale is getting larger. The network devices keep increasing and the network
traffic becomes more complicated. Thus the maintenance cost of the network services
become higher. How to effectively manage the network devices and how to take
real-time monitoring and analysis of the actual traffic in the network has become one of
the key problems that the operators pay much attention to. At present, the equipment
vendors have provided multiple network traffic monitoring technologies, which however,
are privately owned or supported only by dedicated hardware.

sFlow is the IETF standard traffic monitoring technology. It has low hardware
requirements, less equipment resource consumption and high technical commonality, so
it is now used by multiple vendors.

sFlow service mainly consists of three parts: sFlow message sampling unit, sFlow proxy
unit and sFlow collector (or named as analyzer ). The sampling and proxy units of sFlow
are integrated in the network equipment; while sFlow collector which analyzes messages
of multiple sFlow proxies is out of the system structure. The entire basic system
architecture is as shown in the following figure:

6 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Figure 2-1 SFlow frame

sFlow sampling unit is the basis of sFlow mechanism. sFlow samples network packets at
the network interface supporting sFlow and sends sampled packets to sFlow proxy
equipment for processing. sFlow Collector is the network equipment sFlow uses to
manage, monitor, collect and analyze. It stores and analyzes network packets from
sFlow proxies, and gives equipment traffic and service analysis reports and tables.

2.4 ERPS V1.0

ERPS (Ethernet Ring Protection Switching) is a link layer protocol specially used in
Ethernet ring. It can prevent broadcast storm caused by data loop in an Ethernet ring.
When one link is disconnected in the Ethernet ring, it can enable the standby link rapidly
to restore communication between the nodes on the Ethernet ring. Compared with STP,
ERPS protocol has the following features: typology convergence is fast (less than 50ms);
and convergence time is unrelated to the number of nodes on the Ethernet ring.

ZTE Confidential & Proprietary 7

ZXR10 5950 GE Intelligent Switch Product Description

2.5 ZESR

ZTE Ethernet Smart Ring (ZESR) based upon EAPS principle of RFC3619 protocol
makes some progresses. It makes sure if the ring works smoothly. Also it confirms
there’s only one logic smooth path between two nodes. The port status can be changed
between block and forward status according to the situation of the ring (through-break,
break-through), which enables fast switchover of the logical path.

ZESR is suitable for multi-ring and multi-domain. Multi-ring has multiple layers in network
topology. Each layer is a ring. The lower layer access ring has two access points through
which it’s connected with the higher layer access ring. The network topology is
considered as an independent ring. The ring tangent to it is not a part of it, but a part of
another. The ring of the highest layer is called the primary ring and the others are access
rings. Multi-domain have multiple protection instances on one ring, which are for different
service VLANs respectively. They have different logic paths which are independent from
each other.

2.6 VRRP/VRRPE

Usually the host in a broadcast domain sets a default gateway as the next hop of the
routing data packets. When the default gateway fails, the host cannot communicate with
the hosts in other networks. To prevent the single point failure caused by the default
gateway, multiple router interfaces in the broadcast domain can be configured with
VRRP (Virtual Router Redundancy Protocol) running on it.

VRRP put multiple router interfaces in one broadcast domain into one group, make it a
virtual router, and distribute an IP address to it as the interface address of the virtual
router. The interface address of the virtual router could be the address of one router
interface, or a third party address. The virtual address can be available only when it’s in
the same segment with the physical interface.

If we use a router interface address, the router that owns the IP address works as the
primary router. Others work as backup. If we use the third party address, the router with
the higher priority becomes the primary router. If two routers have the same priority, the
one with the bigger physical interface IP address works as the primary.

8 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

The host in the broadcast domain set the IP address of the virtual router as the gateway.
When the primary router fails, the router with the highest priority among the backup is
selected to take the place, which has no impact on the host in the domain. The host in
the domain cannot communicate with the outside only when all routers fail in the VRRP
group.

ZXR10 5950 supports putting the routers into multiple groups and make them backup for
each other. The host in the domain uses different IP addresses as the gateway to
implement data load balancing.

VRRPE is enhanced VRRP. It supports load balancing of multiple devices in one backup
group.

ZXR10 5950 supports VRRPE.

2.7 EEE Energy Saving

IEEE802.3az is the standard energy saving specifications officially approved by IEEE

(Institute of Electrical and Electronic Engineers). The three letters of E stand for Energy,
Efficient, and Ethernet. If the hardware equipment supports the standard, it can reduce
the consumption at both ends of network connection in Internet usage or Ethernet idle
period. Normal power supply is restored when it begins normal data transmission.

ZXR10 5950 series switch supports EEE energy saving which conforms with
IEEE802.3az standard. If a switch interface is idle during a period of time, the system will
put the port into energy saving mode. It can wake up the port to restore the services
when there’s packet transmission or receiving. In this way it can save energy and save
the customer’s investment.

2.8 Sub-card Hot Swapping

ZXR10 5950 series switch supports hot swapping of fan and power supply. It supports
hot swapping of the expanded sub-cards of the same type at the same time. Thus is can
implement service traffic recovery after sub-card swapping with no configuration loss.

ZTE Confidential & Proprietary 9

ZXR10 5950 GE Intelligent Switch Product Description

3 Introduction to Functions

3.1 L2 Functions

3.1.1 MAC Address Management

As all forwarding tables of ZXR10 5950 are closely associated with MAC addresses,
MAC management module maintains MAC address learning and completes the following
management functions:

 MAC address binding: Bind specific MAC address to switch port. After binding, the
MAC address will not be dynamically learned. So user physical location can be
limited and important MAC address can be protected.

 MAC address filtering: After receiving the packets with particular source or
destination MAC addresses, the switch discards some packets to filter some
undesired users.

 MAC address number limit: The switch can configure MAC address number limit of
the designated ports to control the user number of the ports, and prevent system
resources from running out when the ports suffer from DOS attack.

 Burned-in MAC address: 5950 can burn in address at some important physical
ports in stable network (such as uplink port), so as to avoid network disconnection
caused by key MAC address spoofing.

 MAC address multi-angle display: Display and statistics of VLAN table in multiple
angles of VLAN, port, static and dynamic aspects, provide network diagnosis, and
maintain stable network operation.

3.1.2 Port Security Protection

ZXR10 5950 port security protection includes the following functions:

10 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

 It supports port traffic control, broadcast storm suppression, and jumbo frame
permission. It can implement rate negotiation to effectively control port data traffic,
prevent network congestion, and guarantee normal network service operation.

 It supports line diagnosis, analysis and test. It can check whether the lines and line
connections are abnormal. It can find the accurate location of the line failure, which
facilitates network management and failure locating.

 It supports loop detection of some ports or all ports. The default is no detection. Port
loop detection can check the loop of the user or the switch connected to the port,
take corresponding processing, prevent the anomalies such as switch broadcast
storm, and limit the impact within the port.

 It supports VLAN based loop detection. It can take loop detection of not only the
VLAN that the port PVID locates at, but also the VLAN designated by the user at the
port. A port can support up to 8 VLAN loop detection at the same time.

3.1.3 Basic VLAN Functions

VLAN protocol, a basic protocol of L2 switching equipment, enables the administrator to

divide one physical LAN into several VLAN. VLAN reduces network broadcast storm and
increases network security and centralized management control.

Each VLAN has one VLAN ID which uniquely identifies the VLAN. Each VLAN is logically
an independent LAN. All frame traffic in one VLAN is restricted within the VLAN. Several
VLANs share the switching equipment and links of physical LAN. Cross-VLAN access is
implemented through L3 forwarding, which will improve network performance and reduce
the entire traffic in physical LAN.

According to 802.1Q VLAN protocol, VLAN is represented by 12-bit, limiting VLAN within
4096 in number, which restricts some practical applications. 5950 series switch has four
extension modes: QinQ, PVLAN, VLAN translation, and L3-related Super VLAN.

ZXR10 5950 series switch supports 802.1Q VLAN. The untagged packet can be added
with VLAN tag based on subnet, protocol and port to support a wide variety of VLAN
features.

ZTE Confidential & Proprietary 11

ZXR10 5950 GE Intelligent Switch Product Description

3.1.4 QinQ

QinQ with the multilayer VLAN tag stack refers to tunnel protocol based on 802.1 Q
encapsulation. The core idea is to encapsulate private network VLAN tag to public
network VLAN tag; the message with double-layer tag goes through backbone network
to offer the user with a simple L2 VPN tunnel. QinQ, a simple and manageable protocol,
does not need protocol message. It can be statically configured. It is applied to
convergence-layer switch which can use QinQ (with double tags) to increase VLAN
number in metro network.

3.1.5 PVLAN

When all servers are in one subnet, the server only communicates with its default
gateway. The new VLAN feature is called Private VLAN (Private VLAN). In the concept of
Private VLAN, there are three types of switch ports: Isolated port, Community port, and
Promiscuous port. They are corresponding to different VLAN types respectively: Isolated
port belongs to Isolated PVLAN; Community port belongs to Community PVLAN, and
Primary VLAN represents overall Private VLAN. The first two VLANs need to be bound
with it. At the same time, the Primary VLAN includes Promiscuous port. In Isolated
PVLAN, Isolated port can only communicate with Promiscuous port and they cannot
exchange packets with each other. In Community PVLAN, Community port can not only
communicated with Promiscuous port but also exchange packets with it. Promiscuous
port is connected with router or L3 switch interface. The traffic it receives can be
transported to isolated port and Community port.

PVLAN can effectively ensure the communication security of the accessed network data.
The user is connected only to his default gateway. Without several VLAN or IP subnets,
one PVLAN can provide the connection with L2 data communication security. All users
can access PVLAN to connect default gateway without any access to other users in the
PVLAN. PVLAN ensures that the ports in one VLAN cannot communicate with each
other, but the services can go through Trunk port. Thus, the users in one VLAN will not
affect each other because of service broadcast.

12 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

3.1.6 VLAN Translation

VLAN translation is an extension of VLAN function. If a port of the switch starts VLAN
translation, the data stream from the port must be tagged packet. VLAN based on MAC is
specially for UNTAG packets so that this type of VLAN cannot implement VLAN
translation. VLAN translation uses PORT plus VLAN ID in tagged packet as the index to

search in MAC – VLAN table and get a new VID, then the data stream is switched in the

new VLAN to translate data from one VLAN to the other.

VLAN translation can be configured in ZXR10 5950 series switch. In addition to the basic
single tag conversion, 5950 can use VLAN translation and SVLAN to fulfill the following
functions:

 If the incoming packet is single tagged, outer tag can be added according to policy;
policy-based mapping or one-to-one mapping can be configured.

 If the incoming packet is single tagged, inner tag can be modified and outer tag can
be added according to policy; policy-based mapping or one-to-one mapping can be
configured.

 If the incoming packet is double tagged, outer tag can be deleted according to
policy

 If the incoming packet is double tagged, outer tag can be deleted and inner tag can
be modified according to policy; policy-based mapping or one-to-one mapping can
be configured.

 If the incoming packet is double tagged, outer tag can be modified according to
policy; policy-based mapping or one-to-one mapping can be configured.

 If the incoming packet is double tagged, inner tag can be modified according to
policy; policy-based mapping or one-to-one mapping can be configured.

 If the incoming packet is double tagged, both inner and outer tag can be modified at
the same time according to policy; policy-based mapping or one-to-one mapping
can be configured.

ZTE Confidential & Proprietary 13

ZXR10 5950 GE Intelligent Switch Product Description

3.1.7 Super VLAN

Super VLAN can make the hosts, which are in the same physical switching equipment
but in different virtual broadcast domains, to locate in one IPv4 subnet and use one
default gateway. In one large-scale switching LAN, the mechanism has several
advantages over the traditional IPv4 addressing system. The biggest advantage is to
save address space occupancy in IPv4 system.

Super VLAN and sub VLAN can be used to divide VLAN again. One or several sub
VLANs belong to one Super VLAN and use its default gateway IP address.

Super VLAN is a software function. Ethernet ASIC chip is transparent to the function and
switches data according to software module VLAN setting. Super VLAN does not need
protocol message. It can be statically configured in ZXR10 5950.

3.1.8 Spanning Tree Protocol

STP (Spanning Tree Protocol) mainly establishes and maintains the network topology,
eliminates network broadcast storm caused by loops, and provides network topology
redundancy backup. Its basic idea is to generate a “tree” whose root is a switch called
Root Bridge. Different switches could be selected as Root Bridge based on different
settings, but there’s only one Root Bridge at any time. A tree is formed starting from the
root. The Root Bridge transports configuration packets regularly. Each switch that
receives the packets updates them based on its configuration and the network topology
structure it maintains and distributes them to other ports. When a switch receives
configuration packets from two or more ports, there must be loop in the network. At this
time, the switch keeps one port in the state of forwarding and set others to blocked state.
In this way the loop can be eliminated. When a port hasn’t received any configuration
packets in a long time, the switch considers the port configuration is timeout. The
network topology may have changed. So the network topology will be re-calculated and a
new tree will be generated.

RSTP (Rapid Spanning Tree Protocol) is an optimized version of STP. ZXR10 5950
Ethernet switch supports the protocol. It’s “rapid” because the delay of root port and the
designated port entering the state of forwarding is greatly shortened during the change of
network equipment and link change, which shortens network topology adjustment time
before it restores stability.

14 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

MSTP (Multiple-instance Spanning Tree Protocol) introduces the concept of domain. It

divides a big switching network into several domains, each of which implement STP with
multiple instances. In this way the expansion capability and stability of the STP is
increased. When STP in a domain changes, the changes are only transported in the STP
in the domain without affecting other domains. Thus re-calculation of STP topology of the
entire network can be avoided. At the same time, MSTP has cognitive ability of VLAN. It
can bind multiple VLANs into one instance. Different VLANs go through different
forwarding paths so that resource occupancy can be reduced and load balancing can be
realized.

RSTP supports BPDU guard, root guard, and loop guard:

BPDU guard: On access layer device, the access ports are usually connected to the user
terminal (such as PC) or a file server. At this time the access ports are set as edge ports
to implement the quick transfer. When the ports receive configuration messages (BPDU
packets), the system will automatically set the ports as non-edge ports, re-calculate STP,
and lead to network topology oscillation.

RSTP provides BPDU protection to prevent the attacks. When BPDU protection is
initiated on the switch, if the edge port receives configuration messages, the system will
shut down the ports and notify the NMS that the ports are shut down by RSTP. The ports
shut down can only be recovered by the network administrator.

ROOT guard: In the network, when Root Bridge receives a BPDU packet with high
priority, it will not work as Root Bridge any longer, which will cause network topology
change and data forwarding interruption. To protect Root Bridge from attacks, root guard
can be enabled on the port. When the port receives packet with high priority, it will turn to
the state of listen and won’t transport data packets any more. It will restore automatically
to normal state in 30 seconds. In this way, frequent switching of Root Bridge is
successfully avoided.

Loop guard: loop guard can prevent loop caused by link unidirectional link failure. When
loop guard is enabled on the port, if the port hasn’t received BDPU packets in the
specified time, it switches its state to loop-inconsistent blocking instead of listening,
learning, or forwarding. STP will consider physical link failure occurs at the port. The port
will return to normal state when it receives BPDU packets.

ZTE Confidential & Proprietary 15

ZXR10 5950 GE Intelligent Switch Product Description

ZXR 5950 supports STP, RSTP, and MSTP.

3.1.9 Link aggregation

Link aggregation means that physical links with the same transport medium and
transport rate are bound and logically look like a link. Link aggregation greatly increases
the bandwidth of peer physical links between switches or between switch and server.
Therefore, it is an important technology to increase link bandwidth and create link
transmission resilience and redundancy. Link aggregation can create multiple-gigabit
connection in GE, and logic link with faster transport in FE. Meanwhile, link aggregation
has good protection. When a fault occurs, the traffic in the trouble links will be switched
quickly to normal links of the aggregation.

ZXR10 5950 supports link aggregation protocol LACP defined in IEEE802.3ad; supports
link aggregation of GE, and 10G ports.

ZXR10 5950 is configured with link aggregation; following these principles (apply to
LACP):

 128 trunk groups can be configured, each of which contains up to 8 member ports.

 The mode of member port could be access, trunk, or hybrid but should be
consistent.

 In stacking it supports cross-device port aggregation. The member ports can be on

different stacking devices. However, the selected port must work in full duplex with
the consistent working rate.

LACP (Link Aggregation Control Protocol) can dynamically aggregate several physical
ports into a Trunk group to form one Smartgroup port. LACP automatically aggregates to
get the maximum bandwidth. LACP can implement static aggregation and dynamic
aggregation. Static LACP integration needs manual configuration. Dynamic LACP
aggregation adds port into the aggregation group dynamically through the protocol.

ZXR10 5950 supports Smartgroup (port aggregation) parameter configuration. It can

implement traffic load sharing in the following ways (for static aggregation):

 Based on source MAC address, VLAN, Ethertype, and ingress

16 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

 Based on destination MAC address, VLAN, Ethertype, and ingress

 Based on source and destination MAC address, VLAN, Ethertype, and ingress

 Based on source IP address, source TCP or UDP port number

 Based on destination IP address, destination TCP or UDP port number.

 Based on source and destination IP address, source and destination TCP or UDP
port number

ZXR10 5950 also supports global mode, that is to say, it can implement load sharing in a
smartgroup based on different parameters of IPv4 or IPv6 so as to make more uniform
distribution of the service traffic in smartgroup.

Besides port link aggregation on itself, ZXR10 5950 also supports MC-LAG
(Multi-Chassis Link Aggregation Group).

3.1.10 Port Mirroring

Port mirroring can automatically copy the traffic of one port to another port so that
network administrator makes real-time analysis on port traffic when he solves network
issues. It provides network administrator with a monitoring measure. For ZXR10 5950,
any port can be configured as mirroring port; the ports at different rate can mirror to each
other; many-to-one mirroring is also supported. The equipment also supports
simultaneous mirroring of several mirroring groups. It supports the mirroring as following:

 Mirroring between ports with different rates;

 Mirroring of multiple ports to one port;

 Many-to-one mirroring based on flow and ACL.

3.1.11 IGMP Snooping

IGMP Snooping (Internet Group Management Protocol Snooping) is the multicast

restraint mechanism run on link layer to manage and control multicast group. IGMP
Snooping maintains the correspondence relation between multicast address and VLAN

ZTE Confidential & Proprietary 17

ZXR10 5950 GE Intelligent Switch Product Description

table by snooping the IGMP messages between users and the router. When it detects
IGMP host report message transmitted by the host, the switch adds it to the
corresponding multicast table. When it detects IGMP leave message transmitted by the
host, the switch deletes the corresponding multicast address. It maps the active
members in one multicast group into a VLAN. It transmits multicast data packets only to
the corresponding VLAN members when it receives them. The multicast packets will be
broadcasted at L2 if IGMP Snooping is not initiated.

When IGMP Snooping is imitated on ZXR10 5950, the multicast packets will be
transmitted at L2. When IGMP Snooping is not initiated, the multicast packets will be
broadcasted at L2.

3.1.12 ERPS V1.0 (G.8032)

ERPS (Ethernet Ring Protection Switching) is an L2 ring protection protocol standard

defined by ITU-T with the number of ITU-T G.8032, thus it’s also called as G.8032. It
defines RAPS (Ring Auto Protection Switching) protocol packets and protection
switching system.

ERPS standard protocol absorbs the advantages of STP ring protection technology, and
optimizes its detection system with its convergence time reaching millisecond level.

ZXR10 5950-L supports ERPS V1.0, only supports all devices in single ring topology.
The switchover time is from 280ms to 350ms when 4 pieces of ZXR10 5950-L device in a
single ring.

3.1.13 sFlow

sFlow (Sampled Flow) is a network traffic monitoring technology based on packet

sampling. It’s mainly used to take statistical analysis on the network traffic. sFlow
provides traffic analysis based on port. It brings great convenience to users’ daily
inspection and maintenance. The equipment that supports sFlow only implements packet
sampling and the data analysis is completed by the remote collector.

18 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

3.2 L3 Functions

3.2.1 IPv4 Protocols

 IP: It transmits IP packets at network layer; provides error control, IP options, TOS,
fragment reassembling, and security services. IP module provides local delivery
and route forwarding of IP packets; and implements upper layer protocol
encapsulation and distribution.

 ARP: It provides MAC address translation from IP to MAC address. ARP packets
are directly encapsulated by link frame (Ethernet frame in this system) but it’s
closely connected with IP. With ARP packets, MAC address corresponding to the IP
address can be obtained.

 ICMP: It controls or transmits error messages. ICMP packets are encapsulated by

IP packets, and closely connected with IP layer. It’s the part that must be
implemented by IP layer protocol. It works to receive ICMP error messages; submits
them to the proper network layer for processing; responds to ICMP request packets;
and constructs ICMP packets and transmits them upon the request of IP layer or
transmission layer.

 IP routing table management: It mainly implements operation and maintenance of

routing table. It provides the routing protocol with operation interfaces of routing
table generation, update and deletion. It provides route and searches related
operation interfaces for IP layer routing.

 TCP: It processes the TCP packets from IP basic protocol module by transmitting
TELNET and BGP packets to the corresponding processing module.

 UDP: It processes UDP data units from IP by transmitting RIP, SNMP, and DHCP
data packets to the corresponding processing module.

3.2.2 VRRP/VRRPE

Usually the host in a broadcast domain sets a default gateway to work as the next hop of
the routing data packets. When the default gateway fails, the host in this broadcast

ZTE Confidential & Proprietary 19

ZXR10 5950 GE Intelligent Switch Product Description

domain cannot communicate with the hosts in other networks. To prevent the single point
failure caused by the default gateway, multiple router interfaces can be configured in a
broadcast domain and VRRP (Virtual Router Redundancy Protocol) can be operated on
the router.

VRRP puts multiple router interfaces in one broadcast domain into one group, makes it a
virtual router, and distributes an IP address to as the interface address of the virtual
router. The interface address of the virtual router could be the address of one router, or
the address of a third party. The address can be available only when it’s in the same
segment with the physical interface address.

If the interface address of a router is used, the router with the IP address is taken as the
primary one. The others are taken as the backup. If the address of a third party is used,
the router with the higher priority is taken as the primary router. If two routers have the
same priority, the one with bigger physical interface IP address becomes the primary.

The IP address of the virtual router is set as the gateway on the host in the broadcast
domain. When the primary router fails, the router with the highest priority among the
backup takes the place, which has no effect on the host in the domain. The host in the
domain cannot communicate with the outside only when all routers fail in the VRRP
group.

ZXR 10 5950 can put these routers into multiple groups and make them backup for each
other. The host in the domain use different IP addresses as the gateway to implement
data load balancing.

VRRPE (Virtual Router Redundancy Protocol Enhancement) is enhanced VRRP. It

supports load balancing of multiple devices in one backup group.

ZXR10 5950 supports VRRPE.

3.2.3 DHCP

DHCP (Dynamic host configuration protocol) can let a host in the network to obtain an IP
address and the related configuration information from a DHCP server, which enables it
to implement normal communication.

20 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

DHCP uses UDP as the transmission protocol. The host transmits messages to port 67
to DHCP server, which returns the message to port 68 of the host. DHCP works in the
following steps:

1. The host transmits a broadcast packet DHCP Discover requesting for IP address
and other configuration parameters.

2. DHCP server returns a unicast packet DHCP Offer containing an effective IP

address and the configuration.

3. The host selects the server which DHCP Offer firstly arrives at, and transmits a
broadcast packet DHCP Request to it, indicating that it accepts the related
configuration.

4. The selected DHCP server returns a acknowledgement unicast packet DHCP Ack.

So far the host can use the IP address and the related configuration obtained from the
DHCP server to communicate.

DHCP server distributes three types of IP addresses to the host:

1. The administrator distributes an IP address to a certain host;

2. Randomly distribute the address to the host for permanent use.

3. Randomly distribute the address to the host for a period of time.

The 3rd way is usually used. The valid time period of the address is called lease period.
The host must request to renew to the server before it’s due. It can keep using the
address when the server approves. Otherwise it should unconditionally give up the
address.

The early DHCP only suits the situation where DHCP Client and Server locate in one
subnet. It cannot be used when the Client or Server work cross the segment. Thus each
subnet needs a DHCP Server to implement dynamic host configuration, which is not
economical. The introduction of DHCP Relay solves this problem. The DHCP Client in
LAN can communicate with DHCP Server with other subnet through DHCP Relay and
finally get a legal IP address. In this way, DHCP Client in multiple networks can use one

ZTE Confidential & Proprietary 21

ZXR10 5950 GE Intelligent Switch Product Description

DHCP Server. So the cost is saved and the centralized management can be
implemented.

ZXR10 5950 can work as both DHCP Server and DHCP Relay to forward DHCP
messages. But one interface cannot use two functions at the same time.

DHCP facilitates IP address distribution. However, the wide application of DHCP Server
brings some problems. First of all, DHCP Server permits the existence of multiple DHCP
Servers in one subnet, which means the administrator cannot guarantee that DHCP
Client can only obtain the legal IP address from the DHCP Server set by him instead of
obtaining IP address from some illegal DHCP Servers built by some users. Second; in
the subnet with DHCP Server deployed, the host with legal IP address, mask and
gateway designated can also get normal access to the network. However, DHCP Server
still may distribute the IP address to other hosts, which may cause address conflict and
influence the normal distribution of IP addresses. To solve the above problems, ZXR 10
5950 uses DHCP Snooping to prevent setting of DHCP Server in the network. At this
time the port connected to DHCP Server must be set as trust port. Besides, it can works
with dynamic ARP to prevent illegal IP address from binding with MAC address so that it
can make sure that DHCP Server can normally distribute IP addresses.

3.2.4 IPv4 Routing Protocol

3.2.4.1 Static Route

Static route: The network administrator designates the route information in the routing
table by configuring commands. It doesn’t establish routing table based on routing
algorithm as dynamic route. When dynamic route is configured, sometimes the route
information of the entire Internet should be transmitted to a router, which makes it hard
for the router to bear the load. Then static route can be used to solve the problem.

With static route, only few configurations can avoid dynamic route. But static route
configuration will be complicated in the routing environment with multiple paths.

3.2.4.2 RIP

ZXR10 5950 series switch supports the following RIP functions:

22 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

 Transmit and receive RIP messages according to the protocol, check message
correctness and verify its identification.

 Support RIPV1/V2, plain text authentication and MD5 authentication, and route
reallocation.

 Support RIP route aggregation.

 Support configuration of RIP route priority and RIP neighbor.

 Support route filtering.

3.2.4.3 OSPF

OSPF is the IETF-developed internal gateway protocol (IGP) based on link status and
Shortest Path First (SPF) algorithm. OSPF can converge routing table in a short time,
and prevent loop, which is vital to mesh networks or different LANs connected via several
bridges. Each device running OSPF maintains one unified database describing
autonomous system topology structure. The database includes such information as
partial status of each device, e.g., available interfaces and neighbors, connected network
status and external route of autonomous system. OSPF uses link status algorithm to
calculate the shortest path from each area to all destinations. When the equipment
begins to work or any route changes, the equipment configured with OSPF diffuses LSA
to all equipments in one area. LSA includes link status and neighbor association
information of the equipment. The information from LSA forms link status database. All
equipments in the area use one specific database to describe topology structure in the
area.

ZXR10 5950 series switch supports OSPF v1/v2.

3.2.4.4 IS-IS Protocol

Intermediate System to Intermediate System (IS-IS) route protocol, the representation of

router OSI model, is used for TCP/IP-based IP network. It can easily perform the
extension, mainly IPv6. IS-IS system consists of two layers: backbone layer (L2) and
area layer (L1). One router is in only one area. L1 router only knows the topology in its

ZTE Confidential & Proprietary 23

ZXR10 5950 GE Intelligent Switch Product Description

area. All traffic to other areas is sent to the nearest L2 router. L2 router must form the
backbone, similar to OSPF backbone area 0.

ZXR10 5950 series switch supports IS-IS.

3.2.4.5 BGP

ZXR10 5950 series switch supports BGP, including the following functions:

 MD5 authentication

 Route re-allocation

 Graceful Restart

 Multi-hop eBGP

 Group attributes and route reflector

 Ally and route oscillation suppression

 Control route reallocation and route filtering through RouteMap route mapping.

3.2.4.6 Policy Routing

ZXR10 5950 switch supports policy routing, which performs data packets forwarding
based on the policy designated by the user. Policy routing implements traffic engineering
to a certain extent, leading the flows of different service quality or data of different types
(such as voice and FTP) to different paths.

3.2.4.7 Multicast Routing Protocol

Multicast is an MP2MP communication, by which multiple receivers receive the same

messages sent by one source at the same time. IP multicast can effectively save network
bandwidth and reduce network load. The applications based on multicast are video
conference, remote teaching, and software distribution.

24 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Multicast protocol includes group member management protocol and multicast routing
protocol. Group member management protocol is used to manage the joining and
leaving of the multicast group member. The multicast routing protocol is responsible for
establishing multicast tree by exchanging messages between routers. Multicast routing
protocol can be divided into intra-domain multicast routing protocol and inter-domain
multicast routing protocol.

ZXR10 5950 series supports the following IPv4 multicast protocols, providing complete
multicast solutions:

 IGMP (Internet Group Management Protocol), v1/v2/v3 is supported.

 PIM-SM (Protocol Independent Multicast Sparse Mode)

 PIM-DM (Protocol Independent Multicast Dense Mode)

 MSDP (Multicast Source Discovery Protocol)

 IGMP snooping

3.2.5 IPv6

IPv6 is a new standard protocol suite of Internet Protocol over network layer. IPv6 is the
network interconnection protocol in the future. It’s designed to solve various problems in
the existing IPv4, including address limit, security, automatic configuration, scalability,
and others. It can expand the functions of Internet and provide further support for many
valuable applications such as P2P application and mobile applications. At present IPv6
basic protocol and routing protocol have become standard. It can provide all functions
that IPv4 protocol does. In May 2000, the 3rd Generation Partnership Project (3GPP)
explicitly requests IPv6 as the standard IP protocol in the next-generation mobile
communication system in 3G standards of version R5. As the exclusive new-generation
Internet protocol that takes the place of IPv4, IPv6 has been recognized by the entire
world.

3.2.5.1 Unicast Routing Protocol

ZXR10 5950 supports the following IPv6 functions:

ZTE Confidential & Proprietary 25

ZXR10 5950 GE Intelligent Switch Product Description

1. IPv6 static route

2. Dynamic routing protocols based on IPv6: RIPng, OSPFv3, ISISv6, and BGP4+

3. Policy routing

4. ICMPv6

5. Neighborhood discover

6. Configuration IPv6 address of FEC0::

7. UDP6 and TCP6

8. VRRPv3

3.2.5.2 Multicast Routing Protocol

IPv6 multicast protocol includes group member management protocol and multicast
routing protocol. Group member management protocol is used to manage the joining and
leaving of the multicast group member. The multicast routing protocol is responsible for
establishing multicast tree by exchanging messages between routers.

ZXR10 5950 supports the following IPv6 multicast protocols:

 Group member management protocol: MLD\MLDv2 (Multicast Listener Discovery

Protocol)

 Intra-domain multicast routing protocol: PIM-SM (IPv6) (Protocol Independent

Multicast Sparse Mode)

 IPv6 MLD Snooping and MLD v2 Snooping

 IPv6 PIM-snooping

ZXR10 5950 supports IPv4 and IPv6 multicast route initiated at the same time.

26 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

3.2.5.3 IPv6 Deployment Transition Technology

ZXR10 5950 provides a number of transitional mechanisms for conversion from IPv4
network to IPv6 network, including dual-stack and various tunnel technologies that are
applicable to different scenarios:

 IPv4/IPv6 dual protocol stack. Dual stack can completely solve the coexistence
problem of IPv4/IPv6, but is only effective when the equipment in the whole network
supports dual stack. Therefore, it has high requirement for IPv4 network reform. It
should be noted that the dual stack technology is the foundation of all the tunnel
mechanisms below.

 Manually configured IPv6 tunnel. Manual tunnel technology is simple, mature and
stable, but has high management overhead and poor scalability. It is applicable to
be used in connection between two stable unchangeable IPv6 subnets.

3.2.6 IPTV

IPTV is composed of two planes of service control and service bearing. Service control
plane provides user management, service management, authentication, authorization,
accounting, and electronic program forecast functions to implement IPTV service control
and management. On service bearing plane, the video source network implements video
coding and transport the video service to MAN.

IP MAN transport video service flow to the broadband access network by IP

unicast/multicast. The broadband access network works with the operation and
management network to implement user broadband access authentication management,
video multicast group joining and leaving, as well as duplication of the stream that users
need. At the user’s side, when users watch TV programs by PC or TV+STB, STB will join
the corresponding multicast group. The network transports the corresponding multicast
stream to STB by xDSL and LAN. Then the STB implement decoding and output the
video signals to the PC or TV set.

ZXR10 5950 series switch supports Channel Access Control (CAC), CAC-GROUP,
controllable multicast, privilege rules, PRV channel preview, CDR call statistics, SMS
service management, configuration preview template, preview timing, overcount CDR,
privileged channel, general channel, privileged VLAN and MVR.

ZTE Confidential & Proprietary 27

ZXR10 5950 GE Intelligent Switch Product Description

3.3 Security Control Functions

It’s necessary for the switch to improve its protection capability to defend itself against
those network attacks from some malicious users and thus prevent switch and network
collapse. ZXR10 5950 mainly implements network based security protection.

ZXR10 5950 series support the following security control functions:

 Anti-BPDU attack

 CPU protection CPU_GUARD

 uRPF strict and loose

 Protection against malformed packet and error packet; dropping of chip with
ultra-short frame

 Anti-ARP attack

 Anti-DoS attack, land, null-scan, ping-flood, ping-of-death, smurf, sys-flood,

xma-scan, sys-fin, and syn-port-less-1024

3.4 SNMP Network Management Functions

ZXR10 5950 series SNMP sub-system mainly implements the function of SNMP AGENT;
and supports all protocol operations of SNMP agent defined in SNMP V1 /V2c/V3.

SNMPv1 protocol operations are:

 get-request

 get-next-request

 get-response

 set-request

 trap

28 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

SNMPv2 protocol operations are:

 get-request

 get-next-request

 get-bulk-request response

 set-request

 inform-request

 snmpV2-trap

MIB (Management Information Base) is described by SMIv1 and SMIv2. MIB is divided
into the following parts:

 Core router management object

 Routing protocol management object

 Network management protocol management object

 TCP/IP support protocol management object

 High-speed network interface management object

 Important data and configuration parameter management object

 Management object compatible with SMIv1

 System configuration parameters

 Other protocol management objects

ZTE Confidential & Proprietary 29

ZXR10 5950 GE Intelligent Switch Product Description

3.5 QoS of 5950 Series Switch

3.5.1 ZXR10 5950 QoS Implementation

ZXR10 5950 series switch supports various QoS features. It can provide message
classification and coloring, congestion management and congestion avoidance, traffic
monitoring and traffic shaping. The network constituted by ZXR10 5950 series switch
and other equipment can support QoS with the capabilities to provide and guarantee the
anticipated services based on different types of communication data packets. The
network operators and users can use these QoS features to provide customers with
tunable and effective differentiated services by flexible configuration, and implement and
guarantee the promised service quality.

ZXR10 5950 series switch can provide complete QoS for IP DiffServ solution. It’s
completely compatible with the standards related to IETF DiffServ solution, including
RFC2474, RFC2475, RFC2497, and RFC2498. It supports DiffServ related functional
components such as flow regulator (including classifier, marker, measuring unit, shaper
and dropper) as well as various PHB (congestion management and congestion
avoidance).

ZXR10 5950 series switch’s QoS has the following features:

 Packet classification

 Priority marking

 Congestion management

 Congestion avoidance

 Traffic limit

 Traffic shaping

 Port rate limit

 Queue scheduling

30 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

3.5.1.1 Packet Classification and Priority Marking

Packet classification divides packets into multiple priority levels or multiple service types.
For example, it can use the first three bit of the ToS (Type of Service) field of IP packet
header (i.e. IP priority) to mark the packets and divide them into up to 8 types. If it uses
DSCP (Differentiated Services Codepoint, the first 6 bits of ToS doamin), it can divide the
packets into up to 64 types. After packet classification, it can apply other QoS features
into different types and implement congestion management and congestion shaping
based on types.

Network administrator can set packet classification policies, which includes not only the
inband signaling such as IP packet IP priority or DSCP value and 802.1p CoS value, but
also input interface, source address, destination address, MAC address, IP or application
port number. The results of classification have no limits in range. It can be a flow
determined by a five-tuple (source address, source port number, protocol number,
destination address, destination port number), or all packets to a certain segment. It can
use ACL to implement packet classification. The expanded ACL can especially divide the
packets into different types based on different demands.

When the packets are classified at the network edge, they are marked with IP priority or
DSCP at the same time. In this way, IP priority or DSCP can be simply used inside the
network as the classifying standards. Queuing technologies can use these priorities to
take different processing of the packets. The downstream network can select to accept
the classification results of the upstream network, or it can reclassify the packets based
on its own standards.

For example, the following classification and marking can be implemented at the network
edge:

All VOIP data packets are aggregated as EF service. Their packet IP priority is marked
as 5 or DSCP value is marked as EF. All VOIP control packets are aggregated into AF
service. Their packets IP priority is marked as 4 or DSCP value is marked as AF31.

When the packets are classified and marked at the network edge, the intermediate nodes
in the network can provide differentiated services for traffic of different types based on
the marks. For example, it provides guaranteed delay and reduced jitter for the EF

ZTE Confidential & Proprietary 31

ZXR10 5950 GE Intelligent Switch Product Description

service mentioned above, and implements traffic monitoring at the same time. It provides
certain bandwidth for AF services in network congestion.

Priority marking reallocates a set of service parameters for the specific flow described by
ACL. The following operations can be implemented:

 Change data packet CoS queue and change the 802.1p value;

 Change data packet CoS queue but not change the 802.1p value;

 Change DSCP value of the data packets;

 Change the dropping priority of the data packets.

3.5.1.2 Congestion Management

Usually queuing technologies are used in congestion management to cache the packets
temporarily into the queues based on certain policies, and then the packets are extracted
from the queue based on certain policies and transported from the port. There are
several congestion management types based on different in-queue and out-queue
policies:

1. First In First Out Queuing (FIFO)

Figure 3-1 First In First Out Queuing

As shown in the above figure, First In First Out Queuing (hereafter abbreviated as
FIFO) doesn’t classify the packets. When the packets get in the interface with the
speed higher than the speed of the interface transporting packets, FIFO allows the
packets to get into the queue based on the arrival order. At the same time, FIFO lets
the packets go out of the queue based on the order they get in at the egress of the
queue. The packets get in early will get out early. The packets get in late will get out
late.

32 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

2. Strict Priority Queuing (SP)

Figure 3-2 Strict Priority Queuing

As shown in the above figure, Strict Priority Queuing (hereafter abbreviated as SP)
classifies packets. It can classify based on VLAN Cos value, IP packet
priority/DSCP, and multi-tuple. In the example shown in Figure 6, it classifies all
packets into four types, which belongs to one of the 4 queues respectively. Then it
transports the packets into the corresponding queue based on its type. The 4
queues of SP are high priority queue, medium priority queue, normal priority queue,
and low priority queue. They have decreased priorities. When the packets get out,
SP lets the packets with high priority go out until they are transmitted. Then it
transmits the packets in the queue with medium priority. Then the normal priority
queue and the low priority queue. In this way the packets in the queue with higher
priority will be transmitted firstly while the packets with lower priority will be
disrupted by the packets with higher priority in congestion. So the services packets
with higher priority (such as VOIP) can be processed firstly. The service packets
with lower priority (such as E-Mail) can be processed in the idle time when the key
services are finished. In this way service priority is guaranteed and network
resource is fully utilized.

3. Weighted Round Robin Queuing (WRR)

ZTE Confidential & Proprietary 33

ZXR10 5950 GE Intelligent Switch Product Description

Figure 3-3 Weighted Round Robin Queuing

As shown in the above figure, Weighted Round Robin Queuing (hereafter

abbreviated as WRR) classifies the packets based on VLAN Cos value, IP packet
priority/DSCP, and multi-tuple. It can classify packets into 8 types, which belong to
one of the 8 WRR queues. Then it transmits the packets into the corresponding
queue based on their type. The 8 queues of WRR can allocate the interface
bandwidth proportion that they can occupy based on the demands of the users.
When the packets go out, WRR extracts a certain quantity of packets from queue 1
to queue 8 based on the defined bandwidth proportion and transmits them.

4. Deficit Weighted Round Robin Queuing (DWRR)

Figure 3-4 Deficit Weighted Round Robin Queuing

34 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

WRR is based on the packets, while DWRR is relative to WRR containing

consideration of packet length based on bytes. In this way queue scheduling
fairness is further refined.

DWRR allocates Quantum to each queue based on the weight configured for them.
When the packets get out of the queue, the current Deficit Counter determines the
bytes in transmission of each queue.

3.5.1.3 Congestion Avoidance

It supports Tail-Drop congestion avoidance dropping policy.

3.5.1.4 Traffic Policing

The typical function of traffic policing is to restrict the traffic or burst of a connection that
enters a network. ZXR10 5950 series switch supports RFC defined single rate and dual
rate color-blind and color-sensitive traffic policing algorithm. It supports rate limit based
on 64kbps granularity. When the packets meet certain conditions, i.g. the traffic of a
connection is too high, traffic policing can take different processing such as packet
dropping, packet color marking. Usually CIR (Committed Information Rate) is used to
restrict the traffic of a certain type of packets.

For ISP, it’s necessary to restrict the traffic that the user transmits to the network. In
enterprise network, restriction of the traffic of some applications is also a powerful tool to
control the network status. The network administrator can use Committed Information
Rate (hereafter abbreviated as CIR) to control the traffic.

CIR uses TB (Token Bucket) to implement traffic control.

ZTE Confidential & Proprietary 35

ZXR10 5950 GE Intelligent Switch Product Description

Figure 3-5 Basic processing procedure of CIR implementing traffic control

The above figure shows the basic processing procedure of CIR implementing traffic
control. Firstly it classifies the packets based on the pre-set matching rules. The packets
without specified traffic features will be directly transmitted without processing by TB.
The packets need traffic control will enter TB and get processed. If there are enough
tokens in TB to transport the packets, the packets will go through and get transmitted
continuously. If there are not enough tokens to transmit the packets, the packets will be
dropped. In this way the traffic of a certain type of packets can be controlled.

3.5.1.5 Traffic Shaping

The typical function of Traffic Shaping is to restrict the rate of output traffic or burst of a
certain connection that goes out of a network to transmit the packets at an even rate.
Traffic shaping usually uses buffer area and TB. When the packets are transmitted too
fast, they are firstly cached in the cache area. They will later be evenly transmitted under
the control of the TB.

Traffic Shaping (hereafter abbreviated as TS) can implement shaping of the traffic
irregular or not conforming with the pre-set traffic features, so as to realize the bandwidth
matching between network upstream and downstream.

Similar with CIR, TS also uses TB to control the traffic. The main difference between CIR
and TS lies in the fact that the packets not conforming with the traffic features are
dropped when CIR takes packet traffic control; while TS puts those packets into the
cache, reduces packet dropping, and meets the traffic features of the packets at the
same time.

36 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

TS processing is shown in the following figure. The queue that caches the packets is
called TS queue.

Figure 3-6 TS basic processing

Classification

TS queue

ZXR10 5950 supports traffic shaping based on port to implement differentiated

management.

3.5.1.6 Queue Scheduling

ZXR10 5950 series switch has each of its physical port supporting 8 output queues
(queue0~7) called CoS queues. The switch takes output queue operation at ingress
according to CoS queues corresponding to 802.1p of the packets. When network is
congested, many packets may compete for resources. Queue scheduling can solve the
problem.

ZXR10 5950 series switch supports the following three queue scheduling. The 8 output
queues at a port can use different scheduling ways.

 Strict Priority (SP)

 Weighted Round Robin (WRR)

 Dynamic Weighted Round Robin (DWRR)

802.1p tag covers data priority. If the data enters the port has no 802.1p tag, the switch
will distribute a default 802.1p value to it.

ZTE Confidential & Proprietary 37

ZXR10 5950 GE Intelligent Switch Product Description

3.5.1.7 Link Rate (LR)

LR can work on one physical interface to restrict the total rate of the packets transmitted
at the port (including emergency packets). LR still uses TB to implement traffic control. If
the user configures LR to specify the traffic features at an interface of the switch, all
packets transmitted through the interface must be processed by the TB based on the port.
If there are enough tokens in the TB to transmit the packets, the packets can go through.
If there are not enough tokens in the TB to transmit the packets, the packets enter QoS
queue for congestion management. In this way packet traffic through the physical
interface can be controlled

Similarly, since TB is used to control the traffic, when there are enough tokens in the TB,
it allows for sudden packet transmission. When there are not enough tokens in the TB,
the sudden packets cannot be transmitted until there are new tokens generated in the
bucket. Thus the traffic speed should be not higher than the speed of token generation.
In this way traffic restriction and sudden traffic allowance are both implemented.

Compared with CIR, LR can restrict all packets go through the physical Interfaces. CIR
takes effect on the designated traffic. It has no effects on the packets without CIR
configuration

In all, ZXR10 5950 series switch QoS processing is shown in the following figure:

Figure 3-7 QoS processing

38 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

3.6 Reliability Guarantee

3.6.1 Switching Main Processing Module Protection

To meet the strict equipment reliability requirements of the telecom operators, ZXR10
5950 takes hot backup design for the power supply. At the same time, it has 48 V DC
power supply and 220V AC power supply. The power supply has 1+1 hot backup;
supports AC/DC hybrid power supply, and improves the reliability of the power supply
system. Besides, ZXR10 5950 power supply provide multiple intelligent protection
systems. It can take power supply protection, detection and failure report based on
voltage, current, and temperature.

3.6.2 System Supervision Protection

ZXR10 5950 meets carrier-class reliability requirements and provide a full set of system
supervision measures to reduce users’ maintenance costs and improve the equipment
stability and reliability.

In the respect of hardware, ZXR10 5950 can supervise the cassette temperature, fan
status, power supply status, power supply power sampling (including PoE power supply),
and fan speed control information. In the respect of software, it can actively collect the
information of cassette temperature, fan status, power supply status, power supply
power sampling (including PoE power supply), and air volume. When there’s failure or
exceeding of alarm threshold, the system will implement related alarm or failure report. It
can automatically implement regular storage and report of the alarm and failure to the
related server.

3.6.3 Network Detection System

When network equipment runs, link fault, equipment single-point failure and equipment
connectivity fault may take place. In order to discover various network faults in time and
start effective protection measures, ZXR10 5950 offers a series of effective network
detection mechanisms. ZXR10 5950 supports multiple detection and positioning
measures such as UDLD, IP Ping, IP Trace, and multicast Trace route.

ZTE Confidential & Proprietary 39

ZXR10 5950 GE Intelligent Switch Product Description

3.6.4 Ethernet Intelligent Protection

ZESR/ZESS/ZSER+ conforms with ITU-T G.8032 standards. ZXR 5950 supports ZESR
(ZTE Ethernet Switch Ring), ZESS (ZTE Ethernet Smart Switch) and ZESR+, and
provides ring protection and dual-uplink protection mechanism.

3.6.5 L3 Route Protection

ZXR10 5950 supports the following L3 route protection functions:

 VRRP enhancement

 Route load sharing

3.7 Security and Authentication

3.7.1 ACL

In order to filter data, the network needs to set lots of matching rules. After identifying
special objects, the corresponding packets can be allowed or forbidden to pass as per
the preset rules. ACL (Access Control List) is used to realize these services. ACL uses
packet filtering to read the information in the packet header in L2, L3 and L4 on a router
or switch such as source address, destination address, source port, and destination port.
It filters the packets based on the preset rules and implements the access control.

ACL is usually used to implement packet filtering, policy routing, and special traffic
control. An ACL can contain one or multiple rules especially for particular type of data
packets. The rules tell the switch to allow or forbid the packets that match the standards
in the rules. The data packet matching rules defined by ACL can also be used in other
occasions where traffic needs to be differentiated. For example, it can be used to define
flow classification in QoS.

ZXR10 5950 series provides 4 types of ACL: standard ACL, extension ACL, L2 ACL,
hybrid ACL. It supports 2 types of IPv6 ACL (basic IPv6 ACL and extension IPv6 ACL):

 Standard ACL: standard ACL only filters packets with L3 IP source addresses. In
practical application, most ACLs filter packets with IP source addresses.

40 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

 Extension ACL: Extension ACL mainly filters the header field of IP, TCP, UDP, and
ICMP packets. The IP header fields include source IP address, destination IP
address, protocol number, ToS precedence, DSCP, and Fragment. The TCP
header fields include source port, destination port, and Established. UDP header
fields include source port and destination port. ICMP header fields include Type and
Code. Extension ACL can meet more complicated demands by filtering multiple
fields in L3 and L4 packets; so as to make much more detailed traffic classification.
Extension ACL can implement filtering of ToS precedence and DSCP fields of IP
header.

 L2 ACL: L2 ACL mainly filters fields of L2 packet header. It filters fields of source
MAC address, destination MAC address, Ethernet protocol type, VLAN label and
VLAN priority. L2 ACL is mainly used in one segment for storage and control. When
IP address is unnecessary or in non-IP situation, some network resource can be
protected by L2 MAC address and VLAN label filtering.

 Hybrid ACL: Hybrid ACL implements the filtering of the headers of L2, L3 and L4
packets. Among them, L2 fields include VLAN label, source MAC address, and
destination MAC address. L3 fields include source IP address, destination IP
address, and IP protocol number. L4 fields include source port number and
destination port number. The hybrid ACL combines the filtering features of both
extension ACL and L2 ACL. It can implement controllable access of network
resource by the binding and filtering of IP address and MAC address.

ZXR10 5950 provides 4 types of IPv4 ACL and 2 types of IPv6 ACL:

 Basic ACL

 Extension ACL

 L2 ACL

 Hybrid ACL

 Basic IPv6 ACL

 Extension IPv6 ACL

ZTE Confidential & Proprietary 41

ZXR10 5950 GE Intelligent Switch Product Description

3.7.2 Equipment Authentication

3.7.2.1 AAA Authentication

ZXR10 5950 supports complete AAA (Authentication, Authorization and Accounting)

mechanism. So it not only can be used to implement login user authentication and
authorization together with hierarchical protection mechanism with command line, but
also can verify user’s validity in network management. Based upon AAA mechanism,
ZXR10 5950 can effectively prevent illegal users from logging in the system. For different
user access authentication policies, the device provides complete AAA service. As per
different access authentication requirements, user can configure different access
authentication policies to implement different authentication and authorization services.

AAA supports three types of user authentication:

 Local account authentication

 RADIUS (Remote Authentication Dial-In User Service) authentication

 TACACS+ (Terminal Access Controller Access Control System) authentication

AAA supports four types of authorization modes:

 Direct authorization: for very trustable user, direct authorization without requiring
account number is implemented.

 Local account authorization: give authority as per user’s local account.

 TACACS+ authorization: TACACS+ can split authentication and authorization.

TACACS+ server gives user authorities.

 Authorization when RADIUS authentication is successful: the authentication and

authorization of RADIUS cannot be split apart.

3.7.2.2 SSH

SSH (Secure Shell) is established by IETF network working team. SSH is a security
protocol build on the basis of application layer and transport layer. SSH currently is a

42 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

reliable security protocol designed particularly for remote session login and other network
services. SSH protocol can be used to avoid information leaking effectively in remote
management. Encrypting transport data via SSH protocol can effectively avoid MITM
(Man-in-the-middle) attack.

SSH supports the following two types of authentication:

 Security authentication based upon password

 Security authentication based upon key

ZXR10 5950 supports SSHv2 security authentication.

3.7.2.3 Command Line Hierarchical Protection

ZXR10 5950 series switch realizes authority levels based on commands. It supports
authority levels of 16. Different logged-in users are bound with different levels of authority.
Lower level indicates less available commands. Higher level indicates more available
commands. The administrator (with the highest level) is able to set different authority
levels for different commands, so that customized command authority configuration can
be implemented.

3.7.3 Access Security

3.7.3.1 802.1X

802.1X is a Client/Server-based access control and authentication protocol. When

connecting with user device at system port via authentication, it confirms if the user is
authorized to access system services via this port. In this way, unauthorized data
transmission between the user and system can be avoided.

The 802.1X of ZXR10 5950 series switch mainly realizes the following functions:

 EAP/PAP/CHAP authentication protocol.

 Three modes of local authentication, automatic authentication and radius

authentication.

ZTE Confidential & Proprietary 43

ZXR10 5950 GE Intelligent Switch Product Description

 Three authentication and authorization modes: auto, unauthorized, and authorized.

 802.1X relay

 Radius accounting

 802.1X bypass: if radius server is unreachable, direct authentication is

implemented.

 VLAN hopping

 Using MAC as username and password for authentication on the devices which
have no 802.1X authentication client, such as a printer.

 Three user binding ways: port, VLAN, and MAC binding

 802.1X authentication redirection.

 Hybrid authentication

 Configure ACL to implement access control of 802.1X users.

 Transparent transmission of 802.1x authentication packets.

3.7.3.2 DHCP

ZXR10 5950 supports DHCPv4 server, DHCPv4/v6 relay, DHCPv4/v6 snooping, and
DHCP option82.

3.7.3.3 IP Source Guard

IP source guard checks message source by binding port, VLAN, MAC and IP together. It
realizes message security control by allowing the packets meeting certain conditions to
go through. The binding table of IP source guard can be created in the following two
ways:

 Static binding

 Dynamic binding

44 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

ZXR10 5950 supports IP Source Guard based on IPv4 and IPv6.

3.7.3.4 DAI

DAI (Dynamic ARP Inspection) service sends ARP messages to CPU for processing. It
determines the validity of the ARP packets and then forward or drop them based on the
results.

3.7.4 Network Security

3.7.4.1 Basic Security Functions

ZXR10 5950 series switch mainly implement security protection functions based on
network. It distributes security detection functions into each module. ZXR10 5950’s
network security mainly includes the following functions:

 Anti-user ARP spoofing

 MAC address flood protection, limits port MAC addresses

 Set port broadcast packet threshold

 L2, L3, L4 ACL hybrid filtering

 Route filtering

 Forbidding ICMP redirection, prevent the attacker from sending false ICMP packets

 Anti-CPU attack: protocol packet protection; it distributes different hardware CPU

queues to the protocol packets; sets QoS parameters such as priority and rate limit
to protect the CPU.

 Anti-DoS attack: It can be implemented based on hardware queue. It can support

anti-land/null-scan/ping-of-death/smurf/sys-fin/syn-port-less-1024/
xma-scan/ping-flood/syn-flood attack, among which anti-ping-flood/syn-flood attack
supports rate limit.

 IPv4 URPF anti-source address spoofing

ZTE Confidential & Proprietary 45

ZXR10 5950 GE Intelligent Switch Product Description

 Broadcast storm automatic suppression

 Control/signaling MD5 encrypted authentication

 DHCP snooping

 IP Source guard and DAI based on DHCP Snooping

 IPv6 ND security

3.7.4.2 Anti-DDOS Attack

With more and more complicated network environment, the switch should be more
competent in defending against attacks. There are lots of ways and strategies to prevent
DDoS attack. CPU protection is one of the important measures.

ZXR10 5950 extends multi-level CPU protection based on the ordinary CPU protection.
The multi-level protection includes hardware protection, software protection and protocol
stack protection. ZXR10 5950 can prevent DDoS attack by MAC address learning limit,
port traffic rate limit, and multi-layer ACL filtering.

3.7.4.3 Unicast Reverse Path Forwarding (uRPF)

ZXR10 5950 series switch supports three types of uRPF: strict, loose, and
loose-ignoring-default-route.

 Strict mechanism strictly searches for outgoing port and incoming port as per
source address. If they do not match, the packets will be dropped. If they match,
they will be processed normally.

 Loose mechanism searches for route as per the source address. If the default route
egress is the same as the ingress, the route will be processed normally. Otherwise,
it will be dropped.

 Loose-ignoring-default-route ignores default route. If the route can be found based

on the source address; and it is not the default route, it will be processed normally.
Otherwise, it will be dropped.

46 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

3.7.5 Network Traffic Analysis

ZXR10 5950 supports mainstream network traffic analysis technologies of flow mirroring,
port mirroring, L2 remote port mirroring, and sFlow.

3.8 Alarm Statistics

Alarm statistics is an important function of ZXR10 5950 series. It runs through all
software sub-systems. With this function ZXR10 5950 series can receive the alarm
statistics configuration messages sent by the maintenance and management sub-system.
Each software sub-system transmits the related alarm statistics messages to the alarm
statistics sub-system, which implements the corresponding operations based on the
configuration messages and alarm levels.

3.9 VSC 2.0

ZXR10 5950 supports stacking. It can virtualize multiple devices into one device to
operate and manage. Users can manage the physical devices by managing the stacking
system.

ZXR10 5950 supports merger and separation of the stacking system. It supports
primary/standby election and switching. It supports fiber and cable for stacking.

ZXR10 5950 supports stacking-based cross-device LAG load sharing. It can implement
link aggregation of multiple devices to improve the link reliability from board level to
equipment level. It increases link bandwidth by load sharing. The hash of packets can be
done based on multiple combination of MAC, IP, VLAN and port to guarantee the
balanced packet load sharing to the best.

3.10 PoE

POE (Power over Ethernet, also called remote power supply), enables the device to use
twisted pair to provide remote power supply for the external PD (Power Device) (such as
IP telephone, wireless AP, and network camera).

ZTE Confidential & Proprietary 47

ZXR10 5950 GE Intelligent Switch Product Description

ZXR10 5950-36PM and ZXR10 5950-60PM support intelligent enhanced PoE Ethernet
power supply. Compatible with IEEE 802.3af standards. 24-port PoE device supports
full-port 30W power. It can provide power supply for the equipment that exceeds the
standard 15.4W power defined in IEEE 802.3af, such as wireless AP of IEEE 802.1n
standard. ZXR10 5950-36PM and ZXR10 5950-60PM support the security functions
such as short-circuit protection, circuit break energy-saving, and surge immunity. It can
implement detection of the peer-end PD during the power supply to check if it meets
IEEE 802.3af standards. It can deny power supply request if the device fails to pass. It
can support conditional extended check or enhanced power supply to provide power for
the high power devices.

3.11 Cross-device Link Aggregation (MC-LAG)

It supports cross-device link aggregation. It can implement protocol and equipment level
hot cross-device standby. When a device in the VSC system fails, it can quickly switch
the services to another device faster than VRRP.

4 System Structure

4.1 Product Appearance

ZXR10 5950-36TM /5950-36PM /5950-60TM /5950-60PM/5950-36CM front panels are

as follows:

Figure 4-1 ZXR10 5950-36TM front panel

Figure 4-2 ZXR10 5950-36PM front panel

48 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Figure 4-3 ZXR10 5950-60TM front panel

Figure 4-4 ZXR10 5950-60PM front panel

Figure 4-5 ZXR10 5950-36CM front panel

ZXR10 5950 series full-GE intelligent routing switches include five models: 5950-36TM,
5950-36PM, 5950-60TM, 5950-60PM, and 5950-36CM. Among them, 5950-36TM
provides 24 GE RJ-45 interfaces, 4 fixed 10G uplink interfaces, and 1 extended slot.
5950-36PM provides 24 GE RJ-45 interfaces, 4 fixed 10G uplink interfaces, and 1
extended slot. It supports POE/POE+. 5950-60TM provides 48 GE RJ-45 interfaces, 4
fixed 10G uplink interfaces, and 1 extended slot. 5950-60PM provides 48 GE RJ-45
interfaces, 4 fixed GE uplink interfaces, and 1 extended slot. It supports POE/POE+.
5950-36CM provides 24 GE Combo interfaces, 4 fixed 10G uplink interfaces, and 1
extended slot. ZXR10 5950 series switch has the extended slot that can be configured
with the following types of extension cards: 8-port GE-SFP GE optical extension card,
8-port 10GE-SFP+ 10G optical extension card, 2-port 40GE extension card, and 2-port
40GE stacking card.

Console interface is used for local configuration and management of the switch. MGT
interface mainly works to upgrade 10/100/1000 Base-T RJ45 electrical port that work
with the network management system. Their features are shown in Table 4-1. GE port
supports 10/100/1000M self-adaption. The packets sent from GE port to PHY and MAC
on the main processing unit get into the Packet Processor (PP); and PP makes
corresponding forwarding decisions based on the MAC address and IP address of the
packets. All interfaces support wire-speed operation. The features are shown in Table
4-3.

ZTE Confidential & Proprietary 49

ZXR10 5950 GE Intelligent Switch Product Description

Table 4-1 ZXR10 5950-36TM/5950-36PM/5950-60TM/5950-60PM/5950-36CM front

panel FE electrical interface board features

Port type Features

Conform with IEEE 802.3 standard

RJ45 connector
Category 3, 4, 5 Unshielded Twisted Paired (UTP)
10Base-T
Maximal transmission distance of 185m
Half duplex/full duplex
MDI/MDIX

Conform with IEEE 802.3u standard

RJ45 connector
Category 5 UTP
100Base-TX
Maximal transmission distance of 100m
Half duplex/full duplex
MDI/MDIX

Conform IEEE 802.3z standard

RJ45 connector
1000Base-T Category 5 UTP
Maximal transmission distance of 100m
Full duplex
MDI/MDIX

ZXR10 5950 series switch front panel has indicators indicating the link status, operation
alarm, and power supply status. Its functions are shown in the following table.

Table 4-2 ZXR10 5950 series switch panel indicators

Indicator Function
Flashes, the Main Processing Unit (MPU) works normally
RUN/ALM
Off, the MPU has faults.

On, the MPU has no alarm.

PWR
Off, the MPU has alarms.

Table 4-3 Optical interface features

Port type Features

50 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Conform with IEEE802.3z standard

RJ45 connector
10 /100 Category 5 UTP
/1000BASE-T Maximal transmission distance of 100 m
Half duplex/full duplex
MDI/MDIX

SFP optical module,

100BASE-FX LC connector, single-mode fiber, 1310 nm wavelength, maximal
(SFP-SDA- transmission distance of 15 km
FE-S15K) Transmission power: -14～-8 dBm, receiving sensitivity: <-31
dBm
100BASE-FX LC connector, single-mode fiber, 1310 nm wavelength, maximal
(SFP-SDA- transmission distance of 40 km
FE-S40K) Transmission power: -4～-0 dBm, receiving sensitivity: <-34 dBm

LC connector, single-mode fiber, 850 nm wavelength, maximal

1000BASE-SX transmission distance of 550 m
(SFP-GE-M500) Transmission power: -9.5 dBm～4 dBm, receiving sensitivity:
<-17 dBm

LC connector, single-mode fiber, 1310 nm wavelength, maximal

1000BASE-LX transmission distance of 10 km
(SFP-GE-S10K) Transmission power: -9 dBm～-3 dBm, receiving sensitivity: <-20
dBm

LC connector, single-mode fiber: 1310 nm wavelength, maximal

1000BASE-LX transmission distance of 40 km
(SFP-GE-S40K) Transmission power: -4.5 dBm～5 dBm, receiving sensitivity:
<-22 dBm

LC connector, single-mode fiber, 1550 nm wavelength, maximal

1000BASE-LX transmission distance of 40 km
(SFP-S40K-1550) Transmission power: -5 dBm～0 dBm, receiving sensitivity: <-23
dBm

LC connector, single-mode fiber, 1550 nm wavelength, maximal

1000BASE-LH transmission distance of 80 km
(SFP-GE-S80K) Transmission power: 0 dBm～5 dBm, receiving sensitivity: <-22
dBm

ZTE Confidential & Proprietary 51

ZXR10 5950 GE Intelligent Switch Product Description

LC connector, single-mode fiber, 1550 nm wavelength, maximal

1000BASE-LH transmission distance of 120 km
(SFP-GE-S120K) Transmission power: 0 dBm～5 dBm, receiving sensitivity: <-30
dBm

LC connector, multi-mode fiber, 850 nm wavelength, maximal

10GBASE-SR transmission distance of 300 m
(SFP+-10G-M) Transmission power: -5dBm～-1.0 dBm, receiving sensitivity:
<-11.1 dBm

LC connector, single-mode fiber, 1310 nm wavelength, maximal

10GBASE-LR
transmission distance of 10 Km
(SFP+-10G-S10K
Transmission power: -8.2 dBm～0.5 dBm, receiving sensitivity:
)
<-12.6 dBm

LC connector, single-mode fiber, 1550 nm wavelength, maximal

10GBASE-ER/E
transmission distance of 40 Km
W (SFP+-10G-
Transmission power: -4.7 dBm～4.0 dBm, receiving sensitivity:
S40K)
<-15.8 dBm

4.2 Hardware Structure

This section mainly introduces ZXR10

5950-36TM/5950-36PM/5950-60TM/5950-60PM/5950-36CM full-GE switch’s system
hardware composition and the working principles to help users understand the system.
This section covers the overall system structure, functional module, board principle
diagram, and working principles.

4.2.1 System Hardware Structure

When ZXR10 5950-36TM/5950-36PM work as a host, it provides up to 24GE＋12×10G

port capacity. When it’s used in stacking, it provides up to 24GE＋4×10G service ports

and 2×40G stacking ports. Among them, ZXR10 5950-36PM also supports POE power

supply. When 5950-60TM/5950-60PM works as a host, it provides up to 48GE＋12×10G

port capacity. When it’s used in stacking, it supports up to 48GE ＋4×10G service port

52 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

and 2×40G stacking ports. ZXR10 5950-60PM also supports POE power supply. ZXR10

5950-36TM/5950-36PM/5950-60TM/5950-60PM /5950-36CM supports L2 and complete

L3 functions. It uses level 1 switching to implement GE and 10G packet processing and
forwarding.

Figure 4-6 ZXR10 5950 system hardware principle diagram

ZXR10 5950-36TM/5950-36PM/5950-60TM/5950-60PM/5950-36CM uses 1U cassette.

ZXR10 5950-36TM/5950-36PM front panel supports 24 GE electrical interfaces and 4
10G uplink interfaces. The back panel has 1 extension service sub-card or stacking
sub-card. 5950-60TM/5950-60PM front panel supports 48 GE electrical interfaces and 4
10G uplink interfaces. The back panel has 1 extension service sub-card or stacking
sub-card. ZXR10 5950-36TM/5950-36PM/5950-60TM/5950-60PM/5950-36CM system
contains 1 Main Processing Unit and 1 service sub-card. Based on the functions, the
modules can be divided into switching control module, power supply module, interface
module, and fan module. The specific system diagram is shown in the above figure.

4.2.2 Switching Control Module

In practice, switching and control are integrated on one Main Processing Unit. The
principle diagram is in the following figure.

1. Control Module

ZTE Confidential & Proprietary 53

ZXR10 5950 GE Intelligent Switch Product Description

Control module is composed of main processor and some external functional chips.
It provides various external operation interfaces such as serial interface, and
Ethernet interface to implement processing of various applications by the system.
The main processor adopts high-performance CPU processor to support 2GB
DDR3 and 512MB FLASH. Later it can be upgraded to 4GB DDR3 and 1G FLASH
by replacing and welding the corresponding granularity without redesign of the
hardware board. It mainly implements the following functions:

 System network management protocol such as SNMP;

 Network protocol such as OSPF, RIP, and BGP-4;

 Provides operation and management interfaces for each line card;

 Takes data operation and maintenance.

2. Switching Module

Switching module adopts the dedicated Switch chip with multiple GE and 10G
bi-directional interfaces integrated. It can process multi-port wire-speed switching.
The switch chip can implement the following functions:

 Storage, forwarding, and switching

 Support 10KB jumbo frame

 Support priority queuing. When CoS queue is in congestion, it drops frames

selectively

 Each port provides a set of management and control counter.

54 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Table 4-4 Main Processing Unit principle diagram

4.2.3 Power Supply Module

ZXR10 5950-36TM/5950-36PM/5950-60TM/5950-60PM/5950-36CM series switch

provides AC/DC power supply, which supports the voltage from 100V to 240V. For
5950-36TM/950-60TM/5950-36CM, AC power voltage input is -38V~-57V.
5950-36PM/5950-60PM DC power voltage is -52V~-57V. Power supply module has input
over current protection, input undervoltage protection, output overvoltage protection,
output short-circuit protection, and over-temperature protection. It supports dual power
supply module parallel operation to implement power supply system redundant backup.
Non-POE power supply supports hot swapping and POE power supply supports hot
plugging.

ZXR10 5950 series switch power supply is shown as follows.

Figure 4-7 5950-36TM/5950-60TM back panel power board

Figure 4-8 5950-36PM/5950-60PM back panel power board

ZTE Confidential & Proprietary 55

ZXR10 5950 GE Intelligent Switch Product Description

4.2.4 Interface Module

ZXR10 5950-36TM/5950-36PM/5950-60TM/5950-60PM/5950-36CM interface module

includes 8-port GE interface board module, 8-port 10GE interface board module, 2-port
40GE interface board and 2-port 40GE stacking module. 10GE interface board supports
optical interface, 10GE interface board has all its optical interfaces to use hot-swapping
optical module. Thus one line card can support multiple different transmission media and
transmission distances, which reduces additional line cards in different situations. In this
way users can get the biggest benefits with the smallest investment. ZXR10 5950 series
switch line card has the user the user electrical interfaces with cable diagnosis so that it
can detect the connectivity of the cable at any time. It can make diagnosis of short circuit
and open circuit of the cable, and point out the position where failure occurs with the
precision within one meter.

8-port 10GE interface board

1. Working Principles

8-port 10GE interface board provides 8-port 10GE SFP+ optical interfaces. The
service board has 8 10GE optical interfaces. The packets received at the 10GE
interface get into the Main Processing Unit PP via PHY. PP makes corresponding
forwarding decision based on the MAC address and IP address of the packets. All
interfaces can work at wire speed. 8-port 10GE interface board diagram is shown
as follows.

Figure 4-9 8-port 10GE interface board diagram

Main Control Interface

SFP+ PHY

4.2.5 Fan Module

ZXR10 5950 series switch has its fan installed inside its cassette. ZXR10
5950-36TM/5950-60TM uses 3 tunable fans installed on the left side inside the cassette,
with side air outlet. ZXR10 5950-36CM/5950-36PM/5950-60PM uses 2 tunable fans. The
power supply module has its own inbuilt fan with rear air outlet.

56 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

4.3 Software Structure

4.3.1 Introduction to Structure

ZXR10 5950 core switch is based on the new-generation IP protocol stack platform
ZXROS 5.0 (Zhong Xing Route Operating System). The platform protocol is irrelevant to
product; it only perceives protocol service functions but not specific products. All software
components can run in the user state of micro kernel system to enhance system security.
The software components belong to different separated process spaces, realizing safe
isolation of illegal operation of application program. The software is based on
componentized management. The component functions can be developed
independently and independent versions can be released. It supports dynamic unloading,
upgrade and loading. It supports non-stopping routing capability, distributed processing
and fast reliable synchronization between different CPUs.

The overall software components of ZXROS 5.0 software platform are shown in the
following figure:

Figure 4-10 New-generation ZXROS 5.0 software platform system diagram

ZXROS V5.0 software platform includes the following subsystems:

 Routing protocol subsystem

Includes unicast routing protocol and multicast routing protocol

ZTE Confidential & Proprietary 57

ZXR10 5950 GE Intelligent Switch Product Description

 L2 protocol subsystem

Includes all L2 functional protocols

 L3&PSS subsystem

Includes TCP/UDP, ARP, ND, message receiving/sending, interface management,

routing table, label table management, forwarding table collection, integration and
synchronization

 Configuration management and resource maintenance subsystem

Includes configuration management modules such as ACL, route-map, L2VPN and

L3VPN as well as system resource management such as label and IP pool.

 Application protocol subsystem

Includes various application protocols such as Netflow, Radius, NTP and Telnet.

4.3.2 Software Features

The key and competitive technologies of this software platform lie in the following
aspects:

 The system kernel resource runs in the highest priority mode and all software
components run in the user state of the micro-kernel system to enhance system
security (up/down isolation);

 Software components belong to different separated process spaces, realizing safe

isolation of illegal operation of application programs (left/right separation);

 Component functions can be developed independently and independent versions

can be released;

 Software components support dynamic loading, unloading and ISCU-in-service

component upgrade to implement smooth version upgrade without service
interruption, so as to meet service customization demands.

58 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

 Software system architecture supports distributed protocol processing, which is

independent protocol process. Message communication is used between the
processes;

 Fast data synchronization can be realized between multiple CPUs; reliable multicast
can be used to increase route convergence speed;

 Separation of command configuration processing and specific protocol

implementation; low coupling of command scripts of platform and project;

 Unified external interfaces support fast secondary development and can be

integrated with purchased parts;

 Support cluster;

 Support stacking and cluster.

Meanwhile, ZXROS V5.0 software platform has the following features:

 High reliability and stability: meet the requirements of long-term stable running of
network.

 The faults of components do not affect each other;

 Software components release versions and upgrade independently;

 Low coupling of platform and project.

 Real-time performance: meet the time requirements of large-scale dynamic routing

protocol, network management protocol and data synchronization between multiple
processors.

 Self restoration: try to detect, process and record anomalies in the entire system,
perform necessary error restoration and equipment switching in exceptional cases.

 Maintainability: Take necessary tracing and recording of the usage and invoking of
the core resource and system services. The components are independently with
each other for easy fault tracing.

ZTE Confidential & Proprietary 59

ZXR10 5950 GE Intelligent Switch Product Description

 Simple: only provide necessary system services to application programs and block
unnecessary system services.

 Encapsulation: completely block hardware characteristics to make application layer

irrelevant to hardware, providing a unified and portable software platform for the
application programs of processors.

 Smooth evolution: support fast secondary development; can be integrated with

purchased software and respond to customer requirements rapidly.

4.3.3 Network Management and O&M Subsystem

The foreground network management system and O&M subsystem use TCP/IP to
implement SNMP network management proxy; and use the executive of the entity that
managed at the bottom layers to implement the management. The background network
management system and foreground network management system communicate by the
network. The background network management implements management of the
foreground system, which implements the separation of the management network from
the transport network.

5 Technical Specifications

5.1 Physical Specifications

The basic functions and physical specifications of ZXR10 5950 full-GE intelligent routing
switch are as follows:
Parameters 5950-36TM 5950-60TM 5950-36PM 5950-60PM 5950-36CM
Por Fixed 24-port GE 48-port GE 24-port 48-port 24-port
t interfaces RJ45 + RJ45 + POE + POE + Combo +
co 4-port 10G 4-port 10G 4-port 10G 4-port 10G 4-port 10G
mbi
nati Extension 8-port GE optical extension card, 8-port 10GE-SFP+10G optical
on cards extension card, 2-port 40GE extension card, 2-port 40GE-miniSAS
(extension stacking extension card
slots *

60 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Parameters 5950-36TM 5950-60TM 5950-36PM 5950-60PM 5950-36CM

extension
card type)

Bas Back plane 240Gbps 240Gbps 240Gbps 240Gbps 240Gbps

ic switching
par capacity
am Port 288Gbps 336Gbps 288Gbps 336Gbps 288Gbps
eter switching
s capacity

Packet 216Mpps 252Mpps 216Mpps 252Mpps 216Mpps

forwarding
rate

Memory size 2 GB

Routing table 48K/20K(IPv4/IPv6)

capacity

VLAN table 4K

MAC table 64K (default)

capacity

Fun L2 functions IEEE 802.1q VLAN, IEEE 802.1p, IEEE 802.3ad, STP, RSTP, MSTP,
ctio flexible QinQ, VLAN translation, PVLAN, DHCP Snooping, 802.1x, and
ns ERPS

L3 functions Static routing, RIP/RIPng, OSPFv1/v2/v3, IS-IS/IS-ISv6, and BGP4+

Multicast Controllable multicast, MVR, IGMPV1/V2V3, IGMP snooping, filtering,

proxy and fast leaving, PIM-SM, and MSDP

QoS
Port/flow-based bandwidth management, each port supports 8

hardware queues, 802.1p or IP DSCP based priority marking,

modification and mapping, mapping between COS and IP DSCP; SP,
WRR, and SP+WRR queue scheduling mechanism, and congestion
avoidance systems such as tail drop.

MAC address or IP address based standard ACL; L2 ACL, extended

ACL (five-tuple), hybrid ACL; support ACL binding to port or vlan, and
support ACL based on time period.
Security User hierarchical management and password protection, CPU
anti-attack, CPU overload protection, broadcast, multicast, and
unknown unicast packet suppression, port isolation, MFF, dynamic
ARP Inspection, 802.1x, Guest VLAN, Radius authentication, SPT

ZTE Confidential & Proprietary 61

ZXR10 5950 GE Intelligent Switch Product Description

Parameters 5950-36TM 5950-60TM 5950-36PM 5950-60PM 5950-36CM

protection (Root Guard), BPDU attack protection, IP Source Guard,
uRPF unicast reverse path check, and RIP/OSPF/BGP MD5 cipher text
check.

Reliability LACP
ZESS
ZESR/ZESR+
VRRPE
EMC:
FCC Part 15 (CFR 47) Class A
EN 55022 Class A
ETSI EN 300 386
EN55024
ICES-003 Class A
IEC 61000-3-2
IEC 61000-3-3
CISPR22 Class A
CISPR24
ICES-003 Class A
AS/NZS CISPR22 Class A
IEC61000-4-2
ITU-T K 20
ITU-T K 21
ITU-T K 44
Safety:
UL 60950 3rd Edition
CSA C22.2 No. 60950 3rd Edition
IEC 60950
EN 60950
EN60825-1
EN60825-2
IEC60825-1
IEC60825-2

Enhanced Stacking (up to 4) Stacking (up to Stacking

features 4)/POE/POE+ (up to 4)

Eq Equipment RS232 Console (RJ45), CLI, Telnet, SSH, local and remote
uip management (Radius/Tacacs+) user login authentication and authorization, SNMP,

62 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Parameters 5950-36TM 5950-60TM 5950-36PM 5950-60PM 5950-36CM

me cluster management (ZGMP), and VSC 2.0
nt
ma
nag
em
ent

Phy Dimensions 43.6mm*442mm*440mm

sic (H*W*D)
al Maximal
par ≤6.5 kg ≤6.9 kg ≤7.8 kg ≤8.1kg ≤7.7kg
weight
am
DC power -48V,supports high voltage DC
eter
supply
s
AC power 100V~240V and 50Hz~60Hz
supply

Maximal 70W 84W 800W 1050W 76W

consumption (output (output
53.5V; PoE 53.5V, PoE
output up to output up to
720W; 960 W,
system system
consumptio consumptio
n 80W) n 90W)

Power supply
Inbuilt redundant dual power supply module with AC、DC and hybrid
redundancy
mode AC/DC 1+1

Cooling Force-air cooling, side to back (36PM/60PM/36CM), or the other side to

side (36TM/60TM)

Maximal heat 169 BTU/h 179 BTU/h 182 BTU/h 214 BTU/h 192BTU/h
release

Working Working temperature: -10oC~+50oC; humidity: 5%~95%

environment

Working 5KM 5KM 2KM 2KM 2KM

altitude

MTBF >400,000 hours

MTTR <30 minutes

ZTE Confidential & Proprietary 63

ZXR10 5950 GE Intelligent Switch Product Description

5.2 Basic Specifications

Parameters 5950-36TM 5950-60TM 5950-36PM 5950-60PM 5950-36CM
L2 VLAN Port, protocol or subnet based VLAN
feat VLAN translation
ure PVLAN
s Super VLAN

QinQ QinQ based forwarding

Common QinQ, port based outer layer tag
Selective QinQ, flow based outer layer tag
Selective QinQ, inner layer priority mapping
TPID modification

MAC MAC address learning, aging and burned-in

Permanent static MAC address setting
MAC address attack protection
MAC address binding

Link Static link aggregation

aggregation Dynamic LACP
Flow based load balancing
Cross-line card aggregation
Cross-rack link aggregation

Port features Loop check

Broadcast, multicast, and unknown unicast storm suppression
L2 protocol protection, jumbo frame protection
Port traffic control
1-minute peak statistics
Port default no shutdown

ARP Static ARP configuration

Dynamic ARP learning and aging
ARP proxy
ARP anti-attack protection

STP STP, RSTP, and MSTP

BPDU protection

MIRROR Ingress mirroring, many to one, and flow mirroring, CPU mirroring

L3 IPV4 unicast IPv4 unicast static route

feat route RIPv1/v2, OSPFv2, and IS-IS, BGP
ure Policy routing and routing policy
s VRRP
URPF

64 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Parameters 5950-36TM 5950-60TM 5950-36PM 5950-60PM 5950-36CM

IPV6 unicast IPv6 static route
route Manual tunnel
RIPng, OSPFv3, IS-ISv6, BGP4+, and IPv6 policy routing
DHCPv6, DHCPv6 Snooping
Mul L2 multicast IGMP Snooping/proxy
tica IGMP rate limit, and IGMP rate filter
st MLD snooping
feat PIM snooping
ure Cross-VLAN multicast duplication
s L3 multicast Static multicast
IGMPv1/v2/v3, and MLDv1/v2
PIM-SM, PIM-SSM, PIM-DM, and MSDP
Qo Traffic Physical port based traffic classification
S classification Physical port and ACL based traffic classification
feat Packet 802.1p priority, IP Precedence, IP DSCP, and IP TOS
ure remarking
s Traffic Incoming port CAR
policing Flow based CAR
Ingress/egress traffic policing
Remarking after traffic policing
Congestion Flow based bandwidth control
control Tail-Drop
Queue At least 8 priority queues, each supports minimal/maximal bandwidth management
scheduling SP, WRR, SP+WRR, and WDRR scheduling

Traffic Port based shaping

shaping

Service IEEE 802.1x, 802.1x Relay, 802.1x radius accounting and forced user off
management AAA
User hierarchical management
IPTV management (CAC, CDR, UMS)
DHCPv4/v6 Server, DHCP v4/v6 Relay, DHCP v4/v6 Snooping
DHCP OPTION 82
Reliabilit MTBF >400,000 hours
y MTTR <30 minutes
Power Inbuilt redundant dual power supply module with AC、DC and hybrid AC/DC 1+1
supply
redunda
nt
backup

ZTE Confidential & Proprietary 65

ZXR10 5950 GE Intelligent Switch Product Description

Parameters 5950-36TM 5950-60TM 5950-36PM 5950-60PM 5950-36CM

Network reliability VRRP, VRRPE
Graceful Restart (auxiliary equipment)
ZESS dual uplink dual-homing protection
UDLD
LLDP
LACP, MC-LAG
ERPS
Security Attack Ant-DOS attack
features defense Anti-BPDU attack
CPU protection
Anti-ARP attack
MAC address flood protection
IPv4 uRPF
Command hierarchical protection
Malformed packet and error packet protection
Anti-SYN FLOOD attack
Anti-PING FLOOD attack
Anti-Ping of Death attack
Anti-SNMP attack
Anti-source IP address spoofing attack
Anti-ARP spoofing

CPU Protocol priority processing switch

security Protocol packet protection
protecti Matching and filtering of packets sent to CPU
on
Advance Data log monitoring
d Broadcast storm automatic suppression
security L2, L3, L4 ACL hybrid filtering
features Control/signaling MD5 encryption and authentication
IP source guard/DAI
O&M Operati Command line
on and Management authority grading
mainten Password aging and confirmation
ance Console management
User access service management
SSH, TELNET, and SNMP remote access; FTP/TFTP
Multi-mode alarms (sound and light alarm platform)
ICT WEB network management
CLI hierarchical network management
User access control

66 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

Parameters 5950-36TM 5950-60TM 5950-36PM 5950-60PM 5950-36CM

Configuration storage recovery
Log management, Syslog, and REMON
Time management, and NTP
IPv6 equipment management
Basic MIB functions
Traffic statistics
Cluster VSC2.0, ZGMP
manage
ment

Traffic sFlow, SPAN

analysis

ZTE Confidential & Proprietary 67

ZXR10 5950 GE Intelligent Switch Product Description

6 Networking Modes

6.1 Enterprise Network/Community Network

Applications

Enterprise network has high bandwidth and performance requirements. It focuses on the
security functions of the network. So we have to provide the customer with all-in-one data
video and voice bearing and the overall security solution. ZXR10 5950 provides
high-density GE ports so that it can implement GE access and aggregation in enterprise
and community network. The application is shown in the following figure.

Figure 6-1 MAN networking

Local Campus Enterprise WAN Internet

Router
Server
Group 89E Series NMS

Campus
Convergency

5950 Series
Building
Convergency

Floor
Convergency

Access

68 ZTE Confidential & Proprietary

 ZXR10 5950 GE Intelligent Switch Product Description

6.2 L2 Access Application

ZXR10 5950 series switch that supports PoE can meet L2 access network demands of
the operators. It can meet IPTV application. The typical application of it is shown in the
following figure.

Figure 6-2 L2 access application

Public service bear

plane
Country/state Internet Carrier-class
backbone Service Service

Public Service Public Service

Internet Service Carrier-class
MAN MAN backbone
Flows Service Flows
backbone
Internet Service Carrier-class
POP Service POP
MAN
Convergency 5950 Series
Network Switch

Convergence
Network

LAN/SDLAM EPON/OTN WiFi wireless

access access Access/others

7 Abbreviations
Abbreviations Full name
MLD Multicast Listener Discovery Protocol

PIM-SM Protocol Independent Multicast Sparse Mode

PIM-DM Protocol Independent Multicast-Dense Mode

RIP Routing Information Protocol

ARP Address Resolution Protocol

ACL Access Control List

OSPF Open Shortest Path First

IS-IS Intermediate System-to-Intermediate System

ZTE Confidential & Proprietary 69

ZXR10 5950 GE Intelligent Switch Product Description

Abbreviations Full name

BGP Border Gateway Protocol

ISATAP Internet/Site Automatic Tunnel Addressing Protocol

COS Class of Service

TOS Type of Service

BRAS Broadband Remote Access Server

DSLAM Digital Subscriber Line Access Multiplexer

VRRP Virtual Router Redundancy Protocol

RED Random Early Detection

DSCP Differentiated Services Code Point

RMON Remote Monitor

SNMP Simple Network Management Protocol

DHCP Dynamic Host Control Protocol

ESRP Ethernet Smart Ring Protocol

QoS Quality of Service

ZESS ZTE Ethernet Smart Switch

IGMP Internet Group Management Protocol

PVLAN Private VLAN

STP Spanning Tree Protocol

RSTP Rapid Spanning Tree Protocol

LACP Link Aggregation Control Protocol

BPDU bridge protocol data unit

DVMRP Distance vector multicast routing protocol

MAC Media Access Control

TFTP Trivial File Transfer Protocol

UDLD Unidirectional Link Detection

L2PT Layer 2 Protocol Tunnel

VCT Virtual Cable Tester

IEEE Institute of Electrical and Electronics Engineers

RADIUS Remote Authentication Dial In User Service

70 ZTE Confidential & Proprietary