H3C SR6600
H3C SR6600

Share:


H3C SR6600

H3C SR6600 Router Series
H3C SR6600 multi-core router series is a set of core routers provided by H3C for carrier, governments, power, finance, education, and enterprise customers. It is the first router series that uses the multi-core multi-threading architecture. Its brand-new hardware platform and service-oriented design meet the diversified requirements of users for future expansion, suiting the IT construction status quo and development trend.

The series uses a distributed architecture for processing all services. All services are provided by the FIP modules. No extra service modules are required. The H3C Apollo core chipset integrates routing and service processing to ensure high performance service forwarding. The SR6600 uses Comware V7 network operating system that allows for multiple CPUs, distributed computing, modular design, high available architecture, virtualization, and openness.

The SR6600 series has two models: SR6604 and SR6608.

Features:
First multi-core high-end router in the industry

The series is the first router series that uses the multi-core multi-threading architecture. This architecture greatly improves performance, agility, and programmability and brings ease of use, enabling the series to provide flexible L4 to L7 features. Hardware acceleration speeds up processing of security services and services at the link layer, allowing processors to focus on critical L4 to L7 services.
With all the features, the series can respond well to new services in the future and perfectly adapt itself to network development.

New generation network operating system

Multiple cores, symmetrical multi-processing (SMP), Comware V7 platform, and independent processing allow for dynamic loading and independent upgrade. Sophisticated management ensures system availability and performance.
Comware V7 platform ensures the performance for key services in real time by reserving dedicated CPU sets for key services. Priority scheduling ensures that the key services that require real-time processing are processed even when the CPU is highly loaded.
Comware V7 supports distributed computing. Global protocols such as MPLS and BGP can be distributed to CPUs on different MPUs. Distributed computing ensures high system performance.

Fully distributed processing architecture

Separation of routing engine, service engine, and forwarding engine, and separation of the control plane and service plane ensure that services are not interrupted during active and standby MPU switchover. NAT, IPSec, and NetStream services are processed independently by the separate engines, which improves system processing performance and ensures high availability.

WAN IRF2

Intelligent Resilient Framework 2 (IRF2) virtualizes two SR6600 routers into one device. IRF2 virtualization reduces network maintenance costs, simplifies network configuration, and improves link bandwidth and device utilization.
Link aggregation on distributed devices provides load balancing and backup for multiple uplinks. Aggregation links support various services, such as QoS, NetStream analysis, NAT, and data encryption.
Patented stateful failover technology enables real-time backup and uninterrupted Layer 3 forwarding on the control plane and data plane. Stateful failover increases reliability and performance of the virtual architecture, reduces single point of failure, and prevents service interruption.

High port density and enhanced aggregation capability

With the RPE-X3 architecture and four-slot service modules, the series can support a maximum of 16 high-speed MIC-X interface modules and provide the best WAN port aggregation capability among routers of the same kind.

Industry-leading encryption performance

All the service modules of the series are encrypted by the built-in hardware to achieve high-performance IPSec encryption. This ensures secure transmission of traffic in WANs and the internal network without increasing the cost.

Outstanding routing capability

The series provides large capacity for routing entries, various routing policies, and advanced policy routing. Outstanding routing performance ensures flexible control and scheduling, meeting various service requirements for carriers and enterprises. The SR6600 supports IPv4 and IPv6 static and dynamic routing protocols, such as RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-ISv6, and BGP/BGP4+.

Abundant VPN features

The series supports L2TP, IPsec, GRE, and independent encryption core to enhance encryption performance and increase tunnel capacity to meet encryption gateway requirements. These features enhance transmission security without increasing costs.
Traditional VPN is less flexible because an access device cannot obtain the public IP address of the peer end during the registration. Traditional VPN is hard to maintain because it requires N2 connections for a full meshed network. The series provides the Auto Discovery Virtual Private Network (ADVPN) solution. ADVPN allows the access routers that use dynamic IP addresses to build VPNs between branches. ADVPN increases network flexibility and simplifies maintenance operation. ADVPN also supports features such as NAT traversal, security authentication, IPsec encryption, and multi-VPN domains.
To remove complexities caused by the exponential increase of IKE SAs and IPSec SAs, the series uses the GDVPN solution that offers a group-based IPSec model. GDVPN encapsulates a new IP header that is the same as the original IP header for packets without changing the original IP header, retaining the original routing structure and enhancing QoS performance. GDVPN uses tunnel-less connections and performs one-time encryption on each multicast packet instead of sending an encryption packet to each peer, which improves multicast efficiency.
The SR6600 supports MPLS features such as L2VPN, L3VPN, and MPLS TE, and can cooperate with other router models to provide various high-performance and secure MPLS VPN solutions.

All-around network security protection

The series ensures service security by using FIP modules. FIP modules cooperate with the RSE-X3 MPU and Comware V7 software to take over all the services on traditional service modules, which reduces costs and simplifies management.
The routers provide the following built-in security features:
Firewall features—Packet filtering firewall, status firewall, attack packet filtering, and log filtering. ACL accelerating algorithm minimizes the ACL filtering impact on firewall performance.
Built-in anti-attack features:
● Anti-single packet attacks—Protects the networks against single packet attacks, such as the Fraggle, ICMP redirect, ICMP unreachable, LAND, large ICMP, route record, smurf, source route, TCP flag, Tracert, and WinNuke.
● Anti-scanning attacks—Prevents attackers from scanning the host IP addresses and ports to avoid topology and service detecting.
● Anti-flooding attacks—Prevents SYN flood, ICMP flood, and UDP flood.
● Blacklist features—Filters attacking packets based on source IP addresses. Filters out the attacking packets sent from specific source IP addresses.
User tracking—Monitors user behaviors based on the logs and the IMC UBAS solution.

Smart bandwidth management

In primary/backup networks, smart bandwidth management routes traffic to the backup network based on the policies when traffic load on the primary network is heavy.
Smart bandwidth management provides the following features:
Unequal cost multiple path (UCMP)—Manages bandwidth usage based on weight. Traffic is directed to paths based on the bandwidth of the path.
Bandwidth reservation and resource sharing—Bandwidth is reserved for services. Remaining bandwidth is used for traffic burst after the reserved bandwidth is used up.
Hierarchical CAR—Allows for bandwidth reallocation, improving bandwidth utilization.

Carrier-class availability

The series uses distributed architecture and provides redundancy for MPUs, switching fabric modules, power modules and hot-swapping for MPUs, services cards, and power modules. The control plane and service plane are separated. Faulty hardware is automatically isolated.
The series provides various high availability software features listed in the following table.

Hardware Specifications:
Item SR6604 SR6608
Chassis Integrated chassis, which can be installed in a 19-inch rack. Distributed service architecture. Integrated chassis, which can be installed in a 19-inch rack. Distributed service architecture.
MPU slots 2 (1+1 redundancy) 2 (1+1 redundancy)
Maximum FIP modules 2 4
Forwarding Performance In Service (IMIX) FIP-260: 15Gbps
FIP-380: 20Gbps
FIP-660: 60Gbps
SAP-XP4GE32: 38Gbps
IPSec throughput FIP-260:10Gbps
FIP-380: 14bps
FIP-660: 35Gbps
SAP-XP4GE32: 12Gbps
IPSec tunnel RPE-X5E: 50,000
RPE-X5: 50,000
RPE-X3: 10,000
Power module 1+1 redundancy
650W/1200W
1+1 redundancy
650W/1200W
Rated AC power 100 to 240 VAC @ 50 Hz/60 Hz 100 to 240 VAC @ 50 Hz/60 Hz
Rated DC power –48 to –60 VDC –48 to –60 VDC
Operating temperature 0ºC to 45ºC (32°F to 113°F) 0ºC to 45ºC (32°F to 113°F)
Operating humidity 5% RH to 95% RH, non-condensing 5% RH to 95% RH, non-condensing
Operating altitude –60 to +5000 m (–196.85 to +16404.20 ft) –60 to +5000 m (–196.85 to +16404.20 ft)
Size 436mm×480mm×220mm(5U) 436mm×480mm×308mm(7U)
MTBF 31.19 years 26.8 years
MTTR 1 hour 1 hour
EMC FCC Part 15 (CFR 47) CLASS A
ICES-003 CLASS A
VCCI CISPR32 CLASS A
CISPR 32 CLASS A
EN 55032 CLASS A
AS/NZS CISPR32 CLASS A
CISPR 24
EN 55024
EN 61000-3-2
EN 61000-3-3
EN 61000-6-1
ETSI EN 300 386
EN 301 489-1
EN 301 489-17
FCC Part 15 (CFR 47) CLASS A
ICES-003 CLASS A
VCCI CISPR32 CLASS A
CISPR 32 CLASS A
EN 55032 CLASS A
AS/NZS CISPR32 CLASS A
CISPR 24
EN 55024
EN 61000-3-2
EN 61000-3-3
EN 61000-6-1
ETSI EN 300 386
EN 301 489-1
EN 301 489-17
Security UL 60950-1
CAN/CSA C22.2 No 60950-1
IEC 60950-1
EN 60950-1/A11
AS/NZS 60950
EN 60825-1
EN 60825-2
FDA 21 CFR Subchapter J
GB 4943
UL 60950-1
CAN/CSA C22.2 No 60950-1
IEC 60950-1
EN 60950-1/A11
AS/NZS 60950
EN 60825-1
EN 60825-2
FDA 21 CFR Subchapter J
GB 4943

Software specifications

Item SR6608
Layer 2 Protocol ARP: Dynamic ARP, static ARP, proxy ARP, gratuitous ARP, ARP Snooping, ARP Detection.
Ethernet and sub interface VLAN
PPPoE server
QinQ termination
VLAN/Super VLAN/VLAN Mapping
Port mirroring
LLDP, DLDP.
STP/RSTP/MSTP
LACP
Broadcast suppressing
PPP, MP, HDLC
PPPoE Server, PPPoE Client
L2TP
IP service TCP, UDP, IP option, and IP unnumber
Policy routing
Layer 3 Ethernet interface binding
IP routing Static routing
RIPv1, RIPv2, OSPFv2, BGP, IS-IS, EIGRP
Recursive route
ECMP
UCMP
BGP GTSM
ISIS MTR
IPv4 multicast IGMPv1/v2/v3
PIM-DM, PIM-SM, PIM-SSM
MSDP
MBGP
Static multicast routing
Multicast host tracking
IP application DHCP server, DHCP relay, and DHCP client
DNS client
NTP server and client
Telnet server and client
TFTP server and client
FTP server and client
UDP helper
IPv6 Basic functions: IPv6 ND, IPv6 PMTU, dual stack forwarding, IPv6 ACL, and DHCPv6 server/proxy
IPv6 tunnel technologies, IPv6 manual tunnels, IPv6-over-IPv4, GRE tunnels, automatic IPv4-compatible IPv6 tunnels, 6to4 tunnels, ISATAP tunnels, and 6PE
6VPE (IPv6 MPLS L3VPN)
NATPT
Static routing
Dynamic routing protocols: RIPng, OSPFv3, IS-ISv6, and BGP4+
IPv6 multicast protocols: MLDv1/v2, PIM6-DM, PIM6-SM, and PIM6-SSM
QoS Flow classification based on port, MAC address, IP address, IP priority, DSCP priority, TCP/UDP, and protocol type
Traffic management: CAR rate limiting and configurable granularity
Rate limiting based on the source and destination addresses (supporting network segment limiting)
GTS traffic shaping
Priority marking/remarking
Queue scheduling mechanisms: FIFO, PQ, CQ, WFQ and RTPQ, and CBWFQ
Congestion avoidance: Tail-Drop and WRED
LR rate limiting
MPLS QoS
IPv6 QoS
QoS policy propagation on BGP (QPPB)
Security Time-based access control
Packet filtering firewall
ASPF state firewall
Local TCP anti-attack
Control plane rate limiting
URPF
Web filtering
Hierarchical user management and password protection
AAA
RADIUS
TACACS+
Portal authentication (EAD association and portal fail-permit)
PKI certificate
SSH 1.5/2.0
RSA
IPsec, IPsec multi-instance, and IKE
BGP/BGP4+ (supporting GTSM)
Password control
Attack detection and defense
IP service features NAT, NAT multi-instance, VPN NAT, and NAT logs
Session limiting
GRE tunnel (one-to-many application)
IPsec tunnel
L2TP tunnel
NetStreamv5/v8/v9 format and IPv4/IPv6/MPLS packet statistics
ADVPN、GDVPN
EVI
SDN
MPLS L3VPN: Multi-AS MPLS (Option1/Option2/Option3), hierarchical MPLS VPN, hierarchical PE (HoPE), dual-homing CE, MCE, and multi-role host
L2VPN: VPLS, Martini, Kompella, CCC, and SVC
VPLS/H-VPLS
MPLS TE and RSVP TE
Multicast VPNs, NG-MVPN
SDN BGP-LS
Segment-routing
VXLAN、EVPN
WAN optimization
Availability Redundancy backup for critical components including MPUs and power modules
VRRP/VRRPv3
FRR
IGP fast convergence
BFD
ISSU
IRF2
GR
NSR
NSF
EAA
Ethernet OAM
Software hot fixes
Hot swapping for MPUs, line cards, interface modules, power modules, and fan trays
Management and maintenance Command line configuration
Configuration through the console port
Remote configuration and maintenance through Telnet
SNMPv1/v2/v3
Web-based configuration and management
RMON, supporting 1, 2, 3, or 9 MIB groups
System logs
Alarm classification
Ping and Tracert
NQA (supporting association with VRRP, policy routing, and static routing)
Fan status detection, maintenance, and notifications
Power module status detection, maintenance, and notification
CF card status detection and maintenance
Ambient temperature detection and notification
sFlow
File system FAT format
CF card
USB (connecting external storage device)
Loading and upgrading Xmodem
FTP and TFTP


 Inquiry - H3C SR6600