215150 - Huawei Enterprise
#215150
September 2015
Commissioned by
Huawei Technologies Co., Ltd
Huawei S12700 Series Agile Switches
Programmable Capability, Performance and Feature Validation
Executive Summary
The Huawei S12700 series Agile Switch is a fully programmable
core switch based on Huawei’s high-end core router platform
technology. The Main Processing Units (MPUs), in a back-to-back
hardware-based cluster, support 1+N redundancy. With the
Ethernet Network Processor (ENP), the S12700 provides high
capacity, large buffer, programmability at the forwarding layer,
integrated T-bit Access Controller (AC) capability, Unified User
Management, and multiple user-defined functions. The S12700
can also implement wired and wireless convergence and vertical
virtualization.
Tolly engineers verified Huawei’s S12700 series Agile Switches in
multiple areas including the native wireless AC capability, Super
Virtual Fabric (SVF), iPCA real-time network quality monitoring,
unified user management, QoS, high availability, easy-operation,
Zero Touch Deployment, programmable capability, SDN with full
OpenFlow 1.3 compliance, switch fabric module N+1 redundancy,
performance, capacity, as well as data center features including
Virtual System (VS), TRILL and VXLAN.
The Bottom Line
Huawei S12700 Series Agile Switches:
1
2
Support wireless Access Controller functions natively with Tbit wireless forwarding capability, up to 4K wireless Access
Points and up to 64K wireless users management capacity, as
well as real-time AC backup for high availability
Support Huawei’s proprietary Super Virtual Fabric (SVF) to
virtualize devices on different layers, including wireless APs,
into 1 network element for management. SVF supports two
layers of clients with up to 4K wireless access points and 576
physical access switches. One SVF instance can cross thirdparty vendors’ Layer 2 network
3
Support the Packet Conservation Algorithm for Internet
(iPCA) technology. iPCA uses actual service flows to detect
the network quality at any node, any time, without
additional cost
4
Support unified user management with MAC, 802.1x, and
Portal authentication modes
5
Support numerous data center features including TRILL,
VXLAN and VS
Huawei Super Virtual Fabric (SVF) Architecture
Figure 1
Source: Tolly, August 2015
© 2015 Tolly Enterprises, LLC
Tolly.com
Page 1 of 12
Huawei S12700 Series Agile Switches Performance and Features
Test Results
Native T-bit Wireless Access
Controller (AC)
T-bit Capability
Traditionally, wireless Access Controller (AC)
functions are implemented by independent
physical devices or cards. Huawei native T-bit
ACs, which are based on Ethernet Network
Processor (ENP) technology, integrate AC
processing and Ethernet switching on the
ENP line card (X1E series line card) of the
S12700 switch. Tolly engineers verified that
the entire system on one S12712 switch
could provide 960Gbps CAPWAP tunnel
encapsulation/decapsulation and data
forwarding capability. Compared with
traditional independent ACs, the native T-bit
AC can support more wireless Access Points
(APs) and users.
Wired and Wireless Convergence
Tolly engineers verified that one S12700
switch could manage 4K (4,096) APs and 64K
(65,535) concurrent online wireless users and
provide connectivity between the wired and
wireless networks to achieve wired and
wireless network convergence.
Switch Redundancy for Wireless
Access
When two S12700 switches were virtualized
into one virtual device using the Huawei
Cluster Switch System 2 (CSS2) technology,
the two switches supported real-time AC
backup. When one switch failed, the wired
and wireless users were still online. Traffic of
the wired and wireless network was properly
forwarded.
ENP Line Card Redundancy for
Wireless Access
The native AC functions are supported with
the Huawei Ethernet Network Processor
© 2015 Tolly Enterprises, LLC
(ENP) line cards which also support Ethernet
switching. Whenever one device (a physical
S12700 switch or a virtual device with two
S12700 switches using the CSS2 technology)
has one ENP line card, the device supports
wireless Access Controller (AC) functions
natively.
Tolly engineer verified that when the S12700
device (physical or virtual) has two ENP line
cards, the failure of one ENP line card did not
cause Ping packet loss between the wired
client and wireless client. Also, the wireless
users were still online after failure.
#215150
Huawei
Technologies, Co.,
Ltd
S12700 Series
Agile Switches
Performance
Evaluation
and Feature
Validation
Tested
August
2015
Super Virtual Fabric
Enterprise campus networks are built stepby-step and have numerous access nodes,
multiple layers, and complex topologies. The
wide deployment of wireless networks
makes enterprise campus networks more
difficult to manage.
To address these problems, Huawei
developed the Super Virtual Fabric (SVF)
technology based on the S12700 Agile
Switch. SVF virtualizes different network
layers’ devices including wired and wireless
ones into a single network element. The
entire network is a large virtual switch to
simplify network deployment and
management. Administrators can configure
or upgrade the member switches from the
parent switch.
A chassis switch contains the Main Processing
Units (MPUs) and line cards, providing a
visualized management view for
administrators. Huawei SVF virtualizes core/
aggregation layer devices into the virtual
switch’s MPU, access switches into the line
cards, and wireless APs into the ports.
Tolly engineers verified that when one
S12700 switch worked as the SVF parent
switch, the SVF supported 4,096 wireless APs
and 64 Access Switch clients while each
Access Switch (AS) client supports a stack of
Tolly.com
up to 9 physical access switches using the
iStack technology. So 576 physical access
switches were supported in one SVF
instance.
Tolly engineers also verified that the SVF
instance can cross third-party vendor
devices with Layer 2 connectivity. One Cisco
Catalyst 3750 switch was used between the
parent Huawei device and the client Huawei
device in the SVF test.
SVF could be managed by the Huawei
eSight Unified Management Platform.
iPCA
The S12700 adopts Huawei’s proprietary
Packet Conservation Algorithm for Internet
(iPCA). Unlike traditional detection
technologies, such as Network Quality
Analyzer (NQA) and Y.1731 that use
simulated or inserted streams, iPCA
implements the evolution from estimated to
accurate Operations and Maintenance
(O&M). NQA technology uses simulated streams
to detect network quality, and the Y.1731
technology uses inserted streams. Both
methods actually detect link quality by
simulating service flows. Therefore, these
detection methods cannot reflect the actual
link quality or accurately locate fault sources.
From Huawei’s field experience, latency,
Page 2 of 12
Huawei S12700 Series Agile Switches Performance and Features
jitter, and packet loss accuracy of traditional
methods is only about 30 percent. Since
traditional methods locate faults by reducing
fault impact ranges, the fault location is less
precise and the fault isolation process can
take weeks or longer.
iPCA is an in-line detection technology that
uses programmable service flows to detect
network quality, dye the packets with no
overhead, count real service flows, and detect
service flow link quality anytime and
anywhere. According to Huawei, the latency,
jitter, and packet loss detection accuracy of
iPCA can reach 99 percent. Each Ethernet
Network Processor (ENP) has two built-in
detection points that cover all forwarding
paths on links, cards, and processors. Faults
are reported based on fine granularity. If a
network problem that affects user experience
occurs, iPCA can locate the link, card, or
processor where the problem occurs within
seconds.
Tolly engineers verified that the S12700
switch supported iPCA to detect the device
level, link level and network level packet loss
accurately.
Unified User Management
Due to high user management capabilities,
Broadband Remote Access Server (BRAS)
devices are widely used in carrier networks.
But high prices have hindered BRAS’
deployment in campus networks. The S12700
switch with the ENP line cards features
powerful programming capabilities and
provides Unified User Management, which
authenticates both wired and wireless users.
Tolly engineers verified that the S12700
shielded capability and access differences
between devices and supported multiple
authentication modes, including 802.1X,
MAC address and Portal for both wired and
wireless clients.
© 2015 Tolly Enterprises, LLC
Traditional operation and maintenance
methods focus on device management;
therefore, only limited Access Control Lists
(ACLs) can be used to manage user
bandwidth and control user rights. The
S12700 adopts a user-oriented management
design, assigning each user an individual
table to control rights, bandwidth, and
Quality of Service (QoS), allowing
authorization based on groups, domains, or
time.
Tolly engineers verified that the S12700 could
dynamically assign the new VLAN and ACL to
a user when the user got authenticated.
Also, with the help of the Huawei UCL user
group, administrators could create an ACL
rule “rule 1 deny IP source UCL-group name
Test destination [File Server’s IP address]” to
dynamically block all users in the “Test”
group to access the file server. UCL Group
information is deployed to the switches as
the HW_UCL_Group attribute from the
RADIUS server when a user gets
authenticated.
The S12700 also supported Destination
Address Accounting (DAA) to dynamically
adjust the bandwidth and accounting
according to the destination address
(different services) of different users.
QoS
Tolly engineers verified that the S12700
switch supported granularity as low as 1 Kbps
for traffic policing with the ENP line cards. The
ENP line cards on the S12700 also supported
up to 5 levels Hierarchical QoS (HQoS) to
provide differentiated services.
CSS2
Two S12708/S12712 switches were
virtualized as one logical switch with 32
10GbE ports on each switch using Huawei’s
CSS2 technology. Each switch used four
8*10GbE ports cluster service subcards. Tolly
Tolly.com
#215150
engineers verified that the throughput
across the switch using the stacking cables
could reach 100% of the line-rate (line-rate
as 320Gbps bidirectional, 640Gbps
aggregated) using 64-byte frames without
frame loss.
The S12704 switch supported two 8*10GbE
ports cluster service subcards. Thus the 16
10GbE links between two S12704 switch
supported 160Gbps bidirectional (320Gbps
aggregated) throughput using 64-byte
frames.
Tolly engineers also verified that the average
latency across the switches over the stacking
cables was 3.28 μs.
The CSS2 technology also supported 1+N
Main Processing Unit (MPU) redundancy.
Tolly engineers verified that when 3 out of 4
MPUs on two S12700 switches were pulled
out, there was no frame loss for existing
traffic.
Easy-operation
Three features of easy-operation was
verified:
Zero-touch Deployment of New Switches Administrators can specify a configuration
file for each type of switch. When an out-ofbox switch is connected to the network, it
receives the commander switch’s IP address
using option 148 from the DHCP server.
Then it gets the easy deployment
configuration for the type of switch it
belongs to and receives the FTP server’s IP
address and credential as well as the
configuration file’s position. Lastly, it
downloads the configuration file from the
FTP server and runs it.
Centralized software upgrading and patch
deployment - Administrators can remotely
upgrade the software or deploy a patch to
a member switch from the command
switch.
Page 3 of 12
Huawei S12700 Series Agile Switches Performance and Features
#215150
Huawei S12700 Series Agile Switch
Tolly Certified Features and Capacity - Part 1 of 2
Nativve T-bit Wireless Access Controller (AC)
Dataa Center Features
T-bit Capability
960Gbps CAPWAP tunnel encapsulation and decapsulation capability
Wired and Wireless Convergence
Manage 4,096 wireless access points (APs), 65,535 concurrent online wireless users and provide
connectivity between wired and wireless networks
Switch Chassis Redundancy for Wireless Access
with two S12700 switches stacked using the Huawei CSS2 technology,
Real-time wireless Access Controller (AC) backup
Virtual System - one physical S12700 switch can be virtualized into 8 virtual systems
Transparent Interconnection of Lots of Links (TRILL)
Hardware gateway for overlay networks - VXLAN
Programmable Capability
ENP Line Card Redundancy for Wireless Access
Supeer Virtual Fabric
SVF Parent Switch
with 4,095 wireless APs and 64 Access Switch (AS) clients (each AS client supports a stack of 9
physical access switches using the Huawei iStack technology). So 576 physical access switches
were supported in one SVF instance
SVF across third-party vendors’ devices
(Layer 2 connectivity)
Protocol Oblivious Forwarding (POF) and Programmable Capability
Softw
ware Defined Network (SDN) - OpenFlow 1.3
iPCA
A
Full OpenFlow 1.3 Compliance 100% passing 562 Spirent OpenFlow 1.3 Compliance Test Cases
Perfoormance and Capacity
Device Level, Link Level and Network Level Packet Loss Monitoring with actual service packets
802.1X, MAC Address, Portal, and IPoE Authentication for both wired and wireless clients
Dynamic VLAN and ACL for each user when the user gets authenticated
Switch Fabric Module N+1 Redundancy
Forwarding Capability: ~9,120Mpps with one S12712 switch
~6,240Mpps with one S12708 switch
~3,120Mpps with one S12704 switch
576 10GbE Ports Full-mesh Line-rate Forwarding on One S12712 Switch
384 10GbE Ports Full-mesh Line-rate Forwarding on One S12708 Switch
192 10GbE Ports Full-mesh Line-rate Forwarding on One S12704 Switch
640Gbps fabric connection per slot
480Gbps fabric connection per slot with switch fabric module redundancy
Dynamic User Access Control with the UCL Group
e.g. an ACL rule “rule 1 deny IP source UCL-group name Test destination [File Server’s IP address]”
can dynamically block all users in the “Test” group to access the file server. UCL Group information
is deployed to the switches as the HW_UCL_Group attribute from the RADIUS server when a user
gets authenticated
MAC table capacity: 1,048,576
Destination Address Accounting (DAA)
MAC Address Learning Rate: > 8,000 MAC addresses per second
ARP table capacity: 262,144
ARP Learning Rate: 1,000 ARP entries per second
FIBv6 table capacity: 1,000,000
BGP Route Convergence Rate: > 20,000 routes per second
Multicast Routing Table Capacity: 128,000 (S,G) entries
NetStream Capacity: 1,048,576 entries
ACL Capacity: 256,000 rules
64 LACP group, one Link Aggregation Group supports 32 links
Encapsulate 64K (65,536) QinQ combinations
Decapsulate 64K (65,536) QinQ combinations
Unifiied User Management
QoS
1 kbps granularity for traffic policing with the Ethernet Network Processor (ENP) line cards
5 levels Hierarchical QoS (HQoS) with the ENP line cards
Huaw
wei Cluster Switch System (CSS2)
320Gbps bidirectional (640Gbps aggregated) stacking throughput using 32*10GbE stacking links
(S12708, S12712)
160Gbps (320Gbps aggregated) stacking throughput using 16*10GbE stacking links (S12704)
3.28 μs cross switch latency for a CSS2 virtual system with two S12700 switches
1+N Main Processing Unit (MPU) redundancy
Easyy-operation (as the commander)
Zero-touch deployment of new switches
Commander switch automatically loads the specified configuration to out of box member
switches
Centralized software upgrading and patch deployment
Update the software or load a patch to a member switch from the commander switch (S12700
could work as the member service as well)
Faulty device replacement without configuration
Command switch automatically load the backed up configuration of the faulty member device to
the replacement switch
FIBv4 table capacity: 3,000,000
MPLS Label Capacity: 32,000 MPLS labels/LSPs
Zero Touch Deployment using the eSight Unified Management Platform
Table 1
Source: Tolly, August 2015
© 2015 Tolly Enterprises, LLC
Tolly.com
Page 4 of 12
Huawei S12700 Series Agile Switches Performance and Features
#215150
Huawei S12700 Series Agile Switch
Tolly Certified Features and Capacity - Part 2 of 2
Line Card Performance
High
h Availability
ET1D2X16SSC2 16*10GbE Ports Line Card: 100% line-rate forwarding
Huawei Smart Ethernet Protection (SEP) ring Layer 2 failover - 5.5ms
ET1D2X32SSC0 32*10GbE Ports Line Card: 100% line-rate forwarding, <1.2μs latency
Huawei SEP ring Layer 3 failover - 13.8ms
ET1D2L02QFC0 2*40GbE Ports Line Card: 100% line-rate forwarding, <1.2μs latency
IP FRR - 7ms
ET1D2L08QSC0 8*40GbE Ports Line Card: <1μs latency
ET1D2C02FEE0 2*100GbE Ports Line Card: 100% line-rate forwarding
ET1D2X48SEC0 48*10GbE Ports Line Card: 100% line-rate forwarding, <1.2μs latency
N:64 Port Mirroring
more than 200ms buffer on one GbE port of the ET1D2S08SX1E line card
more than 200ms buffer on one 10GbE port of the ET1D2S08SX1E line card
3.3ms CFM OAM
Multicast ARP for Microsoft Network Load-Balance (NLB)
Secu
urity - Next Generation Firewall (NGFW) Module
Load Balancing
Modes: Round Robin, Weighted Round Robing, Source Address Hash, etc.
Featu
ures
Hardware Architecture: Modular Fan Frame and Left-to-back Airflow
Dynamic Smart VPN (DSVPN)
Hardware Architecture: Independent Monitoring module, Main Processing Unit, Switch Fabric Unit,
and Service Line Card
Monitoring 2,000,000 streams’ traffic statistics with the NetStream feature
Hardware Fault Monitoring
up to 40Gbps Aggregated Throughput
ICMP Hardware Fast Reply
Maximum concurrent sessions: 12,000,000
Free Mobility
Maximum new sessions connection rate: 400,000 connections per second
One 100GbE ports can be split into two 40GbE ports or ten 10GbE ports
Source: Tolly, August 2015
Faulty device replacement without
configuration - The commander switch
backs up the configuration of all member
switches periodically. When a member
switch fails, administrators can take it down
and put an out-of-box switch of the same
model to the network. The commander
switch automatically loads the latest backup
configuration file of the faulty switch to the
new switch so no configuration is needed on
the replacement switch.
Tolly engineers verified the three features
when the S12700 switch was a commander
switch. The centralized software upgrading
and patch deployment feature was also
verified when the S12700 switch was a
member switch.
Tolly engineers also verified that the Huawei
eSight Unified Management Platform
supported the Zero Touch Deployment
feature. Administrators can plan the
network topology using eSight’s graphic
Web interface and specify the configuration
© 2015 Tolly Enterprises, LLC
Table 2
for each remote device. The S12700 switch
which is managed by eSight can then work
as the root device to automatically deploy
planned configurations to the remote
devices when the out-of-box remote
devices connects to the network.
Data Center Feature
Virtual System
One S12700 switch could be virtualized into
eight virtual systems based on ports. Each
virtual system worked independently.
TRILL
Transparent Interconnection of Lots of Links
(TRILL) uses Layer 3 routing techniques to
build a large Layer 2 network. Tolly
engineers verified that the S12700 switch
supported TRILL.
Tolly.com
VXLAN
Virtual Extensible LAN (VXLAN) is one
major data center overlay network
technology.
The overlay network technologies can
provide Layer 2 connectivity for tunnel
endpoints (e.g virtual switches) over a
physical Layer 3 network. It can expand the
Layer 2 network for the virtual machines,
overcome the limitation of VLAN numbers
by adding a new Layer 2 network segment
header (VNI for VXLAN), and reduce the
demands of the MAC tables on the physical
switches.
To allow the virtual environment using
VXLAN to communicate with other nonVXLAN endpoints as well as provide Layer 3
connectivity for VMs in different network
segments of the overlay network, a
gateway is needed. Tolly engineers verified
that the Huawei S12700 switch could act as
the gateway for the VXLAN overlay
network.
Page 5 of 12
Huawei S12700 Series Agile Switches Performance and Features
Programmable Capability
modifying according to the user-customized
flow table.
Tolly engineers evaluated two aspects of the
Huawei S12700 Agile Switches’ Protocol
Oblivious Forwarding (POF) support and
programmable capability.
SDN - OpenFlow 1.3
Compliance
First, Tolly engineers verified that the S12700
could encapsulate/decapsulate packets with
non-standard headers and forward packets
with user specified flows. This feature gives
users the possibility to define their own
protocols to forward packets. One typical user
case with this feature is location-based
forwarding. Packets can be forwarded
according to the Ethernet ports’ building,
room, etc.
Secondly, Tolly engineers verified that the
S12700 can match standard packets with
headers including Ethernet type, IP
destination, MAC destination, etc. and then
take actions like forwarding, dropping or
#215150
Performance
Switch Fabric Module N+1
Redundancy
Tolly engineers verified that the S12700
switch passed all 562 test cases in the Spirent
OpenFlow 1.3 Conformance Test Suite as well
as all 416 test cases in Huawei’s OpenFlow 1.3
Compliance Test Suite. The Huawei S12700
switch is the first switch Tolly has verified to
fully support OpenFlow 1.3.
The Spirent and Huawei test cases provided
comprehensive coverage of the OpenFlow
basic protocols exercising various kinds of
OpenFlow messages, connection, flow_table,
group table, multi-table, meters, counters,
MPLS, VLAN, IPv6, etc.
Tolly engineers verified that, with either 3 or 4
fabric modules, the S12708 switch could
always provide 100% line-rate full-mesh
throughput using 384 10GbE ports across 8
interface modules with 64-, 128-, 256-, 512-,
1024-, 1280-, 1518- and 9216-byte frame
sizes. Also, with 3 or 4 fabric modules, the
S12712 switch could always provide 100%
line-rate full-mesh throughput using 576
10GbE ports across 12 interface modules
with 64- to 9216-byte frame sizes. See
Table 3.
Forwarding Capability
Each S12712 switch supported about
9,120Mpps forwarding capability. Each
S12708 switch supported about 6,240Mpps
Huawei S12700 Switch Layer 3 10GbE Ethernet RFC2544 Throughput
(as reported by HUTAF Tesgine 2.0 version 100.002.00.027)
Frame Sizes
S12712
576 x 10GbE ports in Full-mesh with Four Switch
Fabric Units (SFUs)1
S12712
576 x 10GbE ports in Full-mesh with Three Switch
Fabric Units (SFUs)1
S12708
384 x 10GbE ports in Full-mesh with Four Switch
Fabric Units (SFUs)2
S12708
384 x 10GbE ports in Full-mesh with Three Switch
Fabric Units (SFUs)2
S12704
192x 10GbE ports in Full-mesh with Two Switch
Fabric Units (SFUs) 3
S12708
96 x 10GbE ports in Backbone across Two Line
Cards4
64-Byte
Throughput (peercentage of line-rate) with zero frame loss
128-Byte 256-Byte 512-Byte 1024-Byte 1280-Byte 1518-Byte
9216-Byte
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
Note: 1. Twelve ET1D2X48SEC0 48x10GbE ports interface modules on one S12712 switch were tested with ET1D2SFUD000 SFUs.
2. Eight ET1D2X48SEC0 48x10GbE ports interface modules on one S12708 switch were tested with ET1D2SFUD000 SFUs.
3. Four ET1D2X48SEC0 48x10GbE ports interface modules on one S12704 switch were tested with ET1D2SFUD000 SFUs.
4. Two ET1D2X48SEC0 48x10GbE ports interface modules on one S12708 switch were tested. Each port on each interface module sent traffic to all 48
ports on the other interface module. 960Gbps aggregated throughput were demonstrated between two interface modules for all frame sizes tested.
Source: Tolly, August 2015
© 2015 Tolly Enterprises, LLC
Table 3
Tolly.com
Page 6 of 12
Huawei S12700 Series Agile Switches Performance and Features
forwarding capability. Each S12704 switch
supported about 3,120Mpps forwarding
capability.
Fabric Connection per Slot
Tolly engineers verified that the S12708 could
pass 100% line-rate cross-board traffic
(480Gbps bidirectional, 960Gbps aggregated)
between two 48x10GbE port interface
modules with zero-loss using 64-, 128-, 256-,
512-, 1024-, 1280- and 1518-byte frame sizes.
See Table 3. As a result, 480Gbps fabric
connection per slot was verified in the test.
As the S12708 and S12712 switch could
support 480Gbps fabric connection per slot
for all slots with 3 switch fabric modules, the
S12708 and S12712 switch should support
640Gbps fabric connection per slot with 4
switch fabric modules. As S12704 supports
half number of slots and half number of
switch fabric modules as the S12708 switch.
The S12704 switch should also support
640Gbps fabric connection per slot.
Capacity
Tolly engineers evaluated the capacity of
S12700 series’ MAC table, ARP table, FIB
table, MPLS labels, port buffer, NetStream
and ACL rules. See Table 1.
MAC Table Capacity
The S12700 supported 1M (1,048,576)
addresses in its MAC table. Traffic matching
all MAC addresses in the MAC table passed
through without loss.
MAC Address Learning Rate
The S12700 switch supported learning more
than 8,000 MAC addresses per second.
ARP Table Capacity
The S12700 supported 256K (262,144)
entries in its ARP table. Traffic matching all
entires in the ARP table passed through
without loss.
© 2015 Tolly Enterprises, LLC
#215150
ARP Learning Rate
LACP Group
The S12700 supported learning 1,000 ARP
entries per second.
64 LACP groups were supported on one
S12700 switch. Tolly engineers picked one
group to verify that the LACP group
supported 32 physical links.
FIB Table Capacity
The S12700 supported 3M (3,000,000) IPv4
routes in its FIBv4 table. Traffic matching all
routes in the FIBv4 table passed through
without loss.
The S12700 supported 1M (1,000,000) IPv6
routes in its FIBv6 table. Traffic matching all
routes in the FIBv6 table passed through
without loss.
BGP Route Convergence Rate
The S12700 switch’s BGP route convergence
rate from the higher priority route to the
lower priority route was more than 20,000
routes per second.
Multicast Routing Table Capacity
The S12700 switch’s multicast routing table
capacity is 128k (128,000). Tolly engineers
verified that it supports 128,000 (S, G) multicast
entries and forwarded multicast traffic
matching all (S, G) entries without loss.
MPLS Label Capacity
The S12700 switch supported 32k (32,000)
MPLS labels/LSPs.
NetStream Capacity
1,048,576 bursts, each with a unique source
IP address, were sent through an S12700
switch. Tolly engineers verified that S12700’s
NetStream function could analyze all 1M
(1,048,576) entires and forward the
information to a specified port.
ACL Capacity
256,000 ACL rules were applied to one
S12700 switch. Each rule pointed to one
exclusive MAC address. Tolly engineers
verified that the 256k (256,000) ACL rules
could all work to block traffic.
Tolly.com
QinQ
Tolly engineers verified that the S12700
switch supported encapsulating 64K
(65,536 QinQ combinations and
decapsulating 64K (65,536) QinQ
combinations.
Line Card Performance
Throughput and Latency
Throughput and latency were evaluated for
several line cards which are compatible with
the S12700 switch.
The ET1D2X16SSC2 16*10GbE ports line
card, the ET1D2X32SSC0 32*10GbE ports
line card, the ET1D2X48SEC0 48*10GbE
ports line card, the ET1D2L02QFC0 2*40GbE
ports line card, and the ET1D2C02FEE0
2*100GbE ports line card all supported
100% line-rate forwarding with all ports in
full-mesh topology. See Table 4 for Layer 3
throughput results.
The store-and-forward LIFO latency for the
32*10GbE ports line card, the 48*10GbE
ports line card, and the 2*40GbE ports line
card was less than 1.2μs. The store-andforward LIFO latency for the 8*40GbE ports
line card was less than 1μs. See Table 5 for all
latency results.
Port Buffer
Tolly engineers verified that one 10GbE port
and one GbE port on the ET1D2S08SX1E
line card supported more than 200ms
buffer with line-rate traffic.
NGFW Module
The firewall module on the Huawei S series
chassis switches is a high performance
Page 7 of 12
Huawei S12700 Series Agile Switches Performance and Features
#215150
Huawei S12700 Switch Line Cards Layer 3 Throughput
(as reported by Spirent TestCenter 4.50)
Throughput (peercentage of line-rate) with zero frame loss
Frame Sizes
64-Byte
128-Byte
256-Byte
512-Byte
1024-Byte 1280-Byte 1518-Byte
9216-Byte
ET1D2X16SSC2 16*10GbE Ports Line Card
(Aggregated 160Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
ET1D2X32SSC0 32*10GbE Ports Line Card
(Aggregated 320Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
ET1D2X48SEC0 48*10GbE Ports Line Card
(Aggregated 480Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
ET1D2L02QFC0 2*40GbE Ports Line Card
(Aggregated 80Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
ET1D2C02FEE0 2*100GbE Ports Line Card
(Aggregated 200Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
Source: Tolly, August 2015
Table 4
Huawei S12700 Switch Line Cards Layer 2 Latency
(as reported by Spirent TestCenter 4.50)
Average Lateency (μs) - LIFO
Frame Sizes
64-Byte
128-Byte
256-Byte
512-Byte
1024-Byte 1280-Byte 1518-Byte
9216-Byte
ET1D2X16SSC2 16*10GbE Ports Line Card
1.277
1.277
1.281
1.28
1.276
1.278
1.281
1.273
ET1D2X32SSC0 32*10GbE Ports Line Card
1.191
1.192
1.188
1.192
1.185
1.187
1.186
1.185
ET1D2X48SEC0 48*10GbE Ports Line Card
1.077
1.079
1.142
1.14
1.164
1.139
1.138
1.135
ET1D2L02QFC0 2*40GbE Ports Line Card
1.141
1.132
1.139
1.134
1.137
1.136
1.137
1.136
ET1D2L08QSC0 8*40GbE Ports Line Card
0.944
0.944
0.946
0.945
0.947
0.947
0.941
0.941
ET1D2C02FEE0 2*100GbE Ports Line Card
8.029
8.090
8.241
8.473
8.933
9.142
9.329
15.805
Note: Bidirectional 100% line-rate traffic between port 1 and port 2 of each line card was used. Store-and-forward latency measured LIFO latency. Thus,
store-and-forward results reported here do not include the time required to store the frame.
Source: Tolly, August 2015
© 2015 Tolly Enterprises, LLC
Table 5
Tolly.com
Page 8 of 12
Huawei S12700 Series Agile Switches Performance and Features
Next-generation Firewall (NGFW) board. It
can be fully integrated with Huawei chassis
switches for easy deployment and flexible
scalability. In addition to the basic firewall
features, according to Huawei, the NGFW
board supports application layer based IPS,
AV, anti-spam, and Web security features.
Load Balancing with the NGFW
Module
Tolly engineers verified that the NGFW
module supported load balancing with
Round Robin, Weighted Round Robing, and
Source Address Hash modes.
DSVPN with the NGFW Module
Huawei’s Dynamic Smart VPN (DSVPN)
allows branches (spokes) to dynamically
establish direct data forwarding tunnels in
the hub and spoke model. DSVPN can
provide IPsec encryption for security and is
suitable for large enterprise VPN networks.
Tolly engineers verified that a GRE tunnel
was established automatically between two
spoke switches with the NGFW module with
the help of the hub switch with the NGFW
module. Traffic passed through the tunnel
without loss.
NGFW NetStream Capacity
The NGFW module supported monitoring
the traffic statistics of 2,000,000 streams with
the NetStream feature. It can then cache and
upload all the statistics information to the
network management platform.
NGFW Performance
Tolly engineers verified that the NGFW
module on the S12700 switch supported
40Gbps throughput.
Tolly engineers also verified that the NGFW
module on the S12700 switch supported
12,000,000 maximum concurrent TCP
sessions. The maximum new session
connection rate was 400,000 connections
© 2015 Tolly Enterprises, LLC
per second. There was no connection failure
during the test.
High Availability
Huawei SEP Ring
Smart Ethernet Protection (SEP) is Huawei’s
technology for ring topology high
availability. Tolly engineers verified that with
10,000 source and 10,000 destination MAC
addresses, the average Layer 2 failover time
was 5.5 ms for the link failure.
Tolly engineers also verified that with 1,000
source and 1,000 destination IP addresses,
the average Layer 3 failover time was 13.8ms.
#215150
Hardware Architecture
Tolly engineers verified that, because of its
cutting-edge architecture, the S12700
switch was equipped with modular fan
frames and left-to-back air flow.
Additionally, the monitoring module, main
processing unit, switch fabric unit, and
service line card are all independent
hardware components on the S12700
switch chassis to achieve high availability
and scalability.
Hardware Fault Monitoring
IP FRR
Fans and power supplies’ status are
monitored by the switch. There were
warnings when engineers plugged in or
pulled out a fan or power supply.
Tolly engineers verified that the Fast Re-route
time for the S12700 switch was 7 ms.
ICMP Hardware Fast Reply
Features
N:64 Port Mirroring
The S12700 supports N:64 port mirroring.
Tolly engineers tested mirroring 3 ports to 64
ports. All 64 ports received all traffic mirrored
from the 3 ports.
CFM OAM
Connectivity Fault Management (CFM) is a
protocol for Operation, Administration and
Maintenance. Tolly engineers verified that
Huawei S12700 sent out and received a CFM
monitoring packet every 3.3ms.
Multicast ARP
When Microsoft Network Load Balancing
(NLB) works in multicast mode, the virtual
MAC address starts with 03bf. Traditionally, a
layer 3 switch cannot learn or be configured
with a multicast MAC address for a unicast IP
in its ARP table. Tolly engineers verified that
the multicast MAC address could be
configured into the S12700‘s static ARP
multicast table. As a result, traffic to the NLB
cluster could be multicasted out.
Tolly.com
Cisco switches send out ICMP ping packets
with very short intervals. If the receiver side
cannot handle the ICMP request properly,
administrators may see packet loss for the
network ping test. Tolly engineers verified
that when the hardware fast reply for ICMP
packets is enabled, the Huawei S12700
could reply all ICMP ping packets to the
Cisco switch. At the mean time, the CPU
usage of the S12700 was only 8%.
Free Mobility
The free mobility solution allows a user to
obtain the same network access policy
regardless of the user's location (within one
VPN instance) and IP address changes in an
agile network.
With the Huawei Agile Controller,
administrators can specify users into
different UCL groups and assign network
access policies based on destination, VPN
instance, and applicable devices.
100GbE Port
One 100GbE port could be split into two
40GbE ports or ten 10GbE ports on the
S12700 switch.
Page 9 of 12
Huawei S12700 Series Agile Switches Performance and Features
Test Setup &
Methodology
#215150
SVF
Layer 2 Throughput
Full-mesh: traffic from each port to all other
ports.
Test Environment
The SVF feature was evaluated with physical
S12700 and S5720EI access switches as well
as a wireless AP. The capacity of managed
APs were evaluated with simulated Huawei
APs.
Huawei S12704, S12708 and S12712
switches were used in the test. See Table 6.
CSS2 Stacking Bandwidth
Test Methodology
Native T-bit Wireless Access
Controller (AC)
One S12712 switch with 12 ET1D2S08SX1E
line cards, 4 ET1D2SFUD000 fabric modules
and one ET1D2MPUA000 Main Processing
Unit (MPU) was tested. Each ET1D2S08SX1E
line card has 8*10GbE ports connected to the
Spirent TestCenter. So 96*10GbE ports on the
switch were used. The Spirent TestCenter sent
960Gbps traffic to the CAPWAP tunnel with
the CAPWAP header. The receiving side of
TestCenter received 94.6% of the 960Gbps
data without any frame loss. The receiving
side was not 100% because the S12712
switch decapsulated the CAPWAP header of
each frame. The test simulated that the
wireless network sent 960Gbps traffic to the
wired network. So the S12712 switch under
test processed 960Gbps wireless traffic.
Each ET1D2S08SX1E line card with the
Huawei Ethernet Network Processor (ENP)
supports forwarding 80Gbps wireless data.
Backbone: traffic from each port to all ports
on the other interface module.
Forwarding Capability
Two S12708/S12712 switches were
virtualized as one logical switch with 32
10GbE ports on each switch using Huawei’s
CSS2 technology. Each switch used four
8*10GbE ports cluster service subcards. Tolly
engineers verified that the throughput across
the switch using the stacking cables could
reach 100% of the line-rate (line-rate as
320Gbps bidirectional, 640Gbps aggregated)
using 64-byte frames without frame loss. The
throughput result reported by the Ixia traffic
generator is 99.5% because the stacking
header and management traffic overhead.
Tolly engineers verified that one S12712
supported 100% line-rate forwarding with
576 10GbE ports in full-mesh using 64-byte
frames. Tolly engineers also verified that one
S12712 supported forwarding 99.5% linerate service traffic in 64-byte frames using
the four cluster service subcards.
Considering the cluster header and
management overhead, one S12712 switch
supported about 6.08 Tbps throughput.
In the networking industry, some vendors’
data sheets use 1.4881 as the ratio to convert
Gbps throughput to Mpps packet
forwarding rate while some vendors round
the ratio to 1.5. When using 1.5 as the ratio,
Device Under Test
Product
Software
Version
Huawei S12704, S12708, S12712 Switch Chassis
ET1D2MPUA000 Main Processing Unit (MPU)
ET1D2SFUD000 Switch Fabric Unit
ET1D2C02FEE0 2-Port 100GBASE-X Interface Card
Switch Redundancy for Wireless
Access
To evaluate the traffic failover, engineers used
one wired client and one wireless client to
ping each other. There was only 1 Ping packet
loss from the wireless client to the wired client
and 0 Ping packet loss from the wired client
to the wireless client when one S12700
switch failed.
ET1D2L08QSC0 8-Port 40GBASE-X Interface Card
ET1D2L02QFC0 2-Port 40GBASE-X Interface Card
S12700
ET1D2X48SEC0 48-Port 10GBASE-X Interface Card
V200R008
ET1D2X32SSC0 32-Port 10GBASE-X Interface Card
ET1D2X16SSC2 16-Port 10GBASE-X Interface Card
ET1D2S08SX1E 8-Port 10GBASE-X + 8-Port 100/1000BASE-X Interface Card
ET1D2G48SX1E 48-Port 100/1000BASE-X Interface Card
EH1D2VS08000 8-port 10G cluster switching system service unit (SFP+)
ET1D2FW00S02 Next-generation Firewall (NGFW) Module
Source: Tolly, August 2015
© 2015 Tolly Enterprises, LLC
Tolly.com
V100R001
Table 6
Page 10 of 12
Huawei S12700 Series Agile Switches Performance and Features
#215150
the forwarding capability of one S12712
switch is 6,080 * 1.5 = 9,120 Mpps.
of any specific configurations, please consult
Huawei representatives.
Capacity
Port Buffer
The capacity tests are for the maximum
capacity the S12700 switch could support.
For a chassis switch like the Huawei S12700,
the whole switch’s capacity is dependent on
the line cards the switch equipped. Tolly
engineers used the ET1D2G48TX1E line
cards for most capacity tests. For the capacity
One ET1D2S08SX1E line card has eight GbE
ports and eight 10GbE ports. With the
default configuration, one GbE port provides
more than 240ms buffer. To support more
than 200ms buffer on one 10GbE port,
engineers changed the buffer distribution of
the line card.
NGFW Performance
The throughput test of the NGFW module
used 1518-byte frames.
Huawei SEP Ring
L aye r 2 f a i l ove r te s t u s e d t h e
ET1D2X48SEC0 line card to test. Layer 3
failover test used the ET1D2G48TX1E line
card to test.
Performance Test Bed
Huawei S12704 Agile Switch
192 10GbE links
Huawei S12708 Agile Switch
384 10GbE links
Huawei S12712 Agile Switch
576 10GbE links
12 x HUTAF Tesgine 2.0 (each with six
Multiport 10G Data Generation and
Analysis Boards)
Note: Twelve ET1D2X48SEC0 48x10GbE ports interface modules were equipped on the S12712 switch to provide 576 10GbE ports.
Eight ET1D2X48SEC0 48x10GbE ports interface modules were equipped on the S12708 switch to provide 384 10GbE ports.
Four ET1D2X48SEC0 48x10GbE ports interface modules were equipped on the S12704 switch to provide 192 10GbE ports.
Source: Tolly, August 2015
© 2015 Tolly Enterprises, LLC
Figure 2
Tolly.com
Page 11 of 12
Huawei S12700 Series Agile Switches Performance and Features
Test Equipment Summary
About Tolly
The Tolly Group companies have been
delivering world-class IT services for
more than 25 years. Tolly is a leading
global provider of third-party
validation services for vendors of IT
products, components and services.
Vendor
Product
Huawei
HUTAF Tesgine 2.0 Traffic Generator/Analyzer
Version: xStream V100R003C00B050
You can reach the company by E-mail
at [email protected], or by telephone at
+1 561.391.5610.
Spirent
TestCenter 4.50, OpenFlow 1.3 Conformance
Test Suite, iTest 4.3
Ixia
XM12 Chassis, IxNetwork, BreakingPoint
Visit Tolly on the Internet at:
http://www.tolly.com
#215150
Logo
Terms of Usage
This document is provided, free-of-charge, to help you understand whether a given product, technology or service merits additional
investigation for your particular needs. Any decision to purchase a product must be based on your own assessment of suitability
based on your needs. The document should never be used as a substitute for advice from a qualified IT or business professional. This
evaluation was focused on illustrating specific features and/or performance of the product(s) and was conducted under controlled,
laboratory conditions. Certain tests may have been tailored to reflect performance under ideal conditions; performance may vary
under real-world conditions. Users should run tests based on their own real-world scenarios to validate performance for their own
networks.
Reasonable efforts were made to ensure the accuracy of the data contained herein but errors and/or oversights can occur. The test/
audit documented herein may also rely on various test tools the accuracy of which is beyond our control. Furthermore, the
document relies on certain representations by the sponsor that are beyond our control to verify. Among these is that the software/
hardware tested is production or production track and is, or will be, available in equivalent or better form to commercial customers.
Accordingly, this document is provided "as is", and Tolly Enterprises, LLC (Tolly) gives no warranty, representation or undertaking,
whether express or implied, and accepts no legal responsibility, whether direct or indirect, for the accuracy, completeness, usefulness
or suitability of any information contained herein. By reviewing this document, you agree that your use of any information
contained herein is at your own risk, and you accept all risks and responsibility for losses, damages, costs and other consequences
resulting directly or indirectly from any information or material available on it. Tolly is not responsible for, and you agree to hold Tolly
and its related affiliates harmless from any loss, harm, injury or damage resulting from or arising out of your use of or reliance on any
of the information provided herein.
Tolly makes no claim as to whether any product or company described herein is suitable for investment. You should obtain your
own independent professional advice, whether legal, accounting or otherwise, before proceeding with any investment or project
related to any information, products or companies described herein. When foreign translations exist, the English document is
considered authoritative. To assure accuracy, only use documents downloaded directly from Tolly.com. No part of any document
may be reproduced, in whole or in part, without the specific written permission of Tolly. All trademarks used in the document are
owned by their respective owners. You agree not to use any trademark in or as the whole or part of your own trademarks in
connection with any activities, products or services which are not ours, or in a manner which may be confusing, misleading or
deceptive or in a manner that disparages us or our information, projects or developments.
215150-iv-11--yx-2015-09-11-VerD
© 2015 Tolly Enterprises, LLC
Tolly.com
Page 12 of 12
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement