#217147
December 2017
Commissioned by
Huawei Technologies Co., Ltd
Huawei S12700 Series Agile Switches
Programmable Capability, Performance and Feature Validation
Executive Summary
The Huawei S12700 series Agile Switch is a fully programmable
core switch based on Huawei’s high-end core router platform
technology. The Main Processing Units (MPUs), in a back-to-back
hardware-based cluster, support 1+N redundancy. With the
Ethernet Network Processor (ENP), the S12700 provides high
capacity, large buffer, programmability at the forwarding layer,
integrated T-bit Access Controller (AC) capability, unified user
management, and multiple user-defined functions. The S12700
can also implement wired and wireless convergence and vertical
virtualization.
Tolly engineers verified Huawei’s S12700 series Agile Switches in
multiple areas including the native wireless AC capability, Super
Virtual Fabric (SVF), iPCA real-time network quality monitoring,
unified user management, QoS, high availability, easy-operation,
Zero Touch Deployment, programmable capability, SDN with full
OpenFlow 1.3 compliance, switch fabric module N+1
redundancy, performance, capacity, data center features
including FCoE, Virtual System (VS), TRILL and VXLAN, as well as
the High-speed Self Recovery (HSR) solution.
The Bottom Line
Huawei S12700 Series Agile Switches:
1
2
Support wireless Access Controller functions natively with Tbit wireless forwarding capability, up to 6K wireless Access
Points and up to 64K wireless users management capacity,
as well as real-time AC backup for high availability
Support Huawei’s proprietary Super Virtual Fabric (SVF) to
virtualize devices on different layers, including wireless APs,
into 1 network element for management. SVF supports two
layers of clients with up to 4K wireless access points and
1,280 physical access switches. One SVF instance can cross
third-party vendors’ Layer 2 network
3
Support the Packet Conservation Algorithm for Internet
(iPCA) technology. iPCA uses actual service flows to detect
the network quality at any node, any time, without
additional cost
4
Support unified user management with MAC, 802.1x, and
Portal authentication modes
5
Support numerous data center features including FCoE,
TRILL, VXLAN and VS
Huawei Super Virtual Fabric (SVF) Architecture
Figure 1
Source: Tolly, November 2017
This document #217147 is an updated version of #216168 with several additional tests run in November 2017.
© 2017 Tolly Enterprises, LLC
Tolly.com
Page 1 of 14
Huawei S12700 Series Agile Switches Performance and Features
Test Results
Native T-bit Wireless Access
Controller (AC)
T-bit Capability
Traditionally, wireless Access Controller (AC)
functions are implemented by independent
physical devices or cards. Huawei native T-bit
ACs, which are based on Ethernet Network
Processor (ENP) technology, integrate AC
processing and Ethernet switching on the
ENP line card (X1E series line card) of the
S12700 switch. Tolly engineers verified that
the entire system on one S12712 switch
could provide 960Gbps CAPWAP tunnel
encapsulation/decapsulation and data
forwarding capability. Compared with
traditional independent ACs, the native T-bit
AC can support more wireless Access Points
(APs) and users.
Wired and Wireless Convergence
Tolly engineers verified that one S12700
switch could manage 6K (6,144) APs and 64K
(65,535) concurrent online wireless users and
provide connectivity between the wired and
wireless networks to achieve wired and
wireless network convergence.
Switch Redundancy for Wireless
Access
When two S12700 switches were virtualized
into one virtual device using the Huawei
Cluster Switch System 2 (CSS2) technology,
the two switches supported real-time AC
backup. When one switch failed, the wired
and wireless users were still online. Traffic of
the wired and wireless network was properly
forwarded.
ENP Line Card Redundancy for
Wireless Access
The native AC functions are supported with
the Huawei Ethernet Network Processor
© 2017 Tolly Enterprises, LLC
(ENP) line cards which also support Ethernet
switching. Whenever one device (a physical
S12700 switch or a virtual device with two
S12700 switches using the CSS2 technology)
has one ENP line card, the device supports
wireless Access Controller (AC) functions
natively.
Tolly engineer verified that when the S12700
device (physical or virtual) has two ENP line
cards, the failure of one ENP line card did not
cause Ping packet loss between the wired
client and wireless client. Also, the wireless
users were still online after failure.
Super Virtual Fabric
Enterprise campus networks are built stepby-step and have numerous access nodes,
multiple layers, and complex topologies. The
wide deployment of wireless networks
makes enterprise campus networks more
difficult to manage.
To address these problems, Huawei
developed the Super Virtual Fabric (SVF)
technology based on the S12700 Agile
Switch. SVF virtualizes different network
layers’ devices including wired and wireless
ones into a single network element. The
entire network is a large virtual switch to
simplify network deployment and
management. Administrators can configure
or upgrade the member switches from the
parent switch.
A chassis switch contains the Main Processing
Units (MPUs) and line cards, providing a
visualized management view for
administrators. Huawei SVF virtualizes core/
aggregation layer devices into the virtual
switch’s MPU, access switches into the line
cards, and wireless APs into the ports.
Tolly engineers verified that when one
S12700 switch worked as the SVF parent
switch, the SVF supported 4,096 wireless APs
and 256 Access Switch clients while each
Access Switch (AS) client supports a stack of
Tolly.com
#217147
Huawei
Technologies, Co.,
Ltd
S12700 Series
Agile Switches
Performance
Evaluation and
Feature
Validation
Tested
November
2017
up to 5 physical access switches using the
iStack technology. So 1,280 physical access
switches were supported in one SVF
instance.
Tolly engineers also verified that the SVF
instance can cross third-party vendor
devices with Layer 2 connectivity. One Cisco
Catalyst 3750 switch was used between the
parent Huawei device and the client Huawei
device in the SVF test.
SVF could be managed by the Huawei
eSight Unified Management Platform.
iPCA
The S12700 adopts Huawei’s proprietary
Packet Conservation Algorithm for Internet
(iPCA). Unlike traditional detection
technologies, such as Network Quality
Analyzer (NQA) and Y.1731 that use
simulated or inserted streams, iPCA
implements the evolution from estimated to
accurate Operations and Maintenance
(O&M). NQA technology uses simulated streams
to detect network quality, and the Y.1731
technology uses inserted streams. Both
methods actually detect link quality by
simulating service flows. Therefore, these
detection methods cannot reflect the actual
link quality or accurately locate fault sources.
From Huawei’s field experience, latency,
jitter, and packet loss accuracy of traditional
Page 2 of 14
Huawei S12700 Series Agile Switches Performance and Features
methods is only about 30 percent. Since
traditional methods locate faults by reducing
fault impact ranges, the fault location is less
precise and the fault isolation process can
take weeks or longer.
iPCA is an in-line detection technology that
uses programmable service flows to detect
network quality, dye the packets with no
overhead, count real service flows, and detect
service flow link quality anytime and
anywhere. According to Huawei, the latency,
jitter, and packet loss detection accuracy of
iPCA can reach 99 percent. Each Ethernet
Network Processor (ENP) has two built-in
detection points that cover all forwarding
paths on links, cards, and processors. Faults
are reported based on fine granularity. If a
network problem that affects user experience
occurs, iPCA can locate the link, card, or
processor where the problem occurs within
seconds.
Tolly engineers verified that the S12700
switch supported iPCA to detect the device
level, link level and network level packet loss
accurately.
Unified User Management
Due to high user management capabilities,
Broadband Remote Access Server (BRAS)
devices are widely used in carrier networks.
But high prices have hindered BRAS’
deployment in campus networks. The
S12700 switch with the ENP line cards
features powerful programming capabilities
and provides Unified User Management,
which authenticates both wired and wireless
users.
Tolly engineers verified that the S12700
shielded capability and access differences
between devices and supported multiple
authentication modes, including 802.1X,
MAC address and Portal for both wired and
wireless clients.
© 2017 Tolly Enterprises, LLC
Traditional operation and maintenance
methods focus on device management;
therefore, only limited Access Control Lists
(ACLs) can be used to manage user
bandwidth and control user rights. The
S12700 adopts a user-oriented management
design, assigning each user an individual
table to control rights, bandwidth, and
Quality of Service (QoS), allowing
authorization based on groups, domains, or
time.
Tolly engineers verified that the S12700 could
dynamically assign the new VLAN and ACL to
a user when the user got authenticated.
Also, with the help of the Huawei UCL user
group, administrators could create an ACL
rule “rule 1 deny IP source UCL-group name
Test destination [File Server’s IP address]” to
dynamically block all users in the “Test”
group to access the file server. UCL Group
information is deployed to the switches as
the HW_UCL_Group attribute from the
RADIUS server when a user gets
authenticated.
The S12700 also supported Destination
Address Accounting (DAA) to dynamically
adjust the bandwidth and accounting
according to the destination address
(different services) of different users.
QoS
Tolly engineers verified that the S12700
switch supported granularity as low as 1 Kbps
for traffic policing with the ENP line cards. The
ENP line cards on the S12700 also supported
up to 5 levels Hierarchical QoS (HQoS) to
provide differentiated services.
#217147
engineers verified that the throughput
across the switch using the stacking cables
could reach 100% of the line-rate (line-rate
as 320Gbps bidirectional, 640Gbps
aggregated) for all frame sizes without
frame loss.
The S12704 switch supported two 8*10GbE
ports cluster service subcards. Thus the 16
10GbE links between two S12704 switch
supported 160Gbps bidirectional (320Gbps
aggregated) throughput for all frame sizes
without frame loss.
The S12710 model supports CSS2. It
supports two MPUs (Master Processing Unit)
which integrate switch fabric functionality
and two SFUs (Switch Fabric Unit). Each
MPU or SFU has a slot for one 4*10G/1*40G
combo stacking module. With total four
4*10G/1*40G combo stacking modules, the
stacking links between two S7710 switches
provided 160Gbps bidirectional (320Gbps
aggregated) stacking throughput (include
stacking overhead) for all frame sizes
without frame loss.
Tolly engineers also verified that the average
latency across the switches over the stacking
cables was 3.28 μs.
The CSS2 technology also supported 1+N
Main Processing Unit (MPU) redundancy.
Tolly engineers verified that when 3 out of 4
MPUs on two S12700 switches were pulled
out, there was no frame loss for existing
traffic.
The 6*40G ports stacking module is
hardware ready and with the software
support upcoming.
CSS2
Two S12708/S12712 switches were
virtualized as one logical switch with 32
10GbE ports on each switch using Huawei’s
CSS2 technology. Each switch used four
8*10GbE ports cluster service subcards. Tolly
Tolly.com
Page 3 of 14
Huawei S12700 Series Agile Switches Performance and Features
#217147
Huawei S12700 Series Agile Switch
Tolly Certified Features and Capacity - Part 1 of 2
Nativve T-bit Wireless Access Controller (AC)
Data Center Features
T-bit Capability
960Gbps CAPWAP tunnel encapsulation and decapsulation capability
Virtual System - one physical S12700 switch can be virtualized into 16 virtual systems
Wired and Wireless Convergence
Manage 6,144 wireless access points (APs), 65,535 concurrent online wireless users and provide
connectivity between wired and wireless networks
Transparent Interconnection of Lots of Links (TRILL)
Switch Chassis Redundancy for Wireless Access
with two S12700 switches stacked using the Huawei CSS2 technology,
Real-time wireless Access Controller (AC) backup
Hardware gateway for overlay networks - VXLAN
ENP Line Card Redundancy for Wireless Access
Fibre Channel over Ethernet (FCoE)
Supeer Virtual Fabric
Programmable Capability
SVF Parent Switch
with 4,096 wireless APs and 256 Access Switch (AS) clients (each AS client supports a stack of 5
physical access switches using the Huawei iStack technology). So 1,280 physical access switches
were supported in one SVF instance
SVF across third-party vendors’ devices
(Layer 2 connectivity)
Softw
ware Defined Network (SDN) - OpenFlow 1.3
A
iPCA
Protocol Oblivious Forwarding (POF) and Programmable Capability
Full OpenFlow 1.3 Compliance 100% passing 562 Spirent OpenFlow 1.3 Compliance Test Cases
Perfoormance and Capacity
Device Level, Link Level and Network Level Packet Loss Monitoring with actual service packets
Fabric Connection: 1.6Tbps per slot (S12704/S12708/S12712)
480Gbps per slot (S12710)
MAC Address Learning Rate: > 8,000 MAC addresses per second
Dynamic User Access Control with the UCL Group
e.g. an ACL rule “rule 1 deny IP source UCL-group name Test destination [File Server’s IP address]”
can dynamically block all users in the “Test” group to access the file server. UCL Group information is
deployed to the switches as the HW_UCL_Group attribute from the RADIUS server when a user gets
authenticated
ARP table capacity: 262,144
Destination Address Accounting (DAA)
ARP Learning Rate: 1,000 ARP entries per second
FIBv4 table capacity: 3,000,000
Unified User Management
802.1X, MAC Address, Portal, and IPoE Authentication for both wired and wireless clients
Dynamic VLAN and ACL for each user when the user gets authenticated
QoS
1 kbps granularity for traffic policing with the Ethernet Network Processor (ENP) line cards
5 levels Hierarchical QoS (HQoS) with the ENP line cards
Huaw
wei Cluster Switch System (CSS2)
320Gbps bidirectional (640Gbps aggregated) stacking throughput using 32*10Gbps stacking links
(S12708, S12712)
160Gbps (320Gbps aggregated) stacking throughput using 16*10Gbps stacking links (S12704)
160Gbps (320Gbps aggregated) stacking throughput using 16*10Gbps or 4*40Gbps stacking links
(S12710)
3.28 μs cross switch latency for a CSS2 virtual system with two S12700 switches
1+N Main Processing Unit (MPU) redundancy
6*40G ports stacking module (hardware ready, software upcoming)
Easy--operation (as the commander)
MAC table capacity: 1,048,576
FIBv6 table capacity: 1,000,000
BGP Route Convergence Rate: > 20,000 routes per second
Multicast Routing Table Capacity: 128,000 (S,G) entries
MPLS Label Capacity: 32,000 MPLS labels/LSPs
NetStream Capacity: 1,048,576 entries
ACL Capacity: 256,000 rules
64 LACP group, one Link Aggregation Group supports 32 links
Encapsulate 64K (65,536) QinQ combinations
Decapsulate 64K (65,536) QinQ combinations
Zero-touch deployment of new switches
Commander switch automatically loads the specified configuration to out of box member
switches
IPv6 Neighbor Discovery (ND) capacity: 256,000 IPv6 neighbors
Centralized software upgrading and patch deployment
Update the software or load a patch to a member switch from the commander switch (S12700 could
work as the member service as well)
Concurrent authenticated users: 150,000 users
Faulty device replacement without configuration
Commander switch automatically load the backed up configuration of the faulty member device to
the replacement switch
New 802.1x authenticated users per second: 1,500 users per second
Zero Touch Deployment using the eSight Unified Management Platform
New IP addresses distributed per second as the DHCP server: 4,000 IP addresses per second
Table 1
Source: Tolly, November 2017
© 2017 Tolly Enterprises, LLC
Tolly.com
Page 4 of 14
Huawei S12700 Series Agile Switches Performance and Features
#217147
Huawei S12700 Series Agile Switch
Tolly Certified Features and Capacity - Part 2 of 2
Line Card Performance
Nonstop Forwarding (NSF) and Nonstop Routing (NSR) with two MPUs
No frame loss for existing L2/L3 traffic when the master MPU fails
which also means the S12700 complies with the <50ms MPU failover time standard
Switch Fabric Module (SFU) Failover :
0.32ms when the SFU was unplugged accidentally
0 frame loss when the SFU was unplugged after the OFL button was pressed on the SFU
ET1D2X16SSC2 16*10GbE Ports Line Card: 100% line-rate forwarding
ET1D2X32SSC0 32*10GbE Ports Line Card: 100% line-rate forwarding, <1.2μs latency
ET1D2L02QFC0 2*40GbE Ports Line Card: 100% line-rate forwarding, <1.2μs latency
ET1D2L08QSC0 8*40GbE Ports Line Card: <1μs latency
ET1D2C02FEE0 2*100GbE Ports Line Card: 100% line-rate forwarding
N:64 Port Mirroring
ET1D2X48SEC0 48*10GbE Ports Line Card: 100% line-rate forwarding, <1μs latency
3.3ms CFM OAM
more than 200ms buffer on one GbE port of the ET1D2S08SX1E line card
more than 200ms buffer on one 10GbE port of the ET1D2S08SX1E line card
Multicast ARP for Microsoft Network Load-Balance (NLB)
Hardware Architecture: Modular Fan Frame and Left-to-back Airflow
Security - Next Generation Firewall (NGFW) Module
High
h-speed Self Recovery (HSR) Solution
Less than 50ms failover time for any failures
Featu
ures
Load Balancing
Modes: Round Robin, Weighted Round Robing, Source Address Hash, etc.
Hardware Architecture: Independent Monitoring module, Main Processing Unit, Switch Fabric Unit,
and Service Line Card
Dynamic Smart VPN (DSVPN)
Hardware Fault Monitoring
Monitoring 2,000,000 streams’ traffic statistics with the NetStream feature
ICMP Hardware Fast Reply
up to 40Gbps Aggregated Throughput
Free Mobility
Maximum concurrent sessions: 12,000,000
One 100GbE ports can be split into two 40GbE ports or ten 10GbE ports
Maximum new sessions connection rate: 400,000 connections per second
802.1AE IEEE MAC Security standard (MACsec) Interoperability with Third-party (e.g. Juniper)
Core processors are Huawei self-developed ENP processors
High Availability
Huawei Smart Ethernet Protection (SEP) ring Layer 2 failover - 5.5ms
1588v2
Huawei SEP ring Layer 3 failover - 13.8ms
Synchronous Ethernet (SyncE)
IP FRR - 7ms
ACU2 Module Support
ACU2 module can be inserted into the S12700 switch’s line-card slot to act as the Access Controller to
manage WLAN Access Points (APs)
Source: Tolly, November 2017
Easy-operation
Three features of easy-operation were
verified:
Zero-touch Deployment of New Switches Administrators can specify a configuration
file for each type of switch. When an out-ofbox switch is connected to the network, it
receives the commander switch’s IP address
using option 148 from the DHCP server.
Then it gets the easy deployment
configuration for the type of switch it
belongs to and receives the FTP server’s IP
address and credential as well as the
© 2017 Tolly Enterprises, LLC
Table 2
configuration file’s position. Lastly, it
downloads the configuration file from the
FTP server and runs it.
Centralized software upgrading and patch
deployment - Administrators can remotely
upgrade the software or deploy a patch to a
member switch from the command switch.
Faulty device replacement without
configuration - The commander switch
backs up the configuration of all member
switches periodically. When a member
switch fails, administrators can take it down
and put an out-of-box switch of the same
Tolly.com
model to the network. The commander
switch automatically loads the latest
backup configuration file of the faulty switch
to the new switch so no configuration is
needed on the replacement switch.
Tolly engineers verified the three features
when the S12700 switch was a
commander switch. The centralized
software upgrading and patch deployment
feature was also verified when the S12700
switch was a member switch.
Tolly engineers also verified that the
Huawei eSight Unified Management
Page 5 of 14
Huawei S12700 Series Agile Switches Performance and Features
Platform supported the Zero Touch
Deployment feature. Administrators can
plan the network topology using eSight’s
graphic Web interface and specify the
configuration for each remote device. The
S12700 switch which is managed by eSight
can then work as the root device to
automatically deploy planned
configurations to the remote devices when
the out-of-box remote devices connects to
the network.
Data Center Feature
Virtual System
One S12700 switch could be virtualized into
16 virtual systems based on ports. Each virtual
system worked independently.
TRILL
Transparent Interconnection of Lots of Links
(TRILL) uses Layer 3 routing techniques to
build a large Layer 2 network. Tolly
engineers verified that the S12700 switch
supported TRILL.
VXLAN
Virtual Extensible LAN (VXLAN) is one major
data center overlay network technology.
The overlay network technologies can
provide Layer 2 connectivity for tunnel
endpoints (e.g virtual switches) over a
physical Layer 3 network. It can expand the
Layer 2 network for the virtual machines,
overcome the limitation of VLAN numbers
by adding a new Layer 2 network segment
header (VNI for VXLAN), and reduce the
demands of the MAC tables on the physical
switches.
To allow the virtual environment using
VXLAN to communicate with other nonVXLAN endpoints as well as provide Layer 3
connectivity for VMs in different network
segments of the overlay network, a gateway
is needed. Tolly engineers verified that the
© 2017 Tolly Enterprises, LLC
#217147
Huawei S12700 switch could act as the
gateway for the VXLAN overlay network.
group table, multi-table, meters, counters,
MPLS, VLAN, IPv6, etc.
FCoE
Performance
The S12700 switch supported Fibre Channel
over Ethernet (FCoE)
Fabric Connection per Slot
Programmable Capability
Tolly engineers evaluated two aspects of the
Huawei S12700 Agile Switches’ Protocol
Oblivious Forwarding (POF) support and
programmable capability.
First, Tolly engineers verified that the S12700
could encapsulate/decapsulate packets with
non-standard headers and forward packets
with user specified flows. This feature gives
users the possibility to define their own
protocols to forward packets. One typical user
case with this feature is location-based
forwarding. Packets can be forwarded
according to the Ethernet ports’ building,
room, etc.
Secondly, Tolly engineers verified that the
S12700 can match standard packets with
headers including Ethernet type, IP
destination, MAC destination, etc. and then
take actions like forwarding, dropping or
modifying according to the user-customized
flow table.
SDN - OpenFlow 1.3
Compliance
Tolly engineers verified that the S12712
could pass 100% line-rate cross-board traffic
(1.6Tbps bidirectional, 3.2Tbps aggregated)
between two 16x100GbE port interface
modules with zero-loss using 128-, 256-,
512-, 1024-, 1280- and 1518-byte frame
sizes. See Table 3. As a result, 1.6Tbps fabric
connection per slot was verified in the test.
S12708 and S12704 also support 1.6Tbps
fabric connection per slot.
S12710 supported 480Gbps fabric
connection per slot.
Switch Fabric Module N+1
Redundancy
For S12708 and S12712, each slot could
support 1.2Tbps fabric connection with
three or four Switch Fabric Units (SFUs). So
S12708 and S12712 support switch fabric
module
N+1 redundancy with 1.2Tbps
fabric connection per slot.
Capacity
Tolly engineers evaluated the capacity of
S12700 series’ MAC table, ARP table, FIB
table, MPLS labels, port buffer, NetStream
and ACL rules. See Table 1.
Tolly engineers verified that the S12700
switch passed all 562 test cases in the Spirent
OpenFlow 1.3 Conformance Test Suite as well
as all 416 test cases in Huawei’s OpenFlow 1.3
Compliance Test Suite. The Huawei S12700
switch is the first switch Tolly has verified to
fully support OpenFlow 1.3.
MAC Table Capacity
The Spirent and Huawei test cases provided
comprehensive coverage of the OpenFlow
basic protocols exercising various kinds of
OpenFlow messages, connection, flow_table,
The S12700 switch supported learning
more than 8,000 MAC addresses per
second.
Tolly.com
The S12700 supported 1M (1,048,576)
addresses in its MAC table. Traffic matching
all MAC addresses in the MAC table passed
through without loss.
MAC Address Learning Rate
Page 6 of 14
Huawei S12700 Series Agile Switches Performance and Features
#217147
ARP Table Capacity
FIB Table Capacity
BGP Route Convergence Rate
The S12700 supported 256K (262,144)
entries in its ARP table. Traffic matching all
entires in the ARP table passed through
without loss.
The S12700 supported 3M (3,000,000) IPv4
routes in its FIBv4 table. Traffic matching all
routes in the FIBv4 table passed through
without loss.
The S12700 switch’s BGP route
convergence rate from the higher priority
route to the lower priority route was more
than 20,000 routes per second.
ARP Learning Rate
The S12700 supported 1M (1,000,000) IPv6
routes in its FIBv6 table. Traffic matching all
routes in the FIBv6 table passed through
without loss.
The S12700 supported learning 1,000 ARP
entries per second.
Huawei S12700 Switch Line Cards Layer 3 Throughput
(as reported by Spirent TestCenter 4.50)
Throughput (peercentage of line-rate) with zero frame loss
128-Byte 256-Byte 512-Byte 1024-Byte 1280-Byte 1518-Byte
Frame Sizes
64-Byte
9216-Byte
ET1D2X16SSC2 16*10GbE Ports Line Card
(Aggregated 160Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
ET1D2X32SSC0 32*10GbE Ports Line Card
(Aggregated 320Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
ET1D2X48SEC0 48*10GbE Ports Line Card
(Aggregated 480Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
ET1D2L02QFC0 2*40GbE Ports Line Card
(Aggregated 80Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
ET1D2C02FEE0 2*100GbE Ports Line Card
(Aggregated 200Gbps)
100%
100%
100%
100%
100%
100%
100%
100%
Source: Tolly, November 2017
Table 3
Huawei S12700 Switch Line Cards Layer 2 Latency - Part 1 of 2
(as reported by Spirent TestCenter 4.50)
Average Lateency (μs) - LIFO
Frame Sizes
64-Byte
128-Byte
256-Byte
512-Byte
1024-Byte 1280-Byte 1518-Byte
9216-Byte
ET1D2X16SSC2 16*10GbE Ports Line Card
1.277
1.277
1.281
1.28
1.276
1.278
1.281
1.273
ET1D2X32SSC0 32*10GbE Ports Line Card
1.191
1.192
1.188
1.192
1.185
1.187
1.186
1.185
ET1D2X48SEC0 48*10GbE Ports Line Card
0.833
0.834
0.896
0.893
0.918
0.897
0.894
0.889
ET1D2L02QFC0 2*40GbE Ports Line Card
1.141
1.132
1.139
1.134
1.137
1.136
1.137
1.136
ET1D2L08QSC0 8*40GbE Ports Line Card
0.944
0.944
0.946
0.945
0.947
0.947
0.941
0.941
ET1D2C02FEE0 2*100GbE Ports Line Card
8.029
8.090
8.241
8.473
8.933
9.142
9.329
15.805
Note: Bidirectional 100% line-rate traffic between port 1 and port 2 of each line card was used. Store-and-forward latency measured LIFO latency.
Thus, store-and-forward results reported here do not include the time required to store the frame.
Source: Tolly, November 2017
© 2017 Tolly Enterprises, LLC
Table 4
Tolly.com
Page 7 of 14
Huawei S12700 Series Agile Switches Performance and Features
#217147
Multicast Routing Table Capacity
LACP Group
DHCP Server Performance
The S12700 switch’s multicast routing table
capacity is 128k (128,000). Tolly engineers
verified that it supports 128,000 (S, G) multicast
entries and forwarded multicast traffic
matching all (S, G) entries without loss.
64 LACP groups were supported on one
S12700 switch. Tolly engineers picked one
group to verify that the LACP group
supported 32 physical links.
The S12700 (working as the DHCP server)
distributed 4,000 IP addresses per second to
DHCP clients.
MPLS Label Capacity
The S12700 switch supported 32k (32,000)
MPLS labels/LSPs.
Line Card Performance
QinQ
Throughput and Latency
Tolly engineers verified that the S12700
switch supported encapsulating 64K (65,536
QinQ combinations and decapsulating 64K
(65,536) QinQ combinations.
Throughput and latency were evaluated for
several line cards which are compatible
with the S12700 switch.
NetStream Capacity
1,048,576 bursts, each with a unique source
IP address, were sent through an S12700
switch. Tolly engineers verified that S12700’s
NetStream function could analyze all 1M
(1,048,576) entires and forward the
information to a specified port.
The ET1D2X16SSC2 16*10GbE ports line
card, the ET1D2X32SSC0 32*10GbE ports
line card, the ET1D2X48SEC0 48*10GbE
ports line card, the ET1D2L02QFC0 2*40GbE
ports line card, and the ET1D2C02FEE0
2*100GbE ports line card all supported
100% line-rate forwarding with all ports in
full-mesh topology. See Table 3 for Layer 3
throughput results.
IPv6 ND
Tolly engineers verified that the S12700
switch supported IPv6 Neighbor Discovering
(ND) for 256K IPv6 devices. Traffic to all IPv6
devices was forwarded without loss.
Concurrent Authenticated Users
ACL Capacity
256,000 ACL rules were applied to one
S12700 switch. Each rule pointed to one
exclusive MAC address. Tolly engineers
verified that the 256k (256,000) ACL rules
could all work to block traffic.
The S12700 supported 150,000 concurrent
802.1x authenticated users.
The store-and-forward LIFO latency for the
32*10GbE ports line card and the 2*40GbE
ports line card was less than 1.2μs. The
store-and-forward LIFO latency for the
48*10GbE ports line card and the 8*40GbE
New Authenticated Users per
Second
The S12700 supported authenticating 1,500
new users via 802.1x.
Huawei S12700 Switch Line Cards Layer 2 Latency - Part 2 of 2
(as reported by Ixia IxNetwork)
Average Laatency (ns)
Frame Sizes
64-Byte
16*40GbE Ports
Store-and-forward (LIFO Latency)
568
567
562
518
500
497
497
498
497
496
465
477
492
498
498
498
498
498
497
496
532
531
534
520
494
479
464
532
532
532
421
425
433
439
439
439
439
439
438
437
16*40GbE Ports
Cut-through (FIFO Latency)
16*100GbE Ports
Store-and-forward (LIFO Latency)
16*100GbE Ports
Cut-through (FIFO Latency)
128-Byte 256-Byte 512-Byte 1024-Byte 1280-Byte 1518-Byte 2048-Byte 4096-Byte 9216-Byte
Note: 1. One SWC02C16QECT line card with 16*100GbE ports which can also work as 40GbE ports was used in the test.
2. Bidirectional 100% line-rate traffic between port 1 and port 2 of each line card was used. Store-and-forward latency measured LIFO (store-andforward setting in Ixia) latency. Thus, store-and-forward results reported here do not include the time required to store the frame. Cut-through
latency measured FIFO (cut-through setting in Ixia) latency.
3. The SWC02C16QECT line card could not be used on the S12710 model by June 2016. Consult Huawei representatives for the up-to-date support.
Source: Tolly, November 2017
© 2017 Tolly Enterprises, LLC
Table 5
Tolly.com
Page 8 of 14
Huawei S12700 Series Agile Switches Performance and Features
ports line card was less than 1μs. See Table 4
for details.
The SWC02C16QECT 16*100GbE ports line
card which can also work in 16*40GbE ports
mode had less than 600 nanoseconds storeand-forward latency or less than 500
nanoseconds cut-through latency. See Table
5 for details.
Port Buffer
Tolly engineers verified that one 10GbE port
and one GbE port on the ET1D2S08SX1E line
card supported more than 200ms buffer
with line-rate traffic.
NGFW Module
The firewall module on the Huawei S series
chassis switches is a high performance Nextgeneration Firewall (NGFW) board. It can be
fully integrated with Huawei chassis
switches for easy deployment and flexible
scalability. In addition to the basic firewall
features, according to Huawei, the NGFW
board supports application layer based IPS,
AV, anti-spam, and Web security features.
NGFW NetStream Capacity
Switch Fabric (SFU) Failover
The NGFW module supported monitoring
the traffic statistics of 2,000,000 streams with
the NetStream feature. It can then cache and
upload all the statistics information to the
network management platform.
The failover time for the S12700’s switch
fabric unit (SFU) was 0.32ms. Tolly
engineers verified that all test traffic went
through the SFU under test before
unplugging it. If the traffic did not go
through the SFU, there would be no impact
on the traffic when the SFU failed.
NGFW Performance
Tolly engineers verified that the NGFW
module on the S12700 switch supported
40Gbps throughput.
Tolly engineers also verified that the NGFW
module on the S12700 switch supported
12,000,000 maximum concurrent TCP
sessions. The maximum new session
connection rate was 400,000 connections
per second. There was no connection failure
during the test.
Huawei SEP Ring
Load Balancing with the NGFW
Module
Tolly engineers verified that the NGFW
module supported load balancing with
Round Robin, Weighted Round Robing, and
Source Address Hash modes.
Tolly engineers also verified that with 1,000
source and 1,000 destination IP addresses,
the average Layer 3 failover time was
13.8ms.
DSVPN with the NGFW Module
IP FRR
Huawei’s Dynamic Smart VPN (DSVPN)
allows branches (spokes) to dynamically
establish direct data forwarding tunnels in
the hub and spoke model. DSVPN can
provide IPsec encryption for security and is
suitable for large enterprise VPN networks.
Tolly engineers verified that the Fast Reroute time for the S12700 switch was 7 ms.
© 2017 Tolly Enterprises, LLC
The S12700 SFU also provides one OFL
button. If administrators push the OFL
button first, all traffic will be migrated to
other SFUs. When Tolly engineers
unplugged the SFU after pressing the OFL
button on it, there was no frame loss for the
traffic.
High Availability
Smart Ethernet Protection (SEP) is Huawei’s
technology for ring topology high
availability. Tolly engineers verified that with
10,000 source and 10,000 destination MAC
addresses, the average Layer 2 failover time
was 5.5 ms for the link failure.
Tolly engineers verified that a GRE tunnel
was established automatically between two
spoke switches with the NGFW module with
the help of the hub switch with the NGFW
module. Traffic passed through the tunnel
without loss.
#217147
Nonstop Forwarding (NSF) and
Nonstop Routing (NSR)
While the active Main Processing Unit (MPU)
of the S12700 switch was unplugged, the
backup MPU became active. The current
Layer 2 and Layer 3 had no frame loss during
the process. The S12700 switch complies
with the <50ms MPU failover time standard.
Tolly.com
Page 9 of 14
Huawei S12700 Series Agile Switches Performance and Features
#217147
Agile Switches. The solution is developed for
transportation as well as broadcasting and
television industries to provide less than
50ms failover time for any node or link
failure.
High-speed Self Recovery
(HSR) Solution
Taking advantage of the fully programmable
capability of the Ethernet Network Processor
(ENP), Huawei developed the unique Highspeed Self-Recovery (HSR) Solution using the
solution provided less than 50ms station-tostation traffic failover time for link and node
failures with IP&VPN FastReroute (FRR),
MPLS TE Hot-standby, MPLS L3VPN FRR,
Virtual Router Redundancy Protocol (VRRP),
and hardware-based fast Bidirectional
Forwarding Detection (BFD) technologies.
See Figure 2 and Table 6 for detail.
Tolly evaluated Huawei’s HSR solution in a
Metro system network and verified that the
Huawei High-speed Self Recovery (HSR) Solution with Huawei Agile Switches
IP & VPN FRR + MPLS TE Hot-standby + MPLS L3 VPN FRR + VRRP + Hardware-based BFD
7
X
X
9
S9700
5X
X3
X
2
S7700
8X
6
X
X1
S12700
X4
Spirent TestCenter
Liink Failurre
Linee-card Failure
Failure Point
Point 1 Point 2 Point 3 Point 4 Point 5 Point 6 Point 7 Point 8 Point 9 DUT1
Cross Station Traffic
12
12
10
10
4
9
10
13
12
12
Average Traffic
Failover Time (ms)
Noote Failurre
DUT2
DUT3
DUT1
DUT2
DUT3
11
11
12
12
10
Note: 1. After the failure was recovered, the convergence time of traffic was 0 in all tests.
2. The maximum failover time of all cross-station traffic was less than 50ms in all test cases.
Figure 2, Table 6
Source: Tolly, November 2017
© 2017 Tolly Enterprises, LLC
Tolly.com
Page 10 of 14
Huawei S12700 Series Agile Switches Performance and Features
Features
N:64 Port Mirroring
The S12700 supports N:64 port mirroring.
Tolly engineers tested mirroring 3 ports to 64
ports. All 64 ports received all traffic mirrored
from the 3 ports.
CFM OAM
Connectivity Fault Management (CFM) is a
protocol for Operation, Administration and
Maintenance. Tolly engineers verified that
Huawei S12700 sent out and received a CFM
monitoring packet every 3.3ms.
Multicast ARP
When Microsoft Network Load Balancing
(NLB) works in multicast mode, the virtual
MAC address starts with 03bf. Traditionally,
a layer 3 switch cannot learn or be
configured with a multicast MAC address for
a unicast IP in its ARP table. Tolly engineers
verified that the multicast MAC address
could be configured into the S12700‘s static
ARP multicast table. As a result, traffic to the
NLB cluster could be multicasted out.
ICMP Hardware Fast Reply
Cisco switches send out ICMP ping packets
with very short intervals. If the receiver side
cannot handle the ICMP request properly,
administrators may see packet loss for the
network ping test. Tolly engineers verified
that when the hardware fast reply for ICMP
packets is enabled, the Huawei S12700 could
reply all ICMP ping packets to the Cisco
switch. At the mean time, the CPU usage of
the S12700 was only 8%.
Free Mobility
The free mobility solution allows a user to
obtain the same network access policy
regardless of the user's location (within one
VPN instance) and IP address changes in an
agile network.
#217147
With the Huawei Agile Controller,
administrators can specify users into
different UCL groups and assign network
access policies based on destination, VPN
instance, and applicable devices.
100GbE Port
One 100GbE port could be split into two
40GbE ports or ten 10GbE ports on the
S12700 switch.
MACsec Interoperability
The S12700 switch supported IEEE 802.1AE
MAC Security standard (MACsec) to encrypt
and decrypt frames. Tolly engineers also
verified that the MACsec feature on the
Huawei S12700 switch interoperated with a
Juniper EX4200 switch.
Device Under Test
Product
Software
Version
Huawei S12704, S12708, S12710, S12712 Switch Chassis
ET1D2MPUA000 Main Processing Unit (MPU)
EH1D2MPUAC00 MPU
Hardware Architecture
Tolly engineers verified that, because of its
cutting-edge architecture, the S12700 switch
was equipped with modular fan frames and
left-to-back airflow. Additionally, the
monitoring module, main processing unit,
switch fabric unit, and service line card are all
independent hardware components on the
S12700 switch chassis to achieve high
availability and scalability.
Hardware Fault Monitoring
Fans and power supplies’ status are
monitored by the switch. There were
warnings when engineers plugged in or
pulled out a fan or power supply.
ET1D2MPUBC00 MPU
ET1D2SFUD000 Switch Fabric Unit (SFU)
SWC02SFUF00T SFU
ET1D2SFUB000 SFU
SWC02C16QECT 16-Port 100GBASE-X Interface Card
ET1D2C02FEE0 2-Port 100GBASE-X Interface Card
ET1D2L08QSC0 8-Port 40GBASE-X Interface Card
ET1D2L02QFC0 2-Port 40GBASE-X Interface Card
ET1D2X48SEC0 48-Port 10GBASE-X Interface Card
ET1D2X32SSC0 32-Port 10GBASE-X Interface Card
ET1D2X16SSC2 16-Port 10GBASE-X Interface Card
ET1D2S08SX1E 8-Port 10GBASE-X + 8-Port 100/1000BASE-X Interface Card
ET1D2G48SX1E 48-Port 100/1000BASE-X Interface Card
EH1D2VS08000 8-port 10G cluster switching system service unit (SFP+)
ET1D2FW00S02 Next-generation Firewall (NGFW) Module
ACU2 WLAN Access Controller Module
Source: Tolly, November 2017
© 2017 Tolly Enterprises, LLC
S12700
V200R008,
V200R009,
V200R010
V200R010,
V200R011
Tolly.com
V100R001
V200R007
Table 7
Page 11 of 14
Huawei S12700 Series Agile Switches Performance and Features
Huawei Self-developed Core
Processors
The core processors on the S12700 switch are
Huawei self-developed ENP processors.
#217147
1588v2 and SyncE
ACU2 Module
The S12700 switch supported 1588v2 and
Synchronous Ethernet (SyncE) for time and
frequency synchronization.
The ACU2 module is one WLAN access
controller module. Tolly engineers verified
that it could be inserted into S12700 switch’s
line-card slot and act as the access controller
to manage WLAN access points (APs).
Test Bed
Huawei S12704 Agile Switch
Huawei S12708 Agile Switch
Huawei S12710 Agile Switch
192 10GbE links
384 10GbE links
480 10GbE links
Huawei S12712 Agile Switch
576 10GbE links
HUTAF Tesgine 3.0 (each with six
Multiport 10G Data Generation and
Analysis Boards)
Note: Twelve ET1D2X48SEC0 48x10GbE ports interface modules were equipped on the S12712 switch to provide 576 10GbE ports.
Ten ET1D2X48SEC0 48x10GbE ports line cards were equipped on the S12710 switch to provide 480 10GbE ports.
Eight ET1D2X48SEC0 48x10GbE ports interface modules were equipped on the S12708 switch to provide 384 10GbE ports.
Four ET1D2X48SEC0 48x10GbE ports interface modules were equipped on the S12704 switch to provide 192 10GbE ports.
Source: Tolly, November 2017
© 2017 Tolly Enterprises, LLC
Figure 3
Tolly.com
Page 12 of 14
Huawei S12700 Series Agile Switches Performance and Features
Test Setup &
Methodology
SVF
Test Environment
The SVF feature was evaluated with physical
S12700 and S5720EI access switches as well
as a wireless AP. The capacity of managed
APs were evaluated with simulated Huawei
APs.
Huawei S12704, S12708, S12710 and S12712
switches were used in the test. See Table 6.
CSS2 Stacking Bandwidth
Test Methodology
Native T-bit Wireless Access
Controller (AC)
One S12712 switch with 12 ET1D2S08SX1E
line cards, 4 ET1D2SFUD000 fabric modules
and one ET1D2MPUA000 Main Processing
Unit (MPU) was tested. Each ET1D2S08SX1E
line card has 8*10GbE ports connected to the
Spirent TestCenter. So 96*10GbE ports on the
switch were used. The Spirent TestCenter
sent 960Gbps traffic to the CAPWAP tunnel
with the CAPWAP header. The receiving side
of TestCenter received 94.6% of the 960Gbps
data without any frame loss. The receiving
side was not 100% because the S12712
switch decapsulated the CAPWAP header of
each frame. The test simulated that the
wireless network sent 960Gbps traffic to the
wired network. So the S12712 switch under
test processed 960Gbps wireless traffic.
Each ET1D2S08SX1E line card with the
Huawei Ethernet Network Processor (ENP)
supports forwarding 80Gbps wireless data.
Switch Redundancy for Wireless
Access
To evaluate the traffic failover, engineers used
one wired client and one wireless client to
ping each other. There was only 1 Ping
packet loss from the wireless client to the
wired client and 0 Ping packet loss from the
wired client to the wireless client when one
S12700 switch failed.
© 2017 Tolly Enterprises, LLC
Two S12708/S12712 switches were
virtualized as one logical switch with 32
10GbE ports on each switch using Huawei’s
CSS2 technology. Each switch used four
8*10GbE ports cluster service subcards. Tolly
engineers verified that the throughput across
the switch using the stacking cables could
reach 100% of the line-rate (line-rate as
320Gbps bidirectional, 640Gbps aggregated)
using 64-byte frames without frame loss. The
throughput result reported by the Ixia traffic
generator is 99.5% because the stacking
header and management traffic overhead.
#217147
engineers changed the buffer distribution
of the line card.
NGFW Performance
The throughput test of the NGFW module
used 1518-byte frames.
Huawei SEP Ring
Layer 2 failover test used the
ET1D2X48SEC0 line card to test. Layer 3
failover test used the ET1D2G48TX1E line
card to test.
Layer 2 Throughput
Full-mesh: traffic from each port to all other
ports.
Backbone: traffic from each port to all ports
on the other interface module.
Capacity
The capacity tests are for the maximum
capacity the S12700 switch could support.
For a chassis switch like the Huawei S12700,
the whole switch’s capacity is dependent on
the line cards the switch equipped. Tolly
engineers used the ET1D2G48TX1E line
cards for most capacity tests. For the capacity
of any specific configurations, please consult
Huawei representatives.
Port Buffer
One ET1D2S08SX1E line card has eight GbE
ports and eight 10GbE ports. With the
default configuration, one GbE port provides
more than 240ms buffer. To support more
than 200ms buffer on one 10GbE port,
Tolly.com
Page 13 of 14
Huawei S12700 Series Agile Switches Performance and Features
Test Equipment Summary
About Tolly
The Tolly Group companies have been
delivering world-class IT services for
more than 25 years. Tolly is a leading
global provider of third-party
validation services for vendors of IT
products, components and services.
Vendor
Product
Huawei
HUTAF Tesgine 2.0 Traffic Generator/Analyzer
Version: xStream V100R003C00B050
You can reach the company by E-mail
at sales@tolly.com, or by telephone at
+1 561.391.5610.
Spirent
TestCenter 4.50, OpenFlow 1.3 Conformance
Test Suite, iTest 4.3
Ixia
XM12 Chassis, IxNetwork, BreakingPoint
Visit Tolly on the Internet at:
http://www.tolly.com
#217147
Logo
Terms of Usage
This document is provided, free-of-charge, to help you understand whether a given product, technology or service merits additional
investigation for your particular needs. Any decision to purchase a product must be based on your own assessment of suitability
based on your needs. The document should never be used as a substitute for advice from a qualified IT or business professional.
This evaluation was focused on illustrating specific features and/or performance of the product(s) and was conducted under
controlled, laboratory conditions. Certain tests may have been tailored to reflect performance under ideal conditions; performance
may vary under real-world conditions. Users should run tests based on their own real-world scenarios to validate performance for
their own networks.
Reasonable efforts were made to ensure the accuracy of the data contained herein but errors and/or oversights can occur. The test/
audit documented herein may also rely on various test tools the accuracy of which is beyond our control. Furthermore, the
document relies on certain representations by the sponsor that are beyond our control to verify. Among these is that the software/
hardware tested is production or production track and is, or will be, available in equivalent or better form to commercial customers.
Accordingly, this document is provided "as is", and Tolly Enterprises, LLC (Tolly) gives no warranty, representation or undertaking,
whether express or implied, and accepts no legal responsibility, whether direct or indirect, for the accuracy, completeness,
usefulness or suitability of any information contained herein. By reviewing this document, you agree that your use of any
information contained herein is at your own risk, and you accept all risks and responsibility for losses, damages, costs and other
consequences resulting directly or indirectly from any information or material available on it. Tolly is not responsible for, and you
agree to hold Tolly and its related affiliates harmless from any loss, harm, injury or damage resulting from or arising out of your use of
or reliance on any of the information provided herein.
Tolly makes no claim as to whether any product or company described herein is suitable for investment. You should obtain your
own independent professional advice, whether legal, accounting or otherwise, before proceeding with any investment or project
related to any information, products or companies described herein. When foreign translations exist, the English document is
considered authoritative. To assure accuracy, only use documents downloaded directly from Tolly.com. No part of any document
may be reproduced, in whole or in part, without the specific written permission of Tolly. All trademarks used in the document are
owned by their respective owners. You agree not to use any trademark in or as the whole or part of your own trademarks in
connection with any activities, products or services which are not ours, or in a manner which may be confusing, misleading or
deceptive or in a manner that disparages us or our information, projects or developments.
217147-iv-18--yx-2017-12-06-VerN
© 2017 Tolly Enterprises, LLC
Tolly.com
Page 14 of 14
Download PDF