H3C IRF2 Intelligent Resilient Architecture Technology

H3C S5560S-EI series switches implement Intelligent Resilient Framework 2 (IRF2) technology. IRF2 provides the following benefits:

Excellent scalability: With IRF2, device aggregation can be plug-and-play by simply adding one or more switches to the stack IRF2 and enabling IRF2 stacking mode on the new device. New devices can be managed through a single shared IP address, allowing software updates to be carried out simultaneously on all devices to reduce network expansion costs.

High reliability: patented IRF2’s 1:N redundancy technology allows each of the slaves in the IRF2 stack to serve as a backup for the master, providing control plane redundancy and data link redundancy, as well as uninterrupted Layer 3 forwarding. This improves reliability and helps avoid interruptions at work and generally improve productivity. If the primary device fails, traffic does not stop.

Load balancing: IRF2 supports aggregation of connections across multiple devices. Connections to upstream and downstream systems can be made through multiple physical links, creating another layer of redundancy and increasing network resource utilization.

Availability: IRF2 technology implemented H3C uses standard 40 Gigabit Ethernet (40GE) or 10 Gigabit Ethernet (10GE) ports and provides bandwidth allocation for service traffic and application access, with intelligent separation of local traffic from traffic to upstream systems. IRF2 rules can be applied not only at the scale of one rack or adjacent racks, but also at the scale of the entire local network.

Software-defined networks

Software Defined Networks (SDN) are an innovative network architecture that separates the network control plane from the data forwarding plane, typically through Openflow. SDN greatly simplifies network management without complexity and overhead, provides flexible traffic management, and offers an excellent platform for core network applications and innovative solutions.

S5560S-EI series switches support a large table of data flows in the network. Combined with H3C’s SDN Controller, they allow you to easily implement a two-tier network architecture and quickly add new features to existing networks to radically simplify network management while significantly reducing maintenance costs.

Comprehensive policies security

Endpoint Admission Defense (EAD), in combination with systems at the core of the network, allows you to combine endpoint security functions such as such as the presence of an antivirus and the latest updates, with network security mechanisms (including network access control and network access control) into an interactive security system. By verifying, isolating, remediating, managing and monitoring endpoint access, the system allows you to move from reactive, targeted network security to proactive, end-to-end security, and from isolated to centralized policy management. This system provides a higher level of protection for the network as a whole from numerous security threats, and also allows for a better response to new threats.

The switches support unified MAC authentication -addresses, according to 802.1x and through the portal; dynamic and static binding of user identities such as user account, IP address, MAC address, VLAN and port number; and dynamically applying user profiles or policies (such as VLANs, QoS control settings, and ACLs) to users. When you use a switch with the H3C IMC management system, you can manage and monitor active users in real time and take immediate action if violations are detected.

The switches offer the ability to assign a large number of access control lists for incoming and outgoing traffic, as well as VLAN-based access control lists.

The switch supports a reverse forwarding method for unicast traffic ( Unicast Reverse Path Forwarding (uRPF), which protects the network from origin spoofing attacks, as well as denial of service (DoS) and distributed DDoS attacks.

High availability

The switch supports 1+1 power supply redundancy and 1+1 fan module redundancy. The switch can be equipped with AC or DC power supplies, depending on the need. The switch automatically monitors the status of power supplies and fan modules, and also regulates the fan speed depending on the temperature. For any events related to power supplies or temperature, the switch generates appropriate alarms.

In addition to hardware redundancy, the switches provide various mechanisms for redundant nodes and links, as well as the following security mechanisms:

Ethernet link aggregation, including LACP.

Spanning tree protocols, including STP, RSTP and MSTP.

Smart Link, which provides faster failover in networks with two backbone interfaces.< /p>

Rapid Loop Protection Protocol (RRPP).

IRF 2 in ring topology together with link aggregation on different chassis.

Comprehensive quality of service (QoS) management functions

In switches a wide range of quality of service management functions has been implemented, including the following:

Filtering packets based on the contents of header fields at levels 2 to 4, including based on MAC- source address, destination MAC address, source IP address, destination IP address, TCP/UDP port number, protocol type and VLAN.

Flexible algorithms for organizing and scheduling queues configured at the individual port and queue level, including Strict Priority (SP), Weighted Round Robin (WRR) and SP+WRR.

Control of guaranteed access rate (CAR) with a minimum step of 8 kbit/s.

Port mirroring as for incoming , and for the outgoing direction for monitoring and troubleshooting in the network.

Extensive management capabilities

In switches A variety of control functions are implemented, making it very easy to operate. The switches offer the following device management features:

Multiple management interfaces, including a console port, a micro-USB port, and a dedicated Ethernet port for management.

n

Supports configuration and management via command line interface (CLI) or web interfaces of general purpose systems such as H3C IMC Intelligent Management Center and OpenView.

< p style="font-weight: 400;">Support for various access methods, including SNMPv1/v2c/v3, Telnet and the more secure SSH 2.0.

To enable users to obtain information about application traffic on the network, the switch implements a number of traffic monitoring features and analytics tools, including local port mirroring and remote port mirroring at Layer 2. Using these tools, customers can configure multiple monitoring ports and collect network traffic data to assess network health, receive traffic analysis reports, schedule traffic management parameters and optimize resource allocation.

Intelligent Management Center (SmartMC)

SmartMC is the latest, innovative H3C solution that helps small and medium-sized businesses manage their network management challenges using a free, easy-to-use web-based tool. SmartMC is an on-switch management tool available in management switches and other access network switches.

SmartMC has the following advantages:

Smart Operation: Once the switch is powered on and the SmartMC function is activated, the topology is automatically built and displayed to the user in a rich web GUI to check the current status.

< p style="font-weight: 400;">Centralized management: All management operations can be performed through the management switch, including centralized configuration backup and software versioning for increased efficiency.

One-click device replacement: If one of the switches fails, a new replacement switch of the same type can be automatically loaded with the same configuration so that it immediately starts working like the previous one.