SJ-20140314093122-003-ZXA10 C300M&C350M (V4.0.1) Multi-Service Access Equipment Feature Guide

ZXA10 C300M/C350M
Multi-Service Access Equipment

Feature Guide
Version: V4.0.1
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: [email protected]
LEGAL INFORMATION
Copyright © 2014 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit the ZTE technical support website http://support.zte.com.cn to inquire for related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
Revision No. Revision Date Revision Reason
R1.0 2014-05-16 First edition
Serial Number: SJ-20140314093122-003
Publishing Date: 2014-05-16 (R1.0)
SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Contents
About This Manual ......................................................................................... I
Chapter 1 VoIP Service .............................................................................. 1-1
1.1 PSTN Service .................................................................................................... 1-1
1.1.1 Introduction.............................................................................................. 1-1
1.1.2 Principle .................................................................................................. 1-2
1.2 ISDN Service ..................................................................................................... 1-3
1.2.1 Introduction.............................................................................................. 1-3
1.2.2 Principle .................................................................................................. 1-3
1.3 Fax and Modem Service ..................................................................................... 1-4
1.3.1 Introduction.............................................................................................. 1-4
1.3.2 Principle .................................................................................................. 1-4
1.4 H.248 ............................................................................................................... 1-8
1.4.1 Introduction.............................................................................................. 1-8
1.4.2 Principle .................................................................................................. 1-8
1.5 SIP Service...................................................................................................... 1-14
1.5.1 SIP Introduction ..................................................................................... 1-14
1.5.2 SIP Principle .......................................................................................... 1-15
1.6 VoIP Quality Improving Method ......................................................................... 1-16
1.6.1 Introduction............................................................................................ 1-16
1.6.2 Principle ................................................................................................ 1-16
Chapter 2 Broadband Service ................................................................... 2-1

2.1 ADSL2/ADSL2+ Service ..................................................................................... 2-1
2.1.1 Introduction.............................................................................................. 2-1
2.1.2 Principle .................................................................................................. 2-1
2.2 VDSL2 Service................................................................................................... 2-4
2.2.1 Introduction.............................................................................................. 2-4
2.2.2 Principle .................................................................................................. 2-5
2.3 Ethernet Service .............................................................................................. 2-10
2.3.1 Introduction............................................................................................ 2-10
2.3.2 Principle ................................................................................................ 2-10
2.4 PPPoA to PPPoE ............................................................................................. 2-12
2.4.1 Introduction............................................................................................ 2-12
2.4.2 Principle ................................................................................................ 2-12

2.5 IPoA Access .................................................................................................... 2-14
2.5.1 Introduction............................................................................................ 2-14
2.5.2 Principle ................................................................................................ 2-14
Chapter 3 Multicast .................................................................................... 3-1

3.1 Multicast Overview ............................................................................................. 3-1
3.1.1 Introduction.............................................................................................. 3-1
3.1.2 Principle .................................................................................................. 3-2
3.2 IGMP Snooping.................................................................................................. 3-4
3.2.1 Introduction.............................................................................................. 3-4
3.2.2 Principle .................................................................................................. 3-5
3.3 IGMP Proxy ....................................................................................................... 3-5
3.3.1 Introduction.............................................................................................. 3-5
3.3.2 Principle .................................................................................................. 3-6
3.4 IGMP Router...................................................................................................... 3-6
3.4.1 Introduction.............................................................................................. 3-6
3.4.2 Principle .................................................................................................. 3-7
3.5 MVLAN.............................................................................................................. 3-7
3.5.1 Introduction.............................................................................................. 3-7
3.5.2 Principle .................................................................................................. 3-7
3.6 Channel Management ........................................................................................ 3-8
3.6.1 Introduction.............................................................................................. 3-8
3.6.2 Principle .................................................................................................. 3-8
3.7 Service Package Management............................................................................ 3-9
3.7.1 Introduction.............................................................................................. 3-9
3.7.2 Principle .................................................................................................. 3-9
Chapter 4 GPON Features ......................................................................... 4-1

4.1 FEC .................................................................................................................. 4-1
4.1.1 Introduction.............................................................................................. 4-1
4.1.2 Principle .................................................................................................. 4-1
4.2 Multiple Networking Modes ................................................................................. 4-2
4.2.1 Introduction.............................................................................................. 4-2
4.2.2 Principle .................................................................................................. 4-3
4.3 Multicast GEM Port Modifiability .......................................................................... 4-4
4.3.1 Introduction.............................................................................................. 4-4
4.3.2 Principle .................................................................................................. 4-4
Chapter 5 Device Management ................................................................. 5-1

5.1 Basic Management............................................................................................. 5-1
II

5.1.1 Introduction.............................................................................................. 5-1
5.1.2 Features .................................................................................................. 5-1
5.2 Software Version Management............................................................................ 5-2
5.2.1 Introduction.............................................................................................. 5-2
5.2.2 Software Management.............................................................................. 5-2
Chapter 6 VLAN .......................................................................................... 6-1

6.1 VLAN Architecture.............................................................................................. 6-1
6.1.1 Introduction.............................................................................................. 6-1
6.1.2 Principle .................................................................................................. 6-1
6.2 User-Side Multi-PVC and Multi-Service Networking Model .................................... 6-2
6.2.1 Introduction.............................................................................................. 6-2
6.2.2 Principle .................................................................................................. 6-2
6.3 User-Side Single-PVC and Multi-Service Networking Model (EFM Tagged) ............ 6-3
6.3.1 Introduction.............................................................................................. 6-3
6.3.2 Principle .................................................................................................. 6-4
6.4 User-Side Single-PVC and Multi-Service Networking Model (EFM Untagged
Priority Tagged) ................................................................................................ 6-5
6.4.1 Introduction.............................................................................................. 6-5
6.4.2 Principle .................................................................................................. 6-5
6.5 User-Side Multi-PVC Service Networking Application............................................ 6-6
6.5.1 Introduction.............................................................................................. 6-6
6.5.2 Principle .................................................................................................. 6-6
6.6 VLAN Transparent Port (TLS Port) ...................................................................... 6-8
6.6.1 Introduction.............................................................................................. 6-8
6.6.2 Principle .................................................................................................. 6-8
6.7 VLAN Non-transparent Port (Non-TLS Port) ......................................................... 6-9
6.7.1 Introduction.............................................................................................. 6-9
6.7.2 Principle .................................................................................................. 6-9
6.8 QinQ VLAN...................................................................................................... 6-10
6.8.1 Introduction............................................................................................ 6-10
6.8.2 Principle ................................................................................................ 6-10
6.9 Super VLAN..................................................................................................... 6-12
6.9.1 Introduction............................................................................................ 6-12
6.9.2 Principle ................................................................................................ 6-12
Chapter 7 QoS............................................................................................. 7-1

7.1 QoS .................................................................................................................. 7-1
7.1.1 Introduction.............................................................................................. 7-1
III

7.1.2 Principle .................................................................................................. 7-1
7.2 Packet Classification and Mark............................................................................ 7-2
7.2.1 Introduction.............................................................................................. 7-2
7.2.2 Description .............................................................................................. 7-3
7.3 Congestion Management .................................................................................... 7-3
7.3.1 Introduction.............................................................................................. 7-3
7.3.2 Principle .................................................................................................. 7-4
7.4 Traffic Shaping ................................................................................................... 7-6
7.4.1 Introduction.............................................................................................. 7-6
7.4.2 Principle .................................................................................................. 7-7
7.5 Redirection and Policy Route .............................................................................. 7-8
7.5.1 Introduction.............................................................................................. 7-8
7.5.2 Principle .................................................................................................. 7-8
7.6 Priority Mark ...................................................................................................... 7-9
7.6.1 Introduction.............................................................................................. 7-9
7.6.2 Principle .................................................................................................. 7-9
7.7 Flow Mirror and Traffic Statistics........................................................................ 7-10
7.7.1 Introduction............................................................................................ 7-10
7.7.2 Principle ................................................................................................ 7-10
Chapter 8 Protocols ................................................................................... 8-1

8.1 IP Route Selection ............................................................................................. 8-1
8.1.1 Introduction.............................................................................................. 8-1
8.1.2 Principle .................................................................................................. 8-1
8.2 Static Route Protocol.......................................................................................... 8-2
8.2.1 Introduction.............................................................................................. 8-2
8.2.2 Principle .................................................................................................. 8-3
8.3 Dynamic Route Protocol ..................................................................................... 8-3
8.3.1 RIPv1/v2.................................................................................................. 8-3
8.3.2 OSPFv2................................................................................................... 8-4
8.3.3 ISIS......................................................................................................... 8-6
8.3.4 Multicast Route Protocol PIM .................................................................... 8-7
8.4 SNMP ............................................................................................................... 8-8
8.4.1 Introduction.............................................................................................. 8-8
8.4.2 Principle .................................................................................................. 8-9
8.5 NTP ................................................................................................................ 8-10
8.5.1 Introduction............................................................................................ 8-10
8.5.2 Principle ................................................................................................ 8-10
IV

8.6 STP................................................................................................................. 8-12
8.6.1 Introduction............................................................................................ 8-12
8.6.2 Principle ................................................................................................ 8-13
Chapter 9 Uplink Interface Protection ...................................................... 9-1

9.1 Introduction........................................................................................................ 9-1
9.2 Principle ............................................................................................................ 9-1
Chapter 10 AG Security ........................................................................... 10-1

10.1 AG Authentication .......................................................................................... 10-1
10.1.1 Introduction .......................................................................................... 10-1
10.1.2 Principle .............................................................................................. 10-1
10.2 Dual-homing .................................................................................................. 10-3
10.2.1 Introduction .......................................................................................... 10-3
10.2.2 Principle .............................................................................................. 10-4
10.3 Self-exchange ................................................................................................ 10-5
10.3.1 Introduction .......................................................................................... 10-5
10.3.2 Principle .............................................................................................. 10-6
Chapter 11 Access Security .................................................................... 11-1

11.1 User Identification ...........................................................................................11-1
11.1.1 Introduction ...........................................................................................11-1
11.1.2 Principle................................................................................................11-1
11.2 MAC Security Technology ................................................................................11-4
11.2.1 Introduction ...........................................................................................11-4
11.2.2 Principle................................................................................................11-4
11.3 IP Security Technology.....................................................................................11-6
11.3.1 Introduction ...........................................................................................11-6
11.3.2 Principle................................................................................................11-6
11.4 Overload and Invalid Packet Suppression .........................................................11-7
11.4.1 Introduction ...........................................................................................11-7
11.4.2 Principle................................................................................................11-8
11.5 Multicast Service Security ................................................................................11-9
11.5.1 Introduction ...........................................................................................11-9
11.5.2 Principle................................................................................................11-9
11.6 Management Channel and System Security .................................................... 11-10
11.6.1 Introduction ......................................................................................... 11-10
11.6.2 Principle.............................................................................................. 11-10
11.7 Port Isolation ................................................................................................. 11-12
11.7.1 Introduction ......................................................................................... 11-12

11.7.2 Principle.............................................................................................. 11-12
11.8 ACL .............................................................................................................. 11-14
11.8.1 Introduction ......................................................................................... 11-14
11.8.2 Principle.............................................................................................. 11-14
11.9 TACACS+ ..................................................................................................... 11-16
11.9.1 Introduction ......................................................................................... 11-16
11.9.2 Principle.............................................................................................. 11-17
11.10 RADIUS ..................................................................................................... 11-18
11.10.1 Introduction ....................................................................................... 11-18
11.10.2 Principle ............................................................................................ 11-20
Chapter 12 Monitoring, Operation and Maintenance ............................ 12-1

12.1 Alarm/Log Management.................................................................................. 12-1
12.1.1 Introduction .......................................................................................... 12-1
12.1.2 Management........................................................................................ 12-2
12.2 Fault Monitoring and Management................................................................... 12-4
12.2.1 Introduction .......................................................................................... 12-4
12.2.2 Monitoring and Managment................................................................... 12-5
12.3 Enviornment Monitoring and Management ....................................................... 12-7
12.3.1 Introduction .......................................................................................... 12-7
12.3.2 Monitoring and Management ................................................................. 12-7
12.4 Broadband Operation and Maintenance Features............................................. 12-8
12.4.1 Introduction .......................................................................................... 12-8
12.4.2 Maintenance ........................................................................................ 12-9
12.5 Narrowband Service Test ............................................................................... 12-11
12.5.1 Introduction ......................................................................................... 12-11
12.5.2 Maintenance .......................................................................................12-12
Figures............................................................................................................. I
Glossary ........................................................................................................ III
VI

About This Manual
Purpose
This manual provides feature introductions and working principles that support the
operation and maintenance on the ZXA10 C300M/C350M Multi-Service Access
Equipment.
Intended Audience
This document is intended for:
l Network planning engineers

l Data configuration engineers
l Application development engineers
Prerequisite Skill and Knowledge

To use this manual effectively, users should have a general understanding of network
technology. Familiarity with the following is helpful:
l The ZXA10 C300M/C350M system and its various components
l Maintenance procedures
l Local operating procedures
What Is in This Manual

This manual contains the following chapters:
Chapter 1, VoIP Service Describes PSTN sevice, Fax and MODEM service, H.248
protocol, SIP service and method for improving VoIP quality.
Chapter 2, Broadband Service Describes ADSL2/ADSL2+ service features, VDSL2 service

features, Ethernet service features, PPPoA to PPPoE, and
IPoA access.
Chapter 3, Multicast Describes IGMP snooping, IGMP proxy, IGMP router, MVLAN,
channel management, service package management.
Chapter 4, GPON Features Describes GPON feature, including FEC, GPON networking
modes, and multicast GEM port modifiability.
Chapter 5, Device Management Describes basic management and software version

management.
Chapter 6, VLAN Describes VLAN architecture, user-side networking

models and application, VLAN transparent port, VLAN
non-transparent port,QinQ VLAN and super VLAN.

Chapter 7, QoS Describes QoS features, including packet classification and
mark, congestion management, traffic shaping, redirection
and policy route, priority mark, and flow mirror and traffic
statistics.
Chapter 8, Protocols Describes IP route selection, static route protocol, dynamic

route protocol, SNMP, NTP, and STP.
Chapter 9, Uplink Interface Describes the uplink interface protection.

Protection
Chapter 10, AG Security Describes AG authentication, dual-homing, and

self-exchange.
Chapter 11, Access Security Describes user identification, MAC security technology, IP
security technology, overload and invalid packet suppression,
multicast service security, management channel and system
security, port isolation, loop detection, ACL, TACACS+ and
RADIUS.
Chapter 12, Monitoring, Operation Describes alarm/log management, fault monitoring and
and Maintenance management, environment monitoring and management,
broadband operation and maintenance features, and
narrowband service test.
Conventions
This document uses the following typographical conventions.
Italics Variables in commands. It may also refers to other related manuals and
documents.
Bold Menus, menu options, function names, input fields, option button names, check
boxes, drop-down lists, dialog box names, window names, parameters and
commands.
CAPS Keys on the keyboard and buttons on screens and company name.
Constant width Text that you type, program codes, filenames, directory names, function names.
[] Optional parameters.
{} Mandatory parameters.
| Separates individual parameter in series of parameters.
Note: Provides additional information about a certain topic.
II

Chapter 1
VoIP Service
Table of Contents
PSTN Service.............................................................................................................1-1
ISDN Service .............................................................................................................1-3
Fax and Modem Service.............................................................................................1-4
H.248 ........................................................................................................................1-8
SIP Service ..............................................................................................................1-14
VoIP Quality Improving Method ................................................................................1-16
1.1 PSTN Service

1.1.1 Introduction
Description
VoIP-based PSTN voice service adopts UDP protocol for transmission in IP exchange
network through media access gateway device after some processing, such as
compressing and packaging analog voice signal, switching address, etc.
The VoIP-based PSTN voice service requirements are as follows:
l The product should support H.248 and MGCP service interface function.
l SS/MGC version needs to support text-mode H.248 or MGCP service function.
VoIP-based PSTN voice service is a basic service of ZTE SS control device and its function
can be realized inside ZTE SS control device without any third party device. Narrowband
voice signal can be transmitted in IP network by transforming TDM voice signal to IP
packets, which greatly reduces the service cost.
Features
PSTN voice service, proved by ZXA10 C300M/C350M, supports the following features:
l Echo suppression
l Voice coding negotiation
l Gain adjustment
l Mute detection
l Auto-adaptive jittering buffer
l DTMF trunk
l Mute detection compression and comfortable voice restoration
l Multi-homing function of H.248 in AG device
1-1

ZXA10 C300M/C350M Feature Guide
l Internal line test simulation

ZXA10 C300M/C350M also provides the standard supplementary services, such as fast
dialing, call register on busy, call-back on busy, call forwarding, three party service, call
waiting, conference call, alarm clock service, CLI, call restriction, CLI restriction, (delay)
hot line, no-disturb service and hoax call tracking, etc.
1.1.2 Principle
The analog voice signal is transformed into IP data packets through sampling,
digitalization, encoding and voice compression. It is then transmitted to the opposite
end through IP network. When IP data packet reaches the opposite end, it is restored to
analog voice signal through decoding, as shown in Figure 1-1.
Figure 1-1 PSTN Working Principle
IP: Internet Protocol
Internal Line Test Simulation

The ZXA10 C300M/C350M device provides the internal line test simulation function,
including:
l Calling process simulation
The ZXA10 C300M/C350M device simulates the calling process, works as a
subscriber, hooks off, and dials the specified number, see Figure 1-2.
Figure 1-2 Calling Process Simulation
l Called process simulation

The maintenance personnel dials the specified number, and the ZXA10
C300M/C350M device simulates the called process. The device works as a
subscriber, hooks off, and answers the call, see Figure 1-3.
Figure 1-3 Called Process Simulation
1-2

Chapter 1 VoIP Service
The ZXA10 C300M/C350M device uses the subscriber voice service status change to
judge whether the signalling exchanging is correct, and uses the media packets statistic
information to check whether the voice commutation is normal. The simulation process
is the same as the actual POTS service process, and all the test simulation results are
recorded.
1.2 ISDN Service

1.2.1 Introduction
The ISDN is a communication network developed based on the IDN. The ISDN provides
end-to-end data connection and supports voice and non-voice telecommunications
services.
The functions of the ISDN BRI service are implemented by the IUA and H.248 protocols.
The ZXA10 C300M/C350M is responsible for terminating or switching the signaling flows
between the ISDN terminal and SS. In addition, the ZXA10 C300M/C350M uses the IUA
protocol stack to interact with the MGC.
The media streams of the ISDN terminal are controlled and managed by the H.248 protocol
between the ZXA10 C300M/C350M and SS.
The ZXA10 C300M/C350M supports ISDN BRI (2B+D) and ISDN PRI (30B+D/23B+D)
services.
1.2.2 Principle
The IUA protocol uses the SCTP protocol to transfer the Q.931 ISDN message between the
ZXA10 C300M/C350M and MGC (SS). In addition, it transfers the Q.921/Q.931 primitive
between the ZXA10 C300M/C350M and MGC (SS).
During the call process, the ZXA10 C300M/C350M establishes a link through the Q.921
data link process and ISDN terminal. The Q.921 data link process is terminated on the
ZXA10 C300M/C350M. The primitive generated by the Q.921 data link process and the
upper-layer application is reported to the MGC (SS) through the IUA protocol. The primitive
requested by the Q.931 module on the MGC (SS) is reported to the link-layer process on
the ZXA10 C300M/C350M through the IUA protocol.
Figure 1-4 shows the ISDN BRI signaling transmission model of the ZXA10
C300M/C350M.
1-3

Figure 1-4 ISDN BRI Signaling Transmission Model
ISDN: Integrated Services Digital Network MSG: Multimedia Message Gateway
IUA: ISDN User Adaptation Layer SCTP: Stream Control Transmission Protocol
1.3 Fax and Modem Service

1.3.1 Introduction
With the current fax and modem terminal technology, the fax and data are sent through
the IP network instead of the telephone network. The IP-based fax and modem service
provides economical transmission channels.
The ZXA10 C300M/C350M supports the fax service and modem service in the IP network
or between the IP network and the PSTN network.
The ZXA10 C300M/C350M supports the T.30 and T.38 fax services. It also supports the
modem transparent transmission service.
1.3.2 Principle
Fax Service
Figure 1-5 shows the IP-based fax service.
1-4

Figure 1-5 IP-Based Fax Service Model
PSTN: Public Switched Telephone Network IP: Internet Protocol
The transmission process of the IP-based fax is as follows:
1. The facsimile sends the fax information to the MG (ZXA10 C300M/C350M).

2. The MG converts the fax information to an IFP packet, and then sends the IFP packet
to the receiving MG through the IP-based transmission protocol (TCP or UDP, usually
it is UDP).
3. The receiving MG recovers the IFP packet to the fax information, and then sends it to
the receiving facsimile.
The ZXA10 C300M/C350M supports the T.30 and T.38 fax modes. The facsimiles are the
same in both T.30 and T.38 fax modes, and it is the same as that on the PSTN. Even though
the T.38 fax is used, both the facsimiles use the T.30 protocol. T.38 is used between the
facsimiles and the system.
Figure 1-6 shows the T.30 fax principle.
1-5

Figure 1-6 T.30 Fax Principle
IP: Internet Protocol PSTN: Public Switched Telephone Network
Figure 1-7shows the T.38 fax Principle.
1-6

Figure 1-7 T.38 Fax Principle
IP: Internet Protocol PSTN: Public Switched Telephone Network
T.38 fax transmits only the fax data on the NGN, and thus saves more channel bandwidth
than the T.30.
The ZXA10 C300M/C350M supports the SS full control fax and auto-negotiation fax:
l SS full control fax
In this mode, the SS controls the fax mode (T.38 or T.30). The ZXA10 C300M/C350M
only needs to report the detected fax voice to the SS. The system does not switch
automatically. This mode is widely used.
l ZTE auto-negotiation fax
In this mode, the ZXA10 C300M/C350M switches to the fax mode automatically when
detecting the fax voice. The SS does not need to attend the action.
Modem Service
The ZXA10 C300M/C350M supports the modem service in VBD transparent transmission
mode. It uses the G.711 encoding method to encapsulate and decapsulate the modem
signals and data as common RTP data.
The basic flow for the modem transparent transmission service is as follows:
1. Set up the session. The SS delivers the command of detecting the modem events to
the MG.
2. Both the parties are in the conversation state.
1-7

3. During the conversation, the MG detects the modem startup event and reports it to the
SS.
4. The SS delivers the command to switch the DSP channels of the both parties to the
modem mode.
5. The MG switches the channels to the modem mode according to the command
delivered by the SS, and sets the local configuration according to the encoding mode
and port number delivered by the SS.
6. After the modem service is finished:
l The ZXA10 C300M/C350M ends the conversation automatically.
l The conversation continues. Since there is no modem termination event, the DSP
working mode cannot be switched from the modem mode to the voice working
mode automatically, and the conversation quality may be affected.
1.4 H.248
1.4.1 Introduction
H.248 aims to isolate call control from the media gateway, so the media gateway performs
only the media format conversion function.
The H.248 features are as follows:
l It implements master/slave control on the MG through MGC and provides connection
control, device control, and device configuration.
l It is based on two key concepts: terminal and context.
l It provides eight commands: Add, Subtract, Move, Modify, Notify, AuditValue,
AuditCapabilities, and ServiceChange.
l The package expansion mechanism provides easy and open expansion methods for
the specified terminal signaling, events, properties, and statistics data.
1.4.2 Principle
Gateway Functional Model
Figure 1-8 shows the gateway functional model.
1-8

Figure 1-8 Gateway Functional Model
SS: Soft Switch BICC: Bearer Independent Call Control protocol
SIP: Session Initiation Protocol BCP: Basic Call Processing
ISUP: ISDN User Part IP: Internet Protocol
TDM: Time Division Multiplexing MG: Media Gateway
MTP: Message Transfer Part
The H.248 protocol aims to control and monitor the bearer connection action of the MG. It
isolates the call logical control from the MG, and the MG reserves only the media format
conversion function. The MG in Figure 1-8 refers to the ZXA10 C300M/C350M.
H.248 MG Model
Figure 1-9 shows the H.248 MG model.
1-9

Figure 1-9 H.248 MG Model
Termination is the source and destination of the media flow. One destination can
correspond to one or multiple media flows. Terminations can be identified with Termination
IDs. Termination IDs are allocated by the MG.
Context represents the relationship between a group of terminations.
H.248 Command Set

H.248 has eight commands, as shown in Figure 1-10.
Figure 1-10 H.248 Command Set
1-10

MGC: Media Gateway Controller MG: Media Gateway
l Add
To add a termination to a context. If the context ID is not specified, a new context is
created.
l Modify
To modify the termination properties and event/signal properties.
l Subtract
To remove a termination from a context. If the contest has no termination, the
command deletes the context.
l Move
To move a termination from one context to another.
l AuditValue
To obtain the current values of the termination properties, events, signals, and
statistics.
l AuditCapability
To obtain all the possible values of the termination properties, events, signals, and
statistics.
l Notify
The MG uses this command to notify the MGC the internal events, such as hook-off.
l ServiceChange
To start or exit the service.
H.248 Communication Mode

Figure 1-11 shows the H.248 communication mode.
Figure 1-11 H.248 Communication Mode
1-11

MG: Media Gateway TCP: Transmission Control Protocol
Compared with other gateway protocols, H.248 has the following features in the
transmission mode:
l It supports the ASN.1 and text encoding modes.
l It has a completely open expansion mechanism: packet expansion mechanism.
Compared with the MGCP packet expansion mechanism, the H.248 packet
expansion mechanism is more open and can define more packets. The termination
features that are defined in the basic protocol description can be defined with related
packets.
l Its transaction communication mechanism supports multiple commands to be sent
simultaneously to improve the protocol transmission efficiency, that is, multiple
commands are combined as a transaction.
H.248 Protocol Flow

Figure 1-12 shows the H.248 protocol flow.
1-12

Figure 1-12 H.248 Protocol Flow
SS: Soft Switch RTP: Real-time Transport Protocol
MSAG: Multi-Service Access Gateway
1-13

1.5 SIP Service

1.5.1 SIP Introduction
Description
SIP is a signaling protocol, widely used for controlling multimedia communication sessions
such as voice and video calls over IP. By working together with RSVP, SDP, and ISUP,
the protocol can be used for creating, modifying, and terminating sessions.
The SIP AG user is a SIP terminal, which is a logical entity in the MG. It can send
and receive one or multiple media. By working together with SDP, the SIP AG terminal
describes the session parameters and media parameters.
Message is an information unit sent by the protocol. A message contains a starting line,
message header, and optional message body. The message is in the text format.
When the SIP AG terminal user starts a call, a session is created between the AG and
SS by using the INVITE, 180 Ring, and 200 Ok messages. The session can be modified
through the ReInvite message.
Networking
Figure 1-13 shows the basic SIP networking.
Figure 1-13 SIP Networking
SIP: Session Initiation Protocol
1-14

1.5.2 SIP Principle

SIP is a Client/Server protocol. A SIP system consists of a UAC and UAS. The UAC
initiates a SIP request message to the UAS, and the UAS sends a response message to
the UAC.
The SS can be considered as a SIP terminal. In an IPTel system, the gateway that
interworks with PSTN is also a SIP terminal.
According to the logical functions, a SIP system consists of the UAC, UAS, redirection
server, location server, and registrar server. Figure 1-14 shows the SIP distributed
architecture.
Figure 1-14 SIP Distributed Architecture
SIP: Session Initiation Protocol LDAP: Lightweight Directory Access Protocol
PSTN: Public Switched Telephone Network
The components in the networking are as follows:

l User agent
à UAC, responsible for initiating calls
à UAS, responsible for accepting calls and responding to it
l Proxy server
The proxy server receives the request from the user agent, sends the request to the
corresponding server, and then responds to the subscriber. It can modify the message
before sending it.
l Redirection server
The redirection server receives the user request, maps the original address in the
request to zero or multiple addresses, and then returns the address to the client. The
client sends a request again according to the address. The redirection server is used
1-15

to return the new location of the user to the caller. The caller then can make a new
call according to the new location.
l Location server
When the user terminal is powered ON or moved to a new area, its current location
needs to be registered to a server in the network, so that other users can find it. The
location server implements this function.
l Registrar server
The registrar server receives and handles the registration requests from the client. It
registers the user address.
1.6 VoIP Quality Improving Method

1.6.1 Introduction
Different from the traditional PSTN voice transmission, the voice transmission on the IP
bearer network is as follows:
1. The system samples and encodes to converts the analog voice signals to the data
packets that can be transmitted on the data bearer network.
2. It sends the data packets to the receiving end through the IP packet forwarding
mechanism.
3. The receiving end then decodes the packets and recovers them to the analog voice
signals.
The VoIP voice quality is affected by various factors, such as the delay, jitter, packet loss,
speech compression, noise, and echo.
To improve the VoIP voice quality, take measures according to these factors. The ZXA10
C300M/C350M provides the following ways to improves the VoIP voice quality:
l Static/Dynamic jitter buffer
l Various encoding and decoding methods
l Echo cancellation
l Voice activity detection
l Noise cancellation/CNG
l RTP voice amplification
l Network QoS assurance
1.6.2 Principle
Dynamic Jitter Buffer
Since multiple channels may exist between the IP network source and destination, packets
arrive at the receiving end at different times. Therefore, jitter occurs. The voice quality
deteriorates when the jitter increases.
1-16

The buffer technology can reduce or remove the jitter.

When the dynamic jitter buffer technology is used, the buffer size changes with the jitter
condition. The receiving end compares the received data grouping delay with the delay
information saved by the algorithm to obtain the attainable maximum jitter, and thus selects
the jitter buffer size. When the network jitter is bigger, the packet loss is less. When the
delay and jitter is smaller, the voice delay is smaller.
Various Encoding and Decoding Methods

The effects on the voice quality by the encoding and decoding methods are determined
by the compression algorithm, DSP processing speed, and DSP loading condition. At
present, muliple voice encoding and decoding methods are defined. The effects on the
voice quality by one method is generally the same.
Low-speed encoding methods can bear more calls in the same network environment,
but it affects the communication quality. To ensure the good-quality communication, use
high-speed voice encoding method, such as G.711.
Echo Cancellation
There are two kinds of echoes: line echo and acoustic echo.
l Line echo
Line echo is caused by the unmatched resistance during the 2–wire to 4–wire
conversion. In this case, the caller voice is reflected when sent to the remote 2–wire
to 4–wire conversion, and sent back to the caller with the voice of the called party. If
the loop delay is less than 35 ms, the caller cannot sense the echo. If the delay is
more, the caller can hear the echo, and it affects the conversation quality.
l Acoustic echo
Acoustic echo is caused by the acoustic coupling that exists between the calling and
called parties. The voice generated by the horn is sent back to the headphone or
microphone after reflected one or multiple times in the space.
To remove the echoes, use the following methods:
l Line echo cancellation
Line echo cancellation estimates the echo value and subtracts it from the actual echo
value to reduce the echo interference.
l Acoustic echo cancellation
On one hand, acoustic echo cancellation uses the model structure with good acoustic
features to reduce the acoustic amplitude and nonlinear echo. On the other hand, it
uses certain echo processing modules to suppress the acoustic echo. For example,
à Use Fourier transform.

à Use frequency-based algorithm to detect and predict parameters.
1-17

à Use multi-level dual-directional nonlinear algorithm and frequency features to

compensate the background noise.
Voice Activity Detection

Through the voice activity detection, when the caller is silent (lasts about 50% of the
conversation), the data is not sent.
Voice activity detection can remove the silent time (during talk) to reduce the bandwidth
occupied by the voice signals, and save the network bandwidth.
Noise Cancellation and CNG

Noise is related to the conversation environment.
l Wave filter can reduce the effect of the background noise on the voice conversation.
l CNG can generate comfort noise to make the conversation intermittent comfortable.
RTP Voice Amplification

When the converted RTP voice flow is very weak after transmitted from the network, a
certain algorithm can be used to amplify the weak voice.
Network QoS Assurance

The end-to-end delay is the key factor for user sense. When the delay is greater than 150
ms, the voice quality is greatly deteriorated.
The end-to-end delay includes the encoding and decoding delay, packaging delay,
transmission delay, device forwarding delay, and jitter removing delay.
The delay related to the bearer network refers to the transmission time when the IP packet
is transmitted from the network entrance (where the IP packet is generated) to the network
exit (where the IP packet is decoded and recovered to voice signals).
The encoding, decoding, and packaging delays are generally the same. If the transmission
paths are the same, the delays caused by transmission are also the same. The device
forwarding delay and the jitter removing delay, are changeable. They are related to the
network loading and network QoS conditions.
The ZXA10 C300M/C350M always ensures the highest priority and the minimum delay for
sending the VoIP flow.
1-18

Chapter 2
Broadband Service
Table of Contents
ADSL2/ADSL2+ Service.............................................................................................2-1
VDSL2 Service...........................................................................................................2-4
Ethernet Service.......................................................................................................2-10
PPPoA to PPPoE .....................................................................................................2-12
IPoA Access.............................................................................................................2-14
2.1 ADSL2/ADSL2+ Service

2.1.1 Introduction
Purpose
The ZXA10 C300M/C350M supports all the ADSL2/ADSL2+ features. Compared with
ADSL, ADSL2/2+ has been greatly improved in terms of rate, distance, reliability, power
control, maintenance and management. It supports more services.
Features
The ZXA10 C300M/C350M supports the following ADSL2/ADSL2+ features:
l 1-bit QAM
l Bit switching
l SRA
l SELT
l DELT
l Power management
l Flexible pilot allocation
l Annex M
l Annex L
2.1.2 Principle
1-Bit QAM
According to the ADSL standards (G.992.1 and G.992.2), the ADSL bit distribution
arithmetic calculates bit distribution for each channel according to the line SNR and the
2-1

configured line noise margin. The bits distributed for each sub-channel cannot be less
than 2. If the distributed bits are less than 2, the sub-channel can be closed.
According to the ADSL2 standard, bit distribution supports 1-bit encoding. Therefore, in
case of long distance, the sub-channels that can be distributed with only one bit due to line
attenuation can still bear data. The physical bandwidth for a 1-bit sub-channel is 4 Kbps,
so the ADSL can transfer data to a longer distance.
ADSL2 uses the improved RS encoding. The RS encoding improves coding gain, that is,
improves the line SNR, and thus improves the sub-channel bearer capability and ensures
longer transfer distance.
Bit Switching and Flexible Pilot Allocation

Bit switching switches the bit count and changes the sub-channel gain between
sub-channels according to the line conditions without changing the total line rate or
delaying the path rate.
According to the ADSL standard, the pilot sub-channels (#16 and #64) and the
sub-channels for initialization are fixed. Therefore, even if other sub-channels are in good
condition, the ADSL link cannot be initialized due to specific interference, such as bridged
tap or RFI.
According to the ADSL2 standard, the initialization phase is added with channel
discovery. The pilot and initialized channel positions can be changed. This enhances the
anti-interference capability of ADSL.
SRA
The ADSL standards do not support ADSL rate dynamic adaptation. The ADSL rate is
determined in the link setup initialization phase according to the channel condition. If
the line condition changes (for example, cross talk effect to the line from the increased
DSL activated lines during busy time period, other external noise changes, temperature
changes, and AM interference) and the noise increment exceeds the channel noise margin,
the DSL error codes cannot be prevented. Once the number of error codes reaches the
threshold, the line is interrupted. This is the main cause of ADSL instability.
SRA in the ADSL2 standard can solve this problem. SRA realizes the ADSL rate
auto-adaptation. It dynamically adjusts bit distribution and power distribution without
interrupting the line or changing CRC, keeps the line noise margin within a proper range,
and ensure the line reliability.
Line Test
ADSL2/ADSL2+ is added with line diagnosis process, and it supports DELT/SELT. After the
line is set up, ADSL2/ADSL2+ provides complete line bandwidth parameters for operation
and maintenance. The maintenance personnel can perform DELT/SELT to collect and
analyze the line information periodically, know the line quality and changes, and provide
analysis data for the carrier to deploy services.
2-2

Chapter 2 Broadband Service
In addition, DELT/SELT is a method for line quality test. It can obtain the line quality
parameters in the initialization phase. In this phase, the subscriber end is not connected
with the central office.
The ITU-T standard is added with the channel discovery phase. In G.992.1, the general
ADSL working process is as follows: G.994.1 handshake → training → channel analysis
→ exchange → show time.
In G.992.3, the general ADSL working process is as follows: G.994.1 handshake →
channel discovery → training → channel analysis → exchange → show time.
The channel discovery phase provides good-quality channels for pilot signals and
exchanging information in the following phases. Therefore, the good-quality sub-channels
are selected for information exchange even if the line is in bad condition.
Power Management
ADSL2/ADSL2+ provides power management to reduce the operation power consumption
in the following terms:
l It reduces the sending power and the excess noise margin to reduce the unnecessary
power consumption to ensure stable system operation.
l The CO and CPE of ADSL2/ADSL2+ have the “power cut back” function. The power
can be reduced by 0 – 40 dB. This can reduce the sending power during normal
operation. (For ADSL, only CO has this function, and the power can be reduced by
up to 12 dB.)
l It supports the L0, L2, and L3 modes.
à L0 is the sending power in stable condition.

à L2 is the low power mode. The system can quickly access or exit the low power
mode through the office sending unit according to the ADSL flow to reduce the
sending power.
à L3 is the idle mode. In this mode, when a link is not used for a long time, it
accesses the sleep or stand-by mode through ATU-C or ATU-R to reduce power
consumption. It takes three seconds to switch from L3 to L0 mode.
Annex M
ITU-T 992.3/992.5 Annex M provides a methods for adding uplink bandwidth by expanding
the Annex A uplink frequency without changing the total transmission power.
According to ITU-T 992.5 Annex M, the uplink frequency is from 25 KHz to 276 KHz, and
the maximum uplink bandwidth is 3 MB. The downlink frequency is from 276 KHz to 2.2
MHz, and the maximum downlink bandwidth is 22 MB. The downlink also has the optional
EC mode, which can adjust the downlink bandwidth properly.
Figure 2-1 shows the Annex M spectrum.
2-3

Figure 2-1 Annex M Spectrum
POTS: Plain Old Telephone Service ISDN: Integrated Services Digital Network
ADSL: Asymmetric Digital Subscriber Line
Annex L
The most important technology in the ADSL2 standard for expanding the ADSL
transmission distance is READSL2. READSL2 is defined in ADSL2 Annex L.
READSL2 aims to optimize the spectrum density profile application of the ADSL sending
power in the long distance condition. In the long distance condition, high frequency has
great attenuation and channels have bad bearing capability. According to the water pool
principle, channels with better quality are distributed with more sending power, and vice
versa. Thus the channel entropy reaches the maximum value.
READSL2 optimizes the ADSL sending power by closing half of the sub-channels of high
frequency and increasing the sending power spectrum density of low frequency. The
selection of the READSL2 power spectrum density meets the ANSI T1.417 standard. The
ADSL transmission distance can be increased by 2500 inches with the help of READSL2.
The READSL2 mode and the corresponding PSD profile selection can be set manually.
READSL2 has better performance in the medium or long distance condition. In the short
distance condition, because the high frequency sub-channels are closed, the READSL2
performance is worse than the ADSL2 Annex A performance. Therefore, setting READSL2
is to set the long distance lines among the subscriber lines.
2.2 VDSL2 Service

2.2.1 Introduction
Purpose
VDSL2 integrates the strengths of all the earlier DSL technologies. It is more flexible in
supporting transmission modes and is applicable in various scenarios. It supports both
symmetric and asymmetric uplink and downlink transmission rates.
2-4

Features
VDSL2 is compatible with many ADSL2 features, such as INP, BS, SRA, DELT, and SELT.
The features of the VDSL2 are as follows:
l Spectrum planning
l Eight configuration profiles
l UPBO
l DPBO
l RFI notching and PSD profile
l Virtual noise
l US0
l Backward compatibility with ADSL2
l MELT
2.2.2 Principle
Spectrum Planning
According to the G.993.2 standard, VDSL2 can be divided into asymmetric spectrum
planning (Annex A and Annex B 998) and symmetric spectrum planning (Annex B 997).
l Annex A is applicable in North America and it supports the traditional POTS service.
l Annex B is applicable in Europe and it supports the traditional POTS and ISDN
services.
Annex A is asymmetric between the uplink and downlink. When fOL = 25 KHz, Annex A
is compatible with the POTS services. The US0 frequency can be expanded, and fOH can
be selected as 138 KHz or 276 KHz. Figure 2-2 shows the Annex A spectrum.
Figure 2-2 Annex A Spectrum
Annex B supports symmetric and asymmetric modes. Figure 2-3 shows the Annex B
frequency.
2-5

Figure 2-3 Annex B Spectrum
Eight Configuration Profile

G.993.2 introduces the concept of configuration profile. Different profiles define different
configuration parameters, such as the sending power and used bandwidth. These
predefined configuration profiles are determined according to the application scenarios.
The carrier can select the profiles as required and simplify configuration requirements.
ITU-T defines eight configuration profiles, as shown in Figure 2-4. The ZXA10
C300M/C350M VDSL2 supports all the other predefined configuration profiles except 30a.
2-6

Figure 2-4 Eight Configuration Profiles
UPBO
On the DSL transmission lines, every 25 or 50 twisted pairs that belong to one cable
are considered as one basic unit. When the cables of the same basic unit use the DSL
service, crosstalk occurs between the cables. Crosstalk includes FEXT and NEXT. NEXT
is generally neglected.
If the VDSL2 subscriber that is closer to the central office uses higher uplink sending power,
the uplink frequency band of the VDSL2 subscriber that is in the same basic unit and is
farther from the central office is greatly affected by crosstalk, and the performance is greatly
deteriorated or even unable to be used.
To solve this problem, UPBO and UPBO parameter definitions are introduced to the UPBO
profile. Figure 2-5 shows the UPBO principle.
2-7

Figure 2-5 UPBO Principle
PSD: Power Spectrum Density VDSL: Very High Speed Digital Subscriber Line
CPE: Customer Premises Equipment
DPBO
If the VDSL2 subscriber at the remote end in a basic unit uses more downlink sending
power, the downlink frequency band of the ADSL subscriber is greatly affected by crosstalk,
and the performance is greatly deteriorated or even unable to be used.
To solve this problem, DPBO and DPBO parameter definitions are introduced to the DPBO
profile. Figure 2-6 shows the DPBO principle.
Figure 2-6 DPBO Principle
2-8

ADSL: Asymmetric Digital Subscriber Line VDSL: Very High Speed Digital Subscriber Line
CPE: Customer Premises Equipment
PSD Management Features

The frequency band used by VDSL2 covers medium wave radio, short wave radio, and
ham radio spectrum. Such interferences affect very narrow frequency band, but compared
with impulsive noise, they last longer time, increase line delay, and affect the services that
are sensible with time delay, such as VoIP.
These interferences are unpredictable, and they cannot be handled through bit swapping
or INP. Besides UPBO and DPBO, the following PSD management features can solve this
problem:
l Self-define one or multiple sub-frequency bands through RFI notching.
l Close some tones that may be interfered through sub-carrier blackout to enhance line
stability.
l Customize the PSD mask with the breakpoint method according to the application
scenario.
l Reduce line crosstalk through virtual noise to enhance line stability.
Backward Compatible with ADSL

VDSL2 and ADSL have a lot in common in terms of framing, interleaving, and encoding.
Therefore, VDSL2 is backward compatible with ADSL/ADSL2 so that the carriers can move
to the unified network fluently.
VDSL2 can be compatible with all the services of ADSL/ADSL2. Subscribers can keep the
existing ADSL CPE and use the new VDSL2 CPE to obtain more service support.
The ZXA10 C300M/C350M VDSL2 supports the auto-adaptation function in ATM/PTM
mode. It is automatically compatible with ADSL/ADSL2 service without interference.
MELT
To guarantee the subscriber access line to be maintained on daily basis, the access
devices must support MELT. In addition, IP-based networks with audio service provided
are the future development trend. For application at the user side with IADs access such
as an IP phone, copper cables will not connect with PSTN devices any more. So the old
maintenance implemented by copper cables cannot test the channels. And old MELT
normally requires expensive external test heads and power relay matrix. The new MELT
solution can integrate the functions in a DSL card with no extra space occupied. The test
can be taken on the running lines so it does not interfere DSL services.
The copper cable parameters tested by MELT is the same to old narrow copper cable test
as listed below:
l Rag, Rbg, Rab, Cag, Cbg, Cab, Rring
l External cable voltage and currency
2-9

l Derived parameters including open circuit, short circuit, line length, disconnection and
phone hook off
MELT provides the wetting current which can prevent copper cable from getting rusty and
it is essential for copper cables without feeding current.
2.3 Ethernet Service

2.3.1 Introduction
Ethernet is a contention media access method that allows all hosts on a network to share
the same bandwidth of a link. The term Ethernet refers to the family of local-area network
(LAN) products covered by the IEEE 802.3. Three data rates are currently defined for
operation over optical fiber and twisted-pair cables:
l 10 Mbps:10Base-T Ethernet
l 100 Mbps:Fast Ethernet
l 1000 Mbps: Gigabit Ethernet
Ethernet is popular because it is readily scalable, meaning that it is comparatively easy to

integrate new technologies, such as Fast Ethernet and Gigabit Ethernet, into an existing
network infrastructure. It is also relatively simple to implement in the first place, and
with it, troubleshooting is reasonably straightforward. Ethernet uses both Data Link and
Physical layer specifications. Ethernet has survived as the major LAN technology (it is
currently used for approximately 85 percent of the world's LAN connected computers and
workstations) because its protocol has the following characteristics:
l Easy to understand, implement, manage, and maintain
l Allows low-cost network implementations
l Provides extensive topological flexibility for network installation
l Guarantees successful interconnection and operation of standards-compliant
products, regardless of manufacturer
2.3.2 Principle
Ethernet LANs consist of network nodes and interconnecting media. The network nodes
fall into two major classes:
l Data terminal equipment (DTE): Devices that are either the source or the destination
of data frames. DTEs are typically devices such as PCs, workstations, file servers, or
print servers that, as a group, are all often referred to as end stations.
l Data communication equipment (DCE): Intermediate network devices that receive and
forward frames across the network. DCEs may be either standalone devices such as
repeaters, network switches, and routers, or communications interface units such as
interface cards and modems.
2-10

LANs take on many topological configurations, but regardless of their size or complexity,
all are a combination of only three basic interconnection structures or network building
blocks.
Point-to-Point Interconnection
The simplest structure is the point-to-point interconnection, shown in Figure 2-7. Only
two network units are involved, and the connection may be DTE-to-DTE, DTE-to-DCE, or
DCE-to-DCE. The cable in point-to-point interconnections is known as a network link. The
maximum allowable length of the link depends on the type of cable and the transmission
method that is used.
Figure 2-7 Point-to-Point Interconnection
Coaxial Bus Topology

The original Ethernet networks were implemented with a coaxial bus structure, as shown
in Figure 2-8. Segment lengths were limited to 500 meters, and up to 100 stations could
be connected to a single segment. Individual segments could be interconnected with
repeaters, as long as multiple paths did not exist between any two stations on the network
and the number of DTEs did not exceed 1024. The total path distance between the
most-distant pair of stations was also not allowed to exceed a maximum prescribed value.
Figure 2-8 Coaxial Bus Topology
Star-Connected Topology
Although new networks are no longer connected in a bus configuration, some older
bus-connected networks do still exist and are still useful. The central network unit is either
2-11

a multiport repeater (also known as a hub) or a network switch as shown in Figure 2-9. All
connections in a star network are point-to-point links implemented with either twisted-pair
or optical fiber cable.
Figure 2-9 Star-Connected Topology
2.4 PPPoA to PPPoE

2.4.1 Introduction
Purpose
In the process of switching the ATM network to IP network, to protect the customer
investment, the ZXA10 C300M/C350M provides the PPPoA access at the subscriber
side and supports the authentication from the uplink to the Ethernet based PPPoE server
(BRAS).
Features
Switching from PPPoA to PPPoE has the following features:
l It supports dual switching between the PPPoA packets at the subscriber side and the
PPPoE packets at the server side.
l It supports PPP LLC encapsulation and PPP VC-MUX encapsulation.
l It supports PPP MRU ≤1492 bytes.
2.4.2 Principle
Figure 2-10 shows the process of switching PPPoA to PPPoE.
2-12

Figure 2-10 Process of Switching PPPoA to PPPoE
PPPoE: Point to Point Protocol over Ethernet PPP: Point to Point Protocol
LCP: Link Control Protocol PADI: PPPoE Active Discovery Initiation
PADR: PPPoE Active Discovery Request
After the ZXA10 C300M/C350M receives the LCP Config-Req packet from the PPPoA
subscriber, it allocates a MAC address to the subscriber, and starts a PPPoE client entity.
The PPPoE client interacts with the PPPoE server on BRAS to implement the PPPoE
discovery phase.
During the PPPoE discovery phase, the PPPoE client sends the broadcast PADI packet,
and then obtains the MAC address of BRAS after receiving the PADO packet from BRAS.
The PADR packet then takes the MAC address of BRAS as the destination MAC address
and takes the MAC address allocated to the subscriber as the source MAC address to
form the PPPoE packet. After receiving the PADS packet from BRAS, the PPPoE client
obtains session ID and access the PPPoE session phase.
During the PPPoE session phase, for the PPP packet sent by the subscriber, the ZXA10
C300M/C350M forms the PPPoE packet with the BRAS MAC address and subscriber MAC
address, and then sends it to BRAS. On the downlink, the process is reversed.
When BRAS sends the PADT packet or the subscriber sends the LCP Configure Terminate
packet, the session is ended, the PPPoE client is closed, and the MAC address allocated
to the subscriber is released.
2-13

2.5 IPoA Access

2.5.1 Introduction
IPoA is a technology that transmits IP packets on the ATM-LAN. It specifies the standard
for establishing connections between ATM terminals by using the ATM network, especially
for establishing SVCs used for IP data communication.
IPoA bears the IP packet payload on the Ethernet frame to uplink to the upper-layer
network. In addition, it transfers the downstream IPoE packet to IPoA packet, and then
sends the packet to the subscriber.
Generally, IPoA is used by special line access, meeting the requirements by switching
from the ATM network to the IP network.
IPoA has the following features:
l The system complies with RFC2684 and supports IPoA static subscribers.
l The system complies with RFC1577 and supports IPoA dynamic subscribers.
l The system supports up to 2000 IPoA subscribers. The ADSL card supports the same
number of the IPoA subscribers and the PVCs.
l The system supports one default subscriber gateway, 2000 non-default gateways,
and 2000 subscribers.
l The system supports LLC-IP encryption auto-discovery.
l The system supports layer-2 and layer-3 IPoA application.
2.5.2 Principle
Overview
When the relation between the maintenance user port and the MAC address is proper,
ZXA10 C300M/C350M can convert and forward the IPoA packets. The administrator
allocates the MAC address of the user port to the subscriber.
Layer-2 IPoA
When the ZXA10 C300M/C350M works at the second layer, it switches IPoA to IPoE
inside the device. The IPoA subscriber gateway is the uplink device, and the gateway
is configured by the administrator. Multiple IPoA subscribers correspond to one gateway.
Layer-3 IPoA
When the ZXA10 C300M/C350M works at the third layer, it switches IPoA to IPoE inside
the device. The IPoA subscriber gateway is the corresponding layer-3 VLAN interface, and
it forwards packets according to the destination IP route. The IPoA subscriber gateway is
configured by the administrator. Multiple IPoA subscribers can correspond to one gateway.
2-14

Workflow
Figure 2-11 shows the IPoA workflow.
Figure 2-11 IPoA Workflow
PC: Personal Computer IP: Internet Protocol
MAC: Media Access Control AAL5: ATM Adaptation Layer type 5
ADSL: Asymmetric Digital Subscriber Line
The ZXA10 C300M/C350M allocates one source MAC address to each IPoA subscriber.
In addition, the ZXA10 C300M/C350M obtains the MAC address corresponding to the
subscriber gateway through the ARP protocol. This MAC address is used as the source
and destination MAC addresses of Ethernet frames to realize switching between ATM
frames and Ethernet frames.
2-15

This page intentionally left blank.
2-16

Chapter 3
Multicast
Table of Contents
Multicast Overview .....................................................................................................3-1
IGMP Snooping..........................................................................................................3-4
IGMP Proxy................................................................................................................3-5
IGMP Router ..............................................................................................................3-6
MVLAN ......................................................................................................................3-7
Channel Management ................................................................................................3-8
Service Package Management...................................................................................3-9
3.1 Multicast Overview

3.1.1 Introduction
Description
Multicast is a point to multi-point communication technology. The ZXA10 C300M/C350M
constructs multicast forwarding between the source port and the receiving port by using
IGMP snooping/proxy between the host and the router.
The ZXA10 C300M/C350M multicast services include the following:
l Multicast VLAN
l Multicast protocol processing
l Replication method for multicast data
Purpose
The effectively saves the bandwidth by multi-level replication and management through
the multicast traffic at the OLT/ONU for the business development such as IPTV and Triple
Play.
Features
The ZXA10 C300M/C350M has the following features:
l Supporting IGMP v1/v2/v3
l Supporting IGMP Snooping
l Supporting IGMP Proxy
l Supporting IGMP Router
l Supporting IPTV service
3-1

3.1.2 Principle
Multicast Replication
The direct broadcast programs are sent from the program source to the access network
through the service distribution network. The ZXA10 C300M/C350M replicates the
program flow and delivers it to the subscribers. Multicast replication saves the network
bandwidth and realizes fast and fluent distribution of the IPTV direct broadcast programs.
Multicast VLAN
Multicast VLAN is a special VLAN used to isolate the IPTV service flows. It isolates
multicast and unicast data. Therefore, to bear the IPTV direct broadcast service, at least
one multicast VLAN needs to be set.
In the actual application, if the ZXA10 C300M/C350M is used by multiple carriers, multiple
VLANs can be set to isolate the IPTV direct broadcast services of different carriers.
The ZXA10 C300M/C350M replicates the IPTV direct broadcast program flow to only
the subscribers in the multicast VLAN to which the current program belongs. The
subscribers in the MVLAN, to which the current program does not belong, cannot receive
the program. This reduces the unnecessary program replication. The MVLAN and the
MVLAN subscribers are configured through the NMS.
The ZXA10 C300M/C350M supports inter-VLAN multicast which can replicate the
programs from a multicast VLAN to the subscriber VLAN.
Dynamic Multicast and Static Multicast

The ZXA10 C300M/C350M does not replicate the program flow to all the subscribers in
the multicast VLAN, but only to the subscribers that are added to the multicast group. For
example, if the following conditions are met:
l The MVLAN is VLAN 100.
l There are n users, U1, U2, U3, ... Un.
l The MVLAN contains program P, and P corresponds to multicast group G.
l Only U1, U2, and U3 are added to G.
Then the data flow of program P is replicated to U1, U2, and U3, that is, only U1, U2, and
U3 can receive program P and other users such as U4, U5, ... cannot receive program P.
There are two methods for determining the subscribers to be added to the multicast groups:
l Static multicast
Use the NMS to configure the multicast group to which the subscriber is added. In
this case, the relationship between the group and the members is static. The program
flow is always replicated and forwarded statically to all the members in the multicast
group.
In the actual application, on one hand, the subscribers do not always want to receive
these programs, so wide invalid multicast replication wastes a lot of system resources.
3-2

Chapter 3 Multicast
On the other hand, a subscriber does not only belong to one multicast group, so the
access device replicates multiple program flows to the subscriber, but the subscriber
wants to receive only one certain program. Therefore, the unnecessary program flows
occupy the insufficient bandwidth resources of the subscriber line.
This affects the picture quality of the program that the subscriber wants to receive.
Therefore, static multicast is not recommended.
l Dynamic multicast
Use the ZXA10 C300M/C350M and user end device to run IGMP to maintain the
dynamic relationship between the multicast group and the members.
For example, when user U orders program P, and program P corresponds to multicast
group G, the user end device (such as the DVB) sends the Report packet to the access
device. The access device finds that the subscriber wants to be added to multicast
group G through the Report packet, so the access device adds the subscriber to the
group and replicate the data flow of program P to user U. Once user U leaves multicast
group G, the access device does not replicate the data flow of program P to user U.
This method reduces unnecessary data replication and saves system resources.
Therefore, this method is widely used.
IGMP
The ZXA10 C300M/C350M supports IGMP v1/v2, and it can run in the IGMP Snooping,
IGMP Proxy, and IGMP Router modes. It supports user terminals with different IGMP
types, realizes various networking models, and optimizes the IGMP processing capability.
l IGMP Snooping
The ZXA10 C300M/C350M implements the snooping function on the IGMP multicast
protocol packets. It adds the user port to the corresponding multicast group or deletes
the user port from the group according to different request types (Report and Leave).
l IGMP Proxy
The ZXA10 C300M/C350M locally realizes the IGMP Router and IGMP Host functions
according to the IETF standards. It requests the required program sources from the
upper-layer device.
Multicast Pre-Adding
If the IPTV service program source is closer to the subscriber, it is easier to receive
the program. Multicast pre-adding is used to add the program flow to the ZXA10
C300M/C350M. The ZXA10 C300M/C350M periodically sends the Report packet to the
multicast group for adding to the multicast group.
In this case, the program flow keeps arriving at the ZXA10 C300M/C350M. Once a
subscriber is added to the multicast group successfully, the program is sent to the
subscriber from the ZXA10 C300M/C350M immediately rather than from the IPTV
multicast server. Thus, it reduces the program receiving delay.
3-3

Fast Leaving
During channel switching, the STB sends a Leave packet to a multicast group, and then
sends a Report packet to another multicast group. According to IGMP, in IGMP Snooping
mode, the subscriber leaves the multicast group when the ZXA10 C300M/C350M reaches
the aging time. In IGMP Proxy mode, the subscriber leaves the multicast group when
specific query times out. In either mode, the time delay needs at least one second.
In the IPTV service, the maximum delay from sending the Leave packet to stopping the
program is 100 ms.
When the ZXA10 C300M/C350M receives the Leave packet from the subscriber, if the
subscriber can leave the group, the ZXA10 C300M/C350M immediately removes the
subscriber from the table that controls the program flow forwarding, and the program flow
is immediately stopped. Therefore, the delay from sending the Leave packet to stopping
the program consists of sending the Leave packet, receiving and processing the packet.
It can be limited within 100 ms.
3.2 IGMP Snooping

3.2.1 Introduction
Description
IGMP snooping is performed on a Layer-2 broadband access equipment to snoop on the
IGMP report/leave messages transmitted from upstream hosts and IGMP query messages
from downstream routers. It also maintains Layer-2 multicast forwarding table.
Features:
IGMP Snooping has the following features:
l When IGMP Snooping is enabled, the ZXA10 C300M/C350M intercepts the IGMP
packets and delivers them to the device protocol layer for processing, and other
packets are transmitted transparently or discarded.
l When the ZXA10 C300M/C350M receives the IGMP Report packet from a user port,
it adds the user port to the forwarding table of the corresponding multicast group.
Therefore, when the device receives a multicast service packet, it forwards the packet
to the subscribers that request the service.
l When the ZXA10 C300M/C350M receives the IGMP Leave packet from a user port,
it deletes the user port from the forwarding table of the corresponding multicast group
to terminate the multicast service.
l When the ZXA10 C300M/C350M receives the IGMP Leave packet from a user port, it
immediately terminates the service or terminates the service after the service is aged.
l The ZXA10 C300M/C350M supports the auto-aging function of the multicast group
and aging time configuration.
3-4

Chapter 3 Multicast
l The ZXA10 C300M/C350M forwards the IGMP Query packet received from the
network side to the multicast user port.
l The ZXA10 C300M/C350M forwards the IGMP Report/Leave packet received from
the user port to the network side.
3.2.2 Principle
The ZXA10 C300M/C350M receives the user upstream report/leave packets and converts
the user VLANs to multicast VLANs. It forwards the packets to the upper layer router to
establish multicast group information without changing the packets content. The ZXA10
C300M/C350M receives the downstream query packets from the router and forwards them
to the users. It deletes the users that do not respond in a particular period of time.
IGMP snooping with proxy reporting has extended the following functions:
l Report suppression: blocking, absorbing, and summarizing IGMP reports from IGMP
hosts
Only when the first user reports to the IGMP querying, summarized IGMP report
message will be sent to the multicast router.
l Last leave: blocking, absorbing, and summarizing IGMP leave packets from IGMP
hosts
When the last user leaves the multicast group, summarized IGMP leave message will
be sent to the multicast router.
l Query suppression: blocking and processing IGMP queries
In this method, the IGMP specific query message will not transmit to the user side
directly. However, the IGMP general query message will send to the user side by
OLT.
3.3 IGMP Proxy

3.3.1 Introduction
Description
In IGMP proxy mode, the ZXA10 C300M/C350M transmits query packets to a user
and responds to query packets from upper layer router. In other words, the ZXA10
C300M/C350M behaves as a proxy located between router and user.
Features
IGMP Proxy has the following features:
l The ZXA10 C300M/C350M realizes the IGMP Router state machine to manage the
IGMP requests sent by subscribers.
3-5

l The ZXA10 C300M/C350M realizes the IGMP Host state machine to dynamically
request multicast services from the multicast network.
l The ZXA10 C300M/C350M realizes the Proxy function by using the IGMP Host and
IGMP Router state machines.
l The ZXA10 C300M/C350M can immediately terminate the service or terminate the
service after aging when receiving the IGMP Leave packet from the user port.
l The IGMP packets that arrive the device are sent to the device protocol layer for
processing. The protocol layer analyzes the IGMP v1 or v2 packet.
l The ZXA10 C300M/C350M terminates the analysis of the IGMP Report/ Leave packet
received from the user port, and forms the corresponding proxy IGMP Report/Leave
packet to the network side.
l The ZXA10 C300M/C350M sends the IGMP Query packet to the multicast user port
and queries the subscribers status.
3.3.2 Principle
IGMP proxy consists of IGMP host and IGMP router. The IGMP router is applicable to
the interface at the user side to terminate the report message on the host. IGMP host is
applicable to the interface at the network side to respond to the query messages on the
multicast router. The proxy host only forwards the join message of the first user and leave
message of the last user in the same multicast group. It responds to the query message
of the router. The proxy router periodically transmits query packets.
3.4 IGMP Router

3.4.1 Introduction
Descriptiion
The ZXA10 C300M/C350M acts as a multicast router to send the IGMP query message to
host periodically. There is no IGMP packet exchange between the ZXA10 C300M/C350M
and uplink device.
Purpose
Router mode is often used in application scenario to send multicast traffic directly to the
OLT equipment to shorten the delay on switching channels.
Router mode can be used with the pre-join group function.
Features
IGMP Router has the following features:
l Supporting IGMP v1/v2/v3
l Periodically transmiting report packets of pre-join group to uplink multicast source port
3-6

Chapter 3 Multicast
l Neither forwarding report/leave packets of users, nor responding to the query packets
of the router
3.4.2 Principle
In IGMP router mode, the ZXA10 C300M/C350M periodically transmits report message
of multicast group to upper layer router. It transmits only one report message when the
multicast group has several users. Only when the last user leaves, it transmits the leave
message to multicast router. The ZXA10 C300M/C350M periodically transmits query
packets to users but does not forward report/leave message of the user and the query
message of the router.
3.5 MVLAN
3.5.1 Introduction
Description
MVLAN is a special VLAN to separate the multicast data from the unicast data.
Purpose
In practice, MVLAN is generally applied to distinguish and isolate different multicast
services from the different operators.
Features
The ZXA10 C300M/C350M has the following MVLAN features:
l Supporting span VLAN multicast
l Supporting user multicast group to pre-join
l Supporting static multicast
l Supporting user fast-leave
l Supporting at most 256 multicast VLANs
l Supporting at most 4096 multicast groups
l Each MVLAN supports at most 1024 multicast groups.
l Each MVLAN can be assigned IGMP snooping and IGMP proxy.
l The ZXA10 C300M/C350M supports multicast access control. Each MVLAN supports
a maximum of 16 valid multicast source addresses.
3.5.2 Principle
Only MVLAN members can receive multicast data. The MVLAN includes the following:
l Source port
The port is connected to the multicast traffic source port. The upstream report/leave
packets can only be transmitted to the source port.
3-7

l Receiving port
This port is connected to the multicast user. Each multicast address of the MVLAN
stands for a multicast group. The multicast group members can join in and leave the
group at anytime.
The general multicast users can join multicast group with any sources. The ZXA10
C300M/C350M supports multicast access control. It separates invalid multicast service
and valid source addresses by specific configuration.
3.6 Channel Management

3.6.1 Introduction
Description
A channel is a program (or multicast group) configured with the permission of preview and
log functions. It is a technique to control the programs of the user demand.
Purpose
The channel management allows the users to watch the channels which have been
purchased, to preview or deny access of some channels which have not been purchased.
It will record the user action log and generate the CDR report to the server for billing.
Features
The channel management has the following features:
l Supporting up to 1024 channels at most
l Supporting to apply one channel to multiple service packages
l Supporting to apply one preview template to a channel
l Supporting CDR functions to set channels
l Supporting channel bandwidth control
3.6.2 Principle
IPTV service is based on the multicast technology. The channel management is used to
avoid illegal user access. Each user has the following authorities on a particular channel:
l Permit: Users can view programs on channel at any time.

l Preview: Users can view a portion of a program for a short period for several times.
l Deny: Users are not allowed to view any content of the program.
According to the configuration and status of the channel/user, it will record the user action
log and generate the CDR report to the server for billing.
3-8

Chapter 3 Multicast
3.7 Service Package Management

3.7.1 Introduction
Description
Service package is a bound of several channels. It specifies the authority of the channel
in the package as Purchase or Preview. It is also a technique to control the programs of
the user demand.
Purpose
The service package has all the functions of the channel management but it is more flexible
to manage comparing the channel management.
Features
The service package management has the following features:
l Supporting up to 2048 service packages

l Supporting at most 256 channels by each service package
3.7.2 Principle
Configure each program in the service package to permit or preview. Any channel can
be configured into any service package and each service package can be assigned with
independent authorities. The service package will be applied to a specific user for access
control of the multicast channels.
When the same channel has different authorities in various service packages, the
authorities will be merged. The principle for merging is to take the highest among all the
authorities. The sequence from the highest to the lowest is: Permit, Preview, and Deny.
When deleting a service package, recalculate the authorities again.
3-9

3-10

Chapter 4
GPON Features
Table of Contents
FEC............................................................................................................................4-1
Multiple Networking Modes ........................................................................................4-2
Multicast GEM Port Modifiability .................................................................................4-4
4.1 FEC
4.1.1 Introduction
Description
FEC encodes the transmission data and adds extra redundant bits according to an
algorithm. Decoder can use these redundant bits to detect and correct transmission
errors.
Purpose
FEC aims to:
l Achieve low error rate during data transmission and avoid retransmission.
l Add the link budget by 3 dB–4 dB. Thus, higher rate and longer transmission distance
are supported. Each PON supports more branches.
Features
The ZXA10 C300M/C350M GPON system supports the following FEC functions:
l Enabling or disabling the FEC function for a single PON port.
l Supporting upstream FEC and downstream FEC.
4.1.2 Principle
In the GPON system, FEC uses the RS encoding method. RS is based on blocks. It
selects a data block with a fixed size and adds extra redundant bits at the end of the block.
FEC decoder uses these redundant bits to process data flows, detect errors, correct errors,
and obtain original data.
The commonly used RS encoding is RS(255,239). The code length is 255 bytes, including
239 data bytes, with 16 bytes of parity field at the end.
4-1

When block-based FEC is used, the original data is not reserved. Therefore, even if the
peer end does not support FEC, the original data can be processed by ignoring the parity
bits.
Figure 4-1 shows the downstream frame with FEC encoding.
Figure 4-1 Downstream Frame with FEC Encoding
Figure 4-2 shows the upstream frame with FEC encoding.
Figure 4-2 Upstream Frame with FEC Encoding
ONU: Optical Network Unit PLOAM: Physical Layer Operations,

Administration and Maintenance
BIP: Bit Interleaved Parity of depth
4.2 Multiple Networking Modes

4.2.1 Introduction
Description
According to the ONU position in the network and its provided services, the GPON system
has multiple networking modes, including FTTH, FTTB/C, and FTTCab.
Purpose
To meet the requirements for multiple user access services in different scenarios.
4-2

Chapter 4 GPON Features
4.2.2 Principle
The GPON standard defines the commonly used networking modes, including FTTH,
FTTB/C, and FTTCab, as shown in Figure 4-3.
Figure 4-3 GPON Networking Modes
ONT: Optical Network Terminal SNI: Service Network Interface
ONU: Optical Network Unit FTTH: Fiber to the Home
FTTB: Fiber to the Building FTTC: Fiber to the Curb
OLT: Optical Line Terminal FTTCab: Fiber to the Cabinet
UNI: User Network Interface
The details on the networking modes are as follows:

l FTTH
In this mode, fibers are used to connect the communication office and the house
residence. A house uses a single fiber channel.
l FTTB/C
In this mode, the copper wires before the user access points are replaced by fibers.
The ONUs are deployed on the cable distribution boxes (user access points). The
ONUs and the access users are connected by other medium.
l FTTCab
In this mode, the traditional feeder cables are replaced by fibers. The ONUs are
deployed on the cable distribution boxes. The ONUs and the access users are
connected by other medium.
4-3

4.3 Multicast GEM Port Modifiability

4.3.1 Introduction
Description
Multicast GEM port modifiability refers to that the downstream multiple GEM port can be
modified.
Purpose
To meet the service requirements.
Features
The ZXA10 C300M/C350M supports the modification of the multicast GEM port.
4.3.2 Principle
The default multicast GEM port number of the ZXA10 C300M/C350M is 4095. The port
number can be changed to other GEM port numbers for multicast transmission.
4-4

Chapter 5
Device Management
Table of Contents
Basic Management.....................................................................................................5-1
Software Version Management...................................................................................5-2
5.1 Basic Management

5.1.1 Introduction
Description
Basic device management refers to performing basic management and configuration on
device before using it, such as system hardware configuration.
Features
ZXA10 C300M/C350M basic device management includes:
l Shelf/card management
l Multiple card insertion support
5.1.2 Features
Shelf/Card Management
Shelf/card management is a basic function of ZXA10 C300M/C350M. The ZXA10
C300M/C350M supports the auto-authentication function for shelf, card and sub-card.
Multiple Card Insertion Support

ZXA10 C300M/C350M supports multiple card insertion function for subscriber card. The
subscriber cards can be inserted in any slot in the shelf except control card slot.
5-1

5.2 Software Version Management

5.2.1 Introduction
Description
Software management is one of the basic management functions of network device. The
main purpose is to perform version update, version protection and version synchronization
on NE.
Features
ZXA10 C300M/C350M supports the following software management functions:
l Remote version update - control card
l Remote version update - subscriber card
l Main/backup software version
l Main/backup control card version synchronization
l Boot version online update
5.2.2 Software Management

Remote Version Update - Control Card
The system main control card version can be updated remotely. Log in to the NE through
Telnet or NetNumen and perform main control card version update remotely. Remote
update performs the same function as local updating.
Remote Version Update - Subscriber Card

Each system card version can be updated locally or remotely. Log in to the NE through
Telnet or NetNumen and perform card version updating. Remote update performs the
same function as local updating. ZXA10 C300M/C350M supports all kinds of remote
updating functions.
After the card version is updated, reboot the card. The card obtains new version files
automatically from main control card.
Main/Backup Software Version

The control card flash is divided into multiple areas. At least two version (main and backup
software versions) areas are kept.
When something abnormal occurs during version download, such as power OFF, it
results in downloaded version file damage, then the system activates the backup version
automatically and can reboot successfully without any manual interference. Afterwards,
the version downloading continues.
5-2

Chapter 5 Device Management
Main/Backup Control Card Version Synchronization

Main/backup control card synchronization refers to obtaining and adding the version
file when the backup control card boots up. The ZXA10 C300M/C350M supports two
main/backup control card synchronization types. The types are as follows:
l Synchronize all main control card versions to backup control card.
l Synchronize the specified main control card versions to backup control card.
Boot Version Online Updating

The boot version of subscriber cards and VoIP resource card can be updated online.
Through HyperTerminal, Telnet or NMS, execute the boot version update command to
update boot version online. After the system is rebooted, the new boot version runs. Before
updating, boot version file needs to be send into main control card flash.
5-3

5-4

Chapter 6
VLAN
Table of Contents
VLAN Architecture......................................................................................................6-1
User-Side Multi-PVC and Multi-Service Networking Model .........................................6-2
User-Side Single-PVC and Multi-Service Networking Model (EFM Tagged)................6-3
User-Side Single-PVC and Multi-Service Networking Model (EFM Untagged
Priority Tagged) ..........................................................................................................6-5
User-Side Multi-PVC Service Networking Application .................................................6-6
VLAN Transparent Port (TLS Port) .............................................................................6-8
VLAN Non-transparent Port (Non-TLS Port) ...............................................................6-9
QinQ VLAN ..............................................................................................................6-10
Super VLAN .............................................................................................................6-12
6.1 VLAN Architecture

6.1.1 Introduction
Broadband technology development requires integrated multiple service bearing for the
network architecture. Network requires user unique identification and service identification
capability.
The VLAN function supported by nodes greatly affects the network planning and
application. TR101 is established according to the IEEE 802.1ad SVLAN module standard
and the corresponding specifications are made according to the specific functional
modules of xDSL broadband access.
The ZXA10 C300M/C350M realizes various typical VLAN division and service bearing
modules according to the TR101 specifications.
The ZXA10 C300M/C350M supports the following VLAN architectures:

l User-side multi-PVC and multi-service networking
l User-side single-PVC and multi-service networking (EFM tagged)
l User-side single-PVC and multi-service networking (EFM untagged/priority tag)
6.1.2 Principle
According to the access subscriber service types, the subscribers can be grouped as
follows:
l Business LAN service subscribers
6-1

à The flow received from the subscriber is tagged with 802.1Q tagged.
à To transmit C-tag in the convergence network transparently, the flow must be
tagged with S-tag.
à The 802.1Q tag value must be saved in C-tag mode.
à The access node must be tagged with S-tag.
à S-tag is unique on the access node and convergence node, such as 1:1 VLAN.
l Business and resident subscribers (one subscriber in one VLAN)
à The flow must be with dual tags so that it is easy to measure in the convergence
network.
à The access node should use at least one S-tag.
à S-tag cannot be shared between nodes.
à S-tag or C-tag should be unique on the access node.
l Resident subscribers (multiple subscribers in one VLAN)

à Data flow can cross the convergence network by the single S-tag.
à Each subscriber may have multiple services in different VLANs.
à The S-tag is shared by one or multiple subscribers or subscriber processes. The
number of the subscribers or subscriber groups can be big enough as long as the
access node and access gateway can keep the subscriber isolated. For example,
t All the subscribers that belong to the same access node use the same S-tag.
t All the subscribers that use the same services use the same S-tag.
6.2 User-Side Multi-PVC and Multi-Service Networking

Model
6.2.1 Introduction
The ZXA10 C300M/C350M VLAN system supports the ADSL/ADSL2+ multi-PVC
networking model. The user-side multi-PVC and multi-service networking model identifies
services by different PVCs.
6.2.2 Principle
Multiple PVC links can be configured between the ZXA10 C300M/C350M and the user
end device to realize multi-service access. Figure 6-1 shows the user-side multi-PVC and
multi-service networking model.
6-2

Chapter 6 VLAN
Figure 6-1 User-side Multi-PVC and Multi-Service Networking Model
ATM: Asynchronous Transfer Mode VC: Virtual Channel
VID: VLAN Identifier
The ZXA10 C300M/C350M can map different service flows to different PVCs.
At the subscriber side, different service flows are mapped to different PVCs. Generally,
the modem with multiple network ports are bound with the PVC directly, and the PVC port
is configured as an untagged port.
For the ZXA10 C300M/C350M, one VLAN can be mapped to one or multiple PVCs. For
example, for the common Internet flow, each PVC of each subscriber is mapped to one
VLAN. For the service flows such as IPTV, the PVCs of all the subscribers are mapped to
one VLAN. For security purposes, each PVC of each subscriber can be mapped to one
VLAN.
For the VLAN tag encapsulation mode of the convergence network, the ZXA10
C300M/C350M can support both single tag uplink and dual tag uplink. In addition,
different PVCs of one DSL port can be encapsulated to different VLANs or encapsulated
to the same VLAN to access to the convergence network.
This networking model is applicable for the network using the ADSL and ADSL2+ access
modes. The currently used ADSL and ADSL2+ access devices use the ATM encapsulation
at the subscriber side. Most devices support single-DSL and multi-PVC access.
6.3 User-Side Single-PVC and Multi-Service Networking

Model (EFM Tagged)
6.3.1 Introduction
The ZXA10 C300M/C350M VLAN system supports VDSL2/LAN EFM encapsulation
networking model. The user-side single-PVC and multi-service networking model (EFM
tagged) identifies services by C-VLAN at the subscriber side.
6-3

6.3.2 Principle
In the networking that uses single PVC or EFM encapsulation at the subscriber side, the
802.1Q tag is required to identify different services between the user end device and the
ZXA10 C300M/C350M. This mode requires to configure trunk connections between the
user end device and the ZXA10 C300M/C350M. The ZXA10 C300M/C350M can translate
the VLAN information sent by the user end device to different VLANs.
Figure 6-2 shows the user-side single-PVC and multi-service networking model (EFM
tagged).
Figure 6-2 User-side Single-PVC and Multi-Service Networking Model (EFM Tagged)
ATM: Asynchronous Transfer Mode EFM: Ethernet in the First Mile
TLS: Transparent LAN Service
The modem at the subscriber side should support VLAN tag and support the mapping
between the multiple network ports and VLAN IDs. In this networking, the service logical
channels are divided as follows:
l After the tag data flows are sent in the uplink direction from different network ports
to the ZXA10 C300M/C350M, the VLAN translation and VLAN member list are
configured on the ZXA10 C300M/C350M. VLAN translation is used to translate the
VLAN IDs sent from the logical VLAN channel at the subscriber side to the actual
uplink service channel. The ZXA10 C300M/C350M then connects to the convergence
network in single-VLAN tag mode or dual-VLAN tag mode. The VLAN member list is
used to control the uplink service flow to identify the TLS service flow or discard the
service flow.
l In the downlink direction, VLAN translation is used to translate the actual service VLAN
to the virtual VLAN at the subscriber side and send the VLAN to the subscriber side
in tagged mode.
This networking is applicable for the networking using the VDSL2 or LAN access mode.
The VDSL2 technology requires EFM encapsulation at the subscriber side, that is, single
UNI and no PVC. In this case, multi-service cannot identify services by the logical PVC
channels in the ATM, but uses the VLAN tag at the subscriber to expand the logical channel.
6-4

Chapter 6 VLAN
6.4 User-Side Single-PVC and Multi-Service Networking

Model (EFM Untagged Priority Tagged)
6.4.1 Introduction
The ZXA10 C300M/C350M VLAN system supports the VDSL2/VLAN EFM encapsulation
networking model. The user-side single-PVC and multi-service networking model (EFM
untagged/priority tagged) identifies services according to the Ethernet type (Ethertype) of
the packets at the subscriber side.
6.4.2 Principle
In the networking that uses single PVC or EFM encapsulation between the ZXA10
C300M/C350M and the user end device, if the packets sent by the user end device
are untagged or priority tagged packets, the ZXA10 C300M/C350M allocates VLANs
according to the Ethernet type (Ethertype) or the static configuration saved in the access
nodes. Therefore, different services are mapped to different VLANs.
Figure 6-3 shows the user-side single-PVC and multi-service networking model (EFM
untagged/priority tagged).
Figure 6-3 User-side Single-PVC and Multi-Service Networking Model (EFM

Untagged/Priority Tagged)
ATM: Asynchronous Transfer Mode EFM: Ethernet in the First Mile
In this networking, the service logic channels are divided as follows:
l In the untagged single-PVC architecture, all the service flows are in one PVC and
in untagged mode. To identify services, the packets of different service flows should
have different encapsulation formats. The ZXA10 C300M/C350M should be able to
map the 802.1Q VLAN tag according to the encapsulation format (Ethertype), and
support single-tag uplink or dual-tag uplink.
l When the VLAN ID data flow is received in the downlink direction, it is sent to the
subscriber side in untagged mode. In the ZXA10 C300M/C350M, different VLANs are
configured for different service flows.
6-5

This networking is applicable for special scenarios. For typical networking scenarios,
the multi-PVC and multi-service networking as well as the single-PVC or ETM tagged
networking can well meet the requirements of the multi-service operation.
The EFM untagged mode requires the protocol based VLAN on the ZXA10 C300M/C350M,
that is, the ZXA10 C300M/C350M maps Ethertype domain to the service VLAN in the uplink
direction, and removes the tag from the specific VLAN packet in the downlink direction and
sends the packets to the subscriber side in untagged mode.
6.5 User-Side Multi-PVC Service Networking

Application
6.5.1 Introduction
The ZXA10 C300M/C350M VLAN system supports the user-side multi-PVC and
multi-service networking application. Two typical applications of the user-side multi-PVC
and multi-service networking are 1:1 VLAN and N:1 VLAN.
6.5.2 Principle
The user-side multi-PVC and multi-service networking model is applicable in 1:1 VLAN
and N:1 VLAN.
Networking Application in 1:1 VLAN

Multiple 1:1 VLAN subscribers access the ZXA10 C300M/C350M through multiple PVCs
that bear different services. On the ZXA10 C300M/C350M, different PVC ports are tagged
with different SVLANs/CVLANs. The CVLANs of different PVC ports under the same ADSL
ports are the same. Different services are tagged with different SVLANs. The CVLANs of
the PVC ports under different ADSL ports are different, but the ports can be tagged with
the same SVLAN according to the same service.
Figure 6-4 shows the networking application in 1:1 VLAN.
6-6

Chapter 6 VLAN
Figure 6-4 Networking Application in 1:1 VLAN
VC: Virtual Channel STB: Set-top Box
VLAN: Virtual Local Area Network CVLAN: Customer Virtual Local Area Network
SVLAN: Service Virtual Local Area Network ADSL: Asymmetric Digital Subscriber Line
The three PVC links of the first subscriber are tagged with SVLAN1 + CVLAN1, SVLAN2
+ CVLAN1, and SVLAN3 + CVLAN1. The three PVC links of the second subscriber are
tagged with SVLAN1 + CVLAN2, SVLAN2 + CVLAN2, and SVLAN3 + CVLAN2. The
ZXA10 C300M/C350M exchanges data according to the SVLAN, and sends the data of
different services to different upper layer networks.
Networking Application in N:1 VLAN

Multiple N:1 VLAN subscribers access the ZXA10 C300M/C350M through multiple PVCs
that bear different services. On the ZXA10 C300M/C350M, the PVC links are tagged with
different SVLANs according to services.
Figure 6-5 shows the networking application in N:1 VLAN.
6-7

Figure 6-5 Networking Application in N:1 VLAN
VC: Virtual Channel STB: Set-top Box
SVLAN: Service Virtual Local Area Network ADSL: Asymmetric Digital Subscriber Line
The three PVC links of the first subscriber are tagged with SVLAN, SVLAN2, and SVLAN3.
The three PVC links of the second subscriber are also tagged with SVLAN, SVLAN2, and
SVLAN3. Services are identified according to the SVLAN. The ZXA10 C300M/C350M
sends the data of different services to the upper layer network according to the SVLAN.
The processing of the TLS data flow in this architecture is very simple. The ZXA10
C300M/C350M tags the received TLS data flow with SVLAN, and then sends it to the
upper layer network.
6.6 VLAN Transparent Port (TLS Port)

6.6.1 Introduction
The ZXA10 C300M/C350M VLAN system supports the VLAN transparent port. The VLAN
transparent port supports the TLS service and non-TLS services.
6.6.2 Principle
The VLAN transparent port can receive the TLS data flow and non-TLS data flow at the
same time. The TLS data flow can be VLAN-tagged, untagged, or priority tagged, but
the non-TLS data flow can only be VLAN-tagged. The VLAN transparent port can be
configured with a VLAN member list which defines the VLANs that the port belongs to.
In the uplink direction, data flow processing includes the following conditions:
l When the VLAN transparent port receives the untagged or priority tagged data flow,
the data flow is considered as the TLS data flow and is sent with S-tag.
6-8

Chapter 6 VLAN
l When the VLAN transparent port receives the tagged data flow, it obtains the tag
information from the data flow to check whether the VLAN belongs to the VLAN
member list. If not, the data flow is TLS data flow and is sent with S-tag.
l If the VLAN belongs to the VLAN member list, the data flow is non-TLS data flow. The
VLAN transparent port queries the VLAN translation list to translate the VLAN. When
the VLAN transparent port finds the matched item from the list, it replaces the VLAN
and sends the data flow from the access node.
For the non-TLS data flow, VLAN translation has two modes:
l The VLAN transparent port defines the SVID to replace the CVID at the subscriber
side.
l The VLAN transparent port defines the SVID and CVID, uses the CVID to replace the
VLAN information at the subscriber side, and then adds the SVID.
In the downlink direction, the TLS data flow can be sent to the subscriber after the
S-tag is deleted. For the non-TLS data flow, the S-tag or S-tag + C-tag needs to be
reverse-translated to reduce the VLAN information on the subscriber side.
When the VLAN transparent port receives the TLS data flow, it can add the CoS tag in the
following modes:
l For the untagged data flow, configure the default CoS tag in S-tag through policy
modification.
l For the tagged data flow, force the S-tag CoS or configure the C-tag CoS to map the
S-tag CoS.
l For the tagged data flow, copy the C-tag CoS to the S-tag CoS.
For the VLAN transparent port, the non-TLS data flow is tagged. Therefore, for the
non-TLS data flow, the CoS tag can be added by trusting the CoS or configuring the
priority remarking in the C-tag.
6.7 VLAN Non-transparent Port (Non-TLS Port)

6.7.1 Introduction
The ZXA10 C300M/C350M VLAN system supports VLAN non-transparent ports. VLAN
non-transparent ports support packet control.
6.7.2 Principle
When the VLAN non-transparent port receives an untagged or priority tagged packet, if
the port is not configured with protocol-based VLAN mapping, the default SVID or SVID
+ CVID of the port is added. If the port is configured with protocol-based VLAN mapping,
SVID or SVID + CVID is configured according to the protocol type.
For the uplink untagged packet, the CoS tag uses the port default S-tag priority and C-tag
priority. For the priority tagged packet, the S-tag priority can be determined by copying the
priority in the packet or by the configured CoS mapping relations.
6-9

When the data flow is forwarded in the downlink direction, the VLAN information added
in the uplink direction should be deleted and the data flow is sent to the user end in the
untagged format.
When the tagged packet is received, if the packet VLAN does not belong to the port VLAN
member list, the packet is discarded directly. The VLAN non-transparent port defines the
VLAN translation item for each VLAN, the VLAN member list. The VLAN non-transparent
port translates VLAN in the following modes:
l Defines the SVID to replace the CVID at the subscriber side.
l Defines SVID and CVID, uses the CVID to replace the VLAN information on the
subscriber side, and then adds the SVID.
For each VLAN in the port VLAN member list, the S-tag priority is determined by copying
the priority in the packet or by the configured CoS mapping relations. When the data flow
is delivered in the downlink direction, the subscriber CVLAN should be reduced according
to the VLAN translation list.
6.8 QinQ VLAN

6.8.1 Introduction
Description
Q-in-Q is the extended 802.1Q. It is used to expand VLAN space by tagging the tagged
packets, thus producing a ‘double-tagged’ frame. Its purpose is to encapsulate the
private network to public VLAN tag, then packets with double tags traverse the service
provider's trunk network and thus it provides users with a simpler Layer-2 VPN tunnel.
The expanded VLAN space allows the service provider to provide certain services, such
as Internet access on specific VLANs for specific customers and other types of services
for their other customers on other VLANs.
It can be achieved by static configuration only, which is especially suitable for small
enterprise network with Layer-3 exchange or the small-scale city network.
Features
ZXA10 C300M/C350M supports 4000 QinQ VLANs.
6.8.2 Principle
Figure 6-6 shows the Q-in-Q VLAN working principle.
6-10

Chapter 6 VLAN
Figure 6-6 QinQ VLAN Working Principle
VLAN: Virtual Local Area Network IP: Internet Protocol
ZXA10 C300M/C350M can realize the interconnection between users in the same private
network of different areas through QinQ VLAN. In this example, User 1 and User 4 are in
the same private network VLAN 10 of different areas. User 2 and User 3 are in the same
private network VLAN 20 of different areas. ZXA10 C300M/C350M add user ID to packets
（it is VLAN 30 in this example). The procedure of processing user service packet is as
follows:
1. User 1 and User 2 send an untagged packet.
2. The Layer-2 LAN switch adds VLAN tag (VLAN 10 and VLAN 20) to this packet and
conveys the packet to ZXA10 C300M/C350M.
3. ZXA10 C300M/C350M adds a uniform VLAN tag (VLAN 30) to this packet. At this
time, this packet goes through VLAN 30 with double VLAN tags.
4. When the opposite ZXA10 C300M/C350M device receives the packet, it strips the
outer VLAN tag (VLAN 30) and forwars this packet.
5. When the opposite Layer-2 LAN switch receives this packet, it identifies it and strips
VLAN tag (VLAN 10 or VLAN 20) and conveys this packet to User 3 and User 4.
In this way, ZXA10 C300M/C350M realizes the interconnection between User 1 and User
4 in VLAN 10, User 2 and User 3 in VLAN 20.
6-11

6.9 Super VLAN

6.9.1 Introduction
With the development of networks, network address resource has become more and more
scarce. The concept of Super VLAN was introduced to save the IP address space. Super
VLAN is also named as VLAN aggregation. A super VLAN involves multiple sub-VLANs. It
has a VLAN interface with an IP address, but no physical ports can be added to the super
VLAN. A sub-VLAN can have physical ports added but have no IP address and VLAN
interface. All ports of sub-VLANs use the VLAN interface’s IP address of the super VLAN.
Packets cannot be forwarded between sub-VLANs at Layer–2.
If Layer–3 communication is needed from a sub-VLAN, it uses the IP address of the super
VLAN as the gateway IP address. Thus, multiple sub-VLANs share the same gateway
address and thereby save IP address resource.
The ARP proxy function is used to realize Layer–3 communications between sub-VLANs
and between sub-VLANs and other networks.
The work flow is as follows: after creating the super VLAN and the VLAN interface, enable
the local ARP proxy function to forward ARP response and request packets.
6.9.2 Principle
Super VLAN defines that each sub-VLAN remains in a separate broadcast domain and
that the broadcast information cannot be exchanged among different subnets. When
data needs to be forwarded to multiple nodes, the dynamic VLAN proxy is established
to manage all users in VLAN. Thus, each subnet does not need to be configured with IP
address. Instead, all subnets in a super VLAN share one IP address. This IP address is
the super VLAN IP address.
Figure 6-7 shows the super VLAN working principle.
Figure 6-7 Super VLAN Working Principle
6-12

Chapter 6 VLAN
VLAN: Virtual Local Area Network
In the above diagram, user group A belongs to VLAN 1, user group B belongs to VLAN 2
and the host addresses of user group A and B is in the same network segment.
Since user group A and user group B reside in different VLANs and they cannot
communicate with each other, namely, A and B are isolated in Layer–2. Presume that
A and B belong to the same network segment, using super VLAN, the interconnection
between VLANs can be realized.
In order to enable A and B to communicate with each other, create a super VLAN 100
and add VLAN 1 and VLAN 2 as sub-VLANs into super VLAN 100. Also, create Layer-3
interface in super VLAN 100 and configure Layer-3 interface IP address. Start ARP proxy.
Through the corresponding relations between super VLAN and sub-VLAN, all sub-VLANs
share a Layer-3 interface. Users in different sub-VLANs share the same super VLAN
gateway, which can save IP addresses.
6-13

6-14

Chapter 7
QoS
Table of Contents
QoS ...........................................................................................................................7-1
Packet Classification and Mark...................................................................................7-2
Congestion Management ...........................................................................................7-3
Traffic Shaping ...........................................................................................................7-6
Redirection and Policy Route .....................................................................................7-8
Priority Mark ...............................................................................................................7-9
Flow Mirror and Traffic Statistics...............................................................................7-10
7.1 QoS
7.1.1 Introduction
The ZXA10 C300M/C350M provides different QoS functions according to different
application requirements. It ensures the QoS by providing the network carriers with the
control authority of the network resources.
The ZXA10 C300M/C350M supports the following QoS functions:
l Packet classification and mark

l Congestion management
l Traffic monitoring and shaping
7.1.2 Principle
The ZXA10 C300M/C350M processes the QoS assurance for the forwarded packet when
the packet enters one interface of the device and exits another interface. According to
the processing sequence, this process consists of packet classification and marking,
congestion management, traffic monitoring and shaping. Figure 7-1 shows the QoS
features.
7-1

Figure 7-1 QoS Features
ITU: International Telecommunications Union QoS: Quality of Service
SP: Strict Priority WRR: Weighted Round Robin
DSCP: Differentiated Services Code Point VLAN: Virtual Local Area Networks
IP: Internet Protocol TCP: Transmission Control Protocol
UDP: User Datagram Protocol TOS: Type of Service
MAC: Media Access Control
7.2 Packet Classification and Mark

7.2.1 Introduction
Packet classification is the basis of QoS. The packets can be processed differently and
the QoS is assured only when different packets are classified.
Packet classification aims to classify the packets to multiple priorities and multiple service
classes according to certain rules. After packet classification, the QoS features can be
applied to different classes, such as congestion management and bandwidth allocation.
In the ZXA10 C300M/C350M, packets are classified according to the physical interface,
MAC address, IP address, protocol type, or application port number by using the ACL
technology. Meanwhile, the 802.1Q priority or ToS/DSCP priority is marked.
7-2

Chapter 7 QoS
7.2.2 Description
Packet Classification
The ZXA10 C300M/C350M supports the following packet classes:
l Physical port/PVC
l Source MAC address
l Destination MAC address
l 802.1Q priority
l VLAN ID
l Ethernet type (EtherType):IP, ARP, RARP, PPPoE discovery, PPPoE session
l IP protocol type: ICMP, IGMP, TCP, UDP
l Source IP address
l Destination IP address
l DSCP/ToS
l TCP/UDP source port
l TCP/UDP destination port
Besides, the ZXA10 C300M/C350M supports 80–byte deep packet check. The user can
customize the mapping fields in the packet.
Packet Mark
The ZXA10 C300M/C350M supports marking the priorities according to the packet
classification:
l Marking 802.1p
l Marking DSCP/TOS
When the priorities are marked based on the physical port or PVC, the priority marking is
as follows:
l Default 802.1p priority
l Forcing 802.1p priority
l Priority trust
à Trust the 802.1p priority and transparently transmit DSCP/TOS.
à Trust the DSCP/TOS priority and transparently transmit 802.1p.
à Trust the 802.1p priority and modify DSCP/TOS according to 802.1P-DSCP.
à Trust the DSCP/TOS priority and modify 802.1p according to DSCP-802.1P.
7.3 Congestion Management

7.3.1 Introduction
Congestion management provides the management and control methods for handling the
network congestion.
7-3

The primary congestion management method is the queuing technology. The packets are
classified and allocated to different queues. Queue scheduling processes the packets with
different priorities in different ways. The packets with higher priorities are processed first.
Different queue algorithms are used to handle different problems and has different results.
Congestion management includes the following:
l Queue creation
l Packet classification
l Allocating packets to different queues
l Queue scheduling
When congestion does not occur on an interface, the packet is sent immediately. When the
packet arrival rate exceeds the packet sending rate, congestion occurs on the interface.
Congestion management uses the queuing technology. Packets are queued according to
certain policies, and then are obtained from the queue according to the scheduling policy
and sent from the interface. According to different queueing and exiting queue policies,
congestion management includes the following:
l SP
l WRR
l SP + WRR
The ZXA10 C300M/C350M supports up to eight queues at the network and subscriber
sides.
7.3.2 Principle
SP Scheduling
The ZXA10 C300M/C350M supports the SP scheduling algorithm, as shown in Figure 7-2.
Figure 7-2 SP Scheduling
The SP scheduling process is as follows:

1. The packets are classified upon arrival.
2. The packets are allocated to the queues with different priorities according to the
classification rules.
7-4

Chapter 7 QoS
3. The queues are scheduled according to the priorities. The data in the queues with
higher priorities are sent first.
The SP scheduling algorithm has the following advantages:
l It supports queues with different priorities.
l It is easy to implement.
The disadvantage of the SP scheduling is that if the queues with higher priorities have too
high traffic volume, those with lower priorities cannot be scheduled.
WRR Scheduling
The ZXA10 C300M/C350M supports the WRR scheduling algorithm, as shown in Figure
7-3.
Figure 7-3 WRR Scheduling
The WRR scheduling process is as follows:

3. The queues are allocated with different sending weight ratios, such as 1:1:2.
4. In each scheduling circulation, the number of packets that each queue can send is
determined by the weight ratio.
The WRR scheduling algorithm has the following advantages:

l Different queues are allocated with different port bandwidths according to the ratios.
l It is easy to implement.
The disadvantage of the WRR scheduling algorithm is that only when the average packet
length of the all queues are the same, the bandwidth ratio is the configured ratio. When
the packet length is flexible, the bandwidth ratio is inaccurate.
SP + WRR Scheduling
The ZXA10 C300M/C350M supports the SP + WRR scheduling algorithm, as shown in
Figure 7-4.
7-5

Figure 7-4 SP + WRR Scheduling
SP: Strict Priority WRR: Weighted Round Robin
The SP + WRR scheduling process is as follows:

3. The WRR scheduling queues are allocated with different sending weight ratios, such
as 2:1.
4. In each scheduling circulation, the data in the SP queues are sent first until the SP
queues are empty. Then it determines the number of the packets that each WRR
queue can send according to the ratios.
In the queue scheduling algorithm, to ensure the queues with lower priorities can
be scheduled, the ZXA10 C300M/C350M supports queue bandwidth limit. For
more details, refer to the Section “Traffic Monitoring and Shaping” in this manual or
"egress-shaping-queue” in the command manual.
7.4 Traffic Shaping

7.4.1 Introduction
Traffic monitoring aims to limit the traffic rates or emergency rates of certain packets that
access the network at overwhelming speed. If the traffic of certain packets is too high, the
traffic monitoring function discards the packets or reset the packet priority. CAR is usually
used to limit the packet traffic. The ZXA10 C300M/C350M supports traffic monitoring
through policy.
Traffic shaping aims to limit the traffic rate of certain packets that exit the network. The
ZXA10 C300M/C350M supports the port-based, queue-based, and policy-based traffic
shaping, which is applicable in multiple service models.
7-6

Chapter 7 QoS
7.4.2 Principle
Traffic Monitoring
The ZXA10 C300M/C350M traffic monitoring is implemented by the CAR algorithm.
CAR is a bandwidth management mechanism. It uses the TB technology to allocate and
measure the bandwidth. CAR can allocate different bandwidths for different services and
define the policy for handling the problem that the service occupied bandwidth exceeds
the allocated bandwidth threshold.
The traffic monitoring process is shown in Figure 7-5.
Figure 7-5 Traffic Monitoring Process
TB: Token Bucket
The packet classification result determines whether speed measurement and traffic
monitoring are required.
If the TB has enough tokens to send the packet, the packet is allowed to pass and continue
to be sent. Otherwise, the packet is discarded or its DSCP priority is changed. Therefore,
the packet traffic is controlled.
Traffic Shaping
Traffic shaping can shape the packet traffic that is irregular or does not match the specified
traffic features, to match the bandwidths between the uplink and downlink.
Similar to traffic monitoring, traffic shaping is also implemented by TB. The difference is
that traffic monitoring discards (or modifies DSCP) the packets that fail to meet the traffic
features, but traffic shaping buffers those packets. The traffic shaping process is shown
in Figure 7-6.
7-7

Figure 7-6 Traffic Shaping Process
TB: Token Bucket LR: Location Request
QoS: Quality of Service
The traffic is controlled by TB. If the TB has enough tokens to send the packet, the packet
can be sent. Otherwise, the packet enters the QoS queue for congestion management.
The packet traffic can be limited to be less than the token generation speed by controlling
the token count. This method can limit the traffic and allow emergent traffic to pass.
7.5 Redirection and Policy Route

7.5.1 Introduction
Traffic redirection changes packet forwarding direction, to CPU, other ports, other IP
addresses or other cards.
Policy routing is a technique used to forward packets according to a preset policy. It can
identify and classify the network data packets according to different keywords and decide
its forwarding policy. The policy routing technique can control flow direction and behavior
of the network user data packets.
7.5.2 Principle
Policy routing is defined as forwarding packets according to the preset policy.
Policy routing resides in IP layer. Before packets are forwarded, some policy should
be made, such as redirection to next hop. Then look up the FIB table according to the
destination IP address. Figure 7-7 shows the location of policy route in the system.
7-8

Chapter 7 QoS
Figure 7-7 Location of Policy Route in the System
UDP: User Datagram Protocol TCP: Transmission Control Protocol
IP: Internet Protocol PPP: Point to Point Protocol
LAPB: Link Access Procedure Balanced OS: Operating System
Policy route employs keywords to classify the data packets so it can forward the data
packets according to different policies. The employed keywords have the characteristics
related to the data packets, such as source IP address, destination IP address, source
port number, destination port number and IP protocols, etc.
7.6 Priority Mark

7.6.1 Introduction
Description
CoS priority label refers to relabeling packet CoS priority (Domain: 802.1p).
Features
ZXA10 C300M/C350M supports ACL-based CoS priority labelling.
7.6.2 Principle
ZXA10 C300M/C350M supports the following priority labeling operations:
l Change CoS queue of data packets and 802.1p value.

l Change CoS queue of data packets but do not change 802.1p value.
l Change DSCP value of data packets.
l Change discarding priority of data packets.
7-9

7.7 Flow Mirror and Traffic Statistics

7.7.1 Introduction
Description
Flow mirror is used to monitor service flows according to traffic classification rule. The
traffic mirror copies data packets according to traffic classification rule to monitor port,
facilitate network detection and eliminate the faults.
Traffic monitoring is used to monitor service flow according to classification rule at the
packets receiving port. It enables service flow to adapt to the network resource allocated
to it, such as bandwidth. Traffic monitoring is used for rate restriction on packets receiving
port, monitoring traffic flow to one network. If packet rate is too fast, traffic monitoring can
discard packet or reset packet priority.
Features
ZXA10 C300M/C350M supports ACL-based flow mirroring and traffic statistics functions.
7.7.2 Principle
Flow Mirror
Flow mirror must be used together with ACL configuration. It mirrors the packets that
match ACL rule. To perform this operation, configure ACL rule first, then configure the
flow mirror destination port and apply ACL rule to source port.
Traffic Statistics
Flow statistics must be used together with the ACL configuration to count the numbers and
characters of packets that match ACL rule. To perform this operation, configure ACL rule
first, then configure statistical property of this rule and apply the rule to the traffic statistics
port.
7-10

Chapter 8
Protocols
Table of Contents
IP Route Selection .....................................................................................................8-1
Static Route Protocol..................................................................................................8-2
Dynamic Route Protocol.............................................................................................8-3
SNMP ........................................................................................................................8-8
NTP..........................................................................................................................8-10
STP..........................................................................................................................8-12
8.1 IP Route Selection

8.1.1 Introduction
The information in routing table determines all policies in IP layer. To search routing table,
perform the following steps:
1. Search the matched host address.
2. Search the matched network address.
3. Search the default table entries (The default entry is generally specified as a network
entry in routing table. Its network number is 0.). Matching host address is always prior
to matching network address.
Route selection in IP layer is actually a kind of route selection mechanism. It searches
routing table and determines which network interface to send groups to, which differs from
route selection policy. It is only a set of rules that determine which routes to be put in routing
table. IP implements the route selection, while route guard program generally provides
route selection policy.
8.1.2 Principle
Figure 8-1 shows a simple routing table.
Figure 8-1 Simple Routing Table
For a specified router, the following five kinds of flags can be printed out:
8-1

l U: This route is available.

l G: The route goes to a gateway. If this flag is not configured, it implies that the
destination is connected directly and the corresponding gateway should provide
destination address.
l H: The route goes to a host, namely, the destination is a complete host address. If this
flag is not configured, it implies that this route goes to a network and the destination
is a network address (a network number or a combination of a network number and a
subnet number).
l D: This route is created by a redirected packet.
l M: This route is modified by a redirected packet.
G stands for a gateway. If data is sent to the destination, the IP head should be the
destination IP address and the MAC address in data link layer is the MAC address of the
gateway. On the contrary, if there is not flag G, the addresses in the data link layer and IP
layer should be corresponding. H stands for the property of the destination. If it is flag H,
it means that this address is complete with either network number or host number. Then
when address is compared, both network number and host number are compared.
Therefore, IP route selection is performed as follows:
1. Use IP address to match with those destination IP addresses with flag H.
2. If step 1 fails, match with the network addresses.
3. If step 2 fails, send the IP address to default gateway.
IP route selection can be classified into two categories:
l Static Route Selection
Static route selection refers to generating routing table in a default way in interface
configuration and adding table entries through route or updating entries through ICMP
packet.
l Dynamic Route Selection
Dynamic route selection protocol is used only between routers. The system adds an
appropriate route to a core routing table and then can find the most suitable network
according to this core routing table. Namely, dynamic route selection is performed
outside the system core network. It only uses some selection policies to affect the
routing table, while it does not affect the route that is selected through the routing
table.
The currently used dynamic route selection protocols mainly include RIP, OSPF, BGP
and IS-IS.
8.2 Static Route Protocol

8.2.1 Introduction
Static route is configured manually by network administrator. Through manual
configuration, an inter-connectivity network can be established. Static route is feasible in
8-2

Chapter 8 Protocols
small network systems but not in large network systems with multiple routers and multiple
paths.
Default route is used when there is no matched routing table. In routing table, the default
route is defined as 0.0.0.0.
8.2.2 Principle
Static route is a fixed routing table configured in routers by network administrator according
to real network topology. It does not change unless network administrator changes it.
8.3 Dynamic Route Protocol

8.3.1 RIPv1/v2
8.3.1.1 Introduction
Description
RIP is a dynamic route protocol using the distance-vector routing algorithm. It employs the
hop count as a routing metric. By default, each RIP router transmits full updates of routing
table every 30 seconds. RIP is suitable for small-sized network architecture.
Features
The features are as follows:
l RIP has two versions. RIP version 1 is only suitable for classified routing network,
while RIP version 2 is suitable for classless routing network.
l RIP version 2 provides a simple authentication mechanism, stipulating the first 20
bytes of the table address series of RIP packet as oxfff and route tag as 2. The
remaining 16 bytes in the table contains a password in cleartext.
l RIP version 2 supports multicast besides broadcast, which can reduces the load of
host that does not listen to RIP version 2 packet.
8.3.1.2 Principle
l Routing Update
RIP is one of the distance-vector routing protocol. Routers with the distance-vector
routing protocol broadcasts local routing table to its neighboring routers every 30
seconds. RIP of each neighboring router performs maintenance on local router
after receiving route packet. RIP selects the best route and broadcasts the route
modification information to its neighboring network to validate the route globally.
l Metric Value
8-3

RIP employs hop count to measure the distance of destination network. In RIP
protocol, the hop count from router to its directly connected network is 0. The hop
count for the reachable network through one router is 1. In order to limit convergence
time, RIP defines the metric value to be the integers ranging from 0 – 15. Those hop
counts, more than or equivalent to 16, are defined as infinity, namely the destination
network or host is unreachable.
l Stability
To ensure routing efficiency, RIP employs “Trigger-Refresh” technology and “Split
Horizon”. When the local routing table is modified, it triggers the broadcast routing
packet refresh to broadcast the routing updates and validate the global route. Split
horizon is a method of preventing a routing loop in a network. The basic principle is
simple: Information about the routing for a particular packet is never sent back in the
direction from which it was received. This solves the problem of slow convergence
between two routers.
l Timer
RIP employs timer to manage performance. The timer includes routing-update timer,
route-timeout timer, and route-flush timer. Routing-update timer manages interval of
periodic routing update, normally 30 seconds. Route-timeout timer manages aging
time interval for each table entry. When the route-timeout timer of some entry exceeds
the limit, this entry is invalid. Route-flush timer manages invalid entries left in the
routing table. When route-flush timer exceeds the limit, all entries in invalid state are
removed from routing table.
8.3.2 OSPFv2
Description
OSPF is one of the dynamic link-state routing protocols used in IP networks. OSPF sends
LSAs to all other routers within the same autonomous system. OSPF router collects all
LSAs and computes the shortest path to each node with SPF.
Features
OSPF is another interior gateway protocol besides RIP. However, it overcomes all RIP's
restrictions.
Different from RIP protocol in distance-vector, OSPF is a link-state protocol.

Distance-vector refers to a hop count when RIP sends a packet. Each router updates its
own routing table according to the distance vector that it receives from its neighboring
station.
In a link-state protocol, router does not exchange information with its neighboring station.
Instead, each router initially tests the state of the link connected to its neighboring station
8-4

Chapter 8 Protocols
and sends this information to its other neighboring stations which in turn spread this
information within autonomous system. Each router receives the link-state information
and establishes a complete routing table.
In real practice, the difference between these two protocols is that link-state protocol
features faster convergence than distance-vector protocol. Convergence refers that route
can stabilize itself when router closes or link fails.
OSPF can use IP directly instead of using UDP or TCP.
In addition, as a link-state protocol rather than a distance-vector protocol, OSPF enjoys
other better advantages than RIP:
l OSPF can calculate its own routing set for each IP service type, meaning that there
can be multiple routing table entries for any purpose. Each table entry corresponds
to an IP service type.
l OSPF can designate each interface a non-dimension cost through throughput rate,
return time, reliability or other performances. It can designate each IP service type an
individual cost.
l When there are multiple routes of same cost in the same destination address, OSPF
allocates the traffic on these routes on average, which is called traffic balance.
l OSPF supports subnet. Subnet mask is connected with each advertisement route,
which allows any type of IP address to be split into multiple subnets in different sizes.
The route to a host is advertised through all-one subnet mask. The default route is
advertised with IP address 0.0.0.0 and all-0 mask.
l The point-to-point link between routers does not require each end to have an IP
address, which is called unnumbered network, which can save IP address.
l OSPF employs a simple authentication mechanism, similar to RIP-2 mechanism
which specifies a clear-text password.
l OSPF is defined as multicast instead of broadcast to decrease the OSPF system load.
8.3.2.2 Principle
SPF algorithm is the base for OSPF protocol. When the router to run SPF algorithm is
started, it begins to initialize the route protocol and checks whether each interface works
normally. After everything works well, the router sends OSPF Hello packet to establish
relation with the routers on the same network.
On the multi-access network, OSPF Hello packet can be used to select the specified
routers and backup routers. The specified routers are responsible for creating LSAs on the
whole multi-access network. When two adjacent link-state databases are synchronized,
the two routers are neighbors.
The information obtained from OSPF neighbors is not a complete routing table. OSPF
routers inform each other of their own link-state from link to network. In the same area,
all routers have the same LSDB and each route independently calculates the LSDB with
SPF algorithm to determine the shortest path to its destination.
8-5

Each router generates a LSA according to its adjacent network topology structure and
sends the LSA to all other routers in the network. Thus each router receives the LSAs
from other routers and all LSAs are collected as an LSDB.
Since one LSA describes one router's neighboring network topology structure, one LSDB
describes the topology structure for the whole network. Routers can easily transform the
LSDB to a directed graph. The graph reflects the whole network topology structure.
Now each router takes itself as a root node to calculate the shortest path-tree with SPF
algorithm. From this tree, the routing table of each node in this network can be obtained.
Each router in the area obtains the different routing table, which enables each router to
calculates the route to other destination routers.
8.3.3 ISIS
IS-IS is a protocol used by network devices (routers) to determine the best way to forward
datagrams through a packet-switched network, a process called routing. The protocol
was defined in ISO/IEC 10589:2002 as a international standard within the OSI reference
design. IS-IS has now been widely used as an internal gateway protocol.
8.3.3.2 Principle
Since IS-IS protocol is based on CLNS, instead of IP, IS-IS employs ISO-defined PDU
during the communication between routers.
The PDU types used in IS-IS are:
l Call PDU
Similar to Hello packet in OSPF protocol, Call PDU is defined to form adjacencies
between routers, find new neighbors and detect if any neighbor quits from route.
l LSP PDU
IS-IS routers exchange routing information through LSP PDU to establish and
maintain LSDB. An LSP stands for a piece of important router information including
area and connected network.
l Sequence Number PDU

SNP is used to ensure reliable LSP transmission. SNP contains information about
each LSP in network. When routers receive an SNP, it is compared with its LSDB. If
this router loses an LSP in SNP, it sends a multicast SNP to request other routers for
LSP. LSP and SNP are used cooperatively to ensure IS-IS protocol reliable routing.
The IS-IS operation is described in the following steps:
1. Routers send Hello packets out of all integrated IS-IS interfaces to discover neighbors
and to form adjacencies.
2. Routers sharing a common data link become neighbors.
8-6

Chapter 8 Protocols
3. Routers build LSPs based on local Integrated IS-IS interfaces and prefixes learned
from other adjacent routers. These are sent to all neighbors.
4. Routers flood received LSPs to all adjacent routers except to the neighbor from which
the LSP was received.
5. When new or different LSPs are received, the router adds the LSPs to the link-state
database.
6. The router calculates the SPF for each destination and constructs SPT and the
forwarding database.
8.3.4 Multicast Route Protocol PIM

PIM is a routing protocol that can be used for forwarding multicast traffic. PIM operates
independent of any particular IP routing protocol. Therefore, PIM makes use of the IP
unicast routing table and does not keep a separate multicast routing table. (The unicast
routing table is itself routing protocol-independent because one or more routing protocols
can be used to populate a single table.)
According to the forwarding modes, PIM can be divided into PIM-DM and PIM-SM. PIM-DM
implicitly builds shortest-path trees by flooding multicast traffic domain, and then removing
the back branches of the tree where no receivers are present. PIM-DM generally has poor
scaling properties. PIM-SM explicitly builds unidirectional shared trees rooted at a RP per
group, and optionally creates shortest-path trees per source. PIM-SM generally performs
fairly well for wide-area usage.
8.3.4.2 Principle
PIM-SM is a multicast routing protocol designed on the assumption that recipients for any
particular multicast group are sparsely distributed throughout the network. In order to
receive multicast data, routers must explicitly tell their upstream neighbors about their
interest in particular groups and sources. Routers use PIM Join and Prune messages
to join and leave multicast distribution trees. The working procedure of PIM-SM mainly
includes:
l Finding neighbors
l Generating RP-Shared Tree
l Registering multicast source
l Switching SPT
PIM-SM by default uses shared trees, which are multicast distribution trees rooted at some
selected node called as RP. The hosts must encapsulate data in PIM control messages
and send it by unicast to the RP.
A router can determine the location of the RP by using following methods:
l Static manual configuration

l Dynamic configuration
8-7

à PIM-SM V1 adopts Auto RP

à PIM-SM V2 adopts Candidate-RP
Bootstrap Router (BSR)

PIM-SM V2 manually configures a router as Candidate- Bootstrap Router
(Candidate-BSR). The BSR sends bootstrap messages to all its PIM neighbors, with the
address of the designated interface as the BSR address. Each neighbor compares the
BSR address with the address it had from previous bootstrap messages (not necessarily
received on the same interface). If the current address is the same or higher address, it
caches the current address and forwards the bootstrap message. Otherwise, it drops the
bootstrap message.
This router continues to be the BSR until it receives a bootstrap message from another
candidate BSR saying that it has a higher priority (or if the same priority, a higher IP
address).
Designate Router (DR)

The DR is a router on the host's local network. A single DR is elected from all PIM routers
on a network to avoid unnecessary control messages.
8.4 SNMP
8.4.1 Introduction
Description
SNMP refers to simple network management protocol. MIB defines all the variables that
can be queried and configured by managed processes.
All these variables are identified by OID (object identification). These OIDs build a
hierarchy which contains a long string of numbers. A variable instance can be identified
by an instance attached to this OID.
Many SNMP variables are depicted in tabular form.
Features
SNMP has two versions: SNMPv1 and SNMPv2. The differences between the version is
as follows:
1. In SNMPv2, a new group type “get-bulk-request” is defined to read massive data from
an agent in a high efficiency.
2. Another new group type is “inform-request”, which enables one managed process to
send information to another managed process.
3. Two new MIB are defined. They are SNMPv2 MIB and SNMPv2–M2M MIB.
8-8

Chapter 8 Protocols
4. SNMPv2 has a greater security than SNMPv1. In SNMPv1, the community string from
managed processes to agents is transmitted in cleartext, while SNMPv2 is defined to
provide authentication and encryption.
8.4.2 Principle
TCP/IP-based network management includes the following three parts:
l MIB: MIB includes all the queried and modified parameters that exist in agents.
l A common structure and notation about MIB is referred to as SMI. For example,
SMI defines counters, a non-negative integer ranging from 0 to 4294967295. After
counters reach the maximum value, they roll over to 0.
l The communication protocol between managed processes and agents is defined as
SNMP. SNMP includes the format for data packets exchange. Despite that all kinds
of protocols can be adopted in transport layer, UDP is used most in SNMP.
Regarding the interactive information between managed processes and agents,
SNMP defines five types of packets:
1. Get-Request Operation – Retrieve one or multiple parameters from agents.

2. Get-Next-Request Operation – Retrieve one or multiple next parameters.
3. Set–Request Operation – Set one or multiple parameters for agents.
4. Get-Response Operation – Agents respond to the first three operations with one
or multiple parameters.
5. Trap Operation – Agents initialize a packet to inform managed processes.
The first three operations are implemented by managed processes; the later two
operations are implemented for managed processes by agents.
As the first four operations are in simple request-respond mode (namely, managed
processes send requests and agents respond), data packet loss is likely to happen during
communication between managed processes and agents. Therefore, there must be a
timeout and retransmission mechanism.
Managed processes use port 161 of UDP to implement the first three operations and
agents use port 162 of UDP to implement Trap operation. As different ports are used
for sending and receiving, a system can be managed processes and agents at the same
time.
Authentication between managed processes and agents is performed only by a
"community string", in effect a type of password, which is transmitted in cleartext. The
default value is public.
8-9

8.5 NTP
8.5.1 Introduction
Description
NTP is mainly applied for synchronizing the time of all hosts or routers in network in the
following aspects:
l Network Management: Time needs to be taken as a reference during the analysis on
the log information and debugging information collected from different routers.
l CDR System: All system clocks must be synchronized.
l Specific function: Set time to reboot all routers in network to keep all the clock
synchronized.
l Handling the same complicated event with the collaboration of multiple systems: To
ensure execution in correct order, multiple systems must refer to the same clock.
l Performing increment backup between backup servers and clients: It is a must to
synchronize the clocks of all backup servers and clients.
For the numerous network devices, if the system clocks are modified manually by
administrators, the workload is enormous and the accuracy of clocks cannot be
guaranteed as well. Through NTP configuration, the clocks of all network devices can be
synchronized quickly with high accuracy.
NTP's Advantage
l It adopts stratum to define clock accuracy, which can synchronize all network devices
quickly.
l It supports access control and MD5 authentication.
l It supports unicast, multicast or broadcast modes to send packets.
8.5.2 Principle
NTP basic working principle is shown in figure Figure 8-2. Router A and Router B is
connected through WAN. They have their own independent system clocks which can be
synchronized by NTP.
The following examples describes the working of NTP:
l Before the synchronization between Router A and Router B, the time of Router A is
set to be 10:00:00 am and the time of Router B is set to be 11:00:00 am.
l Take Router B as NTP time server and synchronize the clock of Router B to that of
Router A.
l It takes one second for data packets one-way transmission between Router A and
Router B.
l It takes one second for both Router A and Router B to process NTP data packets.
8-10

Chapter 8 Protocols
Figure 8-2 NTP Working Principle
NTP: Network Time Protocol
The following procedure describes the synchronization of system clock:

1. Router A sends a NTP message to Router B with the timestamp 10:00:00 am (T1)
when the message leaves Router A.
2. When this NTP message reaches Router B, Router B adds an arrival timestamp
11:00:01 am (T2).
3. When this NTP message leaves Router B, Router B adds a leaving timestamp 11:00:02
am (T3) again.
4. When Router A receives this response message, it adds a new timestamp 10:00:03
am (T4).
So far, Router A has enough information to compute the following two important
parameters:
l Cycling delay of NTP message: Delay = (T4-T1) - (T3-T2)

l Time margin for Router A against Router B: Offset = (T2-T1) + (T3-T4)/2
Router A sets its own clock according to the information to synchronize the time to Router
B.
The servers and clients are not fixed. The devices that supply standard time are called
time servers; while the devices that receive time service are called clients.
8-11

8.6 STP
8.6.1 Introduction
Description
l STP/RSTP
Spanning tree allows a network design to include spare (redundant) links to provide
automatic backup paths if an active link fails, without the danger of bridge loops, or
the need for manual enabling/disabling of these backup links. Bridge loops must be
avoided because they result in flooding the network.
l MSTP
MSTP, originally defined in IEEE 802.1s and later merged into IEEE 802.1Q-2003,
defines an extension to the RSTP protocol to further develop the usefulness of VLANs.
This "Per-VLAN" MSTP configures a separate Spanning Tree for each VLAN group
and blocks the links that are redundant within each spanning tree.
Features
l RSTP is a refinement of STP and provides for faster spanning tree convergence. The
following three points have been improved on the basis of RTP:
à RSTP sets two roles of fast-switch alternate and backup ports for root and
designated ports. In case root/designated ports fail, alternate/backup ports go
into forwarding state without delay.
à In point-to-point link connected with two exchange ports only, designated port
only needs to shake hands with downstream bridge to go into forwarding state
without delay. If it is a shared link connected with more than three bridges, the
downstream bridge does not respond to handshaking request from the upstream
designated port and only wait for double forward delay time to go into forwarding
state.
à RSTP connects directly to terminal instead of defining other bridge-connected

ports as edge port. Edge port can go into forwarding state directly without any
delay. As bridge does not know whether port is connected directly with terminal,
it needs manual configuration.
l MSTP is one of the IEEE standard protocols and it can be promoted very easily. MSTP
enjoys the advantages compared with the previous STPs. It can learn VLAN to realize
load balance and fast switchover as RSTP port state. It also can bind multiple VLANs
into an instance to reduce resource occupancy ratio. Most importantly, MSTP has the
good downward compatibility with STP/RSTP.
8-12

Chapter 8 Protocols
8.6.2 Principle
STP/RSTP Principle
STP protocol has the following specific terms which are defined to realize link backup and
path optimization:
l BPDU: BPDU is used for communication between bridges. All bridges, that support
STP protocol, receive and process the received BPDU packet. The data area of this
packet carries all the useful information for STP.
l Root Bridge: A root bridge is selected according to the smallest bridge ID which is
combined with bridge priority and MAC address.
l Root Port: The root port is the BPDU port that receives information. Namely, the root
port is the least-cost path from the bridge to the root.
l Designated Port: The designated bridge is the one with the least-cost path from the
network segment to the root.
MSTP Principle
MSTP allows formation of MST regions that can run multiple MST instances. Multiple
regions and other STP bridges are interconnected using one single CST. Inside MST
region, multiple spanning tree instances are running while at the edge, IST is running
which is compatible with RSTP.
l MSTP Regions
All MST switches must be configured with the same MST information. A group
of switches within the same MST configurations make up MST region. MST
configuration, including region name, revision number, MST VLAN-to-instance
mapping, determines the switch's location.
l MSTP establishes and maintains two types of spanning trees.
à IST: a spanning tree running inside MST region.
In MST region, MSTP maintains multiple spanning tree instances. Instance 0 is
a special instance, that is IST. Other MST instances are 1 – 15. IST is the only
spanning tree to send and receive BPDU packets. Other instance information is
included in an M-records log. This can substantially reduce the number of BPDU
packets to be sent.
All MST instances share the same protocol counter in MST region. However,
each instance has its own topology parameter, such as root switch ID, root path
cost. By default, all VLANs belong to IST.
à MST instances are subject to MST regions. For example, MST instance
1 in region A is independent from instance 1 in region B regardless of the
interconnection between A and B.
à CIST: it is an integration of IST and CST in MST region. CST connects the MST
region and single spanning tree.
8-13

à The spanning tree in MST region is the sub-tree of CST. CIST is generated when
the switch (it supports 802.1D, 802.1W and 802.1S) operates the spanning tree
algorithm. CIST inside MST region and CST outside MST region is the same.
8-14

Chapter 9
Uplink Interface Protection
Table of Contents
Introduction ................................................................................................................9-1
Principle .....................................................................................................................9-1
9.1 Introduction
The ZXA10 C300M/C350M provides dual Ethernet interfaces uplink to avoid service
interruption caused by single-link faults. It enhances system reliability and ensures
uninterrupted services.
The ZXA10 C300M/C350M supports the following types of uplink interface protection
mechanisms:
l Link aggregation (also known as trunking)
l UAPS
l STP/RSTP
Link aggregation, UAPS, and STP/RSTP belong to different uplink protection mechanisms
and cannot be supported simultaneously.
Dual Ethernet uplink supports uplink interface protection while xPON uplink does not
support it.
9.2 Principle
Link Aggregation
The ZXA10 C300M/C350M supports link aggregation, also known as trunking.
In dual Ethernet uplink scenario, both the links bear the service together in load sharing
mode. Load sharing uses the algorithm based on the L2 MAC address to distribute
the service traffic to the links equally. On management, both the aggregated links are
considered as one logical link.
When one of the links is physically interrupted, for example, when the fiber or cable is
interrupted, or the optical module is damaged, the service is switched to the other link
quickly. When the interrupted link is recovered, the service on the original link switches to
load sharing again.
Link aggregation not only provides the link protection function that cannot be realized in
single-link mode, but also distributes the service on the two links equally, which provides
bigger physical channels for service bearing.
9-1

UAPS
In dual Ethernet uplink scenarios, the ZXA10 C300M/C350M supports the UAPS
mechanism.
UAPS uses link hot backup. At any time, as long as one active link is in the working state,
this link bears all the services. The standby link is in the idle state and monitors the active
link status in real time.
When the active link is physically interrupted, for example, when the fiber or cable is
interrupted, or the optical module is damaged, the active link switches to the active link
automatically and all the services are switched to this link. This is an auto protection
switching process.
When the faulty link is recovered, the system determines whether to switch the services
back to the original link according to the configuration. If the system is configured to allow
UAPS recovery, the UPAS minimum protection time should be configured to avoid frequent
switching caused by incidental interruption.
The ZXA10 C300M/C350M supports manual UAPS link switching, which is easy to install
and debug.
STP/RSTP
The ZXA10 C300M/C350M supports the STP/RSTP protocol. It can discover and remove
the loops in the network topology automatically.
9-2

Chapter 10
AG Security
Table of Contents
AG Authentication ....................................................................................................10-1
Dual-homing.............................................................................................................10-3
Self-exchange ..........................................................................................................10-5
10.1 AG Authentication
10.1.1 Introduction
Description
AG authetication refers to the procedure that multi-Service access equipment device
registers on SS in encryption way. Through AG authentication, it can effectively prevent
access equipment device from registering on SS for service development.
Features
ZXA10 C300M/C350M AG authentication features are as follows:
l The AG authentication for H.248 interface generally adopts MD5 encryption algorithm.
l On both SS and MG sides, it needs to be configured with synchronized AG
authentication parameters. This information is not transmitted in protocol interfaces
in public. Only MG and SS know about it.
10.1.2 Principle
ZXA10 C300M/C350M supports H.248 protocol, MGCP and MGC authentication.
This topic only introduces H.248 authentication workflow. Figure 10-1 shows H.248
authentication work flow.
10-1

Figure 10-1 MG Registration To SS Workflow
MG: Media Gateway SS: Soft Switch
The H.248 authentication workflow is described as follows:

1. MG sends a registration request message to SS.
After H.248 interface is enabled, MG sends the ServiceChange message to SS for
registration.
2. SS gives a reply to MG.
After receiving the ServiceChange message from MG, SS calculates X fields in this
message and judges whether the authentication message is from legal MG. If it is from
legal MG, SS gives a correct response. If not, SS returns an incorrect message.
3. SS sends a Modify message to MG.
After SS receives the authentication message from legal MG, SS creates a private
value which is used for DH exchange. This value is kept and used during the whole
H.248 session.
SS sends a Modify message to MG, which contains authentication information fields
such as DH exchange key, digital signature, algorithm ID and random number.
4. MG gives a reply to SS.
After receiving the Modify message from SS, MG calculates the authentication
information fields in this message. If the result has the digital signature in the Modify
message, it means the message is from a legal SS. MG gives a reply to SS.
5. SS authenticates MG periodically.
During the process, SS authenticates MG periodically. SS creates a random number
and uses sharing key to make a calculation. Then, SS sends a Modify message to
MG, which contains three authentication information fields. They are digital signature,
algorithm ID and random number.
10-2

Chapter 10 AG Security
6. MG sends a reply to SS.

After receiving the Modify message from SS, MG calculates the authentication
information fields in this message. If the result has the digital signature in the Modify
message, it means the message is from a legal SS. MG gives a reply to SS, which
contains two authentication information fields.
Note:
If MG is successful in registration for the first time, SS sends a Modify message to MG
to create a sharing key.
After that, by sending a Modify message, SS repeats Steps 5 and 6 periodically to have
a security check. SS controls the interval of sending a Modify message. It should be less
than 10 minutes.
10.2 Dual-homing
10.2.1 Introduction
Description
Dual–homing is a network topology in which a device is connected to the network by way
of two independent access points (points of attachment). One access point is the primary
connection, and the other is a standby connection that is activated in the event of a failure
of the primary connection.
Features
ZXA10 C300M/C350M AG dual-homing features are as follows:
l For data configuration, ZXA10 C300M/C350M supports 1:4 ratio

Presently, ZXA10 C300M/C350M only provides one H.248 interface, which
corresponds to four SS devices.
The first SS device is the default one. When AG is powered ON for registration, it is
registered to the first SS.
l Register to four SS devices in polling after disconnection
If H.248 link between ZXA10 C300M/C350M and the current SS is disconnected,

ZXA10 C300M/C350M tries to register to the current SS again. If the registration
fails for three times, ZXA10 C300M/C350M registers to another SS device in polling.
If the registration still fails, it continues the registration with another SS.
l Manual handoff at AG side
10-3

ZXA10 C300M/C350M can execute a command to register on a specific SS at

ZXA10 C300M/C350M side in case the current H.248 link is normal or disconnected.
It supports manual handoff at ZXA10 C300M/C350M side.
The newly registered SS must be one of the configured four SS devices.
l Handoff at SS side
ZXA10 C300M/C350M can receive the handoff command sent from SS side. After
receiving the handoff command, AG registers to the specific SS. The IP address of
the specific SS is not restricted to the IP address fields configured at AG side.
10.2.2 Principle
ZTE Multi-Service Access Equipment device supports H.248–based dual-homing function.
The dual-homing networking application diagram is shown in Figure 10-2.
Figure 10-2 Multi-Service Access Equipment Dual-Homing Networking Application

Diagram
MG: Media Gateway MGC: Media Gateway Controller
10-4

As shown in Figure 10-2, MG1 registers to MGC1 and MGC2 simultaneously. MGC1 is the
active SS and MGC2 is the standby SS. Once MGC1 is faulty, the media gateway hands
over to MGC2. There are two types of handovers:
l Manual Handover
1. If MG1 sends heartbeat detection information consecutively to MGC1 and
receives no response, MGC1 is considered faulty.
2. Execute commands at MG1 side to register to the specified MGC2. Whenever
MGC1 is in a faulty state or normal state, MGC2 device information should be
configured in MG1 device.
l Automatic Handover
1. If MG1 sends heartbeat detection information consecutively to MGC1 and
receives no response, MGC1 is considered faulty.
2. Registration information is sent automatically to MGC2 at MG1 side.
3. If MG1 receives MGC2 response, it means that MG1 registers successfully to
MGC2 and the registration flow is over. If MG1 does not receive any response
from MGC2 after sending registration information for number of times, it means
MG1 fails to register to MGC2.
4. MG1 sends registration information to other standby MGCs in polling way. The
maximum number of standby MGC configured at MG1 side is 4. If MG1 cannot
register to all other standby MGC devices successfully, MG1 returns to MGC1 for
registration.
5. If MG1 receives MGC1–corresponding information, it means that MG1
successfully registers to MGC2 and the registration flow is over.
10.3 Self-exchange
10.3.1 Introduction
Self-exchange is a disaster recovery function that ensures subscriber communication
when the IP layer fails to connect to the SS due to network faults. It improves the system
reliability.
If the device supports SS and is configured with this self-exchange function, the user can
call other users inside the system through the called number.
After receiving the off-hook signal, the gateway finds H.248 link is disconnected and
hand-off is required. The gateway needs to generate the dial-up tone itself. DTMF
number receiver receives the user's dialing and makes an analysis on the called number.
It uses the called number to search the called party.
l If the user belongs to the gateway, the gateway rings the called party. The called party
hooks off for calling.
10-5

l If the user does not belong to the gateway, the gateway sends a busy tone to the
calling party.
Features
The features are as follows:
l The self–exchange function is configured only locally. It is irrelevant to SS
configuration.
l When H.248 link and V5 interface is broken, SS does not take part in the calling
procedure. AG creates the bill during self-exchange. It is not recommended to use
self–exchange for a long time.
10.3.2 Principle
Figure 10-3 shows self-exchange networking diagram.
Figure 10-3 Self–Exchange Networking Diagram
IP: Internet Protocol MGC: Media Gateway Controller
As shown is Figure 10-3, the calls of telephone A and telephone B, subject to the same
media gateway device MG, are made under SS MGC control. Once SS MGC is faulty or IP
10-6

network is faulty, MG cannot successfully register to SS MGC, the media gateway device,
initiating SS function accordingly.
Self-exchange workflow is as follows:
1. When the system is powered ON, the service software module reads D:/dnal.cfg file
(this file is created by operator in advance). The service software module reads tags
and number table the self-exchange needs. It also reads the number table to the
memory.
2. Create a table in which the number matches the circuit number.
3. When H.248 link is broken, if the user hooks off, the service software enters the
self-exchange service processing module after receiving the off-hook signal. It
provides the dialing tone to the user and searches number receiver resource. Then,
it checks the called number.
4. Number matching module searches called party.
a. If the called party is not found, it waits for receiving called number till the called
party is found.
b. If the called party is found, it rings the called party. The called party hooks off for
calling.
5. The calling is over. The system creates a call ticket. The call ticket contains calling
party circuit number, called party circuit number, call duration and release time. The
call tick resides at D:/charge.dat.
10-7

10-8

Chapter 11
Access Security
Table of Contents
User Identification ....................................................................................................11-1
MAC Security Technology ........................................................................................11-4
IP Security Technology .............................................................................................11-6
Overload and Invalid Packet Suppression ................................................................11-7
Multicast Service Security ........................................................................................11-9
Management Channel and System Security ........................................................... 11-10
Port Isolation .......................................................................................................... 11-12
ACL........................................................................................................................ 11-14
TACACS+............................................................................................................... 11-16
RADIUS ................................................................................................................ 11-18
11.1 User Identification

11.1.1 Introduction
User identification and authentication technologies are well developed and widely used,
such as PPPoE and DHCP. One of the key issues is the identification of user ports (also
known as subscriber line). If the authentication server identifies users only by user names,
then multiple users can share one user name and password. This has impacts on the
operation benefit of carriers.
The purpose of user identification is to refuse illegal users to access the network.
The ZXA10 C300M/C350M supports multiple user identification technologies and provides
various user port (or subscriber line) identification mechanisms, including DHCP option 82,
PPPoE+, SVLAN, and VBAS.
PPPoE Intermediate Agent and VBAS user identification is used in the PPPoE scenario.
DHCP option 82 user identification is used in the DHCP (IPoE) scenario. SVLAN user
identification is used in the Q-in-Q or SVLAN scenario.
11.1.2 Principle
DHCP Option 82
Figure 11-1 shows the DHCP Option 82 interaction process.
11-1

Figure 11-1 DHCP Option 82 Interaction Process
DHCP: Dynamic Host Configuration Protocol
In the DHCP application scenario, according to the RFC3046 definition, the system inserts
Option 82 in each DHCP discover packet and DHCP request packet. Option 82 contains
circuit ID and remote ID, that is, the user access line ID. The packets are then transmitted
to the DHCP or RADIUS server for authentication and accounting.
Port location realized by DHCP Option 82 is extension of the DHCP protocol. It has no
protocol interaction process, has high implement efficiency, and has no impact on services.
PPPoE Intermediate Agent

Figure 11-2 shows the PPPoE Intermediate Agent interaction process.
Figure 11-2 PPPoE Intermediate Agent Interaction Process
11-2

Chapter 11 Access Security
PADI: PPPoE Active Discovery Initiation PADO: PPPoE Active Discovery Offer
PADR: PPPoE Active Discovery Request PADS: PPPoE Active Discovery Session-
confirmation
LCP: Link Control Protocol NCP: Network Control Protocol
PPPoE: Point to Point Protocol over Ethernet
The system modifies the PPPoE protocol packets through PPPoE Intermediate Agent.
Port location realized by PPPoE Intermediate Agent is extension of the PPPoE protocol.
It has no protocol interaction process, has high implement efficiency, and has no impact
on services.
VBAS
Figure 11-3 shows the VBAS interaction process.
Figure 11-3 VBAS Interaction Process
11-3

IP: Internet protocol DSLAM: Digital Subscriber Line Access

Multiplexer
BAS: Broadband Access Server RADIUS: Remote Authentication Dial In User

Service
The VBAS function is realized in the PPP phase:

1. After the subscriber sends the identification request packet to the BAS, the BAS sends
the VBAS request data packet to the system to query the corresponding relation
between the MAC address of the subscriber host and the specific physical port.
2. After the system receives the VBAS request data packet, it sends the VBAS response
data packet to the BAS, returns the corresponding relation between the MAC address
of the subscriber host and the specific physical port. Then the BAS authenticates the
user information locally or remotely.
SVLAN
The system expands the internal 802.1q tag as the user line ID. The external 802.1q tag
is used for second-layer forwarding in the network. The BRAS device strips the external
tag and identifies the user according to the internal tag.
Port location realized by SVLAN does not need any protocol interaction process, and it
has no relation with service types. The two-layer VLAN should be planned together, and
the second-layer network should support two-layer VLAN tag.
11.2 MAC Security Technology

11.2.1 Introduction
The ZXA10 C300M/C350M supports multiple MAC security technologies to protect MAC
addresses and prevent spoofing:
l MAC address binding
l MAC address count limit
l MAC address anti-spoofing (anti-transfer)
l MAC address filter
11.2.2 Principle
MAC Address Binding
MAC address binding refers to binding MAC addresses to a user port so that only the
users with the specified MAC addresses can access the network. This prevents illegal
users from accessing the network.
For the user port that is bound with MAC addresses, the ZXA10 C300M/C350M forwarding
module does not learn the MAC addresses automatically. If the source MAC address of
11-4

the user packets is different from all the MAC addresses bound with the port, the packet
is considered as illegal and is discarded.
This process allows the packets with only the specified source MAC addresses can access
the port so that only the specified users can access the network
MAC Address Count Limit

Malicious users may use MAC addresses exhaustively to create the packets with
constantly changing MAC addresses to attack the device. In this case, the MAC address
forwarding table of the access device may be full and it stops learning new MAC
addresses; thus legal user packets are discarded or flooded and legal user services are
affected.
The MAC address count limit function can effectively prevent the DoS attacks from the
malicious users. MAC address count limit aims to limit the count of the MAC addresses
that a port can learn automatically.
If the count of the MAC addresses learned by the port is less than the configured threshold,
the ZXA10 C300M/C350M forwarding module automatically learns the user MAC address
and forwards the packet. If the count of the MAC addresses learned by the port is more
than the configured threshold, the forwarding module neglects the new MAC addresses
until the old MAC addresses are aged.
When the MAC address count limit function is enabled, the static MAC addresses and
dynamic MAC addresses are counted together.
MAC Address Anti-Spoofing (Anti-Transfer)

The MAC address information in the Ethernet is open. A user can easily obtain the MAC
address information of other users by using scan tools. If the same MAC address exists
on different user ports of the device, the MAC address learning is out of order and the user
cannot get online.
MAC/IP address spoofing greatly threaten security. MAC address spoofing causes
replicated MAC addresses and the switching chip may fail to learn the MAC address
dynamically. Thus some users cannot get online.
MAC address spoofing includes the following:
l User MAC address spoofing
l MAC address spoofing of the upper layer network service server (such as BRAS,
DHCP Server/Relay, and default gateway)
To prevent MAC address spoofing, the ZXA10 C300M/C350M automatically enables the
MAC address anti-spoofing (anti-transfer) function. For example, if a MAC address is
initially learned on port A, and then the same MAC address appears on port B, the ZXA10
C300M/C350M handles this case in the following way:
l If port A and port B are user ports (UNI), the MAC address is not transferred.
l If port A is a network port (NNI) and port B is a user port (UNI), the MAC address is
not transferred.
11-5

l If port A is a user port (UNI) and port B is a network port (NNI), the MAC address is
transferred to port B.
When the ZXA10 C300M/C350M detects MAC address spoofing (or transfer), it discards
or floods the packet.
MAC Address Filter

MAC address filter is also known as MAC address blacklist. A MAC address filter table
is set on a port. If the source MAC address of the received packet matches any item in
the table, the packet is considered as illegal and is discarded. If the source MAC address
does not match the items in the table, the packet is considered as legal and is forwarded.
Through MAC address filter, the ZXA10 C300M/C350M can refuse to provide services for
the specified users and prevent illegal or malicious users to access the network.
11.3 IP Security Technology

11.3.1 Introduction
IP address spoofing exists in the IPoE access scenarios. IP address spoofing includes
stealing other user IP addresses or services, and accessing the network by force without
obtaining the configuration information through DHCP. IP address spoofing affects the
services for the legal users, and threaten user security and system security.
The IP security technology of the ZXA10 C300M/C350M can effectively prevent IP address
spoofing. The IP security technology includes the following:
l IP address binding
l DHCP Snooping
l DHCP Source Guard
11.3.2 Principle
IP Address Binding
IP address binding is applicable for the static IP addressing scenarios.
IP address binding refers to binding IP addresses to a user port so that only the users
with the specified IP addresses can access the network. This prevents illegal users from
accessing the network.
For a user port bound with IP addresses, the forwarding module of the ZXA10
C300M/C350M matches the source IP address of the packet with the IP addresses in the
bound IP address list. If the IP addresses are matched, the packet is considered as legal
and it is forwarded. Otherwise, the packet is considered illegal and it is discarded.
This process allows only the packets with specified source IP addresses to access the
user port. Thus it ensures that only the specified users can access the network.
11-6

DHCP Snooping
The ZXA10 C300M/C350M supports the DHCP Snooping technology.
The DHCP Snooping technology is a security feature of DHCP. It filters unreliable DHCP
information by creating and maintaining the DHCP Snooping binding table. The unreliable
DHCP information refers to the DHCP information from unreliable areas.
The DHCP Snooping binding table contains the user MAC addresses, IP addresses, lease
period, and VLAN ID interfaces of the unreliable areas. It can also age the items in the
DHCP Snooping binding table according to the lease period.
To maintain the DHCP Snooping binding table, the information such as DHCP Request,
DHCP ACK, DHCP NAK, DHCP Decline, and DHCP Release needs to be intercepted.
The DHCP Snooping binding table can be saved in the flash. After system startup, the
system reads the backup information from the flash to prevent abnormal services due to
unreleased IP addresses.
DHCP Source Guard

The realization of the DHCP Source Guard technology depends on the DHCP Snooping
binding table. Through the DHCP Snooping binding table, the IP addresses and the port
are bound. Thus the source IP addresses (of packets) that are not in the table are filtered.
The ZXA10 C300M/C350M monitors the protocol packets between the user and DHCP
Server/Relay. Before the user obtains the configuration information, other packets except
the DHCP packet are all discarded. Once a DHCP ACK packet is monitored, the ZXA10
C300M/C350M binds <distributed IP address, user MAC address> with the user port, enables
the uplink data packet sending, and ensures consistency between the uplink data packet
with the bound <distributed IP address, user MAC address>. Otherwise, the packet is
discarded. When the DHCP lease period expires, the system cancels the binding relation
and stops sending uplink non-DHCP packets.
11.4 Overload and Invalid Packet Suppression

11.4.1 Introduction
Since the self-networking by subscribers is not controllable, if malicious users send illegal
protocol packets, the network processing capability is deteriorated, and thereby causing
network or device disorder. If malicious users send excessive protocol and broadcast
packets (whether legal or illegal) in the uplink direction, the system device capability is
deteriorated, because processing of protocol and broadcast packets heavily consumes
network and system resources.
To enhance system security and protection, the ZXA10 C300M/C350M supports
overloaded and illegal packet suppression.
The ZXA10 C300M/C350M supports the following overloaded packet suppression:
l Overloaded protocol packets
11-7

l Overloaded broadcast packets

l Overloaded multicast packets
l Overloaded packets with different source MAC addresses
The ZXA10 C300M/C350M supports the following illegal packet suppression:
l Illegal source MAC address packets
l Illegal protocol packets
l Ultra-long, ultra-short, or incorrectly verified packets
11.4.2 Principle
Overloaded Packet Suppression
In the uplink direction, if malicious users send overloaded protocol or broadcast packets
(whether legal or illegal), the system resources are heavily consumed and the device
capability is greatly reduced, even to the extent of service refusal.
In the downlink direction, even though the ZXA10 C300M/C350M is in the controllable
network, overloaded packets also need to be prevented due to network complexity.
Overloaded protocol packets, broadcast packets, and multicast packets greatly occupy the
device processing resources. The procedure for handling the three types of overloaded
packets is as follows:
1. Match the features of specific types of packets: specific protocol packets, broadcast
packets, or multicast packets.
2. Collect statistics on the sending rate of this type of packets.
3. If the sending rate exceeds the predefined rate, the packet is discarded.
Overloaded packets with different source MAC addresses may occupy the limited MAC
address list resources of the switch chip. To handle this problem, set the threshold of the
MAC addresses that can be learnt by the user side. Therefore, when the number of the
MAC addresses at the port reaches the threshold, the following packets with new MAC
addresses are discarded.
Illegal Packet Suppression

The ZXA10 C300M/C350M supports the following illegal packet suppression methods:
l Illegal source MAC address packets
The source MAC address cannot be the broadcast or multicast address. Some MAC
addresses are reserved by the standard organizations and cannot be used by common
users.
l Illegal protocol packets
à The uplink direction of the IGMP cannot have the Query packet and the downlink
direction cannot have the Report/Leave/Join packet.
à The uplink direction of the DHCP cannot have the Offer/Ack packet and the
downlink direction cannot have the Discover/Request packet.
11-8

à The uplink direction of the PPPoE protocol cannot have the PADO and PADS
packets and the downlink direction cannot have the PADI and PADR packets.
To ensure application security, such packets should be intercepted and filtered.
l Ultra-long, ultra-short, or incorrectly verified packets
Generally, the packets shorter than 64 bytes are considered as ultra-short packets
and those longer than 1518 bytes are considered as ultra-long packets. In specific
conditions, an ultra-long packet (jumbo frame) can be 9000 bytes. The ultra-long,
ultra-short, or incorrectly verified packets should be intercepted and filtered.
11.5 Multicast Service Security

11.5.1 Introduction
In the IPTV scenario, the ZXA10 C300M/C350M provides system and service security
assurance through multicast service security technologies.
The ZXA10 C300M/C350M provides the following multicast security mechanisms:
l Multicast VLAN
l IGMP control
l User port authority control
l Count limit of the user port multicast groups
l User port multicast bandwidth limit
11.5.2 Principle
Multicast VLAN
The ZXA10 C300M/C350M isolates multicast and unicast data through the multicast
VLAN. In addition, it isolates the multicast services of different service providers by
different multicast VLANs. This protects multicast services from illegal percolation.
IGMP Control
The ZXA10 C300M/C350M enhances the system security from two aspects:
l Overloaded IGMP packet suppression
Through overloaded IGMP packet suppression, the ZXA10 C300M/C350M can
prevent malicious users from sending overloaded IGMP packets. Overloaded IGMP
packets may consume system resources and occupy system processing capability,
and thus the device performance is deteriorated or even the service is refused.
l Illegal IGMP packet suppression
To prevent the users from setting the multicast server or start the multicast service in
private, which may disturb normal service management, the ZXA10 C300M/C350M
provides the function of illegal IGMP packet suppression.
11-9

à The IGMP Query packets in the uplink direction of the user port are discarded by
force.
à The IGMP Report/Leave/Join packet in the downlink direction of the uplink port
are discarded by force.
User Port Authority Control

When the IPTV service is received in dynamic mode, the user authority of receiving the
programs needs to be controlled to prevent the unauthorized users from receiving the
programs.
Count Limit of User Port Multicast Groups

To ensure the VOD program quality and prevent malicious VoD, the ZXA10 C300M/C350M
limits the count of the multicast groups that the subscriber can order.
User Port Multicast Bandwidth Limit

The limited subscriber line bandwidth cannot meet the requirement if the subscriber orders
all the channels of programs at the same time. Therefore, the ZXA10 C300M/C350M limits
user port multicast bandwidth to ensure the multicast bandwidth for the ordered programs
and ensure the program picture quality.
11.6 Management Channel and System Security

11.6.1 Introduction
To avoid device attack from malicious users, the ZXA10 C300M/C350M provides powerful
security protection mechanism to ensure user security and enhance system security and
stability.
The ZXA10 C300M/C350M provides the following security protection mechanisms:
l Management channel ACL

l Management channel broadcast storm suppression
l SSH
l Protection and authentication of multi-level management user authority
11.6.2 Principle
Management Channel ACL
ACL classifies the input packets based on the matched conditions, and then determines
the packet processing policy (permit or deny), to control the external devices to access the
local device.
11-10

NMS channel ACL aims at the NMS channel access policy. The ZXA10 C300M/C350M
can configure an IP address list. Only the hosts with the IP addresses on the list can
manage the system.
In addition, the ZXA10 C300M/C350M can control the protocol type of the IP packets in
the management channel. It can also configure the policy, permit or deny the ICMP, TCP,
or UDP IP packets.
Management Channel Broadcast Storm Suppression

Through the NMS channel ACL, the ZXA10 C300M/C350M can control attacks from illegal
packets. If the management channel broadcast storm suppression is used, the ZXA10
C300M/C350M can control the attacks from overloaded packets, and thus system security
is enhanced.
If the management user computer is attacked by virus or malicious users, it sends excess
protocol and broadcast packets. Processing of these packets greatly consumes the
system resources, and thus the device performance is deteriorated or the service is
refused.
By the management channel broadcast storm suppression, the ZXA10 C300M/C350M
can control the number of packets that access the system, to keep the system resource
consumption within a secure limit, and thus to ensure the service normal operation.
SSH
SSH is a protocol that provides secure remote login and other secure network services on
the network. By using SSH, the ZXA10 C300M/C350M can encrypt all the transmission
data to prevent the intermediary attack, DNS spoofing, and IP spoofing. When SSH is
used, the transmission data is compressed, and thus the transmission speed is improved.
SSH has various functions. It can replace Telnet, and can also provide a secure channel for
FTP, POP, or PPP. The ZXA10 C300M/C350M supports SSH v1 and SSH v2. Compared
with SSH v1, SSH v2 has been improved as follows:
l In SSH v2, other algorithm negotiation is supported between the client and server.
Algorithms used by the host key, packet authentication, hash function, server key
exchange and data compression can be negotiated.
l SSH v2 extends the algorithm naming space. Compared with SSH v1 that uses
number to represent the algorithm to be negotiated, the algorithms (as well as
protocols, service and key/certificate format) in SSH v2 uses strings for naming.
Protection and Authentication of Multi-Level Management User Authority

The ZXA10 C300M/C350M supports multi-level management user authorities: common
user mode and privileged user mode. In common user mode, the user can only view the
configuration, but cannot modify the configuration. In privileged user mode, the user can
not only view the configuration, but can also modify the configuration.
Multiple user accounts can be created in the ZXA10 C300M/C350M. When a user logs
in to the system, the user name and password authentication is required. The ZXA10
11-11

C300M/C350M has a default privileged user. The administrator cannot create a privileged
user, but can change the password of the privileged user.
The management user authentication can be implemented locally or through the remote
RADIUS server. In local authentication mode, the system saves the user name and
password authority list locally, and authenticates the user name and password for each
user that attempts to access the system. In remote authentication mode, when the
administrator logs in to the system, the system performs the following steps:
1. Creates a RADIUS client to communicate with the remote Radius server
2. Sends the entered user name and password to the Radius server for authentication
3. Determines whether to allow the user to access the system according to the
authentication result returned by the RADIUS server.
11.7 Port Isolation

11.7.1 Introduction
Description
The ZXA10 C300M/C350M provides the user access security control mechanism to realize
the following functions:
l It ensures the user data security and prevents illegal interception.
l It controls user access to prevent users to set up networks privately.
Features
The ZXA10 C300M/C350M provides the following user access security control
mechanisms:
l User port isolation (PVLAN)
l User port loop test
11.7.2 Principle
PVLAN
MAC addresses in the Ethernet are open. The malicious users can easily obtain the MAC
addresses and IP addresses of other users by scan tools and can intercept the packet
information of other users.
The ZXA10 C300M/C350M provides user port isolation by VLAN. Users in the same VLAN
cannot communicate with each other, but can interwork with only the uplink convergence
port.
As shown in Figure 11-4, suppose Port A and Ports B-F are in the same VLAN. Port A is
the uplink port. Ports B-F are user ports.
11-12

Figure 11-4 PVLAN Communication
In PVLAN mode, the communication between these ports is as follows:

l In the uplink direction: Port B can communicate with Port A but cannot communicate
with Ports C-F.
l In the downlink direction: Port A can communicate with all the user ports B-F.
User Loop Test

User port loop test ensures ZXA10 C300M/C350M network security.
In the actual networking, when the user sets up a network by using a concentrator,
exchanger, or router, a physical loop is caused by networking faults. In this case, the flow
delivered by the network is looped back to the network, which may lead to network storm.
The upper layer aggregation exchanger may block the downlink ports, and the entire
ZXA10 C300M/C350M services are interrupted.
To avoid this problem, the ZXA10 C300M/C350M enables the port loop test function:
l The system sends special packets to the user port periodically.
l The system intercepts the user port packets in real time, checking whether there is a
special packet delivered by the system.
If a physical loop exists in the privately setup network under the user port, the special
packets sent by the system are looped back and detected by the system. The system
blocks the user port, sets the port state to "used for loop" (which is different from being
disabled by NMS commands), and report alarms to the EMS.
In the cases other than manual intervention, port loop test can automatically unblock the
port a certain time after the port is blocked. If the loop still exists, it may take a longer time
to unblock the port. The unblock time increases with the increment of the detection times.
11-13

11.8 ACL
11.8.1 Introduction
Description
ACL is used to limit the access of external devices to the local device. The ACL principle
is to classify input packets based on a series of matching conditions and determines how
to process the packets (to forward or discard them).
To filter packets, subscriber needs to configure a series of matching conditions on network
equipment to help it identify packets to be filtered. When the equipment recognizes the
packets, it permits or forbids the packets to pass according to the preset policies. ACL
classifies packets based on matching rules, which can be the source address, destination
address, and port number of packets.
Features
ZXA10 C300M/C350M supports four types of ACLs.
l Standard ACL
The standard ACL number ranges from 1 - 99. It sets up rules only according to
Layer-3 source IP and analyzes and processes the data packets.
l Extended ACL
The extended ACL number ranges from 100 - 199. Extended ACLs permit or deny
traffic from specific IP addresses to a specific destination IP address and port. It also
can specify different types of traffic such as ICMP, TCP, UDP, etc.
l Link-Layer ACL
The link-layer ACL number ranges from 200 - 299. It can make rules according
the link-layer information, such as VLAN ID, source MAC address, destination MAC
address, Layer-2 protocol.
l Hybrid ACL
The hybrid ACL number ranges from 300 - 399. It can define more flexible and
comprehensive rules than other three ACLs. It can improve the ZXA10 C300M/C350M
system security greatly when used with QoS.
11.8.2 Principle
ACL aims to control network access, using packet filtering technique to read Layer-3 and
Layer-4 packet head information on routers, such as source address, destination address,
source port and destination port, and filter the packets according to the pre-defined rules.
ACL mainly works, on the one hand, to protect resource nodes and prevent illegal users
from visiting resource nodes; on the other hand, it restricts user node access authority.
Conform to the following two principles when implementing ACL:
11-14

l Least Priority Principle: The controlled object is provided with the least priority to fulfill
tasks.
l Closest to Controlled Object Principle: Every object is checked in ACL from the top to
the bottom. Once the appropriate object is found, the check stops.
l Discard Principle: By default, all the inappropriate data packets are discarded.
ZXA10 C300M/C350M compares the input packet flow with ACL defined rules.
l If the packet matches the rule, it is forwarded to QoS for further processing.
l If the packet does not match the rule, it is discarded or forwarded as an unmatched
packet as per the ACL definition.
Figure 11-5 shows ACL filtering procedure.
Figure 11-5 ACL Filtering Procedure
QoS: Quality of Service ACL: Access Control List
Figure 11-6 shows ACL working principle. Through ACL configuration, the following
functions can be performed:
l User access control

l Authorized user network access
l Unauthorized user restriction
11-15

Figure 11-6 ACL Working Principle
ACL: Access Control List
11.9 TACACS+
11.9.1 Introduction
Description
TACACS+ is a protocol which provides access control for routers, network access servers
and other networked computing devices via one or more centralized servers. TACACS+
provides separate authentication, authorization and accounting services.
Features
TACACS+ is based on TACACS, but, in spite of its name, it is an entirely new protocol which
is incompatible with any previous version of TACACS. ZXA10 C300M/C350M supports
TACACS+.
11-16

11.9.2 Principle
TACACS+ provides Authentication, Authorization, and Accounting (AAA).
l Authentication
Refers to who is allowed to gain access to the network. Users are required to prove
that they are really who they say they are. Traditionally authorized users were
forced to use a password to verify their identity, however this has numerous security
limitations. While TACACS+ can use usernames and passwords it can also use other
mechanisms such as "one time" passwords. If standard passwords are used for
authentication then adequate password aging should be in place to prevent hackers
from accessing the system. For example: If a packet was intercepted and contain a
users password the intercepted packet would have aged before the culprits are able
to decode the encryption facilitating entry into the system.
l Authorization
Refers to what the user is allowed to do, or what services the user has access to.
For example: If a users dials into the network remotely and passes authentication,
authorization could dictate what IP addresses the user has access to and what
applications on those devices as well.
l Accounting
Refers to keeping track of what the user did, and when the services were used. This
is extremely useful for a security auditing purposes. Accounting uses start and stop
messages to keep track of when a service was started and when it was terminated.
Accounting records can either be stored locally or sent to another device such as a
syslog server.
TACACS+ uses a client server model approach. The server (running on UNIX or NT) is
questioned by the client and the server in turn replies by stating whether the user passed
or failed the authentication. It is important to note that the client is not the user or the user's
machine, but rather the device that is trying to determine if the user should be allowed entry
into the network (typically a router or a firewall).
TACACS+ uses TCP as the transport protocol – the default port is 49. If required, the
server can be configured to listen on other ports.
TACACS+ is similar to RADIUS with a few key differences. RADIUS uses UDP for
communication between the client and the server were as TACACS+ used TCP. With
TCP being connection oriented protocol and more reliable it makes for a more robust
transport protocol of choice.
Both TACACS+ and RADIUS use a shared secret key to provide encryption for
communication between the client and the server. RADIUS encrypts the user's password
when the client made a request to the server. This encryption prevents someone from
sniffing the user's password using a packet analyzer. However other information such as
username and services that is being performed can be analyzed. TACACS+ encrypts not
just only the entire payload when communicating, but it also encrypts the user's password
between the client and the server. This makes it more difficult to decipher information
11-17

about the communication between the client and the server. TACACS+ uses MD5 hash
function in its encryption and decryption algorithm.
11.10 RADIUS
11.10.1 Introduction
Description
RADIUS is a distributed and interactive information protocol in client/server architecture.
It is normally used to manage numerous scattered subscribers.
RADIUS performs authentication, authorization and accounting on subscribers through a
simple user database management. It also can modify subscribers service information
according to service types and authority.
RADIUS is a widely used AAA protocol. It adopts UDP transmission mode. Figure 11-7
shows the location of RADIUS in protocol stack.
Figure 11-7 RADIUS Location
RADIUS: Remote Authentication Dial In User UDP: User Datagram Protocol

Service
TCP: Transmission Control Protocol IP: Internet Protocol
PPP: Point to Point Protocol
RADIUS selects UDP as the transport layer protocol based on the following points:
l When large amount of user data is processed, servers adopt multiple procedures. In
this case, UDP can simplify the procedures on server port.
l TCP can convey data information only when its connection is established successfully.
However, this method is not practical in realtime attributes when there are numerous
users using this application.
l When requests fail to be sent to active server, it is necessary to send requests to
standby servers. Therefore, retransmission and backup server mechanism is needed
for RADIUS.
Features
RADIUS features are as follows:
11-18

l Client/server Mode
à RADIUS client port usually operates over NAS and RADIUS server usually
operates over a workstation. A RADIUS server can support multiple NASs at
the same time.
à RADIUS server stores massive information which is not needed to be stored in
NAS access. Rather, the information can be visited through RADIUS protocol.
The information, stored in a collective way, can be managed in a more secure
and more reliable way.
RADIUS can work as an agent to communicate with other RADIUS servers or other
types of authentication servers. Roaming is usually implemented through RADIUS
agent.
l Network Security
RADIUS protocol encryption employs MD5 encryption algorithm. NAS and RADIUS
stores a key, which can be used by RADIUS protocol to perform data encryption with
MD5 algorithm. The key is not transmitted over network. The RADIUS encryption
mainly includes:
à Packet Encryption – In RADIUS packet, there is 16–byte authenticator for packet

signature. The signature must be checked when the RADIUS packet is received.
If the packet signature is not correct, the packet is discarded. MD5 algorithm is
also used for packet signature. The signature cannot be created without a key.
à Password Encryption – In user authentication, the RADIUS protocol does not
transmit passwords in cleartext between the NAS and RADIUS server (not even
with PAP protocol). Rather, a shared secret is used along with the MD5 hashing
algorithm to obfuscate passwords.
l Flexible Authentication Mechanism
RADIUS protocol allows servers to support multiple authentication modes, such as
PAP and CHAP of PPP, UNIX login and others. RADIUS servers usually support PAP
but some do not support CHAP as some RADIUS servers store users passwords
in encryption when protecting their passwords. In this case, the user password in
cleartext must be obtained to authenticate a CHAP user.
l Extendable Protocol
RADIUS protocol features good extensibility. RADIUS packet is compounded with

packet head and a number of attributes. Adding a new attribute does not affect the
current protocol. Generally, NAS manufacturers develop the matched RADIUS server
when they produce NAS. In order to provide some functions, they often define some
non-standard (not defined in RFC) attributes. These attributes can be looked up in
the corresponding RADIUS server dictionary.
11-19

11.10.2 Principle
RADIUS is a standard client/server (C/S) used for information exchange among NAS,
clients and the servers involving user authentication and configuration information.
RADIUS is a protocol in C/S architecture. Its client port was initially NAS. Now any
computer with RADIUS client software can be RADIUS client. RADIUS is very flexible
in protocol authentication mechanism, adopting multiple authentication ways like PAP,
CHAP or UNIX login. RADIUS is an extensible protocol, which is implemented based on
Attribute-Length-Value vector.
Working Principle
RADIUS client sends authentication information in protocol format to servers through UDP
packets while it processes the information returned from servers and inform the result to
users accordingly. The RADIUS protocol architecture is shown in Figure 11-8.
Figure 11-8 RADIUS Protocol Architecture
NAS: Network Access Server RADIUS: Remote Authentication Dial In User

Service
RADIUS is defined as a typical C/S architecture to interact in a request-respond mode.

The RADIUS authentication and accounting processing flow diagram is shown in Figure
11-9.
11-20

Figure 11-9 RADIUS Authentication And Accounting Processing Flow
NAS: Network Access Server RADIUS: Remote Authentication Dial In User

Service
l When a network user logs in to visit the server, there is a “Login” prompted information,
requiring the user to input the user information (user name and password) or requiring
the remote logger to input user information for access request through PPP protocol.
l When the access server that adopts RADIUS authentication, obtains the user
information, it sends an “Access-Request” packet to RADIUS server in RADIUS
standard format. This packets contains the RADIUS attributes, such as user name,
user password, access server ID and access port ID. The user password adopts
MD5 encryption process.
l When access server sends the “Access-Request” packet, it triggers timer and
counter. When the retries exceeds the time limit, the timer triggers the access server
to resend the “Access-Request” packet. When the number of retries exceeds the
limit, the counter triggers the server to send “Access-Request” packet and other
backup RADIUS servers in network.
Note:
For the detailed retries mechanism, the RADIUS servers of each manufacturer have
the different ways.
11-21

l When the RADIUS server receives “Access-Request” packet, it verifies whether the
secret of the access server matches the pre–set secret in the RADIUS server to
confirm the “Access-Request” packet is sent from the appropriate access server.
Afterwards, RADIUS server queries whether there is such a user record in the user
database according to the user name in the packet. If there is such a user record in
the database, RADIUS sever performs the further authentication on the user's login
request according to the corresponding authentication attributes of the user record in
database, including user password, user IP address, user's physical port number.
l If the above authentication conditions do not pass, RADIUS server sends an
“Access-Reject” packet to the access server. When the access server receives the
packet, it stops the user-connected port service immediately and the user is forced
to log out.
l If all the authentication conditions and handshaking conversation pass, RADIUS
server saves the user configuration information in the database in the “Access-Accept”
packet and return it to the access server. Then the access sever, according to the
configuration information in the packet, limits the user network accessibility including
the service types, such as SLIP, PPP, Login User, Rlogin, Framed and Callback as
well as the service-related configuration information, such as IP address, telephone
number, time limit.
l If the user can visit the network, RADIUS client sends a “Start–Accounting–Request”
to RADIUS server, indicating that this user starts to be billed. RADIUS server gives a
response after receiving and successfully recording this request packet.
l When the user connection breaks, RADIUS client sends RADIUS server a
“Stop-Accounting-Request” packet, including the statistical information that user
uses the network resources （Internet access time, traffic). RADIUS server gives a
response after receiving and successfully recording this request packet.
11-22

Chapter 12
Monitoring, Operation and
Maintenance
Table of Contents
Alarm/Log Management ...........................................................................................12-1
Fault Monitoring and Management ...........................................................................12-4
Enviornment Monitoring and Management ...............................................................12-7
Broadband Operation and Maintenance Features ....................................................12-8
Narrowband Service Test ....................................................................................... 12-11
12.1 Alarm/Log Management

12.1.1 Introduction
Description
Alarm refers to device abnormal alerts displayed by device terminal or NMS monitoring
terminal. Alarm management means to perform a comprehensive management on the
system alarms. Through alarm management, all the system faults and incidents can be
monitored and managed in a centralized way.
Logging refers to the records that system keeps of the internal situations. Log management
provides functions such as log query, log delete, log export and view. Log management
can monitor and manage all kinds of system events in a centralized way.
Features
The system supports the following alarm/log management:
l Various Alarm Levels
Alarms can be classified into following three types:
à Fault alarm
à Recovery alarm
à Notification
Alarm can be classified into following five types according to severity:
à Critical alarm
à Major alarm
12-1

à Minor alarm
à Warning
à Indeterminate alarm
The recovery alarm level is “cleared”.
The notification level is “notification”.
l Overall Log information
The log can be classified into the following types:
à System log
à Command log
à SNMP log
à Alarm log
l Alarm log information shielding
l Alarm report level configuration
l Alarm buffer size configuration
l Alarm buffer clear and save
12.1.2 Management
Various Alarm Level
ZXA10 C300M/C350M supports various alarms levels which are defined as follows:
l Critical alarm
This alarm is global and may affect the device and service and has to be solved
urgently, such as power fault, clock output fault, etc.
l Major alarm
This alarm involves local card or line fault. If it is not solved in time, it may affect the
normal user service, such as optical fiber disconnection, physical line fault, etc.
l Minor alarm
This alarm refers to the generic fault alarm and event alarm that describes whether
the card or line is working normally, such as physical line errors.
l Warning
This alarm does not affect the system performance and user service, such as the
reminder of system variation.
l Indeterminate warning
The alarm level is indeterminate. It is not being used currently.
l Recovery alarm
The system restores to normal after alarm occurs.
12-2

Chapter 12 Monitoring, Operation and Maintenance
l Notification
It is used to show that the system is running in a normal state.
Overall Log Information

l System log
The system provides the system log to keep record of the system events, such as
user login, system restart, and save these events into local flash or upload to remote
EMS server. It also supports the system log display on CLI.
The system log saves the following key information:
à User login event including user name, login IP address or console port, login time.
à User logout event including user name, logout IP address or console port, logout
time.
à System startup event
à System soft restart event
à System log enable/disable event
à Abnormal task event

l Command log
The system provides command log to keep record of the input commands on CLI
terminal and save the event information into local flash, or upload to EMS server. It
also supports system log display on CLI.
l SNMP log
The system provides SNMP log to keep record of the SNMP commands and save the
event information into local flash or upload to remote EMS server. It also supports the
system log display on CLI.
l Alarm log
The system provides alarm log to keep record of all system alarms and notifications
and save them into local flash or upload to remote EMS server. It also supports the
system log display on CLI.
Alarm Log Information Shielding

Since different users need different alarms outputs, the system provides the alarm output
shielding function, namely to configure whether alarm is output to command line as per
alarm level.
The alarm report level configuration features are as follows:
l The configuration result is valid to all command line terminals, namely, an alarm is
reported either to all terminals or to none of the terminals.
l For the critical alarms, they are always printed out to terminals.
12-3

l The alarm output configuration has no effect on alarm generation. The system alarms
are still logged. Users can query the log through alarm history query command.
Alarm Buffer Size Configuration

Since different users need different alarm buffer sizes, the system provides the buffer size
configuration function.
The alarm buffer size configuration is effective to all command line terminals.
Alarm Buffer Clear and Save Function

Since different users need different alarm buffer cleaning ways and to save alarm logs
timely, the system provides different ways to clear buffer and save logs timely.
There are two ways of clearing alarm buffer. The two ways are as follows:
l When alarm log buffer is full, the new log information is not written into buffer.
l When alarm log buffer is full, clear 1/3 of buffer and save log every 10 minutes.
This configuration is effective to all command line terminals.
12.2 Fault Monitoring and Management

12.2.1 Introduction
Through fault monitoring and management, the user and administrator can analyze the
fault causes and remove the faults.
The ZXA10 C300M/C350M has the following fault monitoring and management
mechanisms:
l System Power-ON self-check
l Crash file
l System logs
l System operation history
l System reset
l Configuration file recovery and auto-saving
l Hot swap
l Power-down alarm
l CPU usage statistics and alarm
l Memory usage statistics and alarm
l Dual-version protection
12-4

12.2.2 Monitoring and Managment

System Power-ON Self-Check
The ZXA10 C300M/C350M performs self-check after powered ON. It checks important
components, such as the CPU minimum system, FPGA, storage component, and
input/output system. The startup process continues only when the self-check is complete;
otherwise, the self-check failure report is generated and the startup process stops.
The self-check methods of the important components depends on the component design
and functions. For example, the self-check for the storage component is used to perform
repeated Read and Write operations on the component to check whether any damaged
partitions exist.
Crash File
During the system operation, if the system crashes due to certain exceptions, the system
saves the related information before crash for the administrator to analyze the faults.
The crash file is saved in the flash. The administrator can view the file content. The crash
file records the following information:
l The current running status of the CPU register.
l The current running status of the main service processing chip.
l The current running status of the operating system.
System Logs
The ZXA10 C300M/C350M provides system logs to record the events in the system, such
as user login and system restart. The system logs are saved in the local flash or sent to
the remote EMS server. System logs can also be displayed in the CLI.
System logs record the following information:
l User login, including the user name, IP address or serial port number for login, and
login time
l User logout, including the user name, IP address or serial port number for logout, and
logout time
l System startup
l System restarting
l Enabling or disabling system log
l Task exceptions
System Operation History

The ZXA10 C300M/C350M records the CLI/Telnet and SNMP operation history. The
operation history is not saved in the flash, but can be exported to the network server.
The operation history records include the following:
l CLI/Telnet records
l SNMP SET records
12-5

l SNMP GET records

l SNMP GETNEXT records
The records are saved in different partitions. Each partition saves at least 350 records.
System Reset and Hot Swap

When the system or cards fail to run normally, the user can reset the system (locally or
remotely) or hot swap the cards to recover the services.
The system can be reset remotely. The EMS sends the reset command through SNMP,
and the primary CPU resets the system. The important components are completely reset.
All the cards in the system have protection components and allow hot swapping.
Plugged-in or plugged-out card(s) do not affect services on other cards. In case of
multiple insertion on the same slot, the newly inserted card needs to be configured again.
Configuration File Recovery and Auto-Saving

The system configuration is saved as a file in the flash and the file can be exported to the
EMS server for backup.
The imported configuration file can be edited as normal text. The administrator can modify
the configuration file and reload it to the system. The system needs to be restarted for the
configuration file to take effect.
To avoid configuration information loss, the system supports configuration file auto-saving.
The auto-saving interval can be customized.
Power-Down Alarm
When the system is powered down abnormally, it reports an alarm immediately to inform
the EMS the power-down event for the administrator to analyze the fault.
CPU and Memory Usage Statistics and Alarm

The system monitors the CPU running status in real time and calculates the CPU usage.
When the CPU usage exceeds the threshold, the system reports an alarm to the EMS. In
this case, the system is overloaded, the service may be interrupted or refused, and the
network or service needs to be adjusted.
The CPU and memory usage statistics can be enabled and disabled in real time. The
alarm threshold can be configured.
Dual-Version Protection
The system divides the flash space to several partitions and reserves at least two version
partitions for the versions. The version partitions indicate whether it is the primary or
secondary version.
When exceptions occur during the version download process, for example, when the
system is powered down suddenly which may damage the version, the system activates
12-6

the secondary version and starts the version automatically. In this case, the version
download can continue.
Dual version partitions provide extra version protection and backup. It can avoid version
damage caused by exceptions.
12.3 Enviornment Monitoring and Management

12.3.1 Introduction
Through environment monitoring and management, the users and administrator can
monitor the environment parameters to ensure that the system is running in the proper
environment.
The ZXA10 C300M/C350M has various fault monitoring and management mechanisms:
l Environment monitoring
l High temperature alarm
l Fan monitoring
l Backbone node monitoring
12.3.2 Monitoring and Management

Environment Monitoring
The ZXA10 C300M/C350M provides the RJ–45 port to connect with environment
monitoring devices such as EPM and EPS, and reports the data collected by environment
monitoring devices to the EMS.
High Temperature Alarm

The ZXA10 C300M/C350M is built with a temperature sensor which can sample the
operation environment temperature in real time.
The user can set the high temperature alarm threshold. When the sampled environment
temperature exceeds the threshold, the device is considered to be running in the insecure
environment. High temperature may deteriorate the device performance. The service may
be interrupted and the device may be physically damaged.
When the sampled environment temperature exceeds the alarm threshold, the system
reports alarms to the EMS, so that the maintenance person can take measures in time.
When the temperature is lower than the threshold, the system notifies the EMS that the
fault is removed.
12-7

Note:
The temperature detected by the temperature sensor is the internal temperature of the
device, and it is 10 ºC – 15 ºC higher than the environment temperature.
The ZXA10 C300M/C350M can implement high temperature monitoring without the help
of EPM/EPS.
Fan Monitoring
The ZXA10 C300M/C350M has two fans, and it can monitor the running status of both the
fans.
The ZXA10 C300M/C350M uses fans for heat dissipation. When the fans stop running,
the working temperature increases quickly so that the ZXA10 C300M/C350M runs in the
instable environment. In this case, the service may be interrupted and the device may
even be damaged.
To avoid this problem, the ZXA10 C300M/C350M can monitor the fan running status in
real time. When either of the fans stop, the system reports an alarm to the EMS so that
the maintenance person can take measures in time. When the fan starts to run normally,
the system notifies the EMS that the fault is removed.
The ZXA10 C300M/C350M can monitor the fans without the help of EPM/EPS.
Backbone Node Monitoring

The ZXA10 C300M/C350M provides five backbone node access points to monitor the
environment for various kinds of boolean value devices. The backbone node interface is
located on the front panel of the main control and switching card.
The ZXA10 C300M/C350M can monitor various kinds of boolean devices. For
convenience, the system provides a frequently used boolean value devices. The user
can select devices from the list. If the boolean device that the user uses is not in the list,
the device can be self-defined.
The ZXA10 C300M/C350M defines the following boolean values: secondary power supply,
fan, heat exchanger, entrance guard, cable distributor, smog, and power supply.
12.4 Broadband Operation and Maintenance Features

12.4.1 Introduction
Through SELT and DELT, the ZXA10 C300M/C350M can obtain the line parameters and
features to evaluate the availability of the current line. This can help check whether the
user line can bear various services.
12-8

The ADSL2/VDSL2 modem can be configured and managed in various ways to deliver the
services uniformly and reduce the operation expenditure (OPEX).
The ZXA10 C300M/C350M provides the following bandwidth operation and maintenance
services:
l SELT/DELT test service
l ADSL2/VDSL2 modem remote management service
12.4.2 Maintenance
SELT
SELT is a test method that obtains the line parameters and features through only the test
method at the CO side when the subscriber side is not connected with CPE. Since the
test method is special, the subscriber side cannot be connected to the CPE, and the test
function is integrated in the chip at the CO side. The chip provides the interface control
command, so other test devices are not needed.
The ZXA10 C300M/C350M SELT can test various line parameters as follows:
l Loop Length
l Loop Termination
l Downstream/Upstream Shannon Capacity
l In-band Noise, 0 – 1.1 MHz
l Termination Response
l Downstream/Upstream Rate vs Margin
The SELT process consists of delivering the test command, obtaining the test data,
analyzing the test data, and returning and displaying the analysis result.
The SELT structure has two types: built-in and external. The difference is that whether the
SELT application responsible for data analysis is integrated in the chip or external, that is,
on the EMS.
The data of the line features collected by the chip have two features:
l The data volume is big.
l Mass operation is needed for analyzing the line feature parameters.
The ZXA10 C300M/C350M supports external mode, that is, the SELT application is located
on the EMS. In this case, the chip collects the test data, and then sends the data to the
EMS in the data encapsulation format. The EMS analyzes the data and displays the result.
The EMS computer performance determines the analysis speed. Generally, the analysis
result can be obtained in ten seconds.
Figure 12-1 shows the SELT process and data analysis process.
12-9

Figure 12-1 SELT Process
EMS: Element Management System SELT: Single Ended Loop Test
DELT
DELT is used to enhance the ADSL2 service and diagnosis functions. When the
showtime mode cannot be accessed due to poor-quality line, DELT can be used to
check the line faults. The information obtained by DELT can help locate the fault and
acknowledge the damaged source.
The DELT parameters are implemented by the sending and receiving functions of the PMD
sub-layer. These parameters are reported when the local management layer allows the
12-10

management primitive request. These parameters can be used to perform the following
operations:
l To debug and detect the faults existing in the physical loop.
l To find out the causes why the physical loop cannot obtain the expected performance
margin.
l To check whether the physical loop has sufficient performance margin after the
adjustment is finished or after the ADSL2 system performs initialization and training.
In the ZXA10 C300M/C350M, when the local management entity is needed, the receiving
functional module of the PMD layer provides the following line test parameters:
l The feature equation H(f) for each sub-carrier wave channel (CCF-ps), used to
analyze the loop basic conditions of physical copper line.
l The background noise PSD QLN(f) for each carrier wave line (QLN-ps), used to
analyze crosstalk.
l SNR(f) of each carrier wave channel (SNR-ps), used to analyze the time related
crosstalk level (severity) or the line attenuation changes (severity), such as the
changes caused by temperature or humidity.
l Line attenuation (LATN)
l Signal attenuation (SATN)
l SNR margin (SANRM)
l Attainable net rate (ATTNDR)
l Remote actual total sending rate (ACTATP)
l Local actual total sending rate (ACTATP), provided by the sending function of the PMD
layer when required by the local management entity.
Using H(f), QLN(f), and SNR(f) can find out the cause why a loop cannot reach its maximum
speed.
The parameters listed above are obtained by the cooperation of C-end and R-end during
the activation process. The new parameters help expand the maintenance and diagnosis
services.
DELT process is simpler. The EMS delivers the test command. The chip saves the test
result in the MIB and obtains the parameters when receiving the command of obtaining
the MIB parameters.
12.5 Narrowband Service Test

12.5.1 Introduction
Description
Through 112 line test, the network status can be monitored for a fixed period after the
service is launched and the potential faults can be found and solved before users report.
12-11

Features
The narrowband service test provided by the system includes the following:
l External line test
l Internal line test
12.5.2 Maintenance
External Line Test
The test point is outside the splitter at the office end, and the subscriber line is
disconnected. The external line test involves the following items:
l Voltage test
l Capacitance test
l Insulation resistance test
l Loop resistance/current test
l Group test
Through external line test, the common external line faults, such as broken line, line
self-shorted, can be located.
Internal Line Test

The test point is in the splitter at the office end, and the subscriber line is disconnected.
The internal line test involves the following items:
l Dialing tone test
l Ringing voltage test
l Ringing current test
l Feeding voltage test
l Loop current test
l Bi-directional routing test
Through internal line test, the above parameters can be determined whether they are in a
normal state.
Line Test Principle

Figure 12-2 shows the line test working principle.
12-12

Figure 12-2 Line Test Working Principle
112 test function is centralized in chip sets. SLIC can test the status of the external line
directly.
12-13

12-14

Figures
Figure 1-1 PSTN Working Principle........................................................................... 1-2
Figure 1-2 Calling Process Simulation ...................................................................... 1-2
Figure 1-3 Called Process Simulation ....................................................................... 1-2
Figure 1-4 ISDN BRI Signaling Transmission Model ................................................. 1-4
Figure 1-5 IP-Based Fax Service Model.................................................................... 1-5
Figure 1-6 T.30 Fax Principle .................................................................................... 1-6
Figure 1-7 T.38 Fax Principle .................................................................................... 1-7
Figure 1-8 Gateway Functional Model....................................................................... 1-9
Figure 1-9 H.248 MG Model.................................................................................... 1-10
Figure 1-10 H.248 Command Set ........................................................................... 1-10
Figure 1-11 H.248 Communication Mode ................................................................ 1-11
Figure 1-12 H.248 Protocol Flow............................................................................. 1-13
Figure 1-13 SIP Networking .................................................................................... 1-14
Figure 1-14 SIP Distributed Architecture ................................................................. 1-15
Figure 2-1 Annex M Spectrum .................................................................................. 2-4
Figure 2-2 Annex A Spectrum .................................................................................. 2-5
Figure 2-3 Annex B Spectrum ................................................................................... 2-6
Figure 2-4 Eight Configuration Profiles...................................................................... 2-7
Figure 2-5 UPBO Principle........................................................................................ 2-8
Figure 2-6 DPBO Principle........................................................................................ 2-8
Figure 2-7 Point-to-Point Interconnection ................................................................ 2-11
Figure 2-8 Coaxial Bus Topology ............................................................................ 2-11
Figure 2-9 Star-Connected Topology....................................................................... 2-12
Figure 2-10 Process of Switching PPPoA to PPPoE ............................................... 2-13
Figure 2-11 IPoA Workflow ..................................................................................... 2-15
Figure 4-1 Downstream Frame with FEC Encoding................................................... 4-2
Figure 4-2 Upstream Frame with FEC Encoding ....................................................... 4-2
Figure 4-3 GPON Networking Modes........................................................................ 4-3
Figure 6-1 User-side Multi-PVC and Multi-Service Networking Model ....................... 6-3
Tagged) .................................................................................................. 6-4


Untagged/Priority Tagged) ...................................................................... 6-5
Figure 6-4 Networking Application in 1:1 VLAN......................................................... 6-7
Figure 6-5 Networking Application in N:1 VLAN ........................................................ 6-8
Figure 6-6 QinQ VLAN Working Principle................................................................ 6-11
Figure 6-7 Super VLAN Working Principle .............................................................. 6-12
Figure 7-1 QoS Features .......................................................................................... 7-2
Figure 7-2 SP Scheduling ......................................................................................... 7-4
Figure 7-3 WRR Scheduling ..................................................................................... 7-5
Figure 7-4 SP + WRR Scheduling............................................................................. 7-6
Figure 7-5 Traffic Monitoring Process........................................................................ 7-7
Figure 7-6 Traffic Shaping Process ........................................................................... 7-8
Figure 7-7 Location of Policy Route in the System .................................................... 7-9
Figure 8-1 Simple Routing Table ............................................................................... 8-1
Figure 8-2 NTP Working Principle ........................................................................... 8-11
Figure 10-1 MG Registration To SS Workflow ......................................................... 10-2
Figure 10-2 Multi-Service Access Equipment Dual-Homing Networking Application
Diagram................................................................................................ 10-4
Figure 10-3 Self–Exchange Networking Diagram .................................................... 10-6
Figure 11-1 DHCP Option 82 Interaction Process ................................................... 11-2
Figure 11-2 PPPoE Intermediate Agent Interaction Process.................................... 11-2
Figure 11-3 VBAS Interaction Process .................................................................... 11-3
Figure 11-4 PVLAN Communication...................................................................... 11-13
Figure 11-5 ACL Filtering Procedure ..................................................................... 11-15
Figure 11-6 ACL Working Principle ....................................................................... 11-16
Figure 11-7 RADIUS Location ............................................................................... 11-18
Figure 11-8 RADIUS Protocol Architecture............................................................ 11-20
Figure 11-9 RADIUS Authentication And Accounting Processing Flow .................. 11-21
Figure 12-1 SELT Process .................................................................................... 12-10
Figure 12-2 Line Test Working Principle ................................................................ 12-13
II

Glossary
AAA
- Authentication, Authorization and Accounting
ACL
- Access Control List
ADSL
- Asymmetric Digital Subscriber Line
AG
- Access Gateway
ARP
- Address Resolution Protocol
ATM
- Asynchronous Transfer Mode
ATU-C
- ADSL Transceiver Unit - Central
ATU-R
- ADSL Transceiver Unit - Remote
BAS
- Broadband Access Server
BGP
- Border Gateway Protocol
BPDU
- Bridge Protocol Data Unit
BRAS
- Broadband Remote Access Server
BRI
- Basic Rate Interface
BS
- Bit Switching
BSR
- Bootstrap Router
CAR
- Committed Access Rate
CDR
- Call Detail Record
III

CHAP
- Challenge Handshake Authentication Protocol
CIST
- Common and Internal Spanning Tree
CLI
- Command Line Interface
CLNS
- ConnectionLess Network Service
CNG
- Comfort Noise Generation
CO
- Central Office
CPE
- Customer Premises Equipment
CPU
- Central Processing Unit
CRC
- Cyclic Redundancy Check
CST
- Common Spanning Tree
CVLAN
- Customer Virtual Local Area Network
CoS
- Class of Service
DELT
- Dual Ended Loop Test
DH
- Diffie-Hellman
DHCP
- Dynamic Host Configuration Protocol
DNS
- Domain Name Server
DPBO
- Downstream Power Back Off
DR
- Designated Router
DSCP
- Differentiated Services Code Point
IV

Glossary
DSL
- Digital Subscriber Line
DSP
- Digital Signal Processing
DSP
- Digital Signal Processor
DTMF
- Dual-Tone Multi-Frequency
DoS
- Denial of Service
EFM
- Ethernet in the First Mile
EMS
- Element Management System
EPM
- Environment Power Monitoring
EPS
- Environment Power System
FEC
- Forward Error Correction
FEXT
- Far-End Cross Talk
FIB
- Forwarding Information Base
FTP
- File Transfer Protocol
FTTB/C
- Fiber to the Building/Curb
FTTCab
- Fiber to the Cabinet
FTTH
- Fiber to the Home
GEM
- GPON Encapsulation Method
GPON
- Gigabit Passive Optical Network
IAD
- Integrated Access Device

ICMP
- Internet Control Message Protocol
IDN
- Integrated Digital Network
IETF
- Internet Engineering Task Force
IFP
- IP Fax Protocol
IGMP
- Internet Group Management Protocol
INP
- Impulse Noise Protection
IP
- Intelligent Peripheral
IP
- Internet Protocol
IPTV
- Internet Protocol Television
IPoA
- IP over ATM
IPoE
- Internet Protocol over Ethernet
IS-IS
- Intermediate System-to-Intermediate System
ISDN
- Integrated Services Digital Network
IST
- Internal Spanning Tree
ISUP
- ISDN User Part
ITU-T
- International Telecommunication Union - Telecommunication Standardization
Sector
IUA
- ISDN User Adaptation Layer
LAN
- Local Area Network
LCP
- Link Control Protocol
VI

Glossary
LSA
- Link State Advertisement
LSDB
- Link-state Database
LSP
- Link State Packet
MAC
- Media Access Control
MD5
- Message Digest 5 Algorithm
MELT
- Metallic Line Test
MG
- Media Gateway
MGC
- Media Gateway Controller
MGCP
- Media Gateway Control Protocol
MIB
- Management Information Base
MODEM
- Modulator-Demodulator
MRU
- Maximum Receive Unit
MST
- Multiplex Section Termination
MSTP
- Multiple Spanning Tree Protocol
MVLAN
- Multicast Virtual Local Area Network
NAS
- Network Access Server
NE
- Network Element
NGN
- Next Generation Network
NMS
- Network Management System
VII

NNI
- Network Node Interface
NTP
- Network Time Protocol
OLT
- Optical Line Terminal
ONU
- Optical Network Unit
OSI
- Open System Interconnection
OSPF
- Open Shortest Path First
PAP
- Password Authentication Protocol
PDU
- Protocol Data Unit
PIM
- PA Interface Module
PIM-SM
- Protocol Independent Multicast - Sparse Mode
PMD
- Physical Medium Dependent
POP
- Post Office Protocol
POTS
- Plain Old Telephone Service
PPP
- Point-to-Point Protocol
PPPoA
- Point to Point Protocol over ATM
PPPoE
- Point to Point Protocol over Ethernet
PRI
- Primary Rate Interface
PSD
- Power Spectrum Density
PSTN
- Public Switched Telephone Network
VIII

Glossary
PTM
- Packet Transfer Mode
PVC
- Permanent Virtual Circuit
PVC
- Permanent Virtual Channel
PVLAN
- Private Virtual Local Area Network
Q-in-Q
- VLAN Tag in VLAN Tag
QAM
- Quadrature Amplitude Modulation
QoS
- Quality of Service
RADIUS
- Remote Authentication Dial In User Service
RARP
- Reverse Address Resolution Protocol
READSL2
- Reach Extended ADSL2
RFC
- Request For Comments
RFI
- Radio Frequency Interference
RIP
- Routing Information Protocol
RP
- Rendezvous Point
RS
- Regenerator Section
RS
- Reed Solomon
RSTP
- Rapid Spanning Tree Protocol
RSVP
- Resource Reservation Protocol
RTP
- Real-time Transport Protocol
IX

SCTP
- Stream Control Transmission Protocol
SDP
- Session Description Protocol
SELT
- Single Ended Loop Test
SIP
- Session Initiation Protocol
SLIC
- Subscriber Line Interface Circuit
SMI
- Structure of Management Information
SNMP
- Simple Network Management Protocol
SNP
- Sequence Num PDU
SNR
- Signal to Noise Ratio
SP
- Strict Priority
SPF
- Shortest Path First
SRA
- Seamless Rate Adaptation
SS
- Soft Switch
SSH
- Secure Shell
STB
- Set-top Box
STP
- Spanning Tree Protocol
SVC
- Switched Virtual Circuit
SVLAN
- Service Virtual Local Area Network
TACACS+
- Terminal Access Controller Access-Control System Plus

Glossary
TB
- Token Bucket
TCP
- Transmission Control Protocol
TCP/IP
- Transmission Control Protocol/Internet Protocol
TDM
- Time Division Multiplexing
TLS
- Transport Layer Security
ToS
- Type of Service
UAC
- User Agent Client
UAPS
- Uplink Auto Protection Switching
UAS
- User Agent Server
UDP
- User Datagram Protocol
UNI
- User Network Interface
UPBO
- Upstream Power Back-Off
VBAS
- Virtual Broadband Access Server
VBD
- Voiceband Data
VDSL
- Very High Speed Digital Subscriber Line
VDSL2
- Very High Bit Rate Digital Subscriber Line 2
VLAN
- Virtual Local Area Network
VOD
- Video On Demand
VPN
- Virtual Private Network
XI

VoIP
- Voice over Internet Protocol
WAN
- Wide Area Network
WRR
- Weighted Round Robin
XII

SJ-20140314093122-003-ZXA10 C300M&C350M (V4.0.1) Multi-Service Access Equipment Feature Guide

Uploaded by

Copyright:

Available Formats

SJ-20140314093122-003-ZXA10 C300M&C350M (V4.0.1) Multi-Service Access Equipment Feature Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SJ-20140314093122-003-ZXA10 C300M&C350M (V4.0.1) Multi-Service Access Equipment Feature Guide

Uploaded by

Copyright:

Available Formats

ZXA10 C300M/C350M

Multi-Service Access Equipment

Revision No. Revision Date Revision Reason

R1.0 2014-05-16 First edition

Serial Number: SJ-20140314093122-003

Publishing Date: 2014-05-16 (R1.0)

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Chapter 2 Broadband Service ................................................................... 2-1

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Chapter 3 Multicast .................................................................................... 3-1

Chapter 4 GPON Features ......................................................................... 4-1

Chapter 5 Device Management ................................................................. 5-1

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Chapter 6 VLAN .......................................................................................... 6-1

Chapter 7 QoS............................................................................................. 7-1

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Chapter 8 Protocols ................................................................................... 8-1

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Chapter 9 Uplink Interface Protection ...................................................... 9-1

Chapter 10 AG Security ........................................................................... 10-1

Chapter 11 Access Security .................................................................... 11-1

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Chapter 12 Monitoring, Operation and Maintenance ............................ 12-1

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

l Network planning engineers

Prerequisite Skill and Knowledge

What Is in This Manual

Chapter 2, Broadband Service Describes ADSL2/ADSL2+ service features, VDSL2 service

Chapter 5, Device Management Describes basic management and software version

Chapter 6, VLAN Describes VLAN architecture, user-side networking

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Chapter 8, Protocols Describes IP route selection, static route protocol, dynamic

Chapter 9, Uplink Interface Describes the uplink interface protection.

Chapter 10, AG Security Describes AG authentication, dual-homing, and

| Separates individual parameter in series of parameters.

Note: Provides additional information about a certain topic.

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

1.1 PSTN Service

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

l Internal line test simulation

Figure 1-1 PSTN Working Principle

IP: Internet Protocol

Internal Line Test Simulation

Figure 1-2 Calling Process Simulation

l Called process simulation

Figure 1-3 Called Process Simulation

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

1.2 ISDN Service

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Figure 1-4 ISDN BRI Signaling Transmission Model

ISDN: Integrated Services Digital Network MSG: Multimedia Message Gateway

IP: Internet Protocol

1.3 Fax and Modem Service

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Figure 1-5 IP-Based Fax Service Model

PSTN: Public Switched Telephone Network IP: Internet Protocol

The transmission process of the IP-based fax is as follows:

1. The facsimile sends the fax information to the MG (ZXA10 C300M/C350M).

SJ-20140314093122-003|2014-05-16 (R1.0) ZTE Proprietary and Confidential

Figure 1-6 T.30 Fax Principle