Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Product Characteristics
Huawei S12700 series agile switches are core switches designed for next-generation campus networks.
- Using a fully programmable switching architecture, the S12700 series switches allow for fast, flexible function customization and support a smooth evolution to software-defined networking (SDN).
- The S12700 series switches use ethernet network processor and provide the native wireless access controller (AC) capability to help build a wired and wireless converged network. Their unified user management capabilities deliver refined user and service management, and Huawei's Packet Conservation Algorithm for Internet (iPCA) supports hop-by-hop monitoring of any service flows, helping you manage services in a more refined way.
- The S12700 series switches run Huawei Versatile Routing Platform (VRP), which provides high-performance L2/L3 switching services as well as a variety of network services, such as MPLS VPN, desktop cloud, and video conferencing.
- The S12700 series switches support CSS2 switch fabric hardware clustering (1+N backup of MPUs) and a variety of reliability technologies such as hardware Ethernet OAM, BFD, and ring network protection. These help you improve productivity and maximize network operation time, and therefore reduce the total cost of ownership (TCO).
The S12700 series switches come in four models: S12704, S12708, S12710, and S12712. The maximum numbers of line processing units and switch fabric units supported by these models are:
- S12704: 4 LPUs and 2 SFUs
- S12708: 8 LPUs and 4 SFUs
- S12710: 10 LPUs and 2 SFUs
- S12712: 12 LPUs and 4 SFUs
Make Your Network More Agile and Service-oriented
The S12700 series switches provide fully programmable interfaces, and support forwarding process customization.
- The device's flexible packet processing and traffic control capabilities help to build a highly scalable network that meets current and future service requirements. The S12700 series switches use a fully programmable architecture, on which enterprises can define their own forwarding models, forwarding behaviors, and lookup algorithms. This architecture speeds up service innovation and makes it possible to provision a new service within several months, without replacing hardware. Therefore, the S12700 series switches provide much higher flexibility than traditional with fixed forwarding architecture and fixed forwarding process (1-3 years taken for provisioning a new service).
- In addition to all the capabilities of common switches, the S12700 series switches provide fully programmable open interfaces and support programmable forwarding behaviors. Enterprises can use the open interfaces to develop new protocols and functions independently or jointly with other vendors to satisfy their needs.
Deliver Extensive Services More Efficiently
The S12700 series switches provide hardware native T-bit AC and unified user management functions, allowing for more agile service features.
- The native AC allows enterprises to build a wireless network without additional hardware AC devices. The T-bit AC capability avoids performance bottlenecks on independent AC devices and helps you better cope with challenges in the high-speed wireless access era.
- Providing the unified user management function that shields the differences of access devices in capacity and access methods. It supports PPPoE, 802.1X, MAC, and Portal authentication, and can manage users based on user groups, domains, and time ranges. These functions facilitate user and service management and enable a transformation from device-centered to user-centered management.
- The service chain function can orchestrate value-added service capabilities, such as firewall, antivirus expert system (AVE), and application security gateway (ASG). Then these capabilities can be used by campus network entities (such as switches, routers, AC, AP, and terminals), regardless of the physical locations. The service chain function allows for more flexible value-added service deployment, which reduces equipment and maintenance costs.
- The S12700 also supports 1588v2 and synchronization Ethernet, allowing high-precisionsynchronization between network devices.
Provide Fine Granular Management More Efficiently
The S12700 series switches support Packet Conservation Algorithm for Internet (iPCA) and super virtual fabric (SVF), and can manage access switches, allowing for fine-granular network management.
- iPCA technology can monitor network quality for any service flow at any network node, anytime, without extra costs. It can detect temporary service interruptions within 1 second and accurately identify faulty ports. This cutting-edge fault detection technology allows for fine granular management.
- SVF technology can virtualize fixed switches into line cards of S12700 series switches and virtualize APs into their ports. With this technology, a physical network with core/aggregation switches, access switches, and APs can be virtualized into one logical switch, offering the simplest network management solution.
- The S12700 series switches manage access switches in a similar way an AC manages APs, removing the configuration workload on access switches. They manage access switches and APs uniformly over CAPWAP tunnels, implementing Zero Touch Provisioning (ZTP) of access switches and APs.
Industry-Leading Line Cards
Industry-leading line cards of the S12700 series switches support large table sizes and provide low-latency forwarding of heavy traffic.
- The S12700 series switches support several million hardware entries, leaving traditional switches far behind. The S12700 series switches provide large routing tables for metro core layer of television broadcasting or education network and fine granular traffic statistics collection for education campus networks and large-scale enterprise campus networks.
- The S12700 series switches provide a large buffer size on each line card to prevent packet loss upon traffic bursts, delivering high-quality video services.
- The S12700 series switches support high-density cards, such as 48*10GE, 16*40GE, and 8*100GE cards. These large port capacities meet the requirements of bandwidth-consuming applications, such as multimedia video conferencing, and provide investment protection for customers.
Device-Level End-to-End Reliability Design: CSS2 Switch Fabric Hardware Clustering
The S12700 series switches use CSS2 switch fabric hardware clustering, a second-generation CSS technology.
- CSS2 technology connects member switches through hardware channels of switch fabric units. Therefore, control packets and data packets of a cluster only need to be forwarded once by the switch fabric units and do not go through line cards. Compared to traditional service port clustering, CSS2 minimizes the impact of software failures, reduces the risks of service interruption caused by line cards, and significantly shortens the transmission latency.
- CSS2 supports 1+N backup of MPUs. This means a cluster can run stably as long as one MPU in either member chassis is working normally. In a cluster connected by service ports, each chassis must have at least one MPU working normally. Therefore, CSS2 is more reliable than traditional service port clustering technology.
Network-Level Reliability Design: End-to-End Hardware Protection Switching
The S12700 series switches use a series of link detection and protection switching technologies, such as hardware Eth-OAM, BFD, G.8032, and Smart Ethernet Protection (SEP). These technologies help build a campus network that responds quickly to topology changes and provides the most reliable services.
Comprehensive Security Measures
- Supporting MAC security (MACsec) that enables hop-by-hop secure data transmission. Therefore, the S12700 series switches can be applied to scenarios that pose high requirements on data confidentiality, such as government and finance sectors.
- Providing innovative next-generation environment awareness and access control. It identifies the application-layer attacks and protects network-layer applications based on application type, content, time, user, threat, and location.
- The dedicated software and hardware platforms provide an Intelligent Aware Engine (IAE) to perceive application information when all security functions are enabled. The built-in hardware accelerator for content detection improves application-layer protection efficiency and ensures the 10G+ performance when all security functions are enabled.
- NGFW is a next-generation firewall card that can be installed on S12700 series switches. In addition to the traditional defense functions such as firewall, identity authentication, and Anti-DDoS, the NGFW supports IPS, anti-spam, web security, and application control functions.
Cloud-based Management
In Huawei CloudCampus Solution, switches can be managed by the management and control system (CloudCampus@AC-Campus for switches running V200R019C00 and earlier versions; iMaster NCE-Campus for switches running V200R019C10 and later versions).
- The switches are plug-and-play.
- The switches can automatically connect to the management and control system and use bidirectional certificate authentication to ensure management channel security.
- The switches provide the NETCONF and YANG interfaces, through which the management and control system delivers configurations to them.
- Remote maintenance and fault diagnosis can be performed on the switches using the management and control system.
VXLAN
The S12700 series switches are VXLAN-capable and allow centralized and distributed VXLAN gateway deployment modes. These switches also support the BGP EVPN protocol for dynamically establishing VXLAN tunnels and can be configured using NETCONF or YANG. VXLAN is used to construct a Unified Virtual Fabric (UVF). As such, multiple service networks or tenant networks can be deployed on the same physical network, and service and tenant networks are isolated from each other. This capability truly achieves 'one network for multiple purposes'. The resulting benefits include enabling data transmission of different services or customers, reducing the network construction costs, and improving network resource utilization.
OPS
Open Programmability System (OPS) is an open programmable system based on the Python language. IT administrators can program the O&M functions of a switch through Python scripts to quickly innovate functions and implement intelligent O&M.
Intelligent Diagnosis
Open Intelligent Diagnosis System (OIDS) integrates the device health monitoring and fault diagnosis functions - that are typically deployed on a Network Management System (NMS) - into the switch software to implement intelligent diagnosis on a single switch. After OIDS is deployed on a switch, the switch periodically collects and records the running information and automatically determines whether a fault occurs. If a fault occurs, the switch automatically locates the fault or helps locate the fault. All these merits increase fault locating efficiency of O&M staff while improving device maintainability.