Analysis of mainstream core route switches in the market

Core route switches are worth learning. Here we mainly introduce the mainstream core route switches in the market, RG-S7600 series of Core routing switch is the ruijie Network launched by the business as the core, for the next generation of network 10-Gigabit Backbone Routing Switch, provides large capacity, high density, modular architecture, based on the stable, reliable, and secure high-performance L2/L3 switching service, the service provides powerful multicast functions, policy-based QOS, effective security management mechanisms, and highly reliable carrier-level design.

It can meet the networking requirements of various types of business load integration and flexible business classification and shunting of modern networks. It can be flexibly configured according to users' needs to build an elastic and scalable modern IP network. RG-S7600 series core route switch is one of the most advanced products of ruijie network, the powerful exchange routing function, security intelligence technology can work with the ruijie series switch, to provide users with a complete end-to-end solution, it is an ideal choice for small network cores and large network backbone switches.

Product Features

RG-S7600 series Core routing switch currently provides S76044 slot), S76066 slot), S7610 (10 slot) 3 modular products, can meet the needs of enterprises of different sizes of different network layers, at the same time, these modular rack switches use a unified hardware and software platform, fully compatible with line cards, and the same software version as the high-end product RG-S8600/S9600 for the 100,000 MB platform, it can adapt to evolving enterprise networks and fully protect users' investment.

High Security Measures

1. Physical Security:

RG-S7606/S7610 provides redundant management module, redundant power module, various modules hot plugging and other physical security measures. The host detects the CPU usage status in real time and provides the industry-leading hardware CPU Protection Technology CPP and CPU Protect Policy). CPP technology distinguishes the data sent to the CPU and throttling speed, avoid CPU attacks and resource consumption caused by Invalid attack packets.

2. Protection against viruses and Attacks:

In the face of the current network environment more and more network viruses and attack threats, RG-S7600 Core routing switches provide powerful network viruses and attack protection capabilities: Provide the industry's most powerful ACL features, based on SPOH technology, it provides a wide range of ACL technologies, such as IP standard, IP extension, MAC extension, time, and expert-level, and supports input and output ACLs in IPV4/IPV6 Dual-stack. Supports hardware protection against source IP address spoofing, DOS/DDOS attacks, IP scanning, and other functions. It provides multi-port synchronous monitoring technology, supports flexible network monitoring, and improves network monitoring capabilities.

3. device management security:

Provides SSH encrypted login and management functions to avoid potential threats caused by management of plaintext transmission of information. The source IP address restriction function for Telnet/Web login prevents unauthorized personnel from managing network devices, SNMPV3 provides encryption and authentication functions: ensure that data is sent from a valid data source engine ID); Ensure that data is not tampered with during transmission using MD5 and SHA authentication protocols); encrypt packets, ensures data confidentiality Using the DES56 encryption protocol)

4. Access Security:

Hardware supports binding IP, MAC, and port to improve user access control capabilities. Supports 802.1X technology, meets access restrictions on six elements, and supports IGMP source port check, which can effectively control illegal multicast sources and improve network security. IGMPV3 allows you to advertise the addresses of multicast sources that the host wants to receive. This prevents illegal multicast data streams from occupying network bandwidth and isolates information exchange between users through PVLAN without occupying VLAN resources. The port MAC address lock and port MAC address access quantity function can shield access from illegal hosts. Dynamic ARP detection (DAI): Combined with DHCP snooping databases, detects the security of forwarded ARP packets, discards invalid ARP packets, and prevents man-in-the-middle attacks.

Rich Application Support Technologies

1. provides comprehensive QOS Technologies

Flexible stream classification: In addition to stream classification based on IP Precedence, 802.1 P, and DSCP, you can also perform stream classification based on expert-level ACL, IP extension ACL, IP standard ACL, and MAC extension ACL.

Multiple Queue technologies: Urgent Queue, Protocol Queue, hardware Queue, FIFO, PQ, CQ

Congestion Management and Control Technologies: SP, RR, WRR, DRR, SP + WRR, SP + DRR, CBQ, WFQ, CBWFQ, LLQ, WRED, CAR, LRIn \ Out), Traffic ShapingGTS), HOL, RSVP, etc.

2. Multiple Multicast support technologies, including IGMP snooping, IGMP, PIMSSM, SM, and DM, and DVMRP ensure that the bandwidth used for multicast service in the network is reasonably occupied, it also provides support for IGMP Source Port Check, Source IP check, IGMP filtering, and other functions to shield illegal multicast sources.

Full IPv6 support

Supports multiple IPv6 transition technologies, such as dual-stack, NAT-PT, Manual Tunnel, GRE tunnel, ISATAP, and 6to4 tunnel, it can effectively meet the transition from an IPv4 network to an IPv6 network. Support a variety of IPv6 routing technology, such as static routing, equivalent routing, Policy Routing, OSPFV3, RIPng, BGP4 +, IS-ISv6 and other routing technology, to meet the future large-scale IPv6 network deployment, in addition, it also supports many IPV6-related technologies such as automatic Address Configuration, ICMPv6, ICMPv6 redirection, DHCPv6, ACL for ipv6, and TCP/UDP for IPv6. ,

With full support for IPv6, the existing investment is protected to the maximum extent, so that the current IPv4 network can be smoothly migrated to IPv6. At the same time, AISC-based hardware IPv6 forwarding can meet the needs of large-scale IPv6 applications in the future.

Extended Routing Technology

1. default route configuration based on each SVI Interface

The default routing priority based on the SVI interface is higher than the default routing priority based on the entire machine. Therefore, this function can be used to set backup lines for the default routing.

2. ECMP/WCMPEqual-Cost Multipath Routing/Weight-Cost Multipath Routing)

In a network environment where multiple links reach the same destination address, if the traditional routing technology is used, packets sent to the destination address can only use one of the links, other links are in the backup or invalid state, and switching between them takes some time in the dynamic routing environment, while ECMP and WCMP) in this network environment, multiple links can be used at the same time, which not only increases the transmission bandwidth, but also enables data transmission of failure links to be backed up without delay or packet loss.

3. Policy Routing Based on the destination IP address

In a network environment where multiple links reach the same destination address, you can use a policy route based on the destination IP address to achieve equivalent load balancing and mutual backup between multiple links.

4. Policy Routing

In a network environment with multiple links arriving at the same destination address, the policy Core routing switch function allows you to flexibly select multiple egress links based on the characteristics of the data packet source IP address, destination IP address, protocol field, TCP/UDP source port number, and TCP/UDP destination port number. and mutual backup.