Huawei S6720-HI Series Switches Product Brochure

Huawei S6720-HI Series Switches Product Brochure

Product overview

S6720-HI series full-featured 10 GE routing switches are Huawei’s first IDN-ready fixed switches that provide 10 GE downlink ports and 40 GE/100 GE uplink ports.

S6720-HI series switches provide native AC capabilities and can manage 1K APs. They provide a free mobility function to ensure a consistent user experience and are VXLAN capable of implementing network virtualization. S6720-HI series switches also provide built-in security probes and support abnormal traffic detection, Encrypted Communications Analytics (ECA), and network-wide threat deception. The S6720-HI is ideal for enterprise campuses, carriers, higher education institutions, and governments.

Models and appearances

The following table lists the available models in the S6720-HI series.

Appearance Description

S6720-50L-HI-48S

  • 48 x 10 Gig SFP+, 6 x 40 Gig QSFP+ or 44 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2 x 100 Gig QSFP28
  • Dual pluggable power modules, 600W AC or 350W DC (no equipped power modules by default)
  • Switching capacity:2.56 Tbit/s

S6720-30L-HI-24S

  • 24 x 10 Gig SFP+, 4 40 Gig QSFP+, 2 x 100 Gig QSFP28
  • Dual pluggable power modules, 600W AC or 350W DC (no equipped power modules by default)
  • Switching capacity:2.56Tbit/s

Features and highlights

Abundant convergence features

The S6720-HI provides the integrated WLAN AC function that can manage 1,000 APs, reducing the costs of purchasing additional WLAN AC hardware. The wireless forwarding performance reaches up to 668 Gbit/s (calculated based on 1024-byte packets), breaking the forwarding performance bottleneck of an external WLAN AC. With this switch series, customers can stay ahead in the high-speed wireless era.

The S6720-HI supports SVF and functions as a parent switch. With this virtualization technology, a physical network with the ‘Small-sized core/aggregation switches + Access switches + APs’ structure can be virtualized into a ‘super switch’, offering the industry’s simplest network management solution.

Provides fine granular network management

The S6720-HI uses the Packet Conservation Algorithm for Internet (iPCA) technology that changes the traditional method of using simulated traffic for fault location. iPCA technology can monitor network quality for any service flow anywhere, anytime, without extra costs. It can detect temporary service interruptions in a very short time and can identify faulty ports accurately. This cutting-edge fault detection technology turns ‘extensive management’ to ‘fine granular management.’

The S6720-HI supports Two-Way Active Measurement Protocol (TWAMP) to accurately check any IP link and obtain the entire network’s IP performance. This protocol eliminates the need for a dedicated probe or a proprietary protocol.

Flexible Ethernet networking

In addition to traditional Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP), the S6720-HI supports Huawei-developed Smart Ethernet Protection (SEP) technology and the latest Ethernet Ring Protection Switching (ERPS) standard. SEP is a ring protection protocol specific to the Ethernet link layer and applies to various ring network topologies, such as open ring topology, closed ring topology, and cascading ring topology. This protocol is reliable, easy to maintain, and implements fast service switching within 50 ms. ERPS is defined in ITU-T G.8032. It provides millisecond-level protection switching based on traditional Ethernet MAC and bridging functions.

The S6720-HI supports Smart Link and Virtual Router Redundancy Protocol (VRRP), which implement backup of uplinks. One S6720-HI switch can connect to multiple aggregation switches through multiple links, significantly improving the reliability of access devices.

Intelligent stack (iStack)

The S6720-HI supports the iStack function that combines multiple switches into a logical switch. Member switches in a stack implement redundancy backup to improve device reliability and use inter-device link aggregation to improve link reliability. iStack provides high network scalability. You can increase a stack’s ports, bandwidth, and processing capability by simply adding member switches. iStack also simplifies device configuration and management. After a stack is set up, multiple physical switches can be virtualized into one logical device. You can log in to any member switch in the stack to manage all the member switches in it.

Cloud-based management

The Huawei cloud management platform allows users to configure, monitor, and inspect switches on the cloud, reducing on-site deployment and O&M manpower costs and decreasing network OPEX. Huawei switches support both cloud management and on-premise management modes. These two management modes can be flexibly switched as required to achieve smooth evolution while maximizing Return On Investment (ROI).

VXLAN

VXLAN is used to construct a Unified Virtual Fabric (UVF). As such, multiple service networks or tenant networks can be deployed on the same physical network, and service and tenant networks are isolated from each other. This capability truly achieves ‘one network for multiple purposes’. The resulting benefits include enabling data transmission of different services or customers, reducing the network construction costs, and improving network resource utilization. The S6720-HI series switches are VXLAN-capable and allow centralized and distributed VXLAN gateway deployment modes. These switches also support the BGP EVPN protocol for dynamically establishing VXLAN tunnels and can be configured using NETCONF/YANG.

Clock synchronization

The S6720-HI supports the IEEE 1588v2 protocol, which implements low-cost, high-precision, and high-reliability time and clock synchronization. This feature can meet strict requirements of power and transportation industry customers on time and clock synchronization.

OPS

Open Programmability System (OPS) is an open programmable system based on the Python language. IT administrators can program the O&M functions of a switch through Python scripts to quickly innovate functions and implement intelligent O&M.

Big data-powered collaborative security

Agile switches use NetStream to collect campus network data and then report such data to the Huawei Cybersecurity Intelligence System (CIS). The purposes of doing so are to detect network security threats, display the security posture across the entire network, and enable automated or manual response to security threats. The CIS delivers the security policies to the Agile Controller. The Agile Controller then delivers such policies to agile switches that will handle security events accordingly. All these ensure campus network security.

The S6720-HI supports Encrypted Communication Analytics (ECA). It uses built-in ECA probes to extract characteristics of encrypted streams based on NetStream sampling and Service Awareness (SA), generates metadata, and reports the metadata to Huawei Cybersecurity Intelligence System (CIS). The CIS uses the AI algorithm to train the traffic model and compare characteristics of extracted encrypted traffic to identify malicious traffic. The CIS displays detection results on the GUI, provides threat handling suggestions, and automatically isolates threats with the Agile Controller to ensure campus network security.

The S6720-HI supports deception. It functions as a sensor to detect threats such as IP address scanning and port scanning on a network and lures threat traffic to the honeypot for further checks. The honeypot performs in-depth interaction with the initiator of the threat traffic, records various application-layer attack methods of the initiator, and reports security logs to the CIS. The CIS analyzes security logs. If the CIS determines that the suspicious traffic is an attack, it generates an alarm and provides handling suggestions. After the administrator confirms the alarm, the CIS delivers a policy to the Agile Controller. The Agile Controller delivers the policy to the switch for security event processing, ensuring campus network security.

Intelligent O&M

The S6720-HI provides telemetry technology to collect device data in real time and send the data to Huawei campus network analyzer CampusInsight. The CampusInsight analyzes network data based on the intelligent fault identification algorithm, accurately displays the real-time network status, effectively demarcates and locates faults in a timely manner, and identifies network problems that affect user experience, accurately guaranteeing user experience.

The S6720-HI supports a variety of intelligent O&M features for audio and video services, including the enhanced Media Delivery Index (eMDI). With this eDMI function, the S6720-HI can function as a monitored node to periodically conduct statistics and report audio and video service indicators to the CampusInsight platform. In this way, the CampusInsight platform can quickly demarcate audio and video service quality faults based on the results of multiple monitored nodes.

Product specifications

Item S6720-50L-HI-48S S6720-30L-HI-24S
Fixed Ports 48 x 10 Gig SFP+, 6 x 40 Gig QSFP+ or 44 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2 x 100 Gig QSFP28 24 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2 x 100 Gig QSFP28
MAC 64K MAC address entries
IEEE 802.1d standards compliance
MAC address learning and aging
Static, dynamic, and blackhole MAC address entries
Packet filtering based on source MAC addresses
VLAN 4094 VLANs
Guest VLANs and voice VLANs
GVRP
MUX VLAN
VLAN assignment based on MAC addresses, protocols, IP subnets, policies, and ports
VLAN mapping
IP Routing Static routes, RIP v1/2, RIPng, OSPF, OSPFv3, IS-IS, IS-ISv6, BGP, BGP4+, ECMP, routing policy
Interoperability VLAN-Based Spanning Tree (VBST), working with PVST, PVST+, and RPVST
Link-type Negotiation Protocol (LNP), similar to DTP
VLAN Central Management Protocol (VCMP), similar to VTP
Wireless Service AP access control, AP domain management, and AP configuration template management
Radio management, unified static configuration, and dynamic centralized management
WLAN basic services, QoS, security, and user management
CAPWAP, tag/terminal location, and spectrum analysis
Ethernet Loop Protection RRPP ring topology and RRPP multi-instance
Smart Link tree topology and Smart Link multi-instance, providing millisecond-level protection switchover
SEP
ERPS (G.8032)
BFD for OSPF, BFD for IS-IS, BFD for VRRP, and BFD for PIM
STP (IEEE 802.1d), RSTP (IEEE 802.1w), and MSTP (IEEE 802.1s)
BPDU protection, root protection, and loop protection
MPLS MPLS L3VPN
MPLS L2VPN (VPWS/VPLS)
MPLS-TE
MPLS QoS
IPv6 Features Neighbor Discover (ND)
PMTU
IPv6 Ping, IPv6 Tracert, IPv6 Telnet
ACLs based on source IPv6 addresses, destination IPv6 addresses, Layer 4 ports, or protocol types
Multicast Listener Discovery snooping (MLDv1/v2)
IPv6 addresses configured for sub-interfaces, VRRP6, DHCPv6, and L3VPN
Multicast IGMP v1/v2/v3 snooping and IGMP fast leave
Multicast forwarding in a VLAN and multicast replication between VLANs
Multicast load balancing among member ports of a trunk
Controllable multicast
Port-based multicast traffic statistics
IGMP v1/v2/v3, PIM-SM, PIM-DM, and PIM-SSM
MSDP
Multicast VPN
QoS/ACL Rate limiting in the inbound and outbound directions of a port
Packet redirection
Port-based traffic policing and two-rate three-color CAR
HQoS
Eight queues on each port
DRR, SP, and DRR+SP queue scheduling algorithms
WRED
Re-marking of the 802.1p and DSCP fields of packets
Packet filtering at Layer 2 to Layer 4, filtering out invalid frames based on the source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP source/destination port number, protocol type, and VLAN ID
Queue-based rate limiting and shaping on ports
Security Hierarchical user management and password protection
DoS attack defense, ARP attack defense, and ICMP attack defense
Binding of the IP address, MAC address, port number, and VLAN ID
Port isolation, port security, and sticky MAC
MAC Forced Forwarding (MFF)
Blackhole MAC address entries
Limit on the number of learned MAC addresses
IEEE 802.1X authentication and limit on the number of users on a port
AAA authentication, RADIUS authentication, and HWTACACS authentication
NAC
SSH V2.0
HTTPS
CPU protection
Blacklist and whitelist
Attack source tracing and punishment for IPv6 packets such as ND, DHCPv6, and MLD packets
IPSec for management packet encryption
Reliability LACP
E-trunk
Ethernet OAM (IEEE 802.3ah and IEEE 802.1ag)
ITU-Y.1731
DLDP
LLDP
BFD for BGP, BFD for IS-IS, BFD for OSPF, BFD for static routes
VXLAN VXLAN functions, VXLAN L2 and L3 gateways, BGP EVPN
VXLAN configuration using NETCONF/YANG
SVF Acting as the parent node to vertically virtualize downlink switches and APs as one device for management
Two-layer client architecture
ASs can be independently configured. Services not supported by templates can be configured on the parent node.
Third-party devices allowed between SVF parent and clients
iPCA Marking service packets to obtain the packet loss ratio and number of lost packets in real time
Measurement of the number of lost packets and packet loss ratio on networks and devices
Management and Maintenance Cloud-based management
Virtual cable test
SNMP v1/v2c/v3
RMON
Web-based NMS
System logs and alarms of different severities
GVRP
MUX VLAN
802.3az Energy Efficient Ethernet (EEE)
NetStream
Dying gasp upon power-off
Dimensions (W x D x H) 442 mm x 420 mm x 43.6 mm 442 mm x 420 mm x 43.6 mm
Input Voltage AC:
  • Rated AC voltage: 100V to 240V; 50/60 Hz
  • Max. AC voltage: 90V to 264V; 47–63 Hz
DC:
  • Rated DC power: –48V to 60V
  • Max. DC voltage: –38.4V to 72V
Maximum Power Consumption 279W 232W
Power Consumption (30% Traffic Load) 194W 138W
Operating Temperature
  • 0m to 1,800m altitude: 0°C to 45°C
  • 1,800m to 5,000m altitude: The operating temperature reduces by 1°C for each 220m increase in altitude.
Relative Humidity 5% to 95% (non-condensing)
Heat Dissipation Heat dissipation with fan, intelligent fan speed adjustment

Networking and applications

Enterprise campus networks

Huawei S6720-HI is the first fixed agile switch with 10 GE downlink and 40 GE/100 GE uplink ports. It supports in-depth wired and wireless convergence and unified management on devices, users, and services. The S6720-HI can be used as the core device in an enterprise branch network or a small or medium-sized campus network, or as the aggregation device in a large-sized campus network. The switch helps achieve a manageable and highly reliable enterprise campus network with scalable services.

Ordering information

The following table lists ordering information of the S6720-HI series switches.

Model Product Description
S6720-50L-HI-48S S6720-50L-HI-48S (48 x 10 Gig SFP+, 6 x 40 Gig QSFP+ or 44 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2 x 100 Gig QSFP28; without power module)
S6720-30L-HI-24S S6720-30L-HI-24S (24 x 10 Gig SFP+, 4 x 40 Gig QSFP+, 2 x 100 Gig QSFP28; without power module)
PAC-600WA-B 600W AC power module
PDC-350WA-B 350W DC power module

More information

For more information about Huawei Campus Switches, visit http://e.huawei.com or contact us in the following ways:

  • Global service hotline: http://e.huawei.com/en/service-hotline
  • Log in to the Huawei Enterprise technical support website: http://support.huawei.com/enterprise/
  • Send an email to the customer service mailbox: support_e@huawei. com