Product features and highlights
Enabling networks to be more agile for services
The high-speed network processor embedded in the S5730-HI is tailored for Ethernet. The chip’s flexible packet processing and traffic control capabilities can meet current and future service requirements, helping build a highly scalable network.
In addition to capabilities of traditional switches, the S5730-HI provides open interfaces and supports user-defined forwarding behavior. Enterprises can use the open interfaces to develop new protocols and functions independently or jointly with equipment vendors to build campus networks meeting their own needs.
S5730-HI series switches can define their own forwarding models, forwarding behavior, and lookup algorithms. Microcode programmability makes it possible to provide new services within six months, without the need of replacing the hardware. In contrast, traditional ASIC chips use a fixed forwarding architecture and follow a fixed forwarding process. For this reason, new services cannot be provisioned until new hardware is developed to support the services one to three years later.
Delivering abundant services more agilely
The S5730-HI provides the integrated WLAN AC function that can manage 1,000 APs, reducing the costs of purchasing additional WLAN AC hardware. The wireless forwarding performance reaches up to 543 Gbit/s (calculated based on 1024-byte packets), breaking the forwarding performance bottleneck of an external WLAN AC. With this switch series, customers can stay ahead in the high-speed wireless era.
With the unified user management function, the S5730-HI authenticates both wired and wireless users, ensuring a consistent user experience no matter whether they are connected to the network through wired or wireless access devices. The unified user management function supports various authentication methods, including 802.1x, MAC address, and Portal authentication, and is capable of managing users based on user groups, domains, and time ranges. These functions visualize user and service management and boost the transformation from device-centric management to user-centric management.
The S5730-HI provides excellent Quality of Service (QoS) capabilities and supports queue scheduling and congestion control algorithms. Additionally, it adopts innovative priority queuing and multi-level scheduling mechanisms to implement fine-grained scheduling of data flows, meeting the service quality requirements of different user terminals and services.
Providing fine-grained network management more agilely
The S5730-HI uses the Packet Conservation Algorithm for Internet (iPCA) technology that changes the traditional method of using simulated traffic for fault location. iPCA technology can monitor network quality for any service flow anywhere and anytime, without extra costs. It can detect temporary service interruptions in a very short time and can identify faulty ports accurately. This cutting-edge fault detection technology turns ‘extensive management’ to ‘fine granular management.’
The S5730-HI supports Two-Way Active Measurement Protocol (TWAMP) to accurately check any IP link and obtain the entire network’s IP performance. This protocol eliminates the need to use a dedicated probe or a proprietary protocol.
The S5730-HI supports SVF and functions as a parent switch. With this virtualization technology, a physical network with the ‘Small-sized core/aggregation switches + Access switches + APs’ structure can be virtualized into a ‘super switch’, greatly simplifying management.
With the Easy Deploy function, the S5730-HI manages access switches in a similar way an AC manages APs. In deployment, access switches and APs can go online with zero-touch configuration. In the Easy Deploy solution, the Commander collects topology information about the connected clients and stores the clients’ startup information based on the topology. Clients can be replaced with zero-touch configuration. The Commander can deliver configurations and scripts to clients in batches and query the delivery results. In addition, the Commander can collect and display information about power consumption on the entire network.
Comprehensive VPN technologies
The S5730-HI supports the MPLS function, and can be used as access devices of high-quality enterprise leased line. The S5730-HI allows users in different VPNs to connect to the same switch and isolates users through multi-instance routing. Users in multiple VPNs connect to a Provider Edge (PE) device through the same physical port on the switch, which reduces the cost of VPN network deployment.
Flexible Ethernet networking
In addition to traditional Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP), the S5730-HI supports Huawei-developed Smart Ethernet Protection (SEP) technology and the latest Ethernet Ring Protection Switching (ERPS) standard. SEP is a ring protection protocol specific to the Ethernet link layer, and applies to various ring network topologies, such as open ring topology, closed ring topology, and cascading ring topology. This protocol is reliable, easy to maintain, and implements fast protection switching within 50 milliseconds. ERPS is defined in ITU-T G.8032. It implements millisecond-level protection switching based on traditional Ethernet MAC and bridging functions.
The S5730-HI supports Smart Link and Virtual Router Redundancy Protocol (VRRP), which implement backup of uplinks. One S5730-HI switch can connect to multiple aggregation switches through multiple links, significantly improving the reliability of access devices.
The S5730-HI has large entry sizes and 512 MB buffers, coping with the fast growth of data volume in the big data era. With the support for 256K MAC addresses, 512K FIB entries, the S5730-HI meets the requirements of educational networks and metro area networks and allows the access of a large number of terminals. The S5730-HI is the best choice in the cloud computing era.
Various security control methods
The S5730-HI supports 802.1x authentication, MAC address authentication, Portal authentication, and hybrid authentication, and can dynamically delivery user policies such as VLANs, QoS policies, and Access Control Lists (ACL). It also supports user management based on user groups.
The S5730-HI provides a series of mechanisms to defend against DoS and user-targeted attacks. DoS attacks are targeted at switches and include SYN flood, Land, Smurf, and ICMP flood attacks. User-targeted attacks include bogus DHCP server attacks, IP/MAC address spoofing, DHCP request flood, and change of the DHCP CHADDR value.
The S5730-HI sets up and maintains a DHCP snooping binding table, and discards the packets that do not match the table entries. You can specify DHCP snooping trusted and untrusted ports to ensure that users connect only to the authorized DHCP server.
The S5730-HI supports strict ARP learning, which prevents ARP spoofing attackers from exhausting ARP entries.
Mature IPv6 features
The S5730-HI is developed based on the mature, stable VRP and supports IPv4/IPv6 dual stacks, IPv6 routing protocols (RIPng, OSPFv3, BGP4+, and IS-IS for IPv6). With these IPv6 features, the S5730-HI can be deployed on a pure IPv4 network, a pure IPv6 network, or a shared IPv4/IPv6 network, helping achieve IPv4-to-IPv6 transition.
Intelligent Stack (iStack)
The S5730-HI supports the iStack function that combines multiple switches into a logical switch. Member switches in a stack implement redundancy backup to improve device reliability and use inter-device link aggregation to improve link reliability. iStack provides high network scalability. You can increase a stack’s ports, bandwidth, and processing capacity by simply adding member switches. iStack also simplifies device configuration and management. After a stack is set up, up to nine physical switches can be virtualized into one logical device. You can log in to any member switch in the stack to manage all the member switches in the stack.
PoE++ power supply
The S5730-HI series PoE switches provide a maximum of 60W PoE output power on a single interface, and can provide power for high-power terminals such as APs and surveillance cameras. This solves the problem of power supply in specific scenarios.
Perpetual PoE
When a PoE switch is rebooted after the software version is upgraded, the power supply to PDs is not interrupted. This capability ensures that PDs are not powered off during the switch reboot.
Fast PoE
PoE switches can supply power to PDs within 10 seconds after they are powered on. This is different from common switches that generally take 1 to 3 minutes to start to supply power to PDs. When a PoE switch reboots due to a power failure, the PoE switch continues to supply power to the PDs immediately after being powered on without waiting until it finishes reboot. This greatly shortens the power failure time of PDs.
VXLAN features
VXLAN is used to construct a Unified Virtual Fabric (UVF). As such, multiple service networks or tenant networks can be deployed on the same physical network, and service and tenant networks are isolated from each other. This capability truly achieves ‘one network for multiple purposes’. The resulting benefits include enabling data transmission of different services or customers, reducing the network construction costs, and improving network resource utilization. The S5730-HI series switches are VXLAN-capable and allow centralized and distributed VXLAN gateway deployment modes. These switches also support the BGP EVPN protocol for dynamically establishing VXLAN tunnels and can be configured using NETCONF/YANG.
Big data-powered collaborative security
Agile switches use NetStream to collect campus network data and then report such data to the Huawei Cybersecurity Intelligence System (CIS). The purposes of doing so are to detect network security threats, display the security posture across the entire network, and enable automated or manual response to security threats. The CIS delivers the security policies to the Agile Controller. The Agile Controller then delivers such policies to agile switches that will handle security events accordingly. All these ensure campus network security.
The S5730-HI supports Encrypted Communication Analytics (ECA). It uses built-in ECA probes to extract characteristics of encrypted streams based on NetStream sampling and Service Awareness (SA), generates metadata, and reports the metadata to Huawei Cybersecurity Intelligence System (CIS). The CIS uses the AI algorithm to train the traffic model and compare characteristics of extracted encrypted traffic to identify malicious traffic. The CIS displays detection results on the GUI, provides threat handling suggestions, and automatically isolates threats with the Agile Controller to ensure campus network security.
The S5730-HI supports deception. It functions as a sensor to detect threats such as IP address scanning and port scanning on a network and lures threat traffic to the honeypot for further checks. The honeypot performs in-depth interaction with the initiator of the threat traffic, records various application-layer attack methods of the initiator, and reports security logs to the CIS. The CIS analyzes security logs. If the CIS determines that the suspicious traffic is an attack, it generates an alarm and provides handling suggestions. After the administrator confirms the alarm, the CIS delivers a policy to the Agile Controller. The Agile Controller delivers the policy to the switch for security event processing, ensuring campus network security.
Open Programmability System
Open Programmability System (OPS) is an open programmable system based on the Python language. IT administrators can program the O&M functions of a switch through Python scripts to quickly innovate functions and implement intelligent O&M.
Adapting to network evolution
The S5730-36C/60C-HI series switches provide a buffer size of 4 GB and an SSD storage card slot (240 GB) for VNF evolution.
Intelligent O&M
The S5730-HI provides telemetry technology to collect device data in real time and send the data to Huawei campus network analyzer CampusInsight. The CampusInsight analyzes network data based on the intelligent fault identification algorithm, accurately displays the real-time network status, effectively demarcates and locates faults in a timely manner, and identifies network problems that affect user experience, accurately guaranteeing user experience.
The S5730-HI supports a variety of intelligent O&M features for audio and video services, including the enhanced Media Delivery Index (eMDI). With this eDMI function, the switch can function as a monitored node to periodically conduct statistics and report audio and video service indicators to the CampusInsight platform. In this way, the CampusInsight platform can quickly demarcate audio and video service quality faults based on the results of multiple monitored nodes.