Shulou(Shulou.com)06/03 Report--

The security industry is an industry that arises at the historic moment with the security needs of modern society. It can be said that as long as there are criminal and unstable factors in society, the security industry will exist and develop. Facts have proved that the social crime rate is often not reduced because of social development and economic prosperity. If developed countries such as Europe and the United States do not have a security prevention system based on high-tech technology, their social crime rate may be several times or even dozens of times higher than it is now. The kind of "folklore" that "keeps the door open at night and keeps track of the road" is actually just a good wish. Since this industry has been born, it will not die. At present, the rising demand for equipment in the security market is still one of the fastest growing markets. Today, with the rapid development of the security industry, how to establish a high-quality network for security equipment is also a hot topic.

H3C MS series security switch is a dedicated Ethernet switch independently developed by Xinhua San for security monitoring field, with strong hardware processing capacity, rich general business functions and security features. MS series security switch port shape covers full gigabit and 10 Gigabit uplink, meeting the diversified and professional needs of basic IP bearer network of different stream monitoring network and Internet of things. At the same time, H3C MS series security switch adopts brand-new energy-saving chip and innovative architecture design, which is an ideal bearing platform for building green, environmentally friendly and energy-saving monitoring network and IoT network.

Today, we mainly introduce four H3C products: MS4024P and MS4024P-PWR are two 24-port products, the difference is to support POE power supply, MS4300V2-28 and MS4520V2-24TP are two 28-port products, the difference is in port shape, switching capacity and packet forwarding rate, for more details, let's compare them one by one below.

Product appearance

H3C MS4024P switch product body drawing

The outer dimension of H3C MS4024P is 440x238x44 (mm), that is, 1U height, in which the front panel contains 24 10/100/1000MBase-T Ethernet ports and two 1000Base-X SFP ports (two gigabit uplink optical ports), which meets the high bandwidth requirements of the security monitoring network.

H3C MS4024P switch is easy to operate, supports WEB setting, meets the construction needs of high-performance monitoring network with simple network strategy deployment, integrates professional lightning protection circuit, provides professional protection of lightning protection level 4, common-mode protection 9KV, and supports dial switch to meet the needs of simple network deployment and high-performance monitoring.

H3C MS 4024P supports IEEE802.3 10BaseMurt and IEEE 802.3x and IEEE802.3ab 1000Base-T protocols, and adopts shared cache architecture, which expands the available cache space of each port by several times, which can greatly enhance the forwarding performance of burst heavy traffic.

H3C MS4024P-PWR

H3C MS4024P-PWR switch product body drawing

Compared with H3C MS4024P, H3C MS4024P-PWR only adds PoE power supply function, and other functions are the same. H3C MS4024P-PWR can directly supply power for security monitoring equipment, reduces the construction of deploying strong electricity, and conforms to the current weak current design code.

H3C MS4520V2-24TP

H3C MS4520V2-24TP product body drawing

H3C MS4520V2-24TP security switch is a private Ethernet convergence switch independently developed by H3C company for IP security field. It is equipped with 12 100/1000BASE-X SFP ports, 8 10/100/1000BASE-T ports and 4 1ram 10G BASE-X SFP+ ports, switching capacity 598Gbps/5.98Tbps, packet forwarding rate 96Mpps. In addition, in order to meet the expansion needs of users, the MS4520V2-24TP security switch is also equipped with a Console port and a mini USB console port.

Based on the industry-leading high-performance hardware architecture and H3C advanced Commware software platform development, MS4520V2-24TP series security switches have advanced hardware processing capabilities, rich general business functions and security monitoring features. The port shape covers independent full gigabit optical ports and supports high-density and high-performance 10 Gigabit port uplink capabilities. To meet the diversified and professional needs of different stream monitoring networks and the Internet of things for the basic IP bearer network.

At the same time, H3C MS4520V2-24TP security switch adopts brand-new energy-saving chips and innovative architecture design, which is an ideal bearing platform for building green, environmentally friendly and energy-saving security monitoring network and IoT network.

MS4300V2-28P

H3C MS4300V2-28p product body drawing

The MS4300V2-28p adopts 1U high-end design, in which the front panel contains 24 10/100/1000BASE-T ports and 4 100/1000Base-X ports, the switching capacity of the whole machine reaches 256Gbps/2.56Tbps, the packet forwarding rate reaches 51Mpps, and it is also equipped with a Console port.

Contrast

Simple operation

MS4300V2-28p has a web operation page that requires only a few simple lines of command:

We connect one end of the network cable to any switch port of the device; the other end is connected to the computer's network card interface, open the browser, the WEB management address is: http://192.168.31.201. Then you can see the interface shown in the following figure:

Rich software features

H3C MS4300V2 series security switches integrate rich Ethernet communication protocols such as switching, basic routing and security.

Support a complete Ethernet layer 2 feature set. Support 802.1Q VLAN, support protocol-based VLAN,Voice VLAN,Guest VLAN, support QINQ, flexible QINQ and multicast VLAN. STP/RSTP/MSTP and 802.3x flow control protocols support QoS congestion management to ensure the transmission of key monitoring data by classifying and prioritizing data, supporting layer 2 features such as LLDP link layer discovery protocol, LACP link aggregation control protocol, DLDP equipment link detection protocol and broadcast storm suppression, and layer 2 multicast.

Support complete Ethernet layer 3 feature set, H3C MS4300V2 series support IPv4/IPv6 static routing, support IPv4 and IPv6 dual protocol stack. Support IGMP Snooping, support DHCP dynamic host configuration protocol, support DHCP Client, DHCP Server, DHCP Snooping and Dhcp relay option82, support DNS domain name resolution system.

Support RRPP ring technology: RRPP is a link layer protocol dedicated to Ethernet rings. It can prevent the broadcast storm caused by the data loop when the Ethernet ring is complete, and when a link on the Ethernet ring is disconnected, it can quickly enable the backup link to ensure the maximum connectivity of the ring. Compared with STP protocol, RRPP protocol has the following advantages: the topology convergence speed is faster (lower than 50ms); the convergence time is independent of the number of nodes in the ring network; in the intersecting ring topology, the change of one ring topology will not cause the topology oscillation of other rings, and the data transmission is more stable; it supports the load sharing of the RRPP ring network and makes full use of the bandwidth of the physical link.

Support a complete set of Ethernet security features. Through multi-level security protection mechanism, virus transmission and network traffic attacks are effectively suppressed. Support layer 2-4 ACL control, support CPU and ARP attack protection, support DoS attack protection. IEEE 802.1x supports port-based dynamic security and provides user authentication. TACACS+ and RADIUS authentication provides centralized control of the switch and prevents unauthorized users from changing the configuration. Support for rapid deployment of Endpoint admission Control (EAD). Support the validation of SAVI source address in IPV6 environment.

Integrated professional lightning protection circuit, H3C MS4300V2-28p common mode lightning protection can reach the professional protection level of 9KV.

Monitor business feature set

In the digital video surveillance system, the video stream enters the switch from the camera, the direction of the traffic is from the bottom up, and the data packets are transmitted in long messages and bursts. In view of this difference, H3C MS4300V2 series security switches provide an intelligent cache allocation and management mechanism to increase the number of bursts supported by the upstream port of the switch downlink. Reduce the probability of delay, frame loss and stutter, support monitoring service fault location components, and analyze packet loss and connectivity problems in the network in real time.

IRF2 (second Generation Intelligent Elastic Architecture)

H3C MS4320V2 security switch supports IRF2 (second Generation Intelligent Elastic Architecture) technology, which connects nine physical devices to each other and makes them virtual as one logical device, that is, users can manage and use these nine devices as a single device. IRF can bring the following benefits to users:

Simplified management: after the IRF architecture is formed, you can connect to any port of any device to log on to a unified logical device. Through the configuration of a single device to achieve the effect of managing the entire intelligent elastic system and all member devices in the system, instead of physically connecting to each member device, configuring and managing them respectively.

Simplify business: various control protocols running in the logic devices formed by IRF also run as a single device, for example, routing protocols will be calculated as a single device, while with the application of cross-device link aggregation technology, the original spanning tree protocol can be replaced, which can save a large number of protocol messages interaction between devices, simplify network operation, and shorten the convergence time when the network is unstable.

Flexible expansion: flexible expansion can be achieved according to user needs to ensure user investment. When the new devices join or leave the IRF architecture, they can be "hot-swappable" without affecting the normal operation of other devices.

High reliability: the high reliability of IRF is reflected in three aspects: link, equipment and protocol. Physical ports between member devices support aggregation, and physical connections between IRF systems and upper and lower layer devices also support aggregation, which improves the reliability of links through multi-link backup. The IRF system is composed of several member devices. Once the Master equipment fails, the system will quickly and automatically elect a new Master to ensure that the business of the system will not be interrupted, thus realizing the device-level 1Master backup. The IRF system will have a real-time protocol hot backup function that is responsible for backing up the configuration information of the protocol to all other member devices, so as to achieve the protocol reliability of 1 N.

High performance: for high-end switches, the improvement in performance and port density is limited by the hardware structure. The performance and port density of IRF system is the sum of the performance and port number of all devices in IRF. Therefore, IRF technology can easily expand the switching capacity of the equipment and the density of user ports by several times, thus greatly improving the performance of the equipment.

Complete security control strategy

Support the innovative single-port multi-authentication Triple function. In the monitoring network environment, different monitoring devices support different access authentication methods. For example, some monitoring devices can only authenticate MAC addresses, some monitoring devices can carry out 802.1X authentication, and some monitoring devices only want to authenticate Portal through Web access. In order to flexibly adapt to the multi-authentication needs of monitoring equipment, MS4300V2 series security switches support single-port multi-authentication unified deployment mode, so that users can choose any suitable authentication mechanism for authentication, and only through one way of authentication to achieve access. The client provides Guest Vlan function, so that the authorized access end can only access specific resources, and will adopt corresponding policies, such as obtaining 802.1x client, upgrading client or other upgrade procedures, and so on. Support for Secure Shell V2 (SSH V2) features can provide secure information assurance and powerful authentication functions to protect Ethernet switches from attacks such as IP address fraud, plaintext password interception, and so on.

ARP attack and ARP virus are the first major threats to LAN security. H3C MS4300V2 series security switches support rich ARP defense functions, such as ARP Detection, user legitimacy check and ARP message validity check, ARP speed limit, avoiding the impact of a large number of ARP messages on CPU, and so on.

Support the EAD (terminal admission control) function, and cooperate with the background system to integrate terminal security measures such as terminal antivirus and patch repair with network access control and access control into a linkage security system, through the inspection, isolation, repair, management and monitoring of network access terminals. It changes the whole network from passive defense to active defense, from single point defense to comprehensive defense, and from decentralized management to centralized policy management, which improves the overall defense capability of the network against emerging security threats such as viruses and worms.

Rich QoS strategy

Supports L2 (Layer 2) ~ L4 (Layer 4) packet filtering and provides flow classification based on source MAC address, destination MAC address, source IP address, destination IP address, TCP/ UDP port number, protocol type, and VLAN. It provides flexible queue scheduling algorithm, which can be set based on port and queue at the same time, and supports three modes: SP, WRR and SP+WRR. At the same time, it also supports bidirectional ACL in inbound / outbound direction, traffic supervision CAR function, port / flow mirroring in outbound / inbound direction, which is used to monitor messages on designated ports and copy packets on ports to monitoring ports for network detection and troubleshooting. It also supports sFlow function to sample data packets on the network and accurately monitor network traffic on a gigabit / 10 gigabit high-speed network, which is used for statistical analysis and control of network traffic.

Three-tier function

Support three-layer functions, support static routing, RIP, OSPF and other routing protocols, support the provision of three-layer routing interfaces.

High reliability

Multiple reliability protection at device level and link level. The hardware supports overcurrent protection, overvoltage protection and overheat protection technology, supports fault detection and alarm of power supply and fan, and can automatically adjust the speed of fan according to the change of temperature, which improves the reliability of the product.

In addition to device-level reliability, the product also supports a wealth of link-level reliability technologies, including protection protocols such as LACP/STP/RSTP/MSTP/Smart Link. Support IRF2 intelligent elastic architecture, support 1 N redundant backup, support ring stacking, support cross-device link aggregation, greatly improve network reliability, and do not affect the convergence time of the network when the burst traffic on the monitoring network is large, to ensure the normal development of business.

Log collection

H3C MS4300V2 series security switch, you can collect logs to the relevant servers to save. Conduct related log analysis.

Green energy saving

H3C MS4300V2 series security switches adopt the latest energy-saving chips and innovative architecture design schemes to achieve the lowest power consumption of the switches, and some models achieve fan-free mute design, bringing users new green, environmentally friendly and energy-saving network access products and reducing user maintenance costs.

At the same time, H3C MS4300V2 series security switches adopt a variety of green energy-saving designs, including auto-power-down (Port automatic Energy Saving). If the interface status is always down for a period of time, the system automatically stops supplying power to the interface and automatically enters the energy-saving mode. EEE energy-saving feature is supported. If the port is idle for a continuous period of time, the system will set the port to energy-saving mode. When messages are sent and received, the port will be awakened by regular monitoring code stream to restore business, so as to achieve the effect of energy saving and meet the environmental protection of materials and the RoHS standards of China and EU.

Performance testing

For the switch, packet loss rate and throughput are the more important parameters in the switch index. Below, we use the performance test tool iperf to test H3C MS4300V2.

Iperf is a network performance testing tool. Iperf can test maximum TCP and UDP bandwidth performance, has a variety of parameters and UDP characteristics, can be adjusted as needed, and can report bandwidth, delay jitter, and packet loss.

Start iperf to simulate as serevr on a host

10-second throughput test, send 1 G of data, port transmission speed up to 919M/s.

Continuously carry out 20s pressure test, send data up to 2G, and the port rate reaches the average 881M/s.

Continuous 100s pressure test, transfer data 11G, reach average speed 940M/S

The average throughput is 12.5G and the average speed is 897.5M/S after 2 minutes of continuous testing.

Summary

With the modernization and rapid economic development in various places, as well as the support of national policies. The necessity of building a harmonious society is growing day by day. As a powerful measure to protect the safety of residents' life and property, security monitoring system has naturally become an important part of it. From large smart cities and safe cities to intelligent transportation, park monitoring, scenic spot monitoring, and even building monitoring, electronic police, illegal monitoring and so on, it can be said that the monitoring system has been everywhere around us. According to the needs and trends of the security industry, H3C deeply analyzed the characteristics and future development of the security industry, and creatively launched a new generation of MS security switches. In the large-scale security video surveillance network, MS4520V2-24TP, MS4300V2-28p and MS4024P can be used as the core, convergence and access network equipment, respectively, helping the security industry to create efficient, easy-to-use, stable and reliable solutions.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.