Nokia 7210

[Lacy Tortelli]

The7210 SAS product family provides the deployment flexibility, service richness and reliability you need to extend segment routing, IP/MPLS, and Carrier Ethernet to the access points of your network. With a wide variety of platforms, it is used for business VPN, residential broadband, demarcation, and mobile backhaul, and is also widely used in industry, public sector and enterprise applications.

Ready your network for future growth with high-density GE and 10GE interfaces, 100 GE uplinks and up to 2 Tb/s throughput. Offer competitive services based on high availability and quality of service.

As a member of the industry-leading Nokia Service Router product portfolio, the 7210 SAS runs the Service Router Operating System (SR OS) and is managed by the Nokia Network Services Platform (NSP) for high performance, end-to-end service delivery and management and carrier-SDN integration.

The Nokia 7210 is a handset by Nokia, built on the Series 40 1st Edition software platform and enabled with J2ME (Java). The device features text and picture messaging, WAP browser, Stereo FM radio, Polyphonic ringtones, two preinstalled games and a 1.5", 128x128 pixel, 4,096 color display. It was the first Nokia phone for the mass market with a colour display and with polyphonic ringtones (they were already on the Nokia 3510 and Nokia 7650).[1]

The 7210 featured an all-new front cover design, with a unique keypad layout incorporating a 4-way scroll button. The phone came in a choice of colours, with changeable Xpress-on covers available. Eight colour schemes are available along with the ability to download images to save as wallpaper to add even more personalization.

Standard features for Nokia handsets at the time, the 7210 came with a speakerphone, mute, call conferencing, e-mail support, 300-name phone book, to-do list, calendar, calculator, currency converter, stopwatch, and an alarm clock. Nokia's PC Suite software for the 7210 allowed for wireless syncing of phone book, calendar, and to-do list via IR or an optional USB connectivity kit.

The 7210 came installed with two games; Triple Pop and Bounce. Downloadable ring tones and images were available, until the limit of the phone's 725KB of memory was reached in addition to the 32 tones (plus vibrate) and 10 picture messages already on board. The phone was also J2ME compatible, meaning games and applications could be downloaded via GPRS. The 7210 had a built-in FM radio and also included in the box was an earboom headset. An alternative two-bud-style stereo version was available.

This document uses the term preprovisioning in the context of preparing or preconfiguring entities such as chassis slots, media dependent adapters (MDAs), ports, and interfaces, before initialization. These entities can be installed but not enabled. When the entity is in a no shutdown state (administratively enabled), the entity is considered to be provisioned.

Some Nokia SFPs, XFPs, and the MSA DWDM transponder have Digital Diagnostics Monitoring (DDM) capability where the transceiver module maintains information about its working status in device registers including:

The availability of the DDM real-time information and warning/alarm status is based on the transceiver. It may or may not indicate that DDM is supported. Although some Nokia SFPs support DDM, initial releases of 7210 SAS does not support DDM. Please contact Nokia representatives for information about the software release in which DDM functionality is supported. Non-DDM and DDM-supported SFPs are distinguished by a specific ICS value.

On 7210 SAS devices, a port must be configured as one of the following: access, access uplink, network, or hybrid. The following list describes the significance of the different port modes and the support available on different platforms.

The 7210 SAS supports an option to allow the user to use a different dot1q VLAN Ethernet Type (Etype). It allows for interoperability with third-party switches that use some non-standard (other than 0x8100) dot1q VLAN Etype.

MACsec can be applied to a selected subset of the port traffic, based on the type and value of the packet encapsulation. Configure the system to match and encrypt all encapsulated traffic arriving on a port, including untagged, single-tag, and double-tag. This is the default behavior of MACsec and the only option supported.

MSKs are stored in the RADIUS server and distributed to the hosts via EAP-TLS. This is typically used in access networks where there are a large number of hosts using MACsec and connecting to an access switch. MKA uses MSK to derive the CAK. The CAK encrypts the SAK between 2 peers and authenticates the peers.

A security relationship, established and maintained by the MKA, that comprises a fully connected subset of the service access points in stations attached to a single LAN that are to be supported by MACsec.

Control protocol between MACsec peers, which is used for peer aliveness and encryption key distribution. MKA is responsible for discovering, authenticating, and authorizing the potential participants in a CA.

Each MACsec peer operates the MKA. Each node can operate multiple MKAs based on the number of CAs that it belongs to. Each instance of MKA is protected by a distinct secure CAK, that allows each Port Access Entity (PAE), or port, to ensure that information for a specific MKA instance is accepted only from other peers that also possess that CAK, therefore identifying themselves as members or potential members of the same CA. For a description of how the CAK identification is performed using CKN, see MACsec Static CAK.

In a point-to-point topology, each router needs a single security zone, a single Tx-SC for encryption, and a single Rx-SC for decryption. Each SC has two SAs. In total, for point-to-point topology, four SAs are needed: two Rx-SAs for Rx-SC1 and two Tx-SAs for Tx-SC1.

In a multi-point topology with N nodes, each node needs a single Tx-SC and N Rx-SC, one for each one of the peers. As such, 64 maximum Rx-SAs for each security zone translates to 32 Rx-SCs, which breaks down to only 32 peers; for example, only 33 nodes in the multipoint topology for each security zone. So from the perspective of each node, there is one Tx-SC and 32 Rx-SCs.

A security zone has 64 Rx-SAs and 64 Tx-SAs, as described in SA Limits and Network Design. Two Rx-SAs are used for each Rx-SC for rollover purposes, and two Tx-SAs are used for Tx-SC for rollover purposes. This translates to 32 peers for each security zone.

In most Layer 2 networks, MAC forwarding is done using a destination MAC address. The 802.1AE standard requires that any field after source and destination MAC address and after the SecTAG must be encrypted. This includes the 802.1Q tags. In some VLAN switching networks, it might be desired to leave the 802.1Q tag in clear text.

MACsec is an Ethernet packet and, as with any Ethernet packet, can be forwarded through multiple switches using Layer 2 forwarding. The encryption and decryption of the packets is done using the 802.1x (MKA) capable ports.

The 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C support combo ports. The combo port provides two physical interface options to the user. One option is to configure it as an SFP port allowing for fiber-based connectivity and speeds of 100/1000 Mb/s with the advantages of using suitable optics for longer reach. The other option is to configure it as a fixed copper port, which provides cheaper connectivity for shorter reach. The SFP port support 100/1000 Mb/s speeds and the copper port can support 10/100/1000Mbps speed. The combo port can be configured either as an SFP port or a copper port. Both interfaces cannot be used simultaneously.

The IEEE 802.1ab Link Layer Discovery Protocol (LLDP) standard defines protocol and management elements suitable for advertising information to stations attached to the same IEEE 802 LAN. The protocol facilitates the identification of stations connected by IEEE 802 LANs or MANs, their points of interconnection, and access points for management protocols.

LLDP is an unidirectional protocol that uses the MAC layer to transmit specific information related to the capabilities and status of the local device. Separately from the transmit direction, the LLDP agent can also receive the same kind of information for a remote device which is stored in the related MIBs.

Customers who subscribe to Epipe service consider the Epipe as a wire, and run LLDP between their devices which are located at each end of the Epipe. To facilitate this, the 7210 devices support tunneling of LLDP frames that use the nearest bridge destination MAC address.

Transparent forwarding of LLDP frames can be achieved using the standard defined mechanism when using the either nearest-non-tmpr or the nearest-customer as the destination MAC address in the LLDP frames. It is recommended that the customers use these MAC address where possible to conform to standards. This command allows legacy LLDP implementations that do not support these additional destinations MAC addresses to tunnel LLDP frames that use the nearest-bridge destination MAC address.

The 7210 SAS supports port loopback for Ethernet ports. There are two flavors of port loopback commands - port loopback without mac-swap and port loopback with mac-swap. Both these commands are helpful for testing the service configuration and measuring performance parameters such as throughput, delay, and jitter on service turn-up. Typically, a third-party external test device is used to inject packets at desired rate into the service at a central office location.

Based on the IEEE 802.3ax standard (formerly 802.3ad), Link Aggregation Groups (LAGs) can be configured to increase the bandwidth available between two network devices, depending on the number of links installed. LAG also provides redundancy in the event that one or more links participating in the LAG fail. All physical links in a specific LAG links combine to form one logical interface.

On the 7210 SAS-D and 7210 SAS-Dxp, an ingress QoS policy is applied to the aggregate traffic that is received on all the member ports of the LAG. For example, if an ingress policy is configured with a policer of PIR 100Mbps, for a SAP configured on a LAG with two ports, then the policer limits the traffic received through the two ports to a maximum of 100Mbps.

3a8082e126