Huawei CloudEngine S8700 Core Switches | Modular Chassis Switch

The Huawei CloudEngine S8700 Series represents the pinnacle of modular, core-level switching for large enterprises and data centers.

With chassis models like S8700‑04, S8700‑06, and S8700‑10, this series delivers unparalleled bandwidth (up to 16 Tbps), deep virtualization support, MACsec, silicon-based TCP acceleration, and up to 10 hidden factor Ethernet ports—all under one unified platform. It stands out as a premier modular chassis Core Switch engineered for next-gen IT networks.

Model Specifications

Model	Slot Count (MPU/LPU)	Fan Slots	Power Slots	Max Ports (10/25/40/100/400GE)	Capacity / Throughput
S8700‑04	4 MPU + 10 LPU	8	5 (AC/DC)	256×10GE + 16×100GE (expandable to 400GE)	8 Tbps / 5.6 Bpps
S8700‑06	6 MPU + 14 LPU	10	6	384×10GE + 24×100GE (supports 400GE)	12 Tbps / 8.4 Bpps
S8700‑10	10 MPU + 18 LPU	14	8	640×10GE + 48×100GE (scalable)	16 Tbps / 12.6 Bpps

Power modules support N+1 redundancy with both AC (800 W – 2200 W) and DC options.
Hot-swap MPUs, LPUs, fans, and power units ensure nonstop operations.

Pinnacle Features & Innovations

🔁 Massive Modular Flexibility

With up to 18 slot line card capacity, the S8700 series can mix 10/25GbE access with 100/400GbE fabric uplinks—making it future-ready for next-gen data center fabrics.

🚀 Silicon-Based Acceleration

The S8700 offloads mobile TCP termination and encapsulation tasks to hardware engines, enabling sub-nanosecond latency for data center east-west traffic.

🧠 Comprehensive Virtualization & Fabric Support

Inbuilt VXLAN Gateway, overlay switching with BGP-EVPN.
Full CSS 2.0 chassis clustering, enabling any-to-any core spine fabrics.
EtherLine/Optical trunking, MPLS EVPN, SRVPN, and L3 multilayer aggregation supported.

🔐 High-Grade Security

Layer 2–4 ACL, MACsec hardware encryption per port, trusted boot, ARP/NDP protection, and TCAM-based rate-limits for DDoS mitigation.

🌡 Advanced O&M & Visibility

Supports iMaster NCE FabricInsight, SmartLink monitoring, IFIT, NetStream, live traffic debugging, packet capture, and I-OAI for mobile service optimization.

♻ Green and Efficient

Features include low-power ASICs, 802.3az compliance, dynamic PoE (through PoE line cards), automatic fan-control, and environmental monitoring.

Deployment Scenarios

A. Tier-0 Spine in Core Fabric

The S8700-10 acts as the central spine in hyperscale architectures, linking data halls with 400GE uplinks and chassis clustering for petabit-level fabrics.

B. National Campus Core

S8700-06 serves as a country-wide campus backbone, connecting multiple S8700-04 modules—supporting mobile acceleration, VXLAN segmentation, and secure campus access.

C. Converged Mobile & Enterprise Edge

Supports hardware-based mobile offload for 5G UPF use cases, integrated MEC compute modules, seamless VPNs, and internal dataflow acceleration.

D. Highly Secure Government Infrastructure

With MACsec, trusted boot, and ACL-rich policies, S8700 series shields traffic to meet strict defense and regulatory standards.

E. Virtualized Core for Multi-Vendor DC

Acts as unified core switching platform for mix-and-match vendor leaf switches, supporting auto-vendor discovery, SSH/key-based access, and CSS backbone.

Deployment & Management Experience

Rapid ZTP Launch using iMaster NCE Fabric mode for partitioned provisioning across chassis.
Live Hardware Health Ops: SmartLink shows link jitter and buffer drain, enabling zero-recall packet-capture.
Non-Stop Module Replacement: Online hotspots add/remove line cards without affecting bit-level forwarding.
Synchronized Fabric Overview: CSS 2.0 clusters display aggregated tables, streamlining multi-chassis management.
Power & Environment Alerts: Real-time metrics help control PoE load, fan RPMs, and chassis thermal health.

Detailed CLI Configuration

A. Creating VXLAN Overlay with BGP‑EVPN

Applicable on S8700 models equipped with ENP line cards. This sets up a VXLAN fabric with an L2VPN instance, BGP-EVPN peerings, and encapsulates VLAN 100 across 40GE trunks.

<HUAWEI> system-view

[HUAWEI] ip vpn-instance VNI100

[HUAWEI-vpn-instance-VNI100] route-distinguisher 100:1

[HUAWEI-vpn-instance-VNI100] vpn-target 100:1 export-extcommunity

[HUAWEI-vpn-instance-VNI100] vpn-target 100:1 import-extcommunity

[HUAWEI-vpn-instance-VNI100] quit

[HUAWEI] vlan batch 100

[HUAWEI] interface Vlanif100

[HUAWEI-Vlanif100] ip address 172.16.100.1 255.255.255.0

[HUAWEI-Vlanif100] vpn-instance VNI100

[HUAWEI-Vlanif100] quit

[HUAWEI] vxlan enable

[HUAWEI] bgp 65000

[HUAWEI-bgp] ipv4-family l2vpn evpn

[HUAWEI-bgp-af-l2vpn-evpn] peer 10.0.1.2 as-number 65001

[HUAWEI-bgp-af-l2vpn-evpn] quit

[HUAWEI-bgp] quit

[HUAWEI] interface FortyGigabitEthernet1/0/1

[HUAWEI-...] port link-type trunk

[HUAWEI-...] port trunk allow-pass vlan 100

[HUAWEI-...] encapsulation dot1q 100

[HUAWEI-...] vxlan encapsulation VNI100

[HUAWEI] display vxlan

B. Enabling MACsec Encryption on 100GE Uplinks

Specific to S Supreme core models (S7706/S7712). This configures MACsec encryption for a 100GE port, setting up secure channels and key management.

<HUAWEI> system-view

[HUAWEI] interface FortyGigabitEthernet1/0/10

[HUAWEI-...] port link-type trunk

[HUAWEI-...] authentication mode macsec

[HUAWEI-...] macsec secure-channel static-peer 00e09b123456

[HUAWEI-...] macsec key 0 cipher aes-128 key-chain myKeyChain auto-key-change

[HUAWEI-...] macsec enable

[HUAWEI-...] quit

[HUAWEI] macsec key-chain myKeyChain

[HUAWEI-macsec-key-chain-myKeyChain] macsec default-key 0

[HUAWEI-macsec-key-chain-myKeyChain] quit

[HUAWEI] display macsec interface FortyGigabitEthernet1/0/10

C. Configuring CSS Cluster Across Chassis

Enables chassis clustering for S8700 high-availability fabrics. This creates a symmetric CSS cluster with active-active traffic handling across two chassis.

<HUAWEI> system-view

[HUAWEI] css enable

[HUAWEI] css cluster 100

[HUAWEI-css] peer ip-address 192.168.200.2

[HUAWEI-css] peer virtual-mac auto

[HUAWEI-css] peer link-interface FortyGigabitEthernet1/0/2

[HUAWEI-css] active-active enable

[HUAWEI-css] quit

[HUAWEI] save

D. Enabling TCP Acceleration on Line Card

Offloads TCP packet processing to hardware for ultra-low latency. This improves performance for east–west data flows by offloading TCP to silicon modules.

<HUAWEI> system-view

[HUAWEI] interface Ten-GigabitEthernet1/0/5

[HUAWEI-...] tcp-tbdp acceleration enable

[HUAWEI-...] tcp-mss 1446

[HUAWEI-...] quit

[HUAWEI] tcp-tbdp enable global

E. Configuring PoE Ports (PoE-Enabled Chassis)

For deployments with PoE line cards in S‑PoE chassis. Ensures PoE is active and properly reserved for connected devices (e.g., IP phones, cameras).

<HUAWEI> system-view

[HUAWEI] interface GigabitEthernet1/0/1

[HUAWEI-...] poe enable

[HUAWEI-...] poe consumption static 30

[HUAWEI-...] poe twin‑critical-range 14

[HUAWEI-...] display poe interface GigabitEthernet1/0/1

F. Setting Up OAM for Service Monitoring

Implements IEEE802.1ag Y.1731 for performance testing and SLA awareness. This monitors Ethernet connectivity and reports delay/jitter for carrier-grade applications.

<HUAWEI> system-view

[HUAWEI] ethical-monitoring enable

[HUAWEI] eth-oam domain 1 enable

[HUAWEI] eth-oam domain 1 level 3

[HUAWEI] interface FortyGigabitEthernet1/0/1

[HUAWEI-...] eth-oam enable

[HUAWEI-...] eth-oam proactive-mef 1 dmm retransmit-interval 300

[HUAWEI-...] quit

[HUAWEI] display eth-oam domain 1

Conclusion

The Huawei CloudEngine S8700 Series sets a new standard for modular core switching—featuring up to 16Tbps throughput, full MACsec encryption, integrated VXLAN gateway, mobile packet acceleration, and chassis-level clustering.

It’s the ideal modular chassis switch for ultra-large data centers, 5G service edges, and modern campus cores demanding ultimate performance, flexibility, and security.

FAQs

What’s the S8700 slot expansion?
Up to 18 line card slots, mixing 10GE to 400GE cards.
Does it support 400GE?
Yes—you can install 400GE line cards on all S8700 models.
Is MACsec available?
Yes—hardware encryption is supported on all ports.
Is mobile offload supported?
Yes—TCP acceleration and GTP recognition enable mobile data-plane optimization.
Can it cluster?
CSS 2.0 supports up to 8 chassis per fabric cluster.
Does it accelerate chat?
SmartLink auto-captures live-microbursts, enabling sub-ms tracing.
Is it energy-aware?
Yes; SmartPoE control, energy-efficient ASICs, and zoning for airflow control.
Can I run multi-tenancy?
VXLAN/BGP-EVPN, per-tenant ACL, and certificate-based DHCP all enabled.