maipu maipu

Switch > NSS Switch > NSS8900-08 Core Switch

NSS8900-08 Core Switch

NSS8900 all-by-China intelligent campus core switch is a new-generation multi-service high-performance Ethernet switching product developed by Maipu for the industry with high security requirement (such as government) based on all-by-China CPU and all-by-China switching chips. It provides the fully secure, controllable, stable and reliable high-performance L2/L3 switching service from the chip, the hardware to the software mainly for the campus network core, data center aggregation, and other scenarios.

NSS8900 supports high density of 10G/40G interfaces, the port density fully meets the high-density access and high-performance forwarding requirements in the construction of the campus network and data center.

NSS8900 supports a variety of security technologies and policies to provide an excellent platform for the user to build the high-performance, high-security and high-intelligence IP networks. Cooperating with Maipu NSS6600, NSS4330 and NSS3330 series all-by-China switches, it can provide whole-network solutions for medium and large size of networks.

Product Features

    Adopt the domestic CPU and domestic switching chip, secure, and self-controllable

    Maipu adopts the new-generation all-by-China CPU chip and all-by-China high-integrated high-performance switching chip to develop the new-generation high-performance, high-reliability, manageable and controllable Ethernet switch, meeting the needs of the customers with high security requirement (such as government) to deploy a controllable network. It provides users with a multi-service, safe and controllable integrated solution to meet the security requirements of the user network from the chip to the hardware.


    Advanced crossbar architecture design, high performance and high stability

    NSS8900 is an industry-leading independent security core switch product designed for campus network. Using advanced orthogonal switching architecture, the control unit and switching unit are independent of each other to realize the physical separation of control plane and forwarding plane. Control board 1+1 redundancy, switch board N+1 redundancy, fan frame 1+1 redundancy, power module N+M redundancy, to ensure the high reliability of the system; adopt the independent switching unit to ensure the continuous upgrading of the bandwidth of subsequent products. Support high-density 1G, 10G, 40G interface cards.

    Adopt self-control network operation system and protocol stack software, stable, safe and reliable

    Maipu self-control network operation system is mature and stable. It has inherited the finance and operator software technology accumulation of Maipu for more than 20 years, and nearly one million devices have been tested in the network operation. Maipu’s self-control switch operating system and protocol stack software have independent intellectual property rights, and has passed the vulnerability scanning test of the information security product detection center of the Ministry of public security. The operating system is safe and reliable.

    Support the encryption of the control plane and the management plane, effectively ensuring the network security

    SSH login supports the encryption algorithm. The switch configuration file supports encryption, preventing the equipment from being cracked and accessed and management data from being stolen and leaked, so as to realize the security and reliability of the switch management plane. The device supports the common control protocols, such as MSTP, RIP, and OSPF. It supports encrypting the protocol packets, ensuring that the network topology protocol is not leaked. It supports the authentication for the trustable equipment. Adopt the 802.1X authentication for the switch devices connected to the network to judge the validity of the connected devices and prevent the invalid devices from accessing the network, ensuring the security and reliability of the control plane of the switch.

Product Specifications

Product model


Hardware specifications

Slots of control engine


Slots of Switching Fabric


Slots of service Card


Power slots


Fan slots


Hardware   Architecture


Management interface

One Console interface, one CMM debugging interface, one RJ45 Ethernet interface

Redundant design

Control board, power, fan

Dimension (W×D×H)

442×450×265 mm

Power consumption



Input voltage (AC): 100-240V, 50/60Hz


Work temperature: 0℃ to  50℃

Storage temperature: -40℃ to 70℃


Work humidity: 10%  to  90%, no-condensing

Storage humidity: 5% to 95%, no-condensing

Air duct type

Front   and back ventilation

Software feature

Link-layer protocol and technology

Link-layer feature

Support port aggregation, port isolation

MAC address management

Support the static MAC configuration


Support the VLAN based on port, MAC, IP address, protocol port number


Support basic QinQ and selective QinQ

Spanning tree protocol


Link aggregation

Support IEEE 802.3ad (link aggregation)

Port mirror

Support port mirror

Network protocol

IPv4 protocol

TCP, UDP, Ping, TraceRoute, Telnet, FTP, TFTP, ICMPv4, DNS, UDP Helper, DHCP, DHCP server, DHCP Delay, DHCP Snooping, NTP, support ARP, ARP Proxy

Routing   protocol

RIPv1/v2, OSPFv2, BGP, IPv4 static route

Multicast function

L2 multicast protocol

IGMPv1/v2/v3 Snooping, multicast VLAN

L3 multicast




Support two kinds of cross-domain MPLS VPN modes (Option A/Option B)



Flow   control


Support Mark/ReMark, CAR (Ingress/Egress), traffic shaping (Egress), congestion management, queue management

Flow   suppression

Port-based broadcast traffic suppression; port-based unknown multicast traffic   suppression; port-based unknown unicast traffic suppression; traffic suppression based on the absolute bandwidth of the port, suppress by PPS and BPS

Traffic statistics

Support egress queue statistics; support ACL Statistics (EACL/IACL).

 Security   function 

Security protection

Control plane protection, protocol encryption, configuration file encryption


Ingress/Egress ACL, basic ACL, extended ACL, VLAN ACL, global ACL

Device   security

Prevent packet attack, prevent protocol packet attack, support attack detection   function, protocol packet protection, message sending and receiving diagnosis

Network   security

Packet validity check, URPF check, packet filtering function, ARP anti-attack,   protocol classification flow restriction

User security

Device management security, network user binding, AAA, SSH2.0



Support H-VST (stacking), M-VST


SDN feature

Support OpenFlow1.3 protocol

Device management

Device management mode

Console port login, support Telnet to the local device, support SSH V1/V2, manage   devices via CLI

Network maintenance

Ping, TraceRoute, LSP Ping/Tracert function, port loop monitoring

Network management


Maintenance mode

Support local Console configuration

Support Telnet, SSH remote maintenance

Support CLI

Support FTP loading upgrade




BFD for VRRP/BGP/RIP/OSPF/static route

Order Information

Order information


NSS6600 self-control distribution switch



V2 Version: NSS8900-08 chassis, provide two control card slots, four switching fabric slots, eight service card slots, four power slots, two fan slots

Control Engine


Control card, one is mandatory, and you can configure two. Provide one Console port,   one Micro USB console port, one USB port, one DC0 management Ethernet interface

Switching Fabric


Switching Fabric, one is mandatory, and you can configure four.

Service Module


12-port 40G QSFP optical interface


48-port 10G SFP+ optical interface


24-port 10G SFP+ optical interface


24-port 1000M Base-T electrical interface, 12-port 1000M SFP optical interface, 12-port 10G SFP+ optical interface


48-port 1000M SFP optical interface


48-port 1000M Base-T electrical interface


24-port 1000M SFP optical interface and 24-port 1000M Base-T electrical interface

Power Module


800W AC power module, support hot-swap


1600W AC power module, support hot-swap

Fan Module


Fan module, fan module of the 3-slot mainframe box, two are mandatory