Академический Документы
Профессиональный Документы
Культура Документы
Introduction
Foreword
page 2
Objectives
Master the hardware structure of E8000E
Know about the Characteristics of E8000E
Know about the typical application of E8000E
Contents
Characteristics of E8000E
page 4
New requirements
New devices
Larger interface
capacities
Lower deployment
costs
page 5
E100E/200/200S
100-500M performance
P2P traffic control
Supporting of E1 and
T1 interfaces
Rich routing features
High-end 10Gigabit
security gateways
Gigabit security
gateways
E300/500/1000
E1000E-U2/3/5/6
2 G-4 G
performance
2 G-8 G
performance
NP architecture High-density
interfaces
High VPN
performance
Multi-core
processor
Best DDoS
protection
Best DDoS
protection
page 6
E8040/8080
E8080E/8160E
10 G-20 G
performance
10 G-80 G
performance
Distributed
architecture
NP and distributed
architectures
Best DDoS
protection
Distributed
architecture
NP and multi-core
processor
Advanced Architecture
NP high performance interface boards:
-forwarding of consistent and stable line speed
MultiMulti-core
Distributed hardware architecture:
-Solve the performance bottleneck
Enhance the whole performance greatly
page 7
Type
POS
Ethernet
155 M
622 M
2.5 G
10 G
10 G
GE
24
E8080E
32
16
16
96
E8160E
64
32
32
192
Board
density
page 8
Eudemon8080E
Eudemon8160E
10Gbps*4
10Gbps*8
4 million*8
250,000*4
250,000*8
8 Gbps*4/40,000*4
8 Gbps*8/40,000*8
1024
1024
Extended slot
Software feature
8 extended slots
16 extended slots
Interface type
page 9
Contents
Characteristics of E8000E
page 10
E8000E Appearance
MPU/SRU
E8160E
ESPU
MPU1+1 backup
SFU3+1 backup
LPU8
ESPU8
E8080E
SFU
SRU1+1 backup
SFU3+1 backup
LPU4
ESPU4
LPU
page 11
page 12
17
18
10
11
12
13
19
20
21
22
14
15
16
page 13
page 14
11
10
10
S
F
L
S
F
U
12
page 15
M
PU
MPU
M anagement bus
(1+1
(1+1backup)
backup)
Power
PowerSupply
Supply
Redundancy
RedundancyBackup
Backup
LPU
(NP inside)
Heat
HeatDissipation
DissipationSystem
System
Redundancy
Backup
Redundancy Backup
SFU
SFU
SFU
SFU
LPU
(NP inside)
(1+3)
(1+3)
3+1
3+1backup
backup
ESPU
page 16
ESPU
(multi-core cpu inside)
Routing calculation
Monitoring and
NM
clock
management
page 17
Description
Remark
CPU
1GHz
Boot ROM
1MB
SDRAM
2GB
NVRAM
512KB
Flash Memory
32MB
512MB
CF Card
page 18
line-rate switching
3+1 redundant
backup; working in
the loading balance
mode
page 19
Physical-Layer adapter
Link-Layer protocol
disposal
Traffic Management
Forwarding according to
PIC
NP
Connector
Connector
Function
FIB
PIC
Card
page 20
LPU
Module
FAD
Module
LPU Types
The types of LPUs supported by the Eudemon 8080E/8160E are as
follows:
24-port 10Base-T/100Base-TX/1000Base-T-RJ45 electrical interface LPU
5-port or 10-port 1000Base-X-SFP optical interface LPU
24-port 100Base-FX/1000Base-X-SFP optical interface LPU
1-port 10 GBase LAN-XFP optical interface LPU
1-port 10 GBase WAN-XFP optical interface LPU
4-port or 8-port OC-3c/STM-1 POS-SFP optical interface LPU
4-port OC-12c/STM-4c POS-SFP optical interface LPU
1-port or 2-port or 4 port OC-48c/STM-16c POS-SFP optical interface LPU
1-port OC-192c/STM-64c POS-XFP optical interface LPU
page 21
Defending attacks
Blacklist function
NAT
page 22
Contents
Characteristics of E8000E
page 23
Description
Supporting basic ACL and advanced ACL.
Supporting time range ACL.
Supporting preference of configuration time for sequencing ACL
Packet
rules.
filtering
page 24
Security defense-NAT
Packet 1
source192.168.1.3
PC
destination202.120.10.2
192.168.1.3
source202.169.10.1
destination202.120.10.2
.
Eudemon
Trust
Untrust
Eth0/0/0
Eth0/0/0
202.169.10.1
192.168.1.1
Packet 2
Server
192.168.1.2
source202.120.10.2
destination192.168.1.3
Attribute
Server
202.120.10.2
Packet 1
Internet
Packet 2
source202.120.10.2
destination202.169.10.1
PC
202.130.10.3
Description
page 25
Network B
Network A
Eudemon
8000E
Network Aabnormal traffic
Network Babnormal traffic
Defective packet attack
Network C
Ordinary traffic
page 26
Network interconnection
Attribute
Description
Supporting Ethernet
Supporting VLAN
Link layer
Supporting PPP
protocol
Supporting HDLC
Supporting Trunk
Supporting IP-link
Network
interconnection
IP
Service
Supporting static routing
Routing
Protocol
page 27
Virtual Firewall
vfw2
DMZ
Eth4/0/4
Eth4/0/6
192.168.2.1/24 2.1.2.1/24
vfw1
Trust
Eth4/0/1
10.1.1.1/24
Eth4/0/2
10.1.1.1/24
vfw2
Trust
vfw2
Untrust
Eth4/0/5
2.1.1.1/24
Eth4/0/3
192.168.1.1/24
vfw1
Untrust
vfw1
DMZ
By the firewall multi-instance solution of Huawei, the network operator can divide
one Eudemon firewall into multiple VPN instances, so as to provide independent
security services for multiple small private networks.
Huawei Symantec Technologies Co., Ltd.
page 28
VPN Features
L2TP
Tunnel
HOME/OFFICE
Hundred thousands of
concurrent access
Radius Server
Branch
IPSEC Tunnel
Internal Server
Eudemon 8000E
HQ
page 29
High Reliability
Master
Backup group 1
EudemonA
Trust
Untrust
N+1 Backup
DMZ
Backup group3
Backup group 2
EudemonB
Backup
VPPR+VGMP+HRP
Huawei Symantec Technologies Co., Ltd.
page 30
Contents
Characteristics of E8000E
page 31
CHINANET
CNC backbone
networks
10 G links
Large IDCs
Traffic cleaning/VPN/NAT/virtual FW
Data storage area
Service area
Management and
maintenance area
page 32
Other areas
Eudemon8000E
10 Gigabit link
Gigabit link
100 M link
Provincial institutes
Dedicated network
Eudeom1000
Eudmeon200
Dedicated network
Municipal institutes
on-trip employees
page 33
CERNET
10 G links
Eudemon8000E
NMS center
Data center
page 34
Eudemon8000E
Attackers
worms
CMNET
Mobile access
INTERNET
GGSN
WAP gateways
With the rapid increase of mobile users, traffic of WAP services is also increasing
dramatically. The WAP gateway urgently requires security gateways of large capacities and
high performance for security separation and attack defense. The Eudemon8000E provides:
10 G-80 G scalability to meet users growing performance requirements.
Tens of millions of concurrent connections to ensure concurrent access of a large number of
mobile users.
Powerful DDoS defense capabilities to ensure stability of WAP gateway services.
Huawei Symantec Technologies Co., Ltd.
page 35
Capital cities
Small cities
With the reorganization of services, large carriers are facing service integration and network capacity expansion,
which requires security gateway products of higher performance stability. The Eudemon8000E provides:
A maximum of 80 G salability and the best DDoS defense function to fully meet carriers requirements on high
performance.
Multiple 10 Gigabit interfaces and unique POS interfaces to facilitating access of high-speed networks, including SDH.
A virtual system to effectively ensure security separation of different services in each network.
page 36
AAA
ADSL Dialing+NAT
Base station
HLR
IPSecTunnel
BRAS
AHR
Internet
AG
Private network
Public network
Intranet
IPClock
Intranet
page 37
Summary
page 38