Академический Документы
Профессиональный Документы
Культура Документы
V100R002
Secospace USG9300
Secospace USG9300
Product Overview
Distributed Denial of Service (DDoS) attacks have been on against DDoS attacks, comprehensive anti-DDoS operation
the rise since the second half of 1999 and are currently very features, flexible device forms, and a wide application range.
common. They can cause serious damage to an enterprise The USG9300 is extremely reliable and protects high-end
financially, operationally, and waste valuable staff time. applications, such as links on Metropolitan Area Networks
Huawei Symantec anti-DDoS solution is an advanced traffic (MANs) or backbone networks.
inspection and control system that offers a solid defense
Product Family
USG9310 USG9320
Product Features
Advanced anti-DDoS system architecture to abnormal traffic and injects the cleaned traffic back into the
provide a professional anti-DDoS platform original link. The ATIC management center globally manages
Huawei Symantec anti-DDoS solution features the industry’s all components of the anti-DDoS solution, including the
most advanced system architecture, embodying the detection, service configurations and report displays of the detection and
cleaning, and ATIC management centers. The detection cleaning centers. The USG9300 is scalable and the deployment
center detects traffic and informs the management center can be centralized or distributed.
Monitoring Traffic
Traffic Log & Cleaning Log
& Captured Packet
Management Traffic
Flexible device forms to ensure users' To defend against Botnet-generated DDoS attacks, Huawei
The detection and cleaning centers of Huawei Symantec anti- traffic at the network layer based on application protocols. To
DDoS solution have been developed using the USG9000 resist traffic attacks, a single frame of the USG9300 provides
Enhanced Service Processing Unit (ESPU), which can be an 80G DDoS defense capability. Application layer attacks are
upgraded to either the cleaning or detection units through blocked through multiple types of protocols such as HTTP,
license control. The ESPU is based on multi-core and multi- HTTPS, DNS, and SIP to ensure that services for customers are
thread architecture and can process huge volumes of traffic to not interrupted.
Excellent anti-DDoS capability to deliver high requirements of large enterprises and data centers in multiple,
Full-network Management
Monitoring Center
Core
Value-added Service Value-added Service Area
Area Static Cleaning Dynamic Cleaning
USG9300 USG9300
Aggregater Full-traffic- Off-line Management
division Cleaning Center
Cleaning
USG9300
Offline
Cleaning
Customer
Cyber Bar
IDC
Enterprise
Core
Detection Log
Aggregater
Splitting/Mirror
Detection
Management
Cleaning Log Center
Unit Cleaning
Diversion/ Cleaning Log
Unit
Re-injection
Detection Unit
and Cleaning
Unit are in the
same Chassis
DSL Headquarter Branch Splitting/Mirror Traffic
Diversion Traffic
Enterprises Re-injection Traffic
Anti-DDoS networking
Secospace USG9300
Product Specifications
Model USG9310 USG9320
Number of slots 8 (4 DCUs and 4 LPUs can be configured) 16 (8 DCUs and 8 LPUs can be configured)
Number of protected destination IP Refined defense for 10000 destination IP addresses and 2000 VICs
addresses Common defense for 1000000 destination IP addresses
Scanning attacks
•• Port scanning
Traffic attacks
•• IP sweeping
•• SYN flood
•• Tracert control packets
•• ACK flood
•• IP source routing option attacks
•• SYN-ACK flood
•• IP timestamp option attacks
•• FIN/RST flood
•• IP routing record option attacks
•• IP fragment flood
•• UDP flood
Malformed packet attacks
•• ICMP flood
•• IP spoofing
•• Smurf attacks
DDoS attacks resisted •• Land attacks
•• Fraggle attacks
Application-layer attacks
•• WinNuke
•• Connection flood
•• Ping of Death
•• DNS query flood
•• Tear Drop
•• DNS reply flood
•• IP option control
•• HTTP Get/Post flood
•• IP fragmented control packets
•• CC attacks
•• TCP label validity check
•• SIP flood
•• Oversized ICMP control packets
•• HTTPS flood
•• ICMP redirection control packets
•• ICMP unreachable control packets
Hot swapping of modules and components, dual-system hot backup, link aggregation, and
Reliability
dual MPUs
Secospace USG9300
The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.
Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.