Secospace USG9300 (V100R002)
-
Upload
utopia-media -
Category
Documents
-
view
220 -
download
0
Transcript of Secospace USG9300 (V100R002)
-
8/9/2019 Secospace USG9300 (V100R002)
1/6
Secospace USG9300
Secospace USG9300
V100R002
-
8/9/2019 Secospace USG9300 (V100R002)
2/6
Secospace USG9300
Product Features
Advanced anti-DDoS system architecture to
provide a professional anti-DDoS platform
Huawei Symantec anti-DDoS solution eatures the industrys
most advanced system architecture, embodying the detection,
cleaning, and ATIC management centers. The detection
center detects traic and inorms the management center
o any abnormalities. The cleaning center diverts and cleans
abnormal traic and injects the cleaned traic back into the
original link. The ATIC management center globally manages
all components o the anti-DDoS solution, including the
service congurations and report displays o the detection and
cleaning centers. The USG9300 is scalable and the deployment
can be centralized or distributed.
Product Family
USG9310 USG9320
Product Overview
Distributed Denial o Service (DDoS) attacks have been on
the rise since the second hal o 1999 and are currently very
common. They can cause serious damage to an enterprise
nancially, operationally, and waste valuable staf time.
Huawei Symantec anti-DDoS solution is an advanced traic
inspection and control system that oers a solid deense
against DDoS attacks, comprehensive anti-DDoS operation
eatures, lexible device orms, and a wide application range.
The USG9300 is extremely reliable and protects high-end
applications, such as links on Metropolitan Area Networks
(MANs) or backbone networks.
-
8/9/2019 Secospace USG9300 (V100R002)
3/6
Secospace USG9300
Flexible device forms to ensure users'
investment
The detection and cleaning centers o Huawei Symantec anti-
DDoS solution have been developed using the USG9000
Enhanced Service Processing Unit (ESPU), which can be
upgraded to either the cleaning or detection units through
license control. The ESPU is based on multi-core and multi-
thread architecture and can process huge volumes o trac to
detect and clean DDoS attack trac.
The USG9300 series comprises the USG9310 and the USG9320.
The USG9310 has 8 slots and can accommodate 4 anti-DDoS
ESPUs; the USG9320 has 16 slots and can accommodate 8
anti-DDoS ESPUs. The USG9300 uses distributed concurrent
processing to greatly improve the detection and cleaning
capabilities o the integrated device and ensure low pre-phase
investment and smooth expansion in the uture.
Excellent anti-DDoS capability to deliver high
performance in the industry
To deend against Botnet-generated DDoS attacks, Huawei
Symantec anti-DDoS solution processes high volumes o DDoS
trac at the network layer based on application protocols. To
resist traic attacks, a single rame o the USG9300 provides
an 80G DDoS deense capability. Application layer attacks are
blocked through multiple types o protocols such as HTTP,
HTTPS, DNS, and SIP to ensure that services or customers are
not interrupted.
Extensive application scenarios to support
comprehensive anti-DDoS deployment
Huawei Symantec anti-DDoS solution is applicable to multiple
anti-DDoS scenarios. It can protect the egress o backbone
networks, deal with high trac volumes, cope with application
layer congestion, and resist application layer attacks. Huawei
Symantec anti-DDoS solution provides comprehensive policies
and efective centralized management to meet the anti-DDoS
requirements o large enterprises and data centers in multiple,
complex environments.
Management Center Management
Server
Data
Collector
Anti-DDoS
Device
Anti-DDoS
Device
Anti-DDoS
Device
Data
Collector
Data
Collector
Monitoring Trac
Trac Log & Cleaning Log
& Captured Packet
Management Trac
-
8/9/2019 Secospace USG9300 (V100R002)
4/6
Secospace USG9300
Aggregater
Cyber Bar
NetFlow
USG9300
OineCleaning
Full-networkMonitoring
Customer
Super Core
Core
IDC
Enterprise
USG9300o-line Cleaning
Backbone Protection Area
ManagementCenter
Value-added ServiceArea Static Cleaning
Value-added Service AreaDynamic Cleaning
USG9300Full-trac-
divisionCleaning
USG9300O-line
CleaningManagement
Center
Typical Networking Scenario
Anti-DDoS networking
Detection Unit
and Cleaning
Unit are in the
same Chassis
Enterprises
BranchHeadquarterDSL
Diversion/
Re-injection
Splitting/Mirror
Aggregater
Core
Splitting/Mirror Trafc
Diversion Trafc
Re-injection Trafc
Cleaning LogCleaningUnit
Cleaning Log
ManagementCenter
Detection Log
DetectionUnit
-
8/9/2019 Secospace USG9300 (V100R002)
5/6
Secospace USG9300
Product Specifcations
Model USG9310 USG9320
Number o slots 8 (4 DCUs and 4 LPUs can be congured) 16 (8 DCUs and 8 LPUs can be congured)
Detection and cleaning capability 10G4 10G8
Number o protected destination IP
addresses
Rened deense or 10000 destination IP addresses and 2000 VICs
Common deense or 1000000 destination IP addresses
DDoS attacks resisted
Trac attacks
SYN ood
ACK ood
SYN-ACK ood
FIN/RST ood
IP ragment ood
UDP ood
ICMP ood
Smur attacks
Application-layer attacks
Connection ood
DNS query ood
DNS reply ood
HTTP Get/Post ood
CC attacks
SIP ood
HTTPS ood
Scanning attacks
Port scanning
IP sweeping
Tracert control packets
IP source routing option attacks
IP timestamp option attacks
IP routing record option attacks
Malormed packet attacks
IP spoong
Land attacks
Fraggle attacks
WinNuke
Ping o Death
Tear Drop
IP option control
IP ragmented control packets
TCP label validity check
Oversized ICMP control packets
ICMP redirection control packets
ICMP unreachable control packets
ReliabilityHot swapping o modules and components, dual-system hot backup, link aggregation, and
dual MPUs
LPU typeEthernet interace 5GE, 10GE, 24GE, 110GE (optical/electronical interaces)
POS interace 8155M, 4622M, 42.5G, 110G
Maximum number
o interaces
Ethernet interace 96GE, 410GE 192GE, 810GE
POS interace 162.5G, 410G 322.5G, 810G
Dimensions (mm) (WDH) 442669886 4426691600
Weight 100kg 150kg
Power 700W 900W
Mean time between ailures (MTBF) 57 years 57 years
-
8/9/2019 Secospace USG9300 (V100R002)
6/6
Secospace USG9300
The inormation contained in this document is or reerence purpose only, do not constitute the warranty o any kind, experss or implied. It is
subject to change or withdrawal according to specic customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property o Huawei Symantec Technologies Co., Ltd or their
respective holders.
Copyright 2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.
Version No.: M3-110019999-20100120-V-1.0
Secospace USG9300