90系列并接采集设备技术白皮书-V1 3_EN

Technical White Paper for Series 90 Parallel-connection Acquisition EquipmentCommunication Data Reconnaissance Station System System Design Manual Technical White Paper for Series 90 Parallel-connection Acquisition Equipment CEIECContents1Overview11.1Product positioning11.2Product advantages11.3Production form22System architecture32.1System hardware architecture32.2System software architecture53System specifications83.1Product hardware specification83.2Product software specification103.3Traffic distributing convergence board123.3.1100G rate123.3.210G rate133.3.31G rate153.4Circuit processing board163.4.1100G rate163.4.240G rate173.4.310G rateG rate233.4.51G rate243.5Service processing board253.5.110G rate253.5.21G rate264Functional characteristics284.1L2-L7 classification rules284.2Complex flow classification functions295Typical application315.1Fixed network deployment scheme315.2GPRS 2/3G solution325.3LTE 4G solution331 Overview 1.1 Product positioning With the explosive growth in the network traffic, requirements for network security and manageability, and for network traffic analysis and data acquisition are higher. Relying on the rich experience in R&D and production of telecommunications-class communication products, our company has developed Series 90 convergence and traffic distributing acquisition equipment, traffic distributing equipment for short, in order to satisfy the data acquisition demand of the network traffic analysis. Series 90 traffic distributing equipment is a kind of equipment that is applied to the operator network access layer, the convergence layer, the core layer, IDC and ISP service providers, large enterprises, governments and schools that have requirements for network security. It is deployed in a network in the manner of bypass, and supports traffic convergence, protocol conversion, traffic identification, rule matching, data processing, load balancing, homologous homoclinic, output image and integrated deployment. In addition to the telecommunications-class reliability, it is also capable of high-density single board, large-capacity switching and rapid customization, so it is able to provide convenient and efficient data acquisition and convergence and traffice distributing solutions for network security applications of the fixed network and the mobile Internet. 1.2 Product advantages Series 90 traffice distributing equipment owns the product advantages as below: u Large capacity and high density The whole equipment supports 20 service slots at most The whole equipment supports 10.24T switching ability at most The whole equipment supports 4.0T processing ability at most The whole equipment supports 63.0T backboard capacity at most The slot bandwidth is up to 600G The whole equipment supports 80 100GE, 120 40GE, 960 10GE/GE, 40 40GPOS, 320 10 GPOS and 160 2.5GPOS ports at most u High performance and high reliability Message parsing and rule matching based on the special chip Full-port wire-speed forwarding ability The power supply and the fan support N+1 redundancy The master control switching board supports 1+1 redundancy Support anti-TCP Syn Flood attack Port and analysis server alive-keeping mechanism Abnormality processing, fault-tolerance mechanism and telecommunications-class software and hardware architecture allow the long-term stable running under the high load status u Modularity and high extension The advanced software and hardware frames in the industry with flexible and extensible functions Various board cards with abundant interfaces, so the equipment could be configured as required Interfaces support POS/LAN/WAN switching u Environmental protection and energy saving Front and rear air supply design and well-adapted rack The advanced heat dissipation structure in the industry to improve the dissipation efficiency of the whole equipment Intelligent fan speed regulating, to effectively lower down the rotating speed, power consumption and noise pollution and prolong the service life of the fan 1.3 Production form Series 90 traffice distributing equipment is composed of four models, namely, 9002, 9005, 9012 and 9020, detailed as below: 2 service slots of 4U5 service slots of 10U12 service slots of 17U900290059012902020 service slots of 37UFigure 1-1 Product form 2 System architecture 2.1 System hardware architecture Series 90 traffice distributing equipment is of the rack-type design. The system, relying on the large-capacity and high-speed serial bus backboard, connect the master control switching board with various service processing boards. The master control is integrated with the switching matrix and supports 1:1 redundancy design. Each board card provides the line-speed message processing ability via the network processor, multi-core processor and the ASIC switching chip and provides abundant interfaces such as 100GE, 40GPOS/40GE, 10GPOS, 2.5GPOS, 10GE and GE according to the service requirements. Circuit processing boardNPASICCPUPOS EthernetService processing boardMCPASICCPUInterface boardASICCPUSwitching backboardMaster control switching boardSwitching networkMaster control CPUNetwork management moduleCommunication moduleMonitoring moduleData planeControl planePower supply moduleNetwork management systemFigure 2-1 System hardware architecture Large-capacity high-speed backboard The system connects with the master control switching board and various service processing boards relying on the large-capacity high-speed backboard, to guarantee the enough switching capacity required for system running and reserve the sufficient bandwidth capacity required for future upgrading. Master control switching board Master control switching boards are important comprehensive independent boards of 1:1 redundancy and two master control switching boards maintain active connection in the running process. Each master control switching board is composed of: A large-capacity switching matrix, to ensure the switching capacity required for the line-speed running of the system A CPU characterized by high performance and large internal storage capacity, to guarantee the storage space required for the high-speed protocol processing and the giant table capacity An inter-board communication switching module A system monitoring A timer module LPB line processing board The line processing board is applied to flow classification service of L2-L4 as well as multi-user application. The data plane of the line processing board is completed via the network processor NP + ASCI chip and the control plane is completed via the high-performance CPU. SPB service processing board The service processing board is used for L4-L7 flow classification service as well as the traffic distributing service of the mobile Internet The control plane of the service processing board is completed relying on the high-performance CPU. IOB traffic distributing convergence board The traffic distributing convergence board is also called as the interface board, used for traffic input, convergence and output. The typical application is: Perform traffic convergence for multiple links whose actual bandwidth is relatively small and then forward it to LPB or SPB for processing to reduce the scheme cost Expand the number of output ports 2.2 System software architecture The control software architecture of Series 90 traffic distrubting equipment mainly includes the issuance of various user rules of L2-L7, data synchronization between the master control and the service processing board, OAM and user management MUXSSPHardware platformOAMOS kernelBSPMIBROSFigure 2-2 System software architecture From the perspective of the software layer, the front-end software could be divided into five major parts, as shown in the following table. In addition, in terms of management, there is the back-end network management subsystem, to achieve network management, data configuration, warning display and other functions. Table 2-1 Software subsystem Running supporting subsystem Including software modules such as BSP, ROS, SSP and OS kernel. Supporting subsystem (MUX) Including the MUX module and the statistics monitoring module. The MUX module is responsible for encapsulating the function of SSP on the bottom layer and providing it for the upper layer for calling. The statistics monitoring module is responsible for monitoring of the statistical data forwarding information and the driver software table. L2-L7 classification subsystem The software module of the equipment service function control plane includes issuance, synchronization and aging of classification policy and load balancing forwarding policy setup. Multi-user management subsystem The multi-user service function software module of the equipment is based on the L2-L7 classification policy of the multi-user management system and the resource configuration. Network management and operation maintenance subsystem (OAM) l Achieve the Agent function of SNMP network management, support the command line management function and provide the operation maintenance interface. l There are data synchronization interfaces on the service processing board, to be responsible for achieving the data synchronization function of service and port configuration. 393 System specifications 3.1 Product hardware specification The main hardware specifications of Series 90 traffic distrubting equipment are as shown in the following table. Table 3-1 Product hardware specifications Product model 9002 9005 9012 9020 Basic performance Switching capacity of the whole equipment 1.2T bps2.56T bps5.12T bps10.24T bps Backboard capacity of the whole equipment 6.3T bps15.75T bps37.8T bps63.0T bps Slot bandwidth 600G bps Service interface Interface type 100GE/40GE/10GE/GE/40GPOS/10GPOS/2.5GPOS The maximum number of 100GE ports 8204880The maximum number of 40GE ports 123072120The maximum number of 10GE/GE ports 96240576960The maximum number of 40GPOS ports 4102440The maximum number of 10GPOS ports 3280192320The maximum number of 2.5GPOS ports 164096160Number of slots Total number of slots 4 7 14 24 Number of service slot 2 5 12 20 Reliability MTBF400,000h MTTR30min Hot plug Master control switching board, switching board and service board Redundant backup Master control switching board, switching board, power supply module and fan Power supply consumption Maximum power consumption 850W 1750W 4200W 7200W Power supply condition AC：100V240V，5060Hz DC：-57V-40V HVDC：192V400V Physical parameters Height 4U10U17U37U Dimension (mm)(width * height * depth) 4421754504424404504427554504421775512 Weight 27kg52kg89kg150kg Working environment Working temperature 0+40Storage temperature -40+70Relative humidity 10%-90% (no condensation) Anti-seismic Resist M7 earthquake 3.2 Product software specification The main software specifications of Series 90 traffic distrubting equipment are as shown in the following table. Table 3-2 Product software specifications Product model 9002 9005 9012 9020 Basic performance Service ability of the whole equipment 400G1T2.4T4.0TPacket forwarding rate of the whole equipment 1.42G3.57G8.57G 14.28GAverage forwarding delay 30 microseconds Line-speed processing ability Random rules hit 256-byte line speed and full rules hit 512-byte line speed Rule loading ability The rule loading speed is 100,000/s, and the time to take effect is less than 1 ms Rule matching Matching rules Support L2 rules, IP header, quintuple, mask, feature code, TCP Flag, load length, compound rules, auto-learning rules, ID rules, user extension rules and other rule types Support 1,024 L2 rules, 1,280 IP header rules, 15 million quintuple rules, 780,000 mask rules, 25,600 feature code rules, 5,000 TCP Flag rules, 25,600 load length rules, 15,000 compound rules, 6 million auto-learning rules, 1,024 ID rules, and 1,024 user extension rules Support binding of rules with ports Forwarding action Support issurance and drop Issurance supports message header stripping, message header output, unknown message output, output message information carrying and order preservation output Issurance supports alive-keeping between the equipment and the server and the alive-keeping protocol supports ARP, ICMP and BFD Multi-user management Support 4 service users, 1 administrator user, 1 equipment maintenance user and 1 equipment debugging user. The control plane and the forwarding plane between service users are mutually independent Flow management Every two 10G ports support 45 million bidirectional flow tables The first N (1-255) messages of each flow are forwarded by default and if there is no lock-in, the remaining will be dropped other than the first N ones Packet sampling Support packet-by-packet sampling and the sampling ratio is adjusted. The sampling ratio supports 1:1 at most Flow statistics Support NetFlow and sFlow Special item processing Special items of HTTP, special items of SMTP, special items of POP3, special items of PPPoE, special items of Radius fixed network and special items of DNS, Special items of CDMA, special items of LTE and special items of VoLTE Load balancing Support load balancing based on port groups and server groups Support flow-based dynamic load balancing Special message processing Support homologous homoclinic processing of IP fragment messages and the fragment session table supports 2 million pieces Support the rule matching, tunnel stripping and load balancing of tunnel messages according to the internal layer, the external layer and the external layer+ the internal layer Support anti-TCP Syn Flood attack Protocol conversion Support conversion of 100GE to 10GE and conversion of 10GPOS to 10GE 3.3 Traffic distributing convergence board 3.3.1 100G rate 2 ports of 100GE + 24 ports of 10GE This board card is able to provide 2-way 100GE optical interfaces and 24-way SFP+ 10-gigabit optical interfaces in order to satisfy 100GE line protocol conversion and convergence applications of the actual networking. This board card adopts the CFP2 100G optical module and the SFP+ 10-gigabit optical module that support hot plug, and SFP+ could choose multiple transmission distances. Figure 3-12 2 ports of 100GE + 24 ports of 10GE 2 ports of 100GE + 12 ports of 10GE This board card traffic distribution and convergence board is able to provide 2-way 100GE optical interfaces and 12-way SFP+ 10-gigabit optical interfaces in order to satisfy 100GE line protocol conversion and convergence applications of the actual networking. This board card adopts the CFP2 100G optical module and the SFP+ 10-gigabit optical module that support hot plug, and SFP+ could choose multiple transmission distances. Figure 3-2 2 ports of 100GE + 12 ports of 10GE 3.3.2 10G rate 48-port 10GE This board card could provide 10GE optical interfaces of 48 SFP+ interfaces, used for supporting the relatively simple data processing environment. The optical module used by this board card is a pluggable SFP+ optical module and any port supports several distances common to the 10-gigabit Ethernet. Figure 3-3 48-port 10GE 16 ports of 10GPOS + 24 ports of 10GE This board card could provide 10GPOS optical interfaces of 16-way SFP+ interfaces and 24-way SPF+ 10-gigabit optical interfaces, used for supporting the relatively simple data processing environment. The optical module used by this board card is a pluggable SFP+ optical module and SFP+ optical module any port supports several distances common to the 10-gigabit Ethernet. Figure 3-4 16 ports of 10GPOS +24 ports of 10GE 32 ports of 10GE This board card could provide 10GE optical interfaces of 32 SFP+ interfaces, used for supporting the relatively simple data processing environment. 8 10GE interfaces are of LAN/WAN switching. The optical module used by this board card is a pluggable SFP+ optical module and any port supports the common several distances of 10-gigabit Ethernet. Figure 3-5 32 ports of 10GE 24-port 10GE This board card could provide 10GE optical interfaces of 24 SFP+ interfaces, used for supporting the relatively simple data processing environment. 8 10GE interfaces are of LAN/WAN switching. The optical module used by this board card is a pluggable SFP+ optical module and any port supports the common several distances of 10-gigabit Ethernet. Figure 3-6 24 ports of 10GE 12-port 10GE This board card could provide 10GE optical interfaces of 12 SFP+ interfaces, used for supporting the relatively simple data processing environment. 8 10GE interfaces are of LAN/WAN switching. The optical module used by this board card is a pluggable SFP+ optical module and any port supports the common several distances of 10-gigabit Ethernet. Figure 3-7 12 ports of 10GE 8 ports of 10GE This board card could provide 10GE optical interfaces of 8 SFP interfaces, used for supporting the relatively simple data processing environment. The optical module used by this board card is a pluggable SFP optical module and any port supports several distances common to the 10-gigabit Ethernet. Figure 3-8 8 ports of 10GE 3.3.3 1G rate 48 ports of GE This board card could provide 48 1-gigabit Etherne