Scribd Logo
Upload

Welcome to Scribd!

  • Secospace USG9300 (V100R002)

    Uploaded by

    Utopia Media
    40 views6 pages
    Distributed denial of service (DDoS) attacks have been on the rise since the second half of 1999. They can cause serious damage to an enterprise financially, operationally, and waste valuable staff time. The detection, cleaning, and ATIC management centers of the anti-DDoS solution are based on the industry's most advanced system architecture.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Distributed denial of service (DDoS) attacks have been on the rise since the second half of 1999. They can cause serious damage to an enterprise financially, operationally, and waste valuable staff time. The detection, cleaning, and ATIC management centers of the anti-DDoS solution are based on the industry's most advanced system architecture.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    40 views6 pages

    Secospace USG9300 (V100R002)

    Uploaded by

    Utopia Media
    Distributed denial of service (DDoS) attacks have been on the rise since the second half of 1999. They can cause serious damage to an enterprise financially, operationally, and waste valuable staff time. The detection, cleaning, and ATIC management centers of the anti-DDoS solution are based on the industry's most advanced system architecture.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Secospace USG9300

    V100R002

    Secospace USG9300
    Secospace USG9300

    Product Overview
    Distributed Denial of Service (DDoS) attacks have been on against DDoS attacks, comprehensive anti-DDoS operation
    the rise since the second half of 1999 and are currently very features, flexible device forms, and a wide application range.
    common. They can cause serious damage to an enterprise The USG9300 is extremely reliable and protects high-end
    financially, operationally, and waste valuable staff time. applications, such as links on Metropolitan Area Networks
    Huawei Symantec anti-DDoS solution is an advanced traffic (MANs) or backbone networks.
    inspection and control system that offers a solid defense

    Product Family

    USG9310 USG9320

    Product Features
    Advanced anti-DDoS system architecture to abnormal traffic and injects the cleaned traffic back into the

    provide a professional anti-DDoS platform original link. The ATIC management center globally manages

    Huawei Symantec anti-DDoS solution features the industry’s all components of the anti-DDoS solution, including the

    most advanced system architecture, embodying the detection, service configurations and report displays of the detection and

    cleaning, and ATIC management centers. The detection cleaning centers. The USG9300 is scalable and the deployment

    center detects traffic and informs the management center can be centralized or distributed.

    of any abnormalities. The cleaning center diverts and cleans


    Secospace USG9300

    Management Center Management


    Server

    Data Data Data


    Collector Collector Collector

    Anti-DDoS Anti-DDoS Anti-DDoS


    Device Device Device

    Monitoring Traffic
    Traffic Log & Cleaning Log
    & Captured Packet
    Management Traffic

    Flexible device forms to ensure users' To defend against Botnet-generated DDoS attacks, Huawei

    investment Symantec anti-DDoS solution processes high volumes of DDoS

    The detection and cleaning centers of Huawei Symantec anti- traffic at the network layer based on application protocols. To

    DDoS solution have been developed using the USG9000 resist traffic attacks, a single frame of the USG9300 provides

    Enhanced Service Processing Unit (ESPU), which can be an 80G DDoS defense capability. Application layer attacks are

    upgraded to either the cleaning or detection units through blocked through multiple types of protocols such as HTTP,

    license control. The ESPU is based on multi-core and multi- HTTPS, DNS, and SIP to ensure that services for customers are

    thread architecture and can process huge volumes of traffic to not interrupted.

    detect and clean DDoS attack traffic.


    The USG9300 series comprises the USG9310 and the USG9320. Extensive application scenarios to support
    The USG9310 has 8 slots and can accommodate 4 anti-DDoS comprehensive anti-DDoS deployment
    ESPUs; the USG9320 has 16 slots and can accommodate 8 Huawei Symantec anti-DDoS solution is applicable to multiple
    anti-DDoS ESPUs. The USG9300 uses distributed concurrent anti-DDoS scenarios. It can protect the egress of backbone
    processing to greatly improve the detection and cleaning networks, deal with high traffic volumes, cope with application
    capabilities of the integrated device and ensure low pre-phase layer congestion, and resist application layer attacks. Huawei
    investment and smooth expansion in the future. Symantec anti-DDoS solution provides comprehensive policies
    and effective centralized management to meet the anti-DDoS

    Excellent anti-DDoS capability to deliver high requirements of large enterprises and data centers in multiple,

    performance in the industry complex environments.


    Secospace USG9300

    NetFlow Super Core USG9300 Backbone Protection Area


    off-line Cleaning

    Full-network Management
    Monitoring Center
    Core
    Value-added Service Value-added Service Area
    Area Static Cleaning Dynamic Cleaning

    USG9300 USG9300
    Aggregater Full-traffic- Off-line Management
    division Cleaning Center
    Cleaning

    USG9300
    Offline
    Cleaning

    Customer

    Cyber Bar

    IDC
    Enterprise

    Typical Networking Scenario

    Core

    Detection Log

    Aggregater
    Splitting/Mirror
    Detection
    Management
    Cleaning Log Center
    Unit Cleaning
    Diversion/ Cleaning Log
    Unit
    Re-injection

    Detection Unit
    and Cleaning
    Unit are in the
    same Chassis
    DSL Headquarter Branch Splitting/Mirror Traffic
    Diversion Traffic
    Enterprises Re-injection Traffic

    Anti-DDoS networking
    Secospace USG9300

    Product Specifications
    Model USG9310 USG9320

    Number of slots 8 (4 DCUs and 4 LPUs can be configured) 16 (8 DCUs and 8 LPUs can be configured)

    Detection and cleaning capability 10G×4 10G×8

    Number of protected destination IP Refined defense for 10000 destination IP addresses and 2000 VICs
    addresses Common defense for 1000000 destination IP addresses

    Scanning attacks
    •• Port scanning
    Traffic attacks
    •• IP sweeping
    •• SYN flood
    •• Tracert control packets
    •• ACK flood
    •• IP source routing option attacks
    •• SYN-ACK flood
    •• IP timestamp option attacks
    •• FIN/RST flood
    •• IP routing record option attacks
    •• IP fragment flood
    •• UDP flood
    Malformed packet attacks
    •• ICMP flood
    •• IP spoofing
    •• Smurf attacks
    DDoS attacks resisted •• Land attacks
    •• Fraggle attacks
    Application-layer attacks
    •• WinNuke
    •• Connection flood
    •• Ping of Death
    •• DNS query flood
    •• Tear Drop
    •• DNS reply flood
    •• IP option control
    •• HTTP Get/Post flood
    •• IP fragmented control packets
    •• CC attacks
    •• TCP label validity check
    •• SIP flood
    •• Oversized ICMP control packets
    •• HTTPS flood
    •• ICMP redirection control packets
    •• ICMP unreachable control packets

    Hot swapping of modules and components, dual-system hot backup, link aggregation, and
    Reliability
    dual MPUs

    Ethernet interface 5×GE, 10×GE, 24×GE, 1×10GE (optical/electronical interfaces)


    LPU type
    POS interface 8×155M, 4×622M, 4×2.5G, 1×10G

    Maximum number Ethernet interface 96×GE, 4×10GE 192×GE, 8×10GE


    of interfaces POS interface 16×2.5G, 4×10G 32×2.5G, 8×10G

    Dimensions (mm) (W×D×H) 442×669×886 442×669×1600

    Weight 100kg 150kg

    Power 700W 900W

    Mean time between failures (MTBF) 57 years 57 years


    Secospace USG9300

    Secospace USG9300

    The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
    subject to change or withdrawal according to specific customer requirements and conditions.
    All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
    respective holders.

    Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

    Version No.: M3-110019999-20100120-V-1.0

    You might also like