dro router introduction. market positioning and demand analysis router introductions advantages...
TRANSCRIPT
Market positioning and demand analysis
Router introductions
Advantages & selling point
Competition analysis
Case share
Agenda
CPU under attack. The router can’t be
managed.
Financial and operational service can't be protected.
The online video can’t be smoothly displayed.
Internet access is too slow. Traffic can not be monitored
Sometimes this may happen…
QoSQoS
High performance High performance
ReliabilityReliability
ManagementManagement
New demands for network
Router
Market positioning and demand analysis
Router introductions
Advantages & selling point
Competition analysis
Case share
Agenda
Access Router
DRO-1002 DRO-2014 DRO-2024
Aggregation Router
DRO-3044 DRO-5020 DRO-5040 DRO-5080
Router portfolio
Module DRO-5020 DRO-5040 DRO-5080
CPU Dual-core NP Dual-core NP Dual-core NP
SDRAM 512M ( default ),1G
512M ( default ), 1G
512M ( default ), 1G
Flash 32M ( default ), 96M
32M ( default ), 96M
32M ( default ), 96M
Console/AUX 1/1 1/1 1/1
Fixed Ethernet interface 3GE ( combo ) 3GE ( combo ) 3GE ( combo )
USB 2 2 2
NMX slot 2 4 8
DNMX slot 1 2 2
Power module 2 3 3
Dimension( L X W X H mm
121×445×412 , 3U 161×445×412 , 4U 243×445×412 , 6U
Backplane bandwidth
28Gbps 28Gbps 28Gbps
Forwarding capacity
4.5Mpps 4.5Mpps 4.5Mpps
DRO-50 Specification
Control Module-Slot 0
Slot 7 Slot 8
Slot 5 Slot 6
Slot 3 Slot 4
Slot 1 Slot 2
FAN
Power 0
Power 1
Power 2
DRO-5020 has two power module slots.
DRO-5040 and DRO-5080 has three power module slots.
DRO-50 Hardware Design
NMXNMX
Power
Poweraux console
NMXNMX
NMXNMX
NMXNMXNMXNMX
PowerPower
Poweraux console
NMXNMX
NMXNMX
PowerPower
Poweraux console
DRO-50 Hardware Design (cont.)
Temp Detect
Dual Network Processor
20Gbps HT Networkinterface
2GbpsPCI Bus
DDR RAM
GE
HT Bridge
Fast AIMEncrypt Engine
GE
GE Combo
GE USB
AIMEncrypt Engine
2Gbps PCI Bus
2Gbps PCI Bus
50Gbps DDRRAM BUS
GE Combo
GE Combo
Local BUS
FLASH
UART
BootROM
AUX
Console
USB
HT BridgeNetworkinterface
Networkinterface
Networkinterface
2GbpsPCI Bus
Networkinterface
2GbpsPCI Bus
Networkinterface
Networkinterface
Networkinterface
DRO-50 Hardware Design (cont.)
Module DRO-3044
CPU MPC
SDRAM 512M
Flash 512M
Console/AUX 1/1
Fixed Ethernet interface 2GE ( combo )
USB 2 USB2.0
Routing engine slot 1
Service slot 8 ( 4 NMX , 4 SIC )
Power supply module 2
Dimension( L×D×H,mm)
440X412X161.4
Forwarding capacity 2Mpps
DRO-3044 Specification
SIC-6 SIC-8Control Module
SIC-5 SIC-7
NMX-3 NMX-4
NMX-1 NMX-2
Fan
Power
Power
DRO-3044 Hardware Design
Mode DRO-2014 DRO-2024
Appearance
Forwarding capacity 280kpps 300kpps
Console/AUX 1/1 1/1
Fixed routing port 3FE 2FE
SIC slot 4 4
NMX slot 1 2
USB 2 2
Maximum switching port 24 52
DRO-20 series specification
AUX
Console
3*10/100M
SIC slotNMX slot
2*USB
Built-in encryption engine
Capacity to 280kpps
DRO-2014
4*SIC slot2*NMX slot
AUX
Console 2*USB
2*10/100M
Built-in encryption engine
Capacity to 300kpps
DRO-2024
Mode DRO-1002
Appearance
Forwarding capacity 260Kpps
Fixed routing port 2FE
SIC module slot 2
NMX module slot N
USB N
Dimension 44 ×268×185 (mm)
DRO-10 specification
Market positioning and demand analysis
Router introductions
Advantages & selling point
Competition analysis
Roadmap
Case share
Agenda
With the access mode becoming more and more, the speed is faster and faster (MSTP 、 fiber 、 PON), the bandwidth requirement is growing rapidly.
With multi -services running , DRO router can achieve 100M wire-speed forwarding.
Nearly no interruption when using ACL 、 QOS 、 PBR 、 NAT.
Under 100M line, DRO router won’t be the bottleneck of network.
High performance ---In services
DEF-D-link Express Forwarding
DEF achieve multi-service integration,
Increase performance of ACL, PBR,NAT, FW,QOS
etc.
Accept packet
…Header
Inspection
Packetencapsulation
QOS
Packetencapsulation
FIB ADJ
FastState
processing
FastACL
Fast PBR
Flowcreate
WholeACL
Whole PBR
Send packet
Extreme path
Fast flow path
Whole NAT
Complete flow path
Fast NAT
High performance --- D-link DEF fast forwarding
When ACL,
PBR,NAT, FW,QO
S is deployed, DEF
achieves exact
matching with the 1st
packet, and the
matching of following
packets according to
the flow table. No
impact on
performance
between deploying 1
piece of ACL and 500
pieces of ACL!
Flow-based speeding mechanism
100 ACL/PBR 500 ACL/PBR1 ACL/PBR
High performance --- D-link DEF fast forwarding
X-FLOW is the data processing mechanism of DEF.
Traffics with the same SIP, DIP, TCP/UDP port number, protocol number, are defined as a flow. DRO applied the flow table technology.
ACL NAT QOSIPSec …
Packet
routing
Flow table Look up
Direct processing of packets Packet
Update flow table according to results
1st packet ,routing inquiry,
record result
Following packet using flow table
forwarding directly
High performance --- X-FLOW
Why X-FLOW: when deployed with ACL、 QOS、 NAT、 IPSec, the forwarding performance will not be affected.
DROs can achieve different functions of switch and router by deploying the switching module.
Multi-service --- routing, switching all-in-one
Why All-in-one design: Greatly save the cost of TCO 。 Decrease the maintenance cost, Save installation space Save one machine’s power for “green world” 。
28
Router master CPU
Switching chip Switching CPU
Managing
tunnel
Data
tunnel
……
Switching port
Distributed architectureSeparate CPU , with separate OS
Centralized architectureSharing CPU , switching function integrated in the router OS.
Managin
g tunnel
Data
tunnel
Router master CPU
Switching chip
……
Switching port
Multi-service --- distributed architecture
Advantage:• Modular design, based on the customer’s real need, easy to
be extended and flexible to use.• Distributed architecture switching module with own CPU and
OS, decrease the burden of CPU, promote the stability. • Switching module with separate OS, and D-link has nearly
million deployment of switches with high maturity OS.• All the switch functions are included.
Multi-service --- advantage and disadvantage
30
• One router with:Routing+Switching+MPLS+NAT+Firewall+VOIP+VPN+3G+IPFIX
Multi-service --- routing, switching all-in-one
P
P
PPE
VPN ASite 3
VPN ASite 1 VPN B
Site2
VPN BSite 1
PE
PE
VPN ASite2
CE–A1
CE–B1CE–A3
CE–A2
CE–B2
P
Fully support MPLS function, support standard MPLS label switching Layer 3 VPN based on BGP/MPLS VPN Support IPSec 、 L2tp multi-instance , achieve perfect integration between IP
VPN and MPLS VPN
Multi-service --- L2/3 VPN processing
Accept packet
Classify
Sou. interfaceDest. interfaceSou. portDest. portProtocol typeTOS
AC
L
Classify
Queue0
Queue1
Queue2
QueueN
REDWRED
Queue
FIFOPQSPWRRDRR
TokenDrop
Drop
Continue to send
In queue Out
queue
Token bucket
Out portIn port
CAR
L2/L3/L4 Flow classifying
schedule
Congestion detection/avoidance
Flow shaping
Multi-service --- QoS
Meticulous management
Packet classify marking
Congestion avoidance ( RED 、 WRED )
Flow supervision ( CAR )Flow shaping ( GTS )Congestion
management ( FIFO,PQ,CQ,WFQ,CBWFQ,LLQ,RTPQ )
Line efficiency ( CTCP 、 CRTP )QoS queuing technology
Business packets
1M
Physical
Port
OA packets
100K
Video packets
900K
Multi-service --- Dedicated QoS
34
• Support WCDMA、 CDMA2000、 TD-SCDMA.
• Flexible for remote areas to access.
• Serve as backup link for enterprise network.
Multi-service --- 3G accessing for remote places
Multi-service --- AEP application extension platform
AEP: Application Extension Platform
Layer 7 applications can be deeply integrated into DRO router.
• How many applications? Network attack? Which is the key application? Where does the flow come from?
With IPFIX, network is transparent to you.
Multi-service --- built-in IPFIX
Branch office
Branch office
DRO-20
DRO-20
Router
WAN
Information center
UNIX
Hardware encryption card
Encryption
Built-in Encryption
card
High security--- application encryption
The V-CPU technology of DRO router, can separate the CPU into two part, the management and data-forwarding.
No matter how large the attack and data flow is, the management will be always available.
High availability --- equipments can be managed in any time
Why V-CPU:
The equipment can be managed at any time!!!
CPU resource
Data forwarding
CPU
SystemManagement
CPU
VCPU : Virtual CPU technology , CPU resources can be virtualized into two part: data forwarding and system management, the resources can be adjusted dynamically.
Data forwarding CPU : specialized for data forwarding System management CPU : control plane and management plane No matter how large the attack and data flow is, the management won’t be
interrupted
High availability- --- VCPU
Q & A
What is the technology helps DRO routers achieve high performance , when applying ACL, QoS, NAT…….?
Market positioning and demand analysis
Router introductions
Advantages & selling point
Competition analysis
Case share
Agenda
DRO router is widely deployed in the vertical market.
D-link DRO series routers , have been deployed in the finance, government, education, enterprise for more than
100,000.
The strategic partner of China Life, PICC , more than 5,000 deployment.
The strategic partner of Construction Bank of China, more
than 8,000 deployment.
100,000 vertical deployment with stable routers.
100M
2M SDH
155M SDH
1000M
City City City City City City
ShandongBranch
HebeiBranch
GuangdongBranch
…… ……
BeijingData center
Shanghai Data center
Jiangsu Data center
Data center
Province
DRO-30*2DRO-30*2DRO-30*2DRO-30*2DRO-30*2DRO-30*2
CNC ATM
AT
M
ATM
ATM
ATM
ATMATM
SDHSDH SDH
SD
H
CNC ATM CNC ATMChina TelecomATM
China
Telecom
ATM
• 110 cities , 2*DRO-30 for uplink for each city
Backbone network of China Life Insurance
Small node Big nodeATM nodeBranches
DRO-50
DRO-20 DRO-20
S5700/S7600/S8600S2600 S3700
BackboneArea
Core switchWAN core
WANArea
To HQ
WANArea
DRO-20
S3700
100M
2M SDH
155M SDH
1000M
2007-2008 , 6 provincial networkNeimenggu :14*branch , 400*nodeHebei : 11*branch , 1100*nodeNingxia : 9*branch , 200*nodeQinghai : 9*branch , 150*nodeHunan : 20*branch , 600*nodeGuangxi : 14*branch , 400*nodeOthers :Hubei : 700*node. Jinagsu:800*nodeShandong : 600*node, Xinjiang :300*nodeFujian : 400*node, Henan :200*node…………………………
CPOSATM
2M S
DH
2M S
DH
2M SDH
CPOS
Network of Construction Bank of China
100M
2M SDH
155M SDH
1000M
DRO-1002
Branches
ATM
SW
Office PCService PCTerminal
SW
Small node
ATM ATM
Normal node
ATM Office PCService PCTerminal
Office segment
Service segment
Office segment
Service segment
DRO-2014DRO-2024
Beijing : 400Xinjiang : 300Jilin : 100Gansu : 200Guizhou : 300Shandong : 400Ningxia : 100Guangdong : 200Liaoning : 200Dalian : 100Guangxi : 100………………MSTP/2M SDH
Master2M SDHBackup
SWSW
Network of Industrial & Commercial Bank of China
…
INTERNET INTERNET
To HQ To HQ To HQ To HQ To HQ
ShanxiGuangdongFujianHebeiHunan
DRO-20SecVPN100 SecVPN100 SecVPN100 SecVPN100
branchesbranchesbranchesbranchesbranches
R3642 R3642 DRO-50 R3740 R3642
Shanxi 600 Guangdong 300 Hunan 200 Hebei 200 Fujian 200 Shandong 100 Neimenggu 100 Xinjiang 100 Gansu 100 Hubei 100 Tianjin 100 Henan 50 Beijing 50 Ningxia 50 Zhejiang 50……
ADSL
AD
SL
ADSL
AD
SL AD
SL
National VPN network of China Insurance
100M
2M SDH
155M SDH
1000M
City Branches
branches
City Branches
2M SDH/MSTP
2M S
DH/M
STP
Service Office
NodeDRO-20/R2700
Guangdong : 2000Jiangsu : 2000Shanxi : 600Shanghai : 400Hainan : 300Guangxi : 500Heilongjiang : 300Liaoning : 500…………………………
Service Office
NodeDRO-20/R2700
Service Office
Node DRO-20/R2700
2M SD
H/MSTP
SWSW SW
Network of Agriculture Bank of China
XX Army
DRO-2014
XX Army
DRO-2014
XX Army
DRO-2014
XX Army
DRO-2014
DRO-5080
Xinhua News Agency HQ
SDH
HQ deployed 2*DRO-5080, adopted 155M CPOS connecting 19 army branches. Each army branch deployed DRO-2014
100M
2M SDH
155M SDH
1000M
155M
CP
OS
……
2M SDH
2M SDH
Military branch network Xinhua News Agency
ISP
Xinhua HQ Xinhua Shanghai
Branch
Exchange office
Stock office
Xinhua 08 access
DRO-5080 DRO-5080
Servers
100M
2M SDH
155M SDH
1000M
Xinhua News Agency deployed 6*DRO-5080 , 2 were deployed for Xinhua 08 service, others were deployed for mobile reporting platform, uses CPOS or 4E1 binding.
08 transmission platform of Xinhua News Agency
NationalGovernmentNetwork
PrivateNetwork for Ministries
PrivateNetwork for Ministries
Ministry of Audit
BranchDRO-2024
100M
2M SDH
155M SDH
1000M
BranchDRO-2024
BranchDRO-2024
BranchDRO-2024
ProvincialGovernmentNetwork
ProvincialGovernmentNetwork
BranchDRO-2024
BranchDRO-2024
2nd phase of “Gold Audit” Network
Video monitor center
MAN
Camera
Storage Encoding &decodingMonitor center
DRO-5080 DRO-5080
Office
DRO-5080
Camera Office
DRO-5080
Office
DRO-5080
CameraOffice
DRO-5080
Camera Office
DRO-5080
CameraOffice
DRO-5080
Camera
Camera Office
DRO-5080
CameraOffice
DRO-5080
23*Branch office
Video monitoring network of Xuanwu District, Beijing