DPX17000 Security Network Core L2-7
DPX17000 Security Network Core L2-7
Network connectivity is of paramount significance at the very beginning of network construction. However, given the ever-increasing network size and diversified business categories, providing high performance cloud computing capability on the basis of network connectivity while ensuring a secure and controlled multi-service environment has drawn greater attention from users. In response, DPtech launched the DPX17000 Series next generation deep service core switches, designed for large secure networks and cloud data centers.
Based on DPtech’s core technologies including APP-X hardware architecture, ConPlat operating system and APP-ID application and threat signature database, the DPX17000 Series uses a flexible switching architecture with separated control plane and forwarding plane to meet 40G and 100G high-density interface expansion requirements through a 100G platform design. Supporting multiple data center features, it realizes deep integration of network and service, providing enterprises users with next generation network infrastructure that is high-speed, intelligent and reliable.
- High Performance Security Network Core
The DPX17000 Series is designed with a cutting-edge CLOS architecture, separated control plane and forwarding plane, and relatively independent master control engine and switch boards. In this way, it helps greatly improve device reliability while laying a foundation for future bandwidth upgrades. With an innovative semi-slot design concept, it offers users with more flexible expansion methods and fully satisfies the application requirements of next-generation enterprise network for a fundamental IT platform.
DPX17000 Series makes an innovative progress from network security to security network. Moreover, the traditional blacklist mechanism has evolved to the whitelist concept centered on management and control.
- L2~7 Virtualization
Relying on VSM and OVC technologies independently developed by DPtech, the DPX17000 Series converts multiple similar service modules into a flexible scheduling resource pool, thus enabling a granular management of business platform resources and improving the utilization of resources. In conjunction with UMC management platform, it provides users with automatic management and operation and maintenance solutions.
- Full Service Integration Capabilities
Combing switching&routing, network security and application delivery, the DPX17000 Series becomes the first to realize the deep integration of layers 2 ~ 7. All service modules in a single device can be managed based on a single IP, making it simple to establish complex networking.
With a series of rich business scalability capabilities, the DPX17000 Series provides more than 10 service slots including iNAC, application delivery, application firewall, IoT application security control system, IPS, Unified Audit Gateway (UAG) and traffic control, anti-DDoS system, WAF, vulnerability scanning, and wireless controller.
The hot elastic service expansion technology can made dynamic adjustments to service modules without restarting the device, enabling plug-and-play on-demand deployment of services.
With strong network adaptability, it offers full support of QoS, IPv4/IPv6 routing, MPLS VPN and other network services.
- Innovative service chain Technology
Based on the innovative “service chain” concept, the DPX17000 Series is able to provide refined definition to data streams according to portfolio policies, customize data flow directions among various service modules, remove limitations of traffic scheduling between different service modules, and realize flexible scheduling at the business layer.
- SDN and Data Center Features
The DPX17000 Series supports mainstream Overlay standards such as VXLAN to address the issue of multi-tenancy. It offers a flexible virtual machine migration solution so as to meet users’ needs for large-scale server deployment and cross-domain connectivity in cloud computing environments. It is compatible with Openflow1.3 protocol, and offers multiple controllers and multi-level flow tables. It can serve as Openflow-hybrid to allow Openflow operations and standard Ethernet switching simultaneously.
- Full backward compatibility with DPX8000
The DPX17000 Series supports a maximum of 20 expansion slots and is backward compatible with the DPX8000 Series boards to protect users’ investment effectively.
- carrier-grade High Reliability
Fully redundant hardware architecture DPX17000 Series supports master control board 1+1 redundancy, switching board N+1 redundancy, fan module 1+1 redundancy, power supply module N+M redundancy. It supports uninterrupted restart, hot fixes, separated data/control/monitoring planes and other technologies, ensuring 99.999% carrier-grade reliability. It supports BFD, OAM and other fast fault detection technologies, and provides a series of device-level and network-level fault detection methods.
- Green and energy efficiency
In response to an orthogonal architecture of service boards and switching boards, the DPX17000 Series is equipped with multiple innovative cooling technologies such as a dual air duct design, increasing heat radiation efficiency by 30%.
It is capable of performing temperature detection on key components such as service boards and switching boards. Based on the temperature and configuration of each component, it can realize intelligent fan speed regulation, reduce power consumption and environmental noise, and guarantee energy efficiency.
|Packet forwarding rate||8400Mpps/48000Mpps||14400Mpps/86400Mpps||19200Mpps/115200Mpps|
|Number of master control slots||2||2||2|
|Number of switching boards||1—4|
|Maximum service slots||5||12||20|
|VSM hardware cluster||Supported||Supported||Supported|
|Power supply||N+M redundancy (full rack: 2)||N+M redundancy (full rack: 4)||N+M redundancy (full rack: 6)|
|Type of port||Support 24 GE ports, 48 GE optical interfaces, 48 GE electrical interfaces, 4 10GE ports, 8 10GE ports, 16 10GE ports, 32 10GE ports, 2 40GE ports, 12 40GE ports, 4 100GE ports, etc.|
|Type of service board||iNAC, application delivery, application firewall, IoT application security control system, IPS, Unified Audit Gateway (UAG) and traffic control, anti-DDoS system, WAF, vulnerability scanning, SSL VPN, and wireless controller.|
|Layer-2 Features||VLAN、STP、RSTP、MSTP、QinQ、灵活 QinQ、VLAN Mapping、链路聚合、跨板链VLAN, STP, RSTP, MSTP, QinQ, flexible QinQ, VLAN Mapping, link aggregation, cross-board link aggregation, cross-board port/flow mirroring, port broadcast/multicast/unknown unicast forwarding storm suppression, Jumbo Frame, VLAN division based on port/protocol/subnet and MAC, PVLAN, GVRP, CoS priority, etc.|
|Layer-3 Features||IPv4: Static routing, RIP v1/2, OSPF, BGP, policy-go-together, etc IPv6: IPv6 static routing, RIPng, OSPFv3, BGP4+, transition tunnel technology from IPv4 to IPv6, etc.|
|Virtualization features||Support VSM (Virtual Switching Matrix) N:1 virtualization technology, which performs virtualization of multiple L2 ~ 7 physical devices into a single L2 ~7 logical device Support OVC (OS-Level Virtual Context) 1:M virtualization technology, which performs virtualization of a single L2 ~7 physical/logical device into multiple L2 ~ 7 logical devices Support service chain technology, which defines business streams based on L2-7 protocol features, and allows on-demand assignment of physical/logical service modules for traffic passage Support IP-based unified management between the host and service modules and unified configuration interface|
|MPLS/VPLS||Support L3 MPLS VPN, VPLS, VLL, hierarchical VPLS, QinQ+VPLS access, P/PE, LDP, MPLS OAM, etc.|
|Multicast features||Support IGMPv1/v2/v3, IGMPv1/v2/v3 Snooping, PIM-SM/PIM-DM/PIM-SSM|
|SDN and Data Center Features||Support 802.1Qbg and DCB Support mainstream Overlay standards such as VXLAN Support Openflow1.3 protocol|
|Other network layer features||Support ACL rules including source IP, source port, destination IP, destination port, protocol number, physical port Support Ingress/Egress CAR, 802.1P/DSCP priority Mark/Remark Support permit, deny, redirect, VLAN modification, mirroring and other actions|
|Service features of iNAC||Support Portal, 802.1x, IP/MAC, SMS access Support non-sensing roaming to enhance users’ access experience Support policy follow-up to granular access contrl for users Support personnel traceability, ensuring accountability Support unified management of users|
|Service features of application delivery||Support link load balancing, server load balancing, application acceleration to ensure fast and available of applications|
|Service features of application firewall||Support security domain division, access isolation, attack prevention, NAT, IPSec/SSL/L2TP VPN, etc.|
|Service features of IPS||It provides seven layers of security defense with active prevention against vulnerability exploit/exploitation, web page tampering, and SQL injection; IPS also has a built-in professional virus library that can block various worms and viruses in real time|
Service features of UAG
|Traffic control: seven layers of detection, classification and control enables immediate visualization of network traffic and applications; traffic control over non-critical services such as P2P and games helps ensure bandwidth for critical services and convenient management of network bandwidth
Unified auditing: through a detailed review of access histories and permission management of Web access, online games, stock trading, online film and television and other online behaviors, it helps ensure they meet relevant requirements and laws and regulations; with a signature library consisting of more than 5,000 network layer and application layer protocols, as well as a URL address library consisting of ten million entries, it allows refined UAG for users
|Service features of Anti-DDoS system||Combining detection and cleaning to effectively protect metropolitan area networks and IDCs from a huge amount of DDoS attacks|
|Service features of WAF||It supports Web application security protection, offering vulnerability protection, Web policy optimization, HTTP protocol reinforcement and other functions to ensure the availability and reliability of Web applications|
|Services features of wireless controllers||Support 801.11ac AP and 802.11n AP Management, wireless user access control and security protection Support 802.1x, MAC address and Portal authentication; support centralized/distributed forwarding|
|Management features||Support FTP, TFTP, Xmodem
Support Web management port, SNMP v1/v2/v3
Support RMON, NTP clock, intelligent power management
Support unified management platform (UMC)
|Reliability||CLOS architecture, and separated master control engine and switching boards It supports uninterrupted forwarding, Graceful Restart, hot fixes, separated data/control/monitoring planes and other technologies Support BFD, OAM and other fast fault detection technologies Support master control board 1+1 redundancy, switching board N+1 redundancy, fan module 1+1 redundancy, power supply module N+M redundancy Support online status monitoring protocol to perform detection of key components including master control engine, backplane, chip and storage|
|Power supply capacity as a whole unit||2400W||4800W||7200W|
|Dimension (width x height x depth) (in mm)||442×309×480||442×703×480||442×1019×480|
*These specifications apply only to DPtech products available on the international market.