Service Inspection Gateway (SIG9800)

Service Inspection Gateway (SIG9800)

HUAWEI TECHNOLOGIES CO., LTD.


Product Overview

Product Series

It has become a trend for communications networks to be integrated with IP networks. The controllability of communications networks, however, goes into deep conict with the open nature of IP networks. As a result, traditional communications networks have to bear the brunt of IP networks. With the advent of the 3G age, operators have increasing requirements for network optimization, service differentiation, and real-time and online accounting. With the changes in market environment, business transformation has become an inevitable choice for operators. Learning more details about networks helps operators to realize granular operation. The SIG9800 series product (hereinafter referred to as the SIG9800) is a family of high-capacity professional Deep Packet Inspection (DPI) devices developed by Huawei based on mature high-end router hardware platform. The SIG9800 can dynamically manage bandwidths of high-density large-capacity interfaces, such as 10G POS and 10G WAN/LAN interfaces, according to flexible policies. Huawei SIG system supports a maximum of 80 SIG9800s, providing up to 2000 Gbps link bandwidths and meeting the DPI requirements

SIG9810

SIG9820

of a large-sized network with 10 million users. The SIG9800, adopting multiple patented inspection technologies, analyzes and processes packets based on a high-performance hardware platform. In addition, the SIG9800 provides intelligent and flexible service control measures to analyze trafc, manage bandwidth, and ensure

solution can help operators to meet the challenges brought by

network security on both wireless and xed networks. The SIG9800,

network transformation. With service visualization and granular

supporting distributed deployment and centralized management, is

bandwidth management, the DPI solution provides individualized

easy to scale up.

value-added services, helping operators to realize rened network

Huawei integrated DPI solution is based on the SIG9800. This

operation.

1


Product Features Compatible with 3GPP

consumption, thus reducing deployment cost.

The design meets the development trend of the telecom industry and complies with the 3GPP-PCC standard design product

Scalable modular architecture design

architecture. By working with the PCRF, OCS(online charging

Adopting the two-level architecture, foreground distributed

system), and Other system, the SIG9800 dynamically adjusts

deployment, and background centralized analysis, the SIG9800

bandwidth policies according to trafc, duration, and applications

system is easy to scale up to meet operators' requirements brought

and adopts real-time and exible charging policies. The SIG9800,

by increasing services. With the access of new links, the SIG9800

in wireless network environment, provides differentiated and

system can be seamlessly upgraded and scaled up. This helps

individualized services by realizing functions such as network trafc

protect customers' existing investments.

identification, bandwidth management, application-specific real-

The SIG9800 provides varieties of interface boards and supports

time charging, and network security guarantee.

multiple interfaces such as 10G POS, 10G WAN, 10G LAN, and 1 GE interfaces. Later versions will support 20G high-speed

Industry-leading high-performance hardware platform

interface boards. Upgrade and capacity expansion of links can be

The hardware platform of the SIG9800, inheriting excellent

extends the life cycles of the SIG9800s.

implemented by replacing interface boards rather than devices. This

architecture design features of Huawei high-end routers, delivers carrier-class and router-level performance and availability.

Powerful trafc and protocol analysis capability

The SIG9800 adopts the ASIC+NP architecture for processing

Integrating the DPI and Deep Flow Inspection (DFI) technologies,

packets and the ASIC+FPGA+multi-core architecture for processing

the SIG9800 deeply analyzes the traffic distribution, traffic trend,

services. A single SIG9800 can support dozens of multi-core

and trafc direction of different users, areas, links, and AS domains.

processors and process up to 80 Gbps link services. This architecture

With the SIG9800, operators can learn the distribution of traffic,

meets not only the requirements of DPI devices for real-time, high-

protocols, and services on networks. This lays a solid foundation for

performance, and low-consumption data processing but also the

planning networks, making traffic control policies, and exploring

requirements of telecom services for low network delay and high-

the commercial values of networks.

quality transmission. The SIG9800 overweighs counterpart products

Integrating the heuristic behavior analysis and detection, protocol

in performance. In addition, the modular and high-density hardware

analysis, and signature matching technology, the SIG9800 can

architecture design effectively saves space and reduces power

comprehensively analyze data between the network layer and the 2


application layer, and accurately identify hundreds of application

most damaging URLs and spammers, helping operators to depurate

protocols such as Point To Point (P2P), VoIP, Instant Message (IM),

network environment, mitigate loss caused by spams, and launch

video, game, and stock protocols. In addition, the SIG9800 supports

value-added services.

condition combination detection based on protocol characteristics, trafc patterns, and connection number characteristics.

Intelligent and automatic repository upgrade The SIG9800 updates the attack signature library, system vulnerability

Granular bandwidth management

library, and security repository at Huawei security update website in

Based on comprehensive application identification, user

real time. The update does not require user intervention and is easy

identification, and traffic load and direction identification, the

to operate and manage. In addition, the update process does not

SIG9800 can specify different bandwidth management policies

interrupt system services.

for AS domains, links, VIP users, and common users. The SIG9800 adopts multiple methods such as QoS management and traffic

Professional report function

shaping to realize application-specic granular bandwidth control

The Web-based report system of the SIG9800 is a standalone

based on the time, domain, and user, thus realizing need-based

and professional report system based on the B/S architecture. The

bandwidth allocation and increasing bandwidth usage.

SIG9800 report system supports output in multiple formats and presentation forms such as trend charts, bar charts, pie charts, and

All-round network security guarantee

curve charts. This report system provides service-specic real-time

By adopting multiple inspection technologies, such as DPI,

statistics analysis report based on links, areas, and users. Using the

signature matching, network rate and concurrent connection

analysis data stored on the background database, the report system

number anomaly statistics and analysis technologies, and searching

deeply explores and analyzes data, providing operators with data

protocol/system security vulnerability libraries and attack signature

support for launching new services such as user behavior analysis.

libraries updated in real time by globally distributed security threat estimation systems, the SIG9800 deeply analyzes network trafc at the application layer, and accurately identies and blocks malicious traffic from DDoS attacks, worms, and botnets, thus protecting services and users against increasingly severe network attacks. Depending on the perfect URL classification base including more than 29 million URLs as well as the latest and more comprehensive spammer library of Huawei, the SIG9800 is capable of ltering out 3


Typical Networking Deployment in xed broadband network environment

By adopting service trafc load and direction analysis, the SIG9800

In xed network environment, the SIG9800 can be deployed at the

to application types or user types, the SIG9800 conducts QoS

convergence, access, and core layers. To meet the requirements

management of different levels such as QoS remark, shaping, and

of different application scenarios, the SIG can be connected to

priority scheduling. In addition, the SIG9800 can provide multiple

the network in in-line and transparent mode and uses internal or

value-added services such as differentiated services, green surng,

external bypass devices to ensure the high reliability of links.

and self-service bandwidth and services.

learns the distribution of users, services, and traffic. According

IM

Radius Server

Video Web

Games

Radius Message

Internet VoIP

SIG Background Servers Radius Message

SIG9800

MAN

BRAS

Deployment in xed broadband network environment

4


Deployment in wireless network environment

modes. In addition, the SIG9800 can conduct QoS control on

In wireless network application scenario, the SIG9800 can cooperate

service trafc and provide users with service, bandwidth, or trafc-

with the RM9000 (PCRF) and OCS to provide service-specic quota

based differentiated services, helping wireless operators to launch

management based on duration, trafc, or their combination. thus

granular operation.

meeting the requirements of operators for multiple accounting

OCS

Video

IM

Web Games

Internet

Gy

VoIP

Radius Message

Radius Server

SIG Background Servers

Radius Message

Gi

SIG9800

Gx RM9000

Provisioning System Portal

GGSN

SMSC 3G

Deployment in wireless network environment

5


Product Specifcations Item

SIG9810

SIG9820

Processing capability (single device) Physical interface Management interface

GE interface

GE interface

Service interface

GE, 10 GE, 10G POS

GE, 10 GE, 10G POS

Power specications SIG foreground: 3500W (full conguration)

Power consumption (full conguration)

SRU: 80W/board

SIG foreground: 6000W (full conguration)

SFU: about 30W/board

MPU: 50W/board

SPU: about 125W/board

LPU: about 39W to 44W/board (determined by actual

LPU: about 150W to 200W/board (determined by

congurations)

actual congurations)

Fan: 100 W/piece

Fan: 270W/piece 90 V AC to 275 V AC; 50/60 Hz

90 V AC to 276 V AC; 50/60 Hz

-75 V DC to -38 V DC

-75 V DC to -36 V DC

Number of power supplies

2

2

Redundancy

1+1

1+1

442×669×886 (20U)

442×669×1600 (36U)

Input (AC/DC)

Product specications Dimensions (mm) (W×D×H)

Chassis (empty): 65kg Full conguration: 110kg SRU: about 3.8kg/board Full conguration weight

SFU: about 1.8kg/board SPU: about 3.5kg/board LPU: about 4.8kg/board Power supply: about 9kg/piece

Full conguration: <400kg MPU: about 3kg/board LPU: about 3.5kg/board Power supply: <21kg/piece Fan: about 9.5kg/piece

Fan: about 5kg/piece Working environment Temperature Humidity

Note: Equipment

Long term: 0°C to 45°C

Long term: 0°C to 45°C

Short term: -5°C to 55°C

Short term: -5°C to 55°C

Long term: 5% to 85%

Long term: 5% RH to 95% RH, non-condensing

Short term: 0% to 95%

Short term: 0% RH to 95% RH, non-condensing

performance calculated in accordance with the typical conguration, the actual item, in accordance with different types of business, there

will be corresponding differences in performance. 6

NO WARRANTY THE CONTENTS OF THIS BROCHURE ARE PROVIDED “AS IS”. EXCEPT AS REQUIRED BY APPLICABLE LAWS, NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE MADE IN RELATION TO THE ACCURACY, RELIABILITY OR CONTENTS OF THIS MANUAL. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO CASE SHALL HUAWEI TECHNOLOGIES CO., LTD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, OR LOST PROFIT S, BUSINESS, REVENUE, DATA, GOODWILL OR ANTICIPATED SAVINGS.

Copyright © Huawei Technologies Co., Ltd. 2009. All Rights Reserved. The information contained in this document is for reference purpose only, and is subject to change or withdrawal according to specic customer requirements and conditions.

HUAWEI TECHNOLOGIES CO., LTD.

Add: Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R. China Tel: +86-755-28780808 Version No.: M3-080030-20090416-C-1.0 www.huawei.com

Service Inspection Gateway (SIG9800)

Recommend Documents