Solución de limpieza de tráfico One Net
The modern world is witnessing exponential growth of network attacks. For example, in 2010 alone the rate of distributed denial-of-service (DDoS) traffic attacks on bandwidth was 100 Gbit/s, a 1000% increase compared with that in 2005. These emerging attacks target specific application-layer protocols, such as HTTP, HTTPS, SIP, and DNS. These new malicious attacks render conventional flow devices ineffective. Consequently.
The modern world is witnessing exponential growth of network attacks. For example, in 2010 alone the rate of distributed denial-of-service (DDoS) traffic attacks on bandwidth was 100 Gbit/s, a 1000% increase compared with that in 2005. These emerging attacks target specific application-layer protocols, such as HTTP, HTTPS, SIP, and DNS. These new malicious attacks render conventional flow devices ineffective. Consequently, enterprise IT departments are faced with the following problems:
Based on Huawei’s deep expertise in security technologies and firm understanding of customer requirements, Huawei has devised a traffic cleaning solution that can secure customers' networks while simplifying their management needs. The solution is specifically tailored for:
The Huawei traffic cleaning solution can be divided into three centers, as shown in the following figure.
Acting like the "eyes" of the solution, the detecting center monitors traffic based on certain detection policies and reports abnormalities to the management center.
Acting like the "heart" of the solution, the cleaning center receives instructions from the management center and cleans abnormal traffic based on traffic diversion policies.
Acting like the "brain" of the solution, the management center formulates detecting and cleaning policies, controls detecting and cleaning devices, and generates attack reports and cleaning logs.
With an industry-leading processing capacity of 160 Gbit/s per chassis, the Huawei One Net Traffic Cleaning solution can withstand large-scale attacks.
Built on the network processor (NP), multi-core CPU, and distributed architecture, the detecting and cleaning centers provide linear capacity expansion capability to overcome bottlenecks in processing performance.
The solution provides fine-grained protection for 2000 VIP customers and 10,000 IP addresse,s and provides coarse-grained protection for 1 million IP addresses.
With DPI technology and a solid 7-layer defense structure, the solution can efficiently prevent various attacks from occurring.
Unlike conventional Netflow-based devices, Huawei’s detecting devices use DPI technology to analyze every byte inside packets, and uses the 7-layer defense structure to effectively identify attack types, including traffic, application-layer, scanning and snooping, and malformed packet attacks.
The solution supports IPv6/IPv4 dual stack to defend against IPv4 and IPv6 attacks simultaneously, secure the IPv4-to-IPv6 transition, and reduce transition costs.
The solution detects and cleans abnormal traffic within seconds to ensure service continuity.
Conventional flow-based detecting devices analyze network-wide router logs, and as a result attack detection can be very slow. Huawei detecting devices use DPI technology to capture attack characteristics in real time to detect attacks within seconds.
1+1 main processing engines
3+1 switching boards
Key component (power module and fan) redundancy
Core router-class service stability
Architected with independent modules that have little impact on each other
The VRP currently supports over 4 million devices on live networks
The solution ensures 500,000 hours of mean time between failures (MTBF) and 99.9999% reliability through:
Inter-board load balancing
Cross-board interface binding
Two-node cluster hot backup
The solution provides a flexible graphical user interface which simplifies configuration and maintenance.
For security audits, the solution collects evidence in either of the following ways:
Packet capture based on access control lists (ACLs)
Automatic packet capture based on the type of attack events
The solution manages distributed peripheral devices in a centralized and simplified manner, which decreases the number of management servers needed and significantly reduces maintenance costs.
The E1000E supports software license upgrades to expand the cleaning capacity without adding hardware, greatly reducting costs.
The E1000E supports smooth capacity expansion.
The E1000E supports a maximum of eight service boards per chassis. Service boards can be added, making it cost efficient to expand capacity.
Traffic detecting and cleaning devices share the same chassis, reducing the need for additional investments.
The service-rich IDC with egress bandwidth is vulnerable to flooding and application-layer attacks.
The solution provides processing capacity of 160 Gbit/s per chassis and quick response times (within seconds).
The Huawei One Net Traffic Cleaning solution can withstand over 30 types of DDoS attacks, including :
The following figure shows the anti-DDoS network of an IDC.
Web portals or game servers with egress bandwidth are vulnerable to flooding attacks and application-layer attacks.
Huawei One Net Traffic Cleaning Solution provides a processing capacity of 160 Gbit/s per chassis and quick response times (within seconds).
Withstands over 30 types of DDoS attacks, including e.g. :
The following figure shows the anti-DDoS network of a web portal or game website.
Large and medium-sized enterprises build networks or rent links (about 10 GB) to enable office automation (OA) and internal communication, which is vulnerable to DDoS attacks.
The solution can withstand over 30 types of DDoS attacks, particularly those attacks aimed at OA networks, including:
The following figure shows the anti-DDoS network of an enterprise.
Online services are vulnerable to DDoS attacks. These attacks can severely compromise a service provider’s customer base, financial security, and reputation.
The Huawei One Net Taffic Cleaning solution can withstand over 30 types of DDoS attacks, particularly those attacks aimed at online transaction systems, including:
The following figure shows the anti-DDoS network of online services.
DNS servers, a vital part of the Internet infrastructure, are often subject to DDoS attacks, with serious consequences for customers.
The Huawei One Net solution can withstand over 30 types of DDoS attacks, particularly those attacks aimed at DNS services, including:
The solution also provides a Top N DNS cache function to alleviate pressure on the DNS to cope with attacks.
The following figure shows the anti-DDoS network of a DNS sever.
Copyright © Huawei Technologies Co., Ltd. 1998-2017. All rights reserved.
Términos & Condiciones|Política de Privacidad|Mapa del sitio|Contacto Local TAC
