DRO Router Introduction
Market positioning and demand analysis
Router introductions
Advantages & selling point
Competition analysis
Case share
Agenda
CPU under attack. The router can’t be
managed.
Financial and operational service can't be protected.
The online video can’t be smoothly displayed.
Internet access is too slow. Traffic can not be monitored
Sometimes this may happen…
QoS
High performance
Reliability
Management
New demands for network
Router
Market positioning and demand analysis
Router introductions
Advantages & selling point
Competition analysis
Case share
Agenda
Access Router
DRO-1002 DRO-2014 DRO-2024
Aggregation Router
DRO-3044 DRO-5020 DRO-5040 DRO-5080
Router portfolio
SIC-1HS
SIC-1E1-F
SIC-1CE1
SIC-1B-S/T
SIC-1B-U
SIC-4ESW
SIC-2FXS
SIC-2FXO
SIC modules DRO support
NMX-24ESWNMX-2GEHNMX-4E1/CE1HNMX-8E1/CE1HNMX-1CPOS-STM1H
NMX module DRO support
Module DRO-5020 DRO-5040 DRO-5080
CPU Dual-core NP Dual-core NP Dual-core NP
SDRAM 512M ( default ),1G
512M ( default ), 1G
512M ( default ), 1G
Flash 32M ( default ), 96M
32M ( default ), 96M
32M ( default ), 96M
Console/AUX 1/1 1/1 1/1Fixed Ethernet interface 3GE ( combo ) 3GE ( combo ) 3GE ( combo )USB 2 2 2NMX slot 2 4 8
DNMX slot 1 2 2
Power module 2 3 3Dimension( L X W X H mm 121×445×412 , 3U 161×445×412 , 4U 243×445×412 , 6U
Backplane bandwidth 28Gbps 28Gbps 28Gbps
Forwarding capacity 4.5Mpps 4.5Mpps 4.5Mpps
DRO-50 Specification
Control Module-Slot 0
Slot 7 Slot 8
Slot 5 Slot 6
Slot 3 Slot 4
Slot 1 Slot 2
FAN
Power 0
Power 1
Power 2
DRO-5020 has two power module slots.
DRO-5040 and DRO-5080 has three power module slots.
DRO-50 Hardware Design
NMXNMX
Power
Poweraux console
NMXNMX
NMXNMX
NMXNMXNMXNMX
PowerPower
Poweraux console
NMXNMX
NMXNMX
PowerPower
Poweraux console
DRO-50 Hardware Design (cont.)
Temp Detect
Dual Network Processor
20Gbps HT Networkinterface
2GbpsPCI Bus
DDR RAM
GE
HT Bridge
Fast AIMEncrypt Engine
GE
GE ComboGE USB
AIMEncrypt Engine
2Gbps PCI Bus
2Gbps PCI Bus
50Gbps DDRRAM BUS
GE Combo
GE Combo
Local BUS
FLASH
UART
BootROMAUX
Console
USB
HT BridgeNetworkinterface
Networkinterface
Networkinterface
2GbpsPCI Bus
Networkinterface
2GbpsPCI Bus
Networkinterface
Networkinterface
Networkinterface
DRO-50 Hardware Design (cont.)
Module DRO-3044
CPU MPC
SDRAM 512M
Flash 512M
Console/AUX 1/1
Fixed Ethernet interface 2GE ( combo )USB 2 USB2.0
Routing engine slot 1
Service slot 8 ( 4 NMX , 4 SIC )Power supply module 2
Dimension( L×D×H,mm) 440X412X161.4
Forwarding capacity 2Mpps
DRO-3044 Specification
SIC-6 SIC-8Control Module
SIC-5 SIC-7
NMX-3 NMX-4
NMX-1 NMX-2
Fan
Power
Power
DRO-3044 Hardware Design
Mode DRO-2014 DRO-2024
Appearance
Forwarding capacity 280kpps 300kpps
Console/AUX 1/1 1/1
Fixed routing port 3FE 2FE
SIC slot 4 4
NMX slot 1 2
USB 2 2
Maximum switching port 24 52
DRO-20 series specification
AUX
Console
3*10/100M
SIC slotNMX slot
2*USB
Built-in encryption engine Capacity to 280kpps
DRO-2014
4*SIC slot2*NMX slot
AUX
Console 2*USB
2*10/100M
Built-in encryption engine Capacity to 300kpps
DRO-2024
Mode DRO-1002
Appearance
Forwarding capacity 260Kpps
Fixed routing port 2FE
SIC module slot 2
NMX module slot N
USB NDimension 44 ×268×185 (mm)
DRO-10 specification
2*SIC
Console
2*10/100M
Built-in encryption engine Capacity to 260kpps
DRO-1002
Market positioning and demand analysis
Router introductions
Advantages & selling point
Competition analysis
Roadmap
Case share
Agenda
High performance
2 Multi-service
High security3
1
Topic
4 High availability
With the access mode becoming more and more, the speed is faster and faster (MSTP 、 fiber 、 PON), the bandwidth requirement is growing rapidly.
With multi -services running , DRO router can achieve 100M wire-speed forwarding.
Nearly no interruption when using ACL 、 QOS 、 PBR 、 NAT.
Under 100M line, DRO router won’t be the bottleneck of network.
High performance ---In services
DEF-D-link Express Forwarding DEF achieve multi-service integration, Increase performance of ACL, PBR,NAT, FW,QOS
etc.
Accept packet … Header
Inspection
Packetencapsulation QOS
Packetencapsulation
FIB ADJ
FastState
processingFastACL
Fast PBR
Flowcreate
WholeACL
Whole PBR
Send packet
Extreme path
Fast flow path
Whole NAT
Complete flow path
Fast NAT
High performance --- D-link DEF fast forwarding
When ACL, PBR,NAT, FW,QOS is deployed, DEF achieves exact matching with the 1st packet, and the matching of following packets according to the flow table. No impact on performance between deploying 1 piece of ACL and 500 pieces of ACL!
Flow-based speeding mechanism
100 ACL/PBR 500 ACL/PBR1 ACL/PBR
High performance --- D-link DEF fast forwarding
X-FLOW is the data processing mechanism of DEF.
Traffics with the same SIP, DIP, TCP/UDP port number, protocol number, are defined as a flow. DRO applied the flow table technology.
ACL NAT QOSIPSec …
Packet
routing
Flow table Look up
Direct processing of packets Packet
Update flow table according to results
1st packet ,routing inquiry,
record result
Following packet using flow table
forwarding directly
High performance --- X-FLOW
Why X-FLOW: when deployed with ACL、 QOS、 NAT、 IPSec, the forwarding performance will not be affected.
High performance1
Multi-service
High security3
Topic
4 High availability
2
DROs can achieve different functions of switch and router by deploying the switching module.
Multi-service --- routing, switching all-in-one
Why All-in-one design: Greatly save the cost of TCO 。 Decrease the maintenance cost, Save installation space Save one machine’s power for “green world” 。
28
Router master CPU
Switching chip Switching CPU
Managing
tunnel
Data
tunnel
……Switching port
Distributed architectureSeparate CPU , with separate OS
Centralized architectureSharing CPU , switching function integrated in the router OS.
Managin
g tunnel
Data
tunnel
Router master CPU
Switching chip
……Switching port
Multi-service --- distributed architecture
Advantage:• Modular design, based on the customer’s real need, easy to
be extended and flexible to use.• Distributed architecture switching module with own CPU and
OS, decrease the burden of CPU, promote the stability. • Switching module with separate OS, and D-link has nearly
million deployment of switches with high maturity OS.• All the switch functions are included.
Multi-service --- advantage and disadvantage
30
• One router with:Routing+Switching+MPLS+NAT+Firewall+VOIP+VPN+3G+IPFIX
Multi-service --- routing, switching all-in-one
P
P
PPE
VPN ASite 3
VPN ASite 1 VPN B
Site2
VPN BSite 1
PE
PE
VPN ASite2
CE–A1
CE–B1CE–A3
CE–A2
CE–B2
P
Fully support MPLS function, support standard MPLS label switching Layer 3 VPN based on BGP/MPLS VPN Support IPSec 、 L2tp multi-instance , achieve perfect integration between IP
VPN and MPLS VPN
Multi-service --- L2/3 VPN processing
Accept packet
Classify
Sou. interfaceDest. interfaceSou. portDest. portProtocol typeTOS
AC
L Classify
Queue0
Queue1
Queue2
QueueN
REDWRED
Queue
FIFOPQSPWRRDRR
TokenDrop
Drop
Continue to sendIn queue Out
queue
Token bucket
Out portIn port
CAR
L2/L3/L4 Flow classifying schedule
Congestion detection/avoidance
Flow shaping
Multi-service --- QoS
Meticulous management Packet classify marking
Congestion avoidance ( RED 、 WRED )
Flow supervision ( CAR )Flow shaping ( GTS )Congestion
management ( FIFO,PQ,CQ,WFQ,CBWFQ,LLQ,RTPQ )
Line efficiency ( CTCP 、 CRTP )QoS queuing technology
Business packets1M
PhysicalPort
OA packets100K
Video packets900K
Multi-service --- Dedicated QoS
34
• Support WCDMA、 CDMA2000、 TD-SCDMA.
• Flexible for remote areas to access.
• Serve as backup link for enterprise network.
Multi-service --- 3G accessing for remote places
Multi-service --- AEP application extension platform
AEP: Application Extension Platform
Layer 7 applications can be deeply integrated into DRO router.
• How many applications? Network attack? Which is the key application? Where does the flow come from?
With IPFIX, network is transparent to you.
Multi-service --- built-in IPFIX
High performance1
Multi-service
High security
2
Topic
4 High availability
3
Branch office
Branch office
DRO-20
DRO-20
Router
WAN
Information center
UNIX
Hardware encryption card
Encryption
Built-in Encryption
card
High security--- application encryption
High performance1
Multi-service
High security
2
Topic
3
High availability4
The V-CPU technology of DRO router, can separate the CPU into two part, the management and data-forwarding.
No matter how large the attack and data flow is, the management will be always available.
High availability --- equipments can be managed in any time
Why V-CPU:The equipment can be managed at any time!!!
CPU resource
Data forwarding
CPU
SystemManagement
CPU
VCPU : Virtual CPU technology , CPU resources can be virtualized into two part: data forwarding and system management, the resources can be adjusted dynamically.
Data forwarding CPU : specialized for data forwarding System management CPU : control plane and management plane No matter how large the attack and data flow is, the management won’t be
interrupted
High availability- --- VCPU
Q & A
What is the technology helps DRO routers achieve high performance , when applying ACL, QoS, NAT…….?
Market positioning and demand analysis
Router introductions
Advantages & selling point
Competition analysis
Case share
Agenda
DRO router is widely deployed in the vertical market.
D-link DRO series routers , have been deployed in the finance, government, education, enterprise for more than 100,000.
The strategic partner of China Life, PICC , more than 5,000 deployment.
The strategic partner of Construction Bank of China, more than 8,000 deployment.
100,000 vertical deployment with stable routers.
Financial cases
2 Government cases
1
Topic
100M
2M SDH155M SDH
1000M
City City City City City City
ShandongBranch
HebeiBranch
GuangdongBranch
…… ……
BeijingData center
Shanghai Data center
Jiangsu Data center
Data centerProvince
DRO-30*2DRO-30*2DRO-30*2DRO-30*2DRO-30*2DRO-30*2
CNC ATM
ATM
ATM
ATM
ATM
ATMATM
SDHSDH SDH
SD
H
CNC ATM CNC ATMChina TelecomATM
China
Telecom
ATM
• 110 cities , 2*DRO-30 for uplink for each city
Backbone network of China Life Insurance
Small node Big nodeATM nodeBranches
DRO-50
DRO-20 DRO-20
S5700/S7600/S8600S2600 S3700
BackboneArea
Core switchWAN core
WANArea
To HQ
WANArea
DRO-20
S3700
100M
2M SDH155M SDH
1000M
2007-2008 , 6 provincial networkNeimenggu :14*branch , 400*nodeHebei : 11*branch , 1100*nodeNingxia : 9*branch , 200*nodeQinghai : 9*branch , 150*nodeHunan : 20*branch , 600*nodeGuangxi : 14*branch , 400*nodeOthers :Hubei : 700*node. Jinagsu:800*nodeShandong : 600*node, Xinjiang :300*nodeFujian : 400*node, Henan :200*node…………………………
CPOSATM
2M SDH
2M SD
H
2M SDH
CPOS
Network of Construction Bank of China
100M
2M SDH155M SDH
1000M
DRO-1002
Branches
ATM
SW
Office PCService PCTerminal
SW
Small node
ATM ATM
Normal node
ATM Office PCService PCTerminal
Office segmentService segment
Office segment
Service segmentDRO-2014DRO-2024
Beijing : 400Xinjiang : 300Jilin : 100Gansu : 200Guizhou : 300Shandong : 400Ningxia : 100Guangdong : 200Liaoning : 200Dalian : 100Guangxi : 100………………MSTP/2M SDH
Master2M SDHBackup
SWSW
Network of Industrial & Commercial Bank of China
…
INTERNET INTERNET
To HQ To HQ To HQ To HQ To HQ
ShanxiGuangdongFujianHebeiHunan
DRO-20SecVPN100 SecVPN100 SecVPN100 SecVPN100
branchesbranchesbranchesbranchesbranches
R3642 R3642 DRO-50 R3740 R3642
Shanxi 600 Guangdong 300 Hunan 200 Hebei 200 Fujian 200 Shandong 100 Neimenggu 100 Xinjiang 100 Gansu 100 Hubei 100 Tianjin 100 Henan 50 Beijing 50 Ningxia 50 Zhejiang 50……
ADSL
ADSL
ADSL
ADSL AD
SL
National VPN network of China Insurance
100M
2M SDH155M SDH
1000M
City Branches
branches
City Branches
2M SDH/MSTP
2M SD
H/MST
P
Service Office
Node DRO-20/R2700
Guangdong : 2000Jiangsu : 2000Shanxi : 600Shanghai : 400Hainan : 300Guangxi : 500Heilongjiang : 300Liaoning : 500…………………………
Service Office
NodeDRO-20/R2700
Service Office
Node DRO-20/R2700
2M SDH/MSTPSWSW SW
Network of Agriculture Bank of China
Financial cases 1
Government cases
Topic
2
XX Army
DRO-2014
XX Army
DRO-2014
XX Army
DRO-2014
XX Army
DRO-2014
DRO-5080
Xinhua News Agency HQ
SDH
HQ deployed 2*DRO-5080, adopted 155M CPOS connecting 19 army branches. Each army branch deployed DRO-2014
100M
2M SDH155M SDH
1000M
155M
CPO
S
……
2M SDH2M SDH
Military branch network Xinhua News Agency
ISP
Xinhua HQ Xinhua Shanghai
Branch
Exchange office
Stock office
Xinhua 08 access
DRO-5080 DRO-5080
Servers
100M
2M SDH155M SDH
1000M
Xinhua News Agency deployed 6*DRO-5080 , 2 were deployed for Xinhua 08 service, others were deployed for mobile reporting platform, uses CPOS or 4E1 binding.
08 transmission platform of Xinhua News Agency
NationalGovernmentNetwork
PrivateNetwork for Ministries
PrivateNetwork for Ministries
Ministry of Audit
BranchDRO-2024
100M
2M SDH155M SDH
1000M
BranchDRO-2024
BranchDRO-2024
BranchDRO-2024
ProvincialGovernmentNetwork
ProvincialGovernmentNetwork
BranchDRO-2024
BranchDRO-2024
2nd phase of “Gold Audit” Network
Video monitor center
MAN
Camera
Storage Encoding &decodingMonitor center
DRO-5080 DRO-5080
OfficeDRO-5080
Camera OfficeDRO-5080
OfficeDRO-5080
CameraOfficeDRO-5080
Camera OfficeDRO-5080
CameraOfficeDRO-5080
Camera
Camera OfficeDRO-5080
CameraOfficeDRO-5080
23*Branch office
Video monitoring network of Xuanwu District, Beijing
Thank you!