Operators’ Network Flow Serial Management Solutions


Backbone network flow monitoring system is mainly aimed at monitoring the network of provincial network operators, and the flow is generally in more than 100 G. Deployment modes of monitoring system are divided as follows according to different positions: by-pass monitoring and serial monitoring. In the condition that the backbone network is not affected, by-pass monitoring will copy the backbone network flow to by-pass monitoring equipment through optical splitter or other flow replication equipment, and the bypass monitoring equipment will make analysis and processing on replicated flow; because of the characteristics of the by-pass monitoring, monitored flow is not real-time, and just analysis and processing are made to the copied flow, while there is no any restriction and action for the real-time flow of the backbone network, which leads to a problem: how can backbone network flow be directly, timely and effectively controlled in real time.

Serial network monitoring management system can realize the immediacy, timeliness and effectiveness of flow management; system architecture is similar to traditional firewall, and monitoring equipment serialized in the backbone network, which can actively deal with and forward the network flow, so that non-real-time of bypass monitoring can be solved; when backbone network flow enters into the serial device and comes out to the backbone network of the serial device, the serial device has taken washing, filtering, tackling and other online actions; redirected online flow to the back-end analysis system supports the injection of "offline flow" of back-end analysis system to the backbone network. At the same time, because the equipment is serial in the backbone network and any packet-loss is forbidden in backbone network flow, and the equipment needs to be absolutely safe, and can be rapidly switched when failure occurs, so as to ensure the continuity of network flow.

Scheme framework

Serial management scheme of Sugon backbone network flow is mainly divided into three parts: link protection mechanism of backbone network, which is to ensure the continuity and correctness of the backbone network; serial flow analysis equipment, which is to realize processing and analysis of flow; back-end analysis system, which is used for online flow (redirect) analysis and "offline" flow injection.

Scheme features

Serial flow analysis system Flowfirm –X

Serial flow analysis device Flowfirm –X is divided into 2 parts: protection mechanism backbone network and serial flow analysis equipment.

Light protection mechanism of backbone network flow

Light protection mechanism is a passive device, which is integrated with serial shunt equipment, and provided for the users in the form of back board; it can provide light protection for equipment, so as to meet the needs of back flow redirecting application.

Light protection principle: light protection is laid before flow enters into the serial device, and there are different pathways according to the state of the serial device.

1)When the serial device works properly, there is no abnormality in the link; Rx interface switch shows the state of serial device access, and backbone optical path is accessed through light protection Tx port; there are two copies of flow spectral; one copy enters into serial processing equipment, and the flow after being processed returns to the backbone network from light protection Rx.

2)When a serial device cannot work normally, or link is abnormal, Rx interface switch can instantly switch to the state of light path direction connection; light path of backbone network accesses through light protection Tx, and there are two copies of flow spectral; one copy directly returns to the backbone network through light path direct connection. Any operation to serial device at this moment will not affect the flow of backbone network.

Light protection mechanism has the following features:

1)Protection of the continuity of backbone network flow

When serial analysis equipment fails, it can carry on the protection to link in the first place, so as to reduce the impact on backbone link and ensure the flow continuity.

2)No impact of equipment update and replacement on backbone network flow

When online equipment needs to be upgraded or changed, it is necessary to ensure there is no any effect on online flow. Before operation, switch network flow to light protection mode; after equipment upgrade or replacement is completed, re-switch light protect mode. In the whole process, light protection mechanism ensures there is no influence of backbone network flow.

3) Short switch time and small effect of light protection

Light protection offers a variety of switching ways: power-off protection, fault protection, manual switch, remote switch, etc. Switching delay is about within 35μs.

The following figure shows the light protection mechanism, which can provide access protection for 1 light link.

Figure Light protection mechanism

Serial flow analysis equipment Flowfirm –X

Backbone network uses serial device for flow control and cleaning, which is the most direct, most effective and timely manner. But at the same time, there are very high requirements for equipment performance, reliability, etc.

Flowfirm-X equipment processing platform is a new generation of 10G ATCA platform customized with high reliability, high availability, high performance, high management and high extension, applicable to business application at telecommunication level, etc.

The platform conforms to ATCA specification with good compatibility; it adopts a highly integrated design with comprehensives; the system adopts double-star redundancy architecture, and key parts are made with redundant design and high reliability; the system has good heat dissipation with low power consumption; it can flexibly configure various processors such as x86, DSP, PowerPC, and NP blade, and greatly reduces IT operation and maintenance costs.

Flowfirm – X

Flow analysis device Flowfirm –X has the following functions:

1)Flow access: support various interface cards, single-mode of OC3, OC12, OC48, OC192, GE and XE, with multimode optical fiber link, which can be accessed with 40G POS, 10G POS, 10GE, 2.5G POS, 622M POS, 155M POS, GE/FE and other flows; support mixed access, high-density connection; single plate access density reaches 1 route 40 G or 4 routes 10 G or 16 routes 2.5 G. Support receiving and delivery of single fiber.

2)Agreement exchange support: It mainly aims at POS interface; support Ethernet based on SDH/SONET, texts encapsulated by PPP and CHDLC; support MPLS encapsulation, and format message encapsulated by VLAN IPV4 / IPV6, which can be stripped; By parsing HDLC, PPP, MPLS encapsulation, extract IP packets, and then make subsequent processing. It is compatible with a variety of underlying encapsulation parameters.

3)Classification of data package matching: support both IPv4 and IPv6 flow; support MPLS label matching; support quaternary group, TCP Flag, packet length, and user-defined application layer content matching (DPI). All matching supports mask or range. Support interconnection among rules.

4)ACL: fast high-capacity ACL rule matching search adopts TCAM high-speed memory chips to provide fast matching rules; adopts a large capacity of external DDR SDRAM, providing millions of rules; supports both IPv4 and IPv6 rules; Support flexible quintuple (source address, destination address, source port, destination port and protocol) filtering, and quintuple with rules; supports white list and blacklist functions; support extended ACL with DPI function; support ACL dynamic load, dynamic deletion, aging, time matching, and aging delay second level, etc. ; supports user-defined six flexible quintuple rules 2 million (IPV4), and 1 million (IPV6); supports mask rule 600000 (IPV4) and 200000 (IPV6); support 32 priority among different rules; supports binding between standard ACL and extended ACL;

5)Network transparency: analysis equipment Flowfirm-X is series in the backbone network; for routing equipment on both ends, it will not perceive the analysis equipment, which is equivalent to be transparent.

6)Flow redirection: according to ACL, redirect input is carried out for "concerned flow" to a back-end analysis system; support load balancing mode and cold standby mode; load balancing mode supports 32 groups, and each group supports 256 back-end server addresses; Using ARP protocol, dynamically detect the working state of the backend server, in order to dynamically adjust balance group; accuracy of dynamic detection is kept within 100 ms; keep homology and sharing function; different redirection can define a different set of priorities and aging time; load balancing algorithm support is hashed in line with SIP, DIP, SIP + DIP; back flashboard port supports 20 GE.

7)Flow“injection": "offline flow" of back-end analysis system can be injected to the backbone network through analysis equipment to realize the corresponding flow control effect.

8)Network management function: support SNMP, Telnet and ssh and other network management functions.

Back-end analysis system

Running business system of back-end analysis system, on the one hand, makes analysis on the flow from “concern” redirected flow; on the other hand, it is necessary to produce "offline flow” and realize injection for online network.

Back-end analysis system is recommended to adopt Sugon high-performance network processing all-in-one machine, which can integrate the flow processing probe in the backbone network monitoring solution and secondary processing platform into an all-in-one machine, which can provide more than 10 pieces of computing capacity of dual core processor; with 6 pieces of Netfirm configured, it can support flowing monitoring of 24 roots GE or 6 roots 10 GE. 4 videospeed co-processor cards configured can carry out secondary processing of the flow. It can also undertake 10 GE flow processing with Netfirm configured, and 100G flow of processing capacity of a single machine can be provided at most, which has a very high cost performance.

Figure High performance network processing all-in-one machine

Product Recommendation

Tiankuo I620-G30, developed by Sugon based on Intel ® xeon ® extensible processor platform, has extensive uses as a two-way server. I620-G30, which is fully self-developed, possesses superior computing performance and powerful IO expanding capacity, realizing high performance and high expansibility to the maximum extent, so it can meet the needs of all industries. I620-G30 server is very suitable for finance, securities, transportation, post, telecommunication, energy, Internet and other industries with data centers and remote business environment which is demanding on the server performance, extensibility and reliability.
More info >
TC4600T G3
The ideal choice for cloud computing, big data.
More info >
Tiankuo I610-G30, developed by Sugon based on Intel ® xeon ® extensible processor platform, has extensive uses as a two-way server. In 1U height space, I610-G30 perfectly integrates the performance, extensibility and density. It is not only applicable to data centers which are demanding on server’s performance such as online games but also to business environment which is demanding on server density and extensibility, such as internet, IDC and cloud computing, etc.
More info >

Dawning Information Industry Co.,Ltd. Sugon Building, No.36 Zhongguancun Software Park, No.8 Dongbeiwang West Road, Haidian District, Beijing 100193

Tel:+86 400-810-0466

Fax:+86 10-56308222