vCPE
- 产品概述
- 功能特性
- 技术参数
- 组网应用
- 相关资料
SD-WAN products provide a service formed by applying SDN technology to WAN interconnection scenarios. SD-WAN overlay network technology can shield the complexity of the physical network, and integrate multiple technologies such as terminals, channels, and clouds, forming a technology integration innovation. Its main features include: user-on-demand, zero-touch configuration, cloud and application-aware, wide-area acceleration, flexible billing, etc.
SD-WAN product is a high-reliability and high-flexibility intelligent access gateway designed by CNCR for enterprise users. The product supports wired, 4G and 5G access, allowing operators or enterprises to provide users with broadband, data transmission, video and voice conferencing through IP access. At the same time, unified management can be carried out through the centralized management platform, providing services such as initial registration and authentication, business delivery, tenant management, and operation and maintenance management,etc.
According to different application scenarios, devices can be divided into uCPE (terminal equipment), vCPE (central office equipment) and centralized management platform (controller).
Diverse interfaces, load balancing
SD-WAN no longer mandates that only MPLS is allowed, but instead allows multiple connection types such as MPLS, Internet, 4G LTE, and 5G APN. Supports quick activation of private line services, no need to specify an operator, and can be activated across operators.
Choose the best path independently
SD-WAN uCPE and vCPE can independently select the best path according to the current network situation and configuration strategy
Easy deployment, complete in seconds
Device zero-touch deployment, that is, plug and play. By deploying a centralized policy management platform, the uCPE can automatically obtain the configuration after it is powered on
VPN encryption, transmission security guarantee
Protect data in transit by using Ipsec or TLS/DTLS encryption, integrate NFV technology; easily introduce NGFW firewall technology, intrusion prevention system (IPS), and cloud security services;
Intelligent route selection to ensure key applications
Intelligent route selection technology can improve the reliability of WAN connection and improve transmission efficiency. Real-time monitoring of link quality, comprehensive real-time evaluation of the quality of each link - packet loss/delay/jitter;
End-to-end QoS management
Guarantee high-priority applications, improve application access speed and user experience through WAN acceleration technology;
Link smooth switching
Smoothly switch traffic to other available links when a link is unavailable, failover occurs within 2-3 packet losses, and lost packets can be retransmitted and reordered.
vCPE Hardware-1 |
||||
Model |
SEG-100A V8L |
SEG-100A V16L |
SEG-100A V18L |
SEG-100A V26L |
Dimension (L*W*H/mm) |
1U 330*435*44mm |
1U 330*435*44mm |
1U 360*435*44.5mm |
1U 450*435*44.5mm |
Ram |
4G |
4G |
4G |
8G |
USB |
1×USB 2.0 |
2×USB 2.0 |
||
On-board GE/SFP port |
8GE+2SFP |
8GE+4SFP |
6GE |
6GE+2SFP |
Number of expansion slot |
No |
1 |
1 |
2 |
Console |
1×RJ45,112500bps |
|||
4G/5G |
Not support |
|||
WIFI |
Not support |
|||
Chassis |
metal |
|||
vCPE Hardware-2 |
||||
Model |
SEG-100A V28L |
SEG-100A V30L |
SEG-100A V60L |
SEG-100A V80L/V80H |
Dimension (L*W*H/mm) |
1U 330*435*44.5mm |
2U 500*435*88mm |
2U 500*435*88mm |
2U 600*440*88mm |
Ram |
8G |
8G |
16G |
32G |
USB |
2×USB 2.0 |
|||
On-board GE/SFP port |
16GE+2SFP+4SFP |
6GE+4SFP |
6GE+4SFP |
No |
Number of expansion slot |
0 |
2 |
6 |
8 |
Console port |
1×RJ45,112500bps |
|||
4G/5G |
Not support |
|||
WIFI |
Not support |
|||
Chassis |
metal |
|||
vCPE Software |
||||
Security protection |
Firewall access control: Policies can be precompiled to ensure that the performance of the firewall does not degrade in the case of a large number of complex policies |
|||
Session control: total connection number and connection control strategy based on interface/security domain, address, user, service, application and time,etc |
||||
Intrusion prevention: intrusion prevention in IPV4 and IPV6 environments. support intrusion prevention policy settings |
||||
Supports virus scanning of files under HTTP, FTP, POP3, IMAP, SMTP protocols, and supports antivirus policy settings |
||||
Web application protection: implement application layer security protection for web services based on SQL and XSS attack algorithms, |
||||
Anti-denial of service attack: protect again TCP Flood, UDP Flood d, ICMP Flood and DoS |
||||
ARP attack protection: support IP-MAC binding, uniqueness check and active protection, support anti-ARP spoofing and anti-ARP Flood attack. |
||||
Blacklist: support IP-based blacklist |
||||
Application behavior management and control |
Intelligent identification: accurate identification of mainstream applications |
|||
Application control: Based on intelligent application identification, it provides application behavior control |
||||
Software control: support software identification and management of certain software (social media), and support black and white list management based on QQ/WeChat |
||||
URL classification filtering: support classification management and control of website access |
||||
Support the control of search engine application, P2P download application, video application and email application |
||||
Supports application of feature library, application classification, and feature library upgrade |
||||
Flow control and QOS |
Support line bandwidth setting based on physical interface or VLAN interface |
|||
Support flow control channel configuration based on source IP address, destination IP address, application, service port and time |
||||
Support multi-layer channel nesting, bandwidth control, bandwidth guarantee, channel priority setting, automatic traffic shaping |
||||
Network |
Supports both IPV6 and IPV4 dual stacks, and all security functions can be used in dual stacks |
|||
Supports VLAN, transparent bridge interface, interface linkage, and link aggregation |
||||
Supports static routes, equal-cost routes, static route weights, and BFD |
||||
Dynamic routing: Supports RIPv1, RIPv2, OSPFv2 (which supports BFD), and BGP4 |
||||
Policy-based routing: Supports policy-based routes based on inbound interfaces, source IP addresses, and destination IP addresses |
||||
Link load balancing: provide a variety of load balancing algorithms, support dual link health checks, and link priority and weight setting |
||||
Supports health check, session retention, NAT, ALG, VPN, STP, DNS Server, DNS records, DNS transparent proxy, etc. |
||||
High availability |
Support dual-machine hot backup, manageable standby machine, VRRP protocol, HA switching conditions and logic, connection session synchronization, preemptive priority |
|||
Monitoring
|
Threat warning visualization, application traffic visualization, user traffic visualization, interface traffic display, system operation information |
|||
Log
|
Support storage and export of various local logs, support log classification support remote Syslog, and support multiple Syslog servers |
|||
The system can provides traffic reports and threat reports, email alarm. and can define to trigger email alarms under specific situations |
||||
Management and Configuration |
Supports centralized management, policy analysis, Web management, custom packet capture, and network debugging |
|||
Backup and recovery of system configuration, administrator login and authority classification; SNMP (V1, V2, and V3) and NTP time synchronization are supported |