Hangzhou CNCR-IT CO.,LTD. 

vCPE

vCPE

SD-WAN products provide a service formed by applying SDN technology to WAN interconnection scenarios...

  • 产品概述
  • 功能特性
  • 技术参数
  • 组网应用
  • 相关资料

SD-WAN products provide a service formed by applying SDN technology to WAN interconnection scenarios. SD-WAN overlay network technology can shield the complexity of the physical network, and integrate multiple technologies such as terminals, channels, and clouds, forming a technology integration innovation. Its main features include: user-on-demand, zero-touch configuration, cloud and application-aware, wide-area acceleration, flexible billing, etc.

SD-WAN product is a high-reliability and high-flexibility intelligent access gateway designed by CNCR for enterprise users. The product supports wired, 4G and 5G access, allowing operators or enterprises to provide users with broadband, data transmission, video and voice conferencing through IP access. At the same time, unified management can be carried out through the centralized management platform, providing services such as  initial registration and authentication, business delivery, tenant management, and operation and maintenance management,etc.

According to different application scenarios, devices can be divided into uCPE (terminal equipment), vCPE (central office equipment) and centralized management platform (controller).

Diverse interfaces, load balancing

SD-WAN no longer mandates that only MPLS is allowed, but instead allows multiple connection types such as MPLS, Internet, 4G LTE, and 5G APN. Supports quick activation of private line services, no need to specify an operator, and can be activated across operators.

 

Choose the best path independently

SD-WAN uCPE and vCPE can independently select the best path according to the current network situation and configuration strategy

 

Easy deployment, complete in seconds

Device zero-touch deployment, that is, plug and play. By deploying a centralized policy management platform, the uCPE can automatically obtain the configuration after it is powered on

 

VPN encryption, transmission security guarantee

Protect data in transit by using Ipsec or TLS/DTLS encryption, integrate NFV technology; easily introduce NGFW firewall technology, intrusion prevention system (IPS), and cloud security services;

 

Intelligent route selection to ensure key applications

Intelligent route selection technology can improve the reliability of WAN connection and improve transmission efficiency. Real-time monitoring of link quality, comprehensive real-time evaluation of the quality of each link - packet loss/delay/jitter;

 

End-to-end QoS management

Guarantee high-priority applications, improve application access speed and user experience through WAN acceleration technology;

 

Link smooth switching

Smoothly switch traffic to other available links when a link is unavailable, failover occurs within 2-3 packet losses, and lost packets can be retransmitted and reordered.

vCPE Hardware-1

Model

SEG-100A V8L

SEG-100A V16L

SEG-100A V18L

SEG-100A V26L

Dimension

(L*W*H/mm)

1U 330*435*44mm

1U 330*435*44mm

1U 360*435*44.5mm

1U 450*435*44.5mm

Ram

4G

4G

4G

8G

USB

1×USB 2.0

2×USB 2.0

On-board GE/SFP port

8GE+2SFP

8GE+4SFP

6GE

6GE+2SFP

Number of expansion slot

No

1

1

2

Console

RJ45112500bps

4G/5G

Not support

WIFI

Not support

Chassis

metal

vCPE Hardware-2

Model

SEG-100A V28L

SEG-100A V30L

SEG-100A V60L

SEG-100A V80L/V80H

Dimension

(L*W*H/mm)

1U 330*435*44.5mm

2U 500*435*88mm

2U 500*435*88mm

2U 600*440*88mm

Ram

8G

8G

16G

32G

USB

2×USB 2.0

On-board GE/SFP port

16GE+2SFP+4SFP

6GE+4SFP

6GE+4SFP

No

Number of expansion slot

0

2

6

8

Console port

RJ45112500bps

4G/5G

Not support

WIFI

Not support

Chassis

metal

vCPE Software

Security protection

Firewall access control: Policies can be precompiled to ensure that the performance of the firewall does not degrade in the case of a large number of complex policies

Session control: total connection number and connection control strategy based on interface/security domain, address, user, service, application and time,etc

Intrusion prevention: intrusion prevention in IPV4 and IPV6 environments.

support intrusion prevention policy settings

Supports virus scanning of files under HTTP, FTP, POP3, IMAP, SMTP protocols, and supports antivirus policy settings

Web application protection: implement application layer security protection for web services based on SQL and XSS attack algorithms,

Anti-denial of service attack: protect again TCP Flood, UDP Flood d, ICMP Flood and DoS

ARP attack protection: support IP-MAC binding, uniqueness check and active protection, support anti-ARP spoofing and anti-ARP Flood attack.

Blacklist: support IP-based blacklist

Application behavior management and control

Intelligent identification: accurate identification of mainstream applications

Application control: Based on intelligent application identification, it provides application behavior control

Software control: support software identification and management of certain software (social media), and support black and white list management based on QQ/WeChat

URL classification filtering: support classification management and control of website access

Support the control of search engine application, P2P download application, video application and email application

Supports application of feature library, application classification, and feature library upgrade

Flow control and QOS

Support line bandwidth setting based on physical interface or VLAN interface

Support flow control channel configuration based on source IP address, destination IP address, application, service port and time

Support multi-layer channel nesting, bandwidth control, bandwidth guarantee, channel priority setting, automatic traffic shaping

Network

Supports both IPV6 and IPV4 dual stacks, and all security functions can be used in dual stacks

Supports VLAN, transparent bridge interface, interface linkage, and link aggregation

Supports static routes, equal-cost routes, static route weights, and BFD

Dynamic routing: Supports RIPv1, RIPv2, OSPFv2 (which supports BFD), and BGP4

Policy-based routing: Supports policy-based routes based on inbound interfaces, source IP addresses, and destination IP addresses

Link load balancing: provide a variety of load balancing algorithms, support dual link health checks, and link priority and weight setting

Supports health check, session retention, NAT, ALG, VPN, STP, DNS Server, DNS records, DNS transparent proxy, etc.

High availability

Support dual-machine hot backup, manageable standby machine, VRRP protocol, HA switching conditions and logic, connection session synchronization, preemptive priority

Monitoring

 

Threat warning visualization, application traffic visualization, user traffic visualization, interface traffic display, system operation information

Log

 

Support storage and export of various local logs, support log classification

support remote Syslog, and support multiple Syslog servers

The system can provides traffic reports and threat reports, email alarm. and can define to trigger email alarms under specific situations

Management and Configuration

Supports centralized management, policy analysis, Web management, custom packet capture, and network debugging

Backup and recovery of system configuration, administrator login and authority classification; SNMP (V1, V2, and V3) and NTP time synchronization are supported

返回列表