huawei e8000e-x high-end firewall terabit security …/media/cnbg/downloads/product...huawei...
TRANSCRIPT
HUAWEI TECHNOLOGIES CO., LTD.
Huawei E8000E-X High-end FirewallTerabit Security Gateway for Data Center and Carrier
Huawei E8000E-X High-end FirewallTerabit Security Gateway for Data Center and Carrier
Big data and the Internet brings convenience and possibilities for people's work and life. Cloud is seen as
an important change that will shape the future Internet. Data is migrated to the cloud, and networks are
extending around data centers. At the same time, the access of billions of devices on the Internet, such
as the smart home and IoT, triggers a new round of data explosion. Therefore, high-speed networks and
SDN/NFV technologies are considered as the base for the development of cloud-based networks. The
security and reliability of the carrier pipe network, which is the basis of the fully-connected world and
the transmission of massive data, become increasingly important.
The Eudemon8000E-X is a comprehensive security gateway designed for cloud computing. Poised to
protect carriers' pipeline networks, enterprise data centers, as well as hosting IDCs, it upholds excellent
performance, professional security, and convenient management. While carriers cope with the threats
and risks encountered during the cloud-based service and network transformation, they also can have
the professional security experience that the Eudemon8000E-X brings into the cloud.
Product Appearance
Highlights
Reins the Power of Cloud: Excellent Performance
• Industry's leadingdual-terabitfirewall:providesamaximumof1.92Tbpsfirewall throughputand1.4
Tbps IPsec throughput.
• Provides superb concurrent connection capability, holding large numbers of concurrent online users.
• Employs the distributed hardware architecture for linear performance increase and to meet scalability
needsformassivetrafficincrease.
• Supports link bundling, BFD, HA, and key component redundancy for high availability.
Protects the Wisdom of Cloud: Professional Security
• Professional intrusion prevention engine and advanced vulnerability detection provide high rate of
detection and low rate of false positives.
• Automatic baseline learning, customized DDoS attack defense, and IP reputation mechanism improve
thedefenseefficiency.
• Supportsreal-timeonlineupdateofoverprotocolidentificationdatabaseof6300+protocolsandaURL
categorydatabaseofover120millionURLs.
• Application,content, time,user,attack,and location (ACTUAL)-basedcontextawareness implements
fine-grainedcontrol.
Adapts to the Agility of Cloud: Convenient Management
• ProvidesNetconfandRestfulnorthboundinterfaces,facilitatingthe interworkingwiththird-partySDN
management platforms.
• Supportssmartpolicies,recommendpolicesandoptimizationsuggestionsviatrafficlearningtoreduce
maintenance challenges and workload.
• Supports multiple types of session-level report based on different time dimensions and collaborates with
Elog providing professional log analysis capability.
Model E8000E-X3 E8000E-X8 E8000E-X16
Firewall Throughput 120Gbps 960Gbps 1920Gbps
Concurrent Sessions 160,000,000 1,280,000,000 2,560,000,000
NEW Sessions /s 1,600,000 12,800,000 25,600,000
Note:
Alltheperformancevaluesaretestedunderidealconditions,withachassisfullconfiguration.
Chassis
E8000E-Xserial isthehigh-endfirewallbasedonmulti-coreplusdistributedarchitecture. It includesthree
models:E8000E-X3,E8000E-X8,E8000E-X16.
Note:
1.MPU:MainProcessingUnit
2.SFU:SwitchFabricUnit
3.LPU:LineProcessingUnit
4.SPU:ServiceProcessingUnit
E8000E-X16 Number Module Quantity Note
1 Ventilation opening 2
2 MPU 2 1+1backup
3 SFU 4 3+1backup
4 LPUandSPU 16
5 Cabling area 2
6 Fan frame 4 2+2backup
7Low-frequencyfilteringbox
4
8 System power module 8 4+4backup
9Independent monitoring unit
1
Number Module Quantity Note
1 Ventilation opening 1
2 SRU 2 1+1backup
3 SFU 13intotal,2areintegrated on the SRU.
4 LPUandSPU 8
5 Cabling area 1
6 Fan frame 2
7Low-frequencyfilteringbox
2
8 System power module 4 2+2backup
9Independent monitoring unit
1
E8000E-X8
Number Module Quantity Note
1 MPU 2 1+1backup
2 LPUandSPU 3
3 Fan frame 2 1+1backup
4 System Power module 2 1+1backup
E8000E-X3
DC
AC
Model E8000E-X3 E8000E-X8 E8000E-X16
HardwareSpecifications
Available Slots 3 8 16
NumberofMPUs 2 2 2
Backplane Capability 1.35Tbps 15Tbps 30Tbps
Switch Capability 1.08Tbps 7.08 Tbps 12.58Tbps
Dimensions
Height x Width x Depth
175mm×442mm×
650mm(DC)
220mmx442mm×
650mm(AC)
620mm×442mm×
650mm(DC)
709mm×442mm×
650mm(AC)
1420mm×442mm×
650mm(DC)
1598mm×442mm×
650mm(AC)
Weight
Fullconfiguration:30.7
kg(DC)
Fullconfiguration:40.7
kg(AC)
Fullconfiguration:
112.9kg(DC)
Fullconfiguration:
137.2kg(AC)
Fullconfiguration:
233.9kg(DC)
Fullconfiguration:
282.5kg(AC)
Power and Environment
AC power supply 90VACto264VAC;175VACto264VAC(recommended)
DC power supply -72Vto-38V;-48V(rated)
Maximum/Typical
power consumption1
881W/712W(DC)
947W/766W(AC)
5032W/4267W(DC)
5353W/4539W(AC)
9833W/8314W(DC)
10461W/8845W(AC)
Operating temperatureLongterm:0°Cto45°C
Storage:-40°Cto+70°C
Ambient humidity
Longterm:5%RHto85%RH,non-condensing
Shortterm:5%RHto95%RH,non-condensing
Storage:0%RHto95%RH,non-condensing
1.Thepowerconsumptioniscomputedbasedonmaximumthroughputconfigurationforachassis.
Service Boards
Service Processing Unit
Hardware
Model Support E8000E-X8,E8000E-X16 E8000E-X8,E8000E-X16
Available Expansion Subcard Slots 1 1
CPUNumber 1 2
Performance
FirewallThroughput(1518byte,UDP) 100Gbps 120Gbps
FirewallThroughput(IMIX) 80 Gbps 120Gbps
Firewall Throughput
(PacketsPerSecond)27Mpps 54Mpps
Concurrent Sessions 80,000,000 160,000,000
New Sessions /s 800,000 1,600,000
Maximum Firewall Policies2 100,000 100,000
IPsec VPN Throughput
(AES-256+SHA2,1420-byte)35Gbps 70 Gbps
Maximum IPsec VPN Tunnels
(GWtoGW)364,000 128,000
Maximum IPsec VPN Tunnels
(ClienttoGW)364,000 128,000
Virtual Systems2 4095 4095
Note:
All the performance values are tested under ideal conditions and real result may vary with different deployment
environments. IMIX trafficmodel is constitutedby1518byte,594byteand64byteUDPpacketswith the1:4:7
composingrate.IPsecVPNperformanceisbasedon1420byteUDPpacketsusingAES-256+SHA2.
2.Maximumfirewallpoliciesandvirtualsystemsbotharecapabilitiesofachassis.Theywillnotincreasebyspuexpansion.
3.ThemaxmiumIPsectunnelsis1millionperchassis.
SPU-X8X16-20-A-E8KE SPU-X8X16-20-B-E8KE
SPU-X3-20-A-E8KE
Hardware
Model Support E8000E-X3
Available Expansion Subcard Slots /
CPUNumber 1
Performance
Performance AllarethesamewithServiceProcessingUnitSPU-X8X16-20-A-E8KE
Service Expansion Subcard
SPC-20-B-E8KESPC-20-A-E8KE
Hardware
Model Support E8000E-X8,E8000E-X16 E8000E-X8,E8000E-X16
Expansion Subcard Slot Occupied 1 1
CPUNumber 1 2
Performance
Performance
All are the same with Service
ProcessingUnitSPU-X8X16-20-
A-E8KE
All are the same with Service
ProcessingUnitSPU-X8X16-20-
B-E8KE
SPC-APPSEC-E8KE
Hardware
Model Support E8000E-X3,E8000E-X8,E8000E-X16
Expansion Subcard Slot Occupied 1
CPUNumber 2
Performance
IPSThroughput(HTTP)4 20Gbps
FW+SA+IPS+Antivirus
Throughput(HTTP)418Gbps
FW+SA*+IPS+Antivirus
Throughput(Realworld)514Gbps
Note:
4.IPSperformanceismeasuredusing100KBofHTTPfiles.
5.ThroughputismeasuredwiththeEnterpriseTrafficModel.
*SAindicatesServiceAwareness.
Line Cards
Mother Board
LPUF-240 LPUF-120
Hardware
Available Expansion Subcard Slot 2 2
TrafficThroughput 240Gbps 120Gbps
Expansion Subcard
Interface:1*100GE
ExpansionSubcardSlotOccupied:1
MotherCardSupport:LPUF-240/LPUF-120
E8KE-X-1X100GE-CFP
Interface:3*40GE
ExpansionSubcardSlotOccupied:1
MotherCardSupport:LPUF-240/LPUF-120
E8KE-X-3X40GE-QSFP+
Interface:12*10GE
ExpansionSubcardSlotOccupied:1
MotherCardSupport:LPUF-240/LPUF-120
E8KE-X-12X10GE-SFP+
Interface:6*10GE
ExpansionSubcardSlotOccupied:1
MotherCardSupport:LPUF-240/LPUF-120
E8KE-X-6X10GE-SFP+
Interface:20*GERJ45
ExpansionSubcardSlotOccupied:1
MotherCardSupport:LPUF-240/LPUF-120
E8KE-X-20X1G-RJ45
Interface:24*GEOptical
ExpansionSubcardSlotOccupied:1
MotherCardSupport:LPUF-240/LPUF-120
E8KE-X-101-24XGE-SFP
Software Features
Function Description
Basic functions
Application-layerprotocolsidentification,application-specificpacketfilter(ASPF),
accesscontrol,statefulinspection,networkaddresstranslation(NAT),blacklist,
whitelist,virtualfirewall,securityzones,MPLSL3VPN,andIPv6security
RoutingIPv4:staticroute,RIP,OSPF,BGP,andIS-IS
IPv6:RIPng,OSPFv3,BGP4+,andIPv6IS-IS
CGNNAT44(4),NAT64,DS-Lite,6RD,port-range,portcontrolprotocol(PCP),and
source tracing solution
IPsec VPNManualkey,publickeyinfrastructure(PKI)(X.509),IKEv2,VPNgateway
redundancy,EAPauthentication,andIKEv2redirect
Anti-DDoSPreventionofvariousDoSandDDoSattacks,suchasSYNflood,ICMPflood,UDP
flood,andHTTPfloodattacks.
Function Description
Application securityIPreputation,applicationidentification,intrusionpreventionsystem(IPS),antivirus,
URLfiltering,filefiltering,andSSLproxy
Carrier security
enhancementGTP/SCTPfilteringanddefenseagainstGTPoverbillingattacks
Link/serverload
balancing
ISP-specificrouting,intelligentlinkselection,linkhealthcheck,andapplication-
specificQoS
(Weighted)round-robin,(weighted)leastconnections,and(weighted)sticky
session algorithms, and server health check
APT defense Interworkswiththe(cloud)sandboxtodetectandblockmaliciousfiles.
Opening API NetconfandRestfulnorthboundinterfaces
Working mode and
availability
Transparent,routing,andhybridmodes;active/activeandactive/standbybackup
modes;dual-MPUswitchover
Certifications
Certifications
SoftwareICSALabs:Firewall,IPS,IPsec,SSL-TLS,Anti-Virus
CC:EAL3+
Hardware CB,CE-SDOC,ROHS,REACH&WEEE(EU),RCM,NRTL,FCC&IC,VCCI
Item Model Description
Chassis Bundle
E8KE-X3-BASE-AC-52E8000EX3ACStandardConfiguration(includeX3AC
Chassis,2*MPU)
E8KE-X3-BASE-DC-52E8000EX3DCStandardConfiguration(includeX3DC
Chassis,2*MPU)
E8KE-X8-CHAS-DC-52E8000E-X8200GDCStandardConfiguration(include
X8DCChassis,2*SRU200A,1*SFU200C)
E8KE-X16-CHAS-DC-52E8000E-X16200GDCStandardConfiguration(include
X16DCChassis,2*MPU,4*SFU200B)
Service Boards
SPU-X3-20-A-E8KE 20GX3FirewallServiceProcessingUnitA(oversea)
SPU-X8X16-20-A-E8KE 20GX8&X16FirewallServiceProcessingUnitA(oversea)
SPU-X8X16-20-B-E8KE 20GX8&X16FirewallServiceProcessingUnitB(oversea)
Order Information
Item Model Description
SPC-20-A-E8KE 20GFirewallPerformanceExpansionCardA(oversea)
SPC-20-B-E8KE 20GFirewallPerformanceExpansionCardB(oversea)
SPC-APPSEC-E8KE Application Security Service Processing Card
LineCards
E8KE-X-LPUF-240 FlexibleCardLineProcessingUnit(LPUF-240,2sub-slots)
E8KE-X-LPUF-120 FlexibleCardLineProcessingUnit(LPUF-120,2sub-slots)
E8KE-X-1X100G-CFP 1-Port100GBase-CFPFlexibleCardA
E8KE-X-3X40GE-QSFP+ 3-Port40GBase-QSFP+FlexibleCard(P240-A)
E8KE-X-12X10G-SFP+ 12-Port10GBaseLAN/WAN-SFP+FlexibleCardA(P120-A)
E8KE-X-6X10G-SFP+ 6-Port10GBaseLAN/WAN-SFP+FlexibleCardA
E8KE-X-101-24XGE-SFP24-Port100/1000Base-X-SFPFlexibleCard(P101,1/2wide,
Occupytwosub-slots)
E8KE-X-20X1G-RJ45 20-Port10/100/1000Base-RJ45FlexibleCard
Software
LIC-SPC-IPS-1Y IPSFeatureDatabase1YearUpgradeService
LIC-SPC-IPS-3Y IPSFeatureDatabase3YearsUpgradeService
LIC-SPC-IAU-1YIPS+AV+URLFilteringFeatureDatabase1YearUpgrade
Service
LIC-SPC-IAU-3YIPS+AV+URLFilteringFeatureDatabase3YearUpgrade
Service
Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.
NopartofthisdocumentmaybereproducedortransmittedinanyformorbyanymeanswithoutpriorwrittenconsentofHuaweiTechnologiesCo.,Ltd.
Trademark Notice
, HUAWEI,andaretrademarksorregisteredtrademarksofHuaweiTechnologiesCo.,Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.
General Disclaimer
The information in this document may contain predictive statements including,
withoutlimitation,statementsregardingthefuturefinancialandoperatingresults,
future product portfolio, new technology, etc. There are a number of factors
that could cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such information
is provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Industrial Base
Bantian Longgang
Shenzhen 518129, P.R. China
Tel: +86-755-28780808
Version No.: M3-032102-20161220-C-1.0
www.huawei.com