DRO Router Introduction

Market positioning and demand analysis

Router introductions

Advantages & selling point

Competition analysis

Case share

Agenda

CPU under attack. The router can’t be

managed.

Financial and operational service can't be protected.

The online video can’t be smoothly displayed.

Internet access is too slow. Traffic can not be monitored

Sometimes this may happen…

QoSQoS

High performance High performance

ReliabilityReliability

ManagementManagement

New demands for network

Router

Market positioning and demand analysis

Router introductions

Advantages & selling point

Competition analysis

Case share

Agenda

Access Router

DRO-1002 DRO-2014 DRO-2024

Aggregation Router

DRO-3044 DRO-5020 DRO-5040 DRO-5080

Router portfolio

SIC-1HS

SIC-1E1-F

SIC-1CE1

SIC-1B-S/T

SIC-1B-U

SIC-4ESW

SIC-2FXS

SIC-2FXO

SIC modules DRO support

NMX-24ESW

NMX-2GEH

NMX-4E1/CE1H

NMX-8E1/CE1H

NMX-1CPOS-STM1H

NMX module DRO support

Module DRO-5020 DRO-5040 DRO-5080

CPU Dual-core NP Dual-core NP Dual-core NP

SDRAM 512M （ default ），1G

512M （ default ）， 1G

512M （ default ）， 1G

Flash 32M （ default ）， 96M

32M （ default ）， 96M

32M （ default ）， 96M

Console/AUX 1/1 1/1 1/1

Fixed Ethernet interface 3GE （ combo ） 3GE （ combo ） 3GE （ combo ）

USB 2 2 2

NMX slot 2 4 8

DNMX slot 1 2 2

Power module 2 3 3

Dimension（ L X W X H mm

121×445×412 ， 3U 161×445×412 ， 4U 243×445×412 ， 6U

Backplane bandwidth

28Gbps 28Gbps 28Gbps

Forwarding capacity

4.5Mpps 4.5Mpps 4.5Mpps

DRO-50 Specification

Control Module-Slot 0

Slot 7 Slot 8

Slot 5 Slot 6

Slot 3 Slot 4

Slot 1 Slot 2

FAN

Power 0

Power 1

Power 2

DRO-5020 has two power module slots.

DRO-5040 and DRO-5080 has three power module slots.

DRO-50 Hardware Design

NMXNMX

Power

Poweraux console

NMXNMX

NMXNMX

NMXNMXNMXNMX

PowerPower

Poweraux console

NMXNMX

NMXNMX

PowerPower

Poweraux console

DRO-50 Hardware Design (cont.)

Temp Detect

Dual Network Processor

20Gbps HT Networkinterface

2GbpsPCI Bus

DDR RAM

GE

HT Bridge

Fast AIMEncrypt Engine

GE

GE Combo

GE USB

AIMEncrypt Engine

2Gbps PCI Bus

2Gbps PCI Bus

50Gbps DDRRAM BUS

GE Combo

GE Combo

Local BUS

FLASH

UART

BootROM

AUX

Console

USB

HT BridgeNetworkinterface

Networkinterface

Networkinterface

2GbpsPCI Bus

Networkinterface

2GbpsPCI Bus

Networkinterface

Networkinterface

Networkinterface

DRO-50 Hardware Design (cont.)

Module DRO-3044

CPU MPC

SDRAM 512M

Flash 512M

Console/AUX 1/1

Fixed Ethernet interface 2GE （ combo ）

USB 2 USB2.0

Routing engine slot 1

Service slot 8 （ 4 NMX ， 4 SIC ）

Power supply module 2

Dimension（ L×D×H，mm）

440X412X161.4

Forwarding capacity 2Mpps

DRO-3044 Specification

SIC-6 SIC-8Control Module

SIC-5 SIC-7

NMX-3 NMX-4

NMX-1 NMX-2

Fan

Power

Power

DRO-3044 Hardware Design

Mode DRO-2014 DRO-2024

Appearance

Forwarding capacity 280kpps 300kpps

Console/AUX 1/1 1/1

Fixed routing port 3FE 2FE

SIC slot 4 4

NMX slot 1 2

USB 2 2

Maximum switching port 24 52

DRO-20 series specification

AUX

Console

3*10/100M

SIC slotNMX slot

2*USB

Built-in encryption engine

Capacity to 280kpps

DRO-2014

4*SIC slot2*NMX slot

AUX

Console 2*USB

2*10/100M

Built-in encryption engine

Capacity to 300kpps

DRO-2024

Mode DRO-1002

Appearance

Forwarding capacity 260Kpps

Fixed routing port 2FE

SIC module slot 2

NMX module slot N

USB N

Dimension 44 ×268×185 (mm)

DRO-10 specification

2*SIC

Console

2*10/100M

Built-in encryption engine

Capacity to 260kpps

DRO-1002

Market positioning and demand analysis

Router introductions

Advantages & selling point

Competition analysis

Roadmap

Case share

Agenda

High performance

2 Multi-service

High security3

1

Topic

4 High availability

With the access mode becoming more and more, the speed is faster and faster (MSTP 、 fiber 、 PON), the bandwidth requirement is growing rapidly.

With multi -services running , DRO router can achieve 100M wire-speed forwarding.

Nearly no interruption when using ACL 、 QOS 、 PBR 、 NAT.

Under 100M line， DRO router won’t be the bottleneck of network.

High performance ---In services

DEF－D-link Express Forwarding

DEF achieve multi-service integration,

Increase performance of ACL, PBR，NAT， FW，QOS

etc.

Accept packet

…Header

Inspection

Packetencapsulation

QOS

Packetencapsulation

FIB ADJ

FastState

processing

FastACL

Fast PBR

Flowcreate

WholeACL

Whole PBR

Send packet

Extreme path

Fast flow path

Whole NAT

Complete flow path

Fast NAT

High performance --- D-link DEF fast forwarding

When ACL,

PBR，NAT， FW，QO

S is deployed, DEF

achieves exact

matching with the 1st

packet, and the

matching of following

packets according to

the flow table. No

impact on

performance

between deploying 1

piece of ACL and 500

pieces of ACL!

Flow-based speeding mechanism

100 ACL/PBR 500 ACL/PBR1 ACL/PBR

High performance --- D-link DEF fast forwarding

X-FLOW is the data processing mechanism of DEF.

Traffics with the same SIP, DIP, TCP/UDP port number, protocol number, are defined as a flow. DRO applied the flow table technology.

ACL NAT QOSIPSec …

Packet

routing

Flow table Look up

Direct processing of packets Packet

Update flow table according to results

1st packet ，routing inquiry,

record result

Following packet using flow table

forwarding directly

High performance --- X-FLOW

Why X-FLOW: when deployed with ACL、 QOS、 NAT、 IPSec, the forwarding performance will not be affected.

High performance1

Multi-service

High security3

Topic

4 High availability

2

DROs can achieve different functions of switch and router by deploying the switching module.

Multi-service --- routing, switching all-in-one

Why All-in-one design: Greatly save the cost of TCO 。 Decrease the maintenance cost, Save installation space Save one machine’s power for “green world” 。

28

Router master CPU

Switching chip Switching CPU

Managing

tunnel

Data

tunnel

……

Switching port

Distributed architectureSeparate CPU ， with separate OS

Centralized architectureSharing CPU ， switching function integrated in the router OS.

Managin

g tunnel

Data

tunnel

Router master CPU

Switching chip

……

Switching port

Multi-service --- distributed architecture

Advantage:• Modular design, based on the customer’s real need, easy to

be extended and flexible to use.• Distributed architecture switching module with own CPU and

OS, decrease the burden of CPU, promote the stability. • Switching module with separate OS, and D-link has nearly

million deployment of switches with high maturity OS.• All the switch functions are included.

Multi-service --- advantage and disadvantage

30

• One router with:Routing+Switching+MPLS+NAT+Firewall+VOIP+VPN+3G+IPFIX

Multi-service --- routing, switching all-in-one

P

P

PPE

VPN ASite 3

VPN ASite 1 VPN B

Site2

VPN BSite 1

PE

PE

VPN ASite2

CE–A1

CE–B1CE–A3

CE–A2

CE–B2

P

Fully support MPLS function, support standard MPLS label switching Layer 3 VPN based on BGP/MPLS VPN Support IPSec 、 L2tp multi-instance ， achieve perfect integration between IP

VPN and MPLS VPN

Multi-service --- L2/3 VPN processing

Accept packet

Classify

Sou. interfaceDest. interfaceSou. portDest. portProtocol typeTOS

AC

L

Classify

Queue0

Queue1

Queue2

QueueN

REDWRED

Queue

FIFOPQSPWRRDRR

TokenDrop

Drop

Continue to send

In queue Out

queue

Token bucket

Out portIn port

CAR

L2/L3/L4 Flow classifying

schedule

Congestion detection/avoidance

Flow shaping

Multi-service --- QoS

Meticulous management

Packet classify marking

Congestion avoidance （ RED 、 WRED ）

Flow supervision （ CAR ）Flow shaping （ GTS ）Congestion

management （ FIFO,PQ,CQ,WFQ,CBWFQ,LLQ,RTPQ ）

Line efficiency （ CTCP 、 CRTP ）QoS queuing technology

Business packets

1M

Physical

Port

OA packets

100K

Video packets

900K

Multi-service --- Dedicated QoS

34

• Support WCDMA、 CDMA2000、 TD-SCDMA.

• Flexible for remote areas to access.

• Serve as backup link for enterprise network.

Multi-service --- 3G accessing for remote places

Multi-service --- AEP application extension platform

AEP: Application Extension Platform

Layer 7 applications can be deeply integrated into DRO router.

• How many applications? Network attack? Which is the key application? Where does the flow come from?

With IPFIX, network is transparent to you.

Multi-service --- built-in IPFIX

High performance1

Multi-service

High security

2

Topic

4 High availability

3

Branch office

Branch office

DRO-20

DRO-20

Router

WAN

Information center

UNIX

Hardware encryption card

Encryption

Built-in Encryption

card

High security--- application encryption

High performance1

Multi-service

High security

2

Topic

3

High availability4

The V-CPU technology of DRO router, can separate the CPU into two part, the management and data-forwarding.

No matter how large the attack and data flow is, the management will be always available.

High availability --- equipments can be managed in any time

Why V-CPU:

The equipment can be managed at any time!!!

CPU resource

Data forwarding

CPU

SystemManagement

CPU

VCPU ： Virtual CPU technology ， CPU resources can be virtualized into two part: data forwarding and system management, the resources can be adjusted dynamically.

Data forwarding CPU ： specialized for data forwarding System management CPU ： control plane and management plane No matter how large the attack and data flow is, the management won’t be

interrupted

High availability- --- VCPU

Q & A

What is the technology helps DRO routers achieve high performance , when applying ACL, QoS, NAT…….?

Market positioning and demand analysis

Router introductions

Advantages & selling point

Competition analysis

Case share

Agenda

DRO router is widely deployed in the vertical market.

D-link DRO series routers ， have been deployed in the finance, government, education, enterprise for more than

100,000.

The strategic partner of China Life, PICC ， more than 5,000 deployment.

The strategic partner of Construction Bank of China, more

than 8,000 deployment.

100,000 vertical deployment with stable routers.

Financial cases

2 Government cases

1

Topic

100M

2M SDH

155M SDH

1000M

City City City City City City

ShandongBranch

HebeiBranch

GuangdongBranch

…… ……

BeijingData center

Shanghai Data center

Jiangsu Data center

Data center

Province

DRO-30*2DRO-30*2DRO-30*2DRO-30*2DRO-30*2DRO-30*2

CNC ATM

AT

M

ATM

ATM

ATM

ATMATM

SDHSDH SDH

SD

H

CNC ATM CNC ATMChina TelecomATM

China

Telecom

ATM

• 110 cities ， 2*DRO-30 for uplink for each city

Backbone network of China Life Insurance

Small node Big nodeATM nodeBranches

DRO-50

DRO-20 DRO-20

S5700/S7600/S8600S2600 S3700

BackboneArea

Core switchWAN core

WANArea

To HQ

WANArea

DRO-20

S3700

100M

2M SDH

155M SDH

1000M

2007-2008 ， 6 provincial networkNeimenggu ：14*branch ， 400*nodeHebei ： 11*branch ， 1100*nodeNingxia ： 9*branch ， 200*nodeQinghai ： 9*branch ， 150*nodeHunan ： 20*branch ， 600*nodeGuangxi ： 14*branch ， 400*nodeOthers ：Hubei ： 700*node. Jinagsu:800*nodeShandong ： 600*node, Xinjiang ：300*nodeFujian ： 400*node, Henan ：200*node…………………………

CPOSATM

2M S

DH

2M S

DH

2M SDH

CPOS

Network of Construction Bank of China

100M

2M SDH

155M SDH

1000M

DRO-1002

Branches

ATM

SW

Office PCService PCTerminal

SW

Small node

ATM ATM

Normal node

ATM Office PCService PCTerminal

Office segment

Service segment

Office segment

Service segment

DRO-2014DRO-2024

Beijing ： 400Xinjiang ： 300Jilin ： 100Gansu ： 200Guizhou ： 300Shandong ： 400Ningxia ： 100Guangdong ： 200Liaoning ： 200Dalian ： 100Guangxi ： 100………………MSTP/2M SDH

Master2M SDHBackup

SWSW

Network of Industrial & Commercial Bank of China

…

INTERNET INTERNET

To HQ To HQ To HQ To HQ To HQ

ShanxiGuangdongFujianHebeiHunan

DRO-20SecVPN100 SecVPN100 SecVPN100 SecVPN100

branchesbranchesbranchesbranchesbranches

R3642 R3642 DRO-50 R3740 R3642

Shanxi 600 Guangdong 300 Hunan 200 Hebei 200 Fujian 200 Shandong 100 Neimenggu 100 Xinjiang 100 Gansu 100 Hubei 100 Tianjin 100 Henan 50 Beijing 50 Ningxia 50 Zhejiang 50……

ADSL

AD

SL

ADSL

AD

SL AD

SL

National VPN network of China Insurance

100M

2M SDH

155M SDH

1000M

City Branches

branches

City Branches

2M SDH/MSTP

2M S

DH/M

STP

Service Office

NodeDRO-20/R2700

Guangdong ： 2000Jiangsu ： 2000Shanxi ： 600Shanghai ： 400Hainan ： 300Guangxi ： 500Heilongjiang ： 300Liaoning ： 500…………………………

Service Office

NodeDRO-20/R2700

Service Office

Node DRO-20/R2700

2M SD

H/MSTP

SWSW SW

Network of Agriculture Bank of China

Financial cases 1

Government cases

Topic

2

XX Army

DRO-2014

XX Army

DRO-2014

XX Army

DRO-2014

XX Army

DRO-2014

DRO-5080

Xinhua News Agency HQ

SDH

HQ deployed 2*DRO-5080, adopted 155M CPOS connecting 19 army branches. Each army branch deployed DRO-2014

100M

2M SDH

155M SDH

1000M

155M

CP

OS

……

2M SDH

2M SDH

Military branch network Xinhua News Agency

ISP

Xinhua HQ Xinhua Shanghai

Branch

Exchange office

Stock office

Xinhua 08 access

DRO-5080 DRO-5080

Servers

100M

2M SDH

155M SDH

1000M

Xinhua News Agency deployed 6*DRO-5080 ， 2 were deployed for Xinhua 08 service, others were deployed for mobile reporting platform, uses CPOS or 4E1 binding.

08 transmission platform of Xinhua News Agency

NationalGovernmentNetwork

PrivateNetwork for Ministries

PrivateNetwork for Ministries

Ministry of Audit

BranchDRO-2024

100M

2M SDH

155M SDH

1000M

BranchDRO-2024

BranchDRO-2024

BranchDRO-2024

ProvincialGovernmentNetwork

ProvincialGovernmentNetwork

BranchDRO-2024

BranchDRO-2024

2nd phase of “Gold Audit” Network

Video monitor center

MAN

Camera

Storage Encoding &decodingMonitor center

DRO-5080 DRO-5080

Office

DRO-5080

Camera Office

DRO-5080

Office

DRO-5080

CameraOffice

DRO-5080

Camera Office

DRO-5080

CameraOffice

DRO-5080

Camera

Camera Office

DRO-5080

CameraOffice

DRO-5080

23*Branch office

Video monitoring network of Xuanwu District, Beijing

Thank you!