Introduction to the USG9000
At present, the USG9000 can work in three modes: routed mode, transparent mode, and composite mode.
- routing mode In routing mode, the USG9000 uses the layer 3 for external connections, and all interfaces must be assigned with IP addresses. When the USG9000 is located between the internal network and the external network, you need to configure the interfaces, through which the USG9000 is connected with the internal network and the external network, with IP addresses on different network segments and re-plan the network topology. In this case, the USG9000 serves as a router. As shown in Figure 2-1, the USG9000 is connected with the internal network through an interface in the Trust zone, while it is connected with the external network through an interface in the Untrust zone. Note that the interface in Trust zone and the interface in Untrust zone reside in different two subnets.
- transparent mode In transparent mode, the USG9000 uses the layer 2 for external connections, and none of the interfaces can be assigned with IP addresses. In this case, the USG9000 is transparent to users in subnets and routers. That is, users do not feel the existence of the USG9000. As shown in Figure 2-2, the USG9000 is connected with the internal network through interfaces in the Trust zone, while it is connected with the external network through interfaces in the Untrust zone. Note that the internal network and the external network must reside in the same subnet.
- composite mode If there are both interfaces working in routing mode (such interfaces have IP addresses) and interfaces working in transparent mode (such interfaces have no IP address) in the USG9000, the USG9000 is working in composite mode. Composite mode is applied in the case of dual-system hot backup with transparent mode. The interface on which VRRP is enabled needs to be configured with an IP address, and other interfaces do not. Figure 2-3 shows a typical networking in composite mode.
SPUAThis chapter describes the appearance and specifications of the SPUA.The SPUA realizes all the service processing functions of the USG9000. The following types of SPUAs are available:SPUAs include the two models SPUA01 and SPUA02 that have different data processing capacities. The SPUA01 provides 10 Gbit/s processing capability. The SPUA02 provides 20 Gbit/s processing capability. The SPUA01 can be upgraded to the SPUA02 by inserting a service processing card (SPC) into it. The SPUA can be inserted in LPU/SPU slot of the USG9000. Figure 1 shows the appearance of the SPUA01 (10G).
- Firewall SPUAs support VPN, NAT (NAT 44 and NAT 64), security policies, and IPv6.
- AAnti-DDoS SPUAs include detecting SPUs and cleaning SPUs.
- IPS SPUAs for IPS services processing.
- Figure 2 shows the panel of the SPUA01 (10G).
- Figure 3 shows the panel SPUA02 (20G).
Buttons and IndicatorsTable 1 shows the buttons and indicators on the SPUA panel.
Table 1 Buttons and indicators on the SPUA panel Component Description OFL button It is a button to send a application signal to the device when removing a board. Before removing a board, you need to press and hold the OFL button for about 6s till the OFL indicator is on. OFL indicator (Red) If the indicator is on, you can remove the board. RUN indicator (Green) If the indicator blinks once every 2s (0.5 Hz), it indicates that the board is normal. If the indicator blinks twice every 1s (2 Hz), it indicates that the board is in alarm mode. Table 2 Buttons and indicators on the SPC panel Component Description STATUS If the indicator is off, the BootROM does not start. If the indicator blinks twice every 1s (2 Hz), the BootROM is starting. If the indicator is on, the APP is starting. If the indicator blinks once every two seconds (0.5 Hz), the registration succeeds.
InterfacesThere is no interface on the SPUA and the SPC.
Technical SpecificationsTable 3 shows the technical specifications of the SPUA.
Table 3 Technical specifications of the SPUA Item Description Silkscreen of the board name SPUA Dimensions (W x D x H) 400 mm x 520 mm x 41 mm Power consumption (typical value) 199 W (SPUA01, 10G, with no SPC) 335 W (SPUA02, 20G, with an SPC) Board weight 4.5 kg (SPUA01, 10G, with no SPC) 7.0 kg (SPUA02, 20G, with an SPC) Maximum DC input voltage -72 V to -38 V CPU dominant frequency 1 GHz