Introduction to the USG9000
At present, the USG9000 can work in three modes: routed mode, transparent mode, and composite mode.
- routing mode In routing mode, the USG9000 uses the layer 3 for external connections, and all interfaces must be assigned with IP addresses. When the USG9000 is located between the internal network and the external network, you need to configure the interfaces, through which the USG9000 is connected with the internal network and the external network, with IP addresses on different network segments and re-plan the network topology. In this case, the USG9000 serves as a router. As shown in Figure 2-1, the USG9000 is connected with the internal network through an interface in the Trust zone, while it is connected with the external network through an interface in the Untrust zone. Note that the interface in Trust zone and the interface in Untrust zone reside in different two subnets.
- transparent mode In transparent mode, the USG9000 uses the layer 2 for external connections, and none of the interfaces can be assigned with IP addresses. In this case, the USG9000 is transparent to users in subnets and routers. That is, users do not feel the existence of the USG9000. As shown in Figure 2-2, the USG9000 is connected with the internal network through interfaces in the Trust zone, while it is connected with the external network through interfaces in the Untrust zone. Note that the internal network and the external network must reside in the same subnet.
- composite mode If there are both interfaces working in routing mode (such interfaces have IP addresses) and interfaces working in transparent mode (such interfaces have no IP address) in the USG9000, the USG9000 is working in composite mode. Composite mode is applied in the case of dual-system hot backup with transparent mode. The interface on which VRRP is enabled needs to be configured with an IP address, and other interfaces do not. Figure 2-3 shows a typical networking in composite mode.
Introduction to the Control PlaneThis section describes the functions of the control plane. The control plane on the USG9580 is responsible for system control and management, including route calculation, device management and maintenance, and device monitoring. USG9580 uses the MPUB and CMU to implement the system control and management functions of the control plane. The functions include route calculation and device management, maintenance, and monitoring. The functions are described as follows:
System Control and Management UnitAs the system control and management unit, the MPUB provides the following functions on the system control panel:
- Route calculation: All routing protocol packets are sent by the forwarding engine to the MPUB for processing. In addition, the MPUB broadcasts and filters packets, and downloads routing policies from the policy server.
- Outband communication between boards: The LAN switch modules integrated on the MPUB provide outband communications between boards. In this manner, messages can be controlled, maintained, and exchanged between SFUs and LPUs.
- Device management and maintenance: Devices can be managed and maintained through the management interfaces (serial interfaces) provided by the MPUB.
- Data configuration: The MPUB stores configuration data, startup files, charging information, upgrade software, and system logs.
- Data storage: The MPUB provides two interfaces for CF cards, which serve as mass storage devices to store data files.
System Maintenance UnitAs the system maintenance unit, the MPUB collects monitored information to test system units locally or remotely, or implement in-service upgrading of system units. The MPUB periodically collects information about the operation of system units through the Monitorbus. The MPUB then generates related control information based on the collected information, for example, the detection of board installations and adjustments to fan speed. Through the joint test action group (JTAG) bus, the MPUB remotely or locally tests system units, or performs in-service upgrades of system units.
ReliabilityThe main control modules, clock modules, and LAN switch modules on the MPUB work in 1:1 hot backup mode, thus improving system reliability. The two MPUBs work in 1:1 backup mode. Each MPUB monitors the status of the other. If the master MPUB is faulty, the slave MPUB automatically takes over as the master MPUB.