Introduction to the USG9000
At present, the USG9000 can work in three modes: routed mode, transparent mode, and composite mode.
- routing mode In routing mode, the USG9000 uses the layer 3 for external connections, and all interfaces must be assigned with IP addresses. When the USG9000 is located between the internal network and the external network, you need to configure the interfaces, through which the USG9000 is connected with the internal network and the external network, with IP addresses on different network segments and re-plan the network topology. In this case, the USG9000 serves as a router. As shown in Figure 2-1, the USG9000 is connected with the internal network through an interface in the Trust zone, while it is connected with the external network through an interface in the Untrust zone. Note that the interface in Trust zone and the interface in Untrust zone reside in different two subnets.
- transparent mode In transparent mode, the USG9000 uses the layer 2 for external connections, and none of the interfaces can be assigned with IP addresses. In this case, the USG9000 is transparent to users in subnets and routers. That is, users do not feel the existence of the USG9000. As shown in Figure 2-2, the USG9000 is connected with the internal network through interfaces in the Trust zone, while it is connected with the external network through interfaces in the Untrust zone. Note that the internal network and the external network must reside in the same subnet.
- composite mode If there are both interfaces working in routing mode (such interfaces have IP addresses) and interfaces working in transparent mode (such interfaces have no IP address) in the USG9000, the USG9000 is working in composite mode. Composite mode is applied in the case of dual-system hot backup with transparent mode. The interface on which VRRP is enabled needs to be configured with an IP address, and other interfaces do not. Figure 2-3 shows a typical networking in composite mode.
Introduction to the Switching Network SystemThis section describes the principle of the SFU. The USG9580 has four SFUs. The switching network responsible for switching data between LPUs is a key component of the USG9580. The USG9580 uses switching chips developed by Huawei and Memory-Crossbar-Memory (M-C-M) to provide a three-level switching mode. Level-1 and level-3 switching use a shared-memory model and are performed on LPUs; level-2 switching uses a Crossbar model and is performed on SFUs. Figure 1 shows the switching network of the USG9580.
- Data packets enter an LPU through physical interfaces and are fragmented into cells of a fixed length. These cells are then sent to the level-1 switching chips. After being buffered and scheduled, the cells enter the crossbar switching chips on the SFU. The level-1 switching chip on an LPU is fully connected with all of the level-2 switching chips. As a result, the same number of cells can be distributed to each level-2 switching plane. This implements load balancing on switching planes and facilitates fault tolerance.
- After the cells reach the crossbar switching chips, the crossbar switching chips schedule the cells to the corresponding outbound interfaces according to the destination interfaces of the data packets. The cells are then sent to the level-3 switching chips on another LPU. At this point, the switching of the cells by the level-2 switching chips is completed.
- After the cells reach the level-3 switching chips on another LPU, the system searches for the destination interfaces. Once found, the cells are reassembled and sent out through physical interfaces. At this point, switching of the data packets is completed.