Simplified Network

Building efficient, intelligent, and open telecom clouds

ZXUS vSeGW 9000 Introduction

The ZXUS vSeGW 9000 is a carrier-class security gateway. Based on the traditional security architecture, ZXUS vSeGW 9000 enables security gateway abstraction and the pooling technology. It has the features of elastic expansion and automatic on-demand deployment. ZXUS vSeGW 9000 is usually deployed at the boundary of the network to protect the data between the different networks or between the different offices, and implement secure transmission in the untrusted network, providing information privacy and network resource protection for individual users, enterprise users and operators.

The ZXUS vSeGW 9000 solves the problems of fixed resource occupation and high operation and maintenance costs of traditional physical devices, greatly improving the utilization of basic resources, allocating resources on demand, deploying services flexibly, and reducing operating costs, so that operator can rapidly develop new services,  attract and expand the user group.

Major Function

  • Perfect Access Security

    • Support multiple authentication methods, including source address authentication, certificate authentication, dual authentication, EAP-AKA authentication, and PSK-based authentication.
    • Support multi-standard encryption/decryption algorithms, integrity algorithms, pseudo-random functions and DH Groups, including DES, Triple-DES, AES-CBC, HMAC-SHA-1, HMAC-MD5, HMAC-SHA-2, AES- XCBC-PRF, DH Group 1, DH Group 2, DH Group 5 and DH Group 14, etc.
  • High Performance/Low Latency

    • Employs many technologies including SR-IOV, DPDK and separated control and forwarding to improve performance and reduce latency.
    • By using the SR-IOV technology to share one PCI device with multiple VMs, the vSeGW enhances the utilization rate of I/O devices and shortens the network latency. The SR-IOV can work on GE/10GE/40GE interfaces.
    • Employs the DPDK technology to enable more powerful system processing.
    • Using different paths to separate control plane services (for example, protocol processing and dynamic generation of policy information) and user plane services (for instance data packet filtering, forwarding and processing), making data forwarding more efficient.
    • Employs the AES NI technology to use the underlying hardware in order to reduce CPU cycles and improve AES encryption/decryption performance.
  • High Reliability

    • Employs the enhanced VRRP protocol running on the HA path between the active and standby OMPs to ensure the security gateway capable of working in the hot redundant mode.
    • To keep the system reliable and away from data blocking, the vSeGW implements data synchronization and backup via multiple HA paths.
  • Fast Deployment

    • Automatic Deployment: The vSeGW can be deployed on a universal server automatically. When maintenance engineers finish making the vSeGW deployment blueprint, the entire deployment can be done rapidly, flexibly and automatically, which obviously makes the O&M much easier.
    • Elastic Scale-In/Out: To enable simplified deployment and management, as well as more efficient resource utilization, the vSeGW enables user-defined Scale-In/Out policies.
    • Easy to Integrate: The vSeGW can be easily integrated to different security protection scenarios. Related cloud management centers are responsible for the orchestration and management.
Documentation