Eudemon8000 High-End Security Gateway

Eudemon8000 High-End Security Gateway

HUAWEI TECHNOLOGIES CO., LTD.

Eudemon8000 High-End Security Gateway

Product Overview
Faced with increasingly serious network threats and dramatically

advanced distributed hardware architecture and high-capacity

increased network traffic, carriers' backbone networks, large-scale

non-blocking hardware switching and forwarding technology,

enterprises' egresses, and Internet Data Centers (IDCs) propose

the Eudemon8000 series products support a maximum of 20

higher requirements of security measures on network boundaries.

Gbps throughput, powerful attack-defense capability, various

Traditional firewalls cannot provide qualified security measures

service features, and high-capacity high-density interface boards

required by high-end customers.

that support a maximum of 10 G interfaces. The Eudemon8000

To meet the new requirements of high-end customers, Huawei

series products can meet high-end customers' requirements of

launches the Eudemon8000 series products, which are security

high reliability and high performance and provide an ideal security

gateways of large capacity and high performance. Adopting the

network platform for large-scale enterprises, operators, and IDCs.

Product Series

Product Features
Advanced and scalable distributed structure
The Eudemon8040 and the Eudemon8080 are configured with
four and eight expansion slots respectively. The number of service
processing boards and interface boards to be configured is at
users' option. The Eudemon8000 series products adopt the
advanced distributed hardware architecture, and load balancing
is implemented among service boards. The Eudemon8000 series
products support the scalable security solution with throughput at a
maximum of 20 Gbps.

Powerful attack defense and capability of

abnormal traffic cleaning
The Eudemon8000 series products can defend against DDoS attacks
Eudemon8040

Eudemon8080

at a speed of 6000000 pps. Even under the attacks with the line

Eudemon8000 High-End Security Gateway

speed at 10 G, the Eudemon8000 series products can effectively

such as large-scale enterprises, carriers' LANs, and IDCs.

distinguish the attack traffic from the normal traffic and then clean
the attack traffic to guarantee the secure transmission of service

High reliable firewalls

traffic. The Eudemon8000 series products support various and

The Eudemon8000 series products are carrier-class reliable security

flexible attack defense technologies, including attack fingerprint

gateways. All components are hot swappable. The Eudemon8000

identification, automatic learning of the attack library, and

supports two-node cluster hot backup. In addition, the Eudemon8000

Intelligent Connection Algorithm (ICA), which can effectively defend

supports the transparent mode; thus, the deployment of the

against various attacks such as SYN flood, UDP flood, CC attacks,

Eudemon8000 does not affect the existing network topology. The

and ICMP flood.

service boards support load balancing and hot backup; thus the failure

At the egresses of carriers' LANs, the deployment of the

of a single board does not affect the normal operation of the system.

Eudemon8000 series products can provide two solutions of traffic

The Eudemon8000 series products support the trunk technology. A

cleaning: direct cleaning and bypass cleaning. In bypass cleaning,

maximum of 64 logical interfaces are supported. Each logical interface

the Eudemon8000 series products cooperate with the Huawei

can be bound to a maximum of 16 physical interfaces. Physical

Service Inspection Gateway (SIG). The SIG monitors outgoing traffic

interfaces on different boards can be bound together. This greatly

and incoming traffic of the whole network; the Eudemon8000

increases the interface bandwidth and improves reliability.

series products divert and clean the abnormal traffic, and then
inject the cleaned traffic to the original path. In addition, the
Eudemon8000 series products control abnormal traffic such as
DDoS attack traffic and P2P traffic with fine granularity to prevent
the junk traffic from saturating network links.

Powerful NAT Service Capability

The Eudemon8000 series products support multiple NAT
applications, including NAT with overlapped private IP addresses,
bi-directional NAT, mapping of one public IP address to multiple
private IP addresses, and mapping of one private IP address to

Extensive network interfaces

multiple public IP addresses. As the leading NAT device in the

The Eudemon8040 and Eudemon8080 support multiple interface

industry, the Eudemon8000 series products use the NP processor to

boards, including 155 M/622 M/2.5G/10G POS interface boards,

implement high-speed NAT.

and Ethernet interface boards such as FE/GE/10 G Ethernet interface

A Eudemon8040 or a Eudemon8080 supports a maximum of 256

boards. The integrated equipment of the Eudemon8000 can

address pools. The Eudemon series products can support the NAT

provide two 10 GE interfaces, sixteen GE interfaces or one-hundred-

of large-scale Internet caf or data center with hundreds of devices.

and-twenty-eight FE interfaces, which can meet the network

The Eudemon series products use the NP processor together with

requirements of high interface capacity or high interface density

log server software to process binary logs, which can avoid the loss

Eudemon8000 High-End Security Gateway

of NAT logs and ensure the normal process of services.

single Eudemon8000 can be regarded as multiple firewalls. By providing

convenient security services and helping reduce cost, the Eudemon8000

Operational security service

series products are suitable for protecting carrier-level access to IDCs.

A Eudemon8040 or a Eudemon8080 supports a maximum of 512 virtual

In addition, the Eudemon8000 series products can implement special

firewalls. Each virtual firewall has its independent system resources,

security defense over VIP customers and output statistics report to

administrator, security policy, and user authentication database. Thus, a

realize the operation of secured bandwidth.

Typical Networking

Upper layer Network

Various security threats

SIG
Inspection and
analysis center

Management
center

Divert traffic
MAN

Inject
Eudemon8000
Control and cleaning center

Broadband access network

Intranet user

Big customer/
Internet cafe

IDC

Unified service platform

Deep service identification
Inspection of various traffic
Unified event management

Abnormal traffic cleaning solution involving the Eudemon8000 in a MAN

Eudemon8000 High-End Security Gateway

Internet

Eudemon8000

IDC

Basic-service zone

Value-addedservice zone

Management &
Maintenance zone

Other zones

Defense solution involving the Eudemon8000 for a large-scale IDC

Product Specifications
Item

Eudemon8040

Eudemon8080

Fixed interface

One FE management interfaces

One FE management interfaces

Expansion slot

Four expansion slots, in which service boards and

interface boards can be inserted

Eight expansion slots, in which service boards and

interface boards can be inserted

Types of expansion interfaces

Ethernet interfaces: 2GE, 4GE, 16FE, 32FE, 2GE+8FE, 2GE+16 FE, 110GE
POS interface: 4155M, 2622M, 12.5G, 110G

Dimensions (mm) (WDH)

482.6420352.8

482.6420797.3

Weight

50Kg

85Kg

Eudemon8000 High-End Security Gateway

Item

Eudemon8040

Eudemon8080

Input voltage

DC: -36V to -75V

AC (110V/220V): 90V to 264V

Full load power

600W

1000W

Mean time between failures (MTBF)

37.54 years

37.54 years

DDoS attacks that can be defended

SYN flood, ICMP flood, UDP flood, CC attack, IP Spoofing, LAND attack, Smurf attack, Fraggle attack,
Winnuke, Ping of Death, Tear Drop, address scanning, port scanning, IP Option control, IP fragments control,
TCP flag validity check, super ICMP packet control, ICMP redirection packet, ICMP unreachable packet,
TRACERT packet, HTTP Get attack, BGP Flood attack, DNS Flood attack, etc.

NO WARRANTY
THE CONTENTS OF THIS BROCHURE ARE PROVIDED AS IS. EXCEPT AS REQUIRED BY APPLICABLE LAWS, NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE MADE IN RELATION TO THE
ACCURACY, RELIABILITY OR CONTENTS OF THIS MANUAL.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO CASE SHALL HUAWEI TECHNOLOGIES CO., LTD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR
CONSEQUENTIAL DAMAGES, OR LOST PROFITS, BUSINESS, REVENUE, DATA, GOODWILL OR ANTICIPATED SAVINGS.

Copyright Huawei Technologies Co., Ltd. 2009.

All Rights Reserved.
The information contained in this document is for reference
purpose only, and is subject to change or withdrawal
according to specific customer requirements and conditions.

HUAWEI TECHNOLOGIES CO., LTD.

Add: Huawei Industrial Base
Bantian Longgang
Shenzhen 518129, P.R. China
Tel: +86-755-28780808
Version No.: M3-080030-20090416-C-1.0
www.huawei.com