امکانات سودار

امکانات سیستمی

دارای سیستم عامل اختصاصی و محیط کاربری CLI مشابه با سیسکو
قابلیت بروز رسانی امن و مطمئن بصورت آنلاین و آفلاین با سرور اختصاصی به روز رسانی
پشتیبان گیری/ بازنشانی تنظیمات به صورت محلی یا بر روی شبکه
سیستم مجتمع ممیزی با قابلیت نمایش داده های ممیزی در هر روتر
سرویس مرکزی اختصاصی مانیتورینگ و پشتیبانی از IPFIX ، SNMP و Prometheus در روتر
Support 1G,2.5G,10G,25G,40G,100G modules( EThernet, SFP, SFP+,…)

IPv4/IPv6

14+ MPPS, per cpu core
Multimillion entry fib
Source RPF
Thousands of VRFs
Controlled cross-VRF lookups
Multipath - ECMP
Multiple million Classifiers - Arbitrary N-tuple
VLAN Support - Single/Double tag
Counters for everything
Mandatory Input checks
TTL expiration
header checksum
ARP resolution/snooping

IPv6

Neighbor Discovery
Router Advertisement

پروتکلهای مسیریابی:

روتر سودار از تمامی پروتکل های مورد استفاده و کاربردی در شبکه های امروزی پشتیبانی می کند. همچنین توانایی ارائه الگوریتم مسیریابی بومی که محصول شرکت است، نیز وجود دارد.

BGP4:

BGP Community-List
BGP Extended community-List
IPv4/6 Unicast address family
Route Reflector client
Route Reflector server
eBGP
iBGP
Soft-reconfiguration support
Route selection customization
Route Maps
Capability negotiation
Route Aggregation
AS-Path access-list
VRF Aware
Route redistribution

RIP

Version 1
Version 2
IPv6/ Version 3( RIPng)
Route Maps
Split-horizon
Distribute-lists
Offset-list
Authentication
VRF Aware
Route redistribution

OSPF

ABR/ ASBR router
LSA Summary
Area authentication
Interface authentication
Broadcast/ non-broadcast/ P2MP/ P2P networks
Router priority
Distribute-lists
Default route originate
Route maps
VRF Aware
Route redistribution
Multi-instance support
Full packet encryption( Soodar specific feature)

ISIS

Level-1, level-2-only, level-1-2 circuit types
Dynamic hostname support
Interface authentication
Area authentication
VRF Aware
Domain authentication
Narrow/ wide metric styles
Prefix-lists

MPLS

در شبکه های هسته استفاده از پروتکل MPLS برای پایین آوردن هزینه مسیریابی بسیار کارساز است همچنین برای ایجاد خدمات مهندسی ترافیک و ایجاد تونلینگ از MPLS استفاده می شود. روتر سودار پروتکل MPLS و پروتکل LDP را پشتیبانی میکند. و همچنین میتوان تونلهای VPLS را در شبکه MPLS ایجاد نمود.

LDP( As described in RFC5036)
MPLS L3VPN( MP-BGP)
VPWS Tunnels
MPLS-o-Ethernet
Deep label stacks supported

ACL

Standard ACLs( Source,Destination)
Extended ACLs( Protocol, Source, Destination, Source port, Destination Port, ICMP codes, TCP flags)
Named ACLs
IPv4/ IPv6 Support
Stateful

QoS

Class Maps
Policy Maps
DSCP Marking
Traffic Policing
Class maps for traffic classification
- Match packet against ACLs
- Match packet against a source address
- Match packet against a destination address
- Match packet against a DSCP
- Combine rules and match all/any of them
Policy maps for defining policies for Class maps
- Double criteria traffic policing.
- Applied on interface’s ingress traffic.

IP SLA

Different SLA types
- ICMP echo
  - Frequency
  - Timeout
  - Threshold
  - VRF
  - Payload length
- ICMP jitter
  - Frequency
  - Timeout
  - Threshold
  - VRF
  - Number of packets and the interval between them in a burst
Support reactions
- Support of various parameters for reaction
  - Average jitter
  - Average jitter( percentile calculation)
  - RTT
  - Over threshold
  - Packet loss
  - Timeout
- Support of various reactions criteria
  - Immediates
  - Average
  - Consecutive
  - XofY
- Support of Log action and Trigger action
Recurring schedules and infinite run of SLA

Tracks

Track various objects in system
- SLA
  - On SLA reachability
  - On SLA reaction
- Interface state
- Route reachability
  - Specific nexthop( IP or interface)
  - VRF
- Boolean list
Install/uninstall static routes based on the track state
Install/uninstall policy-maps on an interface based on the track state

Tuning

Limit Memory usage of different system services.
Exclude CPUs from OS scheduler.
Bind different system services to CPUs.
CPU usage weight.
System hugepages size and number.
Change interface mapping.
Set dataplane main and worker cores.
Set dataplane heap memory size.
Set dataplane buffers options.
Enable dataplane polling sleep and set its intervals.

DHCP

DHCP4 Server
- DHCP pools
- Lease time
- DNS address
- Router address
- Domain name
- NTP server address
DHCP4 Client
- Request/Deny router address
- Request/Deny DNS address

تونل‌های لایه ۲ و لایه ۳:

VXLAN Tunnels
- Static defined P2P
- VRF Aware
GRE Tunnels
- P2P
- Protected with IPSec SA
- VRF Aware( When not protected)
IP-IP Tunnels
- P2P
- Protected with IPSec SA
- VRF Aware( When not protected)
IPSec
- Route-based SAs
- IKEv2 with PSK and RSA-Sig
- Integrated with PKI system
- IKEv2 Dead Peer Detection
- SA Initiator/ Responder
- SA Lifetime
- SA Rekeying
- Well-known encryptions
- Custom user defined encryptions
Wireguard
- Wireguard server
- Wireguard client
- Normal WG mode( Uses allowed IPs)
- Routing WG mode( Uses static/OSPF/… routing)
- Custom user defined encryptions
VPLS and MPLS Tunnels

امکانات لایه ۲:

VLAN
- Dot1Q
- Q-in-Q
- Tag rewrite( push and pop. currently no translation)
Bridge
- Supports split horizon’s group
- No STP
- BVI
Bonding Interfaces
- LACP
- Active-Backup
- Broadcast
- Supports Load-Balancing( Available only in LACP)
L2 forwarding with EFP/Bridge Domain concepts
BFD
SPAN Port
LLDP
Link Detection
VTR - push/pop/translate
Mac Learning - default limit of 50k addresses
Bridging - Split-horizon group support/EFP filtering
Proxy Arp
Arp termination
IRB - BVI Support with RouterMac assignment
Flooding
Port security

امکانات NAT

Static NAT
- Address Only NAT
- Protocol NAT
- Uses Inside and outside cisco-like NAT( not Source/ Destination like the ones in linux)
Dynamic NAT
- Uses IP Pool
- PNAT
- ACL based NAT
Carrier Grade NAT( Deterministic NAT)
Source NAT

امکانات PKI:

RSA Key generation/ zeroization
X25519 Key generation/ zeroization
SSH Key generation
Adding/ Removing Trustpoints
Generating certificate signing request
Importing signed certificates
SSH authorized key management
SSH known keys management

امکانات مانیتورینگ:

Prometheus Metrics
- node hardware metrics
- network metrics
- wireguard tunnel metrics
- IPSec tunnel metrics
- dataplane metrics
- OS metrics
Logs
- Supports Syslog
- TCP/UDP syslog client with TLS support
- Vector client
SNMPv3
IPFIX
SPAN Port
LLDP
CDP
Packet capturing( with debugging dissectors)

سیستم به روز رسانی

Automated rootfs rollback with dual A/B partition
Full image atomic updates
Secure TLS communication
image signing for verification
Root filesystem integrity checksum to avoid corruption during transfer or storage.

امکانات مدیریتی

Cisco compatible CLI
SSH and local console
Config backup/restore via SCP and local
PKI backup/restore via SCP and local
System analyzer and crash management( exportable via SCP)
Set system Date,Clock,timezone
NTP
DNS client
Static host-name to address mapping

امکانات قابل پیاده سازی در صورت درخواست:

پایه این امکانات در هسته VPP موجود است و باید با کل سیستم مجتمع گردد و تستهای مورد نظر پیاده سازی گردند.

NAT
- NAT64
- NAT66
- CGNAT
VRRP
MGRE( And possibly DMVPN)
L2VPN
Unequal Cost Multipath
DHCPv6 Proxy
L2TPv3
Segment Routing