Case Study 3 - UUCODE

Government Security

Municipal Earthquake Agency - Disaster Prevention Data Platform

By using TAP switches, mirrored traffic from key network devices is decapsulated (VXLAN/GRE) and deduplicated to enable effective integration with multi-vendor security analytics platforms.

Solution

Port mirroring is configured on critical firewalls, core switches, campus core switches, border switches, leaf switches, management switches, and early-warning routers. Uplink/downlink mirrored traffic is sent to TAP switches, where VXLAN/GRE decapsulation and deduplication are performed based on source/destination port matching. Different VLAN tags are then applied to distinguish business domains before forwarding to security analytics platforms.

Deployment List

Vendor	Device	Model	Quantity
UUCODE	TAP Switch	UT200-48Y8C-H	2 units
Huawei	WAN Dedicated-line Boundary Firewall	USG6625F	2 units
H3C	Data Center Firewall	F5000-CN160	2 units
Topsec	Internet Boundary Firewall	NGFW4000-UF	2 units
DBAPPSecurity	Standard/Early-warning Service Boundary Firewall	DAS-TGFW-A1080-FU	2 units
Qi-Anxin	Data Center Security Management Platform	Security Analytics & Management	1 unit
Qi-Anxin	APT High-threat Detection	Threat Monitoring & Analytics	1 unit
Colasoft	Full Traffic Analysis System	Cybersecurity Analysis & Audit	1 unit
Colasoft	Cybersecurity Forensics Center	Traffic Analysis & Audit	1 unit
Qingteng	Vulnerability Neutralization	Cloud Curtain NDR	1 unit

Solution Highlights

VXLAN/GRE decapsulation
Deduplication reduces backend processing load
VLAN tags identify different device/business traffic
Integrates with multi-vendor security analytics platforms

Previous Case Next Case