Embed Size (px)
Citation preview
HUAWEI TECHNOLOGIES CO., LTD.
Bantian, Longgang District
Shenzhen518129, P. R. China
Tel:+86-755-28780808
2013
Huawei High-Efficiency WAN Solution
Huawei High-Efficiency WAN Solution
1
2
3
4
WAN Development and Challenges
Huawei High-Efficiency WAN Solution
Customer Benefits
Why Huawei
2.1 Stable Network Architecture
2.2 High-Efficiency QoS Guarantee
2.3 Comprehensive Network Security
2.4 Unified Network Management
Huawei High-Efficiency WAN Solution Huawei High-Efficiency WAN Solution4 5
WAN Development and Challenges
As more enterprise services are deployed on IT systems and transmitted over IP networks,
enterprise networks are expanding to support more service types.
Enterprise networks are vital for ensuring service availability; therefore, network reliability, security,
and maintainability must be guaranteed to ensure uninterrupted services.
The bandwidth demands of enterprise services on network resources is increasing, especially
on Wide Area Network (WAN) bandwidth; however, WAN bandwidth is limited and network
resources must be allocated logically to ensure user experience of key applications and to minimize
investment.
Enterprise WANs must expand and upgrade to support developing services. WANs must be
scalable and able to evolve to ensure service continuity and maximize Return on Investment (ROI).
Data processing
Information sharing
Comprehensive service
Computer interconnection & file sharing
Office system
Wireless access
Video conferencing
Desktop Telepresence
Cloud storage
BYOD
Spontaneous Telepresence
Desktop cloud
Enterprise application store
Mobile video
Cloud computing
Internet of ThingsVoice call
Multimedia
Cloud
Mobile
Service network
Enterprise service informatization
Enterprise informatizationDevelopment of enterprise informatization
1
7Huawei High-Efficiency WAN SolutionHuawei High-Efficiency WAN Solution6
Huawei High-Efficiency WAN Solution
Huawei launched its high-efficiency WAN solution to solve the challenges of insufficient
bandwidth, poor reliability, security, and maintainability.
Huawei WAN solution architecture
Huawei One NetConnect Everyone, Connect as One
Application
Solution highlights
Products
Government Enterprise Energy Power Transportation Finance
Stable architecture High-efficiency service transmission
Comprehensive network security
Unified O&M
• High reliability • performance• Scalability • evolution
• Refined QoS• Bandwidth management• Load balancing• Performance acceleration
• Border protection• high quality & security• service management• traffic optimization
• Traffic monitoring• quality monitoring• visualized O&M• collaborative management
NE series routers AR series routers USG Anti-DDoS eSight/U2000
Stable network architecture, highly efficient multi-service provisioning, comprehensive network
security, and unified Operation and Maintenance (O&M) are the core characteristics of the Huawei
WAN solution.
■ Stable network architecture – The Huawei WAN solution provides device-level and protocol-level reliability. Self-
developed core chips help realize highly efficient and smooth upgrades. IPv6 technologies and the transition
solution enable network architecture evolution.
■ High-efficiency service provisioning – The Huawei WAN solution implements refined Quality of Service (QoS)
for multimedia and cloud services to provide differentiated service experience. Various types of load-balancing
technologies and WAN-acceleration products can maximize link utilization.
■ Comprehensive network security – The Huawei WAN solution provides refined service identification and multi-
dimensional policies to provide border security and defend against malicious attacks and unauthorized access.
■ Unified O&M – The Huawei WAN solution supports unified management of IP and optical networks and realizes
visualized monitoring and O&M of network traffic, providing quality through a simplified and unified Network
Management System (NMS).
2
Huawei High-Efficiency WAN Solution Huawei High-Efficiency WAN Solution8 9
2.1 Stable Network Architecture
The Huawei WAN solution can provide a comprehensive collection of enterprise networking
products, including optical transmission/Ethernet/WLAN/WAN access routers, aggregation/core
routers, network security products, and NMS to realize an end-to-end fundamental network
solution.
The Huawei WAN solution provides device-level, network-level, and topology-level network
reliability.
Highly reliable architecture
Device-level reliability
Hardware redundancy design• Dual MPUs• Dual Power Supplies• Hot swappable cards
In-service upgrade• Hot patches
• In-service software upgrade (ISSU)
Single point failure recovery• Non-stop forwarding (NSF)
• Non-stop routing (NSR)
Topology-level reliability
Protocol-level reliability
Node fault recovery technologies:• Static/dynamic BFD• Single-hop/multi-hop BFD• IPv6 BFD
Industry-leading fast switchover technologies:• IP FRR• LDP FRR• VPN FRR• MPLS TE FRR
• Dual planes• Dual devices and dual links• Dual carrier lines
■ Device-level reliability:Hardware redundancy design: Dual power supplies, dual Main Processing Units (MPUs), and hot-swappable cards.
• Huawei NE series routers provide redundancy for key components (1:1 backup for MPUs and 1+1
backup for power supplies).
The routers support heat dissipation system partition. Failure of one fan will not affect system operation. The
routers use independent monitoring units decoupled from the MPU, and all modules are hot swappable.
• In-Service Software Upgrade (ISSU): Hot patches
Huawei NE series routers support hot patching to ensure uninterrupted services during patch upgrade and
ISSU to ensure uninterrupted services during full image upgrade.
• Single-point failure recovery: Non-Stop Forwarding (NSF) and non-stop routing (NSR)
Huawei NE series routers support NSF to separate the control plane from the forwarding plane and enable
quick carrier-class failover. The routers also support NSR to ensure uninterrupted control traffic and services
during switchover. Neighbor devices are not involved in the switchover, which prevents service interruption
during a node fault.
■ Protocol-level reliability:
• Network link and node fault detection technologies: Static/dynamic Bidirectional Forwarding
Detection (BFD), single hop/multi-hop BFD, and IPv6 BFD.
Huawei developed innovative static BFD. In addition to dynamic BFD, Huawei products support static BFD
sessions created by manually specifying local and remote discriminators. Single-hop BFD detects faults on
direct links between routers of the same network segments, while multi-hop BFD detects faults on indirect
links between different routers. In addition to dynamic BFD, Huawei products support static BFD sessions
created by manually specifying local and remote discriminators.
• Industry-leading quick switchover technologies: IP Fast Reroute (FRR), Label Distribution Protocol
(LDP) FRR, and VPN FRR.
Huawei developed the LDP FRR technology to enable 50 ms fault switchover using primary and backup labels.
VPN FRR is triggered by BFD fault reports and implements fast convergence in case of a tunnel egress node
failure. The recovery time of the faulty egress node is irrelevant to the number of VPN routes, enabling simple
and reliable network deployment.
■ Topology-level reliability:
• Dual-plane network
Dual planes are used for backbone platforms. Two links connect key devices to prevent single-point failures.
• Double node dual link
Two routers are used on core nodes to prevent single-point failures.
• Networks of two carriers
Leasing two networks from different carriers prevents single-point failures.
Device-level reliability: Dual MPUs for routers, NSF, and NSR
Protocol-level reliability: FRR and BFD
Topology-level reliability: Double hosts, dual-plane, dual uplinks, and UCMP.
Stable Network Architecture
Huawei High-Efficiency WAN Solution Huawei High-Efficiency WAN Solution10 11
2.2 High-Efficiency QoS Guarantee 2.3 Comprehensive Network Security
The Huawei high-efficiency WAN solution offers
the following advantages for guaranteeing
Quality of Service (QoS):
■ Provides various types of service quality assurance
to support multiservice provisioning. Hierarchical
Quality of Service (HQoS) schedules queues in the
physical, logical, and application/service levels using
different traffic policies. This provides management
for hierarchical traffic and for different types of users
and services.
Huawei supports five levels of HQoS scheduling, and
each DS-TE supports eight CTs, providing a refined
End-to-End (E2E) QoS solution.
Huawei’s high-efficiency WAN solution offers the following security protection advantages:
■ Provides major security functions, such as anti-virus, Intrusion Prevention System (IPS), URL filtering, IPSec VPN,
SSL VPN, GRE VPN, and anti-spam.
• Anti-virus: Huawei boasts world-leading anti-virus technologies and decompression algorithms, supporting scanning of more than 10 file
types with encryption shells and compressing shells.
• Intrusion Prevention System (IPS): Loophole-based protection technologies provide virtual patches to achieve zero error rate.
• URL: With 65 million URL libraries in 130 categories, Huawei’s analysis center can output more than 100 pages of results each day.
• Powerful application identification technology: Detects and identifies more than 1,200 protocols, in more than 20 categories, and more
than 6,500 applications, in addition to supporting online upgrades and real-time application library updates.
■ Comprehensive authentication modes and refined service identification realize multi-dimensional policy
configuration and execution.
• Comprehensive authentication modes: Supports Lightweight Directory Access Protocol (LDAP), Radius, Active Directory (AD), and
Certificate Authority (CA).
• Refined service identification: Supports detection and identification of applications such as Point-to-Point (P2P), Instant Messaging (IM),
online TV, VoIP, and more than 1,200 protocols in more than 20 categories.
• Multi-dimensional management based on users, applications, time, and security policies.
■ An advanced traffic management and control solution filters attack and non-service traffic to ensure high-
efficiency service provisioning.
• Dynamic traffic importing and cleansing: The function is enabled on the core routers on the backbone network. The Netflow center
detects attacks and notifies the Abnormal Traffic Inspection and Control System (ATIC), which delivers traffic importing policies to anti-
DDoS devices, enabling dynamic traffic import and cleansing and preventing traffic congestion.
• Traffic filtering: Filters and cleanses attack packets to minimize impact on services. Session-based anti-DDoS accurately locates attack
sources and abnormal sessions and provides low traffic volume detection based on application layer. Supports anti-worm, anti-Botnet,
and anti-Trojan horse to prevent attacks on hosts.
• Evolution to IPv6 networks: Supports Anti-DDoS on dual stacks when IPv4 networks evolve to IPv6 networks.
HQoS
MPLS HQoS DS-TE
Huawei innovation
Five-level HQoS scheduing
Exclusivelysupported
Each DS-TE tunnelsupports 8 CTs.
Refined E2E Qos solution
■ Unequal-Cost Multi-Path Routing (UCMP) and load balancing allocate traffic to backup links according to their
bandwidth capacities. This realizes more logical use of backup links, eliminating an idle high-bandwidth link and
packet loss on the low bandwidth link.
■ WAN acceleration products compress traffic based on application characteristics to increase network bandwidth
utilization. The WAN acceleration module significantly increases transmission speed and reduces bandwidth
requirements by 60 to 70 percent, saving up to 38 percent on costs.
VLAN
VL
AN
S
S
S
S
S
S S Phys
ical
inte
rfac
e
Sub-
inte
rfac
e
User
Service
Service partitionDifferent services
(SP/WRR)
User partition
Different users(WFQ)
User group partitionDifferent devices
VLAN group schedulers
(WFQ)
Sub-interface partition
Different sub-interfaces
Sub-interface scheduler (RR)
Interface partition
Different physical interfaces
Physical interface scheduler
(RR/Shaping)
HQoS Realizing Five Levels Scheduling of Interfaces, Sub-Interfaces, User Groups, Users, and Services
Application identification
Malicious website detection
Web site classification
Anti-virus IPS
Malicious URL detection
• Support 1,200+ types of protocols.
• Detects encrypted P2P applications.
• Size of Botnet library: 350+. Detects 500+ worms.
• Accurate Botnet/worm detection
• System weakness analysis and intelligent weakness protection
• Size of loophole signature library: 6,500+
• Virus SDB: Used in 150 million systems around the world.
• > 65 million classified websites
• > 130 types of websites in 12 languages.
• Malicious URL >2M
• Phishing websites:• Active > 50,000• Accuracy > 90%
Comprehensive security
Huawei High-Efficiency WAN Solution12
2.4 Unified Network Management
Huawei’s high-efficiency WAN solution provides a unified Network Management System (NMS):
■ The Huawei U2000 realizes unified management of optical transmission and IP networks.
• Traffic synergy increases bandwidth utilization and reduces network investment.
• Protection synergy improves network reliability.
• Operation, Administration and Maintenance (OAM) synergy facilitates quick fault location.
■ Huawei eSight supports the maximum number of third-party devices in the industry. It can manage 675 device
types from more than 20 vendors, as well as many types of pre-defined IT and IP devices.
• Supports more than 150 types of H3C devices and more than 120 types of Cisco devices.
• Manages IP devices (routers, switches, WLAN, and security products), IT devices (printers, servers, and
workstations), or pre-defined third-party devices using the device customization function.
■ Supports management of customized devices (alarm, performance, and panel).
Huawei eSight Realizing Unified Management of Devices on the Entire Network
■ Supports visualized management for telepresence and Multi-Protocol Label Switching (MPLS) VPN to realize end-
to-end visualized network quality detection.
• Supports refined management of enterprise headquarters and branch traffic. The traffic of top N applications
and hosts can be displayed in graphs and diagrams to facilitate detection of abnormal traffic and network
planning.
• End-to-end visualized Service Level Agreement (SLA) and Network Quality Analysis (NQA) evaluate packets
in terms of latency, packet loss, and jitter, detecting network faults in real time and ensuring consistent user
experience for headquarters and branches.
Visualized Network Management
VolP
VolP VolP
Telepresence
Telepresence Telepresence
Desktop cloud
Desktop cloud
Desktop cloud
Video surveillance
Video surveillance
Video surveillance
Branch
S57/37 S57/37
Headquarters
S97/77
Branch
WAN
SLA component
NTA trafficAnalysis component
MPLS VPNcomponent
LAN
LAN
LAN
Huawei High-Efficiency WAN Solution 13
Customer Benefits Why Huawei
■ Provides customers with the most complete WAN products (IP network products + optical
network products + security/NMS products) through a unified solution.
■ Multiple types of service assurance technologies ensure highly efficient multi-service provisioning.
Multiple types of load balancing and WAN acceleration technologies maximize bandwidth
utilization, reducing Total Cost of Ownership (TCO).
■ Supports comprehensive authentication modes with refined service identification and multi-
dimensional policies to provide secure solutions.
■ Supports unified management of optical networks and IP networks to save O&M costs.
Huawei is a leading IP network solutions and equipment provider. Huawei has deployed IP
networks that serve one-third of the world's seven billion people in more than 140 countries
and regions. The Huawei high-efficiency WAN solution is a highly reliable and scalable solution
that supports stable network architecture, highly efficient service assurance, comprehensive
security, and unified network management. Boasting many years of experience in the Information
Communications Technology (ICT) field, Huawei can help enterprises build WANs and deploy
services around the world.
3 4
Huawei High-Efficiency WAN Solution 15Huawei High-Efficiency WAN Solution14
For more information, visit:
http://enterprise.huawei.com/cn/solutions/basenet/wan/index.htm
HUAWEI TECHNOLOGIES CO., LTD.
Bantian, Longgang District
Shenzhen518129, P. R. China
Tel:+86-755-28780808
2013
Huawei High-Efficiency WAN Solution
