Technical Proposal for the WAN Interconnection Solution (V100R001C00_01)

WAN Interconnection Solution

Technical Proposal

Issue 01

Date 2011-09-08

HUAWEI TECHNOLOGIES CO., LTD.

Issue 01 (2011-09-08) Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd i

Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior

written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective

holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and

the customer. All or part of the products, services and features described in this document may not be

within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,

information, and recommendations in this document are provided "AS IS" without warranties, guarantees or

representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang

Shenzhen 518129

People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

http://www.huawei.com/

mailto:[email protected]


Technical Proposal Contents


Copyright © Huawei Technologies Co., Ltd ii

Contents

1 Overview of WAN Interconnection........................................................................................... 1

1.1 Challenges to WAN Interconnection ................................................................................................................ 1

1.1.1 Multi-Service Transmission .................................................................................................................... 1

1.1.2 High Reliability ....................................................................................................................................... 1

1.1.3 Security ................................................................................................................................................... 2

1.1.4 Maintainability ........................................................................................................................................ 2

1.2 Requirements for WANs .................................................................................................................................. 2

1.2.1 Requirement for Service QoS ................................................................................................................. 2

1.2.2 Requirement for Service Reliability ........................................................................................................ 3

1.2.3 Requirement for Service Security ........................................................................................................... 4

1.2.4 Requirement for Service Operation and Management ............................................................................ 5

2 Recommendations on Planning for WAN Interconnection .................................................. 7

2.1 WAN Networking Principles ............................................................................................................................ 7

2.1.1 Network Construction Mode ................................................................................................................... 7

2.1.2 Network Architecture Design Principles ................................................................................................. 7

2.1.3 WAN Layered Networking Principles ..................................................................................................... 9

2.2 IP Address Planning ....................................................................................................................................... 12

2.2.1 IP Address Assignment Principles ......................................................................................................... 12

2.2.2 Detailed IP Address Planning ................................................................................................................ 13

2.2.3 NGN Private Network Address Traversal ............................................................................................. 14

2.3 Routing Planning ............................................................................................................................................ 16

2.3.1 Inter-Domain Service Planning ............................................................................................................. 16

2.3.2 Routing Design ..................................................................................................................................... 19

2.4 Reliability Planning for IP Layer ................................................................................................................... 19

2.4.1 Fault Detection Techniques ................................................................................................................... 20

2.4.2 Network Protection Techniques ............................................................................................................ 21

2.5 Reliability Planning for Optical Transport Layer ........................................................................................... 23

2.5.1 Optical Line Protection ......................................................................................................................... 23

2.5.2 Optical Channel Protection ................................................................................................................... 24

2.5.3 Subnetwork Connection Protection ....................................................................................................... 25

2.5.4 ASON Protection .................................................................................................................................. 27

2.6 IP&OTN Protection Synergy ......................................................................................................................... 33


Technical Proposal Contents


Copyright © Huawei Technologies Co., Ltd iii

2.6.1 Multi-Layer Network Planning Tool ..................................................................................................... 33

2.6.2 SRLG .................................................................................................................................................... 33

2.6.3 Control Plane Intelligent Synergy ......................................................................................................... 34

2.6.4 Layered Protection Synergy .................................................................................................................. 35

2.7 QoS Planning ................................................................................................................................................. 36

2.7.1 Basic QoS Planning .............................................................................................................................. 36

2.7.2 HQoS Planning ..................................................................................................................................... 37

2.7.3 Huawei QoS Solution ........................................................................................................................... 38

2.8 Security Planning ........................................................................................................................................... 39

2.8.1 Security Measures ................................................................................................................................. 39

2.8.2 Network Security Architecture .............................................................................................................. 39

2.9 Network Management Planning ..................................................................................................................... 40

2.9.1 Unified Network Management .............................................................................................................. 41

2.9.2 Visualized OAM ................................................................................................................................... 42

3 Product Introduction .................................................................................................................. 45

3.1 NetEngine40E Core Router ............................................................................................................................ 45

3.1.1 Overview ............................................................................................................................................... 45

3.1.2 Product Models ..................................................................................................................................... 46

3.1.3 Product Features .................................................................................................................................... 48

3.1.4 Product Specifications........................................................................................................................... 48

3.2 NetEngine80/40 Series Universal Switching Router ...................................................................................... 49

3.2.1 Overview ............................................................................................................................................... 49

3.2.2 Product Models ..................................................................................................................................... 49



3.3 NetEngine20E/20 Series Multi-Service Router .............................................................................................. 53

3.3.1 Overview ............................................................................................................................................... 53

3.3.2 Product Models ..................................................................................................................................... 53




Technical Proposal 1 Overview of WAN Interconnection


Copyright © Huawei Technologies Co., Ltd 1

1 Overview of WAN Interconnection

1.1 Challenges to WAN Interconnection

While the wide area network (WAN) offers a cost-effective way to connect geographically

separated business locations, using the WAN brings a number of challenges. Enterprises need

careful planning to ensure reliable handling for mission-critical functions such as the

production service system, operating management system, and office automation system. In

this regard, WAN interconnection brings the following challenges:

How does the enterprise transmit various enterprise services on an IP network?

How does the enterprise ensure the reliability of an IP network?

How does the enterprise ensure security?

How does the enterprise ensure maintainability and manageability over time?

1.1.1 Multi-Service Transmission

Today’s enterprises require the use of multiple services:

Real-time and non-real-time services

Key services and less-critical services

Voice services, data services, and video services

These services have different quality of service (QoS) requirements. For example, key

services require rapid forwarding but have low requirements for bandwidth. Office data

services are insensitive to latency but require a bandwidth guarantee. Finding the right ways

to transmit all these services on a WAN is the key to building a secure and effective IP

network.

1.1.2 High Reliability

An IP network must provide 99.999% reliability to ensure uninterrupted services. Achieving

this level of reliability requires eliminating single-device faults and single-link faults. The

WAN solution must also implement end-to-end switching within 200 ms.





1.1.3 Security

Every enterprise requires high internal and external network security, from E-government

intranets to networks for key industries such as petroleum, national power, and banking.

Because the WAN is more vulnerable, compared to internal networks, careful measures must

be taken to guard the security of the IP network.

1.1.4 Maintainability

As the network expands to support services, network maintenance becomes increasingly

complex and requires specialized IP maintenance personnel. To enable personnel to maintain

and manage the network efficiently, the IP WAN interconnection solution must offer features

for easy maintainability, such as visual management and unified management of the entire

network.

1.2 Requirements for WANs

1.2.1 Requirement for Service QoS

Overview of WAN QoS

A traditional IP network can forward packets only in best-effort mode. The network transmits

packets in its capacity range, offering no guarantee for throughput, latency, jitter, or packet

loss ratio. If packet loss or excess latency occurs, terminals connected to the IP network need

to take measures to ensure data correctness. A mechanism such as connection admission

control (CAC) helps prevent bandwidth overload from deteriorating transmission performance.

However, the connectionless mechanism or dynamic routing protocols used on the traditional

IP network will result in high transient jitter. Therefore, the traditional IP network offers little

end-to-end QoS guarantee.

As the requirements on IP networks evolve, the IP WAN must carry a variety of real-time

services such as VoIP and IPTV that require an end-to-end QoS guarantee. The best-effort

mode of the traditional IP network cannot meet the needs of these applications.

At the same time, other services have different QoS requirements. For example, email and

FTP are not sensitive to latency. Therefore, the WAN solution must provide differentiated

services to ensure packet transmission for QoS-sensitive applications without devoting

excessive resources to non-critical services.

QoS mechanisms can provide differentiated service capabilities based on different

requirements. Availability, latency, jitter, and packet loss ratio are four performance indicators

for measuring the service level agreement (SLA) of an IP network:

Availability refers to the percentage of usable service time to total service working time.

Within five consecutive minutes, if the packet loss ratio of the services provided by an IP

network is less than or equal to 5%, the services are considered to be available in this

time period.

Latency refers to the interval from transmission to reception of an IP packet.

Jitter refers to the deviation of latency between different packets.

Packet loss refers to the ratio of lost IP packets to transmitted packets between two

reference points. Packet loss is mainly caused by network congestion.





Effectively implementing IP QoS technologies achieves the following advantages:

Controls network resources and their use.

Integrates multiple services such as voice, video, and data into a single IP network

platform.

Provides differentiated services based on different users requirements.

Goal of QoS Construction of IP WANs

IP WANs should meet the QoS requirements of various telecom services and signaling. At

present, among services on IP WANs, key real-time services of enterprises have high QoS

requirements. IP WANs need to both transmit multiple services of enterprises and provide

QoS guarantees for real-time services.

The following table lists the QoS values recommended by the ITU-T for IP WANs.

Table 1-1 Goal of QoS construction of IP WANs

Application Type

Typical Service

Latency

(End-to-End Unidirectional)

Jitter


Packet Loss Ratio


Bandwidth

Real-time

voice/video

VoIP

Video phone

150 ms 20 ms 0.1% Guarantee

Real-time data Signaling 150 ms N/A 0.1% Guarantee

Streaming

multi-media

IPTV/VoD 1000 ms N/A 0.1% Guarantee

Normal data Internet access N/A N/A N/A Self adapt

1. Considering low-speed links, the ITU-T recommends 50 ms as the jitter value. For most users, the real jitter is 20 ms.

2. The preceding data is from ITU-T Y.1541 and recommended by the ITU-T. The end-to-end distance is less than 5000 km.

In the actual solution, do not totally rely on technical means to solve the QoS problem.

Instead, fulfill the construction thoughts of IP telecom networks and take into consideration

all factors such as comprehensive analysis of traffic models, network design, QoS assurance

technologies, and reliability improvement to achieve the goal of QoS construction of WANs.

1.2.2 Requirement for Service Reliability

As the types and importance of the services on IP WANs have been increasing, services are

becoming more and more sensitive to network quality. They require not only network

recoveries upon faults, but also short recovery duration. The planning for IP WANs must meet

the requirements of real-time service, non-real-time service, key service, and non-key service

of enterprises, to guarantee reliable service deployment.

The reliability of IP WANs generally includes three aspects:

Equipment reliability

Network reliability





Fault protection switching time

Despite the dynamic protocol, redundancy connection, and other reliability technologies, the

traditional IP network does not meet the carrier-class requirements. In terms of reliability

index, a common IP network fault will result in service interruption for seconds or even

minutes. Such an index can meet the requirement for carrying traditional Internet services, but

not the QoS requirements of real-time voice and video services.

The requirements of carrier-class services for the reliability of a network are as follows:

The availability of network equipment reaches 99.999%.

The network availability reaches 99.999%.

Fault protection switching time: For a backbone network, less than 50 ms is

recommended for the link protection switching time (to meet the SDH requirements).

Key components of network equipment are redundant and interface boards are hot

swappable

Dual-node redundant backup is usually performed on key nodes.

The dual-homing design is used on key links.

1.2.3 Requirement for Service Security

The traditional IP network carries Internet services. As an open network, Internet is vulnerable

to a mass of viruses, illegal attacks, and malicious service thefts. Such a network can hardly

guarantee the security of services.

The next-generation IP WANs will carry various key real-time services, which have a high

requirement for network security. Therefore, the security problem must be solved in the

process of network planning. Security includes the following three aspects:

Confidentiality: Only the receiver designated by the sender can identify the

communications contents.

Data integrity and consistency: While being transmitted from the sender to the receiver,

information is not modified by the third party.

Service availability: This can be guaranteed by preventing malicious attacks on the

network.

To improve service security and meet the carrier-class requirements, IP WANs must meet the

following requirements:

Service security isolation: The network is physically isolated, or a service-based logical

network can be built on a single physical network. In this case, there is no service

leakage between logical networks and from the logical network to the infrastructure

network under any circumstances.

Inside the logical network: The network provides security measures to protect the

security of internal key systems, preventing service thefts.

Reliability of infrastructure network: The infrastructure network (equipment) of the

network can effectively prevent illegal attacks and viruses, to ensure sustained and stable

network operation without degrading network performance.





1.2.4 Requirement for Service Operation and Management

An IP network is both a transmission network and a service network. Traditional IP networks

focus on the openness but ignore the manageability. With the development trend of all-IP

services in WANs, an IP network is required to carry more and richer enterprise-class services.

To reach this goal, provide users with efficient network operation and management methods.

Manageability refers to not only the conventional network equipment management, but also

the service management capabilities, including user management capability, service quality

management capability, and service security management capability. These service

management functions can hardly be implemented if they are designed only in a module of

the BSS/OSS other than in network devices and network structure. Therefore, in IP WAN

planning, consider the various flexible capabilities of the transmission network for user

management, service management, and security management.


Technical Proposal 2 Recommendations on Planning for WAN Interconnection



2 Recommendations on Planning for WAN Interconnection

2.1 WAN Networking Principles

2.1.1 Network Construction Mode

Huawei recommends large enterprises to construct a new IP WAN in the process of transition

to ALL IP network. Network construction principles are as follows:

Layered network structure

Network structure is divided into three layers: core layer, backbone layer, and service

access layer. Layer-2 and layer-3 networks are separated to construct layer-3 routing

backbone network and layer-2 MAN with clear physical and logical levels.

Flattened network structure

Large-capacity devices are adopted to reduce the number of nodes as well as the number

of physical and logical cascade connection layers and to ensure wide coverage.

At the service access layer, the layer-2 Metro Ethernet network is adopted.

At the service access layer, the layer-2 Metro Ethernet network is adopted. Metro

Ethernet adopts RPR/RRPP ring networking mode to save optical fibers and improve

reliability.

Redundancy backup of key nodes and links

For important nodes with heavy traffic, dual devices are adopted for redundancy backup.

When the lower link connects to the upper link, dual homing is adopted.

2.1.2 Network Architecture Design Principles

Network Topology Design Principles

According to the WAN design principle, all the nodes of the entire network are located in an

AS and the flattened networking is used. The overall network topology design principles are

as follows:

The layered design is used. It divides a network into three layers: the access layer,

backbone layer, and core layer.

At the same layer, devices should be interconnected as much as possible. The core node

uses the redundancy mechanism.





The lower-layer device is dual-homed or multi-homed to a single node or multiple nodes

of a device.

The network topology can be adjusted according to the service traffic.

Core Node Design Principles

The core-layer devices can constitute a mesh network, semi-mesh network, or RPR ring

network. The backbone-layer devices are dual-homed to the core-layer devices. The core node

design principles are as follows:

The current traffic volume and forecast size of a node rank top.

A node has rich transmission resources and is located at the intersection of transmission

trunks.

A node is located in a central city.

In principle, core nodes are fully connected.

According to traffic and transmission resources, core nodes are not fully connected but

semi-connected.

According to the requirements for reliability protection and saving of optical fibers, the

RPR ring network technology is adopted.

According to the backbone-layer networking conditions, multiple devices can be

deployed on a single core node.

Ensure that at least one hop is reachable between two nodes with heavy traffic.

If there is little traffic between two nodes, multiple hops can be considered.

Transmission distance has a great impact on time delay. Try not to detour.

Backbone Layer Design Principles

The backbone layer converges user traffic and services at the same time. Prevent a large

number of access-layer devices from directly connecting to the core layer. The backbone layer

design principles are as follows:

According to the forecast of the traffic direction, backbone nodes are deployed in the

cities which have the main traffic (usually the regional central cities) as centers. Network

structure optimization should be fully considered and more than one administrative

region can be involved.

According to the size and traffic of a city, multiple backbone nodes can be set.

In a city where a core node is set, a backbone node can be integrated with the core node

based on the actual situation.

According to the reliability of links between backbone nodes and core nodes as well as

the reliability of core nodes, backbone nodes can be connected to different core nodes

respectively.

According to the traffic size between backbone nodes, links can be directly added

between convergence nodes with much traffic to distribute traffic.





Service Access Node Design Principles

The service access layer is constituted by layer-2 Metro Ethernet. Metro Ethernet consists of

Ethernet switches. The service access node design principles are as follows:

To save optical fibers and improve reliability, adopt RPR/RRPP rings to constitute a

network.

In the densely populated areas, the layer-1 ring is used to constitute a network.

− At each PoP, set one to three AGG-Rings.

− For each AGG-Ring, set four to eight UPEs.

− For each UPE, set three to ten DSLAMs.

In the sparsely populated areas, the layer-2 ring is used to constitute a network, with the

aim to save optical fibers.

− For each AGG-Ring, set three to ten ACC-Rings.

− For each ACC-Ring, set four to eight UPEs.

− For each UPE, set three to ten DSLAMs.

Traffic Transmission Principles

Planning the link metric of the whole network controls the service traffic of the whole

network scientifically. It is recommended that traffic control should abide by the following

principles:

In terms of route, number of actual hops ≤ minimum number of hops + 2.

In terms of traffic sharing, traffic is shared properly and the routes with great pressure

are avoided. For example, traffic between PoP nodes does not pass through the access

node. The traffic within a node does not pass through other nodes. That is, traffic at the

lower layer is only transmitted at the lower layer but not at the upper layer.

In terms of backup: Backup should be reasonable (the backup path is relatively short in

most cases; traffic should pass through the nodes and links with small pressure as much

as possible). If the connections between PoP nodes are interrupted, traffic should be

forwarded through the core node, but not the access node. If a fault occurs on the uplink

to which a device connects within a PoP node, traffic should pass through another device

that connects to the same node, but not other nodes.

In terms of analysis and adjustment, for a particular destination, the path should be clear

as much as possible to facilitate analysis and adjustment.

2.1.3 WAN Layered Networking Principles

A WAN can be divided into the core layer, backbone layer, and service access layer, as shown

in Figure 2-1.





Figure 2-1 WAN network architecture

Core layer

Backbone layer

Access layer

Core Layer Networking Principles

At the core layer, full connection, semi-connection, or RPR ring network modes can be

adopted based on user traffic, optical fiber resources, and other conditions. In addition, hybrid

design should be conducted for partial structure in accordance with the actual project

situation.

In full-connection scheme, a direct link can be directly set between any two nodes at the core

layer. Meanwhile, links can be bundled to provide higher bandwidth between two nodes and

further extend the bandwidth. However, full connection of nodes requires a lot of optical fiber

resources, greatly increasing overall network cost. This scheme is recommended for

enterprises which have huge traffic and rich optical fiber resources. In addition, the partial

full-connection networking mode can be adopted based on the actual project situation to

reduce the required optical fiber resources.

RPR is an advanced reverse double-ring networking scheme. It can significantly save optical

fiber resources and provide protection switching within 50 ms. Meanwhile, it can provide a

large number of advanced features to facilitate network deployment and network operation

and maintenance management. However, the current RPR technology supports only 10 G

interfaces and does not support link bundling. Therefore, scalability of RPR is restricted.

Overseas enterprises can adopt RPR networking scheme based on the actual situation only if

traffic can be satisfied.

The advantages of the two schemes can be combined. Based on RPR networking, when there

is huge traffic between two nodes on a ring, a direct link is set between the two nodes to

ensure large capacity provision. In this way, optical fiber resources are saved, high reliability

is ensured, and the requirements for high bandwidth between some nodes are satisfied.





Figure 2-2 Full mesh and RPR ring

Full Mesh structure RPR ring structure

Backbone Layer Networking Principles

The backbone layer has two networking models, as shown in Figure 2-3.

Model 1: Only one PE is adopted and the PE is dual-homed to two Ps.

Model 2: Two PEs are set on a PoP node for redundancy backup. Each PE is connected

to a P. That is, on a backbone node, two links are connected to a P.

Figure 2-3 Two networking modes of a backbone network

Service Access Layer Networking Principles

Considering the access quantity and device performance, the service access layer networking

principles are as follows:

In the service-intensive area, sites are relatively concentrated. The layer-1 ring network

is usually adopted.

In the service-sparse area, sites are relatively dispersed. Due to the geographical range,

the layer-2 ring network can be adopted.

P P

PE

P P

PEPE





Figure 2-4 Network architectures of service-intensive mode and service-sparse mode

2.2 IP Address Planning

2.2.1 IP Address Assignment Principles

The assignment and reasonable use of IP address space is closely associated with the network

topology, network organization, and routing policy. It will have a significant impact on the

availability, reliability, and effectiveness of MANs. Therefore, the requirement of the local

network for IP addresses must be considered to satisfy the requirement for IP addresses for

future service development. The MAN IP address planning should abide by the following

principles:

IP address planning and assignment should satisfy requirements from the rapid

development of MAN service and address segments should be reserved for future service

development.

IP address assignment must be flexible enough to access a variety of users such as

dial-up users and leased line users.

Address assignment is driven by services. Assign address segments for each place

according to the volume of services.

Adopt the VLSM technology for IP address assignment to ensure the utilization of IP

addresses.

Adopt the CIDR technology to reduce the size of routing table of routers, speed up the

routing convergence of routers, and reduce the size of routing information broadcast in

the network.

Adopt the hybrid address assignment mode that combines public and private addresses or

dynamic and static addresses to relieve the current pressure of serious shortage of IP

address resources.

IP address planning should take the network level into consideration to implement

hierarchical management.

Fully and properly use the applied address space to improve address utilization.

CPE

UPE

PE-AGG

AGG-RingAGG-Ring

CPE

UPE

PE-AGG-a

PE-AGGAGG-Ring

ACC-RingACC-Ring





2.2.2 Detailed IP Address Planning

Hybrid of Public and Private Addresses

The hybrid address assignment mode that involves public and private addresses can be

adopted in a MAN to save IP addresses and reduce the cost.

Both public and private addresses are used in a MAN. In a MAN, public and private

addresses are not converted. The routing devices in a MAN do not distinguish public

addresses from private addresses and support routing of public and private addresses.

At the network egress, the hybrid address switching router is adopted to convert

addresses. Only the private addresses of data packets are translated. Packets with public

addresses are forwarded.

Unified planning for private IP addresses is required to avoid confusion in the future.

Hierarchical Assignment

According to network structure, area, territorial allocation, and the number of users in an

area, the whole MAN is divided into several major regions.

A major region is divided into several sub-regions.

Each region obtains the sub-network segment from its higher-level region.

Regarding the network scalability, addresses should be assigned from both ends to the

middle.

This mode takes the planning for network level and routing protocol into full consideration.

Through the aggregation network, the network routing and the number of addresses for

maintenance in a network are reduced, fully reflecting the hierarchical management thought.

Private Address Assignment

Private addresses are usually configured in the following cases:

Residential users are usually assigned private addresses. Several successive IP addresses

(to facilitate aggregation) are assigned based on class C addresses.

For IP voice and video users, FANAVA assigns private IP addresses nationwide in the

unified manner and reserves IP addresses for the next few years. The mapping

relationships between the user number and the private IP address, public IP address of

media gateway, and public IP address of access gateway are stored in the softswitch

system, so that service traffic can be accurately routed to the user terminal during call

connection.

VPN users are assigned private IP addresses that are used in enterprises.

Public Address Assignment

The following devices are assigned public addresses, to ensure that both local users and

Internet users in other places are able to access the local server, without NAT restrictions.

Hosts on the Internet, such as web, FTP, and mail servers in IDC which need to be open

to the Internet

MAN gateway devices, which require public addresses to connect to the Internet

Devices on the routes which need to be broadcast externally (For example, a MAN

connects to two ASs at the same time and the inter-domain routing protocol BGP is





adopted. Because the MAN acts as the intermediate AS, the routes between AS egresses

may need to be broadcast on the Internet. In this case, public IP addresses are required.)

Enterprise users are assigned public addresses for NAT. An enterprise usually sets up an

intranet by using the private address and connected the intranet to the Internet by using

the NAT device. Assigning an enterprise public address will not affect the address

planning of the enterprise.

Users are assigned public addresses to surf the Internet by using ADSL, FTTX+LAN,

and other broadband modes. It is recommended that 40 to 100 users in a residential area

should be assigned one public IP address. If TCP port mapping can be realized, an IP

address can support more users.

Users are assigned public IP addresses to connect to the Internet in the narrowband

dial-up mode. Generally, each RAS port is assigned a publicIP address.

Leased line users are assigned public IP addresses to connect to the Internet. A user is

assigned a public IP address.

NAT Device Deployment

For small and medium-sized cities, it is recommended that the device that provides the NAT

function and hybrid address switching function should be deployed at the core layer of a

network to reduce device investment and enhance network manageability.

For large cities, consider providing the functions at the aggregation layer or access layer to

reduce the pressure on the devices at the core layer.

Address Redundancy

In the process of address planning, reserve 50% to 80% IP addresses.

2.2.3 NGN Private Network Address Traversal

A large number of enterprise networks and customer premises networks (CPNs) that are

carried on IP WANs basically adopt private IP addresses to connect to the public network

through the NAT/FW device at the egress. However, in the current IP WANs, it is difficult for

the control channel or media channel of the protocols, which are used to carry voice and video

over IP such as H.323, SIP, MGCP, and H.248, to traverse the traditional NAT/FW devices to

communicate with the public network in the application of private network user access. That

is, currently, most of NATs/FWs support the traversal of HTTP data application protocol, but

do not support NAT/FW traversal for the signaling and media streams of session service.

The biggest advantage of the NGN is to provide users with rich services; especially it

provides enterprise users with IP Centrex service that integrates voice, data, and video.

Therefore, the preceding problem in the current IP WANs is becoming the biggest obstacle to

launch the NGN service. At present, the solutions in the industry are as follows:

Network address translation (NAT)/Application layer gateway (ALG) mode

Middle box communication (MIDCOM) mode

Simple traversal of UDP through network address translators (STUN) mode

Traversal using relay NAT (TURN) mode

Signal proxy + media relay (Full Proxy) mode





Table 2-1 illustrates the comparison of the five modes.

Table 2-1 Comparison of NGN private network traversal modes

Item ALG MIDCOM STUN TURN Full Proxy

Performance The NAT device

needs to

dynamically

monitor and

parse all packets,

which will

greatly increase

the burden on

the NAT device.

The NAT device

does not need to

dynamically

monitor packets

but needs to

receive commands

from the

MIDCOM agent,

which will not

increase the burden

on the NAT

device.

The NAT device

does not need to

parse packets,

which will not

increase the burden

on the NAT

device. The

performance is

good.

The NAT device

does not need to

parse packets,

which will not

increase the

burden on the

NAT device. The

performance is

good.

Full Proxy

forwards all call

packets and media

streams in the

designated

direction. A high

efficiency is

required, but Full

Proxy processes

only session

packets but not

data service

packets.

Extensibility Each time a

protocol is

added, the NAT

device needs to

be upgraded.

The extensibility

is poor.

The protocol is

developed on the

agent.

Only the protocols

over UDP are

supported. A new

protocol based on

UPD, does not

require upgrade of

the NAT device.

The extensibility

is the best.

A new protocol is

extended on the

proxy.

Networking

application

This mode is

applicable to

residential and

enterprise

networks of not

too large scale.

This mode is

applicable to

residential

network, enterprise

network, and

gateway,

depending on the

efficiency of the

NAT device.

This mode is

applicable to

residential network

and enterprise

network.

This mode is

applicable to

residential

network and

enterprise

network.

This mode is

applicable to

residential

network,

enterprise

network, gateway,

and other NGN

networking

applications. The

flexibility is the

highest.

Current

device

alteration

The NAT device

needs to be

upgraded. The

development

cost is high.

The NAT device

needs to be

upgraded to

support the

MIDCOM

protocol. The call

agent supports the

MIDCOM

protocol.

The STUN server

needs to be

provided.

Meanwhile, the

terminal needs to

support the STUN

client function.

The TURN server

needs to be

provided.

Meanwhile, the

terminal needs to

support the TURN

client function.

Only the Full

Proxy device

needs to be

provided. Other

devices do not

need to be altered.

Security Relatively high High Low Low Highest

QoS Unguaranteed Guaranteed Unguaranteed Unguaranteed Guaranteed





According to the preceding introduction and comparison, Full Proxy and MIDCOM are

recommended. Other solutions are used according to the actual situation.

Having no need to alter the current network devices, the Full Proxy mode features strong

adaptability and flexible networking and can meet the requirements of diversified

networking and user access at the initial stage of NGN. In addition, it can solve the NAT

problems, greatly extend the functions, and implement the QoS and security of session

service at the access layer. Therefore, the user access platform of the NGN can be

developed.

The MIDCOM mode has strong extensibility. Once the NAT/FW device supports the

MIDCOM protocol, the MIDCOM agent can be embedded in the softswitch. The

NAT/FW traversal problem of NGN service can be solved. The softswitch itself parses

and processes users' call protocol packets and can deliver the call QoS and security

information dynamically. The Middle box (NAT/FW) device at the lower layer takes

necessary measures based on the information.

2.3 Routing Planning

2.3.1 Inter-Domain Service Planning

If an inter-domain MPLS VPN needs to be constituted (it seldom occurs), because Layer 3

MPLS VPN routes are carried using BGP, the inter-domain problem can be solved in the

following three modes:

VRF-to-VRF mode

EBGP mode

Multi-hop BGP mode

VRF-to-VRF

The VRF-to-VRF mode is the basic BGP/MPLS IP VPN application in the inter-AS scenario,

without requiring additional configurations. In this mode, ASBRs of two ASs are directly

connected and function as the PEs in their respective ASs. Either of the two ASBRs regards

the peer ASBR as its CE and advertises IPv4 routes to each other using EBGP, as shown in

Figure 2-5.





Figure 2-5 ASBRs managing VPN routes in VRF-to-VRF mode

In Figure 2-5, ASBR-PE1 in AS 100 and ASBR-PE2 in AS 200 are one CE of each other.

The inter-AS VPN in VRF-to-VRF mode is easy to implement. The two ASBR PEs do not

need to be specially configured to implement inter-AS VPN.

The disadvantage is poor scalability. The ASBRs functioning as PEs need to manage all the

VPN routes and create a VRF for each VPN. This may result in a large number of VPN-IPv4

routes on PEs. In addition, as common IP forwarding is performed between the ASBRs, each

inter-AS VPN requires different interfaces, which can be sub-interfaces, physical interfaces,

and bound logical interfaces. Therefore, this mode poses high requirements for PEs.

The inter-AS VPN in VRF-to-VRF mode requires VPNs to be configured, without requiring

additional configurations for the inter-AS.

Advertising Labeled VPN-IPv4 Routes Between ASBRs Using MP-EBGP

In this mode, two ASBRs exchange labeled VPN-IPv4 routes that they receive from PE

routers in their respective ASs through MP-EBGP. ASBRs need to process labeled VPN-IPv4

routes. Therefore, this mode is also called ASBR extension mode, as shown in Figure 2-6.





Figure 2-6 Advertising labeled VPN-IPv4 routes between ASBRs using MP-EBGP

The route advertisement process is as follows:

a. The PE in AS1 advertises labeled VPN-IPv4 routes to the edge router PE in AS1 or the

route reflector (RR) which reflects routes for ASBR PE using MP-IBGP.

b. The PE functioning as the ASBR advertises labeled VPN-IPv4 routes to the PE in AS2

(that is, the edge router in AS2) using MP-IBGP.

c. The ASBR PE in AS2 advertises labeled VPN-IPv4 routes to the PE in AS2 or the RR

which reflects routes for PE using MP-IBGP.

When the MP-EBGP mode is used, note the following:

ASBRs do not filter the VPN-IPv4 routes received from each other based on VPN targets.

Therefore, the SPs in different ASs that exchange VPN-IPv4 routes must reach a trust

agreement on route exchange.

VPN-IPv4 routes are exchanged only between VPN peers. A VPN cannot exchange

VPN-IPv4 routes with public networks or MP-EBGP peers with whom there is no trust

agreement.

In terms of extensibility, distributing labeled VPN-IPv4 routes in MP-IBGP mode is superior

to inter-ASBR VPN management through sub-interfaces.

PEs Advertising Labeled VPN-IPv4 Routes Using Multi-hop MP-EBGP

The preceding two modes can satisfy networking requirements of the inter-AS VPN. ASBRs,

however, need to maintain and distribute VPN-IPv4 routes. When each AS needs to exchange

a large number of VPN routes, ASBRs may hinder network extension.

One solution to the problem is that PEs directly exchange VPN-IPv4 routes with each other

and ASBRs do not maintain or advertise VPN-IPv4 routes.





2.3.2 Routing Design

Routing Design Principles

Routing design is important to IP WANs and will directly affect the reliability and security of

WANs. The routing design should abide by the following principles:

Avoid route flapping in the entire network caused by partial route changes.

Balance network traffic in the entire network through routing design.

Avoid the situation where routes in an AS cannot be sent to other ASs and devices in the

AS cannot receive external routes.

Minimize the number of routes and take into account the transmission distance.

Implement fast convergence to find and respond to faults quickly so that the system

recovers from faults as soon as possible to avoid routing blackholes and routing loops.

Adopt the GR-enabled routing protocols.

Detailed Routing Design

All routers in a private network are located in a domain. The IS-IS or OSPF routing

protocol is used as an IGP. For flat routing design, IS-IS adopts the level-based mode,

while OSPF adopts the area-based mode.

BGP-4 is used as the inter-domain routing protocol of the private network. The AS

number is independent. At the border of an AS, routing transmitting, receiving,

summarizing, and attribute modification are controlled through EBGP.

Level-1 RR design is adopted to ensure that the number of BGP peers on each RR is less

than 100. When there are many clients, an independent router can be used as the RR. At

least two RRs are configured to avoid single-point faults. Clients are dual-homed to at

least two RRs.

The routes for router management address and link address are carried over IGP, while

the routes for private line users, 3G/NGN device address, and address pool are carried

over BGP.

MBGP is used in a VPN. The RR configuration principles for a VPN are the same as

those for the public network where BGP is used.

BGP or OSPF can be selected as the routing protocol between a PE and a CE in a VPN

based on the network size. In terms of security, the static routing protocol is

recommended.

The routing protocol supports MD5 authentication to ensure the security of the routing

protocol.

2.4 Reliability Planning for IP Layer

A stable and reliable network system is crucial to the normal operation of application systems.

Therefore, during network design, select highly reliable network products that have been

commercialized in a large scale, properly design network architecture, and develop reliable

network backup strategies to ensure the self-healing ability of the network and to support the

normal operation of the system to the most extent. The devices at the IP layer must achieve

99.999% reliability.

Huawei takes the lead in providing the end-to-end millisecond-level switchover scheme in the

industry, to meet the requirement for the reliability of carried telecom services (50 ms to 500





ms), to ensure the extensibility and feasibility of standard technologies, to reduce the

operation and maintenance cost, and to ensure the service operation effect.

2.4.1 Fault Detection Techniques

The traditional fault detection technique detects faults by monitoring the device interface

status. This detection technique can detect only physical faults and depends on Keepalive or

Hello packets sent by upper-layer routing protocols to detect faults such as forwarding engine

faults and unidirectional link faults.

Therefore, this fault detection mechanism requires a long time, uses a lot of resources, and is

not applicable to scenarios where different protocols are running.

To speed up fault detection and improve fault detection efficiency at the IP/MPLS layer, a

mechanism that can detect faults rapidly and support various protocols is required. MPLS

OAM and BFD are such mechanisms.

BFD

BFD is an interactive detection mechanism that rapidly detects communication faults between

systems and reports the detected faults to upper-layer applications.

BFD has the following functions:

Provides low-overhead, short-duration detection of faults in the path between adjacent

forwarding engines. These faults include interface faults, data link faults, and forwarding

engine faults. The BFD detection time is usually within 50 ms.

Provides a single mechanism for fault detection over any media and at any protocol layer

to implement BFD for Everything, such as BFD for IS-IS, OSPF, BGP, LSP, and TE.

With the preceding functions, BFD has been widely used to detect link faults and protocol

faults.

MPLS OAM

MPLS OAM is a rapid detection mechanism that checks MPLS LSP connectivity by allowing

nodes along an LSP to exchange OAM packets.

MPLS OAM provides the following functions, independent of upper-layer or lower-layer

protocols:

Detects, identifies, and locates MPLS user-plane faults efficiently.

Evaluates network usage and performance.

Performs protection switching in the event of a link defect or fault to provide services

according to the Service Level Agreements (SLAs).

For more information about MPLS OAM, see ITU-T Recommendation Y.1710 and Y.1711.





2.4.2 Network Protection Techniques

On IP/MPLS networks, various network protection techniques are used to rectify faults:

Redundancy backup of main control boards, hot swap of boards, and GR, which ensure

device reliability

Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol

(GLBP), which improve node reliability

IGP fast route convergence and TE FRR, which ensure path availability

VPN FRR, which ensures PE reliability

The following are common network protection techniques.

IGP Fast Convergence

IGP fast convergence speeds up IGP route recalculation and convergence when a network

fault occurs. IGP fast convergence provides the following features:

Incremental SPF (I-SPF): calculates only the changed routes but not all routes each time.

Partial route calculation (PRC): calculates only the changed routes. It does not calculate

the shortest path but updates leaf routes based on the shortest path tree (SPT) calculated

by I-SPF.

LSP fast flooding: When a router receives one or more new LSPs, it floods out the LSPs

with a number smaller than the specified number before calculating routes. This

accelerates LSDB synchronization and network convergence.

Intelligent timer: adjusts the delay based on the route change frequency. This ensures fast

route convergence, without affecting router performance. Intelligent timers include the

SPF intelligent timer and LSP generation intelligent timer.

IP FRR

On legacy IP networks, it takes the routing system several seconds to complete route

convergence after a fault is detected. This convergence speed cannot meet requirements of the

services that are sensitive to packet delay and packet loss. For example, Voice over Internet

Protocol (VoIP) services are tolerant of millisecond-level interruption.

IP FRR allows the forwarding system to rapidly detect faults and take measures to restore

services as soon as possible. The IP FRR implementation principles are as follows:

When the primary link is available, you can configure IP FRR by using a routing policy

to provide the backup route information for the forwarding engine.

When the forwarding engine finds that the primary link fails, it uses the backup link to

forward traffic before the routes converge on the control plane.

IGP Auto FRR

In IP FRR, the backup next hop needs to be manually configured, which is complex and prone

to network loops if network planning is improper. IGP Auto FRR overcomes the preceding

problem.

IGP Auto FRR is a technique that allows routing protocols to generate the backup next hop

using routing algorithms according to the link status. This technique does not require manual

intervention, which reduces maintenance costs.





BGP FRR

IGP/LDP FRR can rapidly switch traffic to another link when a link fault occurs. However,

when a fault occurs on a BGP node, routes need to converge on the BGP control plane and

then be delivered to the forwarding table. The route convergence time may reach the second

level. The BGP indirect next hop technique speeds up route convergence on the control plane,

but it still cannot ensure carrier-class reliability.

In BGP FRR, the LDP label or BGP label of a sub-optimal route is installed into the

forwarding table as a backup routing entry. When a rapid fault detection mechanism such as

BFD detects that the optimal route becomes unavailable, services are switched to the backup

route. This implements fast service switchover.

LDP FRR

With LDP FRR, the fast convergence of the LDP LSP can be achieved. LDP FRR means that

the device takes the optimal route of the LDP as the forwarding entry as well as takes the

secondary optimal route of the LDP as the backup path and puts it in the forwarding table.

When a fault occurs on the optimal next top, the device directly uses the backup path/label for

forwarding.

Through BFD, the connection to the optimal next top can be rapidly detected and the

convergence speed of 50 ms can be achieved.

There are some restrictions on the use of the LDP FRR convergence technology. For example,

in a ring network, the sub-optimal next hop may send packets back to the node, which causes

a forwarding loop.

Compared with the FRR protection technology for RSVP TE, the LDP ERR protection is

based on single points and end-to-end protection is not required.

MPLS TE FRR

MPLS TE FRR protects links and nodes in MPLS TE. When an LSP link or a node fails,

traffic can be forwarded along the tunnel of the protected link or protected node. This ensures

uninterrupted traffic forwarding. In addition, the ingress can continue re-establishing the

primary path without affecting data transmission.

In MPLS TE FRR, an LSP is established to protect one or more LSPs. This LSP is called the

FRR LSP and the protected LSP is called the primary LSP. When a link or node fails, MPLS

TE FRR uses the FRR LSP to transmit traffic; therefore, the primary LSP is protected. All the

nodes in the MPLS TE system need to participate in the establishment of the FRR LSP and

primary LSP.

MPLS TE FRR is implemented based on RSVP TE and complies with RFC 4090.

VPN FRR

MPLS TE FRR protects services in the case of a link or node failure between two PEs at both

ends of a TE tunnel; however, MPLS TE FRR cannot protect services in the case of a PE

failure.

Once a PE fails, services can only be restored by means of end-to-end route convergence and

LSP convergence. The service convergence time depends on the quantities of MPLS VPN

routes and hops on a network. The convergence time is usually 5s on a typical network, which

is longer than 1s required for end-to-end service convergence.





VPN FRR solves the preceding problem. In VPN FRR, primary and backup forwarding

entries with the primary PE and backup PE as their respective destinations are preconfigured

on the remote PE. Rapid PE failure detection is also used so that the end-to-end service

convergence is within 1s on an MPLS VPN where a CE is dual homed to two PEs. The

recovery time is independent of the quantity of VPN routes.

2.5 Reliability Planning for Optical Transport Layer

The reliability planning for WANs refers to the reliability planning for the IP network.

Because the transport network at the bottom layer is the operator's network, enterprise users

do not need to consider its reliability.

However, some large or super-sized enterprises may build their own optical transport

networks. In this case, the reliability of the IP network needs to be considered in addition to

the reliability of the optical transport network.

The optical layer is a low-layer physical network of the service and data networks. If the

optical layer is unreliable, the service and data networks cannot operate properly. Therefore,

the optical layer uses various protection measures to ensure high reliability.

Protection measures at the optical layer include equipment-level protection measures and

network-level protection measures. Equipment-level protection includes SCC 1+1 protection,

cross-connect board 1+1 protection, DC input protection, centralized power protection, fan

redundancy protection, and subrack communication protection. The equipment-level

protection measures are not described in this document.

Network-level protection refers to the protection on all devices and links on the entire

network, including:

Optical line protection

Optical channel protection

Subnet connection protection

ASON protection

2.5.1 Optical Line Protection

Optical line protection uses the dual fed and selective receiving function of OLP boards and

diverse routes to protect the fibers between adjacent stations.

Each optical line uses two pairs of fibers. One pair functions as the working path to transmit

service signals. The other pair functions as the protection path to transmit service signals

when a fiber break occurs on the working path or signal attenuation is too large. Figure 2-7

shows the diagram of optical line protection.





Figure 2-7 Optical line protection

Working signals

Protection signals

2.5.2 Optical Channel Protection

Optical channel protection includes client 1+1 protection and intra-board 1+1 protection.

Client 1+1 Protection

Client 1+1 protection uses the dual fed and selective receiving function of OLP/DCP boards

or the dual fed and dual receiving function of SCS boards to protect OTUs and OCh fibers. A

working wavelength and a protection wavelength are transmitted in two different routes to

protect OTUs.

When the SCS board is used on a device, the device opens the client-side laser of the working

OTU and closes the client-side laser of the backup OUT. When the working OTU detects an

SF or SD alarm, it reports the SF or SD alarm to the SCC board. The SCC board then closes

the client-side laser of the working OTU and opens the client-side laser of the backup OTU. A

switchover is completed.

When the OLP or DCP board is used on a device, the device opens the client-side laser of both

the working OTU and backup OTU. When the working OTU detects an SF or SD alarm, it

reports the SF or SD alarm to the SCC board. The SCC board then closes the client-side laser of

the working OTU. So the R_LOS alarm occurs on the OLP and the OLP performs switching.

Figure 2-8 Client 1+1 protection

Working signals

Protection signals





Intra-Board 1+1 Protection

Intra-board 1+1 protection uses the dual fed and selective receiving function of OTU, OLP, or

DCP boards and diverse routes to protect services. This protection measure is applicable to

chain networks and ring networks and uses the single-ended switching mode.

On a chain network, intra-board 1+1 protection provides diverse routes between adjacent

stations the same way as optical line protection. On a ring network, intra-board 1+1 protection

uses the diverse routes to protect services. Services are transmitted in the clockwise or

counter-clockwise direction on the ring, and finally reach the destination node.

Intra-board 1+1 protection is implemented in the following ways:

Uses the OTU with the dual fed and selective receiving function to protect services, as

shown in Figure 2-9.

Uses the OLP or DCP board with the dual fed and selective receiving function to protect

services. The network diagram is the same as Figure 2-9.

Figure 2-9 Intra-board 1+1 protection

Working signals

Protection signals

2.5.3 Subnetwork Connection Protection

Subnetwork connection protection (SNCP) predefines a dedicated protection route for a

subnet. If a fault occurs on the subnet, the protection route replaces the subnet to transmit

traffic.

SNCP protects channels without using the APS protocol. It sets up a two-fiber path protection

ring on a ring network. SNCP is applicable to various complex network topologies and

provides fast service switching.

SNCP includes sub-wavelength (SW) SNCP, ODUk SNCP, VLAN SNCP, tributary SNCP,

and master slave (MS) SNCP. This document uses ODUk SNMP as an example. For the other

types of SNCP, see the OptiX OSN 6800 documents.

ODUk SNCP protection uses the dual fed and selective receiving function of the

cross-connections at the electrical layer to protect line boards and OCh fibers. It protects

inter-subnet services without using any protocol. ODUk SNCP is applicable to various

networks. Figure 2-10 shows the working process of ODUk SNCP.

In the transmit direction, services to be protected are input through the tributary board.

They are transmitted to the working line board and backup line board by using working

signals and protection signals. The working signals and protection signals are transmitted

in the working channel and the protection channel respectively.





In the receive direction, only the cross connection corresponding to the working line

board is valid and the cross connection corresponding to the backup line board is

disconnected. When the working channel is faulty, the line board reports an alarm to

trigger an SF or SD alarm. After detecting the SF or SD alarm, the main control board

disconnects the cross connection corresponding to the working line board and enables

the cross connection corresponding to the backup line board. Service signals are

transmitted over the protection channel.

After the working channel is recovered, service signals are switched back to the cross

connection corresponding to the specified line board.

Figure 2-10 ODUk SNCP protection

Working signals

Protection signals





2.5.4 ASON Protection

On legacy networks, wavelength division multiplexing (WDM) devices were the replacement

for fibers. In recent years, they have been used to transmit user's services. The devices must

be easy to operate and manage. The legacy networks have the following problems:

Service configuration procedures are complex, and it takes a long time to expand

capacity or launch services.

Bandwidth use is inefficient because about 50% bandwidth must be reserved on the ring

network.

Only a few protection measures are provided, so network self-healing capability is poor.

Automatically Switched Optical Network (ASON), also called intelligent optical transport

network, is used to solve the preceding problems. ASON uses GMPLS-UNIs and a control

plane on transport networks to enhance the network connection management and fault

recovery capabilities of optical transport devices. It supports end-to-end service configuration

and multiple service restoration methods.

Compared with WDM, ASON has the following advantages:

Computes routes using optical parameters and discards the routes that do not match the

optical parameters.

Adjusts wavelength during rerouting, eliminating wavelength conflicts.

Allocates wavelength for new services automatically.

Supports automatic configurations for end-to-end services.

Discovers topology automatically.

Protects the mesh network to enhance network availability.

Assigns protection priorities to services according to the priorities of the client-layer

signals.

Uses traffic engineering to dynamically adjust network topology according to users'

service requirements. This implements optimal network resource allocation.

The following sections describe the transport layer protection mechanisms based on ASON.

Mesh Networking

Mesh networking is a widely used networking type of ASON, and is flexible and easy to

extend. Compared with WDM networking, mesh networking supports more recovery paths,

which improve network security and reduce network resource waste.

In addition to the traditional protection measures (such as 1+1 protection) and shared

protection measures, the mesh networking can also use the rerouting mechanism to protect

services. Using all the preceding measures, the mesh networking is capable of restoring

services in any situations.

As shown in Figure 2-11, if the link between device C and device G is interrupted, a route

from device D to device H is generated. Services are restored through a newly generated LSP.





Figure 2-11 Service protection and restoration using the mesh networking

Dynamic Rerouting

Rerouting recovers services when network faults occur. In non-revertive mode, the first node

on an interrupted LSP calculates the optimal path, and then sets up a new LSP using signaling

messages. Services are transmitted over the new LSP. The interrupted LSP is deleted after the

new LSP takes effect.

Rerouting, as a key technology of GMPLS/ASON, protects services without a waste of

resources. It is also a revolutionary improvement for traditional protection measures.

Rerouting protects services even if fibers are interrupted frequently.

As shown in Figure 2-12, an LSP passes devices A, D, G, and K. When the link between

devices D and G is interrupted, the rerouting process is as follows:

The FIU (for optical layer) or OUT (for electrical layer) of device D detects an alarm,

and then reports the alarm to the GMPLS module.

The GMPLS module on device D checks the affected intelligent services and sends a

Notify message to device A.

After receiving the Notify message, the GMPLS module of device A calculates an

end-to-end protection path and sends a PATH message along the new path. A reverse

cross-connected path destined for device K is set up.

After receiving the PATH message, the GMPLS module of device K returns a RESV

message along the new path to set up a cross-connected path destined for device A.

After receiving the RESV message, device A enables the alarm function and sends a

PATH message to request the downstream devices to enable the alarm function. The

downstream devices enable the alarm function for the new path.

After all devices on the LSP enable the alarm function, the old LSP is deleted if the

non-revertive mode is used. The rerouting process is complete.





Figure 2-12 Rerouting diagram

Preset Protection Path

Preset protection paths ensure high reliability for services. When a path fails, the GMPLS and

ASON networks restore services using the preset protection path. The service paths on the

networks are controllable. If services cannot be restored, a new route is calculated.

To ensure that routes are controllable after fibers are disconnected multiple times, the ASON

allows more than one preset protection path for an end-to-end route (at the optical layer or

electrical layer). An LSP can have two preset protection paths and the paths have their own

priorities.

Resource Sharing on Working/Protection Paths

Resource sharing on the working and protection paths provides restoration resources as many

as possible. Figure 2-13 shows a tangent ring network where resource sharing is used.

The blue and red real lines indicate the working and protection paths. When link 1 and link 2

are broken, the working and protection paths are invalid. If the working and protection paths

cannot share resources, services will not be restored. If the paths can share resources, some

links on the paths form a complete backup path. The green broken lines in the figure indicate

the backup path. If link 3 is broken, the path represented by purple lines is formed.

A

B

D

C

E

F

G

H

K

Notify

PATH

PATH

PATH





Figure 2-13 Resource sharing on working and protection paths

Service Association

Two LSPs are associated. When an LSP is performing rerouting or optimization, this LSP is

separated from the other one. The two LSPs do not overlap each other. Service association is

applicable to the services having two access points (dual homing).

As shown in Figure 2-14, the two LSPs D-E-I and A-B-G-H are associated. If the link

between devices B and G is broken, the LSP A-B-G-H performs rerouting and the LSP D-E-I

is not affected.

Figure 2-14 Service association

SLA for Differentiated Services

WDM/OTN-based GMPLS and ASON provide protection services of different levels,

including Diamond, Silver, and Bronze. Users pay different fees for different service levels.

Table 2-2 lists the service levels.





Table 2-2 Service levels

Service Level Protection and Recovery

Implementation Switchover Time

Diamond Protection and

recovery

Intra-board 1+1 protection,

ODUk SNCP, SW SNCP,

rerouting

Shorter than 50 ms

Silver Recovery Rerouting -

Bronze No protection, no

recovery

- -

2. Diamond service

Diamond service has the best protection ability. When there are enough resources on the

network, diamond service provides permanent 1+1 protection for paths such as ODUk paths.

Diamond services are applicable to voice and data services, VIP private line, such as banking,

security, and aviation.

A diamond service provides 1+1 protection from the source node to the sink node. It is also

called a 1+1 service. There are two LSPs available between the source node and the sink node.

The two LSPs are separated. One is the working LSP and the other is the protection LSP. The

same service is transmitted to the working LSP and the protection LSP at the same time.

When the working LSP is normal, the sink node receives services from the working LSP;

otherwise, the working LSP receives services from the protection LSP.

Figure 2-15 shows the network diagram of diamond service.

Figure 2-15 Diamond service

The diamond service uses the following rerouting policies:

Permanent 1+1 protection: triggers rerouting once an LSP fails.

Rerouting 1+1 protection: triggers rerouting only when the two LSPs fail.

No rerouting: does not trigger rerouting no matter whether LSPs fail.





3. Silver service

Silver services include WDM ASON OCh paths, ODUk paths and Client paths. The recovery

time is several seconds. The silver service is suitable for the delay-insensitive services such as

data service and residential Internet service.

Silver service provides connections from the source node to the sink node with the rerouting

protection. It is also called rerouting services. If an LSP fails, rerouting is repeatedly initiated

to restore services until rerouting is successful. The silver service computes protection paths

without a reservation of resources. Hence, the bandwidth utilization is high. However, if

network resources are insufficient, services may be interrupted.

As shown in Figure 2-16, the silver service is provided for the path A-B-G-H-I. If the link

between devices B and G is broken, device A initiates rerouting to create a new path.

Figure 2-16 Silver service

4. Bronze service

The bronze services are seldom used. Generally, temporary services, such as the abrupt

services in holidays, use the bronze service. The paths of bronze service include OCh paths,

ODUk paths, and Client paths.

The bronze service means no protection. If an LSP fails, rerouting is not triggered and

services are interrupted.

----End





2.6 IP&OTN Protection Synergy

A fault on the WAN or backbone network affects thousands of enterprises' services, which

lowers these enterprises' production efficiency and delays their response to market changes.

Therefore, reliability of the WAN and backbone network is important to enterprises' business

and competitiveness.

Although both the IP layer and transport layer have many protection mechanisms,

mechanisms may not collaborate well with each other. For example, some protection

mechanisms fail to function together or some protection mechanisms repeat each other,

resulting in a waste of resources and service quality degrade.

Protection synergy uses the protection mechanisms on both the IP layer and transport layer

according to requirements of the WAN and backbone network. The major protection features

include static SRLG, dynamic SRLG, intelligent control plane synergy, and layered protection

synergy.

2.6.1 Multi-Layer Network Planning Tool

Legacy WAN and backbone network are planned layer by layer, wasting network resources

and making QoS and reliability complex. When the network is large, concurrent designs are

very difficult.

Unlike layer-by-layer network planning tools, a multi-layer network planning tool improves

resource utilization and network reliability by planning the IP layer and transport layer

together. This tool has the following advantages:

Allocates bandwidth for the two layers based on traffic volume so that traffic is loaded

evenly, improving utilization of network resources.

Isolates faults on the IP layer and transport layer to prevent a fault from triggering

repeated protection at the two layers. This ensures effective protection and improves

network reliability, laying a foundation for intelligent synergy between the IP layer and

transport layer of a backbone network.

2.6.2 SRLG

An SRLG is a group of links with the same reliability risks. For example, multiple links on a

router involve the same transport path. If the transport path fails, both the working and

protection links on the router will also fail. To prevent this problem, links in the same SRLG

are not assigned to a pair of working and protection paths during path computation. This

improves reliability on the IP layer because a link failure will not cause both the working and

protection paths to fail.

Static SRLG

Static SRLG requires the IP network administrators to manually configure SRLG information

on routers after confirming the information with the transport network administrators.

Static SRLG is easy to implement and does not require configuration of other parameters.

However, static SRLG has the following disadvantages:

The administrators of the IP network and transport network have to exchange and

configure a large amount of detailed information, which is labor-consuming and prone to

errors.





When links on the transport layer are re-planned or adjusted, the transport network

administrators must notify the IP network administrators, and the IP network

administrators modify configurations on the IP layer.

If the GMPLS ASON technology is used at the transport layer, the transport paths may

change automatically. The IP network administrators cannot be notified of the changes in

real time.

Dynamic SRLG

Huawei presents the dynamic SRLG solution to overcome problems of static SRLG.

Transport devices transfer SRLG information to routers through extended GMPLS-UNIs

between them. Dynamic SRLG has the following advantages:

The SRLG information is transmitted from the transport layer to the IP layer

automatically and no manual operation is required, reducing workload in maintenance

and preventing configuration errors.

Transport devices update SRLG information when transport links are adjusted, saving

network administrators' workload in modifying configurations.

When the GMPLS ASON re-computes routes, transport devices notify routers of SRLG

information update.

Transport devices send SRLG information to routers, including information specific to each

layer such as OTN layer, optical layer, and fiber layer. Each router calculates and updates

links on the working and protection paths according to the SRLG information received from

the transport layer to ensure that the working and protection paths do not contain links in the

same SRLG. Figure 2-17 shows dynamic SRLG implementation.

Figure 2-17 Dynamic SRLG

2.6.3 Control Plane Intelligent Synergy

The control plane is not involved in static synergy, but it plays an important role in dynamic

synergy. The key technologies used on the control plane are GMPLS-UNI, and PCE.

IP/MPLS

WDM/lambda

Fiber

OTN/sub-

lambda

F-S1

F-S2

F-S3

F-S4

L-S1

L-S2 L-S3

L-S4

L-S5

O-S1

O-S2

O-S3O-S4

O-S5O-S6

O-S4

L-S4

F-S1 F-S3 F-S4

GMPLS-UNI extension

SRLG: O-S4, L-S4, F-S1, F-S3, F-S4





GMPLS-UNI

The GMPLS-UNI technology defined by the IETF is a key technology to enhance information

exchange between the IP layer and transport layer. Routers on the IP layer send messages to

request transport devices to set up or delete paths through GMPLS-UNIs.

After a router sets up a link, it sends GMPLS-UNI signaling messages to notify transport

devices of the source node, destination node, and attributes (such as bandwidth and protection

attributes) of the link. Transport devices then set up a transport path according to the link

information.

PCE

On a large network, constraint-based path computation is complex, and devices participating

in path computation must have high calculation capabilities. If distributed path computation is

performed on the network, each node must have high calculation capabilities, causing high

costs on network construction. If the network is divided into multiple domains, the topology

of each domain is hidden to other domains. Therefore, devices on the network must cooperate

to compute the optimal end-to-end path.

The PCE technology is used to solve the path computation problem. A PCE has high path

computation capabilities and is deployed on a network device or an external server. A PCE is

responsible for path computation in a domain. All path computation requests in a domain are

sent to the PCE in this domain. After completing path computation, the PCE sends the

computation result to the path computation clients (PCCs) that sent the path computation

requests. PCEs in multiple domains work together to compute the optimal path.

2.6.4 Layered Protection Synergy

The IP&OTN synergy solution provides layered protection for each layer by using the

protection mechanisms on both the IP layer and transport layer. This solution provides the

following protection modes:

TE FRR&ASON diamond 1+1 protection

TE FRR&ASON silver reroute protection

TE hot standby&optical line 1+1 protection

TE FRR&ASON Diamond 1+1 Protection

This protection mode is applicable to networks that have sufficient optical lines and IP links

and require high reliability.

TE FRR is used at the IP/MPLS layer to protect key paths, and ASON diamond 1+1

protection is used at the transport layer. TE FRR&ASON diamond 1+1 protection prevents

service interruption caused by link and node failures at the IP layer and transport layer. In

addition, this protection mode protects services against multiple fiber break events.

TE FRR&ASON Silver Reroute Protection

This protection mode is applicable to networks that have sufficient optical lines and require

high reliability.

TE FRR is used at the IP/MPLS layer to protect key paths, and ASON silver 1+1 protection is

used at the transport layer. When WDM fibers at the transport layer fail, TE FRR triggers

protection switching at the IP/MPLS layer to switch traffic to the bypass tunnel. After a new

path is selected at the transport layer using silver reroute, traffic is switched back to the





primary tunnel. During the switching process, routers use the make-before-break technique to

prevent packet loss.

TE Hot Standby and Optical Line 1+1 Protection

This protection mode is applicable to networks that require medium reliability and do not

have sufficient optical lines or IP links. It only protects services against fiber faults between

sites but cannot protect services against failure in the entire transport board or site. In addition,

this protection mode can withstand only one fiber break event.

TE hot standby is used at the IP/MPLS layer to protect end-to-end paths, and optical line 1+1

protection is used at the transport layer. When a WDM fiber fails, optical line 1+1 protection

is triggered to switch traffic to the backup fiber.

2.7 QoS Planning

2.7.1 Basic QoS Planning

To plan and design the QoS of the entire network, plan services, reserve resources, and

perform call admission control (CAC).

Service Planning

Determine the bandwidths required by a variety of services carried on WANs to obtain the

service traffic model and traffic bandwidth. Properly plan traffic and implement traffic

engineering to ensure that congestion will not occur on some links due to too much traffic and

to improve the utilization of the links on the entire network.

Data for bandwidths required by services is obtained from the live network evaluation and

service and traffic analysis.

Resource Reservation

Based on service planning and traffic model, reserve resources for services. For some WANs

with high QoS requirements, use real-time data collection and analysis devices such as

Huawei NetStream to adjust resource reservation in real time and optimize the network. There

are two methods for reserving resources: IP/MPLS DiffServ and MPLS TE.

IP/MPLS DiffServ

IP/MPLS DiffServ is popular and its application is mature. It is a QoS guarantee

mechanism based on the statistical model.

Before deployment of the IP/MPLS DiffServ scheme, an analysis on the network traffic

model must be conducted to analyze the traffic directions of different network services

and provide the basis for QoS deployment. Then, there must be the SLA measurement

mechanism. Huawei HWping solution can provide the measurement data of delay, jitter,

and packet loss rate based on services, providing technical support for QoS

redeployment.

MPLS TE

MPLS TE is a more advanced method, which needs the implementation of MPLS VPN

and MPLS TE in the entire network. Different services are encapsulated in different

VPNs and different VPNs are mapped into different MPLS TE tunnels, providing high

QoS similar to that of the private network.





Because TE tunnels are end-to-end connection-oriented, there is a lot of work for

deployment and maintenance if MPLS TE tunnels are deployed in a large scale. It is

recommended to use the flexible mapping between VPNs and MPLS TE tunnels as well

as hierarchical TE to improve network flexibility and significantly reduce the workload

for implementation, configuration, and maintenance.

CAC

If a highly reliable IP WAN needs to carry real-time service, CAC must be configured. The

traditional IP network is a best-effort network, without limiting the number of services. As a

result, too many services are accessed and all service resources cannot be guaranteed.

An IP WAN inherits the thought of the traditional TDM telecom network. By refusing

excessive service call requests, the IP WAN can avoid overuse of resources and ensure the

resources and QoS for established service connections. Only a multi-service IP network with

the CAC mechanism can meet the requirements of a highly reliable WAN.

At present, the mainstream multi-service IP network achieves the CAC function through the

service system such as a softswitch. In the future, fixed mobile convergence (FMC) is an

inevitable trend and the IP multimedia subsystem (IMS) architecture is the network

development direction. In the IMS network age, the integrated CAC function will be achieved

by the control layer.

2.7.2 HQoS Planning

HQoS of Individual Services

You need to schedule different services (HSI, VoIP, VoD, and BTV) based on their priorities.

To schedule the triple-play service, you do not need to configure HQoS but only need to

configure Diff-Serv QoS on AGGs. You can implement HQoS based on the following items:

Based on user and service

The CIR or PIR can be configured based on different home users and services on the

same interface. Priority scheduling and bandwidth guarantee/control are performed

between services; QinQ needs to be configured, that is, the S-VLAN and C-VLAN tags

are used to identify services and users.

Based on service

The CIR or PIR is configured for different user services on the same interface and the

services are scheduled based on priorities. Only the S-VLAN tag needs to be identified.

HQoS of Enterprise Services

For enterprise VPN services, HQoS can be applied in the following modes:

User level

When CIRs/PIRs are configured for different enterprise users on the same port, user

service types are not distinguished. Users are distinguished in VLAN or QinQ mode.

− In VLAN mode, different sites of the same enterprise use different VLAN IDs and

the sites of different enterprises also use different VLAN IDs.

− In QinQ mode, the outer VLAN IDs of the same enterprise are the same and the inner

VLAN IDs identify the sites. The outer VLAN IDs of different enterprises must be

different and the VLAN ID identifying the site can be the same.





User + service level

When CIRs or PIRs are configured for different enterprise users on the same port and

different services (they can be divided into eight levels) of a user, priority scheduling and

bandwidth assurance/control can be conducted among different services.

User group + user + service level

When CIRs or PIRs are configured for different enterprise users and different services of

a user, multiple enterprise users on the same port constitute a user group for bandwidth

assurance and control.

2.7.3 Huawei QoS Solution

Figure 2-18 shows Huawei MAN QoS solution.

Figure 2-18 Huawei MAN QoS solution

Huawei MAN QoS solution adopts the Diff-Serv model. In a network with limited resources,

Huawei MAN QoS solution can provide quality assurance through appropriate traffic

classification and priority processing.

The Diff-Serv model aims to improve QoS extensibility and simplify the implementation.

Therefore, the Diff-Serv model does not require the absolute quality assurance, but fully

considers the features of IP networks and adopts the convergence traffic processing mode

based on traffic classification.

The DiffServ model completes the following functions:

Packet classification

Packet marking (coloring)

Congestion management

RP

R/R

RP

P

10G

E R

PR

/RR

PP

IP/MPLS

Backbone

ISP/ICP

Diff-Serv QoS in ME Diff-Serv QoS & TE in Core

DSLAM

CPE

AG

DSLAM

CPE

AG

UPE

UPE

PE-AGG

PE-

AGG-a

MSCG

NPE-VPN

NPE-Tel

DHCP VoD SBC

Priority marking on

UPE or DSLAM

Limit #subs per ring:

10K subs per 10G

1K subs per 1G

Deploy VoD ES at PoP

Deploy CAC for VoD

PE-AGG-a polices traffic

of each service

Priority re-marking

on NPE (optional)





Congestion avoidance

Traffic adjustment, including traffic policing and traffic shaping

Mapping between CoS of Ethernet frames and EXP of MPLS packets

2.8 Security Planning

As the enterprise service transmission network, the WAN needs to carry the VPN service,

Internet access service, and other services. As a result, security risks are introduced inevitably.

Therefore, proper security measures must be taken to protect the security of various important

value-added services.

In terms of network security, the physical security of devices, as well as the configuration

security and anti-attack capability of devices, must be ensured. For a multi-service

transmission network, the most important issue is to isolate different services using VPNs.

2.8.1 Security Measures

The following measures can be used to effectively enhance the security of WANs:

Use the ACL to control the access of users and authority of network devices.

Restrict the SNMP and Telnet access to network devices.

Implement mutual authentication of interconnected devices.

Authenticate the routing information (such as IS-IS MD encryption authentication).

Use the Syslog to record all important events.

Use NTP or PTP to synchronize clocks of network devices in the entire network.

2.8.2 Network Security Architecture

For network security architecture, the transmission device needs to have the service

differentiation capability to divide different services into zones with different security levels,

such as untrusted zone, trusted zone, and semi-trusted zone. Different zones are isolated

through security gateway devices such as the FW and SBC, as shown in Figure 2-19 (asterisks

in this figure indicate the security level).





Figure 2-19 Security architecture model of IP WANs

STPAccouting Center NMS Center OAM Terminal

SG MG SoftSwitch NMS UC Agent Server

AG TMG MCU U- NICA MRU IADMS Parlay

Server

UC Portal

Server

Other App

ServerIDS

SBC MSCG Firewall

OpenEye IAD H. 323 Phone SIP Phone

Trusted zone

★★★★

Semi-trusted zone

★★

Untrusted zone★

Narrowband signaling network

★★★★★

Out-of-band management network

★★★

AG: Access Gateway IAD: Integrated Access Device

IADMS: IAD Management System IDS: Intrusion Detection System

MCU: Multipoint Control Unit MG: Media Gateway

MRU: Media Record Unit MSCG: Multi-Service Control Gateway

NMS: Network Management System SBC: Session Border Controller

SG: Signaling Gateway SIP: Session Initiation Protocol

STP: Signaling Transfer Point TMG: Trunk Media Gateway

U-NICA: Universal Network Intelligent Core

Architecture

UC: Unified Communication

2.9 Network Management Planning

On a legacy network, devices at the IP layer and transport layer are managed by different

NMSs and maintained by different departments, making quick service provisioning and fault

identification difficult. For example:

When the IP network requires one more wavelength, it may take one or two months to

provide a wavelength on the transport network. This greatly delays service provisioning

and launch.

Over 80% traffic from the IP network is carried over wavelengths. When services on a

router are interrupted, it is difficult to quickly identify whether the fault occurred on the

IP network or on a WDM device, let alone to isolate the fault.

When a fault occurs on a transport device, the transport network administrators do not

know whether this fault affects IP links and which IP links are affected.





Device connections on the IP network are complex, making OAM on IP networks

difficult. Network administrators have to open many pages on the NMS to configure a

service.

The OAM synergy solution is introduced to reduce workload on network management and

make network OAM easy. It solves the preceding problems implementing unified

management on the IP network and OTN and visualized service maintenance.

2.9.1 Unified Network Management

The U2000 is a unified NMS that manages NEs on the IP network and transport network

uniformly and provides functions such as quick service provisioning, and quick fault

identification.

Unified NE Management

The U2000 manages transport devices, access devices, and IP devices uniformly. It manages

devices such as routers, switches, DSLAMs, and firewalls, and services such as MSTP, WDM,

OTN, microwave, PTN, MSAN, and FTTx.

Quick Service Provisioning

The U2000 implements quick end-to-end service provisioning by using the following

functions:

Service templates: The U2000 provides various service templates such as tunnel

templates, L2VPN/ L3VPN/VPLS/PWE3 service templates, and QoS policy templates.

These templates implement one-stop service parameter configuration, improving

configuration efficiency by 3 to 6 times.

Batch service delivery: improves configuration efficiency by 2 to 3 times.

Automatic calculation of static routes: The U2000 calculates static routes and allocates

MPLS labels, and no manual operation is required.

Inter-domain end-to-end service maintenance: helps to identify and locate faults

accurately.

One-key layer switching and layered service presentation: Administrators can switch

between the IP layer and optical layer easily to configure services. The relationship

between IP and WDM services is displayed clearly on the GUI.

Quick Fault Identification

The U2000 helps to analyze root causes of alarms on the IP network and clears 85% of

ineffective alarms to improve availability of alarms on the IP network. The U2000 also

provides IP and OTN alarm correlation analysis and displays IP links affected by OTN alarms.

Figure 2-20 shows alarm correlation and root analysis.





Figure 2-20 IP&OTN alarm correlation and root cause analysis

2.9.2 Visualized OAM

The legacy IP network is more difficult to manage and maintain than other types of networks

due to technical limitations:

Service routes on the IP network are invisible to administrators.

Fault identification on the IP network is difficult and time-consuming. Some transient

faults cannot be eliminated permanently.

End users are unaware of services transmitted over the IP network, so QoS is difficult to

manage on the IP network.

Huawei provides a visualized service quality management (SQM) solution to improve

maintainability of IP networks. This solution is implemented by the U2520 (an IP SQM

system) and the U2000.

The SQM solution provides the following functions:

KPI monitoring

The SQM system effectively monitors key performance indicators (KPIs) on the IP

network, such as latency, jitter, and packet loss ratio. The user experience can be

measured and evaluated in various usage scenarios, and pre-warnings can be generated

for factors that degrade user experience.

End-to-end IP service management

The SQM system implements end-to-end monitoring and presentation of IP services such

as video, voice, and file transfer. It monitors service performance and detects faults in

real time, helping to locate faults quickly.

Real-time IP route display

The SQM system collects and displays IGP routes and LSPs on the entire network in real

time. Historical transient faults can be traced and eliminated.

P

E

PP

EP

Where is the fault?

23,000 Alarms/Day, KPN IP Backbone

6,000 alarms per day on KPN WDM Backbone

• Abundant alarms database in both layers

• Customized alarm correlation analysis rules

U2000 NMS &

Alarm Center

Only need to maintain a unified alarm report

after Correlation Analysis and Suppression

Help to fast trouble shooting

Alarms caused by the root

alarms are shielded





IP fault location

The SQM system uses Huawei's IP fault locating techniques to locate faults on the IP

network. After the source IP address/port and destination IP address/port are entered, the

SQM system can locate the fault within 5 minutes.


Technical Proposal 3 Product Introduction



3 Product Introduction

The following products are used in the WAN interconnection solution:

Core router: NetEngine40E core router

Backbone router: NetEngine80/40 universal switching router

Access router: NetEngine20E/20 multi-service router

3.1 NetEngine40E Core Router

3.1.1 Overview

NetEngine40E core routers (the NE40E for short) are high-end network products provided by

Huawei. The NE40E is widely used at the aggregation layer or core layer of the IP national

backbone network, IP provincial backbone network, and other large-scale IP networks.

Based on distributed hardware forwarding and non-blocking switching technologies, the

NE40E uses the Huawei patented Solar chips and features the line-speed forwarding

capability, good scalability, well-designed QoS mechanism, and powerful service processing

capabilities. Based on the expandable 400G platform, the NE40E supports the smooth

expansion from 40 Gbit/s per slot to 400 Gbit/s per slot and is compatible with all line cards

that are currently in use, helping maximize return on investment (ROI).

The NE40E is powerful in service access and aggregation and can be flexibly configured with

various features such as L2VPN, L3VPN, multicast, multicast VPN, MPLS TE, and QoS to

guarantee the reliability of carrier-class service transmission. In addition, the NE40E supports

IPv6 as well as the smooth transition from IPv4 to IPv6.

The NE40E can be flexibly deployed at the aggregation layer or core layer of IP or MPLS

networks, which simplifies the network structure. With the provision of various types of

services and reliable service quality, the NE40E functions as an important driving force for

the IP or MPLS networks to become more broadband, secure, intelligent, and

service-oriented.





3.1.2 Product Models

The following table lists product models of the NetEngine40E core routers.

Table 3-1 Product models of NetEngine40E core router series

Product Model Description

NE40E-X16 Supports 16 LPUs.

Switching capacity: 12.58 Tbit/s (bidirectional)

Backplane capacity: 30 Tbit/s

Forwarding performance: 3200 Mpps.

NE40E-X8 Supports eight LPUs.



Forwarding performance: 1600 Mpps

NE40E-X3 Supports three LPUs.


Backplane capacity: 1.35 Tbit/s


NE40E-8 Supports eight LPUs.

Switching capacity: 640 Tbit/s (bidirectional)



Figure 3-1 Appearance of the NE40E-X16





Figure 3-2 Appearance of the NE40E-X8

Figure 3-3 Appearance of the NE40E-X3 (DC)

Figure 3-4 Appearance of the NE40E-X3 (AC)

Figure 3-5 Appearance of the NE40E-8





3.1.3 Product Features

400G Routing Platform

At present, the NE40E is the industry's most powerful router based on a 400G platform,

which can meet future development needs for at least a decade.

Being properly designed, the NE40E provides high-density ports. Each chassis supports

a maximum of 1320 GE ports, which is twice that of the industry average.

Based on an energy-saving 400G platform, each GE port consumes less than 9 W power,

which is 10% lower than the industry average.

All boards and software based on a new 400G platform are compatible with those based

on a 40G platform.

All-Service Bearing

The NE40E has the leading all-service bearing capability in the industry to ensure the

operation of carrier-class services.

The NE40E supports BRAS, DPI, and other functional modules, to ensure the

multi-service access capability.

As the most complete HQoS solution in the industry, the NE40E supports HQoS, DS-TE,

and MPLS HQoS to guarantee the QoS deployment in multiple scenarios.

High Reliability

The NE40E provides the well-designed end-to-end reliability solution to ensure uninterrupted

services.

Device-level reliability: With the backup of key parts and ISSU/NSR/GR, service

interruption is minimized.

Network-level reliability. The Huawei proprietary BFD for Anything and enhanced

protection techniques such as E-APS, E-Trunk, and E-STP allow the protection

switchover of end-to-end services to be performed within 200 ms.

3.1.4 Product Specifications

The following table lists the specifications of the NE40E series products.

Table 3-2 Specifications of the NE40E series products

Specifications NE40E-X16 NE40E-X8 NE40E-X3 NE40E-8

Switching capacity 12.58 Tbit/s

(bidirectional)

7.08 Tbit/s

(bidirectional)

1.08 Tbit/s

(bidirectional)

640 Gbit/s

(bidirectional)

Forwarding

performance

3200 Mpps 1600 Mpps 300 Mpps 400 Mpps

Backplane bandwidth 30 Tbit/s 15 Tbit/s 1.35 Tbit/s 2 Tbit/s

Port capacity

(bidirectional)

3.2

Tbit/s(bidirecti

onal)

1.6 Tbit/s

(bidirectional)

240 Gbit/s

(bidirectional)

320 Gbit/s

(bidirectional)





Specifications NE40E-X16 NE40E-X8 NE40E-X3 NE40E-8

Number of service slots 16 8 3 8

Width (mm) 442 442 442 442

Depth (mm) 770 770 750 669

Height (mm) 1420 620 DC chassis: 175

AC chassis: 220

886

Height (U) 32 U 14 U 4 U 20 U

Weight (fully

configured)

267 kg 130 kg DC chassis: 41 kg

AC chassis: 51 kg

147 kg

Maximum power 6500 W 3300 W 1100 W 2200 W

3.2 NetEngine80/40 Series Universal Switching Router

3.2.1 Overview

The NetEngine80/40 series universal switching router (the NE80/NE40 for short) uses the

distributed network processor technology and non-blocking switching technology and has the

superb scalability. The NE80/NE40 supports IPv6 and has the line-speed forwarding

capability for high-speed interfaces, well-designed QoS mechanism, and carrier-class

reliability.

The NE80/NE40 integrates the powerful IP service processing capability and Layer 2 Ethernet

switching capability of the core router and can provide richer services, more flexible

networking, and better cost-effectiveness. The NE80/NE40 is often used as the core router in

IP backbone networks, IP MANs, and other large-scale IP networks. The NE80/NE40 is a

high-end network product that is launched by Huawei for large-scale enterprise networks and

industry networks.


The following table lists product models of the NE80/40 series routers.

Table 3-3 Product Models of the NE80 series routers


NE80 Supports 16 LPUs.

Switching capacity: 128 Gbit/s (bidirectional)


NE40-8 Supports eight LPUs.








NE40-4 Supports four LPUs.



NE40-2 Supports two LPUs.



Figure 3-6 Appearance of the NE80





Figure 3-7 Appearance of the NE40-8




Wide Deployment and Stable Application

The NE80/40 can be widely deployed and stably applied.

The NE80/40 has been maturely used for commercial purpose for nine years. More than

15000 NE80/40s have been sold globally.

There have been no quality accidents for many years.

All-Service Transmission

The NE80/40 is a complete series of multi-service products and can flexibly meet the needs of

enterprise users.





A complete series of products include products with two, four, eight, and 16 slots

respectively, which can flexibly meet the requirements of users in different scenarios.

With comprehensive multi-service capabilities such as tunnel, VPN, and NAT, the

NE80/40 can process services competently.

The NE80/40 integrates routing and switching, providing a cost-effectiveness solution.

High Reliability

The NE80/40 provides the complete end-to-end reliability solution to ensure uninterrupted

services.

Uses various device-level, network-level, and service-level reliability technologies.

Supports redundant backup of key components and supports hot patches.

Provides hierarchical HQoS to ensure QoS flexibly.


The following table lists the specifications of the NE80/40 series products.

Table 3-4 Specifications of the NE80/40 series products

Specifications NE80 NE40-8 NE40-4 NE40-2

Switching

capacity

128 Gbit/s 128 Gbit/s 128 Gbit/s 16 Gbit/s

Forwarding

performance

96 Mpps 48 Mpps 24 Mpps 12 Mpps

Number of

service slots

16 8 4 2

Width (mm) 600 482.6 482.6 482.6

Depth (mm) 800 420 420 420

Height (mm) 2200 797.3 352.8 219.5

Height (U) 46 U 18 U 8 U 5 U

Weight (fully

configured)

Less than 400 kg Less than 85 kg Less than 50 kg Less than 35 kg

Maximum

power

Less than 1800 W Less than 1000 W Less than 600 W Less than 300

W





3.3 NetEngine20E/20 Series Multi-Service Router

3.3.1 Overview

Independently developed by Huawei, the NetEngine20E/20 series router (the NE20E/20 for

short) is the fifth-generation general multi-service router with high performance. The

NE20E/20 adopts the NP hardware technology and has excellent forwarding performance.

The NE20E/20 series router is designed to meet the requirements for high carrier-class

availability of convergence layers of enterprise networks and edge networks of operators.

With the advantages of high performance, multiple services, dual main control boards, and hot

backup, the NE20E/20 supports service deployment and network construction. With strong

extensibility and configurability, the NE20E/20 supports multiple interfaces and service

features to integrate MPLS, VPN, QoS, traffic engineering, multicast, and other technologies.

In terms of networking application, as the high-performance aggregation device, the

NE20E/20 series router provides the comprehensive service processing capability as well as

the comprehensive and flexible network solution, to effectively improve the network value

and reduce the network construction cost.


According to the number of provided service slots, the NE20E/20 series router can be

classified into four types: NE20E-8, NE20-8, NE20-4, and NE20-2. The NE20E is an

enhanced product of the NE20.

The following table lists product models of the NE20E/20 series routers.

Table 3-5 Product models of the NE20E/20 core router series routers


NE20E-8 Supports eight LPUs.



NE20-8 Supports eight LPUs.


Forwarding performance: 4.5 Mpps

NE20-4 Supports four LPUs.


Forwarding performance: 4.5 Mpps

NE40-2 Supports two LPUs.







Figure 3-10 Appearance of the NE20E-8





Stable and Mature Application

The NE20E/20 has been maturely and stably applied for many years.

The NE20E/20 has been widely used for commercial purpose for eight years. About

10000 NE20E/20s have been sold globally.

There have been no quality accidents for many years. The performance is outstanding.





Multi-Service Access and Convergence Capability

The NE20E/20 is a complete series of multi-service products and can flexibly meet the needs

of enterprise users.

The NE20E/20 provides superb aggregation capability, providing line-rate aggregation

on ATM, CPOS, and CE1 interfaces, which can converge 96 line-rate E1/T1 channels

The NE20E/20 provides powerful security tunnels and supports hardware IPSec

encryption, GRE, L2TP, and NAT.

The NE20E/20 provides comprehensive route processing and supports various multicast

and multicast routing protocols.

High Reliability

The NE20E/20 provides the complete end-to-end reliability solution to ensure uninterrupted

services.

The NE20E/20 uses double control engines and double forwarding engines for backup,

which pioneers the industry and provides high-quality service.

The NE20E/20 uses the device-level, network-level, and service-level reliability

techniques, ensuring high-speed, reliable network operation.

The NE20E/20 supports HQoS, ensuring service quality.


The following table lists the specifications of the NE20E/20 series products.

Table 3-6 Specifications of the NE20E/20 series products

Specifications NE20E NE20-8 NE20-4 NE20-2

Switching capacity 16 Gbit/s 128 Gbit/s 128 Gbit/s 16 Gbit/s

Forwarding performance 6 Mpps 48 Mpps 24 Mpps 12 Mpps

Number of service slots 8 8 4 2

Width (mm) 436.2 436.2 436.2 436.2

Depth (mm) 480 420 420 420

Height (mm) 261 219.5 130.5 130.5

Height (U) 6 U 5 U 5 U 3 U

Weight (fully configured) 32.5 kg 27.5 kg 17.5 kg 15 kg

Maximum power 350 W 320 W 240 W 240 W

Documents

Technical Proposal for the WAN Interconnection Solution (V100R001C00_01)