Professional Documents
Culture Documents
Imaster NCE-Campus V300R019C10 Training - APRIL2020
Imaster NCE-Campus V300R019C10 Training - APRIL2020
V300R019C10 Training
Security Level:
CloudCampus Solution Training Documents
This
document
2 Huawei Confidential
Contents
Campus NCE-Campus *
SD-WAN NCE-WAN *
WAN
Transmission NCE-T Lite
4 Huawei Confidential
New Highlights of iMaster NCE
• SDN-based automatic service
• Unified data base • Full lifecycle network management
configuration/deployment
• Closed-loop network assurance • Pre-event network change
• AI-powered intelligent analysis and
simulation and verification
predictive/proactive O&M Manager + Controller
Automation + Planning + Construction
+ Analyzer
Intelligence + O&M + Optimization
2 3 4
Autonomous driving
Manager Controller Analyzer network system
=
5 Huawei Confidential
Huawei's Autonomous Driving Enterprise Network Solution
Application
Cloud
Self- Mobile Third-party
…
layer platform
service app app
Portal
Network
Autonomous Network Management and Control System
management
and control
Manager Controller Analyzer
layer
CloudEngine
DC Fabric
AP vSwitch AP
Campus CPE
VM
VM
CPE Campus
VM
Network HiSecEngine
layer
NetEngine NetEngine
AirEngine AirEngine
SD-WAN
DC Fabric
vSwitch
CPE
Branch CPE VM
VM
Branch
VM
6 Huawei Confidential
iMaster NCE-Campus: Autonomous Driving Campus Network
Management and Control System
Manager + controller +
Fully converged
analyzer
SecoManager
7 Huawei Confidential
Fully Converged Platform: Manager + Controller + Analyzer
3 units
1 unit
Note:
No SD-WAN requirement Menu/Dashboard integration Workflow integration
Server 1 x 256 GB server
Cisco Huawei
8 Huawei Confidential
All-Scenario: Ranging from Single-Service to Multi-Branch
Interconnection Campus
Simple-service campus Multi-service campus Multi-branch interconnection campus
NETCONF/YANG
Virtual network
9 Huawei Confidential
iMaster NCE-Campus: Full-Lifecycle Campus Network
Service Panorama
Hardware installation
Optimization (Day N)
Physical network deployment
Site design
Network monitoring User experience visibility
Deployment(Day 1–2)
Network resource planning
Routine device O&M Exception identification
Provided by the NCE-CampusInsight component (SSO and navigation via the iMaster NCE-Campus GUI)
Video
Single-border Multi-border
VXLAN VXLAN Fabric network across Layer
networking networking 3 gateways
11 Huawei Confidential
Contents
1. iMaster NCE-Campus Overview
2. iMaster NCE-Campus — Campus Network
Deployment Automation (V300R019C10)
--Simple-Service Campus
--Multi-Service Campus
--Multi-Branch Interconnection Campus
3. iMaster NCE-Campus FAQs
12 Huawei Confidential
How to React Rapidly to Service Expansion
Huawei User Equipment Stores: Fast Network Deployment Facing Rapid Store
Growth
Fast growth
Number 1000+ stores worldwide
of 100+ stores in Shanghai
stores 1000+ 100+ Annual growth rate > 30%
13 Huawei Confidential
iMaster NCE-Campus: Simple-Service Campus Network
Automation Solution
14 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
3. Automatic registration
4. Automatic 3. Automatic 4. Automatic 5. Automatic 4. Automatic
with the controller and
configuration delivery registration with configuration delivery configuration delivery registration with the
going online
the controller and controller and going
online online
DHCP Server
3. Obtaining
2. Deployment by registration
2. Obtaining information.
scanning barcodes
registration
through the
information
CloudCampus app
15 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
Automatic
configuration Devices automatically obtain configurations.
delivery
Zero-configuration
Zero-configuration device replacement by scanning
device barcodes through an app (not supported by vendor C)
replacement
16 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
A university
Most
50+ types of comprehensive
smart terminals built-in terminal
fingerprint library
Terminal data collected by level-
2 institutes
Difficult and error-prone MAC >>
address collection
An automobile manufacturer
>>
10+
authentication
faults reported Terminal Type-Based Terminal Type-Based Terminal Type-Based
per day
Rogue devices are Automatic Authentication Automatic Authorization Rogue Device Detection
difficult to locate Recognized as a printer Recognized as a camera Recognized as an IP phone first
• Automatic MAC address • Automatically added to the video and then PC
authentication, MAC address-free surveillance group • A rogue terminal alarm is reported
device registration • Set as a VIP user
17 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
18 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
Network device (such as AP, 173 models from 45 vendors N7 canteen test in Nanjing Research
Identification Identification Center (mobile terminal):
switch, and router) Type Accuracy
Number of Number of Identification
Category 99.73%
Laptop and desktop 94 models from 3 vendors Tested Accurately Accuracy
Vendor 98.89% Terminals Identified
Terminals
IoT terminal (access control Not available currently Product model 96.37%
19 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
20 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
Open-System Authentication
• Interconnection with a third-party Portal server
Authentication
• Interconnection with social media such as QQ,
device Switch AP Firewall AR
Sina Weibo, WeChat, Facebook, and Twitter
21 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
Access time
By week/time point
When High/Medium/Low
QoS Traffic and online duration control
(supported only in Portal
Terminal type authentication mode)
PC/iOS/Android
What
Intelligent policy
Engine Application Application group/application
Company-provided/BYOD Device attribute
terminal Whose
22 Huawei Confidential
Free Mobility: Policies Following Users, Ensuring Consistent
Experience
Location: Shenzhen
Network
resources
Silicon Valley
Network Network
resources resources
1. Policy: permission
Shenzhen 2. Policy: security
3. Experience:
priority/bandwidth
Beijing
Users can access the network anytime, anywhere, ensuring consistent service policies
and network experience for users.
23 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
>>
>>
>>
Netconf/YANG
24 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
>>
10.1.1.3 10.1.1.3 belongs to
Which security group the finance group
does it belong to?
Supported by some firewalls Supported by VXLAN-enabled switches Supported by free mobility-capable switches, enriching
Limitation: Traffic needs to pass through Limitation: VXLAN networking is required. application scenarios of free mobility
the firewall.
25 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
IP Group
>>
IP-Group information synchronization: 10.1.1.3 group_FIN
iMaster NCE-Campus synchronizes association information between 10.1.2.3 group_R&D
IP addresses and groups to switches. The authentication points and
policy enforcement points are separated. This practice helps
implement flexible networking and third-party hybrid networking.
Free mobility: supported in the third-party Free mobility: supported in the ME60 Network-wide free mobility: supported in cross-
hybrid networking scenario networking for universities Layer 3 gateway scenarios
ME60 gateway
(authentication and Switch Huawei switch
Huawei switch
accounting point) (policy enforcement point) (policy enforcement point)
(policy enforcement point)
Huawei switch Huawei switch or independent AC
X X (authentication point) X (authentication point)
Huawei switch Third-party AC and switch
(authentication point) (authentication points)
Huawei AP Third-party AP
26 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
Specifications:
• The S12700E supports 16K VIP users per card.
The AirEngine 9700-M supports 1800 users per
board.
Video • iMaster NCE-Campus supports up to 31
Camera
surveillance application scheduling templates.
VIP users Other users
28 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
Intelligent HQoS: WAC (Integrated or Independent WAC): Queues at
Four Levels (Flow + User + AP + Port)
Priority-based traffic scheduling for each subscriber and each application, 4-level
queue buffer and shaping, and refined management and control
Flow queue (FQ) Subscriber queue (SQ) AP queue (GQ) Port shaping (DP)
(priority-based traffic scheduling and (Priority-based traffic scheduling for each subscriber) (per-AP traffic shaping)
shaping for each application)
VIP user 1
Application 1 2M Queue CS7 PQ
Application 2 2M Queue CS6 PQ VIP user 1
Application 3 2M Queue EF PQ AP1
Application 4 15M Queue AF4 DRR:15 SQ1
DRR VIP user 1
Application 5 15M Queue AF3 DRR:15 1:1 Traffic shaping
VIP user 2 300M
Application 6 30M Queue AF2 DRR:10 Common user 3 GQ1
Common user 4
Application 7 40M Queue AF1 DRR:10
SQ2 SP
Application 8 30M Queue BE DRR:10
DRR Shaping (bypass)
VIP user 2 1:1 DP1
AP2
Common user 3 Common user group
Common user 4 VIP user 2 Traffic shaping
Maximum integer value
Common user 5 SQ3 200M
Common
GQ2
user 5
Switches and WACs support multi-level queue scheduling through large buffers.
29 Huawei Confidential
Automatic Physical Automatic Service
Network Deployment Policy Provisioning
Voice service
VR service Application-
Common based
VIP user
user bandwidth
Video service allocation
Web service
30 Huawei Confidential