Huawei SD-WAN Solution Technical Presentation

Huawei SD-WAN Solution Technical Presentation
Security Level: Internal Publicity

Contents
1 SD-WAN Trends
Huawei SD-WAN, Facilitating Enterprise

2
1
Digital Transformation
3
2 Huawei SD-WAN Product Panorama
4
2 Success Stories
2 Huawei Confidential
SD-WAN Is the Best Way to Address Challenges Facing WANs
Development of new SD-WAN solutions driven by technological
Surge in enterprise WAN traffic
revolutions
Technological
revolutions
TDM IP/MPLS Cloud
80%
Private line
solutions
20% SD-WAN
SDH/PDH MPLS VPN
(Hybrid WAN, SDN
/ IPsec VPN / OTN … controller)
2016 2020
Proportion of WAN traffic to the total
SD-WAN: entering a period of

large-scale implementations
enterprise network traffic
Source: IDC
Intelligence Cloudification Video IoT
Futuriom: 2020 SD-WAN Infrastructure Survey
Industry Consensus: SD-WAN Is the Way Forward
Carrier B2B Finance Large enterprise

China Construction Bank (CCB): To implement digital
Italy TIM: SD-WAN shortens TTM from weeks to transformation and smart banking, CCB introduces Ping An Technology: With rollout of new services
minutes, providing enterprise customers with one-stop bandwidth-demanding customer service robots, remote such as AI and cloud in its 2000+ branches, the traffic
"Internet + VPN + self-service." expert services, and financial capsules, which require expense of traditional MPLS private lines increases
application-based intelligent traffic steering and efficient sharply by 50%.
O&M.
• Meeting complex networking requirements of all • Providing 5G gigabit wireless uplinks, ensuring low • ZTP, facilitating site and service rollout
types of enterprises latency and requiring no cabling • Using the Internet to support the AI customer
• Extending to 10+ VASs, such as VoIP and LAN • Implementing application-based intelligent traffic service, reducing link costs
services, by making optimal use of CPEs steering, ensuring financial service experience • Ensuring high-quality experience of the AI
• Flexible and visualized O&M management, • Centralized network O&M and unified customer service and issuing insurance policies in
reducing OPEX management across LAN, WAN, and security minutes
Key Considerations for Building SD-WAN Networks in the Digital Era
1. How to implement quick rollout of branches? ZTP, 5G High bandwidth and cabling-free
• ZTP, 5G ultra-broadband uplink, cabling-free, provisioning devices and
networks in minutes
2. How to meet complex networking On-demand interconnection, high-quality network

• Building large-scale enterprise interconnection networks with high flexibility,
requirements of enterprises? reliability, and security
Intelligent traffic steering, intelligent experience

3. How to optimize experience of key • Extensive application identification methods
• Flexible traffic steering
applications? • Optimization on key applications such as audio and video
Unified management and control, intelligent O&M

4. How to simplify branch network O&M? • Unified management across WAN, LAN, and security
• Simplified deployment and automated provisioning
• Visualized O&M
Contents
11 SD-WAN Trends

21 Digital Transformation
42 Success Stories
Huawei SD-WAN, Facilitating Enterprise Digital Transformation
ZTP, enabling automated deployment

Full-process
automation
• ZTP for multiple branches, facilitating site rollout
Management • 5G, cabling-free, enabling fast network
Network
layer
Site deployment
orchestration
Application policy Visualized O&M
provisioning
On-demand interconnection, high-

RR
Distributed control RR quality networks
Control components
• Multi-purpose network for branches, HQ, and
layer RR clouds
5G Robot service • Internet access, cloud service access, and cross-
VR finance domain interconnection
MPLS Application-based traffic steering and
VTM Cloud
optimization, offering intelligent experience
MSTP
Counter service
• Extensive application identification technologies,
Network achieving high identification accuracy
layer
NetEngine AR • Application-based traffic steering, QoS, and
NetEngine AR network optimization technologies
Wi-Fi
Intelligent O&M
… … • Network visualization, service visualization, and
Customer
Counter VTM VR finance
service robot topology-based O&M
Large/Midsize branch Small branch • Proactive user and application experience
optimization
Intelligent Network Construction, One-Stop Management
and O&M
On-Demand Application
ZTP Intelligent O&M
Interconnection Experience
• USB-based deployment • Inter-site access • Application identification • Service visibility

• Email-based deployment • Communication with • Intelligent traffic steering • Alarm management
• DHCP-based deployment legacy sites • Application optimization • Log tracing
• Cloud on-ramp • Security • Network diagnosis
• Agile report
ZTP Intelligent O&M
ZTP: Minute-Level Network Provisioning
Manual onsite
Network planning Device selection Process approval Site survey
Hardware Hardware Software configuration and
transportation installation commissioning deployment,
(2 to 5 days) (1 to 3 days) (2 to 5 days) (1 to 3 days)
(2 to 5 days) (1 to 3 days) (1 to 3 weeks)
which is error-
prone and time-
consuming (1 to
As-Is 3 weeks)
Multi-tenant RESTful API Subscription

management and self-service
MSP/Carrier Enterprise
Multiple ZTP
modes, deploying
devices and
provisioning
networks in minutes
USB-based Email-based DHCP-based

deployment deployment Deployment
Batch operation of Applicable to scenarios with DHCP scenario, no

devices in warehouses, multiple access modes, one- skill requirement
centralized deployment click operation
To-Be
ZTP Intelligent O&M
Multiple Flexible ZTP Modes, Ideal for Various Scenarios
Email-based deployment DHCP-based deployment USB-based deployment

Plan sites
and
  configure
Plan sites
and
 devices and
networks
Plan sites
configure
and
devices and
networks
configure
devices
 Generate a
deployment file
5G/Internet/MPLS and 5G/Internet/MPLS
Send a
deployment
networks
5G/Internet/MPLS
email
Email 
The CPE
registers with
iMaster NCE
 The CPE Perform ZTP
registers with
iMaster NCE
 at the site
Obtain an IP Import the initial
CPE
 address  configuration file in
batches
 Perform deployment
on a mobile phone or
laptop DHCP server  Obtain the IP address CPE
of iMaster NCE CPE
Scenario: send an email to a specific Scenario: Deploy a DHCP server and enable the Scenario: Centrally import the initial
address for deployment CPE to automatically obtain an IP address upon configuration through a USB flash drive.
Advantage: one-click deployment power-on. Advantage: batch device deployment
Advantage: zero skill requirements
ZTP Intelligent O&M
Simplified/Batch Deployment, Higher Deployment Efficiency

Low efficiency, loose GUI relationships, and Wizard-based template, batch deployment, higher
As-Is To-Be deployment efficiency
high skill requirements
Long time Template-based

Quick
Creating 30 minutes required configuration Only 3 minutes required for
Creating sites
devices for configuration and configuration and
(3 minutes)
(3 minutes)
deployment of a deployment of a single site
single site
Site replication
Complex operations One stop

Configuring Configuring
Complex configuration, E2E configuration on
NTP WAN links
(2 minutes) requiring redirection across one page
(10 minutes)
multiple pages
High skill Site replication

Connecting Configuring WAN requirements Batch deployment of sites
the RR routes of the same type
High dependence on
(2 minutes) (10 minutes) personal experience,
error-prone
ZTP Intelligent O&M
Flexible Networking Models, Meeting Diverse Branch Network Requirements

• Multiple networking models
RR RR Hub-spoke, full-mesh, partial-mesh,
RR
hierarchical networking, etc.
Hub Backbone
area Border
Area
• Hub redundancy
Single hub and dual devices, and dual-
hub (a maximum of eight service hub
Hub-spoke Hierarchical networking Full-mesh Partial-mesh
nodes are supported)
If a hub node is faulty, a site automatically
Scenario: 80% of Scenario: This Scenario: This Scenario: This switches to the hub node with a lower
enterprises use networking is applicable networking is networking is a priority.
this networking. to large-scale multi- applicable to special type of the
Generally, the HQ branch enterprises. This enterprises full-mesh
and DC function networking can be requiring direct networking. When • Link redundancy
as hub sites, and considered as a service access an underlay network  Intelligent traffic steering among 20
branches function combination of single- between branches. is available to links supported by two CPEs (a
as spoke sites. layer networks. The WAN Service data does directly connect
maximum of 10 links for a single CPE)
Branches access is divided into multiple not need to sites, traffic is
server applications areas, which are traverse other directly sent  Escape link supported
deployed in the interconnected through intermediate sites. between sites.
HQ or DC through the centralized backbone Otherwise, sites
• CPE redundancy
the WAN in a area to implement cross- communicate with
Two CPEs are deployed at a site for
centralized manner. area communication each other through redundancy. VRRP or route switchover is
between a large number the redirect site. used to implement backup.
of sites.
ZTP Intelligent O&M
Multi-Hub Solution: Improving the Interoperability and Reliability for DCs
Requirements & Challenges

• Large enterprises often deploy multiple (> 2) DCs in different areas to
isolate services and enhance the entire-network reliability (DR). For
example, in China, enterprises often deploy three DCs in two cities.
• Branch sites need to communicate with multiple DCs based on service
Hub1 Hub2 Hub3 Hub4 Hub5 Hub6 Hub7 Hub8
requirements. Some branch sites need to communicate with each other
through the hub (HQ).
ISP1 ISP2 ISP3
• A maximum of 8 southbound and northbound service hubs

RR
are supported for communication between branches and DCs.
Spoke1
• Southbound and northbound service hubs can be configured to
Spoke2
work in backup or load balancing mode.
• All hubs can be configured as hubs for branch interconnection.
Two hubs can be configured on the entire network to work in
Office service active/standby mode.
Production service • Priorities can be configured for service hubs based on branch
sites.
ZTP Intelligent O&M
MPLS Branch Interconnection: Dual-Domain Network Interconnection,

Implementing Smooth Service Evolution
3 Dedicated IWG IWG MPLS branch interconnection

Scenario:
An enterprise has a large number of legacy MPLS branches and requires
communication between the legacy MPLS domain and SD-WAN domain
2 Centralized Hub to implement smooth evolution.

access Solution:
PE • Local access: Local breakout through a CPE needs to be

implemented between the SD-WAN site and legacy site. In this case,
PE
PE
Internet
the CPE functions as a CE to communicate with the peer MPLS PE.
MPLS
• Centralized access: SD-WAN sites and legacy sites communicate
with each other through the centralized gateway. The centralized
1 Communication
gateway uses the hub device as the CE to communicate with the
with MPLS
branches peer MPLS PE.
through local
Enterprise 1 Enterprise 2 Enterprise 3 Enterprise 3 Enterprise 2 Enterprise 1
breakout • Access through the dedicated IWG: SD-WAN sites and legacy
sites communicate with each other through a dedicated IWG. The
Legacy MPLS domain SD-WAN domain
SD-WAN domain IWG functions as the centralized gateway in the SD-WAN domain
and the PE in the MPLS domain. In addition, multi-tenancy is
Centralized access Access through
Local breakout supported.
through the hub the IWG
R21C00 New Features On-Demand Application
ZTP Intelligent O&M
Challenges in Migrating Enterprise Services to the Cloud in Different Scenarios
Requirements: fast and secure network Requirements: multi-cloud interconnection and Requirements: fast Internet access and
access for branches cloud-network synergy interworking
Google Host VPC/VNET Host VPC/VNET Host VPC/VNET Google
Youku Office 365 Youku Office 365

Facebook Facebook
MPLS Internet Internet
Branch Branch Branch Branch

HQ
• Slow Internet access: Internet access traffic is • Lack of interoperability among multiple clouds: • Slow Internet access: Access to websites of other
diverted to the HQ, slowing down Internet access. Services deployed on different public clouds are regions or countries is slow or even fails.
• Expensive lines: Internet access traffic occupies isolated. • Slow mutual access: Internet-based connections are
valuable private line resources, resulting in high costs. • Low configuration efficiency: When branches access unstable, and user experience cannot be ensured.
• Insecure: Local breakout is performed without VPCs/VNETs on the cloud, IPsec tunnels need to be Traffic of intra-city mutual access via Internet of
security protection. separately established with the gateway, which are different carriers is not transmitted through the
• Unable to identity applications: Local breakout is complex to configure. optimal links.
faster for some applications, but breakout through • Difficult to manage policies: Only basic
the HQ is faster for some other applications, making interworking capabilities are available, and no route
it difficult to configure policies. selection capability is provided, making it hard to
control routes and policies on public clouds.
ZTP Intelligent O&M
Huawei Cloud On-Ramp, Enabling Flexible Access to Clouds
Cloud on-ramp for SaaS

• Local breakout and central breakout, allowing for flexible
Network-wide automation | path selection
AI-powered intelligent O&M
• Rich built-in security capabilities
• Unilateral TCP optimization1, improving SaaS experience
① Direct access to SaaS services Cloud on-ramp for IaaS

Branch
Cloud access through • NetEngine AR1000V: one hop to six clouds
② PoP gateways
• 10G SD-WAN, high-performance hubs on the cloud
SaaS
Cloud on-ramp for PoP gateways
• Support for both physical CPEs and vCPEs
③ • Support for multi-tenancy: isolation of management and

Cloud access through data for tenants, ensuring security
IaaS vCPEs IaaS
AR1000V • Offering better services via private lines, making it
especially suitable for carriers and MSPs who need to
Underlay
provide fast Internet access for enterprise customers
Overlay
Note: Unilateral TCP optimization is a test feature and will be put into commercial use in R21C10 (GA in March 2022).
ZTP Intelligent O&M
Multiple Identification Methods: Matching Applications in a Refined Manner
Requirements & First packet identification (FPI) Service awareness (SA) Customized application identification
Challenges
Traffic flow
…7 6 5 4 3 2 1 • Signature
identification
• Association
Mapping table identification
• Behavior
Destination Application identification Customized
• ... applications
IP Address Name based on 5-tuple
information
>> 1.1.1.1 W3
2.2.2.2 Salesforce
Unclassified
• Diversified enterprise 3.3.3.3 HR
services (production,
packets ……
4.4.4.4. Office 365 SA engine
office, and cloud
services) make it difficult ... ...
to ensure application
experience for key
services. • Lookup in the mapping table to quickly identify • Multiple identification methods: packet • Applications customized based on 5-tuple
• Network applications an application based on the destination IP signature identification, association information: matching based on the destination
emerge one after address of the first packet identification, and behavior identification, etc. IP address, destination port number, and
another but are difficult • Applicable to SaaS applications, with the correct • Application signature database containing up to protocol > matching based on the source IP
to identify. Non-key route selected at the first packet 6000+ records address, source port number, and protocol
applications preempt • Flexible SA application signature database • Applications customized based on DSCP, ACL.
bandwidth resources. upgrade through iMaster NCE
ZTP Intelligent O&M
Application Experience–Centric Intelligent Traffic Steering, with Bandwidth Utilization

Reaching 90%
Traffic steering based on link quality Traffic steering based on load balance
4 3 2 1 4 3 2 1 Flow P1
MPLS 2 1
4 3 2 1 Flow P2
Application
4 3 2 1 Flow P3 4 3 2 1
identification
Link switchover is triggered if 4 3 2 1
the quality is lower than the MPLS
SLA threshold.
HQ Application
Branch identification (100 Mbit/s)
Internet HQ
4 3
Branch
MPLS
4 3 2 1 (50 Mbit/s)
Traffic steering based on bandwidth utilization
Higher-priority applications Higher-priority applications

4 3 2 1 4 3 4 3 2 1
4 3 2 1 4 3 2 1
70%
Application
identification
MPLS Application
identification MPLS 50%
Branch HQ HQ
Branch
Lower-priority applications Internet
Lower-priority applications Internet
4 3 2 1
4 3 2 1 4 3 2 1 2 1
If the bandwidth utilization is greater than 70% (configurable), If the bandwidth utilization is less than 50% (configurable),
traffic of higher-priority applications is preferentially processed. traffic of lower-priority applications is switched back.
ZTP Intelligent O&M
Multi-Fed and Selective Receiving, Ensuring Zero Packet Loss of Key
Services
Quality deterioration or interruption of a wired Multi-fed and selective receiving @ hybrid links (wired and wireless, wired and
or wireless link, failing to guarantee the
wired, or wireless and wireless): Multi-path packet replication prevents packet
experience of key services
loss on links.
Zero packet loss for key services

Weak 5G signal strength causes packet
loss or interruption of key services.
Weak signal
Packet loss
As-Is: Key service strength
P1 P2 X P4
P1 P2 P3 P4 P1 P2 X P4
5G
AR remote guidance
Multi-fed and selective receiving, proactively

preventing packet loss
Weak signal
To-Be: Key service strength Always-on services
P1 P2 X P4
P1 P2 P3 P4 5G P1 P2 X P4
P1 X P3 P4
Multi-fed
Selective
Healthcare
receiving
P1 X P3 P4
Key services encounter packet loss or
5G/Wired
are interrupted.
ZTP Intelligent O&M
Intelligent A-FEC: Smooth Video Experience at 30% Packet Loss Rate

Packet Redundancy
AR router AR router Network Environment Before Optimization After Optimization
Rate
(built-in WOC) (built-in WOC) 30 Mbit/s + 65 ms delay + No frame freezing, lower
7% No frame freezing
5% packet loss rate image definition
Internet
30 Mbit/s + 65 ms delay + No frame freezing
11% Frame freezing, artifact
10% packet loss rate or artifact
30 Mbit/s + 65 ms delay + Severer frame freezing, No frame freezing
Branch 1 Original Redundant Branch 2 20% packet loss rate
22%
artifact or artifact
packet packet
A-FEC: automatically and dynamically adjusts the FEC protection
window and protection mode based on the link quality.
Check link quality in real time Packet loss Enable FEC on the receiving
and adjust the FEC protection during device and restore the
window as needed transmission original video packet
Note: FEC function only support in SD-WAN solution. After FEC is enabled, the forwarding performance of the
device is affected. FEC can be enabled based on service flows. To prevent the forwarding performance from Huawei: no frame freezing or artifact Vendors: frame freezing and
being affected, it is recommended that FEC be enabled for key services. even at 30% packet loss rate artifact at 3% packet loss rate
Requirements & Challenges Intelligent A-FEC: mitigating packet loss and offering optimal experience
Instant messaging services, such as voice • Redundant coding is performed based on historical packet information. After normal packets are sent, the
calls and video conferences, are sensitive to corresponding redundant packets are forwarded. The receive end recovers the lost packets based on the
packet loss. If the transmission link quality is redundant packets.
poor, frame freezing and artifacts may occur, • Huawei A-FEC: The intelligent data analysis engine adjusts the FEC protection window and protection mode
resulting in poor service experience.
based on the link quality, achieving fast recovery and low redundancy.
R21C00 New Features ZTP Intelligent O&M
Enhanced Proactive Defense Capabilities of CPEs: Offering E2E

Security Assurance
Enhanced proactive defense of CPEs for better E2E security assurance Key technologies
System security:
Self-service Portal Orchestrator BSS/OSS
 Rights- and domain-based management
HTTPS
System security Huawei & third-
 SSH encryption for NETCONF, bidirectional security
party cloud security
authentication
Log analysis
Traffic analysis  HTTPS encryption for third-party system
Document behavior
Rights- and domain-based management interconnection data
Zscaler
SSH encryption for NETCONF, E2E CPE-pipe-cloud data security:
bidirectional security authentication Forcepoint  CPE security
 Next-gen AR6000: built-in AV, IPS, URL filtering,
SA, and firewall protection capabilities
 Secure boot, TPM (supported by AR8140)
CPE: next-gen AR6000

 Pipe security
Built-in AV, IPS, URL MPLS
MPLS  IPsec overlay: interconnection packet encryption
filtering, SA, firewall
 Service isolation between departments on a per-
VRF basis, supporting a maximum of 64 VRFs
Internet
Internet  Device-cloud security collaboration
CPE  Interconnection with Huawei and third-party cloud
Pipe security mitigation platform (Zscaler)
CPE security Cloud security
 Distributed cloud security
ZTP Intelligent O&M
Difficult and Inefficient Traditional Enterprise Branch O&M
Numerous devices,
difficult deployment
Numerous devices (switch, Wi- Long provisioning period

Fi, firewall, router) -> Many
systems, teams, and O&M
personnel -> Many branches
Complex traditional service

configuration mode
Traditional
Site creation -> Link
O&M configuration -> VPN
Complex service configuration
configuration -> QoS policy
configuration -> Routing
policy configuration...
Manual troubleshooting
Difficult O&M
Network fault -> Passive
response -> Check on the NMS -
> Manual locating...
ZTP Intelligent O&M
Integrated O&M Platform, One-Stop Deployment of LAN/WAN Networks
WAN egress interconnection LAN campus configuration LAN & WAN port route WAN traffic policy, such as
intelligent traffic steering
One platform and integrated GUI, improving deployment and O&M efficiency and reducing customer investment
Note: CloudCampus solution supports integrated O&M of LAN/WAN networks.
ZTP Intelligent O&M
Simplified O&M: Service Visualization, Large-Screen Monitoring, and

Topology-based O&M
Topology status visualization
 Topology display based on sites and links
 Real-time acquisition of status and
performance data of sites and links
Quick detection of traffic

exceptions
Real-time large screen monitoring
 Customized dashboard (role or preference)
 Network-wide real-time alarm display (minute-
level)
 Multi-dimensional logs, facilitating problem
backtracking
Quick locating of faulty

 Agile reports, on-demand customization
devices or sites
Topology-based O&M
 Topology-based graphical O&M
 Network-wide inspection, detecting potential
problems
O&M demo Optimization of WAN investment
and configuration policies
Locating root causes in minutes
Service Alarm Network
Log Tracing Agile Report
Visibility Management Diagnosis
Large-Screen Monitoring: Global Insights into Networks and Ultimate O&M

Experience
Network resource
statistics
GIS map
Alarm
statistics
Application Network
statistics performance
statistics
Multi-dimensional data On-demand customization Ultimate experience

Unified display in five dimensions, Flexible layout and focus on key Excellent visualization effect,
global insights into networks points enhancing experience
Rights- and Domain-based Management: Layer-

based O&M, Enhancing O&M Efficiency
Scenario: An enterprise has a large number of branches. O&M
Benefits: Clearly define rights and responsibilities, reduce
personnel need to be granted different management rights based
interference, and eliminate misoperations.
on their responsibilities and managed areas.
Rights-based: Who can perform what operations Domain-based: Who can view what resources
Different roles and operation rights are assigned to users based on their Different management objects are allocated to different management
responsibilities to implement rights-based management. domains to implement domain-based management.
Tenant administrator
Role 1 Role 2 ... Role N Area 2
Monitoring
√ √ ... √ Area 1
√ ... Area 3
Maintenance √ √
Policy √ √ ... ×
...
Deployment √ × ... × Entire network
Various Alarm Management Methods: Enabling Timely System Status Monitoring
The following alarms can be

queried:
• Current and historical alarms
• Controller alarms
• Device alarms
Alarms can be cleared or masked.
• Alarm notification by email

• Alarm dump (which can be
performed by system
administrators only)
Multiple Types of Log, Helping Issue Tracing
Multi-dimensional system logs:

• Operation logs (system administrators and
tenant administrators)
• Security logs (system administrators and
tenant administrators)
• Run logs (system administrators only)
Logs can be exported to CSV files.
• iMaster NCE can interconnect with a

third-party server and report logs to it.
(The log reporting function is available
to tenants only.)
Network Inspection: Detecting Potential Network Problems at Anytime
• Inspecting networks of specified tenants

• Integrating Huawei's network inspection
expertise library, identifying potential
network problems and providing
maintenance suggestions
• Allowing for query of tenant network
inspection records at anytime (Historical
records can be stored for up to 3 years.)
• Exporting inspection reports (in Word
format)
• Inspection reports can be sent by email.
One-Stop Topology O&M: Two-Layer Network Visibility (Physical and

Logical), Locating Typical Faults via One Click
1. Multi-dimensional status 2. Two-layer network visibility (physical 3. One-click locating of
visualization and logical) typical faults
• Extensive tips and shortcut menus Provide the site view and device view, enabling Diverse O&M methods: alarms,
• Topology layout customization, focusing on visibility between the logical layer and physical layer. ping/tracert, and entry query, locating
key areas Drill down layer by layer to pinpoint the root causes of faults via one click.
faults.
Step 1: Demarcate the fault. Step 2: Locate the fault. Step 3: Diagnose the fault.
• Check the VPN site view to determine the • Check the corresponding device or Use multiple diagnosis tools to drill
fault scope. link to determine the faulty object. down to the root cause.
• Add or remove sites to focus on key areas. • Check the health data to determine
the fault cause.
Interface down
Extensive
visualized KPIs
User-defined
key areas
Port disconnection alarm
Agile Reports: Improving O&M Experience and Facilitating

Decision-Making
Service monitoring, identifying issues Issue analysis Decision-making
Self-service data
Simple operations Dashboard Periodic task
analysis
Drag and drop dimensions and • Multi-dimensional KPI data, gaining Quick filtering by time, field, top N, and • Creating periodic tasks
measurements to quickly generate insights into the overall service status comparison items, facilitating self- • Exporting Excel or PDF reports
reports • Abundant graphic components, which service data analysis
are intuitive and easy to understand
• Customized layout and flexible
adjustment
ZTP Intelligent O&M
CampusInsight supports AR management, WAN network health

visualization, and E2E network visual O&M
WAN health
Intelligent O&M of WANs:
AR device health evaluation
is added on the wired health
dashboard.
Details include health

overview, device
environment, device
capacity, network
performance, health trend,
network status, etc.
ZTP Intelligent O&M
CampusInsight provides four types of intelligent analysis, adding

20+ AR issue analysis and continuously enhanced
Checking whether a network Checking whether physical
port is abnormal components are abnormal
• Device fault • Repeated SFU fault
• A port goes down. • PoE power
• Device disconnection • Inconsistency between hardware-
• A port frequently alternates supply fault
• Repeated device restart and software-based entries
between up and down states. • Repeated PoE
• Modular switch cluster • Fan module fault
• A port goes Error-Down. fault
split/Dual-active modular • Power module fault
• A physical port is suspended.
switch cluster • Threshold-crossing for the storage
• An optical module is
• LPU fault life
abnormal.
• Repeated LPU fault • Abnormal board temperature
• MPU fault • Abnormal file system
• Repeated MPU fault • Expiration of virtual licenses
• SFU fault • Expiration of other licenses
• Threshold-crossing for ARP entries • Repeated AC restart • Repeated AP restart
• Threshold-crossing for MAC entries • Insufficient AP power supply
• Threshold-crossing for FIB forwarding resources
• Threshold-crossing for ND forwarding resources (IPv6)
• Insufficient ACL resources
• Threshold-crossing for storage capacity
• Threshold-crossing for CPU
• Threshold-crossing for memory
• Threshold-crossing for CPU on the forwarding plane (AR)
• Failure to apply for the table entry memory on the
• Layer 2 loop
forwarding plane (AR)
• Port congestion and queue congestion
• Threshold-crossing for the block memory on the
• Error packets on a port
• Packet loss due to CPCAR exceeding
• Threshold-crossing for forwarding entries (AR)
• Traffic prediction for possible threshold-crossing
• Threshold-crossing for SAC/SPR/IPS flow tables on the
• Threshold-crossing for flow table sessions on the
forwarding plane (AR) Checking whether data transmission is
• Threshold-crossing for EVPN links (AR)
• Lower BUF data on the forwarding plane than the abnormal, affecting the throughput
threshold (AR)
Checking whether the device resource quantity

or capacity is sufficient
Contents
1 SD-WAN Trends

2
1
3
4
2 Success Stories
NetEngine AR iMaster NCE
Full-Lineup of SD-WAN-Capable NetEngine ARs: High
Performance and Extensive Interfaces
HQ/Large branch NetEngine AR6300
NetEngine AR8140 NetEngine AR6280
NetEngine
AR6300/AR6200 5G SIC card
series (applicable to all
New SRU-400H/SRU-600H SRU-400H/SRU-600H AR6000 models)
SME branch
NetEngine NetEngine AR6121E NetEngine AR6140E-9G-2AC

AR6100 series
Small enterprise
NetEngine AR651 NetEngine AR651W NetEngine AR657W NetEngine AR651W-8P
NetEngine
AR650 series
NetEngine AR617VW-LTE4
SOHO
NetEngine AR611W/AR611 NetEngine AR617VW NetEngine AR617VW-LTE4EA
NetEngine
AR610 series
(Latin America only)
NetEngine AR: New SD-WAN Engine with 3x Industry Performance and 5G Ultra-Broadband
NetEngine AR6300: 3 Gbps

3x↑ SD-WAN Architecture &
algorithm innovation Industry: 650 Mbit/s to 1 Gbps
performance
Link of Tolly Test Report
+
CPU + NP + hardware Multi-core ARM CPU (L4-L7 service processing)
acceleration engines CPU + NP heterogeneous forwarding
AI (In
... 3x industry performance
SA
IPsec acceleration acceleration
future)
Core 1 Core 2 Core 3 ... Core N

Extensive built-in hardware acceleration
... engines
• IPsec, SA, HQoS, and ACL acceleration engines
Packet scheduling and ordering engine (POE)
• AI-based expansion
Ultra-fast algorithm, doubling

Hardware- ACL
based
HQoS
performance
NetEngine AR forwarding
acceleration acceleration
• Unique acceleration instruction set
NP (L2-L4 traffic offload) • AI-driven ACL and route matching
NetEngine AR8000: High-Performance Hub
Customer benefits:
Hub • High-performance SD-WAN hub gateway with a
New
maximum of 20 Gbps SD-WAN performance
• Large management capacity: up to 6000 CPEs
• High-density interfaces: highest density of
AR8000
NetEngine AR8140-12G10XG built-in 10GE interfaces in the industry
• Small size (1 U), saving rack space
Internet MPLS
Model AR8140-12G10XG/AR8140-T-12G10XG
Basic SD-WAN performance (IMIX) 20 Gbps
AR651W Upstream interfaces 4 x GE combo, 6 x 10GE optical
AR6140E-9G-2AC Downstream interfaces 4 x GE combo, 4 x 10GE optical, 4 x GE electrical
Memory 16 GB
Terminal
Power supply redundancy Supported

Terminal
Small branch Midsize branch Expansion slots 4 x SIC
Note: AR8000 series are only used for SD-WAN scenrios.

Huawei iMaster NCE: Open Architecture, Multi-Tenancy, High Reliability
Analytics Third-party Other

VASs OSS/BSS
system VAS applications
3+2 cluster and extensions, manage upto 20K sites

Heartbeat
Controller Controller
Northbound cluster ... cluster ...
200+ RESTful APIs of four categories Data
APIs (active) synchronization
(standby)
WAN Bandwidth: > 100 Mbit/s

Latency: < 100 ms
Service Plug-and- Traffic Security VAS Visualized
functions play policy policy management O&M
SD-WAN ...
controller DR
Cluster Multi-tenant Tunnel Device
management management management configuration System administrator
Basic
functions Log Alarm Network
Device upgrade
management management inspection
MSP1 ... MSP n

Southbound
NETCONF
APIs
Tenant 1 Tenant 2 Tenant 3 Tenant n
Network Site Site Site Site Site

CPE IWG
devices
Multi-tenancy: hierarchical authorization
and flexible operation
Contents
1 SD-WAN Trends

2
1
3
4
2 Success Stories
Huawei NetEngine AR Routers and SD-WAN Solutions
Serve 50,000+ Global Customers
No.1
No. 2 No.1 Compound annual growth rate
Global enterprise router market Chinese enterprise router market (CAGR) in the last 5 years (among
mainstream vendors)
Huawei NetEngine AR @ CCB: Building the First-of-Its-Kind
5G Smart Bank
Building the first 5G smart branch
 High-speed Ethernet and 5G access, meeting the large bandwidth

and low latency requirements of AR/VR services
 Application-based intelligent traffic steering and optimization,
ensuring optimal service experience
 Device plug-and-play, automated service deployment, and visualized
O&M
Interactive games Finance capsule

STM — remote
assistance Simulation robot Home banking
Huawei SD-WAN @ Ping An Technology: Optimizing AI Customer Service
Experience and Shortening the Insurance Policy Issuance Time from 2 Hours to 10 Minutes
Providing optimal link assurance and ultimate

experience for the AI customer service
 Replacing 2–10 Mbit/s MPLS links with 10–30 Mbit/s Internet links to carry the AI customer service, reducing the
private line costs by 40%
 Application-based intelligent traffic steering, ensuring the AI customer service experience
 Branch network provisioning in minutes, device plug-and-play, requiring no professional personnel and no onsite
deployment
 Status visualization from multiple dimensions, including the network, branch nodes, users, and applications, simplifying
O&M, automating the entire process, and reducing outsourcing service manpower
43
Huawei Confidential
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home and
organization for a fully connected,
intelligent world.
Copyright© 2021 Huawei Technologies Co., Ltd.

All Rights Reserved.
The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors
that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.

Huawei SD-WAN Solution Technical Presentation

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Huawei SD-WAN Solution Technical Presentation

Uploaded by

Copyright:

Available Formats

Huawei SD-WAN Solution Technical Presentation

Security Level: Internal Publicity

Huawei SD-WAN, Facilitating Enterprise

SD-WAN: entering a period of

Intelligence Cloudification Video IoT

Futuriom: 2020 SD-WAN Infrastructure Survey

Carrier B2B Finance Large enterprise

2. How to meet complex networking On-demand interconnection, high-quality network

Intelligent traffic steering, intelligent experience

Unified management and control, intelligent O&M

Huawei SD-WAN, Facilitating Enterprise

32 Huawei SD-WAN Product Panorama

ZTP, enabling automated deployment

On-demand interconnection, high-

• USB-based deployment • Inter-site access • Application identification • Service visibility

ZTP: Minute-Level Network Provisioning

Multi-tenant RESTful API Subscription

USB-based Email-based DHCP-based

Batch operation of Applicable to scenarios with DHCP scenario, no

Multiple Flexible ZTP Modes, Ideal for Various Scenarios

Email-based deployment DHCP-based deployment USB-based deployment

Simplified/Batch Deployment, Higher Deployment Efficiency

Long time Template-based

Complex operations One stop

High skill Site replication

Flexible Networking Models, Meeting Diverse Branch Network Requirements

Multi-Hub Solution: Improving the Interoperability and Reliability for DCs

Requirements & Challenges

ISP1 ISP2 ISP3

• A maximum of 8 southbound and northbound service hubs

MPLS Branch Interconnection: Dual-Domain Network Interconnection,

3 Dedicated IWG IWG MPLS branch interconnection

2 Centralized Hub to implement smooth evolution.

PE • Local access: Local breakout through a CPE needs to be

Challenges in Migrating Enterprise Services to the Cloud in Different Scenarios

Google Host VPC/VNET Host VPC/VNET Host VPC/VNET Google

Youku Office 365 Youku Office 365

MPLS Internet Internet

Branch Branch Branch Branch

Huawei Cloud On-Ramp, Enabling Flexible Access to Clouds

Cloud on-ramp for SaaS

① Direct access to SaaS services Cloud on-ramp for IaaS

③ • Support for multi-tenancy: isolation of management and

Multiple Identification Methods: Matching Applications in a Refined Manner

Application Experience–Centric Intelligent Traffic Steering, with Bandwidth Utilization

Traffic steering based on bandwidth utilization

Higher-priority applications Higher-priority applications

Zero packet loss for key services

Multi-fed and selective receiving, proactively

Intelligent A-FEC: Smooth Video Experience at 30% Packet Loss Rate

Enhanced Proactive Defense Capabilities of CPEs: Offering E2E

CPE: next-gen AR6000

Difficult and Inefficient Traditional Enterprise Branch O&M

Numerous devices (switch, Wi- Long provisioning period

Complex traditional service

Integrated O&M Platform, One-Stop Deployment of LAN/WAN Networks

Simplified O&M: Service Visualization, Large-Screen Monitoring, and

Quick detection of traffic

Quick locating of faulty

Large-Screen Monitoring: Global Insights into Networks and Ultimate O&M

Multi-dimensional data On-demand customization Ultimate experience

Rights- and Domain-based Management: Layer-