CloudWAN SD-WAN

V100R020C00
Demo Introduction

Security Level:
Contents

1 SD-WAN Solution Overview

2 Demonstration Environment and Network Topology

3 Demo Case
Intent-Driven SD-WAN Solution Architecture
No. Component Function
Underlay Tenant/Carrier portal
Network management
RESTful 1. Network service orchestration
Control plane
2. NE control
Northbound network service layer
3. Basic network O&M
 VPN, traffic steering, QoS,
security, and WOC
CPE-VIM O&M 4. CPE orchestration and management
iMaster NCE iMaster
 5. Basic performance monitoring: real-time
Southbound NE layer
NCE
multi-dimensional statistics such as link
quality information, application quality
information, traffic information, and intra-site
and inter-site statistics
RR
 VPN routing and tunnel information distribution
between CPEs based on VPN topology policies
 RR Physical AR routers or vCPEs can function as RRs.

RRs can be deployed independently or together
 vCPE
Internet with CPEs at a site.
Public cloud
CPE Egress CPE of a site, which can be a traditional
 CPE
CPE or an NFV vCPE.
 MPLS VPN
Multi-tenant gateway that can be
DC/Private cloud  IWG
Traditional L3 CPE vCPE
interconnected with the MPLS PE.
Branch/Campus
IWG
Note: vCPEs are restricted for sales and currently can only be used
in testing.
Huawei SD-WAN: Accelerating Cloudification of Carriers' B2B Services and Enterprise Services

5G ultra-broadband, on-demand interconnection

• 5G gigabit wireless links: 230 Mbit/s UL, 900 Mbit/s DL (SA architecture)
Full-process
automation • CPU+NP heterogeneous forwarding architecture, 3x industry
Network
performance, non-blocking forwarding
Site deployment Application plicy Visualized O&M
orchestration • On-demand orchestration of 20+ networking models, large-scale
networking capability of up to 13,000 CPEs
• Multiple cloud access modes, one hop to cloud
RR RR
Distributed control components
Intelligent traffic steering, intelligent experience
RR • Multiple application identification methods, first packet identification
5G Robot service
(FPI) + service awareness (SA) + customized application
VR finance
identification, doubling identification accuracy and efficiency
• Application-based intelligent traffic steering, on-demand scheduling
MPLS
VTM Cloud of 5G and fiber links
MSTP • A-FEC, ensuring no frame freezing even at 20% video packet loss
Counter service
• Enhanced proactive defense capabilities and built-in IPS/firewall
functions of CPEs, ensuring E2E security
NetEngine 5G AR
NetEngine 5G AR Unified management and control, intelligent O&M
Wi-Fi
• Multiple ZTP modes (email-, DHCP, USB-based deployment), minute-
level network deployment
... ... • Visualized O&M by application, site, device, and link, centralized
Counter VTM VR finance
Customer
service robot
management, and simplified O&M
Large/Midsize branch Small branch
• Unified management across WAN, LAN, and security, one set of iMaster
NCE-WAN for centrally managing switches, Wi-Fi devices, routers, and
firewalls
Mapping Between Intent-Driven SD-WAN Components and Versions

Solution/Component Version Description

Intent-Driven SD-WAN
V100R020C00 Horizontal WAN solution
Solution

NetEngine AR6300: ideal for enterprise headquarters and large branches

NetEngine AR6280: ideal for midsize and large branches
NetEngine AR router V300R019C11
NetEngine AR6100: ideal for midsize and small branches
NetEngine AR650: ideal for small branches and SOHO

SD-WAN controller: site configuration and ZTP, overlay network

orchestration, application policy configuration (application-based traffic
iMaster NCE-WAN V100R020C00
steering, ACL, HQoS, and Internet access), security policy, O&M, and
monitoring
Connection between SD-WAN network domains and legacy network
IWG V300R019C11 domains
General-purpose CPE: functioning as an IWG

Note: The components in the red-framed box are used in the demo.
Contents

1 SD-WAN Solution Overview

2 Demonstration Environment and Network Topology

3 Demo Case
DemoCloud Environment
iMaster NCE

Scenario 1: Single- Scenario 2: Dual- Scenario 3: Dual- Scenario 4: Dual-Hub

Gateway&WAN Links Scenario 5: Dual-Hub
Gateway Gateway&Multi Links Flattened Networking
Networking Hierarchical Networking
Networking Networking
Hub1 Hub2
MPLS1 Hub1 Hub2

MPLS Internet MPLS Internet

MPLS Internet
MPLS Internet
Border1 Border2
MPLS Internet
Site
Site Site MPLS Internet

Site
Site
LAN-side device LAN-side device LAN-side device
LAN-side
device LAN-side
device

In this scenario, a single device In this scenario, two devices In this scenario, two devices In this scenario, the hub-spoke In this scenario, the hub-border-
is deployed at the site. The and two WAN links are and three WAN links are two-layer network (for financial spoke three-layer network (for
corresponding DemoCloud deployed at a site. The deployed at a site. The services) is used. The financial services) is used.
environments are as follows: corresponding DemoCloud corresponding DemoCloud corresponding DemoCloud The corresponding DemoCloud
SD-WAN-Topo1(Single-user) environments are as follows: environments are as follows: environment is as follows: environment is as follows:
SD-WAN-Topo2(Single-user) SD-WAN-Topo6(Single-user) SD-WAN-Topo5-1~8(Multi-User) SD-WAN-Topo7(Single-user) SD-WAN-Topo8(Single-user)
SD-WAN-Topo3(Single-user) SD-WAN-Topo5-1~3(View)
SD-WAN-Topo4(Single-user)
Note: The information in red indicates the SD-WAN environment name in DemoCloud.
• The Multi-User environment is shared by multiple users in a physical environment. Most cases in this scenario can be experienced.
• The Single-User environment is a dedicated environment. Users can use a single physical environment and experience all cases in this scenario.
• The View environment is a shared view environment, which provides only the service view function.
 DemoCloud SD-WAN Use Cases
Scenario 2: Dual-
Scenario 3: Dual- Scenario 4: Dual-
Scenario 1: Single- Gateway&WAN Scenario 5: Dual-Hub
Gateway&Multi WAN Links Hub Flattened
DemoCloud Use Cases Gateway Networking Links Hierarchical Networking
Networking Networking
Networking
Single-user Single-user Multi-User View-Only Single-user Single-user
Email-based deployment
Network
deployment DHCP-based deployment
(ZTP)
Service access
Application-based intelligent
traffic steering
Intelligent traffic steering and
automatic switchover
Application Intelligent traffic steering
experience based on load balancing
A-FEC

Local breakout

Centralized Internet access

Service security URL filtering

Visualized monitoring

GIS-based monitoring
O&M
management Real-time fault alarm
Role-based access control
(RBAC)
CPE redundancy
Reliability
Dual hubs for load balancing
Contents

1 SD-WAN Solution Overview

2 Demonstration Environment and Network Topology

3 Demo Case
 Demo Environment and Nodes of the Dual-Hub Flattened Networking
(Topo7)
1. Site: a branch network of an enterprise. Site1 uses dual gateways, and Site2 uses
DC1 PC1 PC2 DC2
a single gateway.

SW1 SW2 2. CPE: egress gateway device, which is an edge node on the SD-WAN network.
DC

3. Hub: The hub is connected to the router in the DC in off-path mode and
RT1 RT2
functions as an RR to distribute VPN routing and tunnel information between
Hub-1 Hub-2 CPEs. In this scenario, the RR is independently deployed under a tenant.
4. iMaster NCE: SD-WAN controller, responsible for network management, service
provisioning, and network O&M.
MPLS Internet 5. Network impairment emulator: simulates network link quality changes by
iMaster NCE changing indicators such as the delay, jitter, and packet loss rate of network links.
Network 6. PC: PC at the site. The following software is run on the PC to simulate different
impairment
applications in intelligent traffic steering:
emulator
• FTP/HTTP client and server: simulate FTP and HTTP application traffic in the
intelligent traffic steering function.
Access layer

Site1-CPE Site2-CPE
• JPerf client and server: simulate UDP traffic in application-based load
balancing.
PC3 PC4 PC5 • VLC: a media player, which is used to simulate video on demand (VoD)
services in A-FEC.
Site1 Site2 Legacy site 7. MPLS/Internet: In this environment, a switch is used for simulation.

MPLS WAN Internet WAN LAN

 Demo Environment and Nodes of the Dual-Hub Hierarchical Networking
(Topo8)
1. Site: a branch network of an enterprise. Site1 uses dual gateways, and Site2 uses
DC1 PC1 PC2 DC2
a single gateway.
DC

SW1 SW2 2. CPE: egress gateway device, which is an edge node on the SD-WAN network.
3. Hub: The hub is connected to the router in the DC in off-path mode and functions
RT1 RT2 as an RR to distribute VPN routing and tunnel information between CPEs. In this
Hub-1 Hub-2 scenario, the RR is independently deployed under a tenant.
4. Border: aggregation device, which is connected to a router at the aggregation
MPLS Internet layer in off-path mode.
iMaster NCE 5. iMaster NCE: SD-WAN controller, responsible for network management, service
Aggregation layer

provisioning, and network O&M.

RT3 RT4 6. Network impairment emulator: simulates network link quality changes by
changing indicators such as the delay, jitter, and packet loss rate of network links.
Border-1 Border-2
7. PC: PC at the site. The following software is run on the PC to simulate different
applications in intelligent traffic steering:
• FTP/HTTP client and server: simulate FTP and HTTP application traffic in the
MPLS Internet
Network
intelligent traffic steering function.
impairment
PC3
• JPerf client and server: simulate UDP traffic in application-based load
emulator
balancing.
Site1-1 Site1-2 Site2-CPE
• VLC: a media player, which is used to simulate video on demand (VoD)
Access layer

services in A-FEC.
SW4
8. MPLS/Internet: In this environment, a switch is used for simulation.

PC4 PC5
Site1 Site2

MPLS WAN Internet WAN LAN

DemoCloud Dual-Hub Flattened Networking Environment and Device
Appearances

Environment Site Device Model

Hub1 AR6280
AR6280
Hub2 AR6280
Topo7
Site1 AR6121

Site2 AR6121

AR6121

Note: All devices on this slide are used only for DemoCloud function demonstration. For details about the
models available for sales in each region, see the SD-WAN Sales Guide.
DemoCloud Dual-Hub Hierarchical Networking Environment and Device
Appearances

Environment Site Device Model

Hub1 AR6300

Hub2 AR6300
AR6300
Border1 AR6140-9G-2AC

Topo8 Border2 AR6140-9G-2AC

Site1-1 AR651 AR6140-9G-2AC

Site1-2 AR651

Site2 AR6120
AR651

AR6120
Note: All devices on this slide are used only for DemoCloud function demonstration. For details about
the models available for sales in each region, see the SD-WAN Sales Guide.
Environment Pre-configuration (1/4)

1. Network Network infrastructure

SW1 SW2
infrastructure iMaster NCE
Pre-
Description
Hub-1 Hub-2 configuration

RT1 RT2 Gateway

The physical network has been
Device
configured. All CPEs are connected to
2. Controller: interconnectivity
the MPLS network and Internet.
iMaster NCE MPLS Internet
Basic IP routing configuration has
AGG been completed on each device to
IP routing
implement interconnection on the
RT3 RT4 underlay network.

3. Site1 and Site2 Border-1 Border-2 Network

The network impairment emulator
has been installed and deployed on
impairment
the network. By default, the network
SW3 emulator
MPLS Internet link quality does not change.
Network
impairment Note: When you demonstrate the SD-WAN Solution on
4. PCs at sites emulator DemoCloud, some peripheral components are required. To
facilitate the demonstration, the peripheral components
Site1-1 Site1-2 have been pre-configured. Here, the pre-configurations in
Site2-CPE the dual-hub hierarchical networking are used as an
SW4 example. The pre-configurations of the dual-hub flattened
Site1 Site2 networking are similar, except that border devices are not
involved.
Environment Pre-configuration (2/4)

1. Network Controller: iMaster NCE

SW1 SW2
infrastructure iMaster NCE

Hub-2 Pre-
Hub-1 Description
configuration
RT1 RT2 Gateway
Software installation and initial
2. Controller: configuration have been
Software
iMaster NCE completed on the SD-WAN
MPLS Internet installation
controller, and the
AGG and license
interconnection between the SD-
loading
WAN controller and the email
RT3 RT4 server has been configured.
3. Site1 and Site2 Border-1 Border-2 The super administrator, MSP,
Account and tenant accounts have been
MPLS Internet SW3 created.

Network Site templates have been created

4. PCs at sites impairment Site template for Hub1, Hub2, Border1,
emulator Border2, Site1, and Site2.
Site1-1 Site1-2
Application The application groups and
Site2-CPE
group and traffic classifiers related to
SW4 traffic
Site1 Site2 applications such as HTTP and
classifier FTP have been created.
Environment Pre-configuration (3/4)

Hub, border, and Site1

Pre-
Description
1. Network configuration
SW1 SW2
infrastructure iMaster NCE
Hub1 and Hub2 have been deployed
Hub-1 Hub-2 Hub online
and managed by iMaster NCE.
RT1 RT2 Gateway
Border1 and Border2 have been
Border online deployed and managed by iMaster
2. Controller: NCE.
iMaster NCE MPLS Internet
Site1 has been deployed, and related
AGG Site online CPEs have been brought online and
managed by iMaster NCE.
RT3 RT4
3. Hub, border, and VPN-based topology orchestration and
Site1 Border-1 Border-2 service provisioning (overlay) have
been completed for the hub, border,
Site
and Site1.
MPLS Internet SW3 interconnection
LAN-side ports and IP addresses have
been configured, and routes are
reachable.
网络损伤仪
4. PCs at sites
The network-wide application
Traffic
identification and traffic monitoring
Site1-1 monitoring
Site1-2 functions have been enabled.
Site2-CPE
The application-based intelligent traffic
SW4 Traffic steering steering policy has been configured and
Site1 Site2 policy delivered to the hub, border, and CPEs
at Site1.
 Environment Pre-configuration (4/4)
PC1 PC2 PCs at sites

Pre-configuration Description
1. Network
SW1 SW2
infrastructure iMaster NCE The IP addresses and default
Hub-1 Hub-2 gateways have been
PC1~PC4
configured for network
RT1 RT2 Gateway
adapters.

2. Controller: iMaster The default gateway of PC5

NCE has been configured. The
MPLS Internet default gateway is used by
AGG the PC to access the email
server on the Internet to
RT3 RT4 implement email-based
PC5
deployment.
3. Site1 and Site2 Border-1 Border-2 A static route destined for
Site2-CPE has been
MPLS Internet SW3 configured on PC5. Site2 can
communicate with other
Network sites.
impairment
4. PCs at sites PC3 The FTP and HTTP services
emulator HTTP and FTP
have been enabled on PC1
services
Site1-1 Site1-2 (server) and PC4 (client).
Site2-CPE The JPerf software has been
JPerf
SW4 installed on PC1 and PC4.
Site1 Site2
PC5 VLC VLC has been installed on
(media player) PC1 and PC4.
PC4
Summary of Environment Pre-configuration
Pre-configuration Item Description

• Devices have been connected through cables, and the connectivity of the underlay is normal.
Network infrastructure • Routes have been configured for the traditional router, which is connected to the AR in off-path mode.
• The network impairment emulator has been connected to the network.

• iMaster NCE has been installed and deployed. The super administrator, MSP, and tenant accounts have been created.
• iMaster NCE has been connected to the email server.
Controller: iMaster NCE
• Site templates have been created.
• Application groups and traffic classifiers related to HTTP and FTP have been created.

Hub, border, and some sites
• The hub, border, and some sites have been brought online and managed by iMaster NCE. The hub, border, and some
sites (except the site used to verify the deployment) can work properly.
• LAN-side ports and IP addresses have been configured for CPEs that have been deployed.
• VPN-based topology orchestration and service provisioning have been completed. Traffic monitoring and traffic
steering policies have been configured.

• The IP addresses and default gateways have been configured for network adapters on PCs at all sites.
PCs at sites • The HTTP, FTP, JPerf, and VLC software has been installed on the PCs at some sites.
• The PC used for deployment can access the Internet and receive emails.

The underlay and overlay networks have been configured for all sites except the site used to verify the deployment.
 Mapping Between Demonstration Scenario Requirements and Key Solution
Features Scenario description: The SD-WAN Solution implements WAN interconnection between bank branches.
This use case simulates the scenarios where a bank deploys new sites and provisions new services on the
Office service Production service existing network that is reconstructed into the SD-WAN network, optimizes links for key services, and
OA PA performs routine O&M.
User requirements Solution features

HQ DC1 DC2 Site deployment: ZTP for new branches ZTP

office/Level-1 (active) (standby)
branch HUB1 HUB2 Inter-site access: A physical network carries multiple services
(active) (standby) • Multi-VPN and multi-topology
(office and production). Services are isolated from each other
• VPN-based virtual network
and the logical network structure can be flexibly defined.

Intelligent traffic steering: Multiple WAN links exist at a site. • Application-based intelligent traffic
Key services need to be carried on high-quality links or steering
automatic switchover needs to be implemented when the • SLA-based automatic traffic steering and
ISP1 ISPN link quality deteriorates. Multiple WAN links need to be switchover
fully used to improve link bandwidth utilization. When link • Application- and link-based load balancing
quality deteriorates, links are automatically optimized to • A-FEC, no freeze frame even at 20% packet
ensure user experience. loss
Site-to-Internet: Internet access modes can be flexibly • Local breakout
Level-2 Border1 Border7 defined for different sites or departments. • Centralized Internet access
branch
Site security: Users' access to unauthorized or enterprise-
prohibited websites needs to be prevented. URL filtering

O&M management: • Visualized monitoring of sites, links,

ISP1 ISP2 ISPi ISPj
• Network and service visibility, real-time monitoring, and applications
application awareness, and fault reporting • GIS-based network O&M
• Different management rights configured for • Real-time alarm
different users • Role-based user permission control
Subbranch Micro Micro
branch 1 branch N Reliability:
PA • Device-level redundancy is implemented for DCs or • Dual-gateway redundancy at a site
OA PA OA
important sites. • Dual hubs for load balancing
• Traffic is load balanced between DCs, improving
OA PA VPN instance bandwidth utilization.
 Further Understanding of Underlay and Overlay Network Requirements
Underlay (physical) network topology Overlay (virtual) network requirements

DC1 PC1 PC2 DC2 • Services (including overlay topology, routing, and security) are
automatically orchestrated, and overlay tunnels are established
SW1 SW2
DC

between sites through EVPN on the control plane. GRE over IPSec is
used to encapsulate data on the forwarding plane.
Topology of VPN1
RT1 RT2 • Two virtual networks (office and production) are constructed using
(office)
Hub-1 Hub-2 VRF. Services are isolated from each other. Different VPNs use
independent topologies and policies.
MPLS Internet • Diverse WAN-side traffic steering policies are provided, including
iMaster NCE traffic steering based on applications (L3–L7), optimal link between
Aggregation layer

primary and secondary links, link priority, and load balancing.

RT3 RT4
• WAN optimization: A-FEC ensures smooth video experience even at
Topology of VPN2 20% packet loss.
Border-1 Border-2 (production)
• The Internet access mode (local Internet access and centralized
Internet access) can be selected based on users or services.
MPLS Internet • The CPE provides built-in firewall functions (security policy, URL
Network
impairment PC3 filtering, and IPS), IPSec, and ACL.
emulator • The SD-WAN controller implements simplified O&M and visualized
monitoring, helping you learn about the network-wide status, top
Site1-1 Site1-2 Site2-CPE
Access layer

applications, and alarms, as well as facilitate quick fault locating in

real time.
SW4
Note: This slide uses the dual-gateway hierarchical networking as an example
to describe the underlay and overlay networks. The implementation and
PC4 PC5 mechanism of the dual-gateway flattened networking are similar.
Site1 Site2
MPLS WAN Internet WAN LAN
 Demo Overview

Network Application O&M

1 2 3 Service security 4 5 Reliability
deployment experience management

1.1 Email-based 2.1 Application-based 3. CPE built-in firewall: 4.1 Visualized 5.1. CPE redundancy
deployment intelligent traffic URL filtering monitoring 5.2 Dual hubs for load
1.2 Service access (VPN- steering 4.2 GIS-based balancing
based service isolation + 2.2 Intelligent traffic monitoring
flexible networking) steering and automatic 4.3 Real-time fault
switchover alarm
2.3 Intelligent traffic 4.4 Role-based access
steering based on load control
balancing
2.4 A-FEC
2.5 Local breakout
2.6 Centralized Internet
access
Demo Procedure (1/2)
No. Use Case Description

1.1 Email-based deployment Quickly deploy a new site through an email.

Sites can communicate with each other based on the hub-spoke, full-mesh, or partial-mesh
Service access (hub-spoke, full-mesh, and multi-
1.2 networking. In addition, VPNs can be isolated from each other, with varying networking for each
VPN and multi-topology)
VPN.
Traffic of different applications (L3–L7) can be transmitted over different links (primary and
2.1 Application-based intelligent traffic steering
secondary links). The link quality can be automatically detected.
Intelligent traffic steering and automatic If the link quality deteriorates and the switching conditions are met, traffic is automatically switched
2.2
switchover to a qualified secondary link.

2.3 Intelligent traffic steering based on load balancing On a multi-link network, per-flow load balancing can be implemented.

2.4 A-FEC A-FEC ensures smooth video experience even at 20% packet loss.

2.5 Local breakout Sites can access the Internet through local Internet links.

All the other sites can access the Internet through the centralized Internet site, where dual CPEs can
2.6 Centralized Internet access
be deployed in active/standby mode to function as gateways.
The CPE provides built-in firewall functions. Fuzzy search can be performed against the URL blacklist
3 Built-in firewall: URL filtering
and whitelist based on keywords to filter specific web pages.
Visualized monitoring (site, link, and application
4.1 Visualized monitoring pages are provided for site, link, and application data.
data)

4.2 GIS-based monitoring Basic site information and physical locations are displayed based on the GIS map.
Demo Procedure (2/2)
No. Use Case Description

4.3 Real-time fault alarm Alarms are generated in real time for site faults, and users can be notified of these alarms by email.

4.4 Role-based access control Different permissions are configured for different accounts or users based on roles.

CPE redundancy (Topo8 available for When one CPE at a site fails (regardless of whether the fault occurs on the WAN side, LAN side, or interlink),
5.1
demonstration)
traffic can be transmitted through the other CPE, ensuring service continuity.

In dual-hub mode, branch services can be load balanced to different DCs (hubs) based on routing policies to
5.2 Dual hubs for load balancing improve the bandwidth utilization of the current link. The two DCs back up each other. If one hub or its link is
faulty, traffic is diverted to the other hub.
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 1.1: Email-based Deployment

DC1 PC1 PC2 DC2 (1) Site design and pre-configuration
• On iMaster NCE, import device and site information in batches,
SW1 SW2
DC

create sites, and add site devices.

RT1 RT2 • Prepare ZTP configurations, encrypt information such as the device
link, WAN port, WAN port address obtaining mode, and protocol,
Hub-1 Hub-2
write the information into a URL, and send the URL to site engineers
MPLS Internet through an email.
iMaster NCE
(2) Device plug-and-play (onsite operation)
Aggregation layer

RT3 RT4 • Connect cables and power on the CPE.

• Connect a PC that receives the email for deployment to any port of
Border-1 Border-2
the device and access the URL in the email. Then the basic underlay
configurations are delivered to the device, and the device initiates a
MPLS Internet registration request to and is managed by iMaster NCE.
Network
impairment PC3 (3) Device management (iMaster NCE)
emulator
New • Check the device registration status.
Access layer

Site1-1 Site1-2 Site2-CPE

• iMaster NCE performs automatic orchestration and deployment
SW4 (tunnels, routes, etc.), and establishes tunnels between new sites
and RRs.
PC4 PC5
• iMaster NCE configures overlay LAN-side services.
Site1 Site2 (new site)
Note: This use case uses the dual-hub hierarchical networking as an example.
The procedure for the dual-hub flattened networking is the same.
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 1.2: Service Access

Hub
Topology of VPN1
(office) (1) Add a new site to an existing virtual network.
OA PA
• Add a new site to an existing virtual network. The new
site automatically establishes tunnels with other sites in

the virtual network based on the topology.

• iMaster NCE configures overlay LAN-side services.

MPLS Internet Topology of VPN2
(production) • The PC at the new site can communicate with other sites.
Border-1 Border-2
• Check the logical topology of the virtual network.

(2) Create the second virtual network (VPN2).

MPLS Internet
• Create the second virtual network VPN2, add sites to the

new virtual network, and set the topology.

Site2-CPE • iMaster NCE configures overlay LAN-side services.

Site1-CPE
• Check the logical topology of the virtual network.
OA PA OA PA

Site1 Site2

OA PA VPN instance Overlay tunnel

Note: This use case uses the dual-hub hierarchical networking as an example.
The procedure for the dual-hub flattened networking is the same.
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 2.1: Application-based Intelligent Traffic Steering

Hub1 Hub2

PC1 PC2 (1) Create traffic policies.

• Create different application groups in the predefined application
library.
Hub1-CPE Hub2-CPE
• Create traffic classifiers and bind them to different application groups.
• Bind traffic classifiers into traffic policies. In these traffic classifiers, set
MPLS Internet link switching conditions and primary and secondary links.

HTTP traffic FTP traffic (2) Deliver the traffic policies to devices and send application traffic.
• Deliver traffic policies to sites.
AGG
Border-1 Border-2 • Use a simulation tool to simulate application traffic at sites.
(3) Check application traffic statistics through visualized monitoring.

MPLS Internet • On iMaster NCE, check application traffic statistics through visualized
monitoring.

Site1-CPE Site2-CPE

PC3 PC4 Note: This use case uses the dual-hub hierarchical
networking as an example. The procedure for the dual-hub
flattened networking is the same.
Site1 Site2
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 2.2: Intelligent Traffic Steering and Automatic Switchover

Hub1 Hub2

PC1 PC2 (1) Simulate link quality deterioration.

• Check the traffic steering policy and switching conditions.

Hub1-CPE Hub2-CPE
• Use the network impairment emulator WANem to increase the MPLS
Primary link Secondary link link delay.
MPLS Internet
(2) Check application traffic statistics through visualized monitoring.

• On iMaster NCE, check real-time link monitoring information. HTTP

AGG
traffic is switched to the secondary link, and MPLS traffic is switched
Border-1 Border-2
to the Internet link. (The single-gateway networking does not support

real-time monitoring.)
Network MPLS Internet
impairment
emulator • On iMaster NCE, it is found that the quality of the MPLS link between

sites deteriorates.

Site1-CPE Site2-CPE

Note: This use case uses the dual-hub hierarchical networking as

an example. The procedure for the dual-hub flattened
PC4 PC5 networking is the same.

Site1 Site2
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 2.3: Intelligent Traffic Steering Based on Load Balancing (Dual-
Hub Flattened Networking)
Hub1 Hub2
(1) Create traffic policies.
PC1 PC2
• Create a UDP application group in the predefined application library.
• Create a traffic classifier and bind it to the UDP application group.
Hub1-CPE Hub2-CPE • Create a UDP traffic policy and bind the UDP traffic classifier to it.
In the traffic policy, set the same priority for the MPLS and Internet
When there are multiple WAN links and configure intelligent traffic steering based on load
Traffic
Traffic links, intelligent traffic balancing.
steering based on load
(2) Deliver the traffic policies to devices and send application traffic.
balancing can be configured.
• Deliver traffic policies to sites.
Internet
MPLS
• Use the simulation tool JPerf to simulate UDP traffic sent from
different ports.
Network impairment
emulator (3) Check application traffic statistics through visualized monitoring.
• On iMaster NCE, check inter-site application-based UDP traffic
Site1-CPE Site2-CPE statistics.

Note: Load balancing cannot be demonstrated in the dual-hub

hierarchical networking due to its implementation mechanism.
PC3 PC4 Therefore, this use case is demonstrated in the dual-hub flattened
networking.

Site1 Site2

Overlay tunnel
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 2.4: A-FEC

Hub1 Hub2

PC1 PC2 (1) Configure a traffic policy and deliver it to sites.

• Configure a traffic classifier based on the source and destination

Hub1-CPE Hub2-CPE IP addresses of the ACL.

• Configure a traffic policy, bind the traffic classifier for matching

MPLS Internet video streams to the traffic policy, and configure the video traffic
to be transmitted over only the MPLS link.

• Deliver the traffic policy to the site.

AGG
(2) Enable the WAN optimization function.
Border-1Border-2
• Start VLC on the PCs at the site and hub to simulate video
playback. The video is played smoothly.
MPLS Internet
Network
Impairment • Use the WANem to simulate 20% packet loss on the MPLS link.
emulator
Freeze frame and artifacts occur.

• Enable the optimization function and deliver the policy to the

Site1-CPE Site2-CPE
sites. The video is played smoothly, without freeze frame and
artifacts.
PC4 PC5
Note: This use case uses the dual-hub hierarchical networking
as an example. The procedure for the dual-hub flattened
Site1 Site2 networking is the same.
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Cases 2.5 and 2.6: Local Breakout and Centralized Internet Access
Hub1 Hub2
(1) Enable the local Internet access policy.
PC1 PC2 • Enable the local breakout function for Hub2 and configure traffic to
be transmitted over the local Internet link.
• Access the Internet on PC2 at Hub2 and check the Internet
Hub1-CPE Hub2-CPE
connectivity.
(2) Configure a centralized Internet access policy.
MPLS Internet • Access the Internet on PC4 at Site1. The Internet fails to be accessed.
• Enable the centralized Internet access policy and configure the CPE
at Hub2 as the gateway.
AGG
Centralized • Access the Internet on PC4 at Site1. The Internet is accessed
Border-1 Border-2
Internet access successfully. Perform tracert on the public network address and
check the traffic path. Traffic from PC4 to the Internet traverses
MPLS Internet
Hub2.
• (3) Enable the local Internet access policy for Site1.
Local Internet access • Enable the local Internet access policy for Site1.

Site1-CPE Site2-CPE • Access the Internet on PC4 at Site1. Perform tracert on the public
network address and check the traffic path. Traffic from PC4 to the
Internet is routed out through the local Internet link.
PC4 PC5 Note: This use case uses the dual-hub hierarchical networking as
an example. The procedure for the dual-hub flattened networking
is the same.
Site1 Site2
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 3: URL Filtering

Hub1 Hub2

PC1 PC2
Configure a URL-based security policy.

• Configure a URL-based security policy based on the

Hub1-CPE Hub2-CPE
blacklist to block access to the news/social website Sina.

• Access the website Sina on the PC at Hub2 or Site1. The

MPLS Internet
website Sina can be accessed properly.

• Deliver the URL-based security policy to Hub2 and Site1.

AGG
Border-1 Border-2 • Access the website Sina on the PC at Hub2 or Site1. The

website Sina cannot be accessed, and a message is

MPLS Internet displayed, indicating that the website is blocked.

• Access the website Amazon on the PC at Hub2 or Site1.

The website Amazon can be accessed properly.

Site1-CPE Site2-CPE
* Specific websites can be blocked through fuzzy match.

PC4 PC5 Note: This use case uses the dual-hub hierarchical networking
as an example. The procedure for the dual-hub flattened
networking is the same.
Site1 Site2
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 4.1: Visualized Monitoring

Hub1 Hub2

PC1 PC2

Hub1-CPE Hub2-CPE

MPLS Internet

Site data
AGG
Border-1 Border-2 Link quality
Application service

MPLS Internet
Real-time monitoring

Site1-CPE Site2-CPE

PC4 PC5

Site1 Site2
Note: This use case uses the dual-hub hierarchical networking as an example.
The procedure for the dual-hub flattened networking is the same.
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 4.2: GIS-based Monitoring

Hub1 Hub2

PC1 PC2

Hub1-CPE Hub2-CPE Display site information based on the GIS map

MPLS Internet

AGG
Border-1 Border-2

MPLS Internet

Site1-CPE Site2-CPE

Note: This use case uses the dual-hub hierarchical

PC4 PC5 networking as an example. The procedure for the dual-hub
flattened networking is the same.

Site1 Site2
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 4.3: Real-Time Fault Alarm

Hub1 Hub2

PC1 PC2

Hub1-CPE Hub2-CPE

Monitor site alarm information in real time and

display alarms by sound, text, and color.
MPLS Internet

AGG
Border-1 Border-2

MPLS Internet

Site1-CPE Site2-CPE

PC4 PC5 Note: This use case uses the dual-hub hierarchical
networking as an example. The procedure for the
dual-hub flattened networking is the same.
Site1 Site2
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 4.4: Role-based Access Control

Hub1 Hub2

PC1 PC2 (1) Create a role template.

Create a role template, which allows users to access only the

Hub1-CPE Hub2-CPE monitoring page.

(2) Create an account and bind it to the role template.

MPLS Internet
Create a user account and select the new role template.

(3) Log in to iMaster NCE.

AGG
Border-1 Border-2 Use the new account to log in to iMaster NCE and access
various pages. In addition to pages of the default functions, the

MPLS Internet new user can access only the monitoring page.

Site2-CPE
Site1-CPE Note: This use case uses the dual-hub hierarchical
networking as an example. The procedure for the
PC4 PC5 dual-hub flattened networking is the same.

Site1 Site2
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 5.1: CPE Redundancy

Hub1 Hub2

PC1 PC2
1. Perform an extended ping test between the two

Hub1-CPE Hub2-CPE sites to check the connectivity.

2. Shut down interfaces to simulate each of the three

fault points in the figure on the left in turn, and

MPLS Internet
check the service continuity between sites.

AGG
Border-1 Border-2

MPLS Internet

Site2-CPE
Note: This use case can be demonstrated only
Site1-CPE
in the dual-hub hierarchical networking.
PC4 PC5

Site1 Site2
 Network Application Service O&M
Reliability
Deployment Experience Security Management

Use Case 5.2: Dual Hubs for Load Balancing

Hub1 Hub2
OA OA
(1) Create an office virtual network.
PC1 PC2
• All sites belong to the office virtual network. Two hub sites
are deployed in active/standby mode on the virtual network.

Hub1-CPE Hub2-CPE • Configure the WAN-side route advertisement policy on the

two hubs.
• Configure LAN-side services on the virtual networks of the
MPLS Internet hub and site.
(2) Check the service path.

AGG • On the PC at Site1, perform the tracert operation on the PC

Border-1 Border-2 at Hub1. Traffic traverses Hub1.
• On iMaster NCE, perform the tracert operation on the PC at
Hub2 from the PC at Site2. Traffic traverses Hub2.
MPLS Internet
(3) Simulate a network fault on the hub.
• Shut down the WAN interface on the hub to simulate a
WAN link fault on the hub.
Site2-CPE • Perform the tracert operation on PCs at the hub sites from
Site1-CPE a PC at a branch site. The two hub sites back up each other.

PC4 PC5
OA OA Note: This use case uses the dual-hub hierarchical
networking as an example. The procedure for the dual-hub
Site1 Site2 flattened networking is the same.
OA VPN instance
 Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Thank you. Copyright© 2020 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors
that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.