01 Huawei High-Quality 10 Gbps CloudCampus Solution

Huawei High-Quality 10 Gbps CloudCampus Solution
Foreword
⚫ Campus networks are the cornerstone for digital transformation of enterprises and
organizations and also a bridge between the physical and digital worlds. Facing rapidly
emerging technologies and applications, enterprises and organizations urgently need to
deploy intelligent and reliable campus networks in a simplified and fast manner.
⚫ Huawei CloudCampus Solution is designed for enterprises of all sizes to build ultra-
broadband, intelligent, simplified, secure, and open intent-driven campus networks, enabling
enterprises to gain real-time insights into and quickly respond to network and service needs.
⚫ This course systematically introduces Huawei CloudCampus Solution, including the solution
architecture, key components, key functions and features.
1 Huawei Confidential
Contents
1. Huawei Campus Network Updates
2. Huawei High-Quality 10 Gbps CloudCampus Solution
3. Full-Lifecycle Management and Automation of Campus Networks
4. Ultra-Broadband Connectivity
5. Simplified Network
6. Multi-Purpose Network
7. Access Authentication
8. Intelligent Policy
9. Intelligent O&M
10. Intelligent Security
A trusted partner for global customers in diverse industries
---Helping to accelerate digital transformation and unleash digital productivity
Government Finance Education ISP Energy Transportation

1160+ 1120+ 1180+ 2600+ 320+ 380+
60+ 50 32 100+ 20 230,000

national broadband of top 100 of QS top 100 countries and of top oil giants kilometers of railways
networks banks universities regions and highways
267 35,000+ 470,000+

of Fortune Global 500 partners across 8 categories Huawei certifications awarded
companies
29 years of continuous R&D investment around the world
Beijing
IP Router, WAN Network
Nanjing
Ethernet Switch, Campus
Suzhou
Wi-Fi AP and WLAN
Hangzhou
Firewall and
13
Solutions Network Solutions Network Solutions Network Security research centers worldwide
Solutions
11,000+
R&D staff
>20%
of annual revenue reinvested into R&D
100+
scientists and top experts
Germany France Ireland Canada
TSN, Cyber Security, Network Calculus, Network Open Programmable, Graph DB, Network
Short Distance Optical Measurement Intent Assurance AI & Digital map
Continuous contribution to industry standards including IETF
and IEEE
Wu Qin
IETF IAB member
12+
Industry standards bodies and open
600+
Huawei's
11,000+
Total patents
50+ (China)
Working groups that Huawei

source organizations that Huawei has contributions to IETF licensed by the end
participates in as chair or higher
joined RFCs of 2023 Osama Aboul-
Magd
Chair of the IEEE
802.11ac/ax WG
(Canada)
No. 1 in the number of IETF declared
patents in the last 5 years No. 1 contributions to SRv6 standards No. 1 contributions to IEEE Wi-Fi 6&7
700 Huawei Dario Rossi

Huawei 826 Chief expert of
600 578
Q AI algorithms
500 780
Huawei & C (France)
400 343 I
487
300 243
183 181
C Z
200 183
107 125
100
85
36 E
Yashar Ganjali
26 20 9 Others
0 111 Chief expert of
Contribution rate:
C
Vendor C Huawei Vendor J Vendor E Vendor N Vendor Z DCN technologies
75% 49
Wi-Fi 6 Wi-Fi 7
Total IPR disclosures IPR disclosures in the
past 5 years
(Canada)
Leading contributions to the IPv6 Enhanced, Wi-Fi 6/7 and 400G/800G fields
Benoit Claise
Chief expert of ADN
automation engine
(Ireland)
Top ranking in the data communication network industry
Router WLAN Switch Network security
NetEngine AirEngine CloudEngine HiSecEngine

WAN routers W-Fi APs campus and DCN switches firewalls
No. 1 No. 1 No. 2 No. 1

in the global router market in the global enterprise Wi-Fi 6 in the global switch market in the enterprise Network
(enterprise and service provider) Security equipment market
shipments (excluding North America)
among non-North American
vendors
Source：Gartner, IDC
A leader in the 2024 Gartner Magic Quadrant
Continuous Innovation and Advancement
Named a Leader for strong Wi-Fi 7 portfolio,
and network assurance capabilities for high-
quality experience in key applications and VIP
users.
Huawei strengths
2024
• Strong product portfolio: Huawei has a robust wired and wireless
product portfolio that continuously monitors connectivity to increase
performance and stability.
• Experience-centric network configuration and management: The

iMaster NCE-Campus network management platform provides
experience-centric wired and wireless LAN service quality and network
assurance services.
• Simplified architecture for OT to IT migration: Huawei has

introduced a converged campus network architecture that integrates
OT capabilities into traditional enterprise products and simplifies the
Magic Quadrant™ for Enterprise Wired and Wireless LAN Infrastructure migration of OT to IT.
2024 Gartner MQ report

Contents
9. Intelligent O&M

Constantly Evolving Campus Network @ Huawei
IT-based
Mobile office Digital transformation
office
Intelligent O&M
• Deployed CampusInsight for
better IT O&M (10,000+ smooth
Fully wireless video conferences and live
streaming per day; unified access
Mainly wireless • Deployed digital conference of 100,000+ wireless office
rooms. terminals; experience assurance
• Services basically went global.
• Started mobile office in the for key services)
• Kicked off mobile office at rep R&D green zone.
offices outside China.
• Rolled out wireless networks
• Deployed WLAN technology in research centers in China.
at scale, alongside the mature
WLAN office terminal industry.
Fully wired
Network cable, telephone line,
IoT
coaxial cable • Began to construct a smart
campus, including wireless
projection, turning off lights when
people leave, and intelligent
environmental control.
10 Mbps to 10G to the
100 Mbps to the desktop Gigabit to the desktop desktop
the desktop
1987 1994 2003 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
Best Practices of Huawei's Office Campus Network
Huawei IT service: 20,000+ employees, 1000+ branch offices, 700,000 video conferences per month
Massive access Experience assurance Simplified O&M

Smooth access on global business trips Zero freezing @ video conference, Proactive O&M, network optimization
high work efficiency
200,000+ employees 2.8+ million emails per day 15 O&M engineers
500,000+ wireless terminals 700,000 video conferences per month 160,000 switches and APs
3 key requirements
Free mobility Video conference assurance O&M with AI
Employee Fast lane for video conferences

Network quality visibility
Real-time network monitoring
3 types of SSIDs,
unified authentication
and Protocol trace:
• 1500+ applications identified fast fault locating
management • Audio & video service assurance
in minutes
Guest IoT
Proactive care for VIP users
Intelligent optimization
1000+ branch offices in 170+ countries and regions Scenario-specific network
3 types of SSIDs optimization for higher
performance
1 account for access anytime, anywhere Dedicated resources for VIP users
Huawei High-Quality 10 Gbps CloudCampus: The Preferred Choice
for Your Digital and Intelligent Journey
Intelligent O&M with a digital

map 10x ↑
O&M experience • Four-level visibility for fault locating
O&M
upgrade in minutes: users, networks, devices,
efficiency
and applications
IaaS Internet SaaS • Power consumption visibility and
dynamic energy saving
NetEngine
SD-WAN
Audio & video and VIP user
Application experience assurance
0
CloudEngine experience upgrade • 1 solution for experience assurance of video
30,000 users conference
AirEngine • 0 degradation on VIP experience freezing
LAN
10 Gbps to a room, 10 Gbps to

10 Gbps to office 10 Gbps to production 10 Gbps to branch
Wireless an AP 2x ↑
experience upgrade Wi-Fi 7: 30-channel smooth 4K video
terminal
Large
Education Healthcare
Public
Transportation Manufacturing Energy Retail Finance Multi-GE access, high-density 100GE core speed
enterprise services
Wireless Experience Upgrade: All-Scenario Wi-Fi 7, Leading the New
Era of 10 Gbps Wireless
Enterprise office & healthcare Enterprise office & education Public services & finance
File transfer Online medical image reading High-density workplace VR/Naked-eye 3D class Government office Financial branch
5 min-wait for Frequent interruptions @ 30-user @ 4K XR: dizziness & Borderless signals, One network for office and guest
500 MB file transferred
reading 1 GB CT 30-user video conference unclear images due to packet loss customer concerns services, unassured security
in over 2 min
images
Bandwidth upgrade User concurrency upgrade Security upgrade

File download in seconds, medical image reading in seconds 30-user @ 4K class: no dizziness & clear images Secure Wi-Fi anywhere
2x higher performance than Wi-Fi 6E 2x higher user concurrency than Wi-Fi 6E (hard to eavesdrop → impossible to eavesdrop)
MLO Dynamic-zoom smart antennas MU-MIMO OFDMA MRU Converged Industry's only Wi-Fi Guard
scheduling
2.4G 1 2 Rogue
5G terminal MACsec
3 4 + + =
Authorized
6G terminal
5 6
High-density mode
Overpass Multi-lane Multi-user Rogue
Omnidirectional mode road carpooling terminal
Wireless Experience Upgrade: All-Scenario IoT, Creating One Smart
Network for the Entire Campus
Enterprise office & education Healthcare Retail Hotel
Frequent loss of valuable assets, Manual clinical data collection, Untimely information update for diversified Complex management, due to too many
low utilization difficult archiving products intelligent environment control protocols
IoT upgrade Sensing upgrade Protocol upgrade
Free from IoT cards and site visits Wi-Fi-based human/environment sensing, no need of sensors Unified protocol for unified management and O&M,
€ 1200 → € 0, 90% TCO 30% conference room utilization 80% O&M efficiency
PCIe/USB Built-in IoT chip + container AP + sensor AP + Wi-Fi sensing BLE/RFID/ZigBee NearLink
Backhaul Upgrade: Digital and Intelligent Transformation Drive Campus
Network Upgrade to 10 Gbps
Wi-Fi upgrade Fully-wireless trend vs siloed network construction Surging wireless terminals, high security risks
AP uplink rate: > 1 Gbps Conflicts between multiple wireless networks, difficult service deployment 85% of cyber security risks come from terminals.
Upgrade to 10 Gbps bandwidth Architecture upgrade Security upgrade

GE → multi-GE (10GE capable), smooth upgrade All in one, one for all 100% terminal identification, 0 unauthorized access, 0 spoofing
As Is To Be As Is To Be
GE 10GE
2.5GE IoT
Security
Wi-Fi 5/6 Wi-Fi 7 OA
Innovative RTU, pay-as-you-grow VXLAN + network slicing (for

Siloed networks (OA, production, multi-service convergence), Post-event tracing for unauthorized Built-in probe for precise
security, etc.) unified wired & wireless terminal access or spoofing terminal identification and
Save money Save electricity Save labor costs management clustering
Intelligent terminal identification, 0
0 re-cabling 30% ↓ 0 site visit 50% ↓ network construction TCO
authorized access, 0 spoofing
CloudEngine S16700
100GE 100GE Unauthorized access terminals,
Security
AirEngine 8771 CloudEngine S5732/S5755
Security
100% detected
OA
IoT
IoT
OA
One-off deployment, on-demand upgrade CloudEngine S5755-H
10GE 2 x 25GE 25GE
CloudEngine S8700
Built-in WAC: Built-in probe,

CloudEngine S5755/S5735-V2 wired & wireless unique in the
AirEngine 6776/5773 Upgrade without replacing cables industry Spoofed terminals,
2.5GE 10GE convergence
blocked in seconds
Audio & Video Experience Upgrade: Zero Video Freezing; Zero Packet
Loss & Zero Interruptions for Key Applications
As Is To Be
Hard to distinguish applications, Intelligent application identification,
unassured experience for key applications "fast lanes" assured experience for key applications
Experience
measurement
Video Network assurance Huawei-only XNA engine
conferencing for a large event
In-flow
detection
CloudEngine S8700 Quality

assessment
Poor experience, due to bandwidth Network freeze (by dozens of IT Application identification
Suppressing greedy Hop-by-hop visibility and
with AI, experience
occupation by file download, cloud engineers) two weeks before the applications; flexible measurement across
assurance for 30,000
disk synchronization, system update, event, while still uncontrollable slicing terminals, LAN, and WAN
terminals
etc. network performance CloudEngine S5755-H/S5732-H
Private line
Common
0 0
line packet incident
More private lines Deployment of static Network freeze for loss
used → only partial QoS → not effective performance assurance
optimization on SaaS applications → high costs
Wi-Fi 7 AP One person managing a
Key applications
10,000-user campus
VIP Experience Upgrade: Dedicated Resources for VIP Users, Zero Impact
on VIP Experience Even Upon Network Congestion
As Is: To Be:
Resource sharing by both VIP and common users Dedicated lanes for VIP users, preferential access anytime, anywhere
Define VIP user policies | VIP
manage VIP user experience

Dedicated fast
lanes for VIP users
Preferential access • Unique VIP FastPass
anytime, anywhere technology 50 ms (Huawei) vs > 200
ms (industry)
+ • Dedicated slices for VIP
users
Reserve resources
for VIP users VIP-targeted
optimization
Common
Enhanced signals user VIP user
Poor office experience for executives, for VIP users • Precise distance measurement, Huawei-only
difficult complaint handling per-packet power control
• Targeted signal enhancement
+ for VIP users
Proactive care
for VIP users
POS AGV PDA for Conference
machine image terminal Full-journey visibility
reading on both wireless and Real-time VIP user experience
Hard to assure key Common wired sides evaluation & proactive care
user Fault warning (Huawei) vs.
services on terminals none (industry)
VIP user
O&M Experience Upgrade: Experience-centric digital map, 10x O&M
efficiency, "Bits drive watts", 30% ↓ power
> 1000 devices managed 4,380,000 kWh/year
per person , > 2h for fault rectification
Normal KPIs yet video freezing 20,000 APs consume EUR 1M/Y (EUR 0.24/kWh)
Experience-centric digital map, 10x ↑ efficiency "Bits drive watts", 30% ↓ power
Industry Huawei Industry Huawei
Connection-centric O&M Experience-centric O&M Reliance on manual labor Traffic tidal prediction
Di s c o v e ry Visibility
Us er e xp er ien c e Network/Site/Building/Floor
alarm
User O&M expert
Digital Map
Digital Map
Closure Locating Closure Analysis

Network KPIs ≠ One-click User journey playback Invisible Energy-saving One-click energy Traffic tidal
Passive O&M
optimization power consumption Experience-dependent saving algorithm
actual user experience
AI-based root cause analysis + minute-level fault locating and Traffic tidal prediction reducing energy costs by 30%/year
rectification (EUR300,000)
User experience Application experience
Network experience Terminal experience
Campus Digital Map

Huawei High-quality 10 Gbps CloudCampus solution: experience-
centric, accelerating digital & intelligent journey
AI
Wireless experience upgrade Application experience upgrade O&M experience upgrade
A hyper-converged platform
(management + control + analysis)
AirEngine Wi-Fi 6 & 7 CloudEngine S series switches NetEngine AR series routers
Full lineup of Wi-Fi 6 & Wi-Fi 7 APs S5735I S6700 S8700 S12700E S16700 S7700 S5700 AR5700 AR6700 AR8700 AR631I
tailored to all scenarios
Huawei Wi-Fi 7 Product Portfolio in 2024
Available
AirEngine 8700 Series

AirEngine 8771-X1T
Data rate: 18.67 Gbps
Spatial stream: 4+4+4
2*10GE electrical port + 10GE optical port
Outdoor Outdoor
2024.Q3 2024.Q3 2024.Q3
2024.Q2 2024.Q2

AirEngine 6776-56TP AirEngine 6776-57T AirEngine 6776-58TI AirEngine 6776I-X6TH AirEngine 6776I-X7TH
Data rate: 7.9 Gbps Data rate: 7.9 Gbps Data rate: 7.9 Gbps Data rate: 7.9 Gbps Data rate: 7.9 Gbps
Spatial stream: 2+2+4 Spatial stream: 2+2+4 Spatial stream: 2+2+4 Spatial stream: 2+2+4 Spatial stream: 2+2+4
5GE electrical port + GE electrical port 5GE electrical port + GE electrical port 5GE electrical port + GE electrical port 10GE electrical port + 10GE optical port 10GE electrical port + 10GE optical port
2024.Q2 2024.Q2 2024.Q2 2024.Q2 2024.Q2

AirEngine 5776-26 AirEngine 5773-23H AirEngine 5773-22P AirEngine 5773-21 AirEngine 5773-23HW
Data rate: 5.3 Gbps Data rate: 3.6 Gbps Data rate: 3.6 Gbps Data rate: 3.6 Gbps Data rate: 3.6 Gbps
Spatial stream: 2+4 Spatial stream: 2+2 Spatial stream: 2+2 Spatial stream: 2+2 Spatial stream: 2+2
2.5GE electrical port + GE electrical port 2.5GE optical port + GE electrical port 2.5GE electrical port + GE electrical port 2.5GE electrical port + GE electrical port 2.5GE optical port + 4*GE electrical port
2024.Q3 2024.Q3
AirEngine 5773-23WP AirEngine 5773-25HW

Data rate: 3.6 Gbps Data rate: 3.6 Gbps
Spatial stream: 2+2 Spatial stream: 2+2
2.5GE electrical port + 5*GE electrical port 2.5GE optical port + 2.5GE electrical port +
8*GE electrical port
Contents
9. Intelligent O&M

Overview of Campus Network Full-Lifecycle Management
O&M and
Planning (Day 0) Construction (Day 1-2)
Optimization (Day N)
Wireless network Network deployment Routine monitoring

Simple-service campus Multi-service campus
1
Wireless network planning Terminal Topology
Device and network plug-and-play Multi-purpose network
Device Alarm
Campus interconnection WAN interconnection
Wired network LAN-WAN convergence, device WAN
SD-WAN
plug-and-play
2
Wired network planning
Policy provisioning Routine maintenance
Access authentication Service assurance Cloud-based
Resource planning Device upgrade
Intelligent VIP experience inspection
Intelligent terminal Authentication &
Network resource planning HQoS assurance Report statistics System O&M
management authorization
Intent-driven deployment Intelligent verification
Guest management Free
5G terminal access mobility Multi-service campus
3
IP address management IoT sensing Intelligent O&M
Multi-service logical isolation
network
1. Through WLAN Planner Experience visualization
Multi-branch interconnection WAN interconnection
2. Manually or using eDesigner
Intelligent traffic Network path Fault Intelligent
3. Through iMaster NCE-CampusInsight A-FEC IFIT
steering navigation identification optimization
Planning Construction Maintenance Optimization
WLAN Planner Shortens the Planning Time and Ensures Coverage

Based on the Built-In Experience Library
1 Obtain the floor plan.
2 Log in to Huawei online WLAN Planner.

https://serviceturbo-cloud-
cn.huawei.com/serviceturbocloud/dist/#/toolsummar
y?entityId=d59de9ac-e4ef-409e-bbdc-eff3d0346b42
1. Environment setting
3
2. Region setting
With WLAN Planner, users
can complete WLAN • Use the network planning
3. Device deployment planning in five steps. 4
report to provide guidance for
onsite construction.
4. Signal simulation • The network planning result can
be imported to iMaster NCE.
5. Report export
3D Network Planning: Planning Effect Visualization and Roaming

Simulation
Intent-Driven Deployment: Automatic Network Deployment Planning

Based on Service Intents
capabilities
• A network deployment solution is automatically generated upon the
Scenario
Small- and medium-sized enterprises have simple campus networks and

mere input of service requirements, and devices are plug-and-play.
multiple branches. These enterprises are incapable of network O&M or
Key
• The solution provides preset deployment scenarios, such as retail, office,
only have limited network O&M capabilities, and they want their networks
to be planned and deployed quickly.
and primary/secondary education, and allows users to customize
deployment scenarios as well.
Intent-driven deployment tool
Enterprise 10 to 30 minutes 10 to 30 minutes

IT engineer Automatic Import the solution
Select service Generate a package to iMaster
planning/model
requirements solution package NCE
selection Register and go
onboard
• Automatic matching of device

Branch office Retail store
Scenario models
• Technical Power on devices and
selection School campus Custom • Automatic generation of connect them to the
proposal
logical topologies • Construction network
Basic Area: 100 m2 Number of wired • Automatic planning of guide
information terminals: 200 SSIDs/wireless authentication • Topology diagram
• Automatic VLAN planning • Solution LLD
• Pre-configuration
Wired office Office Wi-Fi • Automatic Eth-Trunk planning
Service script
• Automatic planning of
requirements Indoor Wi-Fi Outdoor Wi-Fi
management IP addresses
Subject to change upon requirements
Automated Physical Network Deployment

Scenarios
Large enterprises need to reduce the proportion of the time required for initial
device installation, configuration, and upgrade to the entire network
management and O&M period.
R&D VN
Requirements
1. Reduced device installation and deployment time

OA VN 2. Simplified Layer 3 routing configuration and improved configuration accuracy
IoT VN
Overlay
Solutions and Customer Benefits
• Configuration screens and network planning are visualized.

Device • Services are deployed on the controller in advance, greatly
plug-and- shortening the deployment time.
play • GUI-based operations reduce the probability of
IGP (OSPF) configuration errors.
Auto
Interconnection VLAN routing • Automatically generates IP addresses and routing protocol
Underlay Interconnection IP address configur- configurations based on the topology plan.
ation • Uses configuration simulation and verification technology.
Automated Virtual Network Deployment

Scenarios
Higher education, government campus, commercial building, and other
scenarios where isolated VNs need to be provided for multiple services or
tenants to achieve a "multi-purpose network" and improve network resource
utilization.
R&D VN
Requirements
1. A physical network is divided into multiple VNs that are isolated from
each other.
OA VN
2. VNs are automatically deployed.
IoT VN
Overlay Solutions and Customer Benefits
Multi-
• VXLAN-based multi-purpose network
purpose
• Automatic tunnel establishment through BGP-EVPN
network
Auto- • iMaster NCE GUI operations

mation • Automatic delivery of VN service configurations
• Policy association between the aggregation and access

Underlay Smooth layers (access switches do not need to support VXLAN)
evolution • Compatibility with VXLAN-incapable devices
functioning as transparent transmission nodes
Free Mobility: User-based Policy Control, Delivering Consistent User

Experience Across the Network
Security group-based Scenarios
communication matrix
Sales R&D Marketing Enterprises, higher education institutions, governments, and other
× scenarios where refined management of network policies is required
Sales √ √
R&D × √ √ Requirements
Marketing √ √ √
1. Fine-grained policy control, allowing users to move across the entire
network with consistent policies and consistent service experience
2. Flexible and simplified policy deployment, lowering OPEX
Solutions and Customer Benefits

Office building 1 Office building 2
Security
group- • User- and resource-based policy/experience
based configuration
• SDN controller-based centralized policy control and

SDN automatic configuration delivery
Move • Service intent-oriented
Policy migration,
consistent experience Natural • GUI
User A User A language • Natural language-based configuration
Security group (R&D) Security group (R&D)
SD-WAN Featuring Refined Application Control
MPLS
CPE CPE
Site 1 Internet Site 2

Video
HTTP
Application identification Intelligent traffic steering Multi-level hierarchical QoS scheduling
Identification of 6000+ well-known and user- Application- and traffic classifier-based Application- and VPN-based multi-level queues
defined applications IP FPM in-line service quality detection Bandwidth allocation for different VPNs
iMaster NCE-based Network-Wide Monitoring
Overview Alarms
• LAN overview, WAN overview • Current alarms, historical alarms, masked
• Site and inter-site overview alarms
• 360-degree terminal, application, and • Alarm notification mode setting
device overview (notification by email)
• WLAN resource overview, region • ...
monitoring
• ...
Reports Event Logs

• Statistical analysis (including terminal • Terminal authentication events
behavior analysis) • Key device events
• Agile report • Device connection and disconnection logs
• ... • ...
Terminal Identification and Policy Automation

⚫ The terminal management function of iMaster NCE can help identify terminals and display the terminal type, operating system, and
manufacturer information.
⚫ With terminal identification, iMaster NCE can deliver control policies to different types of terminals based on information such as the
terminal type, operating system, or manufacturer.
Proactive scanning
Terminal fingerprint
database
Information reporting
>
Automatic authentication Automatic authorization Bogus terminal detection

For example, after identifying a For example, after a device is For example, if a device is identified
printer, the system automatically identified as a camera, it is as an IP phone and then a PC, a
completes MAC address automatically added to the video bogus terminal alarm is displayed.
authentication, eliminating the surveillance group and authorized
need to enter the MAC address. the corresponding VLAN.
Intelligent and Fast Verification: Ensuring Zero-Error Network Change

Snapshot comparison Subnet reachability verification Terminal access verification
Quickly identifies changes before and after Verifies the connectivity between service Verifies the network reachability for
network configurations, such as changes in subnets that you select or network-wide terminals by specifying the source and
configuration files, interface links, and subnets. destination IP addresses, devices, and port
routes. numbers.
Verification Verification task Network data Network modeling Verification result

1 2 3 4
process creation collection and verification output
Improving User and Service Experience Using Prediction and

Intelligent Technologies
Real-time experience visibility Minute-level fault locating Intelligent network optimization
1. Proactive issue identification: proactively 1. Real-time simulation & feedback: evaluates

1. Per-area: provides multi-dimensional wired and identifies 85% of potential network issues wireless channel conflicts in real time based on
wireless network health graphs to intuitively using intelligent algorithms that are neighbor and radio information about devices on
display the network status and user experience continuously trained via Huawei's 200,000+ each floor, and provides optimization suggestions.
on the entire network or in each area. terminals. 2. Predictive optimization: identifies edge APs and
2. Per-user: displays network experience (who 2. Minute-level fault locating: uses the fault predicts the load trend of APs based on historical
connects to which AP at what time, experience, inference engine to locate issues within data analysis, and performs predictive optimization
and issues) of each user in real time throughout minutes, identify root causes of the issues, on wireless networks. This practice improves the
the journey, making faults easier to trace. and provide effective fault rectification network-wide performance by over 50% (Tolly
3. Per-application: intelligently identifies suggestions. certification).
mainstream applications and detects their 3. Intelligent fault prediction: uses intelligent 3. Smart roaming: establishes roaming baselines
quality in real time, quickly demarcates faulty technologies to learn historical data and based on different terminal types, and intelligently
devices, and intelligently analyzes the root cause dynamically generate a baseline, and determines optimal roaming time, providing users
of poor quality. compares and analyzes real-time data against with an intelligent and lossless roaming
the baseline to predict possible faults. experience.
Intelligent Technology-Powered Smart Radio Calibration
Scenario 1: manual calibration Scenario 2: automatic calibration
• Challenge 1: The result of manual planning is • Challenge 1: Load balancing-based calibration

not optimal. is performed without considering AP load.
• Challenge 2: Network environment and • Challenge 2: Only the current status can be
interference changes cannot be detected in detected, and historical load and interference
real time. cannot.
Real-time simulation & feedback Predictive calibration

Displays real-time feedback based Provides service weight-based
• Air interface environment is complex and on environmental changes, and calibration capabilities using
constantly changing. provides prediction and simulation big data and intelligent
• Signal interference and channel conflicts tools to drive network optimization. technologies.
frequently occur.
• Traditional radio calibration cannot
effectively improve wireless experience.
Contents
9. Intelligent O&M
E2E Bandwidth Upgrade, Meeting the Needs of Digital Terminals
and Service Growth
Scenarios and Requirements
Core layer
• Scenarios: scenarios with increasing bandwidth requirements, such as

40GE 100GE enterprise offices and campuses
• Requirements:
Aggregation  Reuses existing cabling and improves end-to-end bandwidth.
layer  Increases AP deployment density, and extends the PoE transmission
distance without sacrificing the AP uplink bandwidth.
10GE 25GE/40GE
Access layer Solutions
GE, 100 m PoE Multi-GE, 300 m PoE

• Multi-GE -> 25GE/40GE -> 100GE: meets future network evolution
requirements.
• Hybrid cable: integrates fiber's advantage in long-distance communication
and electrical cable's advantage in power supply capability.
802.11n/11ac 802.11ax
• 300 m long-distance power supply: 300 m PoE++ power supply.
CloudEngine S12700E: New Campus Network Switching Core with Superior
Performance
Full
Wired and wireless
Massive throughput programmability
convergence
Service agility
Scenario Typical Application

CloudEngine CloudEngine CloudEngine Medium- and Functioning as the core switch, CloudEngine S12700E integrates the WLAN
S12700E-4 S12700E-12 S12700E-8 large-sized AC (WAC) function to improve the wireless traffic forwarding capability. It
campus also integrates wired and wireless policy control to reduce configuration and
networks failure points.
MPUE GE electrical interface cards X5E/X5S Functioning as the border node of a VXLAN-based virtual campus network,
Campus
CloudEngine S12700E works with the controller to achieve a multi-purpose
virtualization campus network, thereby improving network resource utilization.
SFUE GE optical interface cards X6E/X6S

High-bandwidth CloudEngine S12700E enables 100G interconnection between campus and
data center networks, 100G interconnection between campus and WAN
campus networks, and 100G interconnection within a campus network, meeting the
interconnection requirements of fast-growing services.
100G X6E/100G X6S 10GE X6E/X6S
All-Scenario WLAN: High-Density Access in Indoor and Outdoor Scenarios
Densely populated outdoor scenario: stadiums (AP Densely populated indoor scenario: small summit venues and
installation height: > 15 m) auditoriums (AP installation height: 3 m to 15 m)
Outdoor AP +
directional antennas Traditional Built-in small-angle Indoor AP +
omnidirectional directional antennas directional antennas
antennas
Traffic burst scenario: e-classrooms and conference rooms Indoor multi-partition scenario: multi-partition office area (AP
(AP installation height: < 3 m; bandwidth per capita: > 4 Mbps) installation height: < 3 m)
2.4 GHz 5 GHz 5 GHz
5 GHz 2.4 GHz
Dual-radio Triple-radio SDR Omnidirectional antennas Smart antennas
With Many Innovations, Huawei Wi-Fi 6 Builds an Experience-
Centric, Highly Reliable Wireless Network
Exclusive technologies providing network-wide wireless coverage and premium performance
Frequency
User 1
User 2
User 3
User 4
Time
Smart antennas, providing searchlight-like signals Dynamic-zoom smart antennas, MU-MIMO and OFDMA joint scheduling,
Always-on signal for users, stronger signal, higher providing spotlight-like signals providing overpass-like outcomes
speed, Targeted coverage, with less interference 40% higher capacity of the entire network
and 20% longer distance and less packet loss
Exclusive technologies ensuring wireless network-wide stable experience
Intelligent roaming technology, offering Intelligent multimedia scheduling technology, delivering Intelligent continuous networking technologies,
"satellite navigation-like" experience biological fingerprint-like assurance building neural-like networks
Terminal roaming always on track Identifies and accelerates applications, and suppresses greedy Network-wide quality detection, fault prediction, and
services to prevent frame freezing in audio and video services automatic optimization
Contents
9. Intelligent O&M
CSS and iStack
CSS: two-to-one virtualization with 1+1 link protection iStack: many-to-one virtualization, simplifying device configuration and
management
Physical topology Logical topology Physical topology Logical topology

CSS
CSS
iStack iStack iStack
• Multiple devices are virtualized into one device, greatly simplifying network
configuration and device management.
• Two core devices are virtualized into one device, reducing the number of • iStack works with Eth-Trunk to provide uplink aggregation and load
managed NEs by 50%. balancing, improving uplink reliability.
• Uplink aggregation is implemented on aggregation devices using Eth- • Service port stacking is supported, eliminating the need for dedicated stack
Trunk, increasing the bandwidth by 100%. ports or stack cards, making networking convenient and flexible.
Native WAC Implements Wired and Wireless Network Convergence
Standalone WAC WAC card
• Independent service • Installed on a switch

forwarding WAC card Converged only at the
Standalone WAC • hardware level
Separate device
management
• Separate user policies
Problems: separate wired and wireless authentication points, distributed policy control, separate traffic forwarding, complex troubleshooting,
difficult to manage
Solution: wired and wireless convergence (native WAC)
The switch integrates the WAC function to eliminate bottlenecks in wireless traffic forwarding,
Native WAC reduce failure points, and manage wired and wireless traffic in a centralized manner:
• Uniformly manages and forwards wired and wireless services.
• Functions as the gateway of both wired and wireless users and manages both types of users.
• Used as the authentication point for both wired and wireless access.
• Enforces policies for both wired and wireless services.
Converged Forwarding, Converged Authentication, and Converged
Policy Enforcement
NM Area
Native AC
Unified forwarding: Wired and wireless traffic is centrally processed

CAPWAP by the core switch before being forwarded.
Unified authentication: The core switch functions as the unified

authentication point and Layer 3 gateway for both wired and wireless users.
Unified policy execution: The core switch is the unified policy

enforcement point for wired and wireless users.
Wi-Fi & IoT Convergence Enables Unified Network Deployment
and O&M, Lowering TCO by 50%
ESL Healthcare Health Asset
management IoT management management
Scenarios and Challenges
• Scenarios: retail, healthcare, education, enterprise, and other campuses where
IoT service
innovative digital services need to be provided based on IoT
management platform
• Challenges: Wi-Fi and IoT (such as Bluetooth and RFID) networks are deployed
separately. Numerous wireless networks are deployed, resulting in high costs
Internet and inflexible service expansion. There is also radio interference between these
wireless networks, affecting service experience.
Store
Huawei IoT AP
Bluetooth
• Wi-Fi & IoT converged architecture
RFID
IoT AP • Converged site for the AP and IoT base station, reducing auxiliary resources
ZigBee (for access and power supply management) by 50%
• Cloud-based management and plug-and-play, facilitating service configuration
• Wi-Fi and IoT configuration association, allowing automatic Wi-Fi channel
switching when a conflict is detected
Wi-Fi Wi-Fi Bluetooth RFID IoT Wristband 2.4 GHz (Wi-Fi) 2.4 GHz (RFID)
terminal tag tag tag sensor Channel-6 Channel-11
Simplified Architecture: Planning-Free, Configuration-Free, Plug-and-Play RUs
As-Is: traditional solution To-Be: Huawei solution
A large number of nodes configured and managed, Planning-free and configuration-free RUs, on-demand
deployment after planning, high O&M costs deployment/replacement, flexible expansion
Core layer Core layer

Architecture
evolution
Aggregation Central switch Central switch

layer
Access
layer
3 layers --> 2
Access layers
layer
RU AP RU AP
Manual orchestration of network topologies, Auto-discovery of network topologies, RUs simply

separate maintenance of access devices functioning as extended ports
Optical-Electrical PoE: Network Continuity Even Without Local Power
As-Is: Ethernet cable To-Be: hybrid cable

High costs: different generations of Ethernet cables, requiring Investment protection: 15 patents, no need to replace and re-cable
re-cabling for each speed increase for 10 to 15 years
Wi-Fi 3/4 Wi-Fi 5 Wi-Fi 6 Wi-Fi 7
Medium revolution Fiber

Re-cabling
Cat6A
Re-cabling Copper
Cat6
Re-cabling
Cat5E
Hybrid cable Hybrid module
Re-cabling
Cat5 Speed increase = Re-cabling Common cable
→ Hybrid cable • Superconducting red copper material, providing 300 m 60
W PoE++ power supply
Cat3
• 6 mm hybrid cable, the industry's thinnest, featuring a
thin-wall design
• Intelligent sensing, preventing electric shock and short
circuits
10M 100M 1/2.5GE 5GE 10GE 25GE 40GE
New Transmission Media — Hybrid Cable
Electrical signal
Optical signal
Hybrid module
Superconducting red copper material, providing 300 m 60 W PoE++ power supply

6 mm hybrid cable, the industry's thinnest, featuring a thin-wall design
Cable Cable PoE Distance PoE+ Distance PoE++ Distance PoE++ Distance
Remarks
Specification Diameter (15.4 W) (30 W) (60 W) (90 W)
Hybrid cable-1.5
9.0 mm 1900 650 330 220
mm2
Hybrid cable-
6.2 mm 1280 500 250 195
17AWG
Hybrid cable-
5.7 mm 500 200 97
21AWG
Contents
9. Intelligent O&M
One-to-Many Virtualization Implements Multi-Purpose Network
Internet • Multiple services carried on one network Internet

• Automatic physical network deployment
• Automatic virtual network deployment
• Automatic service policy provisioning
VXLAN VN2 VN3

VN1
Videoconferencing Security
Office VN
VN protection VN
Office Video- Security Office Video- Security

conferencing protection conferencing protection Office Videoconferencing Security protection
Diversified Networking Models
Border
VXLAN
Transparent Edge Edge
Edge Edge Access AP
• Two-layer physical network. • Three-layer physical network. • Three-layer physical network. • Aggregation switches function
• Access switches function as • Access switches function as edge • Aggregation switches function as edge as edge nodes and provide
edge nodes. nodes. nodes. the native WAC function.
• Aggregation switches do not • Access switches do not need to support • APs are managed by
need to support VXLAN. VXLAN and can work with aggregation aggregation switches. APs do
switches to implement policy association. not need to support VXLAN
and can be reused.
• Legacy access switches can be reused.
Multi-Border Network
Internet Internet Data Center Internet Internet
Campus 1
Campus 2
Border1 Border2 Border1 Border2 Border1 Border2
VXLAN VXLAN
VXLAN
Edge Edge Edge Edge Edge Edge
Networking description: On a single campus Networking description: On a single campus Networking description: There are multiple
network, multiple border nodes are connected to the network, multiple border nodes are connected campuses, and each campus is connected to its
same egress device, implementing egress to different egress devices, and different services external network through an independent border
redundancy. are transmitted through different border nodes. node.
Application scenario: A single campus network has Application scenario: A single campus network Application scenario: Multiple campus networks
multiple border nodes that are connected to the is connected to different external networks belong to the same fabric, and each campus
same external network, implementing reliability in through different border nodes. network has an independent border node and
non-stacking scenarios. egress network.
Contents
9. Intelligent O&M
User Access Authentication
Social media authentication Third-party Third-party

QQ, Weibo, WeChat, Facebook, Twitter RADIUS server Portal server
Authentication modes:
• Portal authentication: user name and password authentication,
anonymous authentication, SMS authentication, Social Media
authentication, passcode authentication...
Portal page customization • MAC address authentication

User
• 802.1X authentication
management
Portal server RADIUS server
Transmission protocols:
• Authentication data: HTTP/2 and RADIUS
• Configuration data: NETCONF
Configuration Authentication Authentication
NETCONF HTTP2.0 RADIUS Open authentication:
• Able to interconnect with third-party Portal servers
Authentication • Able to associate with social media, including QQ, Sina Weibo,
devices Facebook, Twitter, and Google
User terminals
Intelligent Policy Engine Achieves Refined Policy Control
Condition: 5W1H-based policy Result: fine-grained rights control
User identity
User/User group/Role Permission VLAN/ACL/Security group, VIP user...
Who
Site, region, device

group, device type, Access location
device, SSID, IP address Where Bandwidth Uplink/Downlink bandwidth, DSCP value
Access time
Day/Hour
When
High/Medium/Low
QoS
Traffic and duration control
Terminal type
PC/iOS/Android...
What
Intelligent
policy Application Application group/Application
Company-issued/BYOD Device attribute
terminal Whose engine
Wired/Wireless Access mode

Portal/MAC Security URL filtering
How
address/802.1X
authentication...
Portal Authentication: Allows Portal Page Customization
With this function, enterprises can conveniently customize their own Portal pages so as to launch VASs such as brand
promotion and advertisement push.
Terminal Identification: Supports Proactive and Passive Detection
Proactive detection Passive detection
Deliver configurations
and policies Deliver configurations
and policies
4 5
3 4
Display Display
Administrator Administrator
identification identification
Scan- results results
1 and-
3 Report fingerprint
detect Collect
finger 2
print
2 Feedback
Traffic sent from 1

the terminal
• Terminal visibility: collects terminal type statistics (by vendor and OS), displays the relationship between terminals and access ports, queries access
policies (VLAN, QoS, and authentication mode), and exports reports
• Terminal policy automation:
▫ Supports automatic terminal access based on terminal types, thereby achieving automatic MAC address authentication of dumb terminals.
▫ Authorizes policies (VLAN, security group, access permission, and QoS) on a per-terminal-group basis; supports IPv4/IPv6 dual-stack terminals.
Terminal Identification: Numerous Identification Methods
Identification
Category Description Application Scenario
Method
The first three bytes of a MAC address represent the

MAC OUI Identifies the device manufacturer only
manufacturer.
The User-Agent string contains the manufacturer,

Mobile phones, tablets, PCs, workstations, smart
HTTP User-Agent terminal type, operating system, browser type, and
audio and video terminals
other information.
Information
Some options of a terminal's DHCP packets can be
reporting Mobile phones, tablets, PCs, workstations, IP
DHCP Option used to classify terminals, for example, DHCP options
cameras, IP phones, printers, etc.
55, 60, and 12.
LLDP LLDPDUs carry device model information. IP phones, IP cameras, network devices, etc.
mDNS packets contain terminal model and service

mDNS Apple devices, printers, IP cameras, etc.
information.
Obtains identification information by querying device

SNMP Query Network devices, printers, etc.
Proactive information-related SNMP MIB objects.
scanning Scans the OS and services of terminals to detect the
Nmap PCs, workstations, printers, phones, IP cameras, etc.
terminal model and OS information.
Terminal Identification: Automatic Policy Delivery Based on Terminal Types
The administrator enables
1 terminal identification and
configures terminal policies.
1. On the iMaster NCE web UI, an administrator enables
iMaster NCE matches the the terminal identification function, selects terminal
terminals' fingerprint information
against the fingerprint database types, and specifies the corresponding policies.
and identifies the terminal types.
2. iMaster NCE delivers terminal identification
4
configurations to the network device.
3. When terminals access the network, the network

2 iMaster NCE delivers device collects the fingerprint information of the
configurations to the
network device. terminals and reports the information to iMaster NCE.
4. iMaster NCE automatically matches the terminals'

5 fingerprint information against the fingerprint
iMaster NCE
delivers access and database to identify the terminal types.
authorization
5. iMaster NCE automatically delivers access and
The network policies for the
3 device reports terminals. authorization policies to the terminals based on the
terminal policies defined by the administrator.
fingerprint
information.
Bogus Dumb Terminal Detection: Accurate Identification of Bogus
Terminals Based on Traffic Behaviors
Dumb terminals are prone to
spoofing, and manual Bogus dumb terminal detection
troubleshooting is difficult.
Campus Campus
Network Network
Report an alarm.
1. Define dumb terminal types and

Preset terminal Anomaly configure isolation policies.
model database Intelligent 2. A lightweight terminal model
Traffic behavior inference Enforce an database is deployed on the switch.
Normal isolation
collection 3. A single device can detect up to 2000
policy.
Switch dumb terminals and discover
exceptions within 60s, with an
accuracy rate of over 90%.
Attack the network

using a bogus camera
Attack the network

using a bogus camera
Contents
9. Intelligent O&M
Free Mobility: Achieves Security Group-based Policy Management
Free mobility: grants a user consistent network permissions and enforces the corresponding policies, regardless of the user's location
and the IP address used to access the network.
Sales R&D Server resource

1 security group security group security group
1. Security groups are defined, each specifying a group
Permission policy of users with the same network access policies.
2. Permission control policies are defined based on

2 Security group and policy delivery
security groups and are delivered to network
devices.
3. Security groups are authorized to the users who

pass access authentication.
4 Campus
network 4. After user traffic enters a network, network devices
enforce policies based on source and destination
security groups of the traffic.
3 Access Access Access
authentication authentication authentication
User A User B User C
Free Mobility: Typical Solution
Scenario description
Security group Security group–based policy control matrix
• Centralized authentication point + Centralized policy enforcement
Group Name Group ID Sales R&D Marketing ... point
Sales 1 Sales √ × √ ... • The authentication point and policy enforcement point are deployed
R&D 2 R&D × √ √ ... on the same device.
Marketing 3 Marketing √ √ √ ... • The devices do not support VXLAN.
... ... ... ... ... ... ...
Scenario characteristics
• The Core device functions as the centralized authentication point for
Core
network-wide wired and wireless users.
• The Core device functions as the policy enforcement point for free
mobility.
• The Core device has authentication information about all users on the
network. After traffic is forwarded to the device, it enforces policies
AGG1 AGG2 based on the policy control matrix defined by the administrator.
• The network does not need to support VXLAN or has VXLAN deployed
on it.
Access1 Access2
PC1 1.1.1.1 PC2 2.2.2.2 PC3 3.3.3.3 Authentication Policy Security group and policy
Sales R&D Marketing point enforcement point control matrix delivery
IP-Security Group Entry Synchronization
Scenarios and pain points IP-security group entry synchronization
iMaster NCE synchronizes the mappings between user IP addresses and security groups to the switches
functioning as policy enforcement points. In this way, authentication points and policy enforcement points
can be separated, implementing flexible networking. In addition, hybrid networking with third-party
devices can be easily achieved.
IP Group
1.1.1.1 Group1 3
2.2.2.2 Group2
4
Synchronize the mappings
User authentication between IP addresses and
2
1. Switches that do not support free mobility groups.
2. WAC 5
3. Routers Enforce the
Third-party device
4. Third-party devices (non-Huawei) inter-group
policy when
These devices do not support free mobility, so the traffic
how to realize free mobility if a solution User access 1
arrives.
includes these devices?
PC1 1.1.1.1 PC2 2.2.2.2
Preferential Access of VIP Users
Access denied for non-VIP users Access permitted for VIP users
Access of a non-VIP Identified as a VIP

user is denied. user
2 2 Connect
successfully
The number of online users The number of online users reaches
reaches the threshold. 4 the threshold.
1 1
STA STA
AP AC AP AC
STA STA
Online user Online user 3 An online user is forced to go offline.
If a non-VIP user attempts to connect to an AP when the number of If a VIP user attempts to connect to an AP when the number of users
users connected to the AP reaches the threshold, the connection connected to the AP reaches the threshold, the AP forcibly disconnects
attempt will fail. a non-VIP user and connects the VIP user to the network.
Bandwidth Reservation for VIP Users: Guaranteeing Sufficient
Bandwidth for VIP Users
Define the percentage of bandwidth Scenarios

1 Define who are VIP users. 2 to be reserved for VIP users.
When the number of users in a conference room
increases sharply, mobile user terminals preempt air
interface resources, deteriorating wireless experience
of conference terminals.
Requirements
Spectrums and Identify VIP users and guarantee sufficient bandwidth
Frequency bandwidth
subcarriers reserved for them.

for VIP users
Solutions
Spectrums and
subcarriers shared
3
20% bandwidth Compete for • OFDMA spectrum resources are reserved for VIP
by common users users.
reserved bandwidth
• On-demand bandwidth reservation:
 No bandwidth is reserved when no VIP user
Time accesses an AP.
OFDMA spectrum resources are Conference
reserved for VIP users. User terminal  Sufficient resources are reserved only for VIP
terminal Common user users.
VIP user Common user VIP user
Intelligent HQoS: User- and Application-based QoS Policies
Challenges
Manager + Controller + • Define who are VIP
Analyzer users.
1
• Define application • Traditional QoS schedules traffic based on port bandwidth,
priorities. allowing differentiation of traffic based on service levels.
However, it is difficult to differentiate services based on users.
• Traditional QoS cannot manage and schedule traffic of
multiple services from multiple users simultaneously.
2
Two-level
Network device scheduling: user Solutions
queue and
application queue
• Hierarchical QoS (HQoS) can not only differentiate traffic of
VIP Common different users but also schedule traffic based on service
user user priorities.
• HQoS differentiates service traffic using multi-level queues,
and manages and schedules transport objects such as
multiple users and services in a unified manner.
User terminal
VIP user Common user
Multi-Campus Interconnection: IPsec VPN and SD-WAN Support
Static IPsec VPN SD-WAN
RR
Branch 1
BGP EVPN+
HQ Branch 2
Branch 1
Internet
HQ MPLS
MPLS/Internet
Branch 1
Internet
Branch 2
HQ MPLS
MPLS/Internet
Branch 2
In static IPsec VPN, IPsec tunnels are established between devices at different EVPN can be used to establish tunnels between sites and dynamically advertise
sites to create VPN channels. Traffic is diverted to the VPN tunnels based on the routes. The forwarding plane supports GRE or GRE over IPsec. In addition, high-
configured network segments to implement mutual access between the sites. quality links can be chosen based on applications and policies for data
transmission, implementing application- and policy-based intelligent traffic
steering.
Functions and Features of the SD-WAN Interconnection
Solution (1/3)
Centralized
Flexible overlay network based on the hybrid Intelligent traffic steering, ensuring
management/control and
WAN application experience
visualization
GUI
MPLS
2
MPLS Internet
Dynamic
Internet adjustment Centralized
Latency management
1
Performance and control
data
When an enterprise has multiple types of WAN egress Measures the quality of different WAN links, defines
links (hybrid WAN), WAN links can be flexibly used to network quality requirements of applications, and
implement interconnection and interworking. performs intelligent traffic steering based on specific
policies.
Application Experience Optimization Policy: Intelligent Traffic Steering
Link quality-based traffic steering Load balancing-based traffic steering
CPE2 CPE2
MPLS Internet MPLS Internet

3 4
2. Dynamically
1. The link SLA 1 2 adjust traffic. 1 2 3 4
deteriorates to the
lowest level that
Voice data Voice data
can be tolerated CPE1 CPE1
by voice services. 1 2 3 4 1 2 3 4
Voice and video services are sensitive to delay and packet loss rate. You When an enterprise has multiple links, you can configure load balancing-
can configure the high-quality MPLS link as the primary link and the based traffic steering to make full use of the link bandwidth.
Internet link as the secondary link for this type of service. In addition, you
need to configure SLA requirements for the services so that intelligent
traffic steering can be performed based on link SLA.
Application Experience Optimization Policy: Intelligent Traffic Steering
Application priority-based traffic steering Bandwidth-based traffic steering
CPE2 CPE2
Low priority
Select a link that

meets the
MPLS Internet MPLS bandwidth usage Internet
requirement for
High priority new traffic.
High-quality link Low-quality link Bandwidth Bandwidth
(network congestion) usage: 70% usage: 2%
Voice and video

CPE1 CPE1 Voice application
File transfer
If multiple types of service packets are transmitted on the same link, traffic When the bandwidth usage of a link reaches the threshold, this link is not
of high-priority applications is preferentially processed in case of selected for new traffic of some applications, and other links that meet the
congestion, ensuring user experience of high-priority applications. requirements are preferred. This method ensures the bandwidth usage of
high-priority services and prevents application quality and link quality from
deteriorating due to network congestion.
Functions and Features of the SD-WAN Interconnection Solution
(2/3)
Cloud on-ramp for IaaS, one hop to six clouds,
Cloud on-ramp for SaaS, flexible path selection
cloud-network interconnection
Cloud
SaaS services Cloud
IaaS services
Direct SaaS AR1000V

access Security
cloud service
platform
Centralized SaaS access through
SaaS access DC/HQ
third-party security
through HQ cloud service platform
Branch Branch
The SD-WAN interconnection solution supports local breakout, The AR1000V virtual SD-WAN router is deployed on the
centralized breakout, and hybrid (local + centralized) breakout for public cloud to implement interconnection between branch
SaaS access traffic. The three SaaS access modes can back up each sites and the public cloud. The controller implements unified
other to ensure service continuity. The SD-WAN interconnection management and unified policy orchestration for the
solution also supports application-based traffic steering. CPEs have AR1000V and CPEs.
built-in security capabilities, reducing costs and simplifying O&M.
Functions and Features of the SD-WAN Interconnection Solution
(3/3)
Cloud on-ramp through PoP gateway, delivering private line-like quality with an Internet-like price
A PoP uses the private line for cross-area fast cloud access.
Cloud
SaaS
PoP PoP
Internet MPLS
CPE IWG PE PE IWG Cloud

A branch accesses the IaaS
nearest PoP through the AR1000V
Internet.
A PoP directly accesses the cloud through
the private line, achieving acceleration.
Specific applications can be configured to

Underlay Overlay directly access SaaS through the local CPE.
Physical CPEs and vCPEs can be flexibly deployed. Carriers and MSPs provide cloud acceleration value-added services for enterprise customers
through PoP gateways. Enterprise customers can access the cloud services through the nearest PoP gateways, delivering private line-like quality
with an Internet-like price.
Application Experience Optimization Policy: Multi-Fed and Selective
Receiving and A-FEC
Multi-fed and selective receiving A-FEC
CPE2 Restore lost data

P1 P2 X P4 based on the CPE2
original and
P1 X P3 P4
redundant packets
Selective receiving using the FEC
algorithm.
Packet loss Internet

4G/5G Internet occurs on a link.
Wireless link Wired link Send original and

P1 P2 X P4 P1 X P3 P4 redundant packets
based on the FEC CPE1 Video service
Multi-fed algorithm.
CPE1 Key services
When key services are transmitted in SD-WAN interconnection scenarios, The FEC technology uses Reed-Solomon (RS) coding to generate
the sending AR router can replicate traffic and send the traffic over redundant packets based on the original packets at the transmit end, and
different links. The receiving AR selects the packets and preserves the sends the original and redundant packets to the receive end, which then
packet order to ensure service experience. Because signals are sent over decodes the received packets to recover lost packets (if any). FEC can
two channels simultaneously, packet loss on either channel does not dynamically adjust the proportion of redundant packets to minimize
affect service experience. In this way, 0 ms switchover can be achieved.. bandwidth waste. This ensures smooth video services even at 30% packet
loss.
Contents
9. Intelligent O&M
Panorama of Intelligent O&M
Service • Wireless positioning
Intelligent assurance
Optimization
& Service Intelligent
Assurance • Intelligent radio calibration • AI roaming
optimization
Fault Group fault • Wireless group fault analysis • Wired group fault analysis
WAC analysis
Identification
& Root Cause
Individual
Analysis • Protocol trace
• Mainstream application analysis
fault • Poor-QoE client analysis
Big Data & ML
analysis
User Network Application

• Client journey • Network health • Topology
AP AP Experience
Experience • Terminal • Spectrum analysis management
Visualization • Mainstream
visualization dialing test • Large-screen • Third-Party device
Telemetry application
dashboard management visualization
management
iMaster NCE- Cloud-based Single-node Cluster

CampusInsight deployment deployment deployment
Contents
9. Intelligent O&M
Cloud Management of Security Services for Small Campus Networks
and Multi-Branch Networks
Integrates Huawei
iMaster NCE security service management
Firewall service security controller
management SecoManager • Intrusion protection system (IPS)
• Security policy
• File filtering
• URL filtering
• IPS • Content filtering
• Antivirus • Antivirus (AV)
configuration Internet • URL filtering
• APT defense • Application behavior control
• ...
Solution advantages
• Plug-and-play, rapid provisioning
FW FW  Hosting for small- and medium-sized enterprises,
interconnection between mass branches of large
enterprises
FW LSW  Proactive firewall registration for rapid management by
the cloud management platform
AP  Rapid and unattended deployment
AP AP • Policy delivery, unified management
 Remote security service configuration and management
 Remote device monitoring and fault management
Branch 1 Branch 2 Branch N
 Cloud-based management of massive numbers of devices,
simplifying O&M
Quiz
1. (Multiple-choice question) Which of the following intelligent traffic steering

modes are supported in Huawei SD-WAN Solution?
A. Link quality-based traffic steering
B. Load balancing-based traffic steering
C. Application priority-based traffic steering
D. Bandwidth-based traffic steering
2. (True or false) When free mobility is deployed on a campus network, the

authentication point of user terminals must be a Huawei device.
Summary
⚫ To build an end-to-end intelligent cloud campus solution, Huawei provides a variety of
products covering the access, aggregation and management layers, including four engines
(CloudEngine, AirEngine, NetEngine, and HiSecEngine), iMaster NCE-Campus, and iMaster
NCE-CampusInsight.
⚫ The Intent-Driven Campus Network Solution builds ultra-broadband, simplified, intelligent,
secure, and open campus networks for customers, so they can easily cope with challenges in
connectivity, experience, O&M, security, and ecosystem during their digital transformation.
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.
Copyright© 2024 Huawei Technologies Co., Ltd.

All Rights Reserved.
The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.

01 Huawei High-Quality 10 Gbps CloudCampus Solution

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01 Huawei High-Quality 10 Gbps CloudCampus Solution

Uploaded by

Copyright:

Available Formats

Huawei High-Quality 10 Gbps CloudCampus Solution

2. Huawei High-Quality 10 Gbps CloudCampus Solution

3. Full-Lifecycle Management and Automation of Campus Networks

10. Intelligent Security

Government Finance Education ISP Energy Transportation

60+ 50 32 100+ 20 230,000

267 35,000+ 470,000+

Working groups that Huawei

700 Huawei Dario Rossi

Router WLAN Switch Network security

NetEngine AirEngine CloudEngine HiSecEngine

No. 1 No. 1 No. 2 No. 1

• Experience-centric network configuration and management: The

• Simplified architecture for OT to IT migration: Huawei has

2024 Gartner MQ report

2. Huawei High-Quality 10 Gbps CloudCampus Solution

3. Full-Lifecycle Management and Automation of Campus Networks

10. Intelligent Security

Massive access Experience assurance Simplified O&M

Free mobility Video conference assurance O&M with AI

Employee Fast lane for video conferences

Intelligent O&M with a digital

10 Gbps to a room, 10 Gbps to

Bandwidth upgrade User concurrency upgrade Security upgrade

IoT upgrade Sensing upgrade Protocol upgrade

Upgrade to 10 Gbps bandwidth Architecture upgrade Security upgrade

Innovative RTU, pay-as-you-grow VXLAN + network slicing (for

100GE 100GE Unauthorized access terminals,

Built-in WAC: Built-in probe,

CloudEngine S8700 Quality

Define VIP user policies | VIP

manage VIP user experience

Industry Huawei Industry Huawei

User O&M expert

Closure Locating Closure Analysis

User experience Application experience

Network experience Terminal experience

Campus Digital Map

Wireless experience upgrade Application experience upgrade O&M experience upgrade

AirEngine Wi-Fi 6 & 7 CloudEngine S series switches NetEngine AR series routers

AirEngine 8700 Series

AirEngine 6700 Series

2024.Q2 2024.Q2 2024.Q2 2024.Q2 2024.Q2

AirEngine 5700 Series

AirEngine 5773-23WP AirEngine 5773-25HW

2. Huawei High-Quality 10 Gbps CloudCampus Solution

3. Full-Lifecycle Management and Automation of Campus Networks

10. Intelligent Security

Wireless network Network deployment Routine monitoring

WLAN Planner Shortens the Planning Time and Ensures Coverage

1 Obtain the floor plan.

2 Log in to Huawei online WLAN Planner.

3D Network Planning: Planning Effect Visualization and Roaming

Intent-Driven Deployment: Automatic Network Deployment Planning

Small- and medium-sized enterprises have simple campus networks and

Intent-driven deployment tool

Enterprise 10 to 30 minutes 10 to 30 minutes

• Automatic matching of device

Subject to change upon requirements

Automated Physical Network Deployment

1. Reduced device installation and deployment time

• Configuration screens and network planning are visualized.

Automated Virtual Network Deployment

Overlay Solutions and Customer Benefits