Professional Documents
Culture Documents
Advertorial
Advertor ia l
HUAWEI Agile Switch
Ad v e r tor i al
HUAWEI Agile Switch
Contents
01 Agile Switch: Changing the Future
14 Easy to Use
– Quickly Building a User- and Service-Centric Agile Network
Now, enterprise networks are undergoing dramatic integrates advanced routing capabilities, fine
changes: As more applications are migrated to granular user management, and T-bit AC, which
cloud networks, user experience is severely affected implement unified wired and wireless management
by packet loss, latency, and jitter. Social network and meets bandwidth requirements of 802.11 AC.
applications and HD video streams, which are The port and IP address based management policy
sensitive to traffic bursts and packet loss, bring used in traditional campus networks complicates
higher requirements on network quality, reliability, wireless service deployment and prolongs the service
and fault location. Ubiquitous wireless access deployment period. Huawei S12700 follows a user-
complicates policy management and deployment. centered management principle and provides fine
SDN is a trend but deploying SDN may bring risks granular user management functions on service cards,
to current services because the technology is so customers can quickly deploy various policies.
immature. New technologies and services keep The innovative ENP chip has commercial ASIC chips'
emerging on enterprise networks, and the general advantages of high performance and low power
service provisioning period has been shortened from consumption and provides unlimited flexibility,
several years to several months. Currently, device shortening new service provisioning period to as short
performance is no longer the bottleneck of network as 6 months.
development. However, the long development period
Change the network O&M model to offer an
of ASIC chips prolongs the new service provisioning
accurate, simple campus network management
period. It takes at least 24 months to make a brand
new service available, failing keep in pace with fast solution. Huawei S12700 uses the iPCA to identify,
development of enterprise services. color, and count service flows, which helps evaluate
network quality during data transmission. This
Implementing flexible service customization with algorithm implements end-to-end quality awareness
low costs and low power consumption is of great and real-time fault location on connectionless IP
concern in the industry. To face this challenge, networks, solving the problem of IP network fault
Huawei develops the first programmable chip detection. Huawei S12700 can virtualize wired and
Ethernet Network Processor (ENP). With the built- wireless networks into one network or even virtualize
in hardware acceleration components, integrated the entire network into a switch (where APs act
SmartMemory, and Huawei patented high-speed as ports of the S12700 switch). This significantly
algorithm, the ENP provides full programmability simplifies network management and configuration.
while retaining ASIC chips' advantages of excellent
performance, low costs and low power consumption. Change the SDN switch technology to better cope with
SDN evolution. Huawei S12700 can work on both a
traditional network and an SDN network. Customers
Changing the Future can deploy most services on the traditional network
As a core device on agile networks, Huawei and deploy a virtualized SDN network to try the new
S12700 agile switch changes traditional technology. When the technology is mature, customers
campus networks in the following can smoothly migrate services to the SDN network by
ways based on the ENP chip: simply upgrading the software. ASIC-based SDN switches
can only forward packets of known types, while Huawei
Change the service S12700 agile switch supports programmable forwarding
provisioning model on modes, forwarding behaviors, and search algorithms.
campus networks to The full programmability helps customers fast respond
provide services to service requirements and better cope with challenges
more agilely. in the future.
Huawei
S12700
Author: Wang Shihong, Vice President of
Huawei Enterprise Network Product Line
01
Advertor ia l
HUAWEI Agile Switch
Ethernet was first documented in a memo that Robert Metcalfe of Palo Alto
Research Center (PARC) wrote in 1973. In 1976, Robert Metcalfe co-invented
Ethernet: Distributed Packet Switching for Local Computer Networks", with David
Boggs. At the end of 1977, Robert Metcalfe and partners obtained the patent of
Multipoint data communication system (with collision detection). Multipoint data
communication system (with collision detection) is called Carrier Sense Multiple
Access with Collision Detection (CSMA/CD), representing the day Ethernet was born.
In 1979, Robert Metcalfe left PARC and then found 3Com. He convinced Digital
Equipment Corporation (DEC), Intel, and Xerox to work together to promote Ethernet
as a standard. The universal Ethernet standard was published in September 30, 1980.
At that time, there were two proprietary systems: token ring and ARCNET. These two
proprietary protocols were soon replaced by Ethernet.
With the development of Ethernet, Ethernet devices are also evolved continuously.
Early Ethernet devices such as hubs are physical layer devices and cannot isolate
collision domains, which limits the network performance. Switches (network bridges)
are Layer 2 devices that are able to isolate collision domains, greatly improving
Ethernet performance. As technologies developed, today's switches not only provide
Layer 2 forwarding, but also Layer 3 hardware forwarding. There are even switches
at Layer 4 or above.
According to the network layer where switches work, switches are classified into
Layer 2 switches, Layer 3 switches, and multi-layer and multi-service switches. The
following part of the document will describe the development of switch.
02
Ad v e r tor i al
HUAWEI Agile Switch
A hub works at the physical layer (layer 1) of the OSI model. It regenerates, shapes, and amplifies received signals to
increase the transmission distance, and is the center among other nodes.
Application Application
Presentation Presentation
Session Session
Hub will forward the received packets to all interfaces and transmit one data frame at one time. all hosts
connected through a hub are located in the same collision domain. When multiple hosts send data packets
simultaneously, many collisions will deteriorate the network performance. .All interfaces of a hub share bandwidth,
That means network built using a hub as the core is a shared Ethernet.
Hubs are not really switches, but play an important role during initial network development. They have been
deployed in access layer for a long time, and are often considered as Layer 1 switches.
Typical hubs include 3Com 3C16410 hubs and Cisco 1538 hubs.
03
Advertor ia l
HUAWEI Agile Switch
There is an episode in Layer 3 switch development. Early ASIC chip could not independently complete Layer 3
forwarding. Layer 3 switches in 2002 used the technology of one time routing and multiple times switching,
so they had strong Layer 2 functions and weak Layer 3 functions. As chip technologies develop, the ASIC chip
supports hardware-based route search, allowing switches to implement hardware-based Layer 3 forwarding. Old
layer 3 switches are quickly replaced by switches providing hardware-based Layer 3 forwarding. The switches
providing hardware-based Layer 3 forwarding also called routing switches.
Typical Layer 3 switches include Cisco 3750-X series switches and Huawei 5700-EI switches.
Multi-service Switch
In recent years, especially after 10GE was introduced, high-bandwidth services such as voice, video, and game
services became very popular. The development and deployment of these services created new requirements for
network devices, such as security, reliability, and QoS, in addition to connection. To reduce networking costs and
simplify management and maintenance, functions of network devices had to be integrated, promoting multi-
layer forwarding and integrated value-added service.
Limited by the ASIC chip, multi-service switches use the model that combines Layer 2 and Layer 3 services and
upper-layer value-added service. In practice, multiple physical devices are deployed. Actually, multiple devices are
installed in the same chassis. The multi-service switches using the hybrid model do not implement integration.
Typical multi-service switches include Cisco 6500 series switches and Huawei S9700 series switches. Huawei's
S9700 series switch uses distributed hardware forwarding architecture. It provides 18.56 Tbit/s switching
capacity , 12 service slots, multi-layer hardware forwarding capabilities such as bridge, IPv4, IPv6, and MPLS, and
value-added service capabilities such as load balancing, AC, firewall, and IPSec VPN.
3Com 3C16410
First generation Hub ASIC Shared LANs
Cisco 1538
04
Ad v e r tor i al
HUAWEI Agile Switch
Service flexibility is the major concern of switch It is predicted that by 2015, roughly 3.3 billion
development. To increase service flexibility of switches, terminals will be connected to the Internet, out of
vendors often use programmable ASIC to implement which 70% of these terminals will transmit services
multi-service capability. The programmable ASIC for Internet of Things applications. As one M2M
provides only partial programmability, for example, organization for Internet of Things is established,
user-defined packet parsing, and limited service IPv6 will extend its presence to industries such
flexibility, which cannot meet rapid and variable as energy, electricity, and transportation. As the
service requirements. Future switches must be fully Internet of Things becomes more popular and gains
programmable in order to meet rapidlyvariable service widespread use, many digital connections will be set
requirements. Switches can support new services up. Tomorrow's network devices must be equipped
simply by upgrading software, without having to to provide more entries to allow for expansion in the
replace hardware. This saves customer's investments. next five to ten years.
05
Advertor ia l
HUAWEI Agile Switch
The forwarding capacity of switches increased from 10/100 Mbit/s to 1000 Mbit/s or even 10 Gbit/s. The ASIC
chip is the core for this increase in forwarding capacity. However, with the rapid development of video, mobile
office, BYOD, cloud computing, and Internet of Things, the Ethernet network is required to provide stronger
forwarding capability, flexibility, smart control, and easy management. Therefore, there are new requirements for
performance and flexibility of Ethernet switches. Currently, switches support Layer 3 routing rather than merely
provide Layer 2 switching functions. Despite of this fact, they are mainly used to provide access for enterprise
terminals, which cannot meet the rapid development of new services in the cloud computing era. The root
cause is that ASIC chip could only identify predefined protocols and used fixed forwarding process.
Data channel
Buffer
IN OUT
Parse ACL L2 L3 Multicast Encapsulate Edit
Control channel Policy table MAC table Routing table Multicast table Encapsulation table
Commercial network processor (NP) is developed to replace the ASIC chip. Can commercial NP
overcome the disadvantages of the ASIC chip and be an ideal choice for Ethernet switches?
06
Ad v e r tor i al
HUAWEI Agile Switch
MAC
Memory Arbiters
Search I instruction NPU group
External
Resolve instruction NPU group DRAM
Search II instruction NPU group
Modify instruction NPU group Packet Memory
MAC
A commercial NP consists of the NPU, instruction memory, table memory, packet memory, and table DRAM. This
design improves flexibility of each module in an NP. During service deployment, service processes need to be
divided. The instruction space of each NPU group is limited. If the instruction space is exhausted, the NP cannot
support new services. When service processes are incorrectly divided, some NPU groups are heavily loaded,
causing a bottleneck. As a result, although the NP has limited flexibility improved compared with the ASIC chip,
its overall performance is still not satisfying.
Although programmable ASIC chip is developed to meet service flexibility requirements to a certain degree, it is
just a transition. Should ASIC chip continue to be developed or should other technologies be used to develop
the switch forwarding chip?
07
Advertor ia l
HUAWEI Agile Switch
指令Memory MAC
指令Memory MAC
指令Memory MAC
Instruction Memory MAC
1. Complete instruction space and hardware data consistency. This may cause access bottleneck.
acceleration, offsetting disadvantages of
Huawei ENP has an integrated SmartMemory. The
commercial NP
storage unit integrates calculation and analysis
ENP can access complete instruction space because capabilities. This reduces exchanges between the
the NPU group of ENP is different with commercial primary calculation unit and SmartMemory, greatly
NP. Each NPU group of ENP can execute any of these improving efficiency between the calculation unit and
instructions such as Parse, Search I, Resolve, Search II, storage unit.
and Modify. The ENP does not need to switch services
to different NPU groups allowing for fast services. SmartMemory integrates Huawei-developed search
engine, co-processor, and traffic management. It
In addition, the ENP uses multi-thread technology,
provides all algorithms for memory operations such
reducing the impact of the I/O access latency on NPU
as search, calculation, and read and write just like
performance.
that of commercial NP or ASIC. The algorithms can
be invoked by any function unit such as rate limit and
2. Huawei SmartMemory, Solving Memory
statistics collection units of the ENP.
Access Performance Problem
Commercial NP and ASIC separate the calculation 3. Supports for Millions of Flow Entries and
unit from the storage unit. As a result, the physical Hybrid OpenFlow
distance between the calculation logic unit and
storage unit increases, and exchanges increase SDN solution based on Hybrid OpenFlow uses
between them. Data access is delayed and power OpenFlow and traditional routing method to forward
data and control traffic. With programmability and a
consumption is high. If the same address is accessed
maximum of 16M flow tables, the ENP-based switches
by multiple threads, addresses are latched to ensure
08
Ad v e r tor i al
HUAWEI Agile Switch
09
Advertor ia l
HUAWEI Agile Switch
10
Ad v e r tor i al
HUAWEI Agile Switch
11
Advertor ia l
HUAWEI Agile Switch
that of CSS technology. CSS technology exchanges data twice, whereas CSS2 exchanges data between chassis
once only. CSS2 has a delay of only 21 μs, which is the lowest inter-chassis delay and 60% of the industry
average. In stack scenarios, traditional network vendors who use CSS technology require every switch to have
at least one MPU. Compared to CSS technology, CSS2 uses a single MPU to manage the entire cluster. As long
as one MPU is present in the cluster, the cluster can work normally, implementing 1+N backup. Mainstream
vendors cannot provide these technologies. Huawei S12700 ensures network reliability using hardware-based
cluster and 1+N backup of CSS2.
MPU MPU
SFU SFU
S12700 uses Huawei-developed Ethernet Network Processor (ENP) that provides full programmability. ENP is
a new processor customized by Huawei for Ethernet. It inherits flexibility and entry buffer of traditional NPs, and
provides low power consumption and high performance, with higher ratings than that of the ASIC.
Power
Chip Performance Flexibility Integration Entry
Consumption
ASIC High Low Medium Low Low
NP Medium High Medium High High
ENP High High High Low Medium
The main highlight of the S12700 is the programmability of ENP chip. The forwarding architecture and
process are changed by the continuous upgrade of micro codes. This results in the ability to meet the service
requirements of the next10 years with a simple one-time investment. S12700 has built-in AC and BRAS
capabilities. S12700 also enhances user management and provides external interfaces in the control plane.
The forwarding plane including forwarding resources, forwarding processes, and packet encapsulation is fully
programmable. S12700 is flexible and able to better support future SDN development.
S12700 implements high scalability with service capabilities of high-end routers. S12700 provides four
mainstream cards: 48GE optical interfaces, 48GE electrical interfaces, 4*10GE+24GE optical+8 Combo interfaces,
and 8*10GE+8 Combo interfaces. Figure 2 shows S12700 compared with the ASIC.
12
Ad v e r tor i al
HUAWEI Agile Switch
Large routing and MAC tables are important in meeting the ever growing of IPv4/IPv6 networking and Internet
of Things. A large buffer solves problems caused by burst traffic and congestion of high-speed services such as
HD video services, large searches of data in data centers, and batch image transfers.
As wired and wireless traffic such as Ethernet voice, data, and video increase, networks transmit combinations of
multiple services from different users. Different services require different QoS levels and the priority of the same
service originating from different users varies. For example, voice services have higher network requirements
than data services, while Telepresence services demand lower latency than voice services and VIP users have
higher priorities than common users. S12700 provides 5-level QoS. It can schedule traffic based on services and
provide hierarchical QoS deployment. With large-capacity NetStream flow tables, S12700 can better analyze
enterprise network traffic and offer visualized applications. S12700 is highly scalable and allows development of
the enterprise network services.
13
Advertor ia l
HUAWEI Agile Switch
Easy to Use
– Quickly Building a User- and Service-Centric Agile Network
By/Shen Ningguo
T he rise of Bring Your Own Device (BYOD) is an inevitable trend for enterprises. Statistics show that BYOD
has been widely used in the commercial industry, for example, about 60% employees have used their
own devices in work. Similar new applications are emerging rapidly, which poses new challenges to enterprise
networks: enterprise applications on SNS networks, wireless access, wide coverage area, and network openness.
To meet these challenges, enterprises must quickly build a user- and service-centric agile network. Although
networks are fast-changing, the core is the requirement that network operation and maintenance (O&M) mode
should be transformed from being "centered on device management" to being "centered on user management."
It is, however, difficult to make such transformation because "centered on user management" changes network
management from a static structure into a dynamic structure, greatly increasing network instability and network
management complexity. This change may be critical to enterprises. To adjust to such change, enterprises have
to build an easy-to-use network.
14
Ad v e r tor i al
HUAWEI Agile Switch
15
Advertor ia l
HUAWEI Agile Switch
daily office work activities and in conference room 4) Flexible Rights Control and Access Record:
settings. Personal tablet PCs can be mounted on the rear Traditional networks can perform only large-granularity
side of a security sandbox and holds the same level of access control through VLANs due to the limited rights
access rights as that of laptop PCs. Tablet PCs are used control function of low-price access switches. Agile
for office work and conference room environments. enterprise networks must perform different access rights
Tablet PCs that are not equipped with a security sandbox control on different users and terminals. This requires
that has the same rights as that of mobile phones and network devices to have powerful user rights control
can access internal resources such as yellow pages and functionality. In addition, in open networks, users'
internal social networks. behaviors must be recorded in detail for subsequent
post-event audit; further requiring network devices to
3) Rich Media: Future enterprise networks must have powerful traffic analysis and record capabilities.
support not only traditional data and voice services,
but also rich media such as real-time video services 5) Limited Investment and Simplified
to improve communication efficiency and reduce Management: Although network functions must
communication costs. Different from the voice service, be continuously enhanced and updated, enterprise
real-time video service has high requirements delay, networks are marginal infrastructure. Investment in
bandwidth, and packet loss ratio (video quality). networks is controlled, and network management
Traditional video service is rather limited and can be labor resource is limited. As a result, enterprise will not
transmitted only by building a private network. In agile accept state-of-the-art, costly network architecture
enterprise networks, users can obtain real-time video or a brand new solution that puts high requirements
services on any terminal. As a result, the private network on network management. Therefore, maintaining
solution is not feasible. Therefore, real-time video the original solution's compatibility while making sure
service detection and service guarantee are inevitable existing networks remain intact and simplifying network
requirements on enterprise networks. management has become the key toward building agile
networks.
16
Ad v e r tor i al
HUAWEI Agile Switch
Huawei S12700's Native BRAS, mechanism, which can work with external servers to
precisely detect the terminal type, software version, and
Delivering Better User Experience
software environment (malicious and virus software) of
To provide faster and better services to ubiquitous users.
networks, Huawei has introduced its industry-
3) Centralized User Policy Control Mechanism and
leading BRAS user control, service provisioning, and
Policy Delivery Mechanism: The Huawei S12700 can
management simplification components in the latest
be managed by an authorized server in a centralized
S12700 series of agile switches recently launched to
manner to perform complete access rights control and
the market. The Huawei S12700 series switches are
provide quality of service (QoS) guarantees on users.
specifically designed and oriented to serve enterprise
networks. Huawei has developed new dedicated 4) Service Assurance: By introducing the ME60's five-
Service Process Units (SPUs) for Bring Your Own level hierarchical scheduling mechanism based on user
Device (BYOD) networks to help users implement or service granularity, the Huawei S12700 can precisely
quick network upgrades. detect services and perform fine-grained protection
mechanisms on user services to ensure high quality of
Huawei BRAS products with ME60 as the
real-time video services.
representative product provide fine-grained,
simplified, and high-quality broadband remote 5) Behavior Check and Audit: The Huawei S12700
access services for hundreds of millions of China supports the high-capacity NetStream function and is
Telecom users. Thanks to its rich experience and deep therefore capable of recording users' network access
technical accumulations, Huawei has successfully behaviors for subsequent post-event behavior check and
put forth a new creation and raised eyebrows in the audit.
enterprise network market – by recently introducing
the industry-leading user and service management 6) Service Customization: Based on Huawei
components of BRAS (ME60) tied in the Huawei proprietary Ethernet Network Processor (ENP), the
S12700 agile switch series. Huawei S12700 can customize differentiated service
processing logic through software upgrade to satisfy a
The Huawei S12700 is fully compatible with wide variety of service requirements.
all existing enterprise networks. Powerful user
management functions can be introduced without The preceding competitive features allow the Huawei
the hassle of upgrading or reconstructing widely S12700 to assist you in quickly building a user- and
deployed access and aggregation devices but instead, service-centric agile network.
only has to upgrade core and aggregation devices
to provide new services. In addition, the centralized
user management mechanism can significantly reduce
user and service management workload. In general,
the Huawei S12700 offers the following competitive
features:
17
Advertor ia l
HUAWEI Agile Switch
Huawei S12700
Opens the T-bit AC Era
By Zhang Junguang
18
Ad v e r tor i al
HUAWEI Agile Switch
I n February, 2013, the Dell'Oro Group released a market report, predicating that the WLAN market revenue will
exceed 11 billion U.S. dollars in 2017, an increase of nearly 50% compared to 2012.
What drives an exponential increase in wireless networks includes WLAN deployment made by Internet service
providers (ISPs), rapid increase in enterprise mobile applications, surge in wireless-based video services, BYOD
and 802.11ac development. New applications present new challenges for the existing network architecture, for
example, uniform policy for wired and wireless integrated management. Additionally, more and more functions
are bundled into APs(access points) or ACs(access controllers), continuously increasing user costs.
A new trend in wireless networks is that an increasing number of large enterprises begin to regard WLAN as a
production-oriented network that can run key services. Currently, most deployed wireless networks use Fit AP
architecture, requiring an AC to perform centralized data forwarding. Therefore, AC forwarding performance is
critical. The rise of BYOD and trend of wireless office have led to a huge growth in the size of wireless enterprise
networks. Meanwhile, with the popularization of IEEE 802.11ac GE wireless networks, AC performance becomes
a network bottleneck. Solving this bottleneck problem is becoming a challenging task for the industry.
19
Advertor ia l
HUAWEI Agile Switch
20
Ad v e r tor i al
HUAWEI Agile Switch
and wireless networks must be performed separately, and flexibility; therefore, if in the future enterprise
increasing overall network O&M costs. Each ACU on a users need to implement seamless upgrade, all they
chassis switch functions as an independent AC node have to do is add cards to adjust to the growing size
that uses the slot and power supply of the switch. of their wireless networks.
Unified management of the entire switch cannot be
implemented. Real Convergence of Wired and Wireless
Networks
Three Advantages of Huawei The Huawei S12700 native AC, backed by innovation
S12700' Native AC and technological advancements, draws upon the
experience acquired from "AC managing APs" to
Huawei S12700 agile switches use high-performance
implementing the known practice of "core switches
ENP chips, solving the AC performance bottleneck
managing access switches." Ethernet service
and opening the T-bit AC era.
interface cards (SICs) that have the functions of
native ACs not only forward wired and wireless
Industry's First T-bit AC
services in a unified manner but manage APs and
Traditional AC functions can be implemented by wired access switches and deliver configurations
independent physical devices or independent physical in a unified manner. The SICs are the first cards to
cards on chassis switches. The T-bit AC of the Huawei implement unified management of wired and wireless
S12700 core switch series is based on advanced ENP networks, unified policy, and unified forwarding in
technology, integrating AC and Ethernet switching the industry, integrating wired and wired networks,
functions. Each card supports 80 Gbps of line- greatly reducing enterprise network O&M costs, and
speed forwarding, which is two times or more the promoting enterprise IT service innovation.
industry average. When fully loaded, the entire AC
device can support a maximum of 960 Gbps line- T-bit AC Era Is Coming
speed forwarding and is capable of managing
2,000 APs at a single time. In addition, the entire With the rapid development of WLAN technology,
AC device provides T-bit CAPWAP encapsulation when 802.11ac WLAN products use 4x4 MIMO 160
and decapsulation and Layer 2 and Layer 3 data MHz bandwidth, wireless network bandwidth can
forwarding capabilities. Furthermore, the number reach up to 3.5 Gbps. In this situation, centralized
of APs managed by Huawei's S12700 T-bit native ACs just cannot satisfy the bandwidth requirements
ACs is multiplied, which is significantly greater than of services. Huawei is going to launch a hierarchical
that of traditional independent ACs. Moreover, the AC solution. The upper layers of this brand new
number of Huawei S12700 T-bit native AC users is AC solution will be able to implement unified
also multiple times that of traditional independent AC management across all APs and services on the entire
users. network through use of cloud ACs. As for the lower
layers of this solution, they will implement wireless
service traffic forwarding capabilities by principle
Native ACs with Lower Users' Investment Costs
of proximity through programmable aggregation
Users do not need to purchase independent AC switches. This hierarchical AC solution will lower the
devices or native ACs, but instead just implement performance requirements of ACs when performing
unified management of wired and wireless users by centralized forwarding.
using Huawei's S12700 native ACs and broadband
remote access server (BRAS). In this way, network
deployment is simplified, and customers' investment
is reduced. Built-in native ACs occupy no excessive
cabinet space or port resource, saving customers'
investment in telecommunications rooms. In addition,
the Huawei S12700 native AC features high scalability
21
Advertor ia l
HUAWEI Agile Switch
22
Ad v e r tor i al
HUAWEI Agile Switch
Automatic Upgrade
Industry's First "Zero Access Layer
Configuration" Solution The Huawei S12700 series agile switches save version
files of access switches and APs. Through the MAC
In the era of "data is king", a huge amount of production address and IP address of devices, number of users,
and business data is transmitted on wired and wireless and number of access ports in Up status, the Huawei
converged networks. Network management must adapt S12700 can automatically upgrade based on service
to changes in the campus network architecture. For requirements, preventing disordered scheduling
example, uniform management of wired and wireless during batch upgrade from causing network
users and uniform configuration of wired and wireless congestion.
services are important in this era.
Wireless
Wired user
user
23
Advertor ia l
HUAWEI Agile Switch
According to a Gartner report, active network problem prevention has become the major drive force of
customers' O&M investments, contributing to 27% of total investment. The second and third drive forces are
fast network troubleshooting and service level agreement (SLA), accounting for 15% and 12% of investment
respectively.
Traditional IP networks have many "invisible" maintenance items. For example, traditional network management
provides only network performance data, but the network administrators are unaware of service data on the
network. That is, the service performance is invisible. This invisibility results in low fault locating efficiency. Routes
are also invisible. As network administrators do not know service transmission
paths, they cannot take preventive measures for network failures caused
by route flapping.
24
Ad v e r tor i al
HUAWEI Agile Switch
Weakness of Tradition Fault necessarily the one through which service packets
pass. As a result, the detected path quality cannot
Diagnosis represent the service packet transmission quality.
Network quality diagnosis and quality evaluation are
the two core issues of network maintenance. Usually, iPCA
IT managers cannot determine whether there is a
potential risk in the network and do not know where O&M of enterprise campus networks focuses on not
a fault has occurred. They cannot make an objective only network function and performance but user
evaluation of performance and quality of services such experience and network quality. iPCA technology
as video, voice, and network access. Performance provided in Huawei's S12700 series agile switches
and quality diagnosis of traditional campus networks can quickly detect any user's video and voice service
lack effective end-to-end (E2E) location methods. As quality and instantly locate faults that may occur
a result, fault diagnosis is not only difficult and time- at network links, cards, and even chips, greatly
consuming, but cannot meet user requirements. improving O&M efficiency. iPCA makes networks
easy to use, leading to essential change in enterprise
Network performance fault diagnosis and quality campus networks.
evaluation are essential. Already industry-backed
research teams and standard organizations are Packet Conservation Algorithm for Internet (iPCA)
engaged in the establishment of applied technical is a pipe monitoring technology that detects
research and standards. IETF formulated the network quality in direct measurement mode. iPCA
RFC5357 (a Two-Way Active Measurement Protocol) can measure network packet loss, delay, jitterand
and RFC4656 (a One-way Active Measurement implements precise fault location through hop-by-hop
Protocol (OWAMP)), which are used for IP network fault detection. Huawei launches the S12700 agile
performance statistics collection and fault detection. series switches that feature flexible programmability
Meanwhile, Cisco has put forward its own proprietary and implements the iPCA function. The S12700
Service Assurance Agent (SAA) Solution, while greatly improves network quality detection and
Huawei uses the Network Quality Analysis (NQA) precise fault location capabilities and greatly reduces
mechanism to respond to the requirements of IP network operation and maintenance (O&M) costs.
networks for maintainability and operability. All
To solve existing problems associated with the
these fault detection mechanisms have one common
detection method such as long fault detection
characteristic. That is, they all have an indirect
time, fuzzy fault scope determining, and low quality
measurement method and require insertion of
evaluation precision, Huawei introduced its fully
dedicated detection packets, calculating the detection
programmable S12700 series agile switches equipped
packet loss ratio to indirectly derive the service packet
with Ethernet Network Processor (ENP) chips to
loss ratio. IP communication is connectionless, so the
implement the iPCA solution. In addition, the S12700
path through which detection packets pass is not
is applicable to precise O&M of enterprise networks.
25
Advertor ia l
HUAWEI Agile Switch
As shown in Figure 1, the working process of the iPCA sending test traffic. The detection path is the same as
solution consists of two parts: measurement control the real service path. Faults on links, cards, and even
servers and agile switches. The measurement control chips can be detected.
servers receive requests of users for performing
detection on the target service traffic, inform agile ENP, Allowing Detection of Any Service Traffic
switches of performing detection, collect statistics
To perform fault detection on the target service traffic,
of each agile switch, and perform calculations and
the service traffic must be differentiated and dyed.
generate reports.
Performance of traditional switches is relatively low
The iPCA offers the following advantages: and these traditional switches can only differentiate
the service traffic by using limited ACL resource and
can dye the service packets only by using CPU. As a
Huawei's Patented Technology, Solving Problems
result, traditional switches cannot be deployed on a
in IP O&M massive scale. Huawei's S12700 series switches are
based on Huawei's patented ENP technology and
Huawei creatively uses the only reserved bit (Bit 0 in
can support up to 256 K access control list (ACL). The
the Flags field) in the IPv4 packet header to dye the
S12700 can identify any service traffic and dye the
target service traffic. Most of the services that use IP
service traffic using microcodes, implementing faster
for communications must have standard IP packet
line-speed forwarding capability.
headers. This dyeing method does not rely on the
service type, but instead allows the device to perform
hardware processing more easily.
26
Ad v e r tor i al
HUAWEI Agile Switch
eSight
Video Video
Video Video
VOICE VOICE
Wired Wired
VOICE VOICE
detection
Internal campus network quality deteciton WAN E2E network quality detection
As shown in Figure 2, in this campus usage scenario, iPCA can detect network performance indicators at the
access, aggregation, and core layers and network segments of a WAN network in a hop-by-hop manner. iPCA
can quickly and precisely determine the fault scope and can also immediately determine on which card or even
which chip in the network a fault occurs, providing strong guarantee for fault troubleshooting. Even though
WAN networks do not support the iPCA feature, whether a fault occurs in the WAN network can be determined
by analyzing the campus ingress and egress at both ends of the WAN connection. In this way, responsibilities
can be clarified.
27
Advertor ia l
HUAWEI Agile Switch
28
Ad v e r tor i al
HUAWEI Agile Switch
Campus network construction has some common requirements, among which the fine granular management
of users acts as the core requirement. To meet this core requirement, device vendors in the industry provide
two traditional user management solutions: user management based on access and exit authentication; user
management centered on independent broadband remote access server (BRAS). The first solution has low
requirements on switches, but its management capability is limited. The second solution supports fine granular
user management, but users must purchase an expensive BRAS separately.
29
Advertor ia l
HUAWEI Agile Switch
BRAS 2 BRAS 3
Internal network Internal network
resource resource
AC 2
Broadband remote access server (BRAS) was authentication on terminal users using PPPoE or IPoE
successfully deployed on carrier networks and protocol through QinQ encapsulation. Then BRAS
is now being introduced to campus networks. sends an authentication request to the AAA server
BRAS provides multiple strong authentication using the RADIUS protocol. After authentication is
and accounting functions: PPPoE authentication, complete, the AAA server authorizes the BRAS and
IPoE+QinQ authentication, 802.1x authentication, enables accounting to further implement integrated
Portal authentication, traffic-based accounting, authentication and monitoring of both internal
duration-based accounting, prepayment, package- and external networks. As for wireless terminal
based accounting, accounting protection, and non- (STA) users, the AC authenticates STAs as shown in
charged accounting. As shown in the above figure, the abovefigure. Once authentication is complete,
regarding wired users, the access switch assigns a the AAA server continues to performs admission
VLAN to each user to isolate traffic of access users, authorization on the AC. In the meantime, the AAA
ensuring unauthorized users cannot access one server delivers the authorization information to the
another. The access switch adds the Layer 1 tag BRAS and performs exit authorization to implement
to user traffic packets, and the aggregation switch "one authentication for two authorizations."
adds the Layer 2 tag to user traffic. BRAS performs
By using dedicated BRAS that manages users, this
solution features centralized authentication and
simplified management. Nevertheless, this solution
has the following drawbacks:
30
Ad v e r tor i al
HUAWEI Agile Switch
2
of Wireless Access Points (CAPWAP) tunnel of
1
the access point (AP). Then, the core switch, with
Access AP built-in BRAS and AC functions, sends the user's
switch
authentication information to the AAA server. After
Wired terminal Wireless terminal the authentication is complete, the AAA server
user user
performsauthorization , accounting, and behavior
monitoring on the wired or wireless user through
the core switch. Compared to other traditional user
By integrating the advantages of these two solutions,
management solutions, this solution features the
Huawei launched the Unified User Management
following advantages:
(U2M) Solution directly centered on its own S12700
series agile switches. The S12700 card implements
Industry's Unique Native BRAS and AC
the BRAS feature and unified authentication of
wired and wireless users. An independent user table
Huawei's fine granular user management solution
is assigned to each user to implement user rights
which is centered on its industry-leading S12700
control, bandwidth control, and quality of service
series agile switches provides built-in BRAS user
(QoS) control. The Huawei U2M solution implements
management and AC functions. Customers can
the transformation of campus networks from being
31
Advertor ia l
HUAWEI Agile Switch
implement unified management of wired and wireless maintenance (O&M) requirements, this solution
users without the need of purchasing BRAS devices, uses different authentication modes to implement
AC devices, or –built-in ACs. This solution simplifies differentiated management and control. For example,
network deployment, reduces customer investments, in the dormitory area, the PPPoE authentication mode
and supports both IPv4 and IPv6. can be used to prevent students from conducting
malicious network attacks. In the teacher's office
Consistent Experience and Differentiated area, IPoE+QinQ authentication mode can be used to
simplify the authentication process without installing
Services
a PPPoE client. Additionally, the simplest MAC address
The Huawei S12700 is capable of providing a authentication mode can be used for dumb terminals
consistent user experience, no matter whether it is a such as printers.
user accessing the network directly from STAs such
as a smartphone, tablet PC, or terminals running Simplified Policy Management and Cancellation
on an Android operating system (OS) or wired of ACL Configuration
terminals such as desktop PCs and video terminals.
In addition, the S12700 supports full-scale, five-level Traditional campus networks are essentially "device
hierarchical quality of service (HQoS) scheduling and management-centric". Bandwidth management
provides differentiated services for different levels of and rights control can be performed on users rather
customers, fulfilling the objectives of "same account than ports only by using the limited ACL resource on
for wired and wireless users, different network access switches. The S12700 uses a "user management-
speeds for internal and external networks, and centric" design idea. Each user has an independent
different costs of IPv4 and IPv6 deployment." user list that is used to perform user rights control,
bandwidth control, and QoS control. The S12700 can
Centralized Authentication and Access Layer authorize users based on user group, domain, and
time. Upstream and downstream bandwidth (8 kbit/
Isolation
s) is controlled. Based on simple and flexible policy
Wired and wireless users are authenticated on management, the S12700 allows for differentiated
the built-in BRAS in a centralized manner, in spite accounting according to different time periods, service
of differences in performance capabilities and types, and access addresses. Moreover, Huawei's
access modes of access layer devices. Huawei's U2M solution can effectively conduct security policy
U2M Solution supports multiple authentication association to improve security. For instance, a user
modes including PPPoE authentication, 802.1x can access a greater amount of teaching resources in a
authentication, MAC address authentication, laboratory than that in a dormitory building.
Portal authentication, and IPoE authentication. To
satisfy diversified area and network operation and
32
Ad v e r tor i al
HUAWEI Agile Switch
Summary
33
Advertor ia l
HUAWEI Agile Switch
T he development of the virtualization, cloud computing, and Internet of things technologies helps migrate the
metro networks to agile, dynamic, and reliable cloud Ethernet. As the platform of a city's IT infrastructure
platform involving government, education, and broadcast & television, a low-cost metro network must provide
high bandwidths, carrier-class reliability, and energy conservation. However, traditional switches cannot fulfill
these requirements.
Why Traditional Switches Cannot high service quality. Traditional QoS policies schedule
traffic based on ports. A port can only identify service
Meet MAN Requirements? priorities, but cannot identify users and service types.
The following features of traditional switches hinder This creates a bottleneck in service quality improvement.
them from meeting MAN requirements: H-QoS solves this problem by not only providing
refined network services for high-priority users, but also
providing unique experiences for different user groups.
1. Routing capability
Due to the limitations of ASIC chip, traditional Layer 3
Actually, the routing entries of a backbone router switches cannot support H-QoS.
running BGP-4 have reached 500K. Therefore, MAN
devices should have high routing and forwarding 4. Availability
capabilities. Traditional Layer 3 switches use the ASIC
chip which restricts routing and forwarding capabilities. The ASIC does not support Non-Stop Routing (NSR),
These traditional Layer 3 switches support a maximum fast reroute (FRR), and fast routing convergence, so
of 512k FIB entries, and the convergence time of every services may be interrupted when network topologies
1000 routes is about 30 seconds which is too long to change. This restricts routing and forwarding
meet MAN requirements. capabilities of the switches.
34
Ad v e r tor i al
HUAWEI Agile Switch
Internet Backbone
S12700 S12700
S12700 S12700 S9700
S9700
S12700 S12700
S12700 S9700
S9700
S12700 agile switch supports comprehensive MPLS Using various reliability technologies to ensure
features for large-sized MANs with complicated MAN stability
network nodes. The emergence of new services can
expand the network topology dynamically. The S12700 supports the Huawei-invented CSS2
technology, which is an upgrade to the older CSS
technology. Based on the core router platform, CSS2
Using large-capacity application tables
forwards packets between the switches through a
The S12700 agile switch supports 3M FIB entries and switching fabric unit instead of ports on the service
completes a convergence of 6K routes within 1 second. cards. Therefore, the possible fault points are reduced
This performance is equivalent to the performance of a and software security risks are minimized. In addition,
router. Integrating routing and switching, the S12700 the S12700 uses the ENP to send Ethernet OAM
not only meets the complex service requirements packets within 3.3ms, which is the shortest Ethernet
of a large-sized MAN, but also is upgradable and OAM detection time in industry. Using the ring
supports capacity of expansion for future network protection mechanisms such as SEP and G.8032, the
configurations. S12700 implements a failover within 50ms.
35
Advertor ia l
HUAWEI Agile Switch
O n April 15, 2013, bombs were detonated during the Boston Marathon, resulting in injury and losses
of life. Within four days, one of the suspected bombers had been killed and the other captured. Video
surveillance technology was the key to identifying the suspects and resolving this case quickly.
According to a report of Frost & Sullivan, before 2016, the compound annual growth rate of network video
surveillance will reach 16%. The growth rate in Asia is the fastest because China, Australia, and Singapore have
announced a series of solutions that guarantee the security of IT infrastructure. In Europe, the IP network video
surveillance systems in cities also develop fast.
A video surveillance system monitors the public places and transportation of a city. It plays
an important role in preventing and reducing crime, and provides
36
Ad v e r tor i al
HUAWEI Agile Switch
evidence for identifying suspects. China has deployed video surveillance systems in several large cities since 2004
and in most major cities since 2010.
With the deployment of safe city and safe campus in many cities of China, the video surveillance is widely used
in the airport, subway, and electricity fields. The IP network surveillance systems boost the video surveillance
market in China because they have wide coverage, seamless upgrade capability, and are suitable for complex
networks. The network video surveillance solutions have been acceptable by many people.
High reliability: The video surveillance system requires high network reliability.
If the network connection is interrupted, key data or evidence may be lost.
Therefore, video surveillance devices should attain at least 99.99% reliability,
avoiding single-point failures and service interruption.
37
Advertor ia l
HUAWEI Agile Switch
Aggregation
Town
layer
Access
Police office layer
AP
The Huawei S12700 supports high-density 10GE, Networks have the aggregation feature, so the video
40GE, and 100GE ports, and serves as the core surveillance places high requirements on the capacity
of a video surveillance network. Multiple S12700 of network core devices. The S12700 supports 5-level
switches can set up a CSS2 system through switching H-QoS to precisely classify and schedule traffic,
fabric units to accommodate high traffic volume. In forwarding high-priority traffic first. The core of an
addition, Huawei provides plenty of Layer 2 and Layer S12700 is the ENP chip. The chip has integrated 1.5G
3 access switches to allow 100M, 1000M, optical, Byte memory to cache packets, ensuring reliable and
and electrical access. smooth video transmission.
38
Ad v e r tor i al
HUAWEI Agile Switch
Video surveillance
technologies have
been developed from
analog to digital,
on-site to remote,
video recording to
intelligence alarming, and
wired to wireless. The Huawei
video surveillance solution provides
high-quality, highly reliable data transmission
and flexible access methods for customers.
39
Advertor ia l
HUAWEI Agile Switch
A t the end of 2012, more than 100 million STBs were being used in China. According to a research report
in China, there are predicted to be an average of 40 million new STBs per year from 2013 to 2017. As HD
STBs (high-definition set top boxes) become more widely used and video on demand (VOD) services continue to
develop, there are higher demands on metro area networks (MANs) to provide higher bandwidth, shorter delay,
and higher reliability. Existing IP networks cannot meet VOD service requirements.
Besides the HD video service, broadcast & television carriers can provide broadband network access, multimedia
communication, VIP VPN, and enterprise dedicated line services. How can a broadcast & television carrier
upgrade the network to meet VOD requirement? The answer is an intelligent network with large buffer and high
reliability.
Three Network Demands of VOD because many users use the VOD service and perform
varied operations. If the network cannot handle the
burst traffic, packets will be discarded.
Demand 1: High bandwidth and reliable
networks
Demand 3: Network quality control platform
With the increasing number of VOD users, bandwidth
The HD VOD service puts high requirements
must undergo a 10-fold increase to support the large
on a network. When the network meets these
volume of HD VOD videos being streamed. Network
requirements, users will have a good experience.
devices must have powerful data processing and
Common network operation and maintenance KPIs
forwarding capabilities to distribute VOD streams to
cannot meet customer requirements, so the broadcast
lower-layer networks.
& television carriers must understand the network
The core and aggregation devices must have high operating status, precisely evaluate VOD service
capabilities to process high traffic volume. If one quality, and accurately know the network connection
device is faulty, the entire network is affected. status of each user. This would allow the carriers to
Therefore, these devices must be highly reliable. quickly locate faults and network nodes with possible
A switchover between devices should not affect risks.
services.
40
Ad v e r tor i al
HUAWEI Agile Switch
Service
Unique CSS2 technology and shortest
platform Data Voice
VOD Ethernet OAM detection time 3.3 ms,
ensring low delay, high bandwidth,
and high reliability
Province S12700
network
40G/100G
Lndustry-leading large buffer, coping
City with burst traffic, preventing erratic
S12700
network
display and packet loss
10G/40G/100G
S12700/S9700
Town 1G/10G
network/access Huawei-patented iPCA changes rough
network network management to refined
network management. Compared with
traditional evaluation methods, this
method is precise, has low cost, and is
applicable to any type of network.
Enterprise Residential Home
area
Unique End-to-End Hardware Protection Switchover to packet loss, and generate burst traffic. A switch using
an ASIC chip has only 4 MB buffer on each card, so it
The end-to-end hardware protection switchover works cannot handle burst traffic generated by video streams.
at device level and network level. As a result, video images can become garbled. The
Device level: The S12700 supports Huawei-developed S12700 uses the ENP chip, which can be connected to a
CSS2 technology, which is different from clusters set up DDR memory to provide a 1.5 GB buffer on each service
through the ports on service cards. Based on the core card. This large buffer ensures reliable and smooth
router platform, CSS2 forwards packets between the transmission of video streams.
switches through a switching fabric unit. Packets do
not need to pass through service cards. Therefore, the Huawei-Developed iPCA Helping Precise
possible fault points are reduced and software security Network Operation
risks are minimized. In addition, compared with service
port-based clusters that forwards packets between Based on 20 years of experience in IP network
chassis multiple times, CSS2 implements inter-chassis maintenance and operation, Huawei researched
packet forwarding only once, dramatically shortening and developed iPCA, an IP network performance
the forwarding delay. evaluation algorithm. Traditional algorithms, such as
NQA and Y.1731, simulate test flows to determine
Network level: The S12700 supports Ethernet OAM network quality, but the results are inaccurate. iPCA
detection within 3.3 ms, which is the shortest detection is an in-line detection technology that marks, colors,
time in industry. Using ring protection mechanisms such and counts the service flows, which can then be
as SEP and G.8032, the S12700 can complete a failover used to evaluate network quality. Using the Huawei-
within 50 ms. patented ENP chip, the S12700 can manage networks
precisely and efficiently.
Industry-Leading Large Buffer Coping with Burst Traffic
Video streams consume high bandwidth, are sensitive
41
Advertor ia l
HUAWEI Agile Switch
P eople are always demanding for new applications to make their lives more convenient. One classic example
of this is Bring Your Own Device (BYOD). Today's next-generation wireless campus networks are actually
making these applications possible. On a campus network, the network size is large, access types are variable,
and high users turnover, so WLAN coverage will necessarily increase. Therefore, how to quickly and easily
construct a WLAN is an important job for constructing a next-generation campus network.
The popular WLAN planning tools have shortcomings, for example, the architectural sketches of building must
be drawn manually and no 3D building model is provided. With over 10 years of experience in the 3G field,
Huawei has applied its advanced 3G network planning ideas, solutions, and experiences to WLAN network
planning, and with this success, has developed the industry's next-generation wireless campus network planning
tools called WLAN Planner and WLAN Survey. The tools provide the functions of automatic identifying RF signal
interference, integration site survey solution, and automatic generation of 3D building models to finish the
planning quickly, easily and accurately. You can "see" the constructed network during network planning, putting
the agile gene into campus at the beginning of the planning phase.
42
Ad v e r tor i al
HUAWEI Agile Switch
Why Do We Need a Network Plan? overlapping channels at 5 GHz are a few more.
Therefore, a precise network plan must be thoroughly
A WLAN is constantly prone to electromagnetic planned and well executed so it can improve network
interferences (EMI) from other Wi-Fi technologies and capacity and performance.
devices such as Bluetooth, microwave, and wireless
cameras. WLAN environment is complex. WLAN signals are
electromagnetic waves, which are easily affected
On the wired networks, capacity is expanded by by environmental or physical barriers. When WLAN
simply adding devices. However, among the devices signals traverse a building's wall, its signal strength
using the same channel on a WLAN, only one device may weaken depending on the wall's material
is allowed to transmit data at the same time, and and thickness. If you want to precisely simulate
the other devices have to wait. Therefore, the more the interference between WLAN devices and
devices are running on a WLAN, the more confliction other devices, you should first simulate the real
occurs so as to reduce network capacity environment. For example, an on-site environment
which is highly complex, where a typical building may
.Currently, WLAN frequency spectrums are insufficient.
consist of brick or concrete walls, steel doors, tinted
Only a few channels do not overlap with each other,
glass, sheetrock, metal beams and high ceilings.
for example, the 2.4 GHz frequency band has only
3 non-overlapping channels. The number of non-
43
Advertor ia l
HUAWEI Agile Switch
ldentify buildings and generate 3D building models WLAN detailed design, simulation and report
RealDWG dwg images OpenCV identification bitm ap Read site survey data
Associate with barriers Associate with barriers
APs and channels are automatically distributed
Preparations and overall design: Simulates 3D by WLAN Planner directly to the site survey.
environment according to the building blueprints The WLAN Survey records common sources of
(CAD, PDF, or bitmap) provided by customers; interference such as weak electricity wells and
identifies and classifies barriers into different interference sources, determines the scale of the
types according to their characteristics, associates drawing, records the building attributes, provides
these barriers with brick walls, support walls, steel attenuation tests, and records the interference
support columns, doors, and windows, and binds sources. WLAN Survey greatly improves site survey
these physical barriers to signal attenuation values efficiency and reduces errors.
in the database. One neat feature of the tool is it
Detailed design: Based on experience accumulated
allows building blueprints to be easily viewed and
can realistically simulate an on-site building’s in the field of 3G wireless network and best
environment by automatically having the doors practice in WLAN test results, Huawei has
open and close. mastered the formula to calculate signal strength,
signal-to-noise ratio (SNR), and throughput. WLAN
Site survey: WLAN Survey is an advanced 3D Survey provides 3D simulation models based on
software that can be installed in an Android-based an actual environment and site survey data for
operating system on smart terminals, and can you to know the performance of the network to
seamlessly transmit planning results generated be constructed.
44
Ad v e r tor i al
HUAWEI Agile Switch
45
Advertor ia l
HUAWEI Agile Switch
SDN Architecture-based
Next-Generation Agile
Campus Network By Ji Ya'nan
User-centric policy management is one of the core elements that ensures service security and experience. Currently,
many enterprises use a manual and static configuration mode to manage policies. After many enterprises are
globalized, employees often need to work remotely. Accordingly, security and Quality of Service (QoS) polices must
be migrated to locations where users work. The manual and static configuration mode results in a large amount of
workload and cannot quickly respond to user requirements. Consistent experience in mobile office is quite a tricky
problem. When employees work remotely, they often suffer multiple problems such as high delay in network access,
poor voice effect, and low work efficiency.
2. Challenge Brought by Network Security: Single-Node and Static Defense VS Multi-Node and
Dynamic Defense Against Unknown Threats
Considering security threats, enterprises usually deploy various security devices such as firewalls, Intrusion
Prevention System (IPS) devices, and Data Loss Prevention (DLP) devices. However, these devices cannot interact
with each other, and this kind of defense is single-node and static defense. Nowadays, enterprises are faced by
the following security problems:
• Fuzzy security edge: Bring Your Own Device (BYOD) increases terminal security and information security
threats, and enterprise globalization blurs the network edge.
46
Ad v e r tor i al
HUAWEI Agile Switch
• Diversified attack methods: According to statistics by Gartner, 75% of the security threats occur at the
application layer, and more than 50% of the security threats are caused by an organizational team.
• Increasing unknown threats: A growing number of unknown threats are used to elude traditional security
protection methods. In China, 17.98 million new viruses were caused in 2010 alone.
Network security threats are ubiquitous, and network attacks are complex and fast-changing. Therefore, today's
networks need collaborative security protection over the entire network.
3. Challenge Facing Network O&M Personnel: Unknown State and Non-Automatic Management VS
New Services and Massive Devices
Two great challenges for maintenance and operation (O&M) are as follows:
• Video and desktop cloud services are real-time services that require high network quality. For example, video
service requires that the packet loss ratio should be lower than 10-6, while voice service requires that the packet
loss ratio be less than 10-2. The current network cannot detect problems such as mosaic and unclear hearing
of which users are aware. This often leads to employees' complaints. What's worse, there are no quick and
effective methods for troubleshooting faults after these problems are revealed.
Lots of access layer devices result in considerable manual and static configurations. In addition, wired and
wireless networks cannot be managed in a unified manner.
The rapid development of new services leads to a growing number of protocols and standards. The number
of IETF RFCs increased from several hundred in the 80s to nearly 7,000 in 2009. Nowadays, if the lease mode
is used to deploy a new service, the service takes a couple of days to go online. However, it takes at least one
year to develop a new device and at least two years to develop a chip. As a result, traditional networks cannot
quickly adapt to the fast-changing services.
47
Advertor ia l
HUAWEI Agile Switch
48
Ad v e r tor i al
HUAWEI Agile Switch
Quality Analysis (NQA) and Y.1731 need to insert Innovation 5: Fully Programmable Network and
dedicated detection packets or result in packet
Smooth Evolution
disorder. The network quality detection precision
of these detection methods is lower than 50%. Switches that are based on Application-Specific
Additionally, these technologies have multiple Integrated Circuits (ASICs) cannot flexibly adapt
problems including a single monitoring object, limited to the requirements of new services. To avoid
application scenarios, and limited network types. frequent network device replacement and protect
Based on many years of technical research, Huawei customer investments, Huawei's agile switch-based
has put forth the Packet Conservation Algorithm next-generation campus network provides full
for Internet (iPCA), which is the first technology programmability and allows smooth evolution on live
that adds a proactive quality detection mechanism networks.
to traditional networks. iPCA implements real-time
quality detection and fault location, therefore solving POF Supports the Future Programmable Protocols:
the difficulty in ensuring IP network experience. iPCA Based on Huawei's unique Protocol Oblivious
identifies and dyes service traffic packets and detects Forwarding (POF) technology of programmable
the dyed packets at both ingress and egress. In this switches, online behaviors are completely controlled by
manner, iPCA can detect quality parameters including the control plane. Enterprises can self-define policies
packet loss ratio, latency, and jitter. This technology to identify new service packets. The existing physical
calculates service streams and implements real- networks do not need to be reconstructed to adapt
time network quality detection during transmission to new services. As a result, enterprise users' existing
of service data flows between users. Compared to investments in networks are well protected.
traditional network quality detection methods, iPCA
Chips Support a Programmable Forwarding Plane:
technology offers the following advantages:
The preceding wired and wireless network convergence
• Zero traffic cost solution and iPCA-based service quality detection
solution use a programmable forwarding plane of agile
• Applicable to any IP-based network type (unicast
switches. However, this is just a tip of the iceberg.
and multicast) and any network size.
To adapt to diversified future-oriented services, the
• High fault location precision (card-level precision) programmable forwarding plane will be used in more
scenarios, such as the flow table forwarding of Hybrid
Innovation 4: In-Depth Wired and Wireless OpenFlow.
Network Convergence
Architecture Supports Multi-Layer Openness:
Wireless Used as Wired Networks Through Not only the whole SDN architecture supports
its unique programmability, Huawei agile switch programmability of the control plane, but the controller
integrates functions, including Control and itself provides open application programming interfaces
Provisioning of Wireless Access Points (CAPWAP) (APIs) for the service system to synchronize user
tunnel termination, of traditional access controllers information and obtain network quality monitoring
(ACs), directly manages APs, and forwards traffic. In data as well.
addition, on the management interface, an AP can be
virtualized into a port to implement "Wired Network Summary
+ Wireless Network = One Switch", greatly lowering Huawei's SDN architecture-based next-generation agile
requirements on skills of the O&M personnel after campus network solves the problems of traditional
WLAN network deployment. campus networks, such as lack of user experience
guarantee, low deployment efficiency, and low-speed
Wired Used as Wireless Networks Based on
response to service requirements. Services passively
CAPWAP tunnels, Huawei agile switch uses the
adapt to the traditional campus networks, while the
method in which wireless APs are managed to
next-generation agile campus network proactively
manage access switches to implement "Access
adapts to various services. In this manner, a service-
Switch = AP, Aggregation Switch = AC." Similar to
friendly network is created. Furthermore, the SDN
AP deployment, access switches can be deployed
architecture can be used to address users' live network
without configuration, which reduces the workload
problems and cam seamlessly evolve into the future
of deploying massive access layer devices.
network architecture, thereby allowing the network to
provide professional services more agilely.
49
Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei
Technologies Co., Ltd.
Trademark Notice
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.
General Disclaimer
The information in this document may contain predictive statements including,
without limitation, statements regarding the future financial and operating results,
future product portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such information is
provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.