You are on page 1of 54

HUAWEI Agile Switch

Advertorial
Advertor ia l
HUAWEI Agile Switch
Ad v e r tor i al
HUAWEI Agile Switch

Contents
01 Agile Switch: Changing the Future

02 Ethernet Switch Evolution

06 ENP: Redefining Ethernet Forwarding Technology

10 Cry Agile Switches on Agile Networks

14 Easy to Use
– Quickly Building a User- and Service-Centric Agile Network

18 Huawei S12700 Opens the T-bit AC Era

22 Zero Access Layer Configuration – Making Campus Network


Management More Agile

24 iPCA – the Secret of Agility

28 Converged Network and Unified User Management


— Huawei Campus U2M Solution

34 Agile Switches Open Up a New Way to the Future MANs

36 The Huawei Video Surveillance Solution — Making Cities Safer

40 Huawei S12700, the Best Choice for High-Quality VOD Networks

42 Accurately Planning For A Wireless Campus Network

46 SDN Architecture-based Next-Generation Agile Campus Network


Advertor ia l
HUAWEI Agile Switch

Agile Switch: Changing the Future

I n the earliest days of printed media,


block printing; the earliest known to
date, was used to advertise information. This
technique was time-consuming and labor-
intensive. Block printing was a slow process
because tablets needed to be manipulated for
printing. To compensate for these disadvantages,
Bi Sheng invented the world’s first movable type
printing technology during the Song Dynasty

Movable type printing, one of Four Great Inventions


of the Ancient China, continues to promote the
development of human society. Movable type
printing uses type matrices set in an iron frame during
typesetting into a type matrix for printing. Movable type
printing is more agile than block printing because the type
matrices can be rearranged after printing for repeated use.
Technologies are interlinked through time and space. Today,
Huawei launches agile Ethernet switches, making networks
more agile to services.

A New Chip Technology


Service change and chip technology development motivated the
development of Ethernet switches over the last twenty years. In early
stage of network development, a network only transmits characters
and text. Later, voice and video streams start to be transmitted on
networks. Networks have also seen the development from hubs and
Layer 2 Ethernet switches to Layer 3 switches and enhanced switches
with value-added service cards, and the network scale is also expanding.
Customers put their attentions on performance of switches, as well as the
ease of use, cost effectiveness, and energy conservation. ASIC chips, core of
data forwarding, were developed in this stage. ASIC chips can provide high
forwarding performance while have obvious advantages over other types of chips
in terms of cost effectiveness and power consumption.
Ad v e r tor i al
HUAWEI Agile Switch

Now, enterprise networks are undergoing dramatic integrates advanced routing capabilities, fine
changes: As more applications are migrated to granular user management, and T-bit AC, which
cloud networks, user experience is severely affected implement unified wired and wireless management
by packet loss, latency, and jitter. Social network and meets bandwidth requirements of 802.11 AC.
applications and HD video streams, which are The port and IP address based management policy
sensitive to traffic bursts and packet loss, bring used in traditional campus networks complicates
higher requirements on network quality, reliability, wireless service deployment and prolongs the service
and fault location. Ubiquitous wireless access deployment period. Huawei S12700 follows a user-
complicates policy management and deployment. centered management principle and provides fine
SDN is a trend but deploying SDN may bring risks granular user management functions on service cards,
to current services because the technology is so customers can quickly deploy various policies.
immature. New technologies and services keep The innovative ENP chip has commercial ASIC chips'
emerging on enterprise networks, and the general advantages of high performance and low power
service provisioning period has been shortened from consumption and provides unlimited flexibility,
several years to several months. Currently, device shortening new service provisioning period to as short
performance is no longer the bottleneck of network as 6 months.
development. However, the long development period
Change the network O&M model to offer an
of ASIC chips prolongs the new service provisioning
accurate, simple campus network management
period. It takes at least 24 months to make a brand
new service available, failing keep in pace with fast solution. Huawei S12700 uses the iPCA to identify,
development of enterprise services. color, and count service flows, which helps evaluate
network quality during data transmission. This
Implementing flexible service customization with algorithm implements end-to-end quality awareness
low costs and low power consumption is of great and real-time fault location on connectionless IP
concern in the industry. To face this challenge, networks, solving the problem of IP network fault
Huawei develops the first programmable chip detection. Huawei S12700 can virtualize wired and
Ethernet Network Processor (ENP). With the built- wireless networks into one network or even virtualize
in hardware acceleration components, integrated the entire network into a switch (where APs act
SmartMemory, and Huawei patented high-speed as ports of the S12700 switch). This significantly
algorithm, the ENP provides full programmability simplifies network management and configuration.
while retaining ASIC chips' advantages of excellent
performance, low costs and low power consumption. Change the SDN switch technology to better cope with
SDN evolution. Huawei S12700 can work on both a
traditional network and an SDN network. Customers
Changing the Future can deploy most services on the traditional network
As a core device on agile networks, Huawei and deploy a virtualized SDN network to try the new
S12700 agile switch changes traditional technology. When the technology is mature, customers
campus networks in the following can smoothly migrate services to the SDN network by
ways based on the ENP chip: simply upgrading the software. ASIC-based SDN switches
can only forward packets of known types, while Huawei
Change the service S12700 agile switch supports programmable forwarding
provisioning model on modes, forwarding behaviors, and search algorithms.
campus networks to The full programmability helps customers fast respond
provide services to service requirements and better cope with challenges
more agilely. in the future.

Huawei
S12700
Author: Wang Shihong, Vice President of
Huawei Enterprise Network Product Line

01
Advertor ia l
HUAWEI Agile Switch

Ethernet Switch Evolution


Author: Xu Ting
Dominant Ethernet
As a LAN link-layer technology with simple implementation and low costs, Ethernet
has become the basic and dominant bearer technology in the network field. Through
40-year development, Ethernet is widely recognized in industry and becomes the
most promising network technology. As Fast Ethernet and Gigabit Ethernet emerged,
Ethernet becomes predominant on LANs and has penetrated into MANs.

Ethernet was first documented in a memo that Robert Metcalfe of Palo Alto
Research Center (PARC) wrote in 1973. In 1976, Robert Metcalfe co-invented
Ethernet: Distributed Packet Switching for Local Computer Networks", with David
Boggs. At the end of 1977, Robert Metcalfe and partners obtained the patent of
Multipoint data communication system (with collision detection). Multipoint data
communication system (with collision detection) is called Carrier Sense Multiple
Access with Collision Detection (CSMA/CD), representing the day Ethernet was born.

In 1979, Robert Metcalfe left PARC and then found 3Com. He convinced Digital
Equipment Corporation (DEC), Intel, and Xerox to work together to promote Ethernet
as a standard. The universal Ethernet standard was published in September 30, 1980.
At that time, there were two proprietary systems: token ring and ARCNET. These two
proprietary protocols were soon replaced by Ethernet.

Today, Ethernet becomes the dominant network technology.

Evolution of Four Generations of Switches


From 1989 when the first Ethernet switch was launched to today, Ethernet switches
have achieved such great improvements in forwarding performance, through rapid
development of more than 20 years. The switch interface rate has increased from 10
Mbit/s to 100 Gbit/s, and the switching capacity increases from dozens of Mbit/s to
dozens of Tbit/s. With high performance and low cost, Ethernet switches had already
been the most widely used network devices.

With the development of Ethernet, Ethernet devices are also evolved continuously.
Early Ethernet devices such as hubs are physical layer devices and cannot isolate
collision domains, which limits the network performance. Switches (network bridges)
are Layer 2 devices that are able to isolate collision domains, greatly improving
Ethernet performance. As technologies developed, today's switches not only provide
Layer 2 forwarding, but also Layer 3 hardware forwarding. There are even switches
at Layer 4 or above.

According to the network layer where switches work, switches are classified into
Layer 2 switches, Layer 3 switches, and multi-layer and multi-service switches. The
following part of the document will describe the development of switch.

02
Ad v e r tor i al
HUAWEI Agile Switch

Predecessor of Switches: Hub


Hubs are similar to switches in appearance.

A hub works at the physical layer (layer 1) of the OSI model. It regenerates, shapes, and amplifies received signals to
increase the transmission distance, and is the center among other nodes.

Application Application

Presentation Presentation

Session Session

Transport Router Transport

Network Network Bridge/Switch Network

Data Link Data Link Data Link Repeater/Hub Data Link

Physical Physical Physical Physical Physical

Hub will forward the received packets to all interfaces and transmit one data frame at one time. all hosts
connected through a hub are located in the same collision domain. When multiple hosts send data packets
simultaneously, many collisions will deteriorate the network performance. .All interfaces of a hub share bandwidth,
That means network built using a hub as the core is a shared Ethernet.

Hubs are not really switches, but play an important role during initial network development. They have been
deployed in access layer for a long time, and are often considered as Layer 1 switches.

Typical hubs include 3Com 3C16410 hubs and Cisco 1538 hubs.

Layer 2 Switch Layer 3 Switch


Switches develop based on multi-port bridges. The Before VLANs are used, switches can only isolate
first Ethernet switch product (EtherSwitch EPS-700), collision domains, but cannot isolate broadcast domains.
invented by Kalpana, which only provide seven fixed When there is communication in the TCP/IP stack,
interfaces. broadcast or multicast protocol packets such as ARP,
RIP, and DHCP packets are widely used. If there is only
Original switches comply with the OSI model. They
one broadcast domain on the network, broadcast
work at the data link layer and are also called Layer 2
packets will be sent on the entire network, which affects
switches. Layer 2 switches identify MAC addresses in network performance and causes extra burden on hosts
data frames and select interfaces to forward packets of the network.
based on MAC addresses. The algorithm is simple
and easily implemented by the ASIC chip, so the With the progress of the times, the network is gradually
forwarding performance of Layer 2 switches is high. integrated into people's daily lives. Number of network
Switches solve the problem of collision domains of users increase sharply and there are also many problems
hubs, helping the Ethernet step out the “shared caused by broadcast domains. Though VLAN can isolate
mode” and into the “switching mode”, which broadcast domains on switches, packets between
greatly improved LAN performance. VLANs need to be forwarded by routers. Compared with
switches, routers have high costs and low performance,
Typical Layer 2 switches include Cisco 2960 series and cannot meet requirements of high bandwidth.
switches and Huawei 5700-LI switches. People cry Layer 3 switches that retain advantages of

03
Advertor ia l
HUAWEI Agile Switch

high performance and low costs to meet service requirements.

There is an episode in Layer 3 switch development. Early ASIC chip could not independently complete Layer 3
forwarding. Layer 3 switches in 2002 used the technology of one time routing and multiple times switching,
so they had strong Layer 2 functions and weak Layer 3 functions. As chip technologies develop, the ASIC chip
supports hardware-based route search, allowing switches to implement hardware-based Layer 3 forwarding. Old
layer 3 switches are quickly replaced by switches providing hardware-based Layer 3 forwarding. The switches
providing hardware-based Layer 3 forwarding also called routing switches.

Typical Layer 3 switches include Cisco 3750-X series switches and Huawei 5700-EI switches.

Multi-service Switch
In recent years, especially after 10GE was introduced, high-bandwidth services such as voice, video, and game
services became very popular. The development and deployment of these services created new requirements for
network devices, such as security, reliability, and QoS, in addition to connection. To reduce networking costs and
simplify management and maintenance, functions of network devices had to be integrated, promoting multi-
layer forwarding and integrated value-added service.

Limited by the ASIC chip, multi-service switches use the model that combines Layer 2 and Layer 3 services and
upper-layer value-added service. In practice, multiple physical devices are deployed. Actually, multiple devices are
installed in the same chassis. The multi-service switches using the hybrid model do not implement integration.

Typical multi-service switches include Cisco 6500 series switches and Huawei S9700 series switches. Huawei's
S9700 series switch uses distributed hardware forwarding architecture. It provides 18.56 Tbit/s switching
capacity , 12 service slots, multi-layer hardware forwarding capabilities such as bridge, IPv4, IPv6, and MPLS, and
value-added service capabilities such as load balancing, AC, firewall, and IPSec VPN.

The following table lists the products of four generations.

Phase Product Typical Product Forwarding Hardware Usage Scenario

3Com 3C16410
First generation Hub ASIC Shared LANs
Cisco 1538

Second Cisco 2960


Layer 2 switch ASIC Small-scale LANs
generation Huawei S5700-LI

Third Cisco 3750X Small- and medium-


Layer 3 switch ASIC
generation Huawei S5700-EI scale LANs

Forth Multi-service Cisco 6500 ASIC + multi-core CPU Campus networks


generation switch Huawei 9700 Hybrid model MANs

Cry Fifth Generation Switches


In recent years, as new services such as cloud computing, BYOD, SDN, IOT, video, and big data have all become
popular, demanding new requirements for high density, high performance, flexibility, and large-scale Ethernet.
This also brings a new round of increase on Ethernet switching technologies.

New services have the following requirements on Ethernet switches.

04
Ad v e r tor i al
HUAWEI Agile Switch

Full Programmability Large Hardware Entry Resources

Service flexibility is the major concern of switch It is predicted that by 2015, roughly 3.3 billion
development. To increase service flexibility of switches, terminals will be connected to the Internet, out of
vendors often use programmable ASIC to implement which 70% of these terminals will transmit services
multi-service capability. The programmable ASIC for Internet of Things applications. As one M2M
provides only partial programmability, for example, organization for Internet of Things is established,
user-defined packet parsing, and limited service IPv6 will extend its presence to industries such
flexibility, which cannot meet rapid and variable as energy, electricity, and transportation. As the
service requirements. Future switches must be fully Internet of Things becomes more popular and gains
programmable in order to meet rapidlyvariable service widespread use, many digital connections will be set
requirements. Switches can support new services up. Tomorrow's network devices must be equipped
simply by upgrading software, without having to to provide more entries to allow for expansion in the
replace hardware. This saves customer's investments. next five to ten years.

To achieve simplified management, traffic


Strong QoS Capabilities
optimization, and fast development, SDN impacts
existing network architecture. In addition to Switches often face a challenge: how to provide the
Openflow1.3, formidable vendors compete vigorously end-to-end QoS.
to promote SDN standard for increase market share.
The SDN requires that switches be fully programmable In the rich media era, the IP network transmits many
to ensure smooth migration to SDN. real-time video services, which require high network
bandwidth, short delay, and low packet loss ratio.
On the IP network, traffic is variable and bursts. To
High Integration
prevent service delays and added bandwidth costs
Integration of network functions is required to reduce caused by many discarded packets, network devices
networking costs and simplify management and must be able to process certain burst traffic and
maintenance operations. It covers the integration of provide fine-grained queue scheduling.
switching and routing functions, triple play (voice,
Network-level QoS detection and display are often
data, and digital television) services of carriers,
difficult to monitor on the IP network. To deploy new
and the integration of calculation, storage, and
communication in data centers. services, users need to accurately determine whether
the network can meet these requirements. During
As WLAN and BYOD networks develop, wireless service running, users also need to detect changes in
users will increase rapidly. Currently, different devices network quality so that to determine what decisive
connect to access users and manage them, causing measures to take, such as whether to have services
a heavy burden for IT management and maintenance switched to a backup link immediately.
personnel. Fifth-generation switches must be able to
implement wired and wireless convergence so that In the past 20 years, traditional ASIC-based switches
become the most widely used network devices with
wired and wireless users are connected in a unified
manner and unified policies are applied. In addition, high performance and low cost. Facing the growing
fine-grained user management has become a changes and challenges caused by the emergence of
necessity on campus networks. Though independent cloud computing, BYOD, SDN, Internet of Things, and
BRAS can meets campus network requirements, but big data, ASIC simply cannot meet these new service
the high cost of BRAS itself, undoubtedly hinders its requirements because of its low flexibility. The ASIC
application on campus networks. Therefore it is highly chip cannot retain switches' competitiveness even if
necessary for today's switches to be integrated with the ASIC chip uses the hybrid model. Today's switches
BRAS functions. must incorporate innovative technology to retain
their competitiveness. The hardware and software
architecture of switches must be improved revolutionary.
These switches are called fifth generation switches.

05
Advertor ia l
HUAWEI Agile Switch

ENP: Redefining Ethernet


Forwarding Technology
Authors: Lv Chao, Peng Xiaopeng
Ethernet Forwarding Technology Dilemma
Many counters can be used to measure the performance of switches, such as throughput, latency, manageability,
and security. Among all these counters, the most essential one is the forwarding technology of switches.

The forwarding capacity of switches increased from 10/100 Mbit/s to 1000 Mbit/s or even 10 Gbit/s. The ASIC
chip is the core for this increase in forwarding capacity. However, with the rapid development of video, mobile
office, BYOD, cloud computing, and Internet of Things, the Ethernet network is required to provide stronger
forwarding capability, flexibility, smart control, and easy management. Therefore, there are new requirements for
performance and flexibility of Ethernet switches. Currently, switches support Layer 3 routing rather than merely
provide Layer 2 switching functions. Despite of this fact, they are mainly used to provide access for enterprise
terminals, which cannot meet the rapid development of new services in the cloud computing era. The root
cause is that ASIC chip could only identify predefined protocols and used fixed forwarding process.

ASIC: Fixed Architecture and Low Flexibility

Data channel

Buffer
IN OUT
Parse ACL L2 L3 Multicast Encapsulate Edit

Control channel Policy table MAC table Routing table Multicast table Encapsulation table

Figure 1: ASIC chip architecture

The biggest challenge that ASIC chips are facing is


that the chips do not support flexible extension because
they can only parse the predefined application protocols. The
digital circuits must be redesigned to support new application
protocols. Re-design is necessary even if a register is added to
the chip. When a new service is added, a module needs to be added,
resulting in re-design of the entire chip. Chip manufacture often involves
complex processes such as design, prototyping and testing before delivery which
often takes more than two years. This kind of development cycle prevents device
vendors from providing quick responses to services.

Commercial network processor (NP) is developed to replace the ASIC chip. Can commercial NP
overcome the disadvantages of the ASIC chip and be an ideal choice for Ethernet switches?

06
Ad v e r tor i al
HUAWEI Agile Switch

Commercial NP: Low Performance and High Power Consumption

MAC

Parse instruction NPU group Table Memory

Memory Arbiters
Search I instruction NPU group
External
Resolve instruction NPU group DRAM
Search II instruction NPU group
Modify instruction NPU group Packet Memory

MAC

Figure 2 NP chip architecture

A commercial NP consists of the NPU, instruction memory, table memory, packet memory, and table DRAM. This
design improves flexibility of each module in an NP. During service deployment, service processes need to be
divided. The instruction space of each NPU group is limited. If the instruction space is exhausted, the NP cannot
support new services. When service processes are incorrectly divided, some NPU groups are heavily loaded,
causing a bottleneck. As a result, although the NP has limited flexibility improved compared with the ASIC chip,
its overall performance is still not satisfying.

Although programmable ASIC chip is developed to meet service flexibility requirements to a certain degree, it is
just a transition. Should ASIC chip continue to be developed or should other technologies be used to develop
the switch forwarding chip?

07
Advertor ia l
HUAWEI Agile Switch

ENP: Combining High Performance and Flexibility


ASIC chip has high performance and low power consumption, but has inflexible architecture. It cannot meet
requirements of fast developing enterprise IT applications. Though commercial NP has flexibility, it has low
performance and high power consumption. Based on decades of experience in developing chip technologies,
Huawei innovatively promotes the Ethernet Network Processor (ENP) integrating the high performance feature
of ASIC and the flexibility of commercial NP. The following figure illustrates that ENP has good characteristics.

NPU组 Smart memory


NPU组
NPU组 Packet memory External
NPU group
DRAM
Hardware Table memory
acceleration

指令Memory MAC
指令Memory MAC
指令Memory MAC
Instruction Memory MAC

Figure 3 ENP chip architecture

1. Complete instruction space and hardware data consistency. This may cause access bottleneck.
acceleration, offsetting disadvantages of
Huawei ENP has an integrated SmartMemory. The
commercial NP
storage unit integrates calculation and analysis
ENP can access complete instruction space because capabilities. This reduces exchanges between the
the NPU group of ENP is different with commercial primary calculation unit and SmartMemory, greatly
NP. Each NPU group of ENP can execute any of these improving efficiency between the calculation unit and
instructions such as Parse, Search I, Resolve, Search II, storage unit.
and Modify. The ENP does not need to switch services
to different NPU groups allowing for fast services. SmartMemory integrates Huawei-developed search
engine, co-processor, and traffic management. It
In addition, the ENP uses multi-thread technology,
provides all algorithms for memory operations such
reducing the impact of the I/O access latency on NPU
as search, calculation, and read and write just like
performance.
that of commercial NP or ASIC. The algorithms can
be invoked by any function unit such as rate limit and
2. Huawei SmartMemory, Solving Memory
statistics collection units of the ENP.
Access Performance Problem

Commercial NP and ASIC separate the calculation 3. Supports for Millions of Flow Entries and
unit from the storage unit. As a result, the physical Hybrid OpenFlow
distance between the calculation logic unit and
storage unit increases, and exchanges increase SDN solution based on Hybrid OpenFlow uses
between them. Data access is delayed and power OpenFlow and traditional routing method to forward
data and control traffic. With programmability and a
consumption is high. If the same address is accessed
maximum of 16M flow tables, the ENP-based switches
by multiple threads, addresses are latched to ensure

08
Ad v e r tor i al
HUAWEI Agile Switch

can forward both OpenFlow


packets and traditional Ethernet
frames, facilitating migration
from traditional networks to
the SDN.

4. Low Power Consumption of


ENP, Comparable to ASIC Chip

The ENP uses three measures to reduce power


consumption. The ENP provides all necessary
functions of multiple chips. On a switch, chips
consume power. More chips mean more power
consumption. Generally, two chips are run on a
switch, one for forwarding and the other for buffer. ENP Is the Best Choice in the
Huawei integrates both chips into a single chip, Future
effectively reducing power consumption. Chip power
consumption includes 40% static and 60% dynamic When the Ethernet develops to provide more secure,
power consumption. Static power consumption is higher speed, and higher quality services with smart
proportional to transistor's working voltage. The ENP manageability, flexibility and intelligent adaption to
uses an advanced voltage controller to reduce the services become the core competitiveness of the next
static power consumption. The transistor's working generation Ethernet products and technologies. To
voltage can be adjusted according to electrical allow Ethernet switches to support integrated data,
attributes during chip production. Dynamic power voice, communication, video, and mobile office
consumption can be reduced by changing the services, Huawei develops the ENP chip, which is
transistor's working voltage and clock frequency. The capable of line-speed forwarding and low power
ENP integrates Huawei's innovative speedometer to consumption comparable to commercial ASIC chips
detect internal traffic on the chip and automatically and is more flexible than commercial NP. The ENP will
adjust the working clock frequency. For example, inevitably redefine Ethernet forwarding technology
let’s assume that the original clock frequency is and become the standard core forwarding technology
400 MHz. If the frequency is reduced to 300 MHz, for the next generation Ethernet switches.
the dynamic power consumption is reduced to 75%
of the original power consumption. When traffic
reduces, the ENP can disable idle NPU groups to
reduce power consumption.

09
Advertor ia l
HUAWEI Agile Switch

Cry Agile Switches


on Agile Networks
Author: Du Pingzhou

Hello, Agile Network


After many years of silence, Ethernet enters the technology innovation
stage. New applications such as cloud computing, mobile Internet,
video, social network, and Internet of Things develop fast. These
applications require the switching technology development in aspects of
performance, architecture, service quality, intelligent management, and
energy conservation.

New applications require network to provide high speed, smooth


architecture, and intelligent capability. For example, cloud computing
requires controllable virtual resource scalability. This cannot be supported
by ASIC chips. Traditional Ethernet switches do not have the fault
location and performance monitoring capabilities, while the network
must be able to automatically detect and locate faults and measure
end-to-end network performance. In addition, an entire IP network can
be virtualized into a switch to automatically detect and configure new
service nodes.

10
Ad v e r tor i al
HUAWEI Agile Switch

Generally, a network should have the following Three Highlights of Huawei


characteristics:
S12700 Agile Switches
• Innovative service launching: controllable
All switch vendors face requirements of high
resource scalability (network resource
reliability, scalability, and programmability on core
virtualization, but not device virtualization) and
switches. Therefore, Huawei promotes S12700 agile
SDN ready
switch based on core router platform technology to
• Mobile policy: manageable and mobile resources meet these requirements.
on the entire IP network
The S12700 CSS2 inherits hardware-based
• Innovative operation and maintenance: network switching fabric cluster technology of core
awareness and global security association routers to implement network-layer high
reliability. Currently, high-end switches provide high
Technical Requirements of Agile reliability of the main control board, card, power
Network module, and fan module. Above all, reliability of
the entire network needs to be ensured through
High reliability: Due to the development of BYOD, the network architecture. Huawei S9700/S7700
desktop cloud, and SDN, enterprise networks need uses innovative CSS technology to ensure network
to connect to remote VPN users along with fixed and reliability. On a Huawei S9700 or S7700, MPUs
wireless users. Enterprise networks are required to provide cluster interfaces for interconnection. S12700
provide increasingly high reliability because faults on improves switching fabric cluster based on CSS
core switches on enterprise networks cause many and promotes Cluster Switch System Generation2
services for the increasing number of users to be (CSS2). As shown in Figure 1, SFUs provide cluster
affected. interfaces for interconnection. Each SFU
supports up to 8x10GE cluster cards, and
Programmability: With the rapid development of
the total cluster bandwidth is 640
enterprise networks, the contradictions between fast
Gbit/s. In the future, the SFU will
service development and long network deployment
support up to 6x40GE cluster
are becoming increasingly diverse. A cycle of
cards, and the total cluster
enterprise service revolution is often two or three
bandwidth will reach
years, while network devices are replaced every five
up to 1.92 Tbit/s,
years. The programmability capability meets new
which is much
service development strategies and negates the need
higher
for frequent network equipment replacements.
than
Large tables: Since IPv4 addresses are exhausted
and the adoption of IPv6 addresses is increasing
very slowly, IPv4 and IPv6 addresses must coexist
on enterprise networks. IPv6 addresses occupy
twice as many entry resources as IPv4 addresses, so
switches must provide more entries. Which means
core switches must be highly scalable to meet entry
resource requirements of future services.

11
Advertor ia l
HUAWEI Agile Switch

that of CSS technology. CSS technology exchanges data twice, whereas CSS2 exchanges data between chassis
once only. CSS2 has a delay of only 21 μs, which is the lowest inter-chassis delay and 60% of the industry
average. In stack scenarios, traditional network vendors who use CSS technology require every switch to have
at least one MPU. Compared to CSS technology, CSS2 uses a single MPU to manage the entire cluster. As long
as one MPU is present in the cluster, the cluster can work normally, implementing 1+N backup. Mainstream
vendors cannot provide these technologies. Huawei S12700 ensures network reliability using hardware-based
cluster and 1+N backup of CSS2.

MPU MPU

SFU SFU

S12700 uses Huawei-developed Ethernet Network Processor (ENP) that provides full programmability. ENP is
a new processor customized by Huawei for Ethernet. It inherits flexibility and entry buffer of traditional NPs, and
provides low power consumption and high performance, with higher ratings than that of the ASIC.

Table 1 Differences between ENP, NP, and ASIC

Power
Chip Performance Flexibility Integration Entry
Consumption
ASIC High Low Medium Low Low
NP Medium High Medium High High
ENP High High High Low Medium

The main highlight of the S12700 is the programmability of ENP chip. The forwarding architecture and
process are changed by the continuous upgrade of micro codes. This results in the ability to meet the service
requirements of the next10 years with a simple one-time investment. S12700 has built-in AC and BRAS
capabilities. S12700 also enhances user management and provides external interfaces in the control plane.
The forwarding plane including forwarding resources, forwarding processes, and packet encapsulation is fully
programmable. S12700 is flexible and able to better support future SDN development.

S12700 implements high scalability with service capabilities of high-end routers. S12700 provides four
mainstream cards: 48GE optical interfaces, 48GE electrical interfaces, 4*10GE+24GE optical+8 Combo interfaces,
and 8*10GE+8 Combo interfaces. Figure 2 shows S12700 compared with the ASIC.

Figure 2 S12700 cards

48GE auto-negotiation 48GE auto-negotiation 4*10GE+24GE optical 8*10GE+8Combo


electrical interfaces optical interfaces interfaces+8Combo

Item MAC ARP FIB NetStream Buffer


Huawei X1E card 1M 256K 3M 1M 1.5G
Commercial ASIC card 512K 64K 512K 8K 8M
Number of times 2 4 6 128 192

12
Ad v e r tor i al
HUAWEI Agile Switch

Large routing and MAC tables are important in meeting the ever growing of IPv4/IPv6 networking and Internet
of Things. A large buffer solves problems caused by burst traffic and congestion of high-speed services such as
HD video services, large searches of data in data centers, and batch image transfers.

As wired and wireless traffic such as Ethernet voice, data, and video increase, networks transmit combinations of
multiple services from different users. Different services require different QoS levels and the priority of the same
service originating from different users varies. For example, voice services have higher network requirements
than data services, while Telepresence services demand lower latency than voice services and VIP users have
higher priorities than common users. S12700 provides 5-level QoS. It can schedule traffic based on services and
provide hierarchical QoS deployment. With large-capacity NetStream flow tables, S12700 can better analyze
enterprise network traffic and offer visualized applications. S12700 is highly scalable and allows development of
the enterprise network services.

13
Advertor ia l
HUAWEI Agile Switch

Easy to Use
– Quickly Building a User- and Service-Centric Agile Network
By/Shen Ningguo

T he rise of Bring Your Own Device (BYOD) is an inevitable trend for enterprises. Statistics show that BYOD
has been widely used in the commercial industry, for example, about 60% employees have used their
own devices in work. Similar new applications are emerging rapidly, which poses new challenges to enterprise
networks: enterprise applications on SNS networks, wireless access, wide coverage area, and network openness.

To meet these challenges, enterprises must quickly build a user- and service-centric agile network. Although
networks are fast-changing, the core is the requirement that network operation and maintenance (O&M) mode
should be transformed from being "centered on device management" to being "centered on user management."
It is, however, difficult to make such transformation because "centered on user management" changes network
management from a static structure into a dynamic structure, greatly increasing network instability and network
management complexity. This change may be critical to enterprises. To adjust to such change, enterprises have
to build an easy-to-use network.

14
Ad v e r tor i al
HUAWEI Agile Switch

New Challenges to Enterprises Agile Enterprise Network Evolution


Every enterprise is facing a huge wave of The traditional enterprise network architecture is
transformation. Such transformation features facing challenges. How should the agile enterprise
enterprise applications on SNS networks, wireless network facing new service requirements, such as
access, wide coverage area, and network openness. enterprise applications on SNS networks, wireless
access, wide coverage area, and network openness,
Enterprise Applications on SNS Networks: An be evolved?
enterprise can build its own social networking
service (SNS) network. Employees can improve Enterprises have a variety of requirements for agile
their capabilities of sharing, communication, and network construction: uniform policy enforcement
cooperation. Employees are allowed to access their for wired and wireless integration, user-friendly video
company's SNS platform, pose personal problems, experience, flexible and scalable wireless network
and seek solutions or solve problems posed by others. access for more devices, higher capacity at a lower
This can effectively improve internal communication, OPEX, various IPv6 functions, simplified O&M and
boost employee morale and handle problems or network management, and precise network resource
complaints raised at work more efficiently. detection. Currently, most enterprises focus on the
following requirements:
Wireless Access: Network terminals used by users are
not limited to just desktop PCs and laptops but rather 1) Seamless Network Coverage: Traditional networks
can access various smart terminals that act as bearers adopt the wired access mode to implement full coverage
of office applications. In this case, Wi-Fi is the most only in office areas. In addition, only a few areas such
suitable option for these terminals to access wireless as conference rooms are covered by wireless networks.
networks. Enterprises need to build their own wireless This coverage mode does not support BYOD and does
network inside the campus in Wi-Fi mode. not allow social networks to be online permanently.
Wide Coverage Area: With the internationalization New-generation networks require that office areas
of enterprise operations, work specialization and should be deployed with both wired access (Ethernet)
conduct, and IT service management applications, and wireless access (Wi-Fi). In addition, remote access
today's enterprise IT system not only must cover their must be supported, and users must be allowed to access
entire global branch office network, but also allow the campus network from external networks. Wireless
employees to access the network anytime, anywhere. network coverage allows employees and partners to
These WAN connections become part of an enterprise access the campus network anytime, anywhere.
network, allowing the enterprise network to expand
2) Precise Detection of User Identity and Terminal
seamlessly.
Type: In traditional networks, user identity and terminal
Network Openness: Wireless access and wide type are detected based on authentication of wired
coverage area require networks should be more switch ports. When a BYOD is introduced, the wireless
open. Openness of the networks poses a great network coverage automatically requires that network
challenge on security basis and security model of device have its user identity, terminal type, and usage
enterprise networks. Traditional network security is environment precisely detected. In this way, security
based on a closed network model that uses network policies and service guarantee policies can be performed
access control (NAC) to manage wired access ports. to identify and monitor a particular users' whereabouts;
These access ports are very limited, for they cannot for example, a user who goes online using multiple
connect to networks without identity authentication. terminals. Immovable PCs in R&D zones have full rights
However, with open networks, they are based on a and can access internal technical documents and other
newer and more scalable security model that provides sensitive information. These R&D lab PCs are solely used
reliable open network access methods for users, for internal development purposes. Portable laptops
assigns appropriate rights based on access users, or tablet PCs operating in open zones cannot be used
terminals, and software environments. to access top secret information but only regular, non-
sensitive documents. These PCs are generally used for

15
Advertor ia l
HUAWEI Agile Switch

daily office work activities and in conference room 4) Flexible Rights Control and Access Record:
settings. Personal tablet PCs can be mounted on the rear Traditional networks can perform only large-granularity
side of a security sandbox and holds the same level of access control through VLANs due to the limited rights
access rights as that of laptop PCs. Tablet PCs are used control function of low-price access switches. Agile
for office work and conference room environments. enterprise networks must perform different access rights
Tablet PCs that are not equipped with a security sandbox control on different users and terminals. This requires
that has the same rights as that of mobile phones and network devices to have powerful user rights control
can access internal resources such as yellow pages and functionality. In addition, in open networks, users'
internal social networks. behaviors must be recorded in detail for subsequent
post-event audit; further requiring network devices to
3) Rich Media: Future enterprise networks must have powerful traffic analysis and record capabilities.
support not only traditional data and voice services,
but also rich media such as real-time video services 5) Limited Investment and Simplified
to improve communication efficiency and reduce Management: Although network functions must
communication costs. Different from the voice service, be continuously enhanced and updated, enterprise
real-time video service has high requirements delay, networks are marginal infrastructure. Investment in
bandwidth, and packet loss ratio (video quality). networks is controlled, and network management
Traditional video service is rather limited and can be labor resource is limited. As a result, enterprise will not
transmitted only by building a private network. In agile accept state-of-the-art, costly network architecture
enterprise networks, users can obtain real-time video or a brand new solution that puts high requirements
services on any terminal. As a result, the private network on network management. Therefore, maintaining
solution is not feasible. Therefore, real-time video the original solution's compatibility while making sure
service detection and service guarantee are inevitable existing networks remain intact and simplifying network
requirements on enterprise networks. management has become the key toward building agile
networks.

16
Ad v e r tor i al
HUAWEI Agile Switch

Huawei S12700's Native BRAS, mechanism, which can work with external servers to
precisely detect the terminal type, software version, and
Delivering Better User Experience
software environment (malicious and virus software) of
To provide faster and better services to ubiquitous users.
networks, Huawei has introduced its industry-
3) Centralized User Policy Control Mechanism and
leading BRAS user control, service provisioning, and
Policy Delivery Mechanism: The Huawei S12700 can
management simplification components in the latest
be managed by an authorized server in a centralized
S12700 series of agile switches recently launched to
manner to perform complete access rights control and
the market. The Huawei S12700 series switches are
provide quality of service (QoS) guarantees on users.
specifically designed and oriented to serve enterprise
networks. Huawei has developed new dedicated 4) Service Assurance: By introducing the ME60's five-
Service Process Units (SPUs) for Bring Your Own level hierarchical scheduling mechanism based on user
Device (BYOD) networks to help users implement or service granularity, the Huawei S12700 can precisely
quick network upgrades. detect services and perform fine-grained protection
mechanisms on user services to ensure high quality of
Huawei BRAS products with ME60 as the
real-time video services.
representative product provide fine-grained,
simplified, and high-quality broadband remote 5) Behavior Check and Audit: The Huawei S12700
access services for hundreds of millions of China supports the high-capacity NetStream function and is
Telecom users. Thanks to its rich experience and deep therefore capable of recording users' network access
technical accumulations, Huawei has successfully behaviors for subsequent post-event behavior check and
put forth a new creation and raised eyebrows in the audit.
enterprise network market – by recently introducing
the industry-leading user and service management 6) Service Customization: Based on Huawei
components of BRAS (ME60) tied in the Huawei proprietary Ethernet Network Processor (ENP), the
S12700 agile switch series. Huawei S12700 can customize differentiated service
processing logic through software upgrade to satisfy a
The Huawei S12700 is fully compatible with wide variety of service requirements.
all existing enterprise networks. Powerful user
management functions can be introduced without The preceding competitive features allow the Huawei
the hassle of upgrading or reconstructing widely S12700 to assist you in quickly building a user- and
deployed access and aggregation devices but instead, service-centric agile network.
only has to upgrade core and aggregation devices
to provide new services. In addition, the centralized
user management mechanism can significantly reduce
user and service management workload. In general,
the Huawei S12700 offers the following competitive
features:

1) Unified Access of Wired and Wireless Users and


Unified Authentication of Local and Remote Users:
The Huawei S12700 supports access of wired, wireless,
and remote users at the same time as well as full-scale
authentication technologies. The Huawei S12700 allows
users to access campus networks through various
modes. It is capable of precisely detecting users and
providing all-around security protection for users.

2) Full-Scale User Detection Mechanism: The


Huawei S12700 provides a built-in terminal detection

17
Advertor ia l
HUAWEI Agile Switch

Huawei S12700
Opens the T-bit AC Era
By Zhang Junguang

18
Ad v e r tor i al
HUAWEI Agile Switch

I n February, 2013, the Dell'Oro Group released a market report, predicating that the WLAN market revenue will
exceed 11 billion U.S. dollars in 2017, an increase of nearly 50% compared to 2012.

The WLAN has a bright future.

What drives an exponential increase in wireless networks includes WLAN deployment made by Internet service
providers (ISPs), rapid increase in enterprise mobile applications, surge in wireless-based video services, BYOD
and 802.11ac development. New applications present new challenges for the existing network architecture, for
example, uniform policy for wired and wireless integrated management. Additionally, more and more functions
are bundled into APs(access points) or ACs(access controllers), continuously increasing user costs.

A new trend in wireless networks is that an increasing number of large enterprises begin to regard WLAN as a
production-oriented network that can run key services. Currently, most deployed wireless networks use Fit AP
architecture, requiring an AC to perform centralized data forwarding. Therefore, AC forwarding performance is
critical. The rise of BYOD and trend of wireless office have led to a huge growth in the size of wireless enterprise
networks. Meanwhile, with the popularization of IEEE 802.11ac GE wireless networks, AC performance becomes
a network bottleneck. Solving this bottleneck problem is becoming a challenging task for the industry.

19
Advertor ia l
HUAWEI Agile Switch

AC Performance Becomes a Pain 1 Gbps/3). The average forwarding capacity of ACs


in the industry today is 10 Gbps, this unfortunately
Point of Customers
cannot meet the service requirements in the 802.11ac
Wireless Networks Are Scaling Up and AC era.
Capacity Becomes Insufficient. The increasing
popularization of wireless networks and springing Three Shortcomings of Industry
up of BYOD has led to a huge growth in the size
Solutions
of wireless enterprise networks. From a coverage
area standpoint, original wireless networks covered When the forwarding capacity of a single AC becomes
only some independent areas such as offices and a bottleneck for wireless network development, one
conference rooms, limited to functioning only as of the most commonly used methods in the industry is
extensions of wired networks. Nowadays, wireless to increase the number of ACs including independent
signals can cover all areas within an enterprise, paving ACs and ACUs on chassis switches. However, this
the way for wireless network services to become a method has the following shortcomings:
main part of the modern office work style. In the
early phase, a typical enterprise would usually deploy Insufficient Network Resources
at most, merely dozens of APs compared to present
large enterprises where they must deploy thousands In mainstream wireless network deployment modes,
of APs. Let's take a large enterprise with a sizable ACs are connected to aggregation switches in bypass
workforce of 20,000 employees as an example. If mode. Therefore, to increase the number of ACs, the
each employee has a personal tablet PC or mobile aggregation switches must provide more ports. In
phone, then one employee is equal to two terminals, the original network plan, reserved device space and
and the enterprise will then have a total number ports for ACs are insufficient, resulting in considerable
of 40,000 terminals. Assuming each AP covers 20 difficulty in increasing the number of ACs.
terminals on average, a total of 2,000 terminals must
be deployed. Currently, a single box AC can only Complicated Management of an Increased
manage 256 to 512 APs, no more than 1,000 APs. To Number of ACs
manage 2,000 APs, at least two or three independent
An increased number of ACs leads to inconvenient
ACs are required. If the AC needs to be backed up,
device management. When there is only one AC, data
at least four to six ACs are required. The overall
is centralized on only one AC, and only one copy of
deployment and management of such a number of
data needs to be configured. When there are multiple
ACs alone, will considerably increase the enterprise's
ACs, multiple copies of data must be configured
initial investment and O&M costs.
and be consistent with each other. When the
802.11ac Brings High Bandwidth and AC configuration needs to be modified, all the ACs must
Performance Becomes Insufficient. Bandwidth be synchronized. As a result, errors might be caused
of 802.11n-based 3x3MIMO is only 450 Mbps, during configuration modification. In addition, when
and air interface bandwidth when 802.11ac-based the number of ACs is increased, device faults of the
3*3 MIMO is deployed is up to 1.3 Gbps, growing ACs cannot be prevented. In other words, reliability
by three times. In addition, as coding efficiency on of the AC devices cannot be ensured. ACs are cores
802.11ac-enabled devices is high,aside from air of a wireless network. Any device fault may cause the
interface costs, the available bandwidth is up to 1 entire wireless network break down.
Gbps, bridging the bandwidth gap between wired
and wireless networks and bringing a promising future Wired and Wireless Overlay Networks Lead to
to enterprise wireless applications. Nevertheless, High O&M Costs
workload of ACs performing centralized forwarding
increases considerably. Assuming there are 2,000 In the existing network deployment, WLAN network
APs and the oversubscription ratio is 3:1, forwarding is overlaid on wired networks. Data configuration,
capacity of the AC should be: 660 Gbps (2000 APs × policy control, and network management of wired

20
Ad v e r tor i al
HUAWEI Agile Switch

and wireless networks must be performed separately, and flexibility; therefore, if in the future enterprise
increasing overall network O&M costs. Each ACU on a users need to implement seamless upgrade, all they
chassis switch functions as an independent AC node have to do is add cards to adjust to the growing size
that uses the slot and power supply of the switch. of their wireless networks.
Unified management of the entire switch cannot be
implemented. Real Convergence of Wired and Wireless
Networks
Three Advantages of Huawei The Huawei S12700 native AC, backed by innovation
S12700' Native AC and technological advancements, draws upon the
experience acquired from "AC managing APs" to
Huawei S12700 agile switches use high-performance
implementing the known practice of "core switches
ENP chips, solving the AC performance bottleneck
managing access switches." Ethernet service
and opening the T-bit AC era.
interface cards (SICs) that have the functions of
native ACs not only forward wired and wireless
Industry's First T-bit AC
services in a unified manner but manage APs and
Traditional AC functions can be implemented by wired access switches and deliver configurations
independent physical devices or independent physical in a unified manner. The SICs are the first cards to
cards on chassis switches. The T-bit AC of the Huawei implement unified management of wired and wireless
S12700 core switch series is based on advanced ENP networks, unified policy, and unified forwarding in
technology, integrating AC and Ethernet switching the industry, integrating wired and wired networks,
functions. Each card supports 80 Gbps of line- greatly reducing enterprise network O&M costs, and
speed forwarding, which is two times or more the promoting enterprise IT service innovation.
industry average. When fully loaded, the entire AC
device can support a maximum of 960 Gbps line- T-bit AC Era Is Coming
speed forwarding and is capable of managing
2,000 APs at a single time. In addition, the entire With the rapid development of WLAN technology,
AC device provides T-bit CAPWAP encapsulation when 802.11ac WLAN products use 4x4 MIMO 160
and decapsulation and Layer 2 and Layer 3 data MHz bandwidth, wireless network bandwidth can
forwarding capabilities. Furthermore, the number reach up to 3.5 Gbps. In this situation, centralized
of APs managed by Huawei's S12700 T-bit native ACs just cannot satisfy the bandwidth requirements
ACs is multiplied, which is significantly greater than of services. Huawei is going to launch a hierarchical
that of traditional independent ACs. Moreover, the AC solution. The upper layers of this brand new
number of Huawei S12700 T-bit native AC users is AC solution will be able to implement unified
also multiple times that of traditional independent AC management across all APs and services on the entire
users. network through use of cloud ACs. As for the lower
layers of this solution, they will implement wireless
service traffic forwarding capabilities by principle
Native ACs with Lower Users' Investment Costs
of proximity through programmable aggregation
Users do not need to purchase independent AC switches. This hierarchical AC solution will lower the
devices or native ACs, but instead just implement performance requirements of ACs when performing
unified management of wired and wireless users by centralized forwarding.
using Huawei's S12700 native ACs and broadband
remote access server (BRAS). In this way, network
deployment is simplified, and customers' investment
is reduced. Built-in native ACs occupy no excessive
cabinet space or port resource, saving customers'
investment in telecommunications rooms. In addition,
the Huawei S12700 native AC features high scalability

21
Advertor ia l
HUAWEI Agile Switch

Zero Access Layer Configuration


– Making Campus Network
Management More Agile
By Zhang Jun

I n contrary to data center networks that have


attracted a lot of attention and driven many
technological innovations, campus networks seem to
"Challenge of Upgrading and
Patching" Facing Campus Networks
be out of the public's eye. When cloud computing, A typical campus network consists of core switches,
SDN, flat network architecture, virtualization, and aggregation switches, and access switches. A small-sized
new O&M policies are promoting transformation campus network requires dozens of access switches,
of data center network architecture, will enterprise whereas a medium-sized campus network needs
campus networks remain unchanged? hundreds of access switches, and a large-sized campus
network thousands of access switches. Each access
"Although the campus network market seems
switch must be configured with parameters including
peaceful, a revolution is coming. Campus network
port VLAN, network management system (NMS) IP
construction is service motivated. As new services
address, access control list (ACL), and quality of service
keep emerging, campus networks require
(QoS). During software upgrade or patch installment,
innovations in various aspects such as bandwidth,
the operation must be repeated, resulting in a heavy
scalability, reliability, mobility, security, and network
workload and errors.
management. Huawei believes that no matter how
technologies develop, the key to campus networks A major challenge to campus networks is the fast
is in-depth collaboration between services and the growth of wireless terminals, such as tablets and
network, for example, collaboration between cloud smartphones. A campus network must provide more
computing and elastic campus network structure, robust Wi-Fi service to handle increasing wireless
collaboration between multimedia services and traffic. As more WLANs are deployed in campus
network reliability and visualization, and collaboration networks, the AC+Fit AP WLAN architecture is getting
between BYOD and the wireless service security. The mature. On the one hand, access controller (AC) is the
in-depth collaboration helps enterprises improve device management controller of a WLAN system,
efficiency, increase revenue, and reduce TCO. "said managing and configuring access points (APs). APs
Li Xiangjun, vice president of Huawei Enterprise provide wireless WLAN access services for users. The
product line. APs provide simplified functions and are plug-and-play
without configuration. Since both the configuration and
Zeus Kerravala, principal analyst of ZK Research,
management of APs are centralized on the AC, the APs
said: "cloud computing will bring dramatic changes
no longer have to function as independent network
to campus networks, because cloud computing will
elements (NEs). On the other hand, the AC is the policy
result in increasing network traffic. Traditionally, a
controller of a WLAN network. Specifically, the AC
campus network transmits only traffic of the local
obtains policies from the policy server, and then delivers
data center, while cloud computing traffic needs to
the policies to APs through Control and Provisioning
be transmitted directly from branches or campus
of Wireless Access Points (CAPWAP) tunnels. The
network to the cloud platform. This traffic model
APs execute the management and control policies
has higher requirements on campus networks' core
on wireless users. This AC+Fit AP WLAN architecture
devices and backbone."
significant reduces the configuration workload of APs,
Innovation is also required in campus network O&M. simplifies AP software upgrade, and facilitates effective
execution of policy control.

22
Ad v e r tor i al
HUAWEI Agile Switch

Huawei has vastly succeeded in the integration of Zero-Configuration Deployment


wired and wireless networks by drawing upon the
experience learned from "AC managing APs" and by As shown in the preceding figure, both the access
implementing this attained knowledge to develop switch and the AP download configuration from the
"core switches managing access switches". The built-in wired and wireless controller in the Huawei
integrated wired and wireless campus network is S12700 through CAPAP tunnels. The Huawei S12700
much more efficient and simplified than ever before, manages access devices including the AP and the
allowing customers to easily manage networks and access switch in a unified manner, implementing zero-
enjoy an excellent network experience. configuration deployment.

Automatic Upgrade
Industry's First "Zero Access Layer
Configuration" Solution The Huawei S12700 series agile switches save version
files of access switches and APs. Through the MAC
In the era of "data is king", a huge amount of production address and IP address of devices, number of users,
and business data is transmitted on wired and wireless and number of access ports in Up status, the Huawei
converged networks. Network management must adapt S12700 can automatically upgrade based on service
to changes in the campus network architecture. For requirements, preventing disordered scheduling
example, uniform management of wired and wireless during batch upgrade from causing network
users and uniform configuration of wired and wireless congestion.
services are important in this era.

Huawei has launched the industry's first "zero access Plug-and-Play


layer configuration" solution that uses Huawei S12700 If an access switch or AP fails, the new switch or AP
series agile switches as core switches. This solution automatically obtains both version and configuration
applies the simplified wireless AC+Fit AP mode to from the S12700 based on the network topology
wireless networks, preventing the need for repeated architecture. No repeated operations need to be
configurations over a large number of access switches. performed. The new switch or AP exhibits instant
In addition, this solution formulates a uniform user or plug-and-play performance capabilities right after an
network template by extracting the same attributes of access switch or AP device has been replaced.
wired and wireless networks, thereby implementing
a seamless and secured uniform wired and wireless
Integrated Template
management model. As a result, network maintenance
personnel do not need to bear in mind two sets Unified authentication of wired and wireless users,
of configuration commands for wired and wireless a uniform policy configuration template for before
networks respectively, and network operation and and after user authentication, and the delivery of
maintenance (O&M) costs are lowered. configurations to access switches and APs through
the Huawei S12700 all solves O&M problems caused
Unified by two configuration profiles for wired and wireless
wired and
wireless networks, ensuring a consistent experience for both
NMS Platform network
controller wired and wireless users.

CAPWAP tunnel Access


layer

Wireless
Wired user
user

23
Advertor ia l
HUAWEI Agile Switch

iPCA – the Secret of Agility


By Liu Bi

Pursuit of "Visible" Agile Network


Increasing complexity of network structure requires changes in network management. Now, network
management is changing toward visualization, automation, and intelligence. Among these changes, visualization
is the key item to network management and maintenance like end-to-end traffic monitoring and security policy
management.

According to a Gartner report, active network problem prevention has become the major drive force of
customers' O&M investments, contributing to 27% of total investment. The second and third drive forces are
fast network troubleshooting and service level agreement (SLA), accounting for 15% and 12% of investment
respectively.

Traditional IP networks have many "invisible" maintenance items. For example, traditional network management
provides only network performance data, but the network administrators are unaware of service data on the
network. That is, the service performance is invisible. This invisibility results in low fault locating efficiency. Routes
are also invisible. As network administrators do not know service transmission
paths, they cannot take preventive measures for network failures caused
by route flapping.

Is there any method to eliminate such blind spots?

Huawei believes that the traditional passive network O&M


model needs to be replaced by active network O&M
method to monitor experience of end users
and accurately identify failure points and
vulnerabilities. This new network O&M
model helps customers quickly find
security risks and take measures.

24
Ad v e r tor i al
HUAWEI Agile Switch

Weakness of Tradition Fault necessarily the one through which service packets
pass. As a result, the detected path quality cannot
Diagnosis represent the service packet transmission quality.
Network quality diagnosis and quality evaluation are
the two core issues of network maintenance. Usually, iPCA
IT managers cannot determine whether there is a
potential risk in the network and do not know where O&M of enterprise campus networks focuses on not
a fault has occurred. They cannot make an objective only network function and performance but user
evaluation of performance and quality of services such experience and network quality. iPCA technology
as video, voice, and network access. Performance provided in Huawei's S12700 series agile switches
and quality diagnosis of traditional campus networks can quickly detect any user's video and voice service
lack effective end-to-end (E2E) location methods. As quality and instantly locate faults that may occur
a result, fault diagnosis is not only difficult and time- at network links, cards, and even chips, greatly
consuming, but cannot meet user requirements. improving O&M efficiency. iPCA makes networks
easy to use, leading to essential change in enterprise
Network performance fault diagnosis and quality campus networks.
evaluation are essential. Already industry-backed
research teams and standard organizations are Packet Conservation Algorithm for Internet (iPCA)
engaged in the establishment of applied technical is a pipe monitoring technology that detects
research and standards. IETF formulated the network quality in direct measurement mode. iPCA
RFC5357 (a Two-Way Active Measurement Protocol) can measure network packet loss, delay, jitterand
and RFC4656 (a One-way Active Measurement implements precise fault location through hop-by-hop
Protocol (OWAMP)), which are used for IP network fault detection. Huawei launches the S12700 agile
performance statistics collection and fault detection. series switches that feature flexible programmability
Meanwhile, Cisco has put forward its own proprietary and implements the iPCA function. The S12700
Service Assurance Agent (SAA) Solution, while greatly improves network quality detection and
Huawei uses the Network Quality Analysis (NQA) precise fault location capabilities and greatly reduces
mechanism to respond to the requirements of IP network operation and maintenance (O&M) costs.
networks for maintainability and operability. All
To solve existing problems associated with the
these fault detection mechanisms have one common
detection method such as long fault detection
characteristic. That is, they all have an indirect
time, fuzzy fault scope determining, and low quality
measurement method and require insertion of
evaluation precision, Huawei introduced its fully
dedicated detection packets, calculating the detection
programmable S12700 series agile switches equipped
packet loss ratio to indirectly derive the service packet
with Ethernet Network Processor (ENP) chips to
loss ratio. IP communication is connectionless, so the
implement the iPCA solution. In addition, the S12700
path through which detection packets pass is not
is applicable to precise O&M of enterprise networks.

Direct Test iPCA

Real service Programmable


Programmable
traffic switch
switch
Programmable
Marked traffic switch

Figure 1 Working process of iPCA

25
Advertor ia l
HUAWEI Agile Switch

As shown in Figure 1, the working process of the iPCA sending test traffic. The detection path is the same as
solution consists of two parts: measurement control the real service path. Faults on links, cards, and even
servers and agile switches. The measurement control chips can be detected.
servers receive requests of users for performing
detection on the target service traffic, inform agile ENP, Allowing Detection of Any Service Traffic
switches of performing detection, collect statistics
To perform fault detection on the target service traffic,
of each agile switch, and perform calculations and
the service traffic must be differentiated and dyed.
generate reports.
Performance of traditional switches is relatively low
The iPCA offers the following advantages: and these traditional switches can only differentiate
the service traffic by using limited ACL resource and
can dye the service packets only by using CPU. As a
Huawei's Patented Technology, Solving Problems
result, traditional switches cannot be deployed on a
in IP O&M massive scale. Huawei's S12700 series switches are
based on Huawei's patented ENP technology and
Huawei creatively uses the only reserved bit (Bit 0 in
can support up to 256 K access control list (ACL). The
the Flags field) in the IPv4 packet header to dye the
S12700 can identify any service traffic and dye the
target service traffic. Most of the services that use IP
service traffic using microcodes, implementing faster
for communications must have standard IP packet
line-speed forwarding capability.
headers. This dyeing method does not rely on the
service type, but instead allows the device to perform
hardware processing more easily.

Direct Detection Mechanism, Implementing


Precise Fault Detection

iPCA directly measures service traffic quality without

26
Ad v e r tor i al
HUAWEI Agile Switch

iPCA Usage Scenarios


iPCA can be applied to multiple usage scenarios such as campus, Smart Grid, IP RAN, and Internet Service
Provider (ISP) line lease. iPCA can quickly detect faults of video, voice, and wired and wireless applications by
detecting network quality involving packet loss ratio, delay, and jitter.

eSight
Video Video

Video Video
VOICE VOICE

Wired Wired
VOICE VOICE

Wireless IP/MPLS Wireless


Campus
Voice Voice
Hop-by-hop

detection

Internal campus network quality deteciton WAN E2E network quality detection

E2E service network quality detection

Figure 2 Campus usage scenario of iPCA

As shown in Figure 2, in this campus usage scenario, iPCA can detect network performance indicators at the
access, aggregation, and core layers and network segments of a WAN network in a hop-by-hop manner. iPCA
can quickly and precisely determine the fault scope and can also immediately determine on which card or even
which chip in the network a fault occurs, providing strong guarantee for fault troubleshooting. Even though
WAN networks do not support the iPCA feature, whether a fault occurs in the WAN network can be determined
by analyzing the campus ingress and egress at both ends of the WAN connection. In this way, responsibilities
can be clarified.

27
Advertor ia l
HUAWEI Agile Switch

Converged Network and


Unified User Management
2
— Huawei Campus U M Solution
By Xia Yangsong

Campus Networks' Requirements for Fine Granular User Management


A recent call by the Chinese government requires that national educational funds should amount to 4% of the
Gross Domestic Product (GDP) between 2010 and 2020. According to a 2012 report released by CCW Research,
China's IT investment in the education industry reached CNY43.91 billion, with a YOY growth of 20.9%. China's
in-depth reform of its educational system has promoted IT applications in basic education, higher education,
and vocational education fields.

Major requirements of campus networks include low equipment costs, self


management, full wireless coverage, and comprehensive user
management.

28
Ad v e r tor i al
HUAWEI Agile Switch

Campus network construction has some common requirements, among which the fine granular management
of users acts as the core requirement. To meet this core requirement, device vendors in the industry provide
two traditional user management solutions: user management based on access and exit authentication; user
management centered on independent broadband remote access server (BRAS). The first solution has low
requirements on switches, but its management capability is limited. The second solution supports fine granular
user management, but users must purchase an expensive BRAS separately.

Disadvantages of Two Traditional User Management Solutions

Solution 1: User Management Based on Two Authentication

As shown in Figure 1, the access switch and


authentication and accounting gateway control
access to internal and external resources. Take a CERNET Internet
wired terminal user as an example, where wireless
users access campus networks through ACs. The Authentication
and accounting 3
wired terminal user uses 802.1x client for the first gateway
Internal network
identity authentication, that is, campus network AC
2 resource

access authentication. The access switch works as a


Remote Authentication Dial In User Service Core switch AAA server

(RADIUS) client to interact with the Aggregation


Authentication, Authorization, 1 switch
Access AP
and Accounting
switch
(AAA) server. After
authentication, the Wired terminal Wireless terminal
access switch binds user user

the access user to


the MAC address, IP
address, and physical This solution is actually quite simple but has the
port to ensure following obvious disadvantages:
the authorized
user to access the Excessive authentication points
internal resources
Wired users are authenticated through switches
on demand. When
while wireless users are authenticated on the AC in a
the user accesses
centralized manner.
external resources,
the authentication and Complex policy management
accounting gateway
must perform a second User access rights are controlled by using only an
authentication on the user. After access control list (ACL). A medium-sized network
authentication is complete, the AAA must be deployed with thousands of ACLs, and a
server will deliver the user's authorization information large-sized network must be deployed with tens
to the authentication and accounting gateway to of thousands of ACLs. The ACLs are deployed at
enable accounting and monitor the user's online different nodes, which is rather complex.
behavior.

29
Advertor ia l
HUAWEI Agile Switch

Solution 2: User Management Centered on BRAS

CERNET Internet CERNET Internet

BRAS 2 BRAS 3
Internal network Internal network
resource resource
AC 2

Core switch AAA server AC Core switch AAA server


Aggregation Aggregation
1 switch switch 1
Access AP Access AP
switch switch

Wired terminal Wireless terminal Wired terminal Wireless terminal


user user user user

Broadband remote access server (BRAS) was authentication on terminal users using PPPoE or IPoE
successfully deployed on carrier networks and protocol through QinQ encapsulation. Then BRAS
is now being introduced to campus networks. sends an authentication request to the AAA server
BRAS provides multiple strong authentication using the RADIUS protocol. After authentication is
and accounting functions: PPPoE authentication, complete, the AAA server authorizes the BRAS and
IPoE+QinQ authentication, 802.1x authentication, enables accounting to further implement integrated
Portal authentication, traffic-based accounting, authentication and monitoring of both internal
duration-based accounting, prepayment, package- and external networks. As for wireless terminal
based accounting, accounting protection, and non- (STA) users, the AC authenticates STAs as shown in
charged accounting. As shown in the above figure, the abovefigure. Once authentication is complete,
regarding wired users, the access switch assigns a the AAA server continues to performs admission
VLAN to each user to isolate traffic of access users, authorization on the AC. In the meantime, the AAA
ensuring unauthorized users cannot access one server delivers the authorization information to the
another. The access switch adds the Layer 1 tag BRAS and performs exit authorization to implement
to user traffic packets, and the aggregation switch "one authentication for two authorizations."
adds the Layer 2 tag to user traffic. BRAS performs
By using dedicated BRAS that manages users, this
solution features centralized authentication and
simplified management. Nevertheless, this solution
has the following drawbacks:

Users have to purchase expensive BRAS


devicesseparately .

Difficulties remain in the association between the AC


and BRAS because they are different physical devices.

User authentication process is complex, wired and


wireless users cannot be managed in a unified
manner.

30
Ad v e r tor i al
HUAWEI Agile Switch

Huawei U2M Unified User Management Solution


"device management-centric" to "user management-
centric."
CERNET Internet
As shown in the above figure, packets of the wired
terminal user authentication are transparently
3
Core switch transmitted to the core switch through the access
Internal network
resource
switch. At the same time, packets of STA user
authentication are transparently transmitted to the
Aggregation
AAA server core switch through a Control and Provisioning
switch

2
of Wireless Access Points (CAPWAP) tunnel of
1
the access point (AP). Then, the core switch, with
Access AP built-in BRAS and AC functions, sends the user's
switch
authentication information to the AAA server. After
Wired terminal Wireless terminal the authentication is complete, the AAA server
user user
performsauthorization , accounting, and behavior
monitoring on the wired or wireless user through
the core switch. Compared to other traditional user
By integrating the advantages of these two solutions,
management solutions, this solution features the
Huawei launched the Unified User Management
following advantages:
(U2M) Solution directly centered on its own S12700
series agile switches. The S12700 card implements
Industry's Unique Native BRAS and AC
the BRAS feature and unified authentication of
wired and wireless users. An independent user table
Huawei's fine granular user management solution
is assigned to each user to implement user rights
which is centered on its industry-leading S12700
control, bandwidth control, and quality of service
series agile switches provides built-in BRAS user
(QoS) control. The Huawei U2M solution implements
management and AC functions. Customers can
the transformation of campus networks from being

31
Advertor ia l
HUAWEI Agile Switch

implement unified management of wired and wireless maintenance (O&M) requirements, this solution
users without the need of purchasing BRAS devices, uses different authentication modes to implement
AC devices, or –built-in ACs. This solution simplifies differentiated management and control. For example,
network deployment, reduces customer investments, in the dormitory area, the PPPoE authentication mode
and supports both IPv4 and IPv6. can be used to prevent students from conducting
malicious network attacks. In the teacher's office
Consistent Experience and Differentiated area, IPoE+QinQ authentication mode can be used to
simplify the authentication process without installing
Services
a PPPoE client. Additionally, the simplest MAC address
The Huawei S12700 is capable of providing a authentication mode can be used for dumb terminals
consistent user experience, no matter whether it is a such as printers.
user accessing the network directly from STAs such
as a smartphone, tablet PC, or terminals running Simplified Policy Management and Cancellation
on an Android operating system (OS) or wired of ACL Configuration
terminals such as desktop PCs and video terminals.
In addition, the S12700 supports full-scale, five-level Traditional campus networks are essentially "device
hierarchical quality of service (HQoS) scheduling and management-centric". Bandwidth management
provides differentiated services for different levels of and rights control can be performed on users rather
customers, fulfilling the objectives of "same account than ports only by using the limited ACL resource on
for wired and wireless users, different network access switches. The S12700 uses a "user management-
speeds for internal and external networks, and centric" design idea. Each user has an independent
different costs of IPv4 and IPv6 deployment." user list that is used to perform user rights control,
bandwidth control, and QoS control. The S12700 can
Centralized Authentication and Access Layer authorize users based on user group, domain, and
time. Upstream and downstream bandwidth (8 kbit/
Isolation
s) is controlled. Based on simple and flexible policy
Wired and wireless users are authenticated on management, the S12700 allows for differentiated
the built-in BRAS in a centralized manner, in spite accounting according to different time periods, service
of differences in performance capabilities and types, and access addresses. Moreover, Huawei's
access modes of access layer devices. Huawei's U2M solution can effectively conduct security policy
U2M Solution supports multiple authentication association to improve security. For instance, a user
modes including PPPoE authentication, 802.1x can access a greater amount of teaching resources in a
authentication, MAC address authentication, laboratory than that in a dormitory building.
Portal authentication, and IPoE authentication. To
satisfy diversified area and network operation and

32
Ad v e r tor i al
HUAWEI Agile Switch

Summary

As the old saying goes, "Rome was


not built in a day." Huawei can put
forth its U2M solution because it
has the following capabilities:

Solid foundation of switching and


WLAN technologies: Huawei has
mature switches and wireless local
area network (WLAN) platforms,
which are listed in the Challengers consumption like application-
quadrant of Gartner's Magic specific integrated circuits
Quadrant and are widely used in (ASICs) and also provides flexible
various industries. programmability.

Leading BRAS technology: Huawei In-depth understanding on


has the industry-leading BRAS campus networks: Huawei has
solution in which Huawei's ME60 long been dedicated to develop
series gateway devices has kept high-quality campus network
holding the largest market share solutions.
for years.
Employing industry-leading
Excellent chip development technologies while listening to
capabilities: Huawei has in-depth customer’s voice, Huawei offers
chip R&D capabilities. Based on the innovative U2M solution to
Huawei's self-developed Ethernet help drive the transformation from
Network Processor (ENP), the device-centered management to
S12700 implements line-speed user-centered management in
forwarding and low power campus networks.

33
Advertor ia l
HUAWEI Agile Switch

Agile Switches Open Up a


New Way to the Future MANs
Author/Wang Bo

T he development of the virtualization, cloud computing, and Internet of things technologies helps migrate the
metro networks to agile, dynamic, and reliable cloud Ethernet. As the platform of a city's IT infrastructure
platform involving government, education, and broadcast & television, a low-cost metro network must provide
high bandwidths, carrier-class reliability, and energy conservation. However, traditional switches cannot fulfill
these requirements.

Why Traditional Switches Cannot high service quality. Traditional QoS policies schedule
traffic based on ports. A port can only identify service
Meet MAN Requirements? priorities, but cannot identify users and service types.
The following features of traditional switches hinder This creates a bottleneck in service quality improvement.
them from meeting MAN requirements: H-QoS solves this problem by not only providing
refined network services for high-priority users, but also
providing unique experiences for different user groups.
1. Routing capability
Due to the limitations of ASIC chip, traditional Layer 3
Actually, the routing entries of a backbone router switches cannot support H-QoS.
running BGP-4 have reached 500K. Therefore, MAN
devices should have high routing and forwarding 4. Availability
capabilities. Traditional Layer 3 switches use the ASIC
chip which restricts routing and forwarding capabilities. The ASIC does not support Non-Stop Routing (NSR),
These traditional Layer 3 switches support a maximum fast reroute (FRR), and fast routing convergence, so
of 512k FIB entries, and the convergence time of every services may be interrupted when network topologies
1000 routes is about 30 seconds which is too long to change. This restricts routing and forwarding
meet MAN requirements. capabilities of the switches.

2. Large buffer Constructing a MAN Using Agile


A MAN typically has large traffic volumes and burst Switches
traffic occurrence during peak hours, so the MAN
must have the ability to shorten data transmission As a leading solution provider of Information and
delay and prevent packet loss. The traditional Layer Communication Technology (ICT), Huawei has
3 switches using ASIC chips have only a 9MB buffer invented a high-performance agile switch, S12700,
on each LPU. The 9MB buffer can handle the traffic based on years of accumulated experiences in the
on a LAN, but cannot guarantee the quality of video data communication field. The abundant functions of
services during peak hours. the S12700 agile switch fully meet the requirements
of agile MANs.
3. Service quality
Supporting the elastic structure of an upgradable MAN
With the emergence of new applications such as
HD VoD, e-business, cloud computing, Internet of Currently, MPLS VPN is the unique technology that
Things, remote education, and remote conferencing, implements full mesh and high-speed communication
the number of MAN users is dramatically increasing. on large-sized networks. MPLS has been widely used
This means that the network devices must be able to in backbone networks, MANs, and mobile backhaul
identify users and service types to provide unique and networks, so MPLS has high reliability and extensibility.

34
Ad v e r tor i al
HUAWEI Agile Switch

Internet Backbone

S9700 S9700 S9700


S9700
NOC Data
Center
S9700 S9700

S12700 S12700
S12700 S12700 S9700
S9700
S12700 S12700

S12700 S9700
S9700

S9700 S9700 S9700 S9700

Figure 1 Agile switches on a MAN

S12700 agile switch supports comprehensive MPLS Using various reliability technologies to ensure
features for large-sized MANs with complicated MAN stability
network nodes. The emergence of new services can
expand the network topology dynamically. The S12700 supports the Huawei-invented CSS2
technology, which is an upgrade to the older CSS
technology. Based on the core router platform, CSS2
Using large-capacity application tables
forwards packets between the switches through a
The S12700 agile switch supports 3M FIB entries and switching fabric unit instead of ports on the service
completes a convergence of 6K routes within 1 second. cards. Therefore, the possible fault points are reduced
This performance is equivalent to the performance of a and software security risks are minimized. In addition,
router. Integrating routing and switching, the S12700 the S12700 uses the ENP to send Ethernet OAM
not only meets the complex service requirements packets within 3.3ms, which is the shortest Ethernet
of a large-sized MAN, but also is upgradable and OAM detection time in industry. Using the ring
supports capacity of expansion for future network protection mechanisms such as SEP and G.8032, the
configurations. S12700 implements a failover within 50ms.

Using a large-capacity built-in buffer


Carrying All Services on One Net
Using Huawei ENP, S12700 provides a large-capacity
built-in buffer. Each LPU provides a 1.5 GB buffer, The agile switch S12700 helps to build scalable MANs
ensuring that the real-time services such as video are for various public IT services infrastructure, such as
not delayed and discarded when burst traffic occurs. government, education, and broadcast & television.
The S12700 can build an e-government MAN through
Supporting comprehensive QoS to improve which the various departments of government can
share information and interact with each other.
service quality
Departments in remote villages can also share in
The S12700 supports 5-level H-QoS to effectively access to the MAN through the use of dedicated
allocate network resources. For triple play service, the lines. The S12700 can also build an education MAN
S12700 provides multi-service scheduling, including through which campus networks in the city and
HSI, VoIP, and IPTV, ensuring service quality. In towns can use to access the MAN. In broadcast &
addition to providing ensured bandwidth for high- television, the S12700 can transmit analog and digital
priority services and applications, the S12700 also signals, independent of transport networks such as
provides refined network services for high-priority SDH/MSTP. The S12700 implements an all-service
users, improves network operation efficiency, and bearing strategy using a single network.
meets requirements of different user groups.

35
Advertor ia l
HUAWEI Agile Switch

The Huawei Video Surveillance


Solution — Making Cities Safer
Author/Zhao Jingjing

O n April 15, 2013, bombs were detonated during the Boston Marathon, resulting in injury and losses
of life. Within four days, one of the suspected bombers had been killed and the other captured. Video
surveillance technology was the key to identifying the suspects and resolving this case quickly.

According to a report of Frost & Sullivan, before 2016, the compound annual growth rate of network video
surveillance will reach 16%. The growth rate in Asia is the fastest because China, Australia, and Singapore have
announced a series of solutions that guarantee the security of IT infrastructure. In Europe, the IP network video
surveillance systems in cities also develop fast.

A video surveillance system monitors the public places and transportation of a city. It plays
an important role in preventing and reducing crime, and provides

36
Ad v e r tor i al
HUAWEI Agile Switch

evidence for identifying suspects. China has deployed video surveillance systems in several large cities since 2004
and in most major cities since 2010.

With the deployment of safe city and safe campus in many cities of China, the video surveillance is widely used
in the airport, subway, and electricity fields. The IP network surveillance systems boost the video surveillance
market in China because they have wide coverage, seamless upgrade capability, and are suitable for complex
networks. The network video surveillance solutions have been acceptable by many people.

A Challenge to Networks: Video Surveillance


With the development computing, coding/decoding, and network transport technologies, video surveillance
has passed three phases, and aims at establishing digital, intelligent, IP, and networked systems. In addition,
video surveillance can be integrated into other technologies to develop new
applications in various fields. Unlike the traditional video surveillance system,
the intelligent video surveillance system features HD video, behavior analysis,
and intelligent searching, and can manage millions of cameras simultaneously.
The surveillance system has the following network requirements:

High bandwidth, high-density access: Video surveillance plays an important


role in various fields, and high-quality video is widely used. High-quality
video is high definition and requires a large number of code streams, which
generate a large quantity of data requiring high bandwidth. A medium-sized
city requires about 36,000 cameras and 43,200 access ports (in which 20%
are reserved for capacity expansion). This would require a total bandwidth of
720 Gbps, that is, 36,000 x 8 Mbps (HD)/40% (loads).

QoS: Video surveillance, especially real-time video surveillance, requires


higher network performance and QoS than other services. The latency
cannot exceed 400 ms, jitter cannot exceed 50 ms, and packet loss ratio
cannot exceed 1x10-3.

High reliability: The video surveillance system requires high network reliability.
If the network connection is interrupted, key data or evidence may be lost.
Therefore, video surveillance devices should attain at least 99.99% reliability,
avoiding single-point failures and service interruption.

Flexible camera access: Some video surveillance devices are located on


roadsides and in remote suburbs. It is difficult to power these devices, and
they do not have cables through which to transmit data back. Therefore,
the access switches must provide PoE power for these devices and APs are
required on the network to transmit data back wirelessly.

Easy operation and maintenance: When the video surveillance network


is expanded, network layers and nodes increase, causing huge operation
and maintenance costs. A scalable video surveillance network must feature
automatic configuration, intelligent network quality evaluation, and
intelligent fault reporting. In addition, network management should be
simple to facilitate fault location.

37
Advertor ia l
HUAWEI Agile Switch

Huawei Video Surveillance Network Solution


A typical video surveillance solution includes the video storage center, service management center, video
surveillance center, and front-end surveillance areas. All four parts are connected through the IP network.

Storage center Video surveillance center Management center

Management Media NMS


Storage server IP SAN distribution
server server
server

City Core layer


S12700

Aggregation
Town
layer

Access
Police office layer

AP

Front-end surveillance area

The Huawei video surveillance solution has the following characteristics:

High bandwidth and high-density access QoS guarantee

The Huawei S12700 supports high-density 10GE, Networks have the aggregation feature, so the video
40GE, and 100GE ports, and serves as the core surveillance places high requirements on the capacity
of a video surveillance network. Multiple S12700 of network core devices. The S12700 supports 5-level
switches can set up a CSS2 system through switching H-QoS to precisely classify and schedule traffic,
fabric units to accommodate high traffic volume. In forwarding high-priority traffic first. The core of an
addition, Huawei provides plenty of Layer 2 and Layer S12700 is the ENP chip. The chip has integrated 1.5G
3 access switches to allow 100M, 1000M, optical, Byte memory to cache packets, ensuring reliable and
and electrical access. smooth video transmission.

38
Ad v e r tor i al
HUAWEI Agile Switch

End-to-end hardware protection Device level: Based-on core router platform


technology, the S12700 uses Huawei-developed CSS2
Huawei provides the first end-to-end hardware technology. In a CSS2 system, switches are connected
protection solution to protect networks and devices through the switching fabric unit as one logical
and provide uninterrupted transmission on the video switch, and exchange packets through a hardware
surveillance network. The protection solution works channel. This technology reduces failure points and
on two levels: device level and network level. increases the reliability of core nodes.

Network level: The S12700 completes hardware-


based Ethernet OAM detection within 3.3 ms, which
is the shortest detection time in industry. Using ring
protection mechanisms such as SEP and G.8032, the
S12700 completes a failover within 50 ms.

Flexible camera access

The Huawei video surveillance solution integrates


wireless access, high PoE power, and solar powering
technologies to enable flexible camera access. Huawei
high-performance APs allow the cameras to send
video data back through Wi-Fi. Network deployment
is simple, fast, and scalable with low cost.

Intelligent network, simple network


management

Huawei switches support the Easy Operation function,


which includes: Easy Install, Easy Configure, Easy
Monitor, and Easy Troubleshooting, to
simplify network operation and
maintenance.

Video surveillance
technologies have
been developed from
analog to digital,
on-site to remote,
video recording to
intelligence alarming, and
wired to wireless. The Huawei
video surveillance solution provides
high-quality, highly reliable data transmission
and flexible access methods for customers.

39
Advertor ia l
HUAWEI Agile Switch

Huawei S12700,the Best


Choice for High-Quality
VOD Networks
Author/Wei Lianghao

A t the end of 2012, more than 100 million STBs were being used in China. According to a research report
in China, there are predicted to be an average of 40 million new STBs per year from 2013 to 2017. As HD
STBs (high-definition set top boxes) become more widely used and video on demand (VOD) services continue to
develop, there are higher demands on metro area networks (MANs) to provide higher bandwidth, shorter delay,
and higher reliability. Existing IP networks cannot meet VOD service requirements.

Besides the HD video service, broadcast & television carriers can provide broadband network access, multimedia
communication, VIP VPN, and enterprise dedicated line services. How can a broadcast & television carrier
upgrade the network to meet VOD requirement? The answer is an intelligent network with large buffer and high
reliability.

Three Network Demands of VOD because many users use the VOD service and perform
varied operations. If the network cannot handle the
burst traffic, packets will be discarded.
Demand 1: High bandwidth and reliable
networks
Demand 3: Network quality control platform
With the increasing number of VOD users, bandwidth
The HD VOD service puts high requirements
must undergo a 10-fold increase to support the large
on a network. When the network meets these
volume of HD VOD videos being streamed. Network
requirements, users will have a good experience.
devices must have powerful data processing and
Common network operation and maintenance KPIs
forwarding capabilities to distribute VOD streams to
cannot meet customer requirements, so the broadcast
lower-layer networks.
& television carriers must understand the network
The core and aggregation devices must have high operating status, precisely evaluate VOD service
capabilities to process high traffic volume. If one quality, and accurately know the network connection
device is faulty, the entire network is affected. status of each user. This would allow the carriers to
Therefore, these devices must be highly reliable. quickly locate faults and network nodes with possible
A switchover between devices should not affect risks.
services.

Demand 2: Coping with burst traffic Huawei S12700 Makes


Constructing a VOD Network Easy
Compared with the traditional television service, the
VOD service features variable content and centralized The S12700 agile switch is a Huawei next-generation
access times, so there is a high probability that burst high-end switch. It supports CSS2, large buffer, and
traffic will occur on the network. For example, on the Packet Conservation Algorithm for Internet (iPCA)
holidays or work day evenings, VOD traffic increases to meet VOD network requirements.

40
Ad v e r tor i al
HUAWEI Agile Switch

Service
Unique CSS2 technology and shortest
platform Data Voice
VOD Ethernet OAM detection time 3.3 ms,
ensring low delay, high bandwidth,
and high reliability
Province S12700
network
40G/100G
Lndustry-leading large buffer, coping
City with burst traffic, preventing erratic
S12700
network
display and packet loss
10G/40G/100G

S12700/S9700
Town 1G/10G
network/access Huawei-patented iPCA changes rough
network network management to refined
network management. Compared with
traditional evaluation methods, this
method is precise, has low cost, and is
applicable to any type of network.
Enterprise Residential Home
area

Unique End-to-End Hardware Protection Switchover to packet loss, and generate burst traffic. A switch using
an ASIC chip has only 4 MB buffer on each card, so it
The end-to-end hardware protection switchover works cannot handle burst traffic generated by video streams.
at device level and network level. As a result, video images can become garbled. The
Device level: The S12700 supports Huawei-developed S12700 uses the ENP chip, which can be connected to a
CSS2 technology, which is different from clusters set up DDR memory to provide a 1.5 GB buffer on each service
through the ports on service cards. Based on the core card. This large buffer ensures reliable and smooth
router platform, CSS2 forwards packets between the transmission of video streams.
switches through a switching fabric unit. Packets do
not need to pass through service cards. Therefore, the Huawei-Developed iPCA Helping Precise
possible fault points are reduced and software security Network Operation
risks are minimized. In addition, compared with service
port-based clusters that forwards packets between Based on 20 years of experience in IP network
chassis multiple times, CSS2 implements inter-chassis maintenance and operation, Huawei researched
packet forwarding only once, dramatically shortening and developed iPCA, an IP network performance
the forwarding delay. evaluation algorithm. Traditional algorithms, such as
NQA and Y.1731, simulate test flows to determine
Network level: The S12700 supports Ethernet OAM network quality, but the results are inaccurate. iPCA
detection within 3.3 ms, which is the shortest detection is an in-line detection technology that marks, colors,
time in industry. Using ring protection mechanisms such and counts the service flows, which can then be
as SEP and G.8032, the S12700 can complete a failover used to evaluate network quality. Using the Huawei-
within 50 ms. patented ENP chip, the S12700 can manage networks
precisely and efficiently.
Industry-Leading Large Buffer Coping with Burst Traffic
Video streams consume high bandwidth, are sensitive

41
Advertor ia l
HUAWEI Agile Switch

Accurately Planning For A


Wireless Campus Network
Author/Ding Qiufang

P eople are always demanding for new applications to make their lives more convenient. One classic example
of this is Bring Your Own Device (BYOD). Today's next-generation wireless campus networks are actually
making these applications possible. On a campus network, the network size is large, access types are variable,
and high users turnover, so WLAN coverage will necessarily increase. Therefore, how to quickly and easily
construct a WLAN is an important job for constructing a next-generation campus network.

The popular WLAN planning tools have shortcomings, for example, the architectural sketches of building must
be drawn manually and no 3D building model is provided. With over 10 years of experience in the 3G field,
Huawei has applied its advanced 3G network planning ideas, solutions, and experiences to WLAN network
planning, and with this success, has developed the industry's next-generation wireless campus network planning
tools called WLAN Planner and WLAN Survey. The tools provide the functions of automatic identifying RF signal
interference, integration site survey solution, and automatic generation of 3D building models to finish the
planning quickly, easily and accurately. You can "see" the constructed network during network planning, putting
the agile gene into campus at the beginning of the planning phase.

42
Ad v e r tor i al
HUAWEI Agile Switch

Why Do We Need a Network Plan? overlapping channels at 5 GHz are a few more.
Therefore, a precise network plan must be thoroughly
A WLAN is constantly prone to electromagnetic planned and well executed so it can improve network
interferences (EMI) from other Wi-Fi technologies and capacity and performance.
devices such as Bluetooth, microwave, and wireless
cameras. WLAN environment is complex. WLAN signals are
electromagnetic waves, which are easily affected
On the wired networks, capacity is expanded by by environmental or physical barriers. When WLAN
simply adding devices. However, among the devices signals traverse a building's wall, its signal strength
using the same channel on a WLAN, only one device may weaken depending on the wall's material
is allowed to transmit data at the same time, and and thickness. If you want to precisely simulate
the other devices have to wait. Therefore, the more the interference between WLAN devices and
devices are running on a WLAN, the more confliction other devices, you should first simulate the real
occurs so as to reduce network capacity environment. For example, an on-site environment
which is highly complex, where a typical building may
.Currently, WLAN frequency spectrums are insufficient.
consist of brick or concrete walls, steel doors, tinted
Only a few channels do not overlap with each other,
glass, sheetrock, metal beams and high ceilings.
for example, the 2.4 GHz frequency band has only
3 non-overlapping channels. The number of non-

43
Advertor ia l
HUAWEI Agile Switch

Huawei Precise Network Plan Solution for Agile Campus Networks


Summarized from over 10 years experiences in wireless field, Huawei designed the "preparations, overall design,
site survey and detailed design" standard procedures, the proprietary WLAN Planner and WLAN Survey tools
were invented to help you quickly, easily, and precisely complete WLAN planning. The tools provide the functions
of automatic identifying RF signal interference, integration site survey solution, and automatic generation of 3D
building models.

Site survey procedure


 Site survey
Attenation coverage Interference Multimedia
(Site survey collection source recording
engineers)

Project information Site survey data


WLAN Survey

 Create a planning project. Generate 3D building model  WLAN planning


(Design engineer) (Design engineer)

ldentify buildings and generate 3D building models WLAN detailed design, simulation and report

RealDWG dwg images OpenCV identification bitm ap Read site survey data
Associate with barriers Associate with barriers
APs and channels are automatically distributed

Inter-layer simulation is generated according to


Wlan Planner Generate 3D building models signal model

3D model display 3D rendering

Figure 1 Overall WLAN planning

Preparations and overall design: Simulates 3D by WLAN Planner directly to the site survey.
environment according to the building blueprints The WLAN Survey records common sources of
(CAD, PDF, or bitmap) provided by customers; interference such as weak electricity wells and
identifies and classifies barriers into different interference sources, determines the scale of the
types according to their characteristics, associates drawing, records the building attributes, provides
these barriers with brick walls, support walls, steel attenuation tests, and records the interference
support columns, doors, and windows, and binds sources. WLAN Survey greatly improves site survey
these physical barriers to signal attenuation values efficiency and reduces errors.
in the database. One neat feature of the tool is it
Detailed design: Based on experience accumulated
allows building blueprints to be easily viewed and
can realistically simulate an on-site building’s in the field of 3G wireless network and best
environment by automatically having the doors practice in WLAN test results, Huawei has
open and close. mastered the formula to calculate signal strength,
signal-to-noise ratio (SNR), and throughput. WLAN
Site survey: WLAN Survey is an advanced 3D Survey provides 3D simulation models based on
software that can be installed in an Android-based an actual environment and site survey data for
operating system on smart terminals, and can you to know the performance of the network to
seamlessly transmit planning results generated be constructed.

44
Ad v e r tor i al
HUAWEI Agile Switch

Huawei WLAN plan tools have the Complete Historical Data


following features: Huawei WLAN planning tools automatically identify
Unique Radio Model barriers. They are more effective and accurate than
manual drawings. The planning tools help you easily
Considering signal reflection and diffraction factors identify a building’s infrastructure interior design
based on over 10 years experience in 3G filed and and can even detect with high accuracy, what
through large-scale WLAN practice, Huawei perfected the material is made from ,and then associate the
its know-how capabilities by being able to calculate attenuation value with materials to draw the 3D
signal strength, SNR, and throughput for the open model precisely.
space, half-open space, and tunnels. By adopting the
3D design model, Huawei considers both vertical and Convenient Site Survey Tool
horizontal signal interference to get accurate network
plans. WLAN Survey can be installed in the Android
operating system on smart terminals, so you can take
the planning result generated by WLAN Planner to
the site conveniently.

45
Advertor ia l
HUAWEI Agile Switch

SDN Architecture-based
Next-Generation Agile
Campus Network By Ji Ya'nan

Challenges for Campus Networks


Today's world is witnessing a huge change in services transmitted by campus networks. The services are
changing from data service and a small number of voice and video services to real-time services such as cloud
computing, mobile office, social media, and a great number of voice and video services.

Fast-Changing Services Bring Various Challenges to Live Networks.

1. Challenge Brought by Mobile Office: Static VS Dynamic

User-centric policy management is one of the core elements that ensures service security and experience. Currently,
many enterprises use a manual and static configuration mode to manage policies. After many enterprises are
globalized, employees often need to work remotely. Accordingly, security and Quality of Service (QoS) polices must
be migrated to locations where users work. The manual and static configuration mode results in a large amount of
workload and cannot quickly respond to user requirements. Consistent experience in mobile office is quite a tricky
problem. When employees work remotely, they often suffer multiple problems such as high delay in network access,
poor voice effect, and low work efficiency.

2. Challenge Brought by Network Security: Single-Node and Static Defense VS Multi-Node and
Dynamic Defense Against Unknown Threats

Considering security threats, enterprises usually deploy various security devices such as firewalls, Intrusion
Prevention System (IPS) devices, and Data Loss Prevention (DLP) devices. However, these devices cannot interact
with each other, and this kind of defense is single-node and static defense. Nowadays, enterprises are faced by
the following security problems:

• Fuzzy security edge: Bring Your Own Device (BYOD) increases terminal security and information security
threats, and enterprise globalization blurs the network edge.

46
Ad v e r tor i al
HUAWEI Agile Switch

• Diversified attack methods: According to statistics by Gartner, 75% of the security threats occur at the
application layer, and more than 50% of the security threats are caused by an organizational team.

• Increasing unknown threats: A growing number of unknown threats are used to elude traditional security
protection methods. In China, 17.98 million new viruses were caused in 2010 alone.

Network security threats are ubiquitous, and network attacks are complex and fast-changing. Therefore, today's
networks need collaborative security protection over the entire network.

3. Challenge Facing Network O&M Personnel: Unknown State and Non-Automatic Management VS
New Services and Massive Devices

Two great challenges for maintenance and operation (O&M) are as follows:

• Quick service quality detection and fault location

• Video and desktop cloud services are real-time services that require high network quality. For example, video
service requires that the packet loss ratio should be lower than 10-6, while voice service requires that the packet
loss ratio be less than 10-2. The current network cannot detect problems such as mosaic and unclear hearing
of which users are aware. This often leads to employees' complaints. What's worse, there are no quick and
effective methods for troubleshooting faults after these problems are revealed.

• Massive devices that need to be deployed and managed

Lots of access layer devices result in considerable manual and static configurations. In addition, wired and
wireless networks cannot be managed in a unified manner.

4. Challenge Brought by Multiple New Services: Rigid Network VS Versatile Network

The rapid development of new services leads to a growing number of protocols and standards. The number
of IETF RFCs increased from several hundred in the 80s to nearly 7,000 in 2009. Nowadays, if the lease mode
is used to deploy a new service, the service takes a couple of days to go online. However, it takes at least one
year to develop a new device and at least two years to develop a chip. As a result, traditional networks cannot
quickly adapt to the fast-changing services.

47
Advertor ia l
HUAWEI Agile Switch

SDN Architecture-based Next-Generation Agile Campus Network


Campus network urgently needs a brand new architecture to quickly adapt to service development. Thanks to its
agile switches and campus network controllers, Huawei becomes the first device vendor in the industry to use
the Software Defined Networking (SDN) architecture on campus networks. First, the campus network controller
functions as a smart brain, implementing collaborative control and policy management over the entire network.
Second, the agile switch function as an agile body of the network, implementing agile awareness and execution
of the policies. Finally, a large number of access devices such as switches and access points (APs) can go online
without configuration, greatly simplifying network configuration and management. By using a brand new network
architecture, Huawei has put forth five innovative solutions: ubiquitous service access, security collaboration,
service detection and management, in-depth wired and wireless network convergence, and fully programmable
network. Together these innovative solutions enable the network to provide professional services more agilely.

Innovation 1: Ubiquitous Service Access


Industry's First Service Experience-
Centric Network Solution Campus
network controller provides O&M
personnel with policy configurations
including user group attributes and QoS
that are oriented to service requirements.
Users can access the campus network at
any place. Campus network controllers
can detect users' access position and
automatically deliver policies to network
control points such as aggregation
switches and egress routers to perform and horizontal (east-to-west) access policy configurations and
security control and QoS scheduling, automatically deliver and execute the configurations after users
implementing ubiquitous policies. In the access the campus network, building a ubiquitous virtual network.
future, campus network controllers can
associate with data center controllers
Innovation 2: Security Collaboration, Implementing Distributed and
to migrate users' service resources, for
Dynamic Detection as well as Full-Scale and Proactive Defense
example, storage and desktop cloud
virtual machines (VMs), together with Based on policy control, campus network controllers integrate the
the access location of user terminals to security log management center. Relying on highly efficient big
the nearest data center, implementing data analysis and event association capabilities, the controllers can
ubiquitous resource and ubiquitous perform a collaborative analysis of security events on the entire
experience. network, accurately detect potential security threats, and associate
with user security policies, implementing blocking by principle of
Work groups are dynamically created
proximity. For example, when the security log management center
based on identity so that employees
detects Distributed Denial of Service (DDoS) attacks on a user, it
who are thousands of miles away
automatically delivers secure access policies at the access layer to
from the company can still work in
isolate the user or directly force the user to go offline.
the seemingly same office. To ensure
security protection, an enterprise assigns The controllers can also define untrusted traffic polices (for
isolation domains by department or example, visitor traffic) and automatically direct the untrusted
service. Each time's service isolation and traffic to the security center for cleaning, which prevents potential
network adjustment of a large campus threats and implements proactive defense.
involve adjustment of tens of thousands
of configuration polices. Maintenance
Innovation 3: Service Detection and Management, Industry's
of the isolation domains is difficult, and
First Technology That Enables the IP Network to Detect
errors are likely to occur. Huawei campus
Service Quality
network controllers can provide work
group-based vertical (south-to-north) Traditional network quality detection methods such as Network

48
Ad v e r tor i al
HUAWEI Agile Switch

Quality Analysis (NQA) and Y.1731 need to insert Innovation 5: Fully Programmable Network and
dedicated detection packets or result in packet
Smooth Evolution
disorder. The network quality detection precision
of these detection methods is lower than 50%. Switches that are based on Application-Specific
Additionally, these technologies have multiple Integrated Circuits (ASICs) cannot flexibly adapt
problems including a single monitoring object, limited to the requirements of new services. To avoid
application scenarios, and limited network types. frequent network device replacement and protect
Based on many years of technical research, Huawei customer investments, Huawei's agile switch-based
has put forth the Packet Conservation Algorithm next-generation campus network provides full
for Internet (iPCA), which is the first technology programmability and allows smooth evolution on live
that adds a proactive quality detection mechanism networks.
to traditional networks. iPCA implements real-time
quality detection and fault location, therefore solving POF Supports the Future Programmable Protocols:
the difficulty in ensuring IP network experience. iPCA Based on Huawei's unique Protocol Oblivious
identifies and dyes service traffic packets and detects Forwarding (POF) technology of programmable
the dyed packets at both ingress and egress. In this switches, online behaviors are completely controlled by
manner, iPCA can detect quality parameters including the control plane. Enterprises can self-define policies
packet loss ratio, latency, and jitter. This technology to identify new service packets. The existing physical
calculates service streams and implements real- networks do not need to be reconstructed to adapt
time network quality detection during transmission to new services. As a result, enterprise users' existing
of service data flows between users. Compared to investments in networks are well protected.
traditional network quality detection methods, iPCA
Chips Support a Programmable Forwarding Plane:
technology offers the following advantages:
The preceding wired and wireless network convergence
• Zero traffic cost solution and iPCA-based service quality detection
solution use a programmable forwarding plane of agile
• Applicable to any IP-based network type (unicast
switches. However, this is just a tip of the iceberg.
and multicast) and any network size.
To adapt to diversified future-oriented services, the
• High fault location precision (card-level precision) programmable forwarding plane will be used in more
scenarios, such as the flow table forwarding of Hybrid
Innovation 4: In-Depth Wired and Wireless OpenFlow.
Network Convergence
Architecture Supports Multi-Layer Openness:
Wireless Used as Wired Networks Through Not only the whole SDN architecture supports
its unique programmability, Huawei agile switch programmability of the control plane, but the controller
integrates functions, including Control and itself provides open application programming interfaces
Provisioning of Wireless Access Points (CAPWAP) (APIs) for the service system to synchronize user
tunnel termination, of traditional access controllers information and obtain network quality monitoring
(ACs), directly manages APs, and forwards traffic. In data as well.
addition, on the management interface, an AP can be
virtualized into a port to implement "Wired Network Summary
+ Wireless Network = One Switch", greatly lowering Huawei's SDN architecture-based next-generation agile
requirements on skills of the O&M personnel after campus network solves the problems of traditional
WLAN network deployment. campus networks, such as lack of user experience
guarantee, low deployment efficiency, and low-speed
Wired Used as Wireless Networks Based on
response to service requirements. Services passively
CAPWAP tunnels, Huawei agile switch uses the
adapt to the traditional campus networks, while the
method in which wireless APs are managed to
next-generation agile campus network proactively
manage access switches to implement "Access
adapts to various services. In this manner, a service-
Switch = AP, Aggregation Switch = AC." Similar to
friendly network is created. Furthermore, the SDN
AP deployment, access switches can be deployed
architecture can be used to address users' live network
without configuration, which reduces the workload
problems and cam seamlessly evolve into the future
of deploying massive access layer devices.
network architecture, thereby allowing the network to
provide professional services more agilely.

49
Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei
Technologies Co., Ltd.

Trademark Notice
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.
Other trademarks, product, service and company names mentioned are the property of their respective owners.

General Disclaimer
The information in this document may contain predictive statements including,
without limitation, statements regarding the future financial and operating results,
future product portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially from those
expressed or implied in the predictive statements. Therefore, such information is
provided for reference purpose only and constitutes neither an offer nor an
acceptance. Huawei may change the information at any time without notice.

You might also like