2. Huawei Confidential
2
Foreword
⚫ A data communication network consists of routers, switches, firewalls, wireless controllers, wireless
access points (APs), personal computers (PCs), network printers, and servers. The most basic function
of a data communication network is to implement data communication.
⚫ Nowadays, the data communication network has become the cornerstone of the intelligent world and
an important support for the digital transformation of enterprises.
⚫ Before grasping an in-depth understanding of products and solutions in the data communication
network field, you are expected to master common basic technologies and familiarize yourself with
basic protocols.
⚫ This course introduces basic knowledge about the data communication network, including basic
concepts of the data communication network, Internet Protocol (IP) routing, Ethernet switching,
network security, wide area network (WAN) technologies, network management and O&M, and
Quality of service (QoS).
3. Huawei Confidential
3
Objectives
⚫ Upon completion of this course, you will be able to:
Describe the concepts and functions of the data communication network.
Describe the common networking architecture of the data communication network.
Describe common devices of the data communication network as well as their basic
functions and application scenarios.
Describe the TCP/IP reference model and use this model to analyze the data
encapsulation and decapsulation processes.
Describe basic concepts related to IP routing, Ethernet switching, network security, WAN
technologies, network management and O&M, and QoS.
4. Huawei Confidential
4
Contents
1. Basic Concepts of the Data Communication Network
2. IP Routing Basics
3. Ethernet Switching Basics
4. Network Security Overview
5. WAN Technologies
6. Network Management and O&M
7. QoS
5. Huawei Confidential
5
End-to-End Data Communication Industry
CloudCampus
CloudWAN
General-purpose
computing
Storage
High-performance
computing
Hyper-converged
data
center
network
(DCN)
Network security
End-to-end data communication industry
• The data communication network comprises a variety of data communication devices.
• The data communication network is the cornerstone for the digital world.
6. Huawei Confidential
6
Concepts of the Data Communication Network
⚫ A data communication network consists of routers, switches, firewalls, wireless controllers, wireless APs, PCs, network printers, and
servers. The most basic function of a data communication network is to implement data communication.
Hotel
AP
Firewall
Switch
Central
AP
RU
Wireless access
controller
(WAC)
Enterprise
Firewall
Switch
AP
Firewall
Switch
Switch Switch
Home network
Campus
network
AR
Micro-sized store
AP
Firewall AR
WAN
Internet WAN
or
Firewall
Switch
Higher
education
institution
AP AP
Switch Switch
Local
DC
DCN Spine
Leaf
Internet
access
zone
Intrusion
prevention
system (IPS)
Firewall
NE router
Production
environment zone
Server
Storage
network
Demilitarized
zone (DMZ)
7. Huawei Confidential
7
Simplest Data Communication Scenario
Ethernet twisted pair
PC1 PC2
Application layer
Transport layer
Network layer
Data link layer
Physical layer
Application layer
Transport layer
Network layer
Data link layer
Physical layer
IP address
Media access control
(MAC) address
IP address
MAC address
Layer 4 envelope
Transport layer
Layer 3 envelope
Network layer
Layer 2 envelope
Data link layer
Payload
8. Huawei Confidential
8
Common Network Devices: Campus Switches
• Is used to construct local area networks (LANs).
• Connects terminals (such as PCs and servers) to networks.
• Enables exchanges of Ethernet data frames.
Switch
A campus switch:
9. Huawei Confidential
9
Common Network Devices: CloudEngine S Series Campus Switches
CloudEngine S series campus switches (fixed) CloudEngine S series campus switches (modular)
CloudEngine S5731-H48T4XC
Viewing product information
CloudEngine S12700E-8
Viewing product information
Main
control
board
Service
board
Switch
fabric unit
(SFU)
Power module
Centralized monitoring unit (CMU)
10. Huawei Confidential
10
Common Network Devices: Routers
• Is used to connect to different broadcast domains and
IP network segments.
• Maintains routing tables and runs routing protocols to
discover data forwarding paths (routing information).
• Forwards IP packets according to its routing table.
• Connects to a WAN, with functions such as network
address translation and access control.
Router
Internet
A router:
11. Huawei Confidential
11
Common Network Devices: NetEngine Series Routers
NetEngine access router (AR) NetEngine metro router
NetEngine AR6121
Viewing product information
NetEngine 8000
Viewing product information
12. Huawei Confidential
12
Common Network Devices: DC Switches
Test environment zone
Production environment zone
Spine
Leaf
Spine
Leaf
Core
Campus access
zone
WAN access
zone
Internet access
zone
Server Server
• Is an Ethernet switch applied in DCs.
• Connects to a myriad of servers, firewalls,
intrusion prevention system (IPS) devices,
and load balancers to meet network
requirements of DCs in the cloud era.
• Is required to provide high performance,
high density, low latency, and large buffer.
• Provides high scalability and supports
large-scale networking through the spine-
leaf architecture
A DC switch:
13. Huawei Confidential
13
Common Network Devices: CloudEngine Series DC Switches
CloudEngine series DC switches
CloudEngine 12800 and 16800
Viewing product information
CloudEngine 6800
Viewing product information
14. Huawei Confidential
14
Common Network Devices: Firewalls
Firewall
Untrust zone
Trust zone
DMZ
• Isolates networks of different security levels.
• Implements traffic control (using security policies).
• Implements intrusion prevention, Uniform Resource
Locator (URL) filtering, data filtering, and application
behavior control.
• Implements user identity authentication.
• Implements Remote Authentication Dial In User
Service (RADIUS).
• Implements data encryption and virtual private
network (VPN) services.
• Implements Network Address Translation (NAT) and
other security functions.
Internet
A firewall:
15. Huawei Confidential
15
Common Network Devices: HiSec Engine USG Series
Firewalls
HiSec Engine unified security gateway (USG) series firewalls
HiSec Engine USG6600E
Viewing product information
16. Huawei Confidential
16
Common Network Devices: WAC and APs
Fat AP
Internet
• Networking characteristics: Fat APs work
independently and require separate
configurations. Fat APs provide only simple
functions and are cost-effective.
• Applicability: homes, micro-sized stores, etc.
WAC + Fit APs
• Networking characteristics: Fit APs are managed and configured by
the WAC in a unified manner, providing various functions. Fit APs have
high requirements on network maintenance personnel's skills.
• Applicability: medium- and large-sized enterprises
Fat AP
Fit AP
WAC
17. Huawei Confidential
17
Common Network Devices: WAC and AirEngine APs
WAC
AP
AirEngine 9700-M
Viewing product information
AirEngine 8760-X1-PRO
Viewing product information
18. Huawei Confidential
18
Network Topology
• Is presented as a structured layout using
transmission media (such as twisted pairs and
optical fibers) to interconnect various devices
(such as computers, routers, and switches).
• Is a very important network concept used to
describe the physical or logical structure of a
network in the network engineering field.
iStack/CSS link
Egress zone
Core layer
Aggregation layer
Access layer
Terminal layer
Internet WAN
Network management
and O&M zone
DC
A network topology:
19. Huawei Confidential
19
Management Modes for Common Network Devices
Console cable
Console port
Management mode 1: You can log in to a
device through the console port from a PC.
Typically, this method is used in scenarios
where a device is powered on for the first
time.
Management traffic
Management mode 2: You can
remotely manage a device through a
PC using Telnet and secure shell
protocol (SSH), or through a web.
Management traffic
Management mode 3: The network management system
(NMS) remotely manages and delivers configurations to a
device through Telnet, SSH, or Simple Network
Management Protocol (SNMP). On this basis, the
software-defined networking (SDN) controller manages
the device through Network Configuration Protocol
(NETCONF).
20. Huawei Confidential
20
iMaster NCE
Full-lifecycle automation
Device plug-and-play and self-service
Intelligent closed-loop management based
on big data and AI
Predictive maintenance, solving problems
before customer complaints
All-cloud platform with ultra-large capacity
Ultra-large capacity and elastic scalability
Open programmability-enabled and
scenario-based application ecosystem
Simplified IT application integration based
on Design Studio
Network
automation
Network
intelligence
Development & operations (DevOps)
iMaster NCE
Analysis
Management Control
IT/Operations
support system
(OSS)/Application
Multi-tenant Multi-service Multi-industry
Network
Cloud platform
21. Huawei Confidential
21
Reference Model in the Data Communication Network
Application layer
Transport layer
Network layer
Data link layer
Physical layer
Contains various types of applications that provide abundant system application interfaces for
users' application software.
Establishes, maintains, and cancels end-to-end data transmission, controls transmission speeds,
and adjusts the data sequences.
Implements end-to-end data transmission between any two nodes based on the network layer
addresses contained in the data.
A logical data link is established between adjacent nodes connected through a physical link to
implement direct data communication in point-to-point (P2P) or point-to-multipoint (P2MP)
mode on the link.
Converts logical 0s and 1s into physical signals (optical/electrical signals) that can be carried by
transmission media, sends and receives physical signals, and transmits physical signals on
transmission media.
1
2
3
4
5
22. Huawei Confidential
22
Reference Model and Common Protocols in the Data
Communication Network
Application layer
Transport layer
Network layer
Data link layer
Physical layer
Telnet, FTP, TFTP, SNMP, HTTP, Simple Mail Transfer Protocol
(SMTP), DHCP, etc.
Transmission Control Protocol (TCP), User Datagram Protocol
(UDP), etc.
Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), Internet Control
Message Protocol (ICMP), Internet Control Message Protocol version 6 (ICMPv6), Open
Shortest Path First (OSPF), intermediate system-to-intermediate system (IS-IS), Border
Gateway Protocol (BGP), etc.
Point-to-Point Protocol (PPP), Link Layer Discovery Protocol
(LLDP), Point-to-Point Tunneling Protocol (PPTP), etc.
EIA/TIA-232, etc.
1
2
3
4
5
23. Huawei Confidential
23
Application Layer
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
Application layer
Transport layer
Network layer
Data link layer
Physical layer
• The application layer provides interfaces for application software so that
applications can use network services.
• The application layer protocol designates transport layer protocols and ports.
• The protocol data unit (PDU) corresponding to the application layer is called
data, which is also the payload to be transmitted by a network system.
• HTTP (TCP port 80): Hypertext Transfer Protocol, providing web browsing
services
• Telnet (TCP port 23): a remote login protocol, providing remote device
management services
• FTP (TCP port 20 and TCP port 21): File Transfer Protocol, providing file
resource sharing services
• DHCP (UDP port 67 and UDP port 68): Dynamic Host Configuration Protocol,
providing dynamic address management services
• TFTP (UDP port 69): Trivial File Transfer Protocol, providing simple file transfer
services
• ...
24. Huawei Confidential
24
Transport Layer
Application layer
Transport layer
Network layer
Data link layer
Physical layer
• The transport layer receives data from the application layer,
encapsulates the data with the corresponding transport layer
protocol header, and helps establish an end-to-end connection.
• Typical transport layer protocols include TCP and UDP.
• The PDU corresponding to the transport layer is called segment.
Latest transport layer protocols: Multipath Transmission Control Protocol (MPTCP), data
center TCP (DCTCP), Data Center Quantized Congestion Notification (DCQCN), Quick UDP
Internet Connections (QUIC), etc.
TCP UDP
Connection-oriented Connectionless
Reliable transmission Best-effort transmission
Flow control and window mechanism None
Applications: HTTP, FTP, Telnet, etc. Applications: DNS, SNMP, etc.
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
25. Huawei Confidential
25
Transport Layer: Port Number
PC1 PC2
Network
IP address: 1.1.1.1
TCP port 1024 TCP port 1231
HTTP application Telnet
IP address: 2.2.2.2
TCP port 80 TCP port 23
HTTP application Telnet
• Generally, the source port is randomly allocated, while the destination port is specified by the corresponding
application.
• Generally, the source port used by the application client is an idle port whose number is greater than 1023.
• The number of the destination port is the same as that of the listening port of an application (or a service) enabled
on the server. For example, the default port number for HTTP is 80.
Web browser Web server
HTTP payload
Source IP address: 1.1.1.1
Destination IP address:
2.2.2.2
Source port number:
1024
Destination port
number: 80
IP header TCP header
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
26. Huawei Confidential
26
Network Layer
Application layer
Transport layer
Network layer
Data link layer
Physical layer
• The transport layer is responsible for connections between nodes, while
the network layer is for end-to-end data transmission from one node
to another and for data forwarding from the source to the destination.
• The PDU corresponding to the network layer is called packet.
• The network layer defines the packet format, provides logical addresses
for nodes, and is responsible for the addressing and routing of data
packets.
IPv4 IPv6
OSPFv2 IS-IS BGP OSPFv3 IPv6 IS-IS BGP4+
Key protocols
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
27. Huawei Confidential
27
Network Layer: IPv4 and IPv6 Network Addresses
PC1
1.1.1.1/24
PC2
2.2.2.2/24
IPv4
network
• An IPv4 address identifies a node (or a device interface) on
an IPv4 network.
• An IPv4 address is 32 bits long.
• An IPv4 address is usually represented in dotted decimal
notation.
• A subnet mask of an IPv4 address is 32 bits and can be
expressed in dotted decimal notation or be presented by a
mask length.
• In a subnet mask of an IPv4 address, bits with the value of 1
correspond to the network bits, while bits with the value of 0
the host bits. As such, the network and host bits in an IPv4
address can be identified.
PC1
FC00:1::1/64
PC2
FC00:2::1/64
IPv6
network
• The network addresses used on an IPv6 network are IPv6
addresses.
• An IPv6 address is 128 bits long.
• An IPv6 address is usually expressed in hexadecimal numbers
separated by colons (:).
• An IPv6 address is expressed in the format of IPv6
address/mask length, specifying the mask length of the
network part in the address.
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
28. Huawei Confidential
28
Network Layer: Packet Forwarding Based on Network
Addresses
R1
Network
Outbound
Interface
Network A GE1/0/0
… …
… …
Routing table of R1
PC1
Address 1
Payload
Network layer header
PC2
Address 2
• Source network address
• Destination network address
GE1/0/0
Network A
• The network layer header of the
packet sent by the source node
carries the network addresses of the
source and destination nodes of the
packet.
• Routing-capable devices (such as
routers) maintain routing tables.
• When receiving packets, these
devices read the destination
addresses carried in the packets at
the network layer and query the
addresses in their routing tables.
After finding matching entries, the
devices forward the packets
according to the entries.
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
29. Huawei Confidential
29
Data Link Layer
Application layer
Transport layer
Network layer
Data link layer
Physical layer
• The data link layer is responsible for data transmission between two
adjacent nodes on a physical link, and provides error notification and
flow control.
• The data link layer encapsulates packets from the network layer into
frames and converts the frames into bits for data transmission at the
physical layer.
• During the assembly of a data frame, the address is written into the
header of the data frame for addressing and forwarding.
• The network layer implements data transmission between any two
nodes on the global network. During this process, data may pass
through multiple links. One basic function of the data link layer is to
transmit data from one node to another adjacent node on these links.
• Common data link layer protocols include LLDP, PPP, and Spanning
Tree Protocol (STP).
• The PDU corresponding to the data link layer is called frame.
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
30. Huawei Confidential
30
Data Link Layer: Ethernet
• Ethernet is a well-known and widely used technology defined in IEEE 802.3.
• Currently, network interfaces of PCs comply with the Ethernet standard.
• An address defined in the data link layer is called a MAC address, which is
compulsory for all Ethernet NICs that comply with the IEEE 802 standards.
• A MAC address is 48 bits long and is usually expressed in hexadecimal
format. The following are two examples:
00-21-0A-B9-DC-79
0021-0AB9-DC79.
• A device that works at the data link layer, such as an Ethernet switch,
maintains a MAC address table that guides frame forwarding.
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
31. Huawei Confidential
31
Physical Layer
Application layer
Transport layer
Network layer
Data link layer
Physical layer
• After data arrives at the physical layer, the physical layer converts a
digital signal into an optical signal, an electrical signal, or an
electromagnetic wave signal based on the physical media.
• The PDU corresponding to the physical layer is called bit.
• The physical layer defines physical features and specifications such as
cables, pins, and ports.
• Common transmission media include Ethernet twisted pairs, optical
fibers, and electromagnetic waves.
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
32. Huawei Confidential
32
Encapsulation and Decapsulation During Data Transmission
Application
layer
Transport layer
Network layer
Data link layer
Physical layer
Data payload
101010111100…
PDU
Segment
Packet
Frame
Bit
Data payload
Transport layer
header
Upper-layer
data
IP header
Upper-layer
data
Frame header
Frame
trailer
Data payload
101010111100…
Data payload
Upper-layer data
Upper-layer data
Encapsulation Decapsulation
33. Huawei Confidential
33
Contents
1. Basic Concepts of the Data Communication Network
2. IP Routing Basics
3. Ethernet Switching Basics
4. Network Security Overview
5. WAN Technologies
6. Network Management and O&M
7. QoS
34. Huawei Confidential
34
Concepts of Routing
Destination/Mask Protocol Preference Cost Next Hop Interface
192.168.1.0/24 Direct 0 0 192.168.1.254 GE0/0/0
192.168.12.0/24 Direct 0 0 192.168.12.1 GE0/0/2
192.168.2.0/24 OSPF 10 3 192.168.12.2 GE0/0/2
Routing table of R1
R1
PC1
192.168.1.1/24
Data
IP header
PC2
192.168.2.1/24
GE0/0/0
Data submitted by an upper layer
(for example, the transport layer)
is put into an envelope.
Data encapsulation at the network layer
(Source/Destination IP address)
When a router (or a routing-capable device) receives an IP data packet, it searches its routing table for the destination IP
address of the packet and selects an optimal path to forward the packet. This process is called routing.
35. Huawei Confidential
35
How to Obtain Routing Information
A router forwards packets based on its routing table. To achieve this, the router needs to discover routes. Common
three types of routes are as follows:
GE0/0/0
10.1.1.0/24
20.1.1.0/24
GE0/0/1
GE0/0/1
30.1.1.0/24
40.1.1.0/24
GE0/0/2
Direct route
Route Type
Destination
/Mask
Outbound
Interface
Direct 10.1.1.0/24 GE0/0/0
Direct 20.1.1.0/24 GE0/0/1
Static route Dynamic route
Route
Type
Destination
/Mask
Outbound
Interface
Static 30.1.1.0/24 GE0/0/1
Dynamic routing
protocol: OSPF
Route Type
Destination
/Mask
Outbound
Interface
Dynamic 40.1.1.0/24 GE0/0/2
Direct routes are automatically generated
by devices and point to directly connected
local networks.
Static routes are manually configured by
network administrators.
Dynamic routes are learned by dynamic routing
protocols running on routers.
36. Huawei Confidential
36
Application Scenarios of Static Routes
GE0/0/1
20.1.1.2/24
GE0/0/0
10.0.0.2/24
GE0/0/1
20.1.1.3/24
GE0/0/0
10.0.0.1/24
Router A Router C
Router B
Destined for
20.1.1.0/24
Destination
Network
Type Next Hop
20.1.1.0 Static 10.0.0.2
10.0.0.0 Direct 10.0.0.1
• Static routes are manually configured by network
administrators. They are easy to configure, have low
system requirements, and apply to stable and small
networks with simple topologies.
• However, static routes cannot automatically adapt
to network topology changes, thus requiring manual
intervention.
• Router A forwards packets destined for 20.1.1.0/24.
As only direct routes are available in the routing
table of Router A, no matching route is found for
packet forwarding. In this case, a static route can be
manually configured so that Router A can forward
packets destined for 20.1.1.0/24 to the next hop
10.0.0.2.
37. Huawei Confidential
37
Overview of Dynamic Routes
• Dynamic routing protocols can automatically discover and
generate routes, and update routes when the topology
changes. These protocols effectively reduce the workload
of management personnel and are more suitable to large
networks.
Static route
• When the network scale continues to expand, it becomes
increasingly complex to manually configure static routes. In
addition, static routes cannot adapt to network topology
changes in a timely and flexible manner.
Dynamic routing protocol: OSPF
Static route Dynamic route
• Static routes need to
be manually configured
on devices.
• Static routes cannot
adapt to link changes.
• Dynamic routes can be
automatically
discovered and learned.
• Dynamic routes can
adapt to topology
changes.
38. Huawei Confidential
38
OSPF Application on a Campus Network
Internet
Office building 1 Office building 2 Office building 3
Server cluster
Firewall
Core switch
Aggregation
switch
Aggregation
switch
Aggregation
switch
OSPF is configured on the core switch and
aggregation switches to enable route
reachability on the campus network.
39. Huawei Confidential
39
Concepts of AS
AS 100
AS 200
• A large number of organizations use IGP routing protocols
such as OSPF and IS-IS on their internal networks. However,
as the network size increases, the number of routes on the
network also rises, thus leading to the failure of IGP to
manage large-scale networks. To solve this issue, the concept
of Autonomous System (AS) emerges.
• An AS consists of a set of devices that are managed by the
same organization and use the same route selection policy.
• Each of these ASs is uniquely identified using an Autonomous
System Number (ASN), which is distributed by the Internet
Assigned Numbers Authority (IANA).
• Which routing protocols should be used to transmit routes
for inter-AS communication?
?
...
...
OSPF
IS-IS
...
...
...
OSPF
...
40. Huawei Confidential
40
Route Transmission Through BGP
AS 100
OSPFv3 and RIPng AS 200
IS-IS and IPv6
BGP
BGP
• IGP enables a router discover routes to each segment of the local AS, implementing data
communication within the AS.
• On a large-scale network consisting of multiple ASs, an exterior gateway protocol (EGP) is
used to implement route exchange between ASs.
• The Internet is an ultra-large network consisting of multiple ASs. EGP is used on the backbone
nodes of the Internet to implement route exchange between ASs. BGP is the most well-known
and widely used EGP today.
41. Huawei Confidential
41
BGP Application on Enterprise Networks
Communication within an enterprise network Communication between enterprise and carrier networks
On a large enterprise network, BGP is used for route exchange between the
headquarter and branches. The two parties respectively belong to different
ASs and are deployed by corresponding network management teams.
BGP can be used for route exchange between an enterprise and a carrier
so that both the enterprise network and carrier network can obtain specif
ic routes from each other.
AS 100
AS 200 AS 800
BGP
HQ
Branch Branch
AS 200 AS 800
Carrier X
Enterprise
B
Enterprise
N
BGP
BGP
BGP
Enterprise A
AS 1000
AS 100
42. Huawei Confidential
42
Contents
1. Basic Concepts of the Data Communication Network
2. IP Routing Basics
3. Ethernet Switching Basics
4. Network Security Overview
5. WAN Technologies
6. Network Management and O&M
7. QoS
43. Huawei Confidential
43
Ethernet Layer 2 Switching
Core switch
Access switch 1 Access switch 2
Terminal 1
192.168.1.1/24
5469-98AB-0001
Terminal 2
192.168.1.2/24
5469-98AB-0002
Terminal 3
192.168.1.3/24
5469-98AB-0003
Terminal 4
192.168.1.4/24
5469-98AB-0004
Layer 2
communication
Payload
TCP/UDP header
IP
header
Ethernet
header
Ethernet
trailer
Layer 4
header
Layer 3
header
Layer 2
header
Destination
MAC address
Source MAC
address
• Layer 2 switching is a basic function of Ethernet switches.
• Layer 2 switching is a process in which a switch forwards a frame based on
the destination MAC address in the frame's Layer 2 header.
• Each switch maintains a MAC address table for frame forwarding.
• Upon receipt of a frame, a switch reads the frame's destination MAC
address, searches for this MAC address in the local MAC address table, and
then processes the frame accordingly. In addition, the switch learns the
source MAC address of the frame.
44. Huawei Confidential
44
Ethernet Layer 2 Switching and MAC Address Table
PC1 PC2
IP: 2001:DB8:1::1/64
MAC: 0050-5600-0001
IP: 2001:DB8:1::2/64
MAC: 0050-5600-0002
Source IP address 2001:DB8:1::1
Destination MAC address 0050-5600-0002
Destination IP address 2001:DB8:1::2
Source MAC address 0050-5600-0001
GE0/0/1 GE0/0/2
Source IP address 2001:DB8:1::1
Destination MAC address 0050-5600-0002
Destination IP address 2001:DB8:1::2
Source MAC address 0050-5600-0001
Upon receipt of a frame, a switch
reads the frame's destination MAC
address, searches for this MAC
address in the local MAC address
table, and then processes the
frame accordingly. In addition, the
switch learns the source MAC
address of the frame.
MAC addresses are used to implement data frame addressing and node
identification on the Ethernet.
45. Huawei Confidential
45
MAC Address Table
PC1
00e0-fc12-3458
Printer
00e0-fc12-3457
GE0/0/1 GE0/0/2
Switch
• A MAC address table records the mapping between the
MAC addresses learned by a switch and the interfaces, and
the VLANs to which the interfaces belong.
• The display mac-address command can be run on the
switch to check its MAC address table.
MAC Address Interface VLAN
00e0-fc12-3458 GE0/0/1 100
00e0-fc12-3457 GE0/0/2 200
46. Huawei Confidential
46
Why Do We Need VLAN?
Switch
...
PC1
GE0/0/1
PC24
GE0/0/24
PC2
GE0/0/2
PC23
GE0/0/23
PC3
GE0/0/3
Broadcast, unknown unicast, and multicast (BUM) frames
• By default, all interfaces of a switch belong to the same broadcast domain.
• When there are a large number of switches on a network, the broadcast domain becomes
large and the network may be flooded with a myriad of broadcast packets.
• Network units cannot be flexibly planned based on service requirements.
47. Huawei Confidential
47
VLAN
Virtual Local Area Network (VLAN) technology allows a physical LAN to be divided into multiple logical LANs
(multiple VLANs). Each VLAN functions as a separate broadcast domain, with hosts in the same VLAN able to directly
communicate with one another, while those in different VLANs cannot. As a result, broadcast packets are confined
within a single VLAN.
Switch
...
PC1
GE0/0/1
PC24
GE0/0/24
PC2
GE0/0/2
PC23
GE0/0/23
PC3
GE0/0/3
VLAN10: VLAN for the marketing
department
VLAN20: VLAN for the R&D
department
48. Huawei Confidential
48
VLAN Communication Across Switches
Tagged frame
(802.1Q tag)
PC4
VLAN10: VLAN
for the
technology
department
PC5
Switch1
GE0/0/4
GE0/0/1 GE0/0/2 GE0/0/3
VLAN10: VLAN for the
technology
department
VLAN20:
VLAN for the
accounting
department
PC1 PC2 PC3
Switch2
GE0/0/4
GE0/0/1 GE0/0/2 GE0/0/3
• To enable a switch to distinguish data frames from different VLANs, you need to add a field that identifies the
VLANs to which the data frames belong.
• As defined by IEEE 802.1Q, a 4-byte VLAN tag is inserted between the Source/Destination MAC address field and
Length/Type field in an Ethernet frame to identify the VLAN to which the frame belongs.
20
Untagged
frame
20
VLAN20:
VLAN for the
accounting
department
49. Huawei Confidential
49
Types of Layer 2 Ethernet Interfaces
Layer 2 Ethernet interfaces on a switch are classified into the
following types:
• Access: often connects to a terminal such as a user PC or
server. In most cases, access interfaces connecting to the
NICs of such terminals can only receive and send
untagged frames, and an access interface can join only
one VLAN.
• Trunk: allows data frames from multiple VLANs to pass
through. These data frames are differentiated by 802.1Q
tags. A trunk interface is used for connecting switches
and can connect to a sub-interface on a device (such as a
router or firewall).
• Hybrid: allows data frames from multiple VLANs to pass
through. These data frames are differentiated by 802.1Q
tags. The data frames sent from a hybrid interface can be
manually configured to carry tags for some VLANs and
not to carry tags for other VLANs.
Access Trunk
Core switch
Access switch 1 Access switch 2
VLAN 10 (office)
VLAN 20
(monitoring)
Terminal 1
2001:DB8:1::1/64
Terminal 2
2001:DB8:1::2/64
Terminal 3
2001:DB8:1::3/64
Terminal 4
2001:DB8:2::1/64
50. Huawei Confidential
50
Technical Background: Redundancy and Loops on a Layer 2
Switching Network
The introduction of redundancy brings Layer 2 loops.
Without redundancy design
The access switch has only one uplink.
If this link fails, downstream PCs will
be disconnected.
Access switch
Aggregation
switch
There is only one aggregation switch. If
this switch fails, downstream devices
will be disconnected.
Aggregation
switch
Aggregation
switch
Access switch
Layer 2
loop
Layer 2 loops occur at the
expense of enhanced
network redundancy.
51. Huawei Confidential
51
Technical Background: Layer 2 Loops Caused by Human Errors
Case 2
Case 1
Layer
2 loop
Layer
2 loop
Some Layer 2 loops may be attributed to human negligence,
for example, incorrect cable connections between devices.
Some Layer 2 loops may be attributed to incorrect
configurations. In this example, the network administrator does
not bundle the links between Switch1 and Switch2 to a logical
link (aggregated link), causing Layer 2 loops.
Switch1
Switch2
52. Huawei Confidential
52
Problems Caused by Layer 2 Loops
BUM frame
1
2 2
3
3
4
4
Typical problem 2: MAC address flapping
Typical problem 1: broadcast storm
Upon receiving BUM frames, Switch3 floods the frames. The
flooding happens once again after Switch1 and Switch2 receive
the frames, leading to network resource exhaustion and
breakdown.
Switch1 Switch2
Switch3
BUM frame
Source MAC address: 5489-
98EE-788A
1
Switch1 Switch2
Switch3
GE0/0/2
MAC address flapping occurs. For example, Switch1 sees the
MAC address 5489-98EE-788A rapidly changing its location
between GE0/0/1 and GE0/0/2.
53. Huawei Confidential
53
Spanning Tree Protocol
On a network with a spanning tree protocol, switches exchange BPDUs to calculate a loop-
free network topology. Finally, one or more interfaces on the network are blocked to eliminate loops.
With a spanning
tree protocol
With a spanning
tree protocol
With a spanning
tree protocol
BPDU packet
Switch1
(root)
Switch1 Switch2
Switch3
Switch2
Switch3
An interface is
blocked.
54. Huawei Confidential
54
Spanning Tree Protocol: Dynamically Responding to Network
Topology Changes and Adjusting Blocked Interfaces
A spanning tree protocol running on a switch continuously monitors the network topology. Upon detecting network
topology changes, the spanning tree protocol can automatically make adjustment.
Therefore, a spanning tree protocol can be used to eliminate Layer 2 loops and also provide a network redundancy
solution.
An interface
is blocked.
A link is faulty.
Switch1 Switch2
Switch3
Switch1 Switch2
Switch3
The interface
is restored.
1
2
3
55. Huawei Confidential
55
Technical Background: Inter-VLAN Communication
PC1
VLAN 10
PC2
VLAN 10
Layer 2
communication
When PC1 and PC2 belong to the same
VLAN (using the same IP subnet), they
are in the same broadcast domain and
can directly communicate with each
other. This is also known as Layer 2
communication.
PC1
VLAN 10
PC2
VLAN 20
Layer 2
communication
When PC1 and PC2 belong to
different VLANs, they are in different
broadcast domains and cannot
communicate with each other.
PC1
VLAN 10
PC2
VLAN 20
To allow devices in different VLANs
to communicate with each other, a
routing-capable device is used to
implement Layer 3 communication.
Router
Layer 2 switch Layer 2 switch Layer 2 switch
56. Huawei Confidential
56
Inter-VLAN Communication Using Ethernet Sub-Interfaces
PC1
VLAN 10
192.168.1.1/24
Default gateway:
192.168.1.254
Router
PC2
VLAN 20
192.168.2.1/24
Default gateway:
192.168.2.254
GE0/0/1.1
192.168.1.254
GE0/0/1.2
192.168.2.254
GE0/0/24
Trunk (VLANs 10 and 20)
GE0/0/1
Access (VLAN 10)
GE0/0/2
Access (VLAN 20)
• A router connects to a switch through a physical interface
(GE0/0/1), which allows for the creation of two sub-
interfaces GE0/0/1.1 and GE0/0/1.2 as the default gateways
of VLANs 10 and 20, respectively.
• The sub-interfaces created on a router are used to
implement inter-VLAN communication.
Sub-interfaces are logical interfaces created based on an
Ethernet interface and are identified by the physical
interface ID and sub-interface ID.
Based on service requirements, a network administrator
can create multiple sub-interfaces on a physical interface
and configure IP addresses and VLAN IDs for these sub-
interfaces.
57. Huawei Confidential
57
Layer 3 Switch and VLANIF Interface
• A Layer 2 switch provides only the Layer 2
switching function.
• Apart from providing the Layer 2 switching
function, a Layer 3 switch can implement
routing and forwarding through Layer 3
interfaces (such as VLANIF interfaces).
• A VLANIF interface is a Layer 3 logical
interface that can remove and add VLAN
tags in packets. This allows devices in
different VLANs to communicate with each
other.
• A VLANIF interface number corresponds a
VLAN ID. For example, VLAN 10 corresponds
to VLANIF 10.
Routing module
Switching module
Layer 3 switch
VLANIF 20
192.168.2.254/24
VLANIF 10
192.168.1.254/24
PC1
192.168.1.1/24
Gateway: 192.168.1.254
PC2
192.168.1.2/24
Gateway: 192.168.1.254
PC3
192.168.2.1/24
Gateway: 192.168.2.254
GE0/0/1
(Access, PVID = 10)
GE0/0/2
(Access, PVID = 10)
GE0/0/3
(Access, PVID = 20)
58. Huawei Confidential
58
Core switch
Access switch 1 Access switch 2
Terminal 1 Terminal 2 Terminal 3 Terminal 4
Internet
• High reliability and high link bandwidth are two
important objectives to achieve on a commercial
network.
• As shown in the figure, if links 1 to 5 are all key
links on the network. How can we ensure the
reliability of these links and improve their
bandwidth?
1 2
3 4
5
How to Improve the Bandwidth and Reliability of Ethernet Links
59. Huawei Confidential
59
Core switch
Access switch1 Access switch2
Terminal 1 Terminal 2 Terminal 3 Terminal 4
Internet
• Link aggregation is a method of bundling several
physical links into a logical link to increase
bandwidth and reliability.
• These aggregated links are also known as Eth-
Trunks.
Firewall1 Firewall2
GE0/0/1
GE0/0/2
GE0/0/1
GE0/0/2
Eth-Trunk1 Eth-Trunk1
Increased
bandwidth
Higher
reliability
Load balancing
Ethernet Link Aggregation
60. Huawei Confidential
60
Working Modes of Ethernet Link Aggregation
Switch1 Higher LACP
system priority
Switch2 Lower LACP
system priority
Active interface selected by
Switch1
Active interface elected by
Switch2
Switch2
Switch1
Manual mode LACP mode
• In this mode, an Eth-Trunk interface is manually created and
member interfaces are manually added to the Eth-Trunk interface,
without the use of Link Aggregation Control Protocol (LACP).
• This mode is applicable when high link bandwidth is required
between two directly connected devices that do not support LACP.
• Faults, such as link layer faults and incorrect link connections,
cannot be detected.
• In this mode, LACP is used in link aggregation.
• LACP provides a standard negotiation mechanism for devices to
automatically aggregate multiple links.
• After an aggregated link is formed, LACP maintains the link status
and adjusts or disables link aggregation when the link aggregation
condition changes.
61. Huawei Confidential
61
iStack and CSS
Stack cable Stack
• Intelligent stack (iStack) is a technology that connects multiple stacking-capable switches through stack
cables to form a logical switch for data forwarding.
• A cluster switch system (CSS) combines two clustering-capable switches into a single logical switch.
• Generally, the CSS function is used to set up a stack of modular switches, while the iStack function a stack of
fixed switches.
iStack CSS
Link aggregation
CSS link
Link
aggregation
Equivalent to
Equivalent to
62. Huawei Confidential
62
Link Aggregation Application (1/2)
Interface expansion
iStack
• If the port density of an existing switch cannot meet the access
requirements of users, you can deploy new switches and add all
the switches to a stack to increase the number of interfaces.
Bandwidth expansion and redundancy backup
Aggregation
layer
Access
layer
iStack
• To achieve higher uplink bandwidth, you can deploy new switches
and add all the switches to a stack, and bundle physical links of the
member switches into a LAG. This also implements device backup
and inter-device redundancy backup, thus improving reliability.
iStack link
iStack link Eth-Trunk
Access
layer
63. Huawei Confidential
63
Link Aggregation Application (2/2)
• Two switches on the network set up a CSS to form a single logical switch. The simplified networking does not
require protocols such as Multiple Spanning Tree Protocol (MSTP) and Virtual Router Redundancy Protocol (VRRP),
simplifying network configuration. Additionally, the use of inter-device link aggregation achieves fast convergence
and improves reliability.
MSTP + VRRP
CSS
Aggregation
layer
Access layer
CSS link Eth-Trunk
64. Huawei Confidential
64
Typical Architecture
iStack
CSS
iStack
iStack
iStack/CSS link
Eth-Trunk
Aggregation layer
Core layer
• Access devices that are geographically close to each other (for
example, access switches in the same building) are virtualized
into one logical device using iStack. This ensures sufficient ports
and simplifies device management.
• Access devices connect to aggregation devices through Eth-
Trunks. The logical network structure is simple, without the use
of STP or VRRP. As such, the network has advantages in high
reliability, high uplink bandwidth, and fast convergence.
• iStack is configured on aggregation switches, and Eth-Trunks
are configured between upstream/downstream switches to
form a reliable and loop-free network.
• The CSS cluster networking is used at the core layer, and Eth-
Trunks are configured between upstream/downstream switches
to form a reliable and loop-free network.
Access layer
Network
65. Huawei Confidential
65
Contents
1. Basic Concepts of the Data Communication Network
2. IP Routing Basics
3. Ethernet Switching Basics
4. Network Security Overview
5. WAN Technologies
6. Network Management and O&M
7. QoS
66. Huawei Confidential
66
Firewall: Security Zone
DMZ
GE1/0/5
Server
172.16.1.1/24
Firewall
PC1
192.168.1.1/24
GE1/0/1
Untrust zone
Trust zone
GE1/0/0
Internet
• A security zone, also known as a zone, is a concept of the firewall.
Most security policies are implemented based on security zones.
• A security zone is a collection of networks connected through one or
more interfaces. Users on the networks in a security zone have the
same security attributes.
• Firewall interfaces must be added to security zones. Otherwise, the
firewall cannot work properly.
• Each security zone defines its security level, which is also called
priority. The priority value ranges from 1 to 100. A larger value
indicates a higher security level.
• By default, four security zones are preset on the firewall: Trust,
Untrust, DMZ, and local zones.
• Users can define new security zones as required.
67. Huawei Confidential
67
Firewall: Security Policy
• The security policy controls traffic forwarding and performs integrated content security detection on traffic.
• The firewall can identify traffic attributes and match the attributes with security policy conditions. If all conditions are matched, the
traffic matches the security policy and the firewall performs the action defined in the security policy.
• Integrated content security detection indicates that the firewall uses the Intelligent Awareness Engine (IAE) to detect and process
traffic contents at one time, implementing content security functions including antivirus, intrusion defense, and URL filtering.
Trust
Internet
Untrust
Security policy
Traffic forwarding control
Content security monitoring
68. Huawei Confidential
68
NAT
⚫ Network address translation (NAT) is a method of parsing an IP packet header and replacing the
source or destination IP address in the packet header automatically, allowing users on private
networks to access public networks through private IP addresses. Users are unaware of the
translation from a private IP address into a public one.
Data
TCP/UDP header
IP header
Source IP
address
Destination
IP address
Source port
number
Destination
port number
Layer 4 header
Layer 3 header
Common types of NAT are as follows:
• Source IP address-based NAT
No-port address translation (No-PAT)
Network address and port translation (NAPT)
• Destination IP address-based NAT
NAT server
Destination NAT
69. Huawei Confidential
69
IPsec VPN
• Enterprise branches can interconnect with each other in various modes, for example, through WAN private lines or
Internet lines.
• Considering costs and requirements, some enterprises choose to use the Internet lines for interconnection, while
security risks may occur. Internet Protocol Security (IPsec) encrypts data packets to ensure secure interconnection
for enterprises.
Internet
VPN
70. Huawei Confidential
70
Contents
1. Basic Concepts of the Data Communication Network
2. IP Routing Basics
3. Ethernet Switching Basics
4. Network Security Overview
5. WAN Technologies
6. Network Management and O&M
7. QoS
71. Huawei Confidential
71
WAN
A WAN, short for wide area network, is a network that connects LANs in different areas. A WAN generally covers tens
of kilometers to thousands of kilometers. It can connect multiple regions, cities, and countries, or provide long-distance
communication across several continents, forming an international remote network.
DC
Enterprise
branch
Enterprise
HQ
Residential area
LAN
WAN LAN
Internet
service
provider (ISP)
72. Huawei Confidential
72
WAN Device Roles
⚫ There are three basic roles of WAN devices: customer edge (CE), provider edge (PE), and provider (P).
CE: edge devices within a customer network that connect to one or more PEs at a service provider's site.
PE: edge devices within a service provider network that connect to CEs. PEs are important network nodes that
can connect to both CEs and Ps.
P: devices within a service provider network that do not directly connect to CEs.
CE
CE
PE
PE
PE
PE
Enterprise A
Enterprise B
P
CE
CE
Enterprise C
Enterprise D
Service provider
73. Huawei Confidential
73
Traditional IP Routing and Forwarding
Traditional IP routing and forwarding uses the hop-by-hop forwarding mode, in which a packet is decapsulated by all
routers that receive the packet. Each router needs to obtain the network layer information about the packet and
selects routing entries for packet forwarding based on the longest match rule. The repeated processes of packet
decapsulation, routing entry selection, and packet re-encapsulation result in low forwarding performance.
Destination/Mask Protocol Preference Cost Next Hop Interface
192.168.1.0/24 Direct 0 0 192.168.1.254 GE0/0/0
192.168.12.0/24 Direct 0 0 192.168.12.1 GE0/0/2
192.168.2.0/24 OSPF 10 3 192.168.12.2 GE0/0/2
R1 R2 R5 R6
R3
R4
PC1:192.168.1.1/24 PC2:192.168.2.1/24
IGP
G0/0/2
Routing table of R1
Characteristics of traditional IP routing and forwarding:
▫ All routers need to know the network-wide routes.
▫ Traditional IP routing and forwarding is connectionless and
cannot guarantee end-to-end QoS.
IP
address
Data
IP
address
Data
IP
address
Data
IP
address
Data
IP
address
Data
74. Huawei Confidential
74
MPLS Label-Based Forwarding
⚫ Multiprotocol Label Switching (MPLS) is a
technology applied on IP backbone networks.
⚫ MPLS is a tunneling technology that provides
connection-oriented switching for the network
layer based on IP routing and control protocols,
guaranteeing QoS.
⚫ Local MPLS labels, instead of IP routes, are
searched for to forward packets, greatly improving
forwarding efficiency.
⚫ Labels used in MPLS label-based forwarding can
be manually configured or dynamically allocated
using a label distribution protocol.
IGP
R1 R2
PE
node
R5
PE node
R6
R3
P node
R4
P node
PC1:192.168.1.1/24 PC2:192.168.2.1/24
MPLS domain
IP
address
Data
MPLS Label 1
IP address
Data
MPLS Label 2
IP address
Data
IP
address
Data
IP
address
Data
75. Huawei Confidential
75
MPLS VPN Overview
MPLS VPN backbone:
a backbone network
built by the service
provider
PE1 P PE2
CE
CE
Site 1 of customer A Site 2 of customer A
Site 1 of customer B Site 2 of customer B
CE
CE
• Customer A and customer B have two sites respectively. Both customers purchase MPLS VPN services from the same service
provider.
• For example, customer A wants to exchange routes between site 1 and site 2 through the MPLS VPN network so that data between
the two sites can be transmitted through the MPLS VPN network. From the perspective of customer A, the logical network is as
follows:
CE
Site 1 of customer A Site 2 of customer A
CE
MPLS VPN network
P
Route to site 1 Route to site 1
Data sent to site 1
Data sent to site 1
76. Huawei Confidential
76
Contents
1. Basic Concepts of the Data Communication Network
2. IP Routing Basics
3. Ethernet Switching Basics
4. Network Security Overview
5. WAN Technologies
6. Network Management and O&M
7. QoS
77. Huawei Confidential
77
Network Management
Network management plays an important role on a communications network. It ensures that devices
work properly and the communications network runs properly to provide efficient, reliable, and secure
communications services.
Common enterprise network architecture
Network
administrator
The network administrator manages
and maintains the network for
stable network operations.
78. Huawei Confidential
78
Network Management Modes
Network administrator Network management station
Web-based
network
management
CLI-based
network
management
SNMP-based
centralized
network
management
Traditional network management
Enterprise resource
planning (ERP)
Network
automation
Network
intelligence
`
Cloud platform
Northbound API
Commercial
application
iMaster NCE
DC Campus WAN Branch
Video
meeting
Advertisement
operations
Office OS
Analysis
Management Control
iMaster NCE-based network management
…
79. Huawei Confidential
79
Web-Based and CLI-Based Network Management
⚫ CLI-based and web-based network management modes are generally used for managing small-scale networks.
Network administrators can log in to devices through HTTPS, Telnet, or the console port for device management.
The two modes are cost-effective, as programs or servers do not need to be installed on networks.
Network administrators must have a good command of network knowledge and vendor-specific network configuration
commands.
These modes have great limitations for large-scale networks with a complicated topology.
Network administrator
One-to-one management
Vendor A
Switch
Vendor A
Firewall
Vendor A
AC
Vendor A
Router
Vendor B
Router
Vendor C
Switch
Vendor D
Switch
80. Huawei Confidential
80
SNMP-Based Centralized Management
⚫ SNMP is a standard network management protocol widely used on TCP/IP networks. It provides a
method for managing NEs through using a central computer (that is, a network management station)
that runs network management software.
NMS Network
administrator
SNMP
packet exchange
One-to-many
management
• Network administrators can use the NMS to
query and modify information, and
troubleshoot faults on any node on
networks, improving work efficiency.
• Network devices of different types and from
different vendors are managed in a unified
manner.
81. Huawei Confidential
81
Typical SNMP Architecture
• On a network where SNMP is used for network management,
an NMS functions as a network management center and runs a
management process. Each managed device needs to run an
agent process. The management process and agent processes
transmit SNMP messages for communication.
• An NMS is a system that uses SNMP to manage and monitor
network devices and runs on a server.
• Managed devices are devices that are managed by the NMS on
the network.
• Agent processes run on managed devices to maintain the
information data of the managed devices, respond to requests
from the NMS, and report the management data to the NMS.
Network
management process
NMS
Client
Monitor
A GUI is provided.
SNMP packet
Agent
process
Managed device
Agent
process
Managed device
IP network
Agent
process
Managed device
82. Huawei Confidential
82
SNMP Management Model
• Query/Modify operation:
▫ The NMS sends an SNMP request packet to an agent process.
▫ The agent process searches the MIB on the device for desired
information and sends an SNMP response packet to the NMS.
• Trap operation:
▫ If the trap triggering conditions defined for a module on the
managed device are met, the agent process sends a message to
notify the NMS that a trap has occurred on the device. This
helps network administrators promptly process network faults.
Network
management process
NMS
Agent process
Managed device
Management
information base (MIB)
Managed object
SNMP packet
exchange
83. Huawei Confidential
83
Huawei iMaster NCE
Huawei iMaster NCE is an intelligent network automation platform that integrates management, control, analysis, and
AI functions.
• iMaster NCE manages and controls:
▫ Traditional devices through traditional technologies such as CLI and
SNMP.
▫ SDN-capable networks through NETCONF (based on the YANG model).
• iMaster NCE collects network data through protocols such as
SNMP and telemetry, performs intelligent big data analysis based
on AI algorithms, and displays device and network status in
multiple dimensions through dashboards and reports, helping
O&M personnel quickly detect and handle device and network
exceptions and ensuring normal running of devices and networks.
Telemetry
Traditional
device
SDN-capable network device
NETCONF/YANG
CLI/SNMP
Unified cloud platform
Management Control Analysis
iMaster NCE
Open API
Intent engine
Cloud platform & applications
84. Huawei Confidential
84
NETCONF Overview
NETCONF provides a network device management mechanism. You can use NETCONF to add, modify, or delete
configurations of network devices, and obtain configurations and status of network devices.
NETCONF server
Device
Device 1 Device 2 Device 3
Network
NETCONF client
NETCONF
message exchange
NETCONF has three objects:
▫ NETCONF client
▫ NETCONF server
▫ NETCONF message
NETCONF requires
that messages
exchanged between a
client and server be
encoded using XML.
85. Huawei Confidential
85
Advantages of NETCONF
Description NETCONF SNMP CLI
API type
Machine-machine interface: As the interface definition is
complete and standard, the interface is easy to control and
use.
Machine-
machine
interface
Man-machine
interface
Operation
efficiency
High: Data is modeled based on objects. Only one-time
interaction is required for operations on an object.
Operations such as filtering, batch processing, and packet
splitting are supported.
Medium Low
Scalability Proprietary protocol capabilities can be extended. Weak Minor
Transaction
processing
Supported: transaction processing mechanisms such as trial
running, rollback upon errors, and configuration rollback
are supported.
Not supported
Partially
supported
Secure
transmission
Multiple security protocols: SSH, TLS, Blocks Extensible
Exchange Protocol (BEEP)/TLS, and Simple Object Access
Protocol (SOAP)/HTTP/TLS
Only SNMPv3
supports secure
transmission.
SSH is
supported.
86. Huawei Confidential
86
Typical NETCONF Interaction
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-
id= "101">
<edit-config>
<target>
<running/>
</target>
<config>
Configuration content in XML format
</config>
</edit-config>
</rpc>
This operation is to
modify configurations.
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
RPC
SSH connection
RPC reply
The modification succeeds.
87. Huawei Confidential
87
YANG Language Overview
⚫ YANG is a data modeling language that standardizes NETCONF data content.
⚫ A YANG model defines a data hierarchy and can be used for NETCONF-based operations. Objects of data modeling
include configuration data, state data, RPCs, and notifications. This is a complete description of all data transmitted
between a NETCONF client and server.
A data model is an abstraction and expression of data features.
A model is an abstraction and expression of things.
Name, gender,
height, weight, age,
etc.
Person Router
Interface, routing
protocol, IP address,
and routing table,
etc.
88. Huawei Confidential
88
Telemetry Overview
⚫ Telemetry, also called network telemetry, is a technology that remotely collects data from physical or virtual devices at a high speed.
⚫ Devices periodically send information including interface traffic statistics, CPU usage, and memory usage to collectors in push mode.
Compared with the traditional pull mode (question-answer interaction), the push mode provides faster and real-time data collection.
T < 1s
T > 5 min
"Subscription
and push"
Pull
Telemetry supports data
collection within
subseconds.
SNMP Telemetry
89. Huawei Confidential
89
Contents
1. Basic Concepts of the Data Communication Network
2. IP Routing Basics
3. Ethernet Switching Basics
4. Network Security Overview
5. WAN Technologies
6. Network Management and O&M
7. QoS
90. Huawei Confidential
90
Bandwidth/Throughput
• Bandwidth, also called throughput, refers to the maximum number of data bits transmitted between two ends
within a specified period (1 second) or the average rate at which specific data flows are transmitted between two
network nodes.
• Bandwidth is expressed in bit/s.
• In concept, bandwidth can be compared to the volume of water that can flow through a pipe in a water supply
system.
IP network
91. Huawei Confidential
91
Delay
• A delay refers to the period of time during which a packet is transmitted from a source to its destination.
• Use voice transmission as an example. A delay refers to the period from when words are spoken to when
they are heard. If a long delay occurs, voices become unclear, discontinuous, or interrupted.
• Most users are insensitive to a delay of less than 100 ms. If a delay ranging from 100 ms to 300 ms occurs,
the speaker can sense slight pauses in the responder's reply, which can seem annoying to both. If a delay
greater than 300 ms occurs, both the speaker and responder obviously sense the delay.
IP network
92. Huawei Confidential
92
Delay Variation: Jitter
• Jitter refers to the difference in delays of packets in the same flow.
• Jitters occur if the period between a device sending a packet and another device receiving the packet differs from
one packet to another in a flow, negatively affecting service qualities.
• Real-time services, such as voice and video services, are highly sensitive to jitters. Voice or video services are
interrupted if packets of these services are sent and received with timing variations.
• Jitters also affect protocol packet transmission. Some protocols send interactive packets at a fixed interval. If the
jitter is too large, protocol flapping occurs. All transmission systems cause a jitter, but the service quality will not be
affected if the jitter does not exceed a specific tolerance. The buffer can overcome the excessive jitter, which,
however, increases the delay.
IP network
93. Huawei Confidential
93
Packet Loss Rate
IP network
• Slight packet loss does not affect services. For example, the speaker and the responder are unaware of the loss of a
bit or a packet in voice transmission.
• The loss of a bit or a group of packet in video transmission may cause the image on the screen to become garbled
instantly, but the image can be restored quickly. TCP can be used to transmit data to handle slight packet loss as
TCP allows the lost packets to be retransmitted.
• The packet loss rate refers to the percentage of the number of packets lost during data transmission.
94. Huawei Confidential
94
QoS Specifications of Common Services
Service Type Bandwidth/Throughput Delay Jitter Packet Loss Rate
Delay
Indicator
Jitter
Indicator
Packet Loss
Rate
Indicator
Video
conference and
teleconference
High
Highly
sensitive
Highly sensitive Predictable ≤ 50 ms ≤ 10 ms ≤ 0.1%
E-commerce Medium Sensitive Sensitive
Sensitive,
reliable
transmission
≤ 200 ms ≤ 100 ms
Best-effort
TCP
guarantee
Streaming
media
High
Relatively
sensitive
Relatively sensitive Predictable ≤ 1s ≤ 200 ms ≤ 0.1%
Email and file
transmission
Low Delay-tolerant Jitter-tolerant
Best-effort
transmission
N/A N/A
Best-effort
TCP
guarantee
HTML web page
browsing
Not specific
Relatively
delay-tolerant
Relatively jitter-
tolerant
Best-effort
transmission
N/A N/A N/A
FTP service Medium Sensitive Sensitive
Sensitive,
reliable
transmission
N/A N/A
Best-effort
TCP
guarantee
95. Huawei Confidential
95
IntServ Service Model
R1 R2
A bandwidth
of 2 Mbit/s is
required.
A bandwidth
of 2 Mbit/s is
required.
A bandwidth
of 2 Mbit/s is
required.
A bandwidth
of 2 Mbit/s is
required.
OK
OK
OK
OK
• Take multiprotocol label switching traffic engineering (MPLS TE) as an example. The IntServ model uses Resource Reservation
Protocol (RSVP) for signaling. Resources such as bandwidth and priority are reserved on a known path, and each network element
along the path must reserve required resources for data flows requiring QoS guarantee. This resource reservation state is called soft
state.
• A soft state is a temporary state that refreshes periodically using RSVP messages. Each network element checks whether sufficient
resources can be reserved based on these RSVP messages. The path is available only when all involved network elements can provide
sufficient resources.
• The IntServ model takes effect only when all nodes on the end-to-end network support the model. Since devices at the core layer,
aggregation layer, and access layer have different functions, the IntServ model is not supported by these devices. Therefore, the
IntServ model cannot be widely used on Internet backbone networks.
96. Huawei Confidential
96
DiffServ Service Model
Video Video
Data Data
Voice Voice
Service Type Priority
Voice 5
Video 4
Data 0
• In the DiffServ model, edge nodes classify and aggregate traffic. Edge nodes flexibly classify packets based on a combination
of conditions in packets, and then mark the packets with different priorities. Other nodes only need to identify the marked
priorities for resource allocation and traffic control.
• In the DiffServ model, an application does not need to apply for network resources before sending packets and no signaling
protocol is required. The DiffServ model provides differentiated services based on the QoS parameters of each data flow. In
addition, packets are classified into different service levels, and traffic control and forwarding are performed in a
differentiated manner, ensuring end-to-end QoS.
97. Huawei Confidential
97
General QoS Service Process
Traffic
policing
Data flow
Inbound
interface
Outbound
interface
Traffic
classificati
on
Congestion management
Queue 0
Queue 1
Queue N
...
Other
operations
Congestion
avoidance
Entering a
queue
Leaving the
queue
Scheduling
General principles:
• Traffic classification, traffic marking, and traffic policing are performed in the inbound direction on a service access
interface.
• Traffic shaping is performed in the outbound direction on a service access interface. If packets of various levels are involved,
queue scheduling and a packet discard policy are also required in the outbound direction on the service access interface.
• Congestion management and congestion avoidance are performed in the outbound direction on a network-side interface.
98. Huawei Confidential
98
Quiz
1. In the network reference model of the data communication network, at which
layer do routing protocols such as OSPF and IS-IS work?
A. Application layer
B. Transport layer
C. Network layer
D. Data link layer
E. Physical layer
99. Huawei Confidential
99
Summary
⚫ A data communication network comprises multiple types of devices and is deployed with
multiple technologies and network protocols.
⚫ Before grasping an in-depth understanding of products and solutions in the data
communication network field, you are expected to master basic technologies and familiarize
yourself with common data communication devices and basic protocols.
⚫ This course introduces basic knowledge about the data communication network, including
basic concepts of the data communication, IP routing, Ethernet switching, network security,
WAN technologies, network management and O&M, and QoS of the network, laying a solid
foundation for further learning.
102. Huawei Confidential
2
Foreword
This document provides an overview of Huawei's datacom business in
the enterprise market, covering Huawei's datacom organizations,
business priorities, major products and solutions, and typical use cases.
Scenario-specific solutions mentioned in this document will be further
detailed in other relevant documents.
103. Huawei Confidential
3
Objectives
⚫ On completion of this course, you will be able to:
Understand the scenario classifications and basic concepts of Huawei's
datacom network solutions.
Learn about the basic concepts, typical architectures, and typical application
scenarios of campus networks, WLANs, data center networks, WANs, and
Network security.
Gain insight into Huawei's solutions in each scenario.
105. Huawei Confidential
5
Overview and Objectives
This section describes Huawei's vision for the datacom industry, as well
as R&D organizational structure, R&D investment, and achievements in
each datacom domain.
106. Huawei Confidential
6
Huawei's Vision for the Datacom Industry: IP on Everything
Connecting
applications
5G
Optical
Copper
Computing power
Intelligence
Data
Connecting
everything
MPLS
IPv6 Enhanced
IPv4
• Ultra-high
bandwidth
• Security
• Ubiquitous
connectivity
• Automation
• Deterministic
quality
• Low latency
Digital
currency
Industrial
control
Medical
data
VR video
e-Government
IP 2030
Delivering the non-stop intelligence and computing power of the intelligent world to everything,
and building ubiquitous intelligent IP connections
IP on Everything
107. Huawei Confidential
7
Huawei Datacom Product Line: Business Focuses and
Organizational Structure
Enterprise business
The first-choice partner for enterprise and industry digital transformation
Serving global enterprises and industry players
Carrier business
The best strategic partner
Serving global carriers
Backbone
router
Network
management
Metro
router
Campus
network
Data center
network
Network
security
6 domains
Energy
Government Finance Transportation
…
Manufacturing
Education
108. Huawei Confidential
8
Huawei Keeps Innovating and Advancing Datacom
Technologies, with 26 Years of Expertise
R&D staff
11,000+
scientists and top experts
100+
of annual revenue reinvested into R&D
~15%
research centers worldwide
14
0
10
20
30
40
50
60
70
80
Ethernet FlexE WLAN 5G transport SDN/NFV SRv6 Network
cloudification
Leading contributions to many fields,
including Wi-Fi 6, IPv6 Enhanced, and 400G
Contributions to 550+ IETF RFCs
OpenStack IETF IEEE OPNFV ONAP ITU Broadband Forum
109. Huawei Confidential
9
12+
Industry standards bodies and
open source organizations
that Huawei has joined
50+
Working groups that Huawei
participates in as chair or higher
IETF RFCs
550+
11,500+
Total patents granted by the
end of 2021
One of top vendors contributing to IETF RFCs
https://www.arkko.com/tools/allstats/ Note: Futurewei is a wholly-owned subsidiary of Huawei.
No. 1 contributions in 6 fields in 2021
• IETF routing domain and O&M domain RFCs
• IEEE 802.11be (Wi-Fi 7) standards
• IEEE 802.3 MAC architecture standards
• IEEE 802.1 TSN standards
• SPN product (including ITU-T) standards
• Mobile bearer network clock standards
49
43
14
20
44
26
0
10
20
30
40
50
60
70
2017 2018 2019 2020 2021
Vendor C
Huawei
Vendor N
Vendor J
Vendor E
Vendor G
Key Player and Contributor: 20 Years of Dedication in Major
IP Standards-Defining Organizations
In 2021, China Communications
Standards Association (CCSA)
released the IPv6 Enhanced standard
system and Huawei helped set up the
IPv6 national standard team.
110. Huawei Confidential
10
SRv6 is a next-generation protocol for IPv4 and IPv6 evolution. It's also the basis of next-
generation networks. SRv6 is considered as "5G" for IP protocols.
Huawei's more than 10 top experts dedicated to SRv6 standards
Li Zhenbin, Huawei's SRv6 chief expert and also IETF IAB member
IGP for SRv6
BGP for SRv6
SRv6 VPN
PCE for SRv6
SRv6 OAM
SRv6 SFC
SRv6 SD-WAN
SRv6 ANG
models
FPC YANG
models
Hu Zhibo/
Dean Cheng
Mash Chen/
Zhuang Shunwan
Donald Eastlake/
Zhuang Shunwan
Dhruv
Cheng Li
Haoyu Song/Li
Cheng
Linda Dunbar
Hu Zhibo
Wang Zitao
3GPP CT
Chairman
Georg Mayer
SR
pioneer
Stefano. Previdi
SRv6 in
3GPP
Wireless
Li Zhenbin
Wu Qin
Huawei IP
Standards
Representative
IETF
L3SM/L2SM
Chair
SRv6 in
RTG Area
SRv6 in
OPS Area
Transmission
2 2 0 1 1
3
9
3
6 8
12
17
22
25
10
IETF 101 IETF 102 IETF 103 IETF 104 IETF 105
IETF meeting-specific SRv6 standards document
contributions by vendors
Vendor C Huawei Huawei and vendor C*
SRv6 standards document contributions by
vendors
Huawei
Huawei and
vendor C*
Vendor C
Others
Up to 75%
Data as of IETF 105
Leading the SRv6 Standards: 10+ Top Experts, Remarkable
Contributions to 60% of SRv6 Drafts
111. Huawei Confidential
11
Core Contributor to Wi-Fi 6: No. 1 in Submitted Proposals
Dr. Osama Aboul Magd,
Huawei's top expert, serves
as the Chair of the 802.11ax
standard working group.
Huawei's
contributions
No. 1
Submitting 318 new proposals (15% of the total),
ranking No. 1 among equipment vendors
Holding 18% of global Wi-Fi 6 patents, ranking
No. 1 among equipment vendors
OFDMA
64T64R
Massive-MIMO
3GPP: 5G 256-QAM
IEEE: Wi-Fi 6
8T8R
UL MU-MIMO OFDMA 1024-QAM
Wi-Fi 6 inherits Huawei's 5G technologies, and its key technologies
are derived from Huawei's proposals.
112. Huawei Confidential
12
AirEngine CloudEngine NetEngine HiSecEngine
Cloud campus
network
Hyper-converged data
center network
Cloud WAN Network security
Huawei Datacom Portfolio: "Four Engines" Products +
Integrated Management, Control, and Analysis Platform
113. Huawei Confidential
13
Maintaining a Leading Position in the Global Datacom Market
NetEngine
WAN routers
No. 1
in the Chinese enterprise router
market
WAN
* 2017–2021 OMDIA data
CloudEngine
data center switches
No. 1
global shipments of enterprise data
center switch ports
Data center network
CloudEngine S-series
campus switches
No. 1
global shipments of 10/25GE ports
of enterprise campus switches
HiSecEngine
USG series firewalls
No. 1
share in the Chinese hardware
firewall equipment market
Network security
* 2021 Gartner data * 2021 Gartner data * 2021 IDC data
Campus network
114. Huawei Confidential
14
WAN
A challenger in Gartner
MQ for 5 consecutive years
Network firewall
Cyber security
NetEngine series routers:
Campus network Data center network
AirEngine Wi-Fi 6:
Frost & Sullivan
2021 Global Wi-Fi
6 Market
Leadership Award
A visionary in
Gartner MQ
Huawei's
CloudCampus Solution
2021 Gartner Peer Insights
Customers' Choice
SD-WAN
Data center
switches:
a leader
named by
Forrester
Data center switches:
Frost & Sullivan
2021 Global
Technology
Leadership Award
Interop Best of
Show Award
Huawei CloudFabric
Solution
2021 Gartner Peer Insights
Customers' Choice
Interop Best of
Show Award
Frost & Sullivan
2021 New Product Innovation
Leadership Award
Gartner Peer Insights
Customers' Choice, with the
highest rating
Winning Many Awards and Wide Industry Recognition
115. Huawei Confidential
15
Cloud Reshapes Enterprise IT Modes and Extends Connectivity,
Driving the Upgrade of the Datacom Industry
cloud
cloud
cloud
PC + mobile terminal + IoT terminal
As-Is: client-server mode To-Be: cloud service mode
Changes in cloud and terminals
drive network upgrades
Server
Campus
office
Campus
production
Campus
assets
PC
Campus
office
Campus
office
Campus
office
Security mode change
Deterministic service quality
Data traffic explosion
Flat network architecture
Expanded management scope
Network boundary extension
Cloud
Hundreds of billion IoT terminal connections by 2025
85% of enterprise applications will be
cloud-based by 2025
116. Huawei Confidential
16
What is IPv6 Enhanced?
TCP/IP standard model
Application
layer
Transport
layer
Network
layer
Network
interface
layer
Technology
enhancement
IPv6
Enhanced
Innovation directions
IPv6
IPv6
IPv6 Enhanced (Comprehensive Upgrade from IPv6):
Building a Technology Base for Digital Networks
Per-hop latency: best-effort → ~30 µs
+Security +Deterministic quality
+Automation
+Ubiquitous
connectivity
+Low latency
+Ultra-high
bandwidth
100GE → 400GE
Fault recovery: days → minutes
Per-hop jitter:
Not guaranteed → ~20 µs
Threat containment:
days → minutes
Multi-hop to clouds →
one hop to clouds
SRv6
FlexE
Network-security
association
Security knowledge
graph
APN6
In-band flow
measurement
ADN, AI
Non-blocking
interconnection 400GE
One-hop cloud
access
Resource
isolation
Proactive O&M
Cloud-network-
security integration
Application
awareness
IPv6+1.0
Network programmability
SRv6 BE/TE/Policy
IPv6+2.0
Experience assurance capability
FlexE/IFIT/BIER 6/DIP
IPv6+3.0
Application-driven capability
APN6
IPv6
Basic network capabilities
1996–2019 2020–2021 2021–2023 2023–2025
117. Huawei Confidential
17
Intelligent Cloud-Network, Accelerating Industry Digital
Transformation
Vision
Solution features
Industry-specific
solutions
Theme
Datacom solutions
Cross-industry
solutions
Products
IP on Everything
Bring digital to every person, home, and organization
for a fully connected, intelligent world
Digital Intelligent Service-oriented
Intelligent
cloud-network
@ carrier
Intelligent Cloud-Network, Accelerating Industry Digital Transformation
Intelligent cloud-network solutions
CloudEngine NetEngine HiSecEngine
AirEngine iMaster NCE
CloudWAN 3.0
Cloud WAN (* for the enterprise market)
CloudCampus 3.0
Cloud campus
network
HiSec 3.0
Network security
Intelligent Cloud-Network
(* for the carrier market)
Intelligent
cloud-network
@ governments
Intelligent
cloud-network
@ cities
Intelligent
cloud-network
@ finance
Intelligent
cloud-network
@ mining
Intelligent
cloud-network
@ electric power
Intelligent
cloud-network
@ manufacturing
Intelligent
cloud-network
@ airports
Intelligent
cloud-network
@ education
Intelligent
cloud-network
@ healthcare
CloudFabric 3.0
Hyper-converged data
center network
118. Huawei Confidential
18
Section Summary
This section describes Huawei's vision for the datacom industry, as well
as R&D organizational structure, R&D investment, and market position
in each datacom domain.
On completion of this section, you will gain a clear consensus on future
datacom network development trends
119. Huawei Confidential
19
Quiz
1. What are the names of four engines of Huawei datacom? What
product categories do they represent?
2. What is Huawei's vision for the datacom industry?
121. Huawei Confidential
21
Datacom Accelerates the Flow of Data, Building Global
Digital Network Infrastructures
Global Digital Strategy
Industry digital transformation
Healthcare
Health for all
Healthcare IoT
Medical insurance
network
Digital government
Government
Gov. extranet
Smart city
Manufacturing
Advanced
manufacturing
Manufacturing
Light industry
Strong transportation
Transportation
Railway & urban rail
Roadway
Smart finance
Finance
Bank
Securities & insurance
Education
Educational
modernization
Higher education
Primary & secondary
education
Energy Internet
Energy
Electric power
Oil & gas
Datacom network
Campus network Data center network
Security
Metro network Backbone network
101011110100000101010101011110 0100010101011010111101011101010 0100010101011010111101011101010
1010111101
1010111101
1
0
1
0
1
1
101011
101011
1
0
1
0
1
1
Digital
government
Digital
society
Digital
economy
Digital
economy
Digital
education
Digital
village
Smart
broadband
5G
communications
Digital
technology
Remote
healthcare
Other 11
projects
Digital China
Accelerating digital development
Digital Compass
Shaping Europe's digital future
Smart Africa
Accelerating digital transformation in African
countries
122. Huawei Confidential
22
Cloud-Network Is the "Power Grid" of the Digital World,
Supplying Non-Stop Digital to Numerous Industries
In the past, electricity drove industrialization. Today, clouds drive digitalization.
0101
0101
Services
Power grid
Power generation
Power consumption
Wind power
Hydropower
Coal power
Government
cloud
Private
cloud
Public
cloud
Cloud-network
supplies
Enterprises
supplies
electric power computing power
123. Huawei Confidential
23
Huawei Intelligent Cloud-Network: Empowering Enterprise
Digital Development with Data-driven Intelligence
Empowering digital development with data-driven
intelligence
CloudWAN
Cloud WAN
VM
VM
VM
CloudCampus
Cloud campus network
(industrial Internet campus)
AR Switch AP
Network
security
CloudFabric
Hyper-converged DCN
IPv6
Enhanced
Network security
Hyper-converged DCN
Cloud WAN
Cloud campus network
Intelligent resource scheduling, and fault self-healing,
enabling all-Ethernet DCNs
Real-time status visualization, intelligent resource
scheduling, and one-click service subscription, enabling
smooth service cloudification and SLA assurance
Network fault self-healing and open network programmability,
enabling all-scenario data awareness and interaction
Unified cloud-based management, intelligent security
protection, and cloud-network-security integration, ensuring
E2E security for data collection, aggregation, and processing
Intelligent cloud-network solutions
125. Huawei Confidential
25
Campus Network, a Bridge Between the Physical and
Digital Worlds
Warehousing
campus
Manufacturing
campus
R&D campus
Retail store
Home office
HQ campus
SaaS cloud
Private
cloud
With the further development of wireless, IoT, and cloud on enterprise campuses, IT and OT infrastructures become ubiquitous. As such, enterprises urgently
need to break the boundaries from HQ to branches sites, from workplace to production services, and from fixed to mobile terminals. In this way, cross-regional
remote collaboration, cross-service converged transport, and cross-terminal unified access come true.
Today's campus network is transformed from a service support system into a key production factor to enable efficient flow of enterprise data and services. If
we compare an enterprise as a person, the enterprise's network is the blood vessels while data is the blood that carries oxygen and nutrients. The smooth flow
of blood determines the vitality of the person. Likewise, network quality is crucial to improving enterprise office and production efficiency and attaining
business growth goals.
126. Huawei Confidential
26
Three Changes Drive Campus Networks Towards the
All-Cloud Era
Service
deployment
Terminal
access
Data flow
Traditional IT IT in the cloud era
Public & private clouds
Local server
...
...
Wi-Fi
IoT
HQ
Branch 1 Branch n
HQ Branch n
Branch 1
Driven by both business and technology, enterprises
are undergoing profound changes to service
deployment modes, data flow scope, and terminal
access modes. As such, campus networks are
marching into the cloud era from the PC era.
• Service deployment (on-premises → public or
private cloud-based): This change brings better
economics and scalability. Users can access and use
services anytime and anywhere.
• Data flow (local data exchange → cross-domain
data exchange): This change helps build a global
enterprise network that enables real-time interaction
between HQ and branches.
• Terminal access (Ethernet cable- or optical fiber-
based wired access → fully-wireless access): This
change removes the restriction of wired access and
enables users and terminals to move freely on demand.
Wired
On-premises →
Cloud-based
Wired →
Wireless
LAN → Cross-
domain
127. Huawei Confidential
27
Four Challenges Faced by Campus Networks in the
Cloud Era
76% of enterprises are dissatisfied with their
wireless experience, according to IDC:
• Wi-Fi hotspot deployment results in
discontinuous coverage, signal blind spots, and
frequent disconnection during roaming.
• APs interfere with each other, but effective
global optimization methods are unavailable,
resulting in low performance and poor user
experience.
Multi-branch interconnection is a must for midsize
and large enterprises. Today's pain points include:
• Scattered branches, slow private line
provisioning, high cost, complex and error-prone
manual deployment, and difficult service
cloudification
• Poor service experience, lack of service visibility,
network congestion, frequent video buffering
and artifacts, and low user satisfaction
Enterprises of all sizes pursue a campus network that
aligns with business development. But they face the
following challenges:
• Given the influx of terminals, inflexible networks
cannot achieve fast capacity expansion, resulting in
time-consuming terminal onboarding.
• Wi-Fi upgrade is needed, but old Ethernet cables
cannot quickly meet bandwidth needs and re-cabling
is costly.
Coverage hole
Signal interference
Branch Branch
CLI
76% of enterprises require campus network
reconstruction in the next 2 years. But the reality is:
• Planning relies on professional skills. CLI-based
deployment is time-consuming and labor-
intensive. Policy change response is slow and
inefficient.
• The huge number of devices complicates O&M.
SNMP-based management suffers from lack of
visibility, difficult fault locating, and time-
consuming troubleshooting.
Engineers
HQ
WAN
In the cloud era, Wi-Fi is the preferred access mode for terminals. Ubiquitous WLANs are required to ensure terminal access anytime, anywhere.
Furthermore, the influx of terminals calls for flexibly scalable campus networks to quickly adapt to service changes and facilitate rapid terminal
onboarding and service rollout. Data interaction between HQ and branches is also becoming more frequent than ever. In turn, this requires stable,
reliable, and economical connection modes to ensure high-speed and high-quality cross-domain data interaction and collaboration. More efficient
deployment and O&M methods are another urgent needs, as they are crucial to managing numerous devices and user terminals in a more fine-
grained manner. Traditional solutions, however, cannot meet these expectations.
Enterprises are taking strides towards the all-cloud era, rising great challenges to networks
Wi-Fi
discontinuous
networking
Cross-domain
fragile
infrastructure
Cloud
outpacing
network
Difficult
network
scaling
128. Huawei Confidential
28
CloudCampus 3.0: Fully-Wireless Intelligent Cloud Campus
Network, Inspiring Digital Innovation
L3 autonomous driving
90% fewer complaints
One global network
40% lower private line costs
Low-carbon intelligence
30% smaller energy consumption
of the entire network
Fully-wireless experience
40% higher productivity
SD-WAN
Router
Education Finance
Healthcare Retail MSP
Manufacturing
...
NETCONF/YANG Telemetry
Automated
deployment
Intelligent
O&M
129. Huawei Confidential
29
Fully-Wireless Experience: Breaking Down Boundaries and
Inspiring Enterprise Innovation
Zero signal blind spot
Unique dynamic-zoom smart antenna
Industry's only to support both omnidirectional and
high-density modes, intelligently adapting to diverse
scenarios and increasing performance by 20%
Zero interruption
during roaming
Unique AI roaming algorithm
70% higher roaming success rate, 30%
larger bandwidth during roaming
Zero packet loss for
intelligent control
First-of-the-kind Wi-Fi 6E network
for smart manufacturing
6 GHz frequency band, ultra-low interference
Air interface slicing: 99.999% @ 10 ms
AG
V
Production line AOI
Wireless extends from workplaces to production environments. How to build a
Wi-Fi 6 network that delivers a continuous experience?
76%
of enterprises are not satisfied
with their WLAN experience.
No signal or
weak signal
Connected
but slow
Roaming with
frequent interruptions
Unstable network
130. Huawei Confidential
30
Low-Carbon Intelligence: 3 Layers Simplified into 2 Layers,
Entire Network Managed as One Device
Public area Mobile office
Desktop
1/2.5/10GE
Access switch
PoE-out
Core switch
10/25/40GE Central switch
Remote unit
ELV room
Aggregation
switch
Access switch
Central
switch
RU
37%
TCO savings
Low carbon and
energy saving
• Power consumption control and intelligent
hibernation on ports and the entire device
• Fanless design for super quietness, reducing
energy consumption by 30%
Simplified
architecture
• 3 layers → 2 layers, reducing managed
nodes by 80%
• Planning-free, management-free, and
plug-and-play RUs
Service
continuity
• Exclusive optical-electrical PoE + secondary
PoE, ensuring network continuity even
without local mains supply
• Ultra-high bandwidth offered by the hybrid
cable, no cable replacement for 15 years
Network-wide automation |
AI-powered intelligent O&M
131. Huawei Confidential
31
One network across
geographic locations
Unique "SD-WAN + SRv6",
enabling ultra-fast multi-
branch interconnection
One network on and
off the cloud
One hop cloud access,
multi-cloud
interconnection, ultrafast
cloud access
2x
cloud access
efficiency
5G/MPLS
/Internet
Internet
SaaS
IaaS
One network for
multiple services
Unique free mobility,
security segmentation for
services, consistent user
experience
Public
cloud
Private
cloud
Challenge: difficult cross-
domain interworking
• How to construct production, OA, and IoT networks
in a unified manner?
• How to reduce the costs of branch interconnection
that relies heavily on costly private lines?
• How to improve cloud access efficiency for services
that need to go through HQ?
50%
Lower network
construction costs
40%
Smaller private
line costs
Google
Office 365
VPC
One Global Network: Ubiquitous Connectivity from Any
Branch, for Any User, on Any Terminal
HQ
MPLS
Internet
5G
Remote campus
Branch
SD-WAN
132. Huawei Confidential
32
L3 Autonomous Driving: Autonomous Driving Network for
Reliable and Stable Services
47%
44.50%
7.50%
1%
是,企业计划近期实现网络自
动化/智能化
是,企业计划3年实现网络自
动化/智能化
是,企业计划3年以上实现网
络自动化/智能化
并不是
Enterprise network automation and intelligence
transformation plan
SD-WAN
Management + control + analysis
Roaming
success rate
50% Terminal
identification
rate
60%
98%
90%
Traditional
solution
Huawei
solution
AirEngine Wi-Fi 6 CloudEngine S switch HiSecEngine firewall
NetEngine AR
Network challenges faced by enterprise
digital transformation
Yes, very soon
Yes, in the next 3 years
Yes, in more than 3 years
No plan
133. Huawei Confidential
33
Section Summary
This section describes the four differentiators of CloudCampus 3.0: fully-wireless experience,
low-carbon intelligence, one global network, and L3 autonomous driving.
⚫ Fully-wireless experience: Huawei WLAN provides unique features, such as fully-wireless
intelligent continuous networking, dynamic-zoom smart antenna, AI roaming, and Wi-Fi 6
Advanced.
⚫ Low-carbon intelligence: The simplified architecture stands out with super power supply via
hybrid cable and management-free remote units (RUs).
⚫ One global network: SD-WAN helps build one network on and off the cloud.
⚫ L3 autonomous driving: iMaster NCE offers compelling features such as intelligent
verification and application assurance 360.
135. Huawei Confidential
35
Three IT Changes Drive DCNs Towards All-Ethernet
Scale: 100x
Centralized
↓
Distributed
IT
architecture
Computing
unit
Storage
media
PCIe
IB Ethernet
Performance: 100x
or
As-Is To-Be
Capacity: 1000x
SCSI NVMe
FC (32G) RoCE (400G)
PCIe is replaced
HDD → SSD
Ethernet Ethernet
Centralized Distributed
CPU/GPU interconnection
over Ethernet
All-flash storage
interconnection over Ethernet
Server interconnection
over Ethernet
NetApp DELLEMC
Intel Ascend Kirin
136. Huawei Confidential
36
CloudFabric 3.0 Hyper-converged DCN Solution
Full-lifecycle automation
Reduces TTM by 90%
Network-wide
Intelligent O&M
Proactively predicts 90%
of faults
Improves IOPS by 90%
Unleashes 100% of
computing power
Ethernet for HPC
Multi-cloud
Three characteristics
Core benefits
OpenStack
Kubernetes
FusionSphere
VMware
Network-wide intelligent O&M
• Device-, interface-, optical module-,
network-, and service-level
• Predictive maintenance, zero service
interruption
Full-lifecycle automation
• Automated network planning, construction,
maintenance, and optimization
• Intent-driven network, NaaS
Lossless Ethernet
• Zero packet loss for local and
long-distance transmission
• Convergence of computing and
storage networks
Optimization
Planning
Construction Maintenance
Hyper-Converged DCN
Automation Intelligence
General-purpose
computing Storage HPC
Ethernet for active-active
storage
137. Huawei Confidential
37
L3.5 Autonomous Driving Network, Accelerating Evolution
Towards Multi-Cloud and Multi-DC
Industry
3.2
3.4
3.6
3.7
3.3
3.6
2.5
2.7
2.9
2.9
2.9
2.7
3.51
2.80
Simulation &
verification
Network
automation
Intelligent fault
remediation
Simulation &
verification
AI inference
Digital twin
Public cloud
Leaf Leaf
Spine Spine
Leaf Leaf
DC 1
Industry cloud
Leaf Leaf
Spine Spine
Leaf Leaf
DC n
Customer service systems and
operation platforms
Northbound: interconnection
with service systems
Southbound:
network-agnostic
2022
OpenStack Kubernetes FusionSphere
Red Hat
Faster
construction
Faster
deployment
Planning +
Design
Deployment +
Provisioning
Service
Provisioning
Monitoring +
Troubleshooting
Network
Change
Parameter
Adjustment
Faster
troubleshooting
Cross-cloud connectivity:
months → minutes
Service provisioning:
days → minutes
Fault locating:
hours → minutes
Full-lifecycle automation
Optimization
Planning
Construction Maintenance
138. Huawei Confidential
38
CloudFabric Easy
Lightweight SDN solution for
small and midsize DCs
iMaster NCE-Fabric single-node
system or cluster (mandatory)
CloudEngine switch
iMaster NCE-FabricInsight
single-node system (optional)
Simplification
• 8x the industry's leaf
scale, facilitating
network capacity
expansion
• Modular spine
switches: flexible
scalability and high
reliability
EasY-Maintenance
• Comprehensive health
evaluation, automatic
detection of 90% risks
• Proactive fault O&M,
rectifying faults in
minutes
Automation
• 3-step service
provisioning, taking
only minutes
• Pre-event simulation
and post-event
verification, ensuring
100% configuration
correctness
Expandability
• Factory installation
and automatic joint
commissioning,
50%↓ service costs
• One-click
deployment,
involving only 3
steps with 3
parameters
CloudFabric Easy Solution, Helping SMEs Build Cloud Data
Center Networks in an "EASY" Way
139. Huawei Confidential
39
Challenge: Ethernet packet loss has gone
unsolved for 40 years
Why is Ethernet prone to
packet loss?
N:1 traffic, exceeding the receive
bandwidth
Higher packet loss for more nodes
Real-time, precise speed control through AI algorithm,
rather than O&M experts
Innovatively introduce AI algorithm to address
this global challenge
Years of research has failed to resolve this issue.
• Real-time
traffic model
• Tens of
millions of
random
samples
Non-precise
backpressure Traffic control
Frequent transmission
suspension
Overly low throughput
Ever-changing traffic
Difficult to seize the
best time window
……
Scenario auto-adaptation, a result after training of tens
of millions of random samples
Random samples for
adaption to any scenario
+
Real service samples to
ensure service effects
OLTP VDI Video
OLAP AI
Unique algorithm
Ethernet for HPC: Eliminates Ethernet Packet Loss and
Unleashes 100% of Computing Power
Packet loss
Scenario auto-
adaptation
Zero packet
loss at 100%
throughput
Scale auto-
adaptation
140. Huawei Confidential
40
Why cannot a traditional Ethernet be used for
cross-DC active-active storage?
Lossless algorithm upgrade: zero packet loss for a
70 km long-distance transmission on an Ethernet
vs
The RTT for 70 km intra-city transmission reaches up to
1 ms. The traditional lossless algorithm cannot ensure
zero packet loss over such a long-distance transmission.
Three-dimensional lossless
algorithm fails in long-distance
transmission scenarios
+ Spatiotemporal
variable
(distance, delay,
jitter, etc.)
Four-dimensional lossless
algorithm ensures zero
packet loss over long-
distance transmission.
Service
requirement
Traffic
model Network status
One more dimension,
100x difficulty
Annual
saving of
CNY25.73
million
100+ 8G FC links → 10 100GE links
8G*128 100G*10
Example (a bank with cross-DC active-active storage): 10 x 100GE lossless Ethernet links
replace 100+ FC links, reducing links by 90%+.
Ethernet for Active-Active Storage: Lossless Long-Distance
Transmission, 90%+ Fewer Links
Active DC Intra-city active-
active DC
Active DC
Huawei switch
Traditional Ethernet:
> 0.2% packet loss rate
over long-distance
transmission
Requirement Actual situation
Intra-city active-
active DC
Active-active
storage requires
zero packet loss
141. Huawei Confidential
41
Section Summary
This section describes Huawei's hyper-converged data center network products and major
solutions:
⚫ L3.5 autonomous driving network, accelerating evolution towards multi-cloud and multi-DC
⚫ CloudFabric Easy Solution, helping SMEs build cloud data center networks in an "EASY" way
⚫ Ethernet for HPC, eliminating Ethernet packet loss and unleashing 100% of computing
power
⚫ Ethernet for active-active storage, achieving lossless long-distance transmission and
reducing links by 90%+
143. Huawei Confidential
43
CloudWAN 3.0: Leading WANs into the Intelligent Cloud-
Network Era
SRv6
FlexE-based slicing
100+ commercial cases worldwide
IPv6 Enhanced, laying a foundation for digital infrastructure
IFIT NETCONF/YANG
Township Federal HQ
State
DC
Real-time
visibility
Fault locating
in minutes
Failover in
milliseconds
One-fiber multipurpose transport: deterministic
experience
• Hierarchical slicing: 1000+ slices, 10x the
industry average.
• Slice ID-based slicing for simplified deployment
One-network wide connection: network digitalization
• Industry-unique hop-by-hop measurement
technology, enabling real-time visibility of network-
wide status and troubleshooting within minutes
One-hop cloud access: flexible cloud-network
connection
• SRv6 enables service provisioning within minutes
and agile service cloudification.
One-click fast scheduling: cloud-network
coordinated scheduling
• SDN + intelligent cloud-map algorithm, improving
cloud-network resource utilization by 30%
| |
144. Huawei Confidential
44
MPLS MPLS VLAN Cloud path 10
Cloud path 20
Cloud path 30
27
36
27
16
SR & SRv6 standards document contributions
by vendors
Huawei
Vendor C &
Huawei
Vendor C
Others
Huawei leads or participates in the
formulation of 59% of SRv6 standards.
Major contributor to SRv6 standards
Leading global SRv6 commercial use
100+ SRv6 commercial deployments
(as of 2022)
One-Hop Cloud Access: Overcoming Process Barriers with
Technology to Enable Fast and Smooth Cloudification for Enterprises
VXLAN
Interop Best
of Show
Award
Frost & Sullivan Global
New Product
Innovation Leadership
Award
Industry: multi-level cross-department
collaboration
10+ stages, 30+ days for provisioning
Huawei: configuration-free cross-domain cloud
path deployment
Provisioning within minutes and application-
level assurance
Cloud path 20: 100 Mbps
bandwidth, latency < 2 ms
Cloud path 30: 50 Mbps
bandwidth, latency < 10 ms
145. Huawei Confidential
45
Most powerful hierarchical slicing, maximal network value
Huawei Other vendor
vs.
1000+ slices:
Huawei-exclusive
32
1000
Restricted protocol path
computation capability
Patented slice ID-
based slicing,
planning free
Configuration within
hours, requiring
address planning
Slice-based hard
isolation, guaranteeing
bandwidth and latency
Soft isolation and
bandwidth sharing,
unable to guarantee SLAs
10 Mbps granularity,
without wasting
resources
Only 5 Gbps
granularity
supported
10 Mbps/slice
…
5 Gbps/slice
One-Fiber Multipurpose Transport: Hierarchical Slicing Enables
IP-Based Production Networks and Ensures Deterministic SLAs
Remote
mgmt.
Video
security
Office
service
Remote
mgmt.
Video
security
Office
service
Office
service
Production
service
Video
service
slice
Control
service
slice
10+ networks → N slices
over 1 network
Multi-network
convergence and private
network-like experience
Telepresence conference:
latency < 10 ms
Video security:
bandwidth > 100 Mbps
Office service: service
isolation
Office
service
slice
Before Now
More
Faster
Better
More
cost-
effective
FlexE-based slice 1
FlexE-based slice 2
FlexE-based slice 3
FlexE-based slice 4
146. Huawei Confidential
46
90% 12% 25%
IDC1 IDC2 IDC3
CNY120 million/year
investment
38% resource
utilization Computing
power
Cost
Storage
Cloud
factors
Network
factors
Bandwidth
Reliability
Latency
45% 50% 47%
IDC1 IDC2 IDC3
Lower TCO
Cloud-network
resource utilization
Intelligent cloud-map
algorithm
Active DC
Intra-city DR DC
Inter-city DR DC
Cloud management
platform
Cloud resource
information
90,000
cameras
200T/day
video data
90% 10%
50% 50% 30%
CNY 30
million/year
One-Click Fast Scheduling: Intelligent Cloud-Map Algorithm
Improves IDC Resource Utilization by 30%
Huawei: cloud-network coordinated scheduling, enabling
efficient resource utilization
Industry: unbalanced cloud-network
resource loads, wasting investment
