Security Level:

2019/01/24

Huawei CloudWAN, Enabling

Cloud-based Transformation of
Enterprises
 Contents
1 Key Requirements in SD-WAN Era

2 Huawei CloudWAN Solution

3 Use Cases

2
Enterprise WAN Challenges for Huawei IT
Huawei global WAN layout after services move to the cloud: Challenges to enterprise WAN
complex, huge, and expensive construction
Network construction: High link cost and
3 x enterprise-grade DCs, 8 x 100 ms-delay circles, and 1000+ private lines complex networking
• Branch network deployment: 1 to 3 months
EMEA APAC AMER • Covering 1000+ branches, HQ, public cloud,
private cloud, etc.

R
R R Russia North Experience: Difficulty guaranteeing
America experience of key applications
C R
R R
Europe R C • 600+ applications compete for bandwidth,
E
Middle R
R
making experience of core services
East Northern difficult to guarantee.
Asia Pacific Latin America VAS: Deploying VASs at branches takes months
R
Southern • Flexible provisioning of network services
Eastern and R
Latin America such as firewalls and WAN optimization
Southern Africa
R
controllers (WOCs)
O&M: Complex O&M of global branches

• Branch network status is invisible, and fault

By 2020, 90% of services will be on the cloud, with
locating is difficult.
Video Telepresence Cloud WAN traffic increasing by 50% every year.
communication conference desktop

3
SD-WAN Becomes the Best Way to Address Challenges

Technological revolutions drive the development of new SD-WAN solutions SD-WAN: The best way to address WAN challenges

1. Supports multiple connection

types (MPLS, Internet, LTE,
Technological

etc.)
revolutions

TDM
IP/MPLS Cloud 2. Supports dynamic link
adjustment, ensuring
experience of key applications
Private line

3. Supports VPN and other VASs

solutions

SD-WAN
MPLS VPN (Hybrid WAN, SDN
SDH/PDH
/ IPSec VPN / OTN … Controller)

4. Enterprise WAN management

is made easy

4
Industry Consensus: Actively Constructing SD-WAN Is the Way Forward

Carrier B2B MSP Enterprise

Carrier: SD-WAN shortens TTM from weeks to MSP: Making customer satisfaction the focus, Finance group: With rollout of new services such as AI
minutes, providing enterprise customers with one-stop designing SD-WAN networking as required, and and cloud, traffic increases sharply by 50%, requiring cost-
"Internet + VPN + self-service + cloud services". offering O&M 365 days a year effective higher bandwidth connectivity.

• Covering complex networking requirements of large • Introducing automatic network management and O&M, • Using the Internet to support the AI customer service,
enterprises and small and medium-sized enterprise reducing required maintenance manpower by 50%. reducing link costs.
(SMEs) • The “dual-network dual-use” high-speed networking • Ensuring high-quality experience of AI customer service
• Extending to 10+ VASs, such as VoIP and LAN services, solution is recommended within the industry. and issuing policies in minutes.
by making optimal use of CPEs

Key requirements on SD-WAN: High-performance CPEs, scaling networking, application experience assurance,
openness & VASs, and simplified O&M
5
With Proven Global Success, Huawei Believes Future SDN-WAN Considerations Will Be...

High-Performance CPE
How to improve CPE performance? Service processing extends from originally L1-L3 to L3-L7

How to meet complex networking Scaling Network

requirements? Build a flexible, reliable, secure enterprise interconnection network

How to optimize application experience? Application Experience Assurance

Optimal application experience, through different traffic policies and WOCs

How to interconnect with live-network

Openness and VASs
systems to provide VASs?
Interconnection with third-party systems

How to simplify branch network O&M? Simplified O&M

Automated network configuration, and visualized status display

6
 Contents
1 Key Requirements in SD-WAN Era

2 Huawei CloudWAN Solution

3 Use Cases

7
Huawei CloudWAN: Beyond SD-WAN, Accelerating Carriers’ B2B Service Cloudification

Key Technologies Enterprise Benefits

…
3x↑Higher SD-WAN Performance • 80% lower O&M costs
NetEngine AR6000, highest L3-L7 service Self-service portal VAS store BSS/OSS • WAN usage reaching 90%
processing efficiency in the industry

100% Application Experience Assurance

Application-driven, dynamic selection and
Third-party orchestrator
Carrier Benefits
optimization of multiple links
• Service provisioning in minutes (location-independent)
Scaling Network RESTful API
20+ networking models, security
• 50%↑ O&M efficiency
Cloud management & automation
Openness
150+ APIs, multi-cloud interconnection • 20%↑ B2B revenue
Extending B2B business domain: VAS, connectivity,
Simplified O&M managed LAN
45+ customized reports: links, apps, sites,
devices, etc.

LTE, GE, 10GE…

Internet
HQ vCPE
NetEngine AR6000 Hybrid cloud
MPLS
LTE
Legacy branch
Branch 2
Legacy CPE

8
 High Performance

NetEngine AR6000: Highest SD-WAN Performance

3x↑
NetEngine AR6300: 2 to 5 Gbps
Chips & Architecture &
Algorithm Innovation
Performance Industry: 650 Mbit/s to 1 Gbit/s
Solar AX Architecture
ARM CPU + NP
Multi-coreArm CPU (L4–L7 Service processing)
Unique Solar AX architecture
• NP chipset offloads L1-L4 traffic, Multi-core ARM
AI … CPU processes L4-L7 service
IPSec Accelerate SA Acclerate

Core1 Core2 Core3 … CoreN

Hardware acceleration based on ARM SoC
… • IPSec, SA, HQoS, ACL acceleration engine, and
native AI
Packet scheduling and queuing engine (POE)

NetEngine AR6000 Hardware- ACL

Ultra-fast algorithms
HQoS
based
acceleration acceleration • Unique acceleration instruction set
forwarding
• AI-driven matching for ACL & routing
NP (~L4 traffic offload）

9
 Scaling Networking

Scaling Network: Flexible and Various Networking Model Orchestration

Forwarding & Control Separation Large-scale networking

Distributed control components can be deployed in cloud or CPE
Distributed control
component

Smooth expansion
of the live network
CPE
On-demand capacity
expansion
Distributed control Flexible Networking
component
On-demand automatic orchestration of 20+ networking models:
Full-mesh, partial-mesh, hub-spoke, dual-CPE & multi-link, etc.

MPLS Internet
CPE PoP PoP CPE
Full-mesh

CPE CPE
Hub-spoke
Partial-mesh
Interlink

One logical CPE

Tunnel ...
MPLS Internet LTE

Dual-CPE & multi-link Dual-CPE & multi-link E2E monitoring for multi-PoP
networking

10
 Scaling Networking

Scaling Network: High Reliability, with High Availability of

Branch Interconnection Services
End-to-end reliability design, ensuring high availability of branch interconnection services

MPLS Internet Hub 1 Hub 2

Agile Controller
VRRP Cluster

Internet Agile Controller Agile Controller

MPLS (Master) (Slave)

MPLS Internet
Route switchover

CPE redundancy Multi-link redundancy Hub redundancy Agile Controller redundancy

Intra-site dual-CPE redundancy: Underlay link redundancy: When a Single-hub and dual-device, and The Agile Controller is deployed in a
data backup through VRRP or link is faulty, services are dual-hub: When the hub is faulty, cluster, providing high reliability.
route switchover automatically switched to other links. the site node automatically Geographic redundancy and
switches to the backup hub. automatic Agile Controller switchover
are supported.

11
 Scaling Networking

Scaling Network: CPEs Provide Enhanced Proactive

Defense Capabilities to Guarantee E2E Security
CPEs provide enhanced proactive defense capabilities to
Key Technologies
guarantee E2E security.
System-level security assurance:
Self-service Portal Orchestrator BSS/OSS
 Rights- and domain-based management
HTTPS Security of  SSH-encrypted NETCONF and bidirectional security
System security Huawei and third-
authentication
party clouds
Rights- and domain-based Log analysis  HTTPS data encryption for interconnection with
management Traffic analysis third-party systems
Document behavior
SSH-encrypted NETCONF and CPE-pipe-cloud E2E data security:
bidirectional security authentication
 CPE security
1. NetEngine AR6000 series routers provide built-in IPS,
URL filtering, SA, DPI, and firewall security
protection capabilities.
NetEngine AR6000 series
routers as CPEs
 Pipe security
Embedded IPS, URL filtering,
DPI, and firewall 1. IPSec overlay technology is used to encrypt packets
transmitted over enterprise interconnection networks.
2. Services of different departments are isolated based on
CPE VRFs.
MPLS
Huawei and third-
party clouds  Device-cloud synergy
IPSec VPN
1. The Agile Controller is interconnected with cloud
Internet security platforms of Huawei and third parties.
2. Distributed cloud security and DNS cloud security
service capabilities are provided.
CPE security CPE
Pipe security Cloud security

12
 Application Experience Assurance

Application Experience Assured: Intelligent Application Identification &

Steering, Improving the Bandwidth Utilization from 60% to 90%
Intelligent application identification Application steering based on bandwidth and link quality

Key apps (video)

Non-key apps MPLS
FPI for SaaS
Correct traffic steering first time Key apps
80%
50%

SA for complex applications

Precise identification of 6000+ apps
Branch Cloud
Internet

Customized application
• If the bandwidth utilization of the primary link group is higher than 80%,
Customization based on URLs or 5-tuple lower-priority applications are switched to the secondary link group.
• If the bandwidth utilization of the primary link group is lower than 50%,
Branch lower-priority applications switch back to the primary link group

Ensuring experience of key applications,

Visualization of all services at L3–L7 improving the bandwidth utilization from 60% to 90%

13
 Openness & VAS

Openness and VASs: Standard Northbound APIs

for Quick Integration with Third-Party Systems
...
Self-service portal/Dashboard VAS store BSS/OSS
Third-party orchestration layer

150+ RESTful APIs of four types

Basic networking Overlay and policy uCPE & VAS O&M and monitoring
• Authentication and • Multi-VPN management • uCPE management • CPE, application, link, and
authorization • PoP management • VNF image file site status query
• Site and CPE configuration • Application, security, and cloud • Service chain orchestration • Alarm and monitoring
• Network configuration connection policies

SD-WAN CPE

Standard APIs, covering 85% Help carriers implement unified multi-system operation, quickly construct
interconnection scenarios a unified customer portal, and perform unified service orchestration.
*GA in July 2019
14
 Openness & VAS

Openness and VASs: Single-Hop Cloud Connection, Multi-Branch to

Multi-Cloud On-Demand Interconnection, Optimal IaaS/SaaS Experience
Single-hop cloud connection, multi-branch to multi-cloud on-
Highlights
demand interconnection

5x faster IaaS/SaaS access

Single-hop cloud connection, optimal
multi-cloud experience
Connection to cloud through the optimal link; multi-
cloud experience optimization
…

Hybrid WAN Public cloud

Enterprise AR1000V
NetEngine AR6000
Compatibility with mainstream
virtualization platforms
VPC Flexible selection of multi-cloud
services
VPC

Private cloud

15
 Simplified O&M

Simplified O&M: Deployment Through the Registration

Center or Emails, Provisioning Networks in Minutes
Zero Touch Provisioning (ZTP) through the registration One-click deployment through emails, adaptive to different
center, making devices plug-and-play interfaces and access modes
5–10 minutes 2 minutes 5–10 minutes 3 minutes 2 minutes
Remote Automatic registration
configuration and connection Remote Activation through Automatic registration
configuration emails and connection
 Synchronize
the ESN.

Registration
center
 The CPE
Graphical  Power on the CPE. Graphical automatically
configuration The CPE The CPE then obtains configuration registers with the
automatically the configuration file. Agile Controller and
registers with the goes online.
Agile Controller
 Preset the address of
and goes online.
the registration center.  Power on the CPE and
activate it using the email.

Branch 1 Branch N Branch 1 Branch N

1. ZTP: CPEs are plug-and-play. 1. Adaptation to numerous interfaces: Ethernet, xDSL, GPON, LTE, etc.
2. The registration center is deployed to allow CPEs to automatically 2. Different access modes: DHCP, PPPoE, static address, etc.
access the Internet. 3. Email-based activation offers added security.

Leverage existing LTE/Internet network resources instead of private lines to provision networks in minutes in ZTP mode.
16
 Simplified O&M

Simplified O&M: 45+ Views, Visible O&M, Higher O&M Efficiency

Optimization of WAN
investment and
Quick detection of traffic exceptions Quick locating of faulty devices or sites configuration policies

Real-time alarm monitoring Topology status visualization 45+ customized views

• Customized dashboard (role or • Topology display based on sites and links Site, link, application, device, and
preference) • Real-time status and performance of sites user health views
• Network-wide real-time alarm generation and links • Site bandwidth • Top N applications
(minute-level) utilization by traffic volume
• Top N sites by • Link throughput
throughput trend

17
Huawei Was Positioned as a Challenger in Gartner's Magic Quadrant
for WAN Edge Infrastructure
In 2018, Huawei was positioned as a Challenger in Gartner’s first Magic
Quadrant for WAN Edge Infrastructure.
Huawei CPEs and large-scale networking capabilities are highly recognized
by Gartner.
• Huawei has a comprehensive hardware portfolio, with a range of appliance
options and wide variety of interfaces.
• Huawei offers multiple WAN edge functions, including router, SD-WAN, and
firewall functions.
• Huawei supports large WAN deployments (over 1,000 sites). Full
Report

Huawei is the only Chinese vendor positioned in Gartner’s Magic Quadrant for WAN Edge
Infrastructure.
Huawei is the only vendor that is positioned as a Challenger in Gartner’s Magic Quadrant for
WAN Edge Infrastructure based on its strong networking capabilities.
With the deepest SD-WAN hardware and software product portfolio, Huawei’s enterprise router
market share ranks No. 2 in the industry.

Industry-wide
Huawei SD-WAN Solution is the first to have Huawei AR650 is a high-performance uCPE and
recognition
passed SD-WAN testing at EANTC. wins the iF DESIGN AWARD 2018.

18
 Embrace a Fully Connected,
Intelligent World
Ultra-broadband Simplified Intelligent Open and Secure
Provide solid network Enable service agility Reshape customer Build a win-win ecosystem
foundation experience

Ultra-broadband Simplified Intelligent Safe

19