Introduction to Huawei Network Solution

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Know More About Huawei

2. Basic Concepts of Campus & CloudCampus Solution

3. Basic Concepts of Wi-Fi 6 & AirEngine Solution

4. Basic Concepts of SD-WAN Router Solution

5. Basic Concepts of DCN & CloudFabric Solution

6. Basic Concepts of HiSecEngine Firewall Solution

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Know More About Huawei
Huawei: Leading Provider of ICT infrastructure and Smart Devices

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Know More About Huawei
Focusing on ICT to provide products, solutions, and services to three customer groups

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Know More About Huawei
Build connectivity for Indonesia: 13 region offices, 5 logistics centers

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Datacom: Building an intelligent cloud network to
help companies go digital

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Know More About Huawei

2. Basic Concepts of Campus & CloudCampus Solution

3. Basic Concepts of Wi-Fi 6 & AirEngine Solution

4. Basic Concepts of SD-WAN Router Solution

5. Basic Concepts of DCN & CloudFabric Solution

6. Basic Concepts of HiSecEngine Firewall Solution

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Wireless, IoT, and Cloudification Drive Campus Network Transformation

A famous enterprise A top-ranked university A leading cloud company

Wireless IoT Cloudification

Short-form video services develop rapidly and The campus network needs to be comprehensively By 2025, 85% of enterprise services will be cloud-

employee terminals per 100 m2 increase from transformed to support 14,300 IoT terminals, 14 smart based, posing higher requirements on network

40 to 80, driving demand for higher wired applications, 306 smart classrooms, and more. quality and latency.

access bandwidth.

Higher bandwidth Better experience Higher efficiency

1G access, 40G backbone → 10G access, 100G Differentiated service assurance and Automated deployment and intelligent

backbone millisecond-level low latency O&M

Building a high-quality campus network with higher bandwidth, better experience, and higher efficiency
Huawei CloudCampus 3.0 Solution: Building a High-Quality Campus Network for the
Digital Era
Digitalization transforms enterprises

Customer Transform workplaces Transform production Transform public services

Health Smart
flow e-Schoolbag mgmt. office
analysis

Open industry application development platform

SDK | API
iMaster NCE-Campus: autonomous driving platform that integrates management, control, and analysis
Management and
control layer
E2E automation Intelligent O&M
Planning automation | Network construction automation | User experience visibility | Fault demarcation |
Policy automation Network optimization & self-healing

Management, control,
NETCONF/YANG and analysis Telemetry High-quality network for the digital era
Network layer
Full-10GE access, unleashing digital productivity
• Multi-GE switch + high-density 10GE/25GE fixed switch + 100GE core, building a simplified, ultra-broadband network
• Wired and wireless convergence (managing up to 10K APs and supporting 50K concurrent users), preferential service assurance for VIPs
• Network-wide automated deployment, plug-and-play devices, and precise insight into network-wide link quality
CloudEngine S-series campus switches

AirEngine Wi-Fi 6/6E/7 AirEngine Wi-Fi 6/6E/7 powered by Huawei 5G, building a fully wireless campus network

Lightning-fast speed More stable coverage More stable application More stable roaming
Unique tri-band antennas enable Dynamic-zoom smart antennas Dynamic Turbo: Lossless roaming:
18.67 Gbps, twice the industry for high-density coverage modes, application acceleration, < zero packet loss
average. 10-20% higher performance. 10 ms latency during roaming

8 Huawei Confidential
Innovative RTU, Building a "Pay-as-You-Grow" Campus Network

+ =
Elastic architecture Various RTU licenses On-demand target network

Elastic core 10G

CloudEngine S12700E Model L

5G

Base model Model S

Elastic aggregation 2.5G + Model E
CloudEngine S6730-H RTU license
1G
Model X
Elastic access (PoE++) Model Y
CloudEngine S5732-H
Evolvable port rates Flexible combinations, on-demand configuration

RTU is short for right-to-use. RTU licenses can be used to improve the port rates and switching capacity of switches.

9 Huawei Confidential
Free Mobility: Policies Following Users, Ensuring Consistent Experience

Network WAN/Internet User: xx

resources

Location: xx

Network
resources

Surabaya
Network Network
resources resources

1. Policy: permission
Bandung 2. Policy: security
Group Group ID Contextual Awareness (5W1H: Who, When, Where,
Name Whose, How) 3. Experience:
VIP 30 Leader, wired and wireless, anytime priority/bandwidth
Jakarta Guest 10 Guest, wireless, working hours…

Employee 20 Employees, wired/wireless...

Server 57 Fixed IP address of the server

10 Huawei Confidential
Intelligent O&M: Terminal Visibility, Fault Diagnosis and Analytics

Technical Solution
Initiate an NQA
ICMP test on
As-Is To-Be CampusInsight CampusInsight.

Hop-by-hop CLI detection Automatic end-to-end diagnosis Telemetry

Access → Aggregation → Core → Authentication → Initiating NQA Trace on CampusInsight • User information
Firewall → Server • User authentication • User group
information • Terminal
• Terminal identification information
• Terminal discovery information
Client info
(ARP Snooping)
Step 3 • DHCP online status

AAA DHCP
Step 2

Access point Authentication point

Step 1
Issue Category Typical Root Causes

Authentication failure, timeout, and slowness

Connectivity issue analysis
Path trace DHCP failure, timeout, and slowness

Application quality analysis VoIP failure, poor quality, disconnection, and Layer 2
and path trace loop
AS-F15 AGS-F53 CS-F5 FW-F5
Port anomaly, optical module failure, PoE failure,
sudden traffic increase or decrease, packet loss during
Device fault analysis
forwarding, queue congestion, and threshold-cross
services

11 Huawei Confidential
CloudEngine S-Series Switch Portfolio (1/2)
Modular switches 25GE fixed switches

New S6730-H-V2
• 3.6 Tbps per slot • 2.4 Tbps per slot
(March 2023) 48 x 25GE, 6 x 100GE
• 50K users, 100K terminals • 10K APs, 50K users
VXLAN
• Clos orthogonal architecture • MACsec on 10GE, 25GE,
40GE, and 100GE ports
S16700-4/8
S12700E-4/8/12 S6730-H
24*100GE 6*100GE 48*10GE 24*10GE + 24*GE 2*100GE + 4*40GE
28 x 25GE, 4 x 100GE, 220 mm
36*100GE 18*100GE 24/36*40GE 48*10GE
VXLAN, MACsec
24*Multi-GE +
40*25GE 12*40GE 48*GE
24*GE

10GE fixed switches

• 800 Gbps per slot • 720 Gbps per slot

• 48*Multi-GE per slot • 4K APs, 15K users S6730-H-V2
• 60 W PoE++ at 300 m 24/28/48 x 10GE, 6 x 100GE,
S8700-4/6/10 S7703/06/12 1 card slot VXLAN, MACsec
24/48*10GE 48 x GE 12*10GE optical + 16*GE 24*10GE optical + 24*GE
24/48*Multi-GE 2*100GE + 4*40GE 6*100GE 12*40GE
optical optical/electrical optical + 24*GE electrical optical
48*10GE optical- 24*GE 16*25GE 24*Multi-GE + 48*GE 48*GE
2*10GE + 20*GE 48*GE PoE 48*10GE
electrical electrical 24*GE electrical optical
S6730-H
24/48 x 10GE, 6 x 100GE
VXLAN, MACsec
12 Huawei Confidential
 CloudEngine S-Series Switch Portfolio (2/2)
Multi-GE switches Enhanced GE switches

S5732-H-V2 S5732-H S5732-H-V2 S5732-H S5731-H

24/48 x 2.5/5/10GE, 4 x 25GE + 2 x 100GE 24/48 x 1/ 2.5/5/10GE, 4 x 25GE + 2 x 100GE 20/24/44 x GE, 4 x 10GE + 6 20/44 x GE, 4 x 10GE 24/48 x GE, 4 x 10GE, 30W
90 W PoE++, supporting RTU licenses 60 W PoE++, supporting RTU licenses x 40GE, 1 card slot, VXLAN + 6 x 40GE, VXLAN PoE+, 1 card slot, VXLAN

Standard GE switches Simple GE switches

S5731-S S5731-S S5736-S S5735-S-V2 S5735-L-V2

24/48 x GE Base-T, 4 x 10GE, 24/48 x GE SFP, 4 x 10GE, 24/48 x GE SFP, 4 x 10GE 24/48 x GE, 4 x 10GE, two 12GE 24/48 x GE, 4 x 10GE, two 12GE stack
30W PoE+, VXLAN VXLAN 1 card slot, 420 mm stack ports, 30W PoE+ ports, 30W PoE+, Built-in AC/DC

13 Huawei Confidential
 Contents
1. Know More About Huawei

2. Basic Concepts of Campus & CloudCampus Solution

3. Basic Concepts of Wi-Fi 6 & AirEngine Solution

4. Basic Concepts of SD-WAN Router Solution

5. Basic Concepts of DCN & CloudFabric Solution

6. Basic Concepts of HiSecEngine Firewall Solution

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Wired and Wireless LAN Gartner Leader for 2022-2024
Common WLAN Issues Deteriorating User Experiences

Fault rectification takes a long

There are no signals or signals are weak.
time.
• The network environment is diversified and there
• It is difficult to reproduce wireless network
are many partitions, causing coverage holes or
faults. As a result, fault locating takes a
poor signal quality in some areas.
long time or cannot be demarcated, and
faults are difficult to rectify.

Signals are available, but terminals fail

Poor network Roaming is interrupted.
to be connected.
experience • Roaming policies based on terminal behaviors
• Some terminals fail to access a network
Unsatisfactory do not provide protection during roaming, and
because many terminals are connected.
cause a long handover and large packet loss.

Terminals are connected, but the The network is unstable.

experience is low. • Dense deployment and uncertain interference

• High-density user access causes network cause terminal disconnection or service

congestion and sharply decreases wireless interruption.

network bandwidth.
iMaster NCE-CampusInsight, Ensuring Overall Experience of Networks, Users,
Applications, and Optimization

17 Huawei Confidential
3D Signal Simulation Resolves Coverage Holes or Weak Coverage
Problems from the Planning Perspective
Identify the obstacle height based on the AP deployment height and location, simulate signal coverage, and use 3D signal simulation to achieve more accurate effect.

Cloud network planning: https://serviceturbo-cloud.huawei.com

Walking mode, comprehensive

coverage simulation

You can also select several APs

for partial simulation.
Display information
about connected APs:
➢ AP name
➢ Channel
➢ RSSI
➢ Rate
Spectrum Analysis: Monitoring the Status of All Channels

CampusInsight spectrum analysis monitors the status of all channels on APs and displays the usage of each
channel, which is simple and easy to understand.

Traditional 3 All-channel status monitoring

CampusInsight monitors the status of
spectrum analysis all channels in real time based on APs,
and displays the historical trend chart,
FFT? non-Wi-Fi interference source types,
and RSSIs.
Spectrum graph?
Spectral density
diagram? Historical trend chart of each channel
2
APs report channel scan data
1 to CampusInsight through WMI.
APs scan all channels in real
time and scan co-channel
interference, non-Wi-Fi
interference, and normal usage
proportion of each channel.
AP List of detected Wi-Fi/non-Wi-Fi interference sources
Neighboring AP

Constant-frequency device
Frequency scanning device Frequency hopping device
(2.4G wireless video and audio,
(Microwave oven, Bluetooth, (Cordless phone and cordless
5G wireless video and audio, baby
and game controller) phone base)
monitor, and ZigBee device)
With Many Innovations, We Build an Experience-Centric,
Highly Reliable Wireless Network
. . Ensuring wireless coverage and premium performance . .
Unique hardware design Beam training Codirectional matching of digital beams
Smart antenna:
try beam gain

try

Try-Best try
Traditional
antenna 20% wider coverage
• Patented design, this achieves all-round • Select the beam with the maximum gain, • Maximizes signal gains in the target STA
beamforming and more accurate beams. ensures optimal signal strength anytime. direction.
. . Ensuring wireless network-wide stable experience . .

Intelligent roaming technology Intelligent multimedia scheduling technology

Terminal roaming always on track. Identifies and accelerates applications, suppresses
greedy services to prevent frame freezing
High-Concurrency Access: OFDMA + MU-MIMO Joint Scheduling,
Throughput ↑ 25%
Industry Wi-Fi Huawei AirEngine
Only separate scheduling Dynamic scheduling algorithm

25%
higher throughput in high-density multi-
user access scenarios
Or

256
STAs
1 Mbps/STA
MU-MIMO OFDMA OFDMA + MU-MIMO
Waste of spectrum resources Waste of spatial stream resources Both spatial streams and spectrum resources are well leveraged

Data packets of different users

21 Huawei Confidential
Intelligent Application Acceleration Technology, Ensuring Low-Latency
Experiences upon Multiple Services
Exclusive AI-based
AI-based application classification flow identification

8-level air interface queue

Application acceleration VS
Industry: 4-level air interface queue

VR gaming

VR live Wireless voice

streaming VIP user
4K video
group
OTT gaming Preferentially schedule the
VR gaming
flow with a higher priority
Internet Key applications
VR live streaming
access

4K video Internet access

Common user group
OTT gaming
IM
IM
Wireless voice
Common user group
IPTV

IPTV
Unique intelligent application acceleration and HQoS

Huawei Wi-Fi 6 latency < 10 ms

22 Huawei Confidential
Lossless Roaming + Dual Fed for Zero Packet Loss During Roaming
Competitive feature: lossless roaming, preventing packet loss Competitive feature: exclusive dual fed and selective receiving @
during roaming Wi-Fi 6 Advanced

Deduplication and reassembly

Device-pipe synergy P1 P2 P3 P4
2 • In-roaming service data caching,
WAC

preventing data loss

Radio 1 AP AP Radio 2

P1 X P3 P4 P1 P2 X P4

CH1

CH6 Redundant link

CH11
AGV
AG
V

P1 P2 P3 P4 P1 P2 P3 P4

AGV
Fed 1 CPE Fed 2
AGV Proactive packet loss mitigation, enhanced reliability, and reduced latency
AGV
Scenario: If a radio is roaming, the other radio is not, achieving zero packet loss, 99.999%
reliability, and 10 ms latency.
Pre-roaming Lossless resumable
• Pre-roaming traffic steering, transmission
1 improving efficiency by 100%
3 • Post-roaming data Smart warehousing: uninterrupted AGV services
• Roaming handover time: 50 playback without service
ms → 10 ms interruptions
Dual fed and selective receiving, high reliability, and zero packet loss

23 Huawei Confidential
Wi-Fi 7 with EHT320 and 4096 QAM, 2.4 times the maximum transmission rate than Wi-Fi 6

Wi-Fi 7 with Multi-RU allocation, greatly improves the utilization of radio resources

24 Huawei Confidential
Wi-Fi 7 MLO Enables Faster and More Reliable Wi-Fi Data Transmission

Single-link: 2.4 GHz or 5 GHz Multi-link: 2.4 GHz + 5 GHz + 6 GHz

01010110

01010110

01010110

01010110

01010110
2.4 GHz or 5 GHz Wi-Fi 6 Wi-Fi 7 2.4 GHz 5 6 GHz
GHz

Benefits in Different Modes

Mode 1: Higher performance Mode 2: Higher reliability*

1 2 3 4 1 2 3 4

7
5 6 7 8 7
1 2 3 4
9 10 11 12 1 2 3 4

• Load balancing among multiple links, improving • Multi-fed and selective receiving, improving link
link bandwidth reliability
• Latency reduced by 80%

* To be supported in the later version

25 Huawei Confidential
Huawei Wi-Fi 7, Generation Ahead of the Industry — 2x Bandwidth, 1.5x
Concurrency, Robust Security with Zero Eavesdropping
Fully-wireless workplace Audio & video first
Terminals per 80% being audio
1 2+ Type 80% being data
person & video
applications
applications
STAs per AP 30 60
Download 100 MB 1 GB

Upgrade to Wi-Fi 7, meeting wireless office needs over the next 5 years

2x bandwidth 1.5x user concurrency Robust security

80-channel 120-channel

Wi-Fi 6E Wi-Fi 7

Wi-Fi Shield: 0 eavesdropping of user

120-channel 1080p video conferencing by a single information
AP
4.3 Gbps for a single user

26 Huawei Confidential
Huawei Wi-Fi 7: Zero Video Freezing in Video Conferences; Zero Packet Loss & Zero
Interruptions for Key Applications

Application scenario Huawei-only solution and benefits

Network assurance for Intelligent application identification,

Video conference live streaming dedicated slices for assurance of key
applications Tolly report

Huawei-only XNA engine

Audio & video conferences with
high user concurrency
In-flow
detection Zero freezing
(Huawei-only)

Poor experience, due to bandwidth Poor network quality during live

occupation by file download, cloud disk Quality assessment
commerce, with issues such as video
synchronization, system update, etc. freezing, video artifacts, and audio- 1 person for assurance of the
video desynchronization entire enterprise network
Application identification Suppressing greedy Hop-by-hop visibility and
with AI, experience applications; flexible measurement across
Zero incidents
assurance for 30,000 slicing terminals, LAN, and WAN
terminals (Huawei-only)

27 Huawei Confidential
Huawei Wi-Fi 7 VIP Experience Upgrade: Dedicated Resources for VIP Users,
Zero Degradation on VIP Experience
Application scenario Huawei-only solution and benefits
Dedicated lane for VIP users,
preferential access anytime, anywhere

VIP
Dedicated lane for
VIP users
Preferential access
anytime, anywhere
• Unique VIP FastPass technology
• Dedicated slices for VIP users 50 ms (Huawei) vs >
200 ms (industry)

VIP-targeted
optimization
Enhanced signals Common user
for VIP users VIP user
Poor office experience for executives, difficult complaint handling
• Precise distance measurement, Huawei-only
per-packet power control
• Targeted signal enhancement for
VIP users
Proactive care for
VIP users

POS machine AGV PDA for medical Conference terminal Full-journey visibility on
image reading both wireless and wired
sides Real-time VIP user experience evaluation &
Hard to assure key services on terminals proactive care Fault warning (Huawei) vs.
none (industry)

28 Huawei Confidential
QoS Design — Wireless QoS (Wireless Queue Mapping)
On a WLAN, user traffic of different services is mapped to different queues based on the priority configured for each service.
This ensures that services that are sensitive to network parameters, such as audio and video services, can be preferentially
scheduled.

Modifying DSCP priorities based on application types Re-marking DSCP priorities of packets based on user groups

Internet Internet

Example: Re-mark DSCP Example: Re-mark the DSCP

priorities after a device priority for users in a VIP group.
identifies the audio and video
services.

VIP

29 Huawei Confidential
Flagship Wi-Fi 7 AP: AirEngine 8771-X1T
HE160 high-bandwidth
Triple radios Dynamic-zoom smart antennas
networking

Radio 1 Radio 2 Channel: A

HE160 MHz

2.4 GHz 5 GHz

6 GHz High-density mode Channel: B Channel: C
HE160 MHz HE160 MHz
Omnidirectional mode
Radio 3

Flexible switching between 5 GHz and 6 GHz Omnidirectional and high-density Continuous networking at HE160
on the local licensed spectrum coverage modes used on demand bandwidth, up to 320 MHz available

Parameter Specifications Parameter Specifications

18.67 Gbps
Device rate (1.376 Gbps + 5.765 Gbps + 11.53 Antenna Built-in dynamic-zoom smart antennas
AirEngine 8771-X1T Gbps)
4x4 @ 2.4 GHz (40 MHz) 2 x 10GE electrical ports + 1 x 10GE optical
Radio 4x4 @ 5 GHz (160 MHz) Port port (compatible with hybrid modules, 300-m
4x4 @ 6 GHz (320 MHz) PoE++), all capable of PoE-in
DC: 48 V ± 10%
Power supply PoE: 802.3bt (dual PoE-in channels IoT expansion Built-in BLE 5.2* + external USB
in hot backup mode)

* The capability can be upgraded to Bluetooth 5.4 through software.

Flagship Indoor Wi-Fi AP: AirEngine 8760-X1-PRO
16 spatial streams + flexible
Industry's highest: two 10G uplink ports
radio mode switchover
16 spatial streams
Ultra-high capacity

10.75 Gbps 10GE 10GE

Optical: 10GE SFP+

Dual-PoE power
Radio modes: 4+8+independent radio for Electrical: 10GE x 2
supply, improving
scanning/4+12/4+8+4 Supporting optical/electrical
AP reliability
hybrid cable

Independent probe Innovative heat dissipation design, the

temperature is reduced by 4℃

AirEngine 8760-X1-PRO

Independent hardware +
dual-band scanning
Real-time network optimization Liquid cooling Bionic shark fin cooling
* Works with CampusInsight to perform big data optimization.

Parameter Specifications Parameter Specifications

Port 2 x 10GE electrical + 1 x 10GE SFP+ Antenna Built-in smart antenna
DC: 42.5 V to 57 V
Bluetooth BLE 5.2 Power supply
PoE++, dual power supplies for backup
AP rate 1.15 Gbps + 9.6 Gbps USB port 1
Hardware encryption: IPsec and DTLS
Built-in IoT module ZigBee, RFID, asset management, and ESL Security
WPA3
Indoor High-End Wi-Fi 6 AP: AirEngine 6760-X1/X1E

Basic mode: 4+6 RTU mode:

1. Two spatial streams added: 4+8 2. SDR, 3. Independent dual-
(bringing higher performance) 4+8/4+4+4/4+6+scanning band scanning

5 GHz 2.4 GHz Radio 1 Radio 2

2.4 GHz 5 GHz-1

Radio 1 Radio 2 Radio 3

Switchable 5 GHz-2

Real-time network
AirEngine 6760-X1 AP rate: 8.35 Gbps AP rate: 10.75 Gbps Flexible switchover
status awareness

Parameter Specifications Parameter Specifications

1 x 10GE electrical + 1 x GE
Port Antenna Built-in smart antenna
electrical + 1 x 10GE SFP+
DC: 42.5 V to 57 V
Bluetooth BLE 5.2 Power supply
PoE++

4+6 mode: 1.15 Gbps + 7.2 Gbps

AP rate USB port 1
4+8 mode: 1.15 Gbps + 9.6 Gbps

AirEngine 6760-X1E Built-in IoT ZigBee, RFID, asset Hardware encryption: IPsec and DTLS
Security
module management, and ESL WPA3

* Right To Use (RTU): The number of spatial streams and functions are added through licenses.
Indoor Triple Radios Wi-Fi 6 AP: AirEngine 6761-21T

Triple radios Leader AP Insensitive access

Radio 1 Radio 2

2.4 GHz 5 GHz-1

Radio 3

5 GHz-2 Module CPE

Maximum rate: 6.575 Gbps Direct forwarding: 24 Secure and

insensitive
(2+2+4) Tunnel forwarding: 12 terminal access

Parameter Specifications Parameter Specifications

Maximum 6.575 Gbps
Antenna Built-in smart antenna
rate (0.575 Gbps + 1.2 Gbps + 4.8 Gbps)

Interface 2 x GE electrical port Bluetooth BLE 5.2

Power
21.2 W (excluding USB) USB 1
consumption
Power DC: 12 V ± 10% IoT
AirEngine 6761-21T supply PoE+ power supply expansion
USB extended external IoT
Indoor Mid-Range Wi-Fi 6 AP: AirEngine 5761-21

6 streams + smart antenna Leader AP Insensitive access

Module CPE

Maximum rate: 5.375 Gbps Direct forwarding: 24 Secure and

insensitive
(2+4) Tunnel forwarding: 12 terminal access

Parameter Specifications Parameter Specifications

5.375 Gbps
Maximum rate Antenna Built-in smart antenna
(0.575 Gbps + 4.8 Gbps)

Interface 2 x GE electrical port Bluetooth BLE 5.2

Power
17.9 W (excluding USB) USB 1
consumption
AirEngine 5761-21 DC: 12 V ± 10%
Power supply IoT expansion USB extended external IoT
PoE+ power supply
WLAN Product Portfolio (1/2)
Wi-Fi 6 (802.11ax) indoor AP Wi-Fi 6 (802.11ax) outdoor AP WAC
NEW AirEngine 8760R-X1 AirEngine 8760R-X1E
23/03 Wi-Fi 6E • Device rate: 10.75 Gbps • Device rate: 10.75 Gbps
• NSS: 8+8/4+12 • NSS: 8+8/4+4+4
• Built-in smart antennas • External antennas
• BLE 5.2, PoE out • BLE 5.2, PoE out
AirEngine 8760-X1-PRO AirEngine 8761-X1 AirEngine 6760-X1 AirEngine 6760-X1E AirEngine 6761-22T* • 1 x 10GE electrical + 1 x GE • 1 x 10GE electrical + 1 x GE
• Device rate: 10.75 Gbps • Device rate: 5.95 Gbps • Device rate: 10.75 Gbps • Device rate: 10.75 Gbps • Device rate: 6.575 Gbps electrical port + 1 x 10GE SFP+ electrical + 1 x 10GE SFP+
• NSS: 4+12/4+8+4 • NSS: 4+8 • NSS: 4+6/4+8/4+4+4 • NSS: 4+6/4+8/4+4+4 • NSS: 2+2+4 (6 GHz)
• Built-in smart antennas • Built-in smart antennas • Built-in smart antennas • External antennas • Built-in smart antennas
• BLE 5.2, two built-in IoT slots • BLE 5.2, USB for IoT module • BLE 5.2, two built-in IoT slots • BLE 5.2, two built-in IoT slots • BLE 5.2 AC6805
• 2 x 10GE electrical + 1 x 10GE • 1 x 10GE electrical + 1 x GE • 1 x 10GE electrical + 1 x GE electrical • 1 x 10GE electrical + 1 x GE • 1 x 2.5GE electrical port, 1 x GE AirEngine 6760R-51 AirEngine 6760R-51E
• Device rate: 5.95 Gbps • Device rate: 5.95 Gbps
• Forwarding performance: 120 Gbps
SFP+ electrical + 1 x 10GE SFP+ electrical + 1 x 10GE SFP+ electrical port
Dynamic-Zoom • NSS: 4+4 • NSS: 4+4 • Maximum number of manageable APs: 6K
Smart Antennas • Built-in smart antennas • External antennas • Maximum number of access users: 64K
• BLE 5.2 • BLE 5.2
Hybrid Optical-
• 1 x 5GE electrical port + 1 x GE • 1 x 5GE electrical + 1 x GE
Electrical
electrical port + 1 x 10GE SFP+ electrical + 1 x 10GE SFP+
AirEngine 6761-21 AirEngine 6761-21E AirEngine 6761-21T AirEngine 5760-51
• Device rate: 3.55 Gbps • Device rate: 3.55 Gbps • Device rate: 6.575 Gbps • Device rate: 5.95 Gbps
Specification upgrade
• NSS: 4+4 • NSS: 4+4 • NSS: 2+2+4 • NSS: 2+4/4+4/2+2+4 AirEngine 5761R-11 AirEngine 5761R-11E
• Built-in Dynamic-Zoom • External antennas • Built-in smart antennas • Built-in smart antennas • Device rate: 1.775 Gbps • Device rate: 2.4 Gbps
Smart Antennas • BLE 5.2 • BLE 5.2 • BLE 5.2, two built-in IoT slots • NSS: 2+2 • NSS: 2+2
• BLE 5.2 • 1 x 2.5GE electrical port, 1 x • 1 x 2.5GE electrical port, 1 x • 1 x 5GE electrical port + 1 x GE • Built-in antennas • External antennas
• 1 x 2.5GE electrical port, 1 10GE SFP+ GE electrical port electrical • BLE 5.2 • BLE 5.2
x 10GE SFP+ NEW • 1 x GE electrical + 1 x SFP • 1 x GE electrical + 1 x SFP
23/03
AirEngine 9700-M1
• Forwarding performance: 120 Gbps
Wi-Fi 6 (802.11ax) scenario-specific AP • Maximum number of manageable APs: 3K
AirEngine 5761-21 AirEngine 5761-11 AirEngine 5762-12 AirEngine 5761-12 AirEngine 5762-10
• Device rate: 5.375 Gbps • Device rate: 1.775 Gbps • Device rate: 2.975 Gbps • Device rate: 1.775 Gbps • Device rate: 2.975 Gbps • Maximum number of access users: 32K
• NSS: 2+4 • NSS: 2+2 • NSS: 2+2 • NSS: 2+2 • NSS: 2+2
• Built-in smart antennas • Built-in smart antennas • Built-in smart antennas • Built-in smart antennas • Built-in smart antennas
• BLE 5.2 • BLE 5.2 • BLE 5.2 • BLE 5.2, built-in dual IoT slots • 1 x GE electrical
• 1 x 2.5GE electrical port, 1 x • 1 x GE electrical • 1 x GE electrical • 2 x GE electrical AirEngine 6760-51EI
GE electrical port • Device rate: 4.8 Gbps
• NSS: 4
Wi-Fi 6 (802.11ax) wall plate AP • External antennas
NEW • 1 x 5GE electrical + 1 x GE electrical +
Port upgrade
23/03 1 x 10GE SFP+
Hybrid Optical-
Electrical AC6508
AirEngine 5761-11W AirEngine 5761-12W AirEngine 5762-12SW * AirEngine 5762-13W AirEngine 5762-15HW AirEngine 5762-17W • Forwarding performance: 10 Gbps
• Device rate: 1.775 Gbps • Device rate: 1.775 Gbps • Device rate: 2.975 Gbps • Device rate: 2.975 Gbps • Device rate: 2.975 Gbps • Device rate: 2.975 Gbps • Maximum number of managed APs: 512
Wi-Fi 6 CPE UNR032H with vertical Wi-Fi 6 CPE UNR033H with
• NSS: 2+2 • NSS: 2+2 • NSS: 2+2 • NSS: 2+2 • NSS: 2+2 • NSS: 2+2 network ports horizontal network ports • Maximum number of access users: 4K
• Built-in smart antennas • Built-in smart antennas • Built-in smart antennas • Built-in smart antennas • Built-in smart antennas • Built-in smart antennas • Device rate: 2.975 Gbps • Device rate: 2.975 Gbps
• BLE 5.2 • BLE 5.2, PoE out • BLE 5.0 • BLE 5.0 • BLE 5.1 • BLE 5.1
• NSS: 2+2 • NSS: 2+2
• Uplink: 1 x GE electrical • Uplink: 1 x GE electrical • Uplink: 1 x GE electrical • Uplink: 1 x GE electrical • Uplink: 1 x 2.5G SFP • Uplink: 1 x GE electrical
• External antennas • External antennas
• Downlink: 4 x GE • Downlink: 4 x GE • Downlink: 1 x GE electrical • Downlink: 1 x GE electrical • Downlink: 4 x GE electrical • Downlink: 1 x GE electrical
electrical + 2 x RJ45 electrical + 2 x RJ45 (Optional colorful cover) • 4 x GE electrical • 4 x GE electrical
passthrough passthrough
WLAN Product Portfolio (2/2)

AirEngine 8771-X1T AirEngine 6776-56TP AirEngine 5776-26 AirEngine 5773-23H

New New New

Industry’s 1th Enterprise
6GHz
Wi-Fi 7 AP

• Up to 18.67 Gbps • Up to 7.89 Gbps • Up to 6.45 Gbps • Up to 3.57 Gbps

• Spatial stream : 4+4+4+scan radio • Spatial stream: 2+2+4(5Ghz) • Spatial stream: 2+4 • Spatial stream: 2+2
• 10GE SFP+(Hybrid PoE) • 1*5GE Base-T • 1*2.5GE Base-T • 1*2.5GE SFP uplink(Hybrid PoE)
• 2*10GE Base-T • 1*GE Base-T(PoE out) • 1*GE Base-T • 1*GE Base-T
• USB 2.0 +BLE 5.4 • USB 2.0 + BLE 5.2 • USB 2.0 + BLE 5.4 • USB 2.0 + BLE 5.2

AirEngine 6776-57T AirEngine 5773-22P AirEngine 5773-21 AirEngine 5773-23HW

New New New New
6GHz

• Up to 13.66 Gbps • Up to 3.57 Gbps • Up to 3.57 Gbps • Up to 3.57 Gbps

• Spatial stream: 2+2+4 • Spatial stream: 2+2 • Spatial stream: 2+2 • Spatial stream: 2+2
• 1*5GE Base-T • 1*2.5GE Base-T • 1*2.5GE Base-T • 1*2.5GE SFP uplink(Hybrid PoE)
• 1*GE Base-T • 1*GE Base-T(PoE out) • USB 2.0 + BLE 5.4 • 4*GE Base-T
• USB 2.0 + BLE 5.2 • USB 2.0 + BLE 5.2 • USB 2.0 + BLE 5.2
iMaster NCE-CampusInsight Real Time Telemetry Metrics for Automated
Network O&M
Network Metric Challenge: Can’t get real time network information, Competitive feature: Real-time network metrics, with
with some taking 5 minutes or more. iMaster NCE-CampusInsight Telemetry

85%
Potential network faults

90%
User complaints

95%
Fault locating time

58%
Network-wide performance
38 Huawei Confidential
Cloud Campus 3.0 Solution for Indonesia Manufacturing Company New Plant
Challenges & Requirement
Analysis of Indonesia Manufacturing Company Challenges on their New Plants: Highly
Mobile AGV that have a large number of roaming times and Complex O&M.
• AGVs: are sensitive to packet loss and delay during roaming, required low latency to
running well
Network-wide automation | AI-powered • Difficult O&M: The problem occurs again and again, but cannot be located.
intelligent O&M

Huawei Solution
Huawei proposing Campus Network solution with the advanced WiFi 6 that supports AGVs
requirement and iMaster NCE Campus + CampusInsight to support Full Lifecycle Network
automation and AI-powered intelligent O&M
• WiFi6 Solution that support AGV Network Standards:
• Huawei's lossless roaming technology does Zero Packet Loss by ensuring zero
service interruptions for AGV scheduling, anytime, anywhere
• Intelligent O&M: Real-time link monitoring and intelligent O&M

Wired as a
supplement
Customer Benefits
The WiFi network performance is enhanced to meet the requirements of New Plant.
Existing • WiFi 6 Advanced solution helps lead the customer into the flexible production era,
New Plant Plants
ushering in lower costs, higher efficiency, and better quality.
• AI O&M → Visualized and accurate O&M, improving fault locating efficiency by 10 times
 Huawei CloudCampus 3.0 Solution Enhanced Indonesia Top 3 Bank Smart Branch
Fully-Wireless Experience, Improve Business Performance

Application Authentication Intelligent Commercial Enterprise OA Challenges & Requirement

layer and accounting enterprise O&M Wi-Fi Analysis of Bank XXX Smart Branch project
• Open branch working space with flexible mobility
• New branch application enhanced for smart terminal such as tablet and laptop
• Difficult O&M: fully wireless terminal, 10 minute banking service SLA required advanced
O&M
• Short time to market: deployment time of 200+ branch across Indonesia, target finish
within 2 month.
Management iMaster NCE
and control
layer Network-wide automation | AI- Huawei Solution
Huawei CloudCampus 3.0 solution fully-wireless with iMaster NCE Campus and
powered intelligent O&M CampusInsight：
• Fully-Wireless WIFI6 3 radio for stable and secure Wireless Experience
• Intelligent O&M: Real-time and AI big data analysis with historical 3 month wireless quality
monitoring for intelligent O&M
• Zero Touch Provisioning: speed up deployment process 1 branch for 1 day improve
service time to market

Network
layer Customer Benefits

With Huawei WIFI6 technology, wireless quality and stability improve 30% meet the
requirements of bank application experience.
• With fully-wireless banking hall no longer boring, more flexible and open space
Terminal • With Huawei WIFI6 improve wireless performance and reduce wireless interference issue
layer Smart ATM
• AI O&M Visualized and accurate O&M, improving fault locating efficiency by 10 times
Printer POS machine PC Security VR
terminal Machine
 Contents
1. Know More About Huawei

2. Basic Concepts of Campus & CloudCampus Solution

3. Basic Concepts of Wi-Fi 6 & AirEngine Solution

4. Basic Concepts of SD-WAN Router Solution

5. Basic Concepts of DCN & CloudFabric Solution

6. Basic Concepts of HiSecEngine Firewall Solution

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Huawei is in the Gartner® Magic QuadrantTM for SD-WAN

• Huawei SD-WAN has been listed as the only challenger in the Gartner® Magic QuadrantTM for five consecutive years
• The only Chinese vendor in the Gartner® Magic QuadrantTM.、
• Huawei continues to rank No. 1 in China in terms of the SD-WAN market share.

2022
Gartner® Magic Quadrant™
For SD-WAN

3 consecutive years Five consecutive years

No.1
Gartner® Peer InsightsTM Challenger in Gartner® Magic
Market share in China
Customers' Choice QuadrantTM

Gartner, Magic Quadrant for SD-WAN, Sept. 2022. This report was named Magic Quadrant for WAN Edge Infrastructure from 2018 to 2021.
Gartner Peer Insights, https://www.gartner.com/reviews/market/sd-wan/vendor/huawei/product/huawei-sd-wan
Gartner, Magic Quadrant, and Peer Insights are registered trademarks and service mark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users
based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise
technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all
warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

42 Huawei Confidential
Digital Transformation: Huawei SD-WAN Helps Improve Production Efficiency
in Various Industries
Finance
Finance Large enterprise Retail store Energy

Financial services onto the cloud Remote office Retail 4.0 Digital gas station

Video conference & collaborative O&M of massive numbers of gas

Multi-cloud multi-center Private line upgrade
office stations
Traditional private lines cannot Poor video conferencing and Complex provisioning procedures A large number of sites are scattered across
quickly adapt to service changes collaborative office experience; Average provisioning period > 1 month the country.
on the cloud.
By 2025, 90% of enterprise 2% packet loss on transmission lines Site visit cost per capita: CNY1000 per visit
applications will be migrated to causes frame freezing in video services.
the cloud.
Slow network service
Unstable communication Slow deployment of Difficult to maintain traditional
provisioning during
quality on private lines traditional private lines private lines
cloudification
Better office experience and higher
More agile financial services Shorter TTM and higher ROI Lower O&M costs
efficiency

43 Huawei Confidential
Challenges to Multi-Branch Services in the Cloud Era

Surge in bandwidth Diversified networking Complex network

Surge in applications
requirements scenarios O&M

HQ, branch + Onsite configuration by

10–100M private lines → 30+ (voice, ERP, …) →
IaaS/SaaS, private cloud, professional personnel
100M–10G hybrid links 600+ (4K/8K, IoT, VR, …)
POP, ... Deployment over days

44 Huawei Confidential
Simplified SD-WAN: Converged Deployment of LAN, WAN, and Security, Building Branch
Networks with Ultimate Experience
Integrated management, control, and analysis,
intelligent O&M
Network-wide automation | AI-
• LAN/WAN convergence, unified policy orchestration
powered intelligent O&M
• Batch site configuration, creating 1000 sites in a day

Private SD-WAN Public cloud

cloud Intelligent traffic steering: ultimate experience
AR6700V AR6700V
• Intelligent traffic steering, ensuring experience of key applications
• A-FEC, ensuring smooth video experience even at 30% packet loss
• Data compression, improving data transmission efficiency
Email
FTP Video
conferencing
FTP
Email
FTP Video Large-scale networking, high security and reliability
conferencing

Internet 5G/4G MPLS • Enhanced proactive defense, offering E2E security

• Controller geographic redundancy, fast switchover, and high
reliability

One network to multiple clouds, on-demand

… interconnection
Provincial and municipal Counter Self- Robot Substation Oil & gas • High flexibility with multiple networking models, enabling all-
multi-center service scenario enterprise interconnection
Finance Retail Industry branch • Cloud-native SD-WAN, elastic scaling of performance, one hop to
clouds, and multi-cloud interconnection

45 Huawei Confidential
Simplified/Batch Deployment, Higher Deployment Efficiency
Low efficiency, loose GUI relationships, and high Wizard-based template, batch deployment, higher
As-Is To-Be deployment efficiency
skill requirements

Long time Template-based

Quick configuration
Creating 30 minutes required for configuration Only 3 minutes required for
Creating sites
devices configuring and configuring and deploying a
(3 minutes)
(3 minutes)
deploying a single site single site

Site replication

Complex operations One stop

Configuring Configuring WAN E2E configuration on
NTP links
Complex configuration,
requiring redirection across one page
(2 minutes) (10 minutes)
multiple pages

High skill Site replication

Connecting Configuring WAN requirements Batch deployment of sites of
the RR routes the same type
High dependence on
(2 minutes) (10 minutes)
personal experience,
error-prone

46 Huawei Confidential
Application-based Intelligent Traffic Steering: Ensuring Experience of
Key Applications
Application-based intelligent traffic steering Customer benefits
Application controllability
and visibility
Application-based intelligent traffic steering,
• Traffic of key applications
Quick identification of key automatically switching traffic of key applications to
is automatically switched
applications the optimal link to the optimal link.
Intelligent traffic steering based on many factors,
FPI such as the application SLA, priority, and bandwidth
Feature
identification
• Hybrid links, such as MPLS,
Customized
applications
MPLS Internet, and LTE, are fully
SLA non- utilized.
compliance

SLA non-
compliance
Internet
Selecting the optimal link for
Key applications, such as key applications
video and ERP

47 Huawei Confidential
Per-Flow/Per-Packet Load Balancing: Ensuring a Bandwidth
Utilization of Over 90%
Uneven traffic distribution on links, resulting Per-flow and per-packet load balancing:
in low bandwidth utilization No congestion occurs on high-quality links, with a bandwidth utilization
Uneven traffic distribution on links of over 90%.
The primary link is congested while the secondary link
is idle.
P1 P2 P2 P3 P4 Packet
reassembly
Congested active link (MPLS) Key services MPLS (high-quality link) P1 P2 P3 P4
P1 P2 P3 P4
P1 P2 P3 P4
5G P1 P2 P3 P4 Receiving
secondary Sending end P1 P3 P4 end
Common services
link: (elephant flows)
idle 5G/Internet (lossy link)
• Per-flow/per-packet load balancing is configured for common services (elephant
flows) to share high-quality links.
• Packets on high-quality links are dynamically adjusted based on the bandwidth,
improving bandwidth utilization and preventing congestion.
Low comprehensive bandwidth • Only one retransmission is required upon packet loss on lossy links, preventing
packet loss and ensuring low latency.
utilization

48 Huawei Confidential
A-FEC: Ensuring Smooth Video Experience Even at 30% Packet Loss

A-FEC NetEngine AR NetEngine AR

WAN
Real-time awareness of application packet loss and
adaptive redundancy compensation Real-time awareness of
application packet loss
Optimizing experience of video conferencing,
live streaming, video surveillance, and VoIP
services
Adaptive redundancy
compensation Packet loss occurs on a link. Packet-level FEC

Traditional: Artifacts appear on the video when the packet loss rate is A-FEC: No frame freezing occurs in case of 30% packet loss.
higher than 2%.
Note: A-FEC is supported in Huawei SD-WAN Solution.

49 Huawei Confidential
Built-in 6 Enterprise-level Security Capabilities, Ensuring Site Security
Flexible traffic steering for SaaS applications,
Branch HQ ensuring service quality
Centralized Internet access
• Local breakout, central breakout, and a combination of them, guaranteeing
services
Local breakout Internet
NetEngine AR for SaaS • Application-based flexible traffic steering

Rich built-in security capabilities, saving costs

Antivirus IPS
and simplifying O&M
SaaS • Built-in L7 application identification and control, 6 enterprise-level security
ACL Firewall URL filtering
capabilities, ensuring Internet access security, reducing costs, and facilitating
management without requiring additional devices

Built-in firewall Antivirus Data encryption

Stateful inspection and packet 5+ million signatures Mainstream VPN
filtering firewalls Remote real-time update of the encryption protocols
virus signature database
SM3 and SM4
Remote URL filtering IPS Application-level ACL
140+ categories, > 96% accuracy 1600+ attacks detected, > 90% 6000+ applications in the DPI database,
Fine-grained Internet access control detection rate customized applications
Real-time remote query Remote real-time update of the IPS Fine-grained control
signature database

50 Huawei Confidential
Visible and Measurable SD-WAN Benefits, Facilitating Refined Operations
As-Is: lack of visibility into SD-WAN egress optimization To-Be: measurable and quantifiable SD-WAN
results optimization results
SPR traffic steering: How much experience Traffic steering: improved experience
Quality- Load Traffic steering: traceable
improvement? based
traffic
balancing

Before traffic steering After traffic steering

steering
4 3 2 1
Application MPLS 2 1
Latency

identification Packet loss

Traffic switchover due to a

Jitter
lower link quality than the HQ
Branch SLA threshold

4 ? 3
Internet)

Data compression: bandwidth saving

WAN data compression: How much bandwidth WAN compressed traffic trend
Total outgoing Total outgoing
saving? traffic before traffic after
Compression rate 50%

compression compression

Service packets
P1 P2 P1 P4 ? P1 P2 P4
P1 P2 P1 P4

Compress Restore Before compression After compression

Customer
Measurable Traceable
Intuitive comparison of traffic steering benefits, quantifiable Playback of the entire traffic steering, including intuitively displaying the
benefits
WAN data compression benefits selected link (good or not) and the resulting benefits

51 Huawei Confidential
Portfolio of Huawei NetEngine AR Routers
HQ/Large branches NetEngine AR6300
NetEngine AR8140 NetEngine AR6280 5G-RU-101 5G-SIC
NetEngine
AR6300/AR6200
series
SRU-400H/SRU-600H SRU-400H/SRU-600H
Small- and medium-sized
enterprise branches
NetEngine AR6121E NetEngine AR6140E-9G-2AC NetEngine AR6710-L50T2X4 NetEngine AR6710-L26T2X4
NetEngine AR6100
series

Small enterprises
AR651 AR651W AR657W AR651W-8P
NetEngine AR650
series
Available only outside China

SOHO

NetEngine AR617VW-LTE4EA
AR611W AR617VW-LTE4
AR610 series
Available only Available only in Latin
outside China America

52 Huawei Confidential
Huawei SD-WAN solution for integrated LAN and WAN management at
Indonesian Bank
Challenges & Requirement
Analysis of Pain Points on the Live Network: High MPLS Cost, Complex O&M, and High Labor
Investment.
• Single MPLS connection: MPLS is 5 to 10 times expensive of the Internet.
• High labor cost: Currently, Level 2 engineers are required to deliver a single site.
Network-wide automation | AI-powered • Difficult O&M: The problem occurs again and again, but cannot be located.
intelligent O&M • Long-term SLA: The expected time required for troubleshooting is 4.38 hours per year.

Public/Private Huawei Solution

SD-WAN cloud
Huawei proposing SD-WAN solution supports smooth migration of services on the live network
to implement integrated LAN and WAN management：
• Hybrid connection: 1MPLS + 1Internet hybrid networking, stable and low cost
• Low labor cost: Only Level 1 engineers are required to deliver onsite services when the ZTP
device goes online.
• Intelligent O&M: Real-time link monitoring and intelligent O&M
• Short SLA time: NCE provides unified platform management and quick fault locating in
minutes, meeting the annual SLA requirements.

Wired as a …
Customer Benefits
supplement
The network quality is doubled to meet the requirements of bank application experience.
• Intelligent traffic diversion:Link usage up to 90%
• App & Link Quality Visibility:Timely optimization to guaranty experience
HQ Branch Improve the efficiency by three times and ensure the project SLA
• ZTP→ The deployment efficiency of branch banks is improved to 1 person-day per store.
53 Huawei Confidential • AI O&M → Visualized and accurate O&M, improving fault locating efficiency by 10 times
 Contents
1. Know More About Huawei

2. Basic Concepts of Campus & CloudCampus Solution

3. Basic Concepts of Wi-Fi 6 & AirEngine Solution

4. Basic Concepts of SD-WAN Router Solution

5. Basic Concepts of DCN & CloudFabric Solution

6. Basic Concepts of HiSecEngine Firewall Solution

Page 54 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Three Challenges Facing Data Center Networks on the Way of Evolution

Difficult deployment Difficult O&M Difficult evolution

Apps
DC
IT team: Network team:
service view network view Controller A Controller B

Resource pool 1 X Resource pool 2

Web Gateway Vendor A Vendor B
Service access
exception X X
Gap Firewall
Controller C
Tool X/Y/Z
Spine
APP Authentication X
Resource pool 3 VAS pool
Vendor C Vendor X/Y/Z

.
Risk control Bills
. X: breakpoint
Leaf Leaf

.. ..
Multiple rounds of network solution review Separated services and networks, siloed data 100+ breakpoints for complex services
40% faults caused by configuration errors Multiple departments take hours for joint No unified management: many distinct
standards and devices from different
troubleshooting vendors across clouds

55 Huawei Confidential
Easy CloudFabric: Intelligent + Simplified, Delivering Easy Network Experience

Easy deployment
• Fast deployment: automatic orchestration of
cross-cloud services and minute-level application
rollout
Easy Easy • Accurate configuration: simulation + verification,
deployment Easy O&M evolution 100% change correctness

Easy O&M
• Lossless upgrade: no packet loss during the
CloudFabric 3.0 upgrade, zero service interruptions
• Automatic troubleshooting: intelligent full-flow
analysis and fault locating in minutes
CloudEngine 16800/16800-X

CloudEngine 9800/8800/6800
Easy evolution
• Unified heterogeneous management:
supports heterogeneous co-management and
General-purpose flexible service migration
Storage network HPC network
computing network
• Unified protocol: hyper-converged Ethernet,
36%↓ TCO

56 Huawei Confidential
 iMaster NCE Integrates Management, Control, and
Analysis
Past Now

Cloud platform & application Cloud platform & application

iMaster NCE
EMS/NMS SDN controller Network analyzer Open API

Intent engine
eSight/U2000 iMaster NCE- iMaster NCE- Design
Fabric FabricInsight Studio
Management Control Analysis

Unified cloud management platform

NETCONF/YANG Telemetry
CLI/SNMP/Qx NETCONF/YANG
OpenFlow/OVSDB Telemetry
CLI/SNMP/Qx OpenFlow/OVSDB

Traditional Traditional
SDN device SDN device
device device

• Multiple independent products, including the NMS, • Manager, controller, and analyzer convergence
controller, and analyzer • Closed-loop automation

Page 57 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Microsegmentation
Microsegmentation, also called EPG-based secure isolation, groups servers on
a DCN based on rules. It applies traffic control policies based on End Point
Groups (EPGs) to simplify O&M and implement secure management and
control.
• Efficient forwarding
Microsegmentation is effective in scenarios that require high forwarding and
weak security because it does not introduct traffic detour or cause the
bottleneck of forwarding performance.
Delivers source and destination
EPGs to source and destination
TOR switches, and EPG policies
• Distributed security
to the destination TOR switch
Traffic of VMs is isolated on access switches. East-west isolation can be
DIP: NVE2_IP
③
DIP: NVE2_IP
implemented without relying on firewalls.
SIP: NVE1_IP SIP: NVE1_IP
VNI ② ④
VNI • Unified isolation
S_EPG NVE1 NVE2 S_EPG
Payload Payload Microsegmentation implements the zero-trust security model. It implements
fine-grained isolation based on discrete IP addresses and VM names. In
DIP: 10.10.20.3 ① ⑤ DIP: 10.10.20.3
SIP: 10.10.10.1 SIP: 10.10.10.1 addition, it provides unified isolation for VMs, PMs, and BMs.
Payload VM1 VM2 Payload
10.10.10.1 10.10.20.3
DC

Page 58 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 CloudFabric Service Automation Scenarios
The CloudFabric solution supports four service automation scenarios, including network virtualization, computing, cloud-network integration -
OpenStack, and Kubernets container network.
Network virtualization Computing Cloud-network integration Container network

Network Computing Network Service Service

administrator administrator administrator administrator administrator

VMware vCenter
System Center
OpenShift

VM VM VM VM C C
VM VM Hypervisor VM Hypervisor Hypervisor C
VM VM VM C
VM VM VM VM C
VM VM C
VM VM

Page 59 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Main Functions of iMaster NCE-FabricInsight
Intelligent O&M
Telemetry-Powered
Network Health Evaluation "1-3-5" Troubleshooting
Monitoring

Common indicators: Proactive Health check report: Multi- Abnormal root causes: Quick
monitoring in multiple modes dimensional heath details diagnosis and rectification

• Real-time monitoring and proactive • Comprehensive network health check • Root cause diagnosis for a detected
subscription to all-scenario data based on the five-layer model typical fault in 3 minutes
• Data collection using multiple modes, • Real-time or periodic push of • Troubleshooting together with iMaster
such as gRPC or syslog professional health check reports NCE-Fabric

Page 60 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
CloudEngine 16800 Series

CloudEngine 16808 has 10 Item CE16804 CE16808 CE16816

power modules.
Two MPUs: 1+1 redundancy Dimensions 437 x 482.6 x 990.3 703.6 x 482.6 x 1435.7 x 482.6 x
(H x W x D), in mm (10 U) 990.3 (16 U) 1149.2 (32 U)

Switching capacity 43/387 Tbit/s 86/774 Tbit/s 173/1548 Tbit/s

Packet forwarding rate in

CloudEngine 16808 has 11,280 Mpps 22,560 Mpps 45,120 Mpps
and outside China (Mpps)
eight LPU slots.
Number of LPU slots 4 8 16

CloudEngine 16808 has

three fan modules.

CloudEngine 16808 36 x 100GE QSFP28 36 x 40GE QSFP+ 48 x 10GE SFP+

supports a maximum of
nine SFUs working in
N+1/N+M redundancy
mode.
18 x 100GE QSFP28 24 x 40GE QSFP+ 24 x 10GE SFP+ + 12 x 100 QSFP+

61 Huawei Proprietary - Restricted Distribution

CE8850-64CQ-EI: High-Density 100GE Switch

Parameter CE8850-64CQ-EI
64 x 100GE QSFP28/40GE QSFP+
Port type
ports

Maximum number of stacked

16
switches

Switching capacity 12.8 Tbps

CE8850-64CQ-EI Forwarding performance/Line-

4482 Mpps
rate bytes
64 x 100GE/40GE QSFP28 ports
Buffer 42 MB

FIB (IPv4/IPv6): 360K/256K

Performance specifications MAC: 264K
ARP: 156K

➢ 64 x 100GE QSFP28 ports. Each port can be configured with 40GE

QSFP+ ports and some ports can be split into 4 x 25GE SFP28 ports.
1+1 AC power module
Three fan modules (For details, see the configuration manual.)
backup
➢ Hardware-based BFD: minimum packet sending interval of 3.3 ms
➢ Telemetry, INT (IOAM), and enhanced ERSPAN
➢ Precise time synchronization: 1588v2
➢ AI Fabric (dynamic ECN, fast CNP, VIQ, and DLB)

62 Huawei Proprietary - Restricted Distribution

CloudEngine 6866: 25GE Access TOR Switch

Parameter CloudEngine

Downlink: 48 x 25GE SFP28/48 x 50GE SFP56 (25GE ports can function as

10GE ports, and 50GE ports can function as 25GE ports. However, they
cannot function as 10GE or GE ports. When 25GE ports are upgraded to 50GE
Port type ports, eight ports form a group.)
Uplink: 8 x 100GE QSFP28/8 x 200GE QSFP56 (100GE ports can function as
40GE ports. 200GE ports can function as 100GE/40GE ports. When 100GE
ports are upgraded to 200GE ports, four ports form a group.)

48 x 25GE/50GE 8 x 100GE/200GE
48 x 25GE + 8 x 100GE: 4 Tbps
Switching capacity 48 x 50GE + 8 x 200GE: 8 Tbps
CloudEngine 6866-48S6CQ-P 48 x 25GE + 8 x 100GE: 1450 Mpps
Forwarding performance 48 x 50GE + 8 x 200GE: 2175 Mpps

Buffer 64 MB

FIB (IPv4/IPv6): 1M/256K

MAC: 800K
Performance
ARP: 128K
◼c ◼c specifications ND: 128K
Note: The preceding entry resources are shared.

➢ Abundant DC features: M-LAG, VXLAN, BGP EVPN, and MACsec

1+1 power module ➢ Hardware-based BFD: minimum packet sending interval of 3.3 ms
Four fan modules redundancy ➢ Intelligent O&M: AnyFlow, intelligent flow analysis, Packet Event, telemetry, and
enhanced ERSPAN
➢ Intelligent lossless network: PFC deadlock prevention, AI ECN, and NOF+

63 Huawei Proprietary - Restricted Distribution

CloudEngine 6881

Parameter CloudEngine 6881-48S6CQ

Port type 48 x 10GE SFP+ ports, 6 x 100GE QSFP28 ports
(CE6881-48S6CQ) (compatible with 40GE)

Port type 48 x 10GE RJ45 ports, 6 x 100GE QSFP28 ports

CloudEngine 6881-48S6CQ (CE6881-48T6CQ) (compatible with 40GE)

Switching capacity 2.16 Tbit/s

Forwarding
954 Mpps
performance

CloudEngine 6881-48T6CQ Maximum number of

16
stacked switches
Buffer 42 MB
FIB (IPv4/IPv6): 256K/80K
Performance
MAC: 256K
specifications
ARP: 256K

➢ Abundant DC features: M-LAG, iStack, VXLAN, and BGP EVPN

➢ Hardware-based BFD: minimum packet sending interval of 3.3 ms
Four fan modules (one 1+1 power module ➢ Telemetry and enhanced ERSPAN
fan in each fan module) redundancy ➢ Microsegmentation and NSH

64 Huawei Proprietary - Restricted Distribution

65 Huawei Confidential
 Contents
1. Know More About Huawei

2. Basic Concepts of Campus & CloudCampus Solution

3. Basic Concepts of Wi-Fi 6 & AirEngine Solution

4. Basic Concepts of SD-WAN Router Solution

5. Basic Concepts of DCN & CloudFabric Solution

6. Basic Concepts of HiSecEngine Firewall Solution

Page 66 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
Entered the Gartner Magic Quadrant Eleven Consecutive Times (2013-2023) and
Named a Challenger Seven Consecutive Times (2017-2023)

✓ The only Chinese security vendor listed in the Gartner's

Challengers Quadrant for 7 consecutive years (2017-2023)
✓ Listed in Gartner's Magic Quadrant for 11 consecutive years
(2013-2023), the longest time in China
✓ No.1 comprehensive strength of enterprise-level firewalls in
China and top 5 in the world
✓ Serving more than 100,000 enterprises in over 80 countries

"Huawei provides a complete firewall solution with competitive

cost-effectiveness and is the best shortlisted vendor for
customers in China, Asia Pacific, Europe, and Latin America."
- Gartner Analysts Rajpreet Kaur, Adam Hils, Jeremy D'Hoinne

67 Huawei Confidential
New Challenges Facing Firewalls
Difficult identification of
Service performance bottleneck Slow manual handling
unknown threats

Digital transformation drives interconnection Ever-changing unknown threats are highly It takes several hours to handle security
as well as the explosive growth of data, making difficult to identify, only 60% of which can be issues manually due to massive security
the service processing performance of accurately detected by traditional NGFWs. policies and logs.
firewalls become a bottleneck.

⚫ Growing popularity of all-optical networks and ⚫ Growing known threats ⚫ Analysis of massive security policies and logs
exponentially increased network traffic ⚫ Rapidly changed unknown threats ⚫ Time-consuming closed-loop threat handling
⚫ Higher demands on performance and latency ⚫ Ever-emerging encrypted attacks ⚫ Requirement for unified management
caused by the ever-increasing security service during interworking with other network
requirements products and security products
⚫ IPv6 network reconstruction

68 Huawei Confidential
NP-based Acceleration of Data Service Offloading and 10
μs-Level Low-Latency and Fast Forwarding
As Is To Be

Session table CPU Session table

Session1 Session1
30 µs–50 µs General- ARM core
purpose CPU Session2 Session2

Unloading
+ flow tables

Network
10-18 Network Forwarding Flow1
10 µs–18 µs forwarding chip microseconds (NP) acceleration Flow2
engine
(NP)

Huawei USG6000F uses the NP acceleration engine to unload

Traditional firewall latency consists of network chip processing firewall session entries on core components, reducing the subsequent
latency and computing chip processing latency, resulting in packet forwarding delay by 70%. In addition, the USG6000F can
high forwarding latency. implement customized acceleration based on ACLs/interfaces to protect
key services.

New session Subsequent

creation session process

69 Huawei Confidential
Dynamic/Static Intelligent Uplink Selection Based on Multi-
Egress Links
Static intelligent uplink selection Dynamic intelligent uplink selection IPSec/Internet/MPLS-based
uplink selection

ISP1 ISP2 ISP1 ISP2 Internet DC

ISP1

• Link weight IPSec VPN MPLS

• Interface bandwidth
• Link priority
(1 primary link + N
secondary links)
• Latency
• Jitter
• Packet loss rate

⚫ User-defined link weight ⚫ User-defined link SLA (latency, jitter, and ⚫ Intelligent IPSec uplink selection
⚫ Uplink selection by binding ISP address packet loss rate), selecting the optimal link
for traffic forwarding ⚫ Internet/MPLS-based uplink selection
sets to interfaces
⚫ Application-based intelligent uplink selection

70 Huawei Confidential
Extensive Security Database and Comprehensive
Security Detection Capability

Service awareness Web category (URL) Intrusion prevention

⚫ Identification of 6000+ applications ⚫ Main web category database capacity > 160 million ⚫ Signatures: 20,000+
⚫ Full coverage of mainstream application protocols ⚫ Local high-performance self-learning hot database ⚫ Attack detection technology based on
⚫ Encrypted P2P protocols, Web 2.0, mobile ⚫ Effective data matching rate: 96%+ vulnerability and behavior analysis
applications, and micro applications ⚫ Enterprise-level web categories: 100+ ⚫ Anti-evasion technology based on context
⚫ Rapid response to customized requirements semantic restoration
⚫ Real-time analysis of 500 million URLs on the cloud
⚫ Default blocking rate > 85%

Defense against botnets,

Anti-malware (AV)
Trojan horses, and worms

⚫ Identified botnets: 500+ ⚫ Multi-level protection technologies defending against

⚫ Identified worms and Trojan horses: 1000+ hundreds of millions of viruses; detection of files
compressed in up to 100 layers
⚫ Accurate role identification capability based on
botnet topology analysis technology ⚫ Integrated intelligent technology detecting
unknown viruses (CDE)
⚫ Zombie tool collection and analysis technology
⚫ Detection of 20+ types of malicious code carriers
⚫ Threat detection accuracy: 99.9%+
⚫ Real-time virus database, covering popular high-risk
malware

71 Huawei Confidential Huawei security center: https://isecurity.huawei.com/sec/web/securityResearch.do#

Unified Management by the SecoManager, Simplifying O&M Based
on Service Deployment and Policy Change

Unified management
• The SecoManager supports unified management
of multiple security products, such as the
iMaster NCE
firewall, IPS, and anti-DDoS, and centralized
control of security policies, improving O&M
efficiency
• The firewall supports plug-and-play and can
O&M Policy proactively register with the SecoManager after
connecting to the network
Automatic security service orchestration
Management Report • Policies can be automatically deployed to
SecoManager
corresponding firewalls based on protected
network segments, and network segment
changes will trigger policy changes of device
reselection and deployment
• Customers can configure and manage security
Configuration Policy Log sending policies in the logical partition view
delivering control
Flexible management in multiple
scenarios
...
• In data center(DC) scenarios, the SecoManager
AntiDDoS AIFW IPS and DC SDN controller are deployed together to
centrally manage firewalls

72 Huawei Confidential
Intranet Control and Security Isolation

Intranet control and security isolation scenario Scenario characteristics

• The intranets of large and midsize enterprises are complex,

Marketing department Production department Server area
security levels and security isolation need to be implemented for
different service networks, and traffic exchanged between different
networks needs to be monitored in real time.
• The user management system implements permission control,
quota control, and bandwidth resource management for intranet
access users.

Product deployment and highlights

Egress gateway

Internet
• Deployment location: The USG6000F series is deployed at the
intranet border of a large or midsize enterprise.
R&D department 1 USG6000F • Fine-grained security policy control: provides fine-grained security
Untrust policy control based on 5-tuple traffic, service applications, user
information, and time ranges, effectively implementing intranet
management and control.
• Quota control: controls intranet users' online traffic and time to
prevent bandwidth abuse and decreased working efficiency due to
R&D department 2 long online time.

73 Huawei Confidential
 Huawei HiSecEngine USG6500F Series AI Firewalls

Model USG6510F-D USG6530F-D USG6510F-DL USG6530F-DL USG6525F USG6555F USG6565F USG6585F

2*10GE SFP+ +
Fixed 10*GE RJ45 + 2*GE 10*GE RJ45 + 4*GE SFP + 8*GE
Interfaces 2*GE SFP + 8*GE 2*GE RJ45 + 8*GE COMBO + 2*10GE SFP+
SFP 2*10GE SFP+ RJ45 + LTE
RJ45 + LTE

IPv4 Firewall
Throughput(1
518/512/64- 2.5/2.5/2.5 Gbps 5/5/3.6 Gbps 2.5/2.5/2.5 Gbps 5/5/3.6 Gbps 2.5/2.5/2.5 Gbps 5/5/3.6 Gbps 7/7/3.6 Gbps 9/8/4 Gbps
byte, UDP)
IPv6 Firewall
Throughput
2.5/2.5/2.5 Gbps 5/5/3.6 Gbps 2.5/2.5/2.5 Gbps 5/5/3.6 Gbps 2.5/2.5/2.5 Gbps 5/5/3.6 Gbps 7/7/3.6 Gbps 9/8/4 Gbps
(1518/512/64-
Byte, UDP)

Form Factor Desktop 1U

External
Optional, 64 GB microSD card available for purchase Optional, M.2 SSD (64 GB/240 GB), hot-swappable
Storage
Power
Single power supply Optional dual power modules for 1+1 redundancy
Supplies

74 Huawei Confidential
Huawei HiSecEngine USG6600F&USG6700F Series AI Firewalls

Model USG6615F USG6625F USG6635F USG6655F USG6585F USG6710F USG6715F USG6725F

4*100GE(QSFP28) +
8*GE COMBO + 4*GE(RJ45) + 2*100GE(QSFP28) + 2*40G(QSFP+)+
8*GE COMBO + 4*GE(RJ45) + 10*10GE(SFP+) 16*25GE(ZSFP+) +
Fixed Interfaces 4*GE(SFP)+ 6*10GE(SFP+) 8*25(ZSFP+) + 20*10GE(SFP+)
8*10GE(SFP+)

IPv4 Firewall
Throughput(151 15/15/15 Gbit/s 25/25/25 Gbit/s 35/35/35 Gbit/s 50/50/40 Gbit/s 80/80/40 Gbit/s 100/100/60 Gbit/s 160/160/80 Gbit/s 240/240/120 Gbit/s
8/512/64-byte,
UDP)
IPv6 Firewall
Throughput 15/15/15 Gbit/s 25/25/25 Gbit/s 35/35/25 Gbit/s 50/50/25 Gbit/s 80/80/25 Gbit/s 100/100/45 Gbit/s 160/160/50 Gbit/s 240/240/75 Gbit/s
(1518/512/64-
Byte, UDP)

Form Factor 1U

External
Optional, SATA (1 x 2.5 inch) supported, 240 GB/960 GB/1000 GB
Storage
Power Single AC power supply; optional dual
Dual AC power supplies
Supplies AC power supplies

Note: Some 100GE interfaces and 25GE interfaces on the USG6710F/USG6715F/USG6725F are combo interfaces.

75 Huawei Confidential
 Thank You
www.huawei.com

Page 76 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.