vrp on your side_vrp v8_en

HUAWEI TECHNOLOGIES CO., LTD.

www.huawei.com

Huawei Confidential

Security Level:

VRP on Your Side

VRP V8 Main Slide

HISILICON SEMICONDUCTOR HUAWEI TECHNOLOGIES CO., LTD. Page 2

Contents

VRP Overview

VRP Highlights

VRPs thinking about future network

1

2

3


VRP inside

VRP

VRP(Versatile Routing Platform):high reliable Network OS

VRP (Versatile Routing Platform) is a network OS running in IP devices, similar to iOS and Windows.

VRP is the brain of IP devices which constructs the global network.

VRP has high reliability which ensures IP network secure and stable operation.


VRP serves Multi-product families

IAS Security

BRAS NGN

IT

Switch

AR

Router

NE5000E NE80E

NE40E

CX600

ATN

PTN6900

ME60

SSP5000

E8000 SIG 9800

CE12800 CE6800/5800

Ethernet Switch VRP

Consistent user experience

Fast response and delivery

AR G3

UA5000

MA5600T MXU

WLAN AC

SGSN/GGSN MAG9811

OSTA


VRP Supports Multi-solutions

The resilient component /modularity of VRP can meet the requirement of various network

scenarios

IPTV Solution

IP RAN Solution

Metro Solution

IP Core Solution

Enterprise Solution

DC Solution

IP Broadband Solution

IPv6 Solution

L2V

PN

L3V

PN

MV

PN

SLA

BA

S

Mo

bile

3rd

Part

So

ftware

Valu

e A

dd

ed

Service

L2V

PN

L3V

PN

MV

PN

SLA

BA

S

Mo

bile

3rd

Part

So

ftware

Valu

e A

dd

ed

Service

RIP

OSP

F

ISIS

BG

P

RSV

P

LDP

PIM

L2 P

roto

col

CLI

SNMP

Netconf

WebUI

CFG

Perf Mgmt

Fault Mgmt

DB Mgmt

Management Plane

Service Plane

Control Plane

Data Plane

Device FIB

Host Service

MFIB LSP Interface Tunnel

Component Mgmt HA Communication Memory Scheduler

Dist. Middleware

OS Kernel

VS 1# VS n#

RIP

OSP

F

ISIS

BG

P

RSV

P

LDP

PIM

L2 P

roto

col

FTTX Solution

WLAN Solution


VRP: Leading a New Network Era

Distributed process capability partially

Better reliability

Better scalability

Parallel and distributed architecture of full services

Non-Stop Anything

Cloud-routing capability

Flexible virtualization

High APSO

Coarse-Grained Modular

Fine-Grained Modular

Resilient Component System

Coarse-Grained

Modular

Resilient component

system

Fine-Grained

Modular

VRP V8


Contents

VRP Overview

VRP Highlights

VRPs thinking about future network

1

2

3


More Diversified Services , Broader Area and More Concentrated

Data in Could Era

HQ WAN Branch

Voice

Date

Video Campus

Network DC

Larg

er

netw

ork

scale

Co

mp

lex N

etw

ork

Dev

ices

C

on

cen

trate

d

Date

.

More and more services processing in cloud DC, concentrated data calls for higher reliability According to statistic, the world's top 2000 enterprises are all consolidating their data centers.

Different network and complicated device types from HQ to branch

Complex enterprise IT architecture ,higher Opex

Larger network scale, more locations access to network Diversified services, increasing real-time applications and multi-service concurrent processing

Challenges for Network

Capacity

Scalability O&M

Efficiency

Reliability Performance

In Cloud era,

What network we need?

What network OS we need?


Fast improvement of

hardware performance Explosive growth of network traffic

Network OS required

higher performance

+ The high bandwidth time is coming : cloud data center traffic grows at a much

faster rate of 66 percent CAGR, or twelvefold

growth between 2010 and 2015

In 2011, increase rate of e-commerce and video market exceeded 60%.

By 2015, the global Internet traffic volume will be 4 times the current value and reach

966EB.

The new network OS should support high performance to adapt the fast improvement

of hardware performance and meet the requirement of fast traffic increase.

Network

Hardware

Software

OS

Service &

Application

The network OS needs to adapt to the

hardware performance, in order to

support the growth of service traffic well.

Challenges Brought by Rapid Growth of Service Traffic and

Hardware Performance


Current problem Network Virtualization New Challenge

Tenant A Tenant B

Tenant n

Multi-Tenant Services

Era of Server Virtualization

+

Security and reliability of multi-services

Management isolation of multi-users.

N:1 virtualization

1:N virtualization

The New network OS should support virtualization technology to achieve comprehensive virtualization

capability of network

Network Equipment Virtualization like IT Resource

Low utilization ratio of network equipment, high

Capex

Increasing complexity of network scale and

management , high Opex

By 2013, 65% of computing will be completed on VMs.

Customers start to lease virtual servers instead of

physical servers.

Ho

rizo

nta

l inte

gra

tion

:

Less O

pex

Easy m

anagem

ent

Vertic

al s

ep

ara

tion

Less C

apex,

Serv

ice is

ola

tion


Current problem New O&M Experience New Challenge

Changes based on demands &

deployment automatically

VM

VM

VM

VM

VM

Network

Layer

Virtual

Machine

Detects VM migration and performs

deployment automatically

+

Simple

The fact that1:N virtualization creates more management

elements requests end to end management ability from

network equipment, server to VM.

Efficient

Service provisioning faster, service

deployment automatically through

perception of VMs transfer

Safe

Optimize the performance and availability of end-

to-end application. Improve the ability

of troubleshooting to reduce network failure.

Good maintainability and fast service deployment are very significant to reduce Opex

Automation : Key Consideration for O&M Issue

O&M cost becomes the biggest one in

DC spending


22%

15%

5% 5%

23%

20%

1%

9%

Software Upgrade/Configration Software-Control plane Software-Data plane

Software-Other

hardware Failure

Link Failure

Power Outage

The new network OS should have higher reliability to achieve non-stop service. Some important

features should be supported, like failure isolation, fast self-recovery of fault, ISSU and so on.

High ratio of software failures

to whole network failures Great loss by network failure Higher reliability

+

Cloud Service Requires High Reliable Network

Enterprises zero-tolerance of key data loss

requires DC network with higher stability and

reliability.

Software related failures: 47%,

thereamong, software upgrade/configuration related

failures are 22%, control plane & data plane related

failures are 20%.

Key point: Software related failures account

for 66% of whole network failures.


VRP APSOCope with challenge with you

Scalability Performance Availability O&M


Availability

Comprehensive security management

High strength password encryption

Aircraft grade black box records

Multidimensional defense system

Fine user authorization management

Protect your network

NSA for multi-scenario reliability

NSR/NSB of full service

NSU for smooth upgrading

NSP for resource leak recovery

Without any service interruption

Performance Availability Scalability O&M


A2NSR/NSB for all services

Traditional NSF

Disadvantages: Long blackout period, can not

respond to topology changes

Need neighbors support GR

Unable to respond when

neighbor is busy

Generally, NSR/NSB

just support part of

services

VRP support full-

service NSR/NSB

Disadvantages: If devices need to support

NSR / NSB, deployment

of the services which dont support NSR/NSB will be limited

The services will not be

protected by NSR/NSB, If they

dont support NSR / NSB

So only supporting part of the

service NSR / NSB will

reduce the reliability

TCP-based Protocols

(eg: BGP/L2VPN)

ACK-based Protocols

(eg: OSPF/ISIS)

Soft-state Protocols (eg: VRRP/

MSTP)

Support 3 kinds of

standard service

model

Contrast of NSR-NSF

blackout period

O&M Performance Availability Scalability O&M


A3NSU for smooth upgrading

Customer ChallengeIf the old version is not compatible with the new one, the data can not be synchronized , resulting in non-smooth upgrading and many limits in the version consistency.

Supports online and offline

check on compatibility between

the source and target versions.

Suggests an upgrading mode

Enables the system to run

properly and manage different

software versions.

Support services data backup

between modules of different

versions and format

Support plane isolation between the old

and new versions, preventing incompatible

data from affecting the system.

Support thorough software compatibility

verification, ensuring that the NSU function

is tested and available

VRP provides NSU solution

Perfectly solve software upgrading problem for different versions



Installing a lossless patch can reclaim all leaked

resources through NSP. All services are not affected

in the whole process.

A4NSP for resource leak recovery without any service interruption

Installing a traditional patch removes only the bug

itself and cannot reclaim leaked resources because

of a software error. You need to reset the whole

service to reclaim the resources, which leads to a

service interruption.

Reduce the number of cold patches

which effect services.

Install a cold patch to reclaim leaked

resources, which affects services.

Resource Leak

Routing

Module

A software bug leads to

resource leak.

Resource Leak

Routing

Module

Load patch

The bug is

removed, but the

leaked resources

cannot be

reclaimed.

Resource Leak

Routing

Module

A software bug leads

to resource leak.

Resource Leak

Routing

Module

Load patch

The bug is

removed, the

leaked

resources are

reclaimed

through NSP




The objectives and principles of network security

Objectives

Confidentiality

Integrality Availability

Principle

Cost-

effectiveness

Minimum

Authority Multiple

Defenses

VRP security

Security = Sustainability threat analysis+ design + management + deployment + evaluation + enhancement



Comprehensive security management

Safe

ty man

ag

em

en

t

Default safety Dont remotely access without the safety configuration

Access control

Privilege control

Secret protection

Communication safety

Alarm audit

Integrity protection

Minimum service

Three-direction isolation

Safety reinforcement OS reinforcement

Physical isolation Process isolation Path isolation

Minimum service

Dont access without the authentication Flexible authentication mechanism

Privilege control based on task Extended hierarchical control Execution of sensitive operations only by management level

Full ciphertext storage High strength password encryption Irreversible encryption

SSH SNMPV3 SSL

Complete operating / running log

IKE/IPSEC

Aircraft-grade black box records Major events alerts

Check for software package integrity

Don't start idle service Port can be opened and closed

Protocol reinforcement

Comprehensive security management ensures security


Multidimensional defense system

Malformed packet recognition; Broadcast suppression; L2 loop detection; Slice

flooding suppression; URPF

PHY&MAC Framer of interface

card

The L2 message format check; Flow

classification and TM control

Forw

ard

ing

Pla

ne

Contro

l/Managem

ent

Pla

ne

Protocol stack state/Session firewall

Package flow-classification

Black

List White list

Protocol/HOST

flow control

AAA; AUDIT; SSH; Active ARP; ACL;

NAT/ALG;IPSEC/IKE;SSL; DHCP SNOOPING; GTSM;

Protocol Authentication; KEY CHAIN;

Anti-attacked by malformed packet of protocol;

Route filtering control

OS/Protocol stack safety reinforcement

Ne

two

rk

La

ye

r A

pp

lica

tion

laye

r D

evic

e L

aye

r

Upper &

lower

linkage

Anti-attack by package

from forwarding plane

Management/control/

forwarding plane linkage

Based on state/

session firewall

Answer ARP/ICMP/PPP

in the lower layer

Feature and function



High

strength

password

encryption

Running

information

Operation

information

Error

information

Full ciphertext storage: Reduces the plaintext

password leak risk

Irreversible encryption: Ensure that the

password can not be cracked and leaked

Complex password: Avoid simple passwords

being guessed, and fraudulent access

equipment

Use high-end memory or NVRAM

for storage

No influence on system performance

Real time information record

The information is not lost after

system restart

Aircraft-grade

black box records High strength

Password encryption

Fine user authorization

management


User or command-based

authorization management

level 3 Management Level

level 2 Configuration Level

level 1 Monitoring Level

level 0 Visiting Level

Task Group 1

Ospf_ task

cmd1 read

cmd 2 write

PPP_task

Task Groupe2 BGP_task

cmd1 read

cmd 2 write

ARP_task

User Group

read write

Level-based authorization

management


Comprehensive tests and verification

VRP

is safe

Black-box test

White-box test

Testing based on the

threat scenario

Penetration test

The third party test

Nessus system

vulnerability scanning

APPSCAN Web

safety vulnerability scanning

NMAP

port scanning WebScarab

Web safety testing

Xdefend DoS

Protocol robustness testing Codenomicon

Protocol robustness testing

Fortify code safety

static analysis

Coverity

code safety static analysis

testing Verification

Authenticated by Common

Criteria EAL3



Performance

Full service distribution

Multi-CPU/Multi-chassis

High performance meets

information tsunami challenges.



VRP software architecture

VRP adopts RDF (Resilient Distributed Framework) greatly enhance the whole system's flexibility, reliability and scalability. VRP can adapt various network service scenarios flexibly.

Resilient Distributed Framework

Flexible scheduling framework

Full-service distribution

DC Network

Metro Network

Campus Network

Core Network



VRP V8 OS Architecture Character

Deployment of multi-instances of a

protocol/service in a multi-CPU system,

improving system performance and reliability.

Full service distribution Real-time scheduling policy

Make scheduling process for different services

with different priorities according to pre-defined

policy, improving performance and availability.

Advanced

Architecture



TRILL Instance1 OSPF Instance1

L2 Basic 1 L3VPN Instance1 Core1

Core2

CoreN

TRILL Instance2 ISIS Instance1

L2 Basic 2 L2VPN Instance1

TRILL InstanceN ISIS InstanceM

L2 Basic N L2VPN InstanceX

TRILL Instance1

.. TRILL InstanceN

OSPF Instance1

L2 Basic 1

L2 Basic N

ISIS Instance1

ISIS InstanceM

L3VPN Instance1

L2VPN Instance1

. L2VPN InstanceX

Parallel computing on multiple cores for one service, significantly

improving service processing performance

Different services on different cores, meeting diversified requirements

for service processing

Independent processes: one process does not affect

another

Modular design: isolates memory space and improves

system reliability

High performance High reliability


High Performance and Reliability


Full-service distributed deployment

VRP supports a fine-grained distributed architecture and processes distributed services by deploying

multi-instances of a protocol/service in a multi-CPU/core system, improving system performance and

reliability.

Service

distribution Scenario

Distribution

mode Advantages

ARP

message

processing

DC,

Campus, Interface

1. Achieve high capacity and

performance of ARP l2-proxy.

2. Enhance system security through

direct l2-proxy of ARP message in

line card

3. Boost speed of ARP l2-proxy,

decrease CPU utility ratio.

VRRP DC,

Campus, Interface

Achieve fast detection and high

reliability through distributed VRRP

processing based Vlanif interface

DHCP Campus, Line card

Effectively enhance the processing

performance of DHCP message

through distributed processing of line

card

L2 Multicast DC,

Campus Port

Meet high capacity requirement of

multicast in DC/ campus network

through distributed processing of Lind

card



Scalability

N:1 Virtualization ----CSS

1:N Virtualization ----VS

Flexible, Resilient, and satisfying



Flexible and resilient scalability

High resilient fabric architecture

High efficient virtualized architecture

Fabric Network

Data explosion Traffic

increase

Low

network

delay

Virtualization technology provides network good scalability

DC network Access Layer Aggregation Layer Core Layer

Virtualized network resource pool Access Layer Aggregation Layer Core Layer

Horizontal

Virtualization

Decentralized autonomous:

Self-organization, flexible scale out

Centralized management

The whole network as one device to manage and control


Vertical

Virtualization

Horizontal integration:

Reduce Opexeasy management

Vertical separation

Reduce Capex, service isolation


N:1 Virtualization-----CSS

Single logical device

Load balance

of link

Loop-free

network

High reliability

Simple O&M The whole network as one device managed simple O&M, decrease Opex

If one device failed ,others can take over

the work of control and forwarding, avoid

single point of failure

Link aggregation across devices. Avoid

loop when connecting CSS to other device

Link ECMP across devices, 100% utility

ratio of network link and bandwidth

Link aggregation

CSS is the first option of virtualization technology for small/middle-scale DC

Flexible connection Support different type of

devices to build CSS

Two types of management channel: in band/out-

of-band

Multiple bandwidth of forwarding channel

10GE/40GE, 100GE in the future

F l e x i b l e C SS a r c h i t e c t u r e

CSS forwarding channel:16 ports aggregation

Single port 40GE of forwarding channel

640GE broadband of CSS interconnection

H i g h s p e e d o f C SS i n t e r c o n n e c t i o n



CSS: Make network deployment more flexible

Long-distance stack

between cities

Inter-rack/building

stack

Intra-rack

stack

City A City B

Site 1

Site 2

Single hop 80km

Dedicated stack cable or common fibers

for stacking

Single hop distance of 80km(10GE

SFP+) when using fibers for stacking

Applicable to various scenarios

Load balance traffic among links of cluster

members

Prefer local paths for forwarding

Improve bandwidth efficiency

CSS stack capacity Long-distance stack Local forwarding preferentially

2 CE12800 switches in a stack, scalable

to 4 (2013 Q2)

Stacking with line cards interfaces, up to

640Gbps stack bandwidth(16*40GE),

scalable to 1600Gbps(16*100GE,2013Q2)

Up to 16 CE6800 switches in a stack



CSS: Simplify network topology and

reduce Opex

Traditional networking CSS networking Fewer network nodes are deployed, simplifying

network management.

Master switch synchronizes configuration file to other

member switches, simplifying device operation and

configuration.

Simplify O&M and reduce OPEX

Network topology

NMS

Network topology

Improve bandwidth efficiency and reduce

CAPEX

Ring protection protocols such as MSTP are not

required, and no link needs to be blocked.

100% of bandwidth is used. (Only 50% of bandwidth

is used on an STP network).

Build a highly reliable loop-free network

CSS, iStack, and Eth-Trunk build a loop-free network.

The convergence time is much shorter than STP.

The system is still running when a single device fails.



1:N Virtualization -----VS

Per VS physical card and interface

allocation

Per VS system resource

specifications

Virtual control and service plane

Virtual forwarding plane

Virtual management plane

Independent configuration,

management, and maintenance

Independent protocol processing

Isolation from other VSs

VS Components System Resource Allocation


Multi-core multi-process VRP8

Independent

Configuration

Independent

Management

VS2

Configuration file

BGP ISIS PIM . VLAN STP TRILL

VS 1 VS 2

VS 6 VS 5

VS 3 VS 4

VS 8 VS 7

VS 2

Independent Control &

Forwarding

Independent VS Operation


VS: Flexible resource allocation


ASIC 1

24*40G

ASIC 2

ASIC 3

ASIC 4

ASIC 1

24*40G

ASIC 2

ASIC 3 ASIC 4

VS1 VS3 VS4 VS2

Per port group allocation

A group of ports are allocated to one VS.

The VS exclusively use system service

specifications.

A VS can enable all services.

Per port allocation

Any port can be allocated to any VS.

VSs share system service specifications and

some features can only be enabled in one VS.

Some services (like multicast, MPLS, and

TRILL) can only be enabled in one VS.

Per port group allocation

Per port allocation


VS: Save TCO for customer efficiently

Integrated

campus and DC core

Integrated

aggregation and core

Integrated

Multi-zone

DC

Campus

Max. 8 virtual switches( VS) in one chassis

VSs Two manners to manage VS: single VS / whole VS

Two modes to allocate physical resource: port / port group

Aggregation

Core

Office Zone

Production

Zone

DMZ

Campus

Core

DC Core

VS

VS Customer Value

Independent management for multi-

users

Reduce Capex & Opex

Service isolation, improve

reliability and security

Independent VS for different department

Less physical nodes required and

maintained, less Capex and Opex

Resource allocation on demand,

enhance device utility ratio

Less space required for devices placement

Different service running on different

VSs

Fault isolation between different VSs



O&M Efficient end to end O&M

Board forward compatibility

Alarm correlation analysis

Network-level configuring rollback

Interworking with a third party NMS

Efficient O&M reduces the cost



Demand 1: Effective network

configuration management

Difficult fault location

High skill requirements

Massive alarms

IP network fault location

is very difficult .

Demand 2: Fast and accurate

network fault location

Planned Maintenance

Unplanned Event

Human Factors Configuration changes causing outages

1. More than 60% network fault or breakdown

are due to manual configuration fault. Many

of network breakdown are caused by false

configuration modification.

2. Configuring automation is the best way

to solve this crucial problem.

O&M requirement: efficiency improvement

and cost reduction

Improve O&M efficiency is the key to low O&M cost

Demand 3: Fast and automatical

service deployment

There are over 20 thousands IP devices in Huaweis global IT network. The cost of deployment is much high

in phase of network construction. Take campus network

as example: The time of configuration delivery for 274

campus switches will take more than 36 hours.

The key point of fault management is alarm

amounts and locating efficiency.

No false alarm, no unwanted alarm, no

missing alarm


High cost for network deployment



Efficient end to end O&M

Network

construction 1

2

3

Services

deployment

Services

maintenance

Plug & play of box device

Free software debugging of chassis equipment

Auto-discovery physical resources

Automatic project acceptance

E2E efficient service deployment

Board reverse compatibility

Auto-verification of QOS

Detecting in service

High valid alarm, accurate fault location

Network-level configuration rollback,

effectively reducing configuration errors

Network O&M accounts for 25% of the total OpEx,

How to enhance efficiency, reduce O&M costs

10%

5%

4%

3% 2% 1%

cost efficiency

80%

80%

End to End efficient O&M

End-to-end O&M improves O&M efficiency and shields IP network complexity, lowers skill

requirements of staff, and reduces the manpower and OPEX.



Interworking with a Third Party NMS

Flexible CLI Interface

Standard SNMP Interface VRP

Powerful Netconf Interface

Interworking with a third party OSS/NMS is a must.


Contents

VRP Overview

VRP Highlights

1

2

3 VRPs thinking about future network


Network Virtualization Centralized Control Automatic Configuration Request

SDN/OpenFlow for Cloud Computing

Closed devices and distributed control

can not use advanced IT technology to

reduce cost

Rigid network pipe can not meet the needs of future network for cloud

services when computing/storage

resources are virtualized

Cloud computing needs a large number of

cooperative work, rigid pipe can not meet

the variability and dynamic of cloud computing Challenge

SDN/Openflow

Smartphone OTT

IDC IDC

3rd Party Service SP Service

IP Core Network

Internet of Things

Enterprise mailbox

Cooperative communication

ERP CRM Office suite


Software Defined Network (SDN) Principles

Centralized control of multi-vendor devicesSDN controller can control any OpenFlow-enabled devices of any vendor. Simplicity and fast development of new featuresProvides a flexible network automation and management framework and API,

deploys automatically new services, and simplifies the complexity.

Improved reliability and securitySDN Controller with the entire network view can effectively implement access control, traffic engineering, Qos, security, and other policies.

More elaborated network controlMulti-tuples-based flow control mode supports multi-tenants and isolates user traffic. Better user experienceResponds to user needs rapidly with open API.

Customer Network Customer Network Customer Network

Network virtualization layer Global physical network

Network OS

OpenFlow

Data

Forwarding

Data

Forwarding

Data

Forwarding

Data

Forwarding

Data

Forwarding


Controller

OpenFlow

Flow

Table

Secure

Channel

OpenFlow

Protocol

hw

sw

OpenFlow Switch specification

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dport

Rule Action Stats

1.Forward packet to port(s)

2.Encapsulate and forward to controller

3.Drop packet

4.Send to normal processing pipeline

+ mask

Packet + byte counters

Unified cross-layer forwarding

capability

Simplify the forwarding table,

the meaning of forwarding table is

decided by the external controller

Take routing capability out of the

network equipment to improve the

flexibility of the routing (L2-L7)

Make full use of IT technology to

reduce costs and increase coupling

with the services

Decoupling of the software and hardware

Standardize hardware and software

interfaces, hardware and software can

develop independently

The ideal OpenFlow device can perform flow identification, routing, forwarding,

statistics, and label modification.

OpenFlow Principles


Long-Term Evolution of SDN/OpenFlow

Network hardware and software coupled highly and complexly. It was difficult to decouple; Thousands of complex RFC

formed the industry barriers

SDN/Openflow need to transform the control mode of existing network.

Centralized controller need to further enrich and validate functionalities in terms of compatibility/ service abundance/

reliability / scalability (currently the main controller in industry can only support simple functionalities)

Openflow protocol itself is immature, still in the stage of rapid development

Compatible problem with commercial chip, Forwarding performance / capacity / cost is not satisfied

OF 1.1 : Adds tags/tunnels, multipath, multiple-tables

OF 1.2 : Wire protocol, IPv6, basic configuration, extensible expression

OF 1.3 : Topology discovery, test processes, test suites...

OF 1.4 : Capability discovery, test labs...

OF 2.0: Revised forwarding model...

02/2011 12/2011 4/2012 8/2012 12/2012

Openflow development history

Idea

Standardize

Deployment

May be wait 10 years

IETF SDN vs. ONF SDN


Controller as an intelligent brain to

centralized control DC network

The whole DC network is virtualized into a switch,

simplifying the O&M, and supporting traffic load balancing.

Supports isolation of one million tenants and flow

optimization policies at the network level.

Supports the auto-discovery between the controller and

other network devices.

Distributed controller architecture ensures high

performance and reliability, and DC services can be delivered

within minutes or seconds.

Open SDN architecture with advanced network traffic

engineering algorithm enables users to develop applications

VRP innovation practice of SDN - DC Network Virtualization

Distributed protection gateway

Virtual multi-tenant network

DC Network centralized controller

large-scale layer 2 network

Layer3 network Cloud

Gateway


NowVirtual Cluster & Controller FutureSDN

VRP Supporting Smooth Evolution from Virtual clusters

to the SDN pipe OS

Advanced virtualization solution:

IP RAN virtualization: Unique and innovative dual control plane,

supports a variety of access topology, complete services protection

solutions and industry-leading solutions

IP Core virtualization: The first IP Core virtualization solution in

industry help operators to control the global flow of the backbone network

DC network virtualization: innovative L2/L3 full-service bear

architecture, open architecture provides flexible/on-demand DC services

SDN pipe OS:

Network OS Control plane can be achieved through

the server after further concentration, forming a unified

network-level OS

SDN/Openflow Implements flexible programming

and defining of services based on the unified control

plane and forwarding plane. OpenFlow supports

decoupling of the software and hardware and reduces

network costs.

Smooth

evolution

Customer Network Customer Network Customer Network

Network virtualization layer

Global physical network

Network OS

OpenFlow

Data

Forwarding

Data

Forwarding

Data

Forwarding

Data

Forwarding

Data

Forwarding


Thank you

www.huawei.com

vrp on your side_vrp v8_en

Documents

future network

different network

global network

ip network secure

network diversified

high reliability

concentrated data

cloud dc