Transforming Your Business
Operations with SD-WAN
September 19th, 2018
Raymond Yu
Senior Director of Product Management for
SD-WAN and Edge Computing
Network Product Line
Huawei Technologies Co., Ltd.
2
Trend: Cloudification Drives the Transformation from
Traditional WAN to SD-WAN
Traditional WAN services
Digital services
Line Bandwidth QoS
…
Cloud
servicesVAS AI Industry
applications
Cloudification
Driving WAN
transformation
Connection + VAS
Hybrid link
Service Visible
&controllable
Cloud-network
convergence
Carriers
From Connection to
Connection + VAS operation
Enterprises
Improved services
&Management Experience
SMEs
Rapidly obtaining
interconnection service
package
…
3
Trend: Enterprise WAN Management and Operation Modes
Accelerate Transformation
Enterprise traffic surges by 30%
Budget decreases by 10%
Hybrid WANExpand bandwidth and use Internet links
Applications cannot be identified, poor
experience for key applications.
Application-based traffic
steering and optimizationIdentify and guarantee the experience
of key applications
Multiple devices , Service provisioning
takes more than three months
VNF-based and automatic
orchestrationVNFs such as FW, WOC, and IPS
All-in-one devices are used in branches.
Interconnection -> Services
Management becomes complex.
Visualized and automated
network managementIntelligent fault location and
troubleshooting methods
4
SD-WAN Advantages over Traditional Enterprise Private Lines: Application-based Traffic Steering, uCPEs (VASs), and Visualization
• Different routing policies are
implemented for different applications,
ensuring excellent service experience
of enterprise applications.
• Access the cloud locally: local
breakout, improving cloud access
experience for enterprises
• Simplified management and
service provisioning with ZTP,
automatic configuration,
automatic networking, etc.
• GUIs for easy management and
operations
• Universal CPE (uCPE), supporting
the universal computing
architecture
• Integration with third-party VASs,
such as those of Riverbed,
Fortinet, Check Point, etc.
Traditional private line -->
Application-based traffic steering
Traditional box --> uCPEs and
integration with VASsCLI --> Visibility and simplified
O&M
…
Router
Firewall
WAN
acceleration
WOC Firewall
uCPE
5
SD-WAN : Hybrid WAN, Cloud Service
⚫ Efficient deployment: 1 day
ZTP ( Zero-Touch-Provisioning )
VAS application automatic orchestration
VAS store
Agile Controller
BSS/OSSSelf-service portal
Policy execution
vCPE
Cloud
Restful APIs
Internet
LTEMPLS
vRR
BGP EVPN
xDSL/Eth/LTE/PON…
vFW vWoC
…
BranchData Center
⚫ Slowly deployment: 3 months
Complex provisioning procedure
Multi-devices coexist: FW, WOC, Router
⚫ Service experience: Non-guaranteed
Application flow invisible
Manually switchover the link
⚫ Isolated operation: Multi-systems
Isolated multi-platform supporting multi-service
One solution adapt to only one-cloud
⚫ Complex O&M: Fault locating > 1 hour
Apps monitoring > 5 minutes, unable to monitor
app/link quality in real time
⚫ Intelligent O&M: Fault locating < 1min
Telemetry-based real-time monitoring, locating
faults in minutes
⚫ Unified operation: Open ecosystem
Integrated based on 120+ APIs &10+ VASs
Multi-cloud : Huawei, AWS, Azure
⚫ Service experience : Assured
FPI +DPI + User-Defined Apps
App-based traffic steering
CPE/uCPE
FPI: First Package Identification
Forwarding Plane
Control Plane
Management Plane
vRR vRR
uCPE CPE
…
6
ZTP for Plug-and-Play: Fast Service Provisioning in a Branch Within 30 minutes
Delivering CPE
1 days
30 minutes
Before
Deployment efficiency at branches
SD-WAN
Branch
Configuration
Powering on,
activation by email
Register &Online
Onsite configuration and deployment →One-click service provisioning
MPLS coverage restriction →Wide coverage through the Internet, with 2 to
3-fold growth of customers
IT professionals required →No need of professional engineers; self-handling by
service persons
7
Use Case: NFV-based All-in-One Devices in Branches
Allow Services to Be Provisioned Within Minutes
Simplified Intelligent Open
One Service One Device Difficult to Change Service Automatic Service Chain Orchestration
VAS Provisioning from months to minutes
Inflexible Services Change to On-demand VASs
Multi-Devices to 1 uCPE + VASs
vFWvRouter vWOC
Cloud
I need deploy WOC in Hannover
Office for accelerating CAD
transmission in this week.
Branch
OPEN uCPEX86 or ARM64
SD-WAN
Internet
LTEMPLS
8
Simplified Branch Deployment, Full-Process Automation,
and Service Rollout in Minutes Reduce OPEX
vFW vWoC
…
uCPE
Branch
vCPE
Cloud HQ/Data
center
Internet
LTEMPLS
Automatic
orchestration
for overlay
tunnels
Hybrid WAN for All
Scenarios
…
Self-service portal BSS/OSSVAS Store
Automated
service chain
orchestration
Hybrid WAN, simplified networking
in all scenariosFull series of CPEs, including the CPE, uCPE, and vCPE
10+ WAN interfaces and Hybrid Bonding
Automatic configuration of IaaS/SaaS connections
ZTP and device plug-and-play
Flexible deployment modes (email, DHCP, and USB) and
device plug-and-play
Batch deployment of multiple sites
Automated service chain orchestration
and VAS service provisioning in minutesOpen x86 & ARM64 uCPE, 10+ mainstream VASs (Riverbed,
Checkpoint, etc.)
Automated service chain orchestration and one-click delivery
Automatic configuration of overlay tunnels
and fast networking
Automatic configuration of overlay tunnels and multi-VPN
service template configuration
On-demand selection of Hub-Spoke, full-mesh, and partial-
mesh networking modes
ZTP
Simplified Intelligent Open
9
Use Case: Adaptive FEC Intelligently Optimizes
Audio and Video Experience
As-Is: link flapping (packet loss ratio > 5%), and
audio and video frame freezing
Internet link quality: packet
loss ratio larger than 10% or
delay larger than 400 ms
Internet
Branch 1 Branch 2
Internet
Branch 1 Branch 2
Poor audio and video
experience
Original
Packge
Packet loss Received
packet
Transparent
transmission
Transparent
transmission
Check link quality in real time
and adjust the FEC protection
window as required
AR router (WOC) AR (WOC)
Packet loss during
transmission
Enable FEC on the receiving device
and restore the original video frame
Redundant
frame
Original
packet
Adjust the FEC protection
window based on the link quality.30%↓
Adaptive FEC100%
Bandwidth
consumption
Experience
guarantee
Simplified Intelligent Open
To-Be: Internet packet loss ratio of 20%, and no erratic
display or frame freezing for audio and video services
10
TCP
Use Case: Fillps Transfer Files at High Speed, and
the File Transfer Speed Increases 100-Fold
As-Is: 1 Gbit/s bandwidth, 100-ms delay, and 1%
packet loss ratio, with file transfer speed of 1.8 Mbit/s
Internet
Branch 1 Branch 2
InternetBranch 1 Branch 2
The NACK mechanism is used to monitor the packet loss in real
time, and the receive end can rapidly retransmit the lost packets.
AR (WOC)
Data packets enter into the
transmission queue as required.
AR (WOC)
Packet-
loss-
sensitive
Fillps TCP
• Fillps for fast file transfer: packet loss tolerance
and fast retransmission, quickly freeing up
memory to make full use of bandwidth
• Precise flow control at the transmit end: Data is
sent on demand.
• Dual-acknowledgment mechanism for packet loss:
The transmit end retransmits lost packets.
To-Be: 1 Gbit/s bandwidth, 100-ms delay, and 1% packet
loss ratio, with file transfer speed of 946 Mbit/s
Packet loss during
transmission
Simplified Intelligent Open
11
Use Case: Intelligent Traffic Steering Delivers Optimal Application Experience, and
Maximizes Bandwidth Utilization
HQ
Branch uCPE
Bandwidth
utilization
Traditional
interconnection
<50%>90%
SD-WAN
Internet
Video conference Office365
YouTube
MPLS
Video conference
Offce365
Others
Offce365
Hybrid WAN
Load balancing based on application
priorities and application-based traffic
steering
EN
Scenario: During peak hours, non-key services preempt the bandwidth of high-
level video conferences. As a result, the conference experience is affected.
FPI
Yes
DPINo
User-Defined Application
• Intelligent application identificationSaaS first-packet identification
User-defined applications based on the quintuple or URL
• Application-based traffic steering, delivering
optimal application experience and maximizing
bandwidth utilizationDifferentiated route selection based on application priorities
Load balancing of key applications during peak hours
Internet SLA decrease and application-based traffic steering
Simplified Intelligent Open
AS-IS: During peak hours, the key services experience is poorTO BE: Assured key application experience
12
Application-driven Intelligent Experience
Optimization and Lossless Service Experience
Branch Cloud
VAS
Next-
generation ARvCPE
SaaS first-packet
identification
User-defined
applications (VIP)
WOC
Application
identification
Application-based traffic steering
FPI + DPI intelligent identification for
visualized and controllable network-wide
applications
SaaS first-time correct route selection, and in-depth
identification of complex applications
User-defined applications based on the quintuple or URL
Application-based traffic steering, delivering
optimal application experience and
maximizing bandwidth utilization
Intelligent load balancing of key applications during peak hours
Application SLA decrease and intelligent link switching
Transmission optimization of audio,
video, and large files
Ultra-fast Fillps, accelerating file transfer 100-fold and saving
bandwidth by 70%
Adaptive FEC, no frame freezing of audio and video services
with the packet loss ratio of 20%
Simplified Intelligent Open
13
Use Case: Intelligent O&M and Fault Location Within Minutes
Simplified Intelligent Open
As-Is: Complex O&M, Fault locating > 1 hour To-Be: Intelligent O&M, Fault locating < 1min
• Telemetry-based real-time monitoring
• Single dimension report based on link
• Experience-based analysis, average fault locating time > 1
hour
• 45+ multi-dimension reports based on app, user, link…
• Machine learning based intelligent analysis , locating faults in
minutes
• WAN monitoring every 5+ minutes
14
Simplified O&M and Visualized Management
Reduce OPEX by 80%
Video Teleconference BYOD service Email
AnalyzerIntent
template
Continuous
monitoring of traffic or
network status
Optimization policy (rate
limiting for non-key
applications, transmission
link adjustment, and WAN
optimization)
Fault
predictionIntelligent
O&M
Application
profileLink profile
Traffic
analysis
Policy association
TelemetryNETCONF
Correlation
analysis
Fault
tracing
Link/Application profile
• Real-time monitoring based on
Telemetry (link branch status at each
link or time, bandwidth usage of each
application, and application quality)
Big Data analytics
• Dynamic baseline, correlation analysis,
and fault knowledge base
• Dynamic baseline and application quality
evaluation based on supervised
algorithms
• The dynamic baseline is learned from the
fault knowledge base to determine new
problems.
Intelligent O&M
• The results based on Big Data analytics
help locate faults within minutes.
vCPE
Cloud
vFW vWoC
…
uCPE
BranchData center
Simplified Intelligent Open
15
Building Cloud-based Security Architecture
❑ Cloud Security
• Rights- and domain-based management
• Huawei Security Analyzer
• Deployment of firewalls and DDoS devices
on the Agile Controller
❑ Connection Security
• SSH-encrypted NETCONF
• Bidirectional Identity Authentication
between AC and CPE
• IPSec VPN
❑ Device Security
• Basic firewall: URL filtering,ACL,IPS,
Anti-DDOS, IPSec VPN,NAT
• Advanced firewall: vFW
Built-in IPS/IDS/
URL/FW filtering
Built-in Security VNF
CPE
uCPE
IPS
Huawei or 3rd Party’s VNF
DDOS DPI
AV SSL NGFW
CPE OS
IPS/URL/DPI/FW
Service Security: Provide E2E security portfolio for enterprises
Traffic analysis
Log analysis
Document behavior
Huawei Security Analyzer
Key technology
Rights- and domain-based
management
Deployment of firewalls and DDoS
devices on the Agile Controller
Device Security
MPLS
Internet
IPSeC VPN
Self-service Portal VAS Store BSS/OSS
SSH-encrypted NETCONF &
Bidirectional Identity Authentication
HTTPS
16
Open Ecosystem Overview
Cloud openness
• The Agile Controller is
deployed on the cloud,
reducing costs.
• vCPEs are deployed on
the cloud, optimizing SaaS
access experience.
API openness
• The Agile Controller
provides open northbound
APIs for easy integration.
VAS openness
• 10+ mainstream VASs,
flexible service selection
Capability Openness
E2E solution
• CPE + basic routing + SD-
WAN VNF + AC + third-
party VAS
Integration solution
• E2E solution + third-party
orchestrator
Full-decoupling
solution
• CPE + basic router
• SD-WAN VNF + Agile
Controller + third-party
orchestrator
Business Openness
vCPE Cloud
Internet
MPLS
…vWoC vFW
Branch/HQ
uCPE
Service
applications…
Interconnection
RESTful API
NETCONF
Cloud
management
platform
Huawei SD-WAN
BSS/OSSVNF Market Self-Service Portal
Simplified Intelligent Open
17
Huawei SD-WAN Cooperation Ecosystem
At MWC 2018, Huawei, Microsoft, Riverbed, and F5 &
EANTC jointly release the SD-WAN cooperation
ecosystem.
VAS
Public Cloud
Standards &
Organizations
Architecture
At HAS 2018, Ping An Technologies Co., Ltd. signs an intent-
driven network joint innovation agreement with Huawei and
releases SD-WAN innovative business practices.
Simplified Intelligent Open
18
Business Suggestions: Major Scenarios of
Enterprise SD-WAN
Global Interconnection
Global unified networking and management,
optimizing experience of cross-border applications
Evolution from the live
network
Compatibility with the live network and
gradual evolution to SD-WAN
19
Main Scenarios of Enterprise SD-WAN Construction
Global Interconnection Evolution from the Live Network
• Bandwidth increases by 10%, budget decreases by 10%.
• Applications experience is poor during peak hours.
• O&M teams are deployed globally and perform O&M separately.
• Stacking of devices (FW, WOC…) from vendors in branches,
manual onsite configuration, TTM > 3 months
Global unified networking and management,
optimizing experience of cross-border applications
1. Distributed controller + multi-PoP networking, hybrid link access, unified
management, and visualized O&M
2. Cross-border application experience assurance
3. All-in-one devices, accelerating the TTM
Multinational enterprises
Hybrid link access, smooth evolution of the
live network, and visualized O&M
1. Hybrid WAN, unified management, and visualized O&M
2. IaaS/SaaS application access, and experience optimization
3. Smooth evolution to SD-WAN and gradual migration to protect investments
Typical customer: Ping An Technology
• The costs of traditional MPLS capacity expansion are high.
• Branch services traverse the HQ and reach the cloud, resulting in
long delay and poor user experience.
• SD-WAN needs to be introduced step by step. SD-WAN and
traditional MPLS networks coexist.
20
Global WAN: Global Unified Networking, Unified Management, and
High-Quality Experience of Cross-Border Services
HQ (global DC)
MPLSInternet
Site Site
Regional
center
Site Site
Regional
center
MPLS
Site Site
Regional
center
Internet
Country A Country CCountry B
…
MPLS international private line
Internet international private line
Cross-border
China
Agile
Controller
…
Public
cloud
vCPE
vFW vWOC
…
uCPE
• Architecture: global interconnectionCPE + SD-WAN + distributed controller and third-party VASs (optional)
• Reliable: hierarchical networking and Hybrid WANHierarchical networking, over 10 interface types to flexibly support MPLS,
Internet, and LTE access of different carriers, and high reliability
• Optimized: application-based traffic steering and accelerationIntelligent Route Policy based on SLA, bandwidth, load balancing,
priority, and QoS, providing WAN optimization or intelligent policies for
key applications
• Quick: Fast branch networks and services ProvisioningZTP (email/USB/DHCP) and network deployment within minutes
Open uCPE supports over 10 mainstream VNFs
• Visible: unified management and configuration of the
distributed controller and visualized O&MReports based on applications, sites, users, and links, and fault location
within minutes
Application-based TrafficSteering and Acceleration
CPE/uCPE/VNF
Integration
Distributed ACTraditional Network
Interworking
Visualization
Multi-POP
• Bandwidth increases but budget decreases
• Applications experience is poor during peak hours.
• Multi-devices (FW, WOC…) ,manual onsite configuration,
Cross-border
deployment:
high reliability
and smooth
capacity
expansion
21
Smooth Evolution of the Live Network with Hybrid WAN
and Visualized O&M
…
Regional aggregation
Local access
Agile
Controller
• Architecture: live network evolutionCPE + SD-WAN + centralized controller
Hybrid WAN, interworking with traditional MPLS domains, gradual migration,
and smooth migration from the live network to SD-WAN to protect investments
• Compatible with non SD-WAN configuration, protect
current network investmentSupport SD-WAN and non SD-WAN automation configuration, simplify current
network management, and support the gradual evolution to SD-WAN
• SD-WAN and traditional network coexist, the current
business gradually migrateHuawei‘ all-serials CPEs support SD-WAN, Enterprise can migrate Service
gradually, ensure smooth operation of the business
• Visible: simplified, low-cost O&MReports based on applications, sites, users, and links, and fault location
within minutes
ZTP deployment (email/USB/DHCP) and network deployment within
minutes
Solution Highlights
• Traditional MPLS capacity expansion is costly.
• Branch services traverse the headquarters and
reach the cloud, resulting in long delay and poor
user experience.
• SD-WAN and traditional MPLS networks coexist.
Centralized
deployment
Core
Service
Internet
servicesNon-critical services
such as office
Public cloudMPLS Internet LTE
IGW
Traditional site SD-WAN site
Application-based TrafficSteering and Acceleration
CPE/uCPE/VNF
Integration
Distributed ACTraditional Network
Interworking
Visualization
Multi-POP
HQ (global DC)
22
Enterprise Business Model: Provides SD-WAN or Basic O&M
Editions for Flexible Selection
Enterprise customer
Service consultation
and planning
SD-WAN
• CPE/uCPE/vCPE: Huawei
• Agile Controller: Huawei
➢ Device management + SD-WAN license
(mandatory)
➢ WAN optimization and VNF management
(optional)
➢ Old devices must be upgraded to support
SD-WAN through software upgrade.
1
Basic O&M, SD-WAN ready
• CPE/uCPE/vCPE: Huawei
• Agile Controller: Huawei
➢ Device management license (mandatory)
• Capability to evolve for SD-WAN in the future
2
Controller purchase
CPE purchase
SD-WAN
Device management
SD-WANOverlay and route selection
WOCVNF
management
2
1
License
New site
Traditional CPEs gradually upgraded
and migrated to SD-WAN.
Old site
23
Huawei SD-WAN Solution Product Portfolio
⚫ Multi-tenant: automatic and unified
management of up to 20,000 CPEs at
10,000 sites; multi-tenant O&M
⚫ Public cloud deployment: AWS,
Azure, HUAWEI CLOUD
⚫ Openness: standard northbound APIs
for easy service integration with third-
party self-service Portal, BSS/OSS, etc.
HuaweiUSG6000V
Eudemon1000E-V
⚫ High performance: scale up to 320G
⚫ Multi-platform compatibility: KVM,
FusionSphere, VMware, etc.
⚫ Flexible deployment:
branch/PoP/DC/public cloud
Universal Server(X86 architecture)
Hypervisor(KVM/VMWare/FusionSphere)
AR1000V
Router VPN QoSEth/IPSecurity
Advanced vCPE
Extends SD-WAN to the Cloud
Mainstream VNFs
On-demand VAS provisioning
SD-WAN CPE
Flexible networking
AR160 Series AR3200 Series
AR650 Series AR1600 Series AR2600 Series
AR2240 Series
uCPE
CPE
Agile Controller
Automation and visibility
⚫ Multi-service convergence: data, voice, security,
WLAN, and LTE ⚫ Optimal branch service experience: multi-core
architecture and excellent performance⚫ Modular design, covering all types of branch
scenarios
⚫ In-depth ICT convergence, uBox design, and
dynamic loading of VAS applications⚫ NFV architecture, automatic management of local
VASs, and fast VAS provisioning⚫ Flexible deployment modes, such as email and
barcode scanning, simplifying management
24
uCPE with x86 Open Architecture and On-demand VASs
NFV open platform based on the x86
architecture, achieving architecture
decoupling
Intel 4/8 XEON, supporting SD-WAN
high-performance forwarding
LTE flexible extension card, supporting
on-demand expansion of 4G servicesIt is the next-generation image of Huawei's uCPE. It allows multiple
VNFs to be installed, and supports scalable hard disk and LTE
interfaces.
——Good Design Award Judging Panel
AR2600 SeriesAR1610-X6AR650 Series
25
CPE with Next-generation ARM Architecture Helps
Build Cost-effective Networking
AR1200/2200
AR160 Series
Traditional CPE, supporting
SD-WAN evolution
Next-generation CPE
ARM platform, delivering
high performance
AR3260
SD-WAN
service
performance
500M
1G
10G
40G
AR650 Series
AR1600/AR2600 Series
AR3660
Multi-service integration including voice,
security, VPN, and WOC
Huawei-developed ARM chip, with over
30% higher performance than equivalent
products of other vendors
Modular design for cards and flexible
expansion of cards such as LTE, xDSL,
and PON cards
26
High-performance Multi-platform vCPE Allows
Services to Be Extended to the CloudCompatible with mainstream virtual platforms,
Multi-Cloud service flexible choice
Huawei Cloud:FusionSphere 6.0/6.1
Amazon AWS: Amazon Machine Image
Microsoft Azure: Hyper-V
VMWare 5.5/6.0
Red Hat KVM
Optimal path to Cloud
IaaS Access Speed 5X
The AR1000V is directly connected to the
cloud to avoid bypassing the headquarters
AR1000V
Public Cloud
VPC
VPC
Private Cloud
AR1000V
Internet
MPLS LTE
Branch
CPE/uCPE Multiple clouds for
enterprise businesses
27
Industry-wide Recognition of Huawei SD-WAN Solution
One of the world's most popular SD-
WAN Solution Providers
A survey of more than 1200 enterprises from
across the globe
A Preferred SD-WAN Solution
ProviderFrom 2017 SD-WAN and Virtual Edge Report The Evolving
SD-WAN, vCPE and uCPE Landscape
The Only SD-WAN Solution
Provider to Pass EANTC Testing
The scalability, CPE, link resiliency, and application
visibility of Huawei SD-WAN Solution has been tested.
The test results show that Huawei passes EANTC's
stringent testing.
ONUG: Right Stuff Innovation Award
AR650: Good Design Award
It is the next-generation image of Huawei's
uCPE. It allows multiple VNFs to be installed,
and supports scalable hard disk and LTE
interfaces.”
——Good Design Award
Judging Panel
With its SD-WAN solution and CloudAPP,
Huawei competed with vendors from North
America for the first time. After stringent
evaluation tests, Huawei stood out and
received praise from the judges.
http://www.huawei.com/cn/news/2017/10/SD-WAN-
ONUG-Right-Stuff-Innovation-Award
http://www.g-mark.org/award/describe/45177
https://www.onug.net/about/press-info/recipients-
innovation-awards-recognized-onug-fall-2017/
http://e.huawei.com/cn/news/china/2017/201
710171507
28
Customer Requirements Business Value
⚫ Increasing bandwidth requirements
⚫ Network deployment taking several days.
⚫ 2000+ sites, difficulty in locating faults
Huawei SD-WAN Solution Helps Ping An Technology Quickly Roll Out AI Customer Service
⚫ No trained personnel are
required and deployment is
carried out remotely.
Leased line cost
⚫ 10M-30M Internet replaces 2M-
10M MPLS link.⚫ Application-based traffic steering
40%
Network deployment
30 minutes
OPEX
⚫ Visualization based on the
entire network, branch, users,
and applications
75%
29
Customer Requirements Business Value
Huawei Uses SD-WAN to Achieve 100 ms Latency for Branches
Worldwide and Optimize Connectivity and Application Experience
Optimize cloud and
remote branch application
experience
Bandwidth cost
Hybrid WAN, Bandwidth
usage: 60% -> 90%
20%
Application
experience
5x
VAS
provisioning
Fast provisioning of
VASs such as Riverbed
vWOC and F5 Proxy
30 minutes
O&M cost
45+ reports by
application, link, site, and
user, and fault prediction
80%• ↑40% YoY in WAN traffic with ↑10% YoY budget
• Poor experiences for bandwidth conflicts of 600+ apps
• New Remote Branch Service TTM > 3 months
1000+ sites, 955 private lines, 600G, 160 countries
Thank You
