Product Description (Super, Compatible With X86) : Imaster Nce V100R019C00

iMaster NCE
V100R019C00
Product Description (Super,

Compatible with x86)
Issue 06
Date 2020-03-30
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees
or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: https://www.huawei.com
Email: [email protected]
Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. i

iMaster NCE
Product Description (Super, Compatible with x86) About This Document
About This Document
Purpose
This document describes the network position, highlights, architecture,
configuration, functions and features, and usage scenarios of iMaster NCE. With
this document, you can obtain an overall understanding of this product.
Intended Audience
This document is intended for:
● Network planning engineers
● Data configuration engineers
● System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk which,

if not avoided, will result in death or serious
injury.
Indicates a hazard with a medium level of risk

which, if not avoided, could result in death or
serious injury.
Indicates a hazard with a low level of risk which,

if not avoided, could result in minor or moderate
injury.
Indicates a potentially hazardous situation which,

if not avoided, could result in equipment damage,
data loss, performance deterioration, or
unanticipated results.
NOTICE is used to address practices not related to
personal injury.
Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. ii

iMaster NCE
Symbol Description
Supplements the important information in the

main text.
NOTE is used to address information not related
to personal injury, equipment damage, and
environment deterioration.
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Convention Description
Boldface Buttons, menus, parameters, tabs, windows, and

dialog titles are in boldface. For example, click OK.
> Multi-level menus are in boldface and separated

by the ">" signs. For example, choose File > Create
> Folder.
Command Conventions
The command conventions that may be found in this document are defined as
follows.
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italic.
[] Items (keywords or arguments) in square brackets

[ ] are optional.
{ x | y | ... } Optional items are grouped in braces and

separated by vertical bars. One is selected.
[ x | y | ... ] Optional items are grouped in square brackets and

separated by vertical bars. One or none is selected.
{ x | y | ... } * Optional items are grouped in braces and

separated by vertical bars. A minimum of one or a
maximum of all can be selected.
[ x | y | ... ] * Optional items are grouped in square brackets and

separated by vertical bars. A maximum of all or
none can be selected.
Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. iii

iMaster NCE
Change History
Issue Date Description
06 2020-03-30 Updated the document based on

requirements in SPC601.


03 2019-10-11 A few defects in the description have been

rectified.
02 2019-09-30 Updated the 4 Deployment Schemes and

configuration requirements. For details
about key feature changes, see section 2
New Features.
01 2019-08-30 This issue is the first official release.
Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. iv

iMaster NCE
Product Description (Super, Compatible with x86) Contents
Contents
About This Document................................................................................................................ ii

1 Introduction.............................................................................................................................. 1
1.1 Positioning................................................................................................................................................................................. 1
1.2 Highlights................................................................................................................................................................................... 3
1.2.1 Highlights of NCE (Super)................................................................................................................................................ 4
1.2.1.1 E2E Multi-Domain Service Deployment................................................................................................................... 4
1.2.1.2 IP+Optical Synergy........................................................................................................................................................... 9
1.2.1.3 Fast Multi-Vendor Integration (SBIs)...................................................................................................................... 13
1.2.1.4 Open NBIs......................................................................................................................................................................... 14
1.2.1.5 Service DIY........................................................................................................................................................................ 15
2 New Features......................................................................................................................... 16
3 Architecture............................................................................................................................ 18
3.1 Solution Architecture........................................................................................................................................................... 18
3.2 Software Architecture.......................................................................................................................................................... 21
3.3 External Interfaces................................................................................................................................................................ 23
3.3.1 NBIs........................................................................................................................................................................................ 24
3.3.1.1 SNMP NBI......................................................................................................................................................................... 25
3.3.1.2 RESTful NBI...................................................................................................................................................................... 25
3.3.2 SBIs......................................................................................................................................................................................... 27
4 Deployment Schemes........................................................................................................... 30
4.1 On-Premises Deployment.................................................................................................................................................. 30
4.1.1 Deployment on Virtual Machines................................................................................................................................ 30
4.2 Deployment on Private Clouds.........................................................................................................................................34
4.3 EasySuite Deployment Tool............................................................................................................................................... 36
5 Configuration Requirements.............................................................................................. 37
5.1 Server Hardware Configurations for On-Premises Deployment...........................................................................37
5.2 VM Configurations for Private Cloud Deployment....................................................................................................37
5.3 Server Software Configurations....................................................................................................................................... 39
5.4 Client Configurations........................................................................................................................................................... 40
5.5 Bandwidth Configurations................................................................................................................................................. 41
6 Functions and Features........................................................................................................ 44
Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. v

iMaster NCE
6.1 System and Common Functions...................................................................................................................................... 44

6.1.1 System Management....................................................................................................................................................... 44
6.1.2 Alarm Management......................................................................................................................................................... 48
6.1.3 Security Management...................................................................................................................................................... 61
6.1.3.1 User Management......................................................................................................................................................... 62
6.1.3.2 Log Management........................................................................................................................................................... 69
6.2 Service Provisioning..............................................................................................................................................................73
6.2.1 Automated Private Line Provisioning......................................................................................................................... 73
6.2.2 Multi-Layer Network Navigator................................................................................................................................... 74
6.3 Analysis and Assurance....................................................................................................................................................... 74
6.3.1 Private Line Analysis and Assurance........................................................................................................................... 74
6.3.2 What-If Analysis................................................................................................................................................................. 76
6.3.2.1 IP+Optical Network Simulation Analysis............................................................................................................... 77
6.3.2.1.1 Data Synchronization................................................................................................................................................ 77
6.3.2.1.2 Topology Display.........................................................................................................................................................79
6.3.2.1.3 Traffic Simulation Analysis...................................................................................................................................... 81
6.3.2.1.4 TE Simulation Analysis..............................................................................................................................................84
6.3.2.1.5 Failure Simulation Analysis..................................................................................................................................... 87
6.3.2.1.6 Multi-layer link Activation or Deactivation Simulation Analysis............................................................... 92
7 Usage Scenarios...................................................................................................................101
7.1 Private Line........................................................................................................................................................................... 101
7.1.1 IP RAN Private Line........................................................................................................................................................ 101
7.1.2 SPTN Private Line............................................................................................................................................................ 118
7.1.3 Comprehensive Multi-Domain Private Line........................................................................................................... 126
7.1.4 Optical Multi-Domain Private Line........................................................................................................................... 141
7.1.5 Multi-Cloud Interconnect............................................................................................................................................. 147
7.2 IP+Optical Solution............................................................................................................................................................ 148
8 High Availability..................................................................................................................166
8.1 Local HA................................................................................................................................................................................ 167
8.2 Disaster Recovery Solutions............................................................................................................................................ 170
9 Security.................................................................................................................................. 178
9.1 Security Architecture......................................................................................................................................................... 178
9.2 Security Functions.............................................................................................................................................................. 179
10 Privacy Protection............................................................................................................. 182

10.1 Personal Data Scenario.................................................................................................................................................. 182
10.2 Principles and Key Technologies................................................................................................................................. 183
11 Specifications..................................................................................................................... 184
11.1 System-Wide Performance Specifications............................................................................................................... 184
11.2 NE Management Capabilities and Maximum Concurrent Client Connections...........................................187
11.3 Service Management Capabilities.............................................................................................................................. 188
Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. vi

iMaster NCE
11.4 Equivalent Coefficients................................................................................................................................................... 189

11.4.1 Equivalent NEs in the Transport Domain............................................................................................................. 190
11.4.2 Equivalent NEs in the IP Domain............................................................................................................................ 197
11.5 Equivalent Routes............................................................................................................................................................ 205
12 Version Requirements...................................................................................................... 207

12.1 Version Mapping Between NCE (Super) and Connected Controllers............................................................ 207
A Appendix............................................................................................................................... 210
A.1 Standards Compliance...................................................................................................................................................... 210
A.2 Glossary................................................................................................................................................................................. 216
Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. vii

iMaster NCE
Product Description (Super, Compatible with x86) 1 Introduction
1 Introduction
1.1 Positioning
1.2 Highlights
1.1 Positioning
Trends and Challenges
With the rapid development of the Internet industry and the advent of the cloud
era, new business models are emerging one after another, and enterprises are
moving towards cloudification and digitalization. The telecom industry, as a digital
transformation enabler for various industries, faces both challenges and new
business opportunities.
Service cloudification results in great flexibility and uncertainty in service
applications. However, there is a huge gap between carriers' infrastructure
networks and various applications.
● A large number of legacy networks coexist with newly-built software-defined
networking/network functions virtualization (SDN) networks, making it
difficult or costly to adapt to new services. Especially, deploying enterprise
private line services encounters long time to market, slow customer response,
and inflexible packages.
● With the migration of enterprise applications to the cloud and the
development of new services such as the telecom cloud, the network traffic in
carriers' pipes is more dynamic and unpredictable, making traditional network
planning and optimization impracticable and posing high requirements on
Service Level Agreement (SLA).
● With the continuous increase in the network scale and complexity, O&M
complexity is intensified. Carriers urgently need to take automatic deployment
measures to reduce the skill requirements for O&M personnel and effectively
control the operating expense (OPEX) in a long term.
Therefore, an intelligent adapter layer (that is, a brand-new management, control,
and analysis system) needs to be established between the service applications and
the infrastructure networks. The system must be able to abstract network
resources and capabilities, implement automatic and centralized scheduling, and
Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. 1

iMaster NCE
allow application developers to conveniently invoke various network capabilities to

continuously innovate services and applications at an unpredicted rate.
Product Positioning
As an NCE component, NCE (Super) works as a hybrid network controller to
enable network service automation and self-optimization across layers, domains,
and vendors.
Traditionally, a carrier network is divided into different domains (from technical or
management perspectives), and these domains are managed independently like
isolated islands. It is difficult and time-consuming to create, deploy, and maintain
E2E network services.
NCE (Super) helps carriers eliminate information, management, and operations
silos and accelerate their migration to flexible, hybrid, and multi-vendor networks.
NCE (Super) has the following key features:
● Open Intent API: shields network complexity, simplifies network parameters,
and accelerates OSS/orchestrator integration.
● Model-driven design: combines different basic models into E2E service
templates, which accelerates the development and deployment of new
services.
● Multi-domain multi-layer orchestration: reduces manual errors and repetitive
manual operations and improves service quality.
– SLA assurance and the orchestration engine enable automation and self-
optimization of E2E B2B private line services.
– IP+optical synergy enables E2E multi-layer optimization and simulation.
● Cloud broker: enables one-stop provisioning of cloud+network services
through multi-cloud pre-integration.
● No vendor lock-in: quickly integrates third-party controllers and NMSs
through a multi-vendor integration framework and various plugins.
NCE (Super) applies to a wide range of scenarios, such as B2B private line, IP
+optical, and cloud broker scenarios, allowing carriers to design and deliver high-
quality services more quickly and easily.

iMaster NCE
Figure 1-1 network positioning
1.2 Highlights
NCE is a network lifecycle automation platform that integrates management,
control, and analysis. It focuses on service self-adaptation, O&M automation, and
network autonomy to support carriers' transformations to network cloudification
and digital operations.
Unified Management and Control Supporting Smooth Network Evolution

NCE unifies the management and control of SDN and non-SDN (legacy) networks.
It fully utilizes the automation advantages of the SDN network, maximizes the
value of existing networks, and reduces the technical difficulty and risk of network
evolution.
Simplified Provisioning and Maintenance of Multi-Layer Multi-Domain

Services
NCE provides full-lifecycle service O&M, covering service design, resource
preparation, service provisioning, service adjustment, and service assurance. This
enables flexible service combination, on-demand service design, and rollout of
new services within days, one-stop service provisioning across domains,
technologies, and vendors, one-stop integration, and bandwidth on demand
(BOD).
The NCE-based IP+optical solution provides functions such as multi-layer network
discovery and visualization, multi-layer network deployment, multi-layer
protection, multi-layer optimization, and multi-layer what-if analysis.
Network Analysis Providing Proactive Maintenance Based on Big Data

NCE uses technologies such as telemetry to collect network-wide data in real time.
With the help of its big data platform and flexible optimization strategies, NCE

iMaster NCE
implements panoramic display and in-depth analysis of the quality and traffic
data of the entire network, to ensure that the network is running stably and
accurately implementing its users' intent.
Cloud Platform Supporting Flexible Deployment

NCE greatly simplifies O&M by using a unified cloud platform to provide O&M
portals and user authentication, identical API proxy, unified installation,
deployment, and upgrade, as well as consistent data models throughout the
lifecycle.
NCE adopts a cloud service architecture, and its management, control, and
analysis modules can be deployed on demand to meet different customer
requirements in different scenarios.
Open Interfaces Implementing Agile DevOps

NCE provides open southbound and northbound interfaces. The northbound
interfaces are RESTful APIs that connect third-party platforms. With such
interfaces, NCE allows flexible integration, reuse, and combination of existing
microservices and third-party capabilities so that carriers and third-party partners
can quickly develop and customize innovative service applications to adapt to
diversified and changing business scenarios and network technologies.
1.2.1 Highlights of NCE (Super)
1.2.1.1 E2E Multi-Domain Service Deployment

NCE (Super) is capable of full service lifecycle management. It provides one-stop
resource management, flexible service design, agile service deployment, and
reliable service assurance.
Figure 1-2 Full service lifecycle management

iMaster NCE
One-Stop Resource Management

Resource management includes resource discovery and planning, which lay the
foundation for service design and deployment. NCE (Super) manages a wide
range of resources, including domain controllers, sites, NEs, ports, links, and
domains.
● Resource discovery
Resource discovery refers to the process of synchronizing resource data from
domain controllers or EMSs in one click. Currently, NCE (Super) supports the
following resource discovery modes:
– Manual full or incremental synchronization: synchronizes resource data
from domain controllers or EMSs in full or incremental mode through a
scheduled resource discovery task.
– Batch import: imports resource data to NCE (Super) in batches.
– Synchronization from specific NEs: synchronizes resource data from NEs
specified on NCE (Super).
– Manual or automatic inter-domain link discovery: discovers inter-domain
links through an inter-domain link discovery task according to the
corresponding inter-domain link discovery policy.
Table 1-1 Resource discovery

Discovery Mode Resource Type Supported
Controller/EMS Type
Manual full or Site, NE, port, and link NCE (IP Domain),
incremental NOTE NCE (Transport
synchronization Manual full or Domain), NCE
incremental (Management Plane),
synchronization can U2000,
also be used to collect
OCh, OTN line, and NokiaNSP, FiberHome
tunnel information. controller, and ZTE
controller
Batch import Site, NE, port, and link NCE (IP Domain),
NCE (Transport
Domain), NCE
(Management Plane),
U2000,
NokiaNSP, FiberHome
controller, and ZTE
controller

iMaster NCE

Controller/EMS Type
Synchronization from NE, port, and link NCE (IP Domain),

specified NEs NCE (Transport
Domain), NCE
(Management Plane),
U2000,
NokiaNSP, FiberHome
controller, and ZTE
controller
Manual or automatic Inter-domain link NCE (IP Domain),

inter-domain link NCE (Transport
discovery Domain), NCE
(Management Plane),
U2000,
NokiaNSP, FiberHome
controller, and ZTE
controller
● Resource planning
Resource planning includes NE role definition, domain division, and inter-
domain link planning.
– NE role definition: An NE can play different roles, such as autonomous
system boundary router (ASBR), superstratum provider edge (SPE), cell
site gateway (CSG), aggregation site gateway (ASG), and radio service
gateway (RSG), in different usage scenarios.
– Domain division: A domain can contain network devices that support
multiple protocols and operate at different rates. An NE can belong to
multiple domains. For example, a device located in the intersected or
tangent point of an access ring and the core ring belongs to two
forwarding domains.
Domains and NE roles are often used for resource identification and
filtering.
▪ In service design scenarios, NE roles and domains are used to define

service types, decoupling service definition from specific network
resources.
▪ In service provisioning scenarios, NE roles and domains are used to

filter network-wide resources so that only the resources required by a
specific service type are listed.
– Inter-domain link planning: In multi-domain service provisioning
scenarios, inter-domain links must be manually created for inter-domain
routes.
– Intra-domain path planning: Strict explicit path planning inside a domain
is supported. For example, you can specify NEs or links that a pair of
primary and secondary paths must pass through. During service
provisioning, service paths must be computed based on planned intra-
domain paths. NCE (Super) can automatically generate paths based on

iMaster NCE
preset intra-domain path planning rules. You can also manually plan
paths.
Flexible Service Design

NCE (Super) provides an E2E service design platform, which allows service
planning engineers to design services across domains and technologies and
generate service policies through one-off service design, simplifying service
provisioning and management.
● Policy management
QoS and routing policies synchronized from domain controllers can have
differences from networks or vendors masked in service design. After SLA
policies are formulated and quantitative service requirements are provided,
NCE (Super) automatically monitors service status accordingly.
Table 1-2 Policy description
Policy Description
QoS profile NCE (Super) allows you to create

and synchronize traffic classifiers
and QoS policies, create traffic rules,
and synchronize queue profiles.
Routing policy NCE (Super) allows you to

synchronize prefix addresses and
routing policies from NCE (IP
Domain).
SLA policy NCE (Super) allows you to monitor

service status based on indicators
such as delay, packet loss rate, jitter,
throughput, and availability defined
in an SLA policy.
● Service template design

Service template design involves the following functions:
– Service template design: Describe the basic features of a service, such as
the service type (L2VPN or L3VPN) and service topology type (Point-to-
point/Full-mesh).
– Port template design: Describe the default parameter settings for each
service access point, such as whether a service access point is a Hub or
Spoke node and whether a service access point plays the primary or
secondary role in BGP dual-homing protection.
– Policy design: Describe the multi-domain connection policy (Option A or
Option C), multi-domain routing algorithm, and multi-domain protection
policy.
– E2E composite VPN policy design: Describe the E2E QoS adjustment
policy and resource pool policy of a composite VPN.
– Service template verification: Verify a service template in JSON format.

iMaster NCE
– Service template publishing: Publish a service template to the service

catalog library after it passes verification. The customer manager can
then use the published service template to provision and manage
services.
● Service template support
Figure 1-3 Supported service models
Agile Service Provisioning

● Agile service provisioning
NCE (Super) allows you to quickly create a private line service or add service
access points to an existing service.
The service provisioning process is as follows:
a. A user selects a service template. Only published service templates can be
used for service provisioning.
b. The user configures the service name and PE access points and sets
access parameters, such as VLAN, QoS policy, and routing policy
parameters.
c. (Optional) The user sets protection group, routing constraint, and
extended parameters (including customized extended parameters)
according to the service scenario.
d. NCE (Super) performs path computation before service provisioning and
displays the computation result on a topology. NCE (Super) orchestrates
domain controllers and inter-domain resources to compute E2E paths.
Currently, the supported path computation policies include Shortest path
first, Low delay, Load balancing, and Multiple elements.
Multiple elements path computation indicates that path computation
can be performed based on the requirements of comprehensive optimal,

iMaster NCE
least hop, least delay, and least distance. You can select the optimal path
based on the path computation result.
e. The user clicks Provision to provision the service. NCE (Super) delivers
service connection segments to the corresponding domain controllers
based on the path computation result.
● Service verification
After the service is provisioned successfully, the user can perform connectivity
and throughput tests to verify the delivered service.
On-Demand Bandwidth Adjustment

After a service is provisioned, its bandwidth can be adjusted on demand. NCE
(Super) provides two bandwidth adjustment methods, bandwidth on demand
(BOD) and bandwidth calendaring (BC):
● BOD: adjusts the QoS configurations of services on demand. QoS
configuration adjustment can be achieved by directly changing the service
bandwidth or modifying the QoS policy template.
● BC: adjusts service bandwidth at scheduled times based on the configured
bandwidth calendar. Service bandwidth adjustment is implemented in the
same way for BC and BOD. BC supports both periodic bandwidth adjustment
and one-time bandwidth adjustment.
Reliable Service Assurance

● Visualized private line SLA
NCE (Super) monitors all tenants, private line traffic, and SLA indicators to
discover private line traffic or SLA threshold-crossing events. This allows you
to learn the running status of private line services and analyze the changes of
private line traffic and quality to perform specific maintenance.
● Rapid private line fault demarcation
Multi-layer topology display, network fault diagnosis, and correlative KPI
analysis enable fault demarcation within minutes, accelerate trouble ticket
dispatching, minimize incorrect trouble tickets, and improve troubleshooting
efficiency.
– Multi-layer topology display: Private lines are displayed on the topology
from the perspectives of E2E connections, VPN segments, and physical
network in a coarse-to-fine fashion.
– Network fault diagnosis: Ping and traceroute are used to demarcate the
connectivity faults of private lines.
– Correlative KPI analysis: The SLA deterioration faults of a private line can
be demarcated by analyzing SLA indicators, traffic indicators, and
interface optical power indicators.
1.2.1.2 IP+Optical Synergy

The SDN-based IP+optical feature mainly applies to IP+optical backbone networks.
NCE, a full lifecycle O&M platform, provides functions such as automated multi-
layer network discovery and visualization, automated multi-layer network
deployment, multi-layer network protection, multi-layer network optimization,
and multi-layer what-if analysis.

iMaster NCE
Multi-Layer Network Discovery

NCE (Super) collects IP+optical network resources through multi-layer discovery
and stores collected resources for later management. Multi-layer discovery is the
prerequisite for multi-layer network management. Currently, NCE (Super) can
manage the following resources: NEs, ports, cross links, multi-layer links, and sites.
● Resource discovery
Resource discovery refers to the process of synchronizing resource data from
domain controllers or EMSs in one click. Currently, NCE (Super) supports the
following resource discovery modes:
– Manual full or incremental synchronization: synchronizes resource data
from domain controllers or EMSs in full or incremental mode through a
scheduled resource discovery task.
– Batch import: imports resource data to NCE (Super) in batches.
– Synchronization from specific NEs: synchronizes resource data from NEs
specified on NCE (Super).
– Manual or automatic inter-domain link discovery: discovers inter-domain
links through an inter-domain link discovery task according to the
corresponding inter-domain link discovery policy.
Table 1-3 Resource discovery

Controller/EMS Type
Manual full or NE, port, and link NCE (IP Domain),

incremental NOTE NCE (Transport
synchronization Manual full or Domain), NCE-IP-T
incremental
synchronization can
also be used to collect
OCh, OTN line, and
tunnel information.
Batch import NE, port, and link NCE (IP Domain),

NCE (Transport
Domain), NCE-IP-T
Synchronization from NE, port, and link NCE (IP Domain),

specified NEs NCE (Transport
Domain), NCE-IP-T
Manual or automatic Inter-domain link NCE (IP Domain),

inter-domain link NCE (Transport
discovery Domain), NCE-IP-T
● Resource planning
– Cross link management: A cross link refers to a link between an IP NE
and a transport NE. Cross link management plays a key role in IP+optical
synergy. It records connections between routers and transport devices and
bridges the IP layer and optical layer.

iMaster NCE
Table 1-4 Cross link management

Management Method Description
Manual creation Manually create one or more cross

links.
Template import Create cross links in batches by

importing a template.
Automatic discovery ● Create a resource

synchronization task to
automatically synchronize basic
resource data, including cross
link data.
● Click Discover on the Cross
Link Discovery page to
automatically discover cross
links based on data from
domain controllers.
NOTE
Currently, cross links can be
automatically discovered only in IP
(OTN board) + WDM (OTN tributary
board), and IP (Ethernet board) +
WDM (OTN tributary board)
scenarios.
– Site management: A site corresponds to one or more equipment rooms.

Sites are manually created based on the geographical location of devices.
The IP NEs and optical NEs synchronized to NCE (Super) must be added
to sites or set as independent NEs before they can be managed by NCE
(Super) and displayed in the topology view.
– Multi-layer link discovery: After synchronizing client service paths, Layer 2
links, and IGP links from NCE (Transport Domain) and NCE (IP Domain),
NCE (Super) produces multi-layer links based on synchronized
information. Multi-layer links deployed on the live network through the
NMS or CLI can be smoothly migrated to NCE (Super) for centralized
management and control.
Multi-Layer Network Deployment

Multi-layer network deployment refers to the process of provisioning and
managing multi-layer links.
Multi-layer network deployment involves the following functions:
● Create multi-layer links manually or by importing a template.
● Place two multi-layer links in a disjoint group, so that the optical paths of the
two multi-layer links do not overlap.
● Activate or deactivate multi-layer links. Activating a multi-layer link means to
create an optical path and deliver IP link configurations for the link.
Deactivating a multi-layer link means to delete the optical path and IP link
configurations of the link.

iMaster NCE
● Apply optically-aware IP routing, so that during the activation of a multi-layer

link, NCE (Super) delivers the optical attributes (including SRLG and delay) for
the link to the corresponding IP link.
● Use idle resources in the port resource pool to protect multi-layer links
against port faults through multi-layer restoration by router port (MLR-P) or
against node faults through multi-layer restoration by any node (MLR-N).
Table 1-5 Supported multi-layer interconnection scenarios
Scenario Description
IP (OTN board) + OTN (OTN WSON is enabled on the WDM

tributary board) + WSON network. Routers use OTN boards to
interconnect with OTN tributary
boards on WDM devices.
IP (OTN board) + OTN (OTN Electrical-layer ASON is enabled on

tributary board) + electrical-layer the WDM network. Routers use OTN
ASON boards to interconnect with OTN
tributary boards on WDM devices.
IP (Ethernet board) + OTN (OTN WSON is enabled on the WDM

tributary board) + WSON network. Routers use Ethernet
boards to interconnect with OTN
tributary boards on WDM devices.
IP (Ethernet board) + OTN (OTN Electrical-layer ASON is enabled on

tributary board) + electrical-layer the WDM network. Routers use
ASON Ethernet boards to interconnect with
OTN tributary boards on WDM
devices.
Multi-Layer Monitoring
Multi-layer monitoring enables multi-layer visualization for unified management
and display of IP and optical networks. Multi-layer monitoring provides the
following functions.
● Displays the IP+optical network topology in a unified manner.
● Provides the multi-layer topology view, multi-layer fault view, multi-layer
performance view, and multi-layer analysis view to integrate information from
different dimensions.
● Uses new protocols to synchronize network topology information in real time.
These protocols include southbound protocols such as BGP-LS and OSPF-TE
and northbound protocols such as RESTCONF, WebSocket, and SSE.
● Displays a 3D topology.
Multi-Layer Optimization
● Multi-layer network BOD: NCE (Super) provides traffic load analysis results
and allows you to perform multi-layer link BOD to quickly expand network
capacity on demand. If the traffic rate of a multi-layer link reaches the preset

iMaster NCE
threshold, you can quickly expand the network capacity without changing the
IP network topology. When the traffic rate of a multi-layer link decreases, you
can restore the original link bandwidth to release resources. Manual and
automatic BOD are both supported.
● Multi-layer reoptimization: If a device port goes down, the E2E status of the
corresponding tunnel also changes to down, resulting in SLA deterioration. In
this case, NCE (Super) can perform multi-layer reoptimization for the severely
affected TE tunnel, enabling rapid service recovery.
Multi-Layer What-If Analysis

What-if analysis evaluates the fault risks of key network NEs and links to provide
reference for network O&M personnel to maintain the network in a better way.
Simulation Scenario Description
Fault simulation Simulates faults on IP and optical nodes or links.
Multi-layer link Simulates operations such as multi-layer link activation,

activation, deactivation, and BOD to reduce operation risks.
deactivation, and
BOD simulation
Traffic simulation Simulates one or more flows to analyze the impact of

newly added flows on other traffic.
1.2.1.3 Fast Multi-Vendor Integration (SBIs)

NCE (Super) can interconnect with multi-vendor domain controllers that comply
with the standard SBI model through interface protocols such as RESTful.
Currently, NCE (Super) can interconnect with Huawei domain controllers such as
NCE (Transport Domain) and NCE (IP Domain) and third-party domain controllers
(such as Nokia NSP, ZTE, and FiberHome controllers).
NCE (Super) supports fast multi-vendor integration through SBIs. To be specific,
NCE (Super):
● Supports multiple types of network connections, including L0 (OCh), L1
(client, SDH, and ODUk), L2VPN (VLL, VPLS, and EVPL), BGP MPLS L3VPN,
and EVPN.
● Provides a plug-in framework that enables fast deployment of third-party
plug-ins.
– Provides a script-based language for fast plug-in development:
▪ Simplified scenario: The template language FreeMarker can be used

for simple text editing.
▪ Complex scenario: The object language Python or Groovy and

general integrated development environment (IDE) can be used for
plug-in script debugging and verification.
– Provides a separate script running environment (sandbox) to ensure that
third-party scripts do not damage the system.

iMaster NCE
– Supports dynamic loading of plug-ins:
▪ The plug-in framework and service processes are decoupled, enabling

plug-ins to be loaded without a system restart or upgrade.
▪ Dynamically loaded plug-ins enable NCE (Super) to manage multiple

versions and instances of third-party devices.
● Interconnects with third-party domain controllers within one month.
Figure 1-4 Multi-vendor integration
1.2.1.4 Open NBIs

NCE (Super) provides service intent interfaces. This type of interface abstracts
tenant-based service intents, including content and SLA information, and hides
carrier's networking and access technology differences. It is extended based on
Open Networking Foundation (ONF) and IETF standards and applies to various
upper-layer OSS integration and Over the Top (OTT) applications.
The differences between interconnecting the OSS/BSS with the element

management system (EMS) of a traditional network and interconnecting the
OSS/BSS with NCE (Super) are as follows:
● The EMS provides network- or resource-oriented NBIs. The interconnection is

closely related to technical implementation or even vendors. Carriers must
rely on the OSS/BSS and EMS vendors to complete customized development,
which has high technical requirements.
● NCE (Super) abstracts the network or resource models of the domain
controllers and EMS into service models. This simplifies the configuration and
development of NBI parameters and decouples service development from
vendor-specific technologies.
For details about NBIs, see NCE V100R019C00 REST NBI API Developer Guide.

iMaster NCE
1.2.1.5 Service DIY
Feature Customization
NCE applies to various service scenarios and vendor devices. Scenarios and
vendors require different features and parameters. To improve openness, NCE
(Super) provides the feature customization capability, enabling on-demand service
parameter customization.
Feature customization is a new function provided by NCE (Super) for further
openness. This function allows you to customize parameters for customer
networks and services without developing or releasing new versions.

iMaster NCE
Product Description (Super, Compatible with x86) 2 New Features
2 New Features
This section describes the changes in key features compared with the previous
NCE version.
Table 2-1 New features of NCE (Super)

Function/Feature Change Type Change Description
Quick multi-vendor Enhanced ● A sandbox

integration in the environment is
southbound direction provided for third-
party scripts to ensure
system security.
● Professional service
personnel can develop
and publish
adaptation packages
for interconnection
with third-party
domain controllers.
Developing a new
product version is not
required.
Architecture capability Enhanced ● Service history

playback and service
recycle bin are
supported.
● A cascading
architecture is
provided.

iMaster NCE
Product Description (Super, Compatible with x86) 2 New Features
Function/Feature Change Type Change Description
Flexible service design, Enhanced ● EVPN, VPWS/VPLS,

service deployment, and and SRv6-BE services
service assurance are supported.
● Multi-domain client
services that use line-
side boards for inter-
domain
interconnection is
supported; L2 private
lines (EoO services)
are supported.
● Service provisioning is
supported in the
scenario where a
large number of
devices access a single
service.
Multi-layer analysis view New ● The health doctor

function is provided
to detect fiber, tunnel,
multi-layer link, and
cross link risks.
Multi-layer resource Enhanced ● Cross links can be

planning automatically
discovered through
traffic analysis, and
LLDP.
Multi-layer network Enhanced ● The ASON rerouting

optimization priorities of client
services can be
adjusted based on
traffic volumes.
● The topologies of
legacy networks or
non-WSON networks
can be displayed.
● The IP-layer and
optical-layer
protection parameters
of cross links can be
configured online and
their consistency can
be detected.

iMaster NCE
Product Description (Super, Compatible with x86) 3 Architecture
3 Architecture
3.1 Solution Architecture

3.2 Software Architecture
3.3 External Interfaces
3.1 Solution Architecture

Figure 3-1 shows the architecture of the NCE-enabled cloud network solution.

iMaster NCE
Figure 3-1 Architecture of the NCE-enabled cloud network solution
● IT/OSS/application layer
The IT/OSS/application layer is a platform for carriers to implement digital
operation transformation. In addition to traditional OSS and BSS, the IT/OSS/
application layer also includes service orchestrator, policy generators based on
big data analysis and artificial intelligence, and e-commerce portals that
support self-service. The IT/OSS/application layer provides functions such as
network infrastructure resource presentation, service path presentation, and
service policy management to implement end-to-end operation of the entire
network. Carriers provide application services to customers through this layer,
including traditional services such as broadband, video, and B2B enterprise
private line services and emerging services such as cloud computing and
vertical industry IoT.
● NCE
In the southbound, NCE implements centralized management, control, and
analysis of network infrastructure, enables cloud-based resources, full lifecycle
automation, and intelligent closed-loop driven by data analysis for business
and service intension. In the northbound, NCE provides open network APIs for
quick integration with IT systems, helping carriers accelerate service
innovation and implement e-commerce operations.

iMaster NCE
NCE consists of the following layers from top to bottom:

– Open API catalog & gateway
Provides secure and reliable access based on the unified API gateway.
Provides open northbound interfaces (NBIs) to integrate with external
systems such as the traditional OSS, orchestrator, and third-party
applications. It supports backward compatibility of traditional interfaces
such as CORBA/MTOSI and SNMP, and new interfaces such as REST/
RESTCONF to adapt to future solutions and technology development.
– Scenario-based apps
Provides application packages for business scenario automation. Users
can define service requirements based on their business intentions
without considering how the network implements them or what
resources are utilized. NCE converts these service requirements into
specific network configurations and delivers the configurations. NCE
provides application packages for network operation and maintenance
automation, Achieving end-to-end full-lifecycle automated management.
– Intent engine (innovation and planning)
Provides lifecycle management and driving capabilities based on
networks, services, and business intentions, supports intent planning,
design, conversion, verification, activation, decision-making, and
optimization, and implements flexible service innovation through model
driving and open model and policy assembling.
– Manager
Provides traditional management capabilities (FCAPS) for device
configuration, alarms, performance, links, and QoS, and provides E2E
automated service provisioning capabilities for traditional networks.
– Controller
Provides single-domain and multi-domain (such as IP multi-domain,
optical multi-domain, and IP+optical multi-layer) control capabilities in
SDN networks, implements route optimization, and applies related
control configurations through global multi-factor route computation.
– Analyzer
Provides real-time data collection, status awareness, in-depth analysis,
and intelligent prediction capabilities for network traffic and
performance. Based on big data analysis, proactively identifies faults and
potential risks and proactively generates warnings.
– Southbound collection framework
The southbound collection architecture is decoupled by layer. Plugins can
be injected to quickly extend capabilities such as multiple collection
protocols, device types, and data output.
– Southbound collection
Provides model-driven device data collection capabilities, shields
collection protocol (such as telemetry, SNMP, and QX) and device version
differences for the application layer, and filters duplicate collection tasks
from multiple apps. In this way, data can be collected once and used for
multiple times.
– Cloud-based platform

iMaster NCE
Based on the unified cloud platform, provides a unified user portal,

unified network planning and IP address planning tool capabilities,
unified engineering management capabilities such as installation,
deployment, upgrade, and system monitoring, and unified public services
such as alarm, security, topology, and inventory. Based on the Cloud
microservice architecture, can be deployed independently based on user
scenarios, meeting flexible requirements of different scenarios. Based on
virtualization technologies, supports cloud-based deployment, which
reduces CAPEX.
● Network infrastructure
The infrastructure layer (physical layer) is the network infrastructure of
carriers, including the devices on the transport, IP, and access networks. It
implements the most basic communication connection services. The
infrastructure layer of a cloud network is a constantly evolving and
ubiquitously connected network that consists of existing traditional networks
and new SDN networks, and provides communication services with high
broadband and low delay. It adapts to different access devices and abstracts
the devices into network resource pools to support the ultimate
implementation of business intents.
3.2 Software Architecture

NCE is a cloud-based system that uses a service-oriented software architecture. It
is deployed on the virtualization platform and can be scaled flexibly. Based on the
cloud platform, NCE implements three logical modules (network management,
network control, and network analysis) and various application scenarios as
services and components to achieve flexible modular deployment based on
customer requirements.
Software Logical Architecture

Based on the cloud platform, NCE implements three logical modules (network
management, network control, and network analysis) and various scenario-
oriented applications as services and components. This allows customers to deploy
NCE in a flexible and modular manner to meet their specific requirements.

iMaster NCE
Logical Architecture of NCE (Super)
Figure 3-2 NCE (Super) software logical architecture
NCE (Super) provides independent design, creation, and lifecycle management

capabilities for services and resources. It provides a unified operational framework
for high-volume workloads and services. The NCE (Super) architecture is designed
under the following rules:
● A model- and policy-driven architecture is adopted to ensure that functions

can be flexibly and automatically used and released.
● New services can be provisioned without updating the platform software
version or affecting existing services. Dynamic full lifecycle orchestration
(including design, configuration, and operations) and service API deployment
can be performed for new technologies.
● Common functions can be reused after being developed.
● Carrier-class scalability, including horizontal linear scaling and distribution, is
provided to support mass services and large networks.
● Various services, vendors, and infrastructure are supported.
NCE (Super) involves the following major frameworks:
● Design studio (shown on the left of the preceding figure): This framework is
responsible for designing and verifying multi-domain services offline or

iMaster NCE
online, generating service templates, and publishing service templates to the

service catalog.
● Runtime studio (shown on the right of the preceding figure): This framework
is responsible for loading, interpreting, and executing the service templates
defined in the design studio in the production environment.
– The open API layer provides northbound RESTful interfaces for integration
with OSSs and orchestrators externally and uses an API Proxy to
distribute messages for load balancing internally, meeting the
requirements for large-capacity and high-concurrency interaction.
– The app layer, including business apps and O&M apps, provides scenario-
specific service GUIs and management functions, facilitating carriers'
O&M operations such as one-stop service provisioning, optimization, and
assurance.
– The service orchestration/automation layer, when being requested by APIs
or apps, uses a service orchestration engine to dynamically call basic
resources and the related services at the service layer according to the
rules and policies specified in service templates. Then services are
automatically created, modified, and maintained. The service consistency
module ensures that if a breakpoint occurs during service execution, the
service can be rolled back to prevent data residue. Historical record
management allows a service to be rolled back to a certain point in time
for restoration. If a service is deleted by mistake, it can be restored.
– The basic resource/service layer provides scheduled services, topology
services, and functions such as multi-domain resource management,
resource pool management, and path computation.
– The mediation layer provides a southbound integration framework and
drivers for rapid integration with third-party controllers. It converts
service segments from the service orchestration layer to recognizable
commands and issues these commands to the peer domain controller or
NMS for execution.
3.3 External Interfaces

NCE provides multiple NBIs to quickly interconnect with the OSS. It is also
compatible with multiple southbound interfaces (SBIs) to implement unified
management and control over transport, IP, and access devices.

iMaster NCE
Figure 3-3 Functions and features of external interfaces for NCE (Super)
3.3.1 NBIs
NCE offers network monitoring information, such as the alarm, performance, and
inventory information, for OSSs through NBIs. The NBIs support network
management, control, and analysis functions, such as service configuration and
diagnostic tests. Through the NBIs, NCE can integrate with different OSSs flexibly.
The devices of each product domain support different NBI functions. For details,
see the following tables.
Supported √
Not supported ×
Table 3-1 NBI functions supported by the Super domain
Interf Feature WAN IP RAN SPTN IP+Optical

ace (Standard (China (Mobile
interface) Unicom enterprise
enterprise standard)
standard)
SNMP Alarm √ × × √
RESTfu Performanc √ √ √ ×
l e
Inventory √ √ √ √

iMaster NCE
Interf Feature WAN IP RAN SPTN IP+Optical

ace (Standard (China (Mobile
interface) Unicom enterprise
enterprise standard)
standard)
Configurati √ √ √ ×
on
3.3.1.1 SNMP NBI

Complying with the SNMP v1/v2c/v3 standard, the SNMP NBI enables NCE to
provide unified alarm management for OSSs.
Performance Indicators
Table 3-2 Performance indicators of the SNMP NBI

Indicator Description
Maximum number of concurrent OSS 10

connections
Alarm reporting efficiency More than 60 alarms per second when

three OSSs are connected
Alarm reporting delay Shorter than 10 seconds when three

OSSs are connected
Functions
The SNMP NBI supports the following functions:
● Alarm reporting
● Synchronization of active alarms
● Alarm acknowledgment
● Alarm unacknowledgment
● Alarm clearance
● Heartbeat alarm reporting
● Setting of alarm filter criteria
● Alarm maintenance status reporting
3.3.1.2 RESTful NBI

Complying with the IETF standard, the NCE RESTful interface provides the OSS
with APIs for service management, resource management, and network O&M.
RESTful is a software architecture style rather than a standard. It provides a set of
software design guidelines and constraints for designing software for interaction

iMaster NCE
between clients and servers. RESTful software is simpler and more hierarchical,
and facilitates the implementation of the cache mechanism.
Performance Indicators
Table 3-3 Performance indicators of the RESTful NBI
Indicator Description
Number of concurrent 10
requests for a single
interface
Request response 5 minutes

timeout interval
Request packet size 2M

limit
Response packet size 10M

limit
Notification reporting A maximum of 100/s

capability
Notification and alarm Less than 10 seconds

reporting delay
Number of A maximum of 100

notification
connections
(WebSocket&SSE)
Alarm reporting A maximum of 100/s alarms can be reported

capability continuously. Peak value: 400 /s (not discarded for 15s)
Alarm persistency capability: When the persistent data
size reaches 5 GB or the persistency duration reaches
24 hours, persistent data is triggered.
Super Functions
● Resource inventory
– Query of NE, port, and link data
● Service inventory
– Query of L0/L1/L2/L3 hybrid services
– Query of service definition templates
● Service provisioning and configuration
– Provisioning of composite services (L0/L1/L2/L3 hybrid services)
● Fault management
– Alarm subscription

iMaster NCE
– Alarm reporting
– Alarm synchronization
– Alarm acknowledgment/unacknowledgement
– Query of static alarm information
Restrictions and limitations:
The models and IDs of interfaces for the Super domain are not unified with those
for the transport and IP domains.
Table 3-4 Information about interfaces for the Super domain

Protocol Type Function Description Model and Standard ID
RESTFul SPTN service Enterprise standard UUID

provisioning NBI model
RESTFul IP RAN service Enterprise standard UUID

provisioning NBI model
RESTFul Inventory query Custom model, not UUID

defined by referring to
the IETF standard
RESTFul L0/L1/L2/L3, Custom model, not UUID

composite general defined by referring to
service provisioning the IETF standard
RESTful Alarm subscription, IETF alarm model UUID

alarm reporting,
alarm
synchronization,
alarm
acknowledgment/
unacknowledgement,
and query of static
alarm information
3.3.2 SBIs
Using SBIs, NCE can interconnect with physical-layer network devices and other
management and control systems to implement management and control
functions.
NCE provides SBIs that support interconnection with controllers or EMSs to

implement cross-domain, cross-layer, and multi-vendor integration.

iMaster NCE
Table 3-5 SBIs provided by NCE (for Huawei products)

Interface Type Description
MTOSI interface Connects to Huawei U2000 and NCE

(Management Plane) to provide the
following capabilities:
● Collection of basic resources such as
NEs, ports, and links
● QoS policy synchronization
● Provisioning and management of
microwave and access services, such
as native ETH, GPON, and VLL.
RESTful interface Manages controllers that use the

RESTful protocol, such as NCE (IP
domain), and NCE (Transport Domain)
to provide the following capabilities:
● QoS profile and routing policy
synchronization
● Intra-domain routing constraints
● Provisioning and management of IP
services, such as L2VPN and L3VPN
● Creation and management of static
LSP tunnels and TE tunnels
transport domain services, such as
client, EPL, and EVPL
● Performance visualization and fault
demarcation
SNMP Connects to Huawei controllers, such

as NCE (Transport Domain), NCE (IP
Domain), and U2000, and receives NE
alarms and service alarms from the
transport, IP, and access domains.

iMaster NCE
Table 3-6 SBIs provided by NCE (for third-party products)

Interface Type Description
RESTCONF interface Manages RESTCONF-compliant third-

party controllers. Currently, FiberHome
and ZTE controllers can be managed.
The following capabilities are provided:
● QoS policy synchronization
● Intra-domain routing constraints
● VLL service provisioning and
management
static LSP
RESTful interface Manages third-party controllers that

use the RESTful protocol. Currently,
Nokia NSP controllers and third-party
cloud domain controllers can be
managed.
The Nokia NSP controller supports the
following capabilities:
● L2VPN service management such,
and L3VPN service management
The third-party cloud domain
controller can interconnect with
domain controllers of Alibaba Cloud,
Tencent Cloud, and Amazon Cloud to
create site-to-cloud private lines.

iMaster NCE
Product Description (Super, Compatible with x86) 4 Deployment Schemes
4 Deployment Schemes
Based on whether Huawei provides E2E support for software and hardware, NCE
supports two deployment modes: on-premises and private cloud.
4.1 On-Premises Deployment

4.2 Deployment on Private Clouds
Deployment on private clouds means that customers prepare the bottom-layer
deployment environment according to the NCE configuration requirements and
Huawei install OS and NCE in this environment.
4.3 EasySuite Deployment Tool
In the on-premises and private cloud scenarios where factory installation is not
performed, EasySuite is used to install and deploy NCE.
4.1 On-Premises Deployment
4.1.1 Deployment on Virtual Machines

NCE can be installed and deployed on VMs that are virtualized from physical
machines.
Single Site and DR System

Based on different system protection expectations, deployment on virtual
machines can be divided to two modes: single site and DR.
● Single site: A complete set of NCE is deployed in a place with internal
protection enabled.
● DR system: Two sets of NCE with the same installation solution are deployed
in two places to form a DR system. In addition to the internal protection of a
single site, the two sets of NCE protect each other.

iMaster NCE
Figure 4-1 NCE (Super) system networking (virtual machine, single site)
Figure 4-2 NCE (Super) system networking (virtual machine, DR)
● The management DCNs of the primary and secondary sites can be isolated from each
other or not.
● The DR system requires high bandwidth. A replication link must be configured between
the primary and secondary sites.

iMaster NCE
Figure 4-3 NCE system networking (NCE (IP Domain+Transport Domain+Super),

virtual machine, single site)

iMaster NCE
Figure 4-4 NCE system networking (NCE (IP Domain+Transport Domain+Super),

virtual machine, DR)
● The management DCNs of the primary and secondary sites can be isolated from each
other or not.
● The DR system requires high bandwidth. A replication link must be configured between
the primary and secondary sites.
Software Deployment Mode

NCE uses the B/S architecture for software deployment during deployment on
VMs. You can easily access NCE through a browser without installing traditional
clients.

iMaster NCE
Figure 4-5 NCE software deployment mode on VMs
4.2 Deployment on Private Clouds

Deployment on private clouds means that customers prepare the bottom-layer
deployment environment according to the NCE configuration requirements and
Huawei install OS and NCE in this environment.
Single Site and DR System

Based on different system protection expectations, deployment on private clouds
can be divided to two modes: single site and DR.
● Single site: A complete set of NCE is deployed in a place with internal
protection enabled.
● DR system: Two sets of NCE with the same installation solution are deployed
in two places to form a DR system. In addition to the internal protection of a
single site, the two sets of NCE protect each other.
Figure 4-6 NCE (Super) system networking (private cloud, single site)

iMaster NCE
Figure 4-7 NCE (Super) system networking (private cloud, DR)
The DR system requires high bandwidth. A replication link must be configured between the
primary and secondary sites.
Software Deployment Mode

NCE uses the B/S architecture for software deployment during deployment on
private clouds. You can easily access NCE through a browser without installing
traditional clients.
Figure 4-8 NCE software deployment mode on private clouds

iMaster NCE
4.3 EasySuite Deployment Tool

In the on-premises and private cloud scenarios where factory installation is not
performed, EasySuite is used to install and deploy NCE.
Basic Concept
EasySuite is a green web-based engineering tool provided by Huawei. It covers
complex engineering scenarios such as planning, installation, and migration. Using
EasySuite to create an NCE installation project simplifies installation and
deployment operations and improves efficiency.
Operations in Each Installation Scenario
Table 4-1 Deployment operations on EasySuite

Deployment Solution EasySuite One-Click Installation
On-premises deployment on virtual 1. Configure hardware, including

machines configuring RAID and hardware
alarm reporting parameters.
2. Set up the virtualization layer,
including installing CNA and VRM
and configuring CNA hosts and
networks (including configuring
virtual switches and port groups).
3. Install VMs, including installing and
configuring the OS.
4. Install NCE, including installing the
database.
Deployment on private clouds 1. (Optional) Install VMs, including

installing and configuring the OS.
2. Install NCE, including installing the
database.

iMaster NCE
Product Description (Super, Compatible with x86) 5 Configuration Requirements
5 Configuration Requirements
NCE has specific requirements on the hardware, software, client, and bandwidth to
ensure the stable running of the system.
5.1 Server Hardware Configurations for On-Premises Deployment
5.2 VM Configurations for Private Cloud Deployment
5.3 Server Software Configurations
5.4 Client Configurations
5.5 Bandwidth Configurations
5.1 Server Hardware Configurations for On-Premises

Deployment
For detail, see NCE Server Hardware Specifications.
● For carrier users, log in to https://support.huawei.com/carrier, search NCE

Server Hardware Specifications.
● For enterprise users, log in to https://support.huawei.com/enterprise, search
NCE Server Hardware Specifications.
For enterprise users, to view the x86-compatible server configuration specifications,

log in to https://support.huawei.com/enterprise, search NCE Server Hardware
Specifications (Compatible with x86) .
5.2 VM Configurations for Private Cloud Deployment

In private cloud scenarios, customers need to prepare resources based on the
network type, functional unit combination, and network scale difference.
Configuration Constraints
● Do not configure CPU, memory, or storage overcommitment. Otherwise, NCE
performance will deteriorate.

iMaster NCE
Overcommitment is a virtualization technology that allocates more virtual resources

than physical resources to VMs. For example, if the physical memory size is 32 GB,
more than 32 GB memory can be allocated to VMs through overcommitment.
● VM resources must be exclusively occupied. NCE VMs cannot share resources
with other applications.
● Reliability protection must be configured for storage resources. For example,
RAID is configured for disks.
● The management network must be isolated from the service network to
improve network security. For example, VLANs are used to isolate networks.
Configuration Requirements
Table 5-1 VM resources required for NCE (Super)
Service Scenario Network VMs vCPUs Memory Storage

Scale (GB) (TB)
Private line < 15,000 8 72 288 2.93

provisioning physical NEs
15,000– 10 96 384 3.71

50,000
physical NEs
50,000– 14 144 576 5.18

100,000
physical NEs
Private line < 15,000 13 152 608 7.91

provisioning + physical NEs
Analyzer (Private
line assurance) 15,000– 18 224 896 13.09
50,000
physical NEs
Multi-Layer < 1200 15 160 640 6.1

Network physical NEs
Navigator +
Analyzer (basic
analysis,
simulation)
Multi-Layer < 1200 15 160 640 6.1

Network physical NEs
Navigator +
Private line
provisioning +
Analyzer (basic
analysis,
simulation)

iMaster NCE
Table 5-2 VM resources required for NCE DR arbitration site

Service Scenario Network VMs vCPUs Memory Storage
Scale (GB) (GB)
DR arbitration - 1 4 8 150
5.3 Server Software Configurations

Table 5-3 Server configuration requirements (Manager + Controller + Analyzer,
ARM)
Item Type Version Remarks
Deliv Virtuali FusionCompute 8.0.0 Used on the TaiShan

ered zation server in the on-premises
softw softwar scenario and in the
are e private cloud scenario
confi
gurati OS EulerOS V2.8 Used on the TaiShan
ons server in the on-premises
scenario.
Databa GaussDB V100R003C20 OMP Management node

se
GaussDB 100 V300R001C00 Manager
Analyzer
NCE (Super)
Druid 0.13.0 Used by the Analyzer.
Comp Virtuali FushionSphere OpenStack 6.5.1 Used in the private cloud

atible zation scenario.
softw softwar
are e
confi
gurati
ons
Table 5-4 Server software configuration requirements (Manager + Controller +

Analyzer, X86)
Delivered Virtualiz FusionCompute 8.0.0 Used on the X86 server

software ation in the on-premises
configurati software scenario and in the
ons private cloud scenario.

iMaster NCE
OS EulerOS V2.5 Used on the X86 server

in the on-premises
scenario and in the
private cloud scenario.
Database GaussDB V100R003C20 OMP Management node
GaussDB 100 V300R001C00 Manager

Analyzer
NCE (Super)
Druid 0.13.0 Used by the Analyzer.
Compatibl Virtualiz ● FushionSphere Used in the private cloud

e software ation OpenStack 6.5.1 scenario.
configurati software ● FushionSphere
ons OpenStack 6.5.0
● FusionCompute 6.5.1
5.4 Client Configurations

Table 5-5 Client configuration requirements
Type Requirements
PC Minimum Configuration:
● CPU: 2 Core, 2.6GHz
● Memory: 4GB
● Hard disk: 8GB
Recommended Configuration:
● Memory: 8GB
● Hard disk: 8GB
Cloud Minimum Configuration:

Deskto ● CPU: 4 Core, 2.6GHz
p
● Memory: 4GB
● Hard disk: 8GB
Recommended Configuration:
● Memory: 8GB
● Hard disk: 8GB
OS Windows 10 (32-bit or 64-bit)

iMaster NCE
Type Requirements
Langua ● Simplified Chinese

ge ● English
Web ● Recommended:
browser – Google Chrome 70 or later (32-bit or 64-bit)
– Firefox ESR 61.0.1 or later (32-bit or 64-bit)
● Compatible:
– Google Chrome 57 or later (32-bit or 64-bit)
– Firefox ESR 52 or later (32-bit or 64-bit)
NOTE
● In the IP+optical scenario, visual experience may be deteriorated in the main
topology display of NCE (Super) when you use Firefox (affected by the
graphics card driver). Therefore, you are advised to use Google Chrome.
Resoluti 1366 x 768 px or higher; recommended resolution: 1920 x 1080 px

on NOTE
● Zoom ratio of the browser: 100% is recommended and 80% to 200% is
compatible.
● If the resolution is within the compatibility scope of the browser, functions
are available but the layout may not be user-friendly. If the resolution is not
within the compatibility scope of the browser, both the functions and layout
are affected.
5.5 Bandwidth Configurations

Table 5-6 Bandwidth configuration requirements for NCE (Super)
Type Requirements
Network delay ● Between NCE and external systems (client, NE, and
third-party arbitration site): < 50 ms
● Between NCE and OSS: < 20 ms
● Between NCE VM nodes: < 10 ms
● Between the primary and secondary sites of the DR
system: < 50 ms
Packet loss rate ● Between NCE and external systems (client, NE, OSS,
and third-party arbitration site): < 1%
● Between NCE VM nodes: < 0.2%
● Between the primary and secondary sites of the DR
system: < 1%
Bandwidth between ≥1000 Mbit/s

VMs

iMaster NCE
Type Requirements
Bandwidth between The recommended bandwidth for communication

the server and between a server and a southbound device is 10 Mbit/s
southbound devices or above.
Bandwidth for communication between the server and
southbound devices = Bandwidth between a single
southbound device and the server x Number of
southbound devices.
Bandwidth between Bandwidth for communication between the server and

the server and clients = Bandwidth between each client and the server x
clients Number of clients x Coefficient:
● The bandwidth between each client and the server is
10 Mbit/s, which is the maximum bandwidth required
by a single client.
● Number of clients: Plan the number of concurrent
online clients based on the customer requirements.
For example, if the management scale is 15,000
equivalent NEs, a maximum of 100 clients can be
online at the same time. However, the customer may
require a maximum of 64 clients to be online at the
same time.
● Coefficient: Generally, not all online clients require the
maximum bandwidth of 10 Mbit/s. The recommended
coefficient is 0.4 based on the empirical value of the
maximum bandwidth required by 20% online clients.
Bandwidth between The bandwidth between each OSS and the NCE NBI is 10
the server and OSS Mbit/s or above.
Bandwidth for communication between the server and
OSSs = Bandwidth for communication between the
server and each OSS × Number of OSSs For example, if
three OSSs are connected to the REST NBI of the same
NCE, the required bandwidth is 3 x 10 Mbit/s or above. If
there are two OSSs, one is connected to the REST NBI of
NCE, and the other is connected to the SNMP NBI of
NCE, the required bandwidth is 10 Mbit/s +10 Mbit/s or
above.
Bandwidth between In a DR system, an RLink is established between the

the primary and primary and secondary sites for replicating data in real
secondary sites of time.
the DR system CIRs of the replication link bandwidth are as follows:
● If N is 15,000, the CIR is 60 Mbit/s.
NOTE
N indicates the number of physical NEs.

iMaster NCE
Type Requirements
Bandwidth between ≥2 Mbit/s

the DR system and
the third-party
arbitration site

iMaster NCE
Product Description (Super, Compatible with x86) 6 Functions and Features
6 Functions and Features
NCE user-facing scenarios provide cloud-based network management, control, and

analysis optimization.
6.1 System and Common Functions
6.2 Service Provisioning
6.3 Analysis and Assurance
6.1 System and Common Functions
6.1.1 System Management

NCE interconnects with southbound systems quickly and achieves Single Sign On
(SSO) to O&M interfaces. It supports global configuration in terms of Network
Time Protocol (NTP) time synchronization and license management, software
resource capability such as system monitoring and databases, and troubleshooting
such as data backup and restore, system health check, and fault locating and data
collection. This improves interconnection and management efficiency, helps
forecast and detect potential risks in time, facilitates fault rectification, and
therefore ensures stable and secure system running.
System Interconnection
● Southbound interconnection: Integrated with Huawei or third-party systems
to quickly access NEs or virtual resources and obtain NE resources, alarm and
performance data, and virtual resources required for NCE service provisioning
or assurance. This improves interconnection efficiency.
– Configuring and managing southbound drivers: Before interconnecting
NCE with a southbound system, users need to import external drivers by
means of driver lifecycle management and configure SNMP parameters
so that SNMP alarms can be reported to quickly adapt to NEs and service
models (resources, alarms, and performance) of the interconnected
system. This achieves quick driver access and improves interconnection
efficiency. Users can also query driver types and monitor and delete
driver instances for unified driver management.

iMaster NCE
– Interconnecting with a southbound system: Users can interconnect NCE

with a Huawei or third-party system and update certificates to manage
NEs or virtual resources. After login, users can obtain basic information of
the NEs, such as NE and port resources, alarms, and performance data,
and collect VM, virtual networks, and virtual NEs. This ensures proper
NCE service provisioning and assurance.
● Single Sign On (SSO): SSO is an access control policy between NCE and its
southbound systems or between the upper-layer system and NCE. With a
single login, users can access all mutually trusted systems. This implements
seamless O&M interface interconnection between systems and improves O&M
efficiency. The SSO system consists of servers and clients. The clients obtain
certificates from the servers and deploy them. One server can interconnect
with multiple clients to achieve unified authentication. After successfully
logging in to the server, users can access all the clients without entering the
username and password.
System Configuration
● Time synchronization: NCE nodes are managed and maintained in a unified
mode. Therefore, the Coordinated Universal Time (UTC) on each node must
be the same to ensure that NCE can properly manage services and data on
the nodes. An NTP-based external clock source is required to serve as the NTP
server of NCE so that the system time can be adjusted at any time without
manual intervention.
– A maximum of 10 NTP servers can be added on NCE. Only one active
NTP server can be configured, and the active NTP server is mandatory. In
a disaster recovery (DR) system, the primary and secondary sites must
use the same NTP server to ensure time consistency between the two
sites.
– After an active NTP server is configured, the OMP node synchronizes time
with the active NTP server preferentially. Service nodes then synchronize
time with the OMP node.
– When the active NTP server fails, NCE selects an available NTP server
from the standby NTP servers within 15 minutes and sets it as the active
NTP server. If multiple NTP servers configured on NCE become invalid,
the OMP node cannot synchronize time with the NTP server, and service
nodes will no longer synchronize time with the OMP node.
● License management: Updating and maintaining a license allow the system
to properly run based on the features, versions, capacity, and validity period
authorized in a license file.
License management allows users to initially load, update, and routinely
maintain licenses.
– Initially loading a license
After the system is deployed, you need to load a license by importing
license files so that you can use the system properly.
– Updating a license
During O&M, you need to update a license file under any of the following
conditions:
▪ The license is about to expire.

iMaster NCE
▪ The license has expired.
▪ The license is invalid.
▪ The license control resource items or function control items do not

meet service requirements.
▪ The software service annual fee in the license is about to expire.
▪ The software service annual fee in the license has expired.

– Routine license maintenance
You need to query license information in the system from time to time,
such as the expiration time, consumption, and capacity, so that you can
quickly identify and resolve problems (for example, a license is about to
expire or its capacity is insufficient).
● Remote notification: When O&M personnel are not on site due to business
travel or off duty and cannot query significant alarms and service reports,
remote notification is used to send SMS messages and emails to the O&M
personnel.
Figure 6-1 Remote notification methods
– Automatic and manual modes are supported.
▪ Automatic mode: The O&M personnel set the message content and
message sending rules. Then, NCE automatically sends alarms and
reports to relevant personnel in the form of SMS messages or emails
through the short message service gateway (SMSGW) or mail server
connected to NCE.
▪ Manual mode: The O&M personnel manually edit message contents

to be sent or use preset notification templates, and trigger NCE to
send SMS messages and emails to relevant personnel so that they
can obtain information about the alarms and reports.
– The notifications can be sent by SMS message or email.

iMaster NCE
Table 6-1 Remote notification modes
Form Sent By Description
SMS SMSGW A third-party SMSGW is used, and it is

messa maintained by O&M personnel from the
ge customer network.
Notifications allow O&M personnel to use a
default SMSGW or reset SMSGW parameters,
ensuring successful interconnection between the
SMSGW and NCE.
Simple The SMN server is a Huawei transit server. After

Message SMN is deployed, parameters for interconnecting
Notificatio NCE with SMN can be set. After SMN parameters
n (SMN) are set, SMSGW parameter settings will not take
server effect, and the SMN server will interconnect with
the third-party SMSGW.
Email Mail A third-party mail server is used, and it is

server maintained by O&M personnel from the
customer network.
Notifications allow O&M personnel to set
parameters for mail servers to establish
communication between mail servers and NCE.
System Monitoring
Global monitoring capability is supported to monitor NCE resource indicators such
as services, processes, nodes, and databases. This helps conduct predictive analysis
and detect potential risks in time. For key resources, the administrator can set
thresholds to trigger alarms and handle exceptions promptly.
● Service and process monitoring: Monitors the service running status and
indicators such as the CPU usage, memory usage, and number of handles.
When a process in a service stops abnormally or becomes faulty, NCE
attempts to restart the process. A maximum of 10 consecutive restarts are
allowed. If the number is exceeded, an alarm is generated, requesting users to
process the exception manually.
● Node monitoring: Monitors node indicators such as the CPU, virtual memory,
physical memory, and disk partitions. If any resource of the node encounters
an exception, the node is displayed as abnormal. If a key resource remains
abnormal within a sampling period, an alarm is generated.
● Database monitoring: Monitors database indicators such as the space,
memory, and disks. If any resource of the database encounters an exception,
the database is displayed as abnormal. If a key resource remains abnormal
within a sampling period, an alarm is generated.
System Maintenance
● System backup and restore: Backs up and restores the dynamic data, OS,
database, management plane, or application software of NCE. Data is backed

iMaster NCE
up in a timely manner. If any backup object is abnormal, you can use the
corresponding backup file to recover the object to the normal state.
● O&M management: Provides system maintenance and management
functions to help O&M personnel learn the health status of the system during
system running and reduce running risks. If a system fault occurs, fault
information can be collected for fault demarcation and locating to facilitate
repair and reduce losses.
– Health check: Checks and evaluates hardware, OSs, databases, networks,
and NCE services to learn the health status, detect abnormal check items,
and determine whether operation or running risks exist in NCE.
– Data collection: Provides data collection templates based on fault
scenarios, services, and directories. When a system fault occurs, O&M
personnel can collect logs and database tables as required and analyze
and locate the fault.
– Quick fault demarcation: Each service operation in the system is
implemented by invoking one or more services. During service operations,
the system automatically collects statistics on service operation status,
memory usage, and CPU usage for O&M personnel to quickly demarcate
faults and analyze resource consumption.
– Quick fault locating: This function provides default locating templates for
automatic fault locating. O&M personnel select templates based on fault
scenarios. This helps O&M personnel quickly obtain solutions and shorten
the fault locating time.
– System guard: System guard forwards critical and major alarms and
alarms (including common alarms, OS alarms, hardware server alarms,
and OMP alarms) that potentially affect the stable running of NCE from
the O&M plane to the management plane, and displays a pop-up
window to remind O&M personnel to view alarm details and handle
alarms in a timely manner on the System Guard page, ensuring the
normal running of NCE.
– Unified Monitoring: The unified monitoring function monitors the real-
time and historical data of NCE and compares and analyzes the data in
multiple dimensions to provide data reference for O&M personnel.
Help System
NCE provides a layered design for the help system adapting to user needs in
diverse scenarios. The help system supports anytime, anywhere, and on-demand
learning. A variety of help forms such as tooltips, panels, question mark tips, and
Information Center are provided. All necessary information is directly displayed on
the GUI. Information that is closely related to the current operation is folded. You
can expand the information if necessary. Systematic learning information is placed
in the Information Center.
6.1.2 Alarm Management

Alarm Management enables O&M personnel to centrally monitor NE, system
services, and third-party system alarms and quickly locate and handle network
faults, ensuring normal network operation.

iMaster NCE
Alarm severity
Alarm severities indicate the severities of faults. Alarms need to be handled
depending on their severity. Alarm severities can also be redefined, as shown in
Table 6-2.
Table 6-2 Alarm severities

Alarm Color Description Handling Policy
Severit
y
Critical Services are affected. The fault must be rectified

Corrective measures must be immediately. Otherwise,
taken immediately. services may be interrupted
or the system may break
down.
Major Services are affected. If the Major alarms need to be

fault is not rectified in a timely handled in time. Otherwise,
manner, serious consequences important services will be
may occur. affected.
Minor Indicates a minor impact on You need to find out the

services. Problems of this cause of the alarm and
severity may result in serious rectify the fault.
faults, and therefore corrective
actions are required.
Warnin Indicates that a potential or Warning alarms are handled

g imminent fault that affects based on network and NE
services is detected, but running status.
services are not affected.
Different handling policies apply to different alarm severities. You can change the
severity of a specific alarm as required.
The severity of an alarm needs to be adjusted when the impact of the alarm becomes
larger or smaller.
Alarm statuses
Table 6-3 lists the alarm statuses. Figure 6-2 lists the alarm status relationship.

iMaster NCE
Table 6-3 Alarm statuses

Status Name Alarm Status Description
Acknowledgemen Acknowledged and The initial acknowledgment status is

t status unacknowledged Unacknowledged. A user who views
an unacknowledged alarm and plans
to handle it can acknowledge the
alarm. When an alarm is
acknowledged, its status changes to
Acknowledged. Acknowledged
alarms can be unacknowledged.
When an alarm is unacknowledged,
its status is restored to
Unacknowledged. You can also
configure auto acknowledgment
rules to automatically acknowledge
alarms.
Clearance status Cleared and The initial clearance status is

uncleared Uncleared. When a fault that causes
an alarm is rectified, a clearance
notification is automatically reported
to Alarm Management and the
clearance status changes to Cleared.
For some alarms, clearance
notifications cannot be automatically
reported. You need to manually clear
these alarms after corresponding
faults are rectified. The background
color of cleared alarms is green.
Maintenance Normal and The initial maintenance status is

status maintenance Normal. If the alarms are generated
during commissioning and are not
triggered by faults, you can set filter
criteria to filter out maintenance
alarms when monitoring or querying
alarms.
NOTE
● The maintenance status
corresponding to Normal is
NORMAL.
● The maintenance status
corresponding to Maintenance is
Maintenance, Invalid status.

iMaster NCE
Figure 6-2 Alarm status relationship
Acknowledged and cleared alarms are moved to the historical alarm list, and a
non-historical alarm is called a current alarm. Table 6-4 shows the definition of
an alarm.
Table 6-4 Current alarms and historical alarms

Name Description
Current alarms Current alarms include uncleared and unacknowledged

alarms, acknowledged but uncleared alarms, and
unacknowledged but cleared alarms. When monitoring
current alarms, you can identify faults in time, operate
accordingly, and notify maintenance personnel of these faults.
Historical Acknowledged and cleared alarms are historical alarms. You

alarms can analyze historical alarms to optimize system performance.
Alarm and event types

Table 6-5 lists the alarm and event types.
Table 6-5 Alarm and event

Na Description Differences Between Alarms and Similarities
me Events
Ala Indicates a ● An alarm indicates that an Alarms and

rm notification exception or fault occurs in the events are
generated system or MO. An event is a presented to users
when the notification generated when the as notifications.
system or system or MO is running properly.
an MO is ● Alarms must be handled.
faulty. Otherwise, services will be
abnormal due to these exceptions
or faults. Events do not need to be
handled and are used for analyzing
and locating problems.

iMaster NCE
Na Description Differences Between Alarms and Similarities

me Events
Eve Indicates a ● Users can acknowledge and clear

nt notification alarms on the GUI. Users cannot
of status acknowledge or clear events.
changes
generated
when the
system or
an MO is
running
properly.
Alarms or events are displayed on the page when NEs, services, and
interconnected third-party systems detect their exceptions or significant status
changes. Table 6-6 describes the types of alarms and events.
Table 6-6 Alarm and event types

Type Description
Communications Alarms caused by failures of the communications in an NE,

alarm between NEs, between an NE and a management system,
or between management systems. Example: device
communication interruption alarm
Quality of service Alarms caused by service quality deterioration. Example:

alarm device congestion alarm
Processing error Alarms caused by software or processing errors. Example:

alarm version mismatch alarm
Equipment alarm Alarms caused by physical resource faults. Example: board

fault alarm
Environment Alarms caused by problems related to the location of a

alarm device. Example: smoke alarms generated when smoke
occurs in an equipment room
Integrity alarm Alarms generated when requested operations are denied.

Example: alarms caused by unauthorized modification,
addition, and deletion of user information
Operation alarm Alarms generated when the required services cannot run
properly due to problems such as service unavailability,
faults, or incorrect invocation. Example: service rejection,
service exit, and procedural errors.
Physical resource Alarms generated when physical resources are damaged.

alarm Example: alarms caused by cable damage and intrusion
into an equipment room

iMaster NCE
Type Description
Security alarm Alarms generated when security issues are detected by a

security service or mechanism. Example: authentication
failures, confidential disclosures, and unauthorized accesses
Time domain Alarms generated when an event occurs at improper time.

alarm Example: alarms caused by information delay, invalid key,
or resource access at unauthorized time
Property change Events generated when MO attributes change. Example:

events caused by addition, reduction, and change of
attributes
Object creation Events generated when an MO instance is created.
Object deletion Events generated when an MO instance is deleted.
Relationship Events generated when MO relationship attributes change.

change
State change Events generated when MO status attributes change.
Route change Events generated when routes change.
Protection Alarms or events caused by the switchover.

switching
Over limit Alarms or events reported when the performance counter

reaches the threshold.
File transfer status Alarms or events reported when the file transfer succeeds
or fails.
Backup status Events generated when MO backup status changes.
Heart beat Events generated when heartbeat notifications are sent.
Alarm Handling Mechanisms

Alarm management provides three alarm handling mechanisms. For details, see
Table 6-7.
● Alarm merging rules improve alarm monitoring efficiency.
● Processing of the full current alarm cache is used to control the number of
current alarms.
● Alarm dump rules are used to control the storage capacity of the database.

iMaster NCE
Table 6-7 Alarm handling mechanisms

Mechanism Description
Alarm merging To help you improve the efficiency of monitoring and handling
rule alarms, alarm management provides alarm merging rules.
Alarms with the same specified fields (such as location
information and alarm ID) are merged into one alarm. This
rule is used only for monitoring and viewing alarms on the
Current Alarms page and takes effect only for current alarms.
The specific implementation scheme is as follows:
● If a newly reported alarm does not correspond to any
previous reported alarm that meets the merging rule, the
newly reported alarm is displayed as a merged alarm and
the value of Occurrences is 1.
● If the newly reported alarm B and the previous reported
alarm A meet the merging rule, alarm B and alarm A are
merged into one alarm record and are sorted by clearance
status (uncleared alarms are displayed first) and occurrence
time in descending order.
If alarm A is displayed on top, it is still regarded as a
merged alarm, and the Occurrences value of the merged
alarm increases by one. Alarm B is regarded as an individual
alarm.
If alarm B is displayed on top, it is regarded as a merged
alarm, and the Occurrences value of the merged alarm
increases by one. Alarm A is regarded as an individual
alarm.
In the alarm list, click Occurrences of an alarm, you can
view the detailed information about the merged alarm and
individual alarm.
● If a merged alarm is cleared, it is converted into an
individual alarm. All individual alarms will be sorted by
clearance status (uncleared alarms are displayed first) and
occurrence time in descending order. The first one is
regarded as a merged alarm.
● If a merged alarm or individual alarm is cleared and
acknowledged, the alarm will be converted to a historical
alarm and the value of Occurrences decreases by one.

iMaster NCE
Mechanism Description
Processing of To prevent excessive current alarms from deteriorating system

the full current performance, alarm management provides a full-alarm
alarm cache processing rule. When the number of current alarms in the
database reaches the upper threshold, alarm management
applies the following two rules to move some alarms to the
historical-alarm list until the number of alarms falls to 90% of
the upper threshold.
● The cleared alarms, acknowledged and uncleared ADMC
alarms, acknowledged and uncleared ADAC alarms, and
unacknowledged and uncleared alarms are moved to the
historical-alarm list in sequence.
● The first reported alarms are moved to the historical-alarm
list by time.
Alarm dump To avoid excessive alarm database data, the system processes
rule events, masked alarms, and historical alarms every two
minutes according to the following rules. The dumped alarms
or events cannot be queried in the alarm or event list.
● If the database space usage reaches 80%, alarm
management dumps the data in the database to files
according to the sequence of occurrence time and data
table type (event, masked alarm, or historical alarm). When
the space usage after dumping reaches 80% of the usage
before dumping, the dumping is stopped.
● The dumped file will be deleted after 180 days.
● If the total size of the dumped files exceeds 1 GB or the
total number of files exceeds 1000, the system deletes the
earliest files.
Alarm management functions

Alarm management provides a variety of monitoring and processing rules. You can
configure alarms or events to reduce the number of alarms, implement real-time
alarm notification, and meet personalized monitoring requirements. Multiple
monitoring pages provide users with various and convenient monitoring and
processing methods. For routine maintenance of alarm data, a configurable
assurance mechanism is provided to prevent reporting of new alarms from being
affected when the database is full.
For details about the alarm or event rules that can be configured, see Table 6-8.

iMaster NCE
Table 6-8 Configuring alarm or event rules

Function Description
Configuring Provides alarm rules and visual management GUIs.

alarms or ● Masking rule
events During maintenance, testing, or deployment, the system or
MO generates predictable alarms or events that do not need
to be concerned and handled. You can set masking rules to
mask these alarms or events so that these alarms or events
are not displayed on the Current Alarms or Event Logs
page. When setting a masking rule, you can choose to
discard masked alarms or events, that is, these alarms or
events are not saved in the alarm database, or display the
masked alarms on the Masked Alarms page.
● Severity and type redefinition rule
To ensure the smooth running of network devices or key
devices in a region, you can set redefinition rules to change
the severity and type of alarms or events. For example, if an
alarm is considered important, it can be set to a high-level
alarm. O&M personnel can then handle it first to provide
high-quality network assurance services.
● Name redefinition rule
Some alarm or event names are technical and difficult to
understand. You can redefine alarm or event names as
required.
● Correlation rule
A correlation rule defines correlative relationships between
alarms. Correlated alarms are the alarms whose causes are
related. Among correlated alarms, one alarm is the root
cause of the others. You can customize correlation rules, and
enable and disable default correlation rules as required.
When monitoring or viewing alarms, you can filter out
correlative alarms and focus on only the root alarms that
you want to handle.
● Intermittent/Toggling rule
When the interval between generation and clearance of an
alarm is less than a specific period, the alarm is considered
as an intermittent alarm.
If the number of times that an alarm (with the same ID) is
reported by the same alarm source in a specified period
reaches the trigger condition, the toggling handling is
started.
After an intermittent/toggling rule is set, intermittent or
toggling alarms can be discarded or masked to reduce
interference caused by repetitive alarms.
● Aggregation rule
Repeated alarms or events are the alarms or events (with
the same ID) reported by the same alarm or event source for
multiple times. After an aggregation rule is set, the system

iMaster NCE
automatically aggregates the repeated alarms or events

reported within the specified period into one alarm. O&M
personnel can view the aggregated alarms on the alarm
details page.
● Setting events as ADMC alarms
If you want to improve the significance of specific events,
you can set them to auto detected manually cleared
(ADMC) alarms. This type of alarms cannot be automatically
cleared.
● Auto acknowledgement rule
After an auto acknowledgment rule is set, Alarm
Management automatically acknowledges the current
alarms in the cleared state according to a specified rule and
moves the acknowledged alarms to the historical alarm list.
● Northbound filtering rule
On the live network, the upper-layer NMS often receives a
large number of alarms. Network congestion and breakdown
may occur due to overload, and users cannot quickly locate
their concerned alarms. To solve this problem, users can set
alarm northbound filtering rules in Alarm Management to
determine whether to report the alarms that meet the rules
to the upper-layer NMS.
Alarm Through the alarm notification function, alarm management

Notification can send the alarm or event information to you in real time by
SMS message or email. In this way, you can learn the alarm or
event information in real time during off-work hours and
handle important alarms or events in time.

iMaster NCE
Personalized Alarm management provides multiple display modes or sound

Monitoring prompt rules for alarms and events. You can modify the rules of
display mode and sound prompt as required to obtain the latest
alarm or event information in different ways.
● Color settings: You can set colors for alarms and events at
different severities to easily browse the concerned alarms
and events.
● Alarm sounds: You can set sounds for alarms at different
severities to facilitate alarm monitoring.
● Font colors: You can set font colors for read and unread
alarms to distinguish alarms.
● Highlight: If alarms at a severity are not handled within the
specified period of time, that is, the alarm status remains
unchanged, the alarms are highlighted in the alarm list
according to the highlight settings.
● Alarm display mode: You can set alarm display modes for
alarms at different severities and in different states so that
you can quickly identify concerned alarms.
● The alarm box can use indicators of different colors and play
different sounds based on NE alarm severities. You can set
filter criteria for the alarm box. Alarms that match
For details about how to monitor alarms or events and handle alarms, see Table
6-9.

iMaster NCE
Table 6-9 Monitoring alarms or events and handling alarms

Monitoring and O&M personnel can monitor alarms and view alarm or event
Viewing Alarms information in alarm management in real time.
or Events ● Alarm or event list
– Provides a current alarm list to push alarms to the
Current Alarms page. O&M personnel can monitor and
handle alarms in real time using the list.
– Provides an alarm log list. You can view current and
historical alarms. By default, 20,000 alarms can be
displayed.
– Provides an event log list, which presents the event
messages sent by devices to the system. By default,
20,000 events can be displayed.
● Statistics panel
On the Current Alarms page, the statistics panel is
provided to display the following statistics:
– Top 10 Alarms: Collects statistics on the top 10 alarms
that are most frequently reported.
– Duration: Collects statistics on the number of current
alarms by duration.
– Top 10 Alarm Sources: Collects statistics on the top 10
alarm sources with the largest number of current
alarms.
– Severity: Collects statistics on the total number of
current alarms and the number of current alarms at
each alarm severity.
– Status: Collects statistics on the number of alarms by
acknowledgement and clearance status.
● Alarm or event name group
You can add multiple alarm or event names to a name
group to perform operations on them at a time.
● Object group
You can add multiple alarm or event sources to an object
group to perform operations on them at a time.
● Alarm sounds and indicators
When a new alarm is reported, alarm management plays
a sound. The alarm indicator that corresponds to the
severity of the alarm starts to flash to remind you to
handle alarms in a timely manner.
● Filter
You can set criteria to filter alarms that require special
attention.
● Browsing alarms by status or severity
A page is divided into four areas to display current alarms
by status or severity.

iMaster NCE
Handling You can use alarm management to handle alarms to

Alarms facilitate troubleshooting. For example, specify alarm
handlers and acknowledge or clear alarms. Alarm handling
operations are as follows:
● Viewing alarm details
You can obtain key alarm information, including alarm
names, repair recommendations, and location information,
to facilitate fault diagnosis and troubleshooting.
● Manually acknowledging an alarm
Acknowledging an alarm indicates that the alarm is traced
by a user, and other users do not need to pay attention to
it. If you want other users to focus on the alarm again,
you can unacknowledge the alarm. Manual alarm
acknowledgement and unacknowledgement, and
automatic acknowledgement by severity are supported in
alarm management.
● Recording experience
After handling an alarm, the O&M personnel can record
the handling experience for future reference in a timely
manner.
● Manually clearing alarms
If an alarm cannot be automatically cleared or the fault is
rectified but the alarm is still in uncleared status, you can
manually clear the alarm.
Table 6-10 describes the routine maintenance functions such as alarm data
management.

iMaster NCE
Table 6-10 Routine maintenance functions

Performance By analyzing historical alarms and masked alarms and

Optimization collecting statistics on the alarm data, you can learn the
and Statistics running status of devices and determine whether rules are
properly set, and can also further analyze potential problems
in the running of the devices using the statistics data.
● View historical alarms and masked alarms. By analyzing
historical alarms and masked alarms, you can learn device
running statuses and determine whether rules are
properly configured.
– Provides a historical alarm list, which displays 20,000
acknowledged and cleared alarms by default.
– Provides a masked alarm list. This allows O&M
personnel to view masked alarms and determine
whether masking rules are properly set. By default,
20,000 events can be displayed.
● Collect statistics on alarm logs. Statistics on alarm data
can be collected based on specified criteria and displayed
in charts so that you can analyze system faults.
Managing ● Current alarm threshold warning

Alarm or Event When the number of current alarms reaches the upper
Data limit, the system processes the full current alarm cache
and moves current alarms to the historical-alarm list. To
prevent important alarms from being moved to the
historical alarm list, you can set a threshold for current
alarms. When the number of current alarms reaches a
specified threshold, an alarm is reported to prompt you to
handle the current alarms.
● Manually synchronizing alarms
After a peer system is disconnected from the current
system, alarms of the peer system cannot be reported to
the current system. After the connection is restored, the
alarms need to be synchronized with the current system
to facilitate monitoring.
Managing After handling an alarm, record the handling information to

Handling the experience database for future reference or guidance. You
Experience can import or export experience records.
6.1.3 Security Management

Security management involves user permissions, system security policies, and logs.
Security management helps protect NCE against unauthorized user logins and
therefore ensures system data security.

iMaster NCE
6.1.3.1 User Management

User Management ensures the security of user information and the system. By
attaching users to roles and managing the permissions of roles, resource
allocation is optimized and permission management is simplified, improving O&M
efficiency.
● Role-based authorization minimizes permissions and optimizes resource
allocation.
● The permissions and resources in a region are managed by the region
administrator, ensuring prompt maintenance of user permissions.
● Most users use the Authentication, Authorization, Accounting (AAA) system
to implement centralized user management, authentication, and
authorization. After interconnecting with the AAA system though remote
authentication configuration, the system authenticates users on the AAA
system to ensure that only authenticated users can log in to the system.
User Management
● User
– Information about a user includes a user name, password, and
permissions.
– User admin is the default user in the system, that is, the system
administrator. User admin can manage all resources and has all
operation rights. This user is attached to both the Administrators and
SMManagers roles.
– The user who has the User Management permission in the default
region is a security administrator.
– The Administrators role has all the permissions except User
Management. The user attached to this role is an administrator.
● Role
Users attached to a role have all the permissions granted to the role. You can
quickly authorize a user by attaching the user to a role, facilitating permission
management. Figure 6-3 shows role information.

iMaster NCE
Figure 6-3 Role information
Users attached to a role have all the permissions granted to the role and can
manage all the resources managed by the role. A user can be attached to
multiple roles. If a user is attached to multiple roles, this user has all the
permissions granted to the roles and can manage all the resources managed
by the roles.
Default roles cannot be deleted and their permissions cannot be modified
because the permissions are granted by the system. The system provides the
following default roles:

iMaster NCE
NOTICE
Users attached to the Administrators or SMManagers roles have the

operation rights for all resources in the system. Therefore, perform operations
using these user accounts with caution. Do not perform any operations
affecting system security. For example, do not share or distribute these user
names and passwords.
Role Name Description
Administrators The user group has all the permissions except User
Management, Query Security Log, View Online Users,
and Query Personal Security Log. The user attached to
this role is an administrator.
SMManagers The user group has the User Management, License

Manager, View Online Users, and Query Security Log
permissions.
The role to The user group has the Invoke Southbound APIs
invoke permission.
southbound
APIs
NBI User Group The user group has the permission to configure the
northbound interfaces such as SNMP, CORBA, XML,
OMC, TEXT, and RESTful NBIs.
Guest The domain of this user group is All Objects, and it has
operation rights for default monitor operation sets. They
can perform query operations, such as querying statistics,
but cannot create or configure objects.
Maintenance The domain of this user group is All Objects, and it has
Group operation rights for default maintenance operation sets.
In addition to the rights of the Guests and Operator
Group groups, users in this group have the rights to
create services and perform configurations that affect
the running of the NCE and NEs. For example, they can
search for protection subnets and trails, delete composite
services, and reset boards.
Operator Group The domain of this user group is All Objects, and it has
operation rights for default operator operation sets. In
addition to the rights of the Guests group, users in this
group have the rights to modify, (rights to perform
potentially service-affecting operations are not involved).
For example, they can change alarm severities.
uTraffic User When uTraffic interconnects with the NCE, uTraffic

Group accounts will be created on the NCE to manage
operation uTraffic rights on the NCE.

iMaster NCE
● Operation Rights and Operation Set

Operation sets are used to assign a set of operation rights to roles. Users
attached to a role have the operation set of this role.
User Management provides two types of operation sets:
– Application operation set: a collection of operation rights for system
functions, such as querying system logs and creating users.
The system provides the default application operation set All Application
Operations. For security purposes, this operation set contains the
operation rights for all the system functions except User Management,
Auditlog Manager, and License Manager.
– Device operation set: a collection of operation rights for devices, such as
starting and stopping switches.
The system provides the default device operation set All Device
Operations that contains the operation rights for all the devices.
Permission Management
A permission defines what operations a user can perform on what objects.
Permission elements include an operator, operation objects, and operations as
shown in Figure 6-4.
Figure 6-4 User Management permission
● Permission
– Users act as operators.
– Operation objects include the system and resources (physical and virtual
resources, such as servers, network devices, and VMs) where users
perform operations.
– Operations include application operations and device operations.
Application operations are performed on the system. Device operations
are performed on resources.
● Authorization mechanism
Authorization is a process of granting permissions on certain objects to users.
Authorization mechanism of User Management is as follows:
– To authorize a user with an object on which this user needs to perform
operations, add this object to the managed objects of the role that this
user is attached to.

iMaster NCE
– To authorize a user with an operation that this user needs to perform,

add this operation to the operations for which the role that this user is
attached to have operation rights.
Figure 6-5 shows the authorization principles of User Management.
Figure 6-5 User authorization principles of User Management
● Users can perform application operations and device operations. If only managed
objects are configured for a role but no device operation is configured, users of this
role can view the managed objects after logging in to the system but do not have
the operation rights for the managed objects.
● If Assign rights to users directly is selected, permissions can be directly granted to
users.
● Authorization method
The authorization method of user management grants permissions by
attaching a user to a role. After the security administrator sets role
permissions (including managed objects and operation rights), the security
administrator attaches the user to a role so that the user has the permissions
of this role. If Assign rights to users directly is selected, permissions can be
directly granted to users.
User authorization allows security administrators to implement authorization
for all users in a post at one time. If the employees of a post are changed,
security administrators can delete the original user from the role and add the
new user to authorize the new user.
● Secondary authorization
Secondary authorization policies are required to ensure that users can
cautiously perform operations that are dangerous or have major impact.

iMaster NCE
Operations specified in these policies are prohibited or can be performed only

by users who have the Secondary Authorization Authentication permission
and pass the secondary authorization.
Regions Management
Regions can be classified by geographic location or resource usage. Users can be
authorized based on regions.
Security administrators can create different regions based on service requirements

to implement regional rights-based management. After a region is created, the
system automatically creates a region administrator role Region
name_SMManager for the new region. Security administrators need to set
parameters on the Mandate-Operation Rights and Mandate-Managed Objects
tab pages for the region administrator so that the region administrator can
manage the users, roles, objects, and operation sets in this region based on the
settings.
Figure 6-6 Region administrator
● Security administrator permissions and region administrator permissions

Security administrators have all the permissions in the system. Region
administrator permissions are set by security administrators based on service
requirements.
● Region administrator permissions and permissions of roles in the region

iMaster NCE
The permissions and managed objects set for a region administrator on the
Mandate-Operation Rights and Mandate-Managed Objects tab pages can
be assigned by the region administrator to roles in the region.
User Maintenance and Monitoring

During user permission maintenance, you can view and modify user, role, and
operation set information, and monitor user sessions and operations in real time.
This ensures system security.
● Common operations for user information maintenance include viewing user
information, deleting users, exporting user information, and modifying user
information.
● Common operations for role information maintenance include viewing role
information, deleting roles, exporting role information, and modifying role
information.
● Common operations for operation set information maintenance include
viewing operation set information, deleting operation sets, and modifying
operation set information. You can modify user information (such as Max.
online sessions and Login time policy) in batches to improve system
security.
● Personal settings involve periodically changing personal data such as the user
password, telephone number, and email address. This improves user security.
● When users modify their personal data, such as mobile numbers and email
addresses, they are obligated to take considerable measures, in compliance with
the laws of the countries concerned and the user privacy policies of their company,
to ensure that the personal data of users is fully protected.
● To ensure the security of personal data, such as mobile numbers and email
addresses, these data is anonymized on the GUI, and HTTPS encryption
transmission channels are used.
● Resetting a User Password: If a user other than admin loses the password or
cannot change the password, this user needs to contact security
administrators to reset the password.
NOTICE
● You are not allowed to reset the password of user admin. If you forget the
password of user admin, it cannot be retrieved and you can only reinstall
the system. Therefore, ensure that you memorize the password of user
admin.
● For account security purposes, it is recommended that third-party system
access users contact the security administrator to periodically reset their
passwords.
● User monitoring: User monitoring monitors resource access behavior of users,

including session monitoring (online status) and operation monitoring. If a
user performs an unauthorized or dangerous operation, the system allows
security administrators to forcibly log out the user. This function allows
security administrators to prevent user accesses and ensure system security.

iMaster NCE
Security Policies
Security Policies allow you to set access control rules for users. This function
improves O&M efficiency and prevents unauthorized users from performing
malicious operations in the system to ensure system security. The security policy
function allows you to set account policies, password policies, login IP address
control policies, and login time control policies.
● Account policies: An account policy includes the minimum user name length
and user login policies. Appropriate setting of an account policy improves
system access security. The account policy is set by security administrators
and takes effect for all users.
● Password policies: A password policy includes the password complexity,
change interval, and character limitation. Appropriate setting of a password
policy prevents users from setting weak passwords or using a password for a
long period of time, improving system access security. The password policy is
set by security administrators and takes effect for all users. A new password
policy does not affect the configured password.
● Login IP address control policies: A client IP address control policy provides a
control mechanism for checking the accessibility of the IP address used by an
external access request during system operation. After an IP address control
policy is set and applied, users are allowed to log in to the system only using
IP addresses within a specified IP address range.
● Login time control policies: A login time control policy provides a control
mechanism for checking the validity time of an external access request during
system operation. After a login time control policy is set and applied, users
are allowed to log in to the system only within the specified period.
6.1.3.2 Log Management

Log Management records logs and allows user to query and export logs, and
create, export, and import operation log templates. In this way, users can obtain
the information about their operations performed in the system and the system
running status in real time. Log Forwarding Settings reports audit logs and logs
reported by other applications to the Syslog server for users to query and analyze.
Scenario
Log Management is used when you need to perform routine maintenance, locate
and troubleshoot faults, trace historical logs, and query operation logs across
systems.
● Routine maintenance
You need to view logs during routine maintenance. If there are logs recording
failed, partially successful, or unknown operations, or logs in Risk level,
analyze the exception causes and troubleshoot the faults.
● Fault locating and troubleshooting
To locate and troubleshoot faults occurring during system running, you can
analyze logs to detect whether risk-level operations or operations that affect
system security are performed.
● Historical log tracing

iMaster NCE
Logs are stored in the database after being generated. The system periodically
dumps logs from the database to a hard disk for sufficient database space.
The system periodically deletes the dumped logs from the hard disk for
sufficient disk space. To ensure the integrity and traceability of logs, you can
forward these logs to the Syslog server.
● Cross-system operation log query
If you need to query operation logs meeting the same criteria on different
systems, you can set filter criteria on one of the systems, save these criteria as
a template, and import the template to other systems.
Log types
Log Management allows the system to automatically record the information
about operations performed by users in the system and the system running status.
Log Management records five types of logs. Table 6-11 describes the log types.
Table 6-11 Log types

Type Definition Triggered By Purpose Level
Securit Records user Operations Detect security ● Risk

y log operations performed by issues and risks. ● Minor
performed in the users (including
system that affect third-party ● Warning
system security. system access
users) attached
to the
SMManagers
role, such as:
● Creating a
user
● Changing a
password
System Records system System Analyze the ● Risk

log operations or operations, such system running ● Minor
tasks. as: status and
rectify faults. ● Warning
● Unlocking a
user
● Starting a
scheduled
task.

iMaster NCE
Type Definition Triggered By Purpose Level
Operati Records user User (including Trace and ● Risk

on log operations third-party analyze user ● Minor
performed in the system access operations.
system that do users) ● Warning
not affect system operations, such
security. as:
● Exporting
current
alarms.
● Creating a
subnet.
Log Management
When operations are performed by users in the system or events are triggered by
the system, Log Management records logs and saves the logs to the Log
Management database for users to view on the GUI. In addition, Log Management
can automatically dump the logs from the database to the hard disk.
Figure 6-7 shows the principles of Log Management.
Figure 6-7 Principles of Log Management
Logs can be dumped in Task Management or in Log Management.
● Log dump in Task Management

Log dump tasks in Task Management are classified into manual dump and
database capacity management tasks. The logs dumped in Task Management
are saved in the /opt/oss/share/NCE/SMLogLicService/var/
ThresholdExport/Log directory on the hard disk of the server.

iMaster NCE
● Log dump in Log Management

To ensure sufficient database space, the system checks logs in the database
every hour, saves logs meeting the requirements as .csv or .zip files to
the /opt/oss/share/NCE/XXXService/dump directory on the hard disk of a
server. The dumped logs are automatically deleted from the database.
To ensure sufficient disk space, the system checks log files in the database
every hour and deletes log files meeting the requirements from the hard disk.
● XXXService can be SMLogLicService or MCCommonService.

● Conditions for dumping logs in Log Management: The number of logs in the
database exceeds 1 million, the size of the logs in the database exceeds 80% of the
capacity, or the number of days for storing the logs exceeds 45 days.
A maximum of 1 million logs are stored in the database. If the database space of
Log Management is greater than or equal to 16 GB, you can contact Huawei
technical support to set this parameter to 4 million. When the maximum number
of logs in the database is set to 4 million, logs exceeding 4 million will be dumped.
● Conditions for deleting log files that are dumped in Log Management: The size of
the log files is greater than 1024 MB, the log files are stored for more than 45
days, or the total number of log files exceeds 1000.
● The values in the preceding conditions for dumping logs and deleting log files are
default values.
To trace user operations, system operations, and system tasks, you can forward
concerned logs to the Syslog server.
Log Forwarding
Log Forwarding Settings is used when users need to trace the logs recorded by Log
Management, and query and analyze the logs recorded by Log Management and
the logs of other functions in real time.
● Users need to permanently store the logs recorded by Log Management so
that they can trace the logs to locate problems or rectify faults.
● Users need to query and analyze the logs recorded by Log Management and
the logs of other functions in real time on Syslog servers so that they can
centrally manage the logs and detect and handle potential security risks in a
timely manner.
Figure 6-8 shows the principles of Log Forwarding Settings.

iMaster NCE
Figure 6-8 Principles of Log Forwarding Settings
6.2 Service Provisioning
6.2.1 Automated Private Line Provisioning

Table 6-12 Feature description
Feature ID Name Description
WOFD-101 Network NCE (Super) provides an E2E service design

0000 service platform, which allows service planning engineers to
definition design services across domains and technologies and
generate service policies through one-off service
design, simplifying service provisioning and
management.
WOFD-102 Network Resource management, which includes resource

0000 resource discovery and planning, is the basis of service design
managem and service deployment. Currently, resources
ent available for management include domain
controllers, sites, NEs, ports, links, and domains.

iMaster NCE
WOFD-103 Network In addition to creating a private line service from

0000 service scratch on NCE (Super), you can also add new
managem access points to an existing private line service to
ent quickly create a private line service. After service
provisioning, the service bandwidth can be flexibly
adjusted on demand. In addition, faults can be
demarcated within minutes through multi-layer
topology display, fault diagnosis, and correlative KPI
analysis.
6.2.2 Multi-Layer Network Navigator

Table 6-13 Feature description
WOFD-107 Multi-layer Collects and stores IP+optical multi-layer network

0000 discovery resources, so that these resources can be managed
by NCE (Super). Multi-layer discovery is the
prerequisite for multi-layer network management.
Currently, the following resources can be managed:
NEs, ports, multi-layer links, cross links, and sites.
WOFD-108 Multi-layer Provisions and manages multi-layer links.

0000 deploymen
t
WOFD-109 Multi-layer Provides multi-layer visualization for unified

0000 O&M management and presentation of IP and optical
networks through four views: multi-layer topology
view, multi-layer fault view, multi-layer performance
view, and multi-layer analysis view.
WOFD-110 Multi-layer Provides multi-layer BOD and optimization.

0000 optimizati
on
6.3 Analysis and Assurance
6.3.1 Private Line Analysis and Assurance

The Private Line Analysis and Assurance app monitors the running status of a
private line by collecting the traffic, quality, and availability indicators of the
private line. The app assists users to locate private line faults by means such as
segment-by-segment detection and connectivity check. This chapter describes the
usage scenarios and functions of the Private Line Analysis and Assurance app.

iMaster NCE
Usage Scenarios
The Private Line Analysis and Assurance app is applicable to the scenario where a
private line is provisioned by NCE (Super) and the private line service needs to be
monitored.
Currently, IP RAN site-to-site private line scenarios are supported.
Features
The Private Line Analysis and Assurance app focuses on the objects on NCE
(Super). For example, the app manages only E2E and segmented services. It does
not process internal service details.
The Private Line Analysis and Assurance app provides the following functions:
● TP and CPE monitoring
NCE (IP Domain) is informed to monitor the TP and CPE indicators over a
northbound interface (NBI), and then sends the monitoring results to NCE
(Super) through Kafka.
● Private line SLA monitoring
The Private Line Analysis and Assurance app on NCE (Super) delivers E2E
monitoring requests. The app automatically determines whether to deliver
TWAMP or Y.1731 tests, and instructs NCE (IP Domain) to create test cases
through an NBI. NCE (IP Domain) sends the test results to NCE (Super)
through Kafka.
● Availability monitoring for private lines
According to the SLA detection result, if the packet loss rate is above the
threshold, the private line is considered unavailable and the availability of this
private line is calculated.
● Fault demarcation for private lines
Through path restoration, the hop-by-hop path of a private line is displayed.
The PW Trace or LSP Trace test is used to detect the connectivity of each hop.
In addition, the traffic of devices on each hop and the CPU or memory usage
are displayed, helping fault demarcation.
● Alarm reporting for private lines
SLA alarms, with information about access points of both ends, can be
reported to NCE (Super) based on private lines and connections.
If the SLA indicators (delay, jitter, and packet loss rate) do not exceed the
upper threshold but the traffic suddenly becomes low, the system reports
sudden traffic drop alarms based on private lines and connections.
Key Performance Indicators

The following table lists the key performance indicators (KPIs) of the Private Line
Analysis and Assurance app.

iMaster NCE
Table 6-14 KPIs of the Private Line Analysis and Assurance app
Resource Type KPI Description
Tenant Number of private Number of private lines whose availability

lines whose exceeds the threshold defined in the
availability contract in all private lines of a tenant
exceeds the
threshold
Number of private Number of private lines whose SLAs

lines whose SLAs exceed the threshold defined in the
exceed the contract in all private lines of a tenant
threshold
Interrupt Duration Sum of the interruption durations of all

(s) private lines of a tenant
Private line Private line Ratio of the available time to the

availability statistics time of a private line
Private line SLA Delay, packet loss, and jitter of a private

line
Traffic rate Average traffic rate of each link of a

private line
Interrupt Duration Accumulated interruption duration of a

(s) private line.
Bandwidth usage Bandwidth usage of a private line.
CPE CPU usage CPU usage of private lines NE.
Memory usage Memory usage of private lines NE.
TP Traffic rate Traffic rate of a private line interface
Bandwidth usage Ratio of the traffic rate of a private line

interface or CIR bandwidth.
Feature Restrictions
The restrictions on the Private Line Analysis and Assurance app are as follows:
● Currently, only IP RAN site-to-site private lines scenarios are supported.
● The Y.1731 test does not support real-time detection.
● For site-to-site private lines, only the Option A multi-domain L2VPN+L3VPN
private line supports detection of VPN segments.
● Third-party devices are not supported.
6.3.2 What-If Analysis

What-if analysis is a simulation analysis and evaluation method. It models and
analyzes the outcome on the assumption that different policies and solutions are

iMaster NCE
used to help you make optimal decisions. In the network simulation analysis field,
what-if analysis simulates possible network changes (such as node or link failure,
traffic change, TE tunnel constraint configuration modification, multi-layer link
activation or deactivation) and analyzes the impact of these changes on services.
This helps O&M personnel understand the impact scope of failures and link
activation or deactivation, traffic change risks, and control path computation
simulation results after TE tunnel parameters are changed, and analyze and
formulate necessary solutions to improve service reliability.
What-if analysis parses and infers the entire network topology and protocols
based on regularly synchronized live-network configuration, network topology,
and traffic information. You can set key node or link failures, modify TE tunnel
constraint configuration parameters, optimize traffic, and activate or deactivate
multi-layer links to simulate or analyze the impact of these changes on services.
The key functions of what-if analysis are topology restoration, traffic simulation
analysis, TE simulation analysis, failure simulation analysis, and link activation and
deactivation analysis.
For details about the maximum management capability of What-if analysis, see
What-if Analysis Management Capabilities in 11.3 Service Management
Capabilities.
What-if analysis is implemented in compliance with RFC standards. Simulation results

(routes) may differ from the actual routes.
What-if analysis has the following application limitations:
● Applies only to the intra-AS scenario in the IP+optical networking on the IP core
network.
● Does not support IPv6, multicast, SR-BE, EVPN, VXLAN, PTN, or hybrid networking of
electrical-layer ASON and optical-layer ASON.
● Does not support the networking of third-party devices.
● Does not support subnets.
● Routers support the NE/CX mode and PTN mode, and many default values in the PTN
mode and NE/CX mode are inconsistent. What-if analysis is used for simulation based
on the default values in the NE/CX mode. The PTN mode is not supported.
6.3.2.1 IP+Optical Network Simulation Analysis

This section describes how to use IF definitions to simulate failures in nodes and
links, modify TE tunnel constraint configuration parameters, set simulation
parameters such as traffic, and multi-layer link activation or deactivation, and
analyze the impacts of IF definitions on services in the IP+optical network.
Traffic simulation analysis, TE simulation analysis, fault simulation analysis, and link
activation and deactivation simulation analysis are different application scenarios of what-if
analysis. You can set traffic simulation parameters, modify TE tunnel constraint
configuration parameters, set failures, and activate or deactivate multi-layer links to
perform simulation analysis in multiple scenarios.
6.3.2.1.1 Data Synchronization

What-If Analysis obtains network topology data, configuration files, path
computation constraints, optical topology data, and load data from the Manager,

iMaster NCE
Controller, and Analyzer of NCE (IP Domain), NCE (Super), and NCE (Transport
Domain). In addition, you can select an NCE (IP Domain) system and an NCE
(Transport Domain) system respectively to synchronize data based on different
deployment scenarios.
The following table lists the data to be prepared for what-if analysis in different
application scenarios.
Table 6-15 Application scenarios

Application Data to Be Synchronized Remarks
Scenario
Traffic Topology, device Route simulation and traffic

simulation configuration, optical simulation must be
analysis topology, load, or traffic performed.
automatically created by
tunnel loads, and path
computation constraints.
TE simulation Topology, device When IP Domain or IP

analysis configuration, optical +Optical is selected for TE
topology, load, or traffic simulation analysis, the
automatically created by following scenarios are
tunnel loads, and path applicable:
computation constraints. ● Only route simulation is
performed. Load
information does not
need to be synchronized.
● Route and traffic
simulations are
performed
simultaneously. Load
information needs to be
synchronized.
Failure Topology, device When IP Domain or IP

simulation configuration, optical +Optical is selected for
analysis topology, load, or traffic failure simulation analysis,
automatically created by the following scenarios are
tunnel loads, and path applicable:
computation constraints. ● Only route simulation is
performed. Load
information does not
need to be synchronized.
● Route and traffic
simulations are
performed
simultaneously. Load
information needs to be
synchronized.

iMaster NCE
Application Data to Be Synchronized Remarks

Scenario
Link activation Topology, device Route simulation, traffic

and deactivation configuration, optical simulation and optical-layer
simulation topology, load, or traffic simulation must be
analysis automatically created by performed.
tunnel loads, and path
computation constraints.
6.3.2.1.2 Topology Display

By interworking with NCE (Super), NCE (IP Domain) and NCE (Transport Domain)
components, what-if analysis obtains data such as existing topology data, device
configurations, tunnel path computation constraints, and optical topology, infers
and displays IP+optical network topology information to provide basic network
data input for what-if analysis.
The topology view provides the following functions:
● Displays Layer 3, Layer 2 and physical-layer topology information.
● Displays the link state on the network. When the link is in Inactive (Inactive
includes down and unknown) state, is displayed in the topology view. You
need to check the network based on service requirements.
● Supports basic topology management, such as adjusting the layout, displaying
the topology in full-screen mode, and saving the topology view.
● Displays topology statistics, including the quantities of nodes and links.
Figure 6-9 Topology view restored by what-if analysis

iMaster NCE
Table 6-16 Functions of the topology view

Icon Function Description
Adjust Adjusts the topology layout. The following layout

Layouts modes are supported:
● Balanced layout: All nodes are evenly distributed
on the page, and the locations of the nodes are
proper.
● Circular layout: All nodes are arranged in a circle
in the topology view. This mode is unavailable
when there are more than 200 nodes.
● Layered layout: Nodes are layered as they are
connected. The nodes at the top layer (first layer)
can be manually specified or automatically
assigned. The nodes directly connected to those at
the first layer are put at the second layer, the
nodes directly connected to those at the second
layer are put at the third layer, and so on.
Recenter Automatically resizes all nodes in the topology view

and displays them in the center of the screen.
Save Saves the coordinate changes made in the topology

view.
● This icon is available when changes have been
made.
● This icon is dimmed if no change has been made.
Full Displays the topology view in full-screen mode.

Screen
Mode
Parse Log Views topology parsing logs, including data sources,

time, parsing results (successful or failed), statistics,
and details. Statistics include the numbers of created
nodes, and links, number of nodes that are parsed
abnormally, and number of nodes that fail to be
parsed. Users can click View details to learn the
failure causes, such as invalid data or failure to
obtain services.
Expand Click this button to view optical sites in the topology

All Sites view. If you click this button again, the icon changes
to where all sites are collapsed.

iMaster NCE
Figure 6-10 Topology statistics
6.3.2.1.3 Traffic Simulation Analysis

Traffic simulation: simulates service traffic when the network is normal or
abnormal (for example, adding, deleting, and modifying flows). From the traffic
simulation results, users can learn the changes on service paths, link utilization,
and services on each link.
Route simulation: simulates IGP, BGP, and TE, the system analyzes route
computation of IP devices, and generates protocol routes and forwarding routes of
the devices. Route simulation must be performed before traffic simulation.
Traffic simulation data sources are as follows:
● Synchronize load data of physical and tunnel interfaces from NCE Analyzer.
● Manually enter in the flow template provided by the system and then
imported to what-if analysis.
● Create flows based on devices. Set flow parameters, and create flows between
specified devices.
Figure 6-11 Creating flows based on devices

iMaster NCE
The major differences between flow data and load data are as follows:
● Flow data: E2E service traffic data, including the IP addresses of source and
destination devices, and traffic volume.
● Load data: throughput data of each interface in a certain period.
● Set the flow volume or percentage to prepare for simulating network load
change after the flow is added or adjusted.
Figure 6-12 Editing flows
The IP+optical network traffic simulation includes:

– IP network simulation and IP+optical network simulation
– Traffic simulation based on flows and loads
– Optical-layer or electrical-layer ASON simulation
– Customization of the simulation time, period, and data source processing
mode
– Route simulation based on BGP, IS-IS, OSPF, or MPLS_TE protocols
– Visualized simulation process, such as the optical layer, route, and traffic
simulation progresses
– Viewing comparison result before and after the simulation and report
export

iMaster NCE
Figure 6-13 Simulation settings
The traffic simulation analysis results include:

● Changes in load traffic maps at different historical time points after traffic
simulation.
Figure 6-14 Load traffic map 1

iMaster NCE
Figure 6-15 Load traffic map 2
6.3.2.1.4 TE Simulation Analysis

Users can modify constraint configuration parameters of TE tunnels, perform route
simulation and traffic simulation analysis before and after TE tunnel constraint
modification, and analyze changes in service traffic path, hop count, link load
threshold crossing, and tunnel path, delay, and hop count.
You can modify the following constraints of TE tunnels:
● CT0 bandwidth
● Affinity attributes
● Delay and hop count
● Priority
● Explicit paths of the primary and backup paths
Figure 6-16 Editing TE tunnels
The TE simulation analysis results include:

● Changes in the tunnel paths before and after modification to the constraints
of the TE tunnel

iMaster NCE
Figure 6-17 Tunnel path
Figure 6-18 Paths before the TE tunnel constraints modification

iMaster NCE
Figure 6-19 Paths after the TE tunnel constraints modification
● Analyzes changes in the flows carried on a tunnel before and after constraint
configuration of the TE tunnel is modified, helping you identify whether the
flows carried on the key tunnels are changed.
Figure 6-20 Flows carried on the tunnel

iMaster NCE
Figure 6-21 Flows carried on the tunnel after the constraints of the tunnel
have been modified
6.3.2.1.5 Failure Simulation Analysis

In the topology view, users can select target nodes or links, simulate failures on
them, and perform route and traffic simulation before and after failures occur to
evaluate and analyze the service traffic interruptions, link load threshold crossing,
and changes to tunnel paths, delays, and hop quantities.
Setting failures includes:
● Set IP node failures
● Set optical node failures
● Set L2 link failures
● Set OTS link failures
Only optical nodes and optical-electrical nodes can be set as failures. Electrical nodes
cannot be set as failures.

iMaster NCE
Figure 6-22 Set failures
Failure simulation analysis results include:

● Load traffic maps before and after failures occur, helping users identify
overloaded links after the failures occur
Figure 6-23 Load traffic maps
● Changes to the flows carried on links or TE tunnels before and after failures
occur, helping users check whether the flows carried on key links or TE
tunnels have changed
Figure 6-24 Flows carried on a link before a failure occurs

iMaster NCE
Figure 6-25 Flows carried on a link after a failure occurs
● Flow service path changes before and after failures occur
Figure 6-26 Flow service path comparison
● Tunnel path changes before and after failures occur

iMaster NCE
Figure 6-27 Tunnel path comparison
● Failure statistics reports on the UI or in Excel, which contain the numbers of

flow changes, flow interruptions, tunnel interruptions, load changes, and
number of overloaded links caused by failures.

iMaster NCE
Table 6-17 Reports

Report Content Function
Summary ● Flow Statistics: Clearly understand the

collects statistics on network risks caused by
the flows that are not failures.
changed after IF
definitions, flows with
changes of paths, and
interrupted flows.
● Tunnel Statistics:
collects statistics on
the tunnels that are
not changed after IF
definitions, tunnels
with changes of
paths, and interrupted
tunnels (including
tunnels whose paths
are interrupted and
tunnels whose status
changes from up to
down).
● Load Statistics:
the loads whose
bandwidth usage is
changed and exceeds
the preset threshold
after IF definitions,
loads whose
bandwidth usage is
not changed, and
loads whose
bandwidth usage is
changed but does not
exceed the threshold.
NOTE
50% in Exceeded
threshold (50%,
changed) is the preset
load threshold, which is
configurable. If the
threshold is set to 80%,
the system displays
Exceeded threshold
(80%, changed)
(Bandwidth utilization
is greater than 80%
after IF definitions).
● Multi-layer Links:
the multi-layer links

iMaster NCE
that are not changed

and rerouted,
interrupted, degraded,
created or deleted
after optical
simulation.
Flows Flow status (interrupted, Evaluate the impact of

changed), hop count failures on services based
changes, failure reason, on flow changes (actual
and other information. service changes).
Evaluate failure risks
based on the impact
scope and service
importance.
Tunnels Tunnel name, source and Evaluate the impact of

destination IP addresses, failures on tunnels based
signaling protocol, on tunnel changes.
failure reason, hop Evaluate failure risks
count, delay, status, and based on the impact
other information. scope and tunnel
importance.
Loads Node name, interface Check for link congestion

name, bandwidth, based on load changes
bandwidth utilization caused by flow changes
before and after a after a failure to help
failure, status, and other make decision in link
information. capacity expansion and
device migration.
Multi-Layer Links Multi-layer link status Evaluate the impact of IF

(rerouted, degraded, definitions on multi-layer
interrupted, added and links based on the
deleted), source and changes of multi-layer
destination node names, links. Evaluate IF
and source and definition risks based on
destination interface the impact scope.
names
IF Definitions Operation time, View the detailed

operation type, operation information about the
object, object name, operation records on
operation description setting IF definitions.
and other information.
6.3.2.1.6 Multi-layer link Activation or Deactivation Simulation Analysis

You can simulate link activation or deactivation on the Multi-Layer Network
Navigator app, And perform route, traffic, and optical-layer simulation before and

iMaster NCE
after IF definition on the What-If Analysis app. Based on the simulation results,
you can analyze link load threshold crossing, tunnel and flow multi-layer path
Based on the simulation results, you can analyze link load threshold crossing,
tunnel and flow multi-layer path changes, multi-layer link rerouting, interruption,
degrade, adding and deleting, and tunnel path, delay, and hop count changes
before and after the IF definitions occur.
Multi-layer link activation or deactivation includes the following:
● If the link is in Active state, deactivate the link.

● If the link is in Inactive state, activate the link.
● If the link is abnormal, it cannot be activated or deactivated.
Simulation analysis results include:
● Load traffic maps before and after IF definitions, helping users identify
overloaded links after IF definitions
Figure 6-28 Load traffic maps
● Changes to the flows carried on links or TE tunnels before and after IF

definitions, helping users check whether the flows carried on key links or TE
tunnels have changed
Figure 6-29 Flows carried on a link before IF definitions

iMaster NCE
Figure 6-30 Flows carried on a link after IF definitions
● Flow service path changes before and after IF definitions
Figure 6-31 Flow service path comparison
● Tunnel path changes before and after IF definitions

iMaster NCE
Figure 6-32 Tunnel path comparison
● Multi-layer link path changes before and after IF definitions
Figure 6-33 Multi-layer link path comparison

iMaster NCE
Figure 6-34 IP link path before IF definitions
Figure 6-35 IP link path after IF definitions

iMaster NCE
● Flow multi-layer path changes before and after IF definitions
Figure 6-36 Flow multi-layer path before IF definitions
Figure 6-37 Flow multi-layer path after IF definitions
● Tunnel multi-layer path changes before and after IF definitions
Figure 6-38 Tunnel multi-layer path before IF definitions

iMaster NCE
Figure 6-39 Tunnel multi-layer path after IF definitions
● IP link multi-layer path changes before and after IF definitions
Figure 6-40 IP link multi-layer paths before IF definitions
Figure 6-41 IP link multi-layer paths after IF definitions
● Simulation statistics reports in Excel or on the GUI. The report displays the
number of flow changes, flow interruptions, tunnel interruptions, overloaded
links, and interrupted, rerouted, added and deleted multi-layer links.

iMaster NCE
Table 6-18 Reports

Summary ● Flow Statistics: Clearly understand the

collects statistics on network risks caused by IF
the flows that are not definitions.
changed after IF
definitions, flows with
changes of paths, and
interrupted flows.
● Tunnel Statistics:
the tunnels that are
not changed after IF
definitions, tunnels
with changes of
paths, and
interrupted tunnels
(including tunnels
whose paths are
interrupted and
tunnels whose status
changes from up to
down).
● Load Statistics:
the loads whose
bandwidth usage is
changed and exceeds
the preset threshold
loads whose
bandwidth usage is
not changed, and
loads whose
bandwidth usage is
changed but does not
exceed the threshold.
NOTE
50% in Exceeded
threshold (50%,
changed) is the preset
load threshold, which is
configurable. If the
threshold is set to 80%,
the system displays
Exceeded threshold
(80%, changed)
(Bandwidth utilization
is greater than 80%
after IF definitions).
● Multi-layer Links:

iMaster NCE
the multi-layer links

that are not changed
and rerouted,
interrupted, or
degraded after optical
simulation, and
multi-layer links
created or deleted
due to link activation
or deactivation.
Flows Flow status (interrupted, Evaluate the impact of IF

changed), hop count definitions on services
changes, failure reason, based on flow changes
and other information. (actual service changes).
Evaluate IF definition risks
based on the impact
scope and service
importance.
Tunnels Tunnel name, source and Evaluate the impact of IF

destination IP addresses, definitions on tunnels
signaling protocol, based on tunnel changes.
failure cause, hop count, Evaluate IF definition risks
delay, status, and other based on the impact
information. scope and tunnel
importance.
Loads Node name, interface Check for link congestion

name, bandwidth, based on load changes
bandwidth utilization caused by flow changes
before and after IF after IF definitions to help
definitions, status, and make decision in link
other information. capacity expansion and
device migration.
Multi-Layer Links Multi-layer link status Evaluate the impact of IF

(rerouted, degraded, definitions on multi-layer
interrupted, added and links based on the
deleted), source and changes of multi-layer
destination node names, links. Evaluate IF
and source and definition risks based on
destination interface the impact scope.
names
IF Definitions Operation time, View the detailed

operation type, information about the
operation object, object operation records on
name, operation setting IF definitions.
description and other
information.

iMaster NCE
Product Description (Super, Compatible with x86) 7 Usage Scenarios
7 Usage Scenarios
NCE can be flexibly used in various scenarios to achieve network connection

automation and self-optimization as well as O&M automation.
7.1 Private Line

7.2 IP+Optical Solution
7.1 Private Line
7.1.1 IP RAN Private Line

Availability
This feature has been available since V100R018C00.
Background
The legacy private line bearer networks cannot provide high MSTP bandwidth or
support advanced technologies. Though OTN networks can provide flexible access
for SDH services and support Layer 2 Ethernet services such as E-Line and E-LAN,
they are weak at Layer 3 and have difficulty in providing access for private lines
due to their positions.
IP RANs are strong at Layer 3 because they have routers, which is suitable for
complex mesh networking. In addition, IP RANs feature comprehensive coverage.
Therefore, carriers prefer to use IP RANs to provision private line services.
Carriers' IP RANs are deployed by city. One IP RAN is deployed in each city. If a city
uses devices from two vendors, two IP RANs will be deployed. Enterprise branches
in different cities need to interconnect with each other across different IP RAN
networks. Therefore, they need multi-domain multi-vendor IP RAN private lines.
The multi-domain connection technologies on NCE (Super), Option A and Option

C, extend the concept of "domain" defined in RFC4364. The technologies can cross
not only autonomous systems (ASs), but also management domains and
forwarding domains.

iMaster NCE
Solution
Scenario 1: Option C Site-to-Site Private Line Service
This service allows enterprise branches to communicate with each other in the
following scenarios:
● An enterprise has two branches 1 and 2 in the same city and needs to apply
for a private line service to connect the branches. This scenario requires an
intra-city site-to-site private line service.
● An enterprise has branch 1 in city A and branch 3 in another city and needs to
apply for a private line service to connect the two branches. This scenario
requires an inter-city site-to-site private line service.
Figure 7-1 Option C site-to-site private line service (separated CPE management)
This scenario has the following characteristics:

● CPEs transmit received enterprise services to CSGs over static PWs. The CSG
changes static PWs to dynamic PWs. Dynamic PWs are used between CSGs
and ASGs, and between ASGs. The service deployment on the peer IP RAN is
the same as that on the local end.
● The local ASG connects to the peer ASG over a PW that traverses the local P,
provincial backbone network, and peer P. The underlying bearer tunnel is
deployed in advance.
● CPEs are managed by either the same controller or different controllers. The
IP RAN can be managed in two ways: (1) The IP RAN devices of one province
are managed by one controller; (2) The IP RAN devices of each city are
managed by a separate controller.
● An intra-city service is a service between two access points (CPEs) in the same
city, for example, the service between CPE1 and CPE2 in the figure.
● An inter-city service is a service between two access points (CPEs) in different
cities, for example, the service between CPE1 and CPE3 in the figure.
This scenario provides the following extended capabilities.

iMaster NCE
Table 7-1 Site-to-site private line capabilities

Extended Description
Capability
Access of The CPE can access the CSG in static PW mode.

CPEs to
CSGs
Multi- Dynamic PWs can be established between CSGs across domains.

domain Dynamic PWs can be established between ASGs across domains.
connection
Dynamic PWs can be established between RSGs across domains.
Dynamic PWs can be established between RSGs and ASGs across
domains.
Service Template type for inter-city site-to-site private line scenarios: PW

template +VLL+VLL+PW
type
Flexible CEs can be single-homed to CPEs through VLANs, and CPEs can
access be single-homed to CSGs through static PWs.
modes CEs can be single-homed to CPEs through VLANs, and CPEs can
be dual-homed to CSGs through static PWs.
CEs can be single-homed to CPEs through VLANs, and CPEs can
be single-homed to ASGs through static PWs.
be dual-homed to ASGs through static PWs.
Figure 7-2 Flexible access modes
Scenario 2: Mixed Site-to-Site Private Line Service

iMaster NCE
Figure 7-3 Mixed site-to-site private line service

● CPEs belong to single-NE domains and transmit received enterprise services to
CSGs over a VLAN.
● The IPRAN1 and the IPRAN2 domains are interconnected through MP-BGP
LSPs to form a virtual main domain.
● The topology type of CPE domains is P2P, and the topology type of IP RAN
domains can be P2P or Add-Drop-Z.
● The supported service template is VLAN-based L2VPN+VLL+VLL+VLAN-based
L2VPN.
Scenario 3: Option C Intra-Province Site-to-Site Private Line
All IP RAN devices in a province are managed by the same domain controller. All
CPEs in the province are managed by another controller.
In this scenario, NCE (Super) does not distinguish inter-city services from intra-city
services. All CPE-CPE services are divided into three VPN segments. The controller
determines whether the services between CSGs cross multiple domains. As shown
in Figure 7-4, NCE (Super) divides the service between CPE1 and CPE2 into three
VPN segments: CPE1, CSG1-CSG3, and CPE3.
Figure 7-4 Intra-province site-to-site private line
Scenario 4: Option C IP RAN Private Line Across a Third-Party Network

iMaster NCE
The two IP RANs accessed by CPEs are provided by different vendors. One CPE
connects to the IP RAN managed by NCE (IP Domain), and the other CPE connects
to a third-party IP RAN managed by a third-party controller. This scenario is
similar to a common inter-city Option C scenario. The only difference is that one
IP RAN belongs to a third party.
Figure 7-5 Option C IP RAN private line across a third-party network
Scenario 5: Option A CPE+MS-PW+CPE Site-to-Site Private Line Across the IP

RAN Domain
In Figure 7-6, enterprise interconnection services access the IP RAN from different
locations in a city. NCE (Super) manages an IP RAN domain and a CPE access
domain. Tenant services are transmitted between CPEs across the IP RAN domain.
The service type is VLL in the IP RAN domain and VLAN-based L2VPN on CPEs.

iMaster NCE
Figure 7-6 CPE+MS-PW+CPE site-to-site private line across the IP RAN domain
Table 7-2 Supported service type

Service Type Service Service Access CPE Service
Requirement Template
Type
Layer 2 VLL CPEs serve as ETN/ATN VLAN-based

private line service access device L2VPN+VLL
points. VLL +VLAN-based
services are L2VPN
provisioned
across the IP
RAN.
Scenario 6: Option A Inter-City IP RAN+IP Core Site-to-Site Private Line

Figure 7-7 shows the private line connecting Branch 1 and Branch 2 of Enterprise
A in two cities. In the southbound direction, NCE (Super) interconnects with
U2000 to manage the CPE domain, with NCE (IP Domain) to manage IP RAN
devices and backbone network devices.

iMaster NCE
Figure 7-7 Inter-city IP RAN+IP core site-to-site private line

1. The CPE in the upstream direction uses a VLAN to access the CSG.
2. Domains are connected through VLANs.
3. Intra-domain path planning must be created for both the IP RAN1 and IP
RAN2 domains. In intra-domain path planning, users need to plan the homing
relationships between CSGs and ASGs and between CSGs and RSGs.
4. Inter-domain links need to be created between a couple of access points, such
as between CPE1 and CSG1, between CPE2 and CSG2, between RSG1 and
PE1, between RSG2 and PE2, between RSG3 and PE3, and between RSG4 and
PE4.
5. Virtual aggregation ports need to be created between RSG1 and RSG2,
between PE1 and PE2, between PE3 and PE4, and between RSG3 and RSG4.
Scenario 7: Option A IP RAN+IP RAN Site-to-Site Private Line
Figure 7-8 shows interconnection between the branches of an enterprise user of a
carrier and Table 7-3 describes service types. Services in this scenario do not pass
through the provincial backbone network (core domain).
In each domain, the carrier specifies the primary and secondary superstratum
provider edges (SPEs) for the user-end provider edge (UPE) access points and
specifies the PW technology in the domain as multi-segment PW (MS-PW) during
service design. Finally, VPN services are provisioned along paths specified by the
carrier in these domains. The working and protection paths correspond to the
primary and secondary PWs, respectively.

iMaster NCE
Figure 7-8 IP RAN+IP RAN site-to-site private line

Service Type Service Requirement Service Template
Type
L2VPN UPEs serve as service access VLL+VLL

points. E2E L2VPN services are
provisioned across two IP RAN
domains.
Scenario 8: Option A Inter-Province Site-to-Site Private Line
Figure 7-9 Inter-province site-to-site private line
Figure 7-9 shows a private line between two enterprise sites, and services are
transmitted across the provincial backbone network (core domain).
NCE (Super) interconnects with NCE (IP Domain) in the southbound direction, and
NCE (IP Domain) synchronizes inventory data from the core domain, the access

iMaster NCE
and aggregation domains as well as CPE devices. The working and protection
paths correspond to the primary and secondary PWs, respectively.
Scenario 9: Option A Inter-City Site-to-Site Private Line Service
Enterprise A needs to interconnect its branches (Branch 1 and Branch 2) in two
different cities. NCE (Super) interconnects with NCE (IP Domain), or a third-party
controller in the southbound direction to manage devices in the core domain.
In centralized CPE management scenarios, CPEs and devices in the IP RAN domain
are managed by the same controller. In separate CPE management scenarios, CPEs
and devices in the IP RAN domain are managed by different controllers.
Figure 7-10 Centralized CPE management
Figure 7-11 Separate CPE management
A CPE can access the IP RAN domain in either of the following ways:
1. Static PW: A static PW is directly configured on the CPE.
2. VLAN: The CPE is classified as a single-NE domain for service provisioning.
● The Option A solution is also called the back-to-back solution. As shown in
Figure 7-10, the ASG and ASBR serve as an access points for each other and
an inter-domain link needs to be created in between.
● The five-segment VPN service refers to the service divided into five service
domains according to the service integrity principle.
● ASGs are fully meshed with nodes in the access and aggregation domains.
This scenario provides the following extended capabilities.

iMaster NCE
Table 7-4 Option A Layer 2 P2P private line

Capability
Connection CPEs can be single-homed to CSGs through a VLAN.

from CPEs
to CSGs
Service This scenario supports the following service template types:

template ● VLAN+VLL+VLAN
type
● VLAN+VLL+VLL+VLL+VLAN
Flexible CEs can be single-homed to CSGs through a VLAN.

access CEs can be single-homed to ASGs through a VLAN.
modes
be single-homed to ASGs through a VLAN.
Table 7-5 Option A Layer 3 private line

Capability
Connection CPEs can be single-homed to CSGs through a VLAN.

from CPEs
to CSGs
Service This scenario supports the following service template types:

template ● VLAN+L3VPN+VLAN (centralized CPE management)
type
● VLAN+VLL+L3VPN+VLL+VLAN (separate CPE management)

iMaster NCE
Capability
Flexible CEs can be single-homed to CSGs through a VLAN.

access CEs can be single-homed to ASGs through a VLAN.
modes
be single-homed to ASGs through a VLAN.
Scenario 10: Mixed Inter-City Site-to-Site Private Line
Figure 7-14 Mixed inter-city site-to-site private line

● Enterprise services are transmitted from CPEs to CSGs through VLANs or static
PWs. The IP RAN and IP core domains are connected through VLANs or PWs.
The IP core domain is the main domain, and other domains are non-main
domains. In Mix scenarios, both VLANs and PWs exist in inter-domain
connections.
● The supported service template types are PW+VLL+VLL+VLL+PW and PW+VLL
+L3VPN+VLL+PW.
Scenario 11: Site-to-Internet Private Line

iMaster NCE
Figure 7-15 Site-to-Internet private line
From the perspective of users, the purpose of the service is to access the Internet.
Therefore, this service is called the site-to-Internet service.
1. The service is a circuit cross connect (CCC) service. NCE (Super) manages only
the CCC service on CPE1 and service in IP RAN domain.
2. A large-capacity PW is provisioned between CSG1 and ASG1. Multiple users
under the same CPE share the same PW.
3. The site-to-Internet private line is provisioned in a nested manner. That is, the
intra-domain server-layer service is provisioned before the client-layer service.
The client-layer service directly uses the server-layer service.
4. The server-layer service does not have bandwidth limits. The client-layer
service, however, has a bandwidth limit on the UNI side of the CPE domain.
5. The existing OSS/BSS provisions service configurations on the BRAS/CR.
Scenario 12: IP RAN Access to the Backbone MS-PW Cloud/IoT Private Line
Figure 7-16 shows a site-to-cloud private line used by CEs to access the cloud DC.
NCE (Super) interconnects with NCE (IP Domain) to manage CPEs, IP RAN devices,
and provincial backbone devices.
The networking scenario of the IoT private line is the same as that of the site-to-
cloud private line, but their PW protection configurations are slightly different.

iMaster NCE
Figure 7-16 IP RAN Access to the Backbone MS-PW Cloud/IoT Private Line

1. A static LSP is established between the CPE domain and IP RAN domain.
2. The boundary nodes of the IP RAN domain are ASG1 and ASG2. The next hop
is VPN GW1 for ASG1, and VPN GW2 for ASG2.
3. An MP-BGP LSP is established between the IP RAN domain and the cloud
backbone domain.
4. LAGs need to be created between VPN GW1 and VPN GW2.
5. The cloud backbone domain is managed by NCE (IP Domain), and no intra-
domain path needs to be planned.
6. NCE (Super) is responsible for services from the CPE domain to the cloud
backbone domain. The customer side is responsible for services from the
cloud backbone domain to the cloud DC.

iMaster NCE
Table 7-6 IP RAN+backbone MS-PW site-to-cloud private line

Capability
Flexible access CEs can be single-homed to CSGs through a VLAN.

modes CEs can be single-homed to ASGs through a VLAN.
be single-homed to ASGs through static PWs.
be dual-homed to ASGs through static PWs.
Scenario 13: PON+L3VPN Site-to-Cloud Private Line

iMaster NCE
Figure 7-18 PON+L3VPN site-to-cloud private line (multi-domain)
In this scenario, PON service deployment is managed by a separate access NMS.
NCE (Super) manages services from the BRAS to PEs. The BRAS belongs to the
metro network, and the PEs connect to the cloud and belong to the converged
cloud backbone network.
Figure 7-19 PON+L3VPN site-to-cloud private line (single domain)

iMaster NCE
If the IP RAN for city A and the converged cloud backbone network are managed
by the same set of NCE (IP Domain), NCE (Super) processes the service as a
single-domain L3VPN service.
Scenario 14: PON+Seamless MPLS VPWS Site-to-Cloud Private Line
Figure 7-20 PON+seamless MPLS VPWS site-to-cloud private line (multi-domain)
In this scenario, PON service deployment is managed by a separate access NMS.

NCE (Super) manages services from the BRAS to PEs. The BRAS belongs to the
metro network, and the PEs connect to the cloud and belong to the converged
cloud backbone network. This service is an Option C L2VPN+L2VPN service.

iMaster NCE
Figure 7-21 PON+seamless MPLS VPWS site-to-cloud private line (single domain)
If the IP RAN for city A and the converged cloud backbone network are managed
by the same set of NCE (IP Domain), NCE (Super) processes the service as a
single-domain L2VPN service.
Scenario 15: SRv6 BE-based Site-to Site Private Line
The two enterprise sites are interconnected using SRv6 BE. MPLS does not need to
be enabled on the IPv6 network, which greatly simplifies network configuration.
In this scenario, an enterprise site accesses the network through a CPE. The IPv6
network is established between CPEs through pre-configuration. SRv6 BE is
enabled for services to establish E2E IPv6 forwarding paths for interconnection.
Figure 7-22 SRv6 BE-based site-to site private line

iMaster NCE
Benefits
This feature offers the following benefits:
● Simplifies network deployment by providing templates for service

customization, orchestrating complex composite services, and implementing
E2E multi-domain service provisioning on the WAN.
● Improves network utilization by automatically computing optimal paths based
on actual service requirements and quickly adjusting service bandwidth on
demand.
● Streamlines service acceptance and supports fast service continuity checks
after service provisioning.
● Provides open NBIs that allow fast integration with carrier's OSSs.
Key Features
Table 7-7 Key features
Feature Name
ID
WOFD-10 Network Service Template

10000
WOFD-10 Network Resource Management

20000
WOFD-10 Network Service Management

30000
WOFD-10 Network Service Discovery

40000
WOFD-10 Abnormal service monitoring

50000
WOFD-10 Private Line SLA Analysis

60000
7.1.2 SPTN Private Line

Availability
This feature has been available since NCE (Super) V100R018C00.
Background
To meet future service development requirements and facilitate O&M on the live
network, the packet transport network (PTN) must be further evolved. The
centralized management and control architecture provides superb evolution
performance for software-defined networking (SDN), making it possible for the

iMaster NCE
PTN to combine the advanced concepts of SDN with carrier-class reliability and
high service quality and smoothly evolve to the SDN PTN (SPTN).
Solution
Scenario 1: Group Customer Private Line
In this networking scenario, the SPTN private line solution uses NCE (Super) to
manage multiple sets of NCE (IP Domain) to implement automatic provisioning
and management of the multi-domain E2E Layer 2 private line.
In traditional PTN service configuration mode, you need to manually perform

operations according to work orders, and in the multi-domain scenario, you need
to manually plan and configure each domain. The SPTN system converts work
orders into corresponding network service models and applies the routing policies
for path computation. E2E services can be automatically created.
Figure 7-23 Networking of a group customer private line
Table 7-8 Supported service types
Service Service Requirement Service Template Type

Type
L2VPN Single-domain private line, intelligent VLL

path computation, and automated
provisioning of intra-domain Layer 2
services

iMaster NCE

Type
Multi-domain private line, intelligent VLL+VLL

path computation, inter-domain VLAN
interconnection, and automated
provisioning of E2E Layer 2 services
Multi-domain private line, inter-city VLL+VLL+VLL

interconnection through the provincial
backbone network, intelligent path
computation, inter-domain VLAN
interconnection, and automated
provisioning of E2E Layer 2 services
Scenario 2: Mobile Bearer

In this networking scenario, the SPTN private line solution uses NCE (Super) to
manage a single set of NCE (IP Domain) to provision and manage L2VPN and
L3VPN services in a single domain.
The PTN for LTE uses the L2+L3 service model, as shown in Figure 7-24. On the
access and aggregation sides, the VLL is used for access to LTE services, and the
L3VPN is configured at the core layer to differentiate services. To enhance access
reliability, PW dual-homing protection (one source and two sinks) is deployed for
Layer 2 access. VE bridging is configured on edge devices at the core layer to
forward service traffic from L2VPN to L3VPN.

iMaster NCE
Figure 7-24 Mobile bearer networking

Type
L2VPN Access and aggregation domains: VLL

Single-source and double-sink single-
domain private line, active/standby PW
protection, intelligent path
computation, and automated
provisioning of intra-domain Layer 2
services
L3VPN Core domain: Full-mesh networking L3VPN

and intra-domain L3VPN services.
NOTE
On the mobile bearer networking, access
L2VPN services and core L3VPN services are
configured separately. Configure VE
bridging on edge devices in the core
domain to implement L2VPN accessing
L3VPN.
Benefits
The SDN-based SPTN feature provides the following benefits:

iMaster NCE
● Improves service provisioning efficiency.

This feature can simplify and optimize O&M and solve the problem that
service provisioning efficiency is low when devices from different vendors are
interconnected.
● Computes paths intelligently.
This feature supports flexible path computation policies and can automatically
select optimal paths to improve service provisioning efficiency and network
resource utilization.
● Maximizes network protection.
With intelligent path computation, this feature automatically computes
protection paths that are compliant with path disjoint constraints for services.
It also provides rerouting and re-optimization mechanisms to mitigate
security threats.
● Establishes an efficient, agile, and open ecosystem.
Based on the openness of SDN, this feature guides the entire industry to
become more open and cooperative, facilitating quick provisioning of network
and service features and reducing overall costs of the entire network and
services.
Key Features
1. Policy-based Intelligent Path Selection
Most service paths on the live network are computed on the OMC. The route
selection policy is relatively simple and cannot meet the requirements for flexible
route selection in multiple scenarios because of the universality of the OMC.
Therefore, the intelligent routing capability needs to be introduced into the SPTN
system, so that service paths that meet route selection constraints and
requirements are selected.
During service provisioning, routes that comply with the routing policy need to be
selected based on route selection requirements. Routing policies are divided into
the following types:
● Default policy: The working and protection paths are carried over different
fibers. To be specific, the paths are carried over different devices, different
boards, and different links. The default policy is automatically applied during
the path computation and does not need to be specified.
● Basic policy: includes the shortest path, the networking load balancing, and
the shortest delay policies. You can specify a basic policy during path
computation. If no basic policy is specified, the shortest path policy is used by
default.
● Advanced policy: Aggregation nodes are not deployed in the same equipment
room, and cannot be deployed on other access rings. The protection and
working paths are carried over different fibers. The advanced policy is based
on inventory information on the network and the method to obtain inventory
information needs to be further researched.
The detailed requirements for different routing policies are as follows:
● The working and protection paths are carried over different fibers: Service
protection is the most important reliability method of the PTN, ensuring that

iMaster NCE
the network is protected if a single-node fault occurs. Therefore, if APS

services are configured, path selection should first comply with the policy that
the working and protection paths are carried over different fibers. The SPTN
system cannot detect boards. As a result, the policy that the working and
protection paths are carried over different boards temporarily cannot be
applied in the SPTN system.
Figure 7-25 Working and protection paths carried over different fibers
● Shortest path: After this policy is selected, paths are selected based on the
principle that the minimum number of hops are passed. If you do not specify
any basic policy, the shortest path policy is used by default.
● Network load balancing: After this policy is selected, paths are selected based
on the link load (planned CIR) to avoid links planned with overloaded
bandwidth.
Network load balancing is implemented in the following scenarios:
a. If multiple links are deployed between two nodes, different services are
load-balanced on different links.
b. On a ring network, different services are load-balanced in different
directions of the ring.
Figure 7-26 Network load balancing 1

iMaster NCE
Figure 7-27 Network load balancing 2
● Shortest delay (not supported in the current version): When service paths are
selected based on the configured bandwidth and the link delay and node
delay measured on the network, the E2E service path with the shortest delay
is selected.
The intelligent routing policies are applicable to the service provisioning phase and these
routing policies are not used during the rerouting process caused by a channel fault.
2. Display of Performance Information on Service Traffic and Quality (API

Only)
Currently, the operation and O&M of group customer services are implemented by
two separate systems. The marketing project manager cannot easily obtain
important data, such as the network quality and traffic, affecting service
operations. In response to this situation, the SPTN system introduces the third-
party app system. In collaboration with the current traffic system and NMS, the
SPTN system opens the functions required by network data and traffic-based
service operations to users:
● Historical and current performance data can be queried.
● Service traffic-related performance information, including bandwidth usage
and traffic distribution trend, can be displayed using third-party apps.
● Service quality-related performance information, including the delay, jitter,
and packet loss rate, can be displayed using third-party apps.
The display of the performance and quality of a private line is implemented by third-party
apps.

iMaster NCE
Figure 7-28 Display of performance information on service traffic and quality
3. Protection and Security Hardening Scenario (API Only)
● 1:1 reroute protection

The 1:1 LSP protection commonly used on live networks can restore services
only when a single point of failure occurs. If multiple nodes are faulty, services
cannot be protected, affecting network stability. In principle, optical fibers at
the aggregation and backbone layers are separated. But at the pipe layer, they
are difficult to completely separate. If the full-mesh networking is used at the
core layer, faults may occur on certain pipe-layer services. As a result, the
primary and backup paths are interrupted simultaneously.
The rerouting function can solve LSP faults and improve the network stability.
– Rerouting can be performed for a faulty LSP to generate a new available
path.
– The new path data is reported to the integrated RMS or integrated
transport NMS and saved in the database.
Figure 7-29 1:1 reroute protection for LSPs
● Route re-optimization

iMaster NCE
For service protection purposes, the live network has a primary LSP and a backup
LSP. However, they may share the same optical fiber (co-routed). When a fault
occurs on an NE or port along the fiber, both the primary and backup LSPs
become unavailable, interrupting services.
Route re-optimization can identify the co-routed services in advance and optimize
the routes to prevent co-routing and improve service security.
Re-optimization can be performed on a faulty service tunnel to generate two
disjoint paths.
The service paths can be modified to solve the co-routing problem for the primary
and backup LSPs.
Figure 7-30 Permanent 1: 1 protection for LSPs
7.1.3 Comprehensive Multi-Domain Private Line

Availability
Background
A carrier may use multiple technologies and networks on the access and
aggregation sides to carry customers' private lines, so as to provide various access
modes and meet service requirements at different levels. For example, a carrier
may use a GPON, microwave, or CPE network on the access side, and an IP RAN
or OTN on the aggregation side. If a service needs to be provisioned across
technologies, domains, and network segments, it is necessary to use multiple
controllers.
Solutions
Scenario 1: CPE+OTN Site-to-Site Private Line

iMaster NCE
Figure 7-31 CPE+OTN site-to-site private line

Service Service Service Access NE Service
Type Requirement Template Type
Layer 2 EPL via CPEs serve as service ETN500/AT VLL+EVPL/EPL

private optical access points. EPL N 910C/ +VLL
line services are MA5612
provisioned across and
the optical access MA5600T
and aggregation (or
networks. MA5608/
MA5603T/
MA5800-
X17)
Scenario 2: OTN+IP Core Site-to-Site Private Line

As shown in Figure 7-32 and Table 7-11, the core domain carries the VLL, VPLS,
and L3VPN services, and the access (metro) domain carries the EVPL service.

iMaster NCE
Figure 7-32 OTN+IP core site-to-site private line

Servic Service Service Requirement Access NE Service
e Description Template Type
Type
L3VP L3VPN LS.CPEs or HS.CPEs ETN500/AT VLL+EVPL

N serve as service access N 910C/ +L3VPN+EVPL
points. L3VPN services MA5612 +VLL
are provisioned across and
the optical access and MA5600T
aggregation networks (or
and IP core network. MA5608/
MA5603T/
Site-to- LS.CPEs or HS.CPEs MA5800- VLL+EVPL
Internet serve as service access X17) +L3VPN
private line points. Site-to-Internet
private line services are
provisioned across the
optical access and
aggregation networks
and IP core network.
E-LAN E-LAN LS.CPEs or HS.CPEs VLL+EVPL+VPLS

serve as service access +EVPL+VLL
points. L2VPN services
are provisioned across
the optical access and

iMaster NCE
Servic Service Service Requirement Access NE Service

e Description Template Type
Type
Layer EPL via IP LS.CPEs or HS.CPEs VLL+EVPL+VLL

2 serve as service access +EVPL+VLL
privat points. EPL services are
e line provisioned across the
optical access and
EVPL via IP LS.CPEs or HS.CPEs VLL+EVPL+VLL

serve as service access +EVPL+VLL
points. EVPL services are
provisioned across the
optical access and
● MC-LAG or LAG protection

MC-LAG or LAG protection is provided for multi-domain links, as shown in
Figure 7-33. If multi-domain links are faulty, services are switched from the
faulty port to another port for transmission. Currently, the triangular structure
in the following scenario is supported: The MC-LAG is configured for the
metro network, and the LAG is configured for the IP core network. In addition,
the LAG can also be configured between LSAcc and HSAcc.
Figure 7-33 Protection scenario where the port type is MC-LAG or LAG
● Services with different lifecycles

As shown in Figure 7-34, if a carrier has deployed WAN-side services and
extends the services to the access side, NCE (Super) provides E2E service
provisioning and management, managing WAN-side and access-side services
in an E2E manner. As shown in Table 7-12, currently only L3VPN, E-LAN, and
Layer 2 private line services are supported.

iMaster NCE
Figure 7-34 Provisioning of services with different lifecycles

Service Service Service Access WAN-Side
Type Requirement NE Service
Template
L3VPN L3VPN LS.CPEs or HS.CPEs ETN500/ VLL+(EVPL

serve as service ATN +L3VPN+EVPL)
access points. L3VPN 910C/ +VLL
services are MA5612
provisioned across and
the optical access MA5600
and aggregation T (or
networks and IP core MA5608/
network. MA5603
T/
E-LAN Layer 2 LS.CPEs or HS.CPEs MA5800- VLL+(EVPL+VPLS
private serve as service X17) +EVPL)+VLL
network access points. L2VPN
services are
provisioned across
the optical access
and aggregation
networks and IP core
network.

iMaster NCE
Service Service Service Access WAN-Side

Type Requirement NE Service
Template
Layer 2 EPL via IP LS.CPEs or HS.CPEs VLL+(EVPL+VLL

private serve as service +EVPL)+VLL
line access points. EPL
services are
provisioned across
the optical access
and aggregation
network.
EVPL via LS.CPEs or HS.CPEs VLL+(EVPL+VLL

IP serve as service +EVPL)+VLL
access points. EVPL
services are
provisioned across
the optical access
and aggregation
network.
Scenario 3: IP RAN+OTN Site-to-Site Private Line (with the OTN Only as a

Pipe)
As shown in Figure 7-35, the carrier uses the IP RAN and optical aggregation
network to carry enterprise private line services. One end of the enterprise
network connects to the IP RAN through the CPE, and the other end of the
enterprise network connects to the ACC attached to the optical aggregation
network (MS-OTN). The ACC can carry both mobile bearer services and enterprise
private line services, which is slightly different from the CPE that carries only
enterprise private line services. The optical aggregation network is deployed in
advance as a pipe to streamline IP routes between the ACC and IP RAN. During
service provisioning, NCE (Super) manages a CPE access domain (including the
ACC) and an IP RAN domain. Tenant services are CPE+IP RAN+ACC multi-domain
services.
The service type is VLAN-based L2VPN on the CPE and VLL in the IP RAN domain
and on the ACC.

iMaster NCE
Figure 7-35 IP RAN+OTN site-to-site private line
Service Service Service Requirement Access NE Service

Type Template
Type
Layer 2 E-Line CPEs serve as service ETN500/AT VLL+VLL+VLL

private access points. L2VPN N 910C/
line services are provisioned MA5612
across the IP RAN and and
OTN (with the OTN only MA5600T
as a pipe) as well as MS- (or
PWs to the ACC. MA5608/
MA5603T/
MA5800-
X17)
Scenario 4: IP RAN+IP Core+OTN Site-to-Site Private Line
As shown in Figure 7-36, one end of the enterprise network connects to the IP
RAN through a CPE, and the branch in another city connects to the optical
aggregation network through an ACC. The OTN in the local city of the IP RAN
serves as a pipe to connect the IP RAN to the IP core network. The ACC access
point and OTN communicate with the IP core network in back-to-back mode.
During service provisioning, NCE (Super) manages one CPE access domain
(including the ACC), one IP RAN domain, one OTN domain, and one IP core
domain. Tenant services are CPE+IP RAN+ACC multi-domain services.
The service type is VLAN-based L2VPN on the CPE (including ACC), VLL in the IP
RAN domain, EVPL in the MS-OTN domain, and VLL or L3VPN in the IP core
domain.

iMaster NCE
Figure 7-36 IP RAN+IP core+OTN site-to-site private line

Servic Service Service Requirement Access Service
e Type NE Template Type
L3VPN L3VPN CPEs or ACCs serve as ETN500/A VLAN L2VPN

private service access points. TN 910C/ +VLL (MS-PW)
network L3VPN services are MA5612 +L3VPN+EVPL
provisioned across the IP and +VLAN L2VPN
RAN, optical access and MA5600T
aggregation networks, (or
and the IP core network. MA5608/
MA5603T
Site-to- CPEs or ACCs serve as /MA5800- VLAN L2VPN
Internet service access points. X17) +VLL (MS-PW)
private line Site-to-Internet private +L3VPN
line services are
provisioned across the IP
RAN, optical access and
aggregation networks,
and the IP core network.
Layer E-LAN CPEs or ACCs serve as VLAN L2VPN

2 service access points. +VLL (MS-PW)
private Point-to-multipoint +EVPL+EVPL
netwo L2VPN services are +VLAN L2VPN
rk provisioned across the IP
RAN, optical access and

iMaster NCE
Servic Service Service Requirement Access Service

e Type NE Template Type
Layer E-Line CPEs or ACCs serve as VLAN L2VPN

2 service access points. +VLL (MS-PW)
private Point-to-point L2VPN +VLL+EVPL
line services are provisioned +VLAN L2VPN
across the IP RAN,
optical access and
Scenario 5: QinQ Option A IP RAN+OTN Site-to-Site Private Line

As shown in the following figure, a carrier uses the IP RAN and optical
aggregation network to carry enterprise private line services. One end of the
enterprise network connects to the IP RAN through a CPE, and the other end of
the enterprise network connects to the optical aggregation network (MS-OTN)
through a CPE. During service provisioning, NCE (Super) manages one CPE access
domain, one IP RAN domain, and one OTN domain. Tenant services are CPE+IP
RAN+OTN+CPE multi-domain services.
The VLANs allocated to each enterprise private line by CPEs on both ends are
prone to conflicts. It is necessary to use QinQ to differentiate services on the
aggregation nodes connecting the IP RAN and OTN.
Figure 7-37 QinQ Option A IP RAN+OTN site-to-site private line

iMaster NCE

Servi Servic Service Requirement Access NE Service Template
ce e Type
Type
Layer E-Line CPEs serve as service ETN500/ATN VLAN+VLL+EVPL

2 access points. L2VPN 910C/MA5612 +VLAN
priva services are and MA5600T (QinQ links are used
te provisioned across the (or MA5608/ between VLL and
line IP RAN and OTN. MA5603T/ EVPL services)
MA5800-X17)
Scenario 6: E2E Microwave Site-to-Site Private Line (Remote Access Nodes Are
Used by the IP RAN to Extend Private Line Coverage)
As shown in the following figure, an enterprise site uses CPEs as access points to
connect to the IP RAN through a microwave network. It then communicates with
enterprise sites in other locations, or accesses the Internet over the IP core
network. The microwave network is an E-LAN that uses the hub-spoke
networking. The microwave NEs connecting to CPEs are spoke nodes, and the
microwave NE connecting to the IP RAN is a hub node. During service
provisioning, the microwave service is processed as a nested server-layer service,
and the E2E service is processed as a client-layer service.
NCE (Super) manages one CPE access domain, one microwave domain, one IP
RAN domain, and some other network domains (such as MS-OTN and IP core).
NCE (Super) provisions the E2E service across these domains.
Figure 7-38 E2E microwave site-to-site private line

iMaster NCE

Type Template
Type
L3VPN L3VPN CPEs serve as service ETN500/ATN VLAN+(E-

access points. L3VPN 910C/MA5612 LAN)+VLL+
services are provisioned and MA5600T L3VPN+…
across the microwave (or MA5608/
network, IP RAN, and IP MA5603T/
core network to connect MA5800-X17)
access points or
segments.
Site-to- CPEs serve as service VLAN+(E-

Internet access points. Site-to- LAN)+VLL+
private Internet private line L3VPN
line services are provisioned
across the microwave
network, IP RAN, and IP
core network.
Layer 2 E-LAN CPEs serve as service VLAN+(E-

private access points. E-LAN LAN)+VLL+
network services are provisioned L2VPN+…
network, IP RAN, and IP
core network to connect
access points or
segments.
Layer 2 EPL via CPEs serve as service VLAN+(E-

private IP access points. EPL via IP LAN)+VLL+
line services are provisioned EVPL+…
network and IP RAN to
connect L2VPN (EVPL)
or access segments.
Scenario 7: Option A Multi-Domain EVPN/VPLS for Site-to-Site

Communication
As shown in the following figure, the enterprise service accesses the network from
AN1. After traversing the access, aggregation, and backbone networks, the
enterprise service accesses ASBR-21 of another backbone network from ASBR-11
in VLAN mode. Then, the enterprise service heads for AN-2, another access point
of the enterprise. The two backbone networks are interconnected through ASBRs
in Option A mode. A VPLS, L2EVPN, or L3EVPN service can be deployed between
the two networks.

iMaster NCE
Figure 7-39 EVPN networking

Service Servi Service Requirement Access NE Service
Type ce Template
Type
L3EVPN Site- ANs serve as service access ATN 910C L3VPN+L3VPN

to- points. Branch A services
site access backbone network A
priva and Branch B services
te access backbone network B.
line The two backbone networks
are interconnected in
Option A mode.
The general service type is
L2VPN, the detailed service
type is EVPN, and the
topology type can be full-
mesh or hub-spoke.
Site- ANs serve as service access L3VPN+L3VPN

to- points. Branch services
Inter access the Internet from a
net local ASBR after traversing
priva the local aggregation and
te backbone networks, or
line access the Internet from a
remote ASBR on another
backbone network that
interconnects with the local
backbone network in
Option A mode.

iMaster NCE

Type ce Template
Type
L2EVPN Site- ANs serve as service access L2VPN+L2VPN

Option A mode.
The general service type is
L2VPN, the detailed service
type is EVPN, and the
topology type can be point-
to-point, full-mesh, or hub-
spoke.

backbone network in
Option A mode.
VPLS Site- ANs serve as service access L2VPN+L2VPN

Option A mode.
The service type is L2VPN,
and the topology type can
be full-mesh or hub-spoke.

iMaster NCE

Type ce Template
Type

backbone network in
Option A mode.
Scenario 8: Wireless Access of a Large Number of Base Stations

As shown in the following figure, in the wireless access scenario, base stations
connect to the IP RAN through a microwave network and then to the EPC through
the core L3VPN service. The IP RAN L3VPN is shared by base stations. To support
access of a large number of base stations, the L3VPN supports a large number of
access points. The IPRAN microwave network is a shared hub-spoke multi-point
interconnection E-LAN service. The microwave NE connected to the CPE is a spoke
node, and the microwave NE connected to the IP RAN is a hub node.
NCE (Super) manages and combines a microwave domain and an IP RAN domain
to provision end-to-end services.
Figure 7-40 MW E2E private line interconnection

iMaster NCE

Type Template
Type
L3VPN L3VPN Base stations connect to ETN500 E-LAN+

the IP RAN L3VPN L3VPN
across the MW network
and then to the EPC.
Benefits
This feature offers the following benefits:
● Simplifies network deployment by providing templates for service

customization, orchestrating complex composite services, and implementing
E2E multi-domain service provisioning on the WAN.
● Improves network utilization by automatically computing optimal paths based
on actual service requirements and quickly adjusting service bandwidth on
demand.
● Streamlines service acceptance and supports fast service continuity checks
after service provisioning.
● Provides open NBIs that allow fast integration with carrier's OSSs.
Key Features
Feature Name
ID

10000

20000

30000

40000

50000
WOFD-10 Private Line SLA Analysis

60000

iMaster NCE
7.1.4 Optical Multi-Domain Private Line

Availability
This feature has been available since NCE (Super) V100R018C00.
Background
The optical multi-domain private line solution is an E2E service provisioning and
management solution for multiple domains and vendors in the transport domain.
Traditional transport services are configured in an E2E manner using a vendor's
NMS. The NMS of a vendor can manage the networks and services of only one
city or one vendor. To meet network simplification requirements, customers want
to transform separated provisioning and management into service-oriented E2E
management. In response to this, the optical multi-domain private line solution
comes into place.
Solutions
Scenario 1: Single-Domain Scenario
As shown in Figure 7-41, NCE (Super) manages an optical domain. This domain
can be a core domain or an access (metro) domain.
Figure 7-41 Single-domain scenario

iMaster NCE

Service Type Service Service Service Template
Requirement Type
ClientDSR service Premium OTN The client service ClientDSR

private line is a single-domain
(single-domain service.
scenario) The access devices
can be client-side
devices or routers.
EoO service EoO private line The EoO service is L2VPN

(single-domain a single-domain
scenario) service.
PEs serve as
service access
points and
services access
through EoO
boards
Scenario 2: Multi-domain scenario (client-side interconnection)

As shown in Figure 7-42, NCE (Super) manages multiple optical domains, and
these optical domains may belong to the same core network or one or more
access (metro) networks. User services may be in the management domain of one
controller or across the management domains of multiple controllers.
The accessed services can be SDH, Ethernet, SAN, OTN, video, or other services.
After these services reach the client-side ports, the client-side boards directly map
these services to OTN signals that can be transmitted on the OTN network.

iMaster NCE
Figure 7-42 ODUk Private Line networking

Service Type Service Requirement Service Template Type
ClientDSR service The private line accesses ClientDSR+ClientDSR

the network through the ClientDSR+ClientDSR
PE and traverses multiple +ClientDSR
OTN domains.
These domains are
interconnected through
tributary boards.
EoO service PEs serve as service L2VPN+L2VPN

access points. The L2VPN+L2VPN+L2VPN
private line traverses
multiple OTN domains.
Services access through
EoO boards and domains
are interconnected on
the client side.
Scenario 3: Multi-domain scenario (WDM-side interconnection)

As shown in Figure 7-43, NCE (Super) manages multiple optical domains. These
domains generally include one national backbone domain (core domain) and two
or more provincial/municipal domains (access domains). A user service can be

iMaster NCE
either a single-domain service managed by one controller or a composite service

managed by multiple controllers.
Commonly used access services include SDH, Ethernet, SAN storage, OTN, and
video services. The provincial/municipal network can interconnect with the
national backbone network through line boards that provide OTU gray-light
signals or tributary boards that provide client-side gray-light signals.
Figure 7-43 Inter-Province Premium OTN Private Line
Interconnection with third-party controllers can be implemented through southbound

interface integration and adaptation.
ClientDSR service PEs serve as service ClientDSR+ClientDSR

access points. The ClientDSR+ODUk
private line traverses +ClientDSR
These domains are
interconnected through
line boards.
EoO service PEs serve as service L2VPN+L2VPN

access points. The L2VPN+ODUk+L2VPN
private line traverses
the WDM side.

iMaster NCE
Scenario 4: Cascading Scenario
The cascading scenario is used when the national backbone network and
provincial subnets of a carrier operate independently. Two sets of NCE (Super) are
deployed in cascading mode to manage intra-province, provincial, and multi-
province services, and also to implement carrier slice management. The cascading
scenario helps customers quickly decouple the network O&M architecture,
simplifies service design across large business domains, shortening the time for
provisioning multi-domain services. In cascading scenarios, services are managed
as follows:
Upper-layer NCE (Super) and lower-layer NCE (Super) is used to distinguish the two sets of
NCE (Super).
● Lower-layer NCE (Super) manages intra-province services. As shown in the
following figure, the provincial subnet on the left manages services of the
current province through NCE (Super) of the provincial backbone network.
● Upper-layer NCE (Super) manages inter-province services. The provincial NCE
(Super) and group NCE (Transport Domain) controllers are invoked for unified
management.
Figure 7-44 Cascading scenario networking
ClientDSR service PEs serve as access point. ClientDSR+ODUk

The private line traverses +ClientDSR
multiple OTN domains. ClientDSR+ClientDSR
These domains are +ClientDSR
interconnected on the
WDM side or client side.

iMaster NCE
EoO service PEs serve as access point. L2VPN+ODUk+L2VPN

The private line traverses L2VPN+L2VPN+L2VPN
the client side.
Benefits
The optical multi-domain private line solution offers the following benefits:
● Provides E2E service GUIs from the user perspective to display service
dynamics clearly, enabling you to quickly identify the domain or vendor
whose services are interrupted.
● Allows you to provision multiple services based on a service template
designed in advance, reducing configuration workload while ensuring
consistent service provisioning.
● Reduces the difficulty of service provisioning and enables one-click service
provisioning across domains and scenarios, improving service provisioning
efficiency.
Key Features

Feature Name
ID

10000

20000

30000

40000

50000

iMaster NCE
7.1.5 Multi-Cloud Interconnect

Availability
Background
Global industry digitalization is sweeping all industries, making enterprise
application cloudification an irresistible trend. Moving enterprise applications to
the cloud inevitably requires multiple types of private line services. Multi-cloud
interconnection, also called site-to-cloud, is a type of private line service provided
by carriers.
Solution
In scenarios where access to the public cloud (such as Alibaba Cloud) over a
private line is needed, after the physical private line is implemented, you still need
to create boundary routers, router interfaces, and configure routes. Such
configurations are complex and require high technical skills. Multi-cloud
interconnect orchestrates and integrates all the preceding configuration
operations, realizing instant access to Alibaba Cloud. Currently, the integrated
orchestration capability supports mainstream public clouds both in and outside
China, such as Alibaba Cloud, Tencent Cloud, and AWS.
Figure 7-45 Multi-cloud interconnection networking
Deployment Process
● The carrier creates a network management service template for cloud
interconnection nodes on NCE (Super) and defines the network service, link,
and resource allocation information for the cloud interconnect service
platform.
● A tenant orders a site-to-cloud private line service on the cloud side after
applying for a VPN service from the carrier and a cloud service from the cloud
management platform.

iMaster NCE
● The site-to-cloud private line service calls the NCE (Super) NBI to activate
connections on the network and cloud sides and configure VLANs.
Table 7-25 Supported public clouds
Public Cloud Feature
AWS Direct connection
Alibaba Cloud High-speed channel
Tencent Cloud Private line access
HUAWEI Cloud Private line access
Benefits
The SDN-based multi-cloud interconnect feature provides cloud-network synergy,
which facilitates service configuration and enables automated deployment of
cloud and network services based on the API capabilities provided by NCE (Super).
Key Features
Feature Name
ID

10000

20000

30000

40000

50000
7.2 IP+Optical Solution

Availability

iMaster NCE
Background
An IP network is composed of two layers: an IP layer formed by routers and an
optical layer formed by wave-division multiplexing (WDM) devices. The IP network
focuses on user service processing, whereas the optical network focuses on traffic
transmission. Simply put, the optical network extends the link transmission
distance of the IP network.
The router platform, which possesses strong packet processing and traffic
management capabilities, is ideal for service management. The optical network
focuses on reducing the cost per bit and improving network reliability. It carries
router services by means of wavelength multiplexing to support large-capacity
and long-distance transmission.
The IP and optical layers, in terms of planning, operation, and maintenance, have
been developing independently for a long time. Carriers have separate
departments to plan, design, deploy, and maintain IP and optical networks.
Frequent inter-department collaboration results in duplicate investments, low
resource utilization, and low work efficiency. As a result, the IP network is hard to
deploy and maintain. In general, the legacy IP network faces the following
challenges:
● Long network planning and deployment time and difficult network
adjustment
The network planning process is complex and time-consuming. For example,
network expansion planning at carrier T usually takes more than one year.
The IP and optical network deployment process is complex and typically
needs to be adjusted several times. As a result, it usually takes several months
to provision a new service.
Inefficient inter-department collaboration and heavy manual workload further
add to service provisioning difficulties.
● Frequent traffic changes and inflexible network adjustment, leading to

low network utilization
Continuously growing cloud computing and OTT service traffic increases
uncertainties in traffic directions and volumes. As a result, the actual network
usage greatly deviates from the planned one. As shown in the following

iMaster NCE
figure, the planned network usage is balanced (assuming that the usage rate
is 50% for each link). In the real-world scenario, however, the network usage
remains unbalanced for a long time. Some links are heavily loaded (70%),
and some links are lightly loaded (30%). It is difficult to change such an
unbalanced situation.
● Lack of a collaborative protection mechanism between IP and optical

networks, driving up costs
The IP and optical networks are planned independently. Constraints regarding
the traffic paths and reliability of the two networks are considered separately.
As a result, overprotection or underprotection tends to occur. In addition,
planning feasibility is difficult to be verified. Appropriate network planning is
essential to cost reduction. A collaborative protection mechanism between the
IP and optical networks will help reduce costs.
Solution
The NCE-based IP+optical solution provided by Huawei reshapes the resource
configuration pattern of traditional networks. This solution achieves effective
synergy between IP and optical networks through software-based network
configuration control, simplifying network O&M and improving network
intelligence and automation.
As optical network techniques develop and the GMPLS control plane is introduced
to optical networks, these networks can now dynamically schedule resources. Most
commonly used optical network techniques are ROADM (Reconfigurable Optical
Add/Drop Multiplexer) and OTN (Optical Transport Network).
Huawei has defined a new network architecture featuring NCE-based IP+optical
synergy in this solution. Specifically, Huawei has defined:
● A new network architecture, which consists of a series of integrated software
modules for network planning and control, network traffic analysis, policy
management, service provisioning
● Relationships and interfaces between software modules and between
software modules and network layers
● A collaboration mechanism between IP and optical networks
The NCE-based IP+optical solution uses the SDN architecture to effectively
synergize IP/MPLS and optical resources on backbone networks, improve resource
utilization, increase O&M efficiency, and reduce TCO (Total Cost of Operation).
As shown in Figure 7-46, this solution uses a hierarchical architecture consisting of
the application layer, network management and control layer, and infrastructure

iMaster NCE
network layer. In this solution, NCE (Super) works with NCE (IP Domain) and NCE
(Transport Domain) to provide capabilities absent from traditional O&M solutions,
such as multi-layer network planning, visualization, provisioning, protection,
optimization, and simulation. This solution significantly improves resource
utilization, network reliability, and multi-layer O&M efficiency without affecting
the existing network.
Figure 7-46 IP+optical solution architecture
● Infrastructure layer: IP and transport networks

The infrastructure layer consists of the IP network and transport network. The
IP network is composed of IP devices, and the transport network is composed
of transport devices. IP devices use standard MPLS for communication, and
transport devices use standard GMPLS for communication. IP+optical
networks usually use routers such as NE40Es, NE5000Es, and NE9000s and
transport devices such as OSN 9800s and OSN 8800s. For details about each
device, see the technical proposal of the device.
● Network management, control, and analysis layer: NCE (Super), NCE (IP
Domain), and NCE (Transport Domain)
The network management, control, and analysis layer consists of NCE
(Super), NCE (IP Domain), and NCE (Transport Domain). The following table
lists the main capabilities of each component.

iMaster NCE
Component Function
NCE (Super) NCE (Super) provides the following functions:

1. Discovers multi-layer network information.
● Collects multi-layer network resources.
● Collects multi-layer topology information.
● Plans sites.
● Automatically discovers cross links.
2. Deploys the multi-layer network.
● Activates or deactivates multi-layer links based on
constraints such as SRLG, ERO, delay, and optical-layer
SLA.
● Restores multi-layer links.
● Compares multi-layer link data to determine data
consistency.
3. Maintains the multi-layer network.
● Manages and displays the site-based multi-layer
topology in a unified manner and provides the alarm
view and traffic view.
● Provides multi-layer restoration by optical ASON
(MLR-O), multi-layer restoration by router port (MLR-
P), multi-layer restoration by any node (MLR-N), and
Alpha M3 algorithm-based multi-layer restoration
(MLR).
● Multi-layer maintenance window
4. Optimizes the multi-layer network.
● Provides bandwidth on demand (BOD) for multi-layer
links. BOD can be implemented based on real-time
traffic statistics.
5. Provides multi-layer what-if and multi-layer analysis.
● Multi-layer Health Doctor
● Simulates multi-layer faults.
● Simulates IP+optical functions, such as multi-layer link
activation, deactivation, and BOD.
NCE (IP NCE (IP Domain) provides the following functions:

Domain) 1. Collects IP inventory information and monitors network
traffic and SLA compliance.
2. Configures multi-layer links.
NCE NCE (Transport Domain) provides the following functions:

(Transport 1. Collects electrical and optical inventory information.
Domain)
2. Computes, creates, deletes, and modifies transport service
paths.
3. Configures transport services.

iMaster NCE
● Application layer: NCE-native apps, carrier OSSs, and third-party apps
NCE provides a unified portal to open all functions to customers through

apps. By default, NCE provides service apps, basic apps, and value-added
apps.
The Open API & Tool app provides the definition and usage description of
NCE open APIs.
The apps provided by NCE can be configured through .
Intelligent Agent provides instructions on how to use NCE through videos

and FAQs.
The application layer provides various apps for O&M personnel and
customers. This layer can interconnect with carriers' BSSs/OSSs as well as
third-party apps.
The IP+optical solution involves the following NCE apps: Multi-Layer Network
Navigator, System Settings, Network Management, Automated Private Line
Provisioning, Traffic Analysis and Optimization, and What-If Analysis. These
apps come from different components. Multi-layer multi-domain apps come
from NCE (Super), and single-domain apps come from NCE (IP Domain) or
NCE (Transport Domain).
NCE provides NBIs for interconnection with OSSs/BSSs. Third-party apps can
also be developed based on these NBIs.
The following table describes the interfaces between components.
Position Protocol Function
NCE-Super—NCE-IP Restconf Collects topology information

Websocket and provisions configurations
through RESTCONF.
(SNMP)
Receives incremental change
events through WebSocket.
Collects alarms through SNMP.

iMaster NCE
Position Protocol Function
NCE-Super—NCE-T Restful Collects topology information

SSE and provisions services through
RESTful.
(SNMP)
Receives incremental change
events through SSE.
NCE (IP Domain) <- PCEP Collects LSP information and

> router BGP-LS establishes and optimizes
tunnels through PCEP.
Netconf
Collects topology information
SNMP through BGP-LS.
Provisions configurations and
collects inventory data through
NETCONF.
NCE (Transport OSPF-TE Collects topology information

Domain) <-> PCEP through OSPF-TE.
transport device Collects LSP information through
QX
PCEP and performs path
computation and optimization.
Collects inventory information
through Qx.
Benefits
The SDN-based IP+optical solution meets the requirements of backbone network
traffic in the cloud era, adapts to new information consumption modes, quickly
responds to changes, reduces O&M costs, and improves customer experience.
Specifically, this solution offers the following benefits:
● Improved Resource Utilization Efficiency

Multi-layer protection eliminates the waste of resources resulting from
redundancy protection for multi-layer networks.
NCE allows pigtail resources to be shared on the network, improving network
resource utilization.
● Enhanced Network Reliability
In the IP+optical solution, NCE considers the SRLG information of both the IP
and optical layers in path computation. Disjoint groups ensure that associated
multi-layer links are distributed in different SRLGs, improving network
reliability.
Protection groups, MLR-O, MLR-P, MLR-N, and Alpha M3-based MLR ensure
that multi-layer links can quickly recover in the case of optical link, pigtail,
and router faults.

iMaster NCE
● Real-Time Multi-Layer O&M

The topology, TE tunnel, multi-layer link, traffic, and resource usage
information of a multi-layer network is discovered in real time and displayed
on a unified portal. The service running status and quality are intuitive and
controllable, improving O&M efficiency.
Automated multi-layer link restoration, provisioning, optimization, and
capacity expansion take only several days, compared with several weeks in
traditional methods.
What-if analysis helps evaluate network readiness and identify traffic
bottlenecks and imbalance, effectively guiding network planning, capacity
expansion, and optimization while reducing network risks.
Rapid detection and display of node and link faults on IP and optical networks
allow you to detect faults within seconds. The shift from passive O&M to
proactive O&M helps ensure SLA compliance.
Key Features
The NCE-based IP+optical solution mainly applies to IP+optical networks. NCE, a
full lifecycle O&M platform, provides functions such as automated multi-layer
network discovery, visualization, and deployment, multi-layer protection, multi-
layer optimization, and multi-layer what-if analysis.
Automated Multi-Layer Network Discovery and Visualization

● Multi-layer network interconnection & automatic discovery
The IP+optical solution supports vertical multi-layer interconnection between
IP services on the network and optical services. Generally, IP+optical single-
domain services refer to IP single-domain services and optical single-domain
service, and IP+ optical multi-domain services refer to IP single-domain
services and optical multi-domain services. An IP domain is divided by a

iMaster NCE
router domain and generally refers to an AS domain. Optical domains are

classified by device vendors. Generally, transport devices from one vendor are
placed in one optical domain. IP+optical solution V100R019C00 supports only
single-domain and single-vendor scenarios.
Specifically, this solution supports the following interconnection scenarios:
a. IP (OTN board) + OTN (OTN tributary board) + WSON
Optical-layer ASON (WSON) is enabled on the WDM network. Routers
use OTN boards to interconnect with OTN tributary boards on WDM
devices.
b. IP (OTN board) + OTN (OTN tributary board) + ASON

Electrical-layer ASON is enabled on the WDM network. Routers use OTN
boards to interconnect with OTN tributary boards on WDM devices.
c. IP (ETH board) + OTN (OTN tributary board) + WSON

WSON is enabled on the WDM network. Routers use packet boards
(Ethernet boards) to interconnect with OTN tributary boards on WDM
devices.

iMaster NCE
d. IP (ETH board) + OTN (OTN tributary board) + ASON

Electrical-layer ASON is enabled on the WDM network. Routers use
packet boards (Ethernet boards) to interconnect with OTN tributary
boards on WDM devices.
e. IP (ETH board/OTN board) + OTN (tributary-line board) + WSON

Optical-layer ASON (WSON) is enabled on the WDM network. Routers
use packet boards (Ethernet boards) to interconnect with tributary-line
boards (including transponder and muxponder boards) on WDM devices.
● Transport devices must support SDN and have this function enabled. If SDN is
disabled, only OSN 1800s with old system control boards (such as TNF1SCCs) can
provide some visualization capabilities
● Routers must support SDN and run SDN-related protocols, such as BGP-LS and
PCEP. Routers that do not run SDN-related protocols can provide only some
visualization capabilities.
● When tributary-line boards are used for interconnection, only visualization-related
functions are available. Service provisioning-related functions cannot be used. For
example, links cannot be activated or deactivated based on physical ports, multi-
layer algorithm-based multi-layer rerouting does not work, and MLR-P and MLR-N
cannot use port redundancy.
Automatic discovery of cross links interconnecting IP and transport devices is
essential to the IP+optical solution. Huawei's IP+optical solution provides
several methods as below for automatically discovering cross link.

iMaster NCE
Discovery Working Principle Application Scenario

Method
LLDP Use LLDP snooping to Routers use Ethernet

snooping automatically discover cross boards to interconnect
links. with the LLDP snooping-
capable tributary boards
of transport devices.
Traffic Compare the statistics of sent Services have been

analysis and received traffic to find deployed on multi-layer
matching router and links.
transport device ports.
SM_TTI Analyze the SM_TTI An OTN board on a router

information sent by router is interconnected with a
and transport device ports to tributary board on a
find port matching transport device that
relationships. supports OTN services.
In the LLDP Snooping solution, only the TNG1T401 board of 9800M24 is supported.
● Multi-layer network visualization
Traditionally, IP and optical networks are managed separately. The network
information of different domains is managed and displayed by different
network management systems. The topology, alarm, and traffic data of a
domain is independent of each other. Network topology information cannot
be dynamically updated in real time due to technical limitations.
Huawei's IP+optical solution provides multi-layer visualization for unified IP
and optical network management and display. Specifically, this solution offers
the following multi-layer visualization capabilities:
a. Displays the IP+optical network topology in a unified manner.
b. Provides important views such as the multi-layer topology view, fault
view, and performance view to integrate information from different
dimensions.
c. Uses new protocols to synchronize network topology information in real
time. These protocols include southbound protocols such as BGP-LS,
OSPF-TE, and Telemetry and northbound protocols such as RESTCONF,
WebSocket, and SSE.
d. Displays a 3D topology.
With the preceding capabilities, the IP+optical solution provides a simple and
real-time multi-layer network visualization system to improve O&M efficiency.

iMaster NCE
No. View Function Specification

Limitation
1 Multi- 1. The 3D topology contains the ● The network

layer following information: L0, L1, L2, and topology
topolog L3 NEs and links, cross links between needs to be
y view optical and electrical devices, cross updated in
links between IP and optical devices, real time.
tunnels, LSPs, and sites. This means
2. After you select a TE tunnel or multi- that IP
layer link, the corresponding multi- devices must
layer path is automatically support
highlighted on the topology. BGP-LS, and
Meanwhile, the path details (specific optical
to boards and ports) are displayed in devices must
a table. You can also view the delay support
and SRLG information related to the OSPF-TE and
multi-layer link. have ASON
enabled.
3. After you double-click a site, you can
view the specific connections between ● For a
NEs at the site. network that
does not
4. After you add or delete a network enable
node or link, the topology is updated ASON, the
in real time. status of
NEs, ports,
and links
cannot be
displayed in
the topology
view, and
the status
cannot be
refreshed in
real time.
2 Alarm 1. Subscribed device alarms and major You can

view service alarms of the IP and optical subscribe to
networks are displayed in the alarm 50+
view of the 3D topology. connectivity
2. After you select a multi-layer link, the alarms about
system automatically displays the the IP and
corresponding alarms on the multi- optical
layer topology. You can quickly networks, but
determine the root cause of a cannot
network fault based on the alarm subscribe to
hierarchy. signal degrade
or bit error
3. This view is associated with the alarm alarms.
management module, allowing you
to check alarm details and handling
suggestions.

iMaster NCE
No. View Function Specification

Limitation
3 Traffic 1. This view allows you to check the L3 NCE can use
view traffic and L1 wavelength usage of a either SNMP to
multi-layer link in real time and collect traffic
shows wavelength usage statistics. statistics from
2. Links are classified into three levels devices.
based on traffic loads. The defining
thresholds can be customized.
3. This view is associated with the multi-
layer link BOD module, allowing you
to perform BOD either manually or
automatically.
Automated Multi-Layer Network Deployment

Traditionally, carriers have different departments to deploy and maintain the IP
and optical layers of their networks. Frequent inter-department collaboration
leads to low work efficiency. Carriers face the following challenges in network
deployment:
● Department silos: Complex collaboration processes and limited information
sharing make it difficult to meet SLA and SRLG requirements.
● Long TTM: Multi-layer network deployment is difficult and usually takes
several months. In addition, services are not easy to adjust after deployment.
As a result, carriers have difficulty in keeping pace with the market.
The IP + optical solution provides efficient network deployment functions. After
NCE delivers network deployment configurations, the IP and optical layers
automatically set up IP and optical paths as required to prepare the network for
subsequent service deployment. Software-based orchestration between the IP and
optical layers ensures efficient and accurate network deployment. In addition, the
mapping relationships between the IP and optical layers can support more
applications.

iMaster NCE
Multi-Layer Network Restoration

The NCE-based IP+optical solution provides multi-layer restoration, which protects
services by fully utilizing any means available and reduces TCO. MLR means
include MLR-O, MLR-P, MLR-N, and Alpha M3 algorithm-based MLR. On an IP
+optical network, protection mechanisms for IP services, tunnels, and the physical
network layer work with MLR to quickly restore IP services and faulty links.
Figure 7-47 shows MLR-O, MLR-P, and MLR-N protection scenarios.

iMaster NCE
Figure 7-47 MLR-O/MLR-P/MLR-N protection scenarios
Figure 7-48 shows an Alpha M3 algorithm-based MLR protection scenario.

iMaster NCE
Figure 7-48 Alpha M3 algorithm-based MLR protection scenario
Table 7-27 describes the protection switching modes of different MLR means.
Table 7-27 Protection switching modes
Protection Switching Fault Protecti Description

Mode Scenari on
o Principl
e
MLR-O Optical Optical After an optical fault occurs,

port fiber the transport network
fault redunda automatically triggers ASON
ncy rerouting.
MLR-N Router Router If a router fault occurs or

fault or redunda ASON rerouting fails, NCE
ASON ncy (Super) uses the shared port
rerouti of the redundant router to
ng establish a protection multi-
failure layer link and triggers a
switchover in the multi-layer
link protection group.

iMaster NCE
Protection Switching Fault Protecti Description

Mode Scenari on
o Principl
e
MLR-P Pigtail Port If a pigtail fault occurs, NCE

fault redunda (Super) uses the shared port
ncy to establish a protection cross
link and triggers a switchover
in the cross link protection
group.
Multi-layer restoration TE Multi- If an IP node, multi-layer link,

based the alpha-M³ tunnel layer optical node, optical link, or
algorithm (MLR) fault path cross link fault occurs, NCE
resultin comput (Super) uses the multi-layer
g from ation algorithm to compute paths
an IP and on the IP and optical
or restorati networks.
optical on
node
or link
fault
Multi-Layer Network Optimization

The IP+optical solution allows you to monitor IP network traffic in the traffic view
of the multi-layer topology. This view provides traffic load analysis results and
allows you to perform multi-layer link BOD to expand network capacity on
demand. When the traffic rate of a multi-layer link reaches the preset threshold,
NCE quickly expands the network capacity without changing the IP network
topology. When the traffic rate of a multi-layer link decreases to a certain level,
NCE can restore the original link bandwidth to release resources. The IP+optical
solution also supports manual BOD.
Multi-Layer Maintenance Window
On the multi-layer topology page, you can view information about multi-layer
links carried over a fiber in the pane for viewing optical link details and switch to
the maintenance window creation page of NCE (IP Domain) to create a multi-
layer maintenance window. This maintenance window allows you to divert TE
traffic at the IP layer before fiber maintenance, thereby reducing impact on
services.
Multi-Layer What-If Analysis
What-if analysis evaluates the fault risks of key network NEs and links to provide
reference for network O&M personnel to maintain the network in a better way.
Traditional simulation is performed offline, or targeted at only the IP or optical
network. Offline simulation cannot be performed based on the real-time network
topology and services. Single-layer simulation cannot simulate the impact of the
IP layer on the IP layer or the impact of the optical layer on the IP layer. In
response to the preceding problems, Huawei provides online multi-layer

iMaster NCE
simulation in the IP+optical solution to analyze the impact on the IP and optical
layers based on real-time network topology and services.
What-if analysis parses and restores the entire network topology and protocols
based on inventory and traffic information on the live network. What-if analysis
can simulate faults on specified key NEs and links and simulate and analyze the
impact of these faults on services. For example, it can analyze changes in traffic
forwarding, paths, and delay, tunnel path status and delay, and link loads before
and after these faults occur.
The following table lists the simulation capabilities provided by the IP+optical
solution.
Table 7-28 Simulation capabilities provided by the IP+optical solution
No. Simulation Capability

Scenario
1 Fault simulation Simulates faults on IP or optical nodes or links.
2 Multi-layer link Simulates operations such as multi-layer link

activation, activation, deactivation, and BOD to reduce
deactivation, and operation risks.
BOD simulation
3 Traffic simulation Simulates one or more flows to analyze the impact

of newly added flows on other traffic.
The following figure shows simulation results.
Figure 7-49 Simulation results

iMaster NCE
Product Description (Super, Compatible with x86) 8 High Availability
8 High Availability
During system running, unexpected faults may occur due to external

environments, misoperations, or system factors. For these unknown risks, NCE
provides hardware, software, and system-level availability protection solutions,
which recover the system from faults to minimize the damage to the system.
Figure 8-1 shows the NCE availability protection solutions.
Figure 8-1 Availability protection solutions (on-premises VM deployment on

TaiShan servers is used as an example)
8.1 Local HA
In the on-premises scenario, NCE provides detailed HA protection solutions for the
hardware, virtualization layer, and application layer of a single site. These
solutions can prevent unknown risks caused by hardware or software faults and
ensure secure and stable running of NCE.
8.2 Disaster Recovery Solutions
Disaster Recovery solutions are provided to prevent unknown risks on the entire
system and ensure secure and stable running of NCE.

iMaster NCE
8.1 Local HA
In the on-premises scenario, NCE provides detailed HA protection solutions for the
hardware, virtualization layer, and application layer of a single site. These
solutions can prevent unknown risks caused by hardware or software faults and
ensure secure and stable running of NCE.
Hardware Availability
If a fault occurs on the hardware with redundancy protection, the hardware
automatically switches to the normal component to ensure that the NCE OS and
application services are running properly.
Table 8-1 HA solutions for hardware (TaiShan)

Protection Description
Solution
Hardware ● TaiShan: Power modules and fans work in redundancy mode,

redundancy and NICs work in 1+1 bond protection mode.
● Switch: redundancy protection. Configure two switches that
protect each other to connect the server to the customer's
network.
Hardware redundancy provides instant protection switchover
without impact on the application layer.
RAID ● If the server has eight hard disks, the first and second hard
disks are configured as RAID 1, the third, fourth, fifth, and sixth
hard disks are configured as RAID 10, the seventh hard disk is
configured as RAID 0, and the eighth hard disk is used for full
backup and restoration.
● If the server has 12 hard disks, the hard disks are configured as
RAID 10.
Table 8-2 HA solutions for hardware (E9000)

Solution
Hardware ● E9000 chassis: management module 1+1, power supply 1+1,

redundancy switch board 1+1, and fan redundancy
● Disk array: disk array controller 1+1, power supply 1+1, and
SmartIO card 1+1
Hardware redundancy provides instant protection switchover
without impact on the application layer.

iMaster NCE
Solution
RAID ● E9000: Configure two hard disks of each blade as RAID 1.

● Disk array: A total of 25 hard disks are configured as a disk
domain that adopts hot backup policies. In addition, a storage
pool is configured as RAID 10. If an extended disk enclosure is
deployed, all disks in the enclosure are configured as RAID
6/10.
MZ312 Return probability: Extremely low

Network ● Return probability in the early stage (0–6 months): 0.033%
Card
Availability ● Return probability in the middle stage (7–18 months): 0.011%
● Return probability in the late stage (18 months or above):
0.000%
NOTE
● Mezz1: connected to the storage. If Mezz1 is faulty, the E9000 cannot
connect to the disk array.
● Mezz2: connected to services. If Mezz2 is faulty, the E9000 cannot
connect to the service network.

iMaster NCE
HA of Application Layer
Table 8-3 HA solutions for the application layer

Protectio Description Protection Capability
n
Solution
HA of Automatic switchover of application switchover duration <=

applicatio services in the Manager+Controller 5 minutes
n services +Analyzer deployment scenarios:
● Virtual nodes are deployed in active/
standby mode: When the active and
standby nodes are running properly,
only the services on the active node
are running. When the service monitor
detects that the service processes on
the active node are faulty, the service
ports on the standby node are
automatically enabled and the service
instances on the standby node are
started to provide services.
● Virtual nodes are deployed in cluster
mode: When cluster nodes are
running properly, each node is in the
multi-active state. If one node fails,
other nodes share the load capability
of the faulty node to provide services
for external systems in a balanced
manner.
Process restart: Process status is Process restart time <=

monitored in real time. If a process is 5 minutes
stopped or faulty, a maximum of 10
consecutive attempts will be made to
restart it. If all the attempts fail, an
alarm will be reported to inform users of
manual troubleshooting.
Data HA Backup and restore: The backup and Restoration duration <=
restore function is provided for data. 60 minutes
Data is backed up in time. If data
becomes abnormal, users can restore
them to the normal state by using
backup files.

iMaster NCE
Protectio Description Protection Capability

n
Solution
Automatic database switchover: When ● RPO = 1 minute

the primary and secondary nodes (such ● RTO = 1 minute
as the DB nodes) are running properly,
the database on the primary node is
readable and writable, and the secondary
database is read-only. However, if the
primary node fails, the secondary node
will take over service provisioning. The
primary/secondary switchover does not
affect services.
Notes:
1. Recovery Point Objective (RPO): A service switchover policy that ensures the
least data loss. It tasks the data recovery point as the objective and ensures
that the data used for the service switchover is the latest backup data.
2. Recovery Time Objective (RTO): The maximum acceptable amount of time
for restoring a network or application and regaining access to data after an
unexpected interruption.
8.2 Disaster Recovery Solutions

Disaster Recovery solutions are provided to prevent unknown risks on the entire
system and ensure secure and stable running of NCE.
Table 8-4 HA solutions at the DR system

Protection Description Protection Capability
Solution
Active/ NCE is deployed on primary and ● RPO = 1 minute

standby secondary sites. Data in each database ● RTO = 15 minutes
switchover is synchronized from the primary site to
the secondary site based on the
synchronization policy. If the primary
site fails, users can immediately start
the secondary site for using NCE.
Active/ If the heartbeat and replication links N/A

standby become abnormal, an alarm will be
monitoring reported to inform users of manual
troubleshooting.

iMaster NCE
Protection Description Protection Capability

Solution
Notes:
1. Recovery Point Objective (RPO): A service switchover policy that ensures the
least data loss. It tasks the data recovery point as the objective and ensures
that the data used for the service switchover is the latest backup data.
2. Recovery Time Objective (RTO): The maximum acceptable amount of time
for restoring a network or application and regaining access to data after an
unexpected interruption.
Historical performance data is not synchronized between the primary and secondary sites.
Table 8-5 Scenario comparison of NCE DR solutions (Manager)

DR Solution Scenario
Automatic There are three equipment rooms, and the statuses of

switchover (with the the primary and secondary sites need to be monitored in
arbitration service) real time. After a site-level fault occurs, an active/
standby switchover needs to be quickly implemented to
restore services.
Automatic There are two equipment rooms, and the statuses of the
switchover (without primary and secondary sites need to be monitored in real
the arbitration time. After a site-level fault occurs, an active/standby
service) switchover needs to be quickly implemented to restore
services. In addition, services can bear the risks caused by
the dual-active state.
Manual switchover There are two equipment rooms, and the statuses of the
primary and secondary sites are manually monitored.
After a site-level fault occurs, the system does not have
high requirements on the fault rectification time. Manual
O&M plane can be performed.
Table 8-6 Scenario comparison of NCE's DR solutions (Manager+Controller

+Analyzer)
Automatic There are three equipment rooms, and the statuses of

switchover (with the the primary and secondary sites need to be monitored in
arbitration service) real time. After a site-level fault occurs, an active/
standby switchover needs to be quickly implemented to
restore services.

iMaster NCE
Manual switchover There are two equipment rooms, and the statuses of the
primary and secondary sites are manually monitored.
After a site-level fault occurs, the system does not have
high requirements on the fault rectification time. Manual
O&M can be performed.
Manual Switchover
Solution introduction:
The primary and secondary sites communicate with each other through heartbeat
links and detect the status of the peer site in real time. The primary site
synchronizes product data to the secondary site in real time through the data
replication link to ensure product data consistency between the primary and
secondary sites.
When a disaster occurs at the primary site, perform the takeover operation at the
secondary site. The secondary site becomes the active site and provides services
externally. The primary site becomes standby.
In the DR scenario where premium broadband is deployed, the system cannot automatically
replicate the raw performance data stored in the HDFS in remote HA mode. After the
active/standby switchover is complete, the system automatically collects data from NEs for
service analysis.
Manual switchover trigger conditions:
● The disaster such as an earthquake, fire, or power failure occurs at the

primary site caused the system as a whole to be unable to provide services.
● The primary site is faulty, causing some key nodes to be damaged and unable
to provide corresponding services. For example, database node (DB)
corruption, platform service node (Common_Service) corruption, management
domain service node (NMS) corruption, control domain service node
(Controller or TController) corruption.
Solution schematic diagram:
Figure 8-2 Working principle of manual switchover in the DR system

iMaster NCE
The DR network can reuse the original network of NCE to reduce the network
configuration of the primary and secondary sites.
Table 8-7 DR network configuration

DR Link IP Address Network Plane
Data replication link Replication IP DR network

address NOTE
The DR network can reuse the inter-
node communication network or
northbound network or use an
independent network.
Heartbeat link Heartbeat IP DR network. The heartbeat IP

address address and replication IP address
must be on the same network
plane.
Automatic Switchover (with Arbitration Service)

Solution introduction:
The arbitration service periodically checks the connectivity between the primary,
secondary, and third-party site, and share the check results through arbitration site
communication link. When the network connection is abnormal or a site fault
causes an arbitration heartbeat exception, the arbitration service selects the
optimal site in the network based on the internal algorithms to perform an active/
standby switchover.
Automatic switchover trigger conditions:
● A disaster such as an earthquake, fire, or power failure occurs at the primary
site, and the fault is not rectified within the specified time.
● The heartbeat link between the primary and secondary sites is interrupted,
and the arbitration site communication link between the primary site and the
third-party site is interrupted.
● In the Manager+Controller+Analyzer compact deployment and Manager
deployment scenarios:
– If any of the default key microservices of the system is faulty, the DR
system triggers an automatic switchover to ensure normal service
running. For details about the list of key microservices, see the Pivotal
Microservice column in the Processes and Services sheet of NCE Process
and Service List.

iMaster NCE
To obtain NCE Process and Service List, perform the following steps:
● For carrier users, log in to https://support.huawei.com/carrier. Search for
"Network Cloud Engine" on the Product Support tab page. On the Network
Cloud Engine page, search for "Common Documents". Process and Service
List is contained in Common Documents.
● For enterprise user, log in to https://support.huawei.com/enterprise. Search
for Network Cloud Engine on the homepage. On the Network Cloud Engine
page, search for "Common Documents". Process and Service List is contained
in Common Documents.
– If the service network (southbound or northbound network) is faulty due
to a network port fault on the server, the system automatically triggers a
switchover.
– If all database instances are faulty, the system automatically triggers a
switchover.
● Manager+Controller+Analyzer deployment scenarios, nodes and application

services are deployed in active/standby or cluster mode, and local protection is
configured. Key microservice failover, server service network ports failover and all
database instances failover are not separately configured.
● The priorities of triggering an automatic switchover are as follows: All database
instances are faulty > Server service network ports are faulty > Key microservices
are faulty. If all database instances at the secondary site are faulty, an automatic
switchover is not triggered even if key microservices at the primary site are faulty.
Arbitration service deployment:

● The CPU architecture of the primary site, secondary site and third-party site is
required to be consistent. If the primary and secondary sites are ARM
architecture servers, the third-party site is also required to be ARM
architecture server.
● One NCE DR system corresponds to one arbitration service at the third-party
site. If multiple NCE DR systems exist on the live network, multiple arbitration
services can be deployed at the same third-party site to reduce costs. A
maximum of 10 arbitration services can be co-deployed at a third-party site,
and the arbitration services of multiple software versions can be co-deployed.
If a third-party site is faulty, all arbitration services at the third-party site
cannot run properly. In this case, you need to reinstall all arbitration services.
When multiple arbitration services are deployed at a third-party site, the OS of the
third-party site can trace only one external clock source. To ensure that the time of the
third-party site is the same as that of all primary and secondary sites, the clocks of
multiple DR systems must be the same.
● NCE in Manager+Controller+Analyzer deployment scenarios adopts five-node
arbitration service deployment. The arbitration service is deployed at three
sites in 2+2+1 mode.
– Two arbitration nodes are deployed at both the primary site and
secondary site. It is recommended that the two arbitration nodes be
deployed on the Common_Service node. The arbitration nodes between
the two sites are mutually protected. One arbitration node is deployed at
the third-party site.

iMaster NCE
– ETCD is deployed on the five arbitration nodes to form an etcd cluster.

Monitor is deployed on the four nodes of the primary site and secondary
site, which monitors the network connectivity between sites and saves
the results in the etcd cluster.
Figure 8-3 A five-node DR system
● NCE in Manager+Controller+Analyzer compact deployment and Manager

deployment scenarios adopts three-node arbitration service deployment. The
arbitration service is deployed at three sites in 1+1+1 mode.
– One arbitration node is deployed at the primary site. One arbitration
node is deployed at the secondary site. It is required that the arbitration
node be deployed on the Common_Service node in Manager+Controller
+Analyzer compact deployment scenarios, and the arbitration node be
deployed on the NMS_Server node in Manager deployment scenarios.
One arbitration node is deployed at the third-party site.
– ETCD is deployed on the three arbitration nodes to form an etcd cluster.
Monitor is deployed on the two nodes of the primary site and secondary
site, which monitors the network connectivity between sites and saves
the results in the etcd cluster.

iMaster NCE
Figure 8-4 A three-node DR system
The DR network can reuse the original network of NCE to reduce the network
configuration of the primary and secondary sites.
Table 8-8 DR network configuration

Data replication Replication IP DR network

link address NOTE
The DR network can reuse the inter-node
communication network or northbound
network or use an independent network.
Heartbeat link Heartbeat IP DR network. The heartbeat IP address

address and replication IP address must be on
the same network plane.

iMaster NCE
Arbitration site arbitration site DR network

communication communication IP NOTE
link address ● The DR network can reuse the inter-node
communication network or northbound
network or use an independent network.
● It is not recommended that the arbitration
site communication link reuse the
northbound network. If the arbitration site
communication link reuses the
northbound network and both of them
break down, the arbitration service cannot
run properly. As a result, an exception
may occur during automatic switchover. In
this case, you cannot log in to the NCE
management plane that is connected
through the northbound network and
therefore cannot manually switch over the
system. The system cannot be restored in
time.

iMaster NCE
Product Description (Super, Compatible with x86) 9 Security
9 Security
NCE uses the security architecture design that complies with industry standards
and practices to ensure system, network, and application security from multiple
layers.
9.1 Security Architecture
9.2 Security Functions
9.1 Security Architecture

NCE security architecture consists of service security, authentication and access
control management, API security, driver security, web security, operating system
(OS) security, database security, and basic security threat prevention.

iMaster NCE
Figure 9-1 NCE security architecture
● Service security: secure O&M, SIA authentication, security regulation

compliance, and log auditing.
● IAM (authentication and access control management): user management,
role-based access control, policy management, token management, and user
access credential management.
● Southbound and northbound security: API security, authentication and
authorization, forcible access policy, log recording and auditing, and drive
security management.
● Web service security: web application firewall (WAF), certificate management,
service running environment Tomcat/JVM security, load balancing LVS&Nginx,
and Redis memory database security hardening.
● OS security: system hardening, SELinux, and TPM-based trusted boot.
● Database security: user management, access control, data protection,
monitoring and auditing, backup and restore, and load balancing.
● Basic security protection: TLS, anti-DDoS policy, interface access rate control,
load protection, attack detection, security analysis, security zone allocation,
and HA solution.
9.2 Security Functions

NCE security management aims to protect the confidentiality, integrity, and
availability of products, services, and user data carried by the products and
services and to ensure traceability and anti-attack capabilities in compliance with
applicable laws. NCE provides multiple security functions to achieve these goals.

iMaster NCE
Table 9-1 NCE security functions

Security Description
Function
Area isolation ● Internal communication and external communication are

isolated and are controlled by different buses.
● The management plane and O&M plane are isolated, and
access control is implemented through different interfaces
and users.
NOTE
● The management plane refers to the plane that manages NCE
software and hardware resources.
● The O&M plane refers to the plane that uses NCE to perform
O&M operations on networks and devices.
User NCE can manage the roles, permissions, and access policies
management of system users.
NOTE
NCE (Super) supports rights and domain-based management of
functions and features. For example, only an administrator has the
permission to add, delete, and modify service templates. For details,
see Permission Management in NCE Configuration Guide (WAN
Services).
Log NCE can manage operation logs, system logs, security logs,
management NE logs, and northbound logs and, dump Syslog logs.
Authentication ● The user passwords of the management plane and O&M

and plane are encrypted and stored using the MD5+Salt/
authorization SHA256 irreversible algorithms.
management ● NCE can interconnect with authentication, authorization,
and accounting (AAA) systems such as the RADIUS or
LDAP system, and manage and authenticate O&M users
in a unified manner.
● NCE provides SSO authentication services based on CAS
and SAML and supports northbound interconnection and
integration authentication.
● Digital certificates are used for identity authentication.
Different certificates are used for northbound
communication, southbound communication, internal
communication, and interconnection with third-party
systems, and the interconnections are isolated from each
other. Certificate replacement and certificate lifecycle
management are supported.
● The SIA token is used for access control between services.
Transmission Both internal and external transmission channels use security

security protocols such as HTTPS, TLS, SSH, SNMPv3, and SFTP.
OS security SELinux is used to harden OS security, system service

restrictions are minimized, and insecure services are disabled.

iMaster NCE
Security Description
Function
Database A dedicated low-permission system account is used to run

security the database, and database access permissions are restricted.
Sensitive data ● The PBKDF2 algorithm is used to securely store user

security passwords.
● The SHA256 algorithm is used to encrypted and stored
sensitive data.
● In SSH communication, the RSA algorithm is used to
exchange keys, and AES128-CTR, AES192-CTR, or AES256-
CTR are used to encrypt data.
Software NCE uses a software integrity protection solution equipped

integrity with CMS and OpenPGP. CMS is automatically called during
protection software package installation and upgrade. OpenPGP is used
when software package integrity needs to be manually
verified.
Communication ● NCE supports the web application firewall (WAF).

security ● NCE supports load balancing, traffic control, and access
control.
● NCE supports anti-DDoS.
Network security Network isolation and firewall deployment are used to

ensure network security

iMaster NCE
Product Description (Super, Compatible with x86) 10 Privacy Protection
10 Privacy Protection
Privacy is a fundamental human right recognized in the Universal Declaration of

Human Rights, the International Covenant on Civil and Political Rights and many
other international and regional laws and treaties. Privacy protection is a part of
Huawei's fulfillment of social responsibilities. Huawei fully understands the
importance of privacy protection and uses privacy protection as one of the
company's highest guidelines, and complies with applicable privacy protection and
personal data protection laws and regulations in all operating countries.
10.1 Personal Data Scenario
10.2 Principles and Key Technologies
10.1 Personal Data Scenario
Figure 10-1 Main scope and scenarios of personal data in NCE
The preceding figure shows the personal data and usage in the current NCE
version. For details about the personal data scope and protection measures, see
NCE V100R019C00 Personal Data Description.

iMaster NCE
Product Description (Super, Compatible with x86) 10 Privacy Protection
10.2 Principles and Key Technologies
Figure 10-2 Key technologies of NCE privacy protection
NCE complies with the following seven principles when processing personal data:
● Lawfulness, fairness and transparency: Personal data shall be processed
lawfully, fairly and in a transparent manner in relation to the data subject.
● Purpose limitation: Personal data shall be collected for specified, explicit and
legitimate purposes and not further processed in a manner that is
incompatible with those purposes.
● Data minimization: Personal data shall be adequate, relevant and limited to
what is necessary in relation to the purposes for which they are processed.
Huawei shall apply anonymization or pseudonymization to personal data if
possible to reduce the risks to the data subjects concerned.
● Storage limitation: Personal data shall be kept for no longer than is
necessary for the purposes for which the personal data is processed.
● Integrity and confidentiality: Personal data shall be processed in a manner
that ensures appropriate security of the personal data, including protection
against unauthorized or unlawful processing and against accidental loss,
destruction or damage, using appropriate technical or organizational
measures.
● Accuracy: Personal data shall be accurate and, where necessary, kept up to
date; Proper measures must be taken to promptly delete or correct inaccurate
personal data based on the purpose of data processing.
● Accountability: The data controller must be responsible for and demonstrate
compliance with the preceding principles.

iMaster NCE
Product Description (Super, Compatible with x86) 11 Specifications
11 Specifications
NCE specifications include performance specifications, NE management

capabilities, and service management capabilities.
11.1 System-Wide Performance Specifications
11.2 NE Management Capabilities and Maximum Concurrent Client Connections
11.3 Service Management Capabilities
11.4 Equivalent Coefficients
11.5 Equivalent Routes
11.1 System-Wide Performance Specifications

Basic Capabilities
Table 11-1 Performance Indicators

Category Indicator Value
System startup System startup time ≤ 10 minutes

and shutdown (70% of the
management capacity)
System shutdown time ≤ 10 minutes

(70% of the
management capacity)
System Database restoration ≤ 60 minutes

database time
Protection Application layer ● Recovery point objective (RPO) = 0 seconds

performance protection ● Recovery time objective (RTO) ≤ 5 minutes
Database protection ● RPO = 60 seconds

● RTO ≤ 60 seconds

iMaster NCE
Category Indicator Value
1:N blade cluster ● RPO = 0 seconds

● RTO ≤ 15 minutes
Disaster recovery ● RPO = 60 seconds

● RTO ≤ 15 minutes
Log capacity Operation logs and ≤ 1,000,000

system logs Storage duration in database: 90 days
NE upgrade Concurrent NE upgrades ≤ 60
Alarm Management Capabilities
Table 11-2 Alarm management indicators

Indicator Value
Alarm response speed In normal circumstances, alarms are displayed on NCE within
10 seconds after they are generated on NEs.
Alarm handling capability Normally,

● 100 alarms/second when NCE manages NEs in all domains
● 100 alarms/second when NCE manages only transport NEs
In peak hours,
● No alarm loss within 15 seconds when not more than 1000
alarms are reported per second
Historical alarm storage 180 days

duration in database
Table 11-3 Relationship between the alarm capacity and the NE management scale
Management Maximum Current Alarms (unit: Maximum Historical Alarms (unit:
Scale 10,000) 10,000)
6000 5 200
15000 10 400
50000 20 800
100000 30 1200

iMaster NCE
For details about the NE management scale of NCE, see 11.2 NE Management
Capabilities and Maximum Concurrent Client Connections.
Topology Capabilities
Indicator Value
Links in the current topology ≤ 200,000
Subnets The number of subnets is not limited. Each subnet can contain a
maximum of 500 physical NEs at a maximum of six layers. 200
physical NEs are recommended.
User Management Capabilities

Indicator Value
Users ≤ 2000
User groups ≤ 500
Object sets ≤ 100
Operation sets ≤ 255
NBI Capabilities
Table 11-4 NBI concurrency indicators

Protocol Maximum Concurrent Requests
CORBA 4
XML 20
RESTful 10
For CORBA, XML, and REST, the number of concurrent requests refers to the maximum
number of interfaces that OSSs can invoke. The number is collected among all OSSs and
interfaces. For example, if the number is 4, it is probable that one OSS invokes four
interfaces (a, b, c, d) at the same time, or four OSSs invoke one interface (a) at the same
time.

iMaster NCE
Table 11-5 OSS connection indicators

Protocol Maximum OSS Connections
SNMP A maximum of 10 OSSs can be connected to NCE.
TEXT ● As the FTP client, NCE transmits files to only one OSS.
● As the FTP server, NCE can be accessed by a maximum
of three OSSs.
For SNMP and TEXT, the number of NCE connections is collected by OSS.
11.2 NE Management Capabilities and Maximum

Concurrent Client Connections
The number of equivalent NEs, number of clients, and number of physical NEs are
key indicators for measuring the NE management capability of NCE. The
management capabilities of NCE vary with hardware configurations.
Table 11-6 Maximum NE management capability and client connection indicators (Super)
Sub- Component Maximum Physical Maximum Maximum
domain NEs Equivalent Concurrent
NEs Client
Connections
Private line Manager+Controller 15,000 N/A 300

provisioning

provisioning

provisioning

provisioning +Analyzer

provisioning +Analyzer
IP+optical Manager+Controller 1,200 N/A 300

+Analyzer

iMaster NCE
Table 11-7 Maximum NE management capability and client connection indicators (NCE-
CrossDomain)
Sub-domain Component Maximum Physical Maximum
NEs Equivalent NEs
Maximum
Concurrent Client
Connections
Manager The number of equivalent NEs must 2,000 32

meet the requirement.




+Controller meet the requirement.
+Analyzer

+Analyzer

+Analyzer
11.3 Service Management Capabilities

NCE (Super) Service Management Capabilities
Indicator Value
Number of multi-domain private line N × 10 (N indicates the number of physical NEs.)

services
Number of access points N×10×5
Number of access points for a single 100000

service
Number of service definitions 500
Number of domains in a service Maximum: 20

definition

iMaster NCE
Indicator Value
Number of southbound access 300

controller instances
What-if Analysis Management Capabilities

Indicator Value
Total number of equivalent IP NEs 6,000

NOTE
For details about how to calculate the number of equivalent NEs,
see 11.4.2 Equivalent NEs in the IP Domain.
Total number of equivalent optical ● Optical-layer ASON scenario: 6,000

NEs ● Electrical-layer ASON scenario: 15,000
NOTE
For details about how to calculate the number of equivalent NEs,
see 11.4.1 Equivalent NEs in the Transport Domain.
Total number of equivalent routes 20,000,000
Total number of IP links 30,000
Total number of flows 100,000
Total number of tunnels 25,000
Period of load data that can be 30 days

synchronized
IF definition that can be created 50

(including setting fault points and
modifying TE configuration
parameters)
Simulation analysis time < 1 hour
Number of users who can 1

concurrently perform simulation
analysis
Number of users who can 5

concurrently view analysis results
11.4 Equivalent Coefficients

Equivalent coefficients are the ratios of the resources occupied by physical NEs or
ports to the resources occupied by equivalent NEs.

iMaster NCE
Definition
● Equivalent NE: a uniform criterion used to describe and calculate the
management capabilities of NCE. This criterion is needed because different
types of NEs occupy different system resources to support different functions,
features, cross-connect capacities, and numbers of boards, ports, and
channels. Therefore, different types of NEs and ports must be converted to
equivalent NEs based on the number of system resources they occupy. An
equivalent NE occupies as many system resources as an STM-1 transport NE.
● Equivalent coefficient: Resources occupied by physical NEs or ports/Resources
occupied by equivalent NEs
Calculation
The number of equivalent NEs that NCE can manage is calculated according to
the following rules:
● Basic unit of equivalent NEs: OptiX OSN 1800 I

● The equivalent coefficients of third-party NEs are 1. The equivalent coefficient
of OEM devices is the same as that of Huawei devices.
● Number of equivalent NEs = Number of NEs of type 1 x Equivalent coefficient
of type 1 + ... + Number of NEs of type n x Equivalent coefficient of type n
11.4.1 Equivalent NEs in the Transport Domain

Number of equivalent NEs in the transport domain = Number of transport NEs of
type 1 x Equivalent coefficient of type 1 + ... + Number of transport NEs of type n
x Equivalent coefficient of type n
For example, if there are 5 OptiX OSN 9500s (equivalent coefficient: 10), 10 OptiX OSN
7500s (equivalent coefficient: 6.5), and 100 OptiX OSN 3500s (equivalent coefficient: 4.5),
then: Number of equivalent NEs in the transport domain = 5 x 10 + 10 x 6.5 + 100 x 4.5 =
565
Table 11-8 describes the equivalent coefficients for NEs in the transport domain.
Table 11-8 Equivalent coefficients for NEs in transport domain
NE Series NE Type Equivalent Coefficient
OSN series OptiX OSN 50 0.5
OptiX OSN 80 2
OptiX OSN 500 1
OptiX OSN 550 2.5
OptiX OSN 580 4
OptiX OSN 1500 2.5
OptiX OSN 2000 2

iMaster NCE
OptiX OSN 2500 3.5
OptiX OSN 2500 REG 3.5
OptiX OSN 3500 4.5
OptiX OSN 3580 4.5
OptiX OSN 7500 6.5
OptiX OSN 7500 II 6.5
OptiX OSN 9500 10
OptiX OSN 9560 20
MSTP series OptiX 10G MADM(Metro 5000) 4
OptiX 155/622(Metro 2050) 2
OptiX 155/622H 1
OptiX 155/622H(Metro 1000) 1
OptiX 2500+(Metro 3000) 3
OptiX Metro 100 0.5
OptiX Metro 1000V3 1
OptiX Metro 500 1
OptiX 2500 3
OptiX 2500+ 3
SDH Virtual NE 0.2
Metro WDM series OptiX Metro 6020 1
OptiX Metro 6040 1
OptiX Metro 6040 V2 1
OptiX Metro 6100 1.5
OptiX Metro 6100V1 1.5
OptiX Metro 6100V1E 1.5
OptiX OSN 900A 1
LH WDM series OptiX BWS 320G (OAS/OCI/OIS) 1.5
OptiX BWS 320GV3 1.5
OptiX BWS 1600G Subrack 1.5 x N

N indicates the number of
subracks.

iMaster NCE
OptiX BWS 1600G OLA Subrack 1.5 x N

subracks.
OptiX OTU40000 1
Marine series SLM 1630 1
SLM 1630 P16 1
PFE 1670 1
PFE 1670 G4 1
OptiX BWS 1600S 1.5
OptiX BWS 1600S T16 4
NG WDM series OptiX OSN 1800 1
OptiX OSN 1800 I E 2
OptiX OSN 1800 II E 2
OptiX OSN 1800 II TP Subrack 1xN

subracks.
OptiX OSN 1800 V Subrack 4xN

subracks.
OptiX OSN 1832 6
OptiX OSN 1832 X4 E 2
OptiX OSN 1832 X8 1
OptiX OSN 1832 X8 E 2
OptiX OSN 1832 X16 Subrack 4xN

subracks.
OptiX OSN 3800 1.5
OptiX OSN 6800 Subrack 2xN

subracks.

subracks.

iMaster NCE
OptiX OSN 8800 T16 Subrack 4xN

subracks.
OptiX OSN 8800 T32 Subrack 6xN

subracks.
OptiX OSN 8800 T64 Subrack 12 x N

subracks.

subracks.
OptiX OSN 9600 U16 Subrack 6xN

subracks.
OptiX OSN 9600 U32 Subrack 10 x N

subracks.

subracks.
OptiX OSN 9600 M05 Subrack 1xN

subracks.

subracks.

subracks.
OptiX OSN 9600 P32 Subrack 10x N

subracks.

subracks.

iMaster NCE
OptiX OSN 9800 U16 Subrack 6xN

subracks.

subracks.

subracks.

subracks.

subracks.

subracks.
OptiX OSN 9800 P32 Subrack 10x N

subracks.
HUAWEI OSN902 1
OptiX OSN 880 1
OptiX OSN C810A 1
OptiX OSN C610M 1
OptiX OSN A810A 1
OptiXtrans DC908 Subrack 1xN

subracks.
OptiXtrans E6608T 1xN

subracks.
OptiXtrans E9612 2xN

subracks.

iMaster NCE
OptiXtrans E9624 6xN

subracks.
OptiX OSN 880-C04X1D 1
OptiX OSN 880-C08X2D 2
OptiX OSN 1800 II PRO 2
OptiX OSN 1800 V PRO Subrack 4xN

subracks.
OptiX OSN 1800 X16 PRO Subrack 4xN

subracks.
OptiX OSN 1800 X8 PRO 2
WDM Virtual NE 0.2
RTN series OptiX RTN 310 0.5
OptiX RTN 320 1
OptiX RTN 360 1
OptiX RTN 380 1
OptiX RTN 380e 1
OptiX RTN 380A 1
OptiX RTN 380AX 1
OptiX RTN 380H 1
OptiX RTN 605 0.4
OptiX RTN 610 0.4
OptiX RTN 620 0.5
OptiX RTN 905 0.5
OptiX RTN 905e 0.5
OptiX RTN 910 0.5
OptiX RTN 910A 0.5
OptiX RTN 950 1
OptiX RTN 950A 1
OptiX RTN 980 2.5

iMaster NCE
OptiX RTN 980L 2.5
OptiX RTN 510 0.5
NEC 5000S 1
OptiX RTN FlexPort80 1
PTP 250 1
PTP 500 1
PTP 650 1
PMP 450 1
X-1200 1
PTN series OptiX PTN 1900 2.5
OptiX PTN 3900 4.5
OptiX PTN 3900-8 4
OptiX PTN 905 0.4
OptiX PTN 905A 0.4
OptiX PTN 905B 0.4
OptiX PTN 906A 0.4
OptiX PTN 906AI 0.4
OptiX PTN 906B 0.4
OptiX PTN 910 0.5
OptiX PTN 910-F 0.4
OptiX PTN 912 0.5
OptiX PTN 950 1
OptiX PTN 960 1.5
Layer 2 Virtual NE 1
Physical Layer Virtual NE 1
Pre-configuration NE Equal to a real NE
3rd-Party NE 1

iMaster NCE
11.4.2 Equivalent NEs in the IP Domain

Number of equivalent NEs in the IP domain = Number of IP NEs of type 1 x
Equivalent coefficient of type 1 + ... + Number of IP NEs of type n x Equivalent
coefficient of type n
For example, if there are 5 NE5000Es (equivalent coefficient: 10), 200 S5300s (equivalent
coefficient: 1.25), and 1000 CX200s (equivalent coefficient: 0.625), then:
Number of equivalent NEs in the IP domain = 5 x 10 + 200 x 1.25 + 1000 x 0.625 = 925
Equivalent coefficients of NEs in the IP domain are shown in Table 11-9 describes
the equivalent coefficients for NEs in the IP domain.
Table 11-9 Equivalent coefficients for NEs in the IP domain
Router NE05/NE08(E)/NE16(E) 0.75
NE05E-S/NE05E-M 0.5
NE08E-S/NE08E-M 1.0
NE20/NE20E 1.25
NE20E-S4 0.5
NE20E-S8/S16/S8A/S16A 1.0
NE20E-M2E/NE20E-M2F 0.5
NE40/NE80 5.0
NE40E-X1 0.5
NE40E-X2 1.0
NE40E-X3/X3A 1.25
NE40E-4 1.25
NE40E-X8/X8A 2.5
NE40E-8 2.5
NE40E-X16/X16A 5.0
NE40E-M2E/NE40E-M2F/ 0.5
NE40E-M2H/NE40E-M2K
NE40E-F1A 0.5
NE80E 5.0
NE5000E 10.0 x N
N indicates the number
of chassis.

iMaster NCE
AR150 0.125
AR200 0.125
AR1200/AR2200/AR3200/ 0.25
AR3600
NE16EX 0.25
R series 1.0
AR18/19/28/29/46/49 series 0.25
NE9000/NE9000-20 10.0
NE9000-8 5.0
NetEngine 8000 X4/X8 2.5
NetEngine 8000 F1A 0.5
NetEngine 8000 M1A 0.5
NetEngine 8000 M6 0.5
NetEngine 8000 M8/M14 1
RM9000 1.0
Switch S2000 series 0.125
S2300 series 0.625
S2700 series 0.625
S3000 series 0.125
S3300 series 0.75
S3500 series 0.125
S3700 series 0.75
S3900 series 0.125
S5000 series 0.25
S5300 series 1.25
S5500 series 0.25
S5600 series 0.25
S5700 series 1.25
S6300 series 1.25
S6500 series 0.75

iMaster NCE
S6700 series 1.25
S7800 series 1.25
S8016 series 1.25
S8500 series 1.25
S7703 series 2.0
S7706 series 3.5
S7712 series 6.0
S9300X-4 6.0
S9300X-8 6.0
S9300X-12 9.0
S9303/S9303E series 2.0
S9306/S9306E series 3.5
S9312/S9312E series 6.0
S9703 2.0
S9706 3.5
S9712 6.0
S12700E-4, S12700E-8, 6.0

S12704, S12708, S12710
S12712, S12700E-12 9.0
E628 series 1.25
E652 series 1.25
Data center switch CE16804 6.0
CE16808 8.0
CE16816 10.0
CE12804 6.0
CE12808 8.0
CE12812 10.0
CE9800 series 2.0
CE8800 series 1.25
CE7800 series 1.25

iMaster NCE
CE6800 series 1.25
CE5800 series 1.25
PTN6900 series PTN6900-1/PTN6900-1-M4 0.5
PTN6900-F1A 0.5
PTN6900-M8C 0.5
PTN6900-M2K/M2E/M2F 0.5
PTN6900-2-M8A/M16A 1.0
PTN6900-2/PTN6900-2-M8/ 1.0
PTN6900-2-M14/PTN6900-2-
M16
PTN6900-3/3A 1.25
PTN6900-8/8A 2.5
PTN6900-16/16A 5.0
OptiX PTN series OptiX PTN 1900 2.5
OptiX PTN 3900 4.5
OptiX PTN 3900-8 4
OptiX PTN 912 0.5
OptiX PTN 910 0.5
OptiX PTN 910-F 0.4
OptiX PTN 910E-F 0.5
OptiX PTN 930 1
OptiX PTN 950 1
OptiX PTN 960 1.5
OptiX PTN 905 0.4
OptiX PTN 905A 0.4
OptiX PTN 905B 0.4
OptiX PTN 905C 0.4
OptiX PTN 905E 0.4
OptiX PTN 905G 0.4
OptiX PTN 906A 0.4
OptiX PTN 906AI 0.4

iMaster NCE
OptiX PTN 906B 0.4
Physical Layer Virtual NE 1
OptiX PTN 990/990E 2.5
OptiX PTN 980 2.0
OptiX PTN 970 2.5
OptiX PTN 6900 5
OptiX PTN 7900-32 5.5
OptiX PTN 7900-24 5
OptiX PTN 7900-12 4.5
OptiX PTN 7900E-32 5.5
OptiX PTN 7900E-24 5
OptiX PTN 7900E-12 4.5
ATN series ATN 910/910I/910B/910C 0.5
ATN 905 0.25
ATN 950 1.0
ATN 950B 1.0
ATN 950C 1.0
ATN 950D 1.0
ATN 980 1.0
ATN 980B 1.0
ATN 990 1.0
ETN series ETN 500 0.25
ETN 550-A 1.0
MAN service CX200 series 0.625

platform
CX300 series 1.25
CX600-X1 0.5
CX600-X2 1.0
CX600-X3 1.25

iMaster NCE
CX600-4 1.25
CX600-X8 2.5
CX600-8 2.5
CX600-X16 5.0
CX600-16 5.0
CX600-M2E/CX600-M2F/ 0.5
CX600-M2H/CX600-M2K
CX600-F1A 0.5
CX6620 10.0
CX6601/CX6602 0.5
CX6608 5.0
EGW EGW2100 series 0.25
EGW2200 series 0.25
EGW3200 series 0.25
Firewall Eudemon 300/500/1000 0.5
Eudemon 100E 0.25
NGFW 0.75
Eudemon 200E series 0.25
Eudemon 200E-G8/-G85/-N 0.75
Eudemon 200S 0.25
Eudemon 1000E series 0.75
Eudemon 1000E-X 0.75
Eudemon 8040 3.0
Eudemon 8080 6.0
Eudemon 8080E 4.0
Eudemon 8160E 8.0
Eudemon 8000E-X3 1.5
Eudemon 6080E 4.0

iMaster NCE
NE40E-FW 4.0
NE80E-FW 8.0
vRouter6000V series 0.75
USG USG9110 2.0
USG9120 4.0
USG9310 4.0
USG9320 8.0
USG9520 1.5
USG9560 4.0
USG9580 8.0
USG6600 series 0.75
USG6500 series 0.75
USG6300 series 0.75
USG5500 series 0.75
USG5300 series 0.75
USG5100 series 0.25
USG3000 0.25
USG2100 series 0.25
USG2200 series 0.25
USG50 0.25
SRG SRG1200 series 0.25
SRG20 series 0.25
SRG2200 series 0.25
SRG3200 series 0.25
SRG1300 series 0.25
SRG2300 series 0.25
SRG3300 series 0.25
SIG SIG9810 4.0
SIG9820 8.0
SIG9800-X3 1.5

iMaster NCE
SIG9800-X8 4.0
SIG9800-X16 8.0
SIG Server 4.0
URL Classify Server 0.25
RADIUS Proxy 0.25
SeMG9811 SeMG9811-X3 1.5
SeMG9811-X8 4.0
SeMG9811-X16 8.0
NE-DPI NE40E-DPI 4.0
NE80E-DPI 8.0
NE40E80E-DPI Server 4.0
URL Classify Server-DPI 0.25
RADIUS Proxy-DPI 0.25
SVN SVN3000 0.25
SVN2200 0.25
SVN5300 0.75
SVN5500 0.75
ASG ASG2100 0.25
ASG2200 0.25
ASG2600 0.75
ASG2800 0.75
NIP NIP6600 0.75
CE-FWA CE-FWA 0.75
CE-IPSA CE-IPSA 0.75
OP-Bypass OP-Bypass 0.25
iCache iCache9200 RSS 1.0
iCache9200 DSS 1.0
iCache9200 MSS 1.0
iCache9200 CSS-HTTP 1.0
iCache9200 CSS-BT 1.0

iMaster NCE
iCache9200 CSS-EM 1.0
iCache9200 CSS-WEB 1.0
iCache9200 CSS-PPS 1.0
iCache9200 CSS-PPL 1.0
iCache9200 CSS-QQL 1.0
Broadband access MA5200E/F series 1.5
MA5200G series 10.0
ME60 series 10.0
BGW9916 5.0
Voice gateway VG1040/1041 series 0.25
VNE1000 VNE1000 series 1
VNE9000 VNE9000 series 1
VSIG9800 VSIG9800 series 1
ICMP device ICMP device 1
Third-party NE SNMP Third-party NE 1
Cisco ASR 9001 0.5
Cisco ASR 9006 1.25
Cisco ASR 9922 7
Nokia 7750 SR-a4 0.5
Nokia 7750 SR-7 1.5
Nokia 7750 SR-12 3
Nokia 7750 SR-12e 3
Juniper MX480 2.5
UBIQUOSS E7124 0.5
DASAN M3000 0.5
11.5 Equivalent Routes

The route equivalent coefficient is calculated based on the size of the memory
occupied by the route data structure and the ratio of the preferred route to the
non-preferred route in the typical networking.

iMaster NCE
The formula for calculating the number of equivalent routes is as follows:
Number of equivalent routes = Number of preferred routes

x Equivalent coefficient
Protocol type = {Direct, Static, OSPF, IS-IS, BGP, VPN, FIB}
For the equivalent coefficient of each protocol route, see Equivalent coefficients
of protocol routes.
For example, if there are 10,000 direct routes, 20,000 static routes, 100,000 OSPF
routes, 30,000 IS-IS routes, 20,000 BGP routes, 150,000 VPN routes, and 50,000 FIB
routes, then the number of equivalent routes is calculated as follows based on the
equivalent coefficients of protocol routes listed in Table 11-10:
Number of equivalent routes = 10,000 x 1 + 20,000 x 1 + 100,000 x 1.5 + 30,000 x

1.5 + 20,000 x 1.6 + 150,000 x 1.6 + 50,000 x 1 = 547,000
Table 11-10 Equivalent coefficients of protocol routes
Protocol Type Equivalent Coefficient
Direct 1
Static 1
OSPF 1.5
IS-IS 1.5
BGP 1.6
VPN 1.6
FIB 1
On a network, there are different node roles such as PEs, CEs, and UPEs. Calculate
the total number of equivalent routes on the network as follows:
1. Query the total number of protocol routes on a node of each role.

2. Calculate the number of equivalent routes of the node based on the formula.
3. Multiply the number of equivalent routes by the number of nodes of a role to
obtain the total number of equivalent routes of the role.
4. Sum up the numbers of equivalent routes of nodes of all roles.
Finally, compare the estimated number of equivalent routes with the maximum
number of equivalent routes (10 million) supported.
If there are 500 PEs, 1000 CEs, and 2000 UPEs on a network and the numbers of
equivalent routes of a PE, CE, and UPE are A, B, and C respectively, the total
number of equivalent routes on the network is estimated based on the formula as
follows: 500 x A + 1000 x B + 2000 x C.

iMaster NCE
Product Description (Super, Compatible with x86) 12 Version Requirements
12 Version Requirements
● The New Version column lists the NE versions newly supported by the current NCE
version.
● The Compatible Version column lists the NE versions supported by earlier NCE versions.
Unless otherwise specified, the current NCE version also supports these NE versions.
12.1 Version Mapping Between NCE (Super) and Connected Controllers
12.1 Version Mapping Between NCE (Super) and

Connected Controllers
IP RAN Private Line
Table 12-1 Version requirements of domain controllers

Controller Category Name Version
Huawei IP network NCE (IP Domain) V100R018C00

controller V100R018C10
V100R019C00
Third-party controller FiberHome controller V300R002C10
ZTE controller V300R002C10

iMaster NCE
SPTN Private Line

Controller Name Version
Category
Huawei IP NCE (IP Domain) V100R018C10

network V100R019C00
controller
Third-party ZTE controller V300R002C10

controller
Comprehensive Multi-Domain Private Line


Nokia controller NokiaNSP V100R001C00
Huawei transport NCE (Transport Domain) V100R018C10

network controller V100R019C00
FIBERHOME controller FIBERHOME V300R002C10
CommonSBI V100R018C00
NMS NCE (Management V100R019C00

Plane)
U2000 V200R017C60
V200R018C50
V200R018C60
Aviat controller CommonSBI V100R018C00

iMaster NCE
Optical Multi-Domain Private Line

Controller Name Version
NCE (Transport Domain) V100R018C00

V100R018C10
V100R019C00
NokiaNSP NRCT_18.7
Multi-Cloud Interconnect


IP+Optical Solution
Table 12-6 Controllers compatible with NCE (Super)


controller
Huawei transport NCE (Transport Domain) V100R019C00

network controller
Huawei network NCE-IP-T V100R019C00

controller

iMaster NCE
Product Description (Super, Compatible with x86) A Appendix
A Appendix
A.1 Standards Compliance

NCE complies with ITU-T, IETF, and TMF standards and protocols.
Table A-1 Standards and protocols
Standard/Protocol Name
CIS Center for Internet Security Benchmarks
Sif99025 EML-NML interface models
TMF513 V2.0 Multi-Technology Network Management Business

Agreement NML-EML Interface Version 2.0
TMF518 MTOSI Business Agreement
TMF608 V2.0 Multi-Technology Network Management Information

Agreement NML-EML Interface Version 2.0
TMF612 MTOSI Information Agreement
TMF814 V2.0 Multi Technology Network Management Solution Set

Conformance Document Version 2.0
TMF814A MTNM Implementation Statement and Guidelines for

MTNM Release 3.5M
TMF864 MTOSI Interface Implementation Specifications
ISO 8824-4-2000 Information Technology - Abstract Syntax Notation

One (ASN.1): Parameterization of ASN.1
Specifications Amendment 1: ASN.1 semantic model
ISO 8825-2-1998 Information Technology - ASN.1 Encoding Rules:

Specification of Packed Encoding Rules (PER) Second
Edition; Technical Corrigendum 1: 12/15/1999;
Amendment 1: 12/01/2000

iMaster NCE
ITU-T G.707 Network node interface for the synchronous digital

hierarchy (SDH)
ITU-T G.7710 Common equipment management function

requirements
ITU-T G.773 Protocol suites for Q-interfaces for management of

transmission systems
ITU-T G.774 (01, 02, 03, Synchronous digital hierarchy (SDH) - Management
04) information model for the network element view
ITU-T G.783 Characteristics of synchronous digital hierarchy (SDH)

equipment functional blocks
ITU-T G.784 Synchronous digital hierarchy (SDH) management
ITU-T G.803 Architecture of transport networks based on the

synchronous digital hierarchy (SDH)
ITU-T G.831 Management capabilities of transport networks based

on the synchronous digital hierarchy (SDH)
ITU-T G.851.1 Management of the transport network - Application

of the RM-ODP framework
ITU-T G.852.1 Enterprise viewpoint for simple subnetwork

connection management
ITU-T G.852.2 Enterprise viewpoint description of transport network

resource model
ITU-T G.852.3 Enterprise viewpoint for topology management
ITU-T G.852.6 Enterprise viewpoint for trail management
ITU-T G.853.1 Common elements of the information viewpoint for

the management of a transport network
ITU-T G.853.2 Subnetwork connection management information

viewpoint
ITU-T G.853.3 Information viewpoint for topology management
ITU-T G.853.6 Information viewpoint for trail management
ITU-T G.854.1 Computational interfaces for basic transport network

model
ITU-T G.854.3 Computational viewpoint for topology management
ITU-T G.854.6 Computational viewpoint for trail management
ITU-T M.3000 Overview of TMN recommendations
ITU-T M.3010 Principles for a telecommunications management

network

iMaster NCE
ITU-T M.3013 Considerations for a telecommunications

management network
ITU-T M.3017 Framework for the integrated management of hybrid

circuit/packet networks
ITU-T M.3020 TMN interface specification methodology
ITU-T M.3100 Generic network information model
ITU-T M.3101 Managed Object Conformance statements for the

generic network information model
ITU-T M.3180 Catalogue of TMN management information
ITU-T M.3200 TMN management services and telecommunications

managed areas: overview
ITU-T M.3300 TMN F interface requirements
ITU-T M.3400 TMN management functions
ITU-T X.720 Management information model
ITU-T X.721 Definition of management information
ITU-T X.722 Guidelines for the definition of managed objects
ITU-T X.733 Information technology - Open Systems

Interconnection - Systems Management: alarm
reporting function
ITU-T X.735 Information technology - Open Systems

Interconnection - Systems Management: log control
function
ITU-T X.903 Information technology - Open distributed processing

- Reference Model: architecture
ITU-T Y.1701 Common equipment management function

requirements
M.3016.0 Security for the management plane: Overview
M.3016.1 Security for the management plane: Security

requirements
M.3016.2 Security for the management plane: Security services
M.3016.3 Security for the management plane: Security

mechanism
M.3016.4 Security for the management plane: Profile proforma
M.3703 Common management services - Alarm management

- Protocol neutral requirements and analysis

iMaster NCE
MEF 15 Requirements for Management of Metro Ethernet

Phase 1 Network Elements
Rational Unified Rational Unified Process

Process 5.5
RFC793 Transmission Control Protocol (Darpa Internet

Program Protocol Specification)
RFC1155 Structure and Identification of Management

Information for TCP/IP-based Internets
RFC1212 Concise MIB Definitions
RFC1213 Management Information Base for Network

Management of TCP/IP-based internets: MIB-II
RFC1215 A Convention for Defining Traps for use with the

SNMP
RFC1905 Protocol Operations for Version 2 of the Simple

Network Management Protocol
RFC1906 Transport Mappings for Version 2 of the Simple

RFC1907 Management Information Base for Version 2 of the

Simple Network Management Protocol
RFC1908 Coexistence between Version 1 and Version 2 of the

Internet-standard Network Management Framework
RFC2011 SNMPv2 Management Information Base for the

Internet Protocol using SMIv2
RFC2012 SNMPv2 Management Information Base for the

Transmission Control Protocol using SMIv2
RFC2013 SNMPv2 Management Information Base for the User

Datagram Protocol using SMIv2
RFC2396 Uniform Resource Identifiers (URL)
RFC2544 Benchmarking Methodology for Network Interconnect

Devices
RFC2571 An Architecture for Describing SNMP Management

Frameworks
RFC2572 Message Processing and Dispatching for the Simple

RFC2573 SNMP Applications
RFC2574 User-based Security Model (USM) for version 3 of the

Simple Network Management Protocol

iMaster NCE
RFC2576 Coexistence between Version 1, Version 2, and Version

3 of the Internet-standard Network Management
Framework
RFC2578 Structure of Management Information Version 2

(SMIv2)
RFC2579 Textual Conventions for SMIv2
RFC2580 Conformance Statements for SMIv2
RFC2616 Hypertext Transfer Protocol -- HTTP/1.1
RFC2617 HTTP- Authentication: Basic and Digest Access

Authentication
RFC2818 HTTP Over TLS (HTTPS)
RFC2890 Key and Sequence Number Extensions to GRE
RFC3164 The BSD syslog Protocol
RFC3411 An Architecture for Describing Simple Network

Management Protocol (SNMP) Management
Frameworks
RFC3412 Message Processing and Dispatching for the Simple

Network Management Protocol (SNMP)
RFC3413 Simple Network Management Protocol (SNMP)

Applications
RFC3414 User-based Security Model (USM) for version 3 of the

Simple Network Management Protocol (SNMPv3)
RFC3415 View-based Access Control Model (VACM) for the

Simple Network Management Protocol (SNMP)
RFC3416 Version 2 of the Protocol Operations for the Simple

RFC3417 Transport Mappings for the Simple Network

Management Protocol (SNMP)
RFC3418 Management Information Base (MIB) for the Simple

RFC4271 A Border Gateway Protocol 4 (BGP-4)
RFC4346 Transport Layer Security (TLS) Protocol Version 1.1
RFC5246 Transport Layer Security (TLS) Protocol Version 1.2
RFC6241 Network Configuration Protocol (NETCONF)
RFC8040 RESTCONF Protocol

iMaster NCE
OpenStack.GBP The Group-based Policy (GBP) abstractions for

OpenStack provide an intent-driven declarative policy
model that presents simplified application-oriented
interfaces to the user.
RFC7951 JSON Encoding of Data Modeled with YANG
RFC7936 Clarifying Registry Procedures for the WebSocket

Subprotocol Name Registry
RFC6455 The WebSocket Protocol
RFC8259 The JavaScript Object Notation (JSON) Data

Interchange Format
RFC6020 YANG - A Data Modeling Language for the Network

Configuration Protocol (NETCONF)
W3C.REC- Server-Sent Events, a server push technology enabling

eventsource-20150203 a browser to receive automatic updates from a server
via HTTP connection.
RFC8340 YANG Tree Diagrams
RFC8199 YANG Module Classification
RFC8071 NETCONF Call Home and RESTCONF Call Home
RFC7950 The YANG 1.1 Data Modeling Language
RFC5277 NETCONF Event Notifications
RFC4880 OpenPGP is the most widely used email encryption

standard. It is defined by the OpenPGP Working
Group of the Internet Engineering Task Force (IETF)
as a Proposed Standard in RFC 4880. OpenPGP was
originally derived from the PGP software, created by
Phil Zimmermann.
RFC7047 OVSDB Management Protocol
RFC3173 InMon Corporation's sFlow
RFC4627 JavaScript Object Notation (JSON)
RFC2460 Internet Protocol, Version 6 (IPv6)
RFC5988 Internet Engineering Task Force (IETF)
draft-ietf-secsh- sftp draft

filexfer-13
RFC4253 The Secure Shell (SSH) Transport Layer Protocol
RFC1157 A Simple Network Management Protocol (SNMP)

iMaster NCE
RFC1902 Structure of Management Information for Version 2

of the Simple Network Management Protocol
(SNMPv2)
RFC2575 View-based Access Control Model (VACM) for the

Simple Network Management Protocol (SNMP)
draft-ietf-ccamp-alarm- This document defines a YANG [RFC7950] module for

module-01 alarm management.
SSE Server-Sent Events
A.2 Glossary
Numerics
3G See Third Generation.
802.1Q in 802.1Q A VLAN feature that allows the equipment to add a VLAN tag to a tagged
(QinQ) frame. The implementation of QinQ is to add a public VLAN tag to a frame
with a private VLAN tag to allow the frame with double VLAN tags to be
transmitted over the service provider's backbone network based on the
public VLAN tag. This provides a layer 2 VPN tunnel for customers and
enables transparent transmission of packets over private VLANs.
A
ACL See Access Control List.
ADMC automatically detected and manually cleared
ADSL See asymmetric digital subscriber line.
ADSL2+ asymmetric digital subscriber line 2 plus
ANCP See Access Node Control Protocol.
API See application programming interface.
APS automatic protection switching
AS See autonomous system.
ASBR See autonomous system boundary router.
ASN.1 See Abstract Syntax Notation One.
ASON automatically switched optical network
Abstract Syntax A syntax notation type employed to specify protocols. Many protocols
Notation One (ASN. defined by the ITU-T use this syntax format. Other alternatives are standard
1) text or Augmented Backus-Naur Form (ABNF).
Access Control List A list of entities, together with their access rights, which are authorized to
(ACL) access a resource.

iMaster NCE
Access Node Control An IP-based protocol that operates between the access node (AN) and the
Protocol (ANCP) network access server (NAS), over a DSL access and aggregation network.
application An application programming interface is a particular set of rules and
programming specifications that are used for communication between software programs.
interface (API)
asymmetric digital A technology for transmitting digital information at a high bandwidth on
subscriber line existing phone lines to homes and businesses. Unlike regular dialup phone
(ADSL) service, ADSL provides continuously-available, "always on" connection.
ADSL is asymmetric in that it uses most of the channel to transmit
downstream to the user and only a small part to receive information from
the user. ADSL simultaneously accommodates analog (voice) information
on the same line. ADSL is generally offered at downstream data rates from
512 kbit/s to about 6 Mbit/s.
autonomous system A network set that uses the same routing policy and is managed by the
(AS) same technology administration department. Each AS has a unique
identifier that is an integer ranging from 1 to 65535. The identifier is
assigned by IANA. An AS can be divided into areas.
autonomous system A router that exchanges routing information with other autonomous system
boundary router boundary routers.
(ASBR)
B
B/S Browser/Server
BFD See Bidirectional Forwarding Detection.
BGP Border Gateway Protocol
BIOS See basic input/output system.
BITS See building integrated timing supply.
BOD bandwidth on demand
BRA See basic rate access.
BRAS See broadband remote access server.
BSS Business Support System
BWS backbone wavelength division multiplexing system
Bidirectional A fast and independent hello protocol that delivers millisecond-level link
Forwarding failure detection and provides carrier-class availability. After sessions are
Detection (BFD) established between neighboring systems, the systems can periodically send
BFD packets to each other. If one system fails to receive a BFD packet
within the negotiated period, the system regards that the bidirectional link
fails and instructs the upper layer protocol to take actions to recover the
faulty link.
basic input/output Firmware stored on the computer motherboard that contains basic input/
system (BIOS) output control programs, power-on self test (POST) programs, bootstraps,
and system setting information. The BIOS provides hardware setting and
control functions for the computer.

iMaster NCE
basic rate access An ISDN interface typically used by smaller sites and customers. This
(BRA) interface consists of a single 16 kbit/s data (or "D") channel plus two
bearer (or "B") channels for voice and/or data. Also known as Basic Rate
Access, or BRI.
broadband remote A new type of access gateway for broadband networks. As a bridge
access server (BRAS) between backbone networks and broadband access networks, BRAS
provides methods for fundamental access and manages the broadband
access network. It is deployed at the edge of network to provide broadband
access services, convergence, and forwarding of multiple services, meeting
the demands for transmission capacity and bandwidth utilization of
different users. BRAS is a core device for the broadband users' access to a
broadband network.
building integrated In the situation of multiple synchronous nodes or communication devices,
timing supply (BITS) one can use a device to set up a clock system on the hinge of telecom
network to connect the synchronous network as a whole, and provide
satisfactory synchronous base signals to the building integrated device. This
device is called BITS.
C
CAS See Central Authentication Service.
CBU See cellular backhaul unit.
CC See continuity check.
CCC circuit cross connect
CES See circuit emulation service.
CIR committed information rate
CLEI common language equipment identification
CLI See command-line interface.
CORBA See Common Object Request Broker Architecture.
CPE See customer-premises equipment.
CPU See Central Processing Unit.
CSV See comma separated values.
Central A single sign-on protocol for the web. Its purpose is to permit users to
Authentication access multiple applications by providing their credentials (such as user
Service (CAS) names and passwords) only once. It also allows web applications to
authenticate users without gaining access to the users' security credentials
(such as passwords). CAS also refers to a software package that implements
this protocol.
Central Processing The computational and control unit of a computer. The CPU is the device
Unit (CPU) that interprets and executes instructions. The CPU has the ability to fetch,
decode, and execute instructions and to transfer information to and from
other resources over the computer's main data-transfer path, the bus.

iMaster NCE
Common Object A specification developed by the Object Management Group in 1992 in

Request Broker which pieces of programs (objects) communicate with other objects in
Architecture other programs, even if the two programs are written in different
(CORBA) programming languages and are running on different platforms. A program
makes its request for objects through an object request broker, or ORB, and
therefore does not need to know the structure of the program from which
the object comes. CORBA is designed to work in object-oriented
environments.
Coordinated The world-wide scientific standard of timekeeping. It is based upon carefully
Universal Time maintained atomic clocks and is kept accurate to within microseconds
(UTC) worldwide.
cellular backhaul A network access unit used for access base transceiver stations. It provides
unit (CBU) Ethernet, IP, and TDM services; has multiple Ethernet and 1PPS+ToD
interfaces and optionally E1 interfaces. It is mainly applicable to backhaul in
mobile base transceiver stations.
circuit emulation A function with which the E1/T1 data can be transmitted through ATM
service (CES) networks. At the transmission end, the interface module packs timeslot
data into ATM cells. These ATM cells are sent to the reception end through
the ATM network. At the reception end, the interface module re-assigns the
data in these ATM cells to E1/T1 timeslots. The CES technology guarantees
that the data in E1/T1 timeslots can be recovered to the original sequence
at the reception end.
comma separated A CSV file is a text file that stores data, generally used as an electronic table
values (CSV) or by the database software.
command-line A means of communication between a program and its user, based solely
interface (CLI) on textual input and output. Commands are input with the help of a
keyboard or similar device and are interpreted and executed by the
program. Results are output as text or graphics to the terminal.
continuity check An Ethernet connectivity fault management (CFM) method used to detect
(CC) the connectivity between MEPs by having each MEP periodically transmit a
Continuity Check Message (CCM).
customer-premises Customer-premises equipment or customer-provided equipment (CPE) is
equipment (CPE) any terminal and associated equipment located at a subscriber's premises
and connected with a carrier's telecommunication channel at the
demarcation point ("demarc"). The demarc is a point established in a
building or complex to separate customer equipment from the equipment
located in either the distribution infrastructure or central office of the
communications service provider. CPE generally refers to devices such as
telephones, routers, network switches, residential gateways (RG), set-top
boxes, fixed mobile convergence products, home networking adapters and
Internet access gateways that enable consumers to access communications
service providers' services and distribute them around their house via a local
area network (LAN).
D
DB database
DC data center

iMaster NCE
DCC data communication channel

DCI See Data Center Interconnect.
DCM See dispersion compensation module.
DCN See data communication network.
DDoS See distributed denial of service.
DSLAM See digital subscriber line access multiplexer.
DWDM See dense wavelength division multiplexing.
Data Center DCI refers to network interconnection between two data centers for cross-
Interconnect (DCI) DC service transmission and migration.
DoS See denial of service.
data communication A communication network used in a TMN or between TMNs to support the
network (DCN) data communication function.
denial of service DoS attack is used to attack a system by sending a large number of data
(DoS) packets. As a result, the system cannot receive requests from the valid users
or the host is suspended and cannot work normally. DoS attack includes
SYN flood, Fraggle, and others. The DoS attacker only stops the valid user
from accessing resources or devices instead of searching for the ingresses of
the intranet.
dense wavelength The technology that utilizes the characteristics of broad bandwidth and low
division attenuation of single mode optical fiber, employs multiple wavelengths
multiplexing with specific frequency spacing as carriers, and allows multiple channels to
(DWDM) transmit simultaneously in the same fiber.
digital subscriber A network device, usually situated in the main office of a telephone
line access company, that receives signals from multiple customer Digital Subscriber
multiplexer Line (DSL) connections and uses multiplexing techniques to put these
(DSLAM) signals on a high-speed backbone line.
dispersion A type of module that contains dispersion compensation fibers to
compensation compensate for the dispersion of the transmitting fiber.
module (DCM)
distributed denial of Distributed Denial of Service attack is one in which a multitude of
service (DDoS) compromised systems attack a single target, therefore causing denial of
service for users of the targeted system. The flood of incoming messages to
the target system essentially and occupies the resources of it, therefore
denying services to legitimate users.
E
E-LAN See Ethernet local area network.
E-Line See Ethernet line.
E2E end to end
ECC See embedded control channel.
EDFA See erbium-doped fiber amplifier.
EPL See Ethernet private line.

iMaster NCE
EPON See Ethernet passive optical network.

EVPL See Ethernet virtual private line.
EoO Ethernet over OTN
EoW Ethernet over WDM
Ethernet line (E- A type of Ethernet service that is based on a point-to-point EVC (Ethernet
Line) virtual connection).
Ethernet local area A type of Ethernet service that is based on a multipoint-to-multipoint EVC
network (E-LAN) (Ethernet virtual connection).
Ethernet passive An Ethernet Passive Optical Network (EPON) is a passive optical network
optical network based on Ethernet. It is a new generation broadband access technology that
(EPON) uses a point-to-multipoint structure and passive fiber transmission. It
supports upstream/downstream symmetrical rates of 1.25 Gbit/s and a
reach distance of up to 20 km. In the downstream direction, the bandwidth
is shared based on encrypted broadcast transmission for different users. In
the upstream direction, the bandwidth is shared based on TDM. EPON
meets the requirements for high bandwidth.
Ethernet private line A type of Ethernet service provided by SDH, PDH, ATM, or MPLS server
(EPL) layer networks. This service is carried over dedicated bandwidth between
point-to-point connections.
Ethernet virtual A type of Ethernet service provided by SDH, PDH, ATM, or MPLS server
private line (EVPL) layer networks. This service is carried over shared bandwidth between
point-to-point connections.
embedded control A logical channel that uses a data communications channel (DCC) as its
channel (ECC) physical layer to enable the transmission of operation, administration, and
maintenance (OAM) information between NEs.
erbium-doped fiber An optical device that amplifies optical signals. This device uses a short
amplifier (EDFA) optical fiber doped with the rare-earth element, Erbium. The signal to be
amplified and a pump laser are multiplexed into the doped fiber, and the
signal is amplified by interacting with doping ions. When the amplifier
passes an external light source pump, it amplifies the optical signals in a
specific wavelength range.
F
FCAPS fault, configuration, accounting, performance, security
FDN fixed dialing number
FIB See forwarding information base.
FPGA See field programmable gate array.
FRR See fast reroute.
FTP See File Transfer Protocol.
FTTB See fiber to the building.
FTTC See fiber to the curb.
FTTH See fiber to the home.

iMaster NCE
File Transfer A member of the TCP/IP suite of protocols, used to copy files between two
Protocol (FTP) computers on the Internet. Both computers must support their respective
FTP roles: one must be an FTP client and the other an FTP server.
fast reroute (FRR) A technology which provides a temporary protection of link availability
when part of a network fails. The protocol enables the creation of a
standby route or path for an active route or path. When the active route is
unavailable, the traffic on the active route can be switched to the standby
route. When the active route is recovered, the traffic can be switched back
to the active route. FRR is categorized into IP FRR, VPN FRR, and TE FRR.
fiber to the building A fiber-based networking scenario. There are two types of FTTB scenarios:
(FTTB) multi-dwelling unit (MDU) and business buildings. Each scenario includes
the following service types: FTTB to the MDU and FTTB to the business
buildings.
fiber to the curb A fiber-based networking scenario. The FTTC scenario provides the
(FTTC) following services: asymmetric broadband services (such as digital
broadcast service, VOD, file download, and online gaming), symmetric
broadband services (such as content broadcast, email, file exchange,
distance education, and distance medical care), POTS, ISDN, and xDSL
backhaul services.
fiber to the home A fiber-based networking scenario. The FTTH scenario provides the
(FTTH) following services: asymmetric broadband services (digital broadcast
service, VoD, file download, and online gaming), symmetric broadband
services (content broadcast, email, file exchange, distance education, and
distance medical care), POTS, and ISDN services.
field programmable A semi-customized circuit that is used in the Application Specific Integrated
gate array (FPGA) Circuit (ASIC) field and developed based on programmable components.
FPGA remedies many of the deficiencies of customized circuits, and allows
the use of many more gate arrays.
forwarding A table that provides information for network hardware (bridges and
information base routers) for them to forward data packets to other networks. The
(FIB) information contained in a routing table differs according to whether it is
used by a bridge or a router. A bridge relies on both the source (originating)
and destination addresses to determine where and how to forward a
packet.
G
GNE See gateway network element.
GRE See Generic Routing Encapsulation.
GUI See graphical user interface.
Generic Routing A mechanism for encapsulating any network layer protocol over any other
Encapsulation (GRE) network. GRE is used for encapsulating IP datagrams tunneled through the
Internet. GRE serves as a Layer 3 tunneling protocol and provides a tunnel
for transparently transmitting data packets.
gateway network An NE that serves as a gateway for other NEs to communicate with a
element (GNE) network management system.

iMaster NCE
graphical user A visual computer environment that represents programs, files, and options
interface (GUI) with graphical images, such as icons, menus, and dialog boxes, on the
screen.
H
HA See high availability.
HFC See high-level foundation classes.
HMAC See hash-based message authentication code.
HQoS See hierarchical quality of service.
HSL See high-level script language.
HTTP Hypertext Transfer Protocol
HTTPS See Hypertext Transfer Protocol Secure.
HVPLS hierarchical virtual private LAN service
Hypertext Transfer An HTTP protocol that runs on top of transport layer security (TLS) and
Protocol Secure Secure Sockets Layer (SSL) for secured transactions. It is used to establish a
(HTTPS) reliable channel for encrypted communication and secure identification of a
network web server. HTTPS consists of communication over Hypertext
Transfer Protocol (HTTP) within a connection encrypted by Transport Layer
Security, or its predecessor, Secure Sockets Layer. The main motivation for
HTTPS is authentication of the visited website and protection of the privacy
and integrity of the exchanged data.
hash-based message In cryptography, a keyed-hash message authentication code (HMAC) is a
authentication code specific type of message authentication code (MAC) involving a
(HMAC) cryptographic hash function (hence the 'H') in combination with a secret
cryptographic key. As with any MAC, it may be used to simultaneously
verify both the data integrity and the authentication of a message. Any
cryptographic hash function, such as MD5 or SHA-1, may be used in the
calculation of an HMAC; the resulting MAC algorithm is termed HMAC-
MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC
depends upon the cryptographic strength of the underlying hash function,
the size of its hash output, and on the size and quality of the key.
hierarchical quality A type of QoS that controls the traffic of users and performs the scheduling
of service (HQoS) according to the priority of user services. HQoS has an advanced traffic
statistics function, and the administrator can monitor the usage of
bandwidth of each service. Hence, the bandwidth can be allocated
reasonably through traffic analysis.
high availability A scheme in which two modules operate in active/standby mode to achieve
(HA) high availability. When the active module fails, the standby module
automatically takes over the system functions of the active module.
high-level A group of encapsulated function databases provided by the iSStar. You can
foundation classes use the provided functions to accelerate script editing.
(HFC)
high-level script A script language. Based on python, the HSL syntax is simple, clear, and
language (HSL) extendable.

iMaster NCE
I
IANA See Internet Assigned Numbers Authority.
ICMP See Internet Control Message Protocol.
IDC See Internet Data Center.
IDN See integrated digital network.
IETF Internet Engineering Task Force
IGP See Interior Gateway Protocol.
IOPS input/output operations per second
IP See Internet Protocol.
IP RAN See IP radio access network.
IP radio access A network that uses IP technology to achieve data backhaul on a radio
network (IP RAN) access network.
IPTV See Internet Protocol television.
IPv4 See Internet Protocol version 4.
IPv6 See Internet Protocol version 6.
ISDN Integrated Services Digital Network
ISP See Internet service provider.
ITU-T International Telecommunication Union-Telecommunication Standardization
Sector
Interior Gateway 1. A routing protocol that is used within an autonomous system. The IGP
Protocol (IGP) runs in small-sized and medium-sized networks. The IGPs are RIP, IGRP,
EIGRP, OSPF, and IS-IS. 2. The routing protocol spoken by the routers
belonging to an Autonomous system. Abbreviated as IGP. Each Autonomous
System has a single IGP. Separate Autonomous Systems may be running
different IGPs.
Internet Assigned A department operated by the IAB. IANA delegates authority for IP address-
Numbers Authority space allocation and domain-name assignment to the NIC and other
(IANA) organizations. IANA also maintains a database of assigned protocol
identifiers used in the TCP/IP suite, including autonomous system numbers.
Internet Control A network layer protocol that provides message control and error reporting
Message Protocol between a host server and an Internet gateway.
(ICMP)
Internet Data The telecommunications sector uses available Internet communication lines
Center (IDC) and bandwidth resources to establish a standard and carrier-class
equipment environment in which comprehensive services such as server
hosting, renting, and other value-added services are provided for enterprises
and governments.

iMaster NCE
Internet Protocol The protocol within TCP/IP that governs the breakup of data messages into
(IP) packets, the routing of the packets from sender to destination network and
station, and the reassembly of the packets into the original data messages
at the destination. IP runs at the internetwork layer in the TCP/IP model—
equivalent to the network layer in the ISO/OSI reference model. The IP
provides a connectionless datagram network layer and allows an
application to communicate transparently across several connected
networks.
Internet Protocol A system that provides TV services over the IP network. In the IPTV system,
television (IPTV) media streams from satellites, terrestrial, and studios are converted by the
encoder to the media streams applicable to the IP network. Then the media
streams are transmitted to the terminal layer on the IP network. Media
content is displayed on a TV set after media streams are processed by
specified receiving devices (for example, an STB).
Internet Protocol The current version of the Internet Protocol (IP). IPv4 utilizes a 32bit
version 4 (IPv4) address which is assigned to hosts. An address belongs to one of five classes
(A, B, C, D, or E) and is written as 4 octets separated by periods and may
range from 0.0.0.0 through to 255.255.255.255. Each IPv4 address consists
of a network number, an optional subnetwork number, and a host number.
The network and subnetwork numbers together are used for routing, and
the host number is used to address an individual host within the network or
subnetwork.
Internet Protocol An update version of IPv4, which is designed by the Internet Engineering
version 6 (IPv6) Task Force (IETF) and is also called IP Next Generation (IPng). It is a new
version of the Internet Protocol. The difference between IPv6 and IPv4 is
that an IPv4 address has 32 bits while an IPv6 address has 128 bits.
Internet service An organization that offers users access to the Internet and related services.
provider (ISP)
integrated digital A set of digital nodes and digital links that uses integrated digital
network (IDN) transmission and switches to provide digital connections between two or
more defined points.
K
KPI key performance indicator
L
L2VPN Layer 2 virtual private network
L3VPN Layer 3 virtual private network
LAG See link aggregation group.
LAN See local area network.
LB See loopback.
LLDP See Link Layer Discovery Protocol.
LSA link-state advertisement
LSR See label switching router.

iMaster NCE
LTE See Long Term Evolution.

Link Layer Discovery The Link Layer Discovery Protocol (LLDP) is an L2D protocol defined in IEEE
Protocol (LLDP) 802.1ab. Using the LLDP, the NMS can rapidly obtain the Layer 2 network
topology and changes in topology when the network scales expand.
Long Term Evolution LTE, an abbreviation for Long-Term Evolution, commonly marketed as 4G
(LTE) LTE, is a standard for wireless communication of high-speed data for mobile
phones and data terminals. It is based on the GSM/EDGE and UMTS/HSPA
network technologies, increasing the capacity and speed using a different
radio interface together with core network improvements.[1][2] The
standard is developed by the 3GPP (3rd Generation Partnership Project) and
is specified in its Release 8 document series, with minor enhancements
described in Release 9.
label switching Basic element of an MPLS network. All LSRs support the MPLS protocol.
router (LSR) The LSR is composed of two parts: control unit and forwarding unit. The
former is responsible for allocating the label, selecting the route, creating
the label forwarding table, creating and removing the label switch path; the
latter forwards the labels according to groups received in the label
forwarding table.
link aggregation An aggregation that allows one or more links to be aggregated together to
group (LAG) form a link aggregation group so that a MAC client can treat the link
aggregation group as if it were a single link.
local area network A network formed by the computers and workstations within the coverage
(LAN) of a few square kilometers or within a single building, featuring high speed
and low error rate. Current LANs are generally based on switched Ethernet
or Wi-Fi technology and run at 1,000 Mbit/s (that is, 1 Gbit/s).
loopback (LB) A troubleshooting technique that returns a transmitted signal to its source
so that the signal or message can be analyzed for errors. The loopback can
be a inloop or outloop.
M
MA maintenance association
MAC See Media Access Control.
MBB mobile broadband
MD See maintenance domain.
MDF See main distribution frame.
MDU See multi-dwelling unit.
ME See managed element.
MEP maintenance association end point
MIB See management information base.
MIP maintenance association intermediate point
MO managed object
MOS mean opinion score
MPLS See Multiprotocol Label Switching.

iMaster NCE
MPLS VPN See multiprotocol label switching virtual private network.

MS-PW See multi-segment pseudo wire.
MSAN multiservice access node
MSTP See multi-service transmission platform.
MTOSI Multi-Technology Operations System Interface
MTTR See Mean Time to Repair.
Mean Time to The average time that a device will take to recover from a failure.
Repair (MTTR)
Media Access A protocol at the media access control sublayer. The protocol is at the lower
Control (MAC) part of the data link layer in the OSI model and is mainly responsible for
controlling and connecting the physical media at the physical layer. When
transmitting data, the MAC protocol checks whether to be able to transmit
data. If the data can be transmitted, certain control information is added to
the data, and then the data and the control information are transmitted in
a specified format to the physical layer. When receiving data, the MAC
protocol checks whether the information is correct and whether the data is
transmitted correctly. If the information is correct and the data is
transmitted correctly, the control information is removed from the data and
then the data is transmitted to the LLC layer.
Multiprotocol Label A technology that uses short tags of fixed length to encapsulate packets in
Switching (MPLS) different link layers, and provides connection-oriented switching for the
network layer on the basis of IP routing and control protocols.
main distribution A device at a central office, on which all local loops are terminated.
frame (MDF)
maintenance The network or the part of the network for which connectivity is managed
domain (MD) by connectivity fault management (CFM). The devices in a maintenance
domain are managed by a single Internet service provider (ISP).
managed element A particular entity or resource in a networked system environment. It can
(ME) also represent a physical piece of equipment on the network, the
components of the device on the network, or parts of the network itself.
management A type of database used for managing the devices in a communications
information base network. It comprises a collection of objects in a (virtual) database used to
(MIB) manage entities (such as routers and switches) in a network.
multi-dwelling unit A network access unit used for multi-dwelling units. It provides Ethernet
(MDU) and IP services and optionally VoIP or CATV services; has multiple
broadband interfaces on the user side and optionally POTS ports or CATV
RF ports. It is mainly applicable to FTTB, FTTC, or FTTCab networks.
multi-segment A collection of multiple adjacent PW segments. Each PW segment is a
pseudo wire (MS- point-to-point PW. The use of MS-PWs to bear services saves tunnel
PW) resources and can transport services over different networks.
multi-service A platform based on the SDH platform, capable of accessing, processing
transmission and transmitting TDM services, ATM services, and Ethernet services, and
platform (MSTP) providing unified management of these services.

iMaster NCE
multiprotocol label An Internet Protocol (IP) virtual private network (VPN) based on the
switching virtual multiprotocol label switching (MPLS) technology. It applies the MPLS
private network technology for network routers and switches, simplifies the routing mode of
(MPLS VPN) core routers, and combines traditional routing technology and label
switching technology. It can be used to construct the broadband Intranet
and Extranet to meet various service requirements.
N
NBI See northbound interface.
NE See network element.
NETCONF See Network Configuration Protocol.
NGFW See Next-Generation Firewall.
NML See network management layer.
NMS See network management system.
NNI network node interface
NSAP See network service access point.
NT1 See network termination 1.
NTP See Network Time Protocol.
Network NETCONF is the communication management protocol. It uses XML-based
Configuration data encoding for the configuration data and protocol messages, and
Protocol (NETCONF) provides a mechanism for installing, operating, and deleting NEs.
Network Time The Network Time Protocol (NTP) defines the time synchronization
Protocol (NTP) mechanism. It synchronizes the time between the distributed time server
and the client.
Next-Generation The Next Generation Firewall is a line-speed device specific to network
Firewall (NGFW) security. It integrates intelligent interworking with other network devices,
visual application identification and control, and legacy firewall functions,
fulfilling the needs of enterprises on network security.
network element An entity that contains hardware and software. An NE has at least one
(NE) main control board that manages and monitors the entire network
element. The NE software runs on the main control board.
network A management layer which is responsible for the management of network
management layer elements on an individual or collective basis.
(NML)
network A system in charge of the operation, administration, and maintenance of a
management network.
system (NMS)
network service A network address defined by ISO, at which the OSI Network Service is
access point (NSAP) made available to a Network service user by the Network service provider.

iMaster NCE
network A type of terminal device that provides U-interface and S/T interface, used
termination 1 (NT1) to connect the ISDN terminals and ISDN exchange equipment. It mainly
performs code switch between the U-interface and the S/T interface, such
as the code switch between the 2B1Q and the AMI in Chinese standards.
The NT1 mostly work at only the physical layer, without software
intelligence; the devices, however, support functions of line maintenance
and performance monitoring, and ensure the clock synchronization
between the ISDN terminals and the network.
northbound An interface that connects to the upper-layer device to provision services
interface (NBI) and report alarms and performance statistics.
O
OAM See operation, administration and maintenance.
OCS optical core switching
OCh optical channel with full functionality
ODN optical distribution network
ODU Optical channel Data Unit
ODUk optical channel data unit - k
OLA optical line amplifier
OLT optical line terminal
OMS optical multiplex section
ONT See optical network terminal.
ONU See optical network unit.
OPEX See operating expense.
OPS See optical physical section.
OSI open systems interconnection
OSN optical switch node
OSNR See optical signal-to-noise ratio.
OSPF See Open Shortest Path First.
OSPF-TE Open Shortest Path First-Traffic Engineering
OSS operations support system
OTN optical transport network
OTS See optical transmission section.
OTT over the top
Open Shortest Path A link-state, hierarchical interior gateway protocol (IGP) for network routing
First (OSPF) that uses cost as its routing metric. A link state database is constructed of
the network topology, which is identical on all routers in the area.

iMaster NCE
OpenStack OpenStack is a free and open-source software platform for cloud

computing, mostly deployed as infrastructure-as-a-service (IaaS), whereby
virtual servers and other resources are made available to customers.[2] The
software platform consists of interrelated components that control diverse,
multi-vendor hardware pools of processing, storage, and networking
resources throughout a data center.
operating expense An operating expense, operating expenditure, operational expense,
(OPEX) operational expenditure or OPEX is an ongoing cost for running a product,
business, or system.
operation, A set of network management functions that cover fault detection,
administration and notification, location, and repair.
maintenance (OAM)
optical network A device that terminates the fiber optical network at the customer
terminal (ONT) premises.
optical network unit A form of Access Node that converts optical signals transmitted via fiber to
(ONU) electrical signals that can be transmitted via coaxial cable or twisted pair
copper wiring to individual subscribers.
optical physical A network segment in the physical layer of optical network.
section (OPS)
optical signal-to- The ratio of signal power to noise power in a transmission link. OSNR is the
noise ratio (OSNR) most important index for measuring the performance of a DWDM system.
optical transmission A section in the logical structure of an optical transport network (OTN). The
section (OTS) OTS allows the network operator to perform monitoring and maintenance
tasks between NEs.
P
P2MP point-to-multipoint
PE See provider edge.
PER packed encoding rules
PKI See public key infrastructure.
PMS performance management system
PON passive optical network
POTS See plain old telephone service.
PRA See primary rate access.
PSN See packet switched network.
PTN packet transport network
PVC permanent virtual channel
PW See pseudo wire.
PWE3 See Pseudowire Emulation Edge-to-Edge.

iMaster NCE
Pseudowire An end-to-end Layer 2 transmission technology. It emulates the essential

Emulation Edge-to- attributes of a telecommunication service such as ATM, FR or Ethernet in a
Edge (PWE3) packet switched network (PSN). PWE3 also emulates the essential
attributes of low speed time division multiplexing (TDM) circuit and
SONET/SDH. The simulation approximates to the real situation.
packet switched A telecommunications network that works in packet switching mode.
network (PSN)
plain old telephone The basic telephone service provided through the traditional cabling such as
service (POTS) twisted pair cables.
primary rate access A standardized ISDN user-network interface structure utilizing the capacity
(PRA) of the primary level of the digital hierarchy, that is, 1544 kbit/s or 2048
kbit/s digit rate. Note: The digit rate of any D-channel in this interface
structure is 64 kbit/s.
provider edge (PE) A device that is located in the backbone network of the MPLS VPN
structure. A PE is responsible for managing VPN users, establishing LSPs
between PEs, and exchanging routing information between sites of the
same VPN. A PE performs the mapping and forwarding of packets between
the private network and the public channel. A PE can be a UPE, an SPE, or
an NPE.
pseudo wire (PW) An emulated connection between two PEs for transmitting frames. The PW
is established and maintained by PEs through signaling protocols. The
status information of a PW is maintained by the two end PEs of a PW.
public key A set of hardware, software, people, policies, and procedures needed to
infrastructure (PKI) create, manage, distribute, use, store, and revoke digital certificates. In
cryptography, a PKI is an arrangement that binds public keys with respective
user identities by means of a certificate authority (CA).
Q
QinQ See 802.1Q in 802.1Q.
R
RAID redundant array of independent disks
RAN See radio access network.
REG See regenerator.
REST See Representational State Transfer.
RESTCONF See RESTCONF.
RESTCONF An HTTP-based protocol that provides a programmatic interface for
(RESTCONF) accessing data defined in YANG, using the datastore concepts defined in the
Network Configuration Protocol (NETCONF).
RESTful RESTful is a software architecture style rather than a standard. It provides a
set of software design guidelines and constraints for designing software for
interaction between clients and servers. RESTful software is simpler and
more hierarchical, and facilitates the implementation of the cache
mechanism.

iMaster NCE
RFC See Requirement For Comments.

RFS resource-facing service
RMEP remote maintenance association end point
RMON remote network monitoring
RNC See radio network controller.
ROADM reconfigurable optical add/drop multiplexer
RPO See recovery point objective.
RSVP-TE See Resource Reservation Protocol-Traffic Engineering.
RTN radio transmission node
RTO See recovery time objective.
Representational Representational State Transfer (REST) is a style of software architecture for
State Transfer distributed systems such as the World Wide Web. REST has emerged as a
(REST) predominant Web service design model. REST facilitates the transaction
between web servers by allowing loose coupling between different services.
Requirement For A document about standards, protocols, or other information pertaining to
Comments (RFC) the operation of the Internet. The RFC, under the control of the Internet
Architecture Board (IAB), is actually issued after discussion and serves as a
standard document. RFCs can be obtained from sources such as InterNIC.
Resource An extension to the RSVP protocol for setting up label switched paths
Reservation (LSPs) in MPLS networks. The RSVP-TE protocol is used to establish and
Protocol-Traffic maintain the LSPs by initiating label requests and allocating label binding
Engineering (RSVP- messages. It also supports LSP rerouting and LSP bandwidth increasing.
TE)
radio access The network that provides the connection between CPEs and the CN. It
network (RAN) isolates the CN from wireless network.
radio network A device in a radio network subsystem that is in charge of controlling the
controller (RNC) usage and integrity of radio resources.
recovery point RPO is a service switchover policy, minimizing data loss during DR
objective (RPO) switchover. The data recovery point is used as the objective to ensure that
the data used for DR switchover is the latest backup data.
recovery time A service switchover policy that ensures the shortest switchover time. It
objective (RTO) tasks the recovery time point as the objective and ensures that the
redundancy machine can take over services as quickly as possible.
regenerator (REG) A piece of equipment or device that regenerates electrical signals.
S
SAML See Security Assertion Markup Language.
SAN See storage area network.
SBU See single business unit.
SDH See synchronous digital hierarchy.
SDN See software-defined networking.

iMaster NCE
SFTP See Secure File Transfer Protocol.

SHDSL See single-pair high-speed digital subscriber line.
SLA See Service Level Agreement.
SMTP See Simple Mail Transfer Protocol.
SN service node
SNCP subnetwork connection protection
SNMP See Simple Network Management Protocol.
SOAP See Simple Object Access Protocol.
SPE See superstratum provider edge.
SR See strict routing.
SRG See shared risk group.
SRLG shared risk link group
SSH See Secure Shell.
SSO single sign-on
STM synchronous transfer mode
STM-1 See Synchronous Transport Module level 1.
Secure File Transfer A network protocol designed to provide secure file transfer over SSH.
Protocol (SFTP)
Secure Shell (SSH) SSH is a set of network protocols for securing connections between
computers, as well as the utility suite that implements these protocols.
Security Assertion An XML-based open standard for exchanging authentication and
Markup Language authorization data between security domains.
(SAML)
Service Level A service contract between a customer and a (SLA) service provider that
Agreement (SLA) specifies the forwarding service a customer should receive. A customer may
be a user organization (source domain) or another DS domain (upstream
domain). A SLA may include traffic conditioning rules which constitute a
TCA in whole or in part.
Simple Mail Transfer The TCP/IP protocol which facilitates the transfer of electronic-mail
Protocol (SMTP) messages, specifies how two systems are to interact, and the format of
messages used to control the transfer of electronic mail.
Simple Network An IETF protocol for monitoring and managing systems and devices in a
Management network. The data being monitored and managed is defined by a MIB. The
Protocol (SNMP) functions supported by the protocol are the request and retrieval of data,
the setting or writing of data, and traps that signal the occurrence of
events.
Simple Object A type of protocol that is lightweight, simple, and XML-based. It is designed
Access Protocol to exchange structured information at web.
(SOAP)

iMaster NCE
Synchronous Synchronous transfer mode at 155 Mbit/s.

Transport Module
level 1 (STM-1)
shared risk group A group of resources that share a common risk component whose failure
(SRG) can cause the failure of all the resources in the group.
single business unit A network access unit used for individual enterprise users or individual
(SBU) offices. It functions as a broadband access terminal, provides Ethernet, IP,
and TDM services and optionally VoIP services; has Ethernet and E1
interfaces and optionally POTS ports. It is mainly applicable to FTTO
networks.
single-pair high- A symmetric digital subscriber line technology developed from HDSL, SDSL,
speed digital and HDSL2, which is defined in ITU-T G.991.2. The SHDSL port is connected
subscriber line to the user terminal through the plain telephone subscriber line and uses
(SHDSL) trellis coded pulse amplitude modulation (TC-PAM) technology to transmit
high-speed data and provide the broadband access service.
software-defined Software-defined networking (SDN) is an approach to networking in which
networking (SDN) control is decoupled from hardware and given to a software application
called a controller.
storage area A storage area network (SAN) is a dedicated network that provides access
network (SAN) to consolidated, block level data storage. SANs are primarily used to make
storage devices, such as disk arrays, tape libraries, and optical jukeboxes,
accessible to servers so that the devices appear like locally attached devices
to the operating system. A SAN does not provide file abstraction, only
block-level operations. However, file systems built on top of SANs do
provide file-level access, and are known as SAN filesystems or shared disk
file systems. An architecture to attach remote computer storage devices
such as disk array controllers, tape libraries and CD arrays to servers in such
a way that to the operating system the devices appear as locally attached
devices.
strict routing (SR) A routing mode in which the Request-URI specifies the next destination
address of a short message. Before delivering a short message, each SIP
Proxy replaces the Request-URI of the short message with the address
specified by the first route header field, which ensures that the short
message passes by all required SIP Proxies.
superstratum Core devices that are located within a VPLS full-meshed network. The UPE
provider edge (SPE) devices that are connected with the SPE devices are similar to the CE
devices. The PWs set up between the UPE devices and the SPE devices serve
as the ACs of the SPE devices. The SPE devices must learn the MAC
addresses of all the sites on UPE side and those of the UPE interfaces that
are connected with the SPE. SPE is sometimes called NPE.
synchronous digital A transmission scheme that follows ITU-T G.707, G.708, and G.709. SDH
hierarchy (SDH) defines the transmission features of digital signals, such as frame structure,
multiplexing mode, transmission rate level, and interface code. SDH is an
important part of ISDN and B-ISDN.
T
TCA threshold crossing alert

iMaster NCE
TCO See total cost of ownership.

TCP See Transmission Control Protocol.
TCP/IP Transmission Control Protocol/Internet Protocol
TDM See time division multiplexing.
TE Tunnel See Traffic Engineered Tunnel.
TL1 Transaction Language 1
TLS Transport Layer Security
TMN See telecommunications management network.
TSDN Transport Software Defined Networking
TTM See time to market.
Third Generation The third generation of digital wireless technology, as defined by the
(3G) International Telecommunications Union (ITU). Third generation technology
is expected to deliver data transmission speeds between 144 kbit/s and 2
Mbit/s, compared to the 9.6 kbit/s to 19.2 kbit/s offered by second
generation technology.
Traffic Engineered A combination of LSPs that is associated with a virtual tunnel interface.
Tunnel (TE Tunnel)
Transmission The protocol within TCP/IP that governs the breakup of data messages into
Control Protocol packets to be sent using Internet Protocol (IP), and the reassembly and
(TCP) verification of the complete messages from packets received by IP. A
connection-oriented, reliable protocol (reliable in the sense of ensuring
error-free delivery), TCP corresponds to the transport layer in the ISO/OSI
reference model.
telecommunications A protocol model defined by ITU-T for managing open systems in a
management communications network. TMN manages the planning, provisioning,
network (TMN) installation, and OAM of equipment, networks, and services.
time division A multiplexing technology. TDM divides the sampling cycle of a channel
multiplexing (TDM) into time slots (TSn, n is equal to 0, 1, 2, 3...), and the sampling value codes
of multiple signals engross time slots in a certain order, forming multiple
multiplexing digital signals to be transmitted over one channel.
time to market The length of time it takes from a product being conceived until its being
(TTM) available for sale.
total cost of Total cost of ownership (TCO) is a financial estimate whose purpose is to
ownership (TCO) help consumers and enterprise managers determine direct and indirect
costs of a product or system. It is a management accounting concept that
can be used in full cost accounting or even ecological economics where it
includes social costs.
U
UNI See User-to-Network Interface.
UPE user-end provider edge
URL See Uniform Resource Locator.

iMaster NCE
USM user-based security model

UTC See Coordinated Universal Time.
Uniform Resource A uniform resource locator (URL) is a reference to a resource that specifies
Locator (URL) the location of the resource on a computer network and acts as a
mechanism for retrieving it. Each file on the Internet has a unique URL.
User-to-Network The interface between user equipment and private or public network
Interface (UNI) equipment (for example, ATM switches).
V
VDSL2 See very-high-speed digital subscriber line 2.
VE virtual Ethernet interface
VLAN See virtual local area network.
VLL virtual leased line
VP See virtual path.
VPLS virtual private LAN segment
VPN virtual private network
VRF VPN routing and forwarding
VRRP See Virtual Router Redundancy Protocol.
VXLAN Virtual Extensible LAN
Virtual Router A protocol designed for multicast or broadcast LANs such as an Ethernet. A
Redundancy group of routers (including an active router and several backup routers) in
Protocol (VRRP) a LAN is regarded as a virtual router, which is called a backup group. The
virtual router has its own IP address. The host in the network communicates
with other networks through this virtual router. If the active router in the
backup group fails, one of the backup routers in this backup group becomes
active and provides routing service for the host in the network.
VoIP voice over IP
very-high-speed An extension of the VDSL technology, which complies with ITU G.993.2,
digital subscriber supports multiple spectrum profiles and encapsulation modes, and provides
line 2 (VDSL2) short-distance and high-speed access solutions to the next-generation FTTx
access service.
virtual local area A logical grouping of two or more nodes which are not necessarily on the
network (VLAN) same physical network segment but which share the same IP network
number. This is often associated with switched Ethernet.
virtual path (VP) A bundle of virtual channels, all of which are switched transparently across
an ATM network based on a common VPI.
W
WAN wide area network

iMaster NCE
xDSL x digital subscriber line

Product Description (Super, Compatible With X86) : Imaster Nce V100R019C00

Uploaded by

Copyright:

Available Formats

Product Description (Super, Compatible With X86) : Imaster Nce V100R019C00

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Product Description (Super, Compatible With X86) : Imaster Nce V100R019C00

Uploaded by

Copyright:

Available Formats

iMaster NCE

Product Description (Super,

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. i

About This Document

Indicates a hazard with a high level of risk which,

Indicates a hazard with a medium level of risk

Indicates a hazard with a low level of risk which,

Indicates a potentially hazardous situation which,

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. ii

Supplements the important information in the

Boldface Buttons, menus, parameters, tabs, windows, and

> Multi-level menus are in boldface and separated

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italic.

[] Items (keywords or arguments) in square brackets

{ x | y | ... } Optional items are grouped in braces and

[ x | y | ... ] Optional items are grouped in square brackets and

{ x | y | ... } * Optional items are grouped in braces and

[ x | y | ... ] * Optional items are grouped in square brackets and

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. iii

06 2020-03-30 Updated the document based on

05 2020-01-20 Updated the document based on

04 2019-11-30 Updated the document based on

03 2019-10-11 A few defects in the description have been

02 2019-09-30 Updated the 4 Deployment Schemes and

01 2019-08-30 This issue is the first official release.

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. iv

About This Document................................................................................................................ ii

6 Functions and Features........................................................................................................ 44

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. v

6.1 System and Common Functions...................................................................................................................................... 44

10 Privacy Protection............................................................................................................. 182

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. vi

11.4 Equivalent Coefficients................................................................................................................................................... 189

12 Version Requirements...................................................................................................... 207

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. vii

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. 1

allow application developers to conveniently invoke various network capabilities to

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. 2

Figure 1-1 network positioning

Unified Management and Control Supporting Smooth Network Evolution

Simplified Provisioning and Maintenance of Multi-Layer Multi-Domain

Network Analysis Providing Proactive Maintenance Based on Big Data

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. 3

Cloud Platform Supporting Flexible Deployment

Open Interfaces Implementing Agile DevOps

1.2.1 Highlights of NCE (Super)

1.2.1.1 E2E Multi-Domain Service Deployment

Figure 1-2 Full service lifecycle management

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. 4

One-Stop Resource Management

Table 1-1 Resource discovery

Issue 06 (2020-03-30) Copyright © Huawei Technologies Co., Ltd. 5

Discovery Mode Resource Type Supported

Synchronization from NE, port, and link NCE (IP Domain),

Manual or automatic Inter-domain link NCE (IP Domain),