Huawei SD-WAN Products and Solution Pre-sales Training

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd.

 Contents
• Overview of Huawei NetEngine AR Routers

• NetEngine AR Series Routers

• NetEngine AR vs. ISR

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd.

 Constantly-Evolving Branch Routers, with the Newest Generation
Keeping Up with Digital Transformation Requirements
Router 1.0 Router 2.0 Router 3.0

+ High forwarding
+ Single functions + Routing, switching, Wi-Fi, performance, easily coping
+ Routing and and LTE with traffic surges
forwarding + WOC, VPN, firewall, etc. + Application identification
and optimization
+ Service convergence and
simple management

Pure routing Multi-service integration 5G + SD-WAN

Next-generation branch routers: SD-WAN Ready, centric on application experience, easily

coping with surging traffic in the AI and 5G era and simplifying management

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd.

 Huawei Has Been Making Unremitting Efforts in Branch Routers
and Serving 50,000+ Enterprise Customers Worldwide

Fastest growth among

mainstream vendors
No. 1 in the Chinese enterprise
router market (five consecutive years)

No. 1 CAGR among

mainstream vendors

50,000+ global
customers
Unit: million USD From: Gartner

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd.

 Focus, Perseverance, Breakthrough: Huawei Has Never Ceased the
Journey of Innovation...

AR G3 Industry's first ICT CloudVPN SD-WAN

Multi-core architecture and converged gateway Innovative branches for small Full lineup of CPEs, NetEngine AR
multiple interfaces SDN-based agile branches and midsize enterprises uCPEs, and vCPEs

2010 2014 2016 2017 2019

Router 2.0 Router 3.0

VRP Traditional VPN High

ZTP uCPE Network
interface NFV performance
orchestration
LTE/3G ICT Overlay Application-based 5G
convergence intelligent traffic steering
Multi-core vCPE
architecture SDN Agile Controller Visualization WOC
Security Wi-Fi
xPON
Application AI
Bonding
identification

NetEngine AR: 20 years of dedication and expertise, paving the way for more success

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd.

 Contents
• Overview of Huawei NetEngine AR Routers

• NetEngine AR Series Routers

• Introduction to NetEngine AR Series Routers

• Highlights of NetEngine AR Series Routers

• Application Scenarios of NetEngine AR Series Routers

• Success Cases of NetEngine AR Series Routers

• NetEngine AR vs. ISR

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR Naming Conventions
Modular routers

NetEngine AR 6 1 2 1
Generation: 0 (first generation), n (n+1
Brand: NetEngine (product brand)
generation)

Type: AR (brand for global markets) and SRG Number of slots: 1 to 9 (number of slots); 0:
(brand for carrier markets) (slot 10, for 2U or above)

Series: 1/2/3 (G3 series); 6 (6000 series) Height: 1 (1 U), 2 (2 U), and 3 (3 U)

Fixed-configuration routers

NetEngine AR 6 1 1 W – LTE4CN
Additional information: LTE (LTE); 4 (Cat4); 6
Series: 1/2 (G3 series); 6 (600 series) (Cat6); CN (China)

Rank: 1 (low-end); 5 (high-end) Feature: W (Wi-Fi); V (voice)

WAN port ID: 1 (GE); 7 (VDSL2 35B)

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd.

 Huawei Next-Generation NetEngine AR Branch Routers

NetEngine NetEngine NetEngine NetEngine NetEngine

AR651C/AR651 AR6121 AR6140 AR6280 AR6300
(Small branch) (Small/Midsize branch) (Midsize branch) (Midsize/Large branch) (HQ/Large branch)

High performance, extensive High performance, extensive

High density, all-GE 10GE uplinks & multi-service 3x SD-WAN performance
interfaces interfaces
2Gbps 2Gbps 10Gbps~12Gbps
2Gbps~6Gbps 10Gbps~12Gbps

High performance Hyper convergence Simplified O&M

3x performance, all series ready for SD-
Simplified network deployment with fewer Deployment in minutes through ZTP, web-
WAN network evolution in the next 5
branch devices required based O&M
years

In-house design and controllability

In-house design for full series, controllable and trustworthy components

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd.

 Huawei NetEngine AR Series Routers
HQ/Large branch NetEngine AR6300
NetEngine AR6280
NetEngine
AR6300/AR6200
series

SRU-400H/SRU-600H SRU-400H/SRU-600H

Branches of small and

midsize enterprises NetEngine AR6140-9G-2AC NetEngine AR6140-16G4XG
NetEngine AR6120 NetEngine AR6121
NetEngine
AR6100 series A version A version

Small enterprise
AR651C AR651 AR651W AR657W
NetEngine
AR650 series

SOHO

NetEngine
AR610 series NetEngine AR617VW
NetEngine AR611W NetEngine AR617VW -LTE4EA

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR and AR G3 Mapping
Category AR G3 NetEngine AR
AR3260 AR6300 + SRU400-H/600-H

AR2240/AR2240C AR6280 + SRU400-H/600-H

AR AR2220E AR6140-9G-2AC
modular routers AR2204E/AR2204-27GE/27GE-P
The AR2204 can be delivered.
AR2204-51GE/51GE-P

AR1220E/AR1220/AR1220C AR6120/AR6121

AR161/AR161F AR651C

AR161G-L/AR161FG-L AR651

AR161EW AR651W

AR169EW/AR169EGW-L AR657W
AR
fixed-configuration router AR109/AR109W/AR129CV/AR129CVW/AR16
AR617VW
9/AR169W/AR169F/AR169FVW

AR109G-L/AR129CGVW-L/AR169G-
AR617VW-LTE4EA
L/AR169FGW-L

AR161W/AR161FW AR611W

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd.

 Huawei NetEngine AR6300 Series Enterprise Routers

Front view of the AR6300 Rear view of the AR6300

Specification AR6300 (SRU-400H) AR6300 (SRU-600H)

Forwarding performance 10 Gbps 12 Gbps
Dual SRUs Dual SRUs and dual forwarding Dual SRUs and dual forwarding
Dual power supplies Supported Supported
14 x 10GE optical + 10 x GE electrical 14 x 10GE optical + 10 x GE electrical (can be
Ports
(can be configured as LAN) configured as LAN)
SIC slots 4 4
WSIC slots (default/maximum) 2/4 2/4
XSIC slots (default/maximum) 4/6 4/6
Memory 8 GB 16 GB
Flash 2 GB 4 GB
Operating temperature 0°C to 45°C 0°C to 45°C

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR6300 vs. AR3260: 10%+↑ Performance and 4x Ports

AR6300 AR3260

vs.
1.8 Gbps (SRU-100E)
10 Gbps (SRU-400H) Forwarding performance
9 Gbps (SRU-200)
12 Gbps (SRU-600H)
10%+↑ 11 Gbps (SRU-400)

14 x 10GE optical (can be Fixed ports 4 x GE combo + 2 x GE SFP/

configured as GE optical ports) + 10
x GE optical (can be switched as
4x 4 x GE combo+ 2 x 10GE SFP+
LAN)
Number of slots
4 x SIC + 2 x WSIC + 4 x XSIC 4 x SIC + 2 x WSIC + 4 x XSIC
On a par

Reliabilit
Dual SRUs and dual power supplies y par Dual SRUs and dual power supplies
On a

Routers for enterprise headquarters and large branches

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd.
 Huawei NetEngine AR6280 Series Enterprise Routers

Front view of the AR6280 Rear view of the AR6280

Specification AR6280 (SRU-400H) AR6280 (SRU-600H)

Forwarding performance 10 Gbps 12 Gbps
Dual power supplies Supported Supported
14 x 10GE optical + 10 x GE electrical (can 14 x 10GE optical + 10 x GE electrical (can be
Ports
be configured as LAN) configured as LAN)
SIC slots 4 4
WSIC slots (default/maximum) 2/4 2/4
XSIC slots (default/maximum) 4/6 4/6
Memory 8 GB 16 GB
Flash 2 GB 4 GB
Operating temperature 0°C to 45°C 0°C to 45°C

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR6280 vs. AR2240: 30%+↑ Performance and 4x Ports

AR6280 AR2240

vs.
10 Gbps (SRU-400H) Forwarding performance 1.8 Gbps (SRU-100E)
12 Gbps (SRU-600H) 30%+↑ 9 Gbps (SRU-200)

14 x 10GE optical (can be configured Fixed ports 4 x GE combo + 2 x GE SFP/

as GE optical ports) + 10 x GE
optical (can be switched as LAN) 4x 4 x GE combo+ 2 x 10GE SFP+

4 x SIC + 2 x WSIC + 2 x XSIC

Number of slots 4 x SIC + 2 x WSIC + 2 x XSIC
On a par
Reliability
Dual power supplies Dual power supplies
On a par

Routers for enterprise headquarters and large branches

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd.

 Huawei NetEngine AR6100 Series Enterprise Routers

New

Specification AR6120 AR6121 AR6140-9G-2AC AR6140-16G4XG

Forwarding performance 2 Gbps 2 Gbps 2 Gbps 6 Gbps

WAN: 2 x GE optical + 2 x
WAN: 1 x 10GE optical + 1 x WAN: 1 x 10GE optical + 2 x WAN: 4 x GE + 4 x
GE
GE combo + 1 x GE GE combo 10GE optical
Ports LAN: 2 x GE optical + 3 x
LAN: 8 x GE LAN: 8 x GE + 1 x GE combo LAN: 12 x GE electrical
GE
Note: 10GE optical ports can be configured as GE optical ports, and LAN ports can be configured as WAN ports.
SIC slots 2 2 4 4
WSIC slots
0/1 0/1 0/2 0/2
(default/maximum)
XSIC slots
- - - -
(default/maximum)
Memory 2 GB 2 GB 2 GB 2 GB
Flash 1 GB 1 GB 1 GB 1 GB
Operating temperature 0°C to 45°C 0°C to 45°C 0°C to 45°C 0°C to 45°C

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR6120 vs. AR1220E: 2.5x Performance and Support for 10GE WAN

AR6120 AR1220E

vs.
2 Gbps
Forwarding performance 800 Mbps
2.5x

1 x GE combo + 1 x GE electrical + 1 x Fixed WAN

2 x GE combo
10GE optical One more 10GE optical
port

8 x GE
Fixed LAN 8 x GE
On a par

Number of slots
2 x SIC 2 x SIC
On a par

Router for SMB branches

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd.
 NetEngine AR6121 vs. AR1220E: 2.5x Performance and Support for 10GE WAN

AR6121 AR1220E

vs.
Forwarding performance
2 Gbps 800 Mbps
2.5x

Fixed WAN
1 x 10GE optical + 2 x GE combo 2 x GE combo
One more 10GE optical
port

Fixed LAN
8 x GE + 1 x GE combo 8 x GE
One more GE combo port

Number of slots
2 x SIC 2 x SIC
On a par

Router for branches of small- and medium-sized enterprises

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd.
 NetEngine AR6140 vs. AR2220E: Dual Power Supplies, 3x Ports

AR2220E
AR6140-9G-2AC
vs.
Forwarding performance
2 Gbps 1.6 Gbps
25%↑

Fixed WAN: 2 x GE optical + 2 x GE Fixed ports Fixed WAN: 3 x GE (1 combo)

Fixed LAN: 2 x GE optical + 3 x GE 3x Fixed LAN: none

Number of slots
4 x SIC 4 x SIC + 2 x WSIC
Two fewer slots

Reliability
Dual power supplies Single power supply
Enhanced

Router for branches of small- and medium-sized enterprises

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd.

 Huawei NetEngine AR650 Series Enterprise Routers

New New New

Specification AR651C AR651 AR651W AR657W

Forwarding Default: 1 Gbps Default: 1 Gbps Default: 1 Gbps Default: 1 Gbps

performance Boost license: 1.5 Gbps Boost license: 2 Gbps Boost license: 2 Gbps Boost license: 2 Gbps

WAN: 2 x GE optical + 2 WAN: 2 x GE combo + 1

WAN: 2 x GE combo WAN: 2 x GE combo
x GE x VDSL 35b
Ports LAN: 8 x GE (can be LAN: 8 x GE (can be
LAN: 8 x GE (can be LAN: 8 x GE (can be
configured as WAN) configured as WAN)
configured as WAN) configured as WAN)
Card - 1 1 1
Wi-Fi - - 802.11ac/b/g/n 802.11ac/b/g/n
LTE LTE MIC card LTE MIC card LTE MIC card
Memory 1 GB 2 GB 2 GB 2 GB
Flash 1 GB 1 GB 1 GB 1 GB
Operating
0°C to 45°C 0°C to 45°C 0°C to 45°C 0°C to 45°C
temperature

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR651C vs. AR161: 5x Performance, 4x WAN Ports, and 2x LAN Ports

AR651C AR161
vs.
Forwarding performance
1.5 Gbps 300 Mbps
5x

2 x GE optical + 2 x GE
Fixed WAN
1 x GE
4x

Fixed LAN
8 x GE 4 x GE
2x

Memory
1 GB 512 MB
2x

SOHO and SMB router

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd.
 NetEngine AR651C vs. AR161F: 5x Performance, 4x WAN Ports and Memory

AR651C AR161F

vs.
1.5 Gbps
Forwarding performance 300 Mbps
5x

Fixed WAN
2 x GE optical + 2 x GE 1 x GE combo
4x

Fixed LAN
8 x GE 4 x GE
2x

Memory
1 GB 512 MB
4x

SOHO and SMB router

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd.
 NetEngine AR651W vs. AR161W: 6x Performance, 4x WAN Ports and Memory

AR161W
AR651W
vs.
Forwarding performance
2 Gbps 300 Mbps
6x

Fixed WAN
2 x GE combo 1 x GE combo
4x

Fixed LAN
8 x GE 4 x GE
2x
Dual-band, 2x2 MIMO, Wi-Fi 802.11 b/g/n
802.11b/g/n/ac 2x

2 GB
Memory 512 MB
4x
1 x MIC (LTE MIC Number of
None
supported) extension slots
SOHO and SMB router
Page 21 Copyright © 2020 Huawei Technologies Co., Ltd.
 NetEngine AR651W vs. AR161EW: 2x Performance, 2x Fixed Ports and Memory

AR651W AR161EW
vs.
Forwarding performance
2 Gbps 1 Gbps
2x

Fixed WAN
2 x GE combo 1 x GE combo
2x

Fixed LAN
8 x GE 4 x GE
2x
Dual-band, 2x2 MIMO, Wi-Fi Dual-band, 4x4 MIMO,
802.11b/g/n/ac Slightly lower performance 802.11b/g/n/ac WAVE 2

Memory
2 GB 1 GB
2x
1 x MIC (LTE MIC Number of
None
supported) extension slots
SOHO and SMB router
Page 22 Copyright © 2020 Huawei Technologies Co., Ltd.
 NetEngine AR657W vs. AR169EW/169EGW-L: 2x Performance, and 2x Fixed Ports
and Memory

AR657W AR169EW/169EGW-L
vs.
Forwarding performance
2 Gbps 1 Gbps
2x

2 x GE combo Fixed WAN 1 x GE combo

1* VDSL2 35B 2x 1*VDSL

Fixed LAN
8 x GE 4 x GE
2x
Dual-band, 2x2 MIMO, Wi-Fi Dual-band, 4x4 MIMO,
802.11b/g/n/ac Slightly lower performance 802.11b/g/n/ac WAVE 2

Memory
2 GB 1 GB
2x
1 x MIC (LTE MIC Number of None
supported) extension slots The AR169EGW-L supports LTE.

SOHO and SMB router

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd.
 Huawei NetEngine AR610 Series Enterprise Routers

New New New

Specification AR611W AR617VW AR617VW-LTE4EA

Forwarding
300 Mbps 300 Mbps 300 Mbps
performance
WAN: 1 x GE combo + 1 x WAN: 1 x GE combo + 1 x
WAN: 1 x GE combo
VDSL VDSL 35b
Ports LAN: 4 x GE (can be configured
LAN: 4 x GE (can be configured LAN: 4 x GE (can be
as WAN)
as WAN) configured as WAN)
Card - - -
Wi-Fi 802.11ac/b/g/n 802.11ac/b/g/n 802.11ac/b/g/n
LTE - - Supported
Memory 1 GB 1 GB 1 GB
Flash 1 GB 1 GB 1 GB
Operating
0°C to 45°C 0°C to 45°C 0°C to 45°C
temperature

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR617VW vs. AR129CVW: 3x Performance and 4x Memory

AR617VW AR129CVW

vs.
Forwarding performance
300 Mbps 100 Mbps
3x
Fixed WAN: 1 x GE combo, 1 x Fixed ports Fixed WAN: 1 x GE, 1 x VDSL2
VDSL2 35B
Better Fixed LAN: 4 x GE
Fixed LAN: 4 x GE

802.11b/g/n/ac Wi-Fi 802.11b/g/n/ac

On a par

2 x FXS Voice 2*FXS

On a par

Memory
1 GB 256 MB
4x
SOHO and SMB router
Page 25 Copyright © 2020 Huawei Technologies Co., Ltd.
 NetEngine AR617VW-LTE4EA vs. AR129CGVW-L: 3x Performance and 4x Memory

AR617VW-LTE4EA AR129CGVW-L

vs.
Forwarding performance
300 Mbps 100 Mbps
3x
Fixed WAN: 1 x GE combo, 1 x Fixed ports Fixed WAN: 1 x GE, 1 x VDSL2, LTE
VDSL2 35B, LTE
Better Fixed LAN: 4 x GE
Fixed LAN: 4 x GE

Wi-Fi
802.11b/g/n/ac 802.11b/g/n/ac
On a par

Voice
2 x FXS 2 x FXS
On a par

Memory
1 GB 256 MB
4x
SOHO and SMB router
Page 26 Copyright © 2020 Huawei Technologies Co., Ltd.
 Contents
• Overview of Huawei NetEngine AR Routers

• NetEngine AR Series Routers

• Introduction to NetEngine AR Series Routers

• Highlights of NetEngine AR Series Routers

• Application Scenarios of NetEngine AR Series Routers

• Success Cases of NetEngine AR Series Routers

• NetEngine AR vs. ISR

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd.

 High performance: innovative CPU+NP heterogeneous forwarding architecture

The NP has a built-in Ultra-Fast forwarding function, which

doubles the L2-L4 forwarding speed.
Huawei-developed chip acceleration instruction, built-in ACL&IP ultra-fast
forwarding engine, and ACL&IP matching speed doubled
Multi-core CPU traffic
distribution

NP Network The multi-core CPU offloads traffic, increasing the throughput of

SEC

Processor Ultra-fast
L4-L7 services by 50%.
accelerator
optimization

forwarding
accelerator

QoS
SA accelerator

Multi-core fragmentation, inter-core traffic distribution queue scheduling, and

accelerator

multi-core collaboration improve the throughput by 50%.

Innovative forwarding Hardware accelerator, doubling the single-service processing efficiency

architecture
Five built-in hardware acceleration engines, IPSec, TM, SEC, and optimization, without
occupying CPU resources; independent hardware logic modules, doubling the single-
service processing efficiency

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd.

 Full Lineup of Next-Generation, Powerful NetEngine AR

Next-Generation NetEngine AR
• Multiple embedded hardware acceleration engines
• 3x the industry average SD-WAN performance
USA-based international
authoritative test organization

NetEngine NetEngine NetEngine NetEngine NetEngine

AR651C/AR651 AR6121 AR6140 AR6280 AR6300
(Small branch) (Small/Midsize branch) (Midsize branch) (Midsize/Large branch) (HQ/Large branch)

High performance, extensive High performance, extensive

High density, all-GE 10GE uplinks & multi-service 3x SD-WAN performance
interfaces interfaces
2Gbps
2Gbps 2Gbps~6Gbps 10Gbps~12Gbps 10Gbps~12Gbps

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd.

 Function Integration: Simplified Branch Interconnection

On-demand VPN Key application Wi-Fi Secure

interconnection experience assurance interconnection interconnection

Diversified VPN types Application Integrated Wi-Fi Built-in security

optimization
Multiple Layer 2/Layer 3 VPNs A-FEC, application-based WLAN AC or Fat AP Built-in firewall, IPS,
intelligent traffic steering URL filtering, etc.

Wired-wireless
convergence
High-density interfaces,
10GE interconnection, and
5G/LTE uplink
Next-generation NetEngine AR routers

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

High-Density Interfaces
IaaS/SaaS Internet HQ/DC • 10GE uplink, multi-link redundancy, WAN-side
wide pipes for interconnection
High-density 10GE ports: The SRU-400H/SRU-600H provides 14 x 10GE
optical ports, and the NetEngine AR6000 (except the AR6140-9G-2AC)

WAN provides 10GE optical ports.

Multi-link redundancy: 10GE, GE optical/electrical, and LTE, implementing
multi-link redundancy

GE (optical Flexible switching: LAN ports can be configured as WAN ports using
10GE
or electrical 5G/LTE E1/SA... commands.
(optical)
port)

NetEngine AR • High-density access, stronger access capability

on the LAN side
High-density Ethernet ...
Full series: The number of fixed ports is greater than that of vendor C.
SRU-400H/SRU-600H: All WAN ports can be configured as LAN ports.

• Flexible card expansion

WSIC, XSIC, SIC, and MIC
LAN Full series: The number of card slots is greater than that of vendor C.

Branch

10GE Interconnection and High-Density Access, Building Wide Pipes for Branch Interconnection

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

Wireless Uplink: LTE-powered Wireless Branches, Ready for 5G

LTE VPN LTE link backup Major LTE cards and devices

HQ HQ
Internet

Internet

LTE SIC AR617VW-LTE4EA

LTE MIC

2 main scenarios 3 forms, 4G full-frequency 5G Ready

 LTE VPN interconnection: wireless access  3 forms: LTE SIC (AR6000 series), LTE MIC (AR650  World-leading 5G single-chip multi-mode modem

scenarios such as bank ATM interconnection and
mobile office
 LTE link backup: Wireless links are used as
backup links for branch interconnection, enhancing
 World's highest speed @ Sub-6G 200 MHz
series, excluding AR651C), and device with LTE
*Downlink rate: 3.6 Gbit/s
modems (AR610 series)
*Uplink rate: 230 Mbit/s
 4G full-frequency, flexibly adapting to  Supported by the AR6000 series

service reliability. carrier networks

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

A-FEC: Smooth Video Experience Even at 20% Packet Loss Rate

A-FEC
NetEngine AR NetEngine AR
Real-time detection of application packet loss and WAN
2. Real-time detection of
adaptive redundancy for compensation application packet loss

Optimized video conferencing, live streaming,

video surveillance, and VoIP experience 3. Adaptive redundancy 4. Forward error
1. Packet loss on a link
for compensation correction for packets

Traditional: artifacts at 2% A-FEC: no frame freezing at 20%

packet loss rate packet loss rate

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

Application-based Intelligent Traffic Steering: 100% Key Application Experience Assurance

1. Visible and controllable 2. Application-based intelligent traffic steering: Traffic of

Customer Benefits
network applications key applications is automatically switched to the optimal link.
Quickly identify key applications Intelligent traffic steering based on the SLA, priority, and
bandwidth of applications
Assured
First-packet identification (FPI) key application
experience
Service awareness (SA)

Customized application • Automatically switching traffic of

MPLS
key applications to the optimal link
Link
congestion

Packet loss, > 90%

delay, jitter bandwidth utilization
Internet

• Fully leveraging MPLS,

Key application Optimal link
(ERP, video, etc.)
Internet, and LTE links

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

Comprehensive Security Protection

Data encryption
Built-in firewall App access control
Mainstream VPN
Stateful inspection and Identification of 6000+ well-known encryption protocols
packet filtering firewalls and customized applications SM1/SM2/SM3/SM4
Identification of popular encrypted
P2P applications
IPS
URL filtering
IPS engine update
130+ categories, Detection of 5500+ attacks, at
accuracy > 96% a 90%+ detection rate
Refined Internet access
control

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

Built-in Firewall: Effectively Ensuring Enterprise Network Security

Built-in firewalls ensure branch network Extensive firewall functions

security • Packet filtering firewall: quickly matches ACL and IP address
entries, implementing packet filtering on the network side.
• ASPF stateful firewall: filters out invalid data packets of TCP/UDP
Cloud
... sessions.

Comprehensive attack defense mechanism

• Defense against ICMP redirection attacks and ICMP unreachable
attacks
• Malformed packet attacks • Defense against address scanning and port scanning attacks
NetEngine AR • Application layer attacks • Defense against SYN, ICMP, and UDP flood attacks
(Built-in firewall)
• DDoS • Defense against Land, Sumrf, Fraggle, and WinNuke attacks
• Large-traffic flood attacks Flexible firewall policies
• Statistics and monitoring on firewall logs and traffic
• Virtual firewall (vFW): independent security policies for multiple
service VPNs
Enterprise • Security domain–based security policies
branch
• Dynamic blacklist for proactive attack defense

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

Application Access Control: Most Extensive Application Signature Database and Flexible Upgrade

App access control Identification of 6000+ applications

• Multiple identification methods: packet signature identification,
Remote signature association identification, behavior identification, etc.
database file
• 6000+ applications of mainstream protocols: P2P, VoIP, IM, gaming,
Seamless email, etc.
Protocol 1 Protocol 1
Protocol 2
switchover Protocol 2 • Customized applications defined based on URLs and IP 5-tuples
Signature Signature
... ...
database database
(old) New
(new)
protocol
Flexible upgrade of the SA signature database
• The SA signature database file is maintained and released by Huawei

Association security center, and customized applications can be imported.

identification
Service • Batch upgrade, scheduled upgrade, and periodic release of new
awareness (SA)
Customized
signature databases
application
• The update status of the SA signature database can be viewed, including
the upgrade time, countdown, upgrade progress bar, and upgrade result
(success or failure).
• Rollback is supported when the SA signature database fails to be
Unclassified Classified App access
packets SA engine packets control upgraded.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

Comprehensive Access Control and Intrusion Prevention

URL filtering IPS

Focusing on attack defense, especially
Fine-grained access control at the application layer

L7 attack packets IPS

L2-L4 attack
packets
Normal packets

The firewall blocks The IPS provides

Branch 70%+ attacks
Layer 2 to Layer 4 security defense
Deny access to a website come from
attack packets. capabilities at Layer 7.
Layer 7.

Massive remote URL category database Extensive signature databases and high
Query of 100+ million remote URL categories, 130+ predefined categories, detection rate
and customized categories; timely update and efficient query based on
Extensive signature database with 1600+ application records; detection
Huawei security system
rate: > 90%
URL matching modes Contains signatures based on network behaviors such as Trojan horses,
Prefix matching, suffix matching, keyword matching, exact matching, and worms, botnets, spyware, vulnerability attacks, and web attacks.
fast matching
Flexible upgrade
Refined blacklist and whitelist Supports online update of the signature database and real-time update of
As an effective supplement, the blacklist and whitelist can precisely define the IPS engine to defend against latest intrusion behaviors.
and control access to a website.
Converged deployment
Flexible response modes The AR has built-in IPS and does not require dedicated fault detection
Various URL filtering actions can be flexibly configured to push different points, which reduces overheads and operation costs.
URL response pages.

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

IPSec VPN: Secure Channels for Enterprise Branch Interconnection

Branch A DC

IPSec DSVPN

Branch B Internet

Branch C

HQ
Mobile employee

Branch D

• Enterprise branch: Different VPN access modes can be applied to branches based on their scales. In a single network topology, GRE over IPSec VPN is
recommended for secure access. In a hub-spoke topology, VPNs need to be dynamically established between branches for secure access, and IPSec DSVPN is
recommended. For small branches, IPSec VPN is recommended. For terminals connected to the Internet through 4G, IPSec over L2TP VPN is recommended.

• Mobile employee: Clients are used to connect mobile employees to the internal network. L2TP over IPSec VPN is recommended.
• HQ: VPN gateways are used to construct VPN data channels between gateways and between gateways and clients.

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

DSVPN: Enabling Dynamic Networking for Numerous Branches

Dynamic deployment and multi-branch access

Traditional VPN interconnection
solution for branches DSVPN interconnection solution
Hub Hub

Spoke Spoke Spoke Spoke

DSVPN DSVPN

Spoke Spoke

Application scenarios: This solution applies to enterprises with multiple branches. If the HQ uses a static public IP address to access the Internet, branches use dynamic public IP addresses to
access the Internet, and the traditional VPN is used to construct a network, branches cannot directly communicate with each other. (The source branch cannot obtain the public IP address of the
destination branch and a tunnel cannot be established between these branches.) Traffic between all branches can only be forwarded through the HQ. In this case, devices in the HQ may be overloaded.
Highlights:
• DSVPN uses NHRP to dynamically collect, maintain, and advertise public network addresses of nodes. This solves the problem that the source branch cannot obtain the public IP address of the
destination branch. In this mode, dynamic VPN tunnels are established between the branches to implement direct communication, reducing the burden of the HQ and minimizing the network
latency. The tunnel is established on demand based on inter-branch traffic. If no traffic is transmitted, the tunnel is automatically torn down.
• DSVPN uses the mGRE technology to enable a tunnel interface to establish VPN tunnels with multiple peers, reducing the workload of VPN configuration. When a branch is created or the public IP
address of a branch changes, the tunnels between the HQ and branches can be automatically maintained without the need to adjust the tunnel configuration at the HQ, making network
maintenance more intelligent.

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

MPLS VPN: Secure and Reliable Branch Interconnection for

Large- and Midsize Enterprises

PE CE
CE
PE MPLS network OSPF/RIP/
OSPF/RIP/
Static Static
route/BGP PE route/BGP
Branch A
PE
HQ
PE
OSPF/RIP/ MPLS private line
CE
Static/BGP
MP-EBGP
Branch B

Interconnection between branches of a large or
midsize enterprise
Layer 3 interconnection realizes full-mesh connections
between branches and between the HQ and branches.
High security and reliability, flexible bandwidth
BFD: service switching within milliseconds

LDP FRR and TE FRR backup: enhanced service reliability


Use carriers’ MPLS private lines to connect to the MPLS

MPLS TE: proper bandwidth utilization and balanced network
network. traffic

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

Built-in AC: Lower Enterprise Wi-Fi Deployment Costs

Branch network DC

AP
RADIUS
server
WAN
iMaster
AP
NCE
AR (built-in AC)

Application scenarios Secure and flexible access Built-in AC

 Wired and wireless convergence
networking for small and midsize
enterprises
 AP: local forwarding; AR: user
authentication
 Both APs and ACs support Layer 2
and Layer 3 networking.
Portal authentication
 Built-in AC function supported by AR

routers of all series
 802.1X Authentication
 Cisco ISR high-end series: requiring
 MAC address authentication independent AC cards
 Intra-VLAN/inter-VLAN roaming  H3C MSR: AC function not supported
within an AC

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd.

 Wired-Wireless Application
Security VPN Wi-Fi
Convergence Optimization

Integrated Wi-Fi: Wired and Wireless Convergence

Integrated Wi-Fi: wired and • Wi-Fi integrated fixed-configuration models: AR651W,

wireless convergence
AR611W, AR611W-LTE4CN
• 802.11ac/b/g/n, maximum rate of 1167 Mbit/s
• Dual bands (2.4 GHz and 5 GHz), providing stronger
wireless access capabilities
• 2x2 MIMO

• Security: traditional encryption and authentication

AR611W
AR651W
/AR617VW capabilities, ensuring secure terminal access
• Network management: functions as an independent AP to
implement functions such as user access, authentication,
data security, service forwarding, and QoS
• Network scale: small-scale networking with low costs

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd.

 Management Platforms: Web NMS, eSight, and iMaster NCE-WAN

Web NMS eSight iMaster NCE-WAN

• Device overview, configuration
wizard, system management, user
management, LAN access, WAN
interconnection, IP services, security,
QoS, and VPN
• E2E visualized SLA evaluation of
delay, packet loss rate, and jitter for
network data packets
• E2E visualized MPLS VPN
management
• GIS map-based network monitoring
and visualized application, link, site,
and network status
• Automatic network inspection and
precise alarm notification by email

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd.

 Multiple ZTP Methods: Plug-and-Play Devices
Plug-and-play devices for ZTP: flexible branch network deployment
deployment within minutes in different scenarios
Network
DHCP USB Email

Interfaces: Ethernet, LTE, xDSL, etc.

NetEngine AR Access modes: static IP, PPoE, DHCP, etc.

Deployment scenarios: dual-CPE, batch deployment,

device replacement, etc.
Power supply

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd.

 Email-based Deployment: One-Click URL-based Deployment

MSP/HQ Branch
1. Plan sites, device types, and 4. The NetEngine AR registers
network configurations. with NCE.
1. Plan sites and device types. 1. The device obtains an IP address and NCE IP
2. Configure network information for the WAN address and registers with NCE.
interface. 2. NCE searches for the site based on the token and
delivers service configurations.
Network administrator
1. Plan the network. 4. Register with NCE.
3. Click the URL
to start the
deployment.

2. Send a deployment email.

Deployment
Mobile
Laptop engineer
phone
2. Send a deployment email to
the deployment engineer. 3. Perform deployment using a laptop or
1. The administrator selects the site to be deployed.
mobile phone.
1. Connect cables, install the device, and power on the device. Then
2. NCE sends an email to the mailbox of the
use a laptop or mobile phone to connect to the NetEngine AR
deployment engineer. The URL in the email contains
through Ethernet, DSL, or Wi-Fi.
the token information
2. Click the deployment URL to start the deployment.

Adaption to Ethernet, DSL, LTE, and other interfaces; no need for professional personnel to visit sites;
deployment within minutes

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd.

 USB-based Deployment: Importing Initial Configurations in Batches; Plug-and-Play

MSP/HQ System integrator, agent, Branch

or customer's warehouse 4. Register
with NCE.
1. Plan sites, device types, and network
configurations.
Connect cables as required.
1. Import device information (ESN) and plan sites
and devices. 2. Generate a
2. Configure network information for the WAN configuration file.
interface.

3. Import the initial configuration file 4. Perform onsite deployment

1. Plan the network.
in batches. and register the device with NCE.

2. Select a site and generate a 1. The device administrator imports the initial 1. Connect to the WAN and LAN, and
deployment file. configuration using a USB flash drive. power on the device.
2. Observe the initial configuration result 2. Register with NCE.
1. Select the site to be deployed and use through the indicator.
NCE to generate a ZTP file, including the
site, device, installation guide, and Network administrator
deployment URL.
2. Download the ZTP file and send it to the
Device management personnel
device administrator. 3. Import configuration
files in batches.

USB Deliver the device

to the site.

Send a ZTP file

Batch deployment scenario: Import initial configurations to devices in a

centralized manner, and make sites plug-and-play.
Page 47 Copyright © 2020 Huawei Technologies Co., Ltd.
 DHCP-based Deployment: Zero Onsite Configuration and Plug-and-Play

MSP/HQ Branch
SD-WAN controller
2. Register with NCE.

1. Plan the network.

DHCP server
1. Plan sites, device types, and 2. Perform onsite deployment and
network configurations. register the device with NCE.
1. Import device information and plan sites and Network administrator
devices. 1. Connect to the WAN and LAN, and power on
a. Import the ESN. 1. Plan DHCP server the device.
b. Configure the device and site token. and DHCP Option. 2. Obtain an IP address, and 2. Register with NCE.
2. Configure network information for the WAN obtain the NCE address through
interface. DHCP Option 148.
3. Configure other service information (offline
planning).
4. Plan the DHCP server. Plan the mapping
between DHCP Option 82 and the token.

Scenario with the DHCP server: zero onsite configuration, and plug-and-play

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd.

 Contents
• Overview of Huawei NetEngine AR Routers

• NetEngine AR Series Routers

• Introduction to NetEngine AR Series Routers

• Highlights of NetEngine AR Series Routers

• Application Scenarios of NetEngine AR Series Routers

• Success Cases of NetEngine AR Series Routers

• NetEngine AR vs. ISR

Page 49 Copyright © 2020 Huawei Technologies Co., Ltd.

 Application Scenarios of Huawei NetEngine AR Routers

AR6300
MPLS

SOHO/SMB HQ
SOHO/SMB HQ
AR651C
Internet

Small and
midsize Large
branch branch
Small and midsize MPLS AR6280/A Large branch
branch
AR6140-9G-2AC R6300

Government Finance Large Enterprise Retail

e-Government network Bank Gas station Retail Store
Government agencies Insurance Office

Page 50 Copyright © 2020 Huawei Technologies Co., Ltd.

 Government Finance Large Enterprise Retail

Typical Scenarios of Government

High Performance:
• 3 times performance of industry: High Performance NetEngine AR meet the
government traffic increase requirement
HQ
AR6300
SD-WAN Ready:
• Government can connect HQ and branch with DSVPN now and migrate to SD-WAN
smoothly with NetEgnine AR

Easy O&M
Internet/LTE MPLS VPN • USB-based deployment: After a device is powered on and a USB flash drive is
inserted into the device, the device is automatically configured without manual
intervention. This reduces the configuration error rate, technical requirements, and
labor costs.

Location Model Highlights

High performance, dual SRUs, and dual

HQ AR6300 SRU-600H
power supplies

Large branch Common branch Egress of large High performance, and dual power
AR6280
branches supplies
AR6280 AR6121 Egress of common
AR6121 10+ GE Inerfaces
branches

Page 51 Copyright © 2020 Huawei Technologies Co., Ltd.

 Government Finance Large Enterprise Retail

Typical Scenarios of Financial Branches

Network reliability:
IDC • Dual SRUs and dual forwarding planes: The AR6300 is equipped with dual SRUs and
redundant power supplies, offering high reliability.
Head office
• IPSec: Remote stores can use the Internet for access. Data is encrypted to ensure
service security.
MPLS VPN Easy O&M
• USB-based deployment: After a device is powered on and a USB flash drive is

AR6300 inserted into the device, the device is automatically configured without manual
Bank intervention. This reduces the configuration error rate, technical requirements, and
branch
labor costs.
MPLS VPN
Location Model Highlights

High performance, dual SRUs, and dual

Egress of branches AR6300
power supplies

Egress of large High performance, and dual power

AR6280
branches supplies
Large branch Common branch
Egress of common
AR6140-9G-2AC Ethernet access and dual power supplies
AR6280 AR6140-9G-2AC branches

Page 52 Copyright © 2020 Huawei Technologies Co., Ltd.

 Government Finance Large Enterprise Retail

Typical Access Scenarios of Gas Stations

Network reliability:
• SPR: The e-Government network has two planes. SPR is configured to
Private line
ensure smooth link switchover of key services and improve user
Provincial core node
experience.

Easy O&M
AR6280
• USB-based deployment: After a device is powered on and a USB flash
drive is inserted into the device, the device is automatically configured
without manual intervention. This reduces the configuration error rate,
City aggregation node
Private line technical requirements, and labor costs.

Recommended
Location Highlights
Model
AR651C AR6140- Egress device of the
9G2-2AC high performance, and
city aggregation AR6280
extensive slots
node

Gas station
Gas station egress AR6140-9G- High-density Ethernet, flexible
site device 2AC/AR651C access, and integrated device
Gas station 1 Gas station 2

Page 53 Copyright © 2020 Huawei Technologies Co., Ltd.

 Government Finance Large Enterprise Retail

Typical Scenarios of Retail Stores

Branch VPN devices integrating multiple functions

• Integrated device at the egress of midsize or large stores: The AC directly manages
HQ
downstream APs, offering Wi-Fi services. LTE links can be used as backup links,
enhancing link reliability.
AR6300
High reliability:
• IPSec: Remote stores can use the Internet for access. Data is encrypted to ensure service
security.

Internet/LTE/5G Easy O&M:

• USB-based deployment: After a device is powered on and a USB flash drive is inserted
into the device, the device is automatically configured without manual intervention.
This reduces the configuration error rate, technical requirements, and labor costs.
AR617VW
AR651W
-LTE4EA
Location Recommended Model Highlights

HQ device AR6300 High performance, extensive slots

High performance, WLAN, and

Large stores AR651W
Device Device LTE Card
Small and
Midsize store Small store AR17VW-LTE4EA Built-In WLAN & LTE
midsize stores

Page 54 Copyright © 2020 Huawei Technologies Co., Ltd.

 Contents
• Overview of Huawei NetEngine AR Routers

• NetEngine AR Series Routers

• Introduction to NetEngine AR Series Routers

• Highlights of NetEngine AR Series Routers

• Application Scenarios of NetEngine AR Series Routers

• Success Cases of NetEngine AR Series Routers

• NetEngine AR vs. ISR

Page 55 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR @ TIM: Provides Advanced Network
Services For Enterprises Based on SD-WAN

Provide innovative services based on the

SD-WAN technology for Italian enterprises

• Flexible access to DSL, optical fibers, and LTE links, enriching ZTP (USB, email...) plug-and-play, making full
use of link resources to quickly provision networks
• The next-generation NetEngine AR series provides the 3x performance in the industry, supports 20+
networking model, and supports flexible expansion of enterprise customer base .
• Provides a unified control platform for enterprise customers to manage their networks and optimizes the
entire process of network provisioning, service provisioning, and fault locating

Page 56 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR @ Sinopec Guangdong: Gas Station Interconnection

 Huawei AR helps Sinopec Guangdong to interconnect

its gas stations.
 Centrally manages 1200+ gas stations in
Guangdong and offers OA, billing, and monitoring services.

Page 57 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR @ Ping An Technology: Optimizing AI Customer Service
Experience and Reducing the Policy Issuing Time from 2 Hours to 10 Minutes

Provides optimal link assurance

and optimal agent experience for
AI customer service

• 10 Mbit/s to 30 Mbit/s Internet links replace 2 Mbit/s to 10 Mbit/s MPLS links to carry AI customer service,
reducing the private line cost by 40%. Application-based intelligent traffic steering ensures AI experience.
• A branch network can be provisioned within minutes, and devices are plug-and-play. Onsite deployment
by specialists is not required.
• Status visibility based on the entire network, branch nodes, users, and applications simplifies O&M,
implements E2E automation, and reduces the number of outsourcing personnel.

Page 58 Copyright © 2020 Huawei Technologies Co., Ltd.

 NetEngine AR @ Bank of Jiangsu: Redefine the WAN Architecture

Building SD-WAN based on

NetEngine AR to redefine
the WAN architecture

 Hybrid links: MPLS, MSTP, Internet, and LTE links, which are selected based on site
requirements; bandwidth expansion at low costs
 Optimal application interaction experience: differentiated communication quality assurance
based on application types
 Lower O&M workload and standard and automated branch interconnection: plug-and-play
devices and ZTP

Page 59 Copyright © 2020 Huawei Technologies Co., Ltd.

 Contents
• Overview of Huawei NetEngine AR Routers

• NetEngine AR Series Routers

• NetEngine AR vs. ISR

Page 60 Copyright © 2020 Huawei Technologies Co., Ltd.

 Mapping Between Huawei's Next-Generation NetEngine
AR Series Routers and Cisco ISR Series Routers
AR6300 (3U, 12 Gbps)

AR6280 (2U, 10 to
Huawei 12 Gbps)

AR6140 (1U, 2 Gbps)

ISR 4461
AR6120 (1U, 2 Gbps)
AR650 (Box, 1 to
2 Gbps)
ISR 4451-X

AR610 (Box, 300 Mbps)

ISR 4431
ISR 4351

ISR 4321 ISR 4331

ISR 1100-8P ISR 4221

Cisco
ISR 900 ISR 1100-4P

ISR 800

Page 61 Copyright © 2020 Huawei Technologies Co., Ltd.

 How to Use Huawei Document Resources

Web
http://enterprise.huawei.com/en

Where can I find it

Email
and give feedback

[email protected]

Page 62 Copyright © 2020 Huawei Technologies Co., Ltd.

 Thank You
www.huawei.com

Page 63 Copyright © 2020 Huawei Technologies Co., Ltd.