Network Basics

Foreword

⚫ With the development of the Internet, network attacks keep emerging and network security
becomes all the more important. The application of security technologies to data
communication is an extension of data communication technologies. Before learning
security technologies, knowing basic concepts of networks, such as basic network
communication principles, network infrastructure, and common network protocols, can help
you better understand the working principles and application scenarios of various security
technologies.
⚫ This chapter describes the typical enterprise network architecture, common network devices
and their working principles, as well as the CLI-based and GUI-based firewall configuration
modes.

2 Huawei Confidential
 Objectives
⚫ On completion of this course, you will be able to:
 Understand the data definition and transmission process.
 Describe the working principles of the TCP/IP protocol stack.
 Describe the working principles of common protocols.
 Describe common network devices and their working principles.

3 Huawei Confidential
 Contents

1. Network Reference Model

■ OSI Reference Model and TCP/IP Reference Model

▫ Application Layer

▫ Transport Layer

▫ Network Layer

▫ Data Link Layer

2. Common Network Devices

4 Huawei Confidential
 Application and Data
⚫ Applications are developed to meet users' various requirements, such as web page access, online gaming, and online video play.
Information is generated along with applications, which is presented in different modes, such as texts, pictures, and videos.

⚫ For network engineers, applications can generate data. Data is the carrier of all kinds of information and the physical symbol or the
combination of various physical symbols recording the nature, status, and relationships of objects. Data can be symbols, texts, digits,
voice, images, and videos.

⚫ Data generated by most applications needs to be transmitted between devices. Network engineers need to pay more attention to the
end-to-end data transmission process.

5 Huawei Confidential

• A computer can only identify digital data consisting of 0s and 1s. It is incapable
of reading other types of information, so the information needs to be translated
into data by certain rules.

• However, people do not have the capability of reading electronic data. Therefore,
data needs to be converted into information that can be understood by people.
 OSI Reference Model
⚫ The open systems interconnection (OSI) reference model was proposed by the International Organization for
Standardization (ISO) in 1984 for network interconnection. The OSI reference model has a seven-layer architecture.

Layer Function

Application layer Provides network interfaces for applications.

Translates data formats to ensure that the application-layer data of one system can be identified and understood
Presentation layer
by the application layer of another system.

Session layer Establishes, manages, and terminates sessions between communicating parties.

Establishes, maintains, and cancels an end-to-end data transmission process. Controls transmission speeds and
Transport layer
adjusts data sequences.

Network layer Defines logical addresses and transfers data from sources to destinations.

Encapsulates packets into frames, transmits frames in point-to-point or point-to-multipoint mode, and implements
Data link layer
error detection.

Physical layer Transmits bitstreams over transmission media and defines electrical and physical specifications.

6 Huawei Confidential

• The OSI reference model was included in the ISO 7489 standards and released in
1984.
• The OSI reference model is also called the seven-layer model. The seven layers
from top to bottom are as follows:
▫ Application layer: provides network services for applications and is closest to
users.
▫ Presentation layer: provides data encoding and conversion functions so that
data sent by the application layer of one system can be identified by the
application layer of another system.
▫ Session layer: establishes, manages, and terminates communication sessions
between entities at the presentation layer. Communication at this layer is
implemented through service requests and responses transmitted between
applications on different devices.
▫ Transport layer: implements connection-oriented and non-connection-oriented
data transmission, as well as error detection.
▫ Network layer: defines logical addresses for routers to determine paths and
transmits data from source networks to destination networks.
▫ Data link layer: encapsulates bits into bytes and bytes into frames, uses link-
layer addresses (MAC addresses in Ethernet) to access media, and implements
error detection.
▫ Physical layer: transmits bitstreams between devices and defines physical
specifications such as electrical levels, speeds, and cable pins.
 TCP/IP Reference Model
⚫ The OSI reference model is complex, and the TCP and IP protocols are widely used in the industry.
Therefore, the TCP/IP reference model has become the actual reference model of the Internet.

Application layer

Application layer Presentation layer Application layer

Session layer

Host-to-host layer Transport layer Transport layer

Internet layer Network layer Network layer

Network interface Data link layer Data link layer

layer Physical layer Physical layer

TCP/IP standard model OSI reference model TCP/IP equivalent model

7 Huawei Confidential

• The transmission control protocol/Internet protocol (TCP/IP) model is widely used

because of its openness and usability.

• The TCP/IP model is similar to the OSI model in structure and adopts a
hierarchical architecture. Adjacent layers in the TCP/IP model are closely related.
The difference between the TCP/IP model and the OSI model is that in TCP/IP
model, the presentation layer and the session layer are combined into the
application layer. Therefore, the TCP/IP model has four layers from bottom to
top: network interface layer, network layer, transport layer, and application layer.

• The TCP/IP standard model combines the data link layer and the physical layer in
the OSI model into the network interface layer. However, in practice, data is
separately processed at the data link layer and physical layer. Therefore, the
TCP/IP equivalent model that integrates the TCP/IP standard model and the OSI
reference model is proposed. Contents in the following slides are based on the
TCP/IP equivalent model.
 Common Protocols of the TCP/IP Protocol Stack
⚫ The TCP/IP protocol stack defines a series of standard protocols.

Telnet FTP TFTP SNMP

Application layer
HTTP SMTP DNS DHCP
Transport layer TCP UDP
ICMP IGMP
Network layer
IP
PPPoE
Data link layer
Ethernet PPP
Physical layer ...

8 Huawei Confidential

• Application layer: provides network interfaces for applications.

▫ Hypertext Transfer Protocol (HTTP): is used to access various pages on web
servers.
▫ File Transfer Protocol (FTP): provides a method for transferring files. It allows
data to be transferred from one host to another.
▫ Domain Name Service (DNS): translates host domain names into IP addresses.
• Transport layer: sets up end-to-end connections.
▫ Transmission Control Protocol (TCP): provides reliable connection-oriented
communication services for applications. Currently, TCP is used by many
popular applications.
▫ User Datagram Protocol (UDP): provides connectionless communication
services, without guaranteeing the reliability of data packet transmission.
• Network layer: performs addressing and routing.
▫ Internet Protocol (IP): encapsulates transport-layer data into data packets and
forwards packets from source sites to destination sites. IP provides
connectionless and unreliable services.
▫ Internet Group Management Protocol (IGMP): manages IP multicast group
memberships. Specifically, IGMP sets up and maintains memberships between
IP hosts and their directly connected multicast routers.
 ▫ Internet Control Message Protocol (ICMP): sends control messages based on
the IP protocol and provides the monitoring and feedback information about
various problems that may exist in the communication environment. Such
information helps administrators diagnose the problems and take proper
measures to resolve them.

• Data link layer: encapsulates data frames and provides intra-segment

communication for the network layer.

▫ Point-to-Point Protocol (PPP): is a point-to-point data link layer protocol and

is commonly used on wide area networks (WANs).

▫ Ethernet: is a multi-access broadcast data link layer protocol and is most

widely used on local area networks (LANs).

▫ Point-to-Point Protocol over Ethernet (PPPoE): enables a bridged access server

to connect multiple hosts on a network to a remote access concentrator.
PPPoE is usually used by home users to access the Internet via dialup.

• Physical layer: transmits bitstreams over media.

 Contents

1. Network Reference Model

▫ OSI Reference Model and TCP/IP Reference Model
■ Application Layer

▫ Transport Layer

▫ Network Layer

▫ Data Link Layer

2. Common Network Devices

10 Huawei Confidential
Application Layer
⚫ The application layer provides interfaces for application software so that applications can use network
services. Based on a transport-layer protocol, applications define the port number used at the transport
layer.

Application layer Typical application-layer protocols

(data) • HTTP: the Hypertext Transfer Protocol, which provides
web browsing services.
Transport layer • Telnet: a remote login protocol, which provides remote
management services.
Network layer • FTP: the File Transfer Protocol, which provides Internet
file resource sharing services.
• SMTP: the Simple Mail Transfer Protocol, which
Data link layer
provides Internet email services.
• TFTP: the Trivial File Transfer Protocol, which provides
Physical layer
simple file transfer services.

11 Huawei Confidential
 FTP
⚫ File Transfer Protocol (FTP) transfers files from one host to another to implement file download and upload. This
protocol adopts the client/server (C/S) structure. When FTP is used to transmit data, the control connection and
data connection are established between the server and client.
⚫ The FTP connection can be set up in either proactive or passive mode. The difference between the two modes lies in
whether the data connection is initiated by the server or client. By default, the proactive mode is used. Users can
switch to the passive mode through commands.

Temporary Control connection Temporary Control connection

Port 21
port Port 21 port
Data connection Data connection Temporary
Temporary Port 20 Temporary
port
port port

FTP client FTP server FTP client FTP server

Proactive mode Passive mode

12 Huawei Confidential

• In proactive mode, if a firewall is deployed on the client, a data connection may

fail to be established because it is initiated by the server. In passive mode, this
issue is solved. However, the proactive mode facilitates the management of the
FTP server but impairs the management of the client. The opposite is true in
passive mode.
• By default, port 21 of the server is used to transmit control commands, and port
20 is used to transmit data.
• The establishment process of FTP connection in proactive mode:
▫ The server enables port 21 to enable the listener and set up a control
connection with the client.
▫ The client initiates a control connection setup request and the server responds.
▫ The client sends the PORT command through the control connection to notify
the server of the temporary port number used for the client data connection.
▫ A data connection is set up between the temporary port on the client and port
20 on the server.
• The establishment process of FTP connection in passive mode:
▫ The server enables port 21 to enable the listener and set up a control
connection with the client.
▫ The client initiates a control connection setup request and the server responds.
▫ The client sends the PASV command through the control connection to notify
the server that the client is in passive mode.
▫ The server responds and informs the client of the temporary port number used
for data connection.
▫ A data connection is set up between the temporary ports on the client and the
server.
SFTP
⚫ Secure File Transfer Protocol (SFTP) transmits files securely based on secure shell (SSH).
⚫ FTP transmits data in plaintext, which is not secure. SFTP encrypts the authentication information and
data to be transmitted, with higher security compared with FTP.
⚫ SFTP is a single-channel protocol and its default destination port number is 22. The client and server
are securely connected using SSH to transfer files. FTP is a dual-channel protocol, including the control
channel and data channel.

SFTP client SFTP server

Encrypted Encrypted
Internet

More
secure

14 Huawei Confidential
Telnet
⚫ Telnet is a standard protocol that provides remote login services on a network.
⚫ It helps users to operate remote devices through local PCs.
⚫ Users log in to a Telnet server through a Telnet client program. The commands entered on the Telnet
client are executed on the Telnet server, as if the commands were entered on the console of the server.

Telnet connection Firewall Server

Internet
Switch Router
Client

Access point

Telnet server

15 Huawei Confidential
 STelnet
⚫ Secure Telnet (STelnet) is a secure Telnet service enabling users to remotely and securely log in to devices. Through
STelnet, all exchanged data is encrypted, thus implementing secure sessions. Telnet transmits data in plaintext,
which is not secure. Network security can be greatly improved using STelnet.
⚫ STelnet is implemented based on SSH and the destination port number is 22 by default. Negotiations between an
STelnet server and an STelnet client include the following phases:
 Version negotiation
 Algorithm negotiation STelnet connection Firewall Server

 Key exchange Encrypted Encrypted

Internet
 User authentication Switch Router
Client
 Session interaction

Access point

STelnet server

16 Huawei Confidential

• Version negotiation phase: SSH is available in SSHv1 and SSHv2. The server and
client determine which SSH version to be used through version negotiation.

• Algorithm negotiation phase: SSH supports multiple encryption algorithms. Based

on their supported algorithms, the server and client determine which algorithm
to be used through negotiations.

• Key exchange phase: A session key is generated using a key exchange algorithm.
After that, sessions between the server and client are encrypted through session
keys.

• User authentication phase: The SSH client sends an authentication request to the
SSH server and the server authenticates the client.

• Session interaction phase: After the authentication succeeds, the server and client
exchange data.
 HTTP
⚫ Hypertext Transfer Protocol (HTTP) is one of the most widely used network protocols on the Internet.
HTTP was originally designed to provide a method for publishing and receiving hypertext markup
language (HTML) pages.

Internet

HTTP client HTTP server

Visit www.huawei.com.

HTML files of the page are returned.

17 Huawei Confidential

• WWW is short for World Wide Web, also known as 3W or Web. As a next-
generation user interface on the Internet, WWW replaces the traditional plaintext
mode in which information is exchanged in plain text. Hypertext is a holistic
information architecture, which establishes links for different parts of a
document through keywords so that information can be transmitted in
interactive mode. With the emerging and development of multimedia
technologies, the coverage of hypertext technologies has been extended from
plain texts to multimedia. The concept of hypermedia is therefore developed.

• On the Internet, hypermedia and hypertext modes are combined and information
links are extended to the entire Internet. Web is a kind of hypertext information
system, enabling texts to be switched from one position to another instead of
being fixed at a certain position. Web is unique for its multiple links.
HTTPS
⚫ Hypertext Transfer Protocol Secure (HTTPS): provides secure HTTP channels.
⚫ The Transport Layer Security (TLS) protocol is added to HTTPS based on HTTP to enable identity authentication,
data encryption, and integrity verification for data transmissions. The destination port number of HTTPS is 443 and
the destination port number of HTTP is 80 by default. Currently, most websites use HTTPS to provide secure data
transmission.

Plaintext Cipher-text
communication communication
HTTP client HTTP server HTTPS client HTTPS server

HTTP
HTTP • Identity
authentication
TLS
• Data encryption
TCP
• Integrity
TCP
verification
IP
IP

18 Huawei Confidential
 DNS
⚫ To visit a website, users need to enter the character string of the website address. However, a computer needs to
know the IP address corresponding to the domain name of the website for access. In this case, a domain name
system (DNS) is required.
⚫ DNS is classified into dynamic and static domain name resolution. Static domain name resolution is first used to
resolve a domain name. If the resolution fails, dynamic domain name resolution is used.
Client Local DNS server

Internet

Send a request for the IP address of

www.huawei.com.

The returned IP address is X.X.X.X.

Access X.X.X.X.

19 Huawei Confidential

• IPv4 static domain name resolution requires a static domain name resolution
table, which lists the mapping created manually between domain names and
IPv4 addresses. This table is similar to the hosts file in a Windows operating
system. The table contains commonly used domain names. After searching for a
specified domain name in the resolution table, the client can obtain the IP
address mapped to the domain name. This process improves domain name
resolution efficiency.

• Dynamic domain name resolution requires a dedicated DNS server. This server
runs the domain name resolution program, maps domain names to IP addresses,
and receives DNS requests from clients.
 Contents

1. Network Reference Model

▫ OSI Reference Model and TCP/IP Reference Model

▫ Application Layer
■ Transport Layer

▫ Network Layer

▫ Data Link Layer

2. Common Network Devices

20 Huawei Confidential
Transport Layer
⚫ A transport-layer protocol receives data from an application-layer protocol, encapsulates the data with
the corresponding transport-layer protocol header, and helps establish an end-to-end connection.

Application layer

Transport layer
(segment) Transport-layer protocols:
• TCP: a connection-oriented reliable transport-layer
Network layer communication protocol defined by IETF in RFC 793.
• UDP: a simple connectionless transport-layer protocol
defined by IETF in RFC 768.
Data link layer

Physical layer

21 Huawei Confidential
 TCP and UDP – Packet Formats

Source port (16) Destination port (16)

Sequence number (32)
Acknowledgement number (32)

Header Reserved Control TCP packet header

Window (16)
length (4) (6) bits (6)

Checksum (16) Urgent (16)

Options (variable)
Data (if any)

Source port (16) Destination port (16)

UDP packet header
Length (16) Checksum (16)
Data (if any)

22 Huawei Confidential

• TCP packet header:

▫ Source port: This field identifies the application that sends the packet. This
field is 16 bits long.
▫ Destination port: This field identifies the application that receives the packet.
This field is 16 bits long.
▫ Sequence number: This field indicates the sequence number of each byte in a
data flow transmitted over a TCP link. The sequence number field value refers
to the sequence number of the first byte of data sent by the packet segment.
This field is 32 bits long.
▫ Acknowledgment number: This field indicates the sequence number of the
next segment's first byte that the receiver is expecting to receive. The value of
this field is 1 plus the sequence number of the last byte in the previous
segment that is successfully received. This field is valid only when ACK is set to
1. This field is 32 bits long.
▫ Header length: This field indicates the length of the TCP header. The unit is 32
bits (4 bytes). If the Options field is empty, the value of this field is 5,
indicating that the header contains 20 bytes.
▫ Reserved: The value must be 0. This field is 6 bits long.
▫ Control bits: This field indicates TCP data segments in different states
including FIN, ACK, and SYN flags.
 ▫ Window: This field indicates the maximum number of bytes that are allowed
by the receiver for implementing TCP traffic control. The maximum window
size is 65535 bytes. This field is 16 bits long.
▫ Checksum: This field indicates a mandatory field calculated and stored by the
sender and verified by the receiver. During checksum computation, the TCP
packet header and TCP data are included, and a 12-byte pseudo header is
added in front of the TCP packet segment. This field is 16 bits long.
▫ Urgent: The field is significant only when URG is set to 1. The local device
sends urgent data to the peer device using the urgent pointer. The field is used
to indicate the number of bytes in the urgent data of the packet segment and
is placed at the beginning of the packet segment. This field is 16 bits long.

▫ Options: The field is significant and ranges from 0 bytes to 40 bytes.

• UDP packet header:

▫ Source port: The field identifies the application that sends the packet and is 16
bits long.

▫ Destination port: The field identifies the application that receives the packet
and is 16 bits long.

▫ Length: The field specifies the total length of a UDP packet header and data.
The possible minimum length of the field is 8 bytes, as a UDP packet header
has used 8 bytes. Due to this field, the total length of a UDP packet cannot
exceed 65535 bytes, including an 8-byte header and 65527 bytes of data.

▫ Checksum: The field indicates the checksum of a UDP packet header and UDP
data and is 16 bits long.
TCP and UDP – Port Numbers
⚫ TCP and UDP distinguish different services using different port numbers. Generally, the source port used by a client is randomly
allocated, and the destination port is specified by the application of a server. The source port number is usually greater than 1023
and is not being used. The destination port number indicates the listening port number of the application (service) enabled on the
server. For example, the default port number for HTTP is 80.

Web browser HTTP server

HTTP application Telnet HTTP application Telnet

TCP port 1024 TCP port 1231 TCP port 80 TCP port 23
1.1.1.1 (IP address) House number: 2.2.2.2
(IP address)

HTTP client HTTP server

Source IP address: Source port number:
1.1.1.1 1024 HTTP
Destination IP Destination port payload
address: 2.2.2.2 number: 80
IP header TCP header

24 Huawei Confidential
 Contents

1. Network Reference Model

▫ OSI Reference Model and TCP/IP Reference Model

▫ Application Layer

▫ Transport Layer
■ Network Layer

▫ Data Link Layer

2. Common Network Devices

25 Huawei Confidential
Network Layer
⚫ The transport layer establishes connections between processes on different hosts, and the network
layer transmits data from one host to another.

Application layer

Transport layer
The network layer sends packets from a source host to

Network layer a destination host, provides logical addresses for

(packet) network devices, and implements data packet routing
and forwarding. Common network-layer protocols
Data link layer include IPv4, IPv6, ICMP, and IGMP.

Physical layer

26 Huawei Confidential
IP Packet Header
Ethernet IP TCP Ethernet
User data
header header header trailer

0 16 31

Version Header length DS field Total length

Identification Flags Fragment offset

20 bytes
Time to live Protocol Header checksum (fixed
length)
Source IP address

Destination IP address

IP options (variable)

27 Huawei Confidential
 IP Packet Forwarding
⚫ The network-layer header of a packet sent by a source device carries the network-layer addresses of the source and
destination devices. Each network device (such as a router) with routing functions maintains a routing table. After
receiving a packet, the network device reads the network-layer destination address of the packet, searches the
address in the routing table for the matching entry, and forwards the packet according to the instruction of the
matching entry.
Network Outbound Interface
Route table Network A GE0/0/1
… …

Router
GE0/0/0
PC1

GE0/0/1
PC 1 encapsulates the IP header,
including source and destination
IP addresses.

Network A

PC2

28 Huawei Confidential

• When IP is used as the network-layer protocol, the two communicating devices

are separately assigned with a unique IP address to identify themselves. An IP
address can be written as a 32-bit binary integer and is usually represented in
dotted decimal notation to facilitate reading and analysis. The four bytes of an IP
address are separated from each other by dot (.) in decimal notation, such as
192.168.1.1.

• Encapsulation and forwarding of IP packets:

▫ When receiving data from an upper layer (such as the transport layer), the
network layer encapsulates an IP packet header and adds the source and
destination IP addresses to the header.

▫ Each passing network device, such as a router, maintains a routing table that
guides IP packet forwarding like a map. After receiving an IP packet, the
router forwards the packet by searching its IP routing table based on the
destination IP address.

▫ When the IP packet reaches the destination host, the destination host
determines whether to accept the packet based on the destination IP address
and then processes the packet accordingly.

• The IP protocol works together with routing protocols such as OSPF, IS-IS, and
BGP to help routers establish routing tables and to conduct network control and
network status diagnosis.
 ICMP
⚫ The Internet Control Message Protocol (ICMP) is an auxiliary IP protocol.
⚫ ICMP is used to transmit error and control information between network devices. It plays an important role in
collecting network information as well as diagnosing and rectifying network faults.

Type Code Description

Ethernet
IP header ICMP packet Ethernet trailer 0 0 Echo reply
header
3 0 Network unreachable
3 1 Host unreachable
Type Code Checksum 3 2 Protocol unreachable
ICMP packet content 3 3 Port unreachable
5 0 Redirection
8 0 Echo request

29 Huawei Confidential

• ICMP works at the network layer to ensure correct forwarding of IP packets and
successful data packet exchange. ICMP allows hosts or devices to report errors or
exceptions during packet transmission.

• ICMP messages are encapsulated in IP packets. If the Protocol value in the IP

header is 1, the used protocol is ICMP.

• ICMP field resolution:

▫ The format of an ICMP message depends on the Type and Code fields. The
Type field indicates the message type, and the Code field indicates specific
parameters of the message type.

▫ The Checksum field is used to check whether the message is complete.

▫ An ICMP message contains a 32-bit variable field. Generally, this field is not
used and is set to 0.

▪ An ICMP Redirect message specifies a gateway IP address. A host redirects

packets to the specified gateway based on this address.

▪ An Echo Request message contains the identifier and sequence number. The
source device associates a received Echo Reply message with an Echo
Request message it sends based on the two parameters. Especially when
the source sends multiple Echo Request messages to the destination, the
Echo Request and Echo Reply messages must be matched based on the
identifiers and sequence numbers.
ICMP Error Check
⚫ The ICMP Echo Request message and ICMP Echo Reply message are usually used to check network connectivity
between source and destination addresses, and to provide other information, such as the round-trip time of packets.
⚫ A typical ICMP application is the ping command. Ping is a common tool for checking network connectivity and
collecting related information. In the ping command, users can assign different parameters, such as the length and
number of ICMP packets, and the timeout period for waiting for a reply. Devices construct and send ICMP packets
based on the parameters to perform ping tests.
[RTA] ping 20.0.0.2
PING 20.0.0.2: 56 data bytes, press CTRL_C to break
Reply from 20.0.0.2: bytes=56 Sequence=1 ttl=254 time=70 ms
Echo request
Reply from 20.0.0.2: bytes=56 Sequence=2 ttl=254 time=30 ms
10.0.0.0/24 20.0.0.0/24 Reply from 20.0.0.2: bytes=56 Sequence=3 ttl=254 time=30 ms
.1 .2 .1 .2 Reply from 20.0.0.2: bytes=56 Sequence=4 ttl=254 time=40 ms

Router Router Server A Reply from 20.0.0.2: bytes=56 Sequence=5 ttl=254 time=30 ms
Echo reply --- 20.0.0.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/40/70 ms

30 Huawei Confidential
 ICMP Error Report
⚫ ICMP defines various error messages for diagnosing network connectivity faults. Based on the error messages, the
source device can determine the cause of a data transmission failure. For example, when a network device cannot
access a target network, it automatically sends an ICMP destination unreachable message to the transmit device.
⚫ Tracert traces the packet forwarding path hop by hop based on the time to live (TTL) value in the packet header. It
is an effective method to check the packet loss and delay and to help administrators find routing loops on a
network.

[RTA] tracert 20.0.0.2

Data packet

traceroute to 20.0.0.2(20.0.0.2), max hops: 30,packet length: 40,press

10.0.0.0/24 20.0.0.0/24
CTRL_C to break
.1 .2 .1 .2
RTA RTB Server A 1 10.0.0.2 80 ms 10 ms 10 ms

ICMP destination unreachable message

2 20.0.0.2 30 ms 30 ms 20 ms

31 Huawei Confidential

• ICMP defines various error messages for diagnosing network connectivity faults.
Based on the error messages, the source can determine the cause of a data
transmission failure.
▫ If a loop occurs on a network, packets are looped and the TTL times out. In
this case, the device sends a TTL timeout message to the sender.
▫ If the destination is unreachable, the intermediate device sends a destination
unreachable message to the sender. Destinations are unreachable due to
various causes. If the device cannot find the destination network, it sends a
destination network unreachable message. If the device cannot find the
destination host on the destination network, it sends a message indicating the
destination host is unreachable.
• Tracert is another typical application of ICMP. Tracert traces the packet
forwarding path hop by hop based on the TTL value in the packet header. To
trace the path to a specific destination address, the source end first sets the TTL
value of the packet to 1. After the packet reaches the first node, the TTL times
out. Therefore, this node sends a TTL timeout message carrying the timestamp to
the source end. Then, the source end sets the TTL value of the packet to 2. After
the packet reaches the second node, the TTL times out. This node also returns a
TTL timeout message. The process repeats until the packet reaches the
destination. In this way, the source end can trace each node through which the
packet passes according to the returned messages. This allows the source end to
calculate the round-trip time according to the timestamp information.
 OSPF
⚫ Communications between different networks are implemented through routes. There are three types of
routes: direct routes, static routes, and dynamic routes. Dynamic routes have been widely used on
networks for high flexibility, reliability, and scalability.
⚫ OSPF is the most widely used dynamic routing protocol on enterprise networks.

OSPF

LSDB
synchronization
of each router

Switch

Host

32 Huawei Confidential

• Link State Database (LSDB): indicates the database for saving the link status
information synchronized by OSPF devices for route calculation.
 OSPF Area
⚫ An OSPF area ID is used to identify an OSPF area.
⚫ An OSPF area is regarded as a logical group of devices.
⚫ Single-area or multi-area networking can be deployed in enterprises based on scales and requirements.

Firewall

Server cluster
Core switch Area 0

Aggregation
switch
Aggregation Aggregation
switch switch

OSPF is configured on the core

switch and aggregation switches
in the same OSPF area to enable
route reachability of the
enterprise network.
Office building 1 Office building 2

33 Huawei Confidential

• OSPF areas are classified as either a backbone area (with area ID 0) or non-
backbone areas.

• On large-scale enterprise networks, OSPF areas can be planned hierarchically. A

backbone area (with area ID 0) can be planned between egress and core
switches, and non-backbone areas (with area ID 10 and area ID 20) can be
planned between core and aggregation switches.
OSPF Routing Table
⚫ Must-knows of OSPF routing tables:
 An OSPF routing table contains the information used to guide packet forwarding, including the destination
address, cost, and next hop.
 You can run the display ospf routing command to check information about the OSPF routing table.

<R1> display ospf routing

OSPF Process 1 with Router ID 1.1.1.1
[R1]display ospf routing Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
Router ID: 1.1.1.1 Router ID: 2.2.2.2 1.1.1.1/32 0 stub 1.1.1.1 1.1.1.1 0.0.0.0
10.1.1.0/20 1 Transit 10.1.1.1 1.1.1.1 0.0.0.0
2.2.2.2/32 1 stub 10.1.1.2 2.2.2.2 0.0.0.0
GE1/0/0 GE1/0/0
Router 1 10.1.1.1/30 10.1.1.2/30 Router 2
Total Nets: 3
Intra Area: 3 Inter Area: 0 ASE: 0 NSSA: 0

34 Huawei Confidential
 Contents

1. Network Reference Model

▫ OSI Reference Model and TCP/IP Reference Model

▫ Application layer

▫ Transport Layer

▫ Network Layer
■ Data Link Layer

2. Common Network Devices

35 Huawei Confidential
Data Link Layer
⚫ The data link layer is located between the network layer and the physical layer, providing services for
protocols such as IP and IPv6 at the network layer.
⚫ Ethernet is the most common data link layer protocol.

Application layer The data link layer is located between the network layer
and the physical layer.
Transport layer
• The data link layer provides intra-segment
Network layer communication for the network layer.
• The functions of the data link layer include framing,
Data link layer
(frame) physical addressing, and error control.
• Common data link layer protocols include Ethernet,
Physical layer
PPPoE, and PPP.

36 Huawei Confidential
 Ethernet Frame Structure
⚫ The frames used by Ethernet technology are referred to as Ethernet frames. Ethernet frames are in two
formats, namely, Ethernet II and IEEE 802.3.
⚫ A medium access control (MAC) address uniquely identifies a network interface card (NIC). MAC
addresses are used for intra-segment communication, with 48 bits in length, such as 00-1E-10-DD-DD-
02.
Total length of a data frame: 64–1518 bytes

6B 6B 2B 46-1500B 4B
Ethernet_II
DMAC SMAC Type User data FCS
format

6B 6B 2B 3B 5B 38-1492B 4B
IEEE 802.3
DMAC SMAC Length LLC SNAP User data FCS
format
3B 2B

Org Code Type

37 Huawei Confidential

• Ethernet II frame:
▫ DMAC: indicates the destination MAC address, with 6 bytes in length,
identifying the MAC address of the receiver.
▫ SMAC: indicates the source MAC address, with 6 bytes in length, identifying
the MAC address of the sender.
▫ Type: indicates the protocol type, with 2 bytes in length. Common values
are as follows:
▪ 0 x 0800: Internet Protocol Version 4 (IPv4)
▪ 0 x 0806: Address Resolution Protocol (ARP)
• IEEE 802.3 LLC frame:
▫ SNAP: Sub-network Access Protocol, consisting of the Org Code field and
the Type field.
▫ FCS: Frame Check Sequence, acting as a 32-bit cyclic redundancy check
code (CRCC) detecting whether any error occurs during frame transmission.
▫ Logical link control (LLC) consists of the destination service access point
(DSAP), source service access point (SSAP), and Ctrl field.
▪ DSAP: indicates the destination service access point, with 1 byte in
length. If the subsequent type is IP frame, the value is set to 0x06. The
function of a service access point is similar to the Type field in an
Ethernet II frame or the port number in TCP/UDP.
▪ SSAP: indicates the source service access point, with 1 byte in length.
If the subsequent type is IP frame, the value is set to 0x06.
▪ Ctrl: indicates unnumbered IEEE 802.2 information of a connectionless
service, with 1 byte in length, usually set to 0x03.
 ARP
⚫ To enable normal packet forwarding, the destination address or the gateway MAC address should be
obtained. As such, Address Resolution Protocol (ARP) is used to obtain the corresponding MAC address
based on the known IP address.

ARP request packet

Destination IP address: 192.168.1.2
Destination MAC address: ?
Host A Host B
192.168.1.1/24 192.168.1.2/24
3C-52-82-49-7E-9D 48-A4-72-1C-8F-4F
ARP response packet
Source IP address: 192.168.1.2
Source MAC address: 48-A4-72-1C-8F-4F

38 Huawei Confidential

• ARP is a TCP/IP protocol that obtains the data link layer address associated with
a given IP address.

• ARP is an indispensable IPv4 protocol, which provides the following functions:

▫ Mapping IP addresses into MAC addresses.

▫ Maintaining the ARP entry used to store the mapping between a MAC
address and a destination IPv4 address.

▫ Detecting duplicate IP addresses on a network segment.

 Data Encapsulation of a Sender

www.huawei.com
Data Application layer Data

TCP Header Data Transport layer Segment

Network layer Packet

IP Header Payload

Data link layer Frame

Ethernet Header Payload FCS

... Physical layer Bit

0 1 1 0 0 1 0 1 0 1 ... Transmission media

39 Huawei Confidential

• Assume that you are accessing Huawei's official website through the IE browser.
After you enter the website address in the address box and press Enter, the
following things occur on your computer:

▫ The IE browser (the application) uses HTTP (the application layer protocol)
to encapsulate the application-layer data. (As shown in the above figure,
data should also include an HTTP header, which is not shown here.)

▫ HTTP relies on transport-layer protocols (such as TCP) to ensure the

reliability of data transmission and transmits the encapsulated data to a
transport-layer protocol module.

▫ The TCP module adds the corresponding TCP header information (such as
the source and destination port numbers) to the data transmitted from the
application layer. In this case, the protocol data unit (PDU) is called a
segment.

▫ On an IPv4 network, the TCP module sends the encapsulated segment to

the IPv4 module at the network layer. (On an IPv6 network, the segment is
sent to the IPv6 module.)

▫ After receiving the segment from the TCP module, the IPv4 module
encapsulates the IPv4 header. In this case, the PDU is called a packet.
▫ As the data link layer uses the Ethernet protocol, after the IPv4 module
completes encapsulation, the packet is sent to the Ethernet module (such
as the Ethernet NIC).

▫ After receiving the packet from the IPv4 module, the Ethernet module adds
the corresponding Ethernet header and FCS frame trailer to the packet. In
this case, the PDU is called a frame.

▫ After the Ethernet module encapsulates the packet, it sends the data to the
physical layer.

▫ Based on the physical media, the physical layer converts digital signals into
electrical signals, optical signals, or electromagnetic (wireless) signals.

▫ The converted signals are transmitted on the network.

 Data Decapsulation of a Receiver

Application layer Data Data

Web server

Transport layer Data Segment

Network layer Payload Packet

Data link layer Payload Frame

Physical layer ... Bit

Transmission media 0 1 1 0 0 1 0 1 0 1 ...

41 Huawei Confidential

• The data finally reaches the destination server after being transmitted over the
network. Based on the information of different protocol headers, the data is
decapsulated layer by layer, processed, transmitted, and finally sent to
applications deployed on the web server for data processing.
 Contents

1. Network Reference Model

2. Common Network Devices

42 Huawei Confidential
 Typical Enterprise Campus Network Architecture
⚫ A typical enterprise campus network consists of switches, routers, firewalls, and servers.

Egress layer

Core layer

Aggregation
layer

Access layer

43 Huawei Confidential

• A typical campus network, consisting of different devices, such as routers,

switches, and firewalls, uses a multi-layer architecture which includes the access
layer, aggregation layer, core layer, and egress layer.

• A switch is a communication device on the same network segment or across

network segments.

• A router is a communication device across network segments.

• A firewall can be deployed at the network egress to implement security

protection.
 Switch
⚫ A switch is the device closest to end users and is used to connect terminals to the network, enabling
the forwarding of data frames on the same network segment.
⚫ Switches work at the data link layer and forward data frames based on MAC address tables that store
the mapping between MAC addresses and switch ports.
Network

Host A Host B
GE 0/0/1 GE 0/0/2

IP A: 192.168.1.1/24 Switch IP B: 192.168.1.2/24

MAC A: 0050-5600-0001 MAC B: 0050-5600-0002
Data frames sent MAC address table of
by host A the switch

Source Address Destination Address MAC address Port

Destination MAC address: MAC A GE0/0/1

Source MAC address: MAC A
MAC B MAC B GE0/0/2
Source IP address: IP A Destination IP address: IP B … …

44 Huawei Confidential

• Layer 2 switches work at the data link layer and forward frames based on MAC
addresses. The switch ports used to send data are independent of the switch
ports used to receive data. Each port belongs to a different collision domain,
which effectively isolates collision domains on the network.

• Layer 2 switches maintain the mapping between MAC addresses and ports by
learning the source MAC addresses of Ethernet frames. The table that stores the
mapping between MAC addresses and ports is called a MAC address table. Layer
2 switches look up the MAC address table to determine the port to which frames
are forwarded based on the destination MAC address.
Router
⚫ Routers work at the network layer to ensure that packets can be forwarded between different
networks.
Host A Router A Router B Router C Host B

Application layer Application layer

Transport layer Router A Router B Router C Transport layer

Network layer Network layer Network layer Network layer Network layer

Data link layer Data link layer Data link layer Data link layer Data link layer

Physical layer Physical layer Physical layer Physical layer Physical layer

45 Huawei Confidential

▫ A router is a network-layer device that forwards packets between different

networks. As shown in the above figure, host A and host B on different
networks (links) can communicate with each other. A router on the same
network as host A receives a data frame sent by host A. The data link layer
of the router confirms that the frame is sent to itself after analyzing the
frame header, and then sends the frame to the network layer. The network
layer then determines to which network segment the destination address
belongs based on the network-layer packet header of the frame. The router
then forwards the frame to the next-hop device through the corresponding
interface by checking the routing table until the frame reaches host B.
 Firewall
⚫ Firewalls are mainly deployed at network borders to control network access behaviors, with security
protection as the key feature.
⚫ Firewalls consider that data flows in the same security zone do not have security risks and no security
policy is required. Device security checks are triggered only when data flows between different security
zones and security policies are implemented.

DMZ
Zone Default Security Priority

Untrust zone 5 (low security level)

DMZ 50 (medium security level)

Trust Untrust
Trust zone 85 (high security level)

100 (highest security level). A local

Local zone zone defines a device itself, including
interfaces on the device.

46 Huawei Confidential

• Firewall technologies play an indispensable role in computer network security

protection. In a network environment with a large application scope, firewalls
technologies are applied to computer network systems to provide effective
protections for the collected data. And hardware firewalls are used to solve
network security problems in a centralized manner. They are applicable to
various scenarios and provide efficient filtering. In addition, they provide security
features such as access control, identity authentication, data encryption, VPN
technology, and address translation. Users can configure security policies based
on their network environments to prevent unauthorized access and protect their
networks.
 Firewall Development History
⚫ As technologies advance, firewalls have been upgraded from a low level to a higher level, with related
functions developing in a simple-to-complex manner. The development of network technologies and
the proliferation of demands continue to promote the firewall upgrade.
⚫ Based on the development history, firewalls can be classified into:
 Packet filtering firewalls
 Stateful inspection firewalls
Next-generation firewall
 Next-generation firewalls (NGFW)
Stateful
UTM
inspection
Packet Application
filtering proxy

1989 1990-1991 1994-1995 2004-2005 2009

47 Huawei Confidential

• The earliest firewalls were developed in the 1980s. Over the two decades, the
development history of firewalls can be divided into the following three phases:

▫ First phase (from 1989 to 1994): Packet filtering firewalls, also known as
first-generation firewalls, were developed in 1989 for simple access control.
Then, proxy firewalls, also known as second-generation firewalls, were
developed, acting as a proxy for communication between the intranet and
extranet at the application layer. After that, firewalls based on the stateful
inspection technology were developed by Check Point in 1994. The firewalls
determine the actions to be taken on packets by dynamically analyzing
packet status. They are also known as third-generation firewalls due to fast
processing speed and high security as they do not need to proxy each
application.

▫ Second phase (from 1995 to 2004): Other functions, such as VPN, were
added to firewalls. In addition, web application firewalls (WAFs) were
developed for web server security protection. In 2004, the industry proposed
the concept of United Threat Management (UTM). With UTM, a firewall
can implement all-round network security protection with the integration of
various functions, including traditional firewall functions, intrusion
detection, antivirus, URL filtering, application control, and mail filtering.
▫ Third phase (from 2005 until now): The rapid development of the UTM
market since 2004 led to the proliferation of UTM products, causing new
challenges. First, the application-layer information detection is limited and
a more advanced detection method is required, facilitating the wide
application of the deep packet inspection (DPI) technology. Second,
performance is affected. When multiple functions are running at the same
time, the processing performance of UTM devices deteriorates greatly. To
solve the performance deterioration issue, the next-generation firewall was
released in the industry in 2008. The firewall can perform management and
control based on users, applications, and content. In 2009, the industry
specified the functions and features of the next-generation firewall.
Subsequently, multiple security vendors launched their next-generation
firewall products, leading to a new era of firewalls.
Firewall Functions
⚫ Firewalls protect a network against attacks and Internet users
Employees on
Partners Branch 2
the move
intrusions from another network. With isolation
and defense attributes, firewalls can be
deployed at enterprise network egresses, subnet
borders of large-scale networks, and data Internet egress firewalls
center (DC) borders.
Branch 1 DMZ

Private line
The functions of firewalls are as follows:

internal access area

⚫

Firewalls in the
Core switch
 Isolating networks of different security levels
RADIUS Controller eSight
 Implementing access control (using security
policies) between networks of different security ...
levels
LogCenter Sandbox
 Implementing user identity authentication
DC DC egress firewalls
 Implementing remote access
 Implementing data encryption and VPN services Service area 1 Service area 2 Service area 3
 Implementing network address translation
 Implementing other security functions

49 Huawei Confidential
 Comparison Between Firewalls, Switches and Routers
⚫ The main functions of switches, routers, and firewalls are different, as switches for constructing LANs,
routers for connecting different networks, and firewalls deployed at network borders.
⚫ The core feature of routers and switches is packet forwarding, while that of firewalls is network access
control.
Firewall Router
Packet forwarding Addressing and data forwarding,
control, attack as well as network interconnection
defense, assurance
as well as virus
and Trojan horse
prevention

External network
access traffic
Switch
LAN construction Internal network
Layer 2 and Layer 3 fast access traffic
Host packet forwarding

50 Huawei Confidential

• Differences between firewalls, routers, and switches:

▫ The core feature of routers and switches is packet forwarding, while that of
firewalls is network access control.

▫ Routers connect different networks and provide connectivity using routing

protocols to ensure that packets are forwarded to the destination.

▫ Switches are usually used to construct LANs as important hubs for LAN
communication and forward packets quickly through Layer 2 or Layer 3
switching.

▫ Firewalls are usually deployed at network borders to control network access

with security protection as the core feature.
 Network Device Login and Configurations
⚫ Network device configurations are involved in the deployment, operation, and maintenance processes.
You need to log in to a device before configuring it.
⚫ Administrators can configure network devices on the web UI or through the CLI.

Console login Telnet login SSH login Web login

Username: admin
Password: Admin@123
Info: The max number of VTY users is 21, the number of
current VTY users online is 0, and total number of terminal
users online is 1.
<FW> display this
#
sysname FW
#
command-privilege level 0 view system interface
#
Return

51 Huawei Confidential

• The default login interface of a firewall is GigabitEthernet0/0/0, which is also

called the MGMT interface.

• Web login

▫ Default website: https://192.168.0.1:8443 (or http://192.168.0.1)

▫ Default user name: admin

▫ Default password: Admin@123.

 Basic Configuration Commands (1/2)
⚫ Configure an interface IP address.
[FW] interface GigabitEthernet 0/0/1
[FW-GigabitEthernet0/0/1] ip address 10.102.0.1 255.255.255.0

This command is used to configure an IP address for a physical or logical interface on a device.
⚫ View current configurations.
<FW> display current-configuration

⚫ Save a configuration file.

<FW> save

⚫ Display the saved configuration data.

<FW> display saved-configuration

52 Huawei Confidential

• An IP address must be configured for an interface to run the IP service. Generally,

an interface needs only one IP address. If a new primary IP address is configured
on the interface, the original one is replaced.

• Users can run the ip address ip-address { mask | mask-length } [ sub ] command
to configure an IP address for an interface. In this command, the mask field
indicates the subnet mask, such as 255.255.255.0, and the mask-length field
indicates the mask length, such as 24. Users can either configure the subnet
mask or mask length.

• A loopback interface is a logical interface for network or IP host virtualization. A

loopback interface can be used as a management interface for its stability and
reliability if multiple protocols run at the same time.

• When configuring an IP address for a physical interface, check the physical status
of the interface. By default, an interface of a Huawei router or switch is in the Up
state. If the interface has been manually disabled, run the undo shutdown
command to enable the interface.
 Basic Configuration Commands (2/2)
⚫ Clear saved configuration data.
<FW> reset saved-configuration

⚫ View system startup configuration parameters.

<FW> display startup

This command is used to display related system software, backup system software, configuration files, license
files, patch files, and voice files for current and next startup.

⚫ Configure the configuration file for next startup.

<FW> startup saved-configuration configuration-file

The device loads a specified configuration file for next startup during an upgrade by running this command.

⚫ Restart the device.

<FW> reboot

53 Huawei Confidential

• The reset saved-configuration command is used to delete configuration files or

the saved contents in the files. If the startup saved-configuration configuration-
file command is not run to respecify a configuration file for next startup or the
save command is not run to save the current configuration, the device is initiated
using default parameters for next startup after running the reset saved-
configuration command.

• The display startup command is used to display related system software, backup
system software, configuration files, license files, patch files, and voice files for
current and next startup.

• The startup saved-configuration configuration-file command is used to specify

the configuration file for next startup and the configuration-file parameter
specifies the name of the configuration file for next startup.

• The reboot command is used to restart a device and prompt users to confirm
whether to save current configurations before the device restarts.
GUI (1/2)
⚫ Firewall GUIs include the function tab, menu navigation tree, operation area, common operation button area, and CLI console.

Function tab Common operation button area

Operation area

Menu
navigation tree

CLI console

54 Huawei Confidential
GUI (2/2)
⚫ The function tab on the GUI displays firewall functions based on types and is commonly used during
firewall configurations on the web UI.

Function Tab Description

Dashboard Allows you to quickly view device status and monitor the system running status.

Provides comprehensive O&M methods, allowing you to view logs and statistics as well as diagnosing
Monitor
device faults.

Allows you to configure service policies such as security policies and bandwidth policies to control traffic
Policy
forwarding and defend against network threats.

Allows you to configure common elements such as addresses and services that are referenced by various
Object
service policies, simplifying service configuration.

Allows you to configure network communication functions, such as interfaces, routes, and VPNs, which
Network
are the basis for devices to access the network.

Allows you to configure device management functions, such as administrator, clock, SNMP, and system
System
upgrade, providing a basis for normal system running.

55 Huawei Confidential
Configuration File Management
⚫ Choose System > Configuration File Management to view the current configuration file and specify a
configuration file for next startup.

56 Huawei Confidential
Version Upgrade
⚫ Choose System > System Upgrade to upgrade the system software, patch files, and feature package
files.

57 Huawei Confidential
 Quiz

1. (Multiple-answer question) Which of the following protocols can be applied to the

application layer? ( )

A. HTTP

B. DNS

C. FTP

D. OSPF

2. (True or False) Data connection is initiated by the client in active FTP mode. ( )

A. True

B. False

58 Huawei Confidential

1. ABC

2. B
 Summary
⚫ This course describes the TCP/IP reference model, consisting of five layers, including the
application layer, transport layer, network layer, data link layer, and physical layer. Each
layer provides services for the upper layer, each applied with different protocols. The course
also introduces some common protocols, such as ARP, ICMP, FTP, and HTTPS.
⚫ This course describes the typical enterprise network architecture, common network devices,
such as switches, routers, and firewalls, as well as the CLI-based and GUI-based firewall
configuration modes.

59 Huawei Confidential
 Recommendations
⚫ Visit Huawei official websites:
 Enterprise service: https://e.huawei.com/en/
 Technical support: https://support.huawei.com/enterprise/en/index.html
 Online learning: https://learning.huawei.com/en/

60 Huawei Confidential
Acronyms and Abbreviations (1/3)
Acronym and Abbreviation Full Name
ACK Acknowledge
ARP Address Resolution Protocol
C/S Client/Server
CLI Command Line Interface
FIN Finish
FTP File Transfer Protocol
HTTP Hyper Text Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol

61 Huawei Confidential
Acronyms and Abbreviations (2/3)
Acronym and Abbreviation Full Name
IS-IS Intermediate System to Intermediate System
MAC Media Access Control
OSI Open Systems Interconnection
PPP Point-to-Point Protocol
PPPoE Point-to-Point Protocol over Ethernet
SFTP Secure File Transfer Protocol
SMTP Simple Mail Transfer Protocol
SSH Secure Shell Protocol
STelnet Secure Telnet
SYN Synchronize Sequence Numbers
TCP Transmission Control Protocol

62 Huawei Confidential
Acronyms and Abbreviations (3/3)
Acronym and Abbreviation Full Name
TFTP Trivial File Transfer Protocol
TLS Transport Layer Security
TTL Time To Live
UDP User Datagram Protocol
URL Universal Resource Locator
UTM United Threat Management
VPN Virtual Private Network
WAF Web Application Firewall
WWW World Wide Web
OSPF Open Shortest Path First
LSDB Link State Database

63 Huawei Confidential
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright© 2022 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors
that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.