Intelligent IP networks

accelerate intelligence

Blaise POUOKAM
IP product and solution Manager
Data communication networks are vital for the intelligent world

A trusted partner for global customers in diverse industries

---Helping to accelerate digital transformation and unleash digital productivity

Government Finance Education ISP Energy Transportation

1160+ 1120+ 1180+ 2600+ 320+ 380+

60+ 50 32 100+ 20 230,000

national broadband of top 100 of QS top 100 countries and of top oil giants kilometers of railways
networks banks universities regions and highways

267 35,000+ 470,000+

of Fortune Global 500 companies partners across 8 categories Huawei certifications awarded
28 years of continuous R&D investment around the world

Beijing
IP Router, WAN Network
Nanjing
Ethernet Switch, Campus
Suzhou
Wi-Fi AP and WLAN
Hangzhou
Firewall and Network
13
Solutions Network Solutions Network Solutions Security Solutions research centers worldwide

11,000+
R&D staff

>20%
of annual revenue reinvested into R&D

100+
scientists and top experts
Germany France Ireland Canada
TSN, Cyber Security, Network Calculus, Network Open Programmable, Graph DB, Network
Short Distance Optical Measurement Intent Assurance AI & Digital map
Continuous contribution to industry standards including IETF and IEEE

12+
Industry standards bodies and open
600+ 11,000+ 50+ Wu Qin
IETF IAB member
Huawei's contributions Total patents licensed Working groups that Huawei (China)
source organizations that Huawei has
to IETF RFCs by the end of 2023 participates in as chair or higher
joined

Osama Aboul-
Magd
Chair of the IEEE
802.11ac/ax WG
(Canada)

No. 1 in the number of IETF declared Dario Rossi

patents in the last 5 years No. 1 contributions to SRv6 standards No. 1 contributions to IEEE Wi-Fi 6&7 Chief expert of
AI algorithms
(France)
700
Huawei
Huawei 826
600 578
Q
500 780
Huawei & C Yashar Ganjali
400 343 I
487 Chief expert of
300 243
183 C Z
200 183
181
125 DCN technologies
85 107
100 36
26 20 9 Others E (Canada)
0 111
Contribution rate:
C
Vendor C Huawei Vendor J Vendor E Vendor N Vendor Z
Total IPR disclosures IPR disclosures in the
75% 49
Wi-Fi 6 Wi-Fi 7
past 5 years
Benoit Claise
Chief expert of ADN
Leading contributions to the IPv6 Enhanced, Wi-Fi 6/7 and 400G/800G fields automation engine
(Ireland)
Huawei data communication network solution portfolio

Network Digital Map

Campus Network Wide Area Network Data Center Network

Wireless
office Enterprise DC

Smart Server Storage XPU （AI）

manufacturin
g
CloudEngine NetEngine series WAN CloudEngine series data center
AirEngine series routers switches
Smart series campus
Wi-Fi 6&7 APs switches
City

HiSecEngine series security

gateways

Network Security
Huawei Datacom network solutions & products

AirEngine CloudEngine NetEngine HiSecEngine

NetEngine 8000 routers

CloudEngine S series campus switches

Wi-Fi 6 & Wi-Fi 7 for all scenarios NetEngine AR series routers HisecEngine USG12000-F security
CloudEngine series datacenter switches
gateways
High-Quality 10Gbps Campus:
Experience-Centric,
Accelerating Your Digital and
Intelligent Journey
Trends & Challenges for Campus Network in the Experience-Centric Era

Service Scenarios Trend The challenge

Insufficient
200k 96k+ 170+ Wireless terminal surge wireless performance
employees R&D country/region
1→ 3~4 terminals/user 200,000+ employees

20 Mbit/s → 200 Mbit/s bandwidth /user 60K+ wireless terminals

Huawei IT Wireless covering all scenarios

Difficult to
Manager's office The office Meeting room Video conferencing surge guarantee app. experience
20%↑ for number of video conferences 2.8+ million emails/day
600k video conferences/month
80% of campus traffic are video conference traffic

hallway Garage canteen

Heavy O&M pressure

All Wired Mainly wireless All wireless IoT O&M efficient decrease

1994 2003 2015 2018 Complex networking, 3000+ app.， 15 O&M engineers

Cause fault locating > 120 minutes 160k switches and APs
Three SSIDs cover global services.
Huawei High-Quality 10 Gbps CloudCampus: The Preferred Choice for Your Digital
and Intelligent Journey
Gartner® Magic Quadrant™ Leader

Digital map for campus 10x ↑

O&M experience
One person managing a campus with O&M
Campus digital upgrade tens of thousands of users
map efficiency

IaaS Internet SaaS

Audio & video and VIP

S16700 S8700 experience assurance 0
Application
10/25/40/100GE
experience Always-smooth audio & video video
conferencing, conference
upgrade always-optimal VIP user experience interruptions
2.5/5/10GE 2.5GE

Upgrade to Wi-Fi 7
AE 6776-56TP AE 8771-X1T AE 6776I-X7TH AE 5776-26 AE 5773-23HW

Full-Scenario Wi-Fi 7，13 devices

Wireless Tolly-verified: 4.33Gbps for a single 4x ↑
experience terminal
terminal
Smooth 30-channel 4K VR video
upgrade conferencing speed
Bandwidth Assurance: 2.5GE Is Now, 5GE/10GE Is Ready

Typical scenarios Huawei-unique solution & benefits

40GE  100GE  400GE

Manufacturing AOI
High bandwidth
7–8 Gbps (10 channels/site)
Core layer Industry's highest performance,
one-off network construction
100/400GE Peace of mind for the next 10 years
Aggregation
layer
Medical image reading
PEC/CT scan: 2.5 GB/time 10GE  25GE  40GE
3D image reading: 2.5 GB/time
High-density and high-bandwidth
25/40GE Smooth service evolution

Access layer

GE  2.5GE
2.5/10GE
2.5/10GE Upgrade without replacing cables
Collaborative office Wireless office 10M 100M 1GE 2.5GE 10GE
Computer/Laptop Upgrade to Wi-Fi 7
Wide adoption of 2.5GE NICs 2.5GE as a start rate 197 199 200 2024 20X
6 4 9 X

Wi-Fi 7 AP Remote RU
CloudEngine S-Series Switches, Building a High-Quality 10 Gbps Campus Network
CloudEngine
S5735I-H/S-V2
S5731I-L
CloudEngine
S16700

CloudEngine
S12700E

CloudEngine
S8700

CloudEngine
CloudEngine S6780-H (2 U) CloudEngine
CloudEngine S5732-H S6750-H/S S7700 CloudEngine
S5735-S/L S5732-H-V2 S6730-H/-H-V2 S5731-H
S5735-S/L-V2 S5755-H S5731-S CloudEngine
S5735R-L-V2 S5731-L-RUA
S5751-L-RU

Bandwidth Assurance Energy Saving Smart Architecture Top-Notch Security

• Access-layer bandwidth upgrade: 2.5
Gbps to the desktop, 10 Gbps to the
room/AP
• High-density core: 25GE/40GE
aggregation and 100GE/400GE core
• Elastic scaling: upgrade to 2.5GE without
replacing cables, RTU licensing for port
rate upgrade as required
• Architecture-level energy saving: passive
Ethernet network (PEN), no need of ELV
rooms, reducing cabling and network-
wide energy consumption and costs
• Device-level energy saving: energy-
efficient ports and intelligent fan speed
adjustment for lower power consumption
during device running
• Simplified architecture: one device for
one network
• Intelligent O&M: entire-network visibility,
automatic optimization within 5 minutes
• Experience assurance: application
identification + slicing, experience
assurance for 30k users via one card
• Encryption algorithm: end-to-end
MACsec, anti-eavesdropping
• Anomaly detection: built-in probe, 100%
anti-spoofing
• Terminal identification: 100%
identification of top terminals via a
terminal fingerprint database
CloudEngine S5735-L-V2 Simplified 2.5GE Switch
24/48 x 10M/100M/1000M/2.5GE
electrical ports
New
Built-in fans
S5735-L24PN4XE-A-V2
S5735-L48LPN4XE-A-V2
High-speed access:
• 2.5GE, backward compatible with 10M/100M/1000M, paving
4 x 1/10GE
the way for future upgrade and evolution
optical ports
2 x 12GE Ultra-high-speed uplink:
dedicated
stack ports • 4 x 10GE uplinks, 2 x 12GE dedicated stack ports
Easy maintenance:
• Dying gasp (timely alarm upon a power failure) and one PNP
button (which can reset the switch and restore factory settings)
Extensive ports:
• 8/10/16/24/48 x GE downlink ports, 4 x GE/10GE uplink
ports, enabling multi-terminal access
• 2 x 12GE dedicated stack ports, saving uplink ports and
supporting configuration-free stacking
Green and energy-saving:visualized network O&M
Huawei wi-fi Intelligent
solution
Root Causes of Poor User Wireless Experiences

Signal Signal User Roaming

Poor Coverage Strong Interference Low Bandwidth Discontinuity

AP1
AP3
11
11
AP2
6

• High transmission • Co-channel signals • A large number of STAs • Sticky STAs do

attenuation overlap, leading to contend for air interface not roam.
• Poor obstacle severe interference. resources, resulting in low per • Roaming
penetration capability • No filtering is performed capita bandwidth. handover is slow.
on adjacent frequencies, • Low-speed STAs occupy air
causing severe interface resources. As a
interference. result, low bandwidth is
available for high-speed STAs.
Application Experience Upgrade: Dedicated Services for VIP Users

As-Is: no user differentiation To-Be: customized policy for VIP users

Resource sharing by VIP and common users Dedicated resources for VIP, preferential access anytime, anywhere

Policy definition | Experience management

VIP

Dedicated lane
for VIP users
Preferential access
• Exclusive super frame tech. < 50 ms vs. > 200 ms
anytime, anywhere
• Dedicated slices for VIP users (industry average)

+
Resource reservation VIP-targeted
for VIP users optimization
Common
user
Signal enhancement VIP user
Poor office experience for executives, for VIP users
complicating compliant handling • per-packet power control Huawei-only
• Signal enhance for VIP users
+
Proactive care
POS PDA for image Conferencing
machine
AGV
reading terminal
for VIP
VIP
Common user
VIP user: E2E full- Real-time VIP experience
Hard to achieve key service assurance on terminals user
journey visualization evaluation and proactive care
Fault warning
Wireless Experience Upgrade: Green Fully-Wireless Campus with 30% Less
Power Consumption

Trends and challenges AI algorithm

Solution benefits
Power consumption curve
As-Is
To-Be
Traffic
00:00 12:00 00:00 12:00 00:00
Energy-saving Issue detection
mode (industry)

Campus digital map and AI-powered energy saving

Invisible energy saving
Network-wide/Site/Building
30%
Energy saving policy Policy Policy self-
Dependence on manual experience implementation recommendation AI-powered energy
Energy saving visualization, AI- saving: 8 hours/day
CloudEngine S16700/S8700
powered policy recommendation
10GE/25GE/40GE/100GE

CloudEngine S5755-H/S5732-H CloudEngine S5735-V2

IoT
Security network 35%
GE/2.5GE/5GE/10GE GE/2.5GE
Office network
Power consumption of the
Unified network construction, one simplified architecture
2 km PoE Wi-Fi 7 AP network for multiple services

CloudEngine S5731 AirEngine 8771 AirEngine 6776 AirEngine 5773

19%
Power consumption per AP

Public Cable-free simplified architecture with

Education Healthcare Airport Manufacturing Retail Finance smart antennas, high device integration
services
AP: 5-layer design, low integration
Innovative antenna hardware architecture design, cable free leads to more
reliable, lighter and compact

Plastic front cover

Antenna Die-casting rear cover

Die-casting shielding cover

PCB + antenna
PCB

5 layer -> 3 layer

Die-casting rear cover Plastic front cover

Height Power consumption Weight

(Max.)

61mm 55.0W 1.85 Kg

20%↓ ＜50mm 19%↓ 44.4W 24%↓ 1.4 Kg
Wi-Fi 6 AP Wi-Fi 6 AP Wi-Fi 6 AP

Smaller size, saving logistics and warehousing costs Lower power consumption and significant power savings Light weight, easy to install, saving transportation costs

*Wi-Fi 6 (AirEngine 8760-X1-PRO) vs Wi-Fi 7 (AirEngine 8771-X1T)

Wlan Networking architecture 1/2
Leading Industry Standards, Known as a Key Contributor in the Wi-Fi Field

Huawei contributions Wi-Fi standard contribution ranking

IEEE 802.11ax (Wi-Fi 6)

chair
Osama Aboul-Magd (Huawei)

IEEE 802.11be (Wi-Fi 7)

technical editor
Edward Au (Huawei)

No. 1 Wi-Fi 7

No. 1 Wi-Fi 4 to Wi-Fi 7

Source: IPlytics
Huawei Named a Leader in the 2024 Gartner Magic Quadrant for Wired
&Wireless LAN Infrastructure

Continuous Innovation and Advancement

Named a Leader for strong Wi-Fi 7 portfolio, and
network assurance capabilities for high-quality
experience in key applications and VIP users.

2024
Huawei strengths

• Strong product portfolio: Huawei has a robust wired and

wireless product portfolio that continuously monitors
connectivity to increase performance and stability.

• Experience-centric network configuration and

management: The iMaster NCE-Campus network
management platform provides experience-centric wired and
wireless LAN service quality and network assurance services.
2024Gartner MQ report
Magic Quadrant™ for Enterprise Wired and Wireless LAN Infrastructure
Huawei Intelligent Network
admission control solution
What Is Admission?

Admission is to authenticate and authorize users attempting to access the network for the purpose of network
security. This ensures that only authorized and qualified users can access the network.

Determine
Check user
accessible
identity.
resources.
Access Identity
request validity

Identity Enterprise
Authorization
authentication network

5W1H-based user
Denial of access requests
authorization
from unauthorized users
Campus Networks, Requiring Unified Policy Management and Control

 Diversified access modes

Wired, wireless, and remote access
 Diversified user types
Enterprise staff, network management personnel, guests, and
Internet External remote partners
Wi-Fi access to the
headquarters access  Diversified terminal types
PCs, laptops, tablets, phones, printers, IP phones, company
WAN terminals, and bring your own devices (BYODs)
 Diversified applications, without assurance for user
experience

Wired access to the Various service applications such as emails, voice over IP
headquarters (VoIP), video conferences, and e-flows
External Wi-Fi access  Intensified security threats
Wired/Wireless access to System vulnerabilities, terminal viruses, and malware
enterprise branches
Intelligent Policy Engine, Achieving Refined Permission Control

Condition: Result: refined permission control

User
User/User group/Role identity Access
VLAN/ACL/Security group and VIP user
Who permission

Access location
Site, region, device group, device type,
Where
device, SSID, and IP address
Bandwidth Uplink/Downlink bandwidth and DSCP
Access time
By week/time point When High/Medium/Low
Traffic and online duration control
QoS
Terminal type (supported only in Portal
PC/iOS/Android What authentication mode)
Intelligent
Device attribute policy engine Application Application group/Application
Company-provided/BYOD
Whose
terminal

Wired/Wireless Access mode

Portal, MAC address, and 802.1X How Security URL filtering
authentication
Anti-Private Access: Zero Unauthorized Access, Enhancing Network Security

Scenario
description A student connected the router to the switch of the school without permission to access the Internet. As a result, the network was abnormal.

iMaster NCE-Campus:
• Unauthorized access
identification Rule Type Description Result

• Alarms and blocking Only the whitelisted terminals are authorized. Other terminals including All non-whitelisted terminals are
Whitelist
Definition unidentified terminals are unauthorized. unauthorized.

Blacklisted terminals are unauthorized. Other terminals including All blacklisted terminals are unauthorized and
Blacklist
unidentified terminals are authorized. other terminals are authorized.

Information Proactive
reporting scanning Identification Method Application Scope Details Scheduled Scanning

Authenticated Terminal information identification during

Terminal identification Not required. Authentication is triggered.
terminals authentication
Identification
Network device side: Unauthenticated Nmap- and SNMP-based scanning by IP Required. The scanning period can be set to
Scheduled scanning
• Authentication or scanning terminals address segment once, daily, weekly, etc.

• Terminal information reporting

Application
Processing Method Description Automatic or Not Later Operations Others
Scope

When a terminal connects to a

No, manual
Access blocking different access device upon its
MAC address–based operations are
based on MAC Wireless/Wired Cancel blocking second-time access, an alarm is
blocking required for batch
addresses generated and the terminal
processing.
Blocking access is blocked.

When a terminal connects to a

No, manual • Cancel blocking
Access blocking different access device upon its
operations are • Enabling it on the
Port shutdown through port Wired second-time access, only an
required for batch device
shutdown alarm is generated and the
processing. configuration page
terminal can access network.
Anti-Spoofing: Abnormal Traffic Behavior Detection, Ensuring Continuous
Trustworthiness
Free Mobility: Policy Mobility, Ensuring Consistent User Experience

Network WAN/Internet User: xx

resources
Location: Shenzhen

Network
resources

Network Network
Silicon Valley
resources resources

1. Policy: permission
2. Policy: security
Shenzhen 3. Experience:
priority/bandwidth

Douala

Users can access the network anytime and anywhere, ensuring consistent service policies and network experience.
Huawei SD-WAN Intelligent
solution
Challenges Faced by WAN Network Reconstruction

High private lines Difficult to guarantee Multi-cloud poses Low network O&M
bandwidth cost application experience security risks efficiency

MSTP LTE Public

Private

SaaS

Services level are not be

75% increase in WAN Network security risks Smart branches and smart
guaranteed, and service
traffic to DC/HQ/IaaS/SaaS exist when the branches applications make the O&M
continuity is poor
20Mbps MPLS network for directly access multi- of services, applications,
Poor network construction
1000 sites costs 10M/year cloud applications and networks more complex
quality

Explore 5G, private line, Differentiated network Local security + Centralized Unified management and
and Internet technologies service capabilities cloud security services control, intelligent O&M
Huawei SD-WAN Solution for Enterprise

One network connection to multiple

clouds, providing always-on services
anywhere
 A series of software and hardware gateways,
enabling flexible interconnection between the
HQ HQ, branches, and cloud
NetEngine AR8000  AR6700V-L: one hop to six public clouds,
implementing multi-cloud interconnection
DC/Private cloud Intelligent traffic steering and
MPLS
optimization, ensuring application
AWS
experience
Branch Alibaba Huawei Cloud
NetEngine AR6700/6000/600
SD-WAN Cloud
eCloud
 Application-based intelligent traffic steering,
AR6700V-L Azure ensuring that applications are always transmitted
Internet /AR6700V IaaS over the optimal link
 Diversified application optimization technologies,
such as A-FEC for video optimization and multi-fed
Office 365 and selective receiving for zero packet loss

Salesforce
SOHO Dropbox Intelligent O&M, reducing OPEX
NetEngine AR600 5G/LTE SaaS
 Device plug-and-play, implementing ZTP
 Intelligent policy recommendation and simulation
verification, providing optimal global policies
Hub and Spoke Network architecture
Multiple ZTP Methods: Implementing Device Plug-and-Playar

Device plug-and-play for deployment within Registration Center

ZTP: flexible branch network deployment in different scenarios
minutes

Network Registration
DHCP USB Email
center
Register with iMaster NCE
for provisioning
5G

5G/Internet/MPLS

Different interfaces: Ethernet, LTE, xDSL, etc.

NetEngine AR Different access modes: static IP address, PPPoE, DHCP, etc.

Different deployment scenarios: dual-CPE, batch deployment, device

replacement, etc.
Power supply
Traffic Policy: Hierarchical QoS, Ensuring Fine-Grained Service Quality

Hierarchical traffic scheduling, fine-grained service quality guarantee, and

Requirements & Challenges
effective bandwidth utilization guarantee
Service layer Port layer
Enterprise departments are of different
importance. How to provide services of
differentiated quality and bandwidth guarantee
for these departments?

Application-based policy VPN-based policy Interface-based policy

Low bandwidth efficiency
Per-flow/Per-packet load balancing
High-quality links are not congested, and the bandwidth efficiency is greater than 90%.
Traffic classifier: Traffic can be classified
based on the IP 5-tuple information,
application group, and DSCP.
Traffic behavior: Queue priority-based
scheduling, bandwidth limiting (CAR or
traffic shaping), and DSCP re-marking are
supported.
Between VPNs: The proportions of The bandwidth limit can
bandwidth occupied by different VPNs be set for each interface.
to the total bandwidth of physical links
can be set.
Inside a VPN: The bandwidth allocation
ratio between the local breakout and
overlay tunneling for each VPN can be
set.
Application Experience–Centric Intelligent Traffic Steering, with Bandwidth
Utilization Reaching 90%
Traffic steering based on link quality Traffic steering based on load balance

4 3 2 1 4 3 2 1 Flow P1
MPLS 2 1
4 3 2 1 Flow P2
Application
4 3 2 1 Flow P3 4 3 2 1
identification
Link switchover is triggered if the 4 3 2 1
quality is lower than the SLA MPLS
threshold.
HQ Application
Branch identification (100 Mbit/s)
Internet HQ
4 3
Branch
MPLS
4 3 2 1 (50 Mbit/s)

Traffic steering based on bandwidth utilization

Higher-priority applications Higher-priority applications

4 3 2 1 4 3 4 3 2 1
4 3 2 1
70% 4 3 2 1

Application
identification
MPLS Application
identification
MPLS 50%
Branch HQ
Branch HQ
Lower-priority applications Internet
Lower-priority applications Internet
4 3 2 1
4 3 2 1 4 3 2 1 2 1

If the bandwidth utilization is greater than 70% (configurable), traffic of If the bandwidth utilization is less than 50% (configurable), traffic of
higher-priority applications is preferentially processed. lower-priority applications is switched back.
Intelligent A-FEC : Ensuring No Frame Freezing Even at 30% Packet Loss of Links

FEC redundant packet Zero packet loss for

Key application 10% packet loss on links key applications

8 7 6 X 5 4 3 2 1

5 4 3 2 1
8 7 6
NetEngine AR HQ
Internet
Non-key application traffic Branch

Intelligent A-FEC： ensuring NO Frame Freezing even at 30% Packet loss of links

Service experience
optimized

Traditional solution: frame freezing and artifacts at Huawei: no frame freezing or artifact even at 30%

3% packet loss packet loss

forwarding error connexion

Diversified VPNs: Providing Secure Channels for Enterprise Branch
Interconnection

Branch A Enterprise DC

IPsec DSVPN

Branch B Internet

Branch C

Enterprise HQ
Mobile employee

Branch D

Scenarios Solutions and Benefits

 Interconnection between enterprise branches and HQ: The HQ and
enterprise branches communicate with each other, involving multicast
service requirements such as video conferencing.
 Interconnection between enterprise branches: High security is required for
communication between enterprise branches.
 Mobile office: The access location is flexible.
 GRE over IPsec VPN solution: Multi-protocol secure interworking,
supporting multicast, broadcast, and non-IP packets
 IPsec DSVPN solution: On a hub-spoke network, branches dynamically
establish secure VPN connections as required.
 L2TP over IPsec VPN solution: L2TP dial-up of clients and IPsec encryption
for P2P and E2E secure interconnection as required
V600: DSVPN and DSVPN over IPsec, with a Maximum of 6000 Tunnels
Supported by the AR8140 Hub

As-Is Traditional branch VPN Increase in the maximum number of branches

interconnection solution Scenarios and challenges:
and models
Hub • No direct communication between branches: In a connected to a single device at the HQ
multi-branch enterprise that uses traditional VPN
technologies, branches cannot directly communicate
with each other.

Spoke Spoke • Heavy load on the HQ: Communication between

branches can only be forwarded by the HQ, resulting
in heavy load on devices at the HQ. DSVPN tunnel specifications in V600
DSVPN • Low configuration efficiency: When a branch is
added, VPN tunnels need to be manually configured, Hub Device Number of Tunnels
which is inefficient and error-prone.
Spoke
AR8140 6000

To-Be AR8700-8 6000

DSVPN interconnection solution AR6710-H 3000
Solution and benefits:
Hub AR6710-L14 200
• Dynamic VPN tunnel establishment between
branches through DSVPN AR6710-L8 200

• Direct communication between branches, reducing Maximum number of access

load on the HQ and network latency
Spoke Spoke tunnels in V600: 6000
• Automatic maintenance of the tunnel relationship
between the HQ and branches when a branch is
DSVPN added or the public network address of a branch
changes, making network maintenance intelligent
Spoke and convenient
Flexible Networking Models, Meeting Diverse Branch Network Requirements
RR
Hub Backbone
area Border
Area
Hub-spoke Hierarchical networking
Scenario: 80% of Scenario: This
enterprises use networking is applicable
this networking. to large-scale multi-
Generally, the HQ branch enterprises. This
and DC function networking can be
as hub sites, and considered as a
branches function combination of single-
as spoke sites. layer networks. The WAN
Branches access is divided into multiple
server applications areas, which are
deployed in the interconnected through
HQ or DC through the centralized backbone
the WAN in a area to implement cross-
centralized manner. area communication
between a large number
of sites.
• Multiple networking models
RR RR Hub-spoke, full-mesh, partial-mesh,
hierarchical networking, etc.
• Hub redundancy
Single hub and dual devices, and dual-
hub (a maximum of eight service hub
Full-mesh Partial-mesh
nodes are supported)
If a hub node is faulty, a site automatically
Scenario: This Scenario: This switches to the hub node with a lower
networking is networking is a priority.
applicable to special type of the
enterprises full-mesh
requiring direct networking. When • Link redundancy
service access an underlay network  Intelligent traffic steering among 20
between branches. is available to links supported by two CPEs (a
Service data does directly connect
maximum of 10 links for a single CPE)
not need to sites, traffic is
traverse other directly sent  Escape link supported
intermediate sites. between sites.
Otherwise, sites
• CPE redundancy
communicate with
Two CPEs are deployed at a site for
each other through
redundancy. VRRP or route switchover is
the redirect site. used to implement backup.
Local Breakout: Difficult Border Security Protection

Internet
Internet Internet

HQ
HQ HQ

MPLS Internet Internet Internet Internet

MPLS MPLS

Branch Branch Branch Branch Branch Branch

To ensure Internet access security, conventional

In local breakout mode, security devices Built-in firewall, IPS, antivirus, and URL
enterprise branch egresses need to use private
need to be deployed at each branch, filtering are configured to implement
lines (requiring high costs) to divert traffic to the
resulting in high costs and complex local breakout, reducing deployment
HQ, and then the dedicated firewall at the HQ
management. costs and ensuring the security.
provides border protection.
ATMs: Wide temperature SD-WAN and dual-link high-reliability uplinks
facilitate efficient ATM service connection

Off-site ATM deployment and

diverse working environments

• Extended operating temperature range: –40°C to

+70°C
• Easy to find: GPS support for easy ATM locating
• High reliability: dual-uplink design for service AR631I
assurance
• Height: 40 mm

AR631I-LTE4EA

LTE-1
‘[[[[ LTE-2

-40°C to +70°C
GPS/BeiDou

Dual LTE links for high reliability Always-on ATM services Easy to find ATMs
at extreme temperatures
Flexible Built-in 6 Enterprise-level Security Capabilities

Abundant built-in security capabilities,

saving costs and simplifying O&M
• Built-in L7 application identification and control, 6 enterprise-level
security capabilities, ensuring Internet access security, reducing costs,
and facilitating management but requiring no additional devices

Built-in firewall Antivirus filtering Data encryption

Stateful inspection and packet 5+ million signatures Mainstream VPN
filtering firewalls Remote real-time update of encryption protocols
the virus signature database
Remote URL filtering IPS Application-level ACL
140+ categories, > 96% accuracy 1600+ attacks detected, > 90% 6000+ applications in the SA
Fine-grained Internet access detection rate database, user-defined applications
control Remote real-time update of the Fine-grained control
Real-time remote query IPS signature database
Full Lineup of SD-WAN-Capable NetEngine AR Routers:Superior Performance
and Extensive Ports
HQ/Large branch
NetEngine AR8140(1U)
•Up to 25Gbps forwarding
performance
•10 x 10GE SFP+, 8 x GE Combo,
4 x GE
•4 x SIC
NetEngine AR6300 (3U)
•Up to 12Gbps forwarding
performance
•14 x 10GE SFP+, 10 x GE(Dual SRU)
•4 x XSIC,2 x WSIC,4 x SIC
NetEngine AR6280 (2U)
•Up to 12Gbps forwarding
performance
•14 x 10GE SFP+, 10 x GE(单 SRU)
•2 x XSIC,2 x WSIC,4 x SIC
NetEngine AR8700 (2U)
•Up to 30Gbps forwarding
performance
•8 x 10GE SFP+, 8 x GE Combo,
1 x 40GE
•2 x MPU, 1 x SPU, 8 x SIC
Midsize branch
Update
NetEngine AR6710-H(1U)
NetEngine AR6710-L14T2X4
•Up to 13Gbps forwarding
performance •Up to 4Gbps forwarding
performance
•2 x 25GE SFP28, 4 x 10GE
•LAN: 4 x GE Combo, 8 x GE
SFP+, 4 x GE(Single or Dual
•WAN: 2 x 10GE SFP+, 2 x GE
SRU)
•2 x WSIC, 4 x SIC
•2 x XSIC/4 x WSIC/6 x SIC+1 x
WSIC •Built-in two power modules
NetEngine AR6710-L26T2X4
NetEngine AR6710-L26T2X4-T
/NetEngine AR6710-L50T2X4
NetEngine AR6710-L50T2X4-T
NetEngine AR6700V •Up to 2Gbps forwarding performance •WAN: 1 x 10GE SFP+, 2 x GE Combo
•LAN: 24/48 x GE;
• SD-WAN performance :
•WAN: 2 x 10GE SFP+, 2 x GE
200Gbps
•4 x SIC
• Multi-tenancy: 2K
•Two power modules, hot-swappable
NetEngine AR6710-L8T3TS1X2
NetEngine AR6710-L8T3TS1X2-T
NetEngine AR6700V-L
•Up to 2Gbps forwarding performance
• SD-WAN performance :
10G/5G/2.5G/300Mbps •LAN: 8 x GE,1 x GE Combo;
•16v/8v/4v/2vCPU •WAN: 1 x 10GE SFP+, 2 x GE Combo
•2 x SIC
•Built-in power modules
NetEngine AR6140E-9G-AC
•Up to 2Gbps forwarding
performance
•LAN: 2 x GE SFP, 3 x GE
•WAN: 2 x GE SFP, 2 x GE
•4 x SIC
•Built-in two power modules
NetEngine AR6121E
•Up to 2Gbps forwarding
performance
•LAN: 8 x GE, 1 x GE Combo
•2 x SIC
NetEngine AR611
NetEngine AR611-LTE4EA
•Up to 300Mbps forwarding
performance
•LAN: 4 x GE
•WAN: 1 x GE Combo
•1 x LTE(AR611-LTE4EA)
Small or midsize branch
NEW
NetEngine AR5710-S8P2X NetEngine AR5710-S8T2XE
NetEngine AR5710-S28T2S2XE4 NetEngine AR5710-S10
NetEngine AR5710-S8T2X NetEngine AR5710-S8T2XE-LTE4EA-T
NetEngine AR5710-S52T2XE4
NetEngine AR5710-S8T2X-LTE4EA •Up to 1Gbps forwarding •Up to 1Gbps forwarding
•Up to 1Gbps forwarding
•Up to 1Gbps forwarding performance performance performance
performance
•LAN: 4 x GE combo + 4 x GE (POE++) •LAN: 4 x GE combo + 4 x GE •LAN: 4 x GE combo + 4 x GE
•LAN: 24/48*GE
•WAN: 2 x 10G SFP+ or 2 x 2.5GE •WAN: 2 x 10G SFP+ or 2 x 2.5GE •WAN: 1 x 10G SFP+ or 1 x
•WAN: 2*10GESPF+, 4*GE
•1 x LTE( AR5710-S8T2X-LTE4EA) •1 x LTE (AR5710-S8T2XE-LTE4EA-T) 2.5GE + 2 x GE
•4*SIC
•2GB memory •4GB memory module supports •2 x SIC
•Built-in two power modules
advanced security
NetEngine AR651EW NetEngine AR657W NetEngine AR651
NetEngine AR5710-H8T2TS1
NetEngine AR651W-8P
NetEngine AR5710-H8T2TS1-T •Up to 2Gbps forwarding •Up to 2Gbps forwarding
•Up to 2Gbps forwarding
performance(boost license） performance(boost license
•Up to 2Gbps forwarding performance(boost license)
•LAN: 8 x GE •LAN: 8 x GE
performance(boost license) •LAN: 8 x GE(PoE+)
• LANt: 8 x GE •WAN: 2 x 10GE SFP+, 2 x GE •WAN: 2 x GE Combo+1 x VDSL
•WAN: 2 x GE Combo
•WAN 2 x GE Combo •802.11ax/ac/b/g/n(Wi-Fi 6) •1 x MIC
•1 x MIC
•1 x MIC •802.11ac 2 x 2 MU-MIMO
•1 x MIC •802.11ac 2 x 2 MU-MIMO
(AR651)
Small branch Industrial model
NEW
NetEngine AR611W NetEngine AR617
NetEngine AR617VW NetEngine AR631I-LTE4EA
NetEngine AR611W-LTE6EA NetEngine AR617VW-LTE4EA NetEngine AR617-LTE4EA
•Up to 500Mbps forwarding
•Up to 300Mbps forwarding •Up to 300Mbps forwarding performance
•Up to 300Mbps forwarding
performance performance
performance •LAN: 3 x GE,1 x GE Combo
•LAN: 4 x GE, 2 x FXS
•LAN: 4 x GE •LAN: 4 x GE •WAN: 1 x GE Combo
•WAN: 1 x GE Combo •WAN: 1 x GE Combo+1 x VDSL
•WAN: 1 x GE Combo •IP40
•802.11ac 2 x 2 MU-MIMO
•802.11ac 2 x 2 MU-MIMO •1 x LTE (AR617-LTE4EA) •-40°C~ 70°C
•1 x LTE Cat6 (AR611W-LTE6EA) •1 x LTE (AR617VW-LTE4EA)
•1 x LTE
*Default forwarding performance: NAT, ACL, and QoS services plus forwarding bandwidth (bps, IMIX packets)
Medium and large branches: Switch, router, and firewall are all in one device

Too many devices, difficult O&M, and high costs Huawei Solution and Customer Benefits

Topology diagram
Head/Branch office
Internet
• Access device: router LTE/5G

• Interconnection device: switch ..

.
• Network security device: firewall Branch 1 Branch N NetEngine AR5710

• Router, switch, and firewall are integrated to reduce the number of NEs, simplify O&M, and
save equipment room space.
• Hybrid operation, and low forwarding latency in securities trading

48/24 GE ports, fast LAN

High Switch
Equip
ment
cabin
et
connection
Self- room
area
Low
servi
cabin
ce
et

+
area
area
Waiti
ng
Guide area

Intelligent traffic steering,

d tour
area

Router application-level experience NetEngine AR5710

assurance Hyper-converged all-in-one device
+
Six enterprise-level security
Security capabilities and secure cloud Application Antivirus IPS URL Filter FW ACL
migration control
O&M Experience Upgrade with Digital Map: One Person Managing a Campus
with 10k+ Users
AS-IS TO-BE
Connection-centric O&M Experience-centric O&M
XX University

Reactive management: 30+ 4-dimensional

faults reported per day
experience,
6 persons maintain the 65k 0 user complaints
users, exhausted in
troubleshooting

Fault locating > 120 minutes Spatiotemporal

playback,
Reliance on report from minute-level AI
students , reliance on
manual experience positioning

Closure rate of
occasional faults < Intelligent policy
50% NCE-Campus/NCE-CampusInsight recommendation,
Numerous tickets,
several days to Wi-Fi 100% closed-loop
LAN
handle, difficult to trace LAN
Wi-Fi
historical faults
SD-WAN
Dashboard Monitoring: Global Insights into Networks and Ultimate O&M
Experience

Network resource
statistics
GIS map

Alarm statistics

Application Network
statistics performance
statistics

Multi-dimensional data On-demand customization Ultimate experience

Unified display in five dimensions, global Flexible layout and focus on key Excellent visualization effect,
insights into networks points enhancing experience
HUAWEI SD-WAN Benefits

Cost Optimization High Efficiency Security & Reliable

 Cloud Ready WAN  Centralized Management and Visibility  Reduced Network Downtime
 Opex Cost Reduction  Real-time Network & Application  High Level of WAN Visibility
Visibility
 Higher Link Utilization  Secure End to End Encryption
 Visibility, Scalability, Performance and across the entire WAN
 Overhead Reduction control are Enhanced
 Fully Authenticated WAN devices
 Zero Touch Deployment of remote
sites
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright©2023 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.