Upload
others
View
74
Download
2
Embed Size (px)
Citation preview
Обзор новинок сетевых продуктов Huawei
Security Level:
Huawei Confidential4
20 Series, 108 Models of New Products: A New Engine for IP Market Growth
DCN5 switch models
WAN19 router models
Security12 firewall models, 3 anti-DDoS
models
108 new models to be launched in 2019 Q3/Q4
Campus68 switch models, 1 WAC model
CloudEngine 16800 series
CloudEngine 6881/6863
NetEngine 8000/40E series
NetEngine
AR6300/6100/650 series
HiSecEngine
USG12000/AntiDDoS12000 series
USG6600E/6500E series
CloudEngine S12700E series
CloudEngine S67/57xx series
Huawei Confidential5
Campus Switches
Huawei Confidential6
Новая линейка коммутаторов для кампуса: Cloud Engine
S-seriesModular switches
CloudEngine S7700 series smart routing switches
CloudEngine S7703 (MCUD)
10GE fixed switches GE fixed switches
CloudEngine S12700E series
CloudEngineS12700E-12
CloudEngineS12700E-8
CloudEngineS12700E-4
CloudEngine S6730-H series
CloudEngine S6730-S series
CloudEngineS6730-H48X6C
CloudEngineS6730-H24X6C
CloudEngineS6730-S24X6Q
CloudEngine S6730S-S series
CloudEngine S6730S-S24X6Q-A
CloudEngine S5732-H series
CloudEngineS5732-H48S6Q
CloudEngineS5732-H24S6Q
CloudEngine S5731-H series
CloudEngine S5731-H24P4XC
CloudEngineS5731-H24T4XC
CloudEngine S5731-H48P4XC
CloudEngineS5731-H48T4XC
CloudEngine S5731S-H series
CloudEngine S5731S-H24T4XC-A
CloudEngine S5731S-H48T4XC-A
CloudEngine S5731-S series
CloudEngine S5731-S24P4X
CloudEngineS5731-S24T4X
CloudEngine S5731-S48P4X
CloudEngineS5731-S48T4X
CloudEngine S5731S-S series
CloudEngine S5731S-S24P4X-A
CloudEngine S5731S-S24T4X-A
CloudEngine S5731S-S48P4X-A
CloudEngine S5731S-S48T4X-A
*
*: CloudEngine S12700E-12 will be available at the end of Setember.
Huawei Confidential8
CloudEngine S12700E Series Agile Switch is Coming
Specifications S12700E-4 S12700E-8S12700E-12
(2019.9.30GA)
Main Processing Unit MPUA MPUA MPUA
Switch Fabric Unit :Slot
bandwidth
SFUE:1.6Tbps/Slot
SFUH:2.4Tbps/Slot
SFUE:1.6Tbps/Slot
SFUH:2.4Tbps/SlotSFUM:2.4Tbps/Slot
Height 10U 15U 19U
Maximum port density192×GE/192×10GE
/96×100GE384×GE/384×10GE
/192×100GE576×GE/576×10GE
/288×100GE
Huawei Confidential9
CloudEngine S12700E: Industry-Leading Core Switch
Ideal for Campus Networks
CloudEngine S12700E Distributed switching
Separation of control
and forwarding planes
Higher device reliability
and more smooth upgrade
MPU
Fabric
Industry-unique cell switching
Solar
Dynamic load
balancing
Non-blocking services,
zero packet loss
High port density
Total 12 service slots
288 x 100GE ports
One S12700E = 6
comparable switches
from peer vendors
Huawei Confidential10
CloudEngine S12700E: Industry-Leading Core Switch
Cell switching FIB 512KService port
stacking
Policy
association
control device
Parent node
in an SVF
system
Integrated
WLAN ACFree mobility iPCA
Netstream MPLS
TelemetryIntelligent O&M
NGSF
architecture Zero packet loos
HQoSRefined traffic
management
Typical Application Scenarios
Key Features
Scenario Description
Large- and
medium-sized
campuses
• Functions as a core switch and integrates the WLAN AC
capability to improve the wireless capacity and
forwarding capability
• Integrates wired and wireless policy control to reduce
configuration workloads and faulty nodes.
Virtualized
campuses
Functions as a border node on a VXLAN campus network,
and works together with the Agile Controller to build a
campus network for multiple purposes, improving the
network resource utilization by 30%+.
Large bandwidth
interconnection
scenarios in
campuses
Achieves 100G interconnection between the campus
network and DC, between the campus network and WAN,
and within campuses, meeting fast-growing service
requirements of campus networks.
VXLANVirtualization
Telemetry
CloudEngine
S12700E-4
CloudEngine
S12700E-12CloudEngine
S12700E-8
High-density
100GE
57.6 Tbit/s
switching
capacity
Control and
forwarding
separated
MPUE
SFUE
100G card (X6E/X6S) 10GE card (X6E/X6S)
GE optical card (X6E/X6S)
GE electrical card (X5E/X5S)
Huawei Confidential11
CloudEngine S6730-x10GE Fixed Switches
CloudEngine S6730-H
Integrated AC(1K AP,10000 Users), Free
Mobility ,iPCA,VxLAN,Netstream,Telemetry,SVF,Application identification, ECA,
Deception,MPLS,IPv6,1588v2, iStack ,128K MAC,140K ARP,192K FIBv4, 80K FIBv6,
6K ACL,1M Netstream,4095VxLAN BD,16K VxLAN IPv4,4K VxLAN IPv6
CloudEngine S6730-SVxLAN,Netstream,Telemetry,SVF,Application identification,ECA, Deception ,IPv6, iStack ,64K
MAC,64K ARP,64K FIBv4, 32K FIBv6, 6K ACL,64K Netstream,2K VxLAN BD,2K VxLAN
IPv4,2K VxLAN IPv6
Huawei Confidential12
CloudEngine S6730-x 10GE Fixed Switches
New CloudEngine S model Historical model
S6720-16X-LI-16S-AC S6720-26Q-LI-24S-AC S6720-32X-LI-32S-AC
S
S6720-30C-EI-48S-AC/DC S6720-54C-EI-48S-AC/DC
S6720-26Q-SI-24S-AC S6720-32X-SI-32S-AC S6720-32C-SI-AC/DC
S6720-56C-PWH-SI/AC S6720-52X-PWH-SI
HS6720-50L-HI-48S S6720-30L-HI-24S
S6720-32C-PWH-SI/AC
LI
SI
EI
HI
CloudEngine S6730-H24X6C CloudEngine S6730-H48X6C
CloudEngine S6730-S24X6Q
Huawei Confidential13
CloudEngine S6730-H48X6C CloudEngine S6730-H24X6C
48 x10Gig SFP+,6 x 100Gig QSFP28
Dual pluggable power modules, 1+1 power backup,
600W AC
Four independent hot-swappable fan modules,
supporting front-to-back airflow
CloudEngine S6730-H-Huawei new-generation 100G uplink
campus switch
4-core CPU,4G RAM
ENP Chip,Agile features
24 x10Gig SFP+,6 x 100Gig QSFP28
Dual pluggable power modules, 1+1 power backup,
600W AC
Four independent hot-swappable fan modules,
supporting front-to-back airflow
4-core CPU,4G RAM
ENP Chip,Agile features
Huawei Confidential14
CloudEngine S6730-S24X6Q
24 x10Gig SFP+,6 x 40Gig QSFP
Dual pluggable power modules, 1+1 power backup,
600W AC
Four independent hot-swappable fan modules,
supporting front-to-back airflow
CloudEngine S6730-S- Huawei new-generation 10GE campus
fixed switch
4-core CPU,4G RAM
ENP Chip,Agile features
Huawei Confidential15
CloudEngine S6730-x- Key Specifications of Huawei's New-
Generation 10GE SwitchesFeature/Specification CloudEngine S6730-H CloudEngine S6730-S
Key Feature
Port Density 24/48*10G+6*100GE 24*10GE+6*40GE
ETA Y Y
MPLS Y N
IPv6 Y Y
1588 Y N
VxLAN Y Y
WLAN Y N
Free Mobility Y Y
Netstream 1M-1 64K
sFlow N N
NAT N N
SAC Y Y
iStack iStack, max 9 iStack, max 9
MACSec N N
MultiGE N N
Key Specifications
Forwarding performance 1260/1620Mpps 720Mpps
Switch capacity 2.4Tbps 2.4Tbps
Manage AP Specification 1K N
NAC Users 10000 10000(Wired)
VxLAN BD 4095(16000) 2K
VxLAN IPv4 tunnel 16K 2K
VxLAN IPv6 tunnel 4K 2K
MAC 128K 64K
FIBv4 192K max (share) 64K
FIBv6 80K max (share) 32K
MFIB 64K max (share) 4K
MFIB6 4K 4K
ARP 140K max (share) 64K
ND 80K max (share) 32K
ACL 6K 6K
Huawei Confidential16
Campus Ultra-Broadband: Multi-GE Access + High-Density
10G/40G Aggregation + 100G Core
100G/40G
Highest switching capacity in the industry, 57.6Tbps for the entire system
High-density 100GE ports, supporting 288 100Gbit/s ports
Huawei next-generation campus core switches
Core layer
Aggregation
layer
Access layer
Huawei new-generation high-performance aggregation switch
GE/10G
CloudEngine S12700E
6*100GE
24*100GE
CloudEngine S6730-H
S7703
40G/10G
CloudEngine S6730-S CloudEngine S5731-H CloudEngine S5730-S
Huawei new-generation access switch
Supports 4K VN and has the strongest virtualization capability in the industry.
Supports ECA and is the only access switch that supports encrypted traffic monitoring in the industry.
Huawei Confidential18
Multi-Purpose Network, Simple and Automatic Virtual Network
Construction
UVF(Unified Virtual Fabric)
Office
network
VLAN
Security
protection
network
VLAN
IoT
VLAN
Office
network
VLAN
Security
protection
network
VLAN
IoT
VLAN
Office
network
VLAN
Security
protection
network
VLAN
IoT
VLAN
Office
network
VLAN
Security
protection
network
VLAN
IoT
VLAN
Simplest virtual network construction
• Supports both centralized and distributed
gateway networking.
• VxLAN only required at the aggregation
layer and zero reconstruction of access
devices
• Traversing the complex Layer 3 network
and zero reconstruction at the core layer
Fully automatic virtual network
construction• Unified virtual network deployment by the
controller, featuring Zero Touch Provisioning (ZTP) ofdevices
• Automatic tunnel establishment based on the BGP-EVPN control plane
Huawei Confidential19
OPS Implements Fast Function Innovation and Shortens
the O&M Period from Half a Year to One Week
AS-IS:>half a year TO-BE:<one week
Application scenario: For customers (such as large enterprises and ISPs) who have customized O&M
requirements on networks, an OPS based on the Python language is provided to help IT administrators quickly
implement function innovation and intelligent O&M.
New requirementNew requirement
Submit the requirement
to the device vendor
Script development
Waiting…
The version is upgraded
and functions take effectThe script is loaded and
functions take effect
1. Detect configuration changes
in real time, and notify the
administrator by email or
alarm to prevent misoperation
2. Detect the access terminal
type, and add APs to VLAN 1
and cameras to VLAN 2 to
automatically isolate services
3. Detect go-offline ports
(connected to key devices),
and notify the administrator
by email or alarm.
Application examples
Huawei Confidential20
Wired and Wireless Converged Forwarding with Integrated AC
S6720-HI agile switch
Integrated AC
Wired and wireless policy
control point
Separated forwarding: Traditional box devices do not have the AC
capability. A free-standing AC must be connected to the box
device. Wired forwarding and wireless forwarding are separated.
Distributed network elements (NEs): Customers have to buy
AC devices or subcards, increasing investment and potential
failure points.
Converged forwarding: Wired forwarding and wireless
forwarding converge. A maximum of 1K APs can bemanaged.
Converged NEs: ACs are integrated on switches, reducing
investment and potential failure points.
Free-standing AC
Huawei Confidential23
EasyDeploy Solution Simplifies Deployment and O&M
2 USB-based Deployment
1
DHCP server
TFTP/FTP/SFTP server
3
4
1 The engineer uploads configuration files to the
TFTP/FTP/SFTP server.
The engineer deploys hardware.
After power on, switches automatically obtain the allocated IP address
and FTP server IP address from the DHCP server.
4 Switches obtain configuration files from the FTP server.
5
5 The NMS can be used to configure more services.
NMS
1
3
4
2
1
2
3
The engineer uploads configuration files to a USB disk.
4
The engineer deploys hardware.
After power on, switches automatically obtain
configuration files from the inserted USB disk.
The NMS can be used to configure more services.
NMS
2
2
3
Huawei Confidential24
Wi-Fi
Huawei Confidential25
AP7060: первая в индустрии точка доступа Wi-Fi6
Intelligent• SmartRadio: Ultra-low latency of 10 ms
• CampusInsight: Identify 85% of network problems
IoT Openness• Cooperation with 30+ top partners
• Wi-Fi & IoT network converge reduces TCO by up to 50%
Virtual Reality (VR)
Interactive Class
High-Density Coverage
IoT-Powered Office
Connecting people
and IoT terminals
400+ users per AP
100 Mbit/s per user
Latency < 15 ms
AP7060DN
• 8*8 MU-MIMO, 1024QAM, OFDMA
• 2.4GHz: 1.15 Gbit/s + 5GHz: 4.8 Gbit/s
• IoT expansion
Ultra-High Speed
• 4 x Higher peak bandwidth
• 4 x greater concurrency
Huawei Confidential26
AirEngine 5760-10: бюджетная точка доступа Wi-Fi 6
Intelligent• SmartRadio: Ultra-low latency of 10 ms
• CampusInsight: Identify 85% of network problems
IoT Openness• Cooperation with 30+ top partners
• Wi-Fi & IoT network converge reduces TCO by up to 50%
Virtual Reality (VR)
Interactive Class
High-Density Coverage
IoT-Powered Office
Connecting people
and IoT terminals
400+ users per AP
100 Mbit/s per user
Latency < 15 ms
AirEngine5760-10
• 2*2 MU-MIMO, 1024QAM, OFDMA
• 2.4GHz: 574 Mbit/s + 5GHz: 1.2 Gbit/s
• IoT expansion through USB
Smart Antenna
• 20% Coverage increase
• Interference suppression up to 5 dB
Huawei Confidential27
Manage up to 2K APs and 40K STAs.
Новый контроллер Wi-Fi: AE9700-M
Item Specifications
Number of ports2 x 40GE (QSFP+) ports + 12 x 10GE (SFP+) ports + 12 x
GE ports
Maximum number of managed APs 2K
Maximum number of BSSIDs 48K
Maximum number of MAC addresses 100K
Maximum number of managed STAs 40K
Protection mode 1+1 HSB or N+1 backup
Power supplyPluggable power supply, AC and DC power supply
(optional), HSB of dual power supplies
Heat dissipation Four pluggable fans
Dimensions (H x W x D)44 mm x 420 mm x 442 mm
This AC can be installed in a 600-mm deep cabinet.
University Large-sized
enterprise
Wireless city
+ +
Huawei Confidential28
The AC6508 can manage up to 256 APs and 4K STAs,
and supports the 6 Gbit/s forwarding capacity.
AC6508: контроллер начального уровня
Item Specifications
Number of ports 10 x GE electrical ports + 2 x 10GE optical ports
Maximum number of managed APs 256
Maximum number of BSSIDs 4K
Maximum number of MAC addresses 8K
Maximum number of managed STAs 4K
Protection mode 1+1 HSB or N+1 backup
Heat dissipation Natural heat dissipation (noiseless), without fans
Dimensions (H x W x D) 43.6 mm x 210 mm x 250 mm
Small- or medium-
sized enterpriseBranch campus
+
Huawei Confidential29
DC Switches
Huawei Confidential30
Обновление линейки CloudEngine DCN продуктов
1680816804
CloudEngine 16800
16816
CloudEngine 6881-48S6CQ
CloudEngine 6863-48S6CQ
10GE TOR
GE TOR
25GE TOR
40GE TOR
100GE TOR
Modular
Switch
2019 Q3Оптические
трансиверы
QSFP-40G-iSR4
QSFP28-100G-SR4
QSFP-100G-CWDM4
SFP-10G-AOC-5M
OMXD30000
SFP-10G-LR
SFP-10G-ZR
SFP-25G-SR
100G Optical Transceiver
40G Optical Transceiver
25G Optical Transceiver
10G Optical Transceiver
36*100GE36*40GE
24*40GE
48*10GE
18*100GE
Huawei Confidential31
CloudEngine 16800: Лидирующая аппаратная архитектура и
богатый функционал
CloudEngine 16808 CloudEngine 16804CloudEngine 16816
36*100GE
36*40GE
24*40GE48*10GE
18*100GE
Платформа под любые
задачиAgile Controller-DCN упрощает эксплуатацию в
течении всего жизненного цикла.
FabricInsight анализируя TCP сессии
определяет эффективность всей сети.
Лидирующая аппаратная архитектура
Гибкий NSH: Простое внедрение VAS
Высокая безопасность: Микросегментация (изоляция на
уровне VM)
Технология телеметрии: качество сети в реальном
времени
Ортогональная архитектура без общей шины данных,
продув воздуха «спереди назад», коммутация на
основе ячеек
Плавная эволюция к 400G
AI модуль
Богатый функционал
CloudEngine 16800: 400G платформа поддерживает 10GE, 40GE, 100GE интерфейсы, и имеет AI модуль.
Huawei Confidential32
Новые модели фиксированной конфигурации —
CloudEngine 6881и CloudEngine 6863
Diversified DC features: M-LAG, iStack, VXLAN, and BGP EVPN
Hardware-based BFD
Telemetry and ERSPAN enhancement
Microsegmentation and NSH
1+1 power redundancyFour fan trays (one fan
module in each tray)
Parameter CloudEngine 6881-48S6CQ
Port model48*10GE SFP+ and 6*100GE QSFP28 (Each QSFP28 port can be used as
one 40GE QSFP+ port)
Switching capacity 2.16 Tbit/s
Forwarding performance 940 Mpps
Maximum number of
stacked switches16
Buffer capacity 42 MB
Performance
specificationsFIB (v4/v6): 256K/80K, MAC: 256K, ARP: 256K
Diversified DC features: M-LAG, iStack, VXLAN, and BGP EVPN
Hardware-based BFD
Telemetry and ERSPAN enhancement
Microsegmentation and NSH
1+1 redundancyFour fan trays (one fan
module in each tray)
Parameter CloudEngine 6863-48S6CQ
Port model48*25GE SFP28 and 6*100GE QSFP28 (Each QSFP28 port can be used as
one 40GE QSFP+ port)
Switching capacity 3.6 Tbit/s
Forwarding performance 940 Mpps
Maximum number of
stacked switches16
Buffer capacity 42 MB
Performance
specificationsFIB (v4/v6): 256K/80K, MAC: 256K, ARP: 256K
https://e.huawei.com/cn/material/networking/ar/f6fbf62f03334bb7a27a744729ad5548https://e.huawei.com/cn/material/networking/ar/f6fbf62f03334bb7a27a744729ad5548
Huawei Confidential33
NE Routers
Huawei Confidential34
Product TypeNetEngine
8000 M1A
NetEngine
8000 F1A
NetEngine 40E -
M2K-B
NetEngine 8000
M8
NetEngine 8000
M14NetEngine 40E -X8A NetEngine 40E -X16A
NetEngine 8000
X4NetEngine 8000 X8
GA 2020 Q1 2020 Q1DC models have reached GA.
AC models will reach GA in
2019 Q3.2019 Q3 2020 Q1 GA passed GA passed 2020 Q1 2020 Q1
Forwarding capacity 176G 1.2T 910G 1.2T 2TScalable to 4.8T+
16T 32T 16TScalable to 14.4T/slot
32TScalable to 14.4T/slot
Number of slots Fixed Fixed 2 8 14 8 16 4 8
Depth 220 mm 420 mm 220 mm 220 mm 220 mm 650 mm 650 mm 874 mm 874 mm
Height 1U 1U 2U 3U 5U 21U 40U 9.8U 15.8U
100G port density 8 8 8 20 160 320 160 320
10G port density 16 80 46 80 140 640 1280 640 1280
• Data center
interconnection
• Gateway egress
• Aggregation and
access
• Multi-service transport
• Data center
interconnection
• Gateway egress
• Aggregation and
access
• Mini-BNG
• Data center
interconnection
• Gateway egress
• Aggregation and
access
• Leaf node
• Data center
interconnection
• Multi-service access
• Initial aggregation
and access
• Multi-service
transport
• Data center interconnection
• Gateway egress
• Backbone node
• Mini-BNG
• Multi-service
transport
Newest NetEngine Product Portfolio
Mid-range converged
routers
High-density fixed-
configuration routersModular backbone routers
Huawei Confidential35
NetEngine 8000 - Converged Routers with the Largest
Capacity in the Industry
Intelligent all-scenario converged
routers oriented to the cloud era
NetEngine 8000 series
Modular product: Industry's largest capacity of
14.4T/slot, 1.5 times that of Cisco
Per-slot capacity
14.4T
9.6T
400GE port
3624
100GE port
72
48
Huawei Cisco
V.S.
One platform applies to
multiple scenarios.
One platform applies
to one scenario.
SR DC gatewayPE
+ +
Fixed-configuration product: Industry's first 300 mm deep
400G platform router
Ultra-broadband platform
400G
Platform100G
Platform
Super large capacity
2T
800G
Compact size
5U7U
Huawei Cisco
NetEngine 8000 X4 NetEngine 8000 X8
NetEngine 8000 M14
NetEngine 8000 F1A
NetEngine 8000 M1A
NetEngine 8000 M8Unified full-service platform and simplified architecture
Huawei Confidential36
AR Routers
Huawei Confidential37
Huawei NetEngine AR Product Portfolio, High Performance and Various Ports
NetEngine
AR6000 Series
Medium/Small-
scale branch AR6121
AR6300
SRU-400H/SRU-600H
AR6280
GA
NetEngine
AR6000 Series
Headquarters/La
rge-scale branch
NetEngine
AR600 Series
SOHO
AR651C
AR651
TR5: 30/11/2019 GA: 28/02/2020
Launched in July 2019
GA: 30/10/2019
Launched in Oct 2019 Launched in Nov 2019
AR6140-9G-2AC
AR6120
AR617VW
AR657W TR5 15/1/2020
AR611W
AR651U-A4
AR651WAR617VW-LTE4EA
AR6140-16G4XG
Huawei Confidential38
Differences Between NetEngine AR Series and AR G3 Series
Scenario NetEngine AR AR G3 Advantages of NetEngine AR over AR G3
Enterprise headquarters and
large branch
AR6300+
(SRU-400H/600H)AR3260 + (SRU400)
1.1 times higher performance (NetEngine AR: 12 Gbps; AR G3: 10
Gbbps) Four times more fixed ports (NetEngine AR: 24; AR G3: 6) Support for SD-WANLarge branch
AR6280+
(SRU-400H/600H)
AR2240C
AR2240 + (SRU200)
Small and medium branch
AR6140-9G-2AC AR2220E
1.2 times WAN performance than AR G3: 2Gbps vs 1.6Gbps Doubled fixed interface Support SD-WAN Note: AR6140-9G-2AC don’t support voice function and RPS
AR6121 AR1220E
More than two times higher performance (NetEngine AR: 2 Gbps;
AR G3: 800 Mbps) Support for 10GE ports Support for SD-WAN
SOHO/SMB
AR651C/AR651/AR657W AR161/AR169
Three times higher performance
(NetEngine AR boost license: 1.5 Gbps; AR G3: 500 Mbps) Support for all GE ports as fixed ports Support for SD-WAN
AR617VW/617VW-LAR109/AR129 with voice
and Wifi
AR611W/AR651W/AR657W AR161/AR169 with Wifi
Huawei Confidential39
Huawei NetEngine AR6000 Series CPE
Specification AR6300 (SRU-400H) AR6300 (SRU-600H)
Service performance(LAN - > WAN +
WAN - > LAN, NAT + ACL + QoS, IMIX)10 Gbps 12 Gbps
Dual SRUs Dual SRUs and dual forwarding Dual SRUs and dual forwarding
Dual power supplies Supported Supported
Port14*10GE optical ports + 10*GE electrical ports (can be
configured as LAN)
14*10GE optical ports + 10*GE electrical ports (can be
configured as LAN)
Memory 8 GB 16 GB
Slot 4 x SIC slots + 2 x WSIC slots + 4 x XSIC slots 4 x SIC slots + 2 x WSIC slots + 4 x XSIC slots
Voice - -
Front view of the AR6300 Rear view of the AR6300
Huawei Confidential40
Huawei NetEngine AR6000 Series CPE
Specification AR6280 (SRU-400H) AR6280 (SRU-600H)
Service performance(LAN - > WAN +
WAN - > LAN, NAT + ACL + QoS, IMIX)10 Gbps 12 Gbps
Dual power supplies Supported Supported
Port14 *10GE optical ports + 10*GE electrical ports
(can be configured as LAN)
14*10GE optical ports + 10*GE electrical ports (can be
configured as LAN)
Memory 8 GB 16 GB
Slot 4 x SIC slots + 2 x WSIC slots + 2 x XSIC slots 4 x SIC slots + 2 x WSIC slots + 2 x XSIC slots
Voice - -
Front view of the AR6280 Rear view of the AR6280
Huawei Confidential41
Huawei NetEngine AR6000 Series CPE
Specification AR6120 AR6121 AR6140-9G-2AC AR6140-16G4XG
Service
performance(LAN -
> WAN + WAN - >
LAN, NAT + ACL +
QoS, IMIX)
2 Gbps 2 Gbps 2 Gbps 6 Gbps
Port
WAN: 1*10GE optical port +
1*GE combo + 1*GE
LAN: 8*GE ports (can be
configured as WAN)
WAN: 1*10GE optical port +
2*GE combo port
LAN: 8*GE ports+1*GE Combo
(can be configured as WAN)
WAN: 2*GE optical port+2*GE
LAN: 2*GE optical port+3*GE (can
be configured as WAN)
WAN: 4*GE + 4*10GE SFP+
(compatible with GE optical ports)
LAN: 12*GE (can be configured as
WAN)
Memory 2G 2G 2G 2G
Slot 2*SIC 2*SIC 4*SIC 4*SIC
AR6121 AR6140-9G-2AC
TR5: 30/11/2019GA:28/02/2020
AR6140-16G4XGAR6120
Huawei Confidential42
Huawei NetEngine AR600 Series CPE
Specification AR651C AR651 AR651U-A4 AR651W AR657W
Service performance(LAN
- > WAN + WAN - > LAN,
NAT + ACL + QoS, IMIX)
Defualt:1G
Boost License:1.5G
Defualt:1G
Boost License:2G 2G
Defualt:1G
Boost License:2G
Defualt:1G
Boost License:2G
Port
WAN: 2*GE optical ports + 2*GE
ports
LAN: 2*GE optical ports + 6*GE
(can be configured as WAN)
WAN: 2*GE Combo
LAN: 8*GE (can be configured as
WAN)
WAN: 2*GE Combo
LAN: 8*GE (can be configured as
WAN)
WAN: 2*GE Combo
LAN: 8*GE (can be
configured as WAN)
WAN: 2*GE
Combo+1*VDSL 35B
LAN: 8*GE (can be
configured as WAN)
Memory 1 GB 2GB 4GB 2GB 2GB
Slot - 1 1 1 1
Wi-Fi - 802.11ac/b/g/n 802.11ac/b/g/n
LTE - LTE MIC LTE MIC LTE MIC LTE MIC
AR651C AR651 AR651U-A4 AR651W AR657W
TR5: 30/11/2019
GA:28/02/2020
TR5: 30/11/2019
GA:28/02/2020
TR5: 30/11/2019
GA:28/02/2020
TR5: 15/1/2020
GA:28/02/2020
Huawei Confidential43
Huawei NetEngine AR600 Series CPE
Specification AR611W AR617VW AR617VW-LTE4EA
Service
performance(LAN - >
WAN + WAN - > LAN,
NAT + ACL + QoS, IMIX)
300 Mbps 300 Mbps 300 Mbps
PortWAN: 1*GE Combo
LAN: 4*GE (can be configured as WAN)
WAN: 1*GE Combo+ 1*VDSL 35B
LAN: 4*GE (can be configured as WAN)
Voice:2*FXS
WAN: 1*GE Combo+ 1*VDSL 35B+1*LTE
LAN: 4*GE (can be configured as WAN)
Voice:2*FXS
Memory 1 GB 1GB 1GB
Slot - - -
Wi-Fi 802.11ac/b/g/n 802.11ac/b/g/n 802.11ac/b/g/n
LTE - - Y
AR611W AR617VW AR617VW-LTE4EA
TR5: 30/11/2019
GA:28/02/2020
TR5: 30/11/2019
GA:28/02/2020
TR5: 30/11/2019
GA:28/02/2020
Huawei Confidential44
Integrated routing
and switching
Firewall and
IPS
Multiple Layer
2/Layer 3 VPNs
eSight and
Web……
All-in-one
Huawei Confidential45
Switching Router, Supporting Flexible Switching
Routing Security VPN NMS
Fixed port: The undo port switch
command can be executed to
configure LAN ports as WAN ports.
Fixed port: WAN ports can
be configured as LAN ports
on some product models.
Layer 2 cards support VLANIF interfaces for
simple Layer 3 forwarding, but do not support
NAT, MPLS, IPsec, and HQoS.
Some Layer 2 cards support
LAN/WAN switchover,
1 3
2 4
Huawei Confidential46
Comprehensive Security ProtectionRouting Security VPN NMS
Data encryptionData encryption based on
IPSec VPN
Mainstream encryption
algorithms such as
AES128/256
URL filtering130+ categories
Accuracy > 96%
Application access controlIdentification of 6000+ well-known and user-
defined applications
Identification of popular encrypted P2P
applications
IPS intrusion preventionFastest attack defense
Updated IPS engine, defending against
latest intrusion behavior
Detect 5500+ attacks
Detection rate > 90%
HQBranch
Internet
EncryptionExternal
defense
Internal
control
Huawei Confidential47
URL Filtering, Providing Refined Internet Access Control
Routing Security VPN NMS
Policy setting
• Prevent employees from visiting illegitimate or malicious websites,
defending against threats such as worms, viruses, and Trojan horses.
• Specify the effective time of website access control and prevent
employees from visiting websites that are irrelevant to job at work time.
• Set user groups based on IP addresses or IP address segments and
set website access rights based on user groups.
• Add or delete URLs.
URL matching mode
• Exact matching: Matches the URL that contains the complete character
string.
• Suffix matching: Matches all URLs that end with a specified character
string.
• Prefix matching: Matches all URLs that start with a specified character
string.
• Keyword matching: Matches all URLs that contain a specified character
string.
• The priorities of URL matching modes in descending order are as
follows: Exact matching > suffix matching > prefix matching > keyword
matching
URL Matching Mode
http://w3.abc.com/travel Suffix matching
http://w3.abc.com/next/index_hr.html#path=newhr Prefix matching
http://w3.abc.com/travel Keyword matching
http://w3.abc.com/travel Exact matching
Http://www.example.com/news/index.html?cat=1&id=2
Protocol
Host
Path
Parameter
Branch
Internet
Forbidding access to
URLs in the blacklist
Number of classified
websites > 65 million
Number of
categories > 130
Accuracy >
96%
Huawei Confidential48
Application Access Control, Providing the Most Extensive Application Library in the Industry
Routing Security VPN NMS
Identification of 6000+ applications
• Support multiple identification methods, such as packet signature
identification, association identification, and behavior identification.
• Support 6,000+ mainstream protocols and applications, such as P2P,
VoIP, IM, games, and emails.
Flexible upgrade of the SA signature database
• SA signature database files are maintained and released by Huawei Security
Competence Center, and can be added with user-defined applications.
• The Agile Controller centrally maintains SA signature databases, upgrades
them in batches or as scheduled, and releases new signature databases
periodically.
• The update status of the SA signature database can be viewed, including
upgrade time, countdown, upgrade progress bar, and upgrade result.
• Rollback is supported when the SA signature database fails to be upgraded.
Signature
database
(new)
Signature
database
(old)
Seamless
switchoverProtocol 1
Protocol 2
…
New
protocol
Protocol 1
Protocol 2
……
Signature
database file
SA engineUnclassified
packets
Classified packets
Signature identification
Association identification
Behavior identification
…
Huawei Confidential49
IPS, Focusing on Application-Layer Attack Defense
Routing Security VPN NMS
User traffic User traffic
The firewall blocks only the illegal traffic
at Layer 2 to Layer 4.
AR that integrates the
IPS function
The IPS provides security defense
capabilities at Layer 7.
L7 attack packets
L2-L4 attack packets
Normal packets
AR that integrates the
firewall function
IPS focuses on attack defense, especially at the application layer
• Pushes security protection to a higher level to make up for the disadvantages of traditional firewalls defending against application-layer attacks.
• Implements attack detection on 1600+ signature databases, achieving the detection rate of higher than 90%.
• Supports online update of the signature databases and real-time update of the IPS engine to defend against latest intrusion behavior.
• Contains signature databases based on network behavior such as Trojan horses, worms, botnets, spyware, vulnerability attacks, and web attacks.
• Integrated into AR routers without the need to deploy fault detection points, reducing operation costs.
Huawei Confidential50
Overview of IPSec VPN
Routing Security VPN NMS
Internet
• Enterprise branch: Different VPN access modes can be applied to branches based on the scale. In a single network topology, GRE over IPSec VPN is recommended for
secure access. In a hub-spoke topology, VPNs need to be dynamically established between branches for secure access, and IPSec DSVPN is recommended. For small
branches, IPSec VPN is recommended. For terminals connected to the Internet through 4G, IPSec over L2TP VPN is recommended.
• Mobile employees: Due to flexible location, clients are used to connect mobile employees to the internal network. L2TP over IPSec VPN is recommended.
• Enterprise headquarters: VPN gateways are used to construct VPN data channels between gateways and between gateways and clients.
Branch A
Branch B
Branch C
Mobile employees
VPN server
HQ
VPN management
system
Enterprise
data center
IPSec DSVPN
Branch D
Huawei Confidential51
Deployment Scenario of the DSVPN Solution
Routing Security VPN NMS
Application scenarios: This solution applies to enterprises with multiple branches. When the enterprise headquarters uses a static public IP address to access the Internet and branches use the dynamic
public IP address to access the Internet, if the traditional VPN is used to construct networks, branches cannot directly communicate with each other. (The source branch cannot obtain the public IP address of
the destination branch and no tunnel can be established between these branches.) The communication data between all the branches can only be forwarded by the headquarters. In this case, devices in the
headquarters are overloaded.
Highlights:
• DSVPN uses NHRP to dynamically collect, maintain, and advertise public network addresses of nodes. This solves the problem that the source branch cannot obtain the public IP address of the
destination branch. In this mode, dynamic VPN tunnels are established between the branches to implement direct communication, reducing the burden of the headquarters and avoiding the network
delay. The tunnel is triggered by inter-branch traffic and tunnels are established based on requirements. If no traffic is transmitted, the tunnel is automatically torn down.
• DSVPN uses the mGRE technology to enable a tunnel interface to establish VPN tunnels with multiple peers, reducing the workload of VPN configuration. When a branch is created or the public IP
address of a branch changes, the tunnel relationship between the headquarters and branches can be automatically maintained without the need to adjust the tunnel configuration at the headquarters,
making network maintenance more intelligent.
Traditional branch VPN interconnection
solution
Dynamic deployment and easy multi-branch access
DSVPN interconnection
solution
DSVPN
Hub
Spoke Spoke
Spoke
DSVPN
Hub
Spoke Spoke
Spoke
Huawei Confidential53
GUI-based Simple Web Management System, Facilitating Local Management
Routing Security VPN NMS
Real-time device monitoring
Monitors site status in real time based on
devices, interfaces, and network applications.
Intelligent O&M
• Provides device log and alarm functions and traces
network behavior and device running status.
• Provides the intelligent diagnosis function for users
to obtain the abnormal running status of the network
and the recommended solution by one click.
Abundant configuration management
capabilities
• Supports WAN and LAN configuration, and quick
configuration wizard, meeting complex network requirements.
• Supports online behavior management, improving branch
network resource efficiency and ensuring network security.
Huawei Confidential54
Security
Huawei Confidential55
Newest HiSecEngine Security Product Portfolio
DC
N
2019-09-21 GA
2020-03-31 GA
Chassis-based NGFW
HiSecEngine USG12004/12008
HiSecEngine NGFW
40 Gbit/s–2 Tbit/s
AntiDDoS1825
20 Gbit/s
AntiDDoS12004/12008
HiSecEngine AntiDDoS
USG6510E: 2*GE (SFP) + 10*GECa
mp
us
an
d B
ran
ch
USG6525E/6555E/6565E/6585E
2–8 Gbit/s, 1 U
USG6615E/6625E
10–40 Gbit/s, 1 U
USG6510E/6530E
Branch Branch/Small Campus Large Campus/Small DC
USG6530E: 2*10GE (SFP+) + 10*GE
Desktop
2*10GE (SFP+) + 8*GE Combo + 2*GE (WAN)6*10GE (SFP+) + 6*GE (SFP) + 16*GE
2*40GE (QSFP+) + 12*10GE (SFP+) + 16*GE
USG6635E / 6655E
HiSecEngine NGFW
Huawei Confidential56
Наиболее обширный функционал в индустрии
Web Filtering
• 120M+ URL knowledge database
• 130+ Category
Access Control / Policy
•Policy control by 6 dimension of App,
Content, Time, User, attack, Location
VPN
• IPsec, L2TP,SSL,GRE,MPLS,…
• DSVPN
Anti-DDOS
•SYN Flood、UDP Flood、ICMP Flood、HTTP Flood、HTTPS Flood、DNS Flood ,SIP Flood
•IP Reputation
DLP
• 120+ file type filtering
Routing & Intelligent Routing IPv4: static routing, RIP, OSPF, BGP, and IS-IS
IPv6: RIPng, OSPFv3, BGP4+, IPv6 IS-IS, IPv6
App Controlling
•6000+ App identification & Controlling
NAT
NAT No-PAT, NAPT, Easy IP, Smart
NAT, Bi-Direction NAT,NAT ALG
Authentication
• AD, LDAP, Radius, AC
HWTACACS
Anti Virus
• 5M virus signature
• signature update per day
SSL Inspection
Campus:SSL Client Protection (SSL proxy)
Data Center: Server protection(SSL Offload)
CGN (IPV4 IPV6)
•NAT444, DS-Lite,NAT64, NAT66(2019.7)
•IPv4 over IPv6
•IPV6 Over IPV4
Bandwidth Management
Bandwidth limitation by application or user
Bandwidth guarantee for key services
Log & Report
log store and query
Security reports based on logs
IPS
• 8000+ local Signatures
• 20000+ totally
• malware, botnet, worm…
Huawei Confidential57
NGFW важный элемент комплексного решения SDSec
Элемент применения политик( Руки, Ноги)
Модуль управления (Нервная система)
SecoManager
CIS FireHunter
Анализатор (Мозг)
Global Security Intelligence Center
SwitchRouter WIFI AR FW/vFW AntiDDoS
DFW
3rd Security
Convergence
Collaboration
Big Data
& AI
Controller• Политики с учетом бизнес потребностей
приложений
• Автоматизация политик безопасности
Analyzer• Искусственный интеллект с использованием Big
Data и машинного обучения
• Песочница 3rd поколения
• Мимикрия
Enforcer• Повсеместно!
• Адаптивность
Copyright©2018 Huawei Technologies Co., Ltd.
All Rights Reserved.
The information in this document may contain predictive
statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.
把数字世界带入每个人、每个家庭、每个组织,构建万物互联的智能世界。
Bring digital to every person, home, and organization for a fully connected, intelligent world.
Thank you.