H3C Application-Driven WAN Branch Solution

ZTP

The solution can implement zero touch provisioning (ZTP) on devices through USB drives, emails, or a public cloud. ZTP automatically provisions new devices so they can come online automatically without the complex manual configuration by professional IT personnel. This relives the workload of the IT team and reduces the network deployment cost and OPEX.

Zero touch provisioning

Automated service deployment

The solution supports automated deployment of VPN services, LAN services, and QoS services across the whole network. You can define applications based on the IP 5-tuple, DSCP, VPN information, and application-layer packet signatures. You can define policies based on route selection, bandwidth, and service quality requirements and the time range.

· VPN service deployment—After a device comes online, the AD-WAN automatically deploys IPsec tunnel settings if the WAN interface of the device connects to the Internet. Meanwhile, the AD-WAN creates a VXLAN tunnel for each WAN link to provide consistent traffic engineering, irrespective of their link types.

· LAN service deployment—The AD-WAN automatically deploys LAN service settings to devices at the branch sites, eliminating the need to configure the devices one by one manually. The CPE device can be deployed as a Layer 3 gateway at the branch site, or it can connect to the Layer 3 network in the branch through a routing protocol.

· Agile QoS service deployment—From the application group configuration page, you can configure the maximum bandwidth to implement application group-based rate limiting on LAN interfaces of devices. If the bandwidth rented from a service provider is smaller than that of the interface, you can configure a rate limit for the WAN interface to prevent excess traffic from being dropped by the service provider. If traffic flows with multiple priorities exist in the network and congestions occur, you can configure an assurance profile to ensure low latency for high priority traffic by assigning a high priority queue and more bandwidth to it. You can make dynamic bandwidth and rate limit adjustments based on real-time network conditions to protect core network applications. For example, in special or critical periods, you can block or rate-limit illegitimate traffic or low-priority traffic to ensure the bandwidth requirements of high-priority services.

Intelligent and flexible traffic engineering policies

The solution supports various types of traffic engineering policies.

Color-coded service traffic between a branch site and the headquarters

Traffic engineering based on bandwidth usage, link coloring, and other factors—Assume that two services run on the same link under normal circumstances. When the bandwidth usage of the link reaches the threshold, the device automatically steers service traffic to the other link according to the traffic engineering settings deployed by AD-WAN to ensure user experience.

Traffic engineering based on latency, jitter, packet loss rate, and other factors—Assume that two services run on the same link under normal circumstances. When the latency on the link reaches the threshold, the device automatically steers service traffic to the other link according to the traffic engineering settings deployed by AD-WAN to ensure user experience.

Time range-based traffic engineering—You can configure AD-WAN to enforce different traffic engineering policies during different time ranges to ensure guaranteed delivery of high-priority services in the desired time ranges.

WAN acceleration

The solution supports Web caching and Forward Error Correction (FEC) for acceleration and optimization of applications on the WAN.

Web caching—When a user first accesses a Web page through HTTP or HTTPS, the device caches the Web page content locally. The next time the same content is requested (within the aging time), the device directly serves the content from the cache. This helps speed up the application load time by at least 400% and improve Webpage access efficiency by 100%.

FEC—FEC is a technique used for controlling errors in data transmission over unreliable or noisy communication channels. The sender automatically calculates and adjusts the ratio of redundant packets according to the real-time packet loss rate obtained through end-to-end link quality detection to ensure low packet loss rate at the expense of little link bandwidth. This helps improve data transmission for real-time services such as voice and video services over low-SLA links such as Internet links.

Visible monitoring and operations and maintenance

AD-WAN provides abundant tools including the dashboard and reports for IT teams to obtain the network status.

AD-WAN provides the following key operations and maintenance capabilities:

Provides network visibility and supports GIS map integration, including online and offline maps.

Displays topology based on sites, links, and other factors, allowing you to obtain alarm or exception information immediately when a network device or link is faulty.

Provides a custom dashboard that can display Top N application traffic, application paths, and health status. IT teams can obtain the real-time operating quality of applications and locate the applications rapidly.

AD-WAN solution product family

Typical network models

As shown in the following figure, the AD-WAN deployment can use either the two-tier Hub-Spoke network model or the three tier Hub-Aggregation-Spoke network model. In each model, the branch sites can connect to the headquarters through multiple types of connections, such as SDH, MSTP, MPLS, Internet, and 4G.

Most of traffic on the network is north-south traffic, which is the traffic between branches and headquarters. The AD-WAN solution identifies the traffic of different applications based on IP 5-tuple, DSCP, and DPI information, and handles the traffic of an application based on the application policy.

The solution provides the following main functions:

Implements application traffic engineering over MPLS VPNs and Internet links based on the SLA profiles (quality and bandwidth) and link preference settings of the applications.

Maximizes link utilization and performs dynamical link switchover to guarantee delivery of key services.

Supports automated path adjustment for applications in case of link failures.

Provides multi-dimensional business visibility.

Provides high availability from the forwarding, control, and management planes.

Network models