H3C Application-Driven WAN Solution

21-08-2018
  • LinkedIn
  • facebook
  • Twitter
HomeSolutionsTechnology SolutionsConnect+Application-Driven WANSolution

Solution Overview

The wide area network (WAN) has long served the sole purpose of connecting geographically dispersed locations. For example, a WAN extends connectivity between branches, between branches and their headquarters, or between data centers. Independent of application systems, traditional WANs were primarily managed from network nodes instead of applications. Without visibility into applications, a traditional WAN could hardly adapt to accelerated application provisioning and business changes driven by new technologies such as cloud computing and mobile Internet.

As cloud computing and mobile Internet grow rapidly and gain large-scale deployments, enterprises are increasingly moving their on-premises IT systems to the cloud. Wherever the applications are located, users want to have the same experience. Traditional WAN architectures can hardly address these challenges because of their complexity, rigidity, and lack of programmability. To align with the business growth in this cloud computing era, enterprises must transform their WAN architectures.

H3C Application-Driven WAN (AD-WAN) is an open, programmable, and scalable architecture. Using innovative unified platform designed for digital networks, AD-WAN enables not only network-wide unified network management, control, and analytics, but also provides a user-oriented, unified portal for end-to-end orchestration and unified service orchestration across networks.

AD-WAN architecture

The solution uses a layered architecture that contains the following layers, from the bottom up:

Infrastructure layer – This layer contains network devices controlled and managed by the AD-WAN controller. The controller can communicate with the network devices through SNMP, NETCONF, NetStream, and CLI. This layer uses VXLAN and IPsec to secure data forwarding on the overlay network and uses RIR to implement intelligent, reliable, and automated traffic steering on devices.

Control and analytics layer – Based on big data analytics, SeerAnalyzer provides in-depth network analytics and visualization, network traffic prediction, security warning, and fault location. The AD-WAN controller provides centralized network resource management, control, and optimization. Unified platform can integrate with multiple network applications and implement cross-scenario orchestration to meet users’ needs in different industries. This layer uses standard southbound protocols to communicate with the infrastructure layer and uses programmable northbound APIs to communicate the management and orchestration layer for integration with third-party application systems.

Management and orchestration layer – This layer calls the APIs provided by unified platform to orchestrate services, define and enforce policies, monitor the network, visualize data, and maintain the network.

Features and Benefits

ZTP

The solution can implement zero touch provisioning (ZTP) on devices through USB drives, emails, or a public cloud. ZTP automatically provisions new devices so they can come online automatically without the complex manual configuration by professional IT personnel, which relieves the workload of the IT team and reduces the network deployment cost and OPEX.

Zero Touch Provisioning

* ZTP through USB – 1) The network administrator imports information about devices to deploy, including device names and device serial numbers, to the AD-WAN controller. 2) The administrator prepares the USB drive (containing device configuration files) used for ZTP on those devices. 3) The field deployer at the branch site inserts the USB drive to the devices one by one for the devices to load the information required for registration. The information includes WAN connectivity information and controller information such as controller address and port number. Then, the devices attempt to register with the controller. 4) After registration, the controller deploys management settings and underlay network settings to the devices automatically.

* ZTP through emails – 1) The network administrator imports information about devices to deploy, including device names and device serial numbers, to the AD-WAN controller. 2) The administrator prepares the email used for ZTP on those devices and sends the email to the field deployer. The email includes a ZTP URL redirecting to a script containing the WAN interface, network access, VPN, and controller information. 3) The field deployer sends the configuration script provided in the ZTP URL to the devices through wired or wireless connections. 4) After obtaining the configuration information through the ZTP URL, the devices connect to the controller and provide their serial number and password to register with the controller. 5) After registration, the controller deploys management settings and underlay network settings to the devices automatically.

* ZTP through a public cloud – 1) The network administrator configures information about the branch sites and the devices to deploy to the branch sites on the AD-WAN controller. 2) The network administrator imports device information, including device serial numbers, controller address, and device registration password, to the public cloud. 3) The devices startup with the factory default settings and connect to the public cloud automatically. The public cloud deploys AD-WAN information to the devices. Then, the devices attempt to register with the controller. 4) After registration, the controller deploys management settings and underlay network settings to the devices automatically.

Automated Service Deployment

The solution supports the automated deployment of VPN services, LAN services, and QoS services across the whole network. You can define applications based on the IP 5-tuple, DSCP, VPN information, and application-layer packet signatures. You can define policies based on route selection, bandwidth, service quality requirements, and the time range.

* VPN service deployment – After a device comes online, the AD-WAN controller automatically deploys IPsec tunnel settings if the WAN interface of the device connects to the Internet. Meanwhile, the AD-WAN controller creates a VXLAN tunnel for each WAN link to provide consistent traffic steering, irrespective of their link types.

VPN service deployment

* LAN service deployment – The AD-WAN controller automatically deploys LAN service settings to devices at the branch sites, eliminating the need to configure the devices one by one manually. The CPE device can be deployed as a Layer 3 gateway at the branch site, or it can connect to the Layer 3 network in the branch through a routing protocol.

LAN service deployment

* Agile QoS service deployment – From the application group configuration page, you can configure the maximum bandwidth to implement application group-based rate limiting on LAN interfaces of devices. Supposethe bandwidth rented from a service provider is smaller than that of the interface. In that case, you can configure a rate limit for the WAN interface to prevent excess traffic from being dropped by the service provider. Suppose traffic flows with multiple priorities exist in the network and congestions occur. In that case, you can configure an assurance profile to ensure low latency for high priority traffic by assigning a high priority queue and more bandwidth to it. You can make dynamic bandwidth and rate limit adjustments based on real-time network conditions to protect core network applications. For example, in particular or critical periods, you can block or rate-limit illegitimate traffic or low-priority traffic to ensure the bandwidth requirements of high-priority services.

Application group-based rate limiting

Intelligent and Flexible Traffic Steering Policies

The solution supports various types of traffic steering policies.

Color-coded service traffic between a branch site and the headquarters

* Traffic steering based on bandwidth usage, link coloring, and other factors in a dual-uplink scenario – Assume that two services run on the same link under normal circumstances. When the bandwidth usage of the link reaches the threshold, the device automatically steers service traffic to the other link according to the controller-deployed traffic steering settings to ensure user experience.

* Traffic steering based on latency, jitter, packet loss rate, and other factors in a dual-uplink scenario – Assume that two services run on the same link under normal circumstances. When the latency on the link reaches the threshold, the device automatically steers service traffic to the other link according to the controller-deployed traffic steering settings to ensure user experience.

* Time range-based traffic steering in a dual-uplink scenario – You can configure the AD-WAN controller to enforce different traffic steering policies during different time ranges to ensure guaranteed delivery of high-priority services in the desired time ranges.


Enforcing Traffic Steering on Service from Multiple Perspectives

AD-WAN allows you to apply a combination of time range-, bandwidth-, and quality-based traffic steering policies to services to meet the diversified service requirements in different scenarios. For example, voice and video services are sensitive to latency and packet loss rate. For such services, apply policies to enforce flexible traffic steering based on the combination of latency, packet loss rate, and bandwidth usage to ensure the optimal user experience.

WAN Acceleration

The solution supports Web caching, Automatic Forward Error Correction (A-FEC), and multi-link bundling for acceleration and optimization of applications on the WAN.

* Web caching – When a user first accesses a Web page through HTTP or HTTPS, the device caches the Web page content locally. The next time the same content is requested (within the aging time), the device directly serves the content from the cache, which helps speed up the application load time by at least 400% and improve Webpage access efficiency by 100%.

Web caching

* A-FEC – A-FEC is a technique used to control data transmission errors over unreliable or noisy communication channels. The sender automatically calculates and adjusts the ratio of redundant packets according to the real-time packet loss rate obtained through end-to-end link quality detection to ensure a low packet loss rate at the expense of little link bandwidth, which helps improve data transmission for real-time services such as voice and video services over low-SLA links such as Internet links.

Forward error correction

* Multi-link aggregation – The solution supports bundling multiple links into a single logical link to implement packet-by-packet forwarding and load balancing for services, which helps maximize the link utilization and performance, improve resilience, and reduce WAN connectivity cost.

Multi-link aggregation

Intelligent network operations and maintenance

The solution introduces the intelligent analytics application known as SeerAnalyzer. By using the Telemetry technology, SeerAnalyzer enables rapid network perception, and O&M in seconds. SeerAnalyzer collects information (including device, traffic, quality, event, and alarm information) across the network, performs data drilling and mining, and presents the most valuable information to assist in IT decision making and O&M. The solution provides the following key operation and maintenance capabilities:

* Visibility of network-wide application-level traffic statistics

You can view the bandwidth, traffic, and health information of individual application instances to evaluate the overall application health score.

* Global device resource monitoring

For administrators to view network topology information from different perspectives, the solution provides the following types of topology views:

* Holistic network topology – Displays all devices managed by the AD-WAN controller.

Holistic network topology

* Map – Displays on a map the physical locations of the networks and the states of services in the AD-WAN controller

Map

* Network health evaluation

* Device-based network health evaluation – The AD-WAN controller collects the device running state and service load statistics through telemetry and presents the statistics on the network health page.

* Link-based network health evaluation – The AD-WAN controller collects link state, link load, optical power throughput information and establishes a baseline to evaluate the network health score.

* Deep visibility into applications

* The controller provides session-level visibility into the application traffic based on traffic data collected by NetStream devices.

* Link traffic trend prediction

* The controller establishes a traffic trend model based on ARIMA and LSTM modeling methods. By using the traffic trend model, the controller can predict the network traffic trend for a period of time in the future (1/4 of the historical data duration), which helps administrators establish intelligent traffic baselines for refined network resource management.

Typical Network Models

The following figure shows that the AD-WAN deployment can use either the two-tier Hub-Spoke network model or the three-tier Hub-Aggregation-Spoke network model. In each model, the branch sites can connect to the headquarters through multiple types of connections, such as SDH, MSTP, MPLS, Internet, and 4G.

Most of the traffic on the network is north-south traffic, which is the traffic between branches and headquarters. The AD-WAN solution identifies the traffic of different applications based on IP 5-tuple, DSCP, and DPI information and handles an application’s traffic based on the application policy.

The solution provides the following main functions:

* Implements application traffic steering over MPLS VPNs and Internet links based on the applications’ SLA profiles (quality and bandwidth) and link preference settings

* Maximizes link utilization and performs dynamical link switchover to guarantee delivery of key services

* Supports automated path adjustment for applications in case of link failures

* Provides multi-dimensional business visibility

* Provides high availability from the forwarding, control, and management planes

Network models


Ordering Information

Product ID

Description

SeerEngine

LIS-SeerEngine-WAN-BAS1

H3C SeerEngine WAN Software Additional 1 Server Node License

LIS-SeerEngine-WAN-BAS1

H3C SeerEngine WAN Software Additional 1 Branch Access NE License

SeerAnalyzer

LIS-SeerAnalyzer-WAN-APP

H3C SeerAnalyzer Software WAN Edition Activation License

LIS-SeerAnalyzer-WAN-Analyzer

H3C SeerAnalyzer Software WAN Edition 1-Analyzer License

LIS-SeerAnalyzer-WAN-NTA-VAR

H3C SeerAnalyzer Software WAN Edition Network Traffic Analyzer License for 1 Device

iMC

LIS-IMC9-NSM

H3C iMC9.0, Intelligent Management Center License

LIS-IMC9-NSMA-25

H3C iMC9.0, Intelligent Management Platform (Network Management), 25 Licenses

LIS-IMC9-NSME-500

H3C iMC9.0, Intelligent Management Platform (Network Management), 500 Licenses

LIS-IMC9-NSMD-200

H3C iMC9.0, Intelligent Management Platform (Network Management), 200 Licenses

LIS-IMC9-NSMC-100

H3C iMC9.0, Intelligent Management Platform (Network Management), 100 Licenses

LIS-IMC9-NSMF-1K

H3C iMC9.0, Intelligent Management Platform (Network Management), 1000 Licenses

LIS-IMC9-NSMF-50

H3C iMC9.0, Intelligent Management Platform (Network Management), 50 Licenses


Are you an H3C partner? Log in to see additional resources.
You can find excellent H3C partners, or you can become one of them to build a
partnership with H3C and share success together.
  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网