H3C SeerEngine-WAN Controller06-07-2020
A wide area network (WAN) provides connectivity between network nodes over a large geographical area, for example, between headquarters and branches, branches, or data centers. Traditional WANs were primarily managed from the perspective of network nodes instead of applications and carries traffic "passively".
As cloud computing and mobile Internet grow rapidly and gain large-scale deployments and traffic models innovate continuously, enterprises are increasingly moving their on-premises IT systems to the cloud. To effectively cope with these challenges, the network must be able to adapt to application traffic proactively and provision services as needed. However, traditional WANs can hardly address these challenges because they are complex in architecture, difficult to expand, rigid, and focus mainly on network nodes rather than network-wide applications.
To address the issues in traditional WANs, H3C developed the new-generation SeerEngine-WAN controller, inspired by the SDN concept and powered by its long-term technical accumulation and rich experience in WANs and in-depth research on the pain points and needs of users. The overall architecture for H3C SeerEngine-WAN controller is shown in the figure below:
H3C AD-WAN Architecture
The solution contains three layers from the bottom up: infrastructure layer, control and analytics layer, and management and orchestration layer. H3C SeerEngine-WAN controller is the core component at the control and analytics layers and provides automated service deployment, network optimization, and control policy deployment across the network.
Infrastructure layer—This layer contains network devices controlled and managed by the controller. The control plane provides rich standard southbound protocols such as SNMP, NETCONF, BGP-LS, BGP Flowspec, PCEP, and OpenFlow. The forwarding plane uses lightweight segment routing to enable secured data forwarding on the overlay network and improve forwarding performance.
Control and analytics layer—Based on big data analytics, SeerAnalyzer provides capabilities such as in-depth network analytics and visualization, network traffic prediction, security warning, and fault location. The SeerEngine-WAN controller provides centralized and optimized network resource orchestration and control. SNA Center can integrate with multiple network applications and implement cross-scenario orchestration to meet the needs of users in different industries. This layer uses standard southbound protocols to communicate with the infrastructure layer and uses programmable northbound APIs to communicate the management and orchestration layer for integration with third-party application systems.
Management and orchestration layer—This layer calls the APIs provided by the applications to orchestrate services, define and enforce policies, monitor the network, visualize data, and maintain the network.
Features and benefits
The controller can implement zero touch provisioning (ZTP) on devices through USB drives, emails, or a public cloud. ZTP automatically provisions new devices so they can come online automatically without the complex manual configuration by professional IT personnel. This relives the workload of the IT team and reduces the network deployment cost and OPEX.
Zero Touch Provisioning
ZTP through USB—1) The network administrator imports information about devices to deploy, including device names and device serial numbers, to the SeerEngine-WAN controller. 2) The administrator prepares the USB drive (containing device configuration files) used for ZTP on those devices. 3) The field deployer at the branch site inserts the USB drive to the devices one by one for the devices to load the information required for registration. The information includes WAN connectivity information and controller information such as controller address and port number. Then, the devices attempt to register with the controller.
ZTP through emails—1) The administrator imports information about devices to deploy to the SeerEngine-WAN controller in batch. 2) The administrator prepares the email used for ZTP on the controller and sends the email to the designated field deployer. 3) The field deployer obtains from the email a ZTP URL (containing the WAN interface, network access, VPN, and controller information). 4) The field deployer sends the configuration information provided in the ZTP URL to the devices though wired or wireless connections. 5) After obtaining the configuration information, the devices connect to the controller, and provide their serial number and password to register with the controller. 5) After registration, the controller deploys management settings and underlay network settings to the devices automatically.
ZTP through a public cloud—1) The network administrator configures information about the branch sites and the devices to deploy to the branch sites on the SeerEngine-WAN controller. 2) The devices start up with the factory default settings, obtain IP addresses through DHCP, and connect to Cloudnet automatically. 3) The devices report their serial numbers and password and register with the controller. 4) The controller deploys management settings and underlay network settings to the devices automatically.
Automated service deployment
With the advent of the cloud computing era, new service model innovations emerge one after another, and enterprises are moving towards full digitization. More and more customers are moving their services to the cloud. To onboard services end-to-end quickly, enable the network to adapt to and detect applications, and establish and deploy WAN links rapidly, the SeerEngine-WAN controller enables automated deployment of the following services:
One-click L3VPN service deployment—The user only needs to specify the service deployment scope on the controller interface, and the controller will then automatically deploy the services on the network devices, which reduces the manual configuration workload and decreases the operation and maintenance risks.
End-to-end QoS service automated deployment—QoS deployment on single devices in traditional networks is inadequate to guarantee quality of services across the network. Application-based end-to-end QoS deployment limits traffic rate based on services and guarantees quality of services for applications across the network. This deployment allows rapid and batch delivery of QoS configuration for services. When deploying QoS, you can select one-key QoS deployment across the entire network by using a global template, or select a local template to deploy QoS for a single link as required.
Service policy deployment—The controller automatically issues bandwidth, quality, time period, and bandwidth calendar polices for services and adjusts the policies automatically to adapt to real-time status of the network to ensure reliable and stable services.
Intelligent and flexible traffic engineering policies
The SeerEngine-WAN controller provides multiple traffic engineering policies.
Traffic engineering based on bandwidth usage, link coloring, and other factors in a dual-uplink scenario—Assume that two services run on the same link under normal circumstances. When the bandwidth usage of the link reaches the threshold, the device automatically steers service traffic to the other link according to the controller-deployed traffic engineering settings to ensure user experience.
Traffic engineering based on latency, jitter, packet loss rate, and other factors in a dual-uplink scenario—Assume that two services run on the same link under normal circumstances. When the latency on the link reaches the threshold, the device automatically steers service traffic to the other link according to the controller-deployed traffic engineering settings to ensure user experience.
Time range-based traffic engineering in a dual-uplink scenario—You can configure the SeerEngine-WAN controller to enforce different traffic engineering policies during different time ranges to ensure guaranteed delivery of high-priority services in the desired time ranges.
Multidimensional service guarantee
Multidimensional policy combinations, ensuring optimal user experience—SeerEngine-WAN allows you to apply a combination of time range- and bandwidth-based traffic engineering policies to services to meet the diversified service requirements in different scenarios. For example, voice and video services are sensitive to latency and packet loss rate. For such services, apply policies to enforce flexible traffic engineering based on the combination of latency, packet loss rate, and bandwidth usage to ensure the optimal user experience.
Network routes orchestration and routing policies deployment—The controller provides strict and loose route selection modes for users to choose as needed. In strict mode, each hop on the forwarding paths between network nodes is specified strictly and precisely. In loose mode, only the optional and excluded nodes or links are specified. The controller allows the administrators to pre-calculate routes before deployment of orchestration policies and use the result as a reference for routing police deployment. This ensures alignment of the service deployment with users' intention and reduces the operation and maintenance risks.
The SeerEngine-WAN controller collects information (including device, traffic, quality, event, and alarm information) across the network, performs data drilling and mining, and presents the most valuable information to assist in IT decision making and O&M. The controller provides the following key operation and maintenance capabilities:
Visibility of network-wide application-level traffic statistics—You can view the bandwidth, traffic, and health information of individual application instances to evaluate the overall application health state.
Global device resource monitoring—The controllers provides multiple types of topologies for administrators to view network topology information from different perspectives.
16 cores, 2.0 G or above
128 G or above
1 T or above, 7.2K RPM SATA/SAS HDDs configured in RAID 1 or RAID10
2 × 10G interfaces and 2 × 1G interfaces
Headquarters-branch network architecture
Single-tier or two-tier star network topology.
Point-to-multipoint networking for intercommunication between branches and headquarters.
VPNs isolate services so that branches cannot communicate with each other.
Data plane is built with IP, MPLS, or 4G protocols.
Improves network reliability and ensures quality of key services with agile policy-based traffic route selection.
Provides visibility into network, traffic, and routes to simplify operation and maintenance.
Automates deployment of devices and services.
H3C SeerEngine DC software additional 1 server node license
H3C SeerEngine WAN software additional 1 core network NE license
H3C SeerEngine WAN software additional 1 branch access NE license