Scribd
Upload
56 views51 pages

Overview of Huawei's VRP System

The document provides an overview of Huawei's VRP (Versatile Routing Platform), a network operating system designed to support various network facilities with a focus on reliability and flexibility. It outlines the architecture, including its modular design and different planes such as General Control Plane, Service Control Plane, and Data Forwarding Plane, which facilitate efficient network management and operation. The course aims to educate users on the VRP architecture, its functions, and applications upon completion.

Uploaded by

seanbessant
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
56 views51 pages

Overview of Huawei's VRP System

The document provides an overview of Huawei's VRP (Versatile Routing Platform), a network operating system designed to support various network facilities with a focus on reliability and flexibility. It outlines the architecture, including its modular design and different planes such as General Control Plane, Service Control Plane, and Data Forwarding Plane, which facilitate efficient network management and operation. The course aims to educate users on the VRP architecture, its functions, and applications upon completion.

Uploaded by

seanbessant
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Course Name N-0

VRP System
Overview

[Link]

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-1

Foreword
 VRP is a network operation system which can support
multiple kinds of network facilities and which is developed
after many years of research and application practice in the
network domain by Huawei Technologies.

 It provides powerful IP forwarding engine, flexible network


operation and equipment management capability.

 VRP provides high reliability.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page1

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-2

References
 VRP Architecture Technical White Paper

 VRP operation manual

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page2

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-3

Objectives
 Upon completion of this course, you will be able to:
 Understand the VRP architecture.

 Grasp the function of VRP.

 Understand the application of VRP.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page3

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-4

Contents
1. VRP Overview

2. VRP Technology

3. VRP Application

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page4

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-5

Contents
1. VRP Overview
1.1 VRP Background

1.2 VRP Architecture

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page5

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-6

VRP Background
 VRP: Versatile Routing Platform

 Role
 As a network operating system

 As a platform to support lots of products

 Provide TCP/IP routing service

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page6

 VRP is a network operation system which can support multiple kinds of network facilities
and which is developed after many years of research and application practice in the
network domain by Huawei Technologies. Huawei has total intellectual property right
over it. With the powerful IP forwarding engine as its core and by sound architecture
design, it integrates the real-time operation system, the equipment and network
management and other technologies for various network applications. As an ever-
developing and upgradeable platform, it has opened interfaces and can flexibly support
large amounts of protocols and performances. With it, you can construct a highly-
efficient, intelligent, secure and reliable end-to-end network which can ensure the end-
to-end service quality and which is easy to be managed. During network operation,
Huawei Technologies has accumulated a lot of experience after large amounts of
applications of network products and fully absorbed and understood all kinds of user
demands. These are the basis for VRP design, therefore the VRP platform can provide
many protocols and characteristics which can be upgraded, maintained and highly-
reliable so as to adapt to different application environments.
 VRP is a flexible network operation system and can operate on centralized or distributed
network equipment architecture. That is to say, VRP can operate on low-end, mid-range
or core routers. Under the similar products of other manufacturers, different software of it
can operate on routers at different levels. This is also one of the great advantages of
VRP that one platform can operate on different types of routers and switches so clients
can obtain consistent visual perceptions; besides, it can use the same set of operations
to configure protocols and functions for different levels of routers.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-7

VRP Background (cont.)


 History
 Since 1994,more than 10 years continuous development
 Version evolution

VRP1.X VRP3.X VRP5.X

 Developing sites across


 Beijing (all/system integration)
 Shenzhen (IP protocol stack/OS)
 Shanghai (system management)
 Bangalore (routing protocols/MPLS VPN)
Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page7

 The Huawei company began to deploy the VRP Since 1994,more than 10 years
continuous development ; From the VRP V1.0 to the current V5.x, each step of
development is based on the network growth demands so as to expand the service
scope and add new protocols and mechanisms.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-8

VRP Background –Three Layers


VRP core
Independent to concrete product
Routing / TCP IP stack /
MPLS / MPLS VPN

VRP
VRP shell
VRP Core
VRP Core
Core
Independent product partially
IFNET / Link layer……

VRP Shell Product code


Specific to concrete product
Product Code Driver / Device management /
forwarding….

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page8

 The application modules include: Core and Shell

 Core:core arithmetic, state, protocol packets are steady, it is independent to concrete product
 Shell: it is i ndependent to product partially and correlative to system .

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-9

VRP Background—Framework
VRP is designed with modularization software framework

BGP for IPv4

BGP Modular upgrade


Module Ha Cfg without interrupting
Func other modules
Ha

Shell Cfg
BGP Core Easy system
Func maintenance
Interface
Func
Cfg
BGP for IPv4 VPN Ha Upgrade service
smoothly
BGP for IPv6

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page9

 VRP is designed with modularization software framework,for example BGP protocol,


different modules can provide different functions, the upgrading of modules is
independent, it will not interrupt other modules; the system maintenance is easy and it
can upgrade service smoothly.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-10

Contents
1. VRP Overview
1.1 VRP Background

1.2 VRP Architecture

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page10

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-11

VRP Architecture General Control Plane(GCP) System Manage Plane(SMP)


Service Control Plane(SCP) Routing Subsystem Vpn Subsystem Config Management Subsys
Proto Client URP TE_Ex MRP L2vpnM L3vpnM4/6 VPDN WebUI CLI SNMP MML BINA
4/6 VPN_Ex 4/6
IPsec CMO
AAA LocalM L2TPv3 6PE
RM4/6 MRM4/6 VPN

CM Mpls Subsystem

IP Stack Subsystem MPLS-IFM Info Management Subsys


LSPM4/6 CSPF IM Trace Stat
M IP Application4/6 a
I CR-LDP RSVP-TE TEDBM
P Socket Layer Multi Language
TCP4/6 UDP4/6 LSP-AGENT
Data Forwarding Plane(DFP) v
4 ICMP4/6 MIPv6 IP4/6 Security Subsystem Device Management Subsys
FE API PBR4/6
IPSec4/6 FW ACL4/6 Multi-Chassis
FEC Net Interface Subsys
NAT4/6 CA DevSec HeartBeat BoardM
FE DRV IFNET TunnelM QoS Subsystem CFG-RS SwitchOver
PPP ETH FR ATM TUNN4/6 BW-M SAA Hot Plug Alarm Proc
FE
Link Manager QosM RSVP

System Service Plane(SSP)

COMM INSPECT RPC RMDB MOM HA/FT LBM PATCH

PROCESS THREAD MEM TIMER IPC UTILITY FS LOAD


OSAL
Operating System

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page11

 VRP is constructed based on the component architecture.

 The figure above is the system architecture diagram of VRPv5. As shown above, VRPv5
consists of five planes: General control plane (GCP) , Service control plane (SCP) , Data
forward plane (DFP) , System management plane (SMP) , System service plane (SSP) .

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-12

VRP Architecture –GCP


 GCP:General Control
Plane
General Control Plane (GCP)  It supports network
protocols, especially the
Routing Subsystem TCP/IP protocol family,
VPN Subsystem including IPv4 and
IP Stack Subsystem IPv6 ,IPX in the future.
MPLS Subsystem  It supports SOCKET, route
Security Subsystem management, various kinds
Net Interface Subsystem of routing protocols, VPN,
QoS Subsystem interface management, link
layer, MPLS, security and
QoS.
Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page12

It supports network protocols, especially the TCP/IP protocol family, including IPv4 and
IPv6 and it will support protocols such as IPX in the future. It supports the following
protocols and functions: SOCKET, TCP/IP protocol, route management, various kinds of
routing protocols, VPN, interface management, link layer, MPLS, security and QoS
support to IPv4 and IPv6. GCP contains seven subsystems:

 ——Routing subsystem

 ——MPLS subsystem

 ——VPN subsystem

 ——Network interface subsystem

 ——Security subsystem

 ——QoS subsystem

 ——IP Stack subsystem

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-13

VRP Architecture –SCP


 SCP:Service Control
Plane
Service Control Plane (SCP)  Based on GCP.

 Supporting value-added
Proto Client
service:
AAA Local M  Connection management

 User authentication accounting


CM
 User policy management

 ……

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page13

 Based on GCP, it supports value-added services mainly involving connection


management, user authentication accounting, user policy management, VPN, multicast
service management and maintenance of FIB related to service control.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-14

VRP Architecture –DFP


 DFP:Data Forward
Plane  It is made up of the forwarding
Data Forwarding Plane (DFP)
engine and FIB maintenance.

FE API  Main functions: forwarding data,


QoS, policy implementation and
FEC
forwarding table maintenance.
FE DRV  Control plane and forwarding
plane interfaces are defined in
FE
VRP, control and forwarding are
separated.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page14

 This plane provides forwarding services to the system. It is made up of the forwarding
engine and FIB maintenance. The forwarding engine can be implemented through
software or hardware according to the forwarding modes of different products. Data
forwarding supports high-speed switching, secure forwarding and QoS and also
supports expansion of the forwarding module through opened interfaces.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-15

VRP Architecture –SMP


 SMP:System Management
Plane
 It provides system configuration
System Manage Plane (SMP)
management function and
Config Management Subsys management interface, manage the
system output information.
Info Management Subsystem
 It flexibly imports some network
Device Management Subsystem
management mechanisms, such as:
command line, NMP and Web.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page15

 It has the system management function. As the interactive interface between the
peripheral and the equipment, it handles external control input and protocol configuration
input. Regarding platform configuration and management, VRP can flexibly import some
network management mechanisms, such as: command line, NMP and Web.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-16

VRP Architecture –SSP


 SSP:System Service Plane (SSP)
 It supports order system services, such as: memory
management, timer, IPC, loading and so on.
 It provides operation system abstract layer to make the VRP
independent to certain operation system.
System Service Plane (SSP)

COMM INSPECT RPC RMDB MOM HA/FT LBM PATCH

PROCESS THREAD MEM TIMER IPC UTILITY FS LOAD

OSAL
Operating System

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page16

 It supports order system services, such as: memory management, timer, IPC, loading,
conversion, task/process management and component management.

 VRPv5 supports sound communication protocols and abundant software characteristics;


therefore it can satisfy the demands of most network application environments.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-17

Distributed Control/Forwarding System

Signaling/protocol packet

RM
1+1 redundancy RM
FIB Control Unit
BACKUP
Active

statistics and status


information FIB table

Forwarding Unit

Data Packet FIB

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page17

 Control module and forwarding module are separated both logically and physically

 Control module send the FIB down to the forwarding module

 Forwarding module send the statistics and status change information up to the control module

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-18

Distribute Architecture
AMB SMB

RPA MPLS
Ifnet Event RPA MPLS

RIB IFN Sync cfg and change RIB IFN


CFG CFG
Download FIB
ET
FIB
ET
FIB
IPC
Heart Beat Check IPC

Ethernet/
Switch
IPC Switch Fabric IPC

Line CFG Link CFG Link CFG Link CFG Link


Card FWD IPC FWD IPC FWD IPC FWD IPC

FIB FIB FIB FIB

Interface
Control Incoming Packet Outcoming Packet
Packet Data Packet

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page18

 GCP (Routing/MPLS/VPN)/SMP/SCP runs in main board.

 SMP/SCP Agent Also run in Line Card.

 GCP (Ifnet/Link Layer/IP FWD)/SSP run both Main board and Line Card.

 Communication between Main board’s Modules and Line Card ‘s module by IPC.

 CFG info ,including CFG change, and Ifnet info , including ifnet change are backup between AMB and SMB by IPC.

 Routing / MPLS in Main board run protocol to generate forwarding info table and send it to Line Card.

 All ifnet existed in Main board, but Link card only have it’s self ifnet info.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-19

Questions
 Please describe the functions (roles) of VRP.

 Please describe the five planes of VRP and their functions.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page19

 Please describe the functions (roles) of VRP:

 As a network operation system

 As a platform to support lots of products

 Provide TCP/IP routing service

 Please describe the five planes of VRP and their functions:

 General control plane (GCP): It supports network protocols and routing


protocols

 Service control plane (SCP): it supports value-added services mainly involving


connection management and so on

 Data forward plane (DFP): it provides forwarding services to the system ,


supports high-speed switching, secure forwarding and QoS and also supports
expansion of the forwarding module through opened interfaces.

 System management plane (SMP): It can manage the system.

 System service plane (SSP): It supports order system services, such as:
memory management……

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-20

Contents
1. VRP Overview

2. VRP Technology

3. VRP Application

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page20

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-21

Contents
2. VRP technology
2.1 License Mechanism

2.2 High Availability

2.3 VRP Function

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page21

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-22

License Mechanism

 Reason VRPv5 will operate on different products.


they provide different functional attributes and services.

 Function License mechanism can control certain


characteristic available or unavailable and restrict the
maximum number of routes and LSPs the product supports .

 Advantage Operators only need to pay for the functions


and performance attributes they have bought.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page22

 As a platform, VRPv5 will operate on different products. From the low-end routers to the
core routers, they provide different functional attributes and services. That is to say,
there are different demand groups for the characteristics and performances for these
products. A certain product may require certain characteristic are available or
unavailable or restrict the maximum number of routes and LSPs it supports. These can
all be implemented through the License mechanism.

 License mechanism can bring the following benefits to operators: operators only need to
pay for the functions and performance attributes they want to use, which involves a
concept of paying for the usable. In this way, operators only purchase licenses of the
functions and performances they have used. If there are new demands in the future, they
can buy new Licenses.

 For example: if a license document indicates a certain function (protocol) is available,


when the system is operating, the user can see all the commands and relevant functions.
If a license document indicates a certain function (protocol) is not available, the user
cannot see the contents. In addition, the license also controls the maximum number of
objects that can be used by the user, such as the maximum number of routers, LSPs,
CR-LSPs and VRFs. If they do not buy the license, then the basic packet of this product
will contain the default license of each function and performance. For the default license
of relevant products and applications, please refer to our product catalogs and contact
our market personnel.
Confidential Information of Huawei. No Spreading Without Permission
Course Name N-23

Contents
2. VRP technology
2.1 License Mechanism

2.2 High Availability

2.3 VRP Function

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page23

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-24

High Availability
 HA
 High Availability
 Reliability : 99.999%
 No more than 5 minutes unavailable time during one year.
 Effected factor:

Mean Time To Repair

Failure Board System Recovery Routing Forwarding


detection replacement initialization links coverage resume

Reducing each part above can improve system reliability

 VRPv5 supports two major modes: NSF and NSR.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page24

 The objective of high reliability designed for VRPv5 is to reach the availability of 99999,
which means, the system down time in a year is only 5 minutes. High reliability involves
each aspect of the product: hardware/software /system upgrading/redundancy/protocol
handling (only for GR). To attain this goal, VRPv5 supports two major characteristics:
non-stop forwarding (NSF) and non-stop routing (NSR).

 MTTR: Mean Time To Repair

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-25

HA Hardware Requirement
 System main board redundancy
 Two Main boards in system
 AMB: Active Main Board SMB: Standby Main Board
 SMB is in standby state
 Ready to run;
 Check heart beats from AMB;
 Ready to become AMB if AMB crashes.
 Distributing forwarding mode
 System falls into control plane and forwarding Plane.
 Forwarding service is processed in IO boards.
 Control plane info is processed in main board.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page25

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-26

NSF
 NSF: Non-Stop Forwarding
 As router system crashes , during system reboot, forwarding
service will not stop.
 After recovery router system can get routing info from neighbor
routers and rebuild it’s route table / route protocol peers
sessions
 VRPv5 is implemented in two modes: protocol-level graceful
restart and system-level graceful restart.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page26

 NSF (refined restart): IETF defines relevant drafts. The defective routers can continue
forwarding data messages and notify the adjacent routers although it will be restarted
too. The neighboring routers having received messages can continue transmitting data
messages instead of updating messages. After the defective router is restarted, the
neighboring routers will transmit complete routing information to it so that the defective
router can quickly keep pace with the neighboring router in topology information. VRPv5
is implemented in two modes. One is the protocol-level refined restart (NSF); the other is
the system-level refined start.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-27

NSF Advantage

NSF Advantage

Make forwarding
Backup little NSF can have
Easy service continuous
info from network converged
implemented during router
AMB to SMB quickly
switchover

unnecessary to
backup protocol During the NSF switchover the route
get topology
state info; used by forwarding plane maybe
info / route info
Modification error because in this time network
from neighbor
for current topology has changed. But this
after reboot
software is little case occurs in very low likelihood.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page27

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-28

NSR
 NSR: Non-Stop Routing
 When the active board has fault, the standby one will be
activated.
 Connection and sessions of neighboring nodes can be
maintained, the route table will also keep consistent and data
forwarding will not be interrupted.

 Only in the dual-MPU environment, NSR is supported.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page28

 NSR: It ensures the resources are backed up from the active board to the standby board.
When the active has fault, the standby one will be activated, so that connection and
sessions will neighboring nodes can be maintained, the route table will also keep
consistent and data forwarding will not be interrupted. In the dual-MPU environment,
NSR is supported; then the passive GR mode of the protocol is also supported.

 The following protocols support protocol-level GR: ISIS, OSPF, BGP and LDP. In both
the single and dual MPU environment, the protocol-level GR is supported.

 The system-level GR can only be supported by the dual MPU environment but not by the
single MPU environment. The system-level GR reduces the amount of data backed up
by each module and it needs ISIS, OSPF, BGP and LDP protocol to support the active
GR but the handling of other protocols and modules is the same as NSR (hot backup).
The application module which supports the protocol-level GR can only back up the static
data instead of needing backup, recovery and smooth handling of dynamic protocol data.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-29

Contents
2. VRP technology
2.1 License Mechanism

2.2 High Availability

2.3 VRP Function

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page29

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-30

VRP Function
 VRP has abundant characteristics, expansiveness of
protocols and good performances.

 VRP can support more functional attributes than other


providers in this market.

 VRP can support: IPv4, IPv6, MPLS,MPLS-TE, VPN,


multicast, QoS, security, management and so on.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page30

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-31

IPv4/v6 Stack
 IPv4  Manual Tunnel
 TCP/UDP/RawIP  6To4 Tunnel
 ICMP / IGMPv2/v3/ARP  NAT-PT
 Telnet/FTP/TFTP  6PE
 IPv6  Link Layer
 TCP6/UDP6/RawIP6  Ethernet / VLAN / FR /ATM
 ICMP6 /PMTU/ND / POS / Serial….
 Telnet6/TFTP6  PPP/PPPOE/PPPOA
 Transition between  Ethernet Layer 2 Protocol
IPv4/IPv6  Vlanif / MSTP/RSTP /
 Automatic Tunnel HGMP

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page31

 VRP fully supports the IPv4 protocol stack, application and routing protocols.

 IPv4 stack applications contain: IP stack, TCP and UDP.

 IPv4’s applications contain: Ping, Trace route, ICMP, DHCP and TFTP.

 IPv4 route protocols contain: RIP, ISIS, OSPF, BGP.

 It supports all the link layer protocols.

 ……

 IPv6 is a group of standard protocols, which are the next generation of Internet’s
network-layer protocols.

 IPv6 comes from one protocol standard set of IETF,it originates from the current IPv4.

 The most obvious difference between IPv6 and IPv4 is that the length of the IP address
increases from 32 digits to 128 digits.

 ND:Neighbor Discovery

 NAT-PT: Network Address Translation-Protocol Translator

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-32

Smooth Evolution From IPv4 To IPv6


IPv6
• IPv6 protocol IPv6
IPv4 IPv4
Internet
ICMPv6、Path MTU、
ND、 automatic
configuration、DNS
Client IPv6 IPv4
IPv6
Internet
• IPv6 Transition

duel stack、NAT-PT、 Protocol transition


auto tunnel、 IPv6
Internet
configuration tunnel、
6to4 tunnel
• IPv6 routing protocol IPv6
IPv4
BGP4+、IS-ISv6、
Internet
OSPFv3、RIPng IPv6
IPv6

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page32

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-33

MPLS
 Concept MPLS (multi-protocol label switch) uses short labels
with fixed length to encapsulate messages.

 Objective Enhancing the forwarding speed.

 Conflict with the constant development of the hardware


technology and the network processor, the current GSR and high-
performance L3 switching equipment can reach line-speed
forwarding.
Trend
 MPLS Traffic engineer and MPLS VPN.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page33

 MPLS (multi-protocol switch exchange) use short labels with fixed length to encapsulate
messages, can obtain services from various types of link layers (such as PPP, ATM, frame relay
and Ethernet).

 The objective of importing MPLS is to enhance the forwarding speed, but with the constant
development of the hardware technology and the network processor, the current GSR and high-
performance L3 switching equipment can reach line-speed forwarding.

 MPLS application is gradually turning to MPLS TE and MPLS VPN.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-34

MPLS Traffic Engineer


 Advantage manage network traffic, reduce congestion
and ensure QoS better.

 Features as followings:
 MPLS recovery mechanism. When faults take place, data will
not be lost and it takes less than 50ms to switch over to the
standby tunnel.

 FRR protected by links.

 FRR protected by nodes.

 Global fault protection through the entry LSP backup.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page34

 In the IP network, the MPLS TE technology gradually becomes the important tool to
manage network traffic, reduce congestion and ensure QoS.

 TE is the process of how to configure and implement the already exists network
equipments to make the traffic been normally transmitted. First exists network
equipments, then reconfigure them.

 Traffic Engineering is the process of controlling how traffic flows through one’s network
so as to optimize resource utilization and network performance

 A major goal of Internet Traffic Engineering is to facilitate efficient and reliable network
operations whiles simultaneously optimizing network resource utilization and
performance

 The features of MPLS TE:

 MPLS recovery mechanism. When faults take place, data will not be lost and it
takes less than 50ms to switch over to the standby tunnel.

 FRR protected by links.

 FRR protected by nodes.

 Global fault protection through the entry LSP backup.

 Automatic bandwidth adjustment and LSP traffic adjustment.

 CR-LSP re-optimization.
Confidential Information of Huawei. No Spreading Without Permission
 Traffic engineering between areas.

Support MPLS OAM function to manage and diagnose MPLS-TE network.


Course Name N-35

VPN
 VPN: virtual private network
 Function: provide connection to client networks on the
public network.
 VPN classification:
VPN

Traditional VPN MPLS VPN

L2 VPN L3 VPN access list-based VPN Split-route VPN

x.25 ATM FR GRE IPSec

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page35

 The virtual private network (VPN) has existed many years. The major objective of VPN is
to provide connection to client networks on the public network.

 We can divide VPN into two categories: the traditional VPN (including layer-2 VPN,
layer-3 VPN, access list-based VPN and Split-route VPN). The other is the MPLS VPN.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-36

Traditional VPN Technology


 Traditional VPN technology
 Adopts the permanent virtual channel (PVC) and tunneling
technology .

 Expansiveness is not good .

 It is not easy to manage.

 It can not guarantee QoS.

 Traditional VPN service includes: GRE VPN, IPSEC VPN, X.25,


ATM and FR.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page36

 The traditional VPN adopts the permanent virtual channel (PVC) and tunneling
technology and has achieved great success. Currently, the connection scope becomes
wider and wider, therefore, the traditional VPN faces more and more problems related to
expansiveness, management and QoS.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-37

MPLS VPN Technology


 MPLS VPN technology
 Simplify the routing mechanism of core routers.

 Divide the current IP network into logically independent


networks.

 MPLS VPN classification:


Layer 3 VPN : IPv4 VPN, IPv6 VPN,6PE,
Operators’ VPNs ,Multi-AS’ BGP/MPLS VPN,
MPLS VPN Graded BGP/MPLS VPN ,Multi-role host

Layer 2 VPN : CCC,SVC,Martini,Kompella,VPLS

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page37

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-38

MPLS VPN
Various types to access MPLS
VPN:PPP、 、HDLC、 、ATM、 、FR
VPN2 、Eth/VLAN,GRE、 、L2TP
VPN2 site3
site3

Protocols between PE-CE:Static


、BGP、
routing、 、RIP、 、OSPF and ISIS
VPN1 UPE
VPN1 site1
site1
PE
VPN2
VPN2 site2
site2 Solutions for Multi-AS VPN:VRF-to-
-BGP
MP-
MPLS networks PE VRF,MP-EBGP,MP-Multihop EBGP
SPE
MPLS networks VPN1
VPN1 VPN1 site3
site3
VPN1 site2
site2
PE-ASBR
VPN2
VPN2 site2
site2 UPE Support for
HOPE PE-ASBR MPLS VPN
over GRE

Support for IPv6 based


MPLS VPN (6PE) VPN Manager, Multi-
vendor Support
Support for MPLS L2
VPN: Martini, Kompella

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page38

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-39

Multicast
 Multicast is suitable for the case
multicast when the number of users is still
server
unknown. When some users need
information, the multicast source
only transmits it once.
 Advantages: reduce network traffic
and lessen the load of the server
and CPU, Optimized performance,
reduce traffic redundancy.
 VRPV5 supports IPv4/IPv6
multicast and multicast VPN.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page39

 The growth of Internet has led to more and more data and video information exchange,
services such as electronic commerce, online conference, online auction, VOD and
online education have emerged. All these require the transfer of information. Our
common concerns are over information transfer security, use of network bandwidth
resources and how the network bills information transfer.

 The uni-cast mode can be used to set up an independent data transmission channel for
each user, copy and transmit data information.

 Broadcast information transmission can be used to transmit information for all the users
on the network. Among them some users may need it but the other do not.

 In one word, the uni-cast mode is suitable for networks with relatively fewer users but the
broadcast mode for networks with more users. Therefore, when the number of users is
still unknown, it will not be efficient to use the uni-cast and the broadcast mode to
transmit information.

 The IP multicast technology solves the above problems. When some users need
information, the multicast source only transmits it once. Based on the multicast routing
protocol, the router only sets up a tree routing topology structure for multicast messages.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-40

QoS
 QoS: Quality of Service
 measure the service performance of service providers so as to
meet customer demands.
 Network users want to expand new applications, such as
remote education. All these new demands have special
requirements for bandwidth, delay and jitter.
 Two major methods are adopted: differential service (DiffServ)
and integrated service (IntServ).

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page40

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-41

QoS--Superior QOS Architecture


Superior schedule mechanism Accomplished by hardware,
can avoid congestion and and different queues between
service disturbance MPLS and IP

Traffic Classification : L1/L2/L3/ 8 priority queues per port,


L4; support IPV6 ACL based support 8k flow queues
on flow label per blade

PQ/WFQ/Shaping to guarantee
Support DiffServ and InterServ/
the fairness of schedule and the
MPLS TE/QPPB/RRVPN
high priority services

Fabric provides priority control,


supports multicast switching

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page41

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-42

Security
AAA

PAP and CHAP

•Malicious attacks Message filtering


from the public
ASPF
network or the
destructive access of IPSec
some users will decline
Time log
the performance of
network. View graded protection
•The network
Adjacent router authentication
securities VRP can
provides: Network address conversion

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page42

 Malicious attacks from the public network or the destructive access of some users will
decline the performance of network.

 VRP provides the following network securities:

 Authentication, authorization and accounting (AAA) service.

 Authentication protocol: support PAP and CHAP on PPP line.

 Message filtering: use ACL to designate the types of messages that can pass or
cannot pass the router.

 ASPF: detect the application protocol information and so on.

 IPSec: encryption and data source authentication at the IP layer .


 Time log: record the security events of the system and conducts real-time
tracing of illegal access.

 Network address conversion: hide the IP address of the internal equipment


on the public network .

 Adjacent router authentication: ensure exchange of routing information.


 View graded protection: divided users into four grades and each grade is
designated with different configuration rights.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-43

Management
User interface
management

VRP provides several types of


User management
configuration, management and
maintenance modes.
Terminal service
•Customers can access device
through Console terminal, Document management
control device through x-Modem
dialing, manage device through System maintenance
NMS . and management
•System management in VRP
contains : SNMP configuration

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page43

 VRP provides several types of configuration, management and maintenance


modes.
 Customers can access device through Console terminal, control device through
x-Modem dialing, manage device through NMS.

 System management in VRP contains:


 User interface management: manage four user interfaces and control users’
access to routers through the interface.

 User management: The administrator of the route system can efficiently manage
users and the services used by them through this policy.

 Terminal service: conduct remote management through the network

 Document management: manage documents on the hard disk and the flash
memory, can transmit documents between the router and other devices.

 System maintenance and management: provide system debugging and


maintenance tool.

 SNMP configuration: implements SNMP and SNMP configuration .

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-44

Questions
 Please describe the working mechanism of NSF and NSR.

 Please describe the functions VRP can provide.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page44

 Please describe the working mechanism of NSF and NSR:

 NSF: As router system crashes , during system reboot, forwarding service will not
stop; After recovery router system can get routing info from neighbor routers and
rebuild it’s route table / route protocol peers sessions.

 NSR: When the active board has fault, the standby one will be activated.
Connection and sessions of neighboring nodes can be maintained, the route
table will also keep consistent and data forwarding will not be interrupted.

 Please describe the functions VRP can provide:


 As a platform, VRP can provide abundant characteristics, expansiveness
of protocols and good performances. VRP can support: IPv4, IPv6,
MPLS,MPLS-TE, VPN, multicast, QoS, security, management and so on.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-45

Contents
1. VRP Overview

2. VRP Technology

3. VRP Application

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page45

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-46

VRP Application
 VRP as a network platform provides routing
TCP/IP/MPLS service
 Directly used in Data Communication product
 Router
 BRAS
 Switch
 Security Gateway
 Provide basic TCP/IP capability in:
 Wireless Network
 Fixed Network
 Optical Network
 Service software

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page46

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-47

Application of VRP in Huawei Product


Customized Network Solutions

Wireless Network Fixed Network Optical Network Service & Software Datacom Terminals

• WCDMA • NGN • LH/ULH DWDM • OSS • Router • WCDMA handset


• CDMA2000 • xDSL • Metro WDM • Fixed IN • LAN Switch • CDMA handset
• TD-SCDMA • Switching • NG-SDH • Wireless IN • Security & • CDMA fixed
• GSM/GPRS • Access Network • NG-SONET • Universal IN VPN terminal
• EDGE • Videoconference • OCS • Wireless Data • VoIP • Wireless data
• PTT • BRAS card
• WLAN • Fixed Terminals
• IP Telecom
Network

ASIC Design Center / Shared Platform

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page47

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-48

Application of VRP in Datacomm


Product
End-to-End Network & Service Solution

Router Switch Security & VPN GW & Server NMS

•NE5000E /80E/40E •S8500 Terabit Core •Eudemon1000 GE FW •MA5200 BRAS •iManager N2000 DMS
Terabit Core •S8016 Multi-Service •Eudemon500 GE FW •A8010 RAS/VoIP GW •iManager NSM
•NE80 Gigabit Core •S6500 GE/Chassis •Eudemon200 FE FW •VG VoIP Analog GW VPN Manager
•NE40 Universal Edge •S5000 GE/Box •Eudemon100 FE FW •Eudemon2200 SBC QoS Manager
•NE20 Multi-Service •S3900 IRF GE •SecPath1000 VPN GW •Eudemon2100 SBC •iTellin AAA
•NE16E/08E/05 Edge •S3500 L3 GE Access •SecPath100 VPN GW •RM 9000
•AR46/28 Modular •S3000 L2 GE Access
•AR18 Fixed Interface •S2000 L2 FE Access
•Aolynk/DR SOHO •Aolynk/S SOHO

ASIC Design Center & CMM 5 Certification

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page48

 Huawei has form full range products of data communication, including : Router, Ethernet
switch, Security & VPN, GW & Server, Network management system.

 Router product line: from core TSR to desktop product, core product can provide 10G
interface, edge product can provide DSL access.

 Ethernet switch product line: from core S8000 series to S2000 series L2 switches.

 Security & VPN product line: Eudemon series,SecPath100/1000 VPN GW.

 GW & Server product line : from broadband access server MA5200 BRAS to
narrowband A8010 Expert.

 Network management system product line : from N2000 NM to VPN Manager and QoS
Manager.

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-49

Summary
 In this course it introduces the background of VRP ,basic
architecture and functions;

 Introduce the License mechanism and high-availability;

 As a platform, the functions it can provide;

 The applications of VRP in the products.

Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved. Page49

Confidential Information of Huawei. No Spreading Without Permission


Course Name N-50

Thank you
[Link]

Confidential Information of Huawei. No Spreading Without Permission

You might also like