Country / Region
Principles
Reliability: Through multi-level redundant connection and redundant support of the device, the entire architecture can meet the uninterrupted connection demands of the service system.
Advancement: New technologies are incorporated, and network upgrade can be carried out by considering technological advancement and maturity.
Scalability: The network has a scalable network architecture and smooth evolution capabilities. The network architecture is scalable in terms of function, capacity, and coverage capability to meet the requirements of rapid service development on the basic carrier network.
Ease of maintenance: The network management system enables the management of network devices, the rapid deployment and adjustment of routing policies and service access policy configuration, and the rapid location and processing of the network failures.
Solution
Logical architecture:
SeerNetwork Architecture (SNA) is the next-generation intelligent network architecture launched by H3C, which consists of the following components.
As a core component of SNA, SNA Center provides unified management, control, intelligent analytics, and service orchestration capabilities for the entire network. Boasting a global perspective, SNA Center can coordinate resources across management domains to simplify O&M and reduce operating expenses. SNA Center provides real-time network monitoring and intent- or status-based analytics to enable automated service deployment and risk prediction, helping the network to serve critical businesses more concisely, intelligently, and efficiently.
As the key of the entire network, SeerEngine is a component of the campus controller. SeerEngine performs automatic deployment of network devices, user access management, user group/policy management, service configuration management, and network O&M management through an intuitive graphical interface. SeerEngine converts administrator operations into specific commands for network devices in the background and delivers them to the devices for execution.
As a new intelligent analysis system introduced in the AD-Campus solution, SeerAnalyzer uses telemetry technology to achieve rapid network status awareness. It achieves trend prediction and rapid fault location with big data analysis and machine learning algorithms. This improves the efficiency of O&M management and allows network administrators to focus more on the services by freeing them from tedious network O&M tasks.
The network architecture consists of devices in the core layer, aggregation layer, and access layer (access devices can be deployed in multiple layers), and the SeerEngine campus controller is deployed in the network. The features are shown as follows:
An overlay network is built between the aggregation devices and core devices to provide a stateless network, while distributed L3 gateways are used and broadcast storms are effectively suppressed through reliable mechanisms. Devices in the access layer use different VLANs to identify access locations and connect to the aggregation layer through trunk ports. The aggregation layer realizes VLAN to VXLAN mapping.
Policy management adopts a user-oriented grouping model, which divides users with similar attributes or access permissions into a user group and also divides the resources on the server into corresponding user groups for unified management. Defining policies based on a matrix table is simple and intuitive. The definition of specific policies can be simple or complex to achieve advanced and complex policy control functions.
The flexible access mechanism of user authentication can meet the needs of various access scenarios based on the 5W1H questions: who, whose, what, when, where, and how. Users can flexibly customize the scenarios to meet their needs.
Throughout the life cycle of the user terminal, the one-to-one correspondence of the user and IP is supported. For example, the architecture can be bound with the port based on security needs. As a result, no matter where the terminal locates, it always has the same fixed IP to simplify future O&M.
Network solution
Providing users with the deep convergence solution of wired and wireless devices is typically in demand in a wide range of industries, including government, education, enterprise, and health care. Deep convergence is required in both the control plane and the forwarding plane, and the wired devices must have the same flexibility as wireless devices. Based on the feature of SDN architecture, this networking solution has excellent programmable features, providing a solid foundation for overall solution flexibility and scalability.
A typical large campus network is shown as follows:
This network solution is suitable for the multi-branch access scenario in the headquarters of large enterprises or the access scenario of multiple main campuses.
Controllers, analyzers, and DHCP servers are centrally deployed in one main campus.
ACs can be centrally deployed in one main campus, and all APs are registered to the AC, or they can be distributed in each campus or branch, and APs in each campus or branch are registered to the respective ACs.
The solution highlights various features such as stateless network, ubiquitous policy, network on the move, the integration of wired and wireless devices, virtual network isolation, on-demand service delivery, automatic device deployment, and one-click start in the campus.