Huawei NetEngine 8000 review: Exploring the features of SRv6

In recent years, more equipment for routing network traffic has been supplied under the Huawei brand than under other brands, and part of the merit of the company is that it was at the origins of 5G technologies, and by the time the world came to the transition to a new generation of networks, it already had everything in its portfolio that is needed to deploy new communication networks.

In addition to well-known trends that entail a constant increase in network traffic, such as the growth of cloud loads, the expansion of the IoT world and the introduction of 5G, a meta-universe has recently begun to assert itself, in which the decentralization of services and numerous VR applications require a higher quality channel to participate in virtual events, such as rallies, conferences and presentations. Huawei's NetEngine 8000 family includes the entire range of network switches, from high-performance models for telecom operators with the letter X in the model designation, to Edge models designed to support a guaranteed level of service (SLA) at individual infrastructure facilities. Separately, I would like to mention models with the index F, which implement the interconnect scenario between highly loaded data centers (DCI, Data Center Interconnect).

The M series is designed to implement Metro factories, and is able to adapt to a 10-fold increase in traffic in the coming years without changing the platform.

The high performance of routers allows them to be used as a traffic exchange center for L2 operators, this is especially important, given that Huawei implements a number of new technologies, including for telecom operators. Among them is the SRv6 routing protocol, which simplifies the delivery of VPN traffic from the user to the application container. Let's take a little look at the technologies that will define future networks.

SRv6 Technology

First of all, I would like to say about SRv6, the IPv6-based segment routing technology that supersedes the LDP label allocation and network resource reservation protocols, RSVP. In this case, a paradigm is implemented in which the routing decision is made based on an ordered set of instructions (segments) received at the entrance to the SR domain. Each router in the SRv6 network has its own SID label, and when receiving an IPv6 packet in its pure form, it encapsulates an SRv6 header containing a stack of labels in it. Based on these labels, a map of the packet passing through routing nodes is constructed, both using OSPF if the label stack does not contain all the nodes through which the packet needs to pass, and without additional "help" if all SID labels from point "A" to point "B" are entered in the label stack.

We can say that SRv6 allows you to lay the path of a packet through the entire segment without prescribing special tunnels. That is, where previously the packet passed through several VLAN and VPN tunnels, now it is possible to conduct an end-to-end connection.

iFIT (In-site Flow Information Telemetry)

iFIT is an in-band data flow measurement solution that implements a hardware detection approach for each packet, so that even minor network traffic failures can be detected in real time. Instead of sending test packets, iFIT directly measures the information transmitted in the packets to get data on network quality. This approach makes it possible to increase the accuracy of packet loss detection by 1000 times compared to traditional methods. iFIT does not require external sensors: router service cards can receive key performance indicators of real data streams sequentially, with high latency accuracy.

iFiT allows customers to monitor the state of the network using NMS and determine whether the quality of the network complies with service level agreements (SLA), as well as promptly adjust services in accordance with the measurement results obtained to improve the performance of end users.

Huawei NetEngine 8000 M1A

With all the huge capabilities of the X and M models of the NetEngine 8000 series, the most popular are the compact inexpensive Huawei NetEngine 8000 M1A routers, which in the Huawei classification belong to Edge devices. They have 1-gigabit and 10-gigabit network ports with a total switching capacity of 352 Gbit/s and routing of 72 million packets per second, which allows it to be used for large government and commercial structures implementing communication between Edge objects, private clouds and small data centers.

This compact router with a fixed configuration has:

• 16 slots 10G/1G/100M SFP+
  
• 12 1G/100M SFP slots
• 4 1GBase-T ports
  

The total power consumption does not exceed 75 watts, so there are no special requirements for installation in the cabinet. With a sufficiently low noise level of about 36 dB during operation, this router can be installed in the same working room with the staff, which fits perfectly into the concept of Edge installations.

Moreover, Huawei NetEngine 8000 M1A has an extended temperature range from -40 to +65 degrees Celsius, which opens the way for it to be installed in unattended unheated points, including in utility rooms, or on telecommunication masts.

The Huawei NetEngine 8000 M1A version for DC circuits comes with two power supplies operating in a 1+1 configuration, and the test copy that came to us was designed to be connected to AC circuits, and the power supply here is one, non-removable, does not require its own cooling. Three 40 mm fans with automatic adjustment are quite enough for air circulation through the 1U housing. As already noted above, the noise level when running Huawei NetEngine 8000 M1A is 36 dB in minimum load mode, and rises to 45 dB.

The design uses Huawei's own processors (Hisilicon brand), as well as FPGA manufactured by Anlogic.

The front panel is distributed as follows:

• 1 and 2 - SFP+/SFP ports 10G/1G/100M Ethernet in the amount of 16 pieces
• 3 - SFP ports 1G/100M Ethernet, a total of 12 pieces
• 4 - RJ45 ports 1G/100M Ethernet, 4 shuki
• 5 - RJ45 port for console connection (ETH/OAM)
• 6 - RJ45 port for clock connection
• 7 - RJ45 port for alarm connection
• 9 - RJ45 port to connect the clock
  

There are no ports or switches on the back of the case, which allows you to install the router in hidden niches and in telecommunication cabinets up to 300mm deep, including without forced ventilation.

The Huawei NetEngine 8000 M1A router does not have a Web interface, and configuration is done via the command line. During the initial installation, the operator will need to connect to the device via RS-232 via a special adapter, and after configuring the IP address, it will be possible to enable SSH access and configure users. Since the NetEngine 8000 series is primarily designed to work in high-speed networks, the functionality is minimized: actually routing, and everything about security settings and Firewall is meant to run on other devices. Therefore, in the simplest case, to start networks, you need to configure OSPF, BFD and enable VRRP IP address routing redundancy if a fault-tolerant configuration is implemented... Below is an example of configuration via the command line for a fault-tolerant configuration with two routers connected to the Internet and a data center, as in the diagram below:

  
router id 1.1.1.1
#
ospf 1
 area 0.0.0.0
 network 10.1.1.0 0.0.0.255     // OSPF must be enabled in the network segments where the interfaces of all devices connected to the router are located.
 network 10.1.2.0 0.0.0.255
 network 192.168.1.0 0.0.0.255
 network 172.16.0.0 0.0.0.255
#
interface 10GE1/0/1
 ospf cost 10                  // Let's set the weight of the OSPF route between the two routers to 10.
 ospf network-type p2p
#
#
interface 10GE1/0/2
 ospf cost 2000                // Let's set the weight of the OSPF route between the router and the Internet firewall to 2000.
 ospf network-type p2p
#
#
interface 10GE1/0/3
 ospf cost 2000               // Let's set the weight of the OSPF route between the router and the firewall of the data center to 2000.
 ospf network-type p2p
#
interface 10GE1/0/4.1         // If there are several subinterfaces, configure weights for each.
 ospf cost 2000       
#
interface 10GE1/0/4.2
 ospf cost 2000       
#
interface 10GE1/0/4.100
 ospf cost 2000       
#

To configure traffic prioritization, first set the ACL

#
bfd atob bind peer-ip 172.30.0.2 interface GigabitEthernet1/0/4.100   // We set up a static BFD session and specify the local interface and the IP address of the peer interface.
 discriminator local 1                                                 // Let's set the local discriminator of the static session BFD to 1.
 discriminator remote 2                                                // Let's set the remote discriminator of the static session BFD to 2.
#

Setting up traffic classification

#
traffic classifier VIP operator or // Let's determine which traffic is considered VIP.
 if-match acl 2001 // Determine that VIP traffic corresponds to ACL 2001
traffic classifier SIP operator or // Let's determine which traffic to count as SIP.
 if-match acl 2002 // Determine that SIP traffic corresponds to ACL 2002.
#
traffic behavior VIP
remark ip-precedence 5 // Set the priority of IP packets corresponding to the VIP traffic classifier to 5.
traffic behavior SIP
 remark ip-precedence 4 // Set the priority of IP packets corresponding to the SIP traffic classifier to 4.
#
traffic policy VIP
share-mode // Set a common attribute for traffic policy.
 classifier VIP behavior VIP // Specify the behavior of VIP traffic for the classifier of VIP traffic.
traffic policy SIP
 share-mode
 classifier SIP behavior SIP // Specify the behavior of SIP traffic for the classifier of SIP traffic.
#

Applying the specified policy to the subinterface.

#
interface GigabitEthernet1/0/4.1
 traffic-policy SIP inbound                   // If a packet conforms to ACL 2002, its priority is set to 4.
#
interface GigabitEthernet1/0/4.2
 traffic-policy VIP inbound                   // If the packet conforms to ACL 2001, its priority is set to 5.
#

To test the performance of the router, a stand was launched using several virtual machines and network devices:

• Windows Server 2019 - in the range of external IP addresses, generating load from the WAN side
• 2 x Windows Server 2019 - in the range of internal IP addresses connected to the LAN ports of the router, generating load from the LAN side
• 10-gigabit network switch Zyxel XS1930-12HP on the LAN side
• Intel X550-T2 network cards for load connection

To generate the load, iPerf3 was used over the TCP protocol in 8 threads.

Tests show that the router fully utilizes the physical speed of the channel, both on 1-gigabit and 10-gigabit connections.

Conclusions

The Huawei NetEngine 8000 M1E series makes it relatively inexpensive to build and develop both carrier traffic networks and support networks of large companies whose business actively uses cloud infrastructure. SRV6 technology, which promises to be the next stage in the development of traffic routing, has already been implemented in routers of other vendors, so there will be no incompatibility problems. At the same time, Huawei offers services using machine learning and artificial intelligence for predictive analysis and elimination of possible cases in the network. In fact, these technologies have been tested on data storage systems (see our review of Huawei Dorado 5000 V6), today they are successfully implemented in operator-class network equipment. These features make it easier for operators to understand the needs of their networks and manage a large fleet of devices more efficiently.

Michael Degtjarev (aka LIKE OFF)
14/11.2023