Foreword

 Communication has always been with us ever since the origin of human society. Communication has been playing an
increasingly important role especially since human society entered the information era in the 1970s or 1980s.
 The communication mentioned in this course refers to the communication implemented through a data communication
network. This course describes the concepts related to communication and a data communication network, information
transfer process, network devices and their functions, network types, and typical networking. In addition, this course
briefly introduces the concepts related to network engineering and network engineers.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
 Understand the concepts related to communication and a data communication network.
 Be able to describe the information transfer process.
 Differentiate network devices of different types and understand their basic functions.
 Understand different network types and topology types.
 Understand the concepts related to network engineering and network engineers.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei Device Icons

General General switch Core switch Aggregation switch Access Stacked switches Firewall General NMS AP Base station
router switch

General server Cluster FTP server Authentication PN user Enterprise network user Enterprise Business trip AC Wi-Fi signals
server

Internet Network cloud 1 Network cloud IP phone PC Pad Mobile phone Laptop
2

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Communication and Networks

2. Network Types and Topology Types

3. Network Engineering and Network Engineers

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network communication Data communication network

Concept of Network Communication

 Communication refers to the information transfer and exchange between people, between people and things, and between things through a certain
medium and behavior.
 Network communication refers to communication between terminal devices through a computer network.
 Examples of network communication:

Data
Router

A. Files are transferred between two computers (terminals) through a

network cable. Data
...
Data

B. Files are transferred among multiple computers (terminals)

through a router.

C. A computer (terminal) downloads files through the

Internet.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network communication Data communication network

Information Transfer Process

 Virtual information transfer is similar to real object transfer.

Objects Package Distribution center Sky Distribution center Package Objects

Packet Packet
Data Data Data Data

Computer Gateway router Internet Gateway router Computer

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network communication Data communication network

Common Terms

Term Description
Data payload Information conveyed
Packet Data unit switched and transmitted on the network
Header Information segment added before the data payload
Tail Information segment added after the data payload
Encapsulation Process of adding a header and a tail to a data payload to form a new packet
Decapsulation Process of removing the header and tail from a packet to obtain the data payload
Gateway Network device that provides functions such as protocol conversion, route selection, and data exchange
Router Network device that selects a forwarding path for packets
Terminal device End device of a data communication system, used as a sender or receiver of data

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network communication Data communication network

Concept of the Data Communication Network

Internet
• Data communication network:
Core equipment room
Log system
Communication network that consists of routers, Controller
NMS
switches, firewalls, access controllers (ACs), Application server

access points (APs), PCs, network printers, and

servers

• Function:
To implement data communication

...
... ...

Office area 1 Office area 2 Office area 3

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network communication Data communication network

Switches
 Switch: a device closest to end users, used to access the network and switch data frames
 Network access of terminals (such as PCs and servers)
 Layer 2 switching

Switch

Broadcast domain

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network communication Data communication network

Routers
 Router: a network-layer device that forwards data packets on the Internet. Based on the destination address in a received packet, a router selects a
path to send the packet to the next router or destination. The last router on the path is responsible for sending the packet to the destination host.
 Implementing communication between networks of
the same type or different types
 Isolating broadcast domains
 Maintaining the routing table and running
Router
routing protocols
 Selecting routes and forwarding IP packets
 Implementing WAN access and network
address translation
 Connecting Layer 2 networks established through switches Broadcast domain A Broadcast domain B

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network communication Data communication network

Firewalls
 Firewall: a network security device used to ensure secure communication between two networks. It monitors, restricts, and modifies data flows
passing through it to shield information, structure, and running status of internal networks from the public network.
 Isolating networks of different security levels Untrust zone
 Implementing access control (using security policies)
between networks of different security levels Internet

 Implementing user identity authentication DMZ

 Implementing remote access Firewall

 Supporting data encryption and VPN services

 Implementing network address translation Trust zone

 Implementing other security functions

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network communication Data communication network

Wireless devices

Internet Internet

AC

Fat AP Fit AP

WLAN (Wi-Fi)

Wired terminal Wireless terminal Wireless terminal Wireless terminal

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Communication and Networks

2. Network Types and Topology Types

3. Network Engineering and Network Engineers

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Types Network Topologies

LAN, MAN, and WAN

 Based on the geographical coverage, networks can be classified into local area networks (LANs), metropolitan area networks (MANs), and wide area
networks (WANs).
 LAN
 A LAN is a network that consists of computers, servers, and network devices in a geographic area. The coverage of a LAN is generally within several thousand square meters.
 Typical LANs include a company's office network, a cyber bar network, a home network.

 MAN
 A MAN is a computer communication network established within a city.
 Typical MANs include broadband MANs, education MANs, and municipal or provincial e-government private lines.

 WAN
 A WAN generally covers a large geographical area ranging from tens of square kilometers to thousands of square kilometers. It can connect networks of multiple cities or even
networks of countries (as an international large-scale network) and provide long-distance communication.
 The Internet is a typical WAN.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Types Network Topologies

LAN, MAN, and WAN in the Education Industry

Provincial Level Municipal Level County Level

Internet

MAN core of the

MAN core of the provincial MAN core of the municipal district-level/county-
education bureau education bureau level education bureau

LAN of a middle LAN of a middle LAN of a primary

school school school

LAN of a college or LAN of a college or LAN of a college or

LAN of a college or university
university LAN of a college or university
university university

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Types Network Topologies

Network Topologies
 A network topology is a structured layout presented using transmission media (such as twisted pairs and optical fibers) to interconnect various
devices (such as computer terminals, routers, and switches).

The network topology is used to describe

the physical or logical structure of a
network in the network engineering field,
and is a very important network concept.

...
...

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Types Network Topologies

Network Topology Types

 Network topologies are classified into star, bus, ring, tree, full-mesh, and partial-mesh network topologies.

Star network topology Bus network topology Ring network topology

Combined network topology

Tree network Full-mesh network Partial-mesh network

topology topology topology

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Communication and Networks

2. Network Types and Topology Types

3. Network Engineering and Network Engineers

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Engineering
 Network engineering
 Network engineering refers to planning and designing feasible solutions based on network application requirements and computer network system standards, specifications, and
technologies under the guidance of information system engineering methods and complete organizations, as well as integrating computer network hardware devices, software, and
technologies to form a cost-effective network system that meets user requirements.

 Technical modules covered by network engineering:

Application

Storage Security Calculation

Wireless Routing Switching

Equipment room Media

...

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Engineer
 Network engineer
 Network engineers are technology professionals who master professional network technologies, have professional skills, professionalism, and project implementation experience in the
network engineering field, and are able to fully communicate with customers or other project stakeholders onsite. In addition, they can develop implementation solutions and project plans
(recognized by project stakeholders) based on customer requirements and environment factors, fully mobilize resources of all parties to ensure timely and high-quality project
implementation, and provide training for stakeholders and deliver engineering documents after the project is implemented.

 Comprehensive capability models for network engineers:

Process specification Business etiquette Team collaboration

Industry knowledge Values Business management

Engineering knowledge Service awareness Presentation capability

Product knowledge Information collection Problem solving

Technical knowledge Learning competency Communication capability

Professional knowledge Basic qualification Professional skills

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Engineers' Technology Development Path

Solution design, network planning, implementation, troubleshooting, and optimization

Overall capabilities
From macro to micro and then back to

Packet and underlying

Underlying working mechanism of protocols and packet details
mechanisms

Open Shortest Path First (OSPF) connection establishment process

macro

Protocol mechanisms
Detailed working process of the Spanning Tree Protocol (STP)

How How to perform, verify, and query OSPF configurations

What Routing and switching

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei Certification Injects Vitality into Talent Development for
Enterprises

Providing talent with career development Facilitating enterprise innovation and

Certification exam paths transformation

• Provides authoritative certification for ICT talent. The ICT

• Meets enterprise talent's career evolution from an talent with authoritative certification helps ensure project
• Cultivate experts who understand both business and
engineer to a senior engineer, and then to an expert. delivery quality and improve customer satisfaction.
technologies. • Provides a hierarchical certification system that provides • Enhances the overall performance and productivity of
• Cultivate platform construction and service application
customized talent growth paths in accordance with job- enterprises.
experts based on HUAWEI CLOUD.
based capability requirements and supports in-depth • Accelerates business innovation and transformation, and
• Focuses on ICT infrastructure and cultivates architecture
professional development, integration, and expansion, improve the overall operational efficiency.
talent in all ICT fields.
reducing the talent cultivation cost for enterprises.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei Certification Portfolio
 Huawei certification covers all ICT fields and is committed to providing a leading talent cultivation architecture and certification standards, cultivating ICT professionals
in the digital era, and building a healthy ICT talent ecosystem.

ICT Vertical Certification Finance Public Safety

Intelligent Enterprise
Big Data AI IoT
Video Surveillance Communication
Platform and Service Certification Huawei Certified ICT Expert
GaussDB Kunpeng
Application Developer

Cloud Computing Cloud Service

Huawei Certified ICT Professional

Data Center

Storage Intelligent Computing

ICT Infrastructure
Security
Certification
Datacom WLAN SDN Huawei Certified ICT Associate

Transmission Access LTE 5G

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei Datacom Certification Portfolio

HCIE-Datacom
Aiming to cultivate network experts with solid theoretical
HCIE foundation and deployment capabilities for cross-field solutions

HCIP
HCIA-Datacom
HCIA
Aiming to cultivate network engineers with
basic datacom theories and skills
HCIP-Datacom
Aiming to cultivate senior network engineers for cross-field
solution planning and design or single-field planning and deployment

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Single) Which of the following type of network topology has the highest reliability? ( )
A. Star network topology

B. Ring network topology

C. Full-mesh network topology

D. Tree network topology

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 This section describes the concepts of network communication and data communication network. The basic function of a
data communication network is to implement network communication.

 This section also introduces various network devices, the differences between LAN, MAN and WAN, and various network
topologies. In actual networking, multiple topologies are combined according to the requirements of multiple parties.

 This section also describes network engineering and network engineers and introduces Huawei datacom certification
system.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 In the digital era, various information is presented as data in our life. What is data? How is data transmitted?
 In this course, we will use the network reference model to understand the "life" of data.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
 Understand the data definition and transmission process.
 Understand the concepts and advantages of the network reference model.
 Understand common standard protocols.
 Understand the data encapsulation and decapsulation processes.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Applications and Data

2. Network Reference Model and Standard Protocols

3. Data Communication Process

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Origin of the Story - Applications
 Applications are used to meet various requirements of people, such as web page access, online gaming, and online video
playback.
 Information is generated along with applications. Texts, pictures, and videos are all information presentation modes.

Application

Information

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Application Implementation - Data
 Data generation
 In the computer field, data is the carrier of all kinds of information.

 Data transmission
 Data generated by most applications needs to be transmitted between devices.

Data Does an application need to

complete the entire process
Network from data generation to data
transmission?

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Applications and Data

2. Network Reference Model and Standard Protocols

3. Data Communication Process

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSI Reference Model

7. Application Layer Provides interfaces for applications.

Translates data formats to ensure that the application-layer data of one system can be identified by the
6. Presentation Layer application layer of another system.

5. Session Layer Establishes, manages, and terminates sessions between communicating parties.
Establishes, maintains, and cancels an end-to-end data transmission process; controls transmission speeds
4. Transport Layer and adjusts data sequences.

3. Network Layer Defines logical addresses and transfers data from sources to destinations.

2. Data Link Layer Encapsulates packets into frames, transmits frames in P2P or P2MP mode, and implements error checking.

1. Physical Layer Transmits bitstreams over transmission media and defines electrical and physical specifications.

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 TCP/IP Reference Model
 The OSI protocol stack is complex, and the TCP and IP protocols are widely used in the industry. Therefore, the TCP/IP
reference model becomes the mainstream reference model of the Internet.

Application Layer

Application Layer Presentation Layer Application Layer

Session Layer

Host-to-Host Layer Transport Layer Transport Layer

Internet Layer Network Layer Network Layer

Data Link Layer Data Link Layer

Network Access Layer
Physical Layer Physical Layer

Standard TCP/IP model OSI model Equivalent TCP/IP model

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common TCP/IP Protocols
 The TCP/IP protocol stack defines a series of standard protocols.

Telnet FTP TFTP SNMP

Application Layer
HTTP SMTP DNS DHCP
Transport Layer TCP UDP
ICMP IGMP
Network Layer
IP
PPPoE
Data Link Layer
Ethernet PPP
Physical Layer ...

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common Protocol Standardization Organizations
 Internet Engineering Task Force (IETF)
 IETF is a voluntary organization responsible for developing and promoting Internet protocols (especially protocols that constitute the TCP/IP protocol suite), and
releasing new or replacing old protocol standards through RFCs.

 Institute of Electrical and Electronics Engineers (IEEE)

 IEEE has formulated about 30% of standards in the electronics, electrical, and computer science fields worldwide. Those standards include well-known IEEE802.3
(Ethernet) and IEEE802.11 (Wi-Fi).

 International Organization for Standardization (ISO)

 ISO is an international organization that plays an important role in the formulation of computer network standards, such as the OSI model defined in ISO/IEC 7498-
1.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Application Layer
• The application layer provides interfaces for application software so that applications can use network services. The application layer protocol
designates transport layer protocols and ports.
• PDUs transmitted at the network layer are called data.

Application Layer • HTTP 80 (TCP)

(Data) Hypertext transfer protocol, which provides web browsing services.
• Telnet 23 (TCP)
Transport Layer Remote login protocol, which provides remote management services.
• FTP 20 and 21 (TCP)
Network Layer File transfer protocol, which provides Internet file resource sharing services.
• SMTP 25 (TCP)
Simple mail transfer protocol, which provides Internet email services.
Data Link Layer
• TFTP 69 (UDP)
Simple file transfer protocol, which provides simple file transfer services.
Physical Layer

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Common Application Layer Protocols - FTP

 The File Transfer Protocol (FTP) transfers files from one host to another to implement file download and upload. This protocol adopts
the client/server (C/S) structure.

FTP client FTP server

Network

FTP client: provides commands for local users to operate files on a FTP server: a device that runs the FTP service. It provides the
remote server. A user can install an FTP client program on a PC and set access and operation functions for remote clients, allowing users
up a connection with an FTP server to operate files on the server. to access the FTP server through the FTP client program and
access files on the server.

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Common Application Layer Protocols - Telnet

 Telnet is a standard protocol that provides remote login services on a network. It provides users with the ability to operate remote
devices through local PCs.

Telnet server

Telnet connection A user connects to a Telnet server through the Telnet

AP Router
client program. The commands entered on the Telnet

Network client are executed on the server, as if the commands

Telnet client
SW Firewall
were entered on the console of the server.
...
Server

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Common Application Layer Protocols - HTTP

 Hypertext Transfer Protocol (HTTP): is one of the most widely used network protocols on the Internet. HTTP was originally designed to
provide a method for publishing and receiving HTML pages.

Network
HTTP client HTTP server

Visits www.huawei.com.

Returns the HTML file of the page.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Transport Layer
 A transport layer protocol receives data from an application layer protocol, encapsulates the data with the corresponding transport
layer protocol header, and helps establish an end-to-end (port-to-port) connection.
 PDUs transmitted at the transport layer are called segments.

Application Layer
Transport layer protocols:
Transport Layer TCP: a connection-oriented reliable protocol defined
(Segment) by IETF in RFC 793.
UDP: a simple connectionless protocol defined by
Network Layer
IETF in RFC 768.
Data Link Layer

Physical Layer

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

TCP and UDP - Header Formats

Source Port (16) Destination Port (16)

Sequence Number (32)
Acknowledgement Number (32) TCP header
Header Length Reserved (6) Control Bits Window (16) 20 bytes
(4) (6)

Checksum (16) Urgent (16)

Options
Data (varies)

Source Port (16) Destination Port (16) UDP header

Length (16) Checksum (16) 8 bytes
Data (if any)

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

TCP and UDP - Port Numbers

Web browser HTTP server

HTTP application Telnet HTTP application Telnet

TCP port 1024 TCP port 1231 TCP port 80 TCP port 23

House number: 1.1.1.1 (IP address) House number: 2.2.2.2 (IP address)

Network

HTTP client HTTP server

Source IP address: 1.1.1.1 Source port number: 1024 HTTP

Destination IP address: 2.2.2.2 Destination port number: 80 Payload

IP header TCP header

• Generally, the source port used by a client is randomly allocated, and the destination port is specified by the application of a server.
• The system generally selects a source port number that is greater than 1023 and is not being used.
• The destination port number is the listening port of the application (service) enabled on the server. For example, the default port number for HTTP is 80.

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

TCP Connection Setup - Three-Way Handshake

• Before sending data, a TCP-based application needs to establish a connection through three-way handshake.

PC1 PC2
1.1.1.1:1024 2.2.2.2:23

IP header TCP header

Source = 1.1.1.1 Seq=a Ack=0

Destination=2.2.2.2 (Flags: SYN is set.)

Source = 2.2.2.2 Seq=b Ack=a+1

Destination=1.1.1.1 (Flags: SYN is set, and ACK is set.)

Source = 1.1.1.1 Seq=a+1 Ack=b+1

Destination=2.2.2.2 (Flags: ACK is set.)

A TCP connection is established.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

TCP Sequence Number and Acknowledgment Number

 TCP uses the Sequence Number and Acknowledgment Number fields to implement reliable and ordered data transmission.

PC1 PC2
1.1.1.1:1024 2.2.2.2:23
1 A TCP connection is
2
3 established.
4
5
6 …… IP header TCP header

Source = 1.1.1.1 Seq=a+1 Payload

Destination = 2.2.2.2 Ack=b+1 Length = 12 bytes

Source = 2.2.2.2 Seq=b+1 Payload

Destination = 1.1.1.1 Ack=a+1+12 Length =0 bytes

Data to be sent Source = 1.1.1.1 Seq=a+13 Payload

Destination = 2.2.2.2 Ack=b+1 Length = 66 bytes Question: Why does the value of the
Acknowledgment Number field in the
Source = 2.2.2.2 Seq=b+1 Payload segment sent by PC1 not increase?
Destination = 1.1.1.1 Ack=a+12+66 Length = 0 bytes

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

TCP Window Sliding Mechanism

 TCP uses the sliding window mechanism to control the data transmission rate.

PC1 PC2

Buffer of the receiver

seq=100 win=3 flags=SYN
1
Three-way seq=200 Ack=101 win=3 flags=SYN,ACK
handshake
seq=101 Ack=201 win=3 flags=ACK

Data to be sent
2 seq=101 win=3

Data transmission seq=102 win=3

3
seq=103 win=3

Question: Why does the Window

Ack=104 win=1 ctl=ACK
4 field of the segment sent by PC1
remain unchanged?
seq=104 win=3
5

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

TCP Shutdown - Four-Way Handshake

 After data transmission is complete, TCP needs to use the four-way handshake mechanism to disconnect the TCP connection and release system
resources.
PC1 PC2
1.1.1.1:1024 2.2.2.2:23
A TCP connection is
established.

TCP segment exchange

IP header TCP header

Sends a connection Source = 1.1.1.1 Seq=101 Ack=301

1 teardown request Destination = 2.2.2.2 (Flags: FIN is set, and ACK is set.)
with FIN being set.

Source = 2.2.2.2 Seq=301 Ack=102 Sends ACK. 2

Destination = 1.1.1.1 (Flags: ACK is set.)

Source = 2.2.2.2 Seq=301 Ack=102 Sends a connection

Destination = 1.1.1.1 (Flags: FIN is set, and ACK is set.) teardown request 3
with FIN being set.

Source = 1.1.1.1 Seq=102 Ack=302

4 Sends ACK.
Destination = 2.2.2.2 (Flags: ACK is set.)

The TCP connection is torn

down.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Network Layer
 The transport layer is responsible for establishing connections between processes on hosts, and the network layer is responsible for
transmitting data from one host to another.
 PDUs transmitted at the network layer are called packets.

Application Layer

Transport Layer
• The network layer is also called the Internet layer.
It sends packets from source hosts to destination hosts.
Network Layer
• Functions of the network layer:
(Packet)
Provides logical addresses for network devices.
Routes and forwards data packets.
Data Link Layer Common network layer protocols include IPv4, IPv6, ICMP, and IGMP.

Physical Layer

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Working Process of a Network Layer Protocol

Packet Encapsulation Packet Forwarding Based on Network Layer Addresses
Letter: data sent by an upper layer (for example, the transport Router 1
layer)
G0/0/0

PC1 G0/0/1

PC2
The PC encapsulates the IP header (envelope).
The key information is about source and destination IP
addresses. Network A

Routing table of Router 1 • The network layer header of a packet sent by a source device carries the
network layer addresses of the source and destination devices.
Outbound • Each network device (such as a router) that has the routing function maintains
Network
Interface a routing table (like a map of the network device).
• After receiving a packet, the network device reads the network layer
Network A G0/0/1 destination address of the packet, searches the routing table for the
Envelope: IP packet header matching entry of the destination address, and forwards the packet according
Sender: source IP address … … to the instruction of the matching entry.
Receiver: destination IP address
… …

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Data Link Layer

 The data link layer is located between the network layer and the physical layer and provides services for protocols such as IP and IPv6
at the network layer. PDUs transmitted at the data link layer are called frames.
 Ethernet is the most common data link layer protocol.

Application Layer

Transport Layer
The data link layer is located between the network layer and the physical layer.
Network Layer • The data link layer provides intra-segment communication for the network
layer.
Data Link Layer • The functions of the data link layer include framing, physical addressing,
(Frame) and error control.
• Common data link layer protocols include Ethernet, PPPoE, and PPP.
Physical Layer

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Ethernet and Source MAC Addresses

Ethernet Definition Ethernet Source MAC Addresses

Switch A
I have a MAC address when I
leave the factory. Name: Host A

Switch B
MAC address/Ethernet address/physical address:
Host A Host B
Host A

Network A
Host C Host D • A media access control (MAC) address uniquely identifies a NIC on a network. Each
• Ethernet is a broadcast multiple access protocol that works at the data link NIC requires and has a unique MAC address.
layer protocol. • MAC addresses are used to locate specific physical devices in an IP network
• The network interfaces of PCs comply with the Ethernet standard. segment.
• Generally, a broadcast domain corresponds to an IP network segment. • A device that works at the data link layer, such as an Ethernet switch, maintains a
MAC address table to guide data frame forwarding.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

ARP
 Address Resolution Protocol (ARP):
 Discovers the MAC address associated with a given IP address.

ARP request
Destination IP address: 192.168.1.2
Destination MAC address: ?
Host A Host B
192.168.1.1/24 192.168.1.2/24
3C-52-82-49-7E-9D ARP reply 48-A4-72-1C-8F-4F
Source IP address: 192.168.1.2
Source MAC address: 48-A4-72-1C-8F-4F

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

ARP Implementation Principles (1)

Host 1 checks cached ARP Host 1 Host 2

entries.
GE 0/0/1 GE 0/0/2

Host 1 sends an ARP request.

IP 1: 192.168.1.1/24 IP 2:192.168.1.2/24
MAC 1: 3C-52-82-49-7E-9D MAC 2: 48-A4-72-1C-8F-4F
Host 2 adds an ARP entry.
1

Host 2 sends an ARP reply. Step 1:

Host 1>arp -a • Before sending a datagram, a device searches its ARP table for the
Internet Address Physical Address Type destination MAC address of the datagram.
Host 1 adds an ARP entry. • If the destination MAC address exists in the ARP table, the device
encapsulates the MAC address in the frame and sends out the
frame. If the destination MAC address does not exist in the ARP
The ARP cache table is table, the device sends an ARP request to discover the MAC
empty. address.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

ARP Implementation Principles (2)

Host 1 Host 2
Host 1 checks cached ARP entries.
3 GE 0/0/1 GE 0/0/2

Host 1 sends an ARP request.

IP 1: 192.168.1.1/24 IP 2: 192.168.1.2/24
MAC 1: 3C-52-82-49-7E-9D MAC 2:48-A4-72-1C-8F-4F
Host 2 adds an ARP entry.

Step 2:

Host 2 sends an ARP reply. • Host 1 sends an ARP request to discover the MAC address of
2
Eth_II ARP Request FCS Host 2.
• The destination MAC address in the ARP request is 0 because
the destination MAC address is unknown.
Host 1 adds an ARP entry.
Destination MAC address: Operation type: ARP request
FF-FF-FF-FF-FF-FF MAC address of the sender: MAC 1
Source MAC address: IP address of the sender: IP 1 Step 3:
MAC 1 Destination MAC address: 00-00-00-00-00-00 • The ARP request message is a broadcast data frame. After
Destination IP address: IP 2 receiving the ARP request message, the switch floods it.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

ARP Implementation Principles (3)

Host 1 checks cached ARP Host 1 Host 2

entries.
GE 0/0/1 GE 0/0/2

Host 1 sends an ARP request.

IP 1: 192.168.1.1/24 IP 2: 192.168.1.2/24
MAC 1: 3C-52-82-49-7E-9D MAC 2: 48-A4-72-1C-8F-4F
Host 2 adds an ARP entry.
4
Step 4:
Host 2 sends an ARP reply. • After receiving the ARP request message, each host checks whether it is the Host 2>arp -a
destination of the message based on the carried destination IP address. Internet Address Physical Address Type
• Host 2 finds that it is the destination of the message and then records the 192.168.1.1 3C-52-82-49-7E-9D Dynamic
Host 1 adds an ARP entry. mapping between the sender's MAC and IP addresses in its ARP table.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

ARP Implementation Principles (4)

Host 1 checks cached ARP Host 1 Host 2

entries. 6
GE 0/0/1 GE 0/0/2

Host 1 sends an ARP request.

IP 1: 192.168.1.1/24 IP 2: 192.168.1.2/24
MAC 1: 3C-52-82-49-7E-9D MAC 2: 48-A4-72-1C-8F-4F
Host 2 adds an ARP entry.
Step 5: 5
• Host 2 sends an ARP reply to Host 1.
Host 2 sends an ARP reply.
• In this step, Host 2 has discovered the MAC address of Host 1, so the ARP reply is a Eth_II ARP Reply FCS
unicast data frame.

Host 1 adds an ARP entry.

Destination MAC address: MAC-1 Operation type: ARP reply
Step 6: Source MAC address: MAC 2 Sender's MAC address: MAC 2
Sender's IP address: IP 2
• After receiving the unicast data frame, the switch forwards the frame.
Receiver's MAC address: MAC 1
Receiver's IP address: IP 1

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

ARP Implementation Principles (5)

Host 1 checks cached ARP Host 1 Host 2

entries.
GE 0/0/1 GE 0/0/2

Host 1 sends an ARP request.

IP 1: 192.168.1.1/24 IP 2: 192.168.1.2/24
MAC 1: 3C-52-82-49-7E-9D MAC 2: 48-A4-72-1C-8F-4F
Host 2 adds an ARP entry.
7
Step 7:
Host 2 sends an ARP reply. Host 1>arp -a • After receiving the ARP reply message, Host 1 checks whether it is the
Internet Address Physical Address Type destination of the message based on the carried destination IP address.
192.168.1.2 48-A4-72-1C-8F-4FDynamic • If so, Host 1 records the carried sender's MAC and IP addresses in its ARP
Host 1 adds an ARP entry. table.

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Physical Layer
 After data arrives at the physical layer, the physical layer converts a digital signal into an optical signal, an electrical signal, or an electromagnetic
wave signal based on the physical media.
 PDUs transmitted at the physical layer are called bitstreams.

Application Layer

Transport Layer

Network Layer

The physical layer is at the bottom of the model.

Data Link Layer • This layer transmits bitstreams on media.
• It standardizes physical features such as cables, pins, voltages, and interfaces.
Physical Layer • Common transmission media include twisted pairs, optical fibers, and
(Bitstream) electromagnetic waves.

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transport Network Physical
Application Layer Data Link Layer
Layer Layer Layer

Common Transmission Media

Fiber Optical module

Twisted pair RJ45 connector

Data transmission through twisted pairs Data transmission through optical fibers
1 2

3 4

Synchronous/asynchronous serial cable:

V.24 on the left and V.35 on the right
PAD Mobile phone Laptop Wireless router

Data transmission between terminal and wireless routers

Data transmission through serial cables through wireless signals

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Applications and Data

2. Network Reference Model and Standard Protocols

3. Data Communication Process

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Data Encapsulation on the Sender

DATA Application Layer Data

www.huawei.com

TCP Header DATA Transport Layer Segment

Network Layer Packet

IP Header Payload

Data Link Layer Frame

Eth Header Payload FCS

... Physical Layer Bit

0 1 1 0 0 1 0 1 0 1 ... Transmission Media

Transmission Media
Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Data Transmission on the Intermediate Network
 Encapsulated data is transmitted on the network.
Data

Data

Application Layer Application Layer

Transport Layer Transport Layer

Network Layer Network Layer
Network Layer
Data Link Layer Data Link Layer Data Link Layer Data Link Layer
Physical Layer Physical Layer Physical Layer Physical Layer

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Data Decapsulation on the Receiver

Application Layer DATA Data

Web server

Transport Layer DATA Segment

Network Layer Payload Packet

Data Link Layer Payload Frame

Physical Layer …… Bit

0 1 1 0 0 1 0 1 0 1 ...
Transmission Media

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 Both the OSI reference model and the TCP/IP reference model adopt the layered design concept.
 Clear division of functions and boundaries between layers facilitates the development, design, and troubleshooting of each
component.

 The functions of each layer can be defined to impel industry standardization.

 Interfaces can be provided to enable communication between hardware and software on various networks, improving
compatibility.

 Data generation and transmission require collaboration between modules. Meanwhile, each module must fulfill its own
responsibilities.

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What are the benefits of the layered model?

2. What are the common protocols at the application layer, transport layer, network layer, and data link layer?

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 The Versatile Routing Platform (VRP) is a universal operating system (OS) platform for Huawei datacom products. It is
based on IP and adopts a component-based architecture. It provides rich features and functions, including application-
based tailorable and extensible functions, greatly improving the running efficiency of the devices that use this OS. To
efficiently manage such devices, you must be familiar with VRP and VRP-based configuration.
 This course describes the basic concepts, common commands, and command line interface (CLI) of VRP.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
 Understand VRP basics.
 Learn how to use CLI.
 Master basic CLI commands.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VRP Overview

2. Command Line Basics

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 What Is VRP?
 VRP is a universal OS platform for Huawei datacom products. It serves as the
software core engine of Huawei's full series of routers from low-end to core
Security ones, Ethernet switches, service gateways, and so on.

Routing  VRP provides the following functions:

VRP  Provides a unified user interface and a unified management interface.
 Implements the functions of the control plane and defines the interface
Wireless specifications of the forwarding plane.
 Implements communication between the device forwarding plane and VRP
control plane.
Switching

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Development of the VRP
VRP1

Centralized design
Applicable to low-end and
mid-range devices
VRP2 Low performance
Some NE series routers
AR series routers

Distributed design 1998-2001

1999-2000 S series switches

VRP3 Some CE series switches

VRP5 VRP8
Distributed platform
Support for various features
Support for core routers Multi-process
Component-based design
Applicable to various Component-based design
Support for multi-CPU
Huawei products
2000-2004 High performance and multi-chassis

2004-Now 2009-Now

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 File System
 The file system manages files and directories in storage media, allowing users to view, create, rename, and delete directories and copy, move,
rename, and delete files.
 Mastering the basic operations of the file system is crucial for network engineers to efficiently manage the configuration files and VRP system files of
devices.

The system software is a must for device startup and A configuration file stores configuration commands, enabling a
operation, providing support, management, and services for a device to start with the configurations in the file. The common
device. The common file name extension is .cc. System Software Configuration File file name extensions are .cfg, zip, and .dat.

A patch is a kind of software compatible with the system PAF

Patch File A PAF file effectively controls product features and resources.
software. It is used to fix bugs in system software. The common File
The common file name extension is .bin.
file name extension is .pat.

Common File Types

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Storage Media
 Storage media include SDRAM, flash memory, NVRAM, SD card, and USB.

NVRAM
NVRAM is nonvolatile random access memory. It is
used to store log buffer files. Logs will be written
into the flash memory after the timer expires or the
buffer is full.

Flash
SD Card
The flash memory is nonvolatile and can avoid data loss in
case of power-off. It is used to store system software, The SD card can avoid data loss data in case of power-off.
configuration files, and so on. Patch files and PAF files are The SD card has a large storage capacity and is generally
uploaded by maintenance personnel and generally stored in installed on a main control board. It is used to store system
the flash memory or SD card. files, configuration files, log files, and so on.

SDRAM USB
SDRAM is synchronous dynamic random access memory, which Storage The USB is considered an interface. It is used to connect to
is equivalent to a computer's memory. It stores the system Media a large-capacity storage medium for device upgrade and
running information and parameters. data transmission.

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Device Initialization Process
 After a device is powered on, it runs the BootROM software to initialize the hardware and display hardware parameters. Then, it runs the system
software and reads the configuration file from the default storage path to perform initialization.

BIOS Creation Date : Jan 5 2013, 18:00:24

DDR DRAM init : OK
Start Memory Test ? ('t' or 'T' is test):skip
Copying Data : Done
Uncompressing : Done
……
Press Ctrl+B to break auto startup ... 1
Now boot from flash:/AR2220E-V200R007C00SPC600.cc,
……

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Device Management
 There are two commonly used device management modes: CLI and web system.
 To use a device management mode, you must first log in to a device through a login mode supported by this device management mode.

Web System CLI

• The web system provides a graphical user interface (GUI) • The CLI requires users to use commands provided by a
for easy device management and maintenance. This method, device to manage and maintain the device. This mode
however, can be used to manage and maintain only some, implements refined device management but requires users
not all, device functions. to be familiar with the commands.
• The web system supports the HTTP and HTTPS login modes. • The CLI supports the console port, Telnet, and SSH login
modes.

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VRP User Interfaces
 When a user logs in to a device through a CLI-supported mode, the system allocates a user interface to manage and monitor the current session
between the user terminal and device.
 Such a user interface can be a console user interface or virtual type terminal (VTY) user interface.

Console User Interface VTY User Interface

• A console user interface is used to manage and monitor • The VTY user interface is used to manage and monitor users
users who log in to a device through the console port. who log in to a device by means of VTY.
• The serial port of a user terminal can be directly • After a Telnet or STelnet connection is established between a
connected to the console port of a device for local access. user terminal and a device, a VTY channel is established to
implement remote access to the device.

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VRP User Levels
 VRP provides basic permission control functions. It defines the levels of commands that each level of users can execute to restrict the
operations of users at different levels.
User Level Command Level Name Available Command
Network diagnosis commands (such as ping and tracert), commands for accessing external devices
0 0 Visit level
from the local device (such as Telnet client commands), and some display commands

1 0 and 1 Monitoring level System maintenance commands, including display commands

Configuration Service configuration commands, including routing commands and IP configuration commands, to directly
2 0, 1, and 2
level provide users with network services
Commands for controlling basic system operations and providing support for services, including the file
Management
3-15 0, 1, 2, and 3 system, FTP, TFTP download, user management, and command level commands, as well as debugging
level
commands for fault diagnosis

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Login to the Web System

Take the web system for a Huawei AR router as an example. Start a browser on a
PC, enter https://192.168.1.1 in the address bar, and press Enter. Then, the web
system login page is displayed.

192.168.1.1

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 CLI - Local Login (1)

You can log in to a device in local or remote mode. Local login

mode:
• Use this mode when you need to configure a device that is powered
on for the first time. You can use the console port of the device for AR2220 Console port
a local login.
• The console port is a serial port provided by the main control
board of a device.
• To implement the login, directly connect your terminal's serial port
to the device's console port, and use PuTTY to log in to the device.
You can then configure the device after the login succeeds.

Console cable

COM port

PC

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 CLI - Local Login (2)
PuTTY is a connection software for login through Telnet, SSH, serial
interfaces, and so on.
In local login, the terminal is connected to the console port of the Huawei
device through a serial port. Therefore, set Connection type to Serial. Set
Serial line based on the actually used port on the terminal. Set Speed to
9600.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 CLI - Remote Login
Remote login means that you log in to a device that can function as a remote login
server, allowing you to centrally manage and maintain network devices. Remote login
methods include Telnet and SSH.
 If you use the SSH login mode, set Connection type to SSH, enter the IP address of
the remote login server, and use the default port number 22.
 If you use the Telnet login mode, set Connection type to Telnet, enter the IP
address of the remote login server, and use the default port number 23.

192.168.10.1

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 CLI
 After a login succeeds, the command line interface (CLI) is displayed.
 The CLI is a common tool for engineers to interact with network devices.

AR2220 Console port

Console cable

COM port

PC

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VRP Basics

2. Command Line Basics

▪ Command Line Overview

▫ Basic Configuration Commands

▫ Case Analysis

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Command Structure
 CLI commands follow a unified structure. After a command is entered on the CLI, the CLI parses the command and executes it to implement the function of the command,
such as query, configuration, or management.
Parameter List
Command Word

Keyword Parameter name Parameter value

• Command word: specifies the operation to be executed in a command, such as display (device status query) or reboot (device restart).
• Keyword: a special character string that is used to further restrict a command. It is an extension of a command and can also be used to express the command composition logic.
• Parameter list: is composed of parameter names and values to further restrict the command function. It can contain one or more pairs of parameter names and values.

Example 1: Example 2:
display ip interface GE0/0/0: displays interface information. reboot: restarts a device.
Command word: display Command word: reboot
Keyword: ip Each operation command must start with a command word, and the
Parameter name: interface command word is selected from the standard command word list.
Parameter value: GE0/0/0

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Command Views (1)
 A device provides various configuration and query commands. To facilitate the use of these commands, VRP registers the commands in different views according to their
functions.

Interface views:
GigabitEthernet interface view
Ethernet interface view • User view: In this view, you can check the running status and
Serial interface view
statistics of a device.
...
• System view: In this view, you can set system parameters
and enter the configuration views of other commands.
Protocol views:
OSPF view OSPF area view • Other views: In other views, such as the interface view and
User view System view
IS-IS view protocol view, you can set interface parameters and
BGP view
protocol parameters.

...

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Command Views (2)
View name View prompt [Huawei-GigabitEthernet0/0/1]

Interface view
<Huawei> [Huawei]
system-view
User view System view
[Huawei-ospf-1]
quit
Protocol view

return

Command examples:
<Huawei>system-view #This command is used to enter the system view from the user view. The user view is the first view that is displayed after you log in to a
device.
[Huawei]interface GigabitEthernet 0/0/1 #This command is used to enter the interface view from the system view.
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.1 24 #This command is used to set an IP address.
[Huawei-GigabitEthernet0/0/1]quit #This command is used to return to the previous view.
[Huawei]ospf 1 #This command is used to enter the protocol view from the system view.
[Huawei-ospf-1]area 0 #This command is used to enter the OSPF area view from the OSPF view.
[Huawei-ospf-1-area-0.0.0.0]return #This command is used to return to the user view.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Editing a Command (1)
 The CLI of a device provides basic command editing functions. Common editing functions are as follows:
1. Command editing through function keys
 Backspace: deletes the character before the cursor and moves the cursor to the left. When the cursor reaches the beginning of the command, an alarm is generated.
 Left cursor key ← or Ctrl+B: moves the cursor one character to the left. When the cursor reaches the beginning of the command, an alarm is generated.
 Right cursor key → or Ctrl+F: moves the cursor one character to the right. When the cursor reaches the end of the command, an alarm is generated.
2. Incomplete keyword input
 A device allows the input of incomplete keywords. Specifically, if an entered character string can match a unique keyword, you do not need to enter the remaining characters of the
keyword.

<Huawei>d cu
<Huawei>di cu
For example, the display current-configuration command
<Huawei>dis cu
<Huawei>d c is identified when you enter d cu, di cu, or dis cu. However,
^ the command cannot be identified if you enter d c or dis c
Error:Ambiguous command found at '^' position.
because the character string d c or dis c matches more
<Huawei>dis c
^ than one command.
Error:Ambiguous command found at '^' position.

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Editing a Command (2)
3. Command editing through the Tab key
 If an entered character string matches a unique keyword, the system automatically supplements the keyword after you press Tab. If the keyword is complete, it remains unchanged even if
you press Tab repeatedly.

[Huawei] info- #Press Tab.

[Huawei] info-center

 If an entered character string matches more than one keyword, you can press Tab repeatedly. The system will then circularly display the keywords beginning with the entered character
string to help you find the desired keyword.

[Huawei] info-center log #Press Tab.

[Huawei] info-center logbuffer #Press Tab repeatedly to circularly display all matched keywords.
[Huawei] info-center logfile
[Huawei] info-center loghost
 If an entered character string cannot identify any keyword, the entered string remains unchanged after you press Tab.

[Huawei] info-center loglog #Enter an incorrect keyword and press Tab.

[Huawei] info-center loglog

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Command Line Online Help
 You can use command line online help to obtain real-time help without memorizing a large number of complex commands.
 The online help can be classified into full help and partial help. To obtain the online help, enter a question mark (?) when using a command.

Full Help Partial Help

• To obtain full help, press ? after a view displayed. The system will then display all commands • To obtain partial help, press ? after you enter the start character or character string of a
in the view and their descriptions. command. The system will then display all the commands that start with this character or
character string.

<Huawei> ?
User view commands:
<Huawei> d?
arp-ping ARP-ping
debugging <Group> debugging command group
autosave <Group> autosave command group
delete Delete a file
backup Backup information
dialer Dialer
cd Change current directory
dir List files on a filesystem
clear Clear
display Display information
clock Specify the system clock
...

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interpreting Command Line Error Messages
 If a command passes the syntax check, the system executes it. Otherwise, the system reports an error message.

[Huawei] sysname
^
Error:Incomplete command found at ‘^’ position. #A supplement needs to be made at the position pointed by the arrow.

[Huawei] router if 1.1.1.1

^
Error: Unrecognized command found at ‘^’ position. #An identification failure occurs at the position pointed by the arrow. Check whether the command is correct.

[Huawei] a
^
Error: Ambiguous command found at '^' position. #More than one command matches the keyword at the position pointed by the arrow. In this example, it indicates
that there are multiple keywords starting with a.

[Huawei-GigabitEthernet0/0/0]ospf cost 800000 #The parameter value at the position pointed by the arrow is invalid.
^
Error: Wrong parameter found at '^' position.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Undo Command Lines
 If a command begins with the keyword undo, it is an undo command. An undo command is generally used to restore a default configuration, disable a
function, or delete a configuration. For example:

▫ Run an undo command to restore a default configuration.

<Huawei> system-view
[Huawei] sysname Server
[Server] undo sysname
[Huawei]

▫ Run an undo command disable a function.

<Huawei> system-view
[Huawei] ftp server enable
[Huawei] undo ftp server

▫ Run an undo command to delete a configuration.

[Huawei]interface g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 192.168.1.1 24
[Huawei-GigabitEthernet0/0/1]undo ip address

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Command Line Shortcut Keys
 A device provides command shortcut keys to speed up and simplify command input.
 Command shortcut keys are classified into user-defined shortcut keys and system shortcut keys.

User-defined Shortcut Keys System Shortcut Keys

• There are four user-defined shortcut keys: Ctrl+G, Ctrl+L, Ctrl+O, and • CTRL_A: moves the cursor to the beginning of the current line.
Ctrl+U. • CTRL_B: moves the cursor one character to the left.
• You can associate a user-defined shortcut key with any command. After you • CTRL_C: stops the running of the current command.
press a shortcut key, the system will automatically run the command
associated with the shortcut key. • CTRL_E: moves the cursor to the end of the current line.
• CTRL_X: deletes all characters on the left of the cursor.
• CTRL_Y: deletes the character at the cursor and all characters on the right of
the cursor.
<Huawei> system-view • CTRL_Z: returns to the user view.
[Huawei] hotkey ctrl_l "display tcp status" • CTRL+]: terminates the current connection or switches to another connection.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VRP Basics

2. Command Line Basics

▫ Command Views and Use of Command Views

▪ Basic Configuration Commands

▫ Case Analysis

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common File System Operation Commands (1)
1. Check the current directory.

<Huawei>pwd

2. Display information about files in the current directory.

<Huawei>dir

3. Display the content of a text file.

<Huawei>more

4. Change the current working directory.

<Huawei>acd

5. Create a directory.

<Huawei>makdir

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common File System Operation Commands (2)
6. Delete a directory.

<Huawei>rmdir

7. Copy a file.

<Huawei>copy

8. Move a file.

<Huawei>move

9. Rename a file.

<Huawei>rename

10. Delete a file.

<Huawei>delete

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common File System Operation Commands (3)
11. Restore a deleted file.

<Huawei>undelete

12. Permanently delete a file in the recycle bin.

<Huawei>reset recycle-bin

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Configuration Commands (1)
1. Configure a system name.

[Huawei] sysname name

2. Configure a system clock.

<Huawei> clock timezone time-zone-name { add | minus } offset

This command configures a local time zone.

<Huawei> clock datetime [ utc ] HH:MM:SS YYYY-MM-DD

This command configures the current or UTC date and time.

<Huawei> clock daylight-saving-time

This command configures the daylight saving time.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Configuration Commands (2)
3. Configure a command level.

[Huawei] command-privilege level level view view-name command-key

This command configures a level for commands in a specified view. Command levels are classified into visit, monitoring, configuration, and management, which are identified by the
numbers 0, 1, 2, and 3, respectively.

4. Configure the password-based login mode.

[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]set authentication password cipher information

This user-interface vty command displays the virtual type terminal (VTY) user interface view, and the set authentication password command configures the password authentication
mode. The system supports the console user interface and VTY user interface. The console user interface is used for local login, and the VTY user interface is used for remote login. By
default, a device supports a maximum of 15 concurrent VTY-based user accesses.

5. Configure user interface parameters.

[Huawei] idle-timeout minutes [ seconds ]

This command sets a timeout period to disconnect from the user interface. If no command is entered within the specified period, the system tears down the current connection. The
default timeout period is 10 minutes.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Configuration Commands (3)
6. Configure an IP address for an interface.

[Huawei]interface interface-number
[Huawei-interface-number]ip address ip address
This command configures an IP address for a physical or logical interface on a device.

7. Display currently effective configurations.

<Huawei>display current-configuration

8. Save a configuration file.

<Huawei>save

9. Check saved configurations.

<Huawei>display saved-configuration

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Configuration Commands (4)
10. Clear saved configurations.

<Huawei>reset saved-configuration

11. Check system startup configuration parameters.

<Huawei> display startup

This command displays the system software for the current and next startup, backup system software, configuration file, license file, and patch file, as well as
voice file.

12. Configure the configuration file for next startup.

<Huawei>startup saved-configuration configuration-file

During a device upgrade, you can run this command to configure the device to load the specified configuration file for the next startup.

13. Restart a device.

<Huawei>reboot

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. VRP Basics

2. Command Line Basics

▫ Command Views and Use of Command Views

▫ Basic Configuration Commands

▪ Case Analysis

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case 1: File Query Commands and Directory Operations
<Huawei>pwd
Requirement description: flash:
• Check information about files and directories in <Huawei>dir
Directory of flash:/
the current directory of a router named RTA. Idx Attr Size(Byte) Date Time(LMT) FileName
0 drw- - Dec 27 2019 02:54:09 dhcp
• Create a directory named test, and then delete 1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip
2 -rw- 2,263 Dec 27 2019 02:53:59 statemach.efs
the directory. 3 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip

1,090,732 KB total (784,464 KB free)

<Huawei>mkdir test
<Huawei>dir
Directory of flash:/
Idx Attr Size(Byte) Date Time(LMT) FileName
0 drw- - Dec 27 2019 02:54:39 test
1 drw- - Dec 27 2019 02:54:09 dhcp
2 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip
3 -rw- 2,263 Dec 27 2019 02:53:59 statemach.efs
4 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip

1,090,732 KB total (784,460 KB free)

<Huawei>rmdir test
RTA

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case 2: File Operations (1)
<Huawei>rename huawei.txt save.zip
Requirement description: <Huawei>dir
• Rename the huawei.txt file save.zip. Directory of flash:/
Idx Attr Size(Byte) Date Time(LMT) FileName
• Make a copy for the save.zip file and name the 0 drw- - Mar 04 2020 04:39:52 dhcp
1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip
copy file.txt. 2 -rw- 828,482 Mar 04 2020 04:51:45 save.zip
3 -rw- 2,263 Mar 04 2020 04:39:45 statemach.efs
• Move the file.txt file to the dhcp directory. 4 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip
• Delete the file.txt file. 1,090,732 KB total (784,464 KB free)
• Restore the deleted file file.txt. <Huawei>copy save.zip file.txt
<Huawei>dir
Directory of flash:/
Idx Attr Size(Byte) Date Time(LMT) FileName
0 drw- - Mar 04 2020 04:39:52 dhcp
1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip
2 -rw- 828,482 Mar 04 2020 04:51:45 save.zip
3 -rw- 2,263 Mar 04 2020 04:39:45 statemach.efs
4 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip
5 -rw- 828,482 Mar 04 2020 04:56:05 file.txt

1,090,732 KB total (784,340 KB free)

RTA

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case 2: File Operations (2)
<Huawei>move file.txt flash:/dhcp/
Requirement description: <Huawei>cd dhcp
• Rename the huawei.txt file save.zip. <Huawei>dir
Directory of flash:/dhcp/
• Copy the save.zip file to the file.txt file. Idx Attr Size(Byte) Date Time(LMT) FileName
0 -rw- 98 Dec 27 2019 02:54:09 dhcp-duid.txt
• Move the file.txt file to the dhcp directory. 1 -rw- 121,802 Dec 27 2019 03:13:50 file.txt
• Delete the file.txt file. 1,090,732 KB total (784,344 KB free)
<Huawei>delete file.txt
• Restore the deleted file file.txt. <Huawei>dir
Directory of flash:/dhcp/
Idx Attr Size(Byte) Date Time(LMT) FileName
0 -rw- 98 Dec 27 2019 02:54:09 dhcp-duid.txt

1,090,732 KB total (784,340 KB free)

<Huawei>undelete file.txt
<Huawei>dir
Directory of flash:/dhcp/
Idx Attr Size(Byte) Date Time(LMT) FileName
0 -rw- 98 Dec 27 2019 02:54:09 dhcp-duid.txt
1 -rw- 121,802 Dec 27 2019 03:13:50 file.txt
RTA 1,090,732 KB total (784,340 KB free)

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case 3: VRP Basic Configuration Commands
 As shown in the figure, an engineer needs to configure a router. The requirements are as follows:
 Connect the router and PC. Assign the IP addresses shown in the figure to the router and PC.
 Allow other employees of the company to use the password huawei123 to remotely log in to the router through the PC. Allow them to view
configurations but disable them from modifying configurations.
 Save current configurations and name the configuration file huawei.zip. Configure this file as the configuration file for the next startup.

GE0/0/1
192.168.1.1/24 192.168.1.2/24
AR1 PC1

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Procedure (1)

GE0/0/1
192.168.1.1/24 192.168.1.2/24
AR1 PC1

Configure an interface IP address. Configuring a user level and a user authentication mode.

<Huawei>system-view [AR1]user-interface vty 0 4

[Huawei]sysname AR1 [Huawei-ui-vty0-4]authentication-mode password
[AR1]interface GigabitEthernet 0/0/1 Please configure the login password (maximum length 16):huawei123
[AR1-GigabitEthernet0/0/1]ip address 192.168.1.1 24 [AR1-ui-vty0-4]user privilege level 1
[AR1-GigabitEthernet0/0/1]quit [AR1-ui-vty0-4]quit

The password configuration command may vary according to devices. For details, see the
product documentation.

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Procedure (2)

GE0/0/1
192.168.1.1/24 192.168.1.2/24
AR1 PC1

Specify the configuration file for next startup.

<HUAWEI>save huawei.zip
Are you sure to save the configuration to huawei.zip? (y/n)[n]:y
It will take several minutes to save configuration file, please wait.........
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
<HUAWEI>startup saved-configuration huawei.zip

By default, configurations are saved in the vrpcfg.cfg file. You can also create a file for saving the configurations. VRPv5
and VRPv8 have the same command that is used to specify the configuration file for the next startup, but different
directories for saving the file.

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Checking Configurations

GE0/0/1
: 192.168.1.1/24 192.168.1.2/24
AR1 PC1

<AR1>display startup
MainBoard:
Startup system software: null
Next startup system software: null
Backup system software for next startup: null
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/huawei.zip
Startup license file: null
Next startup license file: null
Startup patch package: null
Next startup patch package: null
Startup voice-files: null
Next startup voice-files: null

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
<Huawei>display configuration candidate
This command displays the commands that have been configured but not committed.
Candidate
configuration
database If a series of configurations are completed but not committed, the command configurations are stored in the candidate
<candidate> configuration database.

<Huawei>display current-configuration
VRPv8 This command displays the effective parameter settings.
Running configuration
database After configuration commands are committed, they are saved in the running configuration database.
<running>

VRP5 <Huawei>display startup

The command displays the names of the system software, configuration files, PAF files, and patch files used for the current
Startup configuration startup and to be used for the next startup.
database
<startup> After configurations are saved, the command configurations are stored in the startup configuration database.

VRPv5 has the running and startup configuration databases but does not have the candidate configuration database. Therefore, a command configuration takes effect immediately after the command is executed,
without being committed. However, in VRPv8, the configuration command takes effect only after the command committed.

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What is the VRP version currently used by Huawei datacom devices?

2. What is the maximum number of users that are allowed to log in to a Huawei device through the console port concurrently?

3. How do I specify the configuration file for next startup if a device has multiple configuration files?

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 VRP is a Huawei proprietary network OS that can run on various hardware platforms. VRP has unified network, user, and
management interfaces. To efficiently manage Huawei devices, you need to be familiar with VRP commands and
configurations.

 You also need to understand some common commands and shortcut keys and learn how to use them.

 After learning this course, you need to know basic VRP concepts, functions of common commands, and CLI.

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 Internet Protocol Version 4 (IPv4) is the core protocol suite in the TCP/IP protocol suite. It works at the network layer in
the TCP/IP protocol stack and this layer corresponds to the network layer in the Open System Interconnection
Reference Model (OSI RM).
 The network layer provides connectionless data transmission services. A network does not need to establish a
connection before sending data packets. Each IP data packet is sent separately.
 This presentation describes the basic concepts of IPv4 addresses, subnetting, network IP address planning, and basic IP
address configuration.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able:
 Describe main protocols at the network layer.
 Describe the concepts and classification of IPv4 addresses and special IPv4 addresses.
 Calculate IP networks and subnets.
 Use the IP network address planning method.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Layer Protocols

2. Introduction to IPv4 Addresses

3. Subnetting

4. ICMP

5. IPv4 Address Configuration and Basic Application

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Layer Protocols
 The network layer is often called the IP layer. Network layer protocols include Internet Control Message Protocol (ICMP) and Internet
Packet Exchange (IPX), in addition to IP.

Application Layer

Transport layer

Network layer ...................................

IP addressing and routing ICMP IPX
IP
Data link layer

Physical Layer

Equivalent TCP/IP model

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Internet Protocol
 IP is short for the Internet Protocol. IP is the name of a protocol file with small content. It defines and describes the format of IP
packets.
 The frequently mentioned IP refers to any content related directly or indirectly to the Internet Protocol, instead of the Internet
Protocol itself.

Function Version

• Provides logical addresses for devices at the

network layer. • IP Version 4 (IPv4)

• Is responsible for addressing and forwarding data • IP Version 6 (IPv6)

packets.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Data Encapsulation
Application Layer Data PDU

Transport layer Data Segment

Network layer Data Packet

Data link layer Data Frame

Physical Layer Bit

Ethernet header IP header TCP header User data Ethernet tail

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv4 Packet Format

Ethernet header IP header TCP header User data Ethernet tail

Version Header Length Type of Service Total Length

Identification Flags Fragment Offset

Fixed size: TTL Protocol Header Checksum
20 bytes
Source IP Address

Destination IP Address

Optional size: Options Padding

0–40 bytes

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Data Packet Fragmentation
 The process of dividing a packet into multiple fragments is called fragmentation.
 The sizes of IP packets forwarded on a network may be different. If the size of an IP packet exceeds the maximum size supported by a
data link, the packet needs to be divided into several smaller fragments before being transmitted on the link.

Header Type of
Version Total Length
Length Service
Identification Flags Fragment Offset
Host A Host B
TTL Protocol Header Checksum Data
Source IP Address
Data fragment
Destination IP Address
Options Padding

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Time to Live
 The TTL field specifies the number of routers that a packet can pass through.
 Once a packet passes through a router, the TTL is reduced by 1. If the TTL value is reduced to 0, a data packet is discarded.

Header Type of
Version Total Length
Length Service TTL = 255 TTL = 254 TTL = 253
Identification Flags Fragment Offset
TTL Protocol Header Checksum
Source IP Address
Host A Host B
Destination IP Address
Options Padding

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Protocol
 The Protocol field in the IP packet header identifies a protocol that will continue to process the packet.
 This field identifies the protocol used by the data carried in the data packet so that the IP layer of the destination host sends the data
to the process mapped to the Protocol field.

Header Type of IP header User data

Version Total Length
Length Service
Identification Flags Fragment Offset
Protocol
TTL Protocol Header Checksum
Source IP Address 6/17 TCP/UDP
Destination IP Address
Options Padding 1 ICMP

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Layer Protocols

2. Introduction to IPv4 Addresses

3. Subnetting

4. ICMP

5. IPv4 Address Configuration and Basic Application

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

What Is an IP Address?
 An IP address identifies a node (or an interface on a network device) on a network.
 IP addresses are used to forward IP packets on the network.

IP Address

IP 1 IP 5
An IP address identifies a node on a
IP 2 IP 4 network and is used to find the
destination for data.
IP 3

Data

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

IP address Notation
 An IPv4 address is 32 bits long.
 It is in dotted decimal notation.

Decimal 192. 168. 10. 1 4 bytes

Dotted decimal notation
Binary 11000000 10101000 00001010 00000001 32 bits

27 26 25 24 23 22 21 20
Power
128 64 32 16 8 4 2 1
Conversion between decimal
and binary systems Bit 1 1 0 0 0 0 0 0

= 128 + 64 = 192
 IPv4 address range is 0.0.0.0–255.255.255.255.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

IP Address Structure
 Network part: identifies a network.
 Host part: identifies a host and is used to differentiate hosts on a network.
Network part Host part

• Network mask: is used to distinguish the network part from the host part in an IP address.

192. 168. 10. 1

192.168.10.1 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 IP address

255.255.255.0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 Network mask

Network part Host part

Written as
192.168.10.1 255.255.255.0 = 192.168.10.1/24

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

IP Addressing
 Network part (network ID): identifies a network.
 Host part: identifies a host and is used to differentiate hosts on a network.
Network part

Community A No. X, Street Y, John

Layer 2 network addressing Layer 3 network addressing

Community A (network bits)
Layer 2 network Gateway Layer 2 network

10.0.1.0/24 10.0.2.0/24

10.0.1.1/24 10.0.2.1/24

No. X, Street Y, John

(host bits)
Layer 3 network

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

IP Address Classification (Classful Addressing)

 To facilitate IP address management and networking, IP addresses are classified into the following classes:

Class A 0NNNNNNN NNNNNNNN NNNNNNNN NNNNNNNN 0.0.0.0–127.255.255.255

Class B 10NNNNNN NNNNNNNN NNNNNNNN NNNNNNNN 128.0.0.0–191.255.255.255 Assigned to hosts

Class C 110NNNNN NNNNNNNN NNNNNNNN NNNNNNNN 192.0.0.0–223.255.255.255

Class D 1110NNNN NNNNNNNN NNNNNNNN NNNNNNNN 224.0.0.0–239.255.255.255 Used for multicast

Class E 1111NNNN NNNNNNNN NNNNNNNN NNNNNNNN 240.0.0.0–255.255.255.255 Used for research

• Default subnet masks of classes A, B, and C

▫ Class A: 8 bits, 0.0.0.0–127.255.255.255/8
Network part
▫ Class B: 16 bits, 128.0.0.0–191.255.255.255/16
Host part
▫ Class C: 24 bits, 192.0.0.0-223.255.255.255/24

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

IP Address Types
 A network range defined by a network ID is called a network segment.
 Network address: identifies a network.
Example: 192.168.10.0/24

192. 168. 10. 00000000 Note

• Network and broadcast addresses cannot be
 Broadcast address: a special address used to send data to all hosts on a
directly used by devices or their interfaces.
network.
Example: 192.168.10.255/24
• Number of available addresses on a network
segment is 2n – 2 (n is the number of bits in the host
192. 168. 10. 11111111
part).
 Available addresses: IP addresses that can be allocated to device interfaces on a
network.
Example: 192.168.10.1/24

192. 168. 10. 00000001

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

IP Address Calculation
 Example: What are the network address, broadcast address, and number of available addresses of class B address 172.16.10.1/16?

172. 16. 00001010. 00000001

IP address 1 0 1 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1

Network mask
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The network address is obtained, with all host bits
set to 0s.
Network address 1 0 1 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 172.16.0.0/16
The broadcast address is obtained, with all host
bits set to 1s.
Broadcast address 1 0 1 0 1 1 0 0 0 0 0 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 172.16.255.255/16

Number of IP addresses 216 = 65536 Quiz

Number of available addresses 216 – 2 = 65534
Example: What are the network address, broadcast address, and
number of available addresses of class A address 10.128.20.10/8?
Range of available addresses 172.16.0.1/16–172.16.255.254/16

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

Private IP Addresses
 Public IP address: An IP address is assigned by the Internet Assigned Numbers Authority (IANA), and this address allocation mode ensures that each
IP address is unique on the Internet. Such an IP address is a public IP address.
 Private IP address: In practice, some networks do not need to connect to the Internet. For example, on a network of a lab in a college, IP addresses
of devices need to avoid conflicting with each other only within the same network. In the IP address space, some IP addresses of class A, B, and C
addresses are reserved for the preceding situations. These IP addresses are called private IP addresses.
 Class A: 10.0.0.0–10.255.255.255
 Class B: 172.16.0.0–172.31.255.255
 Class C: 192.168.0.0–192.168.255.255 192.168.1.0/24
10.0.0.0/8
Implemented using network address
Internet translation (NAT)

10.0.0.0/8 192.168.1.0/24

Connecting a private network to the Internet

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

Special IP Addresses
 Some IP addresses in the IP address space are of special meanings and functions.
 For example:

Special IP Address Address Scope Function

It can be used as a destination address and traffic destined for it is sent to all hosts on
Limited broadcast address 255.255.255.255 the network segment to which the address belongs. (Its usage is restricted by a
gateway).
It is an address of any network.
Any IP address 0.0.0.0
Addresses in this block refer to source hosts on "this" network.

Loopback address 127.0.0.0/8 It is used to test the software system of a test device.

If a host fails to automatically obtain an IP address, the host can use an IP address in
Link-local address 169.254.0.0/24
this address block for temporary communication.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Concepts Address Classification Address Calculation Special Addresses IPv4 vs. IPv6

IPv4 vs. IPv6

 IPv4 addresses managed by the IANA were exhausted in 2011. As the last public IPv4 address was allocated and more and more users
and devices access the public network, IPv4 addresses were exhausted. This is the biggest driving force for IPv6 to replace IPv4.

IPv4 IPv6
• Address length: 32 bits • Address length: 128 bits
• Address types: unicast address, broadcast address, and • Address types: unicast address, multicast address, and
multicast address anycast address
• Characteristics: • Characteristics:
▫ IPv4 address depletion ▫ Unlimited number of addresses
▫ Inappropriate packet header design ▫ Simplified packet header
▫ ARP dependency-induced flooding ▫ Automatic IPv6 address allocation
▫ ... ▫ ...

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Layer Protocols

2. Introduction to IPv4 Addresses

3. Subnetting

4. ICMP

5. IPv4 Address Configuration and Basic Application

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Why Subnetting?
172.16.1.0
172.16.4.0

172.16.0.1 172.16.0.2 172.16.0.253 172.16.0.254

172.16.3.0
...

172.16.0.0

216 = 65536 IP addresses

172.16.2.0

• A class B address is used for a broadcast domain, wasting • A network number is divided into multiple subnets, and each subnet
addresses. is allocated to a separate broadcast domain.
• The broadcast domain is too large. Once broadcast occurs, an • In this way, the broadcast domain is smaller, and the network
internal network is overloaded. planning is more reasonable.
• IP addresses are properly used.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Subnetting - Analyzing the Original Network Segment
 Example: 192.168.10.0/24

192.168.10.1
IP address 192. 168. 10. 0 0 0 0 0 0 0 1
Default subnet mask
255. 255. 255. 0 0 0 0 0 0 0 0 One class C network:

... 192.168.10.0/24
192.168.10.255
Default subnet mask:
IP address 192. 168. 10. 1 1 1 1 1 1 1 1
255.255.255.0
Default subnet
255. 255. 255. 0 0 0 0 0 0 0 0
mask
Network part Host part

Network address: 192.168.10.0/24

Broadcast address: 192.168.10.255
Total IP addresses: 28 = 256
Available IP addresses: 28 – 2 = 254

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Subnetting - Taking Bits from the Host Part
 Bits can be taken from the host part to create subnets.
Take 1 bit from the host part.

IP address 192. 168. 10. 0 0 0 0 0 0 0 0

New mask 255. 255. 255. 1 0 0 0 0 0 0 0 Two subnets:

... Subnet 1: 192.168.10.0/25

Subnet 2: 192.168.10.128/25
IP address 192. 168. 10. 1 1 1 1 1 1 1 1
New mask: 255.255.255.128
New mask 255. 255. 255. 1 0 0 0 0 0 0 0

Network part Host part

Subnet bits

Total IP addresses: 27 = 128

• Variable length subnet mask (VLSM) Available IP addresses: 27 – 2 = 126

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Subnetting - Calculating the Subnet Network Address
 The network address is obtained, with all host bits set to 0s.

192.168.10.0 192. 168. 10. 0 0 0 0 0 0 0 0

New mask /25 255. 255. 255. 1 0 0 0 0 0 0 0

Network part Host part

Subnet 1's network 192.168.10.0/25

address
192. 168. 10. 0 0 0 0 0 0 0 0

Subnet 2's network 192.168.10.128/25

address
192. 168. 10. 1 0 0 0 0 0 0 0

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Subnetting - Calculating the Subnet Broadcast Address
 The broadcast address is obtained, with all host bits set to 1s.

192.168.10.0 192. 168. 10. 0 0 0 0 0 0 0 0

New mask /25 255. 255. 255. 1 0 0 0 0 0 0 0

Network part Host part

Subnet 1's network 192.168.10.0/25

address
192. 168. 10. 0 0 0 0 0 0 0 0
Subnet 1's broadcast 192.168.10.127/25
address
192. 168. 10. 0 1 1 1 1 1 1 1

Subnet 2's network 192.168.10.128/25

address
192. 168. 10. 1 0 0 0 0 0 0 0
Subnet 2's broadcast 192.168.10.255/25
address
192. 168. 10. 1 1 1 1 1 1 1 1

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Practice: Computing Subnets (1)
• Question: An existing class C network segment is 192.168.1.0/24. Use
the VLSM to allocate IP addresses to three subnets.
10 hosts

... 30 hosts
• Answer: (Use a network with 10 hosts as an example.)
Step 1: Calculate the number of host bits to be taken.
2n – 2 ≥ 10
n ≥ 4, host bits

Step 2: Take bits from the host part.

...
... Take 4 bits from the host part.

10 hosts IP address 192. 168. 1. 0 0 0 0 0 0 0 0

Subnet mask 255. 255. 255. 1 1 1 1 0 0 0 0

Subnet bits Number of subnets:

24 = 16 subnets

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Practice: Computing Subnets (2)
• Question: An existing class C network segment is 192.168.1.0/24. Use
192.168.1.0/28 the VLSM to allocate IP addresses to three subnets.
10 hosts

... 30 hosts • Answer: (Use a network with 10 hosts as an example.)

Step 3: Calculate subnet network addresses.

IP address 192. 168. 1. 0 0 0 0 0 0 0 0

New mask 255. 255. 255. 1 1 1 1 0 0 0 0
Network address

...
Subnet 1 192. 168. 1. 0 0 0 0 0 0 0 0 192.168.1.0/28
...
Subnet 2 192 168. 1. 0 0 0 1 0 0 0 0 192.168.1.16/28
10 hosts
192.168.1.16/28 Subnet 3 192. 168. 1. 0 0 1 0 0 0 0 0 192.168.1.32/28

…
Subnet 16 192. 168. 1. 1 1 1 1 0 0 0 0 192.168.1.240/28

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Layer Protocols

2. Introduction to IPv4 Addresses

3. Subnetting

4. ICMP

5. IPv4 Address Configuration and Basic Application

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ICMP
 The Internet Control Message Protocol (ICMP) is an auxiliary protocol of the IP protocol.

• ICMP is used to transmit error and control information between Ethernet header IP header ICMP message Ethernet tail

network devices. It plays an important role in collecting network

Type Code Checksum
information, diagnosing and rectifying network faults.
ICMP message content

Type Code Description

0 0 Echo Reply

Message 3 0 Network Unreachable

3 1 Host Unreachable
Message
Host A 3 2 Protocol Unreachable

3 3 Port Unreachable
5 0 Redirect
8 0 Echo Request

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ICMP Redirection
 ICMP Redirect messages are a type of ICMP control message. When a router detects that a host uses a non-optimal route in a specific
scenario, the router sends an ICMP Redirect message to the host, requesting the host to change the route.

Server A Internet
20.0.0.1/24

20.0.0.2/24

RTA RTB
10.0.0.200/24 10.0.0.100/24
3 1

2 ICMP Redirect message

IP address: 10.0.0.1/24
Host A Default gateway: 10.0.0.100

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ICMP Error Detection
 ICMP Echo messages are used to check network connectivity between the source and destination and provide other information, such
as the round-trip time.
[RTA]ping 20.0.0.2
Echo Request
PING 20.0.0.2: 56 data bytes, press CTRL_C to break
10.0.0.0/24 20.0.0.0/24 Reply from 20.0.0.2: bytes=56 Sequence=1 ttl=254 time=70 ms
.1 .2 .1 .2 Reply from 20.0.0.2: bytes=56 Sequence=2 ttl=254 time=30 ms
RTA RTB Server A Reply from 20.0.0.2: bytes=56 Sequence=3 ttl=254 time=30 ms
Echo Reply Reply from 20.0.0.2: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 20.0.0.2: bytes=56 Sequence=5 ttl=254 time=30 ms

--- 20.0.0.2 ping statistics ---

Function: Ping 5 packet(s) transmitted
Ping is a command used on network devices, Windows OS, Unix OS, and Linux OS. Ping is a small 5 packet(s) received
0.00% packet loss
and useful application based on the ICMP protocol.
round-trip min/avg/max = 30/40/70 ms
A ping tests the reachability of a destination node.

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ICMP Error Report
 ICMP defines various error messages for diagnosing network connectivity problems. The source can determine the cause for a data transmission
failure based on the received error messages. For example, after a network device receives a packet, it cannot access the network where the
destination device resides, the network device automatically sends an ICMP Destination Unreachable message to the source.

Data packet [RTA]tracert 20.0.0.2

10.0.0.0/24 20.0.0.0/24 traceroute to 20.0.0.2(20.0.0.2), max hops: 30 ,packet length: 40,press CTRL_C
.1 .2 .1 .2 to break
RTA RTB Server A
1 10.0.0.2 80 ms 10 ms 10 ms
Destination Unreachable message
2 20.0.0.2 30 ms 30 ms 20 ms
Function: Tracert
Tracert checks the reachability of each hop on a forwarding path based on the TTL value carried
in the packet header.
Tracert is an effective method to detect packet loss and delay on a network and helps
administrators discover routing loops on the network.

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Layer Protocols

2. Introduction to IPv4 Addresses

3. Subnetting

4. ICMP

5. IPv4 Address Configuration and Basic Application

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic IP Address Configuration Commands
1. Enter the interface view.

[Huawei] interface interface-type interface-number

You can run this command to enter the view of a specified interface and configure attributes for the interface.
• interface-type interface-number: specifies the type and number of an interface. The interface type and number can be closely next to each other or separated
by a space character.

2. Configure an IP address for the interface.

[Huawei-GigabitEthernet0/0/1] ip address ip-address { mask | mask-length }

You can run this command in the interface view to assign an IP address to the interface on the network devices to implement n etwork interconnection.
• ip-address: specifies the IP address of an interface. The value is in dotted decimal notation.
• mask: specifies a subnet mask. The value is in dotted decimal notation.
• mask-length: specifies a mask length. The value is an integer ranging from 0 to 32.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case:
Configuring an IP address for an Interface
Configure an IP address for a physical interface.
192.168.1.1/24 192.168.1.2/24
[RTA] interface gigabitethernet 0/0/1
GE0/0/1 GE0/0/1
[RTA-GigabitEthernet0/0/1] ip address 192.168.1.1 255.255.255.0
Or,
RTA RTB
Loopback 0 1.1.1.1/32 Loopback 0 [RTA-GigabitEthernet0/0/1] ip address 192.168.1.1 24
2.2.2.2/32

Configure an IP address for a logical interface.

On the preceding network where the two routers are
[RTA] interface LoopBack 0
interconnected, configure IP addresses for the interconnected
[RTA-LoopBack0] ip address 1.1.1.1 255.255.255.255
physical interfaces and logical IP addresses.
Or,
[RTA-LoopBack0] ip address 1.1.1.1 32

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network IP Address Planning
 IP address planning must be considered together with the network structure, routing protocols, traffic planning, and service rules. In
addition, IP address planning should be corresponding to the network hierarchy and performed in a top-bottom way.
 In conclusion, IP address planning objectives are to achieve easy management, easy scalability, and high utilization.

Reference Planning Rules

• IP Address Planning Example Uniqueness, continuity, and scalability

Structured and service-related
Background Address Type Address Scope
Network segment of the R&D Core node
192.168.1.0/24
department

Example: Network segment of the marketing

192.168.2.0/24
A company is assigned department Aggregation node
192.168.0.0/16 Network segment of the administrative
as a network segment 192.168.3.0/24
department
address.
Network segment of the guest center 192.168.4.0/24 Access node
Others ...
R&D Dept. Marketing Dept. Administration Dept. Guest center

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple) Which class does 201.222.5.64 belong? ( )

A. Class A

B. Class B

C. Class C

D. Class D

2. (Multiple) A company is assigned a class C network segment 192.168.20.0/24. One of its departments has 40 hosts. Which of the following subnets
can be allocated? ( )

A. 192.168.20.64/26

B. 192.168.20.64/27

C. 192.168.20.128/26

D. 192.168.20.190/26

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 To connect a PC to the Internet, apply an IP address from the Internet Service Provider (ISP).
 This presentation provides an overview of the IP protocol and describes concepts related to IPv4 addresses and
subnetting.
 This presentation also describes the planning and basic configuration of IP addresses.

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 There are typically multiple IP subnets on a typical data communication network. Layer 3 devices are required to exchange
data between these IP subnets. These devices have the routing capability and can forward data across subnets.
 Routing is the basic element of data communication networks. It is the process of selecting paths on a network along which
packets are sent from a source to a destination.
 This course introduces the basic concepts of routing.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
 Understand the basic principles of routers.
 Know how routers select optimal routes.
 Understand the contents of routing tables.
 Master advanced routing features.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of IP Routing
▪ Basic Concepts of Routing

▫ Generation of Routing Entries

▫ Optimal Route Selection

▫ Route-based Forwarding

2. Static Routing

3. Dynamic Routing

4. Advanced Routing Features

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Background: Inter-Subnet Communication

M
• An IP address uniquely identifies a node on a network. Each IP
address belongs to a unique subnet, and each subnet may belong to
a different area of the network.

• To implement IP addressing, subnets in different areas need to

N
communicate with each other.

How to communicate with the

network M?

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Routes
 Routes are the path information used to guide packet forwarding.

 A routing device is a network device that forwards packets to a destination subnet based on routes. The most common routing device is a router.
 A routing device maintains an IP routing table that stores routing information.

Route-based Packet Forwarding

Router R4

Data R1 R2 R3

N M

Gateway Gateway

Destination-based forwarding

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Routing Information

 A route contains the following information:

 Destination: identifies a destination subnet.
1.1.1.2
10.1.1.0/24
 Mask: identifies a subnet together with a destination IP address.
 Outbound interface: indicates the interface through which a data packet is
GE0/0/0
1.1.1.3 sent out of the local router.
 Next hop: indicates the next-hop address used by the router to forward the
data packet to the destination subnet.
IP routing table
 The information identifies the destination subnet and specifies the path
Outbound
Destination/Mask Next Hop for forwarding data packets.
Interface
10.1.1.0/24 GE0/0/0 1.1.1.2

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IP Routing Table

14.0.0.0/8 Outbound
Destination/Mask Next Hop
Interface
R4
• Routers discover routes using multiple methods.
11.0.0.0/8 2.2.2.2 GE0/0
1.1.1.2/30
13.0.0.0/8 3.3.3.2 GE0/1 • A router selects the optimal route and installs it in its IP routing
14.0.0.0/8 1.1.1.2 GE0/2 table.
…
GE0/2 • The router forwards IP packets based on routes in the IP routing
1.1.1.0/30 1.1.1.1 GE0/2
1.1.1.1/30
1.1.1.1/32 127.0.0.1 GE0/2 table.
GE0/0 GE0/1
2.2.2.1/30 3.3.3.1/30 • Routers manage path information by managing their IP routing
R2
tables.

2.2.2.2/30 3.3.3.2/30

R1 R3

11.0.0.0/8 13.0.0.0/8

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of IP Routing
▫ Basic Concepts of Routing

▪ Generation of Routing Entries

▫ Optimal Route Selection

▫ Route-based Forwarding

2. Static Routing

3. Dynamic Routing

4. Advanced Routing Features

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 How to Obtain Routing Information
• A router forwards packets based on its IP routing table. To implement route-based packet forwarding, the router needs to obtain routes. The following describes the
common methods of obtaining routes.

Direct Routes Static Routes Dynamic Routes

• Direct routes are automatically generated by devices and • Static routes are manually configured by network administrators. • Dynamic routes are learned by dynamic routing protocols
point to local directly connected networks. running on routers.
40.1.1.0/24

GE0/0/0
20.1.1.0/24 30.1.1.0/24
GE0/0/1
10.1.1.0/24

GE0/0/1
Dynamic routing
protocol
GE0/0/2 OSPF

Protocol Destination/Mask Outbound Interface

Direct 10.1.1.0/24 GE0/0/0 Protocol Destination/Mask Outbound Interface Outbound
Protocol Destination/Mask
Static 30.1.1.0/24 GE0/0/1 Interface
Direct 20.1.1.0/24 GE0/0/1
OSPF 40.1.1.0/24 GE0/0/2

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Direct Routes (1)
Direct Routes
• A direct route is automatically generated by a device and points to a
local directly-connected network.
GE0/0/0 • When a router is the last hop router, IP packets to be forwarded will
10.0.0.2/24
10.0.0.0/24
GE0/0/1
20.1.1.0/24 match a direct route and the router will directly forward the IP packet
RTB 20.1.1.2/24 to the destination host.

• When a direct route is used for packet forwarding, the destination IP

address of a packet to be forwarded and the IP address of the router‘s
Direct routes in the IP routing table of RTB outbound interface are in the same subnet.
Outbound
Destination/Mask Protocol Next Hop
Interface

10.0.0.0/24 Direct 10.0.0.2 GE0/0/0

20.1.1.0/24 Direct 20.1.1.2 GE0/0/1

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Direct Routes (2)
Direct routes

GE0/0/0 GE0/0/1
10.0.0.2/24 20.1.1.3/24
• Not all the direct routes generated for interfaces are installed in the IP
GE0/0/0 GE0/0/1
RTA 10.0.0.1/24 RTB 20.1.1.2/24 RTC routing table. Only the direct routes of which the physical status and
protocol status of interfaces are up are installed in the IP routing table.

Direct routes in the IP routing table of RTB

Destination/Mask Protocol Next Hop Outbound Interface
20.1.1.0/24 Direct 20.1.1.2 G0/0/1

• When GE0/0/0 goes down, the direct route for this interface is not installed in the IP routing
table.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of IP Routing
▫ Basic Concepts of Routing

▫ Generation of Routing Entries

▪ Optimal Route Selection

▫ Route-based Forwarding

2. Static Routing

3. Dynamic Routing

4. Advanced Routing Features

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Examining the IP Routing Table
<Quidway> display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------------------------------Routing Tables: Public
Destinations : 6 Routes : 6

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.1/32 Static 60 0 D 0.0.0.0 NULL0

2.2.2.2/32 Static 60 0 D 100.0.0.2 Vlanif100
100.0.0.0/24 Direct 0 0 D 100.0.0.1 Vlanif100
100.0.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif100
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

Destination/Mask Protocol Flag Next-hop Outbound interface

address
Route Cost (Metric)
preference

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Fields in the IP Routing Table
 Destination/Mask: indicates the destination network address and mask of a specific route. The subnet address of a destination host or router is obtained through the
AND operation on the destination address and mask. For example, if the destination address is 1.1.1.1 and the mask is 255.255.255.0, the IP address of the subnet to which
the host or router belongs is 1.1.1.0.
 Proto (Protocol): indicates the protocol type of the route, that is, the protocol through which a router learns the route.
 Pre (Preference): indicates the routing protocol preference of the route. There may be multiple routes to the same destination, which have different next hops and
outbound interfaces. These routes may be discovered by different routing protocols or be manually configured. A router selects the route with the highest preference
(with the lowest preference value) as the optimal route.
 Cost: indicates the cost of the route. When multiple routes to the same destination have the same preference, the route with the lowest cost is selected as the optimal
route.
 NextHop: indicates the local router’s next-hop address of the route to the destination network. This field specifies the next-hop device to which packets are forwarded.
 Interface: indicates the outbound interface of the route. This field specifies the local interface through which the local router forwards packets.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Preference - Basic Concepts
Comparing Route Preferences • When a router obtains routes to the same destination subnet from
different routing protocols (these routes have the same destination
Routes network address and mask), the router compares the preferences of
these routes and prefers the route with the lowest preference value.

Destination Different Installed in the IP routing

• A lower preference value indicates a higher preference.
subnet/mask table
• The route with the highest preference is installed in the IP routing table.
Same

Higher Preference
Preference

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Preference - Comparison Process
Comparing Route Preferences

Dynamic routing protocol

OSPF 20.1.1.2/30 • RTA discovers two routes to 10.0.0.0/30, one is an OSPF route and the
10.0.0.0/30
20.1.1.1/30
other a static route. In this case, RTA compares the preferences of the
two routes and selects the route with the lowest preference value.
RTA
30.1.1.1/30 30.1.1.2/30
• Each routing protocol has a unique preference.

• OSPF has a higher preference. Therefore, the OSPF route is installed in

IP routing table of RTA the IP routing table.

Destination/Mask Protocol Preference Next Hop

10.0.0.0/30 Static 60 30.1.1.2

Installed in the
10.0.0.0/30 OSPF 10 20.1.1.2 IP routing table

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Metric - Comparison Process
Metric comparison

Dynamic routing • RTA learns two routes with the same destination address
protocol 20.1.1.2/30
OSPF (10.0.0.0/30) and preference through OSPF. In this case, RTA needs
Cost=10 Cost=10 10.0.0.0/30
20.1.1.1/30 to compare the metrics of the two routes.
Cost=10
RTA • The two routes have different metrics. The OSPF route with the next
30.1.1.1/30 30.1.1.2/30
hop being 30.1.1.2 has a lower metric (with the cost 10), so it is
installed in the IP routing table.

IP routing table of RTA

Destination/Mask Protocol Cost Next Hop

10.0.0.0/30 OSPF 20 20.1.1.2 Installed in the
10.0.0.0/30 OSPF 10 30.1.1.2 IP routing
table

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Preference - Common Default Values
 The following table lists the default preference values of common route types:

Protocol Route Type Default Preference

Direct Direct route 0

Static Static route 60

OSPF internal route 10

Dynamic routing protocol
OSPF external route 150

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Metric - Basic Concepts
Comparing Metrics • When a router discovers multiple routes to the same destination

Routes
network through the same routing protocol, the router selects the
optimal route based on the metrics of these routes if these routes
have the same preference.
Different
Installed in the IP
Destination/mask routing table • The metric of a route indicates the cost of reaching the destination
Same address of the route.

Higher preference
• Common metrics include the hop count, bandwidth, delay, cost, load,
Preference and reliability.

• The route with the lowest metric is installed in the IP routing table.
Same preference

• The metric is also known as the cost.

Lower metric
Metric

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of IP Routing
▫ Basic Concepts of Routing

▫ Generation of Routing Entries

▫ Optimal Route Selection

▪ Route-based Forwarding

2. Static Routing

3. Dynamic Routing

4. Advanced Routing Features

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Longest Matching
 When a router receives an IP packet, it compares the destination IP address of the packet with all routing entries in the local routing table bit by bit
until the longest matching entry is found. This is the longest matching mechanism.

Bit-by-bit matching
Destination IP address
172.16.2.1
172. 16. 00000010 00000001

172.16.1.0 172. 16. 00000001 xxxxxxxx

Routing entry 1
255.255.255.0

172.16.2.0 172. 16. 00000010 xxxxxxxx

Routing entry 2
255.255.255.0

172.16.0.0 172. 16. xxxxxxxx xxxxxxxx

Routing entry 3
255.255.0.0

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example of Longest Matching (1)
Example of Longest Matching

Destination IP address: 10.1.1.2/30

192.168.2.2
• There are two routes to 192.168.2.2 in the IP routing table of RTA, one

RTA
has the 16-bit mask and the other has the 24-bit mask. According to the
20.1.1.2/30 longest matching rule, the route with the 24-bit mask is preferred to
DATA guide the forwarding of packets destined for 192.168.2.2.

30.1.1.2/30

IP routing table of RTA

Destination/Mask Next Hop
192.168.0.0/16 10.1.1.2
192.168.2.0/24 20.1.1.2 Match
192.168.3.0/24 30.1.1.2

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example of Longest Matching (2)
Example of Longest Matching

Destination IP address: 10.1.1.2/30

192.168.3.2

RTA
20.1.1.2/30
• According to the longest matching rule, only the route to 192.168.3.0/24 in
Data
the IP routing table matches the destination IP address 192.168.3.2.
Therefore, this route is used to forward packets destined for 192.168.3.2.
30.1.1.2/30
IP routing table of RTA
Destination/Mask Next Hop
192.168.0.0/16 10.1.1.2
192.168.2.0/24 20.1.1.2
192.168.3.0/24 30.1.1.2 Match

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route-based Forwarding Process
Outbound
Destination/Mask Next Hop
Interface
Destination IP 20.0.1.0/24 20.0.1.2 GE0/0
address:
30.0.1.0/24 30.0.1.1 GE0/1
40.0.1.2
10.0.1.0/24 20.0.1.1 GE0/0
40.0.1.0/24 30.0.1.2 GE0/1
IP routing table of R2
Data
Gateway Gateway
GE0/1 GE0/0 GE0/0 GE0/1 GE0/0 GE0/1
10.0.1.0/24 20.0.1.0/24 30.0.1.0/24 40.0.1.0/24
10.0.1.1 20.0.1.1 20.0.1.2 30.0.1.1 30.0.1.2 40.0.1.1
R1 R2 R3

IP routing table of R1 IP routing table of R3

Outbound Outbound
Destination/Mask Next Hop Destination/Mask Next Hop
Interface Interface
10.0.1.0/24 10.0.1.1 GE0/1 40.0.1.0/24 40.0.1.1 GE0/1
20.0.1.0/24 20.0.1.1 GE0/0 30.0.1.0/24 30.0.1.2 GE0/0
30.0.1.0/24 20.0.1.2 GE0/0 10.0.1.0/24 30.0.1.1 GE0/0
40.0.1.0/24 20.0.1.2 GE0/0 20.0.1.0/24 30.0.1.1 GE0/0

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary of the IP Routing Table
• When a router obtains routes to the same destination subnet with the same mask from different routing protocols, the router prefers the route with
the lowest preference value of these routing protocols. If these routes are learned from the same routing protocol, the router prefers the route with
the lowest cost. In summary, only the optimal route is installed in the IP routing table.

• When a router receives a packet, it searches its IP routing table for the outbound interface and next hop based on the destination IP address of the
packet. If it finds a matching routing entry, it forwards the packet according to the outbound interface and next hop specified by this entry. Otherwise,
it discards the packet.

• Packets are forwarded hop by hop. Therefore, all the routers along the path from the source to the destination must have routes destined for the
destination. Otherwise, packet loss occurs.

• Data communication is bidirectional. Therefore, both forward and backward routes must be available.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of IP Routing

2. Static Routing

3. Dynamic Routing

4. Advanced Routing Features

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios of Static Routes
Static Routes • Static routes are manually configured by network administrators, have low
system requirements, and apply to simple, stable, and small networks.

• The disadvantage of static routes is that they cannot automatically adapt

Destined for 20.1.1.0/24
GE0/0/0 GE0/0/1 to network topology changes and so require manual intervention.
10.0.0.2/24 20.1.1.3/24
GE0/0/0 GE0/0/1
• RTA needs to forward the packets with the destination address 20.1.1.0/24.
RTA 10.0.0.1/24 RTB 20.1.1.2/24 RTC However, the IP routing table of RTA has only one direct route, which does
not match 20.1.1.0/24. In this case, a static route needs to be manually
configured so that the packets sent from RTA to 20.1.1.0/24 can be
Destination Protocol Next Hop
20.1.1.0 Static 10.0.0.2 forwarded to the next hop 10.0.0.2.
10.0.0.0 Direct 10.0.0.1

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Static Route Configuration
 Specify a next-hop IP address for a static route.
[Huawei] ip route-static ip-address { mask | mask-length } nexthop-address

 Specify an outbound interface for a static route.

[Huawei] ip route-static ip-address { mask | mask-length } interface-type interface-number

 Specify both the outbound interface and next hop for a static route.
[Huawei] ip route-static ip-address { mask | mask-length } interface-type interface-number [ nexthop-address ]

When creating a static route, you can specify both the outbound interface and next hop. Alternatively, you can specify either the outbound interface or next hop,
depending on the interface type:
For a point-to-point interface (such as a serial interface), you must specify the outbound interface.
For a broadcast interface (for example, an Ethernet interface) or a virtual template (VT) interface, you must specify the next hop.

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Example
GE0/0/0 S1/0/0
10.0.0.2/24 20.1.1.3/24
GE0/0/0 S1/0/0 Configure RTA.
RTA 10.0.0.1/24 RTB 20.1.1.2/24 RTC
[RTA] ip route-static 20.1.1.0 255.255.255.0 10.0.0.2

Destined for Destined for

20.1.1.0/24 10.1.1.0/24
Configure RTC.
• Configure static routes on RTA and RTC for communication between 10.0.0.0/24 and [RTC] ip route-static 10.0.0.0 255.255.255.0 S1/0/0
20.1.1.0/24.

• Packets are forwarded hop by hop. Therefore, all the routers along the path from the
source to the destination must have routes destined for the destination.

• Data communication is bidirectional. Therefore, both forward and backward routes must be
available.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Default Routes
• Default routes are used only when packets to be forwarded do not match any routing entry in an IP routing table.

• In an IP routing table, a default route is the route to network 0.0.0.0 (with the mask 0.0.0.0), namely, 0.0.0.0/0.

RTA needs to forward packets to a subnet

that is not directly connected to it and
forwards the packets to 10.0.0.2.

192.168.1.0/24
RTA RTB 192.168.2.0/24
GE0/0/0 GE0/0/0
10.0.0.0/24 192.168.3.0/24
10.0.0.1 .
10.0.0.2 .
192.168.254.0/24

[RTA] ip route-static 0.0.0.0 0 10.0.0.2

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenarios of Default Routes
 Default routes are typically used at the egress of an enterprise network. For example, you can configure a default route on an egress device to enable
the device to forward IP packets destined for any address on the Internet.

Enterprise
network RTA
1.2.3.0/24 Internet
GE0/0/1 GE0/0/0 1.2.3.254
PC 192.168.1.254 1.2.3.4
192.168.1.100
Gateway: 192.168.1.254

[RTA] ip route-static 0.0.0.0 0 1.2.3.254

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of IP Routing

2. Static Routing

3. Dynamic Routing

4. Advanced Routing Features

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Overview of Dynamic Routing
Static Routing Dynamic Routing

Static routing • To use static routes on any device, Dynamic routing OSPF • Dynamic routes can be
you must manually configure them. automatically discovered and
• Static routes cannot adapt to link learned.
changes. • Dynamic routes can adapt to
topology changes.

• When the network scale expands, it becomes increasingly complex to manually configure • Dynamic routing protocols automatically discover and generate routes, and update
static routes. In addition, when the network topology changes, static routes cannot adapt routes when the topology changes. These protocols effectively reduce the workload
to these changes in a timely and flexible manner. of network administrators and are widely used on large networks.

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Classification of Dynamic Routing Protocols
Classification by the application scope

Interior Gateway Protocol (IGP) Exterior Gateway Protocol (EGP)

RIP OSPF IS-IS BGP

Classification by working mechanism and routing algorithm

Distance-vector routing protocol Link-state routing protocol

RIP OSPF IS-IS

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of IP Routing

2. Static Routing

3. Dynamic Routing

4. Advanced Routing Features

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Route Recursion (1)

 Route recursion is a recursive search process of the IP routing table where the next-hop IP address is wanted to route packets
towards its destination but when found it is not part of any directly connected network.

GE0/0/0 GE0/0/1
10.0.0.2/24 20.1.1.3/24
30.1.2.0/24
GE0/0/0 GE0/0/1
RTA 10.0.0.1/24 RTB 20.1.1.2/24 RTC

[RTA] ip route-static 30.1.2.0 24 20.1.1.3

The next hop of the route to 30.1.2.0/24 is 20.1.1.3, which is not on a

directly connected network of RTA. If the IP routing table does not have a
route to 20.1.1.3, this static route does not take effect and cannot be
installed in the IP routing table.

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Route Recursion (2)

GE0/0/0 GE0/0/1
10.0.0.2/24 20.1.1.3/24
30.1.2.0/24
GE0/0/0 GE0/0/1
RTA 10.0.0.1/24 RTB 20.1.1.2/24 RTC

Outbound
Destination/Mask Next Hop
Interface
[RTA] ip route-static 30.1.2.0 24 20.1.1.3
Recursion
30.1.2.0/24 20.1.1.3 GE0/0/0
20.1.1.0/24 10.0.0.2 GE0/0/0
[RTA] ip route-static 20.1.1.0 24 10.0.0.2

Configure a route to 20.1.1.3, with the next hop pointing to 10.0.0.2 on the directly connected network.
In this way, RTA can recurse the route with the destination 30.1.2.0/24 to the route with the destination 10.0.0.2.

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Equal-Cost Route
 When there are equal-cost routes in the IP routing table, a router forwards IP packets to be sent to the destination subnet through all valid outbound
interfaces and next hops in the equal-cost routes, achieving load balancing.

RTA GE0/0/0 GE0/0/0 RTB

20.1.1.1/30 Cost=10 20.1.1.2/30
10.0.0.0/30
GE0/0/1 Cost=10 GE0/0/1
30.1.1.1/30 30.1.1.2/30

RTA's IP routing table If there are multiple routes to the same destination from the
same source, with the same cost, but pointing to different next
Destination/Mask Next Hop hops, the routes are installed in the IP routing table as equal-
20.1.1.2 cost routes. Traffic to be sent to the destination will be
10.0.0.0/30 distributed to these equal-cost routes.
30.1.1.2

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Floating Route - Basic Concepts

Floating Route
• Different preferences can be manually configured for static routes.

RTB Therefore, you can configure two static routes with the same
destination address/mask but different preferences and next hops to
implement backup of forwarding paths.
10.1.1.2/30
20.0.0.0/30
• A backup route is known as a floating route, which is used only when
10.1.1.1/30 the primary route is unavailable. That is, a floating route is installed in
10.1.2.1/30 10.1.2.2/30 the IP routing table only when the next hop of the primary route is
RTA RTC
unreachable.

Configure a floating route on RTA.

[RTA] ip route-static 20.0.0.0 30 10.1.1.2
[RTA] ip route-static 20.0.0.0 30 10.1.2.2 preference 70

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Floating Route - Example

Floating Route Switching

RTB RTB

10.1.1.2/30 10.1.1.2/30
20.0.0.0/30 20.0.0.0/30

10.1.1.1/30 10.1.1.1/30

10.1.2.1/30 10.1.2.2/30 10.1.2.1/30 10.1.2.2/30

RTA RTC RTA RTC
Destined for 20.1.1.0/24

RTA's IP routing table when the primary link is available RTA's IP routing table when the primary link fails
Destination Next Hop Preference Destination Next Hop Preference
20.0.0.0 10.1.1.2 60 20.0.0.0 10.1.2.2 70

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

CIDR
• Classless Inter-Domain Routing (CIDR) uses IP addresses and masks to identify networks and subnets. CIDR replaces the previous addressing architecture of classful
network design (such as classes A, B, and C addresses).

• CIDR is based on variable length subnet mask (VLSM). CIDR uses prefixes of any lengths to divide the address space with continuous IP addresses. Multiple address
segments with continuous prefixes can be summarized into a network, effectively reducing the number of routing entries.

192. 168. 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 192.168.12.0/22

192. 168. 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 192.168.10.0/23

192.168.8.0/21
192. 168. 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 192.168.9.0/21

192. 168. 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 192.168.14.0/23

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Background of Route Summarization

• Subnet division and VLSM resolve the problem of address space waste, but also bring a new challenge: increasing routing entries in the IP routing
table.

• Route summarization can minimize routing entries.

192.168.3.0/24 192.168.4.0/24 192.168.5.0/24 192.168.6.0/24

192.168.2.0/24

RTB's IP routing table

RTA
192.168.1.0/24
192.168.1.0/24 To route traffic to the directly connected network segments of RTA, RTB must
192.168.2.0/24 have routes to these network segments. If a static route is manually configured
192.168.3.0/24 for each network segment, the configuration workload will be heavy and RTB's IP
192.168.4.0/24 routing table will have a large number of routing entries.
RTB
192.168.5.0/24
192.168.6.0/24

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Overview of Route Summarization

10.1.1.0/24
10.1.2.0/24
RTA RTB
... • Route summarization is an approach of summarizing routes with the same
12.1.1.2 ...
12.1.1.1 ... prefix into one summary route to minimize the IP routing table size and improve
10.1.10.0/24
device resource usage.

• Route summarization uses CIDR to summarize network segments with the same
prefix into a single one.
[RTA] ip route-static 10.1.0.0 16 12.1.1.2
• The routes before being summarized are known as specific routes, and the
routes created after summarization are known as summarized routes or
On RTA, configure static routes to the directly connected network summary routes.
segments 10.1.1.0/24, 10.1.2.0/24, ..., and 10.1.10.0/24 of RTB, with the
same next hop. Therefore, these routes can be summarized into one
route.

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Summarization and Calculation

192 168 X 0

192.168.1.0/24 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0

192.168.2.0/24 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0

192.168.3.0/24 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0
Network address Host address

192.168.0.0/22 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

• To summarize routes to multiple continuous network segments into one summary route that just includes these network segments, ensure that the mask length of
the summary route is as long as possible.

• The key to achieve this is to convert the destination addresses of specific routes into binary numbers and then find out the identical bits in these binary numbers.

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Problems Caused by Route Summarization (1)

Routing Loop

[RTB] ip route-static 0.0.0.0 0 12.1.1.2 [RTA] ip route-static 10.1.0.0 16 12.1.1.1

10.1.1.0/24
10.1.2.0/24 RTB RTA
... 12.1.1.2 Internet
... 12.1.1.1
...
1 2
10.1.10.0/24

RTB receives traffic destined for Routes are summarized on RTA. Therefore, RTA
10.1.20.0/24 and forwards the traffic to forwards the traffic back to RTB according to the
RTA according to the default route. summary route to 10.1.0.0/16.
Loop

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Problems Caused by Route Summarization (2)

Solution for Preventing Routing Loops

[RTB] ip route-static 0.0.0.0 0 12.1.1.2 [RTA] ip route-static 10.1.0.0 16 12.1.1.1

10.1.1.0/24
10.1.2.0/24 RTB RTA
... 12.1.1.2 Internet
...
... 12.1.1.1
10.1.10.0/24

[RTB] ip route-static 10.1.0.0 16 0 NULL0

• Configure a route pointing to Null0 on RTB to prevent routing loops when

summarizing routes.

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Accurate Route Summarization (1)

RTB 172.16.1.0/24
10.0.0.2 172.16.2.0/24
...
RTA 172.16.31.0/24

20.0.0.2
RTC
172.16.32.0/24
172.16.33.0/24
...
172.16.63.0/24

[RTA] ip route-static 172.16.0 16 10.0.0.2

• To simplify the configuration, an administrator may configure a static summary route on RTA to allow RTA to reach network segments 172.16.1.0/24 to 172.16.31.0/24 of RTB. However,
this summary route also includes the network segments of RTC. As a result, RTA forwards the traffic destined for network segments of RTC to RTB, causing data packet loss. This
problem is caused by inaccurate route summarization. To resolve this problem, the summary route must be as accurate as possible; that is, it just covers all specific routes that are
to be summarized, with no extra route included.

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Route Recursion Equal-Cost Route Floating Route Route Summarization

Accurate Route Summarization (2)

10 1 0 0

10.1.1.0/24 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0

10.1.2.0/24 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0

10.1.3.0/24 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0

/22
ip route-static 10.1.1.0 24 12.1.1.2
ip route-static 10.1.2.0 24 12.1.1.2
ip route-static 10.1.1.0 22 12.1.1.2
ip route-static 10.1.3.0 24 12.1.1.2

Accurately calculate the summarized network address and

mask to ensure accurate route summarization.

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. How does a router select the optimal route?

2. How do I configure a floating route?

3. What is the summary route for routes to 10.1.1.0/24, 10.1.3.0/24, and 10.1.9.0/24?

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 This section presents the basic concepts of routes, how routes instruct routers to forward IP packets, common route
attributes, and default routes (special static routes).

 In addition, this section describes advanced routing features including route recursion, floating routes, and equal-cost
routes, which are widely used on live networks.

Page 49 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 50 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
● Static routes are manually configured. If a network topology changes, static routes have
to be manually adjusted, which restricts the large-scale application of static routes on
the live network.

● Dynamic routing protocols are widely used on live networks because of their high
flexibility, high reliability, and easy scalability. The Open Shortest Path First (OSPF)
protocol is a widely used dynamic routing protocol.

● This course describes basic concepts, working mechanism, and basic configurations of
OSPF.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
● On completion of this course, you will be able to:
� Describe the advantages and classification of dynamic routing protocols.

� Describe basic OSPF concepts and usage scenarios.

� Describe the working mechanism of OSPF.

� Implement basic OSPF configurations.

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. OSPF Overview

2. OSPF Working Mechanism

3. Typical OSPF Configuration

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Why Are Dynamic Routing Protocol Used?
● Static routes are manually configured and maintained, and the command lines are simple and clear. They
apply to small-scale or stable networks. Static routes have the following disadvantages:
� Unable to adapt to large-scale networks: As the number of devices increases, the configuration workload increases
sharply.

� Unable to dynamically respond to network changes: If the network topology changes, the network cannot
automatically converge, and static routes must be manually modified.

R R2 R R2
1 1
Link fault

R3 R3

R1-to-R2 static route Manually configured static route R1-R3-R2

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Classification of Dynamic Routing Protocols
By ASs

Interior Gateway Protocols (IGPs) Exterior Gateway Protocols (EGPs)

RIP OSPF IS-IS BGP

By working mechanisms and

algorithms
Distance Vector Routing Protocols Link-State Routing Protocols

RIP OSPF IS-IS

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Distance-Vector Routing Protocol
● A router running a distance-vector routing protocol periodically floods routes. Through route exchange,
each router learns routes from neighboring routers and installs the routes into its routing table.

● Each router on a network is clear only about where the destination is and how far the destination is, but
unclear about the whole network topology. This is the essence of the distance-vector algorithm.

Routing Routing Routing

table table table

3.3.3.
3
R1 R2 R3

Destined for 3.3.3.3, through R2!

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Link-State Routing Protocol - LSA Flooding
● Different from a distance-vector routing protocol, a link-state routing protocol advertises link
status information rather than routes in the routing table. Routers that run a link-state routing
protocol establish a neighbor relationship and then exchange Link State Advertisements (LSAs).

LSA LSA • LSAs, instead of routes, are

R2 advertised.
• An LSA describes a router
interface's status information,
such as the cost of the interface
R1 R3 and a connected interface name.

LSA LSA

R4

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Link-State Routing Protocol - LSDB Creation
● Each router generates LSAs and adds the received LSAs to its own link state database (LSDB).
Routers learn the whole network topology through the LSDB.

LSDB • The router stores LSAs in the

LSDB.
LSA LSA • The LSDB contains the
LSD R2 LSD description of all router interfaces
B B on the network.
• The LSDB contains the
description of the entire network
R1 R3 topology.

LSA LSA

R4
LSDB

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Link-State Routing Protocol - SPF Calculation
● Each router uses the Shortest Path First (SPF) algorithm and LSDB information to calculate routes. Each
router calculates a loop-free tree with itself as the root and the shortest path. With this tree, a router
determines the optimal path to each corner of a network.
LSDB
Each router calculates a loop-free
tree with itself as the root over the
R2 shortest path.
LSD LSD
B B

2
R1 R3

1 4

R4 4
LSDB

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Link-State Routing Protocol - Routing Table
Generation
● Ultimately, the router installs routes for the calculated preferred paths into its routing
table.
Based on SPF calculation results,
Routing each router installs routes into the
LSDB
table routing table.

LSD Routing R2 LSD Routing

table Routing
table table
B B

R1 R3

R4
Routing
LSDB table

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary of Link-State Routing Protocols
Neighbor LSDB Link status LSDB
relationship setup information
R1 R2 R1 R2

R3 1 2 R3 LSDB

Path computation Path computation 3 4 RIB RIB

Route generation
R1 R2 R1 R2

1 2

RIB
Path computation R3 3 RIB: Routing Information Base R3

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to OSPF
● OSPF is a typical link-state routing protocol and one of the widely used IGPs in the industry.

● OSPFv2, as defined in RFC 2328, is designed for IPv4. OSPFv3, as defined in RFC 2740, is designed for IPv6. Unless
otherwise specified, OSPF in this presentation refers to OSPFv2.

● OSPF routers exchange link status information, but not routes. Link status information is key information for OSPF to
perform topology and route calculation.

● An OSPF router collects link status information on a network and stores the information in the LSDB. Routers are aware
of the intra-area network topology and be able to calculate loop-free paths.

● Each OSPF router uses the SPF algorithm to calculate the shortest path to a specific destination. Routers generate
routes based on these paths and install the routes to the routing table.

● OSPF supports the variable length subnet mask (VLSM) mechanism and manual route summarization.

● The multi-area design enables OSPF to support a larger network.

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Application on a Campus Network

Internet Firewall

The core switch and aggregation Server cluster

switches run OSPF to implement Core switch
reachable routes
on the campus network.

Aggregation Aggregation Aggregation

switch switch switch

Office building 1 Office building 2 Office building 3

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Area Router ID Cost Value

Basic OSPF Concepts: Area

● The OSPF area keyword identifies an OSPF area.

● The area is considered as a logical group, and each group is identified by an area ID.

R1 Area 0 R2

R3

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Area Router ID Cost Value

Basic OSPF Concepts: Router ID

● A router ID uniquely identifies a router in an OSPF area.

● The router ID can be manually specified or automatically assigned by the system.

Router ID: 1.1.1.1 Area 0 Router ID: 2.2.2.2

R1 R2
I'm 1.1.1.1.

R3

Router ID: 3.3.3.3

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Area Router-ID Cost Value

Basic OSPF Concepts: Cost Value

●

Cost Value of an OSPF Interface Accumulated Costs on an OSPF Path

Serial interface (1.544 Mbit/s) 1.1.1.0/24

Default cost = 64

Cost = 10

FE interface GE interface
Cost = 1 Cost = 64
Default cost = 1 Default cost = 1
R1 R2 R3

• Each OSPF interface has a specific cost • In the routing table of R3, the cost of the OSPF route to
because of the particular bandwidth value. 1.1.1.0/24 is 75 (10 + 1 + 64).

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Packet Types
● There are five types of OSPF protocol packets and implement different functions in
interaction between OSPF routers.

Packet Name Function

Hello Is periodically sent to discover and maintain OSPF neighbor relationships.

Describes the summary of the local LSDB, which is used to synchronize

Database Description
the LSDBs of two devices.
Requests a needed LSA from a neighbor. LSRs are sent only after DD
Link State Request
packets have been successfully exchanged.

Link State Update Is sent to advertise a requested LSA to a neighbor.

Link State ACK Is used to acknowledge the receipt of an LSA.

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Neighbor LSDB
OSPF Routing table
Table Table

Three Types of OSPF Entries - Entries in the

Neighbor Table
● OSPF provides entries in three important tables: OSPF neighbor table, LSDB table, and OSPF routing table. For the
OSPF neighbor table, you need to know:
� Before OSPF transmits link status information, OSPF neighbor relationships must be established.
� OSPF neighbor relationships are established by exchanging Hello packets.
� The OSPF neighbor table describes the status of the neighbor relationship between OSPF routers. You can run the
display ospf peer command to view status information.

<R1> display ospf peer

[R1]display ospf peer OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 10.1.1.1(GigabitEthernet1/0/0)'s neighbors
Router ID: 1.1.1.1 Router ID: 2.2.2.2 Router ID: 2.2.2.2 Address: 10.1.1.2 GR State: Normal
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.1.1 BDR: 10.1.1.2 MTU: 0
GE 1/0/0 GE 1/0/0 Dead timer due in 35 sec
R1 10.1.1.1/30 10.1.1.2/30 R2 Retrans timer interval: 5
Neighbor is up for 00:00:05
Authentication Sequence: [ 0 ]

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Neighbor LSDB OSPF Routing
Table Table Table

Three Types OSPF Entries - Entries in the

LSDB Table
● For the OSPF LSDB table, you need to know:

▫ An LSDB stores LSAs generated by a router itself and received from neighbors. In this example, the LSDB of R1
contains three LSAs.

▫ The Type field indicates an LSA type, and the AdvRouter field indicates the router that sends the LSA.

▫ Run the display ospf lsdb command to query the LSDB.

<R1> display ospf lsdb

[R1]display ospf lsdb
OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Router ID: 1.1.1.1 Router ID: 2.2.2.2
Router ID: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
GE 1/0/0 GE 1/0/0 Router 2.2.2.2 2.2.2.2 98 36 8000000B 1
R1 10.1.1.1/30 10.1.1.2/30 R2 Router 1.1.1.1 1.1.1.1 92 36 80000005 1
Network 10.1.1.2 2.2.2.2 98 32 80000004 0

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Neighbor LSDB OSPF Routing
Table Table Table

Three Types of OSPF Entries - Entries in the

OSPF Routing Table
• For the OSPF routing table, you need to know:
▫ The OSPF routing table and the router routing table are different. In this example, the OSPF routing table contains
three routes.
▫ An OSPF routing table contains information, such as the destination IP address, cost, and next-hop IP address,
which guides packet forwarding.
▫ Run the display ospf routing command to query the OSPF routing table.

<R1> display ospf routing

[R1]display ospf routing OSPF Process 1 with Router ID 1.1.1.1
Routing tables
Router ID: 1.1.1.1 Router ID: 2.2.2.2 Routing for Network
Destination Cost Type NextHop AdvRouter Area
1.1.1.1/32 0 stub 1.1.1.1 1.1.1.1 0.0.0.0
GE 1/0/0 GE 1/0/0 10.1.1.0/20 1 Transit 10.1.1.1 1.1.1.1 0.0.0.0
2.2.2.2/32 1 stub 10.1.1.2 2.2.2.2 0.0.0.0
R1 10.1.1.1/30 10.1.1.2/30 R2
Total Nets: 3
Intra Area: 3 Inter Area: 0 ASE: 0 NSSA: 0

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. OSPF Overview

2. OSPF Working Mechanism

3. Typical OSPF Configuration

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Relationships Between OSPF Routers
● There are two important concepts about the relationship between OSPF routers:
neighbor relationship and adjacency.

● On a simple network, two routers are directly connected. OSPF is enabled on

interconnected interfaces. The routers start to send and listen to Hello packets. After
the two routers discover each other through Hello packets, they establish a neighbor
relationship.

● The establishment of a neighbor relationship is just the beginning. A series of packets,

such as DD, LSR, LSU, and LSAck packets, will be exchanged later. When LSDB
synchronization between two routers is complete and the two routers start to calculate
routes independently, the two routers establish an adjacency.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Process of Establishing an OSPF Adjacency
Relationship
● OSPF adjacency relationship establishment involves four steps: establishing a neighbor relationship, negotiating the
master/slave status, exchanging LSDB information, and synchronizing LSDBs.

R1 R2
1

Establish a bidirectional
neighbor relationship.
2

Negotiate the master/slave status.

Mutually describe the LSDB (summary

information).
4

Update LSAs and synchronize

LSDBs of both ends.
5 Calculates routes. 5 Calculates routes.
Steps 1 to 4 involve interaction between both ends, and Step 5 is performed
separately on each device.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Process of Establishing an OSPF Adjacency
- Step 1
Area 1.1.1.1 Area 2.2.2.2

R1 R2

Hello packets
I'm 1.1.1.1. I don't know who's on the link.
Init
R1 (1.1.1.1) is discovered and added
Hello packets to the neighbor list. The status of R1
I'm 2.2.2.2. I found my neighbor 1.1.1.1. in the neighbor table is Init.
2-way
R2 (2.2.2.2) is discovered and
added to the neighbor list.
Hello packets
Because R2 discovered me, I
I'm 1.1.1.1. I found the neighbor 2.2.2.2.
set the status of R2 to 2-way in 2-way
the neighbor table.
Because R1 found me, I
change the status of 1.1.1.1 to
We're neighbors. 2-way in the neighbor table.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Process of Establishing an OSPF Adjacency
- Steps 2 and 3
Router ID: 1.1.1.1 Router ID: 2.2.2.2

R1 R2

DD (The content is empty, and the sequence number is X.)

I'm the master and my router ID is 1.1.1.1.
Ex-start (Exchange Start) Ex-start
DD (The content is empty, and the sequence number is Y.)
Exchange I'm the master and my router ID is 2.2.2.2.
(R2 with a larger router ID is
preferred.) DD (sequence number Y)
This is the summary of LSAs in my LSDB.
Exchange
DD (Sequence number Y + 1 in ascending order)
This is the summary of LSAs in my LSDB. In the Exchange phase, both ends
exchange DD packets to describe the
DD (sequence number Y+1) summary of their own LSAs.
Confirms the DD packet sent by the master router.

I know what R2's I know what R1's

LSDB contains. LSDB contains.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Process of Establishing an OSPF Adjacency
- Step 4
Router ID: 1.1.1.1 Router ID: 2.2.2.2

R1 R2
LSR
I want to request the complete information about
the xx LSA.
Loading Loading
LSU
This is the complete information about the requested LSA.

LS ACK
Confirms the reception of the LSU and the xx LSA
carried in the LSU.

LSR
I want to request the complete information about
the yyy LSA.

Full Full

LSDBs of R1 and R2 LSDBs of R1 and R2

are synchronized. are synchronized.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Review of the OSPF Neighbor Table
Router ID: 1.1.1.1 Router ID: 2.2.2.2

R1 R2
GE1/0/0 GE1/0/0
10.1.1.1/30 10.1.1.2/30

<R1> display ospf peer

OSPF Process 1 with Router ID 1.1.1.1
Neighbors R1 discovers
Area 0.0.0.0 interface 10.1.1.1(GigabitEthernet1/0/0)'s neighbors neighbors in area 0 on
Router ID of the GE 1/0/0.
neighbor: 2.2.2.2 Area 2.2.2.2 Address: 10.1.1.2 GR State: Normal
State: Full Mode:Nbr is Master Priority: 1 The neighbor at
The neighbor 2.2.2.2 is the master.
status is Full. DR: 10.1.1.1 BDR: 10.1.1.2 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:00:05 Quiz: What is the DR/BDR
Authentication Sequence: [ 0 ] in the neighbor table?

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Network Types
● Before learning concepts of the DR and BDR, understand OSPF network types.

● The OSPF network type is a very important interface variable. This variable affects OSPF operations on
interfaces. For example, it determines how to send OSPF packets and whether to elect a DR or BDR.

● The default OSPF network type of an interface depends on the data link layer encapsulation used by the
interface.

● As shown in the figure, OSPF has four network types: broadcast, NBMA, P2MP, and P2P.

[R1-GigabitEthernet1/0/0] ospf network-type ?

Router ID: 1.1.1.1 Router ID: 2.2.2.2
broadcast Specify OSPF broadcast network
nbma Specify OSPF NBMA network
GE 1/0/0 GE 1/0/0
p2mp Specify OSPF point-to-multipoint network
R1 10.1.1.1/30 10.1.1.2/30 R2
p2p Specify OSPF point-to-point network

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Network Types (1)
● Generally, the network types of OSPF interfaces at both ends of a link must be the same. Otherwise, the two interfaces
cannot establish a neighbor relationship.

● An OSPF network type can be manually changed on an interface to adapt to different network scenarios. For example,
you can change the BMA network type to P2P.

Point-to-Point (P2P) Broadcast Multiple Access (BMA)

Serial0/0/0 Serial0/0/0
GE0/0/0
PP PP
RTA P P RTB Ethernet

• P2P indicates that only two network devices can be connected • BMA is also called broadcast. It refers to an environment that
on a link. allows multiple devices to access and supports broadcast.
• A typical example is a PPP link. When an interface uses PPP • A typical example is an Ethernet network. When an interface
encapsulation, the default network type of the OSPF interface uses Ethernet encapsulation, the default network type of the
is P2P. OSPF interface is BMA.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Network Types (2)
Non-Broadcast Multiple Access (NBMA) Point-to-Multipoint (P2MP)

Frame
F Relay
R

• NBMA refers to an environment that allows multiple • A P2MP network is formed by bundling
network devices to access but does not support endpoints of multiple P2P links.
broadcast. • No link layer protocol is considered as a P2MP
• A typical example is a Frame Relay (FR) network. network by default. This type must be manually
changed from another network type.
• For example, a non-full-mesh NBMA network
can be changed to a P2MP network.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Background of DR and BDR
● Multi-access (MA) networks are classified into BMA and NBMA networks. Ethernet is a typical broadcast multi-access
network.

● On an MA network, if each OSPF router establishes OSPF adjacencies with all the other routers, excessive OSPF
adjacencies exist on the network, which increases the load on the devices and the number of OSPF packets flooded on
the network.

● Once the network topology changes, LSA flooding on the network may waste bandwidth and device resources.

Ethernet

Adjacency

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 DR and BDR
● To optimize OSPF neighbor relationships on an MA network, the OSPF protocol specifies three types of
OSPF routers: DR, BDR, and DRother.

● Only the DR and BDR can establish adjacencies with other OSPF routers. DRothers do not establish
OSPF adjacencies with one another, and their relationship is in the 2-way state.

● The BDR monitors the status of the DR and takes over the role of the DR if the existing DR fails.

DR BDR

Ethernet

DRother DRother DRother Adjacency

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Domain and Single Area
● An OSPF domain is a network that consists of a series of contiguous
OSPF network devices that use the same policy.

● An OSPF router floods LSAs in the same area. To ensure that all
routers have the same understanding of the network topology, LSDBs
need to be synchronized within an area.

● If there is only one OSPF area, the number of OSPF routers

increases with the network scale. This causes the following problems:
▫ The LSDB becomes larger and larger, and the size of the OSPF routing
Area 0 table increases. A large number of router resources are consumed, device
performance deteriorates, and data forwarding is affected.

▫ It is difficult to calculate routes based on a large LSDB.

▫ When the network topology changes, LSA flooding and SPF recalculation
on the entire network bring heavy loads.

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Multi-Area OSPF

● OSPF introduces the concept of area. An OSPF

domain is divided into multiple areas to support
larger-scale networking.
Area 1
● The OSPF multi-area design reduces the
flooding scope of LSAs and effectively controls

Area 0 the impact of topology changes within an area,

optimizing the network.

● Routes can be summarized at the area border

to reduce the size of the routing table.

Area 2 ● Multi-area improves network scalability and

facilitates large-scale network construction.

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Types of OSPF Routers

● OSPF routers are classified into the

IR following types based on their
locations or functions:
Area 1 � Internal router
BR
� Area border router (ABR)

� Backbone router

� AS boundary router (ASBR)

ABR/BR

Another AS
Area 2
ASBR
Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical OSPF Single-Area and Multi-Area
Networking

OSPF Area
0

OSPF Area OSPF Area

1 2
OSPF Area
0
Small- and medium-sized enterprise Large enterprise network (multiple
network (single area) areas)

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. OSPF Overview

2. OSPF Working Mechanism

3. Typical OSPF Configuration

Wildcard masks are used to specify a range of network addresses. They are commonly used with routing protocols (like OSPF) and access lists.
Wildcard mask of all zeros (0.0.0.0) means that the entire IP address have to match in order for a statement to execute. For example, if we want to match only the IP
address of 192.168.0.1, the command used would be 192.168.0.1 0.0.0.0.
A wildcard mask of all ones (255.255.255.255) means that no bits have to match. This basically means that all addresses will be matched.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic OSPF Configuration Commands (1)
1. (System view) Create and run an OSPF process.

[Huawei] ospf [ process-id | router-id router-id ]

The process-id parameter specifies an OSPF process. The default process ID is 1. OSPF supports multiple processes. Multiple OSPF processes can
separately run on the same device. The router-id command is used to manually specify the ID of a device. If no ID is specified, the system automatically
selects the IP address of an interface as the device ID.

2. (OSPF view) Create an OSPF area and enter the OSPF area view.

[Huawei] area area-id

The area command creates an OSPF area and displays the OSPF area view.
The area-id value can be a decimal integer or in dotted decimal notation. If the value is an integer, it ranges from 0 to 4294967295.

3. (OSPF area view) Specify the interface that runs OSPF.

[Huawei-ospf-1-area-0.0.0.0] network network-address wildcard-mask

The network command specifies the interface that runs OSPF and the area to which the interface belongs. The network-address parameter specifies the
network segment address of the interface. The wildcard-mask parameter is the wildcard of an IP address, which is equivalent to the reverse mask of the IP
address (0 is converted to 1, and 1 to 0). For example, 0.0.0.255 indicates that the mask length is 24 bits.

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic OSPF Configuration Commands (2)
4. (Interface view) Set an OSPF interface cost.

[Huawei-GE1/0/1] ospf cost cost

The ospf cost command sets a cost for an OSPF interface. By default, OSPF automatically calculates the cost of
an interface based on the interface bandwidth. The cost value is an integer ranging from 1 to 65535.
5. (OSPF view) Set an OSPF bandwidth reference value.

[Huawei-ospf-1] bandwidth-reference value

The bandwidth-reference command sets a bandwidth reference value that is used to calculate interface costs. The
value ranges from 1 to 2147483648, in Mbit/s. The default value is 100 Mbit/s.
6. (Interface view) Set the priority of an interface for DR election.

[Huawei-GigabitEthernet0/0/0] ospf dr-priority priority

The ospf dr-priority command sets a priority for an interface that participates in DR election. A larger value
indicates a higher priority. The value ranges from 0 to 255.

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Configuration Example
Description:

• There are three routers, R1, R2, and R3. R1 and R3 are connected to networks 1.1.1.1/32 and 3.3.3.3/32
(simulated by Loopback 0), respectively. OSPF needs to be used to implement interworking between the
two networks. Detailed topology was as follows:

Area 0 Area 1

1.1.1.1/32 3.3.3.3/32
GE0/0/0 GE0/0/0 GE0/0/1 GE0/0/1
R1 10.1.12.1/30 10.1.12.2/30 R2 10.1.23.1/30 10.1.23.2/30 R3

Configure Configure Verify the

interfaces. OSPF. result.

• The configuration process consists of three steps: configuring device interfaces, configuring OSPF, and
verifying the result.

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Configuration Example - Configuring
Interfaces
Configure Configure Verify the
interfaces. OSPF. result.

Area 0 Area 1

1.1.1.1/32 3.3.3.3/32
GE0/0/0 GE0/0/0 GE0/0/1 GE0/0/1
R1 10.1.12.1/30 10.1.12.2/30 R2 10.1.23.1/30 10.1.23.2/30 R3

• Set IP addresses for R1's, R2's, and R3's interfaces according to the plan.

# Configure interfaces of R1. # Configure interfaces of R3.

[R1] interface LoopBack 0 [R3] interface LoopBack 0

[R1-LoopBack0] ip address 1.1.1.1 32 [R3-LoopBack0] ip address 3.3.3.3 32

[R1-LoopBack0] interface GigabitEthernet 0/0/0 [R3-LoopBack0] interface GigabitEthernet 0/0/1

[R1-GigabitEthernet0/0/0] ip address 10.1.12.1 30 [R3-GigabitEthernet0/0/1] ip address 10.1.23.2 30

Assign IP addresses for GE0/0/0 and GE0/0/1 on R2. For details, see comment in this slide.

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Configuration Example - Configuring
OSPF (1)
Configure Configure Verify the
interfaces. OSPF. result.

Router ID 1.1.1.1 Area 0 Area 1

1.1.1.1/32 3.3.3.3/32
GE0/0/0
R1 10.1.12.1/30 R2 R3

• Planned OSPF parameters: The OSPF process ID is 1. Router IDs of R1, R2, and R3 are 1.1.1.1,
2.2.2.2, and 3.3.3.3 respectively.

• Procedure: # Configure OSPF on R1.

[R1] ospf 1 router-id 1.1.1.1

▫ Create and run an OSPF process.
[R1-ospf-1] area 0
▫ Create an OSPF area and enter the An inverse mask is
[R1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 specified here.
OSPF area view.
[R1-ospf-1-area-0.0.0.0] network 10.1.12.0 0.0.0.3
▫ Specify the interface that runs OSPF..

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Configuration Example - Configuring
OSPF (2)
Configure Configure Verify the
interfaces. OSPF. result.

Area 0 Router ID 2.2.2.2 Area 1 Router ID 3.3.3.3

1.1.1.1/32 3.3.3.3/32
GE0/0/0 GE0/0/1 GE0/0/1
R1 10.1.12.2/30 R2 10.1.23.1/30 10.1.23.2/30 R3

• When configuring OSPF multi-area, be sure to advertise the route destined for a network segment
that responds to a specified area.

# Configure OSPF on R2. # Configure OSPF on R3.

[R2] ospf 1 router-id 2.2.2.2 [R3] ospf 1 router-id 3.3.3.3

[R2-ospf-1] area 0 [R3-ospf-1] area 1

[R2-ospf-1-area-0.0.0.0] network 10.1.12.0 0.0.0.3 [R3-ospf-1-area-0.0.0.1] network 3.3.3.3 0.0.0.0

[R2-ospf-1-area-0.0.0.0] area 1 [R3-ospf-1-area-0.0.0.1] network 10.1.23.0 0.0.0.3

[R2-ospf-1-area-0.0.0.1] network 10.1.23.0 0.0.0.3

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 OSPF Configuration Example - Verification (1)
Configure Configure Verify the
interfaces. OSPF. result.

Area 0 Area 1

1.1.1.1/32 3.3.3.3/32

R1 R2 R3

• Check the OSPF neighbor table on R2.

<R2> display ospf peer brief

OSPF Process 1 with Router ID 2.2.2.2

Peer Statistic Information

---------------------------------------------------------------------------- Neighbor status

Verify that the neighbor status
Area ID of Area Id Interface Neighbor id State is Full, indicating that the
a neighbor adjacency has been
0.0.0.0 GigabitEthernet0/0/0 1.1.1.1 Full
established successfully.
0.0.0.1 GigabitEthernet0/0/1 3.3.3.3 Full
Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
----------------------------------------------------------------------------
 OSPF Configuration Example - Verification (2)
• Check the routing table on R1 and ping 3.3.3.3 from 1.1.1.1.

<R1>display ip routing-table

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Routing tables: Public

Destinations : 10 Routes : 10
Route to
3.3.3.3/32 Destination/Mask Proto Pre Cost Flags NextHop Interface
learned using
OSPF 1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0

3.3.3.3/32 OSPF 10 2 D 10.1.12.2 GigabitEthernet 0/0/0

Set the 10.1.12.0/30 Direct 0 0 D 10.1.12.1 GigabitEthernet 0/0/0
source IP
address to …
1.1.1.1 and
ping 3.3.3.3. <R1>ping -a 1.1.1.1 3.3.3.3

PING 3.3.3.3: 56 data bytes, press CTRL_C to break

Reply from 3.3.3.3: bytes = 56 Sequence = 1 ttl = 254 time = 50 ms

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple) In the process of establishing OSPF neighbor relationships and adjacencies, which of the
following states are stable? ( )
A. Exstart

B. Two-way

C. Exchange

D. Full

2. (Multiple) In which of the following situation will the establishment of adjacencies between routers be
triggered? ( )
A. Two routers on a point-to-point link

B. DR and BDR on a broadcast network

C. DRother and DRother on an NBMA network

D. BDR and DRother on a broadcast network

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
● OSPF is a widely used routing protocol on the live network. This presentation describes
basic concepts, application scenarios, and basic configurations of OSPF.

● The router ID, area, OSPF neighbor table, LSDB table, and OSPF routing table are
basic OSPF concepts. Describe the establishment of OSPF neighbor relationships and
adjacencies, which helps you better understand the link-state routing protocol.

● OSPF has more interesting details, such as LSA types, the SPF calculation process,
and the OSPF special area. For more OSPF information, please continue your Huawei
HCIP-Datacom certification courses.

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
● Data transmission on networks must comply with certain standards. Ethernet protocols
define how data frames are transmitted over an Ethernet network. Understanding
Ethernet protocols is the basis for fully understanding communication at the data link
layer. An Ethernet switch is the main device for implementing data link layer
communication. It is essential to understand how an Ethernet switch works.

● This course describes the concepts related to Ethernet protocols, MAC address types,
and working process and mechanism of Layer 2 switches.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
● On completion of this course, you will be able to:
� Describe the basic concepts of an Ethernet network.

� Distinguish MAC address types.

� Get familiar with the working process of a Layer 2 switch.

� Get familiar with the structure and generation process of a MAC address table.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Ethernet Protocols

2. Overview of Ethernet Frames

3. Overview of Ethernet Switches

4. Process of Data Communication Within a Network Segment

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Protocols
● Ethernet is the most common communication protocol standard used by existing local area networks
(LANs). It defines the cable types and signal processing methods that are used on a LAN.

● An Ethernet network is a broadcast network built based on the carrier sense multiple access/collision
detection (CSMA/CD) mechanism.

Host A Host B Switch A

Switch B

Host A Host B

Host C Host D
Host C Host D

Early Ethernet Switch Networking

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Collision Domain
● A collision domain is a set of nodes connected to the same shared medium. All nodes in a collision domain compete for
the same bandwidth. Packets (unicast, multicast, or broadcast) sent by a node can be received by other nodes.
Separating collision domains
Solution: CSMA/CD
Host A Host B
Switch A

Collision
Switch B

Host A Host B

Host C Host D Switch Networking

Early Ethernet Five Collision Domains
Host C Host D
One Collision Domain

• On a traditional Ethernet network, multiple nodes on the same

The switch interfaces used to send and receive data are
medium share the link bandwidth and compete for the right to use
independent of each other and belong to different collision
the link. As a result, collision occurs.
domains. Therefore, collisions do not occur between hosts (or
• The probability that collision occurs increases when more nodes
networks) connected through switch interfaces.
are deployed on a shared medium.
Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Broadcast Domain
● The entire access scope of broadcast packets is called a Layer 2 broadcast domain, which is also called a broadcast
domain. All hosts in the same broadcast domain can receive broadcast packets.

Host A Host B Switch A

Broadcast
packet
Broadcast
packet
Switch B

Host A Host B

Host C Host D Switch Networking

Early Ethernet One Broadcast Domain
Host C Host D
One Broadcast Domain

On a traditional Ethernet network, multiple nodes on the same A switch forwards broadcast packets to all interfaces. Therefore,
medium share a link. The broadcast packets sent by a device can be the nodes connected to all interfaces of the switch belong to the
received by all the other devices. same broadcast domain.

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet NIC
● A network interface card (NIC) is a key component that connects a network device (such as a computer, a
switch, or a router) to an external network.
Computer • Network Port
Packet Bit Stream
▫ A network port is also called a network
TCP/IP
Network NIC interface, interface, or port.
layer
Computer Packet Bit Stream • NIC
▫ Each network port corresponds to a
Switch NIC.
Other NICs that
transfer data to
Frame Bit Stream ▫ A computer or switch forwards data
the local host
NIC through a NIC.
Other NICs on the
local host Frame Bit Stream

Other NICs that

transfer data to
Frame Bit Stream
Switch the local host
NIC
Other NICs on the
local host
Frame Bit Stream

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Ethernet Protocols

2. Overview of Ethernet Frames

3. Overview of Ethernet Switches

4. Process of Data Communication Within a Network Segment

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Frame Format MAC address Ethernet frame type

Ethernet Frame Format

● The frames used by Ethernet technology are referred to as Ethernet frames.

● Ethernet frames are in two formats: Ethernet_II and IEEE 802.3.

Total length of a data frame: 64–1518 bytes

6B 6B 2B 46-1500B 4B
Ethernet_II format D.MAC S.MAC Type User data FCS

6B 6B 2B 3B 5B 38-1492B 4B
IEEE 802.3 format D.MAC S.MAC Length LLC SNAP User data FCS
3B 2B
Org
Type
Code

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Frame Format MAC address Ethernet frame type

What Is a MAC Address?

● A media access control (MAC) address uniquely identifies a NIC on a network. Each NIC must
have a globally unique MAC address.

What is a MAC address? MAC Address

Each NIC has a number, that is, a

I have a MAC
address when I MAC address, to identify itself, just
leave the factory. Name: NIC
as each person has an ID card
MAC address/Ethernet
number to identify himself/herself.
address/Physical address:

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Frame Format MAC address Ethernet frame type

IP Address Vs. MAC Address

● Each Ethernet device has a unique MAC address before delivery. When the device accesses the network,
it assigns an IP address to each host. Why?

Ethernet

Characteristics of IP addresses:
Host 1 Host 2
▫ IP addresses are unique.
▫ IP addresses are changeable.
NIC NIC
MAC1 MAC2 ▫ IP addresses are assigned based on
network topology.
IP1 IP2
Can a network
device have either
IP3 IP4 a MAC address or
Characteristics of MAC addresses:
an IP address?
▫ MAC addresses are unique.
NIC NIC ▫ MAC addresses cannot be changed.
MAC3 MAC4
▫ MAC addresses are assigned based on
Host 3 Host 4 the manufacturer.

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Frame Format MAC address Ethernet frame type

MAC Address Presentation

● A MAC address is 48 bits (6 bytes) in length.

● As typically represented, MAC addresses are recognizable as six groups of two hexadecimal digits,
separated by hyphens, colons, or without a separator.
For example, 00-1E-10-DD-DD-02 or 001E-10DD-DD02
Hexadecimal 00 1E 10 DD DD 02 6-byte
Binary 0000 0000 0001 1110 0001 0000 1101 1101 1101 1101 0000 0010 48-bit

23 22 21 20 23 22 21 20
Conversion Power
between 8 4 2 1 8 4 2 1
hexadecimal and
binary digits
Bit 0 0 0 1 1 1 1 0

=1 = 8+4+2=14=E

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Frame Format MAC address Ethernet frame type

MAC Address Composition and

Classification
● Organizationally unique identifier (OUI): a 24-bit (3-byte) number. It is a globally unique identifier assigned
by the IEEE.

● Company ID (CID): a 24-bit (3-byte) number. It is assigned by a manufacturer.

OUI CID

● MAC address classification:

OUI
Example
Unicast MAC address XXXXXXX XXXXXXX XXXXXXX XXXXXXX XXXXXXX XXXXXXX 00-1E-10-DD-DD-02
0 X X X X X
Non-OUI

Multicast MAC address XXXXXXX XXXXXXX XXXXXXX XXXXXXX XXXXXXX XXXXXXX 01-80-C2-00-00-01
1 X X X X X
Non-OUI

Broadcast MAC address 11111111 11111111 11111111 11111111 11111111 11111111 FF-FF-FF-FF-FF-FF

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Frame Format MAC address Ethernet frame type

Unicast Ethernet Frame

Host A Host B
• A unicast Ethernet frame is also called a unicast
frame.
• The destination MAC address of a unicast frame
is a unicast MAC address. Unicast
Frame

D.MAC:
S.MAC DATA
00-1E-10-DD-DD-02
Host C Host D

0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 0 0 1 0 0 0 0 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 1 0 0 0 0 0 0 1 0
00- 1E- 10- DD- DD- 02

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Frame Format MAC address Ethernet frame type

Broadcast Ethernet Frame

Host A Host B
• A broadcast Ethernet frame ia also called a
broadcast frame.
• The destination MAC address of a broadcast
frame is a broadcast MAC address.
Broadcast
Frame

D.MAC:
S.MAC DATA
FF-FF-FF-FF-FF-FF
Host C Host D

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
FF- FF- FF- FF- FF- FF

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Ethernet Frame Format MAC address Ethernet frame type

Multicast Ethernet Frame

Host A Host B
• A multicast Ethernet frame is also called a
multicast frame.
• The destination MAC address of a multicast
frame is a unicast MAC address.
Multicast
Frame

D.MAC:
S.MAC DATA
01-80-C2-00-00-01
Host C Host D

0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
01- 80- C2- 00- 00- 01

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Ethernet Protocols

2. Overview of Ethernet Frames

3. Overview of Ethernet Switches

4. Process of Data Communication Within a Network Segment

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Architecture of a Campus Network
Internet Internet

Egress
layer

Core layer

Aggregation
layer

Access
layer

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Layer 2 Ethernet switch
Internet Internet

Layer 2 Ethernet switches forward data

through Ethernet interfaces and can
address and forward data only according
to the MAC address in a Layer 2 header
(Ethernet frame header).

Layer 2 Ethernet
Switch

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Working Principles of Switches

Host 1 Host 2

GE 0/0/1 GE 0/0/2

Switch
IP1: 192.168.1.1 IP2: 192.168.1.2
MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

Frame sent by host 1

Source MAC address: Destination MAC address: After receiving a frame, the switch learns
the source MAC address of the frame,
MAC1 MAC2
searches the MAC address table for the
Source IP address: Destination IP address: destination MAC address (MAC2: 0050-
IP1 IP2 5600-0002 in this example) of the frame,
and forwards the frame through the
Payload corresponding interface.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MAC Address Table
● Each switch has a MAC address table that stores the mapping between MAC addresses and
switch interfaces.

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1 Switch IP2

MAC1 MAC2

MAC Address Interface

MAC1 GE 0/0/1

MAC2 GE 0/0/2
... ...

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Three Frame Processing Behaviors of a Switch
● A switch processes the frames entering an interface over a transmission medium in three ways:

Switch
Flooding
Port 1 Port 2 Port 3 Port 4

Switch
Forwarding
Port 1 Port 2 Port 3 Port 4

Switch
Discarding
Port 1 Port 2 Port 3 Port 4
Frame

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Flooding

Host 1 Host 2

GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002
Unknown
Frame processing
1 Frame sent by host 1 2 MAC address table 3
behavior of the switch
unicast frame
searched by the switch

Source MAC: MAC1 MAC Address Interface • If a unicast frame is received:

Destination MAC: MAC2 MAC1 GE 0/0/1 If the switch cannot find the destination
MAC address of the frame in the MAC
address table, the switch floods the
or unicast frame.
• If a broadcast frame is received:
Source MAC: MAC1
The switch directly floods the broadcast
Destination MAC: FF-FF-FF-FF-FF-FF frame without searching the MAC address
table.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Forwarding

Host 1 Host 2

GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002
MAC address table Frame processing
1 Frame sent by host 1 2 searched by the switch 3 behavior of the switch

Source MAC: MAC1 MAC Address Interface • If a unicast frame is received:

Destination MAC: MAC2 MAC1 GE 0/0/1 If the switch finds the destination MAC
address of the frame in the MAC address
MAC2 GE 0/0/2 table and the interface number in the table
is not the number of the interface through
which the frame enters over the
transmission medium, the switch forwards
the unicast frame.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Discarding
IP2: 192.168.1.2
MAC2: 0050-5600-0002
Host 1
Host 2

IP1: 192.168.1.1 Switch 1

MAC1: 0050-5600-0001

Switch 2
MAC address table Frame processing
1 Frame sent by host 1 2 queried by switch 2 3 behavior of the switch

Source MAC: MAC1 MAC Address Interface • If a unicast frame is received:

Destination MAC: MAC2 MAC2 GE 0/0/1 • The switch finds the destination MAC address of
the frame in the MAC address table, but the
interface number in the table is the number of the
interface through which the frame enters the
switch over the transmission medium. In this case,
the switch discards the unicast frame.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MAC Address Learning on a Switch (1)

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

MAC address table

of the switch 1

MAC Initially, the MAC address

Interface
Address table of the switch is empty.

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MAC Address Learning on a Switch (2)

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

MAC address table

Frame sent by host 1 searched by the switch 2

Source MAC: MAC1 MAC • Host 1 sends a frame to host 2.

Interface
Destination MAC: MAC2 Address • After the frame is received on the
switch's GE 0/0/1, the switch searches
the MAC address table for the
(Assume that host 1 has obtained destination MAC address of the frame. If
the MAC address of host 2.) no matching entry is found, the switch
considers the frame an unknown unicast
frame.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MAC Address Learning on a Switch (3)

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

MAC address table

Frame sent by host 1 searched by the switch 3

Source MAC: MAC1 MAC • If the corresponding entry is not found in

Interface
Address the MAC address table, the switch floods
Destination MAC: MAC2
the unicast frame.
MAC1 GE 0/0/1
• At the same time, the switch learns the
source MAC address of the frame,
creates the corresponding MAC address
entry, and associates the MAC address
entry with GE 0/0/1.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MAC Address Learning on a Switch (4)

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

4 Frame sent by host 2

• The frame is also received by the hosts Source MAC: MAC2

connected to other interfaces on the Destination MAC: MAC1
switch. These hosts, however, discard
the frame.
• Host 2 receives and processes the
frame, responds to host 1, and sends the
frame to the switch.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MAC Address Learning on a Switch (5)

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002
MAC address table
searched by the switch Frame sent by host 2

MAC Address Interface Source MAC: MAC2

MAC1 GE 0/0/1 Destination MAC: MAC1
MAC2 GE 0/0/2
5
• If the switch finds the corresponding entry in the MAC address table, the switch forwards
the unicast frame through GE 0/0/1.
• At the same time, the switch learns the source MAC address of the frame, creates the
corresponding MAC address entry, and associates the MAC address entry with GE 0/0/2.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Ethernet Protocols

2. Overview of Ethernet Frames

3. Overview of Ethernet Switches

4. Process of Data communication Within a Network Segment

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Process of Data Communication Within a
Network Segment
● Scenario description:
� Task: Host 1 wants to access host 2.

� Host: The host is in the initialized state and only knows its own IP address and MAC address (assume that the IP
address of the peer host has been obtained).

� Switch: The switch is just powered on and in the initialized state.

Host 1 Host 2

GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Data Encapsulation Process
Host 1 Host 2

Application Layer Data Data Application Layer

Transport Layer Data Data Transport Layer

Network layer Data Data Network layer

Data Link Layer Data Data Data Link Layer

Physical layer Physical layer

Ethernet TCP
IP header User data Ethernet tail
header header

• Information that needs to be

encapsulated:
• Source MAC address
• Destination MAC address

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Initialization

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

ARP cache table of host 1 MAC address table of the switch

Host 1>arp -a [Switch]display mac-address verbose

Internet Address Physical Address Type MAC address table of slot 0:
---------------------------------------------------MAC
Address Port Type
---------------------------------------------------

----------------------------------------------------

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Flooding Frames

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

ARP Request packet sent by host 1 MAC address table of the switch

Source MAC address: Destination MAC address:

MAC1 FF-FF-FF-FF-FF-FF [Switch]display mac-address verbose
Source IP address: MAC address table of slot 0:
Destination IP address: IP2
IP1 ---------------------------------------------------MAC
Operation type: ARP Request Address Port Type
Sender's MAC address: MAC1 ---------------------------------------------------
Sender's IP address: IP1
Destination MAC address: 00-00-00-00-00-00 ----------------------------------------------------
Destination IP address: IP2

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MAC Address Learning

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

ARP Request packet sent by host 1 MAC address table of the switch

Source MAC address: Destination MAC address: [Switch]display mac-address verbose

MAC1 FF-FF-FF-FF-FF-FF
MAC address table of slot 0:
Source IP address: ---------------------------------------------------MAC
Destination IP address: IP2
IP1
Address Port Type
Operation type: ARP Request ---------------------------------------------------0050-
Sender's MAC address: MAC1 5600-0001 GE0/0/1 dynamic
Sender's IP address: IP1
Destination MAC address: 00-00-00-00-00-00
----------------------------------------------------
Destination IP address: IP2

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Reply of the Target Host

Host 1 Host 2
GE 0/0/1 GE 0/0/2

IP1: 192.168.1.1 Switch IP2: 192.168.1.2

MAC1: 0050-5600-0001 MAC2: 0050-5600-0002

MAC address table of the switch ARP Reply packet sent by host 2

Source MAC address: Destination MAC address:

[Switch]display mac-address verbose
MAC2 MAC1
MAC address table of slot 0:
---------------------------------------------------MAC Source IP address: IP2 Destination IP address: IP1
Address Port Type Operation type: ARP Reply
---------------------------------------------------0050- Sender's MAC address: MAC2
5600-0001 GE0/0/1 dynamic Sender's IP address: IP2
0050-5600-0002 GE0/0/2 dynamic Destination MAC address: MAC1
---------------------------------------------------- Destination IP address: IP1

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Single) A Layer 2 Ethernet switch generates a MAC address table entry based on the ( ) of the packet
received by an interface.
A. Source MAC address

B. Destination MAC address

C. Source IP address

D. Destination IP address.

2. (Single) A switch has eight interfaces. A unicast frame enters the switch through one of the eight
interfaces, but the switch cannot find the destination MAC address entry of the frame in the MAC address
table. In this case, which of the following operations is performed by the switch? ( )
A. Discarding

B. Flooding

C. Point-to-point forwarding

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
● This section describes the basic information about the Ethernet protocol, Ethernet
frame formats, MAC address, and working principles of Layer 2 switches. Specifically,
after receiving a frame, a switch learns the source MAC address of the frame and
searches the destination MAC address of the frame in the MAC address table. If the
destination MAC address exists in the table, the switch forwards the frame through the
corresponding interface.

● This course also describes the whole process of data communication within the same
network segment based on the working principles of switches.

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 Ethernet technology implements data communication over shared media based on carrier sense multiple access with
collision detection (CSMA/CD). If there are a large number of PCs on the Ethernet, security risks and broadcast storms
may occur, deteriorating network performance and even causing network breakdowns.
 The virtual local area network (VLAN) technology is therefore introduced to solve the preceding problem.
 This course describes basic VLAN principles, working principles of different Layer 2 interfaces, VLAN applications, data
forwarding principles, and basic VLAN configuration methods.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
▫ Understand the background of the VLAN technology.

▫ Identify the VLAN to which data belongs.

▫ Master different VLAN assignment modes.

▫ Describe how data communication is implemented through VLANs.

▫ Master basic VLAN configuration methods.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. What Is VLAN

2. VLAN Principles

3. VLAN Applications

4. VLAN Configuration Examples

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Issues Facing a Traditional Ethernet
 On a typical switching network,broadcast
Layer 2 broadcast domain
frames or unknown unicast frames sent
by a PC are flooded in the entire
SW4 SW5
broadcast domain.

Unicast frame  The larger the broadcast domain is, the

PC2
more serious network security and junk
traffic problems are.
PC1 SW1 SW2 SW3

SW6 SW7

Valid traffic

Junk traffic
(Note: This example assumes that the MAC address entry of PC2 exists in the MAC address tables of SW1, SW3,
and SW7 rather than SW2 and SW5.)

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN

VLAN
(multiple broadcast domains) • The VLAN technology isolates
broadcast domains.
SW4 SW5

• Characteristics:
Broadcast frame
PC2 ▫ Geographically independent.

▫ Only devices in the same VLAN

PC1 SW1 SW2 SW3
can directly communicate at
Layer 2.
SW6 SW7

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. What Is VLAN

2. VLAN Principles

3. VLAN Applications

4. VLAN Configuration Examples

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

VLAN Implementation
Switch1 Frame Switch2

1 2 3 4 5 5 4 3 2 1

Frame

PC1 PC2 PC3 PC4

VLAN 10 VLAN 20 VLAN 20 VLAN 10

 Switch1 and Switch2 belong to the network of the same enterprise. VLANs are planned for the network, with VLAN 10 for department A and VLAN 20 for department B. Employees in departments A
and B are connected to both Switch1 and Switch2.

 Assume that a frame sent from PC1 reaches Switch2 through the link between Switch1 and Switch2. If no processing is implemented, Switch2 can neither identify the VLAN to which the frame
belongs nor determine the local VLAN to which the frame should be sent.

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

VLAN Tag
 How does a switch identify the VLAN to which a received frame belongs?
Which VLAN does the received
frame belong to?
VLAN Tag
20
IEEE 802.1Q defines a 4-byte VLAN tag for
Ethernet frames, enabling switches to
identify the VLANs to which received frames
belong.

VLAN 20 VLAN 10

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

VLAN Frame
Original Ethernet frame Length/
Destination MAC address Source MAC address Data FCS
(untagged frame) Type

802.1Q tag inserted between the two

fields

TPID (0x8100) PRI CFI VLAN ID

16 bits 3 bits 1 bit 12 bits
802.1Q tag • Tag protocol identifier (TPID): identifies the type of a frame. The value 0x8100 indicates an IEEE 802.1Q frame.
• PRI: identifies the priority of a frame, which is mainly used for QoS.
• Canonical format indicator (CFI): indicates whether a MAC address is in the canonical format. For Ethernet frames,
the value of this field is 0.
• VLAN ID: identifies the VLAN to which a frame belongs.

802.1Q frame Length/

Destination MAC address Source MAC address Tag Data FCS
(tagged frame) Type

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

VLAN Implementation
Tagged frame
Switch1 Switch2
Tagged frame
1 2 3 4 5 5 4 3 2 1

Original frame 2 Original frame 1

Original frame 1 Original frame 2

PC1 PC2 PC3 PC4

VLAN 10 VLAN 20 VLAN 20 VLAN 10

 The link between Switch1 and Switch2 carries data of multiple VLANs. In this situation, a VLAN-based data tagging method is required to distinguish the
frames of different VLANs.
 IEEE 802.1Q, often referred to as Dot1q, defines a system of VLAN tagging for Ethernet frames by inserting an 802.1Q tag into the frame header to
carry VLAN information.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

VLAN Assignment Methods

 How are VLANs assigned on a network?
SW1
VLAN Assignment Method VLAN 10 VLAN 20
Interface-based assignment GE 0/0/1 and GE 0/0/3 GE 0/0/2 and GE 0/0/4

MAC address-based assignment MAC 1 and MAC 3 MAC 2 and MAC 4

IP subnet-based assignment 10.0.1.* 10.0.2.*

Protocol-based assignment IP IPv6

Policy-based assignment 10.0.1.* + GE 0/0/1 + MAC 1 10.0.2.* + GE 0/0/2 + MAC 2

PC1 PC2 PC3 PC4

10.0.1.1 10.0.2.1 10.0.1.2 10.0.2.2
MAC 1 MAC 2 MAC 3 MAC 4

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

Interface-based VLAN Assignment

Interface-based VLAN Assignment
• Principles
10 SW1 SW2
▫ VLANs are assigned based on interfaces.
PVID 1 PVID 1
▫ A network administrator preconfigures a PVID for each switch
PVID 10 PVID 10 PVID 20 PVID 20
interface and assigns each interface to a VLAN corresponding to
the PVID.
▫ After an interface receives an untagged frame, the switch adds a
tag carrying the PVID of the interface to the frame. The frame is
then transmitted in the specified VLAN.
• Port Default VLAN ID: PVID
PC1 PC2 PC3 PC4
▫ Default VLAN ID for an interface
VLAN 10 VLAN 20 ▫ Value range: 1–4094

The VLAN needs to be reconfigured if PCs move.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

MAC Address-based VLAN Assignment

Mapping Between MAC Addresses and VLAN IDs on
SW1 MAC Address-based VLAN Assignment
MAC Address VLAN ID • Principles
MAC 1 10
▫ VLANs are assigned based on the source MAC addresses of frames.
MAC 2 10
▫ A network administrator preconfigures the mapping between MAC
... ...
addresses and VLAN IDs.
SW1 SW2
▫ After receiving an untagged frame, a switch adds the VLAN tag mapping
10
the source MAC address of the frame to the frame. The frame is then
transmitted in the specified VLAN.
GE 0/0/1 GE 0/0/2
• Mapping table
▫ Records the mapping between MAC addresses and VLAN IDs.

PC1 PC2 PC3 PC4

MAC 1 VLAN 10 MAC 2 MAC 3 VLAN 20 MAC 4

The VLAN does not need to be reconfigured even if PCs

move.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

Layer 2 Ethernet Interface Types

Interface Types
• Access interface
An access interface is used to connect a switch to a terminal, such as a PC or server. In
general, the NICs on such a terminal receive and send only untagged frames. An access
interface can be added to only one VLAN.

• Trunk interface
A trunk interface allows frames that belong to multiple VLANs to pass through and
differentiates the frames using the 802.1Q tag. This type of interface is used to connect a
switch to another switch or a sub-interface on a device, such as a router or firewall.

• Hybrid interface
VLAN10 VLAN20 VLAN10 VLAN20 Similar to a trunk interface, a hybrid interface also allows frames that belong to multiple
VLANs to pass through and differentiates the frames using the 802.1Q tag. You can determine
whether to allow a hybrid interface to carry VLAN tags when sending the frames of one or
Access interface Trunk interface more VLANs.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

Access Interface
Frame receiving Frame sending

Inside a switch Inside a switch Inside a switch Inside a switch

10 10 10 20

GE 0/0/1 GE 0/0/1 GE 0/0/1 GE 0/0/1

Access (VLAN 10) Access (VLAN 10) Access (VLAN 10) Access (VLAN 10)

Untagged frame 10 Untagged frame

After receiving an untagged frame: After receiving a tagged frame: If the VLAN ID of the frame is the same as the If the VLAN ID of the frame is different from
The interface permits the frame and adds If the VLAN ID of the frame is the same as the PVID of the interface: the PVID of the interface:
a VLAN tag carrying the PVID of the PVID of the interface, the interface permits the The interface removes the VLAN tag from the The interface discards the frame.
interface. frame. frame and then sends the frame.
If the VLAN ID of the frame is different from the
PVID of the interface, the interface discards the
frame. Untagged frame 10 Tagged frame

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

Trunk interface
Frame receiving Frame sending

Inside a switch Inside a switch Inside a switch Inside a switch

10 10 10 20

GE 0/0/1 GE 0/0/1 GE 0/0/1 GE 0/0/1

Permitted VLAN ID: 10 Permitted VLAN ID: 10 Permitted VLAN ID: 10 Permitted VLAN ID: 20
Trunk (PVID = 10) Trunk (PVID = 1) Trunk (PVID = 10) Trunk (PVID = 10)

Untagged frame 10 Untagged frame 20

After receiving an untagged frame: After receiving a tagged frame: If the VLAN ID of the frame is the same as the If the VLAN ID of the frame is different from
The interface adds a VLAN tag with the VID being If the VLAN ID of the frame is in the list of VLAN PVID of the interface: the PVID of the interface:
the PVID of the interface to the frame and IDs permitted by the interface, the interface If the VLAN ID of the frame is in the list of VLAN If the VLAN ID of the frame is in the list of VLAN
permits the frame only when the VID is in the list permits the frame. Otherwise, the interface IDs permitted by the interface, the interface IDs permitted by the interface, the interface
of VLAN IDs permitted by the interface. If the VID discards the frame. removes the tag from the frame and sends the sends the frame out without removing the tag of
is not in the list, the interface discards the frame. frame out. Otherwise, the interface discards the the frame. Otherwise, the interface discards the
frame. frame.

Untagged frame 10 Tagged frame

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

Example for Frame Processing on Access and Trunk Interfaces

 Describe how inter-PC access is implemented in this example.
10
SW1 SW2 Trunk Interfaces on SW1 and SW2
20
List of Permitted VLAN IDs
PVID 1 PVID 1
PVID 10 PVID 20 PVID 10 PVID 20 1
VLAN ID 10
20

PC1 PC2 PC3 PC4

VLAN 10 VLAN 20 VLAN 10 VLAN 20

Trunk interface Access interface

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

Hybrid Interface
Frame receiving Frame sending

Inside a switch Inside a switch Inside a switch Inside a switch

10 10 10 20

GE 0/0/1 GE 0/0/1 GE 0/0/1 GE 0/0/1

Permitted VLAN ID: 10 Permitted VLAN ID: 10 Permitted VLAN ID: 10 Permitted VLAN ID: 20
Hybrid (PVID = 10) Hybrid (PVID = 1) Hybrid (PVID = 10) Hybrid (PVID = 10)

Untagged frame 10 Untagged frame 20

After receiving an untagged frame: After receiving a tagged frame: If the VLAN ID of the frame is in the list of If the VLAN ID of the frame is in the list of
The interface adds a VLAN tag with the VID being If the VLAN ID of the frame is in the list of VLAN VLAN IDs permitted by the interface: VLAN IDs permitted by the interface:
the PVID of the interface to the frame and IDs permitted by the interface, the interface If the interface has been configured not to carry If the interface has been configured to carry
permits the frame only when the VID is in the list permits the frame. Otherwise, the interface VLAN tags when sending frames, it removes the VLAN tags when sending frames, it sends the
of VLAN IDs permitted by the interface. If the VID discards the frame. tag from the frame and then sends the frame out. frame out without removing the tag of the frame.
is not in the list, the interface discards the frame.

Untagged frame 10 Tagged frame

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

Example for Frame Processing on Hybrid Interfaces

 Describe how PCs access the server in this example.
List of VLAN IDs Permitted by Interfaces on SW1
10
Interface 1 Interface 2 Interface 3
SW1 20 Interface 3 SW2
Interface 3
PVID 1 PVID 1 Untagged Untagged Tagged

Interface 1 Interface 2 1 1 10
PVID 10 PVID 20 Interface 1
PVID 100 VLAN ID 10 VLAN ID 20 VLAN ID 10
100 100 100

List of VLAN IDs Permitted by Interfaces on SW2

Interface 1 Interface 3

PC1 PC2 Server

Untagged Tagged
VLAN 10 VLAN 20 VLAN 100 1 10
10 VLAN ID 20
VLAN ID
Hybrid Interface 20 100
100

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Identification VLAN Assignment VLAN Frame Processing

Summary
Access Interface Trunk Interface Hybrid Interface
Frame receiving Frame receiving Frame receiving
▫ Untagged frame: adds a tag with the VID being the PVID of the ▫ Untagged frame: adds a tag with the VID being the PVID of the ▫ Untagged frame: adds a tag with the VID being the PVID of the
interface and permits the frame. interface and checks whether the VID is in the list of permitted interface and checks whether the VID is in the list of permitted
VLAN IDs. If yes, permits the frame. If not, discards it. VLAN IDs. If yes, permits the frame. If not, discards it.
▫ Tagged frame: checks whether the VID in the tag of the frame is
the same as the PVID of the interface. If they are the same, ▫ Tagged frame: checks whether the VID is in the list of permitted ▫ Tagged frame: checks whether the VID is in the list of permitted
permits the frame; otherwise, discards the frame. VLAN IDs. If yes, permits the frame. If not, discards it. VLAN IDs. If yes, permits the frame. If not, discards it.

Frame sending Frame sending Frame sending

▫ Checks whether the VID in the tag of the frame is the same as the ▫ If the VID is in the list of permitted VLAN IDs and the same as the ▫ If the VID is not in the list of permitted VLAN IDs, discards the
PVID of the interface. If they are the same, removes the tag and PVID of the interface, removes the tag and sends the frame out. frame.
sends the frame out; otherwise, discards the frame. ▫ If the VID is in the list of permitted VLAN IDs but different from the ▫ If the VID is in the untagged VLAN ID list, removes the tag and
PVID of the interface, sends the frame out without removing the sends the frame out.
tag. ▫ If the VID is in the tagged VLAN ID list, sends the frame out without
▫ If the VID is not in the list of permitted VLAN IDs, discards the removing the tag.
frame.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. What Is VLAN

2. VLAN Principles

3. VLAN Applications

4. VLAN Configuration Examples

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLAN Planning
• VLAN assignment rules • Tips for VLAN assignment
▫ By service: voice, video, and data VLANs VLAN IDs can be randomly assigned within the supported range. To improve VLAN
ID continuity, you can associate VLAN IDs with subnets during VLAN assignment.
▫ By department: e.g. VLANs for engineering, marketing, and financing departments

▫ By application: e.g. VLANs for servers, offices, and classrooms

• Example for VLAN planning

 Assume that there are three buildings: administrative building with offices, classrooms, and financing sections, teaching building with offices and classrooms, and office
building with offices and financing sections. Each building has one access switch, and the core switch is deployed in the administrative building.
 The following table describes the VLAN plan.

VLAN ID IP Address Segment Description

1 X.16.10.0/24 VLAN to which office users belong
2 X.16.20.0/24 VLAN to which the users of the financing department belong
3 X.16.30.0/24 VLAN to which classroom users belong
100 Y.16.100.0/24 VLAN to which the device management function belongs

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment
 Applicable scenario:
Internet
▫ There are multiple enterprises in a building. These enterprises share network
resources to reduce costs. Networks of the enterprises connect to different
interfaces of the same Layer 2 switch and access the Internet through the same
egress device.
L3 switch
 VLAN assignment:
▫ To isolate the services of different enterprises and ensure service security, assign L2 switch
interfaces connected to the enterprises' networks to different VLANs. In this way,
each enterprise has an independent network, and each VLAN works as a virtual work
group.

Enterprise 1 Enterprise 2 Enterprise 3

VLAN 2 VLAN 3 VLAN 4

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MAC Address-based VLAN Assignment
 Applicable scenario:
Enterprise
▫ The network administrator of an enterprise assigns PCs in the same network
department to the same VLAN. To improve information security, the
GE 0/0/1
enterprise requires that only employees in the specified department be SW1
allowed to access specific network resources.

GE 0/0/3
 VLAN assignment:
▫ To meet the preceding requirement, configure MAC address-based VLAN
assignment on SW1, preventing new PCs connected to the network from
accessing the network resources.
PC1 PC2 PC3 PC4
001e-10dd-dd01 001e-10dd-dd02 001e-10dd-dd03 001e-10dd-dd04

VLAN 10

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. What Is VLAN

2. VLAN Principles

3. VLAN Applications

4. VLAN Configuration Examples

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Basic VLAN Configuration Commands

1. Create one or more VLANs.

[Huawei] vlan vlan-id

This command creates a VLAN and displays the VLAN view. If the VLAN to be created already exists, this command directly displays the VLAN view.
• The value of vlan-id is an integer ranging from 1 to 4094.

[Huawei] vlan batch { vlan-id1 [ to vlan-id2 ] }

This command creates VLANs in a batch. In this command:

• batch: creates VLANs in a batch.
• vlan-id1: specifies a start VLAN ID.
• vlan-id2: specifies an end VLAN ID.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Basic Access Interface Configuration Commands

1. Set the link type of an interface.

[Huawei-GigabitEthernet0/0/1] port link-type access

In the interface view, set the link type of the interface to access.

2. Configure a default VLAN for the access interface.

[Huawei-GigabitEthernet0/0/1] port default vlan vlan-id

In the interface view, configure a default VLAN for the interface and add the interface to the VLAN.
• vlan-id: specifies an ID for the default VLAN. The value is an integer ranging from 1 to 4094.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Basic Trunk Interface Configuration Commands

1. Set the link type of an interface.

[Huawei-GigabitEthernet0/0/1] port link-type trunk

In the interface view, set the link type of the interface to trunk.

2. Add the trunk interface to specified VLANs.

[Huawei-GigabitEthernet0/0/1] port trunk allow-pass vlan { { vlan-id1 [ to vlan-id2 ] } | all }

In the interface view, add the trunk interface to specified VLANs.

3. (Optional) Configure a default VLAN for the trunk interface.

[Huawei-GigabitEthernet0/0/1] port trunk pvid vlan vlan-id

In the interface view, configure a default VLAN for the trunk interface.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Basic Hybrid Interface Configuration Commands

1. Set the link type of an interface.

[Huawei-GigabitEthernet0/0/1] port link-type hybrid

In the interface view, set the link type of the interface to hybrid.

2. Add the hybrid interface to specified VLANs.

[Huawei-GigabitEthernet0/0/1] port hybrid untagged vlan { { vlan-id1 [ to vlan-id2 ] } | all }

In the interface view, add the hybrid interface to specified VLANs in untagged mode.

[Huawei-GigabitEthernet0/0/1] port hybrid tagged vlan { { vlan-id1 [ to vlan-id2 ] } | all }

In the interface view, add the hybrid interface to specified VLANs in tagged mode.

3. (Optional) Configure a default VLAN for the hybrid interface.

[Huawei-GigabitEthernet0/0/1] port hybrid pvid vlan vlan-id

In the interface view, configure a default VLAN for the hybrid interface.

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Case1:Configuring Interface-based VLAN Assignment

 Networking requirements:
▫ On the network shown in the left figure, the switches (SW1 and SW2) of an enterprise
SW1 SW2
GE 0/0/3 GE 0/0/3 are connected to multiple PCs, and PCs with the same services access the network
PVID 1 PVID 1
using different devices. To ensure communication security, the enterprise requires
GE 0/0/1 GE 0/0/2 GE 0/0/1 GE 0/0/2 that only PCs with the same service can directly communicate.
PVID 10 PVID 20 PVID 10 PVID 20
▫ To meet this requirement, configure interface-based VLAN assignment on the
switches and add interfaces connected to PCs with the same service to the same
VLAN. In this way, PCs in different VLANs cannot directly communicate at Layer 2, but
PCs in the same VLAN can directly communicate.

PC1 PC2 PC3 PC4

VLAN 10 VLAN 20 VLAN 10 VLAN 20

Access interface

Trunk interface

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Creating VLANs

SW1 SW2
GE 0/0/3 GE 0/0/3
PVID 1 PVID 1 Create VLANs.

GE 0/0/1 GE 0/0/2 GE 0/0/1 GE 0/0/2 [SW1] vlan 10

PVID 10 PVID 20 PVID 10 PVID 20 [SW1-vlan10] quit
[SW1] vlan 20
[SW1-vlan20] quit

[SW2] vlan batch 10 20

PC1 PC2 PC3 PC4
VLAN 10 VLAN 20 VLAN 10 VLAN 20

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Configuring Access and Trunk Interfaces

Configure access interfaces and add the interfaces to corresponding VLANs.

SW2 [SW1] interface GigabitEthernet 0/0/1

SW1
GE 0/0/3 GE 0/0/3 [SW1-GigabitEthernet0/0/1] port link-type access
PVID 1 PVID 1
[SW1-GigabitEthernet0/0/1] port default vlan 10
GE 0/0/1 GE 0/0/2 GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 PVID 10 PVID 20 [SW1] interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type access
[SW1] vlan 20
[SW1-vlan20] port GigabitEthernet0/0/2
[SW1-vlan20] quit

Configure a trunk interface and specify a list of VLAN IDs permitted by the
PC1 PC2 PC3 PC4
interface.
VLAN 10 VLAN 20 VLAN 10 VLAN 20
[SW1] interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3] port link-type trunk
[SW1-GigabitEthernet0/0/3] port trunk pvid vlan 1
[SW1-GigabitEthernet0/0/3] port trunk allow-pass vlan 10 20
Note: The configuration on SW2 is similar to that on SW1.

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Verifying the Configuration

[SW1]display vlan
SW1 SW2 The total number of vlans is : 3
GE 0/0/3 GE 0/0/3 -------------------------------------------------------------------------------
PVID 1 PVID 1 U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
GE 0/0/1 GE 0/0/2 GE 0/0/1 GE 0/0/2 #: ProtocolTransparent-vlan; *: Management-vlan;
PVID 10 PVID 20 PVID 10 PVID 20
-------------------------------------------------------------------------------
VID Type Ports
-------------------------------------------------------------------------------
1 common UT:GE0/0/3(U) ……
10 common UT:GE0/0/1(U)
TG:GE0/0/3(U)
PC1 PC2 PC3 PC4 20 common UT:GE0/0/2(U)
TG:GE0/0/3(U)
VLAN 10 VLAN 20 VLAN 10 VLAN 20
……

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Case2:Configuring Interface-based VLAN Assignment

 Networking requirements:
SW1 SW2
GE 0/0/3 GE 0/0/3 ▫ On the network shown in the left figure, the switches (SW1 and SW2) of
PVID 1 PVID 1
an enterprise are connected to multiple PCs, and PCs in different
GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 GE 0/0/1 departments need to access the server of the enterprise. To ensure
PVID 100
communication security, the enterprise requires that PCs in different
departments cannot directly communicate.

▫ To meet this requirement, configure interface-based VLAN assignment

and hybrid interfaces on the switches to enable PCs in different
PC1 PC2 Server
VLAN 10 VLAN 20 VLAN 100 departments to access the server but disable them from directly
communicating at Layer 2.

Hybrid interface

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Configuring Hybrid Interfaces (1)

SW1 configuration:
SW1 SW2
GE 0/0/3 GE 0/0/3
PVID 1 PVID 1 [SW1] vlan batch 10 20 100
[SW1] interface GigabitEthernet 0/0/1
GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 GE 0/0/1 [SW1-GigabitEthernet0/0/1] port link-type hybrid
PVID 100
[SW1-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SW1-GigabitEthernet0/0/1] port hybrid untagged vlan 10 100
[SW1-GigabitEthernet0/0/1] interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type hybrid
[SW1-GigabitEthernet0/0/2] port hybrid pvid vlan 20
PC1 PC2 Server
[SW1-GigabitEthernet0/0/2] port hybrid untagged vlan 20 100
VLAN 10 VLAN 20 VLAN 100 [SW1-GigabitEthernet0/0/2] interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3] port link-type hybrid
[SW1-GigabitEthernet0/0/3] port hybrid tagged vlan 10 20 100

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Configuring Hybrid Interfaces (2)

SW2 configuration:
SW1 SW2
GE 0/0/3 GE 0/0/3
PVID 1 PVID 1 [SW2] vlan batch 10 20 100
[SW2] interface GigabitEthernet 0/0/1
GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 GE 0/0/1 [SW2-GigabitEthernet0/0/1] port link-type hybrid
PVID 100
[SW2-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SW2-GigabitEthernet0/0/1] port hybrid untagged vlan 10 20 100
[SW2-GigabitEthernet0/0/1] interface GigabitEthernet 0/0/3
[SW2-GigabitEthernet0/0/3] port link-type hybrid
[SW2-GigabitEthernet0/0/3] port hybrid tagged vlan 10 20 100
PC1 PC2 Server
VLAN 10 VLAN 20 VLAN 100

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Verifying the Configuration

[SW1]display vlan
The total number of vlans is : 4
SW1 SW2 -----------------------------------------------------------------------------------------
GE 0/0/3 GE 0/0/3
PVID 1 PVID 1 U: Up; D: Down; TG: Tagged; UT: Untagged;
MP: Vlan-mapping; ST: Vlan-stacking;
GE 0/0/1 GE 0/0/2
PVID 10 PVID 20 GE 0/0/1 #: ProtocolTransparent-vlan; *: Management-vlan;
PVID 100 -----------------------------------------------------------------------------------------
VID Type Ports
-----------------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(U) ……
10 common UT:GE0/0/1(U)
TG:GE0/0/3(U)
20 common UT:GE0/0/2(U)
PC1 PC2 Server
TG:GE0/0/3(U)
VLAN 10 VLAN 20 VLAN 100
100 common UT:GE0/0/1(U) GE0/0/2(U)
TG:GE0/0/3(U)
……

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Basic VLAN Configuration Commands

1. Associate a MAC address with a VLAN.

[Huawei-vlan10] mac-vlan mac-address mac-address [ mac-address-mask | mac-address-mask-length ]

This command associates a MAC address with a VLAN.

• mac-address: specifies the MAC address to be associated with a VLAN. The value is a hexadecimal number in the format of H-H-H. Each H contains one to
four digits, such as 00e0 or fc01. If an H contains less than four digits, the left-most digits are padded with zeros. For example, e0 is displayed as 00e0. The
MAC address cannot be 0000-0000-0000, FFFF-FFFF-FFFF, or any multicast address.
• mac-address-mask: specifies the mask of a MAC address. The value is a hexadecimal number in the format of H-H-H. Each H contains one to four digits.
• mac-address-mask-length: specifies the mask length of a MAC address. The value is an integer ranging from 1 to 48.

2. Enable MAC address-based VLAN assignment on an interface.

[Huawei-GigabitEthernet0/0/1] mac-vlan enable

This command enables MAC address-based VLAN assignment on an interface.

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Example for Configuring MAC Address-based VLAN Assignment

 Networking requirements:
Enterprise
network ▫ The network administrator of an enterprise assigns PCs in the same department to
GE 0/0/1 the same VLAN. To improve information security, the enterprise requires that only
employees in the department be allowed to access the network resources of the
SW1
enterprise.

▫ PCs 1 through 3 belong to the same department. According to the enterprise'

GE 0/0/3

requirement, only the three PCs can access the enterprise network through SW1.

▫ To meet this requirement, configure MAC address-based VLAN assignment and

associate the MAC addresses of the three PCs with the specified VLAN.

PC1 PC2 PC3 PC4

001e-10dd-dd01 001e-10dd-dd02 001e-10dd-dd03 001e-10dd-dd04

VLAN 10

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Creating a VLAN and Associating MAC Addresses with the VLAN

Enterprise Create a VLAN.

Network
[SW1] vlan 10
GE0/0/1
[SW1-vlan10] quit
SW1

Associate MAC addresses with the VLAN.

GE0/0/3

[SW1] vlan 10
[SW1-vlan10] mac-vlan mac-address 001e-10dd-dd01 [SW1-vlan10] mac-vlan mac-
address 001e-10dd-dd02 [SW1-vlan10] mac-vlan mac-address 001e-10dd-dd03 [SW1-
vlan10] quit
PC1 PC2 PC3
001e-10dd-dd01 001e-10dd-dd02 001e-10dd-dd03

VLAN 10

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Adding Interfaces to the VLAN and Enabling MAC Address-based

VLAN Assignment
Add interfaces to the VLAN.
Enterprise
[SW1] interface gigabitethernet 0/0/1
Network
[SW1-GigabitEthernet0/0/1] port link-type hybrid
GE0/0/1 [SW1-GigabitEthernet0/0/1] port hybrid tagged vlan 10
SW1
[SW1] interface gigabitethernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type hybrid
GE0/0/3

[SW1-GigabitEthernet0/0/2] port hybrid untagged vlan 10

Enable MAC address-based VLAN assignment on the specified

interface.
PC1 PC2 PC3 [SW1] interface gigabitethernet 0/0/2
001e-10dd-dd01 001e-10dd-dd02 001e-10dd-dd03
[SW1-GigabitEthernet0/0/2] mac-vlan enable
VLAN 10 [SW1-GigabitEthernet0/0/2] quit

Note: The configuration of GE 0/0/3 and GE 0/0/4 is similar to that of GE 0/0/2.

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Interface-based VLAN Assignment MAC Address-based VLAN Assignment

Verifying the Configuration

[SW1]display vlan [SW1]display mac-vlan mac-address all

The total number of vlans is : 2 ----------------------------------------------------------------------
----------------------------------------------------------------------------------------------- MAC Address MASK VLAN Priority
U: Up; D: Down; TG: Tagged; UT: Untagged; ----------------------------------------------------------------------
MP: Vlan-mapping; ST: Vlan-stacking; 001e-10dd-dd01 ffff-ffff-ffff 10 0
001e-10dd-dd02 ffff-ffff-ffff 10 0
#: ProtocolTransparent-vlan; *: Management-vlan;
001e-10dd-dd03 ffff-ffff-ffff 10 0
-----------------------------------------------------------------------------------------------
VID Type Ports
Total MAC VLAN address count: 3
-----------------------------------------------------------------------------------------------
1 common UT:GE0/0/1(U) GE0/0/2(U) GE0/0/3(U) ……
10 common UT:GE0/0/2(U) GE0/0/3(U) GE0/0/4(U)
TG:GE0/0/1(U)
……

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple) Which of the following statements about the VLAN technology are incorrect? ( )
A. The VLAN technology can isolate a large collision domain into several small collision domains.

B. The VLAN technology can isolate a large Layer 2 broadcast domain into several small Layer 2 broadcast domains.

C. PCs in different VLANs cannot communicate.

D. PCs in the same VLAN can communicate at Layer 2.

2. If the PVID of a trunk interface is 5 and the port trunk allow-pass vlan 2 3 command is run on the interface, which VLANs' frames can
be transmitted through the trunk interface?

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 This course describes the VLAN technology, including the functions, identification, assignment, data exchange, planning,
application, and basic configuration of VLANs.

 The VLAN technology can divide a physical LAN into multiple broadcast domains so that network devices in the same VLAN
can directly communicate at Layer 2, while devices in different VLANs cannot.

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 On an Ethernet switching network, redundant links are used to implement link backup and enhance network reliability. However, the use
of redundant links may produce loops, leading to broadcast storms and an unstable MAC address table. As a result, communication on
the network may deteriorate or even be interrupted. To prevent loops, IEEE introduced the Spanning Tree Protocol (STP).
 Devices running STP exchange STP Bridge Protocol Data Units (BPDUs) to discover loops on the network and block appropriate ports.
This enables a ring topology to be trimmed into a loop-free tree topology, preventing infinite looping of packets and ensuring packet
processing capabilities of devices.
 IEEE introduced the Rapid Spanning Tree Protocol (RSTP) to improve the network convergence speed.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 Upon completion of this course, you will be able to:
 Describe the causes and problems of Layer 2 loops on a campus switching network.
 Describe basic concepts and working mechanism of STP.
 Distinguish STP from RSTP and describe the improvement of RSTP on STP.
 Complete basic STP configurations.
 Understand other methods to eliminate Layer 2 loops on the switching network except STP.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. STP Overview

2. Basic Concepts and Working Mechanism of STP

3. Basic STP Configurations

4. Improvements Made in RSTP

5. STP Advancement

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Technical Background: Redundancy and Loops on a Layer 2
Switching Network
A network without redundancy design Layer 2 loops introduced along with redundancy

There is only one aggregation switch, and no redundancy

Aggregation switch
is available. If a fault occurs, the downstream host will
be disconnected.
Aggregation switch Aggregation
Layer 2 switch
loop
The access switch has only one uplink, and no
redundancy is available. If a fault occurs, the
downstream PC will be disconnected.
Access switch Access switch
The network redundancy is enhanced,
but a Layer 2 loop occurs.

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Technical Background: Layer 2 Loops Caused by Human Errors
Case 1 Case 2

Layer 2 SW1
loop

Layer 2
loop

SW2

Incorrect operations: For example, connections of cables between devices are Incorrect manual configurations: For example, the network administrator does
incorrect. not bind the link between SW1 and SW2 to a logical link (aggregation link), causing
Layer 2 loops.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Issues Caused by Layer 2 Loops
Typical Issue 1: Broadcast Storm Typical Issue 2: MAC Address Flapping

3 GE0/0/2
SW1 SW2 SW1 SW2
3
4 4

2 2

SW3 SW3
BUM frame
BUM frame Source MAC address: 5489-98EE-
1 1 788A
When SW3 receives the BUM frames, it floods the frames. After SW1 and SW2 receive SW1 is used as an example. The MAC address of 5489-98EE-788A is frequently switched
the BUM frames, they flood the frames again. As a result, network resources are between GE0/0/1 and GE0/0/2, causing MAC address flapping.
exhausted and the network is unavailable.

BUM frames: broadcast, unknown unicast, and multicast frames

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to STP

STP STP

SW1 SW2 SW1

SW2
(Root)

Port blocked
SW3
BPDUs
SW3
STP

When STP is deployed on a network, switches exchange STP BPDUs and calculate a loop-free topology. Finally, one or more ports on the network are blocked to
eliminate loops.

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 STP Can Dynamically Respond to Network Topology Changes
and Adjust Blocked Ports

SW1 SW2 SW1 SW2

2
Link fault
1 3
Blocked port Restored port

SW3 SW3

STP running on a switch continuously monitors the network topology. When the network topology changes, STP can detect the changes and automatically
adjust the network topology.
Therefore, STP can solve the Layer 2 loop problem and provide a solution for network redundancy.

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Q&A: Layer 2 and Layer 3 loops
Layer 3 loop Layer 2 loop

• Common root cause: routing loop • Common root cause: Layer 2 redundancy is deployed on the network, or
• Dynamic routing protocols have certain loop prevention capabilities. cables are incorrectly connected.
• The TTL field in the IP packet header can be used to prevent infinite packet • Specific protocols or mechanisms are required to implement Layer 2 loop
forwarding. prevention.
• The Layer 2 frame header does not contain any information to prevent data
frames from being forwarded infinitely.

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Application of STP on a Campus Network
Internet

Layer 3 network

Layer 2 network
Running environment of STP
... ... ...

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 STP Overview
 STP is used on a LAN to prevent loops.
 Devices running STP exchange information with one another to discover loops on the network, and block certain ports to
eliminate loops.
 After running on a network, STP continuously monitors the network status. When the network topology changes, STP can
detect the change and automatically respond to the change. In this way, the network status can adapt to the new topology,
ensuring network reliability.
 With the growth in scale of LANs, STP has become an important protocol for a LAN.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. STP Overview

2. Basic Concepts and Working Mechanism of STP

3. Basic STP Configurations

4. Improvements Made in RSTP

5. STP Advancement

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

STP Basic Concepts: BID

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b
SW1 SW2 Bridge ID (BID)

• As defined in IEEE 802.1D, a BID consists of a 16-bit bridge priority and a bridge MAC
address.
• Each switch running STP has a unique BID.
• The bridge priority occupies the leftmost 16 bits and the MAC address occupies the
SW3 rightmost 48 bits.

4096.4c1f-aabc-102c • On an STP network, the device with the smallest BID acts as the root bridge.

Note: A bridge is a switch.

Bridge priority Bridge MAC address

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

STP Basic Concepts: Root Bridge

Root Bridge

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b
• One of the main functions of STP is to calculate a loop-free STP tree on the entire
SW1 SW2 switching network.

Root bridge • The root bridge is the root of an STP network.

• After STP starts to work, it elects a root bridge on the switching network. The root
bridge is the key for topology calculation of the spanning tree and is the root of
the loop-free topology calculated by STP.
• On an STP network, the device with the smallest BID acts as the root bridge.
During BID comparison, devices first compare bridge priorities. A smaller priority
SW3
value indicates a higher priority of a device. The switch with the smallest priority
4096.4c1f-aabc-102c value becomes the root bridge. If priority values are the same, the switch with the
smallest MAC address becomes the root bridge.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

STP Basic Concepts: Cost

Cost = 500
SW1 SW2 Cost
Cost = 500
Cost = 20000 Cost = 20000

• Each STP-enabled port maintains a cost. The cost of a port is used to calculate
the root path cost (RPC), that is, the cost of the path to the root.
• The default cost of a port is related to the rate, working mode, and STP cost
Cost = 20000 Cost = 20000 calculation method used by a switch.
• A higher port bandwidth indicates a smaller cost.
SW3
• You can also run commands to adjust the cost of a port as required.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

STP Basic Concepts: Cost Calculation Methods

Recommended STP Cost
Port Rate Port Mode
IEEE 802.1d-1998 IEEE 802.1t Huawei Legacy Standard
Half-duplex 19 200,000 200
100 Mbit/s Full-duplex 18 199,999 199
Aggregated link: two ports 15 100,000 180
Full-duplex 4 20,000 20
1000 Mbit/s
Aggregated link: two ports 3 10,000 18
Full-duplex 2 2000 2
10 Gbit/s
Aggregated link: two ports 1 1000 1
Full-duplex 1 500 1
40 Gbit/s
Aggregated link: two ports 1 250 1
Full-duplex 1 200 1
100 Gbit/s
Aggregated link: two ports 1 100 1
...

The cost has a default value and is associated with the port rate. When the device uses different algorithms, the same port rate corresponds to different cost
values.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

STP Basic Concepts: RPC

RPC=500+20000

RPC
Root bridge
Cost=500 Cost=500
SW1 1 SW2 • The cost from a switch port to the root bridge, that is, RPC, is important during
Cost=20000 Cost=20000 STP topology calculation.
• The RPC from a port to the root bridge is the sum of costs of all inbound ports
along the path from the root bridge to the device.
• In this example, the RPC for SW3 to reach the root bridge through GE0/0/1 is
Cost=20000 Cost=20000 equal to the cost of port 1 plus the cost of port 2.
2

SW3

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

STP Basic Concepts: PID

PID=128.24 PID=128.24 Port ID (PID)

SW1 SW2
PID=128.23 PID=128.23
• An STP-enabled switch uses PIDs to identify ports. A PID is used to elect a
designated port in a specific scenario.
• A PID consists of the leftmost four bits (port priority) and the rightmost 12 bits
(port number).
PID=128.21 PID=128.22 • An STP-enabled port maintains a default port priority, which is 128 on Huawei
switches. You can run a command to change the priority as required.
SW3

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

STP Basic Concepts: BPDU

Bridge Protocol Data Unit (BPDU)

SW1 SW2
• BPDU is the basis for STP to work normally.
• STP-enabled switches exchange BPDUs that carry important information.
• There are two types of BPDUs:
 Configuration BPDU
 Topology Change Notification (TCN) BPDU
• Configuration BPDUs are the key to STP topology calculation. TCN BPDUs are
SW3 triggered only when the network topology changes.
Configuration BPDU

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

Format of Configuration BPDUs

Message Forward
PID PVI BPDU Type Flags Root ID RPC Bridge ID Port ID Max Age Hello Time
Age Delay

Byte Field Description

2 PID For STP, the value of this field is always 0.
1 PVI For STP, the value of this field is always 0.
1 BPDU Type Type of BPDUs. The value 0x00 indicates a configuration BPDU and the value 0x80 indicates a TCN BPDU.
1 Flags STP uses only the leftmost two bits and the rightmost two bits: Topology Change Acknowledgment (TCA) and Topology Change (TC).
8 Root D BID of the root bridge.
4 RPC STP cost of the path from the current port to the root bridge.
8 Bridge ID BID of the sender.
2 Port ID ID of the port that sends this BPDU, which consists of the port priority and port number.
Number of seconds after a BPDU is sent from the root bridge. The value increases by 1 each time the BPDU passes through a network bridge. It refers to
2 Message Age
the number of hops to the root bridge.
If the bridge does not receive any BPDU for a period of time and the lifetime of the network bridge reaches the maximum, the network bridge considers
2 Max Age that the link connected to the port is faulty.
The default value is 20s.
2 Hello Time Interval at which the root bridge sends configuration BPDUs. The default value is 2s.
2 Forward Delay Time that is spent in Listening or Learning state. The default value is 15s.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

BPDU Comparison Rules

Field The core of STP is to calculate a loop-free topology on a switching network. During topology calculation, the comparison of
Protocol Identifier configuration BPDUs is important. The Root Identifier, Root Path Cost, Bridge Identifier, and Port Identifier fields are the main fields
Protocol Version Identifier of a configuration BPDU. STP-enabled switches compare the four fields.

BPDU Type STP selects the optimal configuration BPDU in the following sequence:
Flags 1. Smallest BID of the root bridge
Root Identifier 2. Smallest RPC
Root Path Cost
3. Smallest BID of the network bridge
Bridge Identifier
4. Smallest PID
Port Identifier
Message Age
Max Age
Among the four rules (each rule corresponds to a field in a configuration BPDU), the first rule is used to elect the root bridge on
Hello Time
the network, and the following rules are used to elect the root port and designated port.
Forward Delay

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 BID Root Bridge Cost RPC PID BPDU

Configuration BPDU Forwarding Process

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b 4096.4c1f-aabc-102c

SW1 SW2 SW3
PortID=128.24 PortID=128.23
Cost=20000 Cost=20000

Configuration BPDU Configuration BPDU

... ……
BID of the root bridge = 4096.4c1f-aabc-102a BID of the root bridge = 4096.4c1f-aabc-102a
Path cost = 0
Path cost = 0+20000
BID of the network bridge = 4096.4c1f-aabc-102a
PID = 128.24 BID of the network bridge = 4096.4c1f-aabc-102b

... PID = 128.23

...

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Select Root Bridge Select Root Port Select Designated Port Block Non-designated Port

STP Calculation (1)

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b Select a Root Bridge on the Switching Network

SW1 SW2
Root bridge
• After STP starts to work on a switching network, each switch sends
configuration BPDUs to the network. The configuration BPDU contains the BID
of a switch.
• The switch with the smallest bridge ID becomes the root bridge.
• Only one root bridge exists on a contiguous STP switching network.
• The role of the root bridge can be preempted.
4096.4c1f-aabc-102c
• To ensure the stability of the switching network, you are advised to plan the
SW3 STP network in advance and set the bridge priority of the switch that is
Configuration BPDU planned as the root bridge to the minimum value 0.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Select Root Bridge Select Root Port Select Designated Port Block Non-designated Port

STP Calculation (2)

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b
Select a Root Port on Each Non-root Bridge
SW1 R SW2
• Each non-root bridge selects a root port from its ports.
• A non-root bridge has only one root port.
• When a non-root-bridge switch has multiple ports connected to the network, the
root port receives the optimal configuration BPDU.
• The root port is located on each non-root bridge and has the shortest distance
R
4096.4c1f-aabc-102c away from the root bridge.

SW3

Configuration BPDU R Root port

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Select Root Bridge Select Root Port Select Designated Port Block Non-designated Port

STP Calculation (3)

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b
A designated port is elected on each link.
SW1 D R SW2
D D
• After the root port is elected, the non-root bridge uses the optimal BPDU received
on the port to calculate the configuration BPDU and compares the calculated
configuration BPDU with the configuration BPDUs received by all ports except the
root port.

R  If the former is better, the port is a designated port.

4096.4c1f-aabc-102c
 If the latter is better, the port is not a designated port.
SW3
• In most cases, all ports on the root bridge are designated ports.

Configuration BPDU R Root port D Designated port

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Select Root Bridge Select Root Port Select Designated Port Block Non-designated Port

STP Calculation (4)

Block Non-designated Port

SW1 D R SW2
D D
• On a switch, a port that is neither a root port nor a designated port is called a non-
designated port.
• The last step of STP operations is to block the non-designated port on the network.
After this step is complete, the Layer 2 loop on the network is eliminated.

R Blocked port

SW3

Configuration BPDU R Root port D Designated port

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz 1: Identify the Root Bridge and Port Roles

SW1 4096.4c1f-aabc-0001

GE0/0/0 GE0/0/1

GE0/0/1 GE0/0/1

GE0/0/2 1000M GE0/0/2

SW2 4096.4c1f-aabc-0002 SW3 4096.4c1f-aabc-0003

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz 2: Identify the Root Bridge and Port Roles in the Following
Topology
SW1 4096.4c1f-aabc-0001

GE0/0/0 GE0/0/1

GE0/0/1 GE0/0/2

SW2 4096.4c1f-aabc-0002 SW3 4096.4c1f-aabc-0003

GE0/0/2 GE0/0/1

GE0/0/1 GE0/0/2

SW4 4096.4c1f-aabc-0004

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz 3: Identify the Root Bridge and Port Roles in the Following
Topology

GE0/0/1 GE0/0/1
4096.4c1f-aabc-0001 4096.4c1f-aabc-0002
GE0/0/2 GE0/0/2
SW1 SW2

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 STP Port States

Port State Description

Disabled The port cannot send or receive BPDUs or service data frames. That is, the port is Down.

The port is blocked by STP. A blocked port cannot send BPDUs but listens to BPDUs. In addition, the blocked port cannot send or receive service
Blocking
data frames or learn MAC addresses.

STP considers the port in Listening state as the root port or designated port, but the port is still in the STP calculation process. In this case,
Listening
the port can send and receive BPDUs but cannot send or receive service data frames or learn MAC addresses.

A port in Learning state listens to service data frames but cannot forward them. After receiving service data frames, the port learns MAC
Learning
addresses.

A port in Forwarding state can send and receive service data frames and process BPDUs. Only the root port or designated port can enter the
Forwarding
Forwarding state.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 STP Port State Transition

Disabled or Down

1 1 When a port is initialized or activated, it automatically enters the blocking state.

5
Blocking
5 2 The port is elected as the root port or designated port and
2
automatically enters the Listening state.
4 Listening
5 3 The Forward Delay timer expires and the port is still the root port or
3 designated port.

4 Learning 4 The port is no longer the root port or designated port.

5
3

4 Forwarding 5 The port is disabled or the link fails.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Topology Change: Root Bridge Fault

Root Bridge Fault Rectification Process

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b
1. SW1 (root bridge) is faulty and stops sending BPDUs.
SW1 SW2 2. SW2 waits for the Max Age timer (20s) to expire. In this case, the record about the received
BPDUs becomes invalid, and SW2 cannot receive new BPDUs from the root bridge. SW2
learns that the upstream device is faulty.
3. Non-root bridges send configuration BPDUs to each other to elect a new root bridge.
4. After re-election, port A of SW3 transitions to the Forwarding state after two intervals of the
Forward Delay timer (the default interval is 15s).
A • A non-root bridge starts root bridge re-election after BPDUs age.
• Due to the root bridge failure, it takes about 50s to recover from a root bridge failure.
SW3
4096.4c1f-aabc-102c

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Topology Change: Direct Link Fault

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b Direct Link Fault Rectification Process

SW1 SW2
A
On a stable network, when SW2 detects that the link of the root port is faulty, the
alternate port of SW2 enters the Forwarding state after twice the value of the
Forward Delay timer (the default value is 15s).
• After SW2 detects a fault on the direct link, it switches the alternate port to the
root port.
A
• If a direct link fails, the alternate port restores to the Forwarding state after 30s.

SW3
4096.4c1f-aabc-102c

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Topology Change: Indirect Link Fault
 When the indirect link fails, the alternate port on SW3 restores to the Forwarding state. It takes about 50s to recover from
an indirect link failure.

4096.4c1f-aabc-102a 4096.4c1f-aabc-102b 4096.4c1f-aabc-102a 4096.4c1f-aabc-102b

SW1 SW2 SW1 SW2
D D

A R

SW3 SW3
4096.4c1f-aabc-102c 4096.4c1f-aabc-102c

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 The MAC Address Table Is Incorrect Because the Topology
Changes
SW1
MAC address table

MAC Port GE0/0/1 GE0/0/2

00-05-06-07-08-AA GE0/0/1
00-05-06-07-08-BB GE0/0/3

GE0/0/3 GE0/0/1
SW2 A SW3
As shown in the figure, the root port of SW3 is faulty, causing the spanning GE0/0/2 GE0/0/2
tree topology to re-converge. After the spanning tree topology re-converges,
GE0/0/1 GE0/0/3
Host B cannot receive frames sent by Host A. This is because switches
forward data frames based on the MAC address table. By default, the aging
time of MAC address entries is 300s. How is forwarding restored rapidly?
Host A Host B
00-05-06-07-08-AA 00-05-06-07-08-BB

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 The MAC Address Table Is Incorrect Because the Topology
Changes
SW1
MAC address table

MAC Port GE0/0/1 GE0/0/2

00-05-06-07-08-AA GE0/0/3

00-05-06-07-08-BB GE0/0/1

00-05-06-07-08-BB GE0/0/2
1. TCN
GE0/0/3 GE0/0/1
SW2 A SW3
GE0/0/2 GE0/0/2
• TCN BPDUs are generated when the network topology 2. TCA
GE0/0/1 GE0/0/3
changes. 5. TC
• Packet format: protocol identifier, version number,
and type Host A Host B
• Topology change: The TCA and TC bits in the Flags 00-05-06-07-08-AA 00-05-06-07-08-BB
field of configuration BPDUs are used.

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. STP Overview

2. Basic Concepts and Working Mechanism of STP

3. Basic STP Configurations

4. Improvements Made in RSTP

5. STP Advancement

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic STP Configuration Commands (1)
1. Configure a working mode.

[Huawei] stp mode { stp | rstp | mstp }

The switch supports three working modes: STP, RSTP, and Multiple Spanning Tree Protocol (MSTP). By default, a switch works in MSTP mode. On a ring network
running only STP, the working mode of a switch is configured as STP; on a ring network running RSTP, the working mode of a switch is configured as RSTP.

2. (Optional) Configure the root bridge.

[Huawei] stp root primary

Configure the switch as the root bridge. By default, a switch does not function as the root bridge of any spanning tree. After you run this command, the priority
value of the switch is set to 0 and cannot be changed.

3. (Optional) Configure the switch as the secondary root bridge.

[Huawei] stp root secondary

Configure the switch as the secondary root bridge. By default, a switch does not function as the secondary root bridge of any spanning tree. After you run
this command, the priority value of the switch is set to 4096 and cannot be changed.

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic STP Configuration Commands (2)
1. (Optional) Configure the STP priority of a switch.

[Huawei] stp priority priority

By default, the priority value of a switch is 32768.

2. (Optional) Configure a path cost for a port.

[Huawei] stp pathcost-standard { dot1d-1998 | dot1t | legacy }

Configure a path cost calculation method. By default, the IEEE 802.1t standard (dot1t) is used to calculate path costs.
All switches on a network must use the same path cost calculation method.

[Huawei-GigabitEthernet0/0/1] stp cost cost

Set the path cost of the port.

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic STP Configuration Commands (3)
1. (Optional) Configure a priority for a port.

[Huawei-GigabitEthernet0/0/1] stp priority priority

Configure a priority for a port. By default, the priority of a switch port is 128.

2. Enable STP, RSTP, or MSTP.

[Huawei] stp enable

Enable STP, RSTP, or MSTP on a switch. By default, STP, RSTP, or MSTP is enabled on a switch.

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case 1: Basic STP Configurations
SW1 configuration:

GE0/0/24 GE0/0/24 [SW1] stp mode stp

SW1 SW2
[SW1] stp enable
[SW1] stp priority 0

SW2 configuration:

[SW2] stp mode stp

[SW2] stp enable
SW3 [SW2] stp priority 4096

SW3 configuration:
• Deploy STP on the three switches to eliminate Layer 2 loops on the
network. [SW3] stp mode stp

• Configure SW1 as the root bridge and block GE0/0/22 on SW3. [SW3] stp enable

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case 1: Basic STP Configurations

Check brief information about STP states of ports on SW3.

<SW3> display stp brief

MSTID Port Role STP State Protection
0 GigabitEthernet0/0/21 ROOT FORWARDING NONE
0 GigabitEthernet0/0/22 ALTE DISCARDING NONE

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. STP Overview

2. Basic Concepts and Working Mechanism of STP

3. Basic STP Configurations

4. Improvements Made in RSTP

5. STP Advancement

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Disadvantages of STP
 STP ensures a loop-free network but is slow to converge, leading to service quality deterioration. If the network topology changes frequently, connections on the STP
network are frequently torn down, causing frequent service interruption.
 STP does not differentiate between port roles according to their states, making it difficult for less experienced administrators to learn about and deploy this protocol.
 Ports in Listening, Learning, and Blocking states are the same for users because none of these ports forwards service traffic.
 In terms of port use and configuration, the essential differences between ports lie in the port roles but not port states.
 Both root and designated ports can be in Listening state or Forwarding state, so the port roles cannot be differentiated according to their states.

 The STP algorithm does not determine topology changes until the timer expires, delaying network convergence.

 The STP algorithm requires the root bridge to send configuration BPDUs after the network topology becomes stable, and other devices process and spread the
configuration BPDUs through the entire network. This also delays convergence.

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 RSTP Overview
 RSTP defined in IEEE 802.1w is an enhancement to STP. RSTP optimizes STP in many aspects, provides faster convergence,
and is compatible with STP.
 RSTP introduces new port roles. When the root port fails, the switch can enable the alternate port to obtain an alternate
path from the designated bridge to the root bridge. RSTP defines three states for a port based on whether the port
forwards user traffic and learns MAC addresses. In addition, RSTP introduces the edge port. The port connecting a switch
to a terminal is configured as an edge port that enters the Forwarding state immediately after initialization, thus improving
the working efficiency.

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Improvements Made in RSTP
 RSTP processes configuration BPDUs differently from STP.
 When the topology becomes stable, the mode of sending configuration BPDUs is optimized.
 RSTP uses a shorter timeout interval of BPDUs.
 RSTP optimizes the method of processing inferior BPDUs.

 RSTP changes the configuration BPDU format and uses the Flags field to describe port roles.
 RSTP topology change processing: Compared with STP, RSTP is optimized to accelerate the response to topology changes.

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Port Roles in RSTP
 RSTP adds port roles to help understand RSTP and simplify RSTP deployment.

SW1 (root bridge) SW1 (root bridge)

D D D D

R R R R
SW2 SW3 SW2 SW3
D A D B A

R Root port D Designated port A Alternate port B Backup port

RSTP defines four port roles: root port, designated port, alternate port, and backup port.

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Edge Port
 An edge port is located at the edge of a region and does not connect to any switching device.

SW1 (root bridge)

D D

R R E
SW2
SW3

R Root port D Designated port E Edge port

Generally, an edge port is directly connected to a user terminal. The edge port can transition from the Disabled state to the Forwarding state.

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Port States in RSTP
 RSTP deletes two port states defined in STP, reducing the number of port states to three.
 If the port does not forward user traffic or learn MAC addresses, it is in Discarding state.
 If the port does not forward user traffic but learns MAC addresses, it is in Learning state.
 If the port forwards user traffic and learns MAC addresses, it is in Forwarding state.

STP Port State RSTP Port State Port Role

Forwarding Forwarding Root port or designated port

Learning Learning Root port or designated port

Listening Discarding Root port or designated port

Blocking Discarding Alternate port or backup port

Disabled Discarding Disabled port

Page 49 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. STP Overview

2. Basic Concepts and Working Mechanism of STP

3. Basic STP Configurations

4. Improvements Made in RSTP

5. STP Advancement

Page 50 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Defects of STP/RSTP: All VLANs Share One Spanning Tree
 RSTP, an enhancement to STP, allows for fast network topology convergence.
 STP and RSTP both have a defect: All VLANs on a LAN share one spanning tree. As a result, inter-VLAN load balancing cannot be performed, and blocked
links cannot transmit any traffic, which may lead to VLAN packet transmission failures.

SW1 SW2

GE0/0/2 of SW3 is blocked by STP. As a result, traffic of all VLANs is

forwarded through the left link, and the link connected to the blocked
GE0/0/2 interface does not carry traffic, wasting link bandwidth resources.

SW3
Data from all VLANs

Blocked port

VLAN 1, 2, 3…
Page 51 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VBST
 Huawei provides the VLAN-based Spanning Tree (VBST). VBST constructs a spanning tree in each VLAN so that traffic from
different VLANs is load balanced along different spanning trees.

SW1 SW2

Spanning tree Spanning tree Spanning tree

of VLAN 1 of VLAN 2 of VLAN 3
Root Root Root

Data in an even-numbered VLAN

SW3
Data in an odd-numbered VLAN Independent spanning trees are formed for different VLANs.

Blocked port in an even-numbered VLAN

Blocked port in an odd-numbered VLAN

VLAN 1, 2, 3…

Page 52 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MSTP
 To fix the defects, the IEEE released the 802.1s standard that defines the Multiple Spanning Tree Protocol (MSTP) in 2002.

 MSTP is compatible with STP and RSTP, and can rapidly converge traffic and provides multiple paths to load balance VLAN traffic.

SW1 SW2 Spanning tree Spanning tree

of MSTI 1 of MSTI 2
Root Root

• MSTP maps VLANs to an MSTI. Multiple VLANs can share one spanning tree. For example:
Data in an even-numbered VLAN • Even-numbered VLANs are mapped to MSTI 1.
SW3 • Odd-numbered VLANs are mapped to MSTI 2.
Data in an odd-numbered VLAN
• Only two spanning trees are maintained on the network.
Blocked port in MSTI 1

Blocked port in MSTI 2

VLAN 1, 2, 3…

Page 53 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MSTP Overview
 MSTP divides a switching network into multiple regions, each of which has multiple spanning trees that are independent of each other.
 Each spanning tree is called a multiple spanning tree instance (MSTI).
 An MSTI is the spanning tree corresponding to a set of VLANs.
 Binding multiple VLANs to a single MSTI reduces communication costs and resource usage.
 The topology of each MSTI is calculated independently, and traffic can be balanced among MSTIs.
 Multiple VLANs with the same topology can be mapped to a single MSTI. The forwarding state of the VLANs for an interface is
determined by the interface state in the MSTI.

Page 54 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Stack and Tree Networking of Campus Networks
Traditional STP Networking iStack Networking

iStack Aggregation switches form an iStack

system (logical standalone device).
Aggregation switch 1
Aggregation switch 2

Access switch Access switch Access switch Access switch

Two aggregation switches form a triangle Layer 2 loop with access switches, so STP Aggregation switches are stacked to form a single logical device, simplifying the network
must be deployed on the network. However, STP blocks ports on the network, causing a topology. In addition, link aggregation is deployed between aggregation switches and
failure to fully utilize link bandwidth. access switches to simplify the network topology to a tree topology, eliminating Layer 2
loops and improving link bandwidth utilization.

Page 55 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Smart Link

FW1 FW2

Smart Link is tailored for dual-uplink networking.

• Smart Link is deployed on two switches where a host is dual-homed. When the network is
SW1 SW2 normal, one of the two uplinks is active, and the other is in standby state (does not carry
NO STP service traffic). In this way, a Layer 2 loop is eliminated.
• When the active link is faulty, traffic is switched to the standby link in milliseconds. This
Port1 Port2 ensures proper data forwarding.
Master port Master port • Smart Link is easy to configure.
SW3 • Smart Link does not involve protocol packet exchange, therefore greatly improving speed
and reliability.

Smart Link group Active status

Page 56 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Single Choice) Which statement about the STP port state is false? ()
A. The blocked port does not listen to or send BPDUs.

B. A port in Learning state learns MAC addresses but does not forward data.

C. A port in Listening state keeps listening to BPDUs.

D. If a blocked port does not receive BPDUs within a specified period, the port automatically switches to the Listening state.

Page 57 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 STP prevents loops on a LAN. Devices running STP exchange information with one another to discover loops on the network, and block certain ports to
eliminate loops. With the growth in scale of LANs, STP has become an important protocol for a LAN.

 After STP is configured on an Ethernet switching network, the protocol calculates the network topology to implement the following functions:
 Loop prevention: The spanning tree protocol blocks redundant links to prevent potential loops on the network.

 Link redundancy: If an active link fails and a redundant link exists, the spanning tree protocol activates the redundant link to ensure network connectivity.

 STP cannot meet requirements of modern campus networks. However, understanding the working mechanism of STP helps you better understand the
working mechanism and deployment of RSTP and MSTP.

Page 58 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 59 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 By default, a Layer 2 switching network is a broadcast domain, which brings many problems. Virtual local area network
(VLAN) technology isolates such broadcast domains, preventing users in different VLANs from communicating with each
other. However, such users sometimes need to communicate.
 This course describes how to implement inter-VLAN communication.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to understand:
 Methods of implementing inter-VLAN communication.
 How to use routers (physical interfaces or sub-interfaces) to implement inter-VLAN communication.
 How to use Layer 3 switches to implement inter-VLAN communication.
 How Layer 3 packets are forwarded.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Background

2. Using Routers' Physical Interfaces or Sub-interfaces to Implement Inter-VLAN Communication

3. Using VLANIF Interfaces to Implement Inter-VLAN Communication

4. Layer 3 Communication Process

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Inter-VLAN Communication (1)
 In real-world network deployments, different IP address segments are assigned to different VLANs.

 PCs on the same network segment in the same VLAN can directly communicate with each other without the need for Layer 3 forwarding devices. This communication
mode is called Layer 2 communication.
 Inter-VLAN communication belongs to Layer 3 communication, which requires Layer 3 devices.

Layer 2 switch

Layer 2 communication Layer 2 communication

VLAN 10 VLAN 20
192.168.10.0/24 192.168.20.0/24

Layer 3 communication

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Inter-VLAN Communication (2)
 Common Layer 3 devices: routers, Layer 3 switches, firewalls, etc.
 Inter-VLAN communication is implemented by connecting a Layer 2 switch to a Layer 3 interface of a Layer 3 device. The
communication packets are routed by the Layer 3 device.
3
3
2 Layer 2 interface
Router 2
3 Layer 3 interface 2
Layer 2 switch 2
2
2 2

VLAN 10 VLAN 20
192.168.10.0/24 192.168.20.0/24

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Background

2. Using Routers' Physical Interfaces or Sub-interfaces to Implement Inter-VLAN Communication

3. Using VLANIF Interfaces to Implement Inter-VLAN Communication

4. Layer 3 Communication Process

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Physical Interfaces Using Sub-interfaces

Using a Router's Physical Interfaces

Physical Connection
• The Layer 3 interfaces of the router function as gateways to forward traffic
R1
from the local network segment to other network segments.
GE 0/0/1 GE 0/0/2 • The Layer 3 interfaces of the router cannot process data frames with VLAN
192.168.10.254 192.168.20.254 tags. Therefore, the interfaces of the switch connected to the router must be
set to the access type.
GE 0/0/3 GE 0/0/4
• One physical interface of the router can function as the gateway of only one
Access (VLAN 10) Access (VLAN 20) VLAN, meaning that the number of required physical interfaces are
determined by the quantity of the deployed VLANs.
GE 0/0/1 GE 0/0/2 • A router, mainly forwarding packets at Layer 3, provides only a small number
Access (VLAN 10) Access (VLAN 20)
SW1 of physical interfaces. Therefore, the scalability of this solution is poor.

VLAN 10 VLAN 20

PC1 PC2
192.168.10.2/24 192.168.20.2/24
Default gateway: 192.168.10.254 Default gateway: 192.168.20.254

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Physical Interfaces Using Sub-interfaces

Using a Router's Sub-interfaces

Physical Connection
 A sub-interface is a logical interface created on a router's Ethernet
R1 interface and is identified by a physical interface number and a sub-
interface number. Similar to a physical interface, a sub-interface can
GE 0/0/1.10 GE 0/0/1.20 perform Layer 3 forwarding.
192.168.10.254 192.168.20.254
 Different from a physical interface, a sub-interface can terminate data
G 0/0/24 frames with VLAN tags.
Trunk VLANs 10 20
 You can create multiple sub-interfaces on one physical interface. After
GE 0/0/1 GE 0/0/2 connecting the physical interface to the trunk interface of the switch, the
Access (VLAN 10) SW1 Access (VLAN 20)
physical interface can provide Layer 3 forwarding services for multiple
VLANs.
VLAN 10 VLAN 20

PC1 PC2
192.168.10.2/24 192.168.20.2/24
Default gateway: 192.168.10.254 Default gateway: 192.168.20.254

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Physical Interfaces Using Sub-interfaces

Sub-Interface Processing
 The interface connecting the switch to the router is set to a trunk interface. The router forwards the received packets to the corresponding sub-
interfaces according to the VLAN tags in the packets.

GE 0/0/1.10 GE 0/0/1.20 Packets carrying VLAN 10

Packets carrying VLAN 20

GE 0/0/1 R1 GE 0/0/1.10
R1 GE 0/0/1
GE 0/0/1.20

VLAN 10
SW1
VLAN 20
• Based on the VLAN ID carried in a packet, the device
forwards the packet to the corresponding sub-
Trunk interface (for example, GE 0/0/1.10) for processing.
GE 0/0/1 GE 0/0/24 GE 0/0/2 • Through sub-interfaces, the device can implement
inter-VLAN communication at Layer 3.
Trunk
GE 0/0/24

SW1
192.168.10.2/24 192.168.20.2/24
Default gateway: Default gateway: 192.168.20.254
192.168.10.254

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Using Physical Interfaces Using Sub-interfaces

Example for Configuring Sub-interfaces

[R1]interface GigabitEthernet0/0/1.10
[R1-GigabitEthernet0/0/1.10]dot1q termination vid 10
[R1-GigabitEthernet0/0/1.10]ip address 192.168.10.254 24
R1 [R1-GigabitEthernet0/0/1.10]arp broadcast enable

The VLAN IDs to be terminated need to be configured on the sub-

interfaces.
GE 0/0/1
GE 0/0/1.10 The router selects proper sub-interfaces based on the VLAN IDs of the
GE 0/0/1.20 received packets. (The sub-interfaces accept tagged packets.)
The packets sent by the sub-interfaces carry the configured
termination VLAN IDs.

Trunk
GE0/0/24 [R1]interface GigabitEthernet0/0/1.20
[R1-GigabitEthernet0/0/1.20]dot1q termination vid 20
SW1 [R1-GigabitEthernet0/0/1.20]ip address 192.168.20.254 24
[R1-GigabitEthernet0/0/1.20]arp broadcast enable

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Background

2. Using Routers' Physical Interfaces or Sub-interfaces to Implement Inter-VLAN Communication

3. Using VLANIF Interfaces to Implement Inter-VLAN Communication

4. Layer 3 Communication Process

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Layer 3 Switch and VLANIF Interfaces

• A Layer 2 switch provides only Layer 2 switching functions.

• A Layer 3 switch provides routing functions through Layer 3 interfaces (such

Layer 3 switch as VLANIF interfaces) as well as the functions of a Layer 2 switch.
Routing module
• A VLANIF interface is a Layer 3 logical interface that can remove and add
VLANIF 10 Direct internal VLANIF 20
communication VLAN tags. VLANIF interfaces therefore can be used to implement inter-VLAN
communication.

• A VLANIF interface number is the same as the ID of its corresponding VLAN.

VLAN 10 Switching VLAN 20
module For example, VLANIF 10 is created based on VLAN 10.

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring VLANIF Interfaces
Basic configurations:
• VLANIF 10 192.168.10.254/24
• VLANIF 20 192.168.20.254/24 [SW1]vlan batch 10 20
[SW1] interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1] port link-type access
SW1
[SW1-GigabitEthernet0/0/1] port default vlan 10
GE 0/0/1 GE 0/0/2
[SW1] interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2] port link-type access
[SW1-GigabitEthernet0/0/2] port default vlan 20
VLAN 10 VLAN 20

PC1 PC2
192.168.10.2/24 192.168.20.2/24 Configure VLANIF interfaces:
Default gateway: 192.168.10.254 Default gateway: 192.168.20.254
[SW1]interface Vlanif 10
[SW1-Vlanif10]ip address 192.168.10.254 24
• Configuration Requirements
[SW1]interface Vlanif 20
Configure VLANs 10 and 20 for the interfaces connecting to PC1 and PC2, respectively.
[SW1-Vlanif20]ip address 192.168.20.254 24
Configure the Layer 3 switch to allow the two PCs to communicate with each other.

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLANIF Forwarding Process (1)

interface Vlanif10 interface Vlanif20

ip address 192.168.10.254 24 ip address 192.168.20.254 24
(MAC: MAC2) (MAC: MAC2)
This example assumes that the required ARP or MAC address entries
already exist on the PCs and the Layer 3 switch.
The communication process between PC1 and PC2 is as follows:
Routing module
VLANIF 10 VLANIF 20
1. PC1 performs calculation based on its local IP address, local subnet
mask, and destination IP address, and finds that the destination

VLAN 10 VLAN 20
Switching device PC2 is not on its network segment. PC1 then determines that
module
Layer 3 communication is required and sends the traffic destined for
PC2 to its gateway. Data frame sent by PC1: source MAC = MAC1,
1
Access interface destination MAC = MAC2

PC1 PC2
IP: 192.168.10.2/24 IP: 192.168.20.2/24
Default gateway: 192.168.10.254 Default gateway: 192.168.20.254
MAC: MAC1 MAC: MAC3

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLANIF Forwarding Process (2)

interface Vlanif10 3 interface Vlanif20

ip address 192.168.10.254 24 ip address 192.168.20.254 24
(MAC: MAC2) (MAC: MAC2) 2. After receiving the packet sent from PC1 to PC2, the switch
decapsulates the packet and finds that the destination MAC address is
the MAC address of VLANIF 10. The switch then sends the packet to the
VLANIF 10 VLANIF 20 Routing module
routing module for further processing.

2
3. The routing module finds that the destination IP address is 192.168.20.2,
Switching
VLAN 10 VLAN 20 which is not the IP address of its local interface, and determines that
module
this packet needs to be forwarded at Layer 3. By searching the routing
table, the routing module finds a matching route – the direct route
Access interface generated by VLANIF 20 – for this packet.

PC1 PC2
IP: 192.168.10.2/24 IP: 192.168.20.2/24
Default gateway: 192.168.10.254 Default gateway: 192.168.20.254
MAC: MAC1 MAC: MAC3

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VLANIF Forwarding Process (3)

interface Vlanif10 interface Vlanif20

ip address 192.168.10.254 24 ip address 192.168.20.254 24
(MAC: MAC2) (MAC: MAC2) 4. Because the matching route is a direct route, the switch determines that
the packet has reached the last hop. It searches its ARP table for
192.168.20.2, obtains the corresponding MAC address, and sends the
VLANIF 10 VLANIF 20 Routing module
packet to the switching module for re-encapsulation.

4 5. The switching module searches its MAC address table to determine the
Switching
VLAN 10 VLAN 20 outbound interface of the frame and whether the frame needs to carry a
module
VLAN tag. Data frame sent by the switching module: source MAC = MAC2,
5 destination MAC = MAC3, VLAN tag = None
Access interface

PC1 PC2
IP: 192.168.10.2/24 IP: 192.168.20.2/24
Default gateway: 192.168.10.254 Default gateway: 192.168.20.254
MAC: MAC1 MAC: MAC3

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Background

2. Using Routers' Physical Interfaces or Sub-interfaces to Implement Inter-VLAN Communication

3. Using VLANIF Interfaces to Implement Inter-VLAN Communication

4. Layer 3 Communication Process

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Topology Logical Connection Communication Process

Network Topology

VLAN 10
PC1
IP: 192.168.10.2/24 R1
Default gateway: 192.168.10.254
SW1 SW2 NAT
GE 0/0/1
ISP
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
Server
2.3.4.5
VLAN 20
• VLANIF 10: 192.168.10.254 24
PC2
IP: 192.168.20.2/24 • VLANIF 20: 192.168.20.254 24
Default gateway: 192.168.20.254
• VLANIF 30: 192.168.30.1 24

This topology is used as an example to describe the communication process from PC1 in VLAN 10 to the server (2.3.4.5) on the Internet.

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Topology Logical Connection Communication Process

Logical Connection
Logical Connection

Routing
• Configure a default route on SW2 to
VLANIF 10 VLANIF 20 VLANIF 30 module allow intranet users to access the
Internet.

SW2 Switching R1
module NAT
VLAN 30
Internet
Access interface

Trunk interface
VLAN 10 VLAN 20 SW1
• On R1, configure static routes to the user network
Trunk segments of VLAN 10 and VLAN 20.
GE 0/0/1 GE 0/0/24 GE 0/0/2 • To enable intranet PCs using private IP addresses
to access the Internet, configure Network Address
and Port Translation (NAPT) on R1.

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Topology Logical Connection Communication Process

Communication Process (1)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway: 192.168.10.254
MAC: MAC1 R1
SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
ISP
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 192.168.30.2 Server
MAC: MAC3 2.3.4.5
Source MAC: MAC1
PC Processing Destination MAC: MAC2
Before sending a packet to 2.3.4.5, the PC VLAN tag: None
sends the packet to its gateway after
determining that the destination IP address Source IP: 192.168.10.2
is not on its network segment. Destination IP: 2.3.4.5

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Topology Logical Connection Communication Process

Communication Process (2)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway: 192.168.10.254
MAC: MAC1 R1
SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
ISP
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 192.168.30.2 Server
MAC: MAC3 2.3.4.5
MAC Address VLAN Interface
MAC1 10 GE 0/0/1
Source MAC: MAC1
MAC2 10 GE 0/0/24
Destination MAC: MAC2
SW1 Processing VLAN tag: 10

After receiving the frame, SW1 searches the MAC address Source IP: 192.168.10.2
table for the destination MAC address and forwards the frame. Destination IP: 2.3.4.5

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Topology Logical Connection Communication Process

Communication Process (3)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway: 192.168.10.254
MAC: MAC1 R1
SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
ISP
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 192.168.30.2 Server
Operational data of a routing MAC: MAC3 2.3.4.5
Destination Network Next Hop Outbound Interface
table.
0.0.0.0/0 192.168.30.2 Vlanif30

SW2 Processing
After SW2 receives the frame, it finds that the destination MAC address is the MAC address of its VLANIF 10 and sends the
frame to the routing module, which then searches the routing table for a route matching the destination IP address 2.3.4.5.
After finding that the matching route is a default route, the outbound interface is VLANIF 30, and the next hop is 192.168.30.2,
SW2 searches its ARP table to obtain the MAC address corresponding to 192.168.30.2.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Topology Logical Connection Communication Process

Communication Process (4)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway: 192.168.10.254
MAC: MAC1 R1
SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
ISP
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 192.168.30.2 Server
MAC: MAC3 2.3.4.5
ARP entry Destination Network MAC Outbound Interface
192.168.30.2 MAC3 GE 0/0/2 Source MAC: MAC2
Destination MAC: MAC3
SW2 Processing
VLAN tag: None
After finding the MAC address corresponding to 192.168.30.2, SW2 replaces the source MAC
address of the packet with the MAC address of VLANIF 30, and forwards the packet to the Source IP: 192.168.10.2
switching module. The switching module searches the MAC address table for the outbound
interface and determines whether the packet carries a VLAN tag.
Destination IP: 2.3.4.5

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Topology Logical Connection Communication Process

Communication Process (5)

VLANIF 10
IP: 192.168.10.254/24
MAC: MAC2

VLANIF 30
IP: 192.168.30.1/24
IP: 192.168.10.2/24 MAC: MAC2
Default gateway: 192.168.10.254
MAC: MAC1 R1
SW1 SW2 NAT
GE 0/0/1 GE 0/0/1
ISP
GE 0/0/24 GE 0/0/2 GE 0/0/0 1.2.3.4
VLAN 10 192.168.30.2 Server
MAC: MAC3 2.3.4.5

Source IP: 1.2.3.4

R1 Processing
Destination IP: 2.3.4.5
Checks the destination MAC address of the data packet and finds that the MAC
address belongs to its interface. Checks the destination IP address and finds that it
is not a local IP address. Searches the routing table, finds a default matching route,
and forwards the packet to a carrier device while performing NAT to translate the
source IP address and port number of the packet.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. When a sub-interface is used to implement inter-VLAN communication, how does the switch interface connected to the router need to
be configured?

2. How are packets changed when being forwarded at Layer 3?

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 This course describes three methods of implementing inter-VLAN communication: through physical interfaces, sub-
interfaces, and VLANIF interfaces.

 It also elaborates the Layer 3 communication process, and device processing mechanism and packet header changes
during the communication.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
 Comparison between Layer 2 and Layer 3 interfaces

Layer 2 Interface Layer 3 Interface

An IP address cannot be configured for a Layer 2 interface. An IP address can be configured for a Layer 3 interface
A Layer 2 interface does not have a MAC address. A Layer 3 interface has a MAC address.

After a Layer 3 interface receives a data frame, if the destination MAC address of the data frame is the same as the
After a Layer 2 interface receives a data frame, it searches its MAC address table for the
local MAC address, it decapsulates the data frame and looks up the destination IP address of the data packet in the
destination MAC address of the frame. If a matching MAC address entry is found, it forwards the
routing table. If a matching route is found, it forwards the data frame according to the instruction of the route. If no
frame according to the entry. If no matching MAC address entry is found, it floods the frame.
matching route is found, it discards the packet.

A Layer 3 interface on a router is a typical Layer 3 interface.

A physical interface on a Layer 2 switch (has only Layer 2 switching capabilities) is a typical Layer 2
Physical interfaces on some Layer 3 switches can be switched to Layer 3 mode.
interface. By default, the physical interfaces of most Layer 3 switches (have both Layer 2 and Layer
In addition to Layer 3 physical interfaces, there are Layer 3 logical interfaces, such as VLANIF interfaces on switches
3 switching capabilities) work at Layer 2.
or logical sub-interfaces on other network devices, such as GE 0/0/1.10.

Layer 3 interfaces isolate broadcast domains. They directly terminate received broadcast frames instead of flooding
Layer 2 interfaces do not isolate broadcast domains. They flood received broadcast frames.
them.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
• As services develop and the campus network scale expands, users have increasingly
demanding requirements on network bandwidth and reliability. Traditional solutions
improve network bandwidth by upgrading devices and implement high reliability by
deploying redundant links and using the Spanning Tree Protocol (STP), leading to low
flexibility, time-consuming troubleshooting, and complex configuration.

• This chapter describes how to use Eth-Trunk, intelligent stack (iStack), and cluster
switch system (CSS) technologies to improve network bandwidth and reliability.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
▫ Understand the functions of link aggregation.

▫ Understand the link aggregation types.

▫ Understand the link aggregation negotiation process in Link Aggregation Control Protocol
(LACP) mode.

▫ Understand the advantages and principles of iStack and CSS.

▫ Understand the common applications and networking of link aggregation and stacking
technologies.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Reliability Requirements

2. Principle and Configuration of Link Aggregation

3. Overview of iStack and CSS

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Reliability
• Network reliability refers to the capability of ensuring nonstop network services when a
single point or multiple points of failure occur on a device or link.

• Network reliability can be implemented at the card, device, and link levels.
Highly reliable network

iStack

Link Link
Network A aggregation aggregation Network B

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Card Reliability (1)
• A modular switch consists of a chassis, power modules, fan modules, main
processing units (MPUs), switch fabric units (SFUs), and line processing units
MPU (LPUs).

• Chassis: provides slots for various cards and modules to implement inter-card
LPU
communication.

• Power module: power supply system of the device

SFU
• Fan module: heat dissipation system

LPU • MPU: responsible for the control plane and management plane of the entire
system.

• SFU: responsible for the data plane of the entire system. The data plane
Mounting
provides high-speed non-blocking data channels for data switching between
bracket
service modules.
Power module
• LPU: provides data forwarding functions on a physical device and provides
Front view of the
S12700E-8 chassis optical and electrical interfaces of different rates.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Card Reliability (2)
The failure of a single
MPU does not affect the • For example, the S12700E-8 provides eight
normal operation of the
control platform. LPU slots, four SFU slots, two MPU slots,
MPU
six power module slots, and four fan
LPU If some SFUs
are faulty, the
module slots.
data plane can
still forward • A modular switch can be configured with
SFU data properly.
multiple MPUs and SFUs to ensure device
reliability. If an SFU or MPU in a single slot
LPU
is faulty, the switch can still run properly.
If the LPU is
faulty, the • After an LPU of a modular switch is
interfaces on the
LPU are affected. damaged, interfaces on the LPU cannot
forward data.
Front view of the
S12700E-8 chassis

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Device Reliability
No backup Master/Backup mode

R Root port
Network Network
A Alternative port
If the aggregation
switch is faulty, traffic
from the downstream When the root
Aggregation switch cannot be Aggregation
port fails, the
switch forwarded. switch
alternative port
continues to
R A
forward packets.
Access Access STP
switch switch

On a network with the device redundancy design, a downstream

On a network without the device redundancy design, a downstream switch is dual-homed to two upstream switches. The links work in
switch uses a single uplink. If the upstream switch or its interfaces active/backup mode. If the active link or upstream switch fails,
fail, all downstream networks are interrupted. traffic is switched to the backup link and forwarded through the
backup device.

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Link Reliability
STP STP
To improve link
Aggregation Aggregation reliability, a new link
switch switch will be added. This
link is blocked by
STP and functions as
a backup link.
Access Access
switch switch

• To ensure link reliability, deploy multiple physical links between devices. To prevent loops, configure STP to
ensure that traffic is forwarded on only one link, and other links function as backup links.

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Reliability Requirements

2. Principle and Configuration of Link Aggregation

▪ Principle

▫ Manual Mode

▫ LACP Mode

▫ Typical Application Scenarios

▫ Configuration Example

3. Overview of iStack and CSS

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Increasing Link Bandwidth
• When multiple links exist between devices, traffic is forwarded on only one link due to
STP. In this case, the inter-device link bandwidth remains unchanged.
F Interface that
forwards traffic
B Interface blocked due to STP

SW1 SW2
F F
STP
root F B
bridge F B

F B

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Eth-Trunk
• Ethernet link aggregation, also called Eth-Trunk, bundles multiple physical links into a
logical link to increase link bandwidth, without having to upgrade hardware.

F Traffic forwarding interface

SW1 SW2
F F

F F

F F

F F

Eth-Trunk

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts of Eth-Trunk
• A link aggregation group (LAG) is a logical link formed by bundling
several links. Each LAG has one logical interface, known as an LAG
interface or Eth-Trunk interface.
Eth-Trunk interface
SW1 • Member interface and member link: Physical interfaces that constitute
S S U U an Eth-Trunk interface are called member interfaces, and the link
corresponding to a member interface is known as a member link.
Member
• Active interface and active link: An active interface is also called a
link
Member selected interface and is a member interface that participates in data
interface forwarding. The link corresponding to an active interface is called an
active link.
LAG
• Inactive interface and inactive link: An inactive interface is also called
an unselected interface and is a member interface that does not
S S U U participate in data forwarding. A link corresponding to an inactive
SW2 interface is referred to as an inactive link.
Eth-Trunk interface
• Link aggregation mode: Based on whether the Link Aggregation
Control Protocol (LACP) is enabled, link aggregation can be classified
into manual mode and LACP mode.
S Active interface • Other concepts: upper and lower thresholds for the number of active
U Inactive interface interfaces

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Reliability Requirements

2. Principle and Configuration of Link Aggregation

▫ Principle

▪ Manual Mode

▫ LACP Mode

▫ Typical Application Scenarios

▫ Configuration Example

3. Overview of iStack and CSS

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Manual Mode

S Active interface
SW1 SW2
S S

S S

S S

S S

Eth-Trunk

LACP-incapable old or low-end devices

• Manual mode: An Eth-Trunk is manually created, and its member interfaces are manually configured. LACP is not used
for negotiation between the two systems.
• In most cases, all links are active links. In this mode, all active links forward data and evenly share traffic. If an active link
is faulty, the LAG automatically evenly shares traffic among the remaining active links.
• If one of the devices at both ends of an LAG does not support LACP, you can use the manual mode.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Defects of the Manual Mode (1)

S Active interface
SW1 SW2
S S

Eth-Trunk
Eth-Trunk

interface
interface
S S

S S

S
Eth-Trunk in
manual mode

SW3

• To ensure that the Eth-Trunk works properly, ensure that the peer interfaces of all member interfaces in the Eth-Trunk
meet the following requirements:
▫ The peer interfaces reside on the same device.
▫ The peer interfaces are added to the same Eth-Trunk.
• In manual mode, devices do not exchange packets. Therefore, the configuration needs to be manually confirmed.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Defects of the Manual Mode (2)

S Active interface

F Faulty interface

SW1 SW2
S S

S S

S S

S F

Eth-Trunk
Interface in Up state
but failing to forward
packets

• In manual mode, the device can determine whether the peer interface is working properly based only on
the physical layer status.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Reliability Requirements

2. Principle and Configuration of Link Aggregation

▫ Principle

▫ Manual Mode

▪ LACP Mode

▫ Typical Application Scenarios

▫ Configuration Example

3. Overview of iStack and CSS

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

LACPDU
LACPDU

SW1 SW2
S S
Eth-Trunk in LACP mode

Eth-Trunk

Eth-Trunk
interface

interface
S S

S S

S S

LACPDU
Device priority
MAC address
Interface priority
Interface number
...

• LACP mode: A link aggregation mode that uses the LACP protocol. Devices exchange Link Aggregation Control Protocol
Data Units (LACPDUs) to ensure that the peer interfaces are member interfaces that belong to the same Eth-Trunk and
are on the same device.
• An LACPDU contains the device priority, MAC address, interface priority, and interface number.

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

System Priority
• In LACP mode, the number of active interfaces selected by devices at both ends must be consistent;
otherwise, the Eth-Trunk cannot be set up. In this case, configure one end as the Actor. Then the other end
selects active interfaces according to the Actor.

• The Actor is determined based on the LACP system priority. A smaller value indicates a higher priority.
SW1 Eth-Trunk in LACP mode SW2
S S

Eth-Trunk
Eth-Trunk

interface
interface
S S

S S

S S

LACPDU
S Active interface Device priority By default, the LACP system priority is 32768. A
smaller value indicates a higher priority.
LACPDU MAC address
Generally, the default value is used. When the
Interface priority
priorities are the same, LACP selects the Actor
Interface number by comparing the MAC addresses. A smaller
... MAC address indicates a higher priority.

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

Interface Priority
• After the Actor is selected, both devices select active interfaces based on the interface priorities of the
Actor. A smaller LACP interface priority value indicates a higher priority.

SW1 Eth-Trunk in LACP mode SW2

S S
Eth-Trunk

Eth-Trunk
interface

interface
S S

S S

S S

LACPDU
By default, the LACP interface priority of an
S Active interface Device priority interface is 32768. A smaller value indicates a
MAC address higher priority. Generally, the default value is
LACPDU
Interface priority used. When the priorities are the same, LACP
Interface number selects active interfaces based on interface
numbers. A smaller interface number indicates a
...
higher priority.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number Active Link
Load Balancing
Introduction of Active Interfaces Election

Maximum Number of Active Interfaces (1)

• In LACP mode, the maximum number of active interfaces can be configured. When the number of member interfaces
exceeds the maximum number of active interfaces, the interfaces with higher priorities and smaller interface numbers
are selected as active interfaces, and the other interfaces function as backup interfaces (inactive interfaces). In addition,
the links corresponding to active interfaces become active links, and the links corresponding to inactive interfaces
become inactive links. The switch sends and receives packets only through active interfaces.

SW1 Eth-Trunk in LACP mode SW2

Eth-Trunk 1 1

Eth-Trunk
interface

interface
2 2

3 3

4 4

Active interface
Inactive interface

Active link
Inactive link

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number Active Link
Load Balancing
Introduction of Active Interfaces Election

Maximum Number of Active Interfaces (2)

• If an active link fails, an inactive link with the highest priority (based on the interface priority and interface number) is
selected to replace the faulty link. This ensures that the overall bandwidth does not change and services are not
interrupted.

SW1 Eth-Trunk in LACP mode SW2

1 1

Eth-Trunk
Eth-Trunk

interface
interface
2 2

3 3

4 4

Active interface
Inactive interface

Active link

Inactive link
Faulty link

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

Active Link Election (1)

Bridge MAC: Bridge MAC:

4c1f-cc58-6d64 4c1f-cc58-6d65
SW1 SW2 • An Eth-Trunk in LACP mode is set up between
1 1
SW1 and SW2. The maximum number of active
2 2
interfaces is set to 2 on SW1 and SW2.
3 3

4 4 • SW1 with a higher priority is elected as the Actor

through LACPDUs.
LACPDU

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

Active Link Election (2)

Bridge MAC: Bridge MAC:

4c1f-cc58-6d64 4c1f-cc58-6d65
SW1 SW2
1 1 • SW1 compares the interface priorities and interface
2 2 numbers to select active interfaces. Under the same
3 3
interface priority, interfaces 1 and 2 have smaller interface
4 4
numbers and are elected as active interfaces.

Active interface
Inactive interface

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

Active Link Election (3)

Bridge MAC: Bridge MAC:

4c1f-cc58-6d64 4c1f-cc58-6d65
SW1 SW2
1 1

2 2

3 3
• SW1 notifies the peer end of the elected active interfaces
4 4 through LACPDUs.

LACPDU
Active interface

Inactive interface

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

Active Link Election (4)

Bridge MAC: Bridge MAC:

4c1f-cc58-6d64 4c1f-cc58-6d65
SW1 SW2
1 1
• SW2 determines the local active interfaces based on the
2 2

3 3 election result of SW1 and the corresponding links

4 4 become active links.

• In this way, the election of active links is complete.

LACPDU
Active interface

Inactive interface

Active link

Inactive link

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

Load Balancing
Per-packet load balancing Per-flow load balancing
S Active interface S Active interface

SW1 SW2 SW1 SW2

S 1 S S S
4 3 2 1 S 2 S 3 1 2 4
S S
S 4 S
S S
S 3 S
S S
Eth-Trunk Eth-Trunk

When an Eth-Trunk is used to forward data, there are Load balancing based on flows is recommended for an
multiple physical links between devices at both ends of the Eth-Trunk. In this mode, a flow is load balanced to the
Eth-Trunk. If data frames are forwarded on different links, same link. This ensures that frames of the same flow are
data frames may arrive at the peer end in a different order transmitted over the same physical link and implements
in which they were transmitted, resulting in out-of-order load balancing among physical links in an Eth-Trunk.
packets.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Packet Maximum Number of Active Link
Load Balancing
Introduction Active Interfaces Election

Load Balancing Mode

• An Eth-Trunk can load balance traffic based on IP addresses or MAC addresses of packets. You can configure different load balancing
modes (valid locally only for outgoing packets) to distribute data flows to different member interfaces.
• Traffic can be load balanced based on: source IP address, source MAC address, destination IP address, destination MAC address, source
and destination IP addresses, and source and destination MAC addresses.
• For actual services, you need to configure a proper load balancing mode based on traffic characteristics. If a service traffic parameter
changes frequently, it is easier to load balance traffic if you use the load balancing mode based on this frequently-changing parameter.

Proper load balancing algorithm Improper load balancing algorithm

SW1 SW2 SW1 SW2

S S S S

S S S S

S S S S
Same source and destination S S Same source and S S
MAC addresses but different destination MAC addresses
source and destination IP Eth-Trunk but different source and Eth-Trunk
addresses destination IP addresses
Source and destination Source and destination
IP address mode MAC address mode

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Reliability Requirements

2. Principle and Configuration of Link Aggregation

▫ Principle

▫ Manual Mode

▫ LACP Mode

▪ Typical Application Scenarios

▫ Configuration Example

3. Overview of iStack and CSS

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Application Scenario (1)
Between switches Between the switch and server

Core switch
Network

Eth-Trunk

Aggregation
switch Access
switch
Eth-Trunk Eth-Trunk

Access Server
switch

To ensure the bandwidth and reliability of links between To improve the access bandwidth and reliability of the
switches, deploy multiple physical links between switches server, bind two or more physical NICs into a NIC group and
and add them to an Eth-Trunk. establish an Eth-Trunk with the switch.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Application Scenario (2)
Between a switch and stack Heartbeat link of firewalls in hot standby mode
Stacking cable
Aggregation
switch

Eth-Trunk
Eth-Trunk

Access
switch

Hot standby

If two firewalls are deployed in hot standby mode, the

heartbeat link is used to detect the status of the peer
An iStack is a logical device consisting of two switches. A device. To prevent status detection errors caused by
switch can be connected to the iStack through an Eth- single-interface or single-link faults, you can create an
Trunk to form a highly reliable loop-free network. Eth-Trunk and use it as the heartbeat link for status
detection.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Reliability Requirements

2. Principle and Configuration of Link Aggregation

▫ Principle

▫ Manual Mode

▫ LACP Mode

▫ Typical Application Scenarios

▪ Configuration Example

3. Overview of iStack and CSS

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (1)
1. Create an Eth-Trunk.

[Huawei] interface eth-trunk trunk-id

An Eth-Trunk interface is created, and the Eth-Trunk interface view is displayed.

2. Configure a link aggregation mode.

[Huawei-Eth-Trunk1] mode {lacp | manual load-balance }

To enable the LACP mode, run mode lacp. To enable the manual mode, run mode manual load-balance.
Note: The link aggregation modes at both ends must be the same.

3. Add an interface to the Eth-Trunk (Ethernet interface view).

[Huawei-GigabitEthernet0/0/1] eth-trunk trunk-id

In the interface view, the interface is added to the Eth-Trunk.

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (2)
4. Add an interface to the Eth-Trunk (Eth-Trunk view).

[Huawei-Eth-Trunk1] trunkport interface-type { interface-number}

In the Eth-Trunk view, the interface is added to the Eth-Trunk. You can use either of the preceding commands to
add an interface to an Eth-Trunk.
5. Enable interfaces at different rates to join the same Eth-Trunk interface.

[Huawei-Eth-Trunk1] mixed-rate link enable

By default, interfaces at different rates are not allowed to join the same Eth-Trunk, and only interfaces at the same
rate can be added to the same Eth-Trunk.
6. Configure the LACP system priority.

[Huawei] lacp priority priority

A smaller priority value indicates a higher LACP system priority. By default, the LACP priority is 32768.

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (3)
7. Configure the LACP interface priority.

[Huawei-GigabitEthernet0/0/1] lacp priority priority

The LACP interface priority is set in the interface view. By default, the LACP interface priority is 32768. A
smaller priority value indicates a higher LACP interface priority.
You can run this command only after an interface is added to the Eth-Trunk.
8. Configure the maximum number of active interfaces.

[Huawei-Eth-Trunk1] max active-linknumber {number}

Ensure that the maximum number of active interfaces on the local end is the same as that on the peer end. The
maximum number of active interfaces can be configured only in LACP mode.

9. Configure the minimum number of active interfaces.

[Huawei-Eth-Trunk1] least active-linknumber {number}

The minimum number of active interfaces can be different on the local end and peer end and can be configured in
both manual and LACP modes.
The minimum number of active interfaces is configured to ensure the minimum bandwidth. When the number of
active links is smaller than the lower threshold, the Eth-Trunk interface goes down.

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring an Eth-Trunk in
Manual Mode
SW1 configuration:
Eth-Trunk [SW1] interface eth-trunk 1
GE0/0/1 GE0/0/1 [SW1-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/2
GE0/0/2 GE0/0/2 [SW1-Eth-Trunk1] port link-type trunk
[SW1-Eth-Trunk1] port trunk allow-pass vlan 10 20
SW1 SW2

• Requirement description:
SW2 configuration:
▫ SW1 and SW2 are connected to the networks of VLAN 10 and
VLAN 20. [SW2] interface eth-trunk 1
[SW2-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/2
▫ SW1 and SW2 are connected through two Ethernet links. To [SW2-Eth-Trunk1] port link-type trunk
[SW2-Eth-Trunk1] port trunk allow-pass vlan 10 20
provide link redundancy and enhance transmission reliability,
configure an Eth-Trunk in manual mode between SW1 and
SW2.

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring an Eth-Trunk in
LACP Mode (1)

Eth-Trunk SW1 configuration:

GE0/0/1 GE0/0/1
GE0/0/2 GE0/0/2 [SW1] interface eth-trunk 1
GE0/0/3 GE0/0/3
[SW1-Eth-Trunk1] mode lacp
SW1 SW2
[SW1-Eth-Trunk1] max active-linknumber 2
• Requirement description: [SW1-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/3
▫ SW1 and SW2 are connected to the networks of VLAN 10 and [SW1-Eth-Trunk1] port link-type trunk
VLAN 20. [SW1-Eth-Trunk1] port trunk allow-pass vlan 10 20

▫ SW1 and SW2 are connected through three Ethernet links. To [SW1-Eth-Trunk1] quit

provide link redundancy and enhance transmission reliability, [SW1] lacp priority 30000

configure an Eth-Trunk in LACP mode between SW1 and

SW2, manually adjust the priority to configure SW1 as the
Actor, and set the maximum number of active interfaces to 2.
The other link functions as the backup link.

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring an Eth-Trunk in
LACP Mode (2)

Eth-Trunk SW1 configuration:

GE0/0/1 GE0/0/1
GE0/0/2 GE0/0/2 [SW2] interface eth-trunk 1
GE0/0/3 GE0/0/3
[SW2-Eth-Trunk1] mode lacp
SW1 SW2
[SW2-Eth-Trunk1] max active-linknumber 2
• Requirement description: [SW2-Eth-Trunk1] trunkport gigabitethernet 0/0/1 to 0/0/3

▫ SW1 and SW2 are connected to the networks of VLAN 10 and [SW2-Eth-Trunk1] port link-type trunk
VLAN 20. [SW2-Eth-Trunk1] port trunk allow-pass vlan 10 20
[SW2-Eth-Trunk1] quit
▫ SW1 and SW2 are connected through three Ethernet links. To
provide link redundancy and enhance transmission reliability,
configure an Eth-Trunk in LACP mode between SW1 and
SW2, manually adjust the priority to configure SW1 as the
Actor, and set the maximum number of active interfaces to 2.
The other link functions as the backup link.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Network Reliability Requirements

2. Principle and Configuration of Link Aggregation

3. Overview of iStack and CSS

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to iStack and CSS
iStack CSS

Stacking cable Stack CSS link

CSS

Equivalent to
Equivalent to Link
Link aggregation aggregation

• iStack: Multiple iStack-capable switches are connected using stacking cables to form a logical switch that participates in
data forwarding.

• Cluster switch system (CSS): Two CSS-capable switches are bundled into one logical switch.

• A CSS consists of only two switches. Generally, modular switches support CSS, and fixed switches support iStack.

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Advantages of iStack and CSS
Eth-Trunk
• One logical device simplifies O&M
and facilitates management.
• If a physical device fails, the other
device can take over the
forwarding and control functions,
CSS preventing single points of failure.

Equivalent to

• Inter-device link aggregation is

implemented on a loop-free
physical network, so STP does not
iStack need to be deployed.
• All links in the Eth-Trunk are used,
Physical forms of CSS and iStack Logical forms of CSS and iStack and the link usage is 100%.

• Many-to-one virtualization: Switches can be virtualized into one logical switch (CSS) that has a unified control plane for unified management.

• Unified forwarding plane: Physical switches in a CSS use a unified forwarding plane, and share and synchronize forwarding information in real time.

• Inter-device link aggregation: Links between physical switches are aggregated into a single Eth-Trunk interface to interconnect with downstream devices.

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Application (1)
Extending the bandwidth and implementing
Extending the port quantity
redundancy backup
iStack link Eth-Trunk
iStack link
Aggregation
layer

Access
layer
iStack
Access
layer
iStack

• When the port density of a switch cannot meet the access • To increase the uplink bandwidth, add new switches to set up an
requirements, add new switches to set up an iStack to increase the iStack and add multiple physical links of the member switches to
number of ports. an Eth-Trunk. This increases the uplink bandwidth, implements
inter-device backup and inter-device link redundancy, and
improves reliability.

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Application (2)
CSS link Eth-Trunk

MSTP+VRRP

CSS
Aggregation
layer

Access layer

• Two devices form a CSS and are virtualized into a single logical device. This simplified network does not
require Multiple Spanning Tree Protocol (MSTP) or Virtual Router Redundancy Protocol (VRRP), so
network configuration is much simpler. Additionally, inter-device link aggregation speeds up network
convergence and improves network reliability.

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Recommended Architecture
Network

iStack and CSS link

Core layer
Eth-Trunk
• Core switches set up a CSS and use Eth-Trunks to connect to
CSS
uplink and downlink devices, building a highly reliable and
loop-free network.

Aggregation layer
• Aggregation switches set up an iStack and use Eth-Trunks to
iStack
connect to uplink and downlink devices, building a highly
reliable loop-free network.

Access layer
• Access devices that are geographically close to each other (such
as access switches in a building) are virtualized into one logical
device using iStack. This adds interfaces and simplifies
iStack iStack management.
• An Eth-Trunk is used to connect to the aggregation layer. The
logical network architecture is simple, and STP and VRRP are
not required. This networking offers high reliability, high uplink
bandwidth, and fast convergence.

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What are the differences between per-packet load balancing and per-flow load balancing?

2. How does an Actor be elected in LACP mode?

3. What are the advantages of CSS and iStack?

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
• Link aggregation can be used to improve link reliability, utilization, and bandwidth. Link
aggregation can be classified into static and LACP aggregation based on the
aggregation mode.

• LACP uses packet negotiation to implement backup for active links. When a link fails,
the backup link is elected as the active link to forward packets.

• To ensure the sequence in which packets arrive, link aggregation uses per-flow load
balancing.

• iStack and CSS simplify network management and network structure, and improve
network reliability.

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 Rapid network development brings challenges to network security and quality of service (QoS).
Access control lists (ACLs) are closely related to network security and QoS.
 By accurately identifying packet flows on a network and working with other technologies, ACLs
can control network access behaviors, prevent network attacks, and improve network bandwidth
utilization, thereby ensuring network environment security and QoS reliability.
 This course describes the basic principles and functions of ACLs, types and characteristics of
ACLs, basic composition of ACLs, ACL rule ID matching order, usage of wildcards, and ACL
configurations.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
▫ Describe the basic principles and functions of ACLs.

▫ Understand the types and characteristics of ACLs.

▫ Describe the basic composition of ACLs and ACL rule ID matching order.

▫ Understand how to use wildcards in ACLs.

▫ Complete the basic configurations of ACLs.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. ACL Overview

2. Basic Concepts and Working Mechanism of ACLs

3. Basic Configurations and Applications of ACLs

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Background: A Tool Is Required to Filter Traffic

VLAN 10 Is any tool available

Financial for filtering IP traffic?
department
server at
R&D department 192.168.4.4/24
at 192.168.2.0/24
Internet

VLAN 20

Denied traffic
President office at
Permitted traffic
192.168.3.0/24

 To ensure financial data security, an enterprise prohibits the R&D department's access to the financial
department server but allows the president office's access to the financial department server.

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Overview
 An ACL is a set of sequential rules composed of permit or deny statements.
 An ACL matches and distinguishes packets.
ACL Application

Source IP address, Source and

• Matching IP traffic
destination IP address, destination port • Invoked in a traffic filter
and protocol type numbers
• Invoked in network address translation
(NAT)
IP Header TCP/UDP Header Data
• Invoked in a routing policy
• Invoked in a firewall policy
• Invoked in QoS
• Others

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. ACL Overview

2. Basic Concepts and Working Mechanism of ACLs

3. Basic Configurations and Applications of ACLs

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

ACL Composition
 An ACL consists of several permit or deny statements. Each statement is a rule of the ACL, and
permit or deny in each statement is the action corresponding to the rule.

What does each rule mean?

acl number 2000 ACL number

rule 5 permit source 1.1.1.0 0.0.0.255

Rule ID
rule 10 deny source 2.2.2.0 0.0.0.255
Action User-defined rules
rule 15 permit source 3.3.3.0 0.0.0.255
Matching option
(source IP address)
...

rule 4294967294 deny Rule hidden at the end of the ACL

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

Rule ID
acl number 2000 Rule ID and Step
Rule ID
• Rule ID
rule 5 deny source 10.1.1.1 0 Each rule in an ACL has an ID.
rule 10 deny source 10.1.1.2 0 • Step
rule 15 permit source 10.1.1.0 0.0.0.255 A step is an increment between neighboring rule IDs
automatically allocated by the system. The default
Step = 5
step is 5. Setting a step facilitates rule insertion
between existing rules of an ACL.
How do I add a rule? • Rule ID allocation
If a rule is added to an empty ACL but no ID is
rule 11 deny source 10.1.1.3 0
manually specified for the rule, the system allocates a
step value (5 for example) as the ID of the rule. If an
acl number 2000 ACL contains rules with manually specified IDs and a
rule 5 deny source 10.1.1.1 0 rule with no manually specified ID is added, the
rule 10 deny source 10.1.1.2 0 system allocates to this rule an ID that is greater than
rule 11 deny source 10.1.1.3 0 the largest rule ID in the ACL and is the smallest
rule 15 permit source 10.1.1.0 0.0.0.255 integer multiple of the step value.

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

Wildcard (1)
Wildcard
acl number 2000 Wildcard
• A wildcard is a 32-bit number that indicates which bits
in an IP address need to be strictly matched and
rule 5 deny source 10.1.1.1 0 which bits do not need to be matched.
rule 10 deny source 10.1.1.2 0 • A wildcard is usually expressed in dotted decimal
rule 15 permit source 10.1.1.0 0.0.0.255 notation, as a network mask is expressed. However,
their meanings are different.

• Matching rule
0: matching; 1: random allocation

How do I match the network segment address corresponding to 192.168.1.1/24?

192.168.1.1 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1
192.168.1.0/24
network segment
0.0.0.255 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1

Strict matching Random allocation

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

Wildcard (2)
 A wildcard can be used to match odd IP addresses in the network segment 192.168.1.0/24, such as
192.168.1.1, 192.168.1.3, and 192.168.1.5.
Strict matching Random allocation Strict matching

192.168.1 1 192.168.1.1 0.0.0.254

192.168.1 0 0 0 0 0 0 0 1

192.168.1 3 The value 1 or 0 in the wildcard can be inconsecutive.

192.168.1 0 0 0 0 0 0 1 1

192.168.1 5
Special Wildcard
192.168.1 0 0 0 0 0 1 0 1 • Exactly match the IP address 192.168.1.1.
… 192.168.1.1 0.0.0.0 = 192.168.1.1 0
Wildcard
• Match All IP addresses.
0.0.0. 1 1 1 1 1 1 1 0 0.0.0.0 255.255.255 = any

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

ACL Classification and Identification

 ACL classification based on ACL rule definition methods
Category Number Range Description
Basic ACL 2000 to 2999 Defines rules based on source IPv4 addresses, fragmentation information, and effective time ranges.

Defines rules based on source and destination IPv4 addresses, IPv4 protocol types, ICMP types, TCP
Advanced ACL 3000 to 3999
source/destination port numbers, UDP source/destination port numbers, and effective time ranges.
Defines rules based on information in Ethernet frame headers of packets, such as source and destination MAC
Layer 2 ACL 4000 to 4999
addresses and Layer 2 protocol types.

User-defined ACL 5000 to 5999 Defines rules based on packet headers, offsets, character string masks, and user-defined character strings.

Defines rules based on source IPv4 addresses or user control list (UCL) groups, destination IPv4 addresses or
User ACL 6000 to 6999 destination UCL groups, IPv4 protocol types, ICMP types, TCP source/destination port numbers, and UDP
source/destination port numbers.

• ACL classification based on ACL identification methods

Category Description
Numbered ACL Traditional ACL identification method. A numbered ACL is identified by a number.
Named ACL A named ACL is identified by a name.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

Basic and Advanced ACLs

Source IP
 Basic ACL address

Number range: IP Header TCP/UDP Header Data

2000 to 2999
acl number 2000
rule 5 deny source 10.1.1.1 0
rule 10 deny source 10.1.1.2 0
rule 15 permit source 10.1.1.0 0.0.0.255

Source IP address, Source and

• Advanced ACL destination IP address, destination port
and protocol type numbers

Number range: IP Header TCP/UDP Header Data

3000-3999
acl number 3000
rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.3.0 0.0.0.255
rule 10 permit tcp source 10.1.2.0 0.0.0.255 destination 10.1.3.0 0.0.0.255 destination-port eq 21

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

ACL Matching Mechanism

Start
Matching principle: The matching stops once a rule is matched.
Does the No
referenced
ACL exist?
Yes

Does the No
ACL contain
rules?
Yes

Analyze the first rule. Is the ACL permit

action permit
or deny?
Match the Yes
rule. deny
No
Are there No The ACL matching result The ACL matching result The ACL matching result
remaining is deny. is permit. is "negative match."
rules?
Yes
Analyze the next rule. End

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

ACL Matching Order and Result

 Configuration order (config mode)
▫ The system matches packets against ACL rules in ascending order of rule ID. That is, the rule with the smallest ID is
processed first.

192.168.1.1/24 acl 2000

192.168.1.1/24
192.168.1.2/24 rule 1 permit source 192.168.1.1 0.0.0.0
192.168.1.2/24
192.168.1.3/24 rule 2 permit source 192.168.1.2 0.0.0.0
192.168.1.4/24
192.168.1.4/24 rule 3 deny source 192.168.1.3 0.0.0.0
192.168.1.5/24
192.168.1.5/24 rule 4 permit 0.0.0.0 255.255.255.255

Object to be matched Basic Permitted IP addresses

ACL
rule 1: permits packets with the source IP address 192.168.1.1.
rule 2: permits packets with the source IP address 192.168.1.2.
Does "permit" mean that traffic rule 3: denies packets with the source IP address 192.168.1.3.
rule 4: permits packets from all other IP addresses.
is allowed to pass?

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

ACL Matching Position

Data packet

Configure an ACL on the interface. Configure an ACL on the interface.

To enable the ACL to take effect for the To enable the ACL to take effect for the
data packet shown in the figure, data packet shown in the figure,
apply the ACL to the inbound direction. apply the ACL to the outbound direction.

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 ACL Composition ACL Classification ACL Matching Rules

Inbound and Outbound Directions

Inbound Outbound
Data packet

Is the ACL
applied to the No
Route the data Is a matching No
Data packet interface's packet.
inbound route entry
direction? available?

No
Yes
Yes

Yes Is the ACL

Does the ACL applied to the Yes Does the Yes
permit the data Route the data
packet to the outbound ACL permit
packet? interface's the data
outbound interface.
outbound packet?
direction?
No
No

Data packet Data packet

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. ACL Overview

2. Basic Concepts and Working Mechanism of ACLs

3. Basic Configurations and Applications of ACLs

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Configuration Commands of Basic ACLs
1. Create a basic ACL.

[Huawei] acl [ number ] acl-number [ match-order config ]

Create a numbered basic ACL and enter its view.

[Huawei] acl name acl-name { basic | acl-number } [ match-order config ]

Create a named basic ACL and enter its view.

2. Configure a rule for the basic ACL.

[Huawei-acl-basic-2000] rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | time-
range time-name ]

In the basic ACL view, you can run this command to configure a rule for the basic ACL.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case: Use a Basic ACL to Filter Data Traffic
1. Configure IP addresses and routes on the router.

192.168.1.0/24 Router 2. Create a basic ACL on the router to prevent the network
GE 0/0/1 GE 0/0/2 Server segment 192.168.1.0/24 from accessing the network where
10.1.1.1/24 the server resides.

[Router] acl 2000

[Router-acl-basic-2000] rule deny source 192.168.1.0 0.0.0.255
192.168.2.0/24
[Router-acl-basic-2000] rule permit source any
• Requirements:
To prevent the user host on the network segment 3. Configure traffic filtering in the inbound direction of GE
192.168.1.0/24 from accessing the network where 0/0/1.
the server resides, configure a basic ACL on the
router. After the configuration is complete, the ACL [Router] interface GigabitEthernet 0/0/1

filters out the data packets whose source IP [Router-GigabitEthernet0/0/1] traffic-filter inbound acl 2000

addresses are on the network segment [Router-GigabitEthernet0/0/1] quit

192.168.1.0/24 and permits other data packets.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Configuration Commands of Advanced
ACLs (1)
1. Create an advanced ACL.

[Huawei] acl [ number ] acl-number [ match-order config ]

Create a numbered advanced ACL and enter its view.

[Huawei] acl name acl-name { advance | acl-number } [ match-order config ]

Create a named advanced ACL and enter its view.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Configuration Commands of Advanced
ACLs (2)
2. Configure a rule for the advanced ACL.
You can configure advanced ACL rules according to the protocol types of IP packets. The parameters vary according
to the protocol types.

▫ When the protocol type is IP, the command format is:

rule [ rule-id ] { deny | permit } ip [ destination { destination-address destination-wildcard | any } | source { source-address
source-wildcard | any } | time-range time-name | [ dscp dscp | [ tos tos | precedence precedence ] ] ]

In the advanced ACL view, you can run this command to configure a rule for the advanced ACL.

▫ When the protocol type is TCP, the command format is:

rule [ rule-id ] { deny | permit } { protocol-number | tcp } [ destination { destination-address destination-wildcard | any } |
destination-port { eq port | gt port | lt port | range port-start port-end } | source { source-address source-wildcard | any } | source-
port { eq port | gt port | lt port | range port-start port-end } | tcp-flag { ack | fin | syn } * | time-range time-name ] *

In the advanced ACL view, you can run this command to configure a rule for the advanced ACL.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case: Use Advanced ACLs to Prevent User Hosts on
Different Network Segments from Communicating (1)

GE 0/0/1 1. Configure IP addresses and routes on the router.

R&D department 10.1.1.1/24
2. Create ACL 3001 and configure rules for the ACL to deny packets
10.1.1.0/24
Router from the R&D department to the marketing department.
Internet

[Router] acl 3001

GE 0/0/2
10.1.2.1/24 [Router-acl-adv-3001] rule deny ip source 10.1.1.0 0.0.0.255
destination 10.1.2.0 0.0.0.255
Marketing department
10.1.2.0/24 [Router-acl-adv-3001] quit

Requirements:
• The departments of a company are connected through the 3. Create ACL 3002 and configure rules for the ACL to deny packets
router. To facilitate network management, the administrator from the marketing department to the R&D department.
allocates IP addresses of different network segments to the
R&D and marketing departments.
[Router] acl 3002
• The company requires that the router prevent the user
hosts on different network segments from communicating [Router-acl-adv-3002] rule deny ip source 10.1.2.0 0.0.0.255
to ensure information security. destination 10.1.1.0 0.0.0.255
[Router-acl-adv-3002] quit

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case: Use Advanced ACLs to Prevent User Hosts on
Different Network Segments from Communicating (2)

GE 0/0/1 4. Configure traffic filtering in the inbound direction of GE 0/0/1 and

R&D department 10.1.1.1/24 GE 0/0/2.
10.1.1.0/24
Router Internet
[Router] interface GigabitEthernet 0/0/1
GE 0/0/2 [Router-GigabitEthernet0/0/1] traffic-filter inbound acl 3001
10.1.2.1/24
[Router-GigabitEthernet0/0/1] quit
Marketing department
10.1.2.0/24
[Router] interface GigabitEthernet 0/0/2
Requirements: [Router-GigabitEthernet0/0/2] traffic-filter inbound acl 3002
• The departments of a company are connected through the [Router-GigabitEthernet0/0/2] quit
router. To facilitate network management, the administrator
allocates IP addresses of different network segments to the
R&D and marketing departments.
• The company requires that the router prevent the user
hosts on different network segments from communicating
to ensure information security.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Single) Which one of the following rules is a valid basic ACL rule? ( )
A. rule permit ip

B. rule deny ip

C. rule permit source any

D. rule deny tcp source any

2. Which parameters can you use to define advanced ACL rules?

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 ACL is a widely used network technology. Its principle is as follows: packets are
matched against configured ACL rules and actions are taken on the packets as
configured in the ACL rules. The matching rules and actions are configured based on
network requirements. Due to the variety of matching rules and actions, ACLs can
implement a lot of functions.

 ACLs are often used with other technologies, such as firewall, routing policy, QoS, and
traffic filtering.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
● User management is one of the most basic security management requirements for
any network.

● Authentication, authorization, and accounting (AAA) is a management framework that provides a

security mechanism for authorizing some users to access specified resources and recording the
operations of these users. AAA is widely used because of its good scalability and easy
implementation of centralized management of user information. AAA can be implemented
through multiple protocols. In actual applications, the Remote Authentication Dial-In User
Service (RADIUS) protocol is the most commonly used to implement AAA.

● This course describes the basic concepts, implementation, basic configurations, and typical
application scenarios of AAA.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
● Upon completion of this course, you will be able to:
▫ Understand the fundamentals of AAA.

▫ Describe the application scenarios of AAA.

▫ Understand the fundamentals of RADIUS.

▫ Get familiar with the basic configurations of AAA.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. AAA Overview

2. AAA Configuration

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts of AAA
● Authentication, authorization, and accounting (AAA) provides a management mechanism for network
security.

Step 1 Step 2 Step 3 Step 4

User identity Authentication Authorization Accounting

Identifies users by Identifies and Determines whether Checks and records

information such as authenticates users the access is granted access information.
the account and who attempt to authorization.
password. access resources.

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common AAA Architecture
● A common AAA architecture includes the user, network access server (NAS), and AAA server.

Use
• The NAS collects and manages user access
r
requests in a centralized manner.
• Multiple domains are created on the NAS to manage
User 1@Domain 1 users. Different domains can be associated with
different AAA schemes, which include the
IP Network IP Network authentication scheme, authorization scheme, and
accounting scheme.
NA • When receiving a user access request, the NAS
User 2@Domain 2 AAA
S Server determines the domain to which the user belongs
based on the username and performs user
management and control based on the AAA
Common AAA architecture
User 3@Domain 3 schemes configured for the domain.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Authentication
● AAA supports the following authentication modes: non-authentication, local authentication, and remote
authentication.

User 1@Domain 1 IP Network

IP Network
Username and password User 3's username and password

Returning an authentication result

User 2@Domain 2 NAS AAA Server

User Domain Authentication Mode

User 3@Domian 3 User 1@Domain 1 Domain 1 Non-authentication

User 2@Domain 2 Domain 2 Local authentication

User 3@Domain 3 Domain 3 Remote authentication

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Authorization
● AAA supports the following authorization modes: non-authorization, local authorization, and remote
authorization.

● Authorization information includes the user group, VLAN ID, and ACL number.

User 1@Domain 1 IP Network

IP Network Delivers permissions to user 2 after
authentication succeeds.

User 2@Domain 2 NAS AAA Server

User Domain Authorization Mode Authorization Content

User 1@Domain 1 Domain 1 Non-authorization None
User 3@Domain 3
User 2@Domain 2 Domain 2 Local authorization Internet access is allowed.
Authorization is granted by a
User 3@Domain 3 Domain 3 Remote authorization
remote server.

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Accouting
● The accounting function monitors the network behavior and network resource utilization of
authorized users.

● AAA supports two accounting modes: non-accounting and remote accounting.

User 1@Domain 1 IP Network

IP Network
Accounting-Start request

Accounting-Start response
User 2@Domain 2 NAS AAA Server

User Domain Accounting Mode

User 1@Domain 1 Domain 1 Non-accounting

User 3@Domain 3
User 2@Domain 2 Domain 2 Non-accounting

User 3@Domain 3 Domain 3 Remote accounting

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AAA Implementation Protocol - RADIUS
● Of the protocols that are used to implement AAA, RADIUS is the most commonly used.

User NAS RADIUS Server

The user enters a username and a password.
Access-Request
The authentication is accepted or rejected, and the
corresponding packet is delivered.
The user is notified of the authentication result.
Accounting-Start request
Accounting-Start response

The user starts to access network resources.

The user requests to go offline.

Accounting-Stop request

The user is notified of the completion of Accounting-Stop response

network access.

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Common AAA Application Scenarios
Local Authentication and Authorization for
AAA for Internet Access Users Through RADIUS
Administrative Users

Login through Telnet/SSH

RADIUS Network administrator Router

Internet access user NA
server (NAS)
S
• AAA schemes are configured on the NAS to implement interworking • After local AAA schemes are configured on Router, Router compares
between the NAS and RADIUS server. the username and password of the network administrator with the
• After the user enters a username and a password on the client, the locally configured username and password when the network
NAS sends the username and password to the RADIUS server for administrator logs in to Router.
authentication. • After the authentication succeeds, Router grants certain
• If the authentication succeeds, the user is granted the Internet administrator permissions to the network administrator.
access permission.
• The RADIUS server can record the user's network resource
utilization during Internet access.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. AAA Overview

2. AAA Configuration

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AAA Configuration (1)
1. Enter the AAA view.

[Huawei] aaa

Exit the system view and enter the AAA view.

2. Create an authentication scheme.

[Huawei-aaa] authentication-scheme authentication-scheme-name

Create an authentication scheme and enter the authentication scheme view.

[Huawei-aaa-authentication-scheme-name] authentication-mode { hwtacacs | local | radius }

Set the authentication mode to local authentication. By default, the authentication mode is local authentication.

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AAA Configuration (2)
3. Create a domain and bind an authentication scheme to the domain.

[Huawei-aaa] domain domain-name

Create a domain and enter the domain view.
[Huawei-aaa-domain-name] authentication-scheme authentication-scheme-name
Bind the authentication scheme to the domain.

4. Create a user.

[Huawei-aaa] local-user user-name password cipher password

Create a local user and configure a password for the local user.
• If the username contains a delimiter "@", the character before "@" is the username and the character after "@"
is the domain name.
• If the value does not contain "@", the entire character string represents the username and the domain name is
the default one.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AAA Configuration (3)
5. Configure a user access type.

[Huawei-aaa] local-user user-name service-type { { terminal | telnet | ftp | ssh | snmp | http } | ppp | none }

Configure the access type of the local user. By default, all access types are disabled for a local user.

6. Configure a user level.

[Huawei-aaa] local-user user-name privilege level level

Specify the permission level of the local user.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AAA Configuration Examples
● After a user password and a user level are configured on R1, host A can use the configured
username and password to remotely log in to R1.

Host A R1
GE 0/0/0
10.1.1.1/24

[R1]aaa

[R1-aaa]local-user huawei password cipher huawei123

[R1-aaa]local-user huawei service-type telnet

[R1-aaa]local-user huawei privilege level 0

[R1]user-interface vty 0 4

[R1-ui-vty0-4]authentication-mode aaa

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Verification (1)
● In AAA, each domain is associated with an authentication scheme, an authorization scheme,
and an accounting scheme. In this example, the default domain is used.
[R1]display domain name default_admin

Domain-name: default_admin

Domain-state: Active

Authentication-scheme-name: default

Accounting-scheme-name: default

Authorization-scheme-name: -

Service-scheme-name: -

RADIUS-server-template: -

HWTACACS-server-template: -

User-group: -

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Verification (2)
● After the user properly logs in and logs out, you can view the user record.

[R1]display aaa offline-record all

-------------------------------------------------------------------

User name: huawei

Domain name: default_admin

User MAC: 00e0-fc12-3456

User access type: telnet

User IP address: 10.1.1.2

User ID: 1

User login time: 2019/12/28 17:59:10

User offline time: 2019/12/28 18:00:04

User offline reason: user request to offline

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What authentication, authorization, and accounting modes are supported by AAA?
2. When a new common user is configured with local authentication but is not associated with a
user-defined domain, which domain does the user belong to?

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
● AAA improves enterprise network security and prevents unauthorized users from logging in to
enterprise networks by authenticating the identities of enterprise employees and external users,
authorizing accessible resources, and monitoring Internet access behavior.
▫ Authentication: determines which users can access the network.

▫ Authorization: authorizes users to access specific services.

▫ Accounting: records network resource utilization.

● AAA technology can be implemented either locally or through a remote server.

● Of the protocols that are used to implement AAA, RADIUS is the most commonly used.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 With the development of the Internet and the increase of network applications, limited
public IPv4 addresses have become the bottleneck of network development. To solve
this problem, Network Address Translation (NAT) was introduced.
 NAT enables hosts on an internal network to access an external network. It not only
helps alleviate IPv4 address shortage but also improves the security of the internal
network as NAT prevents devices on the external network from directly communicating
with hosts on the internal network that uses private addresses.
 This course describes the motivation behind NAT, and implementations and application
scenarios of different types of NAT.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
▫ Understand the motivation behind NAT.

▫ Master NAT classification and implementations.

▫ Master NAT selection in different scenarios.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. NAT Overview

2. Static NAT

3. Dynamic NAT

4. NAPT and Easy IP

5. NAT Server

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Motivation Behind NAT
 As the number of Internet users increases, public IPv4 addresses become scarcer.
 What's worse, uneven allocation of these addresses has resulted in a severe shortage of available public
IPv4 addresses in some areas.
 To overcome public IPv4 address shortage, it is necessary to use transition technologies.

0
Internet users Public IPv4 addresses

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Private IP Addresses
 Public IP addresses: managed and allocated by a dedicated organization and can be used for direct communication on
the Internet

 Private IP addresses: can be used by organizations or individuals randomly on internal networks, but cannot be used for
direct communication on the Internet

 The following Class A, B, and C addresses are reserved as private IP addresses:

▫ Class A: 10.0.0.0–10.255.255.255

▫ Class B: 172.16.0.0–172.31.255.255

▫ Class C: 192.168.0.0–192.168.255.255 Small-scale School campus

Enterprise office factory park network
campus 192.168.1.0/16 10.0.0.0/8

Coffee shop Home network

192.168.1.0/16
Internet 192.168.1.0/16

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NAT Implementation
 NAT: translates IP addresses in IP data packets. It is widely used on live networks and is usually deployed on network
egress devices, such as routers or firewalls.

 Typical NAT application scenario: Private addresses are used on private networks (enterprises or homes), and NAT is
deployed on egress devices. For traffic from an internal network to an external network, NAT translates the source
addresses of the data packets into specific public addresses. For traffic from an external network to an internal network,
NAT translates the destination address of the data packets.

 NAT+private addresses effectively conserve public IPv4 addresses.

Private network
1 Source IP: 192.168.1.10 2 Source IP: 122.1.2.1
Destination IP: 200.1.2.3 Destination IP: 200.1.2.3

192.168.1.254 122.1.2.1 Internet

PC NAT Web server
192.168.1.10/24 4 Source IP: 200.1.2.3 3 Source IP: 200.1.2.3 200.1.2.3
Destination IP: 192.168.1.10 Destination IP: 122.1.2.1

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. NAT Overview

2. Static NAT

3. Dynamic NAT

4. NAPT and Easy IP

5. NAT Server

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Static NAT Implementation
 Static NAT: A private IP address is mapped to a fixed public IP address.

 Bidirectional access: When an internal host with a private IP address accesses the Internet, the egress NAT device
translates the private IP address into a public IP address. Similarly, when an external network device sends packets to
access an internal network, the NAT device translates the public address (destination address) carried in the packets
into a private address.

Private network

192.168.1.1/24

122.1.2.1
Internet
192.168.1.254
192.168.1.2/24 NAT NAT mapping table Web server
------------------------------- 200.1.2.3
Private Address Public
Address
192.168.1.1 122.1.2.1
192.168.1.3/24
192.168.1.2 122.1.2.2
192.168.1.3 122.1.2.3

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Static NAT Example
1 Source IP: 192.168.1.1 2 Source IP: 122.1.2.1
Destination IP: 200.1.2.3 Destination IP: 200.1.2.3 The source address 192.168.1.1 is translated into
122.1.2.1 for Internet access.
The destination IP address 122.1.2.1 of the packet
returned from the Internet is translated into
4 Source IP: 200.1.2.3 3 Source IP: 200.1.2.3 192.168.1.1.
Destination IP: 192.168.1.1 Destination IP: 122.1.2.1
192.168.1.1/24

122.1.2.1 Web server

Internet 200.1.2.3
192.168.1.254
192.168.1.2/24 NAT

External host
2 Source IP: 202.1.2.3 1 Source IP: 202.1.2.3 202.1.2.3
192.168.1.3/24 Destination IP: 192.168.1.3 Destination IP: 122.1.2.3
When the external host sends a packet to
proactively access 122.1.2.3, the destination
address of the packet is translated into 192.168.1.3
3 Source IP: 192.168.1.3 4 Source IP: 122.1.2.3 by the egress device through NAT.
Destination IP: 202.1.2.3 Destination IP: 202.1.2.3 The source IP address of the packet sent from
192.168.1.3 is translated into 122.1.2.3 by NAT
when the packet passes through the egress device.

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Static NAT
1. Method 1: Configure static NAT in the interface view.

[Huawei-GigabitEthernet0/0/0] nat static global { global-address} inside {host-address }

global { global-address} is used to configure an external public IP address, and inside {host-address } is used to
configure an internal private IP address.
2. Method 2: Configure static NAT in the system view.

[Huawei] nat static global { global-address} inside {host-address }

The command format in the system view is the same as that in the interface view. After this configuration, enable
static NAT on a specific interface.

[Huawei-GigabitEthernet0/0/0] nat static enable

This command enables static NAT on the interface.

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring Static NAT
Private network

192.168.1.1/24

Internet
192.168.1.254 GE0/0/1
192.168.1.2/24 R1 122.1.2.1 Web server
NAT 200.1.2.3

192.168.1.3/24

• Configure static NAT on R1 to map private addresses of internal hosts to public addresses in one-to-one mode.

[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ip address 122.1.2.1 24
[R1-GigabitEthernet0/0/1]nat static global 122.1.2.1 inside 192.168.1.1
[R1-GigabitEthernet0/0/1]nat static global 122.1.2.2 inside 192.168.1.2
[R1-GigabitEthernet0/0/1]nat static global 122.1.2.3 inside 192.168.1.3

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. NAT Overview

2. Static NAT

3. Dynamic NAT

4. NAPT and Easy IP

5. NAT Server

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Dynamic NAT Implementation
 Dynamic NAT: A private IP address is mapped to a public IP address from a NAT address pool containing a group of public IP addresses.
Static NAT strictly maps addresses in one-to-one mode. As a result, even if an internal host is offline for a long time or does not send data,
the public address is still occupied by the host.

 Dynamic NAT prevents such address wastes. When an internal host accesses an external network, an available IP address in a NAT
address pool is temporarily assigned to the host and marked as In Use. When the host no longer accesses the external network, the
assigned IP address is reclaimed and marked as Not Use.
NAT address pool
--------------------
Private network 122.1.2.1 Not Use
122.1.2.2 Not Use

192.168.1.1/24 122.1.2.3 Not Use

122.1.2.1
Internet
192.168.1.254
192.168.1.2/24 NAT Web server
200.1.2.3

192.168.1.3/24

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Dynamic NAT Example (1)
Step 1
Selects an unused address in the address
pool as the post-translated address and
1 Source IP: 192.168.1.1 marks the address as In Use.
Destination IP: 200.1.2.3 NAT address pool
--------------------
122.1.2.1 In Use 2 Source IP: 122.1.2.2
Select 122.1.2.2 Not Use Destination IP: 200.1.2.3
192.168.1.1/24 122.1.2.3 Not Use

Internet
192.168.1.2/24 NAT Step 2 Web server
Generates a temporary NAT mapping 200.1.2.3
table.

192.168.1.3/24 NAT mapping table

Public
Private Address
Address
192.168.1.1 122.1.2.2
192.168.1.2 122.1.2.1

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Dynamic NAT Example (2)
Searches the NAT mapping table for the
desired private IP address based on the
public IP address and translates the
destination IP address of the IP data
packet into the private address.
4 Source IP: 200.1.2.3
Destination IP: 192.168.1.1 NAT mapping table
----------------------------- 3 Source IP: 200.1.2.3
Private Public Address Destination IP: 122.1.2.2
Address
Match
192.168.1.1 122.1.2.2
192.168.1.1/24 192.168.1.2 122.1.2.1

Internet
192.168.1.2/24 NAT Web server
200.1.2.3

192.168.1.3/24

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Dynamic NAT
1. Create an address pool.

[Huawei] nat address-group group-index start-address end-address

Configure a public address range. group-index specifies the address pool ID, and start-address and end-address
specify the start and end addresses of the address pool, respectively.

2. Configure an ACL rule for NAT.

[Huawei] acl number

[Huawei-acl-basic-number ] rule permit source source-address source-wildcard

Configure a basic ACL to match the source address range that requires dynamic NAT.

3. Configure outbound NAT with the address pool in the interface view.

[Huawei-GigabitEthernet0/0/0] nat outbound acl-number address-group group-index [ no-pat ]

Associate the ACL rule with the address pool for dynamic NAT on the interface. The no-pat parameter specifies that
port translation is not performed.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring Dynamic NAT
Private network

192.168.1.1/24

Internet
GE0/0/1
192.168.1.2/24 NAT Web server
R1 200.1.2.3

192.168.1.3/24

• Configure dynamic NAT on R1 to dynamically map private addresses of internal hosts to public addresses.

[R1]nat address-group 1 122.1.2.1 122.1.2.3

[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1 no-pat

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. NAT Overview

2. Static NAT

3. Dynamic NAT

4. NAPT and Easy IP

5. NAT Server

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NAPT Implementation
 Dynamic NAT does not translate port numbers. It belongs to No-Port Address Translation (No-PAT). In this mode, the mapping between
public and private addresses is still 1:1, which cannot improve public address utilization.

 Network Address and Port Translation (NAPT): translates both IP addresses and port numbers from multiple internal hosts to one public IP
address in an address pool. In this way, 1:n mapping between public and private addresses is implemented, which effectively improves
public address utilization. NAT address pool
Private network --------------------
122.1.2.1
122.1.2.2
192.168.1.1/24 122.1.2.3
122.1.2.1
Internet
192.168.1.25
192.168.1.2/24 4 NAT Web server
200.1.2.3
NAT mapping table
-------------
192.168.1.3/24 Private IP Public IP Address:Port
Address:Port Number Number
192.168.1.1:10321 122.1.2.2:1025
192.168.1.2:17087 122.1.2.2:1026

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NAPT Example (1)

Step 1
1 Source: 192.168.1.1:10321 NAT address
Selects an address from the address
Destination: 200.1.2.3:80 pool and translates both the source
pool IP address and port number. 2 Source: 122.1.2.2:1025
------------- Destination: 200.1.2.3:80
122.1.2.1
Select 122.1.2.2
192.168.1.1/24 122.1.2.3

Internet
192.168.1.2/24 NAT Step 2 Web server
Generates a temporary NAT mapping table, which 200.1.2.3
records:
[Source IP address:port number before translation],
[IP address:port number after translation].
192.168.1.3/24
Mapping table
-------------
Private IP Public IP
Address:Port Number Address:Port Number
192.168.1.1:10321 122.1.2.2:1025
192.168.1.2:17087 122.1.2.2:1026

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NAPT Example (2)
Searches the NAT mapping table for the desired
private IP address and port number based on the
public IP address and port number, and
translates the destination IP address and port
4 Source: 200.1.2.3:80 number of the IP data packet.
Destination: 192.168.1.1:10321
NAT mapping table
-------------
Private IP Public IP Address:Port 3 Source: 200.1.2.3:80
Address:Port Number Number
Destination: 122.1.2.2:1025
192.168.1.1:10321 122.1.2.2:1025 Match
192.168.1.2:17087 122.1.2.2:1026
192.168.1.1/24

Internet
192.168.1.2/24 NAT Web server
200.1.2.3

192.168.1.3/24

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring NAPT
Private network

192.168.1.1/24

GE0/0/1 Internet
192.168.1.254
192.168.1.2/24 NAT Web server
R1 200.1.2.3

192.168.1.3/24

• Configure NAPT on R1 to allow all hosts with private IP addresses on the internal
network to access the public network through 122.1.2.1.
[R1]nat address-group 1 122.1.2.1 122.1.2.1
[R1]acl 2000
[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[R1-acl-basic-2000]quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Easy IP
 Easy IP: translates both IP addresses and transport-layer port numbers. The implementation of Easy IP is the same as
that of NAPT. The difference is that Easy IP does not involve address pools. It uses an interface address as a public
address for NAT.

 Easy IP applies to scenarios where public IP addresses are not fixed, such as scenarios where public IP addresses are
dynamically obtained by egress devices on private networks through DHCP or PPPoE dialup.

Private network

192.168.1.1/24

122.1.2.1
Internet
192.168.1.25
192.168.1.2/24 4 NAT Web server
200.1.2.3
NAT mapping table
-------------
Private IP Public IP
192.168.1.3/24 Address:Port Number Address:Port Number
192.168.1.1:10321 122.1.2.1:1025
192.168.1.2:17087 122.1.2.1:1026

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring Easy IP
Private network

192.168.1.1/24

GE0/0/1 Internet
192.168.1.254
192.168.1.2/24 NAT Web server
R1 200.1.2.3

192.168.1.3/24

• Configure Easy IP on R1 to allow all hosts with private IP addresses on the internal network to
access the public network through 122.1.2.1.

[R1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255

[R1-acl-basic-2000]quit
[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. NAT Overview

2. Static NAT

3. Dynamic NAT

4. NAPT and Easy IP

5. NAT Server

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NAT Server
 NAT Server: maps an internal server to a public network through a one-to-one mapping between a [public IP
address:port number] and a [private IP address:port number]. This function is used when the internal server needs
to provide services for the public network.

 An external host proactively accesses the [public IP address:port number] to communicate with the internal server.

Private network

122.1.2.1
Internet
192.168.1.254
Web server NAT 200.1.2.3
192.168.1.10
NAT mapping table
-----------------------
Private IP Public IP
Address:Port Address:Port
Number Number
192.168.1.10:80 122.1.2.1:80

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NAT Server Example
Searches the NAT mapping table for the
desired private address:port number based on
the public address:port number, and translates
the destination address:port number of the IP
2 Source: 200.1.2.3:47819 data packet to the private address:port number.
Destination: 192.168.1.10:80
NAT mapping table
----------------- 1 Source: 200.1.2.3:47819
Private IP Public IP Destination: 122.1.2.1:80
Address:Port Number Address:Port Number

192.168.1.10:80 122.1.2.1:80 Match

122.1.2.1
Internet
192.168.1.254
Web server NAT 200.1.2.3
192.168.1.10
4 Source: 122.1.2.1:80
3 Source: 192.168.1.10:80 Destination: 202.1.2.3:47819
Destination: 202.1.2.3:47819 Reversely translates
the source IP
address:port number
based on the NAT
mapping table.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring NAT Server
Private network

122.1.2.1
Internet
192.168.1.254
Web server NAT 200.1.2.3
192.168.1.10

• Configure NAT Server on R1 to map the internal server's IP address 192.168.1.10 and port
number 80 to the public IP address 122.1.2.1 and port number 8080.

[R1]interface GigabitEthernet0/0/1
[R1-GigabitEthernet0/0/1]ip address 122.1.2.1 24
[R1-GigabitEthernet0/0/1]nat server protocol tcp global 122.1.2.1 www inside 192.168.1.10 8080

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What types of NAT can enable external devices to proactively access an internal server?

2. What are the advantages of NAPT over No-PAT?

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 Using private addresses on private networks and using NAT at the network egress
effectively reduce the number of required public IPv4 addresses. NAT effectively
alleviates the shortage of public IPv4 addresses.

 Dynamic NAT, NAPT, and Easy IP provide source address translation for private
network hosts to access the public network.

 NAT Server enables internal servers to provide services for public networks.

 Static NAT provides one-to-one mapping and supports bidirectional communication.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 The Internet has become an integral part of our lives, with a wide range of applications
such as file transfer, email sending, online video, web browsing, and online gaming.
Because of the layered network model, common users can use various services
provided by the application layer, without knowing technical details such as
communication technology implementations.
 In previous courses, we have learned technologies related to the data link layer,
network layer, and transport layer. This chapter will describe common network services
and applications such as FTP, DHCP, and HTTP.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
 Understand FTP fundamentals.
 Understand TFTP fundamentals.
 Understand DHCP fundamentals.
 Understand Telnet fundamentals.
 Understand HTTP fundamentals.
 Understand DNS fundamentals.
 Understand NTP fundamentals.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. File Transfer
▪ FTP
▫ TFTP

2. Telnet

3. DHCP

4. HTTP

5. DNS

6. NTP

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 File Transfer Protocols

 File transfer between hosts is an important function of IP networks. Nowadays, people can conveniently transfer files
using web pages and mailboxes.

 However, in the early Internet era when the World Wide Web (WWW) did not come into being and operating systems
used command-line interfaces, people transferred files via command-line tools. The most commonly used protocols for
transferring files at that time are File Transfer Protocol (FTP) and Trivial File Transfer Protocol (TFTP).

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts of FTP

ASCII mode

Binary mode

FTP client FTP server

 FTP adopts the typical client/server (C/S) architecture. After an FTP client establishes a TCP connection with an
FTP server, files can be uploaded and downloaded.
 FTP uses different transfer modes based on the file type:
 ASCII mode: When a text file (in TXT, LOG, or CFG format) is transferred, the encoding mode of the text content is converted
to improve the transfer efficiency. This mode is recommended for transferring configuration files and log files of network
devices.
 Binary mode: Non-text files (in CC, BIN, EXE, or PNG format), such as images and executable programs, are transferred in
binary mode. This mode is recommended for transferring version files of network devices.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 FTP Transfer Process - Active Mode
• FTP works in two modes: active mode (PORT) and passive mode (PASV).

The FTP client initiates a TCP three-way

FTP client handshake with TCP port 21 on the FTP server FTP server
to set up a control connection.

User login authentication

The FTP client sends the PORT command to the

FTP server, instructing it to open port P (random
port; P > 1024).

The FTP server (port 20) initiates a TCP three-

way handshake with TCP port P on the FTP
client to set up a TCP connection.

File transfer

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 FTP Transfer Process - Passive Mode

The FTP client initiates a TCP three-way

FTP client handshake with TCP port 21 on the FTP server FTP server
to set up a control connection.

User login authentication

The FTP client sends the PASV command.

The FTP server sends the Enter PASV

command to the FTP client, instructing it
to open port N (random port; N > 1024).

The FTP client initiates a TCP three-way

handshake with TCP port N on the FTP server to
set up a TCP connection.

File transfer

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (Device as FTP Server)
A user accesses a device through FTP.

1. Enable the FTP server function.

[Huawei]ftp [ ipv6 ] server enable

By default, the FTP server function is disabled.

2. Configure a local FTP user.

[Huawei]aaa
[Huawei]local-user user-name password irreversible-cipher password
[Huawei]local-user user-name privilege level level
[Huawei]local-user user-name service-type ftp
[Huawei]local-user user-name ftp-directory directory

The privilege level must be set to level 3 or higher. Otherwise, the FTP connection fails.

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (Device as FTP Client)
1. A VRP device that functions as an FTP client accesses an FTP server.
<FTP Client>ftp 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1.
220 FTP service ready.
User(10.1.1.1:(none)):ftp
331 Password required for ftp.
Enter password:
230 User logged in.

2. Common commands used when the VRP device functions as an FTP client.
ascii Set the file transfer type to ASCII, and it is the default type
binary Set the file transfer type to support the binary image
ls List the contents of the current or remote directory
passive Set the toggle passive mode, the default is on
get Download the remote file to the local host
put Upload a local file to the remote host

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Example
Configurations on the FTP server:
<Huawei> system-view
[Huawei] sysname FTP_Server
[FTP_Server] ftp server enable
[FTP_Server] aaa
[FTP_Server-aaa] local-user admin1234 password irreversible-cipher

FTP client FTP server Helloworld@6789

10.1.1.2 10.1.1.1 [FTP_Server-aaa] local-user admin1234 privilege level 15
[FTP_Server-aaa] local-user admin1234 service-type ftp
[FTP_Server-aaa] local-user admin1234 ftp-directory flash:

Operations on the FTP client:

• One router functions as the FTP server, and the other as the FTP
client. <FTP Client>ftp 10.1.1.1
[FTP Client-ftp]get sslvpn.zip
• Enable the FTP service on the FTP server and create an FTP 200 Port command okay.
login account. Then, the FTP client logs in to the FTP server and FTP: 828482 byte(s) received in 2.990 second(s) 277.08Kbyte(s)/sec.
runs the get command to download a file.

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. File Transfer
▫ FTP

▪ TFTP

2. Telnet

3. DHCP

4. HTTP

5. DNS

6. NTP

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts of TFTP
 Compared with FTP, TFTP is designed to transfer small files and is easier to implement.
 Using UDP (port 69) for transmission
 Authentication not required
 You can only request a file from or upload a file to the server, but cannot view the file directory on the
server.
TFTP
UDP
IP

TFTP client TFTP server

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 TFTP Transfer Example
Upload a File Download a File

Request for writing a file Request for reading a file

TFTP client TFTP server TFTP client TFTP server

File write confirmation File read confirmation

DATA 1 Client confirmation

DATA 1 ACK DATA 1

.
. DATA 1 ACK
.
DATA n .
.
.
DATA n ACK

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (Device as TFTP Client)
1. Download a file (VRP device functioning as a TFTP client).

<HUAWEI> tftp tftp_server get filename

You do not need to log in to the TFTP server, and only need to enter the IP address of the TFTP server and the
corresponding command.

2. Upload a file (VRP device functioning as a TFTP client).

<HUAWEI> tftp tftp_server put filename

You do not need to log in to the TFTP server, and only need to enter the IP address of the TFTP server and the
corresponding command.

Currently, VRP devices can function only as TFTP clients.

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. File Transfer

2. Telnet

3. DHCP

4. HTTP

5. DNS

6. NTP

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Application Scenario of Telnet
 To facilitate device management using commands, you can use Telnet to manage devices.
 Device management through Telnet is different from that using the console port. In Telnet-based device management
mode, no dedicated cable is required to directly connect to the console port of the Telnet server, as long as the Telnet
server’s IP address is reachable and Telnet clients can communicate with the Telnet server’s TCP port 23.
 The device that can be managed through Telnet is called the Telnet server, and the device connecting to the Telnet
server is called the Telnet client. Many network devices can act as both the Telnet server and Telnet client.

Telnet server

TCP connection
AP Router

IP network
Switch Firewall
Telnet client
...
Server

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 VTY User Interface
 When a user logs in to a device using the console port or Telnet, the system allocates a user interface to manage and
monitor the current session between the device and the user. A series of parameters can be set in each user interface
view to specify the authentication mode and user privilege level after login. After a user logs in to a device, user
operations that can be performed depend on the configured parameters.

 The user interface type of Telnet is virtual type terminal (VTY) user interface.
User interface
Authentication mode: local
VTY 0 User privilege: Level 15
1 Establish a Telnet connection VTY 1
VTY 2 3 Authenticate the Telnet
connection using the VTY
VTY 3
IP network configuration.

Telnet client Telnet server 2 Allocate an idle user interface with

the smallest number from the VTY
user interfaces.

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (1)
1. Enable the Telnet server function.

[Huawei] telnet server enable

The Telnet server function is enabled on the device (disabled by default). To disable this function, run the
undo telnet server enable command.
2. Enter the user view.

[Huawei] user-interface vty first-ui-number [ last-ui-number ]

The VTY user interface view is displayed. VTY user interfaces may vary according to device models.

3. Configure protocols supported by the VTY user interface.

[Huawei-ui-vty0-4]] protocol inbound { all | telnet | ssh}

By default, the VTY user interface supports Secure Shell (SSH) and Telnet.

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (2)
4. Configure the authentication mode and the authentication password in password authentication mode.

[Huawei-ui-vty0-4] authentication-mode {aaa | none | password}

[Huawei-ui-vty0-4] set authentication password cipher

By default, no default authentication mode is available. You need to manually configure an authentication mode.
The set authentication password cipher command implementation varies according to VRP versions. In some
versions, you need to press Enter and then enter the password. In other versions, you can directly enter the
password after the command.

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Example (1)

Telnet connection Configurations on the Telnet server:

<Huawei> system-view
IP network
[Huawei] telnet server enable
Telnet client Telnet server
10.1.1.1 10.1.1.2 [Huawei] aaa
[Huawei-aaa] local-user huawei password irreversible-cipher
Huawei@123
• Configure the router at 10.1.1.2 as the Telnet server and set the
[Huawei-aaa] local-user huawei privilege level 15
authentication mode to AAA local authentication. Create an
[Huawei-aaa] local-user huawei service-type telnet
account named huawei, set the password to Huawei@123,
[Huawei-aaa] quit
and set the privilege level to 15.
[Huawei] user-interface vty 0 4
• Log in to and manage the Telnet server through the Telnet [Huawei-ui-vty0-4] authentication-mode aaa
client.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Example (2)

Telnet connection Operations on the Telnet client:

<Host>telnet 10.1.1.2
IP network
Login authentication
Telnet client Telnet server
10.1.1.1 10.1.1.2
Username:huawei
Password:
• Configure the router at 10.1.1.2 as the Telnet server and set the
Info: The max number of VTY users is 5, and the number
authentication mode to AAA local authentication. Create an
of current VTY users on line is 1.
account named huawei, set the password to Huawei@123,
The current login time is 2020-01-08 15:37:25.
and set the privilege level to 15.
<Huawei>
• Log in to and manage the Telnet server through the Telnet
client.

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. File Transfer

2. Telnet

3. DHCP

4. HTTP

5. DNS

6. NTP

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Issues Faced by Manual Network Parameter
Configuration (1)
Too Many Hard-to-Understand Parameters Huge Workload

IPv4 address configuration:

Work Plan of
This Week
IP address . . . Address allocation
Mask Address allocation

Address configuration
Mask . . . Address configuration Network
administrator

Gateway . . .

• Common users are not familiar with network parameters and • Network administrators centrally configure network parameters,
misconfiguration often occurs, resulting in network access failure. with heavy workloads and repetitive tasks.
Random IP address configuration may cause IP address conflicts. • Network administrators need to plan and allocate IP addresses
to users in advance.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Issues Faced by Manual Network Parameter
Configuration (2)
Low Utilization Poor Flexibility

Offline user

Online user Moving

between
offices

Office A Office B

• On an enterprise network, each user uses a fixed IP address. As a • Wireless local area networks (WLANs) allow for flexible station
result, the IP address utilization is low, and some IP addresses (STA) access locations. When a STA moves from one wireless
may remain unused for a long time. coverage area to another, the IP address of the STA may need to
be reconfigured.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts of DHCP
DHCP Working Principle

• To overcome the disadvantages of the traditional static IP

configuration mode, the Dynamic Host Configuration
Request IP addresses
Protocol (DHCP) is developed to dynamically assign
suitable IP addresses to hosts.

DHCP server • DHCP adopts the client/server (C/S) architecture. Hosts

Assign IP addresses
do not need to be configured and can automatically obtain
IP addresses from a DHCP server. DHCP enables host
DHCP client plug-and-play after they are connected to the network.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 DHCP Advantages
Unified Management IP Address Lease

DHCP address request DHCP address request

DHCP address response

DHCP client

DHCP server DHCP client DHCP server

DHCP client

Pool-No 1 IP:192.168.1.10
DNS-server 10.1.1.2 | Gateway 10.1.2.1 Network mask:24
Network 10.1.2.0 | Mask 255.255.255.0 Gateway:192.168.1.1
Total Used DNS: 114.114.114.114
252 2 Lease: 8 hour

• IP addresses are obtained from the address pool on the DHCP server. The • DHCP defines the lease time to improve IP address utilization.
DHCP server records and maintain the usage status of IP addresses for
unified IP address assignment and management.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 DHCP Working Principle

Layer 2
broadcast
domain

DHCP client DHCP Discover (broadcast): used to discover the DHCP server
DHCP server on the current network.

Sent by the DHCP client DHCP Offer (unicast): carries the IP address
assigned to the client. Pool-No 1
Total Address 255

Sent by the DHCP server Used Address 2

DHCP Request (broadcast): informs the server that
it will use this IP address.

DHCP ACK (unicast): acknowledges the client’s use of

this IP address.

 Question: Why does a DHCP client need to send a DHCP Request packet to the DHCP server to notify its use
of a particular IP address after receiving a DHCP Offer packet?

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 DHCP Lease Renewal

Layer 2
broadcast
domain

DHCP client DHCP server

DHCP Request (unicast): requests the server
for an IP address lease renewal.
50% of the
Sent by the DHCP client Pool-No 1
lease
DHCP ACK (unicast): notifies the client that the Total Address 255
IP address can be renewed and the lease is
Sent by the DHCP server updated. Used Address 2
Lease 8 Hours

 If the DHCP client fails to receive a response from the original DHCP server at 50% of the lease (known
as T1), the DHCP client waits until 87.5% of the lease (known as T2) has passed. At T2, the client enters
the rebinding state, and broadcasts a DHCP Request packet, to which any DHCP server can respond.

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (1)
1. Enable DHCP.

[Huawei] dhcp enable

2. Enable the interface to use the interface address pool to provide the DHCP server function.

[Huawei-Gigabitthernet0/0/0]dhcp select interface

3. Specify a DNS server IP address for the interface address pool.

[Huawei-Gigabitthernet0/0/0]dhcp server dns-list ip-address

4. Configure the range of IP addresses that cannot be automatically assigned to clients from the interface address
pool.

[Huawei-Gigabitthernet0/0/0]dhcp server excluded-ip-address start-ip-address [ end-ip-address ]

5. Configure the lease of IP addresses in the interface address pool of the DHCP server.

[Huawei-Gigabitthernet0/0/0]dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited }

By default, the IP address lease is one day.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Commands (2)
6. Create a global address pool.

[Huawei]ip pool ip-pool-name

7. Specify the range of IP addresses that can be assigned dynamically in the global address pool.

[Huawei-ip-pool-2]network ip-address [ mask { mask | mask-length } ]

8. Configure the gateway address for DHCP clients.

[Huawei-ip-pool-2]gateway-list ip-address

9. Specify the DNS server IP address that the DHCP server delivers to DHCP clients.
[Huawei-ip-pool-2]dns-list ip-address

10. Set the IP address lease.

[Huawei-ip-pool-2] lease { day day [ hour hour [ minute minute ] ] | unlimited }

11. Enable the DHCP server function on the interface.
[Huawei-Gigabitthernet0/0/0]dhcp select global

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 DHCP Interface Address Pool Configuration

Requirement:
Layer 2
GE0/0/0
broadcast • Configure a router as the DHCP server, configure the subnet to
domain 10.1.1.1/24
which GE0/0/0 belongs as the address pool of DHCP clients,
DHCP client DHCP server
set the IP address of GE0/0/0 to that of the DNS server, and
set the lease to three days.

Configuration on the DHCP server:

[Huawei]dhcp enable Enable the DHCP service globally, enter the
[Huawei]interface GigabitEthernet0/0/0 interface view, associate the current interface
with the DHCP address pool, configure the
[Huawei-GigabitEthernet0/0/0]dhcp select interface
DNS address and excluded IP address
[Huawei-GigabitEthernet0/0/0]dhcp server dns-list 10.1.1.2 (excluding the interface IP address) in the
[Huawei-GigabitEthernet0/0/0]dhcp server excluded-ip-address 10.1.1.2 interface view, and configure the lease of the
[Huawei-GigabitEthernet0/0/0]dhcp server lease day 3 IP addresses assigned to clients.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 DHCP Global Address Pool Configuration

Requirement:

Layer 2 • Configure a router as the DHCP server and configure the

GE0/0/0
broadcast global address pool pool2 to assign IP addresses (on the
domain 10.1.1.1/24
DHCP server
subnet 1.1.1.0/24) to DHCP clients. Set both the gateway
DHCP client
address and DNS address to 1.1.1.1, set the lease to 10
days, and enable GE0/0/0 to use the global address pool.
Configuration on the DHCP server:
[Huawei]dhcp enable • Enable the DHCP service globally and
[Huawei]ip pool pool2 configure the global address pool pool2.
Info: It's successful to create an IP address pool.
Configure the address range, gateway
[Huawei-ip-pool-pool2]network 1.1.1.0 mask 24
[Huawei-ip-pool-pool2]gateway-list 1.1.1.1 address, DNS address, and lease for pool2.
[Huawei-ip-pool-pool2]dns-list 1.1.1.1 • Select the global address pool on a specific
[Huawei-ip-pool-pool2]lease day 10
interface (GE0/0/0). When GE0/0/0 receives
[Huawei-ip-pool-pool2]quit
[Huawei]interface GigabitEthernet0/0/0 a DHCP request, it assigns an IP address
[Huawei-GigabitEthernet0/0/1]dhcp select global from the global address pool.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. File Transfer

2. Telnet

3. DHCP

4. HTTP

5. DNS

6. NTP

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Web Page Access Using a Browser
The browser sends an HTTP request to the server
to obtain page resources.
www.huawei.com

The server returns the corresponding page content

through an HTTP response. Web server

HTTP request HTTP response

• When you enter a uniform resource locator (URL) in a browser, the browser can obtain data from a web server and
display the content on the page.

• Hypertext Transfer Protocol (HTTP): an application layer protocol for communication between a client browser or
another program and a web server

• HTTP adopts the typical C/S architecture, and uses TCP for transmission.

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Background

WWW

The WWW is comprised of the web servers and clients all over the world.

• In the early days of the Internet, World Wide Web (WWW) was proposed to share documents.
• The WWW consists of three parts: Hypertext Markup Language (HTML) for displaying document content in a browser, HTTP for transmitting
documents on the network, and URLs for specifying document locations on the network.
• WWW was actually the name of a client application for browsing HTML documents, and now represents a collection of technologies (HTML
+ HTTP + URL) and is commonly known as the Web.

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transfer Example (1)
HTTP request
HTTP response
Internet
Web client Web server

The URL www.servs_app.com/web/index.html is entered

in the address box of a browser. After obtaining the IP
address corresponding to the domain name through
DNS resolution, the client sends an HTTP request to the
server to request the page. GET /web/index.html HTTP /1.0
HOST:www.servs_app.com

www.servs_app.com/web/index.html

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Transfer Example (2)
HTTP request
HTTP response
Internet
Web client Web server
Web Server
Host:www.servs_app.com

GET /web/index.html HTTP /1.0 File System

HOST:www.servs_app.com
├── bin
www.servs_app.com/web/index.html ├── etc
├── sbin
├── share
└── web
Welcome to servs_app.com └── index.html
This is an HTML Example Page
HTTP /1.1 200 ok The server finds the locally
Index.html stored page file based on the
URL and sends the page file to
the client.

After receiving the HTTP response, the

browser parses and renders the received
HTML file, and then displays the page to the
user.

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. File Transfer

2. Telnet

3. DHCP

4. HTTP

5. DNS

6. NTP

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Birth of DNS
 When you enter a domain name in your browser to access a website, the domain name is resolved to an IP address.
The browser actually communicates with this IP address.
 The protocol used for resolving domain names to IP addresses is Domain Name System (DNS).
 Each node on the network has a unique IP address, and nodes can communicate with one another through IP
addresses. However, if all nodes communicate through IP addresses, it is difficult to remember so many IP addresses.
Therefore, DNS is proposed to map IP addresses to alphanumeric character strings (domain names).

Internet

Web client Web server

192.168.1.1 1.2.3.4

www.huawei.com 1.2.3.4
1 Domain name
resolution HTTP
Source IP: 192.168.1.1
Destination IP: 1.2.3.4

2 HTTP access request

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 DNS Components
 Domain name: a sequence of characters to identify hosts. In most cases, the URL entered in the browser
when you visit a website is the domain name of the website.
 DNS server: maintains the mappings between domain names and IP addresses and responds to requests
from the DNS resolver. Domain name info

Row 1
Internet
Row 2
DNS client DNS server
DNS request Row 3
DNS query: domain name A
DNS response
UDP

DNS reply: IP of domain name A is 1.1.1.1

UDP

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Domain Name Format
 The domain name is in the format of hostname.second-level domain.top-level domain.root domain. The
root domain is represented by a dot (.). Generally, the root domain is denoted by an empty name (that is,
containing no characters).
Root domain .

Top-level .com .net .cn .edu .org .gov

domain

Second-level
domain huawei

Hostname www The domain name of the host is www.huawei.com.

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 DNS Query Modes
 The DNS is a distributed system. The database of most DNS servers does not have all domain name records. When a
client queries a domain name from a DNS server but the DNS server does not have the record of the domain name, the
client can continue the query in either of the following ways:
 Recursive query: The DNS server queries other DNS servers and returns the query result to the DNS client.
 Iterative query: The DNS server informs the DNS client of the IP address of another DNS server, from which the DNS client queries
the domain name.

Recursive Query Iterative Query

DNS request DNS request
DNS response 1 DNS response 1
DNS server 1 DNS server 1

4 2
2 3

3
DNS client DNS client

4
DNS server 2 DNS server 2

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. File Transfer

2. Telnet

3. DHCP

4. HTTP

5. DNS

6. NTP

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Time Synchronization Requirements
 Consistent clock of all devices is required in many scenarios on enterprise campus networks:
 Network management: Analysis of logs or debugging messages collected from different routers needs time for
reference.
 Charging system: The clocks of all devices must be consistent.
 Several systems working together on the same complicate event: Systems have to take the same clock for reference
to ensure a proper sequence of implementation.
 Incremental backup between a backup server and clients: Clocks on the backup server and clients should be
synchronized.
 System time: Some applications need to know the time when users log in to the system and the time when files are
modified.

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NTP Overview
 If the administrator manually enters commands to change the system time for time synchronization, the
workload is heavy and the accuracy cannot be ensured. Therefore, the Network Time Protocol (NTP) is
designed to synchronize the clocks of devices.
 NTP is an application layer protocol belonging to the TCP/IP suite and synchronizes time between a group
of distributed time servers and clients. NTP is based on IP and UDP, and NTP packets are transmitted
using UDP on port number 123.
NTP server

Time synchronization

... NTP client

AP Router Switch Firewall Server PC

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NTP Network Structure
 Primary time server: directly synchronizes its clock with a standard reference clock through a cable or radio. Typically,
the standard reference clock is either a radio clock or the Global Positioning System (GPS).
 Stratum-2 time server: synchronizes its clock with either the primary time server or other stratum-2 time servers within
the network. Stratum-2 time servers use NTP to send time information to other hosts in a Local Area Network (LAN).
 Stratum: is a hierarchical standard for clock synchronization. It represents the precision of a clock. The value of a
stratum ranges from 1 to 15. A smaller value indicates higher precision. The value 1 indicates the highest clock
precision, and the value 15 indicates that the clock is not synchronized.

... AP Router Switch

Primary time server 1 Stratum-2 time server Stratum-2 time server

Stratum 1 Stratum 2 Stratum 3

Firewall Server PC

NTP client

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Which FTP mode is recommended for transferring log and configuration files on network
devices? Why?

2. Why does a DHCP client need to send a DHCP Request packet to the DHCP server to notify
its use of a particular IP address after receiving a DHCP Offer packet?

3. What are the functions of HTML, URL, and HTTP?

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 FTP is used to transfer files. You are advised to use different transfer modes for different
files. FTP is based on TCP and therefore can ensure the reliability and efficiency of file
transfer.

 Dynamically assigning IP addresses through DHCP reduces the workload of the

administrator and avoids IP address conflicts caused by manual configuration of network
parameters.

 As the document transfer protocol of WWW, HTTP is widely used in today's network for
encoding and transporting information between a client (such as a web browser) and a
web server.

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 Wired LANs are expensive and lack mobility. The increasing demand for portability and
mobility requires wireless local area network (WLAN) technologies.
 WLAN is now the most cost-efficient and convenient network access mode.
 This course introduces the development of WLAN in different phases, concepts related
to WLAN technologies, implementation and basic configurations of common WLAN
networking architectures, and WLAN development trends.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
▫ Understand basic concepts of WLAN and the history of the 802.11 protocol family.

▫ Learn about different WLAN devices.

▫ Distinguish between different WLAN networking architectures.

▫ Understand the WLAN working process.

▫ Complete basic WLAN configurations.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. WLAN Overview

2. Basic Concepts of WLAN

3. WLAN Fundamentals

4. WLAN Configuration Implementation

5. Next-Generation WLAN Solutions

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to WLAN
 A wireless local area network (WLAN) is constructed using wireless technologies. It uses high-frequency (2.4 GHz or 5
GHz) signals such as radio waves, lasers, and infrared rays to replace the traditional media used for transmission on a
wired LAN.

 WLAN technology allows users to easily access a wireless network and move around within the coverage of the wireless
network.

Router

Access
Wired Wireless
Point
Network Switch Network
Radio
signals
Switch

PC

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IEEE 802.11、WLAN and Wi-Fi
 IEEE 802.11 suites are standards for WLANs which are definded LAN WLAN
by the Institute of Electrical and Electronics Engineering (IEEE).
Ethernet Wi-Fi
 Wi-Fi Alliance was formed by a group of major manufacturers
IEEE 802.3 IEEE 802.11
and the logo "Wi-Fi" was created. The Wi-Fi standards are
WLAN technologies based on IEEE 802.11 standards.

• IEEE 802.11 Standards and Wi-Fi Generations

Frequency 2.4GHz 2.4GHz 2.4GHz、5GHz 2.4GHz & 5GHz 5GHz 5GHz 2.4GHz & 5GHz
Band
Throughput 2Mbit/s 11Mbit/s 54Mbit/s 300Mbit/s 1300Mbit/s 6.9Gbit/s 9.6Gbit/s

Standard 802.11 802.11b 802.11a、802.11g 802.11n 802.11ac wave1 802.11ac wave2 802.11ax

Wi-Fi Wi-Fi 1 Wi-Fi 2 Wi-Fi 3 Wi-Fi 4 Wi-Fi 5 Wi-Fi 6

Released In 1997 1999 2003 2009 2013 2015 2018

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Wi-Fi Development Trends in Office Scenarios
Early 1990s Late 1990s Today

Mobile 1.0 Mobile 2.0 Mobile 3.0

4K

VR/AR ...
All-wireless era
BYOD
Diversified terminals:
• Refined online service
Wireless office era • 802.11ax/ad...
Primary mobile office • VR/4K video
Mobile phone, tablet, and Ultrabook:
Laptop: • Video, voice, and data services
Fixed office • Voice and data services • A large number of real-time services
• 802.11b/a/g • 802.11n -> 802.11ac
Desktop computer:
• Data service Wireless networks as a
Wired and wireless integration All-wireless office, wireless-centric
supplement to wired networks

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. WLAN Overview

2. Basic Concepts of WLAN

3. WLAN Fundamentals

4. WLAN Configuration Implementation

5. Next-Generation WLAN Solutions

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts Wired Network Wireless Network

WLAN Devices
Home Enterprise
PoE Switch

Network

Wireless Router

AC (Access Controller)

AP (Access Point)

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts Wired Network Wireless Network

Basic WLAN Networking Architecture

Fat AP Architecture AC + Fit AP Architecture

Internet Internet

Campus
Egress Gateway
Campus
Egress Gateway Campus
Wired Network Network
Ethernet Protocols Campus
Network
AC

Fat AP Fit AP

Radio signal Radio signal

Wireless Network
802.11 Protocols STA STA

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts Wired Network Wireless Network

Agile Distributed Architecture

AC
Architecture Characteristics

• The agile distributed architecture divides an AP into a central AP

and remote units (RUs). The central AP can manage multiple
Central AP Central AP
RUs, which provides good coverage and reduces costs. RUs can
be used in the Fat AP, AC + Fit AP, and cloud management
RU RU
architectures.

• Application scope: densely distributed rooms

Room 1 Room 2 Room 3 Room N Room 1 Room 2 Room 3 Room N

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts Wired Network Wireless Network

CAPWAP
What Is a CAPWAP Tunnel?
Transfer:
Control information • Control And Provisioning of Wireless Access
User data A
C Campus
Points (CAPWAP): defines how to manage and
STA
Network configure APs. That is, an AC manages and controls
AP1 APs in a centralized manner through CAPWAP tunnels.

AP2
CAPWAP Tunnel Functions
APn • Maintains the running status of the AC and APs.
• Allows the AC to manage APs and deliver service
configurations to the APs.
STA
• Allows APs to exchange data sent by STAs with the AC
STA through CAPWAP tunnels when the tunnel forwarding
mode is used.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts Wired Network Wireless Network

AP-AC Networking
 The AP-AC networking modes are classified into Layer 2 networking and Layer 3 networking.

Layer 2 Networking Layer 3 Networking

• Layer 2 networking: APs are • Layer 3 networking: APs are

A connected to an AC directly or A connected to an AC across a
C across a Layer 2 network. C Layer 3 network.
• The Layer 2 networking • In the actual networking, an AC
Layer 2 features quick deployment. It is Layer 3 can connect to dozens or even
Network Network
applicable to simple or hundreds of APs, which is
temporary networking but not to usually complex. In most cases,
... large networking. ... the Layer 3 networking is used
AP1 APn AP1 APn on a large network.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts Wired Network Wireless Network

AC Connection Mode
 ACs can be connected in in-path or off-path mode.

In-Path Networking Off-Path Networking

Core Core • In the off-path networking, the

• In the in-path networking, the
Network Network AC connects to the network
APs, AC, and core network are
between APs and the core
connected in a chain. All data
A network, but does not directly
A destined for the core layer C
C IP connect to APs.
passes through the AC. Network • In this networking, the AC is
IP • In this networking, the AC also
connected to APs in off-path
Network functions as an aggregation
mode, the service data of APs
switch to forward and process
reaches the uplink network
... data traffic and management ...
without passing through the
AP1 APn traffic of APs. AP1 APn AC.

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Wireless
Basic Concepts Wired Network
Network

Wireless Communications System

 In a wireless communications system, information may be an image, a text, a sound, or the like. The
transmit device first applies source coding to convert information into digital signals that allow for circuit
calculation and processing, and then into radio waves by means of channel coding and modulation.

Channel
Source Coding Modulation (transmission Demodulation Decoding Sink
media)

Transmit device Receive device

Noise source

Wireless Communications System

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Wireless
Basic Concepts Wired Network
Network

Radio Wave
 A radio wave is an electromagnetic wave whose frequency is between 3 Hz and about 300 GHz. Radio
technology converts sound signals or other signals and transmits them by using radio waves.
 WLAN technology enables transmission of information by radio waves over the air. Currently, the WLAN
uses the following frequency bands:
▫ 2.4 GHz frequency band (2.4–2.4835 GHz)

▫ 5 GHz frequency band (5.15–5.35 GHz, 5.725–5.85 GHz)

2.4 GHz frequency band 5 GHz frequency band
IEEE 802.11b/g/n/ax IEEE 802.11a/n/ac/ax

• Radio wave spectrum:

Extremely Extremely
Super low Ultra low Very low Low Intermediate High Very high Ultra high Super high
low high
frequency frequency frequency frequency frequency frequency frequency frequency frequency
frequency frequency
(SLF) (ULF) (VLF) (LF) (IF) (HF) (VHF) (UHF) (SHF)
(ELF) (EHF)

3 30 300 3 30 300 3 30 300 3 30 300 Infrared, visible

light, ultraviolet
light, and ray
Hz kHz MHz GHz

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Wireless
Basic Concepts Wired Network
Network

Radio Channel
 A channel transmits information, and a radio channel is a radio wave in space. Given that radio waves are
ubiquitous, the random use of spectrum resources will cause endless interference issues. Therefore, in
addition to defining the usable frequency bands, wireless communication protocols must also accurately
divide the frequency ranges. Each frequency range is a channel.
2.4 GHz Frequency Band 5 GHz Frequency Band

• The 2.4 GHz frequency band is divided into 14 channels with

overlapping or non-overlapping relationships, each with a
bandwidth of 20 MHz.
▫ Overlapping channels, such as channels 1 and 2, interfere with each other.
▫ Non-overlapping channels, such as channels 1 and 6, do not interfere with • The 5 GHz frequency band has richer spectrum resources. In addition to 20
each other. MHz channels, APs working on the 5 GHz frequency band support 40 MHz,
80 MHz, and higher-bandwidth channels.

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Wireless
Basic Concepts Wired Network
Network

BSS/SSID/BSSID

 Basic service set (BSS):

▫ An area covered by an AP.
Discover guest BSS
▫ STAs in a BSS can communicate with each other.

 Basic service set identifier (BSSID):

A SSID: guest ▫ An identifier of a WLAN, which is represented by the

P BSSID: 00e0.fc45.24a0
Discover guest AP's MAC address.

 Service set identifier (SSID):

▫ An identifier of a WLAN, which is represented by a
Discover guest string of characters.

▫ SSIDs can replace BSSIDs to help users identify

different WLANs.

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Wireless
Basic Concepts Wired Network
Network

VAP
 In the early stage, APs support only one BSS. If
multiple BSSs are deployed in a space, we must
Discover guest
and internal
also deploy multiple APs, which increases costs

BSS1: VAP1
and occupies channel resources. To resolve this
SSID: guest problem, APs now support creation of multiple
BSSID:
00e0.fc45.24a0 virtual access points (VAPs).
Discover guest A
and internal P  VAP:
BSS2: VAP2
SSID: internal ▫ A physical AP can be virtualized into multiple VAPs,
BSSID:
00e0.fc45.24a9 each of which provides the same functions as the
Discover guest physical AP.
and internal
▫ Each VAP corresponds to one BSS. In this way, one
AP may provide multiple BSSs that can have different
SSIDs specified.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Wireless
Basic Concepts Wired Network
Network

ESS

 The coverage of a BSS is limited. An extended

ESS service set (ESS) can be used to expand the
AP AP
1 2 coverage. When a STA moves from one BSS to
BSSID: BSSID:
00e0.fc45.24a0 00e0.fc45.3100 another BSS, an ESS ensures that the STA does
BSS BSS
not sense the change of the SSID.
 ESS:
SSID: huawei SSID: huawei
▫ A larger-scale virtual BSS that consists of multiple
BSSs with the same SSID.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. WLAN Overview

2. Basic Concepts of WLAN

3. WLAN Fundamentals

4. WLAN Configuration Implementation

5. Next-Generation WLAN Solutions

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

WLAN Working Process Overview

Campus WLAN Working Process
Network

1 AP onboarding
An AP obtains an IP address, discovers an AC,
and sets up a connection with the AC.

DHCP Server AC 2 WLAN service configuration delivery

The AC delivers WLAN service configurations to the AP.

3 STA access
STAs find the SSID transmitted by the AP, connect to
the network, and go online.

AP AP 4 WLAN service data forwarding

The WLAN starts to forward service data.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

WLAN Working Process: Step 1

Campus WLAN Working Process
Network

1 AP onboarding

The AC can manage and control Fit APs in a centralized

manner and deliver services only after they go online. The
DHCP Server AC
procedure is as follows:
1. An AP obtains an IP address.
2. The AP discovers the AC and establishes a CAPWAP tunnel
with it.
3. AP access control
4. AP upgrade
5. CAPWAP tunnel maintenance

2 WLAN service configuration delivery

AP AP
3 STA access

4 WLAN service data forwarding

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

APs Obtain IP Addresses

 An AP can communicate with an AC only after obtaining an IP address.
IP address allocation

IP Address Allocation

CAPWAP • An AP can obtain an IP address in either of the following modes:

tunnel establishment
▫ Static mode: A user logs in to the AP and configures its IP address.
▫ DHCP mode: The AP serves as a DHCP client and requests an IP address
from a DHCP server.
AP access control • Typical solutions:
▫ Deploy a dedicated DHCP server to assign IP addresses to APs.
▫ Configure the AC to assign IP addresses to APs.
AP upgrade ▫ Use a device on the network, such as a core switch, to assign IP addresses to
(Optional)
APs.

CAPWAP
tunnel maintenance

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

DHCP IP Address Allocation

IP address allocation

AP DHCP Server

CAPWAP DHCP
tunnel establishment DHCP Discover (broadcast)
Server AC Discover DHCP servers on the network

DHCP Offer (unicast)

Select an available IP address from the
AP access control address pool and respond to the AP
DHCP packet
DHCP Request (broadcast)
DHCP packet Notify the DHCP server of the IP address selected
AP upgrade
(Optional)
DHCP Ack (unicast)
Acknowledge address allocation

CAPWAP
tunnel maintenance

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

CAPWAP Tunnel Establishment

 The AC manages and controls APs in a centralized manner through
IP address allocation
CAPWAP tunnels. A A
P C
Step 1: AC Discovery
CAPWAP
Discovery Request
tunnel establishment • An AP sends a Discovery Request packet to find an available AC.
• APs can discover an AC in either of the following ways:
Discovery Response
▫ Static: AC IP address list preconfigured on the APs
AP access control ▫ Dynamic: DHCP, DNS, and broadcast

Step 2: CAPWAP Tunnel Establishment

AP upgrade
(Optional)
• APs associate with the AC and establish CAPWAP tunnels,
including data tunnels and control tunnels.
▫ Data tunnel: transmits service data packets from APs to the AC
CAPWAP for centralized forwarding.
tunnel maintenance
▫ Control tunnel: transmits control packets between the AC and
APs.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

Step 1: APs Dynamically Discover the AC

IP address allocation
DHCP Mode (Layer 3 Networking) Broadcast Mode (Layer 2 Networking)
A DHCP Server A
CAPWAP P Layer 2 Campus Layer 3 Campus C A
tunnel Network Network C
establishment
DHCP Discover

DHCP Offer
AP access control (option 43)
Broadcast query
DHCP Request
DHCP Ack
AP upgrade (option 43)
(Optional)
Discovery Request
A
Discovery Response P
CAPWAP
tunnel maintenance

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

Step 2: CAPWAP Tunnel Establishment

CAPWAP tunnel
IP address allocation

Step 2: CAPWAP Tunnel Establishment

CAPWAP
• APs associate with the AC and establish CAPWAP
DHCP
tunnel establishment Server AC
tunnels, including data tunnels and control tunnels.
▫ Data tunnel: transmits service data packets from APs to the
AC for centralized forwarding. Datagram Transport Layer
Security (DTLS) encryption can be enabled over the data
AP access control
tunnel to ensure security of CAPWAP data packets.
Subsequently, CAPWAP data packets will be encrypted and
decrypted using DTLS.
AP upgrade ▫ Control tunnel: transmits control packets between the AC and
(Optional)
APs. DTLS encryption can be enabled over the control tunnel
to ensure security of CAPWAP control packets. Subsequently,
CAPWAP control packets will be encrypted and decrypted
CAPWAP using DTLS.
tunnel maintenance

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

AP Access Control

IP address allocation

A A
AP Access Control P C
CAPWAP
tunnel establishment
• After discovering and AC, the AP sends a Join
Request packet to the AC. The AC then Discovery Request

determines whether to allow the AP access and Discovery Response

AP access control
sends a Join Response packet to the AP. Join Request
• The AC supports three AP authentication modes: Join Response
AP upgrade MAC address authentication, SN authentication,
(Optional)
and non-authentication.

CAPWAP
tunnel maintenance

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

AP Upgrade

IP address allocation

AP Upgrade A A
P C
CAPWAP • The AP determines whether its system software
tunnel establishment
version is the same as that specified on the AC Discovery Request
according to parameters in the received Join
Discovery Response
AP access control Response packet. If they are different, the AP
Join Request
sends an Image Data Request packet to request
the software package and then upgrades its Join Response
AP upgrade software version in AC, FTP, or SFTP mode. Image Data Request
(Optional)
• After the software version is updated, the AP Image Data Response
restarts and repeats steps 1 to 3.
CAPWAP
tunnel maintenance

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

CAPWAP Tunnel Maintenance

A A
P C
IP address allocation

Discovery Request
CAPWAP Tunnel Maintenance Discovery Response
CAPWAP
tunnel establishment
• Data tunnel maintenance: Join Request
▫ The AP and AC exchange Keepalive packets to Join Response
detect the data tunnel connectivity.
AP access control Image Data Request
• Control tunnel maintenance:
Image Data Response
▫ The AP and AC exchange Echo packets to
AP upgrade
Keepalive
detect the control tunnel connectivity. Data tunnel
(Optional)
Keepalive

Echo Request
Control tunnel
CAPWAP
tunnel maintenance Echo Response

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

Preconfigurations on the AC for APs to Go Online

• Configure DHCP servers to assign IP addresses to APs and STAs. The AC can function as a DHCP server.
Configure network connectivity
• Configure network connectivity between APs and the DHCP server, and between APs and the AC.

Each AP will be added and can be added to only one AP group. In most cases, we configure an AP group to
Create an AP group
provide the same configurations for multiple APs.

Configure the country code on the AC A country code identifies the country in which the APs are deployed. Country codes regulate different AP radio
(regulatory domain profile) attributes, including the transmit power and supported channels.

Configure a source interface or address Specify a unique source IP address or source interface on each AC. APs must learn the specified source IP
(for establishing CAPWAP tunnels with APs) address or the IP address of the source interface to communicate with the AC and establish CAPWAP tunnels.

In automatic upgrade mode, an AP checks whether its version is the same as that configured on the AC, SFTP
(Optional) Configure the automatic AP upgrade server, or FTP server when going online. If the two versions are different, the AP upgrades its version, restarts, and
goes online again. If the two versions are the same, the AP does not upgrade its version.

Add APs
You can add APs by importing them in offline mode, automatic discovery, and manual confirmation.
(configure the AP authentication mode)

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

WLAN Working Process: Step 2

Campus
Network
WLAN Working Process

1 AP onboarding
Configuration Update Request

DHCP Server AC 2 WLAN service configuration delivery

The AC sends a Configuration Update Request to an AP. If the

1
Configuration
AC receives a Configuration Update Response from the AP, the
2 Update Response AC then delivers service configuration to the AP.

3 STA access
AP AP
4 WLAN service data forwarding

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

WLAN Profiles
 Various profiles are designed based on different functions and features of WLAN networks to help users
configure and maintain functions of WLAN networks. These profiles are called WLAN profiles.

Bound to regulatory domain • A regulatory domain profile provides configurations of country code,
profile calibration channel, and calibration bandwidth for an AP.

Bound to • Radio profiles are used to optimize radio parameters, and control the
Radio profile
in-service channel switching function.

AP or Bound to • Configure parameters in the VAP profile and reference the SSID profile,
VAP profile
AP group security profile, and authentication profile.

Bound to
Other profiles • AP System Profile, Location Profile, WIDS Profile, Mesh Profile and etc.

Configure radio • Configure the bandwidth, channel, antenna gain, transmit power,
parameters coverage distance, and operating frequency band of a specified radio.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

VAP Profile

• An SSID specifies a wireless network. When you search for available

Bound to Create an wireless networks on a STA, the displayed wireless network names are
SSID profile SSIDs.
• An SSID profile is used to configure the SSID name of a WLAN.

Bound to Create a • You can configure WLAN security policies to authenticate STAs and
security profile encrypt user packets, protecting the security of the WLAN and users.

VAP Profile

Configure the data • Control packets (management packets) and data packets are
forwarding mode transmitted on a WLAN.

Configure service • Layer 2 data packets delivered from the VAP to an AP carry the service
VLANs VLAN IDs.

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

WLAN Working Process: Step 3

Campus
Network
WLAN Working Process

1 AP onboarding

DHCP Server AC 2 WLAN service configuration delivery

3 STA access

STAs can access a WLAN after CAPWAP tunnels are

established.
The STA access process consists of six phases: scanning, link
authentication, association, access authentication, DHCP, and
user authentication.
AP AP
4 WLAN service data forwarding

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

Scanning
 In active scanning, a STA periodically searches for nearby wireless networks.
Scanning
 The STA can send two types of Probe Request frames: probes containing an SSID
and probes that do not contain an SSID.
Link authentication Active Scanning by Sending a Probe Request Active Scanning by Sending a Probe Request
Frame Containing an SSID Frame Containing No SSID

Association Probe Request AP1

(SSID: huawei)
.
Probe Response .
Access authentication
STA AP1 .
STA
(SSID: huawei)
APn

DHCP • The STA sends a Probe Request containing an • The STA periodically broadcasts a Probe Request
SSID on each channel to search for the AP with the frame that does not contain an SSID on the
same SSID. Only the AP with the same SSID will supported channels. The APs return Probe
User authentication Response frames to notify the STA of the wireless
respond to the STA.
services they can provide.
Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

WLAN Security Protocols

 As WLAN technologies use radio signals to transmit service data, service data can
Scanning be easily intercepted or tampered with by attackers when being transmitted on open
wireless channels. Ensuring WLAN security is crucial to building safe and effective
Link authentication wireless networks.
 Common security policy:
Association
Link Access
Security Policy Data Encryption Description
Authentication Authentication

Open system N/A No encryption or WEP Insecure policy

Access authentication
WEP
Shared-key
N/A WEP Insecure policy
Authentication

DHCP WPA/WPA2- A more secure policy, applicable

Open system 802.1X (EAP) TKIP or CCMP
802.1X to large enterprises

More secure policy, applicable to

User authentication WPA/WPA2-PSK Open system PSK TKIP or CCMP small- and medium-sized
enterprises or household users

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

Link Authentication
 To ensure wireless link security, an AP needs to authenticate STAs that attempt to access the AP.

Scanning  IEEE 802.11 defines two authentication modes: open system authentication and shared key authentication.

Open System Authentication Shared Key Authentication

Link authentication

STA AP
Authentication Request
Association Authentication Request
Authentication Response
Authentication Response (Challenge)

STA AP Authentication Response

Access authentication (Encrypted Challenge)

Authentication Response
(Success)
DHCP
• Open system authentication requires no authentication, • Shared key authentication requires that the STA and AP
allowing any STA to be successfully authenticated. have the same shared key preconfigured. The AP checks
whether a STA has the same shared key to determine the
authentication result. If the STA has the same shared key as
User authentication
the AP, the STA is authenticated. Otherwise, STA
authentication fails.

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

Association
 After link authentication is complete, a STA initiates link service negotiation using
Scanning Association packets.
 The STA association process is actually a link service negotiation process, during
Link authentication
which the supported rate, channel, and the like are negotiated.

STA AP AC
Association

1. Association Request
Access authentication
2. Association Request

3. Association Response
DHCP
4. Association Response

User authentication

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

Access Authentication
 User access authentication differentiates users and controls access rights of users.
Scanning Compared with link authentication, access authentication is more secure.
 Major access authentication modes include PSK authentication and 802.1X
Link authentication
authentication.

Association AP

Access authentication

Access authentication is performed on

STA the wireless-side interface, allowing
DHCP STAs to send data over wireless links.

User authentication

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

STA Address Allocation

 The prerequisite for APs and STAs to go online properly is that they have obtained
Scanning IP addresses.
 If STAs obtain IP addresses through DHCP, the AC or aggregation switch can
Link authentication
function as a DHCP server to assign IP addresses to the STAs. In most cases, the
aggregation switch is used as the DHCP server.
DHCP Server
Association STA A (Aggregation Switch)
P IP
Network
Access authentication
DHCP Discover

DHCP Offer
DHCP
DHCP Request

DHCP Ack
User authentication

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration
AP Onboarding STA Access Data Forwarding
Delivery

User Authentication
 User authentication is an end-to-end security architecture, supporting 802.1X, MAC
Scanning address, and Portal authentication modes.

Link authentication
Portal Authentication

• Portal authentication is also known

Association as web authentication. Portal
authentication websites are Huawei-Guest
referred to as web portals. Just for Guest

Access authentication • To access the Internet, users must

be authenticated on web portals. +86 Phone Number

The users can access network Get

resources only after successful Password
Password
DHCP
authentication.
Login

User authentication

Page 49 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Data
AP Onboarding STA Access
Delivery Forwarding

WLAN Working Process: Step 4

Campus
Network
WLAN Working Process

1 AP onboarding
DHCP Server AC 2 WLAN service configuration delivery

3 STA access

4 WLAN service data forwarding

Control packets (management packets) and data packets are

AP AP transmitted over CAPWAP tunnels.
• Control packets are forwarded through the CAPWAP
control tunnel.
• User data packets can be forwarded in tunnel forwarding
(centralized forwarding) or direct forwarding (local
forwarding) mode.

Page 50 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuration Data
AP Onboarding STA Access
Delivery Forwarding

Data Forwarding Mode

Tunnel Forwarding Direct Forwarding
CAPWAP tunnel CAPWAP tunnel
Service data traffic Service data traffic

Management traffic Management traffic

AC AC

AP AP AP AP

• In tunnel forwarding mode, APs encapsulate user data packets • In direct forwarding mode, an AP directly forwards user data
over a CAPWAP data tunnel and send them to an AC. The AC packets to an upper-layer network without encapsulating them
then forwards these packets to an upper-layer network. over a CAPWAP data tunnel.

Page 51 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. WLAN Overview

2. Basic Concepts of WLAN

3. WLAN Fundamentals

4. WLAN Configuration Implementation

5. Next-Generation WLAN Solutions

Page 52 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring an AP to Go Online (1)
1. Configure the AC as a DHCP server and configure the Option 43 field.

[AC-ip-pool-pool1] option code [ sub-option sub-code ] { ascii ascii-string | hex hex-string | cipher cipher-string |
ip-address ip-address
Configure the user-defined option that a DHCP server assigns to a DHCP client.

2. Create a regulatory domain profile and configure the country code.

[AC] wlan
[AC-wlan-view]
Enter the WLAN view.
[AC-wlan-view] regulatory-domain-profile name profile-name
[AC-wlan-regulate-domain-profile-name]
Create a regulatory domain profile and enter the regulatory domain profile view, or enter the view of an existing
regulatory domain profile.

[AC-wlan-regulate-domain-profile-name] country-code country-code

Configure the country code.
Page 53 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring an AP to Go Online (2)
[AC-wlan-view] ap-group name group-name
[AC-wlan-ap-group-group-name]
Create an AP group and enter the AP group view, or enter the view of an existing AP group.

[AC-wlan-ap-group-group-name] regulatory-domain-profile profile-name

Bind the regulatory domain profile to an AP or AP group.

3. Configure a source interface or address.

[AC] capwap source interface { loopback loopback-number | vlanif vlan-id }
Specify a source interface on the AC for establishing CAPWAP tunnels with APs.

[AC] capwap source ip-address ip-address

Configure the source IP address on the AC.

Page 55 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring an AP to Go Online (3)
4. Add APs in offline mode.

[AC-wlan-view] ap auth-mode { mac-auth | sn-auth }

Set the AP authentication mode to MAC address or SN authentication. By default, MAC address authentication is
used.
[AC-wlan-view] ap-id ap-id [ [ type-id type-id | ap-type ap-type ] { ap-mac ap-mac | ap-sn ap-sn | ap-mac ap-mac
ap-sn ap-sn } ]
[AC-wlan-ap-ap-id] ap-name ap-name
Manually add an AP in offline mode or enter the AP view, and configure the name of a single AP.

[AC-wlan-view] ap-id 0
[AC-wlan-ap-0] ap-group ap-group
Add the AP to an AP group.
5. Verify the configuration.

[AC] display ap { all | ap-group ap-group }}

Check AP information.

Page 56 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring Radios (1)
1. Enter the radio view.

[AC-wlan-view] ap-id 0
[AC-wlan-ap-0] radio radio-id
[AC-wlan-radio-0]

2. Configure the working bandwidth and channel for a radio.

[AC-wlan-radio-0/0] channel { 20mhz | 40mhz-minus | 40mhz-plus | 80mhz | 160mhz } channel

Warning: This action may cause service interruption. Continue?[Y/N]y

[AC-wlan-radio-0/0] channel 80+80mhz channel1 channel2

Warning: This action may cause service interruption. Continue?[Y/N]y
Configure the working bandwidth and channel for all APs in an AP group or for a specified radio of a single AP.

3. Configure the antenna gain.

[AC-wlan-radio-0/0] antenna-gain antenna-gain

Configure the antenna gain for all APs in an AP group or for a specified radio of a single AP.

Page 57 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring Radios (2)
4. Configure the transmit power for a radio.

[AC-wlan-radio-0/0] eirp eirp

Configure the transmit power for all APs in an AP group or for a specified radio of a single AP.

5. Configure the radio coverage distance.

[AC-wlan-radio-0/0] coverage distance distance

Configure the radio coverage distance for all APs in an AP group or for a specified radio of a single AP.

6. Configure the operating frequency for a radio.

[AC-wlan-radio-0/0] frequency { 2.4g | 5g }

Page 58 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring Radios (3)
7. Create a radio profile.

[AC-wlan-view] radio-2g-profile name profile-name

Create a 2G radio profile and enter the 2G radio profile view, or enter the view of an existing 2G radio profile.

8. Bind the radio profile.

[AC-wlan-view] ap-group name group-name

[AC-wlan-ap-group-group-name] radio-2g-profile profile-name radio { radio-id | all }
Bind the specified 2G radio profile to the 2G radio in the AP group.

Page 59 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring VAPs (1)
1. Create a VAP profile.

[AC-wlan-view] vap-profile name profile-name

[AC-wlan-vap-prof-profile-name]
Create a VAP profile and enter the VAP profile view, or enter the view of an existing VAP profile.

2. Configure the data forwarding mode.

[AC-wlan-vap-prof-profile-name] forward-mode { direct-forward | tunnel }

Set the data forwarding mode in the VAP profile to direct or tunnel.

3. Configure service VLANs.

[AC-wlan-vap-prof-profile-name] service-vlan { vlan-id vlan-id | vlan-pool pool-name }

Configure service VLANs configured for the VAP.

Page 60 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring VAPs (2)
4. Configure a security profile.

[AC-wlan-view] security-profile name profile-name

[AC-wlan-sec-prof-profile-name]
Create a security profile and enter the security profile view.
By default, security profiles default, default-wds, and default-mesh are available in the system.

[AC-wlan-view] vap-profile name profile-name

[AC-wlan-vap-prof-profile-name] security-profile profile-name
Bind the security profile to the VAP profile.

Page 61 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring VAPs (3)
5. Configure an SSID profile.

[AC-wlan-view] ssid-profile name profile-name

[AC-wlan-ssid-prof-profile-name]
Create an SSID profile and enter the SSID profile view, or enter the view of an existing SSID profile.
By default, the system provides the SSID profile default.

[AC-wlan-ssid-prof-profile-name] ssid ssid

Configure an SSID for the SSID profile.
By default, the SSID HUAWEI-WLAN is configured in an SSID profile.

[AC-wlan-view] vap-profile name profile-name

[AC-wlan-vap-prof-profile-name] ssid-profile profile-name
Bind the SSID profile to the VAP profile.

Page 62 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 AP Onboarding WLAN Services

Basic WLAN Configuration Commands:

Configuring VAPs (4)
6. Bind the VAP profile.

[AC-wlan-view] ap-group name group-name

[AC-wlan-ap-group-group-name] vap-profile profile-name wlan wlan-id radio { radio-id | all } [ service-vlan {
vlan-id vlan-id | vlan-pool pool-name } ]
Bind the specified VAP profile to radios in an AP group.

7. Check VAP information.

[AC] display vap { ap-group ap-group-name | { ap-name ap-name | ap-id ap-id } [ radio radio-id ] } [
ssid ssid ]

[AC] display vap { all | ssid ssid }

Display information about service VAPs.

Page 63 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring Layer 2 Tunnel
Forwarding in Off-Path Mode
Data Configuration
IP
Network Management VLAN for APs VLAN 100

Service VLAN for STAs VLAN 101

GE0/0/3 AC The AC functions as a DHCP server to assign IP addresses to APs.
DHCP server The aggregation switch S2 functions as a DHCP server to assign IP
GE0/0/2 addresses to STAs. The default gateway address of STAs is 10.23.101.1.
S2
GE0/0/1 IP address pool for APs 10.23.100.2–10.23.100.254/24
VLANIF 101 GE0/0/1 VLANIF 100 IP address pool for STAs 10.23.101.2–10.23.101.254/24
10.23.101.1/24 10.23.100.1/24 IP address of the AC's
VLANIF 100: 10.23.100.1/24
GE0/0/2 source interface
Name: ap-group1
S1 AP group
Referenced profiles: VAP profile wlan-net and regulatory domain profile
Name: default
Regulatory domain profile
GE0/0/1 Country code: CN
Name: wlan-net
SSID profile
SSID name: wlan-net
AP
Name: wlan-net
Security profile Security policy: WPA-WPA2+PSK+AES
Password: a1234567
Name: wlan-net
Forwarding mode: tunnel forwarding
STA VAP profile
Service VLAN: VLAN 101
Referenced profiles: SSID profile wlan-net and security profile wlan-net

Page 64 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network
AP Onboarding WLAN Services
Connectivity

Configuring Network Connectivity

1. Create VLANs and interfaces on S1, S2, and AC.
IP
Network 2. Configure DHCP servers to assign IP addresses to APs
and STAs.
GE0/0/3 AC # Configure VLANIF 100 on the AC to assign IP address to APs.
GE0/0/2
S2
GE0/0/1 [AC] dhcp enable
VLANIF 101
10.23.101.1/24 GE0/0/1 VLANIF 100 [AC] interface vlanif 100
10.23.100.1/24 [AC-Vlanif100] ip address 10.23.100.1 24
GE0/0/2
[AC-Vlanif100] dhcp select interface
S1
# Configure VLANIF 101 on S2 to assign IP addresses to STAs and
GE0/0/1 specify 10.23.101.1 as the default gateway address of the STAs.

[S2] dhcp enable

AP
[S2] interface vlanif 101
[S2-Vlanif101] ip address 10.23.101.1 24
[S2-Vlanif101] dhcp select interface
STA

Page 65 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network
AP Onboarding WLAN Services
Connectivity

Configuring APs to Go Online (1)

1. Create an AP group.
IP
Network [AC] wlan
[AC-wlan-view] ap-group name ap-group1
GE0/0/3 AC
[AC-wlan-ap-group-ap-group1] quit
GE0/0/2
S2 2. Create a regulatory domain profile and configure the
GE0/0/1
VLANIF 101
GE0/0/1 VLANIF 100 country code.
10.23.101.1/24
10.23.100.1/24
GE0/0/2 AC-wlan-view] regulatory-domain-profile name default
[AC-wlan-regulate-domain-default] country-code cn
S1
[AC-wlan-regulate-domain-default] quit
GE0/0/1 [AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] regulatory-domain-profile default
AP Warning: Modifying the country code will clear channel, power and
antenna gain configurations of the radio and reset the AP. Continu
e?[Y/N]:y
[AC-wlan-ap-group-ap-group1] quit
STA
[AC-wlan-view] quit

Page 67 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network
AP Onboarding WLAN Services
Connectivity

Configuring APs to Go Online (2)

IP 3. Configure the AC's source interface.
Network
[AC] capwap source interface vlanif 100
GE0/0/3 AC
4. Import an AP in offline mode on the AC.
GE0/0/2
S2
GE0/0/1
VLANIF 101 [AC] wlan
10.23.101.1/24 GE0/0/1 VLANIF 100
10.23.100.1/24 [AC-wlan-view] ap auth-mode mac-auth
GE0/0/2 [AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360
S1 [AC-wlan-ap-0] ap-name area_1

GE0/0/1 Warning: This operation may cause AP reset. Continue? [Y/N]:y

[AC-wlan-ap-0] ap-group ap-group1
Warning: This operation may cause AP reset. If the country code
AP
changes, it will clear channel, power and antenna gain configurations
of the radio, Whether to continue? [Y/N]:y
[AC-wlan-ap-0] quit
STA

Page 68 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network
AP Onboarding WLAN Services
Connectivity

Verifying the AP Onboarding Configuration

 After the AP is powered on, run the display ap all command to check the AP state. If the State field
displays nor, the AP has gone online.

[AC-wlan-view] display ap all

Total AP information:
nor : normal [1]
Extra information:
P : insufficient power supply
-------------------------------------------------------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime ExtraInfo
-------------------------------------------------------------------------------------------------------------------------
0 60de-4476-e360 area_1 ap-group1 10.23.100.254 AP5030DN nor 0 10S -
-------------------------------------------------------------------------------------------------------------------------
Total: 1

Page 69 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network
AP Onboarding WLAN Services
Connectivity

Configuring WLAN Service Parameters (1)

IP 1. Create security profile wlan-net and configure a security
Network
policy.
GE0/0/3 AC [AC-wlan-view] security-profile name wlan-net
GE0/0/2
S2 [AC-wlan-sec-prof-wlan-net] security wpa-wpa2 psk pass-phrase
GE0/0/1
VLANIF 101 a1234567 aes
10.23.101.1/24 GE0/0/1 VLANIF 100
10.23.100.1/24 [AC-wlan-sec-prof-wlan-net] quit
GE0/0/2

S1 2. Create SSID profile wlan-net and set the SSID name to

GE0/0/1 wlan-net.

[AC-wlan-view] ssid-profile name wlan-net

AP [AC-wlan-ssid-prof-wlan-net] ssid wlan-net
[AC-wlan-ssid-prof-wlan-net] quit

STA

Page 70 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network
AP Onboarding WLAN Services
Connectivity

Configuring WLAN Service Parameters (2)

3. Create VAP profile wlan-net, set the data forwarding mode
IP
Network and service VLAN, and bind the security profile and SSID
profile to the VAP profile.
GE0/0/3 AC
GE0/0/2 [AC-wlan-view] vap-profile name wlan-net
S2
GE0/0/1 [AC-wlan-vap-prof-wlan-net] forward-mode tunnel
VLANIF 101
GE0/0/1 VLANIF 100 [AC-wlan-vap-prof-wlan-net] service-vlan vlan-id 101
10.23.101.1/24
10.23.100.1/24 [AC-wlan-vap-prof-wlan-net] security-profile wlan-net
GE0/0/2 [AC-wlan-vap-prof-wlan-net] ssid-profile wlan-net
[AC-wlan-vap-prof-wlan-net] quit
S1

GE0/0/1 4. Bind the VAP profile to the AP group and apply

configurations in VAP profile wlan-net to radio 0 and radio 1
of the APs in the AP group.
AP
[AC-wlan-view] ap-group name ap-group1
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 0
[AC-wlan-ap-group-ap-group1] vap-profile wlan-net wlan 1 radio 1
STA [AC-wlan-ap-group-ap-group1] quit

Page 71 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network
AP Onboarding WLAN Services
Connectivity

Checking VAP Profile Information

 The AC automatically delivers WLAN service configuration to the AP. After the service configuration is
complete, run the display vap ssid wlan-net command. If Status in the command output is displayed as
ON, the VAPs have been successfully created on AP radios.

[AC-wlan-view] display vap ssid wlan-net

WID : WLAN ID
-----------------------------------------------------------------------------------------------------------------
AP ID AP name RfID WID BSSID Status Auth type STA SSID
-----------------------------------------------------------------------------------------------------------------
0 area_1 0 1 60DE-4476-E360 ON WPA/WPA2-PSK 0 wlan-net
0 area_1 1 1 60DE-4476-E370 ON WPA/WPA2-PSK 0 wlan-net
-----------------------------------------------------------------------------------------------------------------
Total: 2

Page 72 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. WLAN Overview

2. Basic Concepts of WLAN

3. WLAN Fundamentals

4. WLAN Configuration Implementation

5. Next-Generation WLAN Solutions

Page 73 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei WLAN Solutions Meet Future Wireless
Network Construction Requirements
• Use scenario-based customized solutions for complex and diversified application scenarios
All-scenario
• Complete WLAN deployment and management solutions for campus networks and branch networks

• 802.11ac Wave 2 protocol, dual-5G radio coverage, and up to 3.46 Gbps wireless access bandwidth
• Huawei is a key contributor to the next-generation 802.11ax standard (Wi-Fi 6) with a single 5 GHz radio
High bandwidth rate of up to 9.6 Gbps.
• Roaming and multiple wireless QoS protocols such as Wi-Fi multimedia (WMM) to ensure QoS

• Mainstream authentication and encryption modes, such as WPA, WPA2, WPA3, and WAPI
High security • Wireless intrusion detection
• Portal and 802.1X authentication, protecting intranet security

• APs support plug-and-play, automatic upgrade, automatic channel selection, dynamic rate and power
adjustment, and load balancing.
Easy deployment • IoT APs and APs with built-in high-density antennas, simplifying installation and enabling fast deployment
• APs support cloud management and can work in dual-stack mode to smoothly switch between the cloud and
local management modes.

Page 74 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Dual Drivers (Technology Advances + Application
Development) Promote the Arrival of the Wi-Fi 6 Era

2014 2015 2016 2017 2018 2019 2020 2021

Technology
2011 802.11n 802.11ac 802.11ac 802.11ax
Wave 1 Wave 2

October 2018
Wi-Fi standards are
New Wi-Fi naming
upgraded every Wi-Fi 4 Wi-Fi 5 Wi-Fi 6
convention released
four to five years.
by the WFA

4K

Application HD video
Video 4K video Interactive
Social Wireless conferencing conferencing VR/AR
Video E-classroom 3D diagnosis
networking office surveillance

Bandwidth per user: 2 Bandwidth per user: 4 to 12 Mbps Bandwidth per user > 50 Mbps
to 4 Mbps Latency < 30 ms
Latency < 50 ms
Latency < 10 ms

Page 75 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Wi-Fi 6 Vs. Wi-Fi 5
High Bandwidth High Concurrency Rate Low Latency Low Power
Consumption
Frequency

User 1
User 2
User 3
User 4

Time

1024-QAM UL/DL OFDMA OFDMA TWT

8x8 MU-MIMO UL/DL MU-MIMO Spatial Reuse 20 MHz-Only

 Rate of up to 9.6 Gbps  Access of 1024 STAs per AP  Service latency reduced to 20 ms  Target wakeup time
 Number of concurrent users (TWT) mechanism
 Bandwidth increased by 4 times  Average latency reduced by 30%
 STA power
increased by 4 times
consumption reduced
by 30%

Page 76 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Next-Generation Campus Network: Intent-
Driven Campus (Small- and Medium-Sized)

Basic Concepts

Internet • The cloud management platform allows centralized management

and maintenance of devices at any place, greatly reducing network
deployment and O&M costs.
• Applicable scope: small- and medium-sized enterprises
Egress Gateway Branch Office
Advantages (Compared with the AC + Fit AP Architecture)

Switch Cloud AP • Plug-and-play and automatic deployment reduce network

deployment costs.
• All network elements (NEs) are monitored and managed on the
Cloud
STA cloud management platform in a unified manner.
AP
• Cloud solutions usually provide various tools on the cloud, reducing
STA costs.

Campus HQ Campus Branch

Page 77 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Next-Generation Campus Network: Intent-
Driven Campus (Medium- and Large-Sized)
Internet WAN

Egress Zone

DC
NMS O&M Zone
Native AC Native AC

Core Layer
Architecture Characteristics

• iMaster NCE manages and configures APs in a unified

Aggregation Layer manner and provides various functions. By further
integrating with wired networks and leveraging Big Data
Access Layer and AI technologies, this architecture implements
simplified, intelligent, and secure campus networks.

• Applicable scope: medium- and large-sized enterprises

iStack/CSS Link

Page 78 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What are the advantages and disadvantages of in-path and off-path networking modes?

2. (Multiple) Which of the following methods are supported by Fit APs to discover an AC?( )
A. Static discovery

B. Dynamic discovery through DHCP

C. Dynamic discovery through FTP

D. Dynamic discovery through DNS

Page 79 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 WLAN technology allows users to easily access a wireless network and freely move
around within the coverage of the wireless network, eliminating the constraints of wired
networks.

 In this course, we have learned WLAN technologies on enterprise networks, including

the basic concepts, fundamentals, network architectures, configuration implementation,
and development trend of WLAN technologies.

Page 80 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 81 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 As economic globalization and digital transformation accelerate, enterprises keep expanding their scales.
More and more branches locate in different regions, with each branch network being considered as a local
area network (LAN). The headquarters and branches need to cross geographical locations to communicate
with each other. To better carry out services, an enterprise needs to connect these geographically
dispersed branches through a wide area network (WAN).
 The development of the WAN technologies is accompanied by the continuously increased bandwidth. In
the early stage, X.25 provided only the bandwidth of 64 kbit/s. Later, the digital data network (DDN) and
Frame Relay (FR) increased the bandwidth to 2 Mbit/s. Synchronous digital hierarchy (SDH) and
asynchronous transfer mode (ATM) further increased the bandwidth to 10 Gbit/s. Now, the current IP-based
WANs provide 10 Gbit/s or even higher bandwidth.
 This course describes the development history of WAN technologies, especially the implementations and
configurations of Point-to-Point Protocol (PPP) and Point-to-Point Protocol over Ethernet (PPPoE).

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
 Understand the basic concepts and development history of WANs.
 Understand PPP and PPPoE implementations.
 Master basic PPP and PPPoE configurations.
 Understand basic MPLS/SR concepts.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Early WAN Technologies

2. PPP Implementation and Configuration

3. PPPoE Implementation and Configuration

4. Development of WAN Technologies

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 What Is a WAN?
 A WAN is a network that connects LANs in different areas. A WAN generally covers tens of kilometers to thousands of
kilometers. It can connect multiple regions, cities, and countries, or provide long-distance communication across several
continents, forming an international remote network.

LAN LAN
WAN

Enterprise
DC branch
ISP

HQ
Residential area

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Differences Between a WAN and a LAN
LAN WAN

Remote
Customer office Partner

1 Leased ISP
network
Home office Mobile office

HQ

2 Self-built private network

Branch 2 Branch 1
LAN
• A WAN is a computer network that covers a wide area by
• A LAN is a computer network that covers a small leasing an Internet service provider (ISP) network or
geographical area. building a private network.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Overview of Early WAN Technologies
 The early WANs and LANs differ in the data link layer and physical layer and are the same in the other
layers in the TCP/IP reference model.

Application layer HTTP FTP Telnet DNS SNMP

Transport layer TCP UDP

Network layer IP ICMP ARP

Data link layer PPP HDLC Frame Relay ATM

IEEE 802.3/4/5/11
Physical layer RS-232 V.24 V.35 G.703

TCP/IP reference model LAN technologies WAN technologies

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 WAN Device Roles
 There are three basic roles of WAN devices: customer edge (CE), provider edge (PE), and provider (P).
They are defined as follows:
 CE: a device located at the customer premises and connected to one or more PEs for user access.
 PE: a service provider's important edge device that is connected to both a CE and a P.
 P: a service provider's device that is not connected to any CE.

Enterprise A Enterprise C
CE PE PE CE

Enterprise B Enterprise D
CE PE PE CE
Service provider

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Application of Early WAN Technologies
 The early WAN technologies perform different Layer 2 encapsulation at the data link layer for
different types of physical links. PPP, HDLC, and FR are commonly used between CEs and PEs
to implement long-distance transmission of user access packets over a WAN. ATM is commonly
used on ISP backbone networks for high-speed forwarding.

PE PE

PPP/HDLC/FR PPP/HDLC/FR
CE CE
ATM

CE PPP/HDLC/FR PE PE PPP/HDLC/FR
CE
ISP backbone

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Early WAN Technologies

2. PPP Implementation and Configuration

▪ PPP Implementation

▫ PPP Configuration

3. PPPoE Implementation and Configuration

4. Development of WAN Technologies

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

PPP Introduction
 PPP is a common WAN data link layer protocol. It is used for P2P data encapsulation and transmission on full-duplex
links.

 PPP provides the Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP).

 PPP features high extensibility. For example, PPP can be extended as Point-to-Point Protocol over Ethernet (PPPoE)
when PPP packets need to be transmitted over an Ethernet.

 PPP provides the Link Control Protocol (LCP), which is used to negotiate link layer parameters, such as the maximum
receive unit (MRU) and authentication mode.

 PPP provides various Network Control Protocols (NCPs), such as IP Control Protocol (IPCP), for negotiation of network
layer parameters and better support for network layer protocols.

S 1/0/0 PPP S 1/0/0

R1 R2

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

PPP Link Setup Process

 PPP link setup involves link layer negotiation, optional authentication negotiation, and network layer negotiation.
 Link layer negotiation: LCP packets are used to negotiate link parameters and establish link layer connections.
 (Optional) authentication negotiation: The authentication mode negotiated during link layer negotiation is used for
link authentication.
 Network layer negotiation: NCP negotiation is used to select and configure a network layer protocol and negotiate
network layer parameters.
1 Link layer negotiation

2 (Optional) authentication negotiation

3 Network layer negotiation

S 1/0/0 PPP S 1/0/0

R1 R2

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

State Machine of the PPP Link Interface

 PPP negotiation is performed by the interfaces at both ends of a link. The interface status indicates the
protocol negotiation phase. Dead

Establish
1 Link layer negotiation

No
Success? Down

Yes (Opened)

Authenticated required?
No Terminate
Yes

2 Authentication negotiation Authenticate

Fail Closing
Pass authentication?

Success

3 Network layer negotiation

Network

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

LCP Packet Format

 The Protocol field in a PPP packet identifies the type of the PPP packet. For example, if the Protocol field is 0xC021, the
packet is an LCP packet. The Code field is further used to identify different types of LCP packets, as shown in the
following table.
0x7E 0xFF 0x03 0xC021 0–1500 bytes 4 bytes 0x7E
PPP packet format Flag Address Control Protocol Information FCS Flag

0x0021: IP packet
0x8021: IPCP packet
0xC021: LCP packet
0xC023: PAP packet Code Identifier Length Data…
0xC223: CHAP packet

Code Name Content

Type Length Value Type Length Value ...
0x01 Configure-Request Configuration request packet.
0x02 Configure-Ack Configuration success packet.
Configuration parameters need
0x03 Configure-Nak
to be negotiated. The TLV structure contains common parameters
used in LCP negotiation, such as the MRU,
Configuration parameters
0x04 Configure-Reject authentication protocol, and magic number.
cannot be identified.

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

LCP Negotiation Process - Normal Negotiation

 LCP negotiation is implemented by exchanging different LCP packets. The negotiation is initiated by sending a
Configure-Request packet from either party. If the peer end identifies and accepts all parameters in the packet, the peer
end returns a Configure-Ack packet to the local end, indicating that the negotiation is successful.
Interface parameters: PPP Interface parameters:
S 1/0/0 S 1/0/0
MRU=1500 MRU=1500
Auth_Type=PAP 10.1.1.1/30 10.1.1.2/30 Auth_Type=PAP
Magic_Num=a Magic_Num=b
R1 R2
1 Configure-Request
1. Sends a Configure-Request
packet that carries local
parameters.
Configure-Ack 2
2. Verifies that the parameters of
the peer end are valid.

Configure-Request 1

2 Configure-Ack

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

LCP Negotiation Process - Parameter Mismatch

 If LCP parameters do not match during LCP packet exchange, the receiver responds with a Configure-Nak packet to
instruct the peer end to modify parameters and perform renegotiation.

Interface parameters: PPP Interface

S 1/0/0 S 1/0/0
MRU=2000 parameters:
Auth_Type=PAP 10.1.1.1/30 MRU=1500
10.1.1.2/30
Magic_Num=a Auth_Type=PAP
R1 R2
1. Sends a Configure-Request 1 Configure-Request
packet that carries local
parameters.
Configure-Nak 2 2. Finds that a peer parameter
Interface parameters:
MRU=1500 is invalid and performs
Auth_Type=PAP parameter negotiation.
Configure-Request
Magic_Num=a
3 (With a configuration parameter modified)
3. Resends a Configure-Request
packet that carries the
Configure-Ack 4
negotiated parameters.
4. Verifies that the parameters
of the peer end are valid.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

LCP Negotiation - Unrecognized Parameters

 If LCP parameters cannot be identified during LCP packet exchange, the receiver responds with a Configure-Reject
packet to instruct the peer end to delete the unidentifiable parameters and renegotiates with the peer end.

Interface parameters: PPP Interface

MRU=1500 S 1/0/0 S 1/0/0
parameters:
Auth_Type=PAP
Magic_Num=a 10.1.1.1/30 10.1.1.2/30 MRU=1500
Auth_Type=PAP
XXX=xxx R1 R2
Magic_Num=b

1. Sends a Configure-Request 1 Configure-Request

packet that carries local
parameters.
Configure-Reject 2 2. Finds that a peer parameter
Interface parameters:
MRU=1500 cannot be identified and
Auth_Type=PAP performs parameter
Magic_Num=a Configure-Request
3 (With a parameter deleted) negotiation.
3. Resends a Configure-
Request packet that carries
the negotiated parameters. Configure-Ack 4
4. Verifies that the parameters of
the peer end are valid.

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

PPP Authentication Mode - PAP

 After the link negotiation is successful, authentication negotiation can be performed. There are two authentication
negotiation modes: PAP and CHAP.

 PAP authentication requires a two-way handshake. Negotiation packets are transmitted on the link in clear text.
Authenticator Peer
S 1/0/0 PPP S 1/0/0 Configure a username and
Database
10.1.1.1/30 10.1.1.2/30 password for authentication
Username Password on S 1/0/0.
R1 R2
hcia Huawei123
LCP link negotiation succeeds.

The lower-layer link is established, and the

authentication mode is determined as PAP.

1 PPP frame Authenticate-Request 1. The peer initiates authentication.

Protocol=PAP Username=hcia; password=Huawei123

2. The username and

password matching in the PPP frame Authenticate-Ack
Protocol=PAP
2
database succeeds.

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

PPP Authentication Mode - CHAP

 CHAP authentication requires a three-way handshake. Negotiation packets are encrypted before being transmitted on a
link. Authenticator Peer
S 1/0/0 PPP S 1/0/0
Database 10.1.1.2/30
Configure a username and
10.1.1.1/30 password for authentication
Username Password R2 on S 1/0/0.
R1
hcia Huawei123 LCP link negotiation succeeds.

The lower-layer link is established, and the authentication Password configured

mode is determined as CHAP. on the interface
1. The authenticator initiates a ID=1 Random Huawei123
challenge carrying a random PPP frame Code=1 (Challenge)
Protocol=CHAP ID=1; name= ""; random 1
number.
Hash

PPP frame Code=2 (Response)

2 Protocol=CHAP ID=1; Name="hcia"; MD5 result MD5 result

2. The peer calculates an MD5

value locally and replies with
3. The authenticator performs local the MD5 value.
calculation and verifies the received PPP frame Code=3 (Success)
Protocol=CHAP ID=1; Message="Welcome"
3
MD5 value.

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

NCP Negotiation - Static IP Address Negotiation

 After PPP authentication negotiation, the two ends enter the NCP negotiation phase to negotiate the format and type of
data packets transmitted on the data link. IPCP, for example, is classified into static and dynamic IP address negotiation.

 Static IP address negotiation requires manual configuration of IP addresses at both ends of a link.

S 1/0/0 PPP S 1/0/0

10.1.1.1/30 10.1.1.2/30
R1 R2

1 Configure-Request (10.1.1.1)
1. Sends a Configure-Request packet
carrying the local IP address.

Configure-Ack 2
2. Verifies that the peer IP
address is valid.
Configure-Request (10.1.1.2) 1

2 Configure-Ack

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Feature LCP Authentication NCP
Link Setup
Introduction Negotiation Negotiation Negotiation

NCP Negotiation - Dynamic IP Address Negotiation

 In dynamic IP address negotiation, one end of a PPP link can assign an IP address to the other end.

S 1/0/0 PPP S 1/0/0

10.1.1.2/30
R1 R2
1 Configure-Request (0.0.0.0)
1. Sends a Configure-Request packet
to notify the peer end that it has no
Configure-Nak (10.1.1.1) 2
available IP address. 2. Determines that the peer IP
address is invalid and returns an IP
3 Configure-Request (10.1.1.1) address for negotiation.
3. Resends a Configure-Request
packet that carries the negotiated
IP address. Configure-Ack 4
4. Verifies that the peer IP address
is valid.
Configure-Request (10.1.1.2) 5
5. Sends a Configure-Request packet
carrying the local IP address.
6. Verifies that the peer IP address 6 Configure-Ack
is valid.

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Early WAN Technologies

2. PPP Implementation and Configuration

▫ PPP Implementation

▪ PPP Configuration

3. PPPoE Implementation and Configuration

4. Development of WAN Technologies

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Basic PPP Functions
1. Encapsulate an interface with PPP.

[Huawei-Serial0/0/0] link-protocol ppp

In the interface view, change the interface encapsulation protocol to PPP. The default encapsulation protocol of Huawei devices' serial
interfaces is PPP.
2. Configure a negotiation timeout period.

[Huawei-Serial0/0/0] ppp timer negotiate seconds

During LCP negotiation, the local end sends an LCP negotiation packet to the peer end. If the local end does not receive a reply packet
from the peer end within the specified negotiation timeout period, the local end resends an LCP negotiation packet.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring PAP Authentication
1. Configure an authenticator to authenticate a peer using the PAP mode.

[Huawei-aaa] local-user user-name password { cipher | irreversible-cipher } password

[Huawei-aaa] local-user user-name service-type ppp

[Huawei-Serial0/0/0] ppp authentication-mode pap

Before configuring the authenticator to authenticate a peer using the PAP mode, add the username and password of
the peer to the local user list in the AAA view. Then select the PAP authentication mode.

2. Configure the peer to be authenticated by the authenticator in PAP mode.

[Huawei-Serial0/0/0] ppp pap local-user user-name password { cipher | simple } password

This command configures the peer to send its username and password to the authenticator.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring CHAP Authentication
1. Configure an authenticator to authenticate a peer using CHAP mode.

[Huawei-aaa] local-user user-name password { cipher | irreversible-cipher } password

[Huawei-aaa] local-user user-name service-type ppp

[Huawei-Serial0/0/0] ppp authentication-mode chap

2. Configure the peer to be authenticated by the authenticator in CHAP mode.

[Huawei-Serial0/0/0] ppp chap user user-name

[Huawei-Serial0/0/0] ppp chap password { cipher | simple } password

This command configures a local username and a password for CHAP authentication.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring PAP Authentication
Configurations on R1
[R1]aaa # Add information about the user to be authenticated.
Authenticator Peer [R1-aaa]local-user huawei password cipher huawei123
PPP
S 1/0/0 S 1/0/0 [R1-aaa]local-user huawei service-type ppp
10.1.1.1/30 10.1.1.2/30 # Specify the service type of the user to be authenticated.
R1 R2
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]link-protocol ppp
[R1-Serial1/0/0]ppp authentication-mode pap
# Set the authentication mode to PAP.
 Experiment requirements:
[R1-Serial1/0/0]ip address 10.1.1.1 30
1. Enable PAP authentication on the PPP link
Configurations on R2
between R1 and R2.
[R2]interface Serial 1/0/0
2. Configure R1 as the authenticator. [R2-Serial1/0/0]link-protocol ppp
3. Configure R2 as the peer. [R2-Serial1/0/0]ppp pap local-user huawei password cipher
huawei123 # Add user information for PPP authentication.
[R2-Serial1/0/0]ip address 10.1.1.2 30

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring CHAP Authentication
Configurations on R1
[R1]aaa # Add information about the user to be authenticated.
Authenticator PPP Peer [R1-aaa]local-user huawei password cipher huawei123
S 1/0/0 S 1/0/0 [R1-aaa]local-user huawei service-type ppp
10.1.1.1/30 10.1.1.2/30 # Specify the service type of the user to be authenticated.
R1 R2
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]link-protocol ppp
[R1-Serial1/0/0]ppp authentication-mode chap
# Set the authentication mode to CHAP.
 Experiment requirements:
1. Enable CHAP authentication on the PPP link Configurations on R2

between R1 and R2. [R2]interface Serial 1/0/0

[R2-Serial1/0/0]link-protocol ppp
2. Configure R1 as the authenticator.
[R2-Serial1/0/0]ppp chap user huawei
3. Configure R2 as the peer. [R2-Serial1/0/0]ppp chap password cipher huawei123
# Add user information for PPP authentication.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Early WAN Technologies

2. PPP Implementation and Configuration

3. PPPoE Implementation and Configuration

▪ PPPoE Overview

▫ Basic PPPoE Configuration

4. Development of WAN Technologies

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 PPPoE Session Packet PPPoE PPPoE PPPoE
Overview Establishment Format Discovery Session Termination

What Is PPPoE?
 PPP over Ethernet (PPPoE) is a link layer protocol that encapsulates PPP frames into Ethernet frames. PPPoE enables
multiple hosts on an Ethernet to connect to a broadband remote access server (BRAS).

 PPPoE integrates the advantages of Ethernet and PPP. It has the flexible networking advantage of Ethernet and can use
PPP to implement authentication and accounting.

PPP frame structure Flag Address Control Protocol Information FCS Flag

PPPoE frame structure DMAC SMAC Eth-Type PPPoE-Packet FCS

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 PPPoE Session Packet PPPoE PPPoE PPPoE
Overview Establishment Format Discovery Session Termination

PPPoE Application Scenarios

 PPPoE provides P2P connections on an Ethernet. A PPPoE client and a PPPoE server establish a PPP session to
encapsulate PPP data packets and provide access services for hosts on the Ethernet, implementing user control and
accounting. PPPoE is widely used on enterprise and carrier networks.

 PPPoE is usually used by home users and enterprise users to dial up to access the Internet.
After installed with PPPoE client dial-up software, each
PPPoE client host becomes a PPPoE client and establishes a
PPPoE session with the PPPoE server. Each host uses
PC-A a unique account, which facilitates user accounting and
control by the carrier.
PPPoE client
PC-B
Internet
...

PPPoE server
PPPoE client
PC-C
PPPoE
packets
Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 PPPoE Session Packet PPPoE PPPoE PPPoE
Overview Establishment Format Discovery Session Termination

PPPoE Session Establishment

 PPPoE session establishment involves three stages: PPPoE discovery, session, and termination
stages.
PPPoE
1 PPPoE discovery A PPPoE virtual link is created for user access.
negotiation

PPP PPP negotiation includes LCP negotiation,

2 PPPoE session
negotiation PAP/CHAP authentication, and NCP negotiation.

3 PPPoE termination PPPoE The user goes offline, and the client or server then
disconnection terminates the connection.

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 PPPoE Session Packet PPPoE PPPoE PPPoE
Overview Establishment Format Discovery Session Termination

PPPoE Packets
 A PPPoE session is established by exchanging different PPPoE packets. The PPPoE packet structure and common
packet types are as follows.
6 bytes 6 bytes 2 bytes 6 bytes 40–1494 bytes 4 bytes

DMAC SMAC Eth-Type PPPoE-Header PPP-Packet FCS

4 bits 4 bits 1 byte 2 bytes 2 bytes

Version Type Code Session ID Length

Cod
Name Content
e
0x09 PADI PPPoE Active Discovery Initiation packet
0x07 PADO PPPoE Active Discovery Offer packet
0x19 PADR PPPoE Active Discovery Request packet
0x65 PADS PPPoE Active Discovery Session-confirmation packet
0xa7 PADT PPPoE Active Discovery Terminate packet
Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 PPPoE Session Packet PPPoE PPPoE PPPoE
Overview Establishment Format Discovery Session Termination

PPPoE Discovery Stage

 PPPoE discovery involves four steps: 1) the client sends a request, 2) the servers respond to the request, 3) the client
confirms a response and 4) establishes a session.
Step 1 Step 2

PADI PPPoE server A PADO-A PPPoE server A

PADI PADO-B

PPPoE server B PADO-B PPPoE server B

PPPoE client PPPoE client

• The client broadcasts a requested service. PPPoE server C • Multiple servers may be available to provide the service.
PPPoE server C

Step 4 Step 3
Session ID
PADS PPPoE server A PADR PPPoE server A

PPPoE server B PPPoE server B

PPPoE client PPPoE client

PPPoE server C • The client preferentially selects the first received service PPPoE server C
• The server assigns a session ID to the client to establish a session. response and sends a service request.

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 PPPoE Session Packet PPPoE PPPoE PPPoE
Overview Establishment Format Discovery Session Termination

PPPoE Session Stage

 In the PPPoE session stage, PPP negotiation, including LCP, authentication, and NCP negotiation, is
performed.

In the entire session stage, the

session ID allocated by the PPPoE
server remains unchanged.

PPP parameter negotiation PPPoE server A

PPPoE client PPPoE server B

PPPoE server C

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 PPPoE Session Packet PPPoE PPPoE PPPoE
Overview Establishment Format Discovery Session Termination

PPPoE Session Termination Stage

 If the PPPoE client wants to terminate the session, it sends a PADT packet to the PPPoE server.
 Similarly, if the PPPoE server wants to terminate the session, it sends a PADT packet to the PPPoE
client.

The PADT packet carries the

session ID to identify the
session to be terminated.
PADT
PPPoE server A

PPPoE client PPPoE server B

PPPoE server C

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Early WAN Technologies

2. PPP Implementation and Configuration

3. PPPoE Implementation and Configuration

▫ PPPoE Overview

▪ Basic PPPoE Configuration

4. Development of WAN Technologies

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Configuring Basic PPPoE Functions
1. Configure a dialer rule and set conditions for initiating a PPPoE session under the rule.
[Huawei] dialer-rule

Configure a username on the dialer interface. The username must be the same as that of the peer server.

[Huawei-Dialer1]dialer user username

3. Add the interface to a dialer group.

[Huawei-Dialer1]dialer-group group-number

4. Specify a dialer bundle for the interface.

[Huawei-Dialer1]dialer-bundle number

5. Bind a physical interface to the dialer bundle.

[Huawei-Ethernet0/0/0]pppoe-client dial-bundle-number number

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring a PPPoE Client (1)

1. Create a dialer interface and configure a username and password

PPPoE client PPPoE server for authentication.
GE 0/0/1 GE 0/0/0
[R1]dialer-rule

R1 R2 [R1-dialer-rule]dialer-rule 1 ip permit
[R1-dialer-rule]quit
[R1]interface dialer 1
[R1-Dialer1] dialer user enterprise
[R1-Dialer1] dialer-group 1
 Experiment requirements: [R1-Dialer1] dialer bundle 1
1. Configure R1 as a PPPoE client and R2 as a PPPoE server. [R1-Dialer1] ppp chap user huawei1
2. Configure a dialer interface for the PPPoE client on R1.
[R1-Dialer1] ppp chap password cipher huawei123
3. Configure the authentication function on the dialer interface
[R1-Dialer1] ip address ppp-negotiate
on R1.
4. The dialer interface on R1 can obtain the IP address
allocated by the PPPoE server.
5. R1 can access the server through the dialer interface.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring a PPPoE Client (2)

2. Bind the dialer interface to an outbound interface.

PPPoE client PPPoE server
GE 0/0/1 GE 0/0/0 [R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]pppoe-client dial-bundle-number 1
R1 R2 [R1-GigabitEthernet0/0/1]quit

3. Configure a default route from the PPPoE client to the server.

 Experiment requirements: [R1]ip route-static 0.0.0.0 0.0.0.0 dialer 1
1. Configure R1 as a PPPoE client and R2 as a PPPoE server.
2. Configure a dialer interface for the PPPoE client on R1.
3. Configure the authentication function on the dialer interface
on R1.
4. The dialer interface on R1 can obtain the IP address
allocated by the PPPoE server.
5. R1 can access the server through the dialer interface.

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example for Configuring a PPPoE Server
1. Create an address pool and a virtual template.
[R2]ip pool pool1 # Create an address pool and specify the range of
PPPoE client PPPoE server the IP addresses to be allocated and a gateway.
GE 0/0/1 GE 0/0/0 [R2-ip-pool-pool1]network 192.168.1.0 mask 255.255.255.0
[R2-ip-pool-pool1]gateway-list 192.168.1.254
R1 R2 [R2]interface Virtual-Template 1 # Create a virtual template interface.
[R2-Virtual-Template1]ppp authentication-mode chap
[R2-Virtual-Template1]ip address 192.168.1.254 255.255.255.0
[R2-Virtual-Template1]remote address pool pool1

 Experiment requirements: 2. Bind a physical interface to the virtual template.

1. Create an address pool on the PPPoE server for [R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]pppoe-server bind virtual-template 1
address allocation to the PPPoE client.
[R2-GigabitEthernet0/0/0]quit
2. The PPPoE server authenticates the PPPoE client 3. Create an access user.
and assigns a valid IP address to the client. [R2]aaa # Add information about the user to be authenticated.
[R2-aaa]local-user huawei1 password cipher huawei123
[R2-aaa]local-user huawei1 service-type ppp

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Verifying the Configuration
1. Check detailed information about the dialer interface. 2. Check the initial status of the PPPoE session on the client.

<R1>display interface Dialer 1 [R1]display pppoe-client session summary

Dialer1 current state: UP PPPoE Client Session:
Line protocol current state: UP (spoofing) ID Bundle Dialer Intf Client-MAC Server-MAC State
Description: HUAWEI, AR Series, Dialer1 Interface 0 1 1 GE0/0/1 54899876830c 000000000000 IDLE
Route Port, The Maximum Transmit Unit is 1500, Hold timer is
10(sec)
Internet Address is negotiated, 192.168.10.254/32
3. Check the establishment status of the PPPoE session on the client.
Link layer protocol is PPP
LCP initial [R1]display pppoe-client session summary
Physical is Dialer PPPoE Client Session:
Bound to Dialer1:0: ID Bundle Dialer Intf Client-MAC Server-MAC State
Dialer1:0 current state : UP 1 1 1 GE0/0/1 00e0fc0308f6 00e0fc036781 UP
Line protocol current state : UP
Link layer protocol is PPP
LCP opened, IPCP opened

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Overview of Early WAN Technologies

2. PPP Implementation and Configuration

3. PPPoE Implementation and Configuration

4. Development of WAN Technologies

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Evolution of WAN Technologies
 The data link layer protocols commonly used on early WANs include PPP, HDLC, and ATM. With the network evolution
towards all-IP, the IP-based Internet becomes popular. However, the IP technology based on the longest match rule
must use software to search for routes, resulting in low forwarding performance, which has become the bottleneck that
restricts the network development.

 Multiprotocol Label Switching (MPLS) was originally proposed to improve the forwarding speeds of routers. Compared
with the traditional IP routing mode, MPLS parses IP packet headers only at the network edges during data forwarding.
Transit nodes forward packets based on labels, without the need to parse IP packet headers. This speeds up software
processing.

 With the improvement of router performance, the route search speed is no longer a bottleneck for network development.
Thus, MPLS loses its advantage in fast forwarding speed. However, leveraging support for multi-layer labels and a
connection-oriented forwarding plane, MPLS is widely applied in various scenarios, such as virtual private network
(VPN), traffic engineering (TE), and quality of service (QoS) scenarios. MPLS apllied
VPN
QoS
TE

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Traditional IP Routing and Forwarding
 Traditional IP forwarding uses hop-by-hop forwarding. Each time a data packet passes through a router, the router
decapsulates the packet to check the network layer information and searches its routing table based on the longest
match rule to guide packet forwarding. The repeat process of decapsulating packets, searching routing tables, and re-
encapsulating the packets on routers lead to low forwarding performance.
• Characteristics of traditional IP routing and forwarding:
IP address
PC1:192.168.1.1/24 PC2:192.168.2.1/24
Data
▫ All routers need to know the network-wide routes.
IP address
IP address
Data
Data ▫ Traditional IP forwarding is connectionless-oriented and
IP address
IP address
R3 Data cannot provide good end-to-end QoS guarantee.
Data

IGP
G0/0/2 R1 routing table
R1 R2 R5 R6
Destination/Mask Protocol Preference Cost NextHop Interface

192.168.1.0/24 Direct 0 0 192.168.1.254 GE 0/0/0

192.168.12.0/24 Direct 0 0 192.168.12.1 GE 0/0/2
R4
192.168.2.0/24 OSPF 10 3 192.168.12.2 GE 0/0/2

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MPLS Label-based Forwarding

PC1:192.168.1.1/24
MPLS label 2
PC2:192.168.2.1/24
 MPLS is used on IP backbone networks.
IP address
MPLS label 1
Data  MPLS is a tunneling technology that provides
IP address

Data
IP address connection-oriented switching for the network layer
Data
IP address
IP address based on IP routing and control protocols. It provides
Data
R3 Data
P node better QoS guarantee.

IGP  MPLS labels, instead of IP routes, are searched for to

R1 R2 R5 R6
PE forward packets, which greatly improves forwarding
PE
efficiency.
MPLS domain
R4  Labels used in MPLS forwarding can be manually
P node
configured or dynamically allocated using a label
distribution protocol.

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 MPLS Forwarding Problems
 MPLS labels can be statically or dynamically distributed. The involved problems are as follows:
 Static label distribution requires manual configuration. As the network scale expands, network topologies are prone to change. Static label configuration
cannot meet the requirements of large-scale networks.

 Some dynamic label distribution protocols do not have the path computation capability and need to use IGPs to compute paths. In addition, the control
planes of these protocols are complex, requiring devices to send a large number of messages to maintain peer and path status, wasting link bandwidth and
device resources. What is more, despite supporting TE, some label distribution protocols require complex configurations and do not support load balancing.
Devices have to send a large number of protocol packets to maintain proper paths. In addition, as devices are independent and know only their own status,
they need to exchange signaling packets, which also waste link bandwidth and device resources.

R2

IGP
R5 R1 R3 R6
R4
IGP
MPLS domain Label distribution protocol

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to Segment Routing
 To solve the problems facing traditional IP forwarding and MPLS forwarding, the industry proposed
Segment Routing (SR). SR makes the following improvements:
1. Extends the existing protocols.
 The extended IGPs and BGP have the label distribution capability, eliminating the need for other label distribution protocols on
networks, and thereby simplifying protocols.

2. Introduces the source routing mechanism.

 Using the source routing mechanism, controllers can centrally calculate paths.

3. Allows networks to be defined by services.

 Networks are driven by services. After service requirements, such as latency, bandwidth, and packet loss rate requirements, are
raised by applications, a controller can collect information such as the network topology, bandwidth usage, and latency, and
calculate explicit paths based on these requirements.

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SR Forwarding Implementation (1)
 SR divides a network path into segments and assigns segment IDs (SIDs) to these segments.
 SIDs are allocated to forwarding nodes or adjacency links. In this example, SIDs of the forwarding nodes
are expressed in 1600X, where X is a node ID; SIDs of the adjacency links are expressed in 160XX, where
XX indicates the node IDs at both ends of a link.
SID: 16003
R3

SID: 16002 SID: 16005

R1 R2 R5 R6

R4 MPLS

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SR Forwarding Implementation (2)
 SIDs of adjacency links and network nodes are arranged in order to form a segment list, which represents
a forwarding path. The segment list is encoded by the source node in a header of a data packet, and is
transmitted with the data packet. The essence of SR is instructions, which guide where and how packets
go.
16003
16035 SID: 16003
16005 R3
IP address
Data
SID: 16005

R1 R2 R5 R6

R4 MPLS

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SR Deployment Modes
 SR can be deployed with or without a controller. If a controller is used, the controller collects information,
reserves path resources, computes paths, and delivers the results to the source node. This mode is
preferred.

PCEP
CLI

R2 R2

R1 R4 R3 R1 R4 R3

Page 49 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SR Application
 SR can be used to easily specify packet forwarding paths. On a live network, different paths can be defined for different
services. In this example, three explicit paths are defined to implement the service-driven network: one each for data
download, video, and voice services. Devices are managed by the controller, which can quickly provision paths in real
time.

NETCONF
High-bandwidth path

PCEP
Low-latency path
Data download

Video

Voice

Path with a low packet loss rate

Page 50 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple) Which of the following statements about PPP are true?
A. PPP supports the bundling of multiple physical links into a logical link to increase the bandwidth.

B. PPP supports cleartext and ciphertext authentication.

C. PPP cannot be deployed on Ethernet links because of its poor scalability.

D. PPP supports asynchronous and synchronous links for the physical layer.

E. PPP supports multiple network layer protocols, such as IPCP.

2. (Single) After a PPPoE client sends a PADI packet to PPPoE servers, the PPPoE servers reply with a
PADO packet. Which kind of frame is the PADO packet?
A. A. Multicast B. Broadcast C. Unicast D. Anycast

3. (Single) Which of the following values of the Length/Type field in an Ethernet data frame indicates that the
Ethernet data frame carries PPPoE discovery packets?
A. A. 0x0800 B. 0x8864 C. 0x8863 D. 0x0806
Page 51 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 This course reviews the types and applications of early WAN technologies and describes the evolution of
WANs from the early circuit switching networks to IP networks, MPLS label switching network, and finally to
SR networks. With the development of network technologies, networks become more efficient and
intelligent.

 The course also describes the implementation of PPP, including parameter negotiation during PPP link
establishment, authentication negotiation, and network layer negotiation. It analyzes in detail two PPP
authentication protocols – PAP and CHAP, and describes their working processes and differences.

 PPPoE is the most widely used PPP application. By analyzing how a PPPoE session is discovered,
negotiated, established, and torn down, this course help you better understand the working mechanism
and configuration of PPPoE.

Page 52 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
 (Multimedia) Segment Routing MPLS Advanced Series
 https://support.huawei.com/carrier/docview?nid=DOC1100645168&path=PBI1-7275726/PBI1-
21782273/PBI1-7275849/PBI1-7276518/PBI1-15837

 (Multimedia) Segment Routing IPv6 Advanced Series

 https://support.huawei.com/enterprise/en/doc/EDOC1100133514?idPath=24030814%7C9856750%7C2
2715517%7C9858933%7C15837

Page 53 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 54 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
• Network management and O&M is classified as software management or hardware
management.

▫ Software management: management of network applications, user accounts

(such as accounts for using files), and read and write permissions. This course
does not describe software management in detail.

▫ Hardware management: management of network elements (NEs) that constitute

the network, including firewalls, switches, routers, and other devices. This course
mainly describes hardware management.

• Generally, an enterprise network has dedicated departments or personnel responsible

for network management and O&M.

• Note:

▫ A network element (NE) refers to a hardware device and software running on

the hardware device. An NE has at least one main control board that manages
and monitors the entire NE. The NE software runs on the main control board.
• Traditional network management:

▫ Web system: The built-in web server of the device provides a graphical user
interface (GUI). You need to log in to the device to be managed from a terminal
through Hypertext Transfer Protocol Secure (HTTPS).

▫ CLI mode: You can log in to a device through the console port, Telnet, or SSH to
manage and maintain the device. This mode provides refined device
management but requires that users be familiar with command lines.

▫ SNMP-based centralized management: The Simple Network Management

Protocol (SNMP) provides a method for managing NEs (such as routers and
switches) by using a central computer (that is, a network management station)
that runs network management software. This mode provides centralized and
unified management of devices on the entire network, greatly improving
management efficiency.

• iMaster NCE-based network management:

▫ iMaster NCE is a network automation and intelligence platform that integrates

management, control, analysis, and AI functions. It provides four key capabilities:
full-lifecycle automation, intelligent closed-loop management based on big data
and AI, scenario-specific app ecosystem enabled by open programmability, and
all-cloud platform with ultra-large system capacity.

▫ iMaster NCE uses protocols such as Network Configuration Protocol (NETCONF)

and RESTCONF to deliver configurations to devices and uses telemetry to
monitor network traffic.
1,Full-life cycle automation
2,Intelligent closed-loop management on big data
3,AI,scenario-specific app ecosystem enabled by open programmability
4,All-cloud platform with ultra-large system capacity.
• As networks rapidly expand and applications become more diversified, network
administrators face the following problems:

▫ The fast growth of network devices increases network administrators' workloads.

In addition, networks' coverage areas are constantly being expanded, making
real-time monitoring and fault locating of network devices difficult.

▫ There are various types of network devices and the management interfaces (such
as command line interfaces) provided by different vendors vary from each other,
making network management more complex.
• There are three SNMP versions: SNMPv1, SNMPv2c, and SNMPv3.

▫ In May 1990, RFC 1157 defined the first SNMP version: SNMPv1. RFC 1157
provides a systematic method for monitoring and managing networks. SNMPv1
implements community name-based authentication, failing to provide high
security. In addition, only a few error codes are returned in SNMPv1 packets.

▫ In 1996, the Internet Engineering Task Force (IETF) released RFC 1901 in which
SNMPv2c is defined. SNMPv2c provides enhancements to standard error codes,
data types (Counter 64 and Counter 32), and operations including GetBulk and
Inform.

▫ SNMPv2c still lacks security protection measures, so IETF released SNMPv3.

SNMPv3 provides user security module (USM)-based encryption and
authentication and a view-based access control model (VACM).
USM
VACM
• An NMS is an independent device that runs network management programs. The
network management programs provide at least one man-machine interface for
network administrators to perform network management operations. Web page
interaction is a common man-machine interaction mode. That is, a network
administrator uses a terminal with a monitor to access the web page provided by the
NMS through HTTP/HTTPS.
• MIB is defined independently of a network management protocol. Device vendors can
integrate SNMP agent software into their products (for example, routers), but they
must ensure that this software complies with relevant standards after new MIBs are
defined. You can use the same network management software to manage routers
containing MIBs of different versions. However, the network management software
cannot manage a router that does not support the MIB function.

• There are public MIBs and private MIBs.

▫ Public MIBs: defined by RFCs and used for structure design of public protocols
and standardization of interfaces. Most vendors need to provide SNMP interfaces
according to the specifications defined in RFCs.

▫ Private MIBs: They are the supplement of the public MIBs. Some enterprises need
to develop private protocols or special functions. The private MIBs are designed
to enable the SNMP interface to manage such protocols or functions. They also
help the NMS provided by the third party to manage devices. For example, the
MIB object of Huawei is 1.3.6.1.4.1.2011.
• The maximum access permission of a MIB object indicates the operations that the
NMS can perform on the device through the MIB object.

▫ not-accessible: No operation can be performed.

▫ read-only: reads information.

▫ read-write: reads information and modifies configurations.

▫ read-create: reads information, modifies configurations, adds configurations, and

deletes configurations.

• When generating a trap, the device reports the type of the current trap together with
some variables. For example, when sending a linkDown trap, the device also sends
variables such as the interface index and current configuration status of the involved
interface.

▫ ifIndex: interface index (number)

▫ ifAdminStatus: indicates the administrative status, that is, whether the interface
is shut down. 1 indicates that the interface is not shut down, and 2 indicates that
the interface is shut down.

▫ ifOperStasuts: indicates the current operating status of the interface, that is, the
link layer protocol status of the interface. The value 1 indicates Up, 2 indicates
Down.

▫ ifDesc: interface description

 NMS to managed
1,Get
2,GetNext
3,Set

• SNMPv1 defines five protocol operations.

▫ Get-Request: The NMS extracts one or more parameter values from the MIB of
the agent process on the managed device.

▫ Get-Next-Request: The NMS obtains the next parameter value from the MIB of
the agent process in lexicographical order.

▫ Set-Request: The NMS sets one or more parameter values in the MIB of the
agent process.

▫ Response: The agent process returns one or more parameter values. It is the
response to the first three operations.

▫ Trap: The agent process sends messages to the NMS to notify the NMS of critical
or major events.
• SNMPv2c supports the following operations:

▫ GetBulk: equals to multiple GetNext operations. You can set the number of
GetNext operations to be included in one GetBulk operation.

▫ Inform: A managed device proactively sends traps to the NMS. In contrast to the
trap operation, the inform operation requires an acknowledgement. After a
managed device sends an InformRequest message to the NMS, the NMS returns
an InformResponse message. If the managed device does not receive the
acknowledgment message, it temporarily saves the trap in the Inform buffer and
resends the trap until the NMS receives the trap or the number of retransmission
times reaches the maximum.
• SNMPv3 supports identity authentication and encryption.

▫ Identity authentication: A process in which the agent process (or NMS) confirms
whether the received message is from an authorized NMS (or agent process) and
whether the message is changed during transmission.

▫ Encryption: The header data and security parameter fields are added to SNMPv3
messages. For example, when the management process sends an SNMPv3 Get-
Request message carrying security parameters such as the username, key, and
encryption parameters, the agent process also uses an encrypted response
message to respond to the Get-Request message. This security encryption
mechanism is especially applicable to a scenario in which data needs to be
transmitted through a public network between the management process and
agent process.
• One zettabyte (abbreviated "ZB") is equal to 1012 GB.
180trillion
• iMaster NCE provides the following key capabilities:

▫ Full-lifecycle automation: iMaster NCE provides full-lifecycle automation across

multiple network technologies and domains based on unified resource modeling
and data sharing, enabling device plug-and-play, immediate network availability
after migration, on-demand service provisioning, fault self-healing, and risk
warning.

▫ Intelligent closed-loop management based on big data and AI: iMaster NCE
constructs a complete intelligent closed-loop system based on its intent engine,
automation engine, analytics engine, and intelligence engine. It also uses
telemetry to collect and aggregate massive volumes of network data. This allows
it to determine the network status in real time. iMaster NCE provides big data-
based global network analysis and insights through unified data modeling, and is
equipped with Huawei's sophisticated AI algorithms accumulated during its 30
years in the telecom industry. It provides automated closed-loop analysis,
forecast, and decision-making based on customers' intents. This helps improve
user experience and continuously enhance network intelligence.
• NETCONF client: manages network devices using NETCONF. Generally, the NMS
functions as the NETCONF client. It sends <rpc> elements to a NETCONF server to
query or modify configuration data. The client can learn the status of a managed
device based on the traps and events reported by the server.

• NETCONF server: maintains information about managed devices, responds to requests

from clients, and reports management data to the clients. NETCONF servers are
typically network devices, for example, switches and routers. After receiving a request
from a client, a server parses data, processes the request with the assistance of the
Configuration Manager Frame (CMF), and then returns a response to the client. If a
trap is generated or an event occurs on a managed device, the NETCONF server
reports the trap or event to the client through the Notification mechanism, so the
client can learn the status change of the managed device.

• A client and a server establish a connection based on a secure transmission protocol

such as Secure Shell (SSH) or Transport Layer Security (TLS), and establish a NETCONF
session after exchanging capabilities supported by the two parties using Hello packets.
In this way, the client and the server can exchange messages. A network device must
support at least one NETCONF session. The data that a NETCONF client obtains from a
NETCONF server can be configuration data or status data.
• NETCONF uses SSH to implement secure transmission and uses Remote Procedure Call
(RPC) to implement communication between the client and server.
• YANG originates from NETCONF but is not only used for NETCONF. Although the
YANG modeling language is unified, YANG files are not unified.

• YANG files can be classified into the following types:

▫ Vendor's proprietary YANG file

▫ IETF standard YANG

▫ OpenConfig YANG

• The YANG model is presented as a .yang file.

• The YANG model has the following characteristics:

▫ Hierarchical tree-like structure modeling.

▫ Data models are presented as modules and sub-modules.

▫ It can be converted to the YANG Independent Notation (YIN) model based on the
XML syntax without any loss.

▫ Defines built-in data types and extensible types.

• There is also a view in the industry that SNMP is considered as a traditional telemetry
technology, and the current telemetry is referred to as streaming telemetry or model-
driven telemetry.

• Telemetry packs the data to be sent, improving transmission efficiency.

1. A

2. C
3. A

4. A
 Foreword
 In the 1980s, the Internet Engineering Task Force (IETF) released RFC 791 – Internet
Protocol, which marks the standardization of IPv4. In the following decades, IPv4 has
become one of the most popular protocols. Numerous people have developed various
applications based on IPv4 and made various supplements and enhancements to IPv4,
enabling the Internet to flourish.
 However, with the expansion of the Internet and the development of new technologies
such as 5G and Internet of Things (IoT), IPv4 faces more and more challenges. It is
imperative to replace IPv4 with IPv6.
 This course describes the reasons for IPv4-to-IPv6 transition and basic IPv6
knowledge.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
▫ Summarize the advantages of IPv6 over IPv4.

▫ Describe the basic concepts of IPv6.

▫ Describe the formats and functions of IPv6 packet headers.

▫ Describe the IPv6 address format and address types.

▫ Describe the method and basic procedure for configuring IPv6 addresses.

▫ Configure IPv6 addresses and IPv6 static routes.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. IPv6 Overview

2. IPv6 Address Configuration

3. Typical IPv6 Configuration Examples

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv4 Status
 On February 3, 2011, the Internet Assigned Numbers Authority (IANA) announced even allocation of its last
4.68 million IPv4 addresses to five Regional Internet Registries (RIRs) around the world. The IANA
thereafter had no available IPv4 address.

APNIC: announced IPv4 LACNIC: announced IPv4 AFRINIC: announced IPv4

address exhaustion address exhaustion address exhaustion

2011.4 2012.9 2014.6 2015.9 2019.11.25 Future

?
RIPE: announced IPv4 ARIN: announced IPv4
IPv6
address exhaustion address exhaustion

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Why IPv6?
IPv4 IPv6

Exhausted public IP addresses Nearly infinite address space

Improper packet header design Hierarchical address allocation

Large routing table, leading to Plug-and-play

inefficient table query

Dependency on ARP causes

vs. Simplified packet header

IPv6 security features

broadcast storms
Integrity of E2E communication
... Support for mobility

Enhanced QoS features

...

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Advantages
Nearly infinite address The 128-bit address length provides numerous addresses, meeting the requirements of emerging services such as
space the IoT and facilitating service evolution and expansion.

Hierarchical address IPv6 addresses are allocated more properly than IPv4 addresses, facilitating route aggregation (reducing the size of
structure IPv6 routing tables) and fast route query.

Plug-and-play IPv6 supports stateless address autoconfiguration (SLAAC), simplifying terminal access.

Simplified packet The simplified packet header improves forwarding efficiency. New applications can be supported using extension
header headers, which facilitate the forwarding processing of network devices and reduce investment costs.

IPsec, source address authentication, and other security features ensure E2E security, preventing NAT from
Security features damaging the integrity of E2E communication.

Mobility Greatly improves real-time communication and performance of mobile networks.

Enhanced QoS A Flow Label field is additionally defined and can be used to allocate a specific resource for a special service and data
features flow.

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic IPv6 Header
 An IPv6 header consists of a mandatory basic IPv6 header and optional extension headers.
 The basic header provides basic information for packet forwarding and is parsed by all devices on a
forwarding path.
IPv4 packet header (20–60 bytes) Basic IPv6 header (40 bytes)

Version IHL ToS Total Length Traffic

Version Flow Label
Class
Fragment
Identification Flags Next
Offset Payload Length Hop Limit
Header
TTL Protocol Head Checksum
Source Address Source Address

Destination Address
Destination Address
Options Padding

Name/Location
Deleted Reserved New
changed

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Extension Header
Traffic • Extension Header Length: 8 bits long. This
Version Flow Label
Class field indicates the extension header length
excluding the length of the Next Header field.
Next 40 • Extension Header Data: variable length. This
Payload Length Hop Limit
Header bytes field indicates the payload of the extension
headers and is a combination of a series of
Source Address (128 bits) options and padding fields.
Destination Address (128 bits)
Basic IPv6 Header
Next Header Extension Header Length Next Header=0 (Hop-by-Hop Options Header)
Variable
length IPv6 Hop-by-Hop Options Header
Extension Header Data Next Header=51 (Authentication Header)
IPv6 Authentication Header
Next Header Extension Header Length Variable Next Header=6 (TCP)
Extension Header Data length
TCP Data Segment
... IPv6 packet example
Data

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Packet Processing Mechanism
Basic IPv6 Header Basic IPv6 Header Basic IPv6 Header
Next Header=0 (Hop-by-Hop Next Header=0 (Hop-by-Hop Options Next Header=0 (Hop-by-Hop
Options Header) Header) Options Header)
IPv6 Hop-by-Hop Options Header IPv6 Hop-by-Hop Options Header IPv6 Hop-by-Hop Options Header
Next Header=51 (Authentication Next Header=51 (Authentication Header) Next Header=51 (Authentication
Header) Header)
IPv6 Authentication Header
IPv6 Authentication Header Next Header=6 (TCP) IPv6 Authentication Header
Next Header=6 (TCP) Next Header=6 (TCP)
TCP Data Segment
TCP Data Segment TCP Data Segment

Process the basic header and

Constructs an IPv6 Hop-by-Hop Options header.
Processes all
packet as required. packet headers.

Source router Intermediate router Intermediate router Destination router

• The length of the basic packet header is fixed,

improving the forwarding efficiency.
• The extension headers meet special requirements.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Address
 The length of an IPv6 address is 128 bits. Colons are generally used to divide the IPv6 address into eight
segments. Each segment contains 16 bits and is expressed in hexadecimal notation.

16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits

2001 : 0DB8 : 0000 : 0000 : 0008 : 0800 : 200C : 417A

The letters in an IPv6 address are case insensitive. For example, A is equivalent to a.

• Similar to an IPv4 address, an IPv6 address is expressed in the format of IPv6 address/mask length.
▫ Example: 2001:0DB8:2345:CD30:1230:4567:89AB:CDEF/64

IPv6 address: 2001:0DB8:2345:CD30:1230:4567:89AB:CDEF

Subnet number: 2001:0DB8:2345:CD30::/64

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Address Abbreviation Specifications
 For convenience, IPv6 can be abbreviated according to the following rules.
Abbreviation Specifications Abbreviation Examples

2001 : 0DB8 : 0000 : 0000 : 0008 : 0800 : 200C : 417A Before 0000:0000:0000:0000:0000:0000:0000:0001

The leading 0s in each 16-bit segment can be omitted. However, if all bits After ::1
in a 16-bit segment are 0s, at least one 0 must be reserved. The tailing 0s
cannot be omitted.
Before 2001:0DB8:0000:0000:FB00:1400:5000:45FF
After 2001:DB8::FB00:1400:5000:45FF
2001 : DB8 : 0 : 0 : 8 : 800 : 200C : 417A
If one or more consecutive 16-bit segments contain only 0s, a double Before 2001:0DB8:0000:0000:0000:2A2A:0000:0001
colon (::) can be used to represent them, but only one :: is allowed in an After 2001:DB8::2A2A:0:1
entire IPv6 address.
Before 2001:0DB8:0000:1234:FB00:0000:5000:45FF
2001 : DB8 :: 8 : 800 : 200C : 417A
After 2001:DB8::1234:FB00:0:5000:45FF
If an abbreviated IPv6 address contains two double colons (::), the IPv6
address cannot be restored to the original one. or 2001:DB8:0:1234:FB00::5000:45FF

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Address Classification
 IPv6 addresses are classified into unicast, multicast, and anycast addresses according
to the IPv6 address prefix. No broadcast addresses
IPv6 are defined in IPv6.
addresses

Multicast Unicast Anycast

addresses addresses addresses

Global unicast Unique local Link-local Special IPv6 Other unicast

address (GUA) address (ULA) address (LLA) address addresses...
2000::/3 FD00::/8 FE80::/1
0

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Unicast IPv6 Multicast IPv6 Anycast
Address Address Address

IPv6 Unicast Address Format

 An IPv6 unicast address is composed of two parts:
▫ Network prefix: consists of n bits and is parallel to the network ID of an IPv4 address.

▫ Interface ID: consists of (128 – n) bits and is parallel to the host ID of an IPv4 address.

 Common IPv6 unicast addresses, such as GUAs and LLAs, require that the network
prefix and interface ID be 64 bits.

n bits 128 – n bits

Network prefix Interface ID

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Unicast IPv6 Multicast IPv6 Anycast
Address Address Address

Interface ID of an IPv6 Unicast Address

 3 methods to generate an interface ID:
▫ Manual configuration

▫ Automatic generation by the system

▫ Using the IEEE 64-bit extended unique identifier (EUI-64) standard

 EUI-64 is most commonly used. It converts the MAC address of an interface into an IPv6 interface ID.

MAC address (hexadecimal) 3C-52-82-49-7E-9D

MAC address (binary) 00111100-10010010-10000010 - 01001001-01111110-10011101

1 Bit 7 inversion 2 Insert FFFE

EUI-64 ID
(binary) 00111110-10010010-10000010-11111111-11111110-01001001-01111110-10011101

EUI-64 ID (hexadecimal) 3E-52-82-FF-FE-49-7E-9D

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Unicast IPv6 Multicast IPv6 Anycast
Address Address Address

Common IPv6 Unicast Address - GUA

 A GUA is also called an aggregatable GUA. This type of address is globally unique and is used by hosts
that need to access the Internet. It is equivalent to a public IPv4 address.

3 bits 45 bits 16 bits 64 bits

IPv6
Global routing Subnet
001
prefix ID
Interface ID Internet
Network address Host address

• The network address and interface ID of a GUA are

each generally 64 bits long.
• Global routing prefix: is assigned by a provider to an
organization and is generally at least 45 bits.
• Subnet ID: An organization can divide subnets based on
network requirements.
• Interface ID: identifies a device's interface. 2001:1::1/64 2001:2::1/64

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Unicast IPv6 Multicast IPv6 Anycast
Address Address Address

Common IPv6 Unicast Address - ULA

 A ULA is a private IPv6 address that can be used only on an intranet. This type of address cannot be
routed on an IPv6 public network and therefore cannot be used to directly access a public network.

8 bits 40 bits 16 bits 64 bits IPv6

1111 1101 Global ID
Subnet
Interface ID Internet
ID

Generated using a
pseudo-random algorithm
• ULAs use the FC00::/7 address segment, among
which, only the FD00::/8 address segment is currently
used. FC00::/8 is reserved for future expansion.
• Although a ULA is valid only in a limited range, it also
has a globally unique prefix (generated using a
pseudo-random algorithm, low conflict probability).
FD00:1AC0:872E::1/6 FD00:1AC0:872E::2/6 FD00:2BE1:2320::1/6
4 4 4

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Unicast IPv6 Multicast IPv6 Anycast
Address Address Address

Common IPv6 Unicast Address - LLA

 An LLA is another type of IPv6 address with limited application scope. The valid range of the LLA is the
local link, with the prefix of FE80::/10.

IPv6
10 bit 54 bit 64 bit
Internet
1111 1110 10 0 Interface ID

Fixed at 0

• An LLA is used for communication on a single link, such as during

IPv6 SLAAC and IPv6 neighbor discovery.

• Data packets with the source or destination IPv6 address being

an LLA are not forwarded out of the originating link. In other
words, the valid scope of an LLA is the local link.

• Each IPv6 interface must have an LLA. Huawei devices support

FE80:: FE80:: FE80:: FE80::
automatic generation and manual configuration of LLAs.
1 2 3 4

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Unicast IPv6 Multicast IPv6 Anycast
Address Address Address

IPv6 Multicast Address

 An IPv6 multicast address identifies multiple interfaces and is generally used in one-to-many communication scenarios.

 An IPv6 multicast address can be used only as the destination address of IPv6 packets.

Multicast
source
8 bits 4 bits 4 bits 80 bits 32 bits Multicast
11111111 Flags Scop Reserved (must be 0) Group ID Network
e

• Flags: indicates a permanent or transient multicast group.

• Scope: indicates the multicast group scope.
• Group ID: indicates a multicast group ID.

Non-receiver Non-receiver Non-receiver Receiver Receiver

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Unicast IPv6 Multicast IPv6 Anycast
Address Address Address

Solicited-Node Multicast Address

 If a node has an IPv6 unicast or anycast address, a solicited-node multicast address is generated for the
address, and the node joins the corresponding multicast group. This address is used for neighbor
discovery and duplicate address detection (DAD). A solicited-node multicast address is valid only on
the local link.

64 bits 64 bits
IPv6 unicast or
anycast IPv6 Address Prefix Interface ID
address
24 bits
copied
Corresponding
FF02 0000 0000 0000 0000 0001 FF
solicited-node
multicast address 104 bits (fixed prefix) 24 bits

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Unicast IPv6 Multicast IPv6 Anycast
Address Address Address

IPv6 Anycast Address

 An anycast address identifies a group of network interfaces, which usually belong to different nodes. An
anycast address can be used as the source or destination address of IPv6 packets.

Shortest path for PC1 to access the web server

PC1 Web server 1

PC1 and PC2 need

to access Use the same
web services Internet IPv6 address
provided by 2001:0DB8::84C2.
2001:0DB8::84C2.

PC2 Web server 2

Shortest path for PC2 to access the web server

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. IPv6 Overview

2. IPv6 Address Configuration

3. Typical IPv6 Configuration Examples

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 IPv6 Addresses of Hosts and Routers
 The unicast IPv6 addresses and multicast addresses of hosts and routers are typically as follows:

Network

LLA of the network adapter FE80::2E0:FCFF:FE35:7287 LLA of the network adapter FE80::2E0:FCFF:FE99:1285
GUA assigned by an
GUA assigned by an 2001::2
2001::1 administrator
administrator
Loopback address ::1
Loopback address ::1
Multicast addresses of all
FF01::1 and FF02::1
Multicast addresses of all nodes
FF01::1 and FF02::1
nodes Multicast addresses of all
FF01::2 and FF02::2
Solicited-node multicast routers
address corresponding to each FF02::1:FF35:7287 Solicited-node multicast
unicast address of the network FF02::1:FF00:1 address corresponding to each FF02::1:FF99:1285
adapter unicast address of the network FF02::1:FF00:2
adapter

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Service Process of IPv6 Unicast Addresses
 Before sending IPv6 packets, an interface undergoes address configuration, DAD, and address resolution.
During this process, the Neighbor Discovery Protocol (NDP) plays an important role.
Similar to ARP requests in IPv4,
GUAs and LLAs are the most common ICMPv6 messages are used to
IPv6 unicast addresses on an DAD is similar to gratuitous ARP in IPv4 and is
used to detect address conflicts. generate the mappings between IPv6
interface. Multiple IPv6 addresses can addresses and data link layer
be configured on one interface. addresses (usually MAC addresses).

IPv6
Address data
DAD Address resolution
configuration forwarding

GUA LLA

Manual Manual
configuration configuration

SLAAC (NDP) Generated by the system

Stateful address Dynamically generated using

autoconfiguration (DHCPv6) EUI-64

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NDP
 NDP is defined in RFC 2461, which was replaced by RFC 4861.
 NDP uses ICMPv6 messages to implement its functions.
ICMPv6 messages used by
NDP
SLAAC Prefix ICMPv6 Type Message Name
advertisement 133 Router Solicitation (RS)
NDP DAD 134 Router Advertisement (RA)

Address 135 Neighbor Solicitation (NS)

resolution 136 Neighbor Advertisement (NA)

Mechanism RS 133 RA 134 NS 135 NA 136

Address resolution √ √
Prefix
√ √
advertisement
DAD √ √

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Dynamic Address Address
DAD
Configuration Resolution

Dynamic IPv6 Address Configuration

PC (DHCPv6 client) Stateful address DHCPv6
configuration server

DHCPv6 interaction
• Through DHCPv6 message exchange, the DHCPv6 server automatically configures IPv6 addresses/prefixes and other
network configuration parameters (such as DNS, NIS, and SNTP server addresses).

P Stateless address Router

C configuration
2000::2E0:FCFF:FE35:7287/64 2000::1/64

ICMPv6 RA
(My interface address prefix is 2000::/64.)
• The PC generates a unicast address based on the address prefix in the RA and the locally generated 64-bit interface ID
(for example, using EUI-64).
• Only IPv6 addresses can be obtained. Parameters such as NIS and SNTP server parameters cannot be obtained.
DHCPv6 or manual configuration is required to obtain other configuration information.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Dynamic Address Address
DAD
Configuration Resolution

DAD
 Regardless of how an IPv6 unicast address is configured, a host or router:
▫ Performs DAD through ICMPv6 messages.

▫ Uses a unicast address only after passing the DAD procedure.

2001::FFFF/64 2001::FFFF/64
5489-98C8-1111 5489-9850-2222

ICMPv6 NS ICMPv6 NA
P 2
R
1
C 1
New online Source 5489-98C8-1111 Source 5489-9850-2222 Already online
device Destination 3333-FF00-FFFF Destination 3333-0000-0001 device
Source ::
Source 2001::FFFF
Destination
Destination FF02::1
FF02::1:FF00:FFFF
ICMPv6 (Type135) NS ICMPv6 (Type136) NA

Target: 2001::FFFF
Target: 2001::FFFF
MAC 5489-9850-2222

3 [DUPLICATE]

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Dynamic Address Address
DAD
Configuration Resolution

Address Resolution
 IPv6 uses ICMPv6 NS and NA messages to replace the address resolution function of ARP in IPv4.
2001::1/64 2001::2/64
5489-98C8-1111 5489-9850-2222
Requests the MAC address
corresponding to 2001::2/64.
P 1 2 R
Responds
C 1

Source 5489-98C8-1111 Source 5489-9850-2222

Destination 3333-FF00-0002 Destination 5489-98C8-1111

Source 2001::1 Source 2001::2

Destination FF02::1:FF00:2 Destination 2001::1
The destination
address is the
ICMPv6 (Type135) NS ICMPv6 (Type136) NA
solicited-node
multicast address
corresponding to ICMPv6 DATA ICMPv6 DATA
2001::2. Source MAC Target MAC
5489-98C8-1111 5489-9850-2222

Bidirectionally generates MAC address entries

of IPv6 neighbors.

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. IPv6 Overview

2. IPv6 Address Configuration

3. Typical IPv6 Configuration Examples

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic IPv6 Configurations (1)
1. Enable IPv6.

[Huawei] ipv6
Enable the device to send and receive IPv6 unicast packets, including local IPv6 packets.
[Huawei-GigabitEthernet0/0/0] ipv6 enable
Enable IPv6 on the interface in the interface view.
2. Configure an LLA for the interface.
[Huawei-GigabitEthernet0/0/0] ipv6 address ipv6-address link-local
[Huawei-GigabitEthernet0/0/0] ipv6 address auto link-local
Configure an LLA for the interface manually or automatically in the interface view.
3. Configure a GUA for the interface.
[Huawei-GigabitEthernet0/0/0] ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
[Huawei-GigabitEthernet0/0/0] ipv6 address auto { global | dhcp }
Configure a GUA for the interface manually or automatically (stateful or stateless) in the interface view.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic IPv6 Configurations (2)
4. Configure an IPv6 static route.

[Huawei] ipv6 route-static dest-ipv6-address prefix-length { interface-type interface-number [ nexthop-ipv6-

address ] | nexthop-ipv6-address } [ preference preference ]

5. Display IPv6 information on an interface.

[Huawei] display ipv6 interface [ interface-type interface-number | brief ]

6. Display neighbor entry information.

[Huawei] display ipv6 neighbors

7. Enable an interface to send RA messages.

[Huawei-GigabitEthernet0/0/0] undo ipv6 nd ra halt

By default, a Huawei router's interfaces do not send ICMPv6 RA messages. In this situation, other devices on the
links connected to the interfaces cannot perform SLAAC.
To perform SLAAC, you need to manually enable the function of sending RA messages.
Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example: Configuring a Small IPv6 Network (1)
R3 1. Enable IPv6 globally and on related interfaces of R1, R2,
GE 0/0/0
Using DHCPv6 R3, and R4, and enable the interfaces to automatically
2002::1/64 generate LLAs. The following uses R1 configurations as an
GE 0/0/0
example.
GE 1/0/0
R2 2001::2/64 [R1]ipv6
GE 0/0/0
[R1]interface GigabitEthernet 0/0/0
GE 0/0/1 2001::1/64
R1 [R1-GigabitEthernet0/0/0]ipv6 enable
2003::1/64
[R1-GigabitEthernet0/0/0]ipv6 address auto link-local
GE 0/0/0
SLAAC
R4 2. Configure static IPv6 GUAs on the related interfaces of
IPv6 network
• Configuration Requirements
R1 and R2.
[R1]interface GigabitEthernet 0/0/0
▫ Connect R1 and R2 through interfaces with static IPv6
[R1-GigabitEthernet0/0/0]ipv6 address 2001::1 64
addresses.
▫ Configure R2 as a DHCPv6 server to assign a GUA to
GE 0/0/0 of R3. [R2]interface GigabitEthernet 1/0/0
[R2-GigabitEthernet1/0/0]ipv6 address 2001::2 64
▫ Enable R2 to send RA messages, and configure GE [R2-GigabitEthernet1/0/0]interface GigabitEthernet 0/0/0
0/0/0 of R4 to automatically perform SLAAC based on [R2-GigabitEthernet0/0/0]ipv6 address 2002::1 64
the RA messages sent by R2. [R2-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
▫ Configure static routes to implement mutual access [R2-GigabitEthernet0/0/1]ipv6 address 2003::1 64
between the devices.

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example: Configuring a Small IPv6 Network (2)
R3
GE 0/0/0 3. Configure R2 as a DHCPv6 server. Configure the related
Using DHCPv6
2002::1/64 interface of R3 to obtain a GUA using DHCPv6.
GE 0/0/0

GE 1/0/0 [R2]dhcp enable

R2 2001::2/64 GE 0/0/0 [R2]dhcpv6 pool pool1
GE 0/0/1 2001::1/64
R1
2003::1/64 [R2-dhcpv6-pool-pool1]address prefix 2002::/64
GE 0/0/0 [R2]interface GigabitEthernet 0/0/0
SLAAC
R4 [R2-GigabitEthernet0/0/0]dhcpv6 server pool1
IPv6 network
• Configuration Requirements
▫ Connect R1 and R2 through interfaces with static IPv6 [R3]dhcp enable
addresses. [R3]interface GigabitEthernet 0/0/0
▫ Configure R2 as a DHCPv6 server to assign a GUA to [R3-GigabitEthernet0/0/0]ipv6 address auto dhcp
GE 0/0/0 of R3.
▫ Enable R2 to send RA messages, and configure GE
0/0/0 of R4 to automatically perform SLAAC based on
the RA messages sent by R2.
▫ Configure static routes to implement mutual access
between the devices.

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example: Configuring a Small IPv6 Network (3)
R3 4. Enable R2 to advertise RA messages. Enable R4 to
GE 0/0/0
Using DHCPv6 obtain an address through SLAAC based on the RA
2002::1/64
GE 0/0/0 messages sent by R2.
GE 1/0/0
R2 [R2]interface GigabitEthernet 0/0/1
2001::2/64 GE 0/0/0
GE 0/0/1 2001::1/64 [R2-GigabitEthernet0/0/1]undo ipv6 nd ra halt
R1
2003::1/64
GE 0/0/0
SLAAC [R4]interface GigabitEthernet 0/0/0
R4
IPv6 network [R4-GigabitEthernet0/0/0]ipv6 address auto global
• Configuration Requirements
▫ Connect R1 and R2 through interfaces with static IPv6
addresses.
▫ Configure R2 as a DHCPv6 server to assign a GUA to
GE 0/0/0 of R3.
▫ Enable R2 to send RA messages, and configure GE
0/0/0 of R4 to automatically perform SLAAC based on
the RA messages sent by R2.
▫ Configure static routes to implement mutual access
between the devices.

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Example: Configuring a Small IPv6 Network (4)
R3
GE 0/0/0 5. Configure static routes on R4.
Using DHCPv6
2002::1/64
GE 0/0/0 [R4]ipv6 route-static 2001:: 64 2003::1
[R4]ipv6 route-static 2002:: 64 2003::1
GE 1/0/0
R2 2001::2/64 GE 0/0/0
GE 0/0/1 2001::1/64 6. Configure an aggregated static route on R1.
R1
2003::1/64
GE 0/0/0 [R1]ipv6 route-static 2002:: 15 2001::2
SLAAC
R4
IPv6 network
• Configuration Requirements 7. Configure a default route on R3.
▫ Connect R1 and R2 through interfaces with static IPv6
addresses. [R3]ipv6 route-static :: 0 2002::1
▫ Configure R2 as a DHCPv6 server to assign a GUA to
GE 0/0/0 of R3.
▫ Enable R2 to send RA messages, and configure GE
0/0/0 of R4 to automatically perform SLAAC based on
the RA messages sent by R2.
▫ Configure static routes to implement mutual access
between the devices.

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What is the most abbreviated form of the IPv6 address
2001:0DB8:0000:0000:032A:0000:0000:2D70?

2. What is the process of SLAAC for IPv6 hosts?

LLA ----FE08
ULA-----FD01
GUA----2001
MULTICAST----FF01
LOOPBACK-----::1
SOLICITIATED----FF02

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary

Comparison IPv6 IPv4

Address length 128 bits 32 bits

A fixed 40-byte basic packet A basic header containing the Options field to
Packet format
header+variable-length extension headers support extended features

Address type Unicast, multicast, and anycast Unicast, multicast, and broadcast

Address
Static, DHCP, and SLAAC Static and DHCP
configuration

DAD ICMPv6 Gratuitous ARP

Address
ICMPv6 ARP
resolution

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 The open ecosystem of the computing industry brings booming development of multiple
fields, such as Commercial Off-the-Shelf (COTS), operating system, virtualization,
middleware, cloud computing, and software applications. The network industry is also
seeking transformation and development. Software Defined Networking (SDN) and
Network Functions Virtualization (NFV) are mainly used.
 This course aims to help engineers understand the development of SDN and NFV and
introduce Huawei SDN and NFV solutions.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 Upon completion of this course, you will be able to:
▫ Describe the development of SDN and NFV.

▫ Understand basic principles of OpenFlow.

▫ Understand Huawei SDN solution.

▫ Understand the standard NFV architecture.

▫ Understand Huawei NFV solution.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. SDN Overview

2. NFV Overview

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Evolution of the Computer Era
Mainframe PC (compatible)

App

Open interface
Dedicated application

Windows Mac
or Linux or
Dedicated OS (OS) OS

Dedicated hardware Open interface

Microprocessorr

Vertical integration and closed interfaces Horizontal integration and open interfaces
Small-scale industry applications Large-scale application across industries

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Industry Development: Implications
from the IT Industry
 The transformation of the IT industry has triggered the thinking of the network industry. The industry has proposed the
SDN concept and has made attempts to put SDN into commercial use, aiming to make networks more open, flexible,
and simple.
Computing Industry Openness Promotes Ecosystem Development What About Network Industry Changes

Cloud service Comprehensive

ECS EVS cloud services
Database
Various virtualization
Middleware technologies, …

operating systems,
OS middleware, database
FusionSphere Network application
software, etc.
Virtualization …

SDN controller
Server, storage Storage array PC …
device, PC x86/ARM server Hardware network device
…

Universal • Does the network industry build a

hardware Memory Hard disk … hierarchical and open ecosystem
x86/ARM chip according to the computing industry?

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Current Situation of the Network Industry:
Typical IP Network - Distributed Network
 The typical IP network is a distributed network with peer-to-peer control. Each network device has independent
forwarding, control, and management planes. The control plane of a network device exchanges packets of a routing
protocol to generate an independent data plane to guide packet forwarding.
 The advantage of a typical IP network is that network devices are
Management
decoupled from protocols, devices from different vendors are compatible Control plane
plane

with each other, and network convergence is ensured in fault scenarios. Forwarding plane

Router-A

Forwarding table, protocol,

and algorithm

Management plane

Configuration commands
Control plane

Unknown Forwarding Management Management

Control plane Control plane
data frame behavior plane plane

Data forwarding Forwarding plane Forwarding plane

Forwarding plane Router-B Router-C

Receive frames
Send frames

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thinking in the Network Field: Problems
Faced by Typical Networks

Frequent network congestion Complex network technologies

?
Difficult O&M Slow service deployment

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Frequent Network Complex Slow Service
Difficult O&M
Congestion Technologies Deployment

Frequent Network Congestion

Problem and Solution of Bandwidth-based Route Problem and Solution of Tunnel Establishment Based on Fixed
Selection Sequence
Tunnels are established in sequence: 1. A-E; 2. A-G; 3. C-H. Tunnel 3 fails
A B to be established due to insufficient bandwidth.
1G/5G 2 3
B C D
2G/10G

C A F G H E
6G/5G 1
Used bandwidth/Total D E
bandwidth
Global path calculation and optimal tunnel path adjustment:

The network computes forwarding paths based on

2
bandwidth. The link from router C to router D is the shortest B C D
forwarding path. The volume of service traffic from router C
to router D exceeds the bandwidth, causing packet loss. 3
Although other links are idle, the algorithm still selects the
A 1 F G H E
shortest path for forwarding. The optimal traffic forwarding
path is C-A-D.

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Frequent Network Complex Slow Service
Difficult O&M
Congestion Technologies Deployment

Complex Network Technologies

Many network protocols: Network technology Difficult network configuration: To be familiar with
experts need to learn many RFCs related to network devices of a specific vendor, you need to master
devices. Understanding the RFCs takes a long time, tens of thousands of commands. Additionally, the
and the number of RFCs is still increasing. number of commands is still increasing.

RFC increase trends

242
212 205 185
152
129 124 150
79

2005 2006 2007 2008 2009 2010 2011 2012 2013

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Frequent Network Complex Difficult Slow Service
Congestion Technologies O&M Deployment

Difficulty in Locating and Analyzing Network

Faults
Difficult to Spot Faults Difficult to Locate Faults

Manual packet Abnormal flows account for 3.65% of all flows on the network.
Manual fault
obtaining for locating Manual fault diagnosis
identification
faults

The network faults

that are found
upon user
complaints are
just the tip of the
iceberg.

• Traditional O&M networks rely on manual fault • Traditional O&M only monitors device indicators. Some
identification, location, and diagnosis. indicators are normal, but user experience is poor. There is no
• More than 85% of network faults are found only after correlated analysis of users and networks.
service complaints. Problems cannot be proactively • According to data center network (DCN) statistics, it takes 76
identified or analyzed. minutes to locate a fault on average.

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Frequent Network Complex Slow Service
Difficult O&M
Congestion Technologies Deployment

Slow Network Service Deployment

Network policy
Complex and inflexible network policy changes:
Network policies cannot be defined by user. Policy changes
are complex and cannot be flexibly adjusted.
Access Bandwidth QoS Other
…
policy policy policy policies
IP address-based, fixed location,
and CLI-based configuration

Service network
Long service deployment period:
New service deployment involves E2E device configuration
VN for office VN for scientific VN for video modification.
purposes research surveillance
End-to-end configuration using
commands

Physical network
Low physical network deployment efficiency:
The physical network does not support zero touch
provisioning (ZTP).

Command line-based
configuration by device

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SDN Origin
 SDN was developed by the Clean Slate Program at Stanford University as an innovative new network architecture. The
core of SDN is to separate the control plane from the data plane of network devices to implement centralized control of
the network control plane and provide good support for network application innovation.

 SDN has three characteristics in initial phase: forwarding-control separation, centralized control, and open
programmable interfaces.

SDN application

The control plane functions are

provided by the controller.
Control
OpenFlow controller
plane
Control
plane OpenFlow
OpenFlow interconnection
Forwarding
plane
Forwarding
plane
OpenFlow switches
OpenFlow switches have only the data plane.

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Basic Concepts of OpenFlow
 OpenFlow is an SBI protocol between a controller and a switch. It defines three types of messages:
Controller-to-Switch, Asynchronous, and Symmetric. Each message contains more subtypes.
Controller-to-Switch
OpenFlow Controller
This message is sent by the controller. It is used to manage
and query switch information.

Asynchronous

OpenFlow This message is initiated by a switch. When the status of the

switch changes, the switch sends this message to notify the
controller of the status change.

Symmetric
This message can be initiated by a switch or controller.
Symmetric messages include Hello, Echo, and Error
OpenFlow switches messages.

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Flow Table Overview
 OpenFlow switches forward packets based on flow tables.
 Each flow entry includes the Match Fields, Priority, Counters, Instructions, Timeouts, Cookie, and Flags.
The Match Fields and Instructions are key fields for packet forwarding.
▫ The Match Fields is a field against which a packet is matched and can be customized.

▫ The Instructions field indicates OpenFlow processing when a packet matches a flow entry.

Match
Priority Counters Instructions Timeouts Cookie Flags
Fields

Flow table fields can be customized. The

following table is an example.
Ingress Ether Ether Ether VLAN TCP TCP
VLAN ID IP Src IP Dst
Port Source Dst Type Priority Src Port Dst Port
3 MAC1 MAC2 0x8100 10 7 IP1 IP2 5321 8080

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Comparison Between Forwarding Modes
Typical Routing Protocol: OpenFlow:
Packet Forwarding Based on Routing Tables Packet Forwarding Based on Flow Tables
OpenFlow controller
Routing protocol
10.0.0.0/30 10.0.0.0/30
1.1.1.1 1.1.1.2

G0/0/1
Flow table
matching
process:
Table 0 Table 1 … Table N
Routing Destination Outbound
Protocol Next Hop
table Network Interface
Flow Match
Priority Counters Instructions Timeouts Cookie
10.0.0.0/30 OSPF 1.1.1.2 G0/0/1 table Fields

• In typical cases, network devices query routing tables to guide • OpenFlow is a network protocol. Switches running OpenFlow
traffic forwarding. forward traffic based on flow tables.
• Entries in a routing table are calculated by running a routing • Flow tables are calculated by the OpenFlow controller and then
protocol between network devices. delivered to switches.
• The length of the routing table is fixed. Network devices • A flow table has variable length and defines various matching and
forward packets based on the longest match rule. A network forwarding rules. A network device has multiple flow tables.
device has only one routing table.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Essential Requirements of SDN
 The essence of SDN is to make networks more open, flexible, and simple. It builds a centralized brain for a
network and implements fast service deployment, traffic optimization, or network service openness through
centralized control in the global view.
 SDN has the following benefits:
▫ Provides centralized management, simplifying network management and O&M.

▫ Shields technical differences, simplifies network configuration, and reduces O&M costs.

▫ Offers automatic optimization, improving network utilization.

▫ Deploys services rapidly, shortening the service rollout time.

▫ Builds an open network, supporting open and programmable third-party applications.

SDN transforms network architecture.

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 SDN Network Architecture
 The SDN network architecture consists of the orchestration application layer, controller layer, and device layer. Different
layers are connected through open interfaces. From the perspective of the controller layer, SBIs oriented to the device
layer and NBIs oriented to the orchestration application layer are distinguished. OpenFlow is one of SBI protocols.

Orchestration application layer Service

App collaboration

NBI

Service
Controller layer
orchestration

SBI

Device layer Data

forwarding

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei SDN Network Architecture
 Huawei SDN network architecture supports various SBIs and NBIs, including OpenFlow, OVSDB, NETCONF, PCEP,
RESTful, SNMP, BGP, JSON-RPC, and RESTCONF interfaces.

Network Cloud
EMS Orchestration Apps
Applications platform

NBI plane RESTful SNMP MTOSI/CORBA Kafka/SFTP RESTCONF

Open NBI

Open SBI
PCEP NETCONF OpenFlow BGP-LS OVSDB SNMP BGP Json-RPC
Telemetry
Interface Interface Interface Interface Interface Interface Interface Interface

Forwarding Security
AP Switch CPE Router VNF
device gateway

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei SDN Solution - Integrating Management, Control,
and Analysis to Build an Intent-Driven Network

Application Cloud Self-help Mobile Third-party …

layer platform portal app app

Network
management
and control Manager Controller Analyzer
layer

AP AP
DC Fabric

Campus Campus
CPE CPE

Network layer WAN/DCI WAN/DCI

DC Fabric

Branch SD-WAN
CPE Branch
CPE

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to iMaster NCE
 Huawei iMaster NCE is the industry intelligent network automation platform that integrates management,
control, analysis, and AI capabilities.
SDN-based automatic service Unified data base Full lifecycle management
configuration/deployment Detection, location, and Simulation verification and
AI-based intelligent analysis, prediction, troubleshooting monitoring optimization
and troubleshooting
Planning + Construction +
Automation + Intelligence Manager + Controller + Analyzer
Maintenance + Optimization

2 3 4

Autonomous Driving
NMS Controller Analyzer Network System

Network =

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 iMaster NCE Application

DC iMaster NCE-Fabric *

Enterprise
iMaster NCE-Campus *
campus

SD-WAN iMaster NCE-WAN

IP WAN iMaster NCE-IP

WAN
iMaster NCE-T
transmission

* iMaster NCE-Fabric and iMaster NCE-

Campus are introduced in this document.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

Huawei CloudFabric DCN Autonomous

Driving Network Solution
 Based on iMaster NCE-Fabric, DCNs provide full-lifecycle services from planning, construction, O&M, to optimization.

Service Intent/Strategy
Integrated planning and construction:
• The planning tool interconnects with iMaster NCE-Fabric to implement
Simplification elements
integrated planning and construction.
• Zero Touch Provisioning (ZTP)

Analyzer
Simplified deployment
• Service intent self-understanding and conversion
+AI • Network change simulation and evaluation, eliminating human errors
Controller Manager

Intelligent O&M:
• Rapid fault detection and location based on knowledge graph and expert
experience
Telemetry & ERSPAN • Fast fault rectification based on expert experiences and simulation analysis
NETCONF & SNMP
Real-time optimization:
• AI-Fabric-oriented local traffic inference and online model training and
optimization
VM VM VM
VM VM VM
• User behavior prediction and resource optimization suggestions
VM VM VM

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

Simplified ZTP Deployment

Network administrator ZTP deployment process:

1. The network administrator clicks the icon on iMaster NCE to start
1
the ZTP task.
2. A device automatically obtains an IP address to access iMaster
5
NCE.
3. iMaster NCE determines the device role (spine or leaf node),
2 3 4 delivers configurations such as the management IP address, SNMP
configuration, and NETCONF configuration to online devices, and
manages the devices through the management IP address.
Spine
4. iMaster NCE globally delivers interconnection configurations as well
as OSPF or BGP configurations.
VXLAN
5. The device goes online successfully, and the administrator views
network-wide information on iMaster NCE.
Leaf

Note: The DC uses the spine-leaf architecture.

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

Network Intent Self-understanding and Fast

Service Deployment
Network design Configuration delivery Service verification

2 to 3 days 10 minutes 1 to 2 days

iMaster NCE-Fabric
Verification result analysis

Intent conversion Network design Simulation verification Network configuration

Work order
Built-in model:
Intent model  ACL deployment 10 minutes
 Network provisioning

Huawei iMaster NCE-Fabric supports automatic and fast deployment of virtualization, cloud computing,
and container networks.
Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

Network Change Simulation and Change

Risk Prediction

Configuration to be
Resource
changed
sufficiency
Live network
configuration Access
connectivity
Live network topology
information
Network Formal verification Impact on original
Live network resource services
modeling algorithm
information

Data collection/upload Modeling and Computing Verification result

• Establish physical, logical, and • Check whether resources on the live network
application network models. are sufficient and whether the network is
• Use the formal verification algorithm connected.
for computing. • Analyze and display the impact of changes
on original services.

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

AI-powered Intelligent O&M for DCNs

Collection Analysis Decision

Intelligent analysis engine

Knowledge BGP OSPF
flapping Interface
flapping
Huawei's 30+ years inference engine flapping

of O&M IS-IS
expert experience Router ID
flapping BFD
flapping
Manual
conflict
rectification
Exception
detection Intent-based
Continuous learning
and training Root cause loop closing
based on real site analysis
Knowledge Knowledge Knowledge Knowledge
faults
Risk prediction
Recommended
Model application emergency plan:
DC holographic data • Port isolation
Service flow
Data cleaning
AI exception Network object • Configuration rollback
data/Telemetry data identification modeling • Capacity expansion
recommendation

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

Huawei CloudCampus Autonomous Driving

Network Solution
Fast network deployment, improving deployment efficiency by 600%
Analyzer One-stop management
platform • Device plug-and-play: simplified device deployment, scenario navigation, and
template-based configuration
Manager Controller
• Simplified network deployment: Network resource pooling, multi-purpose
network, and automatic service provisioning
Design Deployment Policy

Fast service provisioning, improving user experience by 100%

• Free mobility: GUI-based policy configuration, allowing users to access the

NETCONF/YANG network anytime and anywhere without changing the roaming permission and
Large- or medium- Small- or medium- user experience
sized campus Campus sized campus • Intelligent terminal identification: Anti-spoofing for terminal access, with an
interconnection intelligent terminal identification accuracy of over 95%
• Intelligent HQoS: Application-based scheduling and shaping, and refined
VN for office purposes bandwidth management, ensuring service experience of key users
WAN/
Internet Fast intelligent O&M, improving network performance by over 50%
VN for R&D

• Real-time experience visualization: Telemetry-based network experience

visualization at each moment, for each user, and in each area
• Precise fault analysis: Proactively identifying 85% of typical network issues and
VN for office Security Security Security providing suggestions, and comparing and analyzing real-time data to predict
services group 1 group 2 group 3 • Access control policy faults
• Bandwidth • Intelligent network optimization: Predictive optimization of wireless networks
VN for R&D based on historical data, improving network-wide performance by over 50%
Security Security • Priority (Source: Tolly Certification)
services group 4 group 5

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

Device Plug-and-Play
Deployment Through the Registration
Deployment by Scanning Bar Codes DHCP-based Deployment
Query Center

1 1 1 2
Registration
query center

4 4 3 5
3 4

DHCP server
3

2 2

1. Pre-configuration
1. Pre-configuration
1. Pre-configuration 2. Information synchronization
2. Obtaining registration information through the
2. Deployment by scanning bar codes 3. Obtaining registration information through the
DHCP server
3. Automatic device registration and login registration query center
3. Automatic device registration and login
4. Automatic configuration delivery 4. Automatic device registration and login
4. Automatic configuration delivery
5. Automatic configuration delivery

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

Free Mobility:
Policy Management Based on Security Groups
 Free mobility: Enables users to have consistent network rights and security policies regardless of their
locations and IP addresses.
Security group
1 Use security groups. A security group is
Security group Security group
for server a group of users for which the same
for sales users for R&D users
resources security policy is used.

2 Define security group-based permission

Right policy Experience policy
control policies and user experience policies
Deliver security policies
and deliver the policies to network devices.

3 A security group is authorized to a user after

the user passes access authentication.
Campus
network After user traffic enters a network, network
4
devices enforce policies based on the source
and destination security groups of the traffic.
Access authentication Access authentication Access authentication

User A User B User C

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
Campus

Wired and Wireless Convergence

WLAN Construction Mode 1: Standalone AC WLAN Construction Mode 2: AC Card
• This mode poses a wireless
traffic bottleneck and
increases faulty nodes. AC Card

Independent AC • Wired and wireless • An AC card is installed on a

management is independent. switch to provide AC functions.

• Wired and wireless • Hardware-level convergence.

authentication points are
separated.

Wired and wireless authentication point separation, distributed policy control, separation of control and data traffic forwarding, and troubleshooting and
management difficulties.

Wired and Wireless Convergence (Native AC)

The switch integrates the AC function, eliminating wireless traffic forwarding bottlenecks and reducing fault
Native AC nodes. Wired and wireless devices are centrally managed.
• Unified management and converged forwarding of wired and wireless services
• Converged management for wired and wireless users and gateway convergence
• Converged authentication points for wired and wireless access
• Unified wired and wireless policy execution

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
campus

Intelligent Terminal Identification,

Ensuring Secure Access
Requirements
and Challenges Huawei supports identification of
1000+ office or IoT terminals.
A university
Built-in terminal
50+ types of smart terminals fingerprint library

Terminal information is
collected by IT
departments of colleges: >>
MAC address collection is
difficult and error-prone.

An enterprise >>
100+ authentication faults
reported per day Terminal-type-based Terminal-type-based Terminal-type-based

It is difficult to locate Automatic authentication Automatic authorization Spoofing detection

Printer Camera IP phone and PC
access spoofing. • MAC address authentication, without • Is automatically added to the • Report a terminal spoofing alarm.
entering any MAC address video surveillance group.
• Is configured as the VIP user.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
campus

HQoS: User- and Application-based QoS Policy

User- and application-based QoS policies ensure experience of high-priority users and applications
Requirements and
Challenges 1

Traditional QoS 1. Define VIP users and

common users, and
policies are invalid
application priorities.
for video services. 3 2. Schedule users and
application queues based on
priorities of users and
(Example) Building >> 2 applications.
surveillance scenario: 3. Support native AC or
Wireless video services independent AC deployment.
of common users
increase, occupying a
large number of network
resources and causing
network congestion.
VIP Common
users Video
users
Camera
surveillance Mobile phone and tablet

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
campus

AI-Powered Intelligent O&M of Campus Networks

As-Is: Device-Centered Network Management To-Be: User Experience-Centered AI-Powered Intelligent O&M

Intelligent network analyzer

NMS • Visualized user experience
Traditional • Topology management management
NMS • Performance • User journey playback
management Telemetry • Potential fault identification
SNMP • Alarm management Second-level network • Root cause identification
Minute-level network • Predictive network optimization
• Configuration data collection
data collection management

Experience visualization: Telemetry-based second-level data collection, visualized

experience of each user and each application in real time
• Device-centric O&M method: User experience cannot be Minute-level potential fault identification and root cause location
detected. • Identify potential faults based on dynamic baselines and big data correlation
• Fault-triggered responses: Potential faults cannot be analysis.
• Accurately locate root causes of faults through KPI association analysis and protocol
identified.
tracing.
• Rely on professional engineers to locate faults onsite.
Predictive network optimization: AI is used to intelligently analyze the AP load
trend and implement predictive optimization on the wireless network.

The efficiency is improved by using algorithms. With scenario-based continuous learning and expert experience, intelligent O&M frees O&M
personnel from complex alarms and noises, making O&M more automated and intelligent.

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Enterprise
DC
campus

AI-Powered Intelligent Radio Calibration

Traditional radio calibration
Tested and verified by
cannot achieve AI-powered authoritative organizations
expected results intelligent radio
Phase 1: Manual Calibration calibration Average downlink rate per terminal:
Based on engineers' experience, the
calibration is time-consuming and 198 Mbit/s
58%
error-prone, and the calibration result 125 Mbit/s
is unstable.

Radio calibration Real-time and historical

simulation data collection
Before radio After AI-powered
>> calibration smart radio
calibration
Smart radio
Calibration calibration and Counter
Phase 2: Automatic Calibration closed-loop Average Wi-Fi channel interference
Calibration based on real-time radio
interference does not consider device 5.5%
Single-user performance
load changes, and the calibration 49%
bandwidth selection

result cannot be ensured. Number of users 2.8%

Objects
Power adjustment
Optimal channel

Frequency
selection

Channel usage
Time
Signal interference ratio
Channel/Frequency Before radio After AI-powered
bandwidth/Power calibration smart radio
calibration

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. SDN Overview

2. NFV Overview

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NFV Background: Thinking from IT Industry
Transformation
 The IT industry transformation brings thinking on network architecture and device architecture in the
network industry. The network architecture layer involves the SDN controller and the device architecture
layer involves the device deployment mode.
IT Industry Transformation
• In recent years, IT technologies such as virtualization and
Network?
cloud computing have been booming, and applications
deployed on hardware have been gradually migrated to
the cloud. Applications are deployed on private clouds,
public clouds, or hybrid clouds as software.
• Thinking about the network industry: Can network
App App
applications be deployed in a software-based manner?
OS OS • In the context, Network Functions Virtualization (NFV)
App
is introduced.
Virtualization/ VM VM
Cloudification
OS

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Origin of NFV
 In October 2012, 13 top carriers (including AT&T, Verizon, VDF, DT, T-Mobile, BT, and Telefonica) released
the first version of NFV White Paper at the SDN and OpenFlow World Congress. In addition, the Industry
Specification Group (ISG) was founded to promote the definition of network virtualization requirements and
the formulation of the system architecture.
 In 2013, the ETSI NFV ISG conducted the first phase of research and completed the formulation of related
standards. The ETSI NFV ISG defined NFV requirements and architecture and sorts out the
standardization processes of different interfaces.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NFV Value
 NFV aims to address issues such as complex deployment and O&M and service innovation
difficulties due to large numbers of telecom network hardware devices. NFV brings the following
benefits to carriers while reconstructing telecom networks:
▫ Shortened service rollout time

▫ Reduced network construction cost

▫ Improved network O&M efficiency

▫ Open ecosystem

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Key NFV Technologies: Virtualization
 Virtualization is the foundation of NFV, and cloudification is the key.

 On traditional telecom networks, each NE is implemented by dedicated hardware, resulting in high costs and difficult
O&M. Virtualization features partition, isolation, encapsulation, and independence from hardware, which can meet NFV
requirements. Carriers use virtualization to run software-based NEs on universal infrastructures.
Partition Isolation

Multiple VMs can concurrently run on VMs that run on the same server are
a single physical server. isolated from each other.

Encapsulation Hardware independence

All data of a VM is saved in files. A VM VMs can run on any servers without any
can be moved and replicated by moving modifications.
and replicating the files.

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Key NFV Technology: Cloudification
 As defined by the National Institute of Standards and Technology (NIST), cloud computing is a model that allows users
to obtain resources (for example, networks, servers, storage devices, applications, services) in a shared compute
resource pool based on their needs anytime, anywhere. This model enables fast resource provisioning and release, and
minimizes the resource management workload and interactions with service providers.

 Cloud computing has many advantages. Cloudification of network functions on carriers' networks mainly uses resource
pooling and rapid elastic scaling.
Characteristics of Cloud Computing
1 On-demand self-service 2 Broad network access 3 Resource pooling 4 Rapid elasticity 5 Measured service

Buy

Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to the NFV Architecture
 The NFV architecture includes the network functions virtualization infrastructure (NFVI), a virtualized network function
(VNF), and management and orchestration (MANO). In addition, the NFV architecture needs to support the existing
business support system (BSS) or operations support system (OSS).

OSS/BSS: is an existing operation/O&M support

system.

MANO:
VNF: uses cloud resources to construct software NEs. Provides functions
such as service
orchestration, service
management, and
resource management.
NFVI: provides cloud-based resource pools.

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Standard NFV Architecture
 ETSI defines the standard NFV architecture, which consists of the NFVI, VNF, and MANO. The NFVI includes the
universal hardware layer and virtualization layer. The VNF is implemented using software, and the MANO implements
management and orchestration of an NFV architecture. NFV Management and Orchestration

MANO
Os-Ma
OSS/BSS NFV
Orchestrator

VNF Or-Vnfm
EM 1 EM 2 EM 3 Ve-Vnfm Service, VNF, and
VNF Infrastructure
VNF 1 VNF 2 VNF 3 Manager(s)
Description
Vn-Nf
NFVI Vi-Vnfm
Virtualization Layer
Virtual Virtual Virtual Nf-Vi Virtualized
Computing Network Or-Vi
Storage Infrastructure
Vi-Ha Manager(s)
Hardware
Computing Storage Network

Execution reference point Other reference point Main NFV reference points

Page 42 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Functional Modules of the NFV Architecture
 Main functional modules defined in the standard NFV architecture:

OSS or Management system for a service provider. It is not a functional component in the NFV architecture, but the MANO must
BSS provide an interface for interoperation with the OSS or BSS.

MANO NFV management and orchestration. The MANO includes the VIM, VNFM, and NFVO, and provides unified management and
orchestration for VNFs and the NFVI.
• VIM: NFVI management module that runs on an infrastructure site. The VIM provides functions such as resource discovery,
virtual resource management and allocation, and fault handling.
• VNFM: It controls the VNF lifecycle (including instantiation, configuration, and shutdown).
• NFVO: It orchestrates and manages all the software resources and network services on an NFV network.

VNF VNFs refer to VMs as well as service NEs and network function software deployed on the VMs.

NFVI NFV infrastructure, including required hardware and software. The NFVI provides a running environment for VNFs.
• Hardware layer: includes hardware devices that provide compute, network, and storage resources.
• Virtualization layer: abstracts hardware resources to form virtual resources, such as virtual compute, storage, and
network resources. The virtualization function is implemented by Hypervisor[1].

Page 43 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 NFV Architecture Interfaces
 Main interfaces of the standard NFV architecture:
Interface Description
Is used between the virtualization layer and hardware layer. The virtualization layer meets basic hardware compatibility
Vi-Ha requirements.
Is used between a VM and the NFVI. It ensures that VMs can be deployed on the NFVI to meet performance, reliability, and
Vn-Nf scalability requirements. The NFVI meets VMs' OS compatibility requirements.

Is used between the virtualization layer management software and NFVI. It provides management of virtual computing, storage,
Nf-Vi and network systems of NFVI, virtual infrastructure configuration and connections, as well as system usage, performance
monitoring, and fault management.

Is used between the VNFM and a VNF, implementing VNF lifecycle management, VNF configuration, VNF performance, and fault
Ve-Vnfm management.

OS-Ma Manages lifecycles of network services and VNFs.

Is used for interaction between the service application management system or service orchestration system and virtualization layer
Vi-Vnfm management software.
Sends configuration information to the VNFM, configures the VNFM, and connects the orchestrator and VNFM. It exchanges
Or-Vnfm information with the NFVI resources allocated to VNFs and information between VNFs.

Is used to send resource reservation and resource allocation requests required by the orchestrator and exchange virtual hardware
Or-Vi resource configurations and status information.

Page 44 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Huawei's NFV Solution
 In the Huawei NFV architecture, functions of the virtualization layer and VIM are implemented by the HUAWEI CLOUD
Stack NFVI platform. HUAWEI CLOUD Stack can virtualize compute, storage, and network resources and centrally
manage, monitor, and optimize physical virtualization resources.

 Huawei provides cloud-based solutions for carriers' wireless networks, bearer networks, transport networks, access
networks, and core networks.
VNF MANO
Cloud CloudOpera
CloudBB CloudEdge CloudCore 5G Core
DSL/OLT NFVO

VNFM
NFVI
HUAWEI CLOUD Stack
FusionSphere
FusionCompute FusionStorage FusionNetwork OpenStack + OM

Hardware
Computing Storage Network

Page 45 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 FAQ
 Q1: What is the relationship between SDN and NFV in the industry?
 A: Both SDN and NFV involve network transformation and the NFV concept was proposed at the
SDN and OpenFlow World Congress. However, they are independent of each other. SDN mainly
affects the network architecture, and NFV mainly affects the NE deployment mode.

 Q2: What is the relationship between SDN and NFV in Huawei solutions?
 A: Huawei provides different solutions for SDN and NFV, but they are associated. Huawei NFVI
solution is provided by HUAWEI CLOUD Stack.

Page 46 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. (Multiple) Which of the following statements about Huawei SDN solution are true? ( )
A. The solution supports various SBI protocols, such as RESTful, NETCONF, and OVSDB.

B. OpenFlow can be used as the SBI protocol.

C. The solution integrates management, control, and analysis to build a simplified network.

D. The solution provides open and programmable network interfaces to support third-party application
development and system interconnection.

2. Please briefly describe the benefits of NFV.

Page 47 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 With the transformation and development of the network industry, SDN and NFV are
proposed.

 SDN is an innovation of network architecture. It uses a controller to make networks

more open, flexible, and simple.

 NFV is an innovation in the deployment of telecom network devices. Based on

virtualization and cloud computing, NFV helps reconstruct telecom networks.

Page 48 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
 For more information about OpenFlow, visit https://www.opennetworking.org/ .

 For more information about Huawei SDN solution, see the HCIP course.

Page 49 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 50 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
 New protocols, technologies, and delivery and O&M modes are emerging in the
network engineering field. Conventional networks face challenges from new connection
requirements, such as requirements for cloud computing and artificial intelligence (AI).
Enterprises are also pursuing service agility, flexibility, and elasticity. Against this
backdrop, network automation becomes increasingly important.
 Network programmability and automation is to simplify network configuration,
management, monitoring, and operations for engineers and improve deployment and
O&M efficiency. This course is to help network engineers understand Python
programming and implement network automation.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 On completion of this course, you will be able to:
▫ Describe the difficulties of conventional network O&M.

▫ Understand the implementation of network automation.

▫ Understand the classification of programming languages.

▫ Describe the Python code style.

▫ Describe the basic usage of Python telnetlib.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction to Network Programmability and Automation

2. Overview of Programming Language and Python

3. Cases

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Background: Difficulties in Conventional Network O&M
 Conventional network O&M requires network engineers to manually log in to network devices, query and execute
configuration commands, and filter command output. This highly human-dependent working mode is time-consuming,
inefficient, and difficult to audit.
Typical O&M Scenarios

Numerous devices Are the following working scenes familiar to you?

Complex operations 1. Device upgrade: Thousands of network devices reside on a live network.
Low efficiency You have to periodically upgrade the devices in batches.
2. Configuration audit: An enterprise needs to audit the configuration of devices
every year. For example, the enterprise requires that STelnet be enabled on
all devices and spanning tree security be configured on Ethernet switches. In
this case, you have to quickly find out the devices that do not meet the
requirements.
3. Configuration change: Due to network security requirements, device
accounts and passwords need to be changed every three months. You have
to delete the original account and create an account on thousands of
network devices.

Network device

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Network Automation
 Network automation: Tools are used to implement automated network deployment, operations, and O&M, gradually
reducing dependency on human. This solves the conventional network O&M problems.

 Many open-source tools, such as Ansible, SaltStack, Puppet, and Chef, are available for network automation in the
industry. From the perspective of network engineering capability construction, it is recommended that engineers acquire
the code programming capability.

Keywords of network
Chef automation SaltStack

NMS
tool
Ansible Python Automated
scripts
Shell

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Programming-based Network Automation
 In recent years, with the emergence of network automation technologies, Python-based programming
capabilities have become a new skill requirement for network engineers.
 Automation script written in Python can execute repeated, time-consuming, and rule-based operations.
Example: Implementing automated device configuration
Python file using Python

Configuration File • What can network automation do? The most intuitive example of
network automation is automated device configuration. This
Sysname SW1 SSH/Telnet
process can be divided into two steps: writing a configuration
Vlan 10
description A file, and writing Python code to push the configuration file to a
Vlan20 device.
description B Network • Write the configuration script in command line interface (CLI)
VLAN 30 device mode, and then upload the script to the device using
description C
Telnet/SSH. This method is easy to understand for network
engineers who are beginning to learn network programmability
and automation. This presentation describes how to implement
network automation.

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction to Network Programmability and Automation

2. Overview of Programming Language and Python

3. Cases

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Programming Languages
 A programming language is used to write a computer program and control behavior of a computer.

 According to whether compilation is required before execution of a language, the programming language may be
classified into the compiled language, and interpreted language that does not need to be compiled.

Compiled language Interpreted language

(Source code) (Source code)

Compiler
Interpreter: Interprets
source code line by line.
Executable file

Operating system (Windows/Linux/Mac OS)

CPU (x86/ARM architecture)

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Computing Technology Stack and Program
Execution Process
Computing Technology Stack Program Execution Process

Application
temp = v [k]; TEMP = V[K]
Algorithm High-level v[k] = v[k+1]; V[K] = V[K+1]
Increasing order of Complexity

programming v[k+1] = temp; V[K+1] = TEMP

Increasing order of Abstraction

Software
High-Level Language language C/C++ Fortran
compiler compiler
Assembly Language
lw $t0, 0($2)
lw $t1, 4($2)
Machine Code Assembly sw $t1, 0($2)
language sw $t0, 4($2)
Instruction Set Architecture
Assembler
Micro Architecture

Hardware
0000 1001 1100 0110 1010 1111 0101 1000
1010 1111 0101 1000 0000 1001 1100 0110
Gates/Registers Machine 1100 0110 1010 1111 0101 1000 0000 1001
code 0101 1000 0000 1001 1100 0110 1010 1111
Transistors
Instruction
Physics Instruction 1 Data 1
set

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 High-level Programming Language - Compiled
Language
 Compiled language: Before a program in a compiled language is executed, a compilation process is performed to
compile the program into a machine language file. The compilation result can be directly used without re-translation
during running. Typical compiled languages include C/C++ and Go.

 From source code to program: The source code needs to be translated into machine instructions by the compiler and
assembler, and then the linker uses the link library function to generate the machine language program. The machine
language must match the instruction set of the CPU, which is loaded to the memory by the loader during running and
executed by the CPU.

Assembly Object module: Executable code:

C/C++ source
Compiler language Assembler machine language Linker machine language Loader Memory
code
program module program

Target library: library

function (machine
language)

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 High-level Programming Language -
Interpreted Language
 Interpreted language: Interpreted language programs do not need to be compiled before running. They are translated
line by line when running. Typically, Java and Python are interpreted languages.

 Process from source code to programs: Source code of an interpreted language is generated by the compiler and then
interpreted and executed by a virtual machine (VM) (for example, JVM/PVM). The VM shields the differences between
CPU instruction sets. Therefore, portability of the interpreted language is relatively good.

Java language
Python program
program

Compiler Compiler

Class file Java library function Python library

.pyc file
(byte code) (machine language) functions (machine
(byte code)
language)

JVM PVM

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 What Is Python?
 Python is a fully-open-source high-level programming language. Its author is Guido Van Rossum.

Advantages of Python: Disadvantages of Python:

• Is a dynamically typed interpreted language with elegant syntax. It • Runs slow. Is an interpreted language
allows learners to focus on program logic rather than syntax detail that runs without being compiled. Code
learning. is translated line by line at run time into
• Supports both process- and object-oriented programming. machine code that the CPU can
• Provides abundant third-party libraries. understand, which is time-consuming.
• Is nicknamed the glue language because it can call code written in
other languages.

With support for abundant third-party libraries and advantages of the Python language, Python can be used
in many fields, such as AI, data science, apps, and scripts for automated O&M.

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Python Code Execution Process

Process of compiling and

running a Python program Operation

Python source code 1. Install Python and the running environment in an

operating system.

2. Compile Python source code.

Compiler
3. The compiler runs the Python source code and
generates a .pyc file (byte code).
.pyc file (byte code)
4. A Python VM converts the byte code into the
machine language.
Running of the Python
VM 5. Hardware executes the machine language.

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Getting Started with Python Code -
Interactive Running
 Python runs in either interactive or script mode.
 Interactive programming does not require script files to be created, and code is written in the interactive
mode of the Python interpreter.
C:\Users\Richard>python
Python 3.7.4 (default, Aug 9 2019, 18:34:13) [MSC v.1915 64 bit (AMD64)] ::
Anaconda, Inc. on win32
Type "help", "copyright", "credits" or "license" for more information.
1. Input -- >>> print ("hello world")
2. Output -- hello world
3. Input -- >>> a = 1
4. Input -- >>> b = 2
5. Input -- >>> print ( a + b )
6. Output -- 3
>>>

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Getting Started with Python Code -
Script-based Running
 Code in script mode can run on various Python compilers or in integrated development environments. For
example, IDLE, Atom, Visual Studio, Pycharm, and Anaconda provided by Python can be used.

demo.py

print ("hello world") 1. Input -- C:\Users\Richard>python demo.py

a=1 2. Output -- hello world
b=2 3. Output -- 3
print ( a + b )

1 Write a Python script file (.py). 2 Execute the script file.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Code Style Guide for Python
 Code style rules refer to naming rules, code indentation, and code and statement segmentation modes that must be
complied with when Python is used to write code. Good style rules help improve code readability and facilitate code
maintenance and modification.

 For example, the following rules for using semicolons, parentheses, blank lines, and spaces are recommended:

Semicolon Blank line

• A semicolon can be added at the end of a line in • Different functions or statement blocks can be
Python, but is not recommended to separate separated by spaces. A blank line helps differentiate
statements. two segments of code, improving code readability.
• It is recommended that each sentence be in a
separate line.

Parentheses Space
• Parentheses can be used for the continuation of • Spaces are not recommended in parentheses.
long statements. Avoid unnecessary parentheses. • You can determine whether to add spaces on both
ends of an operator.

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Code Style Guide for Python - Identifier Naming
• A Python identifier represents the name of a constant, variable, function, or another object.

• An identifier is usually composed of letters, digits, and underscores, but cannot start with a digit. Identifiers are case
sensitive and must be unique. If an identifier does not comply with the rules, the compiler will output a SyntaxError
message when running the code.

1. Assign a value -- User_ID = 10 print ( User_ID )

2. Assign a value -- user_id = 20 print ( user_id )
3. Assign a string -- User_Name = ‘Richard’ print ( User_Name )
4. Assign a value -- Count = 1 + 1 print ( Count )
5. Incorrect identifier -- 4_passwd = "Huawei" print ( 4_passwd )

print() is a built-in function of Python and is used to output content in parentheses.

Question: What is the output of the print command on the right?

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Code Style Guide for Python - Code Indentation
 In Python programs, code indentation represents the scope of a code block. If a code block contains two or
more statements, the statements must have the same indentation. For Python, code indentation is a syntax
rule that uses code indentation and colons to distinguish between layers of code.
 When writing code, you are advised to use four spaces for indentation. If incorrect indentation is used in
the program code, an IndentationError error message is displayed during code running.

if True:
Correct indentation -- print ("Hello")
else:
Correct indentation -- print (0)

a = “Python”
Incorrect indentation -- print (a)

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Code Style Guide for Python - Using Comments
 Comments are explanations added to programs to improve program readability. In the Python program,
comments are classified into single-line comments and multi-line comments.
 A single-line comment starts with a pound sign (#).
 A multi-line comment can contain multiple lines, which are enclosed in a pair of three quotation marks ('''...'''
or '''''' ...'''''').

Single-line comment -- # Assign a string to a.

a = “Python”
print (a)

“””
Multi-line comment -- The output is Python.
“””

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Code Style Guide for Python - Source Code File
Structure
 A complete Python source code file generally consists of interpreter and encoding format declaration,
document string, module import, and running code.
 If you need to call a class of a standard library or a third-party library in a program, use "import" or "from...
import" statement to import related modules. The import statement is always after the module comment or
document string (docstring) at the top of the file.
Interpreter declaration -- #!/usr/bin/env python
Encoding format declaration -- #-*- coding:utf-8 -*-

Module comment or document string -- Description of a document (docstring)

This document is intended for...

“””

Time when a module is imported -- import time

Code is running -- …

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Python Functions and Modules
 A function is a block of organized, reusable code that is used to perform a single, related action. It can improve the
modularity of the program and code utilization. The function is defined using the def keyword.

 A module is a saved Python file. Modules can contain definitions of functions, classes, and variables that can then be
utilized in other Python programs. The only difference between a module and a regular Python program is that the
module is used for importing by other programs. Therefore, a module usually does not have a main function.

demo.py test.py
def sit(): #Define a function. import demo #Import a module.
print ('A dog is now sitting’)
demo.sit() #Call a function.
sit() #Call a function.
Execution result:
Execution result:
A dog is now sitting.
A dog is now sitting. A dog is now sitting.

1 Write a Python file (.py). 2 Import a module.

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Python Classes and Methods
 A class is a collection of properties and methods that are the same. The class keyword is used to define a
class.
 The function of an instantiated class is called a method. When you define a method, a class must carry the
self keyword, which indicates the instance of the class.
demo.py

class Dog(): #Define a class. test.py

def sit(self): #Define a method.
print(“A dog is now sitting.") import demo

Richard = Dog() #The class is instantiated. demo.Dog.sit

print (type(Richard.sit)) #The function of an instantiated type is called a
method.
print (type(Dog.sit)) #The type is function.
Execution result:

Execution result: A dog is now sitting.

<class 'method'>
<class 'method'> <class 'function'>
<class 'function'>

1 Write a Python file (.py). 2 Import a module.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Introduction to telnetlib
 telnetlib is a module in the standard Python library. It provides the telnetlib.Telnet class for implementing the Telnet
function.

 Different methods in the telnetlib.Telnet class are called to implement different functions.

Import the Telnet class of the telnetlib module. -- from telnetlib import Telnet
Create a Telnet connection to a specified server. -- tn = Telnet(host=None, port=0[, timeout])
Invoke the read_all() method. -- tn.read_all()
…

Method Function
Read data until a given byte string, expected, is encountered or until timeout seconds have
Telnet.read_until (expected, timeout=None)
passed.
Telnet.read_all () Read all data until EOF as bytes; block until connection closed.
Read everything that can be without blocking in I/O (eager). Raise EOFError if connection closed
Telnet.read_very_eager() and no cooked data available. Return b'' if no cooked data available otherwise. Do not block unless
in the midst of an IAC sequence.

Telnet.write(buffer) Write a byte string to the socket, doubling any IAC characters.

Telnet.close() Close the connection.

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Introduction to Network Programmability and Automation

2. Overview of Programming Language and Python

3. Cases

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case: Logging In to a Device Using telnetlib
 Case description :

 A network device functions as a Telnet server, and the Python telnetlib needs to be used as a Telnet client to log in to the
device.
Verify the Telnet login Verify the
Configure Telnet. Write Python code.
procedure. result.

192.168.10.10 192.168.10.20

GE1/0/10
Telnet server Telnet client

 The implementation process is as follows :

 Configure the Telnet service.

 Manually verify and view the Telnet login procedure as a reference for code implementation.

 Compile and run Python code.

 Verify the result.

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case: Logging In to a Device Using telnetlib
Configure Telnet. Verify the Telnet login Verify the
Write Python code.
procedure. result.

192.168.10.10 192.168.10.20

GE1/0/10
Telnet server Telnet client

Configure the IP address of

interface on the device： Configure the Telnet service：

[Huawei] interface GE 1/0/0 [Huawei] user-interface vty 0 4

[Huawei -GE1/0/0] ip add 192.168.10.10 24 [Huawei-ui-vty0-4] authentication-mode password
[Huawei -GE1/0/0] quit [Huawei-ui-vty0-4] set authentication password simple Huawei@123
[Huawei-ui-vty0-4] protocol inbound telnet
[Huawei-ui-vty0-4] user privilege level 15
[Huawei-ui-vty0-4] quit
[Huawei] telnet server enable

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case: Logging In to a Device Using telnetlib
Configure Telnet. Verify the Telnet login procedure. Write Python code. Verify the result.

192.168.10.10 192.168.10.20

GE1/0/10
Telnet server Telnet client

Telnet login:

1 Run a login C:\Users\Richard>telnet 192.168.10.10

command.
Command output Login authentication

2 Enter a password. Password:

Command output
Info: The max number of VTY users is 5, and the number of current VTY users on line is 1.
The current login time is 2020-01-15 21:12:57.
<Huawei>

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case: Logging In to a Device Using telnetlib
Verify the Telnet login
Configure Telnet. Write Python code. Verify the result.
procedure.

192.168.10.10 192.168.10.20

GE1/0/10
Telnet server Telnet client

Imports the module. -- import telnetlib

Sets the IP address for a host. -- host = '192.168.10.10'
Sets the password for logging in to the device. -- password = 'Huawei@123'

Logs in to the host through Telnet. -- tn = telnetlib.Telnet(host)

Prints data until Password: is displayed. -- tn.read_until(b'Password:')
Sets an ASCII password and starts a new line. -- tn.write(password.encode('ascii') + b"\n")
Prints data until <Huawei> is displayed. -- print (tn.read_until(b'<Huawei>').decode('ascii’))
Closes the Telnet connection. -- tn.close()

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Case: Running Result Comparison
Verify the Telnet login
Configure Telnet. Write Python code. Verify the result.
procedure.

C:\Users\Richard>telnet 192.168.10.10
Login authentication
Manual Telnet login
result: Password:
Info: The max number of VTY users is 5, and the number of current VTY users on line is 1.
The current login time is 2020-01-15 21:12:57.
<Huawei>

#Run Python code in the compiler.

Python code execution Info: The max number of VTY users is 5, and the number
result: of current VTY users on line is 1.
The current login time is 2020-01-15 22:12:57.
<Huawei>

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. Python is a compiled language. ( )
A. True

B. False

2. How to create VLAN 10 using telnetlib?

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
 Network automation uses tools to implement automated network deployment,
operation, and O&M, gradually reducing dependency on people. You can use a
programming language or tool to implement the network automation.

 Python is a fully-open-source high-level programming language that is simple syntax

and is easy to learn. It has rich standard libraries and third-party libraries, which are
applicable to the network engineering field.

 The telnetlib module of Python provides the telnetlib.Telnet class for implementing the
Telnet function. It helps you enter the network programmability and automation world!

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 More Information
 For more information about Python, visit https://www.python.org/.

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Foreword
• A broad range of places, such as campuses, office spaces, and shopping malls, are
covered by networks. You can access internal resources of your school, access internal
printers of your company to print documents, or access the Internet to browse news
through the networks.

• These networks belong to campus networks and are generally constructed by

enterprises or organizations. Campus networks not only improve the operational
efficiency of enterprises, but also provide network access services for external users.

• This chapter describes the basic architecture of a campus network and details how to
build a campus network.

Page 0 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Objectives
 Upon completion of this course, you will be able to:
▫ Understand the definition of campus networks.

▫ Understand the typical networking architectures of campus networks.

▫ Master the planning and design methods of small campus networks.

▫ Master the deployment and implementation methods of small campus networks.

▫ Understand the small campus network O&M concepts.

▫ Understand the small campus network optimization concepts.

▫ Independently complete a campus network project.

Page 1 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Basic Concepts of Campus Networks

2. Typical Campus Network Construction Process

Page 2 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 What Is a Campus Network?
Outside a
campus Branch Other campuses Remote access user Private and public clouds

Internet/Wide area network (WAN)

Inside a Demilitarized zone Campus egress layer

campus (DMZ)
Core layer
Data center Network
Aggregation layer
security
Network Access layer
management Terminal layer

Typical
scenario
Office building Campus Factory Government Enterprise Bank

A campus network is a local area network (LAN) that connects people and things in a specified area. Typically, a campus
network has only one management entity. If there are multiple management entries in an area, the area is considered to have
multiple campus networks.

Page 3 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Campus Network Architecture
Internet WAN Branch campus
Anti-DDoS
Network management zone

Egress zone
Traveling
Firewall
employees
AC IPS

eLog Core layer

Data center

Aggregation
layer

Access • Typically, a campus network is designed in a

layer hierarchical and modular manner.
• Campus networks can be classified into small,
midsize, and large campus networks based on the
number of terminals or NEs.

Page 4 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Architecture of Small Campus Networks

Internet
• Small campus networks are typically deployed in
scenarios where the number of access users is
small (several or dozens of users). A small campus
network can cover only one location, has a simple
architecture, and is constructed to enable mutual
access between internal resources.
• Characteristics of small campus networks:
Fat AP
▫ Small number of users Number of
< 200
terminals
▫ Only one location
Host Number of NEs < 25
▫ Simple network architecture
Network topology of a chain cafe
▫ Simple network requirements

Page 5 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Architecture of Midsize Campus Networks
Internet
• A midsize campus network supports access of
hundreds to thousands of users.

• The modular design is introduced to midsize

Egress layer
campus networks, that is, the networks can be
partitioned by function. However, the number of
Core layer function modules is small. In most cases, a midsize
campus network is flexibly partitioned based on
service requirements.
Aggregation layer • Characteristics of midsize campus networks:
AC
▫ Midsize network scale Number of 200 to
terminals 2000
Access layer ▫ Most commonly used
Number of
AP 25 to 100
▫ Function partition NEs
▫ Typical three-layer network architecture: core,
Network topology of a foreign trade company
aggregation, and access

Page 6 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Typical Architecture of Large Campus Networks

• A large campus network can cover multiple buildings

Cloud DC Traveling
and connect to multiple campuses in a city through
employees
WANs. Typically, a large campus network provides
Internet/WAN
access services and allows traveling employees to
HQ campus Branch campus
access their company's internal network through
Network technologies such as Virtual Private Network (VPN).
management
• Characteristics of large campus networks:
▫ Wide coverage
Number of
▫ Large number of users terminals
> 2000

▫ Complex network requirements

Number of NEs > 100

▫ Comprehensive function modules

▫ Complex network architecture

Network topology of a large enterprise

Page 7 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Main Protocols and Technologies of Campus Networks
WLAN
protocols/technologies Common
protocols/technologies

AC
NAT, OSPF, static routing, and PPPoE
Egress zone
SNMP/
NETCONF

Stacking, OSPF, static routing, and ACL

Core layer
NMS

DHCP, stacking, link aggregation,

spanning tree protocol, OSPF, and
static routing Aggregation layer

VLAN, spanning tree, link aggregation,

and AAA
Access layer

Page 8 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Contents
1. Basic Concepts of Campus Networks

2. Campus Network Project Practice

Page 9 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Networking Requirements
• A company (with about 200 employees) plans to build a brand-new campus network to
meet service development requirements. The network requirements are as follows:
▫ Meet the current services requirements of the company.

▫ Use a simple network topology for easy O&M.

▫ Provide wired access for employees and wireless access for guests.

▫ Implement simple network traffic management.

▫ Ensure network security.

Page 10 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Campus Network Project Lifecycle

1 Planning and design 2 Deployment and implementation

• Device model selection • Device installation
• Physical topology • Single UPS commissioning
• Logical topology • Joint commissioning test
• Technologies and • Network migration and integration
protocols

3 Network O&M 4 Network optimization

• Routine maintenance • Network security improvement
• Software and configuration backup • Software and configuration backup
• Centralized monitoring via the • User experience improvement
network management system (NMS)
• Software upgrade

Page 11 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Small Campus Network Design

1. Networking 4. Network O&M and

2. Network design 3. Security design
solution design management design

Basic network
Device model selection Basic service Egress security
management

Physical topology WLAN Intranet wired security Intelligent O&M

Intranet wireless
Layer 2 loop prevention
security

Network reliability

Page 12 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Networking Solution Design

The physical topology is designed upon Naming and interface selection rules

full consideration of the budget and Internet • The names should be easy to
GE0/0/0 remember and can be extended.
service requirements. The following
CORE-R1 • The interfaces should meet the
figure shows the topology. bandwidth requirements of services.
GE0/0/1
GE0/0/1
GE0/0/2
Agg-S1
GE0/0/1
AC1
E0/0/1 E0/0/1 E0/0/1
E0/0/1

Acc-S1 Acc-S2 Acc-S3 Acc-S4

E0/0/10 E0/0/11
Printer Printer
GE0/0/0 GE0/0/0

AP1 AP2 Printer Administrator

FTP server
Guest reception center R&D department Marketing department Administrative department

Page 13 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Basic Service Design: VLAN Design

• You are advised to assign consecutive VLAN IDs to ensure proper use of VLAN resources.

• VLANs can be classified into service VLANs, management VLANs, and interconnection VLANs as required.

• Typically, VLANs are assigned based on interfaces.

Service VLAN design Management VLAN design

VLANIF 100
VLAN assignment by
192.168.100.254
geographic area

VLAN assignment by VLAN assignment by VLANIF 100 VLANIF 100

logical area personnel structure Management
192.168.100.1 192.168.100.2
VLAN 100

VLAN assignment by In most cases, Layer 2 switches use VLANIF interface addresses as
service type management addresses. It is recommended that all switches on the
same Layer 2 network use the same management VLAN and their
management IP addresses be on the same network segment.

Page 14 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

VLAN Planning
• A management VLAN is reserved for Layer 2 devices.

• VLANs are classified into the guest VLAN, R&D department VLAN, marketing department VLAN, and administrative
department VLAN.

• Layer 3 switches need to be connected to routers through VLANIF interfaces. Therefore, interconnection VLANs need to
be reserved.

• A VLAN is established for CAPWAP tunnels between APs and ACs.

VLAN ID VLAN Description
1 Guest VLAN or WLAN service VLAN
2 R&D department VLAN
3 Marketing department VLAN
4 Administrative department VLAN
100 Management VLAN of Layer 2 devices
101 Management VLAN of WLAN services
102 Interconnection VLAN between Agg-S1 and CORE-R1

Page 15 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Basic Service Design: IP Address Design

Service IP address Management IP address

192.168.1.254
192.168.5.254
192.168.100.254 VLANIF 100
192.168.100.254

VLANIF 100 VLANIF 100

192.168.100.1 Management 192.168.100.2
VLAN 100

Employee Partner Guest

192.168.1.0/24 192.168.5.0/24 192.168.100.0/24 Layer 2 devices use VLANIF interface IP addresses as the management
IP addresses. It is recommended that all Layer 2 switches connected to a
gateway use on the same network segment.
The service IP addresses are the IP addresses of servers, hosts, or
gateways.
• It is recommended that the gateway IP addresses use the same IP address for network device interconnection
rightmost digits, such as .254.
• The IP address ranges of different services must be clearly
distinguished. The IP addresses of each type of service terminals It is recommended that the interconnection IP addresses use a
must be continuous and can be aggregated.
30-bit mask, and core devices use smaller host IP addresses.
• An IP address segment with a 24-bit mask is recommended.

Page 16 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

IP Address Planning
• Reserve sufficient IP addresses based on the number of clients to be accessed and plan network segments and gateway addresses for
each type of service.

• Plan network segments for management IP addresses.

• Divide network segments for interconnection IP addresses.

IP Network
Gateway Address Network Segment Description
Segment/Mask
Network segment to which wireless access guests belong, with
192.168.1.0/24 192.168.1.254
the gateway located on Agg-S1
Network segment to which the R&D department belongs, with
192.168.2.0/24 192.168.2.254
the gateway located on Agg-S1
Network segment to which the marketing department belongs,
192.168.3.0/24 192.168.3.254
with the gateway located on Agg-S1
Network segment to which the administrative department
192.168.4.0/24 192.168.4.254
belongs, with the gateway located on Agg-S1
Management network segment of Layer 2 devices, with the
192.168.100.0/24 192.168.100.254
gateway located on Agg-S1
192.168.101.0/24 N/A Management network segment of WLAN services
192.168.102.0/30 N/A Network segment between Agg-S1 and CORE-R1
Loopback interface address on CORE-R1, which is used as
1.1.1.1/32 N/A
the management IP address

Page 17 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Basic Service Design: IP Address Allocation Mode

Design
Egress gateway Devices such as servers and printers

It is recommended that servers and special terminals (such

as punch-card machines, printing servers, and IP video
surveillance devices) use statically bound IP addresses.
Internet

Carrier End users

device

WAN interface: static IP Internet

address, DHCP, or PPPoE

Egress Egress
gateway gateway It is recommended that IP
addresses of end users
are allocated by gateways
IP addresses of WAN interfaces are assigned by the AP through DHCP.
carrier in static, DHCP, or PPPoE mode. The IP
addresses of the egress gateways need to be obtained
from the carrier in advance.

Page 18 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

IP Address Allocation Mode Planning

• The egress gateway obtains an IP address through PPPoE.

• All terminals obtain IP addresses through DHCP. The servers and printers are assigned fixed IP addresses.

• IP addresses of all network devices (except APs) are statically configured.

IP Network
Allocation Mode Allocation Mode Description
Segment/Interface
192.168.1.0/24
Allocated by Agg-S1. Agg-S1 allocates
192.168.2.0/24
DHCP fixed IP addresses to fixed devices such
192.168.3.0/24
as servers and printers.
192.168.4.0/24
Device management IP addresses, which
192.168.100.0/24 Static
are statically configured
IP addresses of ACs are statically
192.168.101.0/24 DHCP configured, and IP addresses of APs are
allocated by Agg-S1.
Interconnection IP address, which is
192.168.102.0/30 Static
statically configured
GE0/0/0 on CORE-R1 PPPoE IP address assigned by the carrier

Page 19 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Basic Service Design: Routing Design

• Routing design inside a campus network:
• Intra-network segment: After an IP address is allocated
using DHCP, a default route is generated by default and
Internet Agg-S1 functions as a Layer 3 gateway.
• Inter-network segment: The current network topology is
simple. You can deploy static routes on all devices that
need to forward Layer 3 data to meet the requirements.
No complex routing protocol needs to be deployed.
Layer 3 network
• Routing design at the campus egress: Configure
Layer 2 network static default routes.

Printer Printer

FTP server Printer Administrator

Guest reception center R&D department Marketing department Administrative department

Page 20 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

WLAN Design
WLAN networking design WLAN data forwarding design

DHCP server AC Network

AC Network

192.168.101.1/24

CAPWAP tunnel
User data

192.168.101.X/24 192.168.101.Y/24 Control data

 Based on the IP addresses of the AC and APs and whether

data traffic passes through the AC, the networking can be
divided into:
 Inline Layer 2 networking  Control packets and data packets are transmitted on a WLAN.
 Bypass Layer 2 networking  Control packets are forwarded through CAPWAP tunnels.
 Inline Layer 3 networking  User data packets are forwarded in tunnel or direct mode.
 Bypass Layer 3 networking  This example uses the direct forwarding mode.
 This example uses the bypass Layer 2 networking.

Page 21 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

WLAN Data Plan

Item Value
Management VLAN for APs VLAN 101
Service VLAN for STAs VLAN 1
Agg-S1 functions as a DHCP server to allocate IP addresses to APs and STAs. The default
DHCP server
gateway address of STAs is 192.168.1.254.
IP address pool for APs 192.168.101.2 to 192.168.101.253/24
IP address pool for STAs 192.168.1.1 to 192.168.1.253/24
Source interface address of
VLANIF 101: 192.168.101.1/24
the AC
Name: ap-group1
AP group
Referenced profiles: VAP profile WLAN-Guest and regulatory domain profile default
Name: default
Regulatory domain profile
Country code: CN
Name: WLAN-Guest
SSID profile
SSID name: WLAN-Guest
Name: WLAN-Guest
Security profile Security policy: WPA-WPA2+PSK+AES
Password: WLAN@Guest123

Name: WLAN-Guest
Forwarding mode: direct forwarding
VAP profile
Service VLAN: VLAN 1
Referenced profiles: SSID profile WLAN-Guest and security profile WLAN-Guest

Page 22 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Reliability Design
• Port-level reliability:
Internet Eth-Trunk is used to improve reliability between access
switches and aggregation switches and increase link
bandwidth.
• Device-level reliability
iStack or cluster switch system (CSS) technology can
be used, which is not involved in this networking.

Printer Printer

FTP server Printer Administrator

Guest reception center R&D department Marketing department Administrative department

Page 23 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Layer 2 Loop Prevention

• Question: Although no redundant link is introduced to the
current network segment, how can we prevent Layer 2
Internet network loops caused by misoperations of office
personnel?
• Suggestion: Use spanning tree technology on the Layer 2
network to prevent loops. In addition, you are advised to
manually configure Agg-S1 as the root bridge.

Misconnection
Printer Printer

FTP server Printer Administrator

Guest reception center R&D department Marketing department Administrative department

Page 24 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Egress NAT Design

Static NAT Dynamic NAT NAPT and Easy IP
1.2.3.4 1.2.3.4 1.2.3.4
Network egress Network egress Network egress

NAT mapping table NAT mapping table

NAT address pool ------------------------------------------------
------------------------------------------------ ----------------------------------- Private IP Public IP
Private IP Address Public IP Address Address:Port Address:Port
1.2.3.1 Not in use
Number Number
192.168.1.1 1.2.3.1
1.2.3.2 Not in use 192.168.1.10:80 1.2.3.4:10335
192.168.1.2 1.2.3.2
1.3.3.3 Not in use
• NAPT translates port numbers based on dynamic
NAT to improve public address usage.
• Static NAT applies to scenarios where a large • Dynamic NAT introduces the address pool
• Easy IP applies to scenarios where IP addresses
number of static IP addresses are configured and concept. Available IP addresses in the address
of outbound network interfaces are dynamically
clients need to use fixed IP addresses. pool are allocated to clients for Internet access.
allocated.

NAT Server

NAT mapping table

------------------------------------------------
1.2.3.4 Private IP Public IP
The NAT server applies to scenarios
Network egress Address:Port Number Address:Port Number where a server on the intranet needs to
Server providing 192.168.1.1:10321 1.2.3.4:1025 externally provide services.
services externally
192.168.1.2:17087 1.2.3.4:1026

Page 25 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Security Design
Traffic Control DHCP Security

Internet Internal traffic Trusted port

R&D
department Guest data DHCP-enabled home router Access switch DHCP server

Guest network
Marketing LAN • On a campus network, employees often connect unauthorized
department DHCP-enabled wireless routers to the network, causing private
address disorders, address conflicts, and Internet access failures.
• In most cases, DHCP snooping is enabled on access switches to
prevent this issue.
Administrative
department
Internal network Network Management Security
• Different departments can access each other but cannot access
• When network devices are managed through Telnet or the
the Internet.
web system, you can use access control list (ACL) technology
• Guests can access the Internet but cannot access the internal
network. to allow only users with fixed IP addresses to log in to the
• You can use technologies such as traffic policing and traffic devices.
filtering to isolate the internal network from the external network • For the centralized NMS, SNMPv3 supports identity
and use NAT to control the internal network's access to the authentication and encryption, significantly enhancing the
Internet. NMS security.

Page 26 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Network O&M and Management Design

Traditional Device Management Management Based on iMaster NCE

SSH/Telnet Telemetry
LAN Network

• When the network administrator and devices' IP

addresses are routable to each other, you can manage • In addition to the SNMP-based traditional NMS, Huawei
the devices through Telnet, the web system, or SSH. iMaster NCE can also be used for network management
• When there are a large number of devices on a network, and O&M to implement autonomous network driving.
you can deploy an SNMP-based unified NMS for network
O&M and management.

Page 27 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Small Campus Network Deployment and

Implementation
• The project deployment and implementation process must include:
▫ Solution formulation

▫ Device installation

▫ Network commissioning

▫ Network migration and integration

▫ Transfer-to-maintenance (ETM) training

▫ Project acceptance

• The specific process is determined based on the actual situation.

Page 28 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Configuration Scheme (1)

1. Connect network devices using physical cables, configure link aggregation, and add interface description.
For details, see the following two tables.

Device Interface Configuration Device Interface Configuration

Mode: LACP-static Mode: LACP-static
Eth-trunk 1 Trunkport: GE0/0/1, GE0/0/2, GE0/0/3 Eth-trunk 1 Trunkport: GE0/0/3, GE0/0/7, GE0/0/8
Description: to Agg-S1's eth-trunk 1 Description: to Acc-S1's eth-trunk 1
Acc-S1
E0/0/10 Description: to AP1 Mode: LACP-static
Eth-trunk 2 Trunkport: GE0/0/4, GE0/0/9, GE0/0/10
E0/0/11 Description: to AP2 Description: to Acc-S2's eth-trunk 1
Mode: LACP-static Mode: LACP-static
Acc-S2 Eth-trunk 1 Trunkport: GE0/0/1, GE0/0/2, GE0/0/3 Agg-S1 Eth-trunk 3 Trunkport: GE0/0/5, GE0/0/11, GE0/0/12
Description: to Agg-S1's eth-trunk 2 Description: to Acc-S3's eth-trunk 1
Mode: LACP-static Mode: LACP-static
Acc-S3 Eth-trunk 1 Trunkport: GE0/0/1, GE0/0/2, GE0/0/3 Eth-trunk 4 Trunkport: GE0/0/6, GE0/0/13, GE0/0/14
Description: to Agg-S1's eth-trunk 3 Description: to Acc-S4's eth-trunk 1
Mode: LACP-static GE0/0/1 Description: to CORE-R1's GE0/0/1
Acc-S4 Eth-trunk 1 Trunkport: GE0/0/1, GE0/0/2, GE0/0/3
Description: to Agg-S1's eth-trunk 4 GE0/0/2 Description: to AC1's GE0/0/1
AC1 GE0/0/1 Description: to Agg-S1's GE0/0/2
CORE-R1 GE0/0/1 Description: to Agg-S1's GE0/0/1

Page 29 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Configuration Scheme (2)

2. Assign VLANs based on interfaces. For details, see the following two tables.

Device Interface Type Configuration Device Interface Type Configuration

PVID:100 PVID:100
Eth-trunk 1 Eth-trunk 1 Trunk
Allow-pass VLAN 1, 100, 101 Allow-pass VLAN 1, 100, 101
Acc-S1 Trunk
E0/0/10 PVID:101 PVID:100
Eth-trunk 2 Trunk
E0/0/11 Allow-pass VLAN 1, 101 Allow pass VLAN 2, 100

PVID:100 PVID:100
Eth-trunk 1 Trunk Eth-trunk 3 Trunk
Acc-S2 Allow pass VLAN 2, 100 Allow pass VLAN 3, 100
Agg-S1
Other ports Access Default VLAN 2 PVID:100
Eth-trunk 4 Trunk
PVID:100 Allow pass VLAN 4, 100
Eth-trunk 1 Trunk
Allow pass VLAN 3, 100
Acc-S3 GE0/0/2 Access Default VLAN 101
Other ports Access Default VLAN 3

PVID:100 GE0/0/1 Access Default VLAN 102

Eth-trunk 1 Trunk
Allow pass VLAN 4, 100
Acc-S4
AC1 GE0/0/1 Access Default VLAN 101
Other ports Access Default VLAN 4

Page 30 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Configuration Scheme (3)

3. Allocate IP addresses to STAs and APs using DHCP and statically configure IP addresses for network
devices. For details, see the following two tables.
Device Interface Address/Mask Device Interface Address/Mask
VLANIF 1 192.168.1.254/24 Acc-S1 VLANIF 100 192.168.100.1/24
VLANIF 2 192.168.2.254/24 Acc-S2 VLANIF 100 192.168.100.2/24
VLANIF 3 192.168.3.254/24 Acc-S3 VLANIF 100 192.168.100.3/24
Agg-S1 VLANIF 4 192.168.4.254/24 Acc-S4 VLANIF 100 192.168.100.4/24
VLANIF 100 192.168.100.254/24 AC1 VLANIF 101 192.168.1.101/24
VLANIF 101 192.168.101.254/24
VLANIF 102 192.168.102.2/30
GE0/0/1 192.168.102.1/30
Automatic obtaining via
CORE-R1 GE0/0/0
PPPoE
Loopback0 1.1.1.1/32

Page 31 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Configuration Scheme (4)

4. Configure the IP address allocation mode. For details about DHCP, see the following table.

Network Segment Other Parameters Remarks

Gateway:192.168.1.254
192.168.1.0/24 Agg-S1 functions as a DHCP server.
DNS:192.168.1.254
Agg-S1 functions as a DHCP server.
Gateway:192.168.2.254
192.168.2.0/24 Fixed IP addresses are allocated to printer (1)
DNS:192.168.2.254
and the FTP server.
Gateway:192.168.3.254 Agg-S1 functions as a DHCP server.
192.168.3.0/24
DNS:192.168.3.254 A fixed IP address is allocated to printer (2).
Agg-S1 functions as a DHCP server.
Gateway:192.168.4.254
192.168.3.0/24 Fixed IP addresses are allocated to printer (3)
DNS:192.168.4.254
and the network administrator.
Agg-S1 functions as a DHCP server.
192.168.101.0/24 N/A The IP address (192.168.101.1) occupied by
the AC is not allocated.

Page 32 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Configuration Scheme (5)

5. Configure routes. Static routes are used because the network scale is small and the number of NEs is
also small. For details, see the following table.

Device Route Configuration Remarks

Acc-S1
Acc-S2 Route that enables the network administrator to
0.0.0.0 0 192.168.100.254 access Layer 2 switches across network
Acc-S3 segments.
Acc-S4
Route that enables the administrator to access
AC1 0.0.0.0 0 192.168.101.254
AC1 across network segments.
Route that matches the traffic destined for the
Agg-S1 0.0.0.0 0 192.168.102.1
Internet
Aggregated route for the core router to access
192.168.0.0 20 192.168.102.2
the intranet
CORE-R1
Route pointing to an interface on the external
Default route
network

Page 33 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Configuration Scheme (6)

6. Configure network management. Set the network management mode to Telnet-based remote management and
authentication mode to Authentication, Authorization, and Accounting (AAA). For details, see the following table.
Device Management Mode Authentication Mode Remarks
Acc-S1
Acc-S2
Acc-S3
The user name and password must be
Acc-S4 Telnet AAA complex and different. In addition, record
them.
Agg-S1
CORE-R1
AC1
Centralized control and
AP1&AP2 N/A N/A
management by the AC

7. Network egress configuration

Device Interface Access Mode NAT Mode Remarks

User name: PPPoEUser123
CORE-R1 GE0/0/0 PPPoE Easy IP
Password: Huawei@123

Page 34 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Configuration Scheme (7)

8. Configure the WLAN as planned.
9. Perform security-related configurations. For details, see the following table.

Module Related Technology Configuration

1. Configure an advanced ACL to block the traffic from 192.168.1.0/24 to
the service network segment on the intranet and allow other traffic to
pass through. Configure a traffic filtering policy to reference this ACL
Traffic monitoring Traffic policy, NAT, and ACL and apply the policy to an interface.
2. Configure a basic ACL to permit only the traffic from 192.168.1.0/24
and apply this ACL to the NAT configuration on an outbound network
interface.
Network Configure a basic ACL to permit only the packets whose source IP
management AAA and ACL address is the administrator's IP address and wildcard mask is 0, and
security apply the ACL to the VTY interfaces of all managed devices.
Enable DHCP snooping on all access switches and configure the uplink
DHCP security DHCP snooping
interfaces as trusted interfaces.

Page 35 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Small Campus Network Commissioning

2. High Reliability
1. Connectivity Test 3. Service Performance Test
Commissioning

Basic link interconnection test Loop prevention function test Service traffic test

Layer 2 interoperability test Path switchover test Access control test

Layer 3 interoperability test Hot Standby (HSB) test

Page 36 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Small Campus Network O&M

• After a small campus network is provisioned, it enters the O&M phase. Common O&M
methods include:
▫ Device environment check

▫ Basic device information check

▫ Device running status check

▫ Service check

▫ Alarm handling

• When the network scale reaches a certain level, the network management software can
be used for network management and O&M to improve efficiency.

Page 37 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Planning and Deployment and Network
Network O&M
Design Implementation Optimization

Small Campus Network Optimization

• Network optimization can comprehensively improve the reliability and robustness of
networks and better support the development of enterprise services. Common network
optimization solutions include but are not limited to:
▫ Device performance optimization, such as hardware upgrade and software version update

▫ Basic network optimization, such as network architecture optimization and routing protocol
adjustment

▫ Service quality optimization, such as preferential forwarding of voice and video services

• Formulate an appropriate network optimization solution based on network requirements

and actual conditions.

Page 38 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Quiz
1. What is the complete lifecycle of a campus network?

2. What is the function of a management IP address?

Page 39 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Summary
• This chapter describes the concepts, types, and common technologies of campus
networks.

• Understand the lifecycle of campus networks:

▫ Planning and design

▫ Deployment and implementation

▫ Network O&M

▫ Network optimization

• Based on the previous courses, this course focuses on the planning, design,
deployment, and implementation of campus networks and details how to establish a
small campus network.
Page 40 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.
 Thank You
www.huawei.com

Page 41 Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.