Download What Advantages Does an Agile Network Bring

Free Mobility Provides Better User Experiences
INTERNAL
Free Mobility Provides Better User Experiences
— What Advantages Does an Agile Network Bring? (Issue 1)
By Swift Liu, President
Enterprise Networking Product Line
Huawei Enterprise Business Group
Agile means quick and nimble.
New services such as mobility, cloud computing, social media, Big Data, and the Internet of
Things (IoT) bring higher requirements for real-time service transmission, network mobility and
scalability, as well as improved user experience. Huawei Agile Network Solution focuses on
ways to cope with the challenges brought by these new services and to solve problems on
traditional networks.
In this article, we are going to talk about how to ensure a quality experience for users of mobile
office and cloud computing through free mobility.
1 Mobility of Information Consumers Creates Serious
Network Challenges
Wide Use of Wi-Fi Networks on Campuses Leads to Growing Swarm Traffic
As we know, traditional networks that connect to each other through cables are called fixed
networks. Since office employees often change locations, traffic tends to be unpredictable on fixed
networks. With the widespread use of Wi-Fi networks on enterprise campuses, the location of
office employees becomes even less predictable, making network traffic ever more unpredictable.
The behavior of this traffic moves as users and terminals move. We call this kind of traffic
“swarm traffic” because it is very similar to a swarm of insects that moves unpredictably between
locations.
The swarm traffic model considerably affects user experience. For example, employees in a large
office space may access the network through Wi-Fi networks. Some employees may process
2017-08-01
Huawei Confidential
Page1, Total7
Free Mobility Provides Better User Experiences
INTERNAL
emails or surf the Internet, while others access remote conferences. As a result, access traffic tends
to spike quickly, along with the traffic on uplink switching devices on the wireless network. This
affects the service experience of users within that particular office and other nearby offices and
conference rooms that connect to the same switch. This interruption in service is especially
noticed in real-time, latency-sensitive services such as High Definition (HD) video conferences.
However, in this example, we’re looking only at routine office applications. Let’s say enterprises
deploy new services such as an instant video conference based on mobile terminals (for example,
tablet PCs), personal network storage disks, and cloud storage services on enterprise intranets. The
Multipoint-to-Multipoint (M2M) service model will only serve to make network traffic more
unpredictable and cause it to negatively affect key office services.
The Mobile Office Is a Major Challenge for QoS Deployment
Currently, only a few enterprise campus networks are configured with Quality of Service (QoS)
priorities. Some of these campus networks have their QoS priorities statically configured, which
means that when traffic spikes occur, VIP users’ service experience cannot be guaranteed. For
example, let’s say a traffic spike occurs during a conference an executive is attending. If the
executive accesses the same Wi-Fi access point in order to process an important service, the heavy
traffic spike will negatively affect the executive’s service experience.
Consider another example: large, multinational companies frequently use remote offices and
conferencing. Multiple Virtual Private Network (VPN) devices may be deployed across the globe
to ensure that employees can access remote conferences. However, the VPN might switch
employee traffic in Beijing to Sweden, or from Shenzhen to Vietnam. Obviously, this negatively
affects users’ access experience. What is the cause of this problem? Multiple VPN access points
work in redundancy backup mode. When the load of the nearest access point is heavy, new users’
traffic will be automatically switched to another access point. Another example: suppose a
technical support engineer at a customer’s site has to access the network to solve a severe problem.
If the customer’s traffic is switched over to the network in this way, the decrease in service
experience may lower the customer’s level of satisfaction.
How can we ensure that users, especially VIP users, are able to access the network at the nearest
access point? How can we configure QoS policies to rectify this issue?
Access Control Policy Deployment Involves Heavy Workload
Many large enterprises deploy three kinds of independent access authentication and control
systems over their Wi-Fi and mobile access networks:
2017-08-01
Huawei Confidential
Page2, Total7
Free Mobility Provides Better User Experiences

INTERNAL
Fixed network access authentication and access control system: Enterprises normally use
access authentication gateways such as Broadband Remote Access Servers (BRASs) or enable
802.1x authentication on access switches. Users are uniformly authenticated in the
authentication center, and then assigned to a group. In this way, the enterprise can tightly
control users’ network rights to access a specific area, or provide policies that permit access
between different areas. To control such rights, an Access Control List (ACL) must be used.
Take Huawei’s management and control policy as an example. On average, each user needs
more than 100 ACL rules, which must be configured and maintained across all BRAS servers
or access switches. Huawei has several hundred BRAS servers. If access switches are also
used, that will be a huge number of devices to configure manually.

Wi-Fi network access authentication and access control system: Wi-Fi network control
policies must be manually configured one at a time on each Access Controller (AC) device.
If the number of ACs is large, the workload will be heavy.

Extranet access authentication and access control system: VPN gateways control access
rights when a user attempts to access an extranet. Similarly, all policy control commands must
be manually configured.
Using all of these systems together means that a lot of devices must be manually maintained,
especially when the 802.1x authentication mode is enabled at the access layer. For a medium-sized
enterprise, there is still massive manual configuration workload as such a configuration is not
fixed; when a user’s access policy must be changed, the configuration must be changed
accordingly. To reduce the configuration workload, most enterprises divide their networks into
several areas comprised of departments or confidential services of different confidentialities to
reduce the number of policies to be configured. However, this approach cannot satisfy some
special requirements due to the heavy workload involved. For example, it is difficult for a
temporary working group of employees from different departments to process different services.
As a workaround to these problems, many enterprises use no access authentication or rights
management mechanisms, and their networks seem to run properly. However, this is not a viable
solution since they are exposed to many potential risks. If users access the network without access
authentication and control, the enterprise intranet may be threatened. With unrestricted access to a
switch, one is able to scan all the hosts connected to the switch and learn their operating system
version, patches, and vulnerabilities. A person with malicious intent could go a step further and
access the enterprise’s secret resources by attacking a vulnerable host. This is undoubtedly very
dangerous to any enterprise.
2017-08-01
Huawei Confidential
Page3, Total7
Free Mobility Provides Better User Experiences
INTERNAL
To summarize, access authentication and access control mechanisms are imperative to prevent
security risks. However, with traditional network architectures, a large workload is a major
challenge. For example, some IT personnel working for one of Huawei’s key accounts once said
that if they adjusted their company’s existing access control policies, all members of the IT
maintenance team would need to spend half a year reconfiguring and verifying policies to match
the company’s requirements and specifications.
2 Transformation from Data Centers to Terminal
Networks — The Network Is Becoming a System Bus
In recent years, desktop clouds have been widely used in various industries. Desktop clouds store
computing and storage resources in a data center. Users require only a monitor, a keyboard, a
mouse, and a headset for routine office work.
With an increasing amount of service data stored in the data center, the network connects
computing and storage resources in a manner similar to the way a bus connects CPUs, hard disks,
and memory. The desktop cloud network transmits not only routine office services such as Office
Automation (OA) and email, but also real-time services such as video and voice conferencing.
These real-time services require high network quality. Poor network quality will decrease user
experience dramatically. Therefore, to enhance their experience, network quality must be
improved.
3 Innovation 1: Free Mobility Provides Excellent User
Experiences
Free mobility migrates with users and their policies, resources, and corresponding service
experiences. The ultimate goal of this technology is to provide a consistent user experience
regardless of location and terminal. To ensure such a consistent experience, what policies must be
achieve “free mobility”?
Free Mobility of Access Control Policies
2017-08-01
Huawei Confidential
Page4, Total7
Free Mobility Provides Better User Experiences
INTERNAL
To implement free mobility of policies, Huawei has introduced Software-Defined Networking
(SDN) architecture into agile campus networks. As we know, there are multiple technical schools
of SDN such as OpenFlow, OpenDaylight, and OpenStack. The good news is that, no matter
which of these schools you follow or the specific technologies you implement, the problems they
solve are the same. The nature of SDN is to open network resources to upper-layer services.
In data centers, SDN technology addresses the problem that network policies cannot move freely
due to Virtual Machine (VM) migration. While this is a genuine problem, this is not the key point
being discussed here. However, when it comes to enterprise campuses, the same problem occurs.
After Wi-Fi networks are deployed on campus, the constant relocation of office employees
requires that network resources and policies change accordingly. Huawei has applied the
innovative SDN architecture to campus networks to implement free mobility of policies.
Let’s take a look at how this works. We’ve discussed the massive configuration workload brought
about by access authentication and control. To perform a single uniform configuration, Huawei
has introduced a Controller, which is a “Smart Brain” that automatically translates and delivers
instructions to switches. For example, IT personnel only need to define the corresponding user
roles and server access polices on the Controller. The Controller will automatically translate these
polices to machine instructions and deliver the instructions to agile switches. Then the agile
switches will automatically translate the instructions and pass them along to access switches and
automatically enable the 802.1x authentication mode. In other words, the workload of configuring
approximately 1,000 devices is reduced to only a single configuration on a single device.
Free Mobility of QoS Policies
QoS policies only need to be defined on the Controller. For example, when a VIP user accesses
the extranet and must be authenticated on the VPN gateway, the Controller will notify the gateway
of the user’s identity. When the gateway is overloaded, it will disable some unimportant service
connections and permit the VIP user to access the extranet to process urgent affairs.
In an earlier example, when traffic spiked during normal office tasks, a VIP user wanted to hold a
temporary video conference but could not due to poor quality. Today, the Controller can
accurately push QoS polices to the switch at the farthest network edge. The switch is
independently configured and allocated sufficient bandwidth to ensure a seamless experience for
the VIP user.
As Bring Your Own Device (BYOD) becomes more widely used, QoS becomes more important
in enterprise campus networks. On mobile terminals, different services such as network access,
2017-08-01
Huawei Confidential
Page5, Total7
Free Mobility Provides Better User Experiences
INTERNAL
voice, videos, and important interactions are processed. For key users/user groups and key
services, corresponding polices can be configured on the Controller to implement free mobility of
policies regardless of location.
Free Mobility of Storage Policies
Cloud computing service experience is optimal when the data center location is close to the user.
In fact, users’ experience will often suffer when they try to access their “home” cloud computing
data center when they are working far away. For example, Huawei has data centers in Beijing,
Nanjing, and Shenzhen. When employees in Shenzhen take a business trip to Beijing, desktop
cloud service data is still processed at the data center in Shenzhen and all traffic will be switched
to Shenzhen. In this case, the experience of routine office work such as processing emails online
will suffer only a little, but quality will degrade in latency-sensitive services such as voice or
video conferences.
The best method is to migrate the desktop cloud service data to the data center in Beijing when
employees are on business trips in the area. The Campus Controller can accurately learn the access
location and identity of users. By associating the Campus Controller with the Data Center
Controller, employees’ service data can be migrated to the data center in Beijing during off-peak
periods such as at night, when the Wide Area Network (WAN) transmits comparatively less traffic
than in daytime. In this manner, the employees can gain optimal service experience when moving
from one location to another. This service data migration process has been termed “drifting.”
Migration can be implemented in an agile network architecture through a convergence solution in
storage and networking.
Free Mobility of Services
Free mobility must be implemented for services such as an Enterprise Resource Planning (ERP)
system and other important electronic processing services apart from storage data.
Most large enterprises have more than one data center. To ensure a quality experience when
accessing a data center to process services, strict requirements are placed on access time. This is
why data centers are deployed across the globe. Important systems such as ERP work in hot
standby state, and user access traffic is load is balanced in an active-active mode. Similarly, when
employees in Beijing are on a business trip in Shenzhen and access the data center in Beijing, the
best method of handling this traffic is to dynamically load balance the service traffic from the
Beijing data center to the data center in Shenzhen. The Campus Controller and the Data Center
Controller can migrate users’ key services and ensure that users can access these services at the
nearest access point.
2017-08-01
Huawei Confidential
Page6, Total7
Free Mobility Provides Better User Experiences
INTERNAL
In conclusion, free mobility of services requires that policies, resources, and experiences should
move freely. Free mobility means providing a consistent experience irrespective of access location,
device, and network access mode. This ensures that users can still obtain an excellent service
experience as new services increase in popularity across a wide variety of fields.
2017-08-01
Huawei Confidential
Page7, Total7