Segment - corporate data networks, Huawei hardware test report
Recently, our customers have shown an active interest in Huawei equipment. The most popular questions among them relate to the compliance of Huawei equipment with the specifications declared by the manufacturer and its compatibility with equipment from other manufacturers common in the Russian market.
Responding to more frequent requests, we launched a number of programs for testing Huawei equipment in our own laboratory, based on which we will publish reports, expert notes and assessments. The first sign in this direction was the test report on the line of equipment (Huawei switches and routers), positioned by Huawei for use in corporate data networks, which we bring to your attention today.
The generalized conclusion from the tests:
A detailed report, prepared in July 2014, with a description of the tests, diagrams and results is given below. We hope that it will help everyone to get answers to the bulk of questions about the Huawei product line, positioned for corporate data networks, and also save time on researching this issue.
This document contains information on testing Huawei equipment for organizing WAN and LAN segments of corporate networks, conducted by Jet Infosystems specialists.
The document includes:
Testing was conducted to assess the possibility of using Huawei equipment in the creation of distributed corporate data networks.
In the testing process, the following tasks were solved:
At the stand, modeling of a typical distributed corporate network was carried out consisting of:
Table 1. The list of equipment of the stand
Figure 1. Scheme of the stand
Figure 2 Level 3 OSI Models
Figure 3 Routing and organizing a VPN
Table 2 List and test results
The testing program passed correctly for all tested parameters. Based on the test results, we can conclude that Huawei equipment meets the declared functionality necessary for building corporate LAN and WAN networks.
It is recommended to purchase manufacturer technical support, which will allow for software updates and open service support requests if necessary.
The issues of scaling WAN-networks were not considered in this testing; they require a separate study or verification by practice (time of convergence, number of tunnels supported, performance).
Responding to more frequent requests, we launched a number of programs for testing Huawei equipment in our own laboratory, based on which we will publish reports, expert notes and assessments. The first sign in this direction was the test report on the line of equipment (Huawei switches and routers), positioned by Huawei for use in corporate data networks, which we bring to your attention today.
The generalized conclusion from the tests:
- the functionality of the tested equipment is fully consistent with the declared;
- equipment is compatible with devices of other manufacturers.
A detailed report, prepared in July 2014, with a description of the tests, diagrams and results is given below. We hope that it will help everyone to get answers to the bulk of questions about the Huawei product line, positioned for corporate data networks, and also save time on researching this issue.
annotation
This document contains information on testing Huawei equipment for organizing WAN and LAN segments of corporate networks, conducted by Jet Infosystems specialists.
The document includes:
- description of the stand;
- test plan;
- test results;
- conclusions, conclusions and recommendations.
Goals and objectives of testing
Testing was conducted to assess the possibility of using Huawei equipment in the creation of distributed corporate data networks.
In the testing process, the following tasks were solved:
- checking the functioning of switching technologies in a LAN, including compatibility with equipment from other manufacturers (in this test, with Cisco Systems equipment);
- checking the functioning of DHCP, VRRP services in the LAN;
- checking the functioning of the LAN services necessary for the implementation of IP-telephony: LLDP, POE;
- checking the functioning of dynamic routing protocols in hot water, including when interacting with equipment from other manufacturers (in this test, with Cisco Systems equipment);
- verification of the functioning of QOS mechanisms in terms of traffic marking and traffic-shaping in LAN and WAN;
- Verification of tunnel encryption using IPSec
- verification of the operation of the Huawei DSVPN protocol;
- testing the functioning of fault tolerance mechanisms for wireless interfaces in connection tasks of remote branches.
Stand description
At the stand, modeling of a typical distributed corporate network was carried out consisting of:
- central office;
- remote office with a duplicated connection to a wired provider;
- remote office with a backup channel through wireless networks.
The list of equipment involved in the tests
Table 1. The list of equipment of the stand
| Device | Model | Firmware version | Network role | Qty |
| Router | AR2204 | V200R005 | Head Office Router | 2 |
| Router | AR201 | V200R005 | Remote Office Edge Router | 2 |
| Router | AR207G-HSPA + 7 | V200R005 | Remote Office Wireless Standby Edge Router | 1 |
| Switch | S2700-9TP | V200R005 | Endpoint Switch | 1 |
| Switch | Cisco3750 | Ancillary equipment | 1 | |
| Switch | Cisco2950 | Ancillary equipment | 2 |
Booth layout
Figure 1. Scheme of the stand
A diagram at the third level of the ISO / OSI model is shown in Figure 2.
Figure 2 Level 3 OSI Models
The routing and VPN organization diagram is shown in Figure 3.
Figure 3 Routing and organizing a VPN
List and test results
Table 2 List and test results
| Test number | Checked Functionality | Equipment | Description | Result | Notes |
| 1 | Checking the operation of switching protocols on Huawei equipment | AR201, S2700-9TP, Cisco3750 | Verify 802.1q performance. Connecting two switches using 802.1q, test PCs connected to the switch access ports. The ability to transfer data when connecting to ports belonging to VLANs allowed on trunk interfaces was tested. | Passed | Huawei, by default, in the "trunk" all VLANs are prohibited. |
| 2 | 2 - AR201, S2700-9TP | Testing the operation of the RSTP. A “triangle” of two AR201 and S2700 is assembled. From a test PC connected to the S2700, the availability of the SVI AR201 was checked using the ping command, by disabling one of the channels, a topology rebuild was initiated. The tuning time was checked by estimating packet loss and analyzing event logs on the equipment. We consider the adjustment time to be correct no more than 3 seconds. | Passed | According to the data from the event log, the STP topology is rebuilt in 0.5 seconds (one icmp packet was lost). Implementation features: on Huawei routers, the RSTP protocol is enabled by default, on the switch - off (in the basic configuration). Due to the fact that PVST is a Cisco proprietary protocol that is not supported by Huawei, the STP process for all VLANs created on the switch is the only one. To separate VLANs between different STP processes, you must use the MST protocol. | |
| 3 | AR201, S2700-9TP, Cisco3750 | Checking the operation of MSTP. The same method as for RSTP, but catalyst 3750 acted instead of one of AR201. 3 MSTP instance was configured . For each MSTP instance, a separate switch acted as root. The tuning time was checked by estimating packet loss and analyzing event logs on the equipment. We consider correct the restructuring time to be no more than 3 seconds. | Passed | The test passed correctly. According to the event log, the STP topology is rebuilt in 0.5 seconds. | |
| 4 | 2 - AR201, S2700-9TP, Cisco3750 | Verify 802.3ad. Testing was conducted by organizing a Port-Channel between two AR201, AR201 and Cisco 3750, AR201 and S2700. To create the load, iperf and ping were used. The flow switching was checked when the channel included in the aggregated group was disconnected. In addition, the built-in software tools checked the status of aggregated channels under various LACP operating modes. | Passed | Tests passed successfully for all LACP modes. | |
| 5 | Verifying Dynamic Routing Protocols | 2 - AR201, S2700-9TP, Cisco3750 | Verification of BGP. All devices of the basic circuit were involved in the construction of a system with dynamic routing of BGP. Between mo1-wr01 and mo1-wr02, as well as ro1-wr01 and ro1-wr02 EBGP. Ro1-wr0 (1/2) announced internal networks, with mo1-wr0 (1/2) announced the addresses of a PC connected to ro1-sw01 checked the availability of remote networks. | Passed | When working, you should consider the difference between the AD parameter of the routing protocols on Cisco and Huawei equipment. |
| 6 | 2 - AR201, S2700-9TP, Cisco3750, 2 - AR2204 | Verify OSPF. All routers were placed in OSPF AREA 0, the convergence time was studied when the physical topology changed, the choice of route was fixed by manipulating the cost parameter. | Passed | ||
| 7 | 2 - AR201, S2700-9TP, Cisco3750, 2 - AR2204 | Verification of BGP + OSPF (redistribution on Huawei equipment). A typical interface between a corporate network and a WAN was simulated, OSPF was used as the internal protocol, external BGP was used as the protocol, redistribution was configured between the protocols, and the mutual accessibility of networks from different OSPF domains through the BGP segment was used to evaluate the correct operation. | Passed | ||
| 8 | Verify Switch to Wireless Standby | AR201, Cisco3750, AR2204 | For the router, two Internet channels were organized, the main one using wired channels, and the backup one via a wireless interface (3G). It was checked that access to external networks was preserved when the main channel was turned off. | Passed | |
| 9 | Verifying the operation of the Huawei DSVPN protocol | 2 - AR201, Cisco3750, 2 - AR2204 | Basic DSVPN health check. The connection of conditional remote offices to the central one using the DSVPN protocol was organized, the availability of internal networks through tunnels was checked. | Passed | Tunnel access works correctly. |
| 10 | 2 - AR201, Cisco3750, 2 - AR2204 | Verifying DSVPN redundancy. The test consisted in measuring the switching time from the primary to the backup DSVPN tunnel; switching time up to 10 seconds is considered acceptable. | Passed | When using standard parameters (hello-interval peer'a) switching occurs within 5-7 seconds. | |
| eleven | Verify Office Connectivity with Tunnel Encryption | 2 - AR201, Cisco3750, 2 - AR2204 | Verifying the correct operation of DSVPN using IPSec. The criterion for the correct operation was the availability of internal networks through the tunnels with IPSec encryption enabled in DSVPN tunnels. | Passed | |
| 12 | Checking the interaction of offices when connecting via 3G using NAT | AR207G-HSPA + 7, AR2204 | Verify that DSVPN is working correctly using NAT and IPSec. The criterion for the correct operation was the availability of internal networks via DSVPN tunnels when connecting remote offices via 3G with private IP addresses and a central office with public IP. | Passed | When connecting remote offices with the assignment of private IP addresses, translation (NAT) occurs. GRE traffic that uses DSVPN is not broadcast, so IPSec was used with NAT traversal, inside which GRE (DSVPN) was transmitted. |
| thirteen | Verifying IP Telephony Service Support Support | S2700-9TP | Verification of PoE. For verification, the Avaya IP telephone was connected to the s2700 switch port, the presence of consumer auto-detection and the correct determination of the required power were checked. | Passed | lldp is enabled by default and correctly fulfills the requested power consumption, the required power is determined correctly. |
| 14 | S2700-9TP | Verification of the definition of a voice device with placement in the desired VLAN. A voice VLAN from the Jet network was established. The access port (access VLAN + voice VLAN) was configured on the switch port. A PC and a telephone were connected to the port. As a check, we evaluated the correct assignment of the PC address and placing the phone in the required VLAN (checking for the buzzer). | Passed | ||
| fifteen | Checking the correct operation of QoS | S2700-9TP, AR201 | Testing QOS Labeling on Huawei Switches From a PC connected to the switch, a traffic flow was organized, which was marked on the incoming port of the switch. On the router connected to the outgoing port of the switch with the built-in software, a traffic dump was made with the subsequent verification of the marking. | Passed | Traffic is marked correctly. |
| 16 | AR201, S2700-9TP | Checking the QOS marking on the Huawei router. During the verification process, the correctness of the re-marking of 802.1p (l2) -> dscp (l3) was evaluated. | Passed | Traffic is marked correctly. | |
| 17 | AR201, S2700-9TP | Checking the operation of priority QOS queues on Huawei routers. For verification, a channel load was organized by generating spurious traffic from a PC using iperf. When prioritization is disabled, packet loss during ping is up to 50%. Then, the quality of communication was evaluated with prioritization enabled. Expected result - when enabling prioritization, normal packet flow is ensured. | Passed | ||
| 18 | Checking the operation of ip services | 2 - AR201, S2700-9TP, Cisco3750 | Verify VRRP operation. VRRP is configured between AR201 routers; switching was checked when uplink (tracking) state changed. | Passed | Verification passed correctly. There is no way to configure delay preempt after rebooting the device. |
| 19 | AR201, S2700-9TP | Checking the operation of dhcp. The AR201 router acted as a dhcp server, the test PC was connected either directly or through the switch, the correspondence of the received address was checked to the settings of the VLAN port of connection, the correctness of the requested dhcp options was checked by analyzing the packets using wireshark. | Passed | Verification passed correctly / |
Conclusion
- The switching protocols required when building typical corporate networks - 802.1q, RSTP, MSTP, 802.3ad, are fully supported.
- When testing the routing operation, no shortcomings were revealed. When interacting with equipment from other manufacturers, one should take into account differences in the parameters of the administrative-distance routing protocols.
- DSVPN functionality works correctly, redundancy works correctly for both wired and wireless channels.
- In terms of POE support, the equipment works correctly, the functionality required to support IP-telephony is present in full.
- Checked QOS functionality works correctly.
- DHCP and VRRP services work correctly.
- During testing, problems with the operation of a number of functions and protocols were identified, which were corrected by using a new firmware version on the equipment.
conclusions
The testing program passed correctly for all tested parameters. Based on the test results, we can conclude that Huawei equipment meets the declared functionality necessary for building corporate LAN and WAN networks.
It is recommended to purchase manufacturer technical support, which will allow for software updates and open service support requests if necessary.
The issues of scaling WAN-networks were not considered in this testing; they require a separate study or verification by practice (time of convergence, number of tunnels supported, performance).