CloudWAN

What Is the CloudWAN Solution?

The CloudWAN solution delivers a cloud-oriented Wide Area Network (WAN) service. Tailored for backbone networks linking enterprise campuses to clouds, interconnecting enterprise campuses, and cloud-to-cloud connections, it seamlessly connects enterprise branches, campuses, traditional and private data centers, as well as public and private clouds. This enables swift cloud integration of enterprise services, fosters industrial connectivity among enterprise campuses, and facilitates inter-cloud linking. By offering ample computing resources and impetus, it propels the pace of enterprise digital transformation.

Why Do We Need the CloudWAN Solution?

A WAN functions as an extensive network facilitating long-distance communication among enterprises or organizations, spanning from tens to thousands of kilometers. It enables the exchange of information and resources over vast distances, either through leased links from carriers or proprietary links constructed for long-distance communication.

The global shift toward digitalization is rapidly progressing alongside the fourth industrial revolution, characterized by the adoption of intelligent technologies. Over 50 countries have devised digital strategies and initiatives, such as China's new infrastructure endeavor and the EU's recovery plan, aimed at advancing digital economy development and societal transformation. This new infrastructure, exemplified by projects like China's "east-to-west computing resource transfer," encompasses information, convergence, and innovation. The WAN serves not only as a vital component of the information infrastructure but also as a cornerstone of convergence and innovation infrastructure. As a crucial link, the WAN interconnects enterprise facilities, branches, cloud platforms, intelligent products, and users. It dismantles data silos, facilitates the swift deployment of innovative services and applications, and fosters efficient collaboration across various domains. Central to enterprise digital transformation is the extraction of data value, contingent upon efficient data circulation. Indeed, the WAN underpins data connectivity and convergence. To achieve more effective collaboration and connection across diverse fields and to expedite digital transformation across industries, enhancing data flow robustness and efficiency is imperative.

Challenge 1: Traditional WANs' segment-based O&M hinders efficient network provisioning and agile enterprise cloud adoption.

The transition to enterprise cloud solutions reshapes the connectivity model of traditional enterprise WANs. Traditionally, enterprise applications predominantly reside on local servers within headquarters. Consequently, the WAN primarily facilitates communication between branches and headquarters, usually through Point-to-Point (P2P) connections. However, with the deployment of enterprise applications on cloud platforms, the WAN must now link branches and headquarters to these clouds using Point-to-Multipoint (P2MP) or Multipoint-to-Multipoint (MP2MP) connections.

Traditional WANs typically rely on MPLS technology, and maintenance involves multiple departments. Service deployment relies on manual segment-based configurations, which are time-intensive and fail to match the agility of cloud deployment. For instance, deploying a new outlet on cloud platforms typically takes less than an hour, while the overall deployment process exceeds 30 days due to the collaboration of multiple departments such as outlets, tier-2 branches, provincial branches, and headquarters. The absence of a unified WAN backbone necessitates leasing multiple site-to-cloud private lines based on the deployment locations of different clouds. Establishing network and cloud connections from scratch for a new cloud data center leads to complex connections, intricate segment-based deployments, and prolonged service monetization.

Implementing agile cloud migration for enterprises and enabling flexible connections to any cloud as per demand emerge as crucial challenges for WANs.

Segment-based service deployment

Challenge 2: Production networks are IP-based, meaning that the network SLAs cannot be guaranteed.

Production, manufacturing, and interaction are vital for enterprise operations, demand stringent security and stability measures. Typically, to ensure that these services are not affected by other services, production networks rely on dedicated Time Division Multiplexing (TDM) networks, isolated from office networks and utilizing disparate protocol standards. This independent network construction results in high costs, low bandwidth, and limited openness, leading to data silos and hindering efficient data flow and service development.

In China's energy sector, the extensive network of oil and gas pipelines, spanning over 160,000 km, poses challenges for conventional manual inspections. Consequently, drone inspections are emerging as a new security measure. Unmanned Aerial Vehicles (UAVs) require access to diverse base stations for remote control and signal transmission. However, conventional production networks lack the openness needed to fulfill UAVs' requirements for seamless access and flexible connectivity anytime and anywhere. Similarly, in the transportation sector, the shift towards high-speed rail travel necessitates a transition from manual monitoring to remote over-the-horizon surveillance for train control and dispatching. Cameras and sensors capture safety data around trains, transmitting it to edge gateways for analysis to predict hazards and faults, thus enhancing travel safety. Nonetheless, such over-the-horizon monitoring demands network bandwidth exceeding 100 Mbit/s, surpassing the capabilities of traditional production networks.

As core production systems migrate to the cloud, enterprise digital transformation necessitates consolidating multiple services on one IP WAN. Balancing varied service requirements for network latency and bandwidth on a single network presents a significant challenge for WANs.

Challenge 3: Enterprises face unbalanced cloud-network resource utilization, leading to passive capacity expansion.

Traditional WANs route packets using the shortest path, resulting in uneven resource utilization across the network and cloud infrastructure. Some nodes are overloaded while others remain underutilized or idle. With increasing network traffic each year, enterprises passively expand capacity for select nodes or links, leading to resource wastage. For instance, 70% of traffic from enterprise branch 1 is directed to the primary data center in Beijing, with 20% to the backup data center in Beijing, and 10% to the data center in Shanghai. Over time, the primary data center's capacity expands continuously, leaving resources at the other two centers idle. Furthermore, the construction of cloud data centers escalates traffic between enterprise and cloud data centers, exacerbating resource imbalances. Effectively balancing cloud-network resource utilization presents a significant challenge for WANs.

Unbalanced traffic distribution

Challenge 4: During the cloud era, the volume of network connections surges exponentially, leading to complex and challenging maintenance tasks.

Traditional O&M methods lack end-to-end automation capabilities, relying instead on passive responses to customer complaints. The manual process of fault locating, troubleshooting segment by segment, and adjusting paths consumes significant time and labor, leading to inefficient O&M practices. Moreover, advancements like the Internet of Things (IoT) and 5G have spurred the proliferation of various smart devices and applications. As a result, enterprise access terminals have evolved from single office PCs to diverse smart devices, increasing their quantity exponentially. These smart devices, facilitating functions like video surveillance and drone inspections, greatly enhance enterprise productivity. However, the surge in terminal connections diversifies services and complicates network connections, presenting formidable challenges to traditional O&M approaches. Addressing how to enhance O&M efficiency and implement intelligent O&M becomes imperative for WANs.

Traditional O&M modes

To tackle these challenges, the CloudWAN solution is introduced as a next-generation, agile, intelligent, and secure WAN solution. Based on IPv6 Enhanced, this solution serves as a digital infrastructure intelligent foundation, incorporating key technologies like SRv6, network slicing, intelligent cloud-map algorithms, and In-situ Flow Information Telemetry (IFIT).

What Are the Key Capabilities of the CloudWAN Solution?

The CloudWAN solution integrates essential technologies like SRv6, network slicing, an intelligent cloud-map algorithm, and IFIT. It leverages iMaster NCE-IP for centralized control and management to automate the deployment of enterprise cloud services, ensure SLA compliance for critical services, optimize network traffic intelligently, visualize services, enable rapid O&M, and provide additional functionalities. The solution delivers the following core features:

Intelligent Connectivity

The CloudWAN solution facilitates the establishment of a cloud WAN backbone network, linking various cloud resources and enterprise sites via cloud PEs and network PEs, respectively. Utilizing SRv6, it surmounts operational obstacles and enables flexible cloud-network connections, addressing the time-consuming nature of service cloudification due to multi-level cross-domain collaboration. Services are automatically provisioned through iMaster NCE-IP, requiring configurations solely on the enterprise and cloud ends, enabling service provisioning within minutes. Moreover, the CloudWAN solution accommodates diverse user service cloudification needs. For instance, bank services may require access to different clouds, office services may need migration to public clouds, and production services may necessitate migration to industry clouds. It enables the creation of cloud paths with varying latency and bandwidth tailored to different services, ensuring SLA adherence. Cloud paths are configured for services rather than nodes or ports, facilitating swift and agile access to cloud services and implementing cloud access alongside network access.

Differentiated cloud paths of the cloud WAN backbone network

Deterministic Experience

The CloudWAN solution employs hierarchical slicing technology to partition a physical network into multiple slices, allowing one network to support multiple services. For instance, control, video, and office slices are dedicated to control, video, and office services, ensuring complete security isolation between production and office services, precise SLA assurance, and a deterministic service experience.

Hierarchical slicing

Unified O&M

The CloudWAN solution leverages IFIT for monitoring service SLAs, facilitating automatic identification of disconnection faults. Real-time collection of over 80,000 network KPIs enables comprehensive awareness of service quality and visualization of network-wide service SLAs, covering parameters such as latency, jitter, packet loss, and perceived bandwidth. Using knowledge graph algorithms, it intelligently correlates extensive network data, often fragmented and discrete, with historical fault information to predict network anomalies, significantly reducing root cause identification time from days to minutes. Moreover, proactive identification of numerous typical network risks achieves a success rate of 90%, up from 60%.

Intelligent O&M

Secure Services

The CloudWAN solution offers comprehensive security protection across the forwarding, protocol, and control planes. In the forwarding plane, it supports the high-performance IPsec subcard VSUI-100 and the GE/10GE/100GE full-rate MACsec subcard for encrypting critical services. These subcards are available on demand, reducing customer Capital Expenditure (CAPEX). For the protocol plane, it supports the Topology-Independent Loop-Free Alternate (TI-LFA) mechanism to safeguard any-topology networks, with protection switching within 50 ms ensuring uninterrupted service in the event of faults. In the control plane, devices incorporate mechanisms such as multi-level CPU-CAR and BGP FlowSpec anti-DDoS to defend against external attacks.

Secure services

Architecture of the CloudWAN Solution

The CloudWAN solution's overarching architecture comprises the management and control layer, virtual network layer, and physical network layer, as shown in the following figure.

Overall architecture of the CloudWAN solution

Management and Control Layer

The CloudWAN solution utilizes the iMaster NCE-IP platform for automated and intelligent management and control of both the virtual and physical network layers. iMaster NCE-IP employs telemetry and BGP-LS technologies to gather real-time network topology, link, and service information. It conducts comprehensive analysis of network quality and traffic data, presenting awareness data such as network topology, device health, protocol status, and service experience via graphical user interfaces (GUIs), facilitating visualized network management and operations. iMaster NCE-IP offers the following key capabilities:

• Management Capabilities: It delivers traditional management functions for device configurations, alarms, performance monitoring, links, and Quality of Service (QoS), along with automated end-to-end service provisioning for traditional networks.

• Control Capabilities: It provides Software-Defined Networking (SDN)-oriented control functionalities. Leveraging the NETCONF/YANG model, SRv6 network programmability, and SDN path computation, iMaster NCE-IP computes optimal forwarding paths and swiftly deploys service configurations.

• Analysis Capabilities: It offers real-time data collection, status perception, in-depth analysis, and intelligent prediction for network traffic and performance. Utilizing big data analytics and IFIT, iMaster NCE-IP proactively identifies faults, detects potential risks, and issues warnings.

Virtual Network Layer

The CloudWAN solution facilitates the virtualization of a physical network into multiple network slices, each capable of supporting one or more services. While these slices share physical network devices and links, the services and bandwidth resources within each slice remain isolated and independent from others. Logical service isolation within each network slice can be achieved using different EVPN instances.

Enterprise services, such as production, office, video, and internet access, often have distinct network SLA requirements. During service planning, enterprises can assign different services to separate network slices, thereby implementing logical and bandwidth isolation between services to ensure optimal application performance.

Physical Network Layer

Designed for backbone networks linking enterprise campuses and clouds, the CloudWAN solution connects subnets, campuses, traditional data centers, public clouds, and private clouds. Typically, the backbone network adopts a hierarchical design comprising core, aggregation, and access layers. Alternatively, smaller networks may adopt a flattened design consisting only of core and access layers. To ensure network reliability, a dual-plane design is employed, where each site incorporates two devices interconnected in a single-homed networking mode.

From a functional perspective, network devices include:

• Network PE: Responsible for network and user access, connecting to lower-level subnets or campus networks.

• Cloud PE: Facilitates access to public clouds, private clouds, and cloud data centers.

• P: Provides high-speed connections between cloud and network PEs.

Key Technologies Used in the CloudWAN Solution

SRv6 for Network Automation

The CloudWAN solution achieves agile service cloudification and fulfills diverse SLA requirements through the introduction of iMaster NCE-IP and SRv6.

SRv6, built on native IPv6, incorporates Segment Routing's network programming capability. SRv6 TE Policy utilizes Segment Routing's source routing mechanism to direct packet forwarding based on a predefined list of segments. With iMaster NCE-IP and SRv6 TE Policy, manual intervention is eliminated in provisioning end-to-end services during enterprise cloudification. This allows configuration processes to be entirely cloud and SDN-based. iMaster NCE-IP can swiftly generate cloud paths tailored to various service quality, latency, and bandwidth requirements specified by enterprises, ensuring rapid deployment of cloud services.

Network Slicing for Deterministic SLA Assurance

The CloudWAN solution employs hierarchical slicing to create multiple logical networks over a single physical network, ensuring multi-service transport and deterministic SLA assurance. Network SLAs, focusing on latency and bandwidth, are effectively managed and guaranteed by network slicing to protect critical services.

To establish network slices, interface forwarding resources need to be partitioned within the physical network. The CloudWAN solution utilizes Flexible Ethernet (FlexE) as the resource partitioning technology, organizing physical interface resources based on timeslots for flexible and precise interface management. FlexE divides high-bandwidth physical interfaces into several sub-channel interfaces (FlexE interfaces) through timeslot resource pools. Each FlexE interface operates as a standalone physical interface, with its bandwidth resources securely isolated from other FlexE interfaces. Following the division of physical interfaces using FlexE across network devices, network slicing is implemented at the physical layer.

Intelligent Cloud-Map Algorithm for Resource Utilization Enhancement

The CloudWAN solution incorporates the intelligent cloud-map algorithm, utilizing iMaster NCE-IP to gather network-wide data like path latency and bandwidth. It computes end-to-end optimal forwarding paths based on this data and directs traffic accordingly. Additionally, the algorithm factors in cloud pool load conditions alongside network parameters such as bandwidth and latency. Leveraging SRv6 and SDN technologies, it swiftly aligns and assigns services to suitable cloud pools.

Although the path calculated by the intelligent cloud-graph algorithm may not be the shortest physically, it's chosen as the optimal cloud migration path based on various network and cloud factors. Network aspects encompass bandwidth, reliability, and latency, while cloud elements include cost, computing capabilities, and resource usage. iMaster NCE-IP systematically computes diverse service paths across different cloud pools and identifies the best cloud migration path and service cloud pool based on data collected by the cloud management platform.

IFIT for Closed-Loop Intelligent O&M System

Through IFIT, the CloudWAN solution facilitates the visualization and management of service experience by directly measuring network performance indicators like latency, packet loss rate, and jitter. This is achieved by adding IFIT headers to real service packets, which are then reported in real-time to iMaster NCE-IP using telemetry. iMaster NCE-IP displays network performance indicators via its GUI, enabling real-time visualization of network SLAs. Moreover, IFIT allows the restoration of the actual forwarding path of packets after deployment on the network. With telemetry enabling rapid data collection, network faults can be promptly identified and automatically rectified, establishing a closed-loop intelligent O&M system.

Successful Applications of the CloudWAN

The CloudWAN solution has been successfully implemented across various sectors including government, finance, transportation, electric power, and ISP industries.

1. 1. Smart Government Network for the Government Sector: In Argentina, a company utilizes the CloudWAN solution to construct an intelligent backbone network for multi-level governments. This resolves issues related to slow service provisioning, poor user experience, and challenging O&M in the e-Government network, ensuring robust network support for government services.

2. 2. Financial DCI Backbone Network for the Financial Sector: A bank in Germany employs the CloudWAN solution to connect its financial data centers, enhancing service efficiency and supporting its financial technology strategy. The solution enables the bank to transition from single-cloud to multi-cloud data centers, ensuring agile and stable financial services provisioning.

3. 3. Intelligent Railway Cloud-Network for the Transportation Sector: A railway company in Spain adopts the CloudWAN solution to establish a reliable and flexible operational communication network, facilitating the digital transformation of railway data networks. The solution leverages intelligent O&M and slicing technologies to ensure service isolation and reliability.

4. 4. Electric Power Production Network for the Electric Power Sector: An electric power company in Malaysia upgrades its substation and branch infrastructure using the CloudWAN solution to replace the existing SDH network. The upgraded network guarantees high reliability and bandwidth, simplifies service provisioning, and ensures optimal user experience.

5. 5. IP Converged Transport Network for ISP: In the Philippines, an ISP facing challenges of device and link overloads implements the CloudWAN solution to provide customers with an IP converged transport network. The solution, featuring SRv6, network slicing, and IFIT technologies, offers ultra-high bandwidth, deterministic SLAs, and intelligent O&M for efficient network upgrade and service provisioning.