Segment - corporate data networks, Huawei equipment testing report
Recently, our customers have shown an active interest in Huawei equipment. The most popular questions among them are related to the compliance of the Huawei equipment with the characteristics declared by the manufacturer and its compatibility with the equipment of other manufacturers common in the Russian market.
Responding to the frequent requests, we launched a number of programs for testing Huawei equipment in our own laboratory, following which we will publish reports, expert notes and evaluations. The first sign in this direction was a report on testing the line of equipment (switches and routers Huawei), positioned by Huawei for use in corporate data networks, which we bring to your attention today.
A summary of the tests performed:
The detailed report prepared in July 2014, with a description of the tests, diagrams and results is given below. We hope that it will help everyone to get answers to the bulk of questions about the line of Huawei equipment, positioned for corporate data networks, and also save time on researching this issue.
')
This document contains information about testing Huawei equipment for the organization of WAN and LAN segments of corporate networks, conducted by Jet Infosystems.
The document includes:
Testing was conducted to assess the possibility of using Huawei equipment in the creation of distributed corporate data networks.
In the process of testing the following tasks were solved:
At the stand, a typical distributed corporate network was modeled as follows:
Table 1. List of stand equipment
Figure 1. Booth layout
Figure 2 OSI Model Level 3
Figure 3 VPN Routing and Organization
Table 2 List and test results
The testing program is passed correctly for all parameters being checked. Based on the test results, it can be concluded that the Huawei equipment complies with the declared functionality necessary for building corporate LAN and WAN networks.
It is recommended to purchase technical support from the manufacturer, which will allow to make software updates and open requests for service support if necessary.
The scalability of WAN networks in this test was not considered, they require a separate study or test practice (time convergence, the number of supported tunnels, performance).
Responding to the frequent requests, we launched a number of programs for testing Huawei equipment in our own laboratory, following which we will publish reports, expert notes and evaluations. The first sign in this direction was a report on testing the line of equipment (switches and routers Huawei), positioned by Huawei for use in corporate data networks, which we bring to your attention today.
A summary of the tests performed:
- the functionality of the tested equipment fully complies with the declared one;
- equipment is compatible with devices from other manufacturers.
The detailed report prepared in July 2014, with a description of the tests, diagrams and results is given below. We hope that it will help everyone to get answers to the bulk of questions about the line of Huawei equipment, positioned for corporate data networks, and also save time on researching this issue.
')
annotation
This document contains information about testing Huawei equipment for the organization of WAN and LAN segments of corporate networks, conducted by Jet Infosystems.
The document includes:
- stand description;
- test plan;
- test results;
- conclusions, conclusions and recommendations.
Goals and objectives of testing
Testing was conducted to assess the possibility of using Huawei equipment in the creation of distributed corporate data networks.
In the process of testing the following tasks were solved:
- check of the functioning of switching technologies in the LAN, including compatibility with equipment from other manufacturers (in this test with equipment from Cisco Systems);
- functional check in LAN services DHCP, VRRP;
- functional check in LAN services required for the implementation of IP-telephony: LLDP, POE;
- check of the functioning of dynamic routing protocols in the WAN, including the interaction with the equipment of other manufacturers (in this test with the equipment Cisco Systems);
- checking the functioning of QOS mechanisms in terms of traffic marking and traffic shaping in LAN and WAN;
- testing the performance of tunnel encryption using the IPSec protocol;
- check the functioning of the protocol Huawei DSVPN;
- check of functioning of mechanisms for ensuring fault tolerance for wireless interfaces in connection tasks of remote branches.
Stand description
At the stand, a typical distributed corporate network was modeled as follows:
- central office;
- remote office with duplicate connection to a wired provider;
- remote office with a backup channel via wireless networks.
The list of equipment involved in the tests
Table 1. List of stand equipment
| Device | Model | Firmware version | Network role | Qty |
| Router | AR2204 | V200R005 | Central Office Edge Router | 2 |
| Router | AR201 | V200R005 | Remote Office Border Router | 2 |
| Router | AR207G-HSPA + 7 | V200R005 | Remote Office Border Router with Wireless Backup Channel | one |
| Switch | S2700-9TP | V200R005 | Endpoint Device Switch | one |
| Switch | Cisco3750 | Auxiliary equipment | one | |
| Switch | Cisco2950 | Auxiliary equipment | 2 |
Stand layout
Figure 1. Booth layout
The diagram at the third level of the ISO / OSI model is shown in Figure 2.
Figure 2 OSI Model Level 3
A diagram of the organization of routing and VPN is presented in Figure 3.
Figure 3 VPN Routing and Organization
The list and test results
Table 2 List and test results
| Test number | Checked functionality | Equipment | Description | Result | Notes |
| one | Checking the operation of switching protocols on Huawei equipment | AR201, S2700-9TP, Cisco3750 | Check 802.1q operation. Connecting two switches using 802.1q, test PCs connected to the access ports of the switches. Checked the ability to transfer data when connecting to ports belonging to the VLAN allowed on the trunk-interfaces. | Passed | In Huawei, by default, all VLANs are prohibited in the "trunk". |
| 2 | 2 - AR201, S2700-9TP | RSTP operation check Assembled "triangle" of two AR201 and S2700. From the test PC connected to the S2700, the availability of the SVI AR201 was checked using the ping command, by disconnecting one of the channels, and a topology reorganization was initiated. The adjustment time was checked by estimating packet losses and analyzing event logs on the equipment. Correct consider the time adjustment not more than 3 seconds. | Passed | According to the data from the event log, the rebuilding of the STP topology occurs in 0.5 seconds (one icmp-packet was lost). Implementation Features: RSTP is enabled by default on Huawei routers, disabled on the switch (in the basic configuration). Since PVST is a proprietary Cisco protocol that is not supported by Huawei, the STP process for all VLANs created on the switch is the only one. To separate VLANs across different STP processes, you must use the MST protocol. | |
| 3 | AR201, S2700-9TP, Cisco3750 | Check MSTP operation. The same method as for RSTP, but instead of one of the AR201, catalyst 3750 was used. 3 MSTP instances were configured. For each MSTP instance, a separate switch acted as root. The adjustment time was checked by estimating packet losses and analyzing event logs on the equipment. We consider the adjustment time to be no more than 3 seconds to be correct. | Passed | The test passed correctly. According to data from the event log, the rebuilding of the STP topology occurs in 0.5 seconds. | |
| four | 2 - AR201, S2700-9TP, Cisco3750 | Check 802.3ad operation. Testing was conducted by organizing a Port-Channel between two AR201, AR201 and Cisco 3750, AR201 and S2700. To create the load, iperf and ping were used. The switching of the stream was checked when the channel included in the aggregated group was disconnected. In addition, the embedded software checked the status of the aggregated channels under different LACP operation modes. | Passed | Tests successfully passed for all LACP modes. | |
| five | Testing dynamic routing protocols | 2 - AR201, S2700-9TP, Cisco3750 | Check BGP operation. All devices of the basic scheme were involved in building a system with dynamic BGP routing. Between mo1-wr01 and mo1-wr02, as well as ro1-wr01 and ro1-wr02 EBGP. Ro1-wr0 (1/2) announced internal networks, with mo1-wr0 (1/2) the addresses of the PC connected to ro1-sw01 were announced, the availability of remote networks was checked. | Passed | When working, consider the difference between the AD parameter of routing protocols on Cisco and Huawei equipment. |
| 6 | 2 - AR201, S2700-9TP, Cisco3750, 2 - AR2204 | OSPF operation check. All routers were placed in OSPF AREA 0, the time of convergence was studied when the physical topology was changed, the choice of route was fixed by manipulating the cost parameter. | Passed | ||
| 7 | 2 - AR201, S2700-9TP, Cisco3750, 2 - AR2204 | Checking the operation of BGP + OSPF (redistribution on Huawei equipment). A typical corporate network-WAN interface was modeled, OSPF was used as an internal protocol, BGP was used as an external protocol, route exchange (redistribution) was configured between protocols, and the availability of networks from different OSPF domains through the BGP segment was used to evaluate the correctness of the operation. | Passed | ||
| eight | Check switching to a wireless backup channel | AR201, Cisco3750, AR2204 | For the router, two channels were connected to the Internet, the main one - using wired channels, the backup one - through a wireless interface (3G). The preservation of access to external networks was checked when the main channel was disconnected. | Passed | |
| 9 | Check of work of the Huawei DSVPN protocol | 2 - AR201, Cisco3750, 2 - AR2204 | Basic DSVPN health check. The connection of conditional remote offices to the central one using the DSVPN protocol was organized, the availability of internal networks through tunnels was checked. | Passed | Access through tunnels works correctly. |
| ten | 2 - AR201, Cisco3750, 2 - AR2204 | Validation of DSVPN reservation. The test was to measure the switching time from the main to the backup DSVPN tunnel, the switching time up to 10 seconds is considered valid. | Passed | When using standard parameters (hello-interval peer'a), switching occurs within 5-7 seconds. | |
| eleven | Check the interaction of offices with regard to encryption in tunnels | 2 - AR201, Cisco3750, 2 - AR2204 | Verifying DSVPN operation using IPSec. The criterion for the correct operation was the availability of internal networks through tunnels with IPSec encryption enabled in DSVPN tunnels. | Passed | |
| 12 | Checking the interaction of offices, when connecting via 3G using NAT | AR207G-HSPA + 7, AR2204 | Verifying DSVPN operation using NAT and IPSec. The criterion for correct operation was the availability of internal networks through DSVPN tunnels when connecting remote offices via 3G with private IP addresses and a central office with public IP. | Passed | When connecting remote offices with the assignment of private IP-addresses is broadcast (NAT). GRE traffic that uses DSVPN is not broadcast, so I used IPSec with NAT traversal, within which GRE (DSVPN) was transmitted. |
| 13 | Verify support for IP telephony health services | S2700-9TP | Check PoE operation. To test the connection, the Avaya IP phone was connected to the s2700 switch port, the presence of the user auto-detection and the correctness of the required power were checked. | Passed | lldp is on by default and the requested power consumption is correctly processed, the required power is determined correctly. |
| 14 | S2700-9TP | Verification of the definition of a voice device with the location in the desired VLAN. A voice VLAN connection from the Jet network was organized. An access port (access VLAN + voice VLAN) was configured on the switch port. A PC and a telephone were connected to the port. As a check, the correctness of the assignment of the PC address and the placement of the phone in the required VLAN were assessed (buzzer presence check). | Passed | ||
| 15 | QoS validation check | S2700-9TP, AR201 | Checking QOS marking performance on Huawei switches. A traffic flow was organized from the PC connected to the switch, which was marked on the incoming port of the switch. On the router connected to the outgoing port of the switch, the firmware of the software made a traffic dump followed by checking the preservation of marking. | Passed | Traffic is labeled correctly. |
| sixteen | AR201, S2700-9TP | Checking the operation of the QOS marking on the Huawei router. The validation process evaluated the correctness of 802.1p (l2) -> dscp (l3) remarking. | Passed | Traffic is labeled correctly. | |
| 17 | AR201, S2700-9TP | Checking the operation of QOS priority queues on Huawei routers. To check the channel loading was organized by generating parasitic traffic from a PC using iperf. With prioritization disabled, the packet loss during the ping command is up to 50%. Then, the quality of communication was evaluated with prioritization enabled. Expected result - when prioritization is enabled, normal packet flow is ensured. | Passed | ||
| 18 | Checking the work of ip services | 2 - AR201, S2700-9TP, Cisco3750 | Verifying VRRP operation. VRRP is configured between AR201 routers, a switching check was performed when the uplink (tracking) state was changed. | Passed | Check passed correctly. There is no possibility to configure delay preempt after rebooting the device. |
| nineteen | AR201, S2700-9TP | Checking the operation of dhcp. The dhcp server was the AR201 router, the test PC was connected both directly and through the switch, the correspondence of the received address to the settings of the VLAN connection port was checked, the correctness of the requested dhcp options was checked by packet analysis using wireshark. | Passed | Verification passed correctly / |
Conclusion
- Switching protocols required for building typical corporate networks - 802.1q, RSTP, MSTP, 802.3ad, are fully supported.
- When testing the routing work, there were no flaws. When interacting with equipment from other manufacturers, differences in the administrative-distance parameters of the routing protocols should be taken into account.
- DSVPN functionality works correctly, redundancy works correctly for both wired and wireless channels.
- In terms of POE support, the equipment works correctly, the functionality required to support IP telephony is fully present.
- QOS functional checked works correctly.
- DHCP and VRRP services work correctly.
- During testing, problems were identified with the operation of a number of functions and protocols that were corrected by applying a new firmware version to the equipment.
findings
The testing program is passed correctly for all parameters being checked. Based on the test results, it can be concluded that the Huawei equipment complies with the declared functionality necessary for building corporate LAN and WAN networks.
It is recommended to purchase technical support from the manufacturer, which will allow to make software updates and open requests for service support if necessary.
The scalability of WAN networks in this test was not considered, they require a separate study or test practice (time convergence, the number of supported tunnels, performance).
Source: https://habr.com/ru/post/235345/
All Articles