How does the HUAWEI SDWAN solution to identify particular applications?

Created: Feb 19, 2020 03:00:35Latest reply: Feb 19, 2020 15:02:15 130 5 0 0
  Rewarded HiCoins: 0 (problem resolved)

Hello everyone!


Can someone inform me how Huawei's SD-WAN Solution identifies certain particular applications ...? If you do it with signatures? Port analysis or network behavior? Etc ...


Thanks and regards!

Andres


  • x
  • convention:

Featured Answers

Recommended answer

jason_hu
Admin Created Feb 19, 2020 03:37:19 Helpful(1) Helpful(1)

Hello@UY_CDM,

About Huawei SD-WAN solution you can visit the link:https://support.huawei.com/hedex/hdx.do?docid=EDOC1100087627&id=EN-US_TOPIC_0195157857&lang=en

About understanding signature identification fundamentals you can visit the link:https://support.huawei.com/hedex/hdx.do?docid=EDOC1100019684&id=EN-US_TOPIC_0121574580&lang=en

Hope to help you! If you have any problems, please post them in our Community. We are happy to solve them for you!

  • x
  • convention:

All Answers
sohaib.ansar
sohaib.ansar MVE Created Feb 19, 2020 03:27:31 Helpful(1) Helpful(1)

Hi User,

The Huawei SD-WAN connects all nodes of an enterprise network. Branches can connect to other branches, to headquarters, to data centers, and to the cloud. The software of the SD-WAN is application-aware and accomplishes intelligent traffic steering of application traffic. Such traffic is sent on an optimal path across the network links depending on the way bandwidth is currently being used.

There are three layers to Huawei SD-WAN. At the top, there is the service presentation layer. Below that is the network orchestration and control layer. At the bottom is the network connection layer.

https://www.sdxcentral.com/wp-content/uploads/2019/11/Huawei-SD-WAN-Arch.jpg

The Huawei SD-WAN Architecture depicting its three layers. Source: Huawei

Service Presentation Layer

This layer is where network administrators perform end-to-end service configuration and processing of the SD-WAN. Huawei developed the dashboard, which is meant for carriers, managed service providers, and large enterprise customers (who are likely to have large IT staffs capable of self-managing the SD-WAN). The service presentation layer has open APIs that integrate the Huawei SD-WAN to third party portals, application stores, and any operations support system (OSS) or business support system (BSS).

Network Orchestration and Control Layer

The Huawei Agile Controller-Campus (AC-Campus) handles most of the functions in the Network Orchestration and Control Layer. Through it, traditional CPEs, universal CPEs (uCPEs), and virtual CPEs (vCPEs) are uniformly managed through the southbound HTTP 2.0 channel and NETCONF. The AC-Campus also has control over virtual overlay networks and can automatically deliver services. To communicate with the service presentation layer, the controller uses the northbound RESTful interfaces.

In the case of third-party value-added services (VASs) in a uCPE, a third-party element management system (EMS) can be integrated into the AC-Campus.

The virtual Route Reflector (vRR) is also in this layer and creates VPN route and tunneling information. This is done on-demand and is for securely connecting CPEs anywhere in the SD-WAN based on VPN topology policies as defined by network admins.

Network Connection Layer

The Network Connection Layer allows the various types of CPEs to act as gateways. Traditional CPEs or uCPEs can be used by enterprise headquarters and branches to connect to the SD-WAN. In other words, a CPE or uCPE connects enterprise locations to other enterprise locations. A vCPE is used as a gateway to public and private clouds. For branch gateways, MPLS, internet, and LTE links can be combined in multiple ways when connecting to the headquarters, data center, or clouds.

hope this answer helps you.

  • x
  • convention:

jason_hu
jason_hu Admin Created Feb 19, 2020 03:37:19 Helpful(1) Helpful(1)

Hello@UY_CDM,

About Huawei SD-WAN solution you can visit the link:https://support.huawei.com/hedex/hdx.do?docid=EDOC1100087627&id=EN-US_TOPIC_0195157857&lang=en

About understanding signature identification fundamentals you can visit the link:https://support.huawei.com/hedex/hdx.do?docid=EDOC1100019684&id=EN-US_TOPIC_0121574580&lang=en

Hope to help you! If you have any problems, please post them in our Community. We are happy to solve them for you!

  • x
  • convention:

Popeye_Wang
Popeye_Wang Admin Created Feb 19, 2020 03:46:18 Helpful(2) Helpful(2)

Hello,

SD-WAN application identification can be implemented in two modes: first packet identification (FPI) and service awareness (SA)

sd-wan

FPI

FPI can identify the application type at the first data flow of an application. It can quickly identify applications, and is mainly used for SaaS applications with fixed destination addresses or ports.


SA

SA performs deep packet analysis and accurately identifies common applications based on the characteristics in application payloads.


When a packet reaches the application identification module, the FPI is performed. If an application can be identified through the first packet, the SA is no longer performed. If the application fails to be identified, the SA is performed.

For the FPI and SA, the FPI signature database and SA signature database are preconfigured on CPEs. The CPEs can identify common applications based on the application definition (port, feature, and behavior) in the signature database. In addition, the FPI and SA also support customized applications, so that users can customize special applications.

  • x
  • convention:

umaryaqub
umaryaqub Created Feb 19, 2020 04:34:52
Thanks for sharing this.  
UY_CDM
UY_CDM Created Feb 19, 2020 15:02:15 Helpful(0) Helpful(0)


275/5000
The method was already clear to me, what is not very clear to me is how I add my particular application to the signature database.

I enclose a document that also explains how the issue of signing works, see pages 126 to 129 (and others ..)
https://support.huawei.com/enterprise/es/doc/EDOC1100109087

Regards
Andres
  • x
  • convention:

Partner%20VAP%20en%20Uruguay

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login