SD-WAN Design Practice (FSI Scenarios)

Foreword
⚫ In today's world, people's production and consumption activities are closely related to
finance, and digitization of the financial services industry (FSI) becomes more important
than ever.
⚫ Ever-changing service types and external environments, such as cloud and lightweight
services, pose new requirements on financial services.
⚫ Financial services constantly change, raising new challenges to networks. In response,
Huawei offers the SD-WAN Solution to meet new requirements of financial WANs.
⚫ This course describes typical networking modes and design schemes of Huawei SD-WAN
Solution in the FSI (banks).

1 Huawei Confidential

• This course is based on Huawei SD-WAN Solution.

 Objectives

⚫ On completion of this course, you will be able to:

 Describe typical services in the FSI.
 Describe the ICT development trend of the FSI (banks).
 Understand the network architecture of the FSI (banks).
 Describe how to design SD-WAN networks in the FSI (banks).

2 Huawei Confidential
 Contents

1. FSI Background
◼ FSI Overview

▫ ICT and Network Development Trends of the FSI

2. Overall SD-WAN Design

3. SD-WAN Design Cases

3 Huawei Confidential
 Brief History of the FSI

The Bank of England

established in 1694
was the world's first
joint-stock bank.

In the 20th century,

The Bank of Venice in
Wall Street gradually
Italy was the first bank
became a global
in the world.
financial center.

4 Huawei Confidential

• The FSI began with treasure deposits and loans provided by temples of Babylon
as early as 2000 BC and Greek temples in the 6th century BC.

• In the years from the 3rd century BC to the 3rd century AD, silver coinage
merchants and bank-like commercial organizations came into being in ancient
Athens and Rome.

• In Europe, modern banks were originated from currency exchange and goldsmith
services, the first of which was the Bank of Venice in Italy (established in 1580).

• The world's first joint-stock bank, the Bank of England, was established in 1694,
which determined a basic form of organizations for the modern FSI.
 Classification and Functions of the FSI

FSI
A special industry that
operates financial
commodities
Banking Insurance Trust Securities Lease

Finance is the core of modern economy.

Macro economy Micro economy

Market Finance is an important lever to regulate

the macro economy.
Finance

Government Finance is a combination point of market

and government activities.

5 Huawei Confidential

• The FSI connects all aspects of national economy. Meanwhile, financial means,
such as interest rate, exchange rate, credit, and settlement, have direct influence
on micro-economic entities.

• Finance is related to the economic sovereignty and wealth control of a country,

and plays an important role in maintaining economic growth and national
interests as well as serving the real economy and citizens.

• Finance is not only the core of modern economy, but also the core of modern
politics and modern society.

• Banking: Banks are financial institutions that offer financial services, such as
deposits, loans, remittances, and savings, and also serve as credit intermediaries.

• Insurance: is a means of protection from financial loss. It is a form of risk

management, primarily used to hedge against the risk of a contingent or
uncertain loss.

• Trust: A trust company is a legal entity that acts as a fiduciary, agent, or trustee
on behalf of a person or business for a trust. A trust company is typically tasked
with the administration, management, and the eventual transfer of assets to
beneficiaries.
• Securities: The securities sector is engaged in securities issuance and transaction,
and consists of stock exchanges, securities companies, securities associations, and
other related financial institutions.

• Lease: A lease is a contractual arrangement calling for the lessee (user) to pay
the lessor (owner) for use of an asset.
 Overview of Banking Services
Banking service categories

Account, Channel services Individual Corporate Financial market

customer, and banking services banking services
card services
• Channels for • Individual savings • Corporate savings • A market where
• Individual/Corporate delivery of banking • Individual loans • Corporate loans fund suppliers and
account services, including • Individual • Corporate demanders conduct
• Nominated brick-and-motor intermediary intermediary transactions,
account/Common banking, e-banking, services services investments, and
account self-service banking, financing
• Individual/Corporate online banking, etc.
card

Currently, banks leverage ICT technologies to boost economic growth and promote social
development and transformation.

7 Huawei Confidential

• This course uses the banking sector as an example to describe ICT construction
requirements of the FSI.

• Based on bank functions and architecture, a bank is broken up into three parts:
front office, middle office, and back office.

▫ The front office is responsible for service development. It is directly oriented

to customers and provides one-stop and all-round services for customers.
Bank tellers, account managers, and lobby managers are all front office
personnel.

▫ The middle office is responsible for formulating service development

policies and strategies by analyzing the macro market environment and
internal resources, providing professional management and guidance for
the front office, and controlling risks.

▫ The main responsibilities of the back office are to support and process
services and transactions, including accounting treatment, IT support, and
call center. It is also responsible for centralized loans approval.
 Contents

1. FSI Background
▫ FSI Overview
◼ ICT and Network Development Trends of the FSI

2. Overall SD-WAN Design

3. SD-WAN Design Cases

8 Huawei Confidential
 Current ICT Situation of the FSI (Banks)
Financial innovation based on ICT Relatively comprehensive information
Preliminary data centralization
technologies security system

HQ
Settlement Securities Online banking HQ/Branch
system system system
Database encryption

WAN
Bank ICT system
Three DCs in two cities
Level-1 branch Level-1 branch

Branch front- Branch front-

end system end system
Network security
Online banking Online banking
interface interface Mobile Online Self-service
banking banking banking
• Most core data and back office service data • A nationwide real-time settlement network • Hierarchical information security
are sent to the HQ DC. is built. management is implemented.
• Service supervision is strengthened to • New service channels are vigorously • A basic security protection system is
ensure data security. adopted, including self-service, telephone, constructed.
online, and mobile banking.

9 Huawei Confidential

• The goals of ICT construction of banks are more than to computerize service
operations. More importantly, there are two other goals. One is to build and
improve a financial risk control mechanism by integrating technological
transformation with institutional transformation, and the other is to reshape
service models and processes by adopting ICT technologies.
 ICT Trend of the FSI (Banks)
Lightweight finance Scenario-specific finance Personalized service

• The rise of Internet finance promotes • Construction of financial clouds lays a • User big data mining promotes
lightweight transformation of banks. foundation for scenario-specific finance. personalization of financial services.
• Financial services are provided mainly • Complex, holistic financial services will not • Based on large amounts of customer data,
through technical means, but not via heavy occur on their own, but as part of daily life. banks integrate and analyze data, create
assets such as human resources and venues. customer profiles, fully understand customer
requirements, and customize financial
services for customers.

Brick-and- Self-service Online banks Rental loans Vehicle loans Electronic Toll Personalized Personalized financial
mortar outlets outlets Collection (ETC) consulting solutions

Causes of the ICT trends

• Competing with counterparts and financial

technology (FinTech) enterprises • Alleviating the pressure of the cost
• Coping with the shrink of interest rate increase and improving the
differentials due to changes in the macro- operational efficiency
Improved service Lower investment costs
economic environment
competitiveness

10 Huawei Confidential

• FinTech is the technology and innovation that aims to compete with traditional
financial methods in the delivery of financial services.

• Based on the FinTech revolution, digital banking and mobile finance that focus
on services and experience gradually change the service model of banks, create
new growth points of digital finance, and play an increasingly important role in
bank services.

• Big data, AI, IoT, and cloud computing technologies also provide new technical
engines for bank outlets to implement full-link evolution from perspectives of
customer management, process reconstruction, risk prevention and control, open
ecosystem, and channel convergence.

• The ICT trends of finance and the causes of the trends pose great challenges to
financial WANs.
 Typical WAN Architecture of the FSI (Banks)
MSTP/SDH
Intra-city
Remote DR DC Active DC DR DC
DWDM
MSTP/SDH

DC node DC node
Service center
Core A
Call center Core B Core C
DC node
Aggregation
Card center node

HQ LAN
Settlement
center Aggregation Core layer
Aggregation
node
node
MSTP/SDH Aggregation layer MSTP/SDH
Branch service Level-1 branch Level-1 branch Branch service
area Internet Internet area
access access
Branch LAN area area Branch LAN

MSTP/SDH Internet MSTP/SDH

Level-2 branch Level-2 branch

Branch LAN Branch LAN

MSTP/SDH 4G/5G 4G/5G MSTP/SDH

Sub- Sub- Sub- Sub- Sub- Sub-
branch branch branch branch branch branch

11 Huawei Confidential

• Multi-DC disaster recovery (DR)

▫ Hierarchical design of the physical network ensures stability of the core

backbone network.

▫ Multiple DCs in multiple places are interconnected with each other over the
cloud through the core backbone network.

• Hierarchical WAN networking

▫ The tree network structure is used, and requires hierarchical network

construction and level-by-level traffic aggregation.

▫ East-west traffic diversion is prevented and link utilization is improved.

▫ Network O&M responsibilities are clarified to avoid cross-area

maintenance.

• Flat networking of outlets

▫ Abundant line resources allow densely located outlets in cities to directly

connect to branches, forming a flat network.

▫ Network construction and maintenance costs are reduced.

▫ The impact of the increase in line leasing costs on the overall cost needs to
be comprehensively considered.
 Current Situation of Financial (Bank) WANs
Distributed DCs Distributed service centers

Core backbone
network
⚫ The backbone network connects
Nationwide high-speed core backbone network
branches/sub-branches to DCs.

⚫ The traffic includes north-south traffic and only a MSTP/SDH

small amount of east-west traffic. Branch service

Branch access network

network
Level-1 branch Level-1 branch
⚫ One physical network carries all the office,
Branch LAN
production, and security protection services.
MSTP/SDH
⚫ Dual-device or single-device dual-uplink networking
is used, achieving traffic load balancing. Branch LAN Level-2 branch Level-2 branch Level-2 branch Level-2 branch

• Dual-device or single-device dual-uplink networking is MSTP/SDH/4G/5G

used, achieving traffic load balancing.
Sub- Sub- Sub- Sub- Sub-
• The uplink bandwidth is 20 Mbit/s, 10 Mbit/s, 6 Mbit/s, ATM ATM ATM
branch branch branch branch branch
or 4 Mbit/s, and the bandwidth utilization is 60%.

12 Huawei Confidential

• A financial (bank) WAN consists of the branch access network and core
backbone network .

• The branch access network transmits traffic from branches and sub-branches to
the core backbone network.

• The core backbone network transmits traffic from branches to the DCs or HQ,
and is also responsible for DC interconnection.
Current Situation of Financial (Bank) Branch Access Networks
Category Network Situation

1. The private line bandwidth is insufficient. The network bandwidth difference between level-2 branches is large, typically, in the range from 4
Mbit/s to 32 Mbit/s. Currently, the network bandwidth of sub-branches or outlets is 20 Mbit/s, 10 Mbit/s, 4 Mbit/s, or 2 Mbit/s. The average
bandwidth utilization exceeds 60%.
Network 2. Burst of heavy traffic affects key services. Video conferences and learning materials occupy a large high bandwidth in a short period of time.
bandwidth 3. Security protection occupies private line bandwidth. Banks need to view HD surveillance videos of outlets in real time (2 Mbit/s bandwidth is
required for one channel of videos). The bandwidth for transmitting a maximum of two channels of videos must be ensured.
4. The patch and virus library need to be updated periodically for terminal access, which occupies a large number of link resources.
5. Value-added service (VAS) traffic affects mission-critical services: The facial recognition service will also occupy private line link resources.

1. It is difficult to adjust policies in IP-based management mode. To adjust the service scope, banks need to manually modify policies at
multiple control points.
Network
2. CLI-based manual configuration results in complex policy deployment, and frequent network changes cause heavy configuration adjustment
policy
workloads.
3. Fragmented policy control is used, and E2E policy orchestration and streamlining from access points to DCs cannot be implemented.

1. No dedicated network maintenance personnel are available for a large number of branches. There is a small number of network
Network maintenance personnel of level-1 and level-2 branches.
O&M 2. Banks lack in fault locating methods. Terminals cannot access the Internet or the Internet access speed is slow. No quick fault locating
method is available. O&M personnel have to use the ping command to locate network faults segment by segment.

13 Huawei Confidential
 Challenges Facing Branch Access Networks Under New
Financial Trends
HQ DC
⚫ Branch access networks of banks face the
following challenges under new financial trends:
Backbone Flat
network networking
 Networks become flat.
Ubiquitous access
 Cloud services reshape bank WANs. Branch access
Level-1 branch network
 Diversified banking services make multi-service
transport a must. Level-2 branch

Multi-service
 Network complexity increases, and O&M costs Security risks 4G/5G transport

need to be reduced. MPLS/MSTP Video

conferencing
High network
 Network security risks increase. complexity
ATM

Security
Sub-branch Sub-branch protection

14 Huawei Confidential

• Currently, the business growth of brick-and-mortar bank branches is slowing

down, and banks' requirements for coverage of these branches are greatly
reduced. Brick-and-mortar branches seem to become operation burdens of
banks.

• Bank branches are undergoing an intelligent, digital, and lightweight

transformation. Driven by ICT technologies, brick-and-mortar branches break
financial service barriers, and well converge online and offline omni-channel
financial services. They gradually transform from purely transaction settlement
service nodes to service, experience, expansion, and marketing centers that
provide marketing and investment consulting services.

• Under this trend, banks' branch access networks face the following challenges:

▫ Networks become flat.

▪ Centralization of production services demands for flat networking.

▪ Public cloud private lines are introduced, requiring one-hop

connection to the cloud.
 ▫ Cloud services reshape bank WANs.

▪ Distributed deployment of banking services and emergence of multi-

cloud DCs enable the DCI network topology of bank WANs to evolve
to mesh interconnection.

▪ The development of cloud services requires bank WANs to provide

ubiquitous connections instead of covering only bank branches.

▪ Cloud-and-network synergy drives network revolution towards SDN.

▫ Diversified banking services make multi-service transport a must.

▪ Mixed service operations and cloud access of branches require the

access networks to provide multi-service transport and isolation
capabilities.

▪ Diversified services promote multi-network integration to implement

one network with two domains (financial and non-financial service
domains).

▪ Remote counter services based on video conferencing develop,

increasing network traffic.

• Network complexity increases, and O&M costs need to be reduced.

▫ Multiple types of links are introduced to carry multiple links, improving the
cost-effectiveness of purchasing links.

▫ The flattening trend leads to an increase in link fees, and the cloudification
leads to an increase in ubiquitous connections.

▫ The SDN technology introduced by the development trend of cloud-

network synergy implements unified O&M on the entire network.

▫ Network security risks increase.

▫ Increased intranet security risks

▫ IoT security risks introduced by smart devices and IoT devices

▫ Cloud-network-security synergy is difficult.

 Addressing Challenges Facing Financial Branch Access
Networks HQ DC
⚫ Using SD-WAN to address the challenges facing financial CPE CPE
Deploying iMaster
branch access networks: Service provisioning NCE-WAN in the HQ
through iMaster DC to control all CPEs
NCE-WAN, reducing Backbone
 Network flattening O&M costs network
Establishing IP overlay tunnels
◼ Establishing E2E IP overlay tunnels to enable one-hop service
Using technologies such as
IPsec, firewall, and IPS to connection to the cloud,
 Cloud services, reshaping bank WANs ensure service security of Level-1
flattening the network structure
unattended sites
branch
◼ One-hop connection to the cloud CPE CPE
 Multi-service transport
Level-2 VPN-based service
◼ Multi-VN isolation, and intra-VN traffic optimization based on CPE
branch isolation, and
applications application-based
4G/5G traffic optimization
 High O&M costs MPLS/MSTP Video
conferencing
◼ Centralized management and control by the controller
ATM
 Network security risks CPE CPE CPE
Security
◼ Technologies, such as IPsec, firewall, and IPS, ensuring network security Sub-branch Sub-branch protection

16 Huawei Confidential

• Financial networks have the following characteristics:

▫ Multiple DCs for disaster recovery

▪ At least two DCs are built.

▪ They communicate with each other at Layer 3, and learn routes from
and advertise routes to each other.

▪ They also provide data services and work in active/standby mode.

▫ Large number of outlets

▪ Generally, more than 1000 outlets on the live network need to be

centrally managed.

▪ Especially, large-scale enterprises generally have tens of thousands of

outlets.

▫ High performance of aggregation nodes

▪ With the increasing density of outlets in cities, carriers' line resources

are continuously enriched, and the fees are continuously reduced.
Outlets can be directly connected to branches.

▪ In this case, aggregation devices are required to provide forwarding

performance.
 Contents

1. FSI Background

2. Overall SD-WAN Design

◼ SD-WAN Design Roadmap

▫ Underlay Network Design

▫ Overlay Network Design

▫ Service Transport Design

3. SD-WAN Design Cases

17 Huawei Confidential
Key Components of the SD-WAN Solution
Service presentation layer
Portals for tenants/carriers No. Component Functions
RESTful
Control layer
1. Network service orchestration
1 Northbound network service layer
2. NE control
VPN/Traffic steering/
CPE-VIM
3. Basic network O&M
QoS/Security/WOC O&M
4. CPE orchestration and management
iMaster NCE- 5. Basic performance monitoring
Southbound NE layer 1
WAN (providing link quality information,
Network layer application quality information, and
traffic information, as well as statistics
2 from dimensions such as intra-site and
RR
inter-site statistics)

3 Public
cloud site Distributes VPN routes and tunnel
Branch 3 Internet CPE 2 RR information between CPEs based on VPN
site topology policies.
CPE 3 HQ/
Branch 3 DC site 3 CPE Functions as the egress device of a site.
site
MPLS CPE
CPE 4 Legacy Connects an SD-WAN network to a non-
MPLS site 4 Gateway
Gateway SD-WAN network.

18 Huawei Confidential
 Overall Design Roadmap of a Financial SD-WAN Network

SLA requirements of service 1:

50 ms delay, 5% jitter, 5% packet loss rate
Service transport design SLA requirements of service 2:
150 ms delay, 10% jitter, 10% packet loss rate

CPE CPE/RR
Branch Standby
site DC

Overlay network design

CPE CPE/RR
Reliability design

Branch
site Active DC
Overlay
network
Carrier network/
Underlay network design Self-built network
Underlay
network

19 Huawei Confidential

• An SD-WAN network can be designed from the following perspectives:

▫ Underlay network design: includes the WAN-side networking design and

LAN-side networking design.

▫ Overlay network design: includes the topology design and VN design.

▫ Service transport design: includes the transport network selection and

security design.

▫ Reliability design: is involved in the physical topology, logical topology, and

service transport design, and includes the link reliability design, CPE
reliability design, controller reliability design, and RR reliability design.

• This course describes the underlay network design, overlay network design, and
reliability design.
 Contents

1. FSI Background

2. Overall SD-WAN Design

▫ SD-WAN Design Roadmap
◼ Underlay Network Design

▫ Overlay Network Design

▫ Service Transport Design

3. SD-WAN Design Cases

20 Huawei Confidential
 Typical Underlay Networking (1)
Dual-homed networking with dual Square-looped networking with dual Networking with both Internet and
private line networks private line networks private line networks

HQ HQ HQ

Level-1 Level-1 Level-1

branch branch branch Firewall/
NAT device
MTSP1 MTSP2 MTSP1 MTSP2 MTSP1 Internet1

Level-2 Level-2
branch 4G/5G branch Level-2
branch

MTSP1 MTSP2 MTSP1 MTSP2 MTSP1 MTSP2

BGP/OSPF BGP/OSPF BGP/OSPF

Sub-branch/Outlet Sub-branch/Outlet Sub-branch/Outlet

21 Huawei Confidential

• On the underlay WAN side, IP addresses and IGP routing protocols are
configured based on the networking habits of the live network. Generally, a bank
network uses a dynamic routing protocol at the egress to connect to upper-level
branch devices.

Dual private line cross- Double private line square- Private line + Internet private
Scenario
connection shaped line
Cross-province dual private
Level 1 Cross-province dual private line Cross-province leased line +
branch interconnection
line square-shaped IPSec tunnel
interconnection
Upstream: cross-province Upstream: cross-province
Upstream: cross-province dual
dual private line square- private line + square-shaped
private line square-shaped
Level 2 shaped Internet
branch
Downstream: intra-province
Downstream: intra-province Downstream: square-shaped
dual private line square-
dual private line square- dual private lines in the
shaped
shaped province

outlets Dual private line + 4G/5G backup Dual private networks Intra-province dual private line
 Typical Underlay Networking (2)
Multi-link flat networking Flat Internet networking

HQ HQ

Level-1 branch Level-1 branch

Internet 1 Internet 2
ISP1 ISP2 ISP3 ISP4

BGP/OSPF BGP/OSPF

Sub-branch/Outlet Sub-branch/Outlet

22 Huawei Confidential

• On the underlay WAN side, IP addresses and IGP routing protocols are
configured based on the networking habits of the live network. Generally, a bank
network uses a dynamic routing protocol at the egress to connect to upper-level
branch devices.

Scenario Multi-link flattening Internet flattening

Level 1 branch Multi-ISP private line access Multi-Internet Egress Access

Level 2 branch None None

outlets Dual private line Single link or dual Internet

 Underlay Network Design for Sub-Branches/Outlets
Single-gateway single-homed networking Single-gateway dual-homed networking Dual-gateway dual-homed networking

Private line
/Internet Private line Internet Private line Internet

Sub-branch/
Outlet
Sub-branch
Sub-branch/
/Outlet
Outlet
CPE CPE CPE CPE
• Advantages: low deployment cost • Advantages: no risk of single link failures, • Advantages: no risk of single device or
• Disadvantages: risks of single device and moderate deployment cost, high single link failures, high reliability,
single link failures reliability exclusive link bandwidth occupation
• Disadvantages: risks of single device • Disadvantages: high deployment cost, a
failures large number of port resources required

• Financial enterprises are concerned about network reliability but are not sensitive to ICT construction
costs. Therefore, the dual-gateway dual-homed networking is recommended.

23 Huawei Confidential

• Sub-branches and outlets generally use the dual-homed networking mode.

Underlay Network Design for Level-1/Provincial Branches
Networking with dual gateways deployed in off-path Networking with dual gateways and multiple Internet
mode and multiple private line networks networks

Private Private
Internet
line 1 line 2 Internet1 Internet2 Internet3
Level-1
/Provincial
branch
Level-1
/Provincial
CPE Traditional Traditional CPE branch
CPE CPE
device device

• Advantages: no risk of single device or single link failures,

• Advantages: no risk of single device or single link failures,
high reliability, support for smooth SD-WAN network
high reliability
upgrade
• Disadvantages: The SD-WAN network upgrade is complex
• Disadvantages: CPEs need to be connected to traditional
and requires replacement of original devices.
devices in off-path mode.
• Applicable to securities and insurance enterprises
• Applicable to banks

24 Huawei Confidential
RR Networking Design
⚫ Financial enterprises, especially banks, have many sub-branches and outlets. To improve the stability of
RRs, dual standalone RRs are typically deployed.
Networking with dual standalone RRs deployed in off-path Networking with dual standalone RRs deployed in in-path
mode mode

Private Private
Internet Internet1 Internet2 Internet3
line 1 line 2

Traditional device RR RR
RR RR
• Advantages: no risk of single device or single link failures, high
• Advantages: no risk of single device or single link failures, high
reliability
reliability, support for smooth SD-WAN network upgrade
• Disadvantages: The SD-WAN network upgrade is complex and
• Disadvantages: The RRs need to be connected to a traditional
requires replacement of original devices. If CPEs need to connect
device in off-path mode. If CPEs need to connect to the RRs
to the RRs through a public network, 1:1 NAT needs to be
through a public network, 1:1 NAT needs to be configured.
configured.
• Applicable to banks
• Applicable to securities and insurance enterprises

25 Huawei Confidential
 RR Deployment Rules
Deployed at ⚫ RRs must be deployed in redundancy mode. At least two
the hub site
RRs must be deployed on the live network.
CPE/RR Hub CPE/RR
Deployed in ⚫ Each CPE should be dual-homed to two RRs to
standalone mode
implement egress backup.
RR1 RR2
⚫ It is recommended that RRs be deployed in standalone
mode to ensure reliability.
MPLS Internet
⚫ If standalone RRs cannot be used, configure CPEs at hub
or border sites as RRs.
⚫ Use the RR models recommended in the specification list.
CPE CPE CPE

Branch Branch

26 Huawei Confidential

• A CPE can be connected to a maximum of two RR sites (four RRs).

• On small-scale networks, for example, with fewer than 50 sites, RRs can be
deployed at hub sites.

• RRs need to support large numbers of BGP peers and EVPN connections and
provide strong high route reflection capabilities and efficiency. In actual
deployments, use the RR models recommended in the specification list, for
example, AR6300 and AR6280.
 Underlay Network Design with One Controller Deployed
⚫ To ensure the reliability of SD-WAN management channels, dual gateways and dual links need to be deployed to
ensure that CPEs/RRs at branches can communicate with iMaster NCE-WAN.
Networking with both public and private networks Single-type networking

CPE CPE
Private
CPE Internet CPE line/Internet
NAT gateway HQ HQ
Branch DC Branch DC

Private line Private

line/Internet

CPE CPE

• iMaster NCE-WAN is deployed in the HQ DC and uses a public IP

• iMaster NCE-WAN is deployed in the HQ DC.
address to provide services for CPEs.
• If branches communicate with the HQ through a private line
• 1:1 static NAT is deployed on the egress devices of the HQ
network, the network segment where iMaster NCE-WAN resides
connecting to the Internet.
needs to be sent to the private line network.
• NAT-related public IP addresses need to be advertised to the
• If branches communicate with the HQ through the Internet, 1:1
private line network.
static NAT needs to be deployed on egress devices of the HQ
• Data between branch CPEs and iMaster NCE-WAN passes through
connecting to the Internet. The egress devices of the HQ use the
the NAT device no matter whether the branch communicates with
same public IP address.
the HQ over the Internet or a private line network.

27 Huawei Confidential

• Generally, 1:1 static NAT is deployed in the system view on the egress device of
the public network at the HQ.
 Underlay Network Design with Controllers Deployed in
Active/Standby Mode
⚫ When iMaster NCE-WAN is deployed in active/standby mode, the route priorities are specified to steer
communication traffic between CPEs and the active and standby controllers.

Single-type networking
CPE
Active controller

Active
DC
CPE Using the same southbound
Private line/ Higher priority and northbound IP addresses
Branch
Internet
Lower priority
Standby
DC Standby controller

CPE

• The active and standby controllers need to be manually switched.

• The active and standby paths need to be manually switched.

28 Huawei Confidential

• The active and standby controllers are deployed in the active and standby DCs,
respectively. A heartbeat tunnel is established between the active and standby
controllers to synchronize data and detect the controller status.

• The active and standby controllers use the same southbound and northbound IP
addresses. When branches are connected to the DCs through a public network,
the same NAT address must be configured for the active and standby controllers.

• When branches are connected to the DCs through a private line network, the
controllers' southbound and northbound IP addresses need to be advertised to
the private line network through EBGP, and a routing policy needs to be
configured to ensure that the route to the active controller is preferentially
selected.

• When branches are connected to the DCs through a public network, 1:1 static
NAT needs to be deployed for the southbound and northbound IP addresses. The
NAT configurations must be the same on the two egress gateways. NAT related
routes need to be advertised to the public network through EBGP and a routing
policy needs to be configured to ensure that NAT related routes to the active DC
are preferentially selected.
 Contents

1. FSI Background

2. Overall SD-WAN Design

▫ SD-WAN Design Roadmap

▫ Underlay Network Design

◼ Overlay Network Design

▫ Service Transport Design

3. SD-WAN Design Cases

29 Huawei Confidential
Common Overlay Topologies of Financial SD-WAN Networks
Flat topology Hierarchical topology
Provincial/Level-1 branch Provincial/Level-1 branch HQ HQ
Office service Production service Active DC Standby DC

Data channel
MPLS Internet
MPLS Internet Data channel

Provincial Provincial
branch branch

Data channel
MPLS Internet MPLS Internet
Sub-branch/ Sub-branch/
Data channel
Outlet Outlet Sub-branch/ Sub-branch/
Outlet Outlet

Data tunnels are established directly between sub-branches/outlets Data channels are established between sub-branches/outlets and
and provincial/level-1 branches. provincial/level-1 branches as well as between provincial/level-1 branches
and the HQ.

30 Huawei Confidential
 Flat Topology of Financial SD-WAN Networks
⚫ RR deployment
Provincial/Level-1 branch Provincial/Level-1 branch  RRs' IP addresses must be advertised to each ISP network, so that the
CPE Hub1 CPE CPE Hub2 CPE RRs are reachable on the underlay network.

 RRs can be deployed independently (for high reliability) or at hub sites.

The RRs need to work in active/standby mode.
RR1 RR2
⚫ Hub deployment
 CPEs at hub sites can be connected to traditional egress routers in off-
MPLS Internet path mode to support smooth evolution to an SD-WAN network.

 Two CPEs are deployed at each hub site to ensure intra-site reliability.

 Hub sites are deployed in active-active mode based on site

requirements or services to ensure inter-site reliability.

CPE CPE CPE ⚫ For a large-scale network, it is recommended that multiple

Sub-branch Sub-branch tenant networks be planned based on administrative areas on
/Outlet /Outlet
the live network and managed independently.
Data channel

Data channel

31 Huawei Confidential

• The flat topology is applicable to large banks and insurance enterprises. Network
O&M is implemented by administrative area, and networks in each province are
managed by MSPs.

• Provincial branches, level-1 branches, and hubs at the HQ are connected to all
ISP networks.

• The controller is usually deployed in a DC.

• Generally, CPEs at outlets are dual-homed to RRs to ensure reliability.

• North-south traffic is a majority of traffic.

• East-west traffic between outlets needs to pass through the hubs.

 Hierarchical Topology of Financial SD-WAN Networks
⚫ RR deployment
HQ HQ
 RRs' IP addresses must be advertised to each ISP network, so that the
Hub1 Hub2 RRs are reachable on the underlay network.
RR1 RR2
 RRs can be deployed independently (for high reliability) or at hub sites.
The RRs need to work in active/standby mode.
⚫ Hub deployment
MPLS Internet  CPEs at hub sites can be connected to traditional egress routers in off-
path mode to support smooth evolution to an SD-WAN network.
 Two CPEs are deployed at each hub site to ensure intra-site reliability.
 Hub sites are deployed in active-active mode based on site requirements
Border Border
or services to ensure inter-site reliability.
Branch Branch ⚫ Border deployment
outside outside
the MPLS Internet MPLS Internet the  CPEs at border sites can be connected to traditional egress routers in off-
province province path mode to support smooth evolution to an SD-WAN network.
Outlet outside  CPEs at border sites connect downstream devices to upstream devices.
Outlet outside
the province the province The one-way forwarding performance of CPEs depends on the total
Data channel bandwidth of the downstream outlets and the total bandwidth of the
upstream hub sites.
Data channel

32 Huawei Confidential

• The hierarchical topology is applicable to small or midsize rural commercial

banks. Outlets outside the province are connected to the HQ through the
Internet, while those in the province are directly connected to the HQ.

• Provincial branches, level-1 branches, and hubs at the HQ are connected to all
ISP networks.

• The controller is usually deployed in a DC.

• Outlets are not directly connected to level-1 branches or HQ. Instead, traffic of
outlets is aggregated to level-2 branches or branches outside the province and
then sent to level-1 branches or HQ.

• Branches outside the province are interconnected with level-1 branches through
private lines.

• Sub-branches and outlets are usually connected to upper-level branches through

multiple uplinks to achieve high reliability.

• North-south traffic is a majority of traffic.

• East-west traffic between outlets needs to pass through border sites in the
province or hub sites of the HQ.
 Hierarchical Topology of Financial SD-WAN Networks:
Inter-Site Communication
HQ HQ ⚫ Access requests of all branches in an area are
Hub1 Hub2 forwarded by the border nodes in the area.
RR1 RR2
⚫ Branches in different areas communicate with each
other through the active hub of the HQ.
MPLS Internet

Border Border
Branch
outside Branch
the MPLS Internet MPLS Internet outside
province the
province
Outlet Outlet
outside the outside the
province province
Intra-area traffic
Inter-area traffic

33 Huawei Confidential

• Inter-area traffic is forwarded as follows:

▫ Traffic of an outlet is first forwarded to the border nodes of the area where
the outlet resides.

▫ The border nodes forward the traffic to the active hub of the HQ based on
the configured traffic steering policy.

▫ The hub then forwards the traffic to the border nodes in the destination
area based on the routing policy.

▫ The border nodes in the destination area search local routing tables for
routes and then forward the traffic to the destination outlet.
 Specification Calculation for Financial SD-WAN Networks
⚫ Background
HQ/DC  Two hubs are deployed at the HQ of a bank and also function as RRs. The
bank has a total of 300 sites in different areas, including 200 dual-gateway
Hub (RR) sites and 100 single-gateway sites.
 Each hub (RR) supports a maximum of 1000 BGP peers and 2000 data
tunnels.
 LTE links are used as backup. When primary links are available, no LTE link is
established.
⚫ Calculation of networking specifications
LTE  Number of BGP peers supported by the hubs (RRs) = Number of dual-
MPLS Internet
(backup) gateway sites x 2 + Number of single-gateway sites
◼ In this example, the total number of BGP peers is 500 (200 x 2 + 100), which
meets the specification.
 Number of data tunnels supported by the hubs (RRs) = Total number of data
tunnels established between the hubs and gateways
◼ The two hubs share the data tunnel specification. For example, if the data

Spoke tunnel specification of each hub is 1000, the data tunnel specifications of the
two hubs is 1000.
Area 1 Area 2 Area 3 Area 4 ◼ In this example, the total number of data tunnels is 1200 (300 x 4 = 1200),
which meets the specification.
30 sites 170 sites 15 sites 85 sites  The network bandwidth must meet the customer requirements.

34 Huawei Confidential

• Different devices have different BGP peer and data tunnel specifications.

• For details about the product specifications, see the product documentation.
 Beyond-Specification Design for Financial SD-WAN Networks
⚫ A financial network generally has a large number of branch nodes, and the requirements of a financial enterprise may beyond the
specifications of devices at hub sites regardless in the flat or hierarchical topology. There are two solutions to this problem.

Area-based networking Tenant-based networking

MSP administrator
Area 1 Area 2
Tenant 1 Tenant 2
Provincial/Level-1 branch Provincial/Level-1 branch
Provincial/Level-1 branch Provincial/Level-1 branch
CPE Hub CPE CPE Hub CPE
CPE Hub CPE CPE Hub CPE

RR RR RR RR
RR RR RR RR
MPLS MPLS
/Internet /Internet MPLS MPLS
/Internet /Internet

CPE CPE CPE CPE

Sub-branch/ Sub-branch/ Sub-branch/ Sub-branch/
Outlet Outlet Outlet Outlet

If the specifications of hub sites are exceeded, multiple hub sites can be If the specifications of hub sites are exceeded and rights- and domain-based
deployed and a tenant network can be divided into multiple areas. management is required, tenant-based networking can be used and tenant
networks can be managed by an MSP administrator.

35 Huawei Confidential

• Area-based networking

▫ A tenant network is divided into multiple areas, multiple hub sites are
deployed in the HQ/DC, and each area is associated with one or two hub
sites.

▫ Branch sites are added to the corresponding hub sites based on areas.

▫ RRs can be deployed independently, and each pair of RRs is associated with
sites in the corresponding area.

▫ Sites in different areas are interconnected through hub sites on the LAN
side.

• Tenant-based networking

▫ An MSP administrator creates multiple tenants, multiple hub sites are

deployed in the HQ/DC, and each tenant is associated with one or two hub
sites.

▫ Branch sites are added to the corresponding tenant tenants based on

geographical areas.

▫ RRs can be deployed independently. Each pair of RRs is associated with

sites in an area.

▫ Sites on different tenant networks are interconnected through hub sites on

the LAN side.
 Contents

1. FSI Background

2. Overall SD-WAN Design

▫ SD-WAN Design Roadmap

▫ Underlay Network Design

▫ Overlay Network Design

◼ Service Transport Design

3. SD-WAN Design Cases

36 Huawei Confidential
Service Transport Design
⚫ Financial enterprises generally deploy various types of services, which have different network requirements.

⚫ Most services of financial enterprises are private network services. Therefore, general feature databases cannot be used to identify
financial services.

⚫ The financial SD-WAN service transport design covers the following aspects.

Application identification Intelligent traffic steering HQoS

Source/ Source/
Destination DSCP Destination Data
IP address port
Video services

HQ Voice services
Customized
application Production services
Application
identification

• Application identification based on 5- • Link quality–based traffic steering • Service-based HQoS

tuple information or DSCP values • Application priority–based traffic steering
• Identification of customized applications

37 Huawei Confidential
Application Identification Design
Provincial/Level-1 branch ⚫ The main objective of application identification is to distinguish traffic for
subsequent processing.
CPE Hub CPE SA
enabled ⚫ The service awareness (SA) function is enabled on the devices at HQ sites
and outlets to implement fine-grained identification of services on the

RR1 RR2
live network.

⚫ Application identification based on 5-tuple information or DSCP values

 Applications of traffic with specified source and destination IP addresses can be
MPLS Internet
identified based on 5-tuple information or DSCP values.

 Generally, traffic classifiers are configured to identify such applications.

SA
⚫ Identification of customized applications
enabled
 Enterprises that need to monitor customized applications can use this application
CPE
CPE identification mode.
Sub-branch/ Sub-branch/  Customized applications are defined based on the destination IP address, protocol
Outlet Outlet
number, and signature.

38 Huawei Confidential
Intelligent Traffic Steering Design

Provincial/Level-1 branch
⚫ In the SD-WAN Solution, intelligent traffic steering ensures optimal experience of
CPE Hub CPE
different services.

⚫ With this function enabled, the network quality can be monitored in real time, and
the network paths that meet SLA requirements of applications can be dynamically
RR1 RR2
and automatically selected among multiple WAN links with different network quality.

⚫ Link quality–based traffic steering

MPLS Internet  This mode is applicable when enterprises have different link quality requirements for different
services.

 Multiple traffic steering policies can be configured to enable transmission of different services
over different links.

CPE
⚫ Application priority–based traffic steering
CPE
Sub-branch Sub-branch
 This mode is applicable when enterprises want to use high-value lines (private lines) to
/Outlet /Outlet guarantee experience of high-value applications.

39 Huawei Confidential
HQoS Design
⚫ Bank networks have various applications, including voice, video
conferencing, file transfer, email, and software as a service
(SaaS) applications.
EF queue
High
Video
priority Interface
⚫ Different applications have different link quality requirements.
Therefore, different HQoS policies need to be deployed.
BE queue
Email Low ⚫ Traffic is differentiated by application.
priority
⚫ High priorities can be set for preferential scheduling of delay-
Link 1 sensitive or mission-critical traffic.
Email
⚫ Larger bandwidth is allocated to bandwidth-demanding traffic.
Video

40 Huawei Confidential
 Contents

1. FSI Background

2. Overall SD-WAN Design

3. SD-WAN Design Cases

41 Huawei Confidential
Project Requirements of a Financial Enterprise
⚫ A financial enterprise deploys the SD-WAN Solution to meet the following requirements:
 Replace existing MSTP lines with MPLS or Internet lines.
 Implement efficient intelligent traffic steering at the egress.
 Simplify network management and O&M through email-based deployment.
 Provide high link-level, device-level, and inter-site reliability.
Two DCs are built in the same city and work in active-active mode to provide services concurrently. The
Current network
DCs are interconnected at Layer 3. Each equipment room is connected to the Internet through a single
environment
private line.
• Production, office, and video surveillance service traffic exists on the live network. Production traffic
between outlets needs to be isolated from other types of traffic.
• Uplink traffic is load balanced based on service types, and Internet access sites are strictly
Current network
specified for downlink traffic based on service types. For example, office service traffic of an outlet
services
is transmitted over link 1 and terminated at hub 1, and hub 2 functions as the standby node.
Production service traffic is transmitted over link 2 and terminated at hub 2, and hub 1 functions as the
standby node.
Customer
Unified network management is required to lower O&M costs.
requirements

42 Huawei Confidential
Current Network Architecture of the Financial Enterprise
⚫ Current network architecture
HQ
DCs DC A DC B  The financial enterprise has 400+ sub-branches in the province
Hub1 Hub2 and 100+ sub-branches outside the province. The sub-branches
use the single-device or dual-device dual-uplink networking
mode at egresses.
 Sub-branches in the province are connected to branches in the
province through MSTP private lines, which are connected to the
HQ through MSTP private lines.
ISP2 ISP1 ISP2 ISP1 ISP2
ISP1
MSTP MSTP MSTP MSTP MSTP Sub-branches outside the province are connected to local
MSTP 

Branch in the
provincial branches through MSTP private lines, which are
Local Local
provincial
province
provincial connected to the HQ through MSTP private lines.
branch branch

AGG AGG AGG

⚫ Current traffic model

ISP2
 Traffic of all sub-branches in and outside the province is first
ISP1
ISP1 ISP2 MSTP MSTP ISP1 ISP2 aggregated to branches and then centrally forwarded to the HQ.
MSTP MPLS MSTP MSTP  Office service traffic of sub-branches in and outside the province
Sub-branch Sub-branch is sent to DC A.
Sub-branch 400+ outside the
50+
in the 50+ Spoke
outside the Spoke province sites province  Production service traffic of sub-branches in and outside the
sites province Spoke sites
province is sent to DC B.
Office service traffic Production service traffic

43 Huawei Confidential
Overall SD-WAN Network Reconstruction Design
⚫ Underlay network design
HQ
DC DC A DC B  The single-device or dual-device dual-uplink networking mode
Hub1 Hub2 is used.
 RRs are deployed independently, and iMaster NCE-WAN is
deployed in active/standby mode.
 Sub-branches in the province are connected to the HQ through
MPLS private lines.
ISP2 ISP1 ISP2 ISP1 ISP2
ISP1
Internet MPLS MPLS Internet Internet Sub-branches outside the province are connected to local
Internet 

provincial branches through MPLS private lines or the Internet,

Local which are connected to the HQ through the Internet.
Local provincial AGG
provincial branch
AGG
branch ⚫ Overlay network design
 Two VNs are planned based on services to carry office and
ISP1 ISP2 ISP1 ISP2 production services respectively.
MPLS MPLS Internet Internet
 Sub-branches in the province directly establish tunnels with the

Sub-branch
Sub-branch
400+
Sub-branch HQ, implementing flat networking.
in the outside the Spoke
50+ outside the Spoke sites 50+
province province
sites province Spoke sites  Sub-branches outside the province establish data tunnels with
local provincial branches, which establish data tunnels with the
Hierarchical networking outside Flat networking in the Hierarchical networking outside
the province province the province HQ, implementing hierarchical networking.

44 Huawei Confidential
SD-WAN Network Design in the Province
HQ ⚫ Underlay network design
DC
DC A DC B  The financial enterprise expects to reduce O&M costs and centrally
Hub1 Hub2
manage branch networks.

 MPLS private lines in the province have a moderate price and better
performance than Internet links. Therefore, MPLS private lines are used
to replace MSTP lines to reduce line costs.
RR RR
 Sub-branches in the province use the flat networking and are directly
connected to the HQ through MPLS private lines.
ISP1 ISP2
MPLS MPLS ⚫ Overlay network design
 After the flat networking is implemented for sub-branches in the
province, the sub-branches send traffic directly to the HQ and establish

Office data channel data channels directly with the HQ.

 The overlay network uses the flat topology.

Sub-branch Production  Dual uplinks of each device at a sub-branch back up each other,
in the 400+ data channel
province Spoke sites providing high reliability for office and production services.

Flat networking

45 Huawei Confidential
SD-WAN Network Design Outside the Province
HQ
DC
⚫ Underlay network design
DC A DC B
Hub1 Hub2  Cross-province MPLS and MSTP private lines are expensive. Therefore,
the Internet is used instead of MSTP private lines to reduce line costs.

 The prices of the Internet and MPLS private lines are similar in local
provinces. Links are selected based on the site requirements.

 For service security purposes, firewalls must be deployed at both ends

of each Internet link.
ISP1 ISP2 ISP1 ISP2
Internet Internet Internet Internet ⚫ Overlay network design
 Sub-branches outside the province do not use the flat networking.
Local AGG
Local
provincial Therefore, traffic of these sub-branches is first aggregated to local
provincial AGG
branch
branch provincial branches and then centrally sent to the HQ.

Office data
 The overlay network uses a hierarchical topology.
ISP1 ISP2 ISP1 ISP2 channel
MPLS MPLS Internet Internet  Dual uplinks of each device at a sub-branch back up each other,

Sub-branch
providing high reliability for office and production services.
Sub-branch outside the
50+ outside the Spoke 50+ province
Spoke
sites
province
sites Production
data
Hierarchical networking Hierarchical networking channel

46 Huawei Confidential
 SD-WAN Device Specification Design
⚫ The financial enterprise has 500 sites, including 350 dual-gateway sites and 150 single-gateway sites. Each site
requires 10 Mbit/s bandwidth.
⚫ The numbers of BGP peers and tunnels are calculated as follows:
 Number of BGP peers at RR sites: 850 (350 x 2 + 150). It is recommended that AR6280 or AR6300 series routers be used as RRs
and two RR sites (with two RRs each) be deployed in active/standby mode.
 Number of BGP peers at branch sites: 4 (two RRs at the active and standby RR sites each). AR650 series routers are
recommended as RRs at small-sized sites and AR6100 series routers at medium-sized sites.
 Number of data tunnels at hub sites: 2000 (500 x 4), with two hubs at the active and standby hub sites each. AR6280 or
AR6300 series routers equipped with the SRU400H are recommended as the hubs.

⚫ The traffic specification is calculated as follows:

 One-way traffic at hub sites: 5000 Mbit/s (500 x 10 Mbit/s). The number of required hubs is calculated based on the tunnel
forwarding capability of devices. If AR6280 or AR6300 series routers equipped with the SRU400H are used as hubs, 4 groups of
hubs are needed. If each group has 4 hubs, 16 hubs are required.
Note: The specifications apply only to the
SD-WAN Solution V100R019C00.

47 Huawei Confidential

• AR6280 and AR6300 series routers support a maximum of 1000 BGP peers.

• AR6280 and AR6300 series routers equipped with the SRU400H support a
maximum of 3000 data tunnels. The maximum one-way bandwidth of each data
tunnel is 1.5 Gbit/s.

• For details about the device specifications, contact Huawei technical engineers.
 Beyond-Specification SD-WAN Network Design
Tenant 1 Tenant 2 Tenant 3 Tenant 4 ⚫ Limited by device specifications, the financial enterprise
needs to deploy four groups of hubs.
⚫ To facilitate management and distribute traffic to the
4 hubs 4 hubs 4 hubs 4 hubs four groups of hubs, four tenants are planned on the
SD-WAN network, and each tenant has different VNs.
Network Network Network Network ⚫ The management scope of the four tenants is planned
as follows:
 Tenant 1: manages a total of 100 sites outside the province.
...

...

...

...
...

...

...

...
 Tenants 2, 3, and 4: manage a total of 400 sites in the
province based on the site requirements.

100 sites
outside the 400 sites in
province the province

48 Huawei Confidential

• The requirements of the financial enterprise are beyond the specifications of a

single device. To address this issue, use the tenant-based networking as the
financial enterprise has branches outside the province and requires rights-based
management.
 SD-WAN Service Transport Design
⚫ The financial enterprise has two main types of services:
 Delay-sensitive, mission-critical production services (such as transaction services): requiring 6 Mbit/s bandwidth
 Non-production services, including:
◼ Delay-sensitive services (such as video security services): requiring 3 Mbit/s bandwidth
◼ Delay-insensitive services (such as office services): no requirement on assured bandwidth

⚫ Service transport design

Application Classification
Service Category Intelligent Traffic Steering Configuration QoS Configuration
Mode

Application classification The Prefer scheduling mode is used. Higher-priority link 1 is The highest-priority queue is
Production services based on source and preferentially selected, and Low Latency Data is selected as specified, and 6 Mbit/s
destination IP addresses the switchover condition. bandwidth is allocated.

Application classification The Prefer scheduling mode is used. Higher-priority link 1 is A high-priority queue is
Delay-sensitive non-
based on source and preferentially selected, and Real-Time Video is selected as the specified, and 3 Mbit/s
production services
destination IP addresses switchover condition. bandwidth is allocated.

Delay-insensitive Application differentiation The Prefer scheduling mode is used. Lower-priority link 2 is
No queue is specified and no
non-production based on source and preferentially selected, and Bulk Data is selected as the
bandwidth is allocated.
services destination IP addresses switchover condition.

49 Huawei Confidential

• The maximum egress bandwidth of each branch is 10 Mbit/s.

• If no queue is specified for a service, service traffic enters the BE queue.

 Quiz

1. (Single-answer question) Which of the following underlay networking modes is

recommended for sub-branches?
A. Single-gateway single-homed networking

B. Single-gateway dual-homed networking

C. Dual-gateway dual-homed networking

D. Three-gateway triple-homed networking

50 Huawei Confidential

• 1. C
 Summary

⚫ This course describes the SD-WAN network design for the FSI, including underlay
network design, overlay network design, service transport design, and reliability
design.
⚫ Typical underlay networking modes for the FSI include dual-homed networking
with dual private line networks, single-homed networking with dual private line
networks, networking with both private line and Internet networks, and multi-link
flat networking.
⚫ Typical overlay networking modes for the FSI include flat networking and
hierarchical networking.

51 Huawei Confidential
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright © 2021 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.