2. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 2
Contents
• AR V600R021C00 Products and Features
• Naming Conventions for NetEngine AR Series Products
• Huawei NetEngine AR8000 Series Enterprise Routers
• Typical Deployment Scenarios
• One Unified WAN—SRv6 BE
• Manual Deployment
• Configuration Differences Between AR8000 and AR600/AR6000/AR1000V
• Common Tools
3. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 3
AR V600R021C00 Products and Features
Hardware
Software Features
• Host:
New hardware: AR8140-12G10XG and AR8140-T-12G10XG (TPM model)
• Card:
None
• SD-WAN: Large-scale commercial use of AR8140 deployed as hub nodes
• SRv6 enterprise private line: Co-networking of both AR and NE routers, with services isolated through SRv6 BE
• DFX requirements: SPR switchover alarm suppression and keepalive packet loss calculation optimization
4. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 4
NetEngine AR8140-12G10XG
Naming Conventions for NetEngine AR Series Products
No. Meaning Description
A Product name AR: application and access routers
B Product platform 8: AR8000
C Router height
1: 1 U
2: 2 U
3: 3 U
D Maximum number of slots supported by the router
2: 2 slots
4: 4 slots
6: 6 slots
8: 8 slots
0: 10 slots
E
Product generation ID
Note:
This ID applies only to 1 U models. The default value is 0 for 2 U/3 U
models.
Generation of the hardware platform
F
Extended information about the router (optional).
Note:
This field starts with "-" and specifies supplementary interface descriptions
or other possible configurations.
nG: n GE interfaces
nXG: n 10GE interfaces
5. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 5
Huawei NetEngine AR8000 Series Enterprise Routers
AR8140 front view AR8140 rear view
Item AR8140
SD-WAN forwarding
(IMIX)
12–20 Gbit/s
SD-WAN forwarding
(1400 bytes)
25–36 Gbit/s
Dual power supplies 350 W AC/DC, pluggable, dual power supplies
Port
10 x 10GE optical + 8 x GE combo + 4 x GE electrical (All
WAN ports can be switched to LAN ports)
SIC slot 4
WSIC slot (default/maximum) 0/2
Memory 16 GB
Flash 4 GB
Operating temperature 0–45°C
Installation mode In cabinets
*Note: The SD-WAN forwarding performance model is EVPN+IPsec+HQoS. The
performance data is the sum of bidirectional data flows.
6. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 6
Typical Deployment Scenarios
SD-WAN Solution
• iMaster NCE provides unified visualized management.
• The NetEngine AR8140 can be used as the gateway of the enterprise headquarters or branch sites.
• Multiple types of physical links, such as MPLS private line and Internet.
• Broad range of SD-WAN features: intelligent application identification, intelligent traffic steering, etc.
Enterprise branch 1
Enterprise branch 2
MPLS/Private
line
7. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 7
One Unified WAN—SRv6 BE
Finance (branch access)
Government (Government extranet, government private network)
Electricity (Integrated data network, power supply station, business
hall, or substation access)
Hub
Hub
AR
AR
Option
A/DSCP
SRv6
SRv6
NCE-Campus NCE-IP
V
M
V
M
V
M
vSwitc
h
Data center
V
M
V
M
V
M
vSwitc
h
Level-1 branch
R R
R
R
Access to WAN
Branch
Access to WAN
V
M
V
M
V
M
vSwitc
h
Backbone WAN
NE NE
AR NE
Access
network
Backbone network DC
SRv6 SRv6
Customer requirements:
• Supports IPv6 services.
• Unified WAN architecture: EVPN+SRv6
• Reuse: ARs and NEs are deployed on the same network, and the customer
reuses the existing NE devices. The application scope of SRv6 is extended
from backbone nodes to edge nodes.
• Fine-grained path optimization: more refined underlay and overlay
optimization.
Huawei benefits:
• Larger market share: Extend to branches based on the advantages of
Huawei NE routers on financial backbone networks.
• Wider application scope: finance, electricity, government, carrier, etc. NE NE
Competitiveness:
• One unified WAN through SRv6.
SRv6 BE
AR supports SRv6 BE and
switchover based on BFD.
Controller: NE router management
by iMaster NCE-WAN, with co-
networking of both AR and NE
routers
AR8140
AR
8. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 8
Manual Deployment
Procedure:
1. Log in to the CLI of a device and perform pre-configuration on the device.
a. Enable NETCONF.
snetconf server enable
b. Configure an SSH user.
ssh user huawei
ssh user huawei authentication-type x509v3-rsa
ssh user huawei assign pki default
ssh user huawei service-type snetconf
c. Specify a source interface for the SSH server.
ssh server-source all-interface
d. Configure an SSH authentication mode.
ssh server assign pki default
ssh authorization-type default root
ssh server publickey x509v3-ssh-rsa
2. Create a VPN instance on the device.
ip vpn-instance underlay_1
ipv4-family
route-distinguisher route-distinguisher
vpn-target vpn-target export-extcommunity
vpn-target vpn-target import-extcommunity
3. Configure an IP address for the interface and bind it to a VPN instance.
interface interface-type interface-number
ip binding vpn-instance underlay_1
ip address ip-address mask
4. Configure routes to ensure that the device can communicate with iMaster NCE-Campus.
ip route-static vpn-instance underlay_1 ip-address mask nexthop-address
5. Set parameters for interconnection between the device and iMaster NCE-Campus based on ZTP configurations.
netconf
callhome default-callhome
endpoint GE0/0/1_192.168.10.10
peer-ip ip-address port 10020 vpn-instance underlay_1
Note:
The configured SSH user must be Huawei. Otherwise, the device
cannot register with the controller.
When adding an AR8000 series router, you need to set parameters for
interconnection between the device and iMaster NCE-Campus. The
device can be managed by iMaster NCE-Campus only after the
configuration is successful. The callhome name must be set to default-
callhome and IP-address must be the southbound address of iMaster
NCE-Campus.
The endpoint name must be in the format of name of the WAN link
interface used to register with iMaster NCE-Campus_IP address, for
example:
If the WAN link uses GE0/0/1 interface and the IP address
192.168.10.10, the endpoint name is GE0/0/1_192.168.10.10.
If the WAN link uses XGE0/0/1 interface and the IP address
192.168.10.10, the endpoint name is 10GE0/0/1_192.168.10.10.
If the WAN link uses Eth-Trunk1 interface and the IP address
192.168.10.10, the endpoint name is Eth-Trunk1_192.168.10.10.
9. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 9
NAT Configuration Differences Between AR8000 and
AR600/AR6000/AR1000V
Function AR600/AR6000/AR1000V AR8000
Easy IP
#
acl number 3180
rule 5 permit ip source 1.1.1.0 0.0.0.255
#
interface 10GE0/0/2
ip address 1.1.1.1 255.255.255.0
nat outbound 3000
#
#
interface 10GE0/0/2
ip address 1.1.1.1 255.255.255.0
nat enable
#
nat-policy
rule name policy_nat1
source-address 10.1.1.0 mask 255.255.255.0
action source-nat easy-ip
#
10. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 10
HQoS Configuration Differences Between AR8000 and
AR600/AR6000/AR1000V
11. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 11
Function Differences Between AR8000 and
AR600/AR6000/AR1000V
Function AR600/AR6000/AR1000V AR8000
Reverse SSH
Only some whitelist query
commands can be executed.
1. Only query and O&M commands can
be executed by default.
2. The AOC can be used to deliver the
unlocking instruction to grant the
command configuration permissions.
After the configuration, deliver the
locking instruction through the AOC to
revoke the permission.
Delivery of configurations
that are not supported by
the controller
Delivered through CLI over
YANG
Delivered through the AOC
12. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 12
1. Specifications query tool
https://info.support.huawei.com/network/sqt/index?domain=0&lang=e
n
Common Tools (1/2)