Security Level:

www.huawei.com

Agile POLOptical Campus Network Solution

2

Main campus

Access layer (wired):

MDU/SBU:

MA5671/MA5626

ONT:

HG8245A/HG8247H

Wireless access:

AP20/40/50/60/70/80

Da

ta c

en

ter

Man

ag

em

en

t

zo

ne

Se

rvic

e

zo

ne

Virtual

experiment

Digital

library

Tele-

education

Mobile

learning

DormitoryOffice area LibraryMultimedia

classroom

Campus aggregation layer:

OLT: MA5600T/MA5800

Branch

campus

Local campus

server

Campus core:

S7700/S12700

cluster

ISP2

Internet

Private

education

network

ISP1

Internet

Huawei End to End AgilePOL Campus Solution

Accounting

(3rdParty: Dr.COM/Srun)

DC core:

S12700 or

CE12800 cluster

Egress Firewall:

USG6000/USG9000

All-scenario

wireless coverage

Access

User operation,

free mobility

Core

Intelligent uplink

selection, optimal

experience

Egress

SplitterSplitter Splitter

33

Network Solution Architecture

Access

Layer

Aggregation

Layer

Core

Layer

Egress Layer

&

Datacenter

DatacenterEgress

Core

Equipment

Room

Floor

End-User

RouterWAN Firewall

Voice

GatewayApplication

Wired Office

PC

IP Phone

ONU

Passive Optical SplitterFiber distribution hub

Core LSW

OLT

Wireless

AC

NMS

eSight

AAA

Agile

Controller

Aggregation LSW

PC

IP Phone

4

IP + Optical Convergence Access SolutionNM

SDN

Controller

POE

SDN Fabric

Convergence Access

Type B

Access Convergence:Wire & wireless convergence，data,

voice , video convergence

ONU

leaf

Spine

OLT

NM Convergence:Wired , Wireless & GPON Unified

management

3

Control Convergence:VN automatic

Centralized user policy

management

Policy association with ONU &

Leaf Switch

2 Architecture Convergence:Centralized service VLAN control , E2E

HA

User VLAN enforcement

VLAN Trucking

SW

4

1

wireless wired

RJ11

5

Centralized

configuration and

management

OLT

Centralized

configuration and

management

Core Switch

Aggregation Switch

Splitter

Core Switch

Access Switch ONU

PC Phone TV

Phone

PC PC

Phone

IADIAD

Comparison: Network Architecture

Data Center

Riser Closet

End User

Traditional LSW POL

6

Aggregation

BRAS/SR

N*GE

GE/10GE

POP

Aggregation

LSW

GE

10G

PON

OLT

BRAS/SR

10GE

ONU

P2P

Multi-level aggregation , limited distance,100m

Many impassive devices such as access switch,

aggregation switch，CAPEX/OPEX are both high.

P2P structure, need more fiber resources and

expensive optical modules.

Cooper to the room, the bandwidth is limited which

can not satisfy the big bandwidth in future.

Copper’s interference immunity is not good

Flexible network, long distance, 40KM from CO to end

user, no need amplify.

Passive network aggregation, reduce CAPEX/OPEX.

P2MP structure and save optical modules.

Fiber to floor , can improve bandwidth sustained.

High reliability and anti-interference immunity.

PON

Access

node

Comparison 2 ：Network Topology

POL takes Hub-Spoke architecture, the network is more

flatten, lower latency and higher security.

Traditional LSW

POL

7

Office: FTTO/B

OLT

Meeting Room/Library

Office

Surveillance

Video Conference

Surveillance

Voice Internet

Wifi

One fiber with multi-services

IP phone

Conference Terminal

PCCERNET

Access Device

MA5671

4 × GE4 × GE (POE)

MA5626

8 / 16 / 24 x FE8/16 / 24 x FE with POE 8 x FE with Reverse POE

FAT

FAT

LAN1/LAN3: HSILAN2：Video ConferenceLAN4：IPPHONE

Splitter

Campus CO

8

One 200-room LAN cabling weight comparisonSingle-mode fibers provide a large capacity, meeting requirements for

the next 30 years.

Copper lines covering

half of a floorFibers covering 3 floors

Larger capacity in a smaller space, easy to install

The potential capacity of single-mode

fibers is almost unlimited.Ethernet cables are replaced frequently.

Secure, reliable, and high-quality

• Nonmetallic materials, free of EMI

• Erosion-resistant, 30 years of lifecycle

• High data confidentiality

• No high-frequency crosstalk, no need for

noise cancellation technology

• AES enabled, ensuring packet security

Cross

section of

an optical

cable

Optical

cable

Comparison 3 ：Transmission Medium

Cable weight

• Compared to CAT6A

POL save 742kg

• Compared to CAT6

POL save 700kg

9

Сравнение двух решений

Категория Параметр Стандартное решение POL

Устанвоки и внедрение

Электропитание и кондиционирование

Необходимо электропитание и кондиционирование для всего оборудования

Нет необходимости в электропитании и кондиционировании

Место в шкафах

Много места для установки на этажах и в центре

Пассивное оборудование/экономия места в шкафах

Тип Кабеля Тяжелый/Много места/кабельные лотки

Легкий/Компактный/Простой-Кабель. Нет необходимости в кабельных лотках

RFI & EMI Полная не восприимчивость к электромагнитным и радио помехам.

Срок службы 8-10 лет Срок службы 30 лет

Интерфейспользователя

Медный кабель к рабочему месту Оптический кабель к рабочему месту, передача всех сервисов через одну ONU

Service Commission & Provisioning

NA Проверка подлинности ONU и авто-подключение

Поддержка LLDP-MED Поддержка LLDP-MED

10

Key Campus Network Comparison Overview-Cont’d

Категория Параметр Стандартное решение POL

Service Application

Сетевая топология

Многоуровневая модель, поддержка локальной коммутации

Hub-spoke, более преспособленно к облачным сервисам

Доступность Больше уровней активныхкомпонентов,больше потенциальных точек отказа.

Пассивные компоненты, большая простота, меньше точек отказа

Dual homing or ring protection Type B dual homing

Дистанция 100м ограничение для UTP До 20км

Безопасность MACsec –не поддерживается на всех коммутаторах

Шифрование AES-128

Поддержка 802.1x Поддержка 802.1x

Сервисы Ethernet connections ATM/TDM/IP/RF с разными интерфейсами на ONU

Обновление инфраструктуры

Через 8~10 лет необходимо обновление кабельной инфраструктуры для увеличения скорости сети

GPON->XG-PON->40G-PON- >100G-PON могут существовать совместно

O & M Управление Независисмое управление на каждомкоммутаторе

Централизованное управление всеми ONU через OLT

Диагностика Ethernet OAM Ethernet OAM/OTDR etc.,

Обновление ПО Остановка сервиса во время обновления ISSU(In-Service Software Upgrade)

11

Comparison 5 ： Cost Review of POL Solution, ↓47%

End-to-End cost reduced, including riser closet, wiring, and deployment, up to 47%

Distinctive advantage in medium and large campus ( 500+ information points)

0

20

40

60

80

100

120

192端口 576端口 1152端口 2304端口

TCO of POL VS Traditional LSW

Including riser closet/wiring/deployment cost

交换机方案 光纤到桌面（Type B双归属） 光纤到机架(Type B双归属)

1152 ports

$/Port

47% off

8% off

192 ports 576 ports 2304 ports

Switch solution Fiber to the desktop with

redundancyFiber to the rack with redundancy

12

U2000

Radius Server Core Switch NMS

Core Equipment Room

Floor Splitter

Working area

1:32 Splitting

MA5800

① 802.1x Authentication

② Fiber as more secure medium

③ local loop detection

•AES-128 encryption

•No crosstalk/Immune to EMI/RFI

• More difficult for signal leaking

• Multi-level Mgmt right control

• ONU local mgmt prohibited

• Abundant ACL rules

• ONU Series Support 802.1x

authentication on each port

• MAC address bonding

• ONU series support local loop

detection

④ OLT ACL Policies

POL Guarantees Secured Network for Enterprise

1:32 Splitting

13

Security Overview

POL Traditional LSW

NAC Support 802.1x 802.1x

Packet encryption AES-128 MACsec

MAC address Limitation Support Support

BPDU block Support Support

User isolation L2 isolation L2 isolation

Loop Detection Support Ring check Support loop-detect

ACL ACL can be configured from OLT Support ACL

Medium Security No Tempest shieldingNO EMC, no crosstalk

Potential tempest shieldingCrosstalk

14

Security-Encryption-Comparison

MACsec(802.1ae) can be deployed between the host

and access Switches

MACsec Technology is hop-by-hop based

Most of the existing LSWs cannot support MACsec

All the GPON Equipment Supports AES-128 for DS

Encryption from Day 1

XG-PON supports DS/US AES-128

• Payload encryption is much more widely deployed in GPON system and has been proved in Carrier market

• MACsec, as an option for Switches, is not supported by many existing switches and not widely deployed

15

Comprehensive mechanism assures high availability

Backup

Core

Switch

OLT OLT

Type B Dual

Homing

Type B Single

Homing

50ms Switch over

Dual Control, Power, Uplink Card

ISSU

System overload prevention, Anti-DoS

Core

Switch

LAG, MSTP, G.8031, G.8032, E-Trunk

BFD, FRR, VRRP, NSR

LAG: Inter/ Intra-board

PON: TypeB/C Single/Dual Homing(50ms switch over)

16

Huawei Leading 10G PON ONT

HN8245Q HN8055Q HN8254 HN8255Ws

Availability GA GA GA2017.Q2 CA

2017.08 TR6

Uplink XG-PON XG-PON XG-PON XGS-PON

Downlink2POTS+4GE+2 * USB

3.0+2.4G&5G WiFi

1*10GE+4*GE+2USB 3.0 +

2.4G&5G WiFi

1*10GE+4*GE+

2*POTS+2USB3.0

1*10GE+4*GE+

2*POTS+ 2*USB2.0/3.0 +

2.4G&5G WiFi

Wi-Fi

- IEEE 802.11 b/g/n(2.4G)

- IEEE 802.11 a/n/ac(5G)

-3*3 MIMO

- IEEE 802.11 b/g/n(2.4G)

- IEEE 802.11 a/n/ac(5G)

-3*3 MIMO

\

- IEEE 802.11 b/g/n(2.4G) 3*3

MIMO

- IEEE 802.11 a/n/ac(5G)

-4*4 MU-MIMO

17

Series NG-OLT Products

• 11U height ,

• 21 inch width,

• 300mm slim design

• 2*control slots,

• 17*service slots，

• 2*DC input

• 6U height ,

• 19 inch width,

• 300mm design

• 2*control slots,

• 7*service slots，

• 2*DC input

• 2U height ,

• 19 inch width,

• 300mm design

• 2*control slots,

• 2*service slots，

• 2*DC/1*AC input

The same service card can be used in 3 modes OLT and the same control card can be used in mode X17 and X7.

MA5800-X17 MA5800-X7 MA5800-X2

• 1U height ,

• 19 inch width,

• 222mm design

• 8*GPON ports，

• Uplink:2*10GE,2*GE

• 2*DC/2*AC input

MA5801

18

Agile POL Global Applications

Macau Roosevelt Hotel

Australia Aloft Hotel

Skytower building

Italy ENEL

Dubai Jumeirah Naseem

Mexico POSADAS Hotel

Changchun FAW

Beijing Jiaotong University

Southwestern University

Hilton Hotel in Qingdao

China State Grid

YOFC Industrial Park

Sochi Olympic Village

Huawei AgilePOL solution is widely used in campus, hotels, hospital, smart grid, and safe city.

UK Bourne LeisureSafe city in Pakistan

Singapore Changi Airport

TOLL Group logistics center

Spain Candelabra hospital

19

Huawei AgilePOL experience center : All-optical network with fast deployment

Cable Space 80%

4p*8d 4p*4d

50%

60%Power

Air conditional

+

Active Equipment

Passive ODN

IT room 90%

4 0.5

• 8 office building;

• 15,000 employee;

• 595,000 m2 for office

TimeFiber to the desk on deployment

20

Полезный материалМоя почта: ryazanovdenis@Huawei.com

Дополнительный материал:

http://e.huawei.com/en/case-studies/global/2017/201711080907 -Обзор решения

http://e.huawei.com/en/products/fixed-network/access/olt/ma5800 - OLT

http://e.huawei.com/ru/products/fixed-network/access/ont/optical-terminal - ONT