SD-WAN Solution – Overview, Architecture and Key Terms

Samuel Heinrich

Purpose

This note explains the conceptual architecture of Huawei SD-WAN Solution, its layered structure, key components, acronyms, and typical deployment scenarios.

Background and Motivation

Enterprise WAN networks face four structural problems:

  • Closed WAN architecture: Multi-cloud and multi-carrier connectivity is difficult with traditional networks.
  • Poor application experience: Burst traffic displaces critical applications; the network is unaware of services.
  • Slow service rollout: Traditional private lines require 1–3 months for provisioning.
  • Difficult O&M: Manual CLI configuration on heterogeneous devices is error-prone and inefficient.

Huawei addresses these with the SD-WAN Solution built on iMaster NCE-Campus as the controller.

Architecture Layers

The Huawei SD-WAN architecture consists of three layers:

SD-WAN Architecture
Layer Name Core Component Function
Top Management Layer iMaster NCE-Campus Service orchestration, O&M, northbound API
Middle Control Layer RR (Route Reflector) VPN route and topology distribution
Bottom Network Layer CPE (Customer Premises Equipment) Data forwarding, tunnel termination

Management Layer

iMaster NCE-Campus is the central brain of the solution. Responsibilities:

  • Abstraction of the SD-WAN network model, service orchestration, and automatic config delivery
  • Collection of alarms, logs, and performance data
  • Visualization of topology, alarms, and link quality
  • Northbound API for integration into BSS/OSS systems of carriers or enterprises

Protocol notes:

  • Devices running V300 upload performance data via HTTP/2
  • Devices running V600 upload performance data via Telemetry
  • Controller-CPE connection uses NETCONF over an SSH channel
  • Reverse SSH tunnel enables controller → CPE O&M login

Control Layer

The RR is the core component of the control layer. Responsibilities:

  • Distribution of EVPN routes between edge site CPEs
  • Enforcement of topology models defined by the controller (Hub-Spoke, Full-Mesh, etc.)
  • Control of route advertisement based on topology policy

Edge sites establish IBGP peer relationships with their assigned RR pair. Multiple RRs under one tenant are Full-Mesh on the control plane with each other.

Network Layer

CPEs are the edge devices at sites. Responsibilities:

  • Build overlay tunnels (data plane)
  • Terminate WAN links (MPLS, Internet, LTE/5G)
  • Execute policies (QoS, Traffic Steering, Firewall, etc.)
  • Plug-and-play / ZTP

Key Acronyms

Term Meaning
CPE Customer Premises Equipment — edge router at a site
RR Route Reflector — control-plane node for EVPN route distribution
IWG Interworking Gateway — connects SD-WAN overlay to legacy MPLS networks
POP Point of Presence — carrier-side entry point with POP gateway
EVPN Ethernet VPN — BGP extension for MAC/route distribution on the control plane
DSVPN Dynamic Smart VPN — older Huawei VPN technology, superseded by SD-WAN EVPN
Samuel Heinrich
Senior Network Engineer at Selution AG (Switzerland)
Arbeitet in Raum Basel (Switzerland) als Senior Network Engineer mit über 15 Jahren Erfahrung im Bereich Netzwerk

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre, wie deine Kommentardaten verarbeitet werden.