华为 Agile Controller 售前培训胶片

and Representational State Transfer (REST) API interface capabilities, that allow service applications to employ network capabilities through their defined interfaces. The result is that the Agile Controller 2.0 enables the orchestration of network-wide resources in support of application services.Networks using traditional, non-SDN architectures require administrators to allocate network resources for individual services, either manually or by script, which is inefficient, time-consuming, labor intensive, and difficult to troubleshoot because network resources cannot be scheduled uniformly. Service deployments in non-SDN environments start from the bottom layer and require complex basic configurations. The results are the slow rollout of new services and an increase in the costs of value-added services.The demand for efficient rollouts of new, persona-lized, and diversified services requires a network infrastructure able to support unified management and dynamic, scalable resource scheduling.Service-to-network models help the rapid launch of network services by following these steps:•Define the business model for network services and the expressed use of network resources.•Map the relationship between network services and resources.•Describe network services and infrastructure allo-cations in software.•Identify similarities and discrepancies between the business and service models for the purpose of decoupling network control from the physical networks.Traditional network control solutions tend to follow bottom-up designs that allow network visibility to upper layer services and require manual configuration for the deployment of devices and services, such as subnets, switches, routers, firewalls, and load balancers. Once configured, the result is that IT solu-tions will routinely interact with all necessary appli-cations and services, but is not easily modified.In comparison, SDN centered solutions — based on general-purpose computer technology support for global control of physical networks — are more generally top-down designs that implement services based on flow-control requirements. Templates are used to automate scheduling across the entire service platform, including tenants, networks, services, security, and load balancing. The SDN approach re-duces operations and maintenance costs, minimizes configuration errors, and accelerates network deploy-ment. The result is an ability to easily launch and update agile and efficient network services.The Agile Controller 2.0 converges management, policy, and control plane logic into a single program. By removing the restrictions of the physical network, the Agile Controller 2.0 achieves the following:•The Management Plane provides a holistic view of the virtual network topology for the purpose of providing uniform control and visibility for overlay, underlay, and tenant-based applications, as well as the logical and physical networks.•The Policy Plane arranges network services automatically, using the End Point Group (EPG) model and logical network language. The Agile Controller 2.0 works with mainstream cloud plat-forms for implementing application-oriented network functions and opening network services based on subnet, router, FwACL, SNAT, and IPSec VPN parameters.•The Control Plane interacts with the overlay networks and deploys in uplift or sinking mode, working with the cloud platform to obtain computing resources, and works with servers for controlling virtualization awareness and the management of the Address Resolution Protocol (ARP) cache and ingress replication tables.Controllers Lead the SDN EraSDN development removes the constraints of tradi-tional network hardware by using standard south-bound protocols for virtualizing the deployment of underlying network devices. For upper-layer app-lications, SDN provides rich northbound APIs, which allow for the flexible set-up and revision of packet forwarding policies to the underlying switches.The Agile Controller 2.0 is the key value-adding component of any new or upgraded SDN network, as the controller is simultaneously the brain of the bottom-layer devices and the platform on which the upper-layer management and control applications are run.▲。

CPE/uCPEEnterprise HQCloudCPEEnterprise Network in CloudDCThe Agile Controller-Campus is a next-generation campus and branch network controller developed by Huawei. The AgileController-Campus uses new technologies such as cloud computing, SD-WAN, and VXLAN to implement network virtualization, policy centralization, and cloud-based management. The Agile Controller-Campus provides enterprises with fast managed LAN and cloud-based leased line services, reduces OPEX, and accelerates migration of services to the cloud and digital transformation.Huawei Agile Controller-Campus is the core component of Huawei SD-WAN solution. This document describes the functions of the Agile Controller-Campus in the SD-WANsolution.Product OverviewSolution DescriptionAs enterprises undergo ICT transformation, a large number of enterprise services are being migrated to the cloud. Traditional enterprise leased line solutions hardly can meet enterprise service requirements in the cloud era. First of all, leased lines are expensive. According to the Telecom market research and survey of consulting corporations, thecost of MPLS leased lines is several times or dozens of times that of the Internet, consuming a large amount of enterprise funds. In addition, it takes a long time (an average of 30 working days) to provision services, preventing enterprise customers from quickly obtaining services. Finally, maintaining enterprise leased lines is costly. Traditional leased line devices require maintenance to be carried out onsite. For enterprises with multiple branches, it is difficult to maintain the branch networks and maintenance costs are high.To meet the requirements of service cloudification and industry digitalization, enterprise leased lines require higher bandwidth, simplified O&M, and quick responses to service changes. Huawei's innovative SD-WAN solution helps enterprises build application-aware, cost-effective, easy-to-maintain, and on-demand cloud-based enterprise leased lines, and reshapes the online experience of service provisioning, O&M, adjustment, and optimization. This solution facilitates the rapid innovation of enterprise services in thecloud era and helps enterprises achieve business success.Huawei Agile Controller-Campus DatasheetNETCONFEnterprise Branch 1CPEuCPEvFWvWoC …Enterprise Branch nInternetMPLSArchitecture of Huawei SD-WAN solutionHuawei SD-WAN solution aims to solve problems caused by traditional enterprise leased lines. It allows enterprises to quickly pr ovision new services, reduce investment and O&M costs, and quickly respond to service demands and changes in the cloud era. This solution strengthens enterprise competitiveness and leads the entire business ecosystem. Huawei SD-WAN solution offers the following benefits:• Flexible link binding, reducing bandwidth costs• Service provisioning time shortened from months to days• Application -aware intelligent path selection, improving user experience • Plug -and-play, visualized O&M, reducing OPEXKey ComponentsHuawei Agile Controller-Campus is the core component of Huawei SD-WAN solution. It manages enterprise interconnection services throughout the entire process, and provides a wide range of unmatched functions and capabilities, such as automated deployment of leased line services, configuration of intelligent path selection policies, VAS management, plug-and-play, and visualized O&M. The Agile Controller-Campus providesnorthbound RESTful interfaces for easy interconnection with third-party systems, and communicates with devices through southbound NETCONF, HTTP2.0, and HTTPS interfaces to implement device management and control.NETCONFHTTP2Southbound interfaceHTTPSVAS managementTraffic policySecurity policyPlug-and-play Service functionsRESTful Northbound interface Multi-tenant managementCluster management Alarm managementBasic functionsLog managementVASsOSS/BSSAnalysis system3rd-party VASOther applicationsVisualized O&M Enterprise branchCPEuCPEHQ/DCPhysical networkMPLSInternetLTEPublic cloud/private cloudCPE/uCPE Device configurationTunnel management Network PMI Device upgradevCPEEnterprise branchBenefitsFast deployment, accelerating SD-WAN service provisioningThe Agile Controller-Campus can automatically deploy end-to-end network services and supports plug-and-play for all series of CPEs, so that devices can quickly go online. The Agile Controller-Campus supports quick configuration and automatic deployment of leased line tunnels, shortening the leased line service provisioning period from months to days, making service provisioning more convenient, and meeting enterprise requirements for rapid network service expansion.Intelligent path selection, improving user experienceThe Agile Controller-Campus supports configuration of application-based intelligent path selection, including the configuration of predefined application identification and user-defined application identification. The Agile Controller-Campus implements differentiated network services based on different user requirements on application quality to preferentially ensure the quality of services for key applications.On-demand VAS, accelerating service provisioningThe Agile Controller-Campus supports uCPE management. The uCPE uses the x86/ARM universal hardware platform to carry virtualization services, and runs VNFs to provide functions such as firewall and WOC. The Agile Controller-Campus can manage VNFs on the uCPE throughout the lifecycle. Enterprise customers can quickly load VASs. In addition, the Agile Controller-Campus supports service chain orchestration, ensuring that service traffic passes through multiple VNF nodes in sequence, meeting enterprises' various service requireme nts.Visualized O&M and visualized application traffic across the entire networkThe Agile Controller-Campus supports visualized management of applications and links. The Agile Controller-Campus can visualize the status of the entire network and display the network status in real time, improving O&M efficiency. The Agile Controller-Campus monitors and collects statistics on the actual service flow, and presents the quality, status, and trend of applications and links, implementing quick troubleshooting and accurate fault backtracking.Key Features Key Feature ValuePlug-and-play Tunnel managementIntelligent path selectionOn-demand VAS Application visualization In the SD-WAN scenario, an enterprise needs to deploy CPEs at the sites. After being powered on, the CPEs automatically obtain IP addresses and proactively register with the Agile Controller-Campus to complete configurations and go online. The plug-and-play feature requires no manual configuration, saving much time and reducing misconfigurations. Plug-and-play can be implemented using the following methods:• URL in the emailHuawei SD-WAN solution provides hybrid link access capabilities. To ensure experience of services for key enterprise applications, the Agile Controller-Campus supports application-and application quality-based intelligent path selection. This ensures that services requiring high link quality use leased lines, and other services use Internet links. When a network fault occurs or the link quality is unstable, a link switchover can be flexibly performed to improve user experience. To implement intelligent path selection, the Agile Controller-Campus supports the following functions:• Identification of predefined applications and user-defined applications• IP FPM-based link quality detection (including latency, jitter, and packet loss)• Path selection policy management of applicationsIn traditional mode, VASs for enterprise sites are provided by different pieces of hardware. The disadvantages lie in fixed hardware functions and complex service deployment and provisioning. To implement fast, on-demand VAS deployment, Huawei launches the uCPE based on the x86/ARM architecture. The uCPE can carry virtualized VASs. The Agile Controller-Campus can manage and control VNFs on the uCPE, including:• Full-lifecycle management of VNFs on the uCPE, including installing, pausing, stopping, restarting and deleting VNFs• Service chain orchestration of VNFs on the uCPE• Monitoring of VNFs on the uCPE(including query of information such as the VNF management IP address, CPU, RAM, and running/operating status)• Support for multiple types of VNFs (such as Huawei vFW/vAR, Riverbed vWOC, Fortinet FortiGate, and Checkpoint vSec)The Agile Controller-Campus supports application-based visualized management. Users can quickly locate faults using the Agile Controller-Campus, simplifying O&M. To implement application visualization, the Agile Controller-Campus can display:• Health score distribution, worst 5 sites by health score, site list and other information of network-wide sites• Average AQM , bandwidth usage, throughput trend, Worst 5 Applications by AQM, and other information of a specified site• Worst 5 links by LQM, top 5 links by traffic, link list and other information of network-wide links• LQM trend, throughput trend, application top traffic, application AQM distribution, and other information of a specified link • AQM distribution, worst 5 applications by AQM, top 5 application traffic, application list and other information of network-wide applications.• AQM trend, throughput trend, and other information of a specified applicationAs the number of enterprise branches increases, inter-branch access traffic also increases. Traditionally, inter-branch access traffic needs to be transmitted via the enterprise headquarters, consuming resources of the headquarters and causing delay. The Agile Controller-Campus supports automatic deployment of dynamic smart VPN (DSVPN), implementing dynamic establishment of tunnels between branches. The Agile Controller-Campus supports IPSec encryption, ensuring security of enterprise services. To implement tunnel management, the Agile Controller-Campus supports the following functions:• DSVPN tunnel• Full-mesh and Hub-Spoke networking• IPSec encryptionOrdering InformationItem License QuantityPlatformDevice management SD-WAN function VAS management SD-WAN Platform SoftwareDevice Management License For AR160, Per DeviceDevice Management License For AR1X00, Per DeviceDevice Management License For AR2X00, Per DeviceDevice Management License For AR3X00, Per DeviceDevice Management License For AR651W-X4, Per DeviceDevice Management License For AR651-X8, Per DeviceDevice Management License For AR1610-X6, Per DeviceDevice Management License For AR1000V, Per DeviceSD-WAN Service License For AR160, Per DeviceSD-WAN Service License For AR1X00, Per DeviceSD-WAN Service License For AR2X00, Per DeviceSD-WAN Service License For AR3X00, Per DeviceSD-WAN Service License For AR651W-X4, Per DeviceSD-WAN Service License For AR651-X8, Per DeviceSD-WAN Service License For AR1610-X6, Per DeviceSD-WAN Service License For AR1000V, Per DeviceVirtual Application Management License For uCPE, Per vCPU1-21-N1-N1-N1-N1-N1-N1-N1-N1-N1-N1-N1-N1-N1-N1-N1-N1-NAgile Controller software licenseAgile Controller Subscription And Support LicenseMore InformationFor more information about the Huawei Agile Controller-Campus, visit .Item Quantity Platform SnSDevice management SnSSD-WAN function SnSVAS management SnSSnS LicenseSubscription And Support, 1/2/3 Year, SD-WAN Platform SoftwareSubscription And Support, 1/2/3 Year, Device Management License For AR160 or AR6X0, Per Device Subscription And Support, 1/2/3 Year, Device Management License For AR1X00, Per Device Subscription And Support, 1/2/3 Year, Device Management License For AR2X00, Per Device Subscription And Support, 1/2/3 Year, Device Management License For AR3X00, Per DeviceSubscription And Support, 1/2/3 Year, Device Management License For AR651W-X4, Per Device Subscription And Support, 1/2/3 Year, Device Management License For AR651-X8, Per Device Subscription And Support, 1/2/3 Year, Device Management License For AR1610-X6, Per Device Subscription And Support, 1/2/3 Year, Device Management License For AR1000V, Per Device Subscription And Support, 1/2/3 Year, SD-WAN Service License For AR160, Per Device Subscription And Support, 1/2/3 Year, SD-WAN Service License For AR1X00, Per Device Subscription And Support, 1/2/3 Year, SD-WAN Service License For AR2X00, Per Device Subscription And Support, 1/2/3 Year, SD-WAN Service License For AR3X00, Per DeviceSubscription And Support, 1/2/3 Year, SD-WAN Service License For AR651W-X4, Per Device Subscription And Support, 1/2/3 Year, SD-WAN Service License For AR651-X8, Per Device Subscription And Support, 1/2/3 Year, SD-WAN Service License For AR1610-X6, Per Device Subscription And Support, 1/2/3 Year, SD-WAN Service License For AR1000V, Per DeviceSubscription And Support, 1/2/3 Year, Virtual Application Management License For uCPE, Per vCPU1-N1-N 1-N 1-N 1-N1-N 1-N 1-N 1-N 1-N 1-N 1-N 1-N 1-N 1-N 1-N 1-N 1-N。

Agile Controller-Campus V100R002C00 配置手册(仅供内部使用)拟制: 汪敦全、丁凌风、蒲俊杰日期：2014-4-2审核: 日期：审核: 日期：批准: 日期：华为技术有限公司版权所有侵权必究目录1Agile Controller-Campus V100R002C00总体介绍 (9)1.1系统网络逻辑结构及接口关系 (10)1.1.1Controller服务器网络实体组成 (10)1.1.2Controller安全协防组件网络实体组成 (11)1.2组网方式和配置原则介绍 (11)1.2.1Controller服务器的组网和配置原则 (11)1.2.2802.1X准入控制的组网和配置原则 (17)1.2.3硬件SACG准入控制的组网和配置原则 (20)2产品基本配置说明 (24)2.1系统配置简介 (24)2.2SM&SC组件的服务器和客户端配置说明 (26)2.2.1服务器配置 (27)2.2.2客户端配置 (32)2.2.3服务器软硬件配置说明 (32)1.单服务器方案配置说明 (33)2.服务器备份方案配置说明 (34)3.数据库镜像方案配置说明 (35)2.3安全协防组件设备配置说明 (35)3报价项配置说明 (38)3.1配置概述 (38)3.2Agile Controller-Campus 软件报价说明 (38)3.2.1接入控制报价项 (38)3.2.2访客管理报价项 (39)3.2.3业务随行报价项 (40)3.2.1业务编排报价项 (40)3.3安全协防软件报价说明 (40)3.3.1SecView报价项 (43)3.3.2iRadar报价项 (43)3.4SM&SC组件的业务整机报价项说明 (43)3.5安全协防组件的业务整机服务器报价项说明 (49)3.7存储设备报价项说明 (52)4产品配置说明 (52)4.1产品配置清单和配置说明 (52)4.2业务整机的配置说明 (54)4.3存储配置说明 (69)4.4组件｜附件-Agile Controller-软件 (73)4.5组件｜License配置说明 (76)4.5.1License包配置说明 (76)4.5.2License报价项配置说明 (77)4.5.3接入控制服务License配置说明 (77)4.5.4访客管理特性License配置说明 (78)4.5.5业务随行特性License配置说明 (79)4.5.6业务编排特性License配置说明 (79)4.5.7安全协防特性License配置说明 (80)4.5.8定制开发License配置说明 (82)4.6外部成套电缆配置说明 (82)5资料配置说明 (84)6部分配件说明 (84)6.1市场建议 (84)6.2用户自备硬件说明 (84)6.3合同预审要求 (85)7扩容和升级改造方法与配置说明 (85)7.1扩容方法与配置说明 (85)7.1.1扩容的方法与原则 (85)7.1.2扩容设备的清单 (85)7.1.3可扩容部分的说明 (85)7.1.4扩容所涉及的机柜、母板插框、单板等的配置原则 (86)7.1.5扩容中需特别注意的问题 (86)7.2升级改造方法与配置说明 (86)7.2.1升级改造方法 (86)7.2.2升级设备的清单 (86)7.2.3可升级部分的说明 (86)7.2.4更换部件注意事项 (86)8.1附录I：缩略语清单 (87)表目录表1 集中组网推荐配置表 (25)表2 分布式组网分支机构推荐配置表 (25)表3 AnyOffice客户端的运行环境 (32)图目录图1 Agile Controller-Campus系统网络实体组成 (10)图2 单服务器集中组网方案 (12)图3 双服务器集中组网方案 (13)图4 三服务器集中组网方案 (14)图5 业务控制器分布式组网方案 (16)图6 在接入层交换机上实施802.1X (18)图7 在汇聚层交换机上实施802.1X (19)图8 SACG直挂路由模式部署方案 (20)图9 SACG侧挂路由模式部署方案 (21)图10 SACG透明/混合模式部署方案 (22)图11 SACG侧挂侧挂核心交换机示意图 (23)Agile Controller-Campus V100R002C00配置手册关键词：准入控制、补丁管理、软件分发、安全接入控制网关、WEB认证客户端。

接入控制技术白皮书Access Control Technical White Paper(仅供内部使用）For internal use only拟制: Prepared by G67943 日期：Date2014-4-9审核: Reviewed by 日期：Date审核: Reviewed by 日期：Date批准: Granted by日期：Date华为技术有限公司Huawei Technologies Co., Ltd.版权所有侵权必究All rights reserved修订记录Revision record目录1概述 (6)1.1产生背景 (6)1.2技术特点 (6)2终端接入控制 (6)2.1802.1X准入控制 (6)2.1.1有线802.1X接入控制 (7)2.1.2无线802.1X接入控制 (8)2.2Portal接入控制 (9)2.3MAC旁路接入控制 (11)2.4SACG接入控制 (12)3典型组网应用 (13)3.1802.1X+MAC旁路认证接入控制 (13)3.2Portal接入控制 (13)3.3SACG接入控制 (14)4参考文档 (14)图目录 Table of contents for the figure图1802.1X体系结构示意图 (7)图2EAP-MD5协议流程示意图 (7)图3无线802.1X协议流程示意图 (8)图4Portal系统组成示意图 (10)图5Portal协议框架 (10)图6Portal协议框架 (11)图7802.1X+MAC旁路认证示意图 (12)图8Portal+MAC旁路认证示意图 (12)图9有线802.1X+MAC接入控制组网示意图 (13)图10有线802.1X接入控制组网示意图 (14)图11SACG接入控制组网示意图 (14)接入控制技术白皮书Access Control Technical White PaperKey words 关键词：接入控制、802.1X、Portal、MAC旁路认证、SACGAbstract 摘要：华为策略管理中心针对不同客户的网络情况，提供了多种网络接入控制解决方案。

agile controller 手册Agile Controller 手册是关于华为公司开发的网络管理平台——Agile Controller 的详细文档。

本手册旨在为用户提供必要的指导，帮助他们正确、高效地使用和管理这一平台。

在本手册中，你将了解到关于Agile Controller的基本概念、功能特性以及使用方法等内容。

以下是本手册的详细内容：一、简介1.1 Agile Controller 概述1.2 手册目的1.3 使用范围和对象1.4 术语和缩略语解释二、安装与部署2.1 系统要求2.2 安装前准备2.3 Agile Controller 安装步骤2.4 系统部署配置三、用户管理3.1 超级管理员账户3.2 用户权限管理3.3 用户组管理3.4 登录与注销操作四、网络设备管理4.1 设备接入与管理4.2 设备监控与告警4.3 设备配置备份与恢复4.4 设备拓扑图五、网络拓扑管理5.1 拓扑发现与显示5.2 拓扑分析与规划5.3 拓扑自动布局六、网络服务管理6.1 VLAN配置与管理 6.2 路由配置与管理6.3 QoS配置与管理6.4 安全策略配置与管理6.5 NAT配置与管理七、流量监控与分析7.1 流量监控与实时统计 7.2 流量报表与分析7.3 流量告警与日志管理八、故障定位与排除8.1 告警处理与故障定位 8.2 故障排除与修复8.3 系统日志与事件管理九、系统管理与维护9.1 系统配置与设置9.2 数据备份与恢复9.3 系统升级与Patch管理9.4 授权与License管理十、常见问题解答10.1 安装与部署问题10.2 用户管理问题10.3 设备管理问题10.4 网络服务问题10.5 流量监控问题10.6 故障排除问题10.7 系统维护问题结论本手册为用户提供了关于Agile Controller的全面介绍，并指导用户如何正确使用和管理该平台。

通过学习本手册，用户可以更好地理解Agile Controller的功能特性，并掌握相应的操作技巧。