China Everbright Bank: Building an “Intent-Driven” Next Generation WAN
The backbone WAN plays an important part in CEB’s “123 + N” strategy. CEB and Huawei worked together to deploy an intent-driven Software-Defined Networking (SDN) solution for WANs, featuring integrated management, control, and analysis as well as high applicability in real-world scenarios. The solution is designed for large-scale financial WANs.
Founded in August 1992, China Everbright Bank (CEB) is a national joint-stock commercial bank approved by the State Council and the People’s Bank of China. It was listed on the Shanghai Stock Exchange (SSE) in August 2010 and on the Hong Kong Stock Exchange (HKSE) in December 2013. Headquartered in Beijing, the bank provides customers with a full range of financial products and services.
As the digital economy rapidly develops, CEB is promoting a top-level design approach, along with strategic deployment, for digital transformation and the development of Financial Technology (FinTech). Over the several years of its own digital transformation process, CEB has developed a “123 + N” digital banking development system, which entails building one smart brain, setting up two technical platforms (cloud computing and big data), and improving three service capabilities (namely, mobile, open, and ecosystem service capabilities), and producing various smart products and services, such as cloud bill payments, cloud payments, smart loans, blockchain, and an inclusive finance cloud.
The Tier-1 backbone Wide Area Network (WAN) plays a vital role in CEB’s “123 + N” digital banking development strategy. It is responsible for the computer processing, networking, and interconnection of banks across China — supporting nationwide, cross-bank, cross-border, and real-time deposits and withdrawals, as well as money transfers and online wealth management.
However, with increasingly fierce competition among banks, CEB’s traditional WANs faced several significant challenges. For instance, the financial industry requires WANs with high availability and redundancy. However, leasing private lines from carriers is expensive, and the costs of private lines between a bank HQ and its branches are high. To make matters worse, traditional networks can’t fully capitalize on expensive private line resources. What’s more, financial services are complex and their values vary, leading to differences in terms of the delays they can cope with and the amount of bandwidth required from the WAN. Traditional networks can’t detect network traffic status in real-time nor from a global perspective, and can only monitor and detect traffic on certain links, lacking detection methods for all Quality of Service (QoS) queues. As a result, alarms can’t be generated efficiently, the QoS service queue configuration can’t be optimized synchronously, and the transmission quality of critical services can’t be guaranteed.
Meanwhile, flexible network optimization is necessary to cope with various financial services and network changes. Traditional networks don’t support fine-grained control and scheduling and lack flexible WAN traffic optimization capabilities.
CEB’s legacy WAN connected the bank’s data centers and branches through lines leased from carriers, with additional redundant lines improving network availability. Because most carriers charge for leased lines based on bandwidth, the WAN’s daily operation costs were high. Based on service management requirements, CEB classifies its WAN traffic into production, office, test, voice, video, and big data traffic. To make the most of precious line resources, CEB planned to deploy different types of traffic on different lines to form a redundancy mechanism that supports mutual backup. Yet different types of WAN traffic have different characteristics and service values, and they have varied network management and control requirements. Since different types of traffic were placing different requirements on network latency and bandwidth, complex QoS queues needed to be enabled to guarantee and manage services. But manually maintained QoS queue configurations are complex, with traffic changing dynamically along with service development. Static QoS queues simply couldn’t detect such traffic changes in an acceptable timeframe.
Indeed, CEB’s existing network management platforms were unable to detect network traffic status in real-time nor from a global perspective, and could only monitor and detect traffic on certain links, lacking detection methods for all QoS queues. This meant that alarms couldn’t be generated efficiently, the QoS service queue configuration couldn’t be optimized synchronously, and the transmission quality of critical services wasn’t guaranteed.
When WAN line quality deteriorated — suffering from packet loss, delays, and jittering — the bank’s legacy routing protocols were unable to detect the deterioration in real-time nor implement dynamic line switching. Finally, traditional routing protocols couldn’t — and can’t — flexibly select lines based on service types. CEB’s WAN lacked a network-wide “brain” for centralized management and control and was unable to implement centralized traffic scheduling and control policies. As a result, bandwidth usage was unbalanced and line resources were being wasted.
CEB’s network management, control, and analysis requirements were numerous, summarized as:
Network awareness capability: To improve the refined management capability of the WAN, network traffic awareness capability needed to be provided with network changes detected quickly. Specifically, visualization of different types of application traffic on the entire network had to be supported, with the running status of each line tracked to generate a scoring and evaluation mechanism. Moreover, the congestion of each QoS application queue needed to be detected in real-time, with the status of lines and queues displayed in multiple dimensions.
Network analysis capability: Based on network awareness and visualization, the solution CEB sought needed to be able to analyze historical big data of line and queue traffic, identify communication characteristics and periodic traffic characteristics of various applications, and analyze and predict subsequent traffic of lines and queues.
Network control capability: To better adapt to network traffic, the bank wanted combined alarm policies to be defined based on bandwidth usage, latency, packet loss rate in a specified period, and duration of links and QoS queues. In addition, a centralized management and control mode was required, to flexibly select lines based on network traffic policies and service types. Meanwhile, QoS queue parameters needed to be able to be adjusted on demand, implementing centralized traffic scheduling and control policies.
Network intelligence: With a need for real-time network awareness, traffic feature analysis, and centralized line adjustment and control capabilities, CEB also wanted Artificial Intelligence (AI) and Machine Learning (ML) to be used to build an intelligent WAN system, featuring high security as well as self-learning, self-adjustment, and self-protection capabilities. The bank wanted its intelligent WAN to have the ability to detect faults before provisioning services, freeing network administrators from repetitive work, reducing Operations and Maintenance (O&M) costs, facilitating troubleshooting, and enabling more efficient service delivery, better security, and an improved user experience.
Through joint innovation, CEB and Huawei have incubated a WAN architecture solution that integrates management, control, and analysis. The solution is more intelligent in terms of management, supporting a global perspective and intelligent decision-making. Automation is now implemented at the control layer, with controllers replacing manual O&M. On the forwarding plane, routers and lines have been upgraded, and Segment Routing-Traffic Engineering (SR-TE) tunnels are deployed across networks.
Controllers are responsible for an enormous workload, including traffic optimization, path computation, and decision delivery at the forwarding layer. Considering network scale and network availability requirements, there was a risk that controllers would perform too many tasks at the control layer. Therefore, the WAN SDN controller was positioned as the task executor for traffic scheduling and management, responsible for scheduling and executing tasks such as northbound path computation and label delivery. The decision-making tasks originally performed by controllers were transferred to the task manager for network optimization analysis and decision-making. The programmability of the task manager and the scheduling capability of the controller ensure openness at the control layer, preventing control plane faults from affecting the network and ensuring stable and reliable running for the network.
In terms of route implementation at the forwarding layer, the Multiprotocol Label Switching Segment-Routing (MPLS-SR) solution is most suitable for financial WANs — this is what was selected by CEB, after comparison of multiple solutions. MPLS-SR uses lightweight tunnel label forwarding technology, which specifies the original path at the source. The controller calculates MPLS tunnel paths and delivers labels to the entire network through Border Gateway Protocol-Link State (BGP-LS) extension, to instruct routers to establish bidirectional traffic tunnels and construct a local forwarding table after receiving the labels delivered by the controller. After receiving MPLS packets, routers check the label carried in the packet and forward the packet based on the local label forwarding table. Solution verification showed that simple and flexible MPLS-SR technology was able to fully meet the requirements of dynamic path adjustment.
Figure 1: The next generation intelligent WAN SDN architecture of CEB
The intent-driven WAN SDN solution of CEB can be applied in many scenarios and is especially suitable for large-scale financial WAN environments.
Comprehensive service status awareness: The solution visualizes networks and services. The open platform detects and checks devices, lines, and application channels in multiple dimensions, and dynamically detects and displays network and service traffic status, improving the visualization of WAN traffic, paths, and services.
Accurate auxiliary services to optimize decision-making: Big data analytics is used to identify potential risks and proactively provide warnings. In addition, views of device status data can be displayed, facilitating real-time monitoring of mobile bearer network quality and fault locating. Meanwhile, current network running status can be viewed and automatically updated in real-time, enabling key event monitoring and risk avoidance.
One-click fast traffic optimization: Fine-grained detection and automatic scheduling are implemented. Based on high-frequency, fine-grained detection at the application channel level, line quality changes and service quality status can be agilely detected, with adaptive network channel path switching automatically performed. For example, CEB uses three physical WAN links between its headquarters and branches, while most enterprises use two active/standby links. Although two lines are less costly than three, three lines support more scheduling policies, higher redundancy, and finer granularity — improving bandwidth usage, reducing the total bandwidth requirement, and facilitating fast traffic optimization.
Dynamic understanding of network “intents”: The control platform implements line switching through AI-based intent learning. Through continuous big data sampling, learning, and analytics, the control platform can dynamically analyze the traffic period and trend of services based on AI algorithms, and propose corresponding link switching plans in advance. This way, intent-driven network switching can be performed to better meet service traffic requirements. For example, as the brain of intelligent scheduling, the intelligent network management center can obtain current traffic information in real-time through telemetry. Based on big data information — including historical traffic, service requirements, topology, and tunnel information — the intelligent network management center uses AI for continuous optimization and training, eliminating the need for manual network management and forming a real intent-driven, intelligent WAN.
Second-level automatic End-to-End (E2E) service provisioning: Automatic configuration delivery is implemented. Based on incremental increases in bandwidth requirements brought by new service rollout and existing service development, automatic QoS configuration delivery is provided for 120 devices on the entire network, greatly improving the network’s O&M efficiency.
Figure 2: CEB’s next generation intelligent WAN innovations
With the implementation of the next-generation intelligent WAN SDN project, CEB has visualized the network traffic and services of its headquarters and branches, enabled agile service rollout through automatic configuration delivery, and ensured the continuous and stable running of all the applications and systems of the bank, by adopting intelligent scheduling and intent-driven network switching.
CEB will continue developing and promoting the application of technologies such as telemetry and big data, optimize its next generation intelligent WAN, improve refined service awareness capabilities, and enhance application traffic scheduling capability based on service requirements. Using technological capabilities to empower digital transformation and service development, Huawei aims to help CEB grow into a world-class bank.
Founded in August 1992, China Everbright Bank (CEB) is a national joint-stock commercial bank approved by the State Council and the People’s Bank of China. It was listed on the Shanghai Stock Exchange in August 2010 and on the Hong Kong Stock Exchange in December 2013. Headquartered in Beijing, the bank provides customers with a full range of financial products and services.