HI All, Has anybody had any experience of Huawei Mobile/Metro edge routers? I'm looking for something that will handle various MPLS services (Layer 2/3), QinQ with about 10x1Gb Ethernet interfaces (no need for 10G). How are they compared to JNPR/CSCO/etc equivalent ? Thanks, Leigh Porter UK Broadband/PCCW ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
On (2012-03-06 09:24 +0000), Leigh Porter wrote:
Has anybody had any experience of Huawei Mobile/Metro edge routers? I'm looking for something that will handle various MPLS services (Layer 2/3), QinQ with about 10x1Gb Ethernet interfaces (no need for 10G).
How are they compared to JNPR/CSCO/etc equivalent ?
You probably want the CX600 series box if you're looking something to compete against ASR9k/MX. It should do what you need (10GE also). I've not really used them much, I think I've just configured enough to get 6VPE working, and it worked (against CSCO and JNPR) and was easy enough to do without docs. On paper they look fine, CLI is worse than IOS, but honestly if CLI is critical to you, you're probably doing something wrong anyhow (meaning, systems should be touching routers, not people) But personally, I'd only buy it, if there were significant long-term cost benefits. Just because getting community support for IOS/JunOS is so much easier. And investing time learning Cisco/Juniper platforms inside-out, seems better personal investment in EMEA market. -- ++ytti
Saku Ytti <saku@ytti.fi> writes:
I've not really used them much, I think I've just configured enough to get 6VPE working, and it worked (against CSCO and JNPR) and was easy enough to do without docs. On paper they look fine, CLI is worse than IOS, but honestly if CLI is critical to you, you're probably doing something wrong anyhow (meaning, systems should be touching routers, not people)
Hmm, we have systems using CLI as interface to the routers. What other options do these boxes provide? Bjørn
On (2012-03-06 11:05 +0100), Bjørn Mork wrote:
do without docs. On paper they look fine, CLI is worse than IOS, but honestly if CLI is critical to you, you're probably doing something wrong anyhow (meaning, systems should be touching routers, not people)
Hmm, we have systems using CLI as interface to the routers. What other options do these boxes provide?
I've not looked if they do netconf or whatnot, but that wasn't really my point. My point was, your system doesn't complain to you daily that working with huawei CLI is more annoying than IOS. -- ++ytti
On 3/6/2012 4:20 AM, Saku Ytti wrote:
I've not looked if they do netconf or whatnot, but that wasn't really my point. My point was, your system doesn't complain to you daily that working with huawei CLI is more annoying than IOS.
On the other hand, if you hop into other people's Huawei routers via CLI you will curse and scream. As close as I could tell, it handles most functionality of IOS, but they tried to find a synonym for every word cisco used in the cli. I thought working in Alcatel was bad compared to IOS/Junos, but Huawei definitely is up there as bad. Communicating with their installers in a multi-vendor environment left a lot to be desired. Their documentation was somewhat readable. In general, it is like all the other vendors. A ton of research to make sure the product does exactly what you want it to do, testing and adapting engineering plans based on what it will actually do. Extremely long delays in fixing any bugs or problems which you can't resolve yourself. Jack (spends too much time in cli, needs a versatile translation system for quick contract work).
I last played with Huawei routers about 10 years ago and it looked very much like IOS. Interesting that they have changed. Also interesting that you don't like Alcatel's TiMOS - I prefer it to IOS, and find it comparable to Junos. I suppose we all have our own tastes... Jonathon -----Original Message----- From: Jack Bates [mailto:jbates@brightok.net] Sent: Wednesday, 7 March 2012 5:51 a.m. To: nanog@nanog.org Subject: Re: Huawei edge routers.. On 3/6/2012 4:20 AM, Saku Ytti wrote:
I've not looked if they do netconf or whatnot, but that wasn't really my point. My point was, your system doesn't complain to you daily that working with huawei CLI is more annoying than IOS.
On the other hand, if you hop into other people's Huawei routers via CLI you will curse and scream. As close as I could tell, it handles most functionality of IOS, but they tried to find a synonym for every word cisco used in the cli. I thought working in Alcatel was bad compared to IOS/Junos, but Huawei definitely is up there as bad. Communicating with their installers in a multi-vendor environment left a lot to be desired. Their documentation was somewhat readable. In general, it is like all the other vendors. A ton of research to make sure the product does exactly what you want it to do, testing and adapting engineering plans based on what it will actually do. Extremely long delays in fixing any bugs or problems which you can't resolve yourself. Jack (spends too much time in cli, needs a versatile translation system for quick contract work). This email and attachments: are confidential; may be protected by privilege and copyright; if received in error may not be used, copied, or kept; are not guaranteed to be virus-free; may not express the views of Kordia(R); do not designate an information system; and do not give rise to any liability for Kordia(R).
On 3/6/2012 3:41 PM, Jonathon Exley wrote:
I last played with Huawei routers about 10 years ago and it looked very much like IOS. Interesting that they have changed. Also interesting that you don't like Alcatel's TiMOS - I prefer it to IOS, and find it comparable to Junos. I suppose we all have our own tastes...
Huawei looks very much like IOS, except many of the commands were renamed. Someone mentioned a reason to me, but I don't know if it was true, so I won't repeat it. IOS at least supports | section, and I hear that IOS-XR and IOS-XE both have advanced configuration capabilities similar to Junos, but I don't own any of the hardware that supports those code bases. I've yet to find a router vendor I liked 100%, though. Limited feature sets, interoperability problems, bugs, and months to resolve issues and generally requiring upgrades to code that has new issues. :( But as you said, we all have our own tastes... Mine just happens to be for a non-existent company/product. Jack
On the other hand, if you hop into other people's Huawei routers via CLI you will curse and scream. As close as I could tell, it handles most functionality of IOS, but they tried to find a synonym for every word cisco used in the cli.
This does occasionally brighten up my day with gems like "rip no work" and "reset-recycle-bin", so it's not all bad :) Regards, Tim.
On 7 Mar 2012, at 09:48, "Tim Franklin" <tim@pelican.org> wrote:
On the other hand, if you hop into other people's Huawei routers via CLI you will curse and scream. As close as I could tell, it handles most functionality of IOS, but they tried to find a synonym for every word cisco used in the cli.
This does occasionally brighten up my day with gems like "rip no work" and "reset-recycle-bin", so it's not
Oh so you have to configure it in chinglish.. Well I'll certainly be looking forward to that ! Somebody set up us the BGP. -- Leigh ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
On (2012-03-07 09:46 -0000), Tim Franklin wrote:
This does occasionally brighten up my day with gems like "rip no work" and "reset-recycle-bin", so it's not all bad :)
I liked how ssh is secure-telnet, took bit head scratching to enable ssh. But again, I don't think crappy or good CLI is very important matter, when using systems. And it's not something your customers will notice, so you cannot charge premium. -- ++ytti
On 07/03/2012 10:31, Saku Ytti wrote:
But again, I don't think crappy or good CLI is very important matter, when using systems.
it isn't - if you're large enough that you have an automated provisioning system. Most of us aren't in that category though, and for those who aren't, it's the L3 tech people who will be doing the product evaluation and who will end up loathing the kit because of the horrible cli, and who will then be less likely to make a recommendation to buy it, as they're the people who are going to end up using it the most. Nick
On 3/7/2012 4:55 AM, Nick Hilliard wrote:
it isn't - if you're large enough that you have an automated provisioning system. Most of us aren't in that category though, and for those who aren't, it's the L3 tech people who will be doing the product evaluation and who will end up loathing the kit because of the horrible cli, and who will then be less likely to make a recommendation to buy it, as they're the people who are going to end up using it the most. Nick
Unless they get overruled. The project I saw Huawei go into was a mixed environment for cellular and IP routing. The company decided to stick to one manufacturer. They apparently had issues with other gear handling their mobile stuff and Huawei came in at a good price. Then I had to explain to their installers why they needed an area 0 (which is funny, since I barely know anything of OSPF as I almost exclusively use ISIS). :( Jack
On Mar 7, 2012, at 2:55 AM, Nick Hilliard wrote:
On 07/03/2012 10:31, Saku Ytti wrote:
But again, I don't think crappy or good CLI is very important matter, when using systems.
it isn't - if you're large enough that you have an automated provisioning system. Most of us aren't in that category though, and for those who aren't, it's the L3 tech people who will be doing the product evaluation and who will end up loathing the kit because of the horrible cli, and who will then be less likely to make a recommendation to buy it, as they're the people who are going to end up using it the most.
Nick
I disagree. A good CLI vs. a bad one can also make a difference in the interaction with an automated provisioning system. Sure, you can work around the bad CLI and mask it better with an APS, but, it still causes problems even with an APS. Owen
----- Original Message -----
From: "Saku Ytti" <saku@ytti.fi>
On (2012-03-07 09:46 -0000), Tim Franklin wrote:
This does occasionally brighten up my day with gems like "rip no work" and "reset-recycle-bin", so it's not all bad :)
I liked how ssh is secure-telnet, took bit head scratching to enable ssh.
That is, of course, incorrect; there is actually a "secure telnet"; ISTR it's telnet-over-ssl? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
-----Original Message----- From: Jay Ashworth [mailto:jra@baylink.com] Sent: 07 March 2012 15:28 To: NANOG Subject: Re: Huawei edge routers..
----- Original Message -----
From: "Saku Ytti" <saku@ytti.fi>
On (2012-03-07 09:46 -0000), Tim Franklin wrote:
This does occasionally brighten up my day with gems like "rip no work" and "reset-recycle-bin", so it's not all bad :)
I liked how ssh is secure-telnet, took bit head scratching to enable ssh.
That is, of course, incorrect; there is actually a "secure telnet"; ISTR it's telnet-over-ssl?
How do you enable SSH then? Do Huawei routers even have SSH? It'd slightly ironic that there is fuss around getting a Juniper domestic image with SSH enabled and yet a Chinese vendor likely just gives it away. So having said all that, has anybody here had good experiences of Huawei routers? Have they worked well in your networks and are you happy with them? I'm mainly looking for something small (1-2U) that will do Ethernet over MPLS, VPLS and L3VPN services. -- Leigh ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
On 3/7/2012 9:32 AM, Leigh Porter wrote:
I liked how ssh is secure-telnet, took bit head scratching to enable ssh. That is, of course, incorrect; there is actually a "secure telnet"; ISTR it's telnet-over-ssl? How do you enable SSH then?
It may be incorrect terminology, but it is actually ssh on the box.
sys ]rsa local-key-par create ]stelnet server enable ]undo ssh server compatible-ssh1x enable
]display ssh server status SSH version :2.0 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP server :Disable Stelnet server :Enable ]quit
save all
Do Huawei routers even have SSH? It'd slightly ironic that there is fuss around getting a Juniper domestic image with SSH enabled and yet a Chinese vendor likely just gives it away.
See above.
So having said all that, has anybody here had good experiences of Huawei routers? Have they worked well in your networks and are you happy with them? I'm mainly looking for something small (1-2U) that will do Ethernet over MPLS, VPLS and L3VPN services.
My experience is limited with just keeping it running and configuring what I must. I have 0 documentation and it requires a lot of "?" for me to find the appropriately named commands for what I want to do still. I haven't seen the physical box. I've heard them call it an X3 and an NE40E. A little googling, and I'm not sure if this router is even a homebrew for them. I suspect others have a lot more experience with their various platforms. Jack
On 3/7/2012 1:08 PM, Valdis.Kletnieks@vt.edu wrote:
On Wed, 07 Mar 2012 10:22:56 CST, Jack Bates said:
]undo ssh server compatible-ssh1x enable Ouch. That's brutal. Is it true that setting isn't listed under 'display ssh server status'?
]ssh server compat enable ]display ssh server status SSH version :1.99 Appears to show it. Lists 2.0 if you turn it off. Jack
On 7 March 2012 15:25, Jay Ashworth <jra@baylink.com> wrote:
----- Original Message -----
From: "Saku Ytti" <saku@ytti.fi>
On (2012-03-07 09:46 -0000), Tim Franklin wrote:
This does occasionally brighten up my day with gems like "rip no work" and "reset-recycle-bin", so it's not all bad :)
I liked how ssh is secure-telnet, took bit head scratching to enable ssh.
That is, of course, incorrect; there is actually a "secure telnet"; ISTR it's telnet-over-ssl?
There's also RFC2942 for Kerberos authenticated TELNET which is "secure" in one sense and RFC2946 for encrypted sessions though I'm not sure if this is widely supported. They are listed in the TELNET client on the Mac (Snow Leopard) that I'm using so you never know... Aled
participants (11)
-
Aled Morris
-
Bjørn Mork
-
Jack Bates
-
Jay Ashworth
-
Jonathon Exley
-
Leigh Porter
-
Nick Hilliard
-
Owen DeLong
-
Saku Ytti
-
Tim Franklin
-
Valdis.Kletnieks@vt.edu