China Showdown Huawei vs ZTE
Of the two large Chinese Vendors, which has the better network operating system? Huawei is much larger that ZTE is my understanding, but larger does not always mean better. Both of these manufactures have switches and routers. I doubt we will use their routing products anytime soon, but the switching products with MPLS are what we are exploring. Price wise both of these vendors seem to have 10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper wants to charge. On the Huawei side looks like the S6720 is a fit. On the ZTE side, it looks like the ZXR10 5960 Series is a fit. Has anyone had experience with either of these two switches? How do they compare? Also, for each independent brand, is their switching network operating system the same as their routing network operating system that their routers run?
Why not just go the whitebox route and pick your NOS of choice? Far cheaper, and far more flexible. On Fri, Apr 20, 2018, 7:28 AM Colton Conor <colton.conor@gmail.com> wrote:
Of the two large Chinese Vendors, which has the better network operating system? Huawei is much larger that ZTE is my understanding, but larger does not always mean better.
Both of these manufactures have switches and routers. I doubt we will use their routing products anytime soon, but the switching products with MPLS are what we are exploring. Price wise both of these vendors seem to have 10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper wants to charge.
On the Huawei side looks like the S6720 is a fit. On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
Has anyone had experience with either of these two switches? How do they compare?
Also, for each independent brand, is their switching network operating system the same as their routing network operating system that their routers run?
Josh, I like the whitebox route, but I can't find anything that will come close price wise. Example, Huawei S6720 with 24 10G ports, 2 40G ports, and full MPLS operating system from Huawei is $3500 out the door with a lifetime warranty. I can't even find a whitebox hardware, not even accounting for the OS, that is close to that price. Most 48 Port 10G with 6 40G uplinks (so double this huawei unit) are in the $5k range, and then you have to buy an operating system costing a couple more grand. Choices are limited on whitebox operating systems that support MPLS. There might be some FibeStore models that come close to this price, but FS.com is a Chinese company too, so that's no better than ZTE or Huawei. On Fri, Apr 20, 2018 at 7:34 AM, Josh Reynolds <josh@kyneticwifi.com> wrote:
Why not just go the whitebox route and pick your NOS of choice?
Far cheaper, and far more flexible.
On Fri, Apr 20, 2018, 7:28 AM Colton Conor <colton.conor@gmail.com> wrote:
Of the two large Chinese Vendors, which has the better network operating system? Huawei is much larger that ZTE is my understanding, but larger does not always mean better.
Both of these manufactures have switches and routers. I doubt we will use their routing products anytime soon, but the switching products with MPLS are what we are exploring. Price wise both of these vendors seem to have 10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper wants to charge.
On the Huawei side looks like the S6720 is a fit. On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
Has anyone had experience with either of these two switches? How do they compare?
Also, for each independent brand, is their switching network operating system the same as their routing network operating system that their routers run?
Colton, can you post some examples of the Whitebox/OS examples that you were looking at in that performance tier? -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Colton Conor Sent: Friday, April 20, 2018 7:46 AM To: Josh Reynolds <josh@kyneticwifi.com> Cc: NANOG <nanog@nanog.org> Subject: Re: China Showdown Huawei vs ZTE Josh, I like the whitebox route, but I can't find anything that will come close price wise. Example, Huawei S6720 with 24 10G ports, 2 40G ports, and full MPLS operating system from Huawei is $3500 out the door with a lifetime warranty. I can't even find a whitebox hardware, not even accounting for the OS, that is close to that price. Most 48 Port 10G with 6 40G uplinks (so double this huawei unit) are in the $5k range, and then you have to buy an operating system costing a couple more grand. Choices are limited on whitebox operating systems that support MPLS. There might be some FibeStore models that come close to this price, but FS.com is a Chinese company too, so that's no better than ZTE or Huawei. On Fri, Apr 20, 2018 at 7:34 AM, Josh Reynolds <josh@kyneticwifi.com> wrote:
Why not just go the whitebox route and pick your NOS of choice?
Far cheaper, and far more flexible.
On Fri, Apr 20, 2018, 7:28 AM Colton Conor <colton.conor@gmail.com> wrote:
Of the two large Chinese Vendors, which has the better network operating system? Huawei is much larger that ZTE is my understanding, but larger does not always mean better.
Both of these manufactures have switches and routers. I doubt we will use their routing products anytime soon, but the switching products with MPLS are what we are exploring. Price wise both of these vendors seem to have 10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper wants to charge.
On the Huawei side looks like the S6720 is a fit. On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
Has anyone had experience with either of these two switches? How do they compare?
Also, for each independent brand, is their switching network operating system the same as their routing network operating system that their routers run?
Ah. ZTE is in a spot of trouble right about now. http://www.scmp.com/tech/article/2142557/zte-calls-us-government-ban-extreme... On 20/04/18, 5:58 PM, "NANOG on behalf of Colton Conor" <nanog-bounces@nanog.org on behalf of colton.conor@gmail.com> wrote: Of the two large Chinese Vendors, which has the better network operating system? Huawei is much larger that ZTE is my understanding, but larger does not always mean better. Both of these manufactures have switches and routers. I doubt we will use their routing products anytime soon, but the switching products with MPLS are what we are exploring. Price wise both of these vendors seem to have 10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper wants to charge. On the Huawei side looks like the S6720 is a fit. On the ZTE side, it looks like the ZXR10 5960 Series is a fit. Has anyone had experience with either of these two switches? How do they compare? Also, for each independent brand, is their switching network operating system the same as their routing network operating system that their routers run?
Same for Huawei. https://www.theverge.com/2018/3/26/17164226/fcc-proposal-huawei-zte-us-netwo... https://www.forbes.com/sites/jeanbaptiste/2018/04/19/analyst-chinas-huawei-t... https://www.nytimes.com/2018/04/17/technology/huawei-trade-war.html I don't think I would recommend either in todays political climate..... -----Original Message----- From: NANOG <nanog-bounces@nanog.org> On Behalf Of Suresh Ramasubramanian Sent: Friday, April 20, 2018 7:35 AM To: Colton Conor <colton.conor@gmail.com>; NANOG <nanog@nanog.org> Subject: Re: China Showdown Huawei vs ZTE Ah. ZTE is in a spot of trouble right about now. http://www.scmp.com/tech/article/2142557/zte-calls-us-government-ban-extreme... On 20/04/18, 5:58 PM, "NANOG on behalf of Colton Conor" <nanog-bounces@nanog.org on behalf of colton.conor@gmail.com> wrote: Of the two large Chinese Vendors, which has the better network operating system? Huawei is much larger that ZTE is my understanding, but larger does not always mean better. Both of these manufactures have switches and routers. I doubt we will use their routing products anytime soon, but the switching products with MPLS are what we are exploring. Price wise both of these vendors seem to have 10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper wants to charge. On the Huawei side looks like the S6720 is a fit. On the ZTE side, it looks like the ZXR10 5960 Series is a fit. Has anyone had experience with either of these two switches? How do they compare? Also, for each independent brand, is their switching network operating system the same as their routing network operating system that their routers run?
Yes looks like they are both under pressure. I feel bad for the USA based employees. I know Huawei has quite a few in Plano, Texas. With both ZTE and Huawei out of the picture for USA operators, who is the low cost leader in this space then? On Fri, Apr 20, 2018 at 7:56 AM, STARNES, CURTIS < Curtis.Starnes@granburyisd.org> wrote:
Same for Huawei. https://www.theverge.com/2018/3/26/17164226/fcc-proposal- huawei-zte-us-networks-national-security https://www.forbes.com/sites/jeanbaptiste/2018/04/19/ analyst-chinas-huawei-to-quit-u-s-market/#194f570211cb https://www.nytimes.com/2018/04/17/technology/huawei-trade-war.html
I don't think I would recommend either in todays political climate.....
-----Original Message----- From: NANOG <nanog-bounces@nanog.org> On Behalf Of Suresh Ramasubramanian Sent: Friday, April 20, 2018 7:35 AM To: Colton Conor <colton.conor@gmail.com>; NANOG <nanog@nanog.org> Subject: Re: China Showdown Huawei vs ZTE
Ah. ZTE is in a spot of trouble right about now.
http://www.scmp.com/tech/article/2142557/zte-calls-us- government-ban-extremely-unfair-vows-fight-its-rights
On 20/04/18, 5:58 PM, "NANOG on behalf of Colton Conor" < nanog-bounces@nanog.org on behalf of colton.conor@gmail.com> wrote:
Of the two large Chinese Vendors, which has the better network operating system? Huawei is much larger that ZTE is my understanding, but larger does not always mean better.
Both of these manufactures have switches and routers. I doubt we will use their routing products anytime soon, but the switching products with MPLS are what we are exploring. Price wise both of these vendors seem to have 10G MPLS capable switches that are a 1/4 of the price of a Cisco or Juniper wants to charge.
On the Huawei side looks like the S6720 is a fit. On the ZTE side, it looks like the ZXR10 5960 Series is a fit.
Has anyone had experience with either of these two switches? How do they compare?
Also, for each independent brand, is their switching network operating system the same as their routing network operating system that their routers run?
On 20 April 2018 at 16:44, Colton Conor <colton.conor@gmail.com> wrote:
Yes looks like they are both under pressure. I feel bad for the USA based employees. I know Huawei has quite a few in Plano, Texas.
Feel sorry for US based consumers. Historically protectionism always hurts the local economy most. By creating artificial demand on local products, over time local products become uncompetitive for export. I wonder, in what fundamental way Cisco and Juniper are US products, Huawei and ZTE Chinese products? To me it looks like Cisco has no development on IOS-XR outside India, components and assembly is in China. Shareholders are people holding Vanguard/Blackrock. What makes US company a US company? -- ++ytti
Saku, I do feel bad for US Based consumers as I am one of them! Overall, I find Huawei's solutions to be 1/3 the price of the equivalent Juniper/Cisco. The only the stopping me from buying them is the fear of it being hacked due to the media. Like the S6720-EI is MEF certified, runs MPLS, and is $3500 with a lifetime warranty. Please let me know if anyone else comes close to this number. On Tue, Apr 24, 2018 at 10:31 AM, Saku Ytti <saku@ytti.fi> wrote:
On 20 April 2018 at 16:44, Colton Conor <colton.conor@gmail.com> wrote:
Yes looks like they are both under pressure. I feel bad for the USA based employees. I know Huawei has quite a few in Plano, Texas.
Feel sorry for US based consumers. Historically protectionism always hurts the local economy most. By creating artificial demand on local products, over time local products become uncompetitive for export.
I wonder, in what fundamental way Cisco and Juniper are US products, Huawei and ZTE Chinese products? To me it looks like Cisco has no development on IOS-XR outside India, components and assembly is in China. Shareholders are people holding Vanguard/Blackrock. What makes US company a US company?
-- ++ytti
Yes looks like they are both under pressure. I feel bad for the USA based employees. I know Huawei has quite a few in Plano, Texas.
Feel sorry for US based consumers. Historically protectionism always hurts the local economy most. By creating artificial demand on local products, over time local products become uncompetitive for export.
I wonder, in what fundamental way Cisco and Juniper are US products, Huawei and ZTE Chinese products? To me it looks like Cisco has no development on IOS-XR outside India, components and assembly is in China. Shareholders are people holding Vanguard/Blackrock. What makes US company a US company?
Easy one, what law is the company incorporated under? Nothing against the Chinese companies (some of their stuff is really great), but it is admittedly hard to separate China's military industrial complex from their communications suppliers. I can understand other countries not wanting critical infrastructure under their software control given that the Chinese government has been very active in industrial espionage. It is not that a US company cannot be compromised but I think they might at least be held accountable (by their markets) when they get caught. Steven Naslund Chicago IL
On 24 April 2018 at 19:50, Naslund, Steve <SNaslund@medline.com> wrote:
Easy one, what law is the company incorporated under? Nothing against the Chinese companies (some of their stuff is really great), but it is admittedly hard to separate China's military industrial complex from their communications suppliers. I can understand other countries not wanting critical infrastructure under their software control given that the Chinese government has been very active in industrial espionage. It is not that a US company cannot be compromised but I think they might at least be held accountable (by their markets) when they get caught.
I'm sure all these companies have legal entities in all countries the operate in. So Huawei in US is US company and Huawei products bought in US from US Huawei are good,. but bad when bought from Huawei China? -- ++ytti
-----Original Message-----
From: NANOG <nanog-bounces@nanog.org> On Behalf Of Saku Ytti Sent: Tuesday, April 24, 2018 11:59 AM To: Naslund, Steve <SNaslund@medline.com> Cc: nanog@nanog.org Subject: Re: China Showdown Huawei vs ZTE
On 24 April 2018 at 19:50, Naslund, Steve <SNaslund@medline.com> wrote:
Easy one, what law is the company incorporated under? Nothing against the Chinese companies (some of their stuff is really great), but it is admittedly hard to separate China's military industrial complex from their >communications suppliers. I can understand other countries not wanting critical infrastructure under their software control given that the Chinese government has been very active in industrial espionage. It is not that a US >company cannot be compromised but I think they might at least be held accountable (by their markets) when they get caught.
I'm sure all these companies have legal entities in all countries the operate in. So Huawei in US is US company and Huawei products bought in US from US Huawei are good,. but bad when bought from Huawei China?
-- ++ytti
From what I have read, any Huawei product purchases fell under scrutiny but after this came about Huawei announced they were going to pull out of U.S. markets. https://www.forbes.com/sites/jeanbaptiste/2018/04/19/analyst-chinas-huawei-t...
I'm sure all these companies have legal entities in all countries the operate in. So Huawei in US is US company and Huawei products bought in US from US Huawei are good,. but bad >when bought from Huawei China?
IANAL however I was a network engineer for the US Air Force for over ten years. Here is how the US DoD looks at it. There are three tiers of defense contractors. Yes - Cisco, Juniper and other US controller entities that the DoD has already vetted and does business with on a routine basis. Also includes systems pre-integrated by defense contractors like Boeing and Lockheed that are sold as complete turn-key systems. Maybe - Allied (usually NATO) defense contractors that also have vetted security policy. That would be companies like BAE Systems, Dausault, and Siemens. This would also include US suppliers that may never have done business with the DoD before and would have to undergo further review prior to being awarded a contract. There are also some "buy American" consideration that required us to use US suppliers unless there was a valid reason why the foreign manufacturer was the better choice (say we have an air defense system from BAE that has been designed to work with a specific device as part of a system). That is an economic/political concern in addition to the security concern and is covered under contracting regulations. No way - entities considered to be under to control of or part of the military industrial complex of rival nations. That would include most Russian, Chinese, Iranian, etc companies. Also companies that refuse to comply with certain government sanctions or disclosure requirements. Also companies that employ specifically banned individuals under the export control act. This is not necessarily a technical legal thing like having a corporate entity in the US (every multinational does), it is an intelligence assessment of risk. For sensitive software there is a long laundry list of requirements surrounding source code control and signing. In almost all cases I am aware of the US DoD acquires a Restricted Software License which actually means that they have access to view to source code for whatever they are running and require a cryptographically secure way of knowing the running code matches. For many of the systems I worked with there were actually special software loads signed by DISA (Defense Information Systems Agency) that we had to run. DISA software loads also tended to block certain configurations known to be insecure and a lot of times enforced higher security or encryption requirement. Our hardware had to come off a list of approved devices and in very sensitive service the device were sent to an NSA lab for analysis and returned under courier control before they could enter certain areas or networks. If the device ever exited the facility they had to go back for recertification. This was for assurance against embedded hardware taps or bugging devices. They also compared the device against known good models to make sure the hardware was the same. The US Government considers Huawei and ZTE to have "close ties" to the Chinese government according to the Director of National Intelligence along with the heads of CIA, FBI, and the NSA as stated in testimony before the Senate Intelligence Committee. The founder of Huawei is the former engineering officer of the People's Liberation Army of China. Now, this only applies to US Government agencies according to their acquisition rules but there have been moves by the FCC to ban these devices from US cellular network. I am not advocating for or against any of these policies and you can run what you want (assuming it can be imported). I myself would be nervous running Huawei code in a device if a cyber war broke out between the US and China. Steven Naslund Chicago IL
On 24 April 2018 at 21:45, Naslund, Steve <SNaslund@medline.com> wrote: Hey,
The US Government considers Huawei and ZTE to have "close ties" to the Chinese government according to the Director of National Intelligence along with the heads of CIA, FBI, and the NSA as stated in testimony before the Senate Intelligence Committee. The founder of Huawei is the former engineering officer of the People's Liberation Army of China.
Now, this only applies to US Government agencies according to their acquisition rules but there have been moves by the FCC to ban these devices from US cellular network. I am not advocating for or against any of these policies and you can run what you want (assuming it can be imported). I myself would be nervous running Huawei code in a device if a cyber war broke out between the US and China.
Thank you for the insight, quite interesting. Call me naive, but I don't think sticker in device has any implications on security, as components and code are sourced through complicated chains through various jurisdictions. Let's assume for a moment that attacker is NSA, I don't think that NSA would want to even push project through Cisco or Apple via official channels, even if legally allowed, to get some secret backdoor installed, because too many people would be involved in the project and controlling the information would become challenging. Two years from now lot of those involved people might be in different company or different country, how to avoid them from exposing the information? It seems much better vector would be to target individual person with commit rights, ensure you have leverage over them, then ask them to commit specific set of abstruse code, which is likely to pass code review but introduce functionality which benefits your agenda. Even if this one person would talk, would they know it was NSA, if they knew, would anyone believe them? Why would China work differently? Why not pwn one Cisco employee in India to get the code in that the party sees beneficial? -- ++ytti
https://www.theregister.co.uk/2018/04/26/hyperoptics_zte_routers/ yet another ZTE issue . :( alan
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10819 https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... I think quite careful analysis would be needed to draw any conclusion if there are statistically relevant difference in security issues. After I fixed my tinfoil hat with some duct tape, I can say that to me the ScreenOS particularly doesn't look like just someone forgot some development backdoor to release software, but rather looks like someone intentionally sneaked backdoor to software, which doesn't look like backdoor. But it's hard to say for sure which are incompetency and which are malice. On 26 April 2018 at 15:38, Alan Buxey <alan.buxey@gmail.com> wrote:
https://www.theregister.co.uk/2018/04/26/hyperoptics_zte_routers/
yet another ZTE issue . :(
alan
-- ++ytti
participants (9)
-
Aaron Gould
-
Alan Buxey
-
Colin Stanners (lists)
-
Colton Conor
-
Josh Reynolds
-
Naslund, Steve
-
Saku Ytti
-
STARNES, CURTIS
-
Suresh Ramasubramanian