Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Research Collaboration and Enablement
    • DesignStart
    • Education Hub
    • Innovation
    • Open Source Software and Platforms
  • Forums
    • AI and ML forum
    • Architectures and Processors forum
    • Arm Development Platforms forum
    • Arm Development Studio forum
    • Arm Virtual Hardware forum
    • Automotive forum
    • Compilers and Libraries forum
    • Graphics, Gaming, and VR forum
    • High Performance Computing (HPC) forum
    • Infrastructure Solutions forum
    • Internet of Things (IoT) forum
    • Keil forum
    • Morello Forum
    • Operating Systems forum
    • SoC Design and Simulation forum
    • 中文社区论区
  • Blogs
    • AI and ML blog
    • Announcements
    • Architectures and Processors blog
    • Automotive blog
    • Graphics, Gaming, and VR blog
    • High Performance Computing (HPC) blog
    • Infrastructure Solutions blog
    • Innovation blog
    • Internet of Things (IoT) blog
    • Operating Systems blog
    • Research Articles
    • SoC Design and Simulation blog
    • Smart Homes
    • Tools, Software and IDEs blog
    • Works on Arm blog
    • 中文社区博客
  • Support
    • Arm Support Services
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
Arm Community blogs
Arm Community blogs
Infrastructure Solutions blog China Mobile deploys secure SD-WAN on Arm-based CPEs for better power-performance
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI and ML blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded blog

  • Graphics, Gaming, and VR blog

  • High Performance Computing (HPC) blog

  • Infrastructure Solutions blog

  • Internet of Things (IoT) blog

  • Operating Systems blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tags
  • enterprise
  • Security
  • infrastructure
  • Neoverse
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

China Mobile deploys secure SD-WAN on Arm-based CPEs for better power-performance

Tina Tsou
Tina Tsou
November 17, 2021
5 minute read time.

With the emergence of cloud computing, 5G, and faster broadband network access, enterprise IT teams are embracing multicloud to connect their workforce with multiple devices, services, and applications at an unprecedented rate. Multicloud requires faster and reliable connections between multiple public clouds, private clouds and on-prem resources, which means the data backhaul between these different locations and the user tend to be expensive. Software Defined Wide Area Network (SD-WAN) is a relatively new concept that takes the principles from SDN technology and apply to WAN scenario to solve the challenges of multicloud connectivity at greatly reduced price point. SD-WAN, essentially an over-the-top service provided by service providers and enterprise networking and security vendors, reduces the interconnection costs and improve business deployment flexibility. SD-WAN’s centralized management, load balancing, zero-touch deployment and many other features can provide enterprise users with self-service fast, securely isolated point-to-point, point-to-multipoint, and multipoint-to-multipoint exclusive cloud connection services to meet  differentiated networking requirements.

China Mobile deploys secure SD-WAN on Arm CPEs

China Mobile’s SD-WAN service offering provides enterprises with a seamless experience in connectivity and cloud services as well as other enterprise products. Every enterprise could easily subscribe, manage and monitor all the services online in an agile and flexible manner. This is detailed in the “China Mobile Elastic SD-WAN Technology White Paper” published in 2020.

China Mobile SD-WAN Architecture - Arm

Figure 1. China Mobile SD-WAN overall architecture

As the industry's top silicon IP supplier, Arm has a strong influence in the SD-WAN ecosystem. In recent years, Arm ecosystem partners built multiple SD-WAN systems that range from edge networking equipment to core routing equipment and controller equipment. China Mobile’s SD-WAN utilizes Arm based customer premise equipment (CPEs) to comprehensively integrates the SDN technology and programmable underlay network and cloud virtualization capability to quickly provide and connect enterprise products with cloud network resources.

The SD-WAN offered by China Mobile is both secure and scalable. Let’s take a closer look at what makes this offering successful.

Secure encryption of SD-WAN based on true random number

Security is an important factor in SD-WAN service. Random Number Generators is one vital basis of network security to secure the hardware. In the network application environment with higher and higher security requirements, the hardware equipment integrating True Random Number Generator (TRNG) can achieve effective security. In network applications, random number is the source of random key security, and it is also essential in post-processing. Arm cooperated with China Mobile to successfully enhance CPE security through external random number generator on CPEs based on Arm hardware platform.

Among various random number generators, QRNG (Quantum Random Number Generator) is undoubtedly the most safe and reliable way. Compared with the traditional random source, QRNG has the advantages of being free from environmental interference and allows real-time state verification. ID Quantique (a Swiss company) provides high-performance quantum security solutions to protect data in transmission. By using quantum key distribution to upgrade existing network encryption products, IDQ ensures that the solution is "quantum secure". IDQ also develops and commercializes random number generators based on quantum physics, which are the reference of real randomness in many industries, including security, simulation and games.

China Mobile SD-WAN - Quantis TRNG

Figure 2. Quantum random number generator by ID Quantique

The QRNG equipment adopts ID Quantique (IDQ) quantum random number generator quantis. The product model is legacy quantity QRNG: usb-1. The real hardware random number generator is a reliable source of quantum randomness.

China Mobile SD-WAN - Security Enhanced - Arm

Figure 3. Security enhanced elastic SD-WAN

Through QRNG (Quantum Random Number Generator) hardware, the integration of QRNG and CPE hardware is realized, which provides enhanced IPSec / SSL tunnel for applications and enhances the security function of SD-WAN CPE transmission. The transmission security enhancement scheme based on QRNG is implemented on CPE, which is a beneficial exploration of network security enhancement of CPE equipment.

SRv6 for flexible SD-WAN deployments

Traditional SD-WAN solutions can be classified into two categories. The first category is represented by certain equipment manufacturers where the underlying link is leased, combined with the built-in routing strategy, and the appropriate line is selected. This method cannot be controlled. The leased line itself cannot essentially solve the line quality of connection problem. The other category is to sell link resources and bundle the sales of equipment manufacturers. It is impossible to realize the coordination between equipment, platforms, and backbone networks, and it is difficult to quickly realize new services and new requirements. With both categories it’s clear that SD-WAN faces the following challenges:

  • The traditional bearer network is not intelligent enough to provide the ability to implement resource scheduling through programming.
  • The traditional SD-WAN solution cannot perceive the underlying network resources

This directly impacts the flexibility of deployment of SD-WAN services.

SRv6 is a perfect combination of IPv6 and Segment Routing (hereinafter referred to as SR) technologies. It unifies IP forwarding and tunnel forwarding and has the flexibility and powerful programmability of IPv6. China Mobile’s SD-WAN fully integrates with SRv6. It not only has the tunneling capabilities required by SD-WAN, but also enables unified scheduling of Overlay and Underlay resources.

China Mobile SD-WAN - SRV6

Figure 4. SD-WAN solution based on SRv6

By combining the end-to-end network with different segments of paths according to business requirements, and encapsulating them into an end-to-cloud network with different capabilities, it is possible to realize connection products with different business capabilities based on a single network.

CPE terminal based on Arm processor supports SRv6

CPEs are an important part of the SRv6 SD-WAN networking solution, and needs to undertake the functions of encapsulating and unpacking SRv6 messages, service identification, and path selection.

Currently, most hardware devices do not have the SRv6 packet and unpacking capabilities. Due to the limitations of traditional hardware, it does not have the ability to quickly expand and iterate quickly. Therefore, traditional hardware network devices are not qualified for the SD-WAN architecture CPE end side. Demand. Forwarding based on general-purpose CPU processors and Linux kernels is the mainstream solution for SD-WAN landing applications.

The Linux kernel has been supporting the SRv6 function since version 4.10. The recently released Linux version 5.11 has added support for the SRv6 End.DT4 and End.DT6 features. Based on this, the path selection and forwarding of traffic with different characteristics can be realized.

China Mobile SD-WAN - SRV6 Underlay - Arm.jpg

Figure 5. SRv6 underlay network

CPE equipment based on Arm architecture has been widely used in SD-WAN for it’s performance, power efficiency and application ecosystem readiness. One such example is the NXP LS1023 CPU with Linux kernel version 5.11 which underwent a lot of testing and research within the SRv6 experimental application scheme, combined with strategy routing, VRF and other technologies to realize the SRv6 path forwarding of different user traffic plan.

Arm and China Mobile will continue to keep close cooperation in SD-WAN related fields.

Visit the Arm Infrastructure Solutions Page

Anonymous
Infrastructure Solutions blog
  • Improve Apache httpd Performance up to 40% by deploying on Alibaba Cloud Yitian 710 instances

    Martin Ma
    Martin Ma
    In this blog, we look at the advantages of using Alibaba Yitian 710 CPU Arm-based instances for Apache httpd compared to x86-based instances.
    • January 5, 2023
  • Deep learning inference performance on the Yitian 710

    Honglin Zhu
    Honglin Zhu
    In this blog post, we focus on Alibaba Elastic Cloud Service (ECS) powered by Yitian 710 to test and compare the performance of deep learning inference.
    • December 19, 2022
  • Improve NGINX performance up to 32% by deploying on Alibaba Cloud Yitian 710 instances

    Ker Liu
    Ker Liu
    In this blog, we look at the advantages of using Alibaba Yitian 710 CPU Arm-based instances for NGINX compared to x86-based instances.
    • December 14, 2022