HI All,
Has anybody had any experience of Huawei Mobile/Metro edge routers? I'm looking for something that will handle various MPLS services (Layer 2/3), QinQ with about 10x1Gb Ethernet interfaces (no need for 10G).
How are they compared to JNPR/CSCO/etc equivalent ?
Thanks,
Leigh Porter
UK Broadband/PCCW
You probably want the CX600 series box if you're looking something to
compete against ASR9k/MX. It should do what you need (10GE also).
I've not really used them much, I think I've just configured enough to get
6VPE working, and it worked (against CSCO and JNPR) and was easy enough to
do without docs. On paper they look fine, CLI is worse than IOS, but
honestly if CLI is critical to you, you're probably doing something wrong
anyhow (meaning, systems should be touching routers, not people)
But personally, I'd only buy it, if there were significant long-term cost
benefits. Just because getting community support for IOS/JunOS is so much
easier. And investing time learning Cisco/Juniper platforms inside-out,
seems better personal investment in EMEA market.
Saku Ytti <saku@ytti.fi> writes:
I've not really used them much, I think I've just configured enough to get
6VPE working, and it worked (against CSCO and JNPR) and was easy enough to
do without docs. On paper they look fine, CLI is worse than IOS, but
honestly if CLI is critical to you, you're probably doing something wrong
anyhow (meaning, systems should be touching routers, not people)
Hmm, we have systems using CLI as interface to the routers. What other
options do these boxes provide?
Bjørn
I've not looked if they do netconf or whatnot, but that wasn't really my
point. My point was, your system doesn't complain to you daily that working
with huawei CLI is more annoying than IOS.
On the other hand, if you hop into other people's Huawei routers via CLI you will curse and scream. As close as I could tell, it handles most functionality of IOS, but they tried to find a synonym for every word cisco used in the cli.
I thought working in Alcatel was bad compared to IOS/Junos, but Huawei definitely is up there as bad. Communicating with their installers in a multi-vendor environment left a lot to be desired. Their documentation was somewhat readable.
In general, it is like all the other vendors. A ton of research to make sure the product does exactly what you want it to do, testing and adapting engineering plans based on what it will actually do. Extremely long delays in fixing any bugs or problems which you can't resolve yourself.
Jack
(spends too much time in cli, needs a versatile translation system for quick contract work).
I last played with Huawei routers about 10 years ago and it looked very much like IOS. Interesting that they have changed.
Also interesting that you don't like Alcatel's TiMOS - I prefer it to IOS, and find it comparable to Junos.
I suppose we all have our own tastes...
Jonathon
Huawei looks very much like IOS, except many of the commands were renamed. Someone mentioned a reason to me, but I don't know if it was true, so I won't repeat it.
IOS at least supports | section, and I hear that IOS-XR and IOS-XE both have advanced configuration capabilities similar to Junos, but I don't own any of the hardware that supports those code bases.
I've yet to find a router vendor I liked 100%, though. Limited feature sets, interoperability problems, bugs, and months to resolve issues and generally requiring upgrades to code that has new issues. 
But as you said, we all have our own tastes... Mine just happens to be for a non-existent company/product.
Jack
On the other hand, if you hop into other people's Huawei
routers via CLI you will curse and scream. As close as I
could tell, it handles most functionality of IOS, but
they tried to find a synonym for every word cisco used
in the cli.
This does occasionally brighten up my day with gems like "rip no work" and "reset-recycle-bin", so it's not all bad 
Regards,
Tim.
Oh so you have to configure it in chinglish.. Well I'll certainly be looking forward to that !
Somebody set up us the BGP.
I liked how ssh is secure-telnet, took bit head scratching to enable ssh.
But again, I don't think crappy or good CLI is very important matter, when
using systems.
And it's not something your customers will notice, so you cannot charge
premium.
it isn't - if you're large enough that you have an automated provisioning
system. Most of us aren't in that category though, and for those who
aren't, it's the L3 tech people who will be doing the product evaluation
and who will end up loathing the kit because of the horrible cli, and who
will then be less likely to make a recommendation to buy it, as they're the
people who are going to end up using it the most.
Nick
Unless they get overruled. The project I saw Huawei go into was a mixed environment for cellular and IP routing. The company decided to stick to one manufacturer. They apparently had issues with other gear handling their mobile stuff and Huawei came in at a good price.
Then I had to explain to their installers why they needed an area 0 (which is funny, since I barely know anything of OSPF as I almost exclusively use ISIS).
Jack
That is, of course, incorrect; there is actually a "secure telnet"; ISTR
it's telnet-over-ssl?
Cheers,
-- jra
How do you enable SSH then?
Do Huawei routers even have SSH? It'd slightly ironic that there is fuss around getting a Juniper domestic image with SSH enabled and yet a Chinese vendor likely just gives it away.
So having said all that, has anybody here had good experiences of Huawei routers? Have they worked well in your networks and are you happy with them? I'm mainly looking for something small (1-2U) that will do Ethernet over MPLS, VPLS and L3VPN services.
There's also RFC2942 for Kerberos authenticated TELNET which is "secure" in
one sense and RFC2946 for encrypted sessions though I'm not sure if this is
widely supported. They are listed in the TELNET client on the Mac (Snow
Leopard) that I'm using so you never know...
Aled
I liked how ssh is secure-telnet, took bit head scratching to enable
ssh.
That is, of course, incorrect; there is actually a "secure telnet";
ISTR it's telnet-over-ssl?How do you enable SSH then?
It may be incorrect terminology, but it is actually ssh on the box.
>sys
]rsa local-key-par create
]stelnet server enable
]undo ssh server compatible-ssh1x enable
]display ssh server status
SSH version :2.0
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP server :Disable
Stelnet server :Enable
]quit
>save all
Do Huawei routers even have SSH? It'd slightly ironic that there is fuss around getting a Juniper domestic image with SSH enabled and yet a Chinese vendor likely just gives it away.
See above.
So having said all that, has anybody here had good experiences of Huawei routers? Have they worked well in your networks and are you happy with them? I'm mainly looking for something small (1-2U) that will do Ethernet over MPLS, VPLS and L3VPN services.
My experience is limited with just keeping it running and configuring what I must. I have 0 documentation and it requires a lot of "?" for me to find the appropriately named commands for what I want to do still. I haven't seen the physical box. I've heard them call it an X3 and an NE40E. A little googling, and I'm not sure if this router is even a homebrew for them.
I suspect others have a lot more experience with their various platforms.
Jack
Ouch. That's brutal. Is it true that setting isn't listed under 'display ssh server status'?
]ssh server compat enable
]display ssh server status
SSH version :1.99
Appears to show it. Lists 2.0 if you turn it off.
Jack
I disagree. A good CLI vs. a bad one can also make a difference in the
interaction with an automated provisioning system. Sure, you can work
around the bad CLI and mask it better with an APS, but, it still causes
problems even with an APS.
Owen