TR Forums

As I've mentioned a few times lately, I tend to run a lot of VMs simultaneously. The vast majority are networking VMs, from Cisco, Juniper, Arista, Extreme Networks, Cumulus, F5, Fortinet, Nokia (nee Alcatel-Lucent), MikroTik, Brocade, etc... in addition to multiple servers VMs, like Ansible/Saltstack, OpenStack, SolarWinds NPM (or Nagios/Ganglia), some open source networking VMs, and a smattering of docker containers.

I had noticed on sdxcentral and opennetworking that Huawei has two VMs I'd be interested in trying out with my other networking VMs: the AR-1000v virtual router and the CloudEngine 1800V Virtual Switch. The problem I ran into, is that all they have available on their website are brochures for those, and their eNSP simulator. I summited my questions about those to the nearest Huawei reseller, but if they're anything like Alcatel-Lucent or Fortinet, I'm not holding my breath on hearing back from them.

Has anyone here have experience using physical Huawei equipment? If so, what are your impressions of it? After all the disclosures about the CIA and NSA backdoors, I've seen people freak out, and swear off ever buying Cisco or Juniper equipment again, and switching to Huawei instead. Chinese gov't backdoors not-withstanding, I'm interested in hearing both the positive and negative experiences people have had with their gear, especially compared to using Cisco and Juniper devices.

Thanks in advance!

I have no direct experience, but I won't be buying Chinese computing equipment.

I don't have any Huawei gear, but weren't Dell PowerConnect managed switches (and their IOS-clone software) ODM'd by Huawei? It could have been another Chinese company, I don't have it handy any more to double-check.

I had no issues of any kind with either the CLI or the hardware, AFAIK my friend is still running it ten years later with no problems.

Waco wrote:

I have no direct experience, but I won't be buying Chinese computing equipment.

Yeah, after finding out even the NSA was bugging Cisco devices going out of the USA, I'd be extremely skeptical of Chinese devices. They might well be doing the same.

Though I'd be far more concerned about switches, routers, phones, laptops, and other personal use computers. If it is a server then you can at least lock down outside communication via firewall rules on network equipment. If the communication will be appropriately limited, then it should be ok.

Though, I think I'd seriously consider a layer 3 switch or firewall directly connected so that I can make ACLs or similar to ensure it doesn't try to secretly grab an unused IP to use. You can then make sure any IP you didn't assign it will have all communication trashed.

Though, now that I think about it, I am not sure how this is done at home with IPv6 if you aren't certain your IPv6 subnet will remain stable.

Drachasor wrote:

Yeah, after finding out even the NSA was bugging Cisco devices going out of the USA, I'd be extremely skeptical of Chinese devices. They might well be doing the same...

To a cetrainty. The thing about Chinese networked gear, especially models available in Asia, is that most edge stuff is designed to be monitored/compromised to some degree. This is why attempts by these firms to contract national network backbones with a number of Asian governments have been openly criticized by the US and covertly scuttled by allied agencies over the past decade.

trackerben wrote:

Drachasor wrote:

Yeah, after finding out even the NSA was bugging Cisco devices going out of the USA, I'd be extremely skeptical of Chinese devices. They might well be doing the same...

To a cetrainty. The thing about Chinese networked gear, especially models available in Asia, is that most edge stuff is designed to be monitored/compromised to some degree. This is why attempts by these firms to contract national network backbones with a number of Asian governments have been openly criticized by the US and covertly scuttled by allied agencies over the past decade.

Well, yeah. That's pretty much a given. I'm just curious about their performance, and the end user experiences with the gear, since I saw so much backlash at Cisco and Juniper over the NSA/CIA backdoors. I almost laughed at the people who vowed to use whitebox hardware, because I've tested whitebox datacenter switches, and they're pretty much only good as ToR devices. There's no way in hell they'll compete with a Juniper QFX-10K switch, their higher-end MX routers, or the bigger offerings from Cisco.

Well, Brocade was an option, they made great L2/L3 devices. But they were recently sold for almost nothing to Extreme Networks so it looks like it's come to a bad end. A real shame.

Vhalidictes wrote:

Well, Brocade was an option, they made great L2/L3 devices. But they were recently sold for almost nothing to Extreme Networks so it looks like it's come to a bad end. A real shame.

Huh. I didn't realize Extreme bought them. I haven't used their physical equipment yet, but their Virtual EXOS VM (which thinks it's a Summit switch) is actually kinda nice (and really lightweight, resource-wise). I've been tinkering around with them (version 22.2.1.5, specifically), trying out different topologies, like multi-area OSPF, MPLS, IS-IS, EAPS and ERSP rings. They play nice with other VMs, like IOSv, IOSv-L2, vMX, vEOS, CumulusVX, etc... It just took a little getting used to the CLI, kinda of like with Alcatel-Lucents old TiMOS SR-OS VM.

In my experience personally, every piece of equipment we buy these days is Chinese you just have to find the right company that produces top quality products. Take oneplus Chinese company, for example, no one really knows them but they have smartphones that just make apple and android look silly.

Doctor Venture wrote:

Vhalidictes wrote:

Well, Brocade was an option, they made great L2/L3 devices. But they were recently sold for almost nothing to Extreme Networks so it looks like it's come to a bad end. A real shame.

Huh. I didn't realize Extreme bought them. I haven't used their physical equipment yet, but their Virtual EXOS VM (which thinks it's a Summit switch) is actually kinda nice (and really lightweight, resource-wise). I've been tinkering around with them (version 22.2.1.5, specifically), trying out different topologies, like multi-area OSPF, MPLS, IS-IS, EAPS and ERSP rings. They play nice with other VMs, like IOSv, IOSv-L2, vMX, vEOS, CumulusVX, etc... It just took a little getting used to the CLI, kinda of like with Alcatel-Lucents old TiMOS SR-OS VM.

I administer a large VDX install and I can tell you from personal experience, it beats the pants off Cisco's **** Leaf/Spine design (For lack of a better description, VDX units simply stack with each other and appear to the network as a single giant switch with no L2 protocols needed). But then again... no real support in the future.

It's getting to the point where I might recommend scavenging units on the open market (eBay, Craigslist) since with the recent software updates you will no longer require feature codes.