Huawei Data Center Autonomous Network L4 Verification Test Report

Enterprises worldwide are starting transformation journeys for their data center networks. Multiple growth factors align nowadays, leading to the substantial expansion of existing data centers and the establishment of new data center sites and clusters. To name a few reasons: New application workloads, migration to new containerized platforms, private cloud hosting of applications under data sovereignty rules (in-sourcing), and, of course, the avalanche of AI/ML trials and deployments. 

In all these cases, the network management of extended data center infrastructures will likely require new operational models. It is no longer feasible to grow the IT teams to cover the manual operations of new and expanded data center deployments.  Instead, the TM Forum and ETSI models of Autonomous Networks planning, operations, and monitoring promise to drastically reduce manual efforts.  

Enterprises starting the transformation journey need to know whether their chosen vendor solution will support the Autonomous Networks Level 4 features they require. For the first time, EANTC has conducted an independent assessment test of a live AN L4 vendor solution for the data center network area. In contrast with all other assessments, such as questionnaires or paper audits, our test investigates the real software features. We verify how far AN L4 has been implemented by checking the concrete provisioning, application rollout, and monitoring actions.

EANTC has been commissioned by Huawei to conduct an independent assessment of Huawei's Data Center Autonomous Driving Network Solution.  We analyzed the solution in detail during a test session in Nanjing, China, in May 2025.

Executive Summary

The Huawei Data Center Autonomous Driving Network Solution, implemented by NCE Fabric and NCE FabricInsight, has shown excellent support of AN L4 features as defined by the TM Forum and ETSI ENI 049.  In total, the solution exhibited an average level of L3.9 (see evaluation matrix in Table 2 below). In a 2-tier data center network design with Huawei CE9855 and CE688x routers using EVPN VXLAN services, almost all provisioning and monitoring activities were performed autonomously:

• The data center pod was provisioned, including the underlay, bootstrapping from scratch with zero-touch provisioning methods. Many configuration aspects were provided correctly, including all management addressing and routing aspects. Automated clock synchronization provisioning was not supported.  The overlay service provisioning worked perfectly for the typical data center EVPN use case scenarios we requested.
• The Huawei solution verified all suggested provisioning actions with a digital twin, simulating the effects of the intended configuration before acting on it. The digital twin is a crucial function to manage the risks associated with fully autonomous configuration. It worked very well in the tested scenarios.
• The application provisioning was implemented using an intent language to describe VXLAN services intent. This language permitted formulating the straightforward connectivity requests.  As a side note, security intent was not supported and we did not require it, as security intent formulation for network services is way beyond the state of the art in the industry. 
• For the application services, verification can be a difficult challenge because it relates to the application layer. Huawei implements an in-band service verification, which worked well during our assessment.
• For service monitoring, Huawei showed support for multiple telemetry methods, including in-band data monitoring via mirroring breakout.  While this kind of monitoring naturally does not scale for all services provided, it can be used to monitor high-value services very closely, or to spot-check specific services representative of a larger group.
• We also verified alarm and log correlation across all routers. The system was able to correlate many log entries and correctly identify the root cause.
• Huawei has implemented the fault diagnosis and solution generation with an individual problem assessment that supports dozens of different problem types. It gives a good and fairly precise suggestion how to fix an issue, although it is not AI-supported and does not provide specifically, individually tailored solutions at this time.
• It was possible to automatically remediate some of the standard faults discovered by network monitoring, and to verify a correct remediation subsequently.

EANTC validated all functional aspects of AN L4, as required in the ETSI ENI 049 standard.  We did not validate performance or service scale, as the test bed was sufficient but not very large.  We also focused on the EVPN VXLAN architecture and did not evaluate other data center architectures. Data center interconnects and the integration into a larger end-to-end network were out of scope for our evaluation. Multi-vendor interoperability (how to manage third-party routers) was out of scope, too.

In summary, Huawei's solution has passed our tough audit with flying colors, resulting in an overall score of L3.9.  The solution is very close to achieving L4.0; only one minor function needs to be amended.  Huawei NCE Fabric and NCE Fabric Insight are certainly one of the industry-leading, advanced network automation solutions existing today.  At EANTC, we were particularly impressed by the 360-degree support of Autonomous Network L4 features from underlay provisioning through intent-based application rollout to monitoring and troubleshooting.  The Huawei solution will help to accelerate data center installation and management substantially, while requiring less qualified staff during planning, rollout, and everyday operations.

Test Environment

Data center networks have multiple architectures, each with advantages and drawbacks. One of the most common designs nowadays is the leaf-spine architecture. In this design, each leaf switch has uplinks to each spine, providing redundancy and load-balancing, while the downlinks are connected to the servers. Additional leaf switches called border leaf switches are connected to the spine switches and on the other side to the firewalls and the data center provider edge router. Those border leaf switches provide connectivity to the outside world, such as the internet or WAN, and also handle traffic between different security zones, or any flows that must pass through the firewall where security policies are enforced.

The described design is called a Point of Delivery (POD), which represents a building block within a data center. In smaller setups, a single POD might represent the entire data center. However, a large data center could consist of multiple PODs, resulting in what is known as a multi-pod design.. Those PODs are typically connected using a routed inter-POD network (IPN).

In our test, we built a POD infrastructure that includes four server-leaf switches, two border-leaf switches, two spine switches, and two firewalls. Each pair of leaf switches was configured with Multi-Chassis Link Aggregation (MLAG), which allows the servers to connect to both leaf switches as if they were a single device. This adds a layer of resiliency and helps with load balancing. 

The network devices in a POD have L3 connectivity to each other, which is established using routed links between the devices and an interior gateway protocol (IGP). In our test bed, OSPF was used as the IGP. BGP is established on top of the underlay and provides the control plane for EVPN services. In data center environments, EVPN services are typically built over VXLAN, which extends the Layer 2 domain across different leaf switches and servers.

In addition to the POD infrastructure, we deployed the management system, which is the main focus of our tests. The management system consists of two main components: iMaster NCE-Fabric and iMaster NCE-FabricInsight. The NCE-Fabric is a virtual component installed on a server and specializes in device management and configuration.

The NCE-FabricInsight is a standalone component that monitors the network, collects telemetry data, and assists with troubleshooting tasks. It consists of three main modules:

• A collector, which gathers telemetry data using protocols like SNMP and gNMI.
• A probe server that receives mirrored traffic from data center devices. In our setup, ERSPAN is used on the leaf switches to mirror selected traffic, typically TCP packet headers, and send it over a GRE tunnel to the probe server. In addition, direct port mirroring is used on the border leaf switches, which send mirrored traffic to the probe server without tunneling.
• Analyzers process the data from both the collector and the probe server. They interpret and present the information to the user in a clear, readable format.

The number of probe servers is not limited to one. It can be scaled out as needed to host all the mirrored traffic.

In addition to the introduced POD design, we installed an impairment device on the link between a border leaf switch and a spine switch. This device is not part of a data center architecture. It was added for testing purposes to introduce packet loss into the path and observe the system’s behavior.

The following table shows the devices used in the test setup, including their software version.

The following figure illustrates the physical structure of the testbed.

Evaluation Matrix