We need to talk about Huawei...or do we?

ED E

TLDR: US/UK are getting very wound up about Beijing's influence on Huawei and ZTE. ZTE make end user devices but Huawei produce consumer and enterprise/telco kit so are the bigger talking point. In spite of their denials few believe that Huawei won't do whatever the hell they're told by the CPC.


The Hypocrisy:
https://www.engadget.com/2014/05/16/nsa-bugged-cisco-routers/
US and presumably British agencies are doing just what they're worried about China doing. Holier than thou.


CFO in Canada arrested: Huawei arrest: China demands release of Meng Wanzhou
https://www.bbc.com/news/business-46465768


BT removing Huawei equipment from parts of 4G network
https://www.theguardian.com/technology/2018/dec/05/bt-removing-huawei-equipment-from-parts-of-4g-network


OpenEir like to think of themselves as unique little flowers but a LOT of what they do is copying OpenReach (Formerly BT). In one crucial way we're different over here though. 100% Huawei.
Dated:

[UK]Cabinets installed as at April 2013
ECI M41 7,732
Huawei MA5616T 3,637
Huawei MA5603T 12,995

Huawei have pretty much always done better than ECI and has been favoured but in fixed line there is another player in the UK. In Ireland it was Alcatel Lucent (Now Nokia) vs Huawei in the field trials with Huawei winning.

VDSL: Huawei
GPON: Huawei (SIRO and OE, as far as Im aware)
3/4/5G: Some Huawei AFAIK

Now there's no way we can throw them out completely, 9000+ MSANS couldnt be replaced never mind all the BBU/RRUs, but if Huawei got sanctioned or economically set back that could cause a right mess here. Can't do the NBP if the vendor everyone was looking to use is embroiled in a political war with the pentagon.

One to watch. And time to plan trips to Espoo (and not for the Salmiakki).

gctest50

Told ya so

Marlow

Also SIRO is entirely Huawei .. just a generation newer than most of the stuff OpenEIR bought.

So is Three .. all their 3G/4G is Huawei .. which is the reason, why you can't move from one cell to another cell without dropping your darn call.

Huawei has to date still not managed to do proper handover between cells .. which works perfectly, if you were to use .. lets say .. Ericssons 4G technology .. (just saying).

e-Net / SSE used Calix FTTH gear in their trial rollout. Calix is a Texas based vendor, that has done very well in the US (AT&T etc.). Don't like their backend though. It's cloud based.

There's plenty of other options out there though.

/M

Marlow

Oh .. and on the VDSL side of things ..

I know a good few german ISPs who deploy ZTE VDSL Dslams ..

And then there's the danish former incumbent (TDC), who used Huawei for the first Docsis 3.1 rollout in Europe.

Go figure.

/M

plodder

ED E wrote: »

TLDR: US/UK are getting very wound up about Beijing's influence on Huawei and ZTE. ZTE make end user devices but Huawei produce consumer and enterprise/telco kit so are the bigger talking point. In spite of their denials few believe that Huawei won't do whatever the hell they're told by the CPC.


The Hypocrisy:
https://www.engadget.com/2014/05/16/nsa-bugged-cisco-routers/
US and presumably British agencies are doing just what they're worried about China doing. Holier than thou.

That's a bit different as Cisco weren't involved with that. Bugging a router in that way is not much different from planting a bug on a phone, or in a house or a car.

Another example might have been the notorious Vodafone Greece tapping scandal, where unauthorised bugging software was installed on an Ericcsson telephone exchange. Though some inside help would have been required in that case in Vodafone and maybe Ericcsson too. But, I would agree; nobody should assume that it's only the Chinese who are interested in spying.

CFO in Canada arrested: Huawei arrest: China demands release of Meng Wanzhou
https://www.bbc.com/news/business-46465768


BT removing Huawei equipment from parts of 4G network
https://www.theguardian.com/technology/2018/dec/05/bt-removing-huawei-equipment-from-parts-of-4g-network


OpenEir like to think of themselves as unique little flowers but a LOT of what they do is copying OpenReach (Formerly BT). In one crucial way we're different over here though. 100% Huawei.
Dated:



Huawei have pretty much always done better than ECI and has been favoured but in fixed line there is another player in the UK. In Ireland it was Alcatel Lucent (Now Nokia) vs Huawei in the field trials with Huawei winning.

VDSL: Huawei
GPON: Huawei (SIRO and OE, as far as Im aware)
3/4/5G: Some Huawei AFAIK

Now there's no way we can throw them out completely, 9000+ MSANS couldnt be replaced never mind all the BBU/RRUs, but if Huawei got sanctioned or economically set back that could cause a right mess here. Can't do the NBP if the vendor everyone was looking to use is embroiled in a political war with the pentagon.

One to watch. And time to plan trips to Espoo (and not for the Salmiakki).

I suppose the concern with Huawei on 4G/5G networks would be similar to the Vodafone one, of eavesdropping of phone calls. As for broadband infrastructure, I'm not sure what kind of spying they could do, as most Internet applications don't rely on the infrastructure being secure. They use end to end software layers like TLS to make it secure. The concern there might be Denial of Service, where the Chinese government could pull the plug on a network at some critical time.

Related to this. Bloomberg had a big story recently on Chinese PC motherboards that supposedly had a secret chip installed on them. Interfering with computer hardware like that has the potential to defeat all security measures on the PC. But, the jury is out on whether this actually happened, or if it did, who was responsible for it.

dashoonage

Ssssssh they are listening

ED E

plodder wrote: »

Bugging a router in that way is not much different from planting a bug on a phone, or in a house or a car.

I disagree, bugging a line is a single party. Bugging a big iron could could impact the traffic of thousands or tens of thousands of parties.

plodder wrote: »

They use end to end software layers like TLS to make it secure.

Pinning and STS helps but there's still a big opening for nation states.

ED E

Marlow wrote: »

And then there's the danish former incumbent (TDC), who used Huawei for the first Docsis 3.1 rollout in Europe.

Do we know who Liberty are deploying here?

plodder

ED E wrote: »

I disagree, bugging a line is a single party. Bugging a big iron could could impact the traffic of thousands or tens of thousands of parties.

True. But I meant in the sense of whether you can trust the manufacturer of the kit. Cisco has stated plainly that they have never cooperated with the US govt to install any bugging software. Nobody believes that Chinese companies would be able to resist that kind of pressure from the Chinese government.

The HongKong Post root cert is interesting too, but it only affects organisations (Chinese presumably) who get their server certs from them.

The high horse brigade

I work with security systems CCTV etc where Hikvision is in the same category and is already a dirty word for corporate installations. Why has it taken so long in the telecoms field. Do we need a security breach for people to open their eyes and take notice?

ED E

plodder wrote: »

The HongKong Post root cert is interesting too, but it only affects organisations (Chinese presumably) who get their server certs from them.

Wrong. Its a root cert, it can mint for any site. Its trusted by all windows boxes and many others.

HKPO can issue a cert for gov.ie and your computer and browser will accept it.

The high horse brigade wrote: »

I work with security systems CCTV etc where Hikvision is in the same category and is already a dirty word for corporate installations. Why has it taken so long in the telecoms field. Do we need a security breach for people to open their eyes and take notice?

Isnt half of that about them being "budget" though?

plodder

ED E wrote: »

Wrong. Its a root cert, it can mint for any site. Its trusted by all windows boxes and many others.

HKPO can issue a cert for gov.ie and your computer and browser will accept it.

That is true. Though they could not do that in secret. If a CA ever did that, they would be found out pretty quickly and booted off all browsers. I don't think it is a practical attack on TLS.

Companies/organisations in China and Hong Kong who are probably strongly encouraged to get their certs from "government approved" CAs like HongKong Post, should probably assume that the government is able to decrypt their traffic. Anyone else would be crazy to do the same.

The high horse brigade

ED E wrote: »

Isnt half of that about them being "budget" though?

You think corporate projects don't opt for budget solutions? Of course they do....
Then you also have bigger players rebranding Chinese gear as their own like Tyco do with their Hollis brand (rebranded Dahua)

Hikvision are well known for their back doors. There's even a password of the day of you ring support.

ED E

plodder wrote: »

That is true. Though they could not do that in secret. If a CA ever did that, they would be found out pretty quickly and booted off all browsers. I don't think it is a practical attack on TLS.

Happened before. The only reason we know is Chrome has a phone home system that alerts google when a suspect cert is spotted in the wild.

plodder

ED E wrote: »

Happened before. The only reason we know is Chrome has a phone home system that alerts google when a suspect cert is spotted in the wild.

Certificates have been wrongly issued for various reasons. In at least one case, the CA went bust as a result (Diginotar). If a bad cert is issued and detected, there is no way for the CA to deny it. That's the whole nature of PKI. Therefore, there is an enormous incentive for well intentioned CAs to do the right thing.

The Chrome phone home system you mention has expanded into something bigger with quite wide support in the industry and that should be able to deal with CAs with malicious intent. Again, once a single bad cert is found, with a CA's fingerprints on it, that is bad news for the CA.

http://www.certificate-transparency.org/

I hold to the view that TLS is by and large a secure mechanism for the internet so long as you trust the device/PC you are using, which is something to think about if you use a Huawei phone or other consumer device ...

digiman

Marlow wrote: »

Also SIRO is entirely Huawei .. just a generation newer than most of the stuff OpenEIR bought.

So is Three .. all their 3G/4G is Huawei .. which is the reason, why you can't move from one cell to another cell without dropping your darn call.

Huawei has to date still not managed to do proper handover between cells .. which works perfectly, if you were to use .. lets say .. Ericssons 4G technology .. (just saying).

e-Net / SSE used Calix FTTH gear in their trial rollout. Calix is a Texas based vendor, that has done very well in the US (AT&T etc.). Don't like their backend though. It's cloud based.

There's plenty of other options out there though.

/M

While you are quite informed on alot of topics on here, you also post quite a bit that is simply just not true. Problem then is that alot of other posters then take what you say as the bible.

Three use Nokia for their 3G and Samsung for their 4G, there is industry talk of possible changes there but at the moment there is no Huawei in the Three RAN network.

Would love to know where you got the info on Huawei not having to do proper handover between cells, sounds pretty difficult to believe from what the industry would recognise as one of the top RAN architectures available. Would be good to see a source, eir and Vodafone are currently using Ericsson so perhaps you experienced in some other country.

On the topic though, I think we should be taking all security concerns very seriously. I guess in the end Ireland will follow the guidelines from the EU.

USA obviously have their own agenda on the whole thing and Trump seems to be using part of it as a bargaining chip with China. It's not long ago since the US banned ZTE from using Android and then quickly lifted it again, I suspect the arrest of the Huawei CFO could be a similar tactic of his right while he is in the middle of trying to do a deal with China on trade.

The interesting part now though is that unless the Irish government specifically bans Huawei (Huawei will no doubt pull out alot of investment from Ireland then though, multiple R&D locations, so Irish government could be reluctant) I don't see the operators here doing anything about it of their own back. eir is now owned by NJJ/Iliad, so they will make any calls on the network vendors, Vodafone are group owned and 3 are owned by Hutchison so in the end the the final decisions on vendors will be made outside of Ireland.

In the end Chinese companies are getting very strong all over the world and where once known for copying everything, they are slowly starting to become known for leading many areas of technology. If they are banned from deploying in some countries it will be bad for consumers as prices will go up and technology development will slow down.

Marlow

digiman wrote: »

Three use Nokia for their 3G and Samsung for their 4G, there is industry talk of possible changes there but at the moment there is no Huawei in the Three RAN network.

Would love to know where you got the info on Huawei not having to do proper handover between cells, sounds pretty difficult to believe from what the industry would recognise as one of the top RAN architectures available. Would be good to see a source, eir and Vodafone are currently using Ericsson so perhaps you experienced in some other country.

There are cell handover problems with Huawei. It's certain scenarios. I can dig a bit deeper, as I know people in the Industry.

Three using Huawei is not something I know first hand, but I was told this by an Ericsson engineer, who was involved in that regard.

And Three having handover problems is something I experience every single day being a Three customer. Don't have those issue on the Vodafone sub, that I keep as a backup.

So what I was told sounded feasable. If you know more first hand, then that's absolutely fine.

/M

ED E

Think Marlow is confusing an (intentionally?) bodged MVNO framework with the actual RAN which works perfectly - I'm a customer for years who also likes to prod the network to see whats available.

Marlow

ED E wrote: »

Think Marlow is confusing an (intentionally?) bodged MVNO framework with the actual RAN which works perfectly - I'm a customer for years who also likes to prod the network to see whats available.

That would require using an MVNO. I'm a business customer of the carrier in both cases.

The MVNO issues should not kick in there. That be different, if it was Tesco or iD or somebody else.

/M

digiman

Marlow wrote: »

There are cell handover problems with Huawei. It's certain scenarios. I can dig a bit deeper, as I know people in the Industry.

Three using Huawei is not something I know first hand, but I was told this by an Ericsson engineer, who was involved in that regard.

And Three having handover problems is something I experience every single day being a Three customer. Don't have those issue on the Vodafone sub, that I keep as a backup.

So what I was told sounded feasable. If you know more first hand, then that's absolutely fine.

/M

Perhaps it's from one RAN vendor to another where there are handover issues, like in Three's case going from Samsung 4G to Nokia 3G could potentially cause issues. I'm not on the network so wouldn't know but I highly doubt there is a technology issue when handing over from one Huawei cell to another cell of same technology (3G to 3G) or from one technology to another (3G to 4G in a properly planned RAN network.

Vodafone's whole RAN network (2G/3G/4G) in Ireland is using Ericsson and it's widely regarded that an SRAN solution (single RAN) is the best way to delpoy. I do use Vodafone's network and it is fantastic, easily the best network out there in my opinion.

tsue921i8wljb3

NBP is likely to use Nokia as Huawei were not mentioned in the list of partners by National Broadband Ireland or whatever they are calling themselves now.

Marlow

digiman wrote: »

Vodafone's whole RAN network (2G/3G/4G) in Ireland is using Ericsson and it's widely regarded that an SRAN solution (single RAN) is the best way to delpoy. I do use Vodafone's network and it is fantastic, easily the best network out there in my opinion.

Agreed. Just the 2G infrastructure is a bit in bits. When Vodafone and Three agreed 2G infrastructure sharing that whole pot got put into one seperate company.

As Three fully integrated O2s network into their own (which is another one of those issues they have with loads of different aspects to the network), they sold their part of the Vodafone/Three 2G infrastructure back to Vodafone. Might not even have got money for it.

But it's a bit in disrepair. It is a well managed network though. Just a bit costly for higher volume use.

That's neither here nor there.

Fact is that Vodafone has been making sure, that everything on their mobile network works seemlessly together. Three's network is a bit thrown together .. especially due to the O2 purchase.

/M

9726_9726

Huawei are not just a kit vendor. They do consultancy also.

Huawei are very far into the biggest urban FTTH deployment in the State.... SIRO Cork city - 65,000 to be passed. They are lead contractor and designer on that build.

Between Openeir and SIRO, they are very much out front in broadband rollout in Ireland. Any measures to curb their activities in Ireland would be disruptive, for sure.

Oh and they do the RAN for everyone's favourite WISP, Imagine (BBUs and RRUs), but that's not statistically significant compared to SIRO and Openeir.

Does anyone really think that the spooks aren't into data centres, big cloud, subsea cables anyway?

Marlow

9726_9726 wrote: »

Huawei are very far into the biggest urban FTTH deployment in the State.... SIRO Cork city - 65,000 to be passed. They are lead contractor and designer on that build.

Same for Athlone, which now is nearly complete. 7200 of 8000 passed.

9726_9726 wrote: »

Does anyone really think that the spooks aren't into data centres, big cloud, subsea cables anyway?

Hmmm .. Tata Comms ... Only submarine fibre east of Africa, if I remember correctly and also the biggest submarine fibre operator in the world. India can be as bad as China

/M

ED E

9726_9726 wrote: »

Does anyone really think that the spooks aren't into data centres, big cloud, subsea cables anyway?

Oh they are.

The question is will our political honchos decide to fvck with it.

KildareP

ED E wrote: »

Do we know who Liberty are deploying here?

Think they're mainly a Cisco house on the internal routing and Juniper on the transit side out to Aorta - certainly the UK does anyway and much of the networks that make up VMUK were used as the design basis for the Irish equivalents during the ntl:home days. Very interesting write-up on The Register on the UK setup a few years back.
Corporate CPE is generally Cisco, been bit of a mish-mash on the SME and residental CPE's over the years.
HFC network is Scientific Atlanta (now Cisco), Motorola and Arris.

Video side is Tandberg (now Ericsson), Scientific Atlanta (Cisco) and Harmonic.
Nagra (now Kudelski) for security.

And that's not taking account of the multitude of differing cable systems and platofrms that amalgated Cablelink and Chorus respectively, that make up what LGII is today!

ED E

Cheers. Yeah they've probably got the most diverse network due to the acquisitions.



Huawei Update:
Canada still hasn't released the CFO
Japan has said bye bye to Huawei for any Govt stuff (not sure how much hope they had anyway)

KildareP

digiman wrote: »

While you are quite informed on alot of topics on here, you also post quite a bit that is simply just not true. Problem then is that alot of other posters then take what you say as the bible.

Three use Nokia for their 3G and Samsung for their 4G, there is industry talk of possible changes there but at the moment there is no Huawei in the Three RAN network.

The core may be majority NSN, but they're using Huawei antennae on a lot of their new tower builds so there is certainly Huawei being deployed within Three's radio access network today.

ED E

Just the Kathrein panels though? At least that'd be safe enough from f'ckery.

EdgeCase

BTW I wouldn't say that OpenEir copy OpenReach. Telcos aren't technology innovators, they buy systems, plug them together and build services.

You'll find similar or identical equipment in all of them. It's just a random choice of whatever vendor happened to have the best gear at the best price when they were shopping.

That Huawei gear used for FTTC here isn't unusual. They're one of the largest suppliers of that kind of stuff.

From what I gather the deployment of Huawei FTTC here is also a better spec than most of BT's stuff as it was a little later and also had to compete more directly with UPC which was at the time offering faster base speeds than Virgin in the UK. That's drove deployment of vectoring to get the speeds up to vaguely competitive with cable.

There's been a lot of accusations about Huawei but no smoking gun. The other side of it is that if they were selling compromised equipment their business could be wiped out. Would they really do that? I have my doubts.

If there's an issue, I would like to see evidence not just people making political accusations. Huawei make very good and innovative equipment that's been amongst the best out there in a whole range of areas in recent years.

EdgeCase

Euronews.com wrote:

Poland arrests two over spying for China, including Huawei employee

Polish authorities have arrested a Chinese employee of Huawei and a Polish man, who reportedly worked for Orange Polska, on charges of spying for Beijing, according to local media.

TV channel TVP said the two individuals were arrested on Tuesday after the Huawei and Orange Polska offices were searched.

https://www.euronews.com/2019/01/11/poland-arrests-two-over-spying-for-china-including-huawei-employee

and more on The Register

https://www.theregister.co.uk/2019/01/11/poland_reportedly_arrests_huawei_official_for_spying/

Johnboy1951

EdgeCase wrote: »

BTW I wouldn't say that OpenEir copy OpenReach. Telcos aren't technology innovators, they buy systems, plug them together and build services.

You'll find similar or identical equipment in all of them. It's just a random choice of whatever vendor happened to have the best gear at the best price when they were shopping.

That Huawei gear used for FTTC here isn't unusual. They're one of the largest suppliers of that kind of stuff.

From what I gather the deployment of Huawei FTTC here is also a better spec than most of BT's stuff as it was a little later and also had to compete more directly with UPC which was at the time offering faster base speeds than Virgin in the UK. That's drove deployment of vectoring to get the speeds up to vaguely competitive with cable.

There's been a lot of accusations about Huawei but no smoking gun. The other side of it is that if they were selling compromised equipment their business could be wiped out. Would they really do that? I have my doubts.

If there's an issue, I would like to see evidence not just people making political accusations. Huawei make very good and innovative equipment that's been amongst the best out there in a whole range of areas in recent years.

...... and if they did have compromised equipment, do you know for certain that any of the alternative suppliers have equipment that is not compromised?

Political football!

Is there really much difference to Ireland, for instance, which equipment manufacturer is used from a security point of view?
Do you trust the likes of Trump more than any of his equivalents in other countries?

IMO, if one is 'at it' then they all are to a greater or lesser extent.

EdgeCase

Oddly enough the US policy against Huawei is mostly beneficial to two very large European companies : Ericsson and Nokia.

There aren't really many US companies in the that sector anymore.

Lucent was the last very big US one but that was acquired by Alcatel and they were subsequently acquired by Nokia.

Motorola used to be big in mobile telecommunications technology but they faded away and Qualcomm pursued proprietary technology CDMA One / 2000 and EV-DO that's never been used in Europe as it's not GSM based.

So really if Huawei is spying you're looking at business from European telecoms going back to their traditional suppliers which are all European.

Samsung is also quite big in that area. 3's 4G network here for example is based on their gear.

..

The biggest exposure to Huawei in Ireland is FTTC and FTTH. Eir uses Huawei DSLAMs for the fibre to cabinet services and both Eir and Siro use them for fibre to home.

The major alternative supplier there is Nokia, Alcatel is pretty big in that type of technology.

ED E

Nokia may be Finnish but they've got a big US presence via Alcatel via Bell Labs. No question of them being "courteous" to three letter agencies so the US won't consider them filthy foreigners.



Still curious why AL lost out on the VDSL trials, though one can guess it might have been price.

9726_9726

Looking at a FTTH deployment for a minute, for example, SIRO. I assume that only the OLT and ONT are Huawei. These would be providing a layer 2 service, bringing a set of customers back to a given provider.

These devices would only have management IP addresses in the management plane, which is non-routable to catvideos. Even a VPN could therefore not be established off the Huawei devices to some nefarious spy server.

I'm sure there's an IP/MPLS network behind the GPON network, in order to deliver L2VPN ethernet services to the providers (of in smaller networks, this could be done in native layer 2) but this would likely be Juniper, Cisco, etc.

I honestly don't see how a GPON network could phone home with user data.

Ideas?

ED E

I suspect they'd do it through their own management units in the POPs not directly from the last mile gear.


All the NGA aggs are public, thats not at cab level but one up at exchange area. Can't be sure who they are.

PORT STATE SERVICE VERSION
20/tcp filtered ftp-data
21/tcp filtered ftp
22/tcp filtered ssh
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
179/tcp open tcpwrapped
445/tcp filtered microsoft-ds

Aggressive OS guesses: Alcatel-Lucent 7750 Service Router (SR OS 9.0.R9) (91%), 3Com SuperStack 3 Switch 3870 (90%), FireBrick FB2700 firewall (87%), OpenBSD 3.5 (86%), Epson Stylus Pro 400 printer (86%).....

7750 lines up though external profiling is NOT reliable.


Its also worth noting that Huawei were doing trials in conjunction with the Eir SMC for vectoring and supervectoring on live cabs meaning OE were probably providing direct access.

EdgeCase

ED E wrote: »

Nokia may be Finnish but they've got a big US presence via Alcatel via Bell Labs. No question of them being "courteous" to three letter agencies so the US won't consider them filthy foreigners.



Still curious why AL lost out on the VDSL trials, though one can guess it might have been price.

Almost certainly price and the fact that BT had success with them as a supplier for FTTC deployments with a previous generation of their gear. The Huawei cabinets seemed to be a perfect fit for Eir's access network - small, unobtrusive cabinets that were designed to plug straight into the existing junction cabinets.

AL had been providing small MSANs to the trial that seemed to replace the PCP and included voice services. I'm not sure if they were also integrating into some replacement for the AL E10 PSTN exchanges.

I also got the impression that the trial services around Dundrum were looking for a combined solution that would have replaced the traditional telephone exchange equipment with cabinets. The same was true of early BT deployment.

However, the solution the ultimately opted for just abandoned the idea of replacing voice services with cabinet deployed equipment and concentrated entirely on VDSL and a future FTTH rollout. I would assume POTS just became an increasingly obsolete irrelevance as it can be done by VoIP and abandon dial tone services entirely and customers are abandoning landline services for voice anyway.

If PSTN dial tone services are retained, most customers won't be using them so, you could feasibly deploy some much smaller scale AL or Ericsson solution for the people who insist on having old school phone lines. In the meantime they'll likely just use the existing equipment for as long as it's useful life allows and route the traffic over VoIP behind the scenes.

During that trial period a lot of traditional telcos including BT and Eir finally realised they were actually no longer phone companies and their core business was now broadband.

Eircom was always fairly conservative about new suppliers. Their core voice network has been using mostly Ericsson for example since before 1957.

Huawei has established a good track record and they're coming in at good pricing. That's why they're getting projects and managing to prise old telecoms companies away from their historical suppliers.

If there's a big issue with Huawei, their problem is their customers are largely old, conservative, legacy telcos.

That's why I'm not convinced that they're up to anything. It would absolutely decimate their business if they were and I'm sure they know that.

9726_9726

ED E wrote: »

I suspect they'd do it through their own management units in the POPs not directly from the last mile gear.


All the NGA aggs are public, thats not at cab level but one up at exchange area. Can't be sure who they are.



7750 lines up though external profiling is NOT reliable.


Its also worth noting that Huawei were doing trials in conjunction with the Eir SMC for vectoring and supervectoring on live cabs meaning OE were probably providing direct access.

Yes, it is usually the case that major vendors in a network will require VMs running back end provisioning/management services, such as syslog, sFTP, SNMP, licencing,l services, updates and... critically for this discussion, remote vendor dial-in, for anything above a bronze support contract. That gives a route home......

Marlow

9726_9726 wrote: »

Looking at a FTTH deployment for a minute, for example, SIRO. I assume that only the OLT and ONT are Huawei. These would be providing a layer 2 service, bringing a set of customers back to a given provider.

Both SIRO and OpenEIR deliver FTTH circuits layer2 to the partner providers. VDSL circuits from OpenEIR are also delivered that same way.

With SIRO that means, none of their gear is on the public internet. The provisioning system isn't on the public internet either. It has to be reached via VPN.

OpenEIR is a bit different. Their provisioning system is reachable from the Internet. And I'm not sure how OpenEIR and Eir are interconnected at the aggregation point, but all other providers are handed the customer sessions over layer2.

/M

ED E

Eir subs DHCP from the 7750 above and just route tagged packets to appropriate edge router. Manually managed block assignments which is a clusterf'ck (1000 pools instead of like 9).

ED E

BTW Huawei fired the Polish employee.

https://www.bbc.com/news/world-europe-46851777

ED E

https://www.wsj.com/articles/major-mobile-carrier-halts-huawei-purchases-amid-security-concerns-11548418611

ED E

More fun.

https://www.theverge.com/2019/1/28/18201023/us-charges-huawei-fraud-stealing-t-mobile-justice-department?

Johnboy1951

ED E wrote: »

More fun.

https://www.theverge.com/2019/1/28/18201023/us-charges-huawei-fraud-stealing-t-mobile-justice-department?

Hehehehehe ...... brings to mind pot and kettle

gctest50

https://www.bbc.com/news/world-us-canada-47036515

The US Justice Department has filed a host of criminal charges against Chinese telecoms giant Huawei and its chief financial officer, Meng Wanzhou.

The charges against the world's second largest smartphone maker include bank fraud, obstruction of justice and theft of technology.

long_b

Fascinating reading - details of the spying. Serious stuff and actively encouraged

https://www.documentcloud.org/documents/5698582-Huawei-Indictment-Pacer-0.html#text/p12

recyclebin

There is a video of Tappy on the T-Mobiles YouTube account from 2012. It does not look like something that would be hard to copy.

Also went to T-mobiles Germany website and they are selling Huawei phones still.

Sounds like a setup to me.

EdgeCase

I'd agree it seems to be an odd thing to be THAT interested in copying. I'd have thought Huawei would be more than capable of designing something like that itself. In fact, given that it has manufacturing and design engineering skills in-house in large numbers, I would have thought that it would be in a far better position than T-Mobile US to develop such a device.

It's possible though that they just have a corporate culture of collecting data on anything useful, even if it's not particularly beneficial to the company.

turbbo

Johnboy1951 wrote: »

...... and if they did have compromised equipment, do you know for certain that any of the alternative suppliers have equipment that is not compromised?

Political football!

Is there really much difference to Ireland, for instance, which equipment manufacturer is used from a security point of view?
Do you trust the likes of Trump more than any of his equivalents in other countries?

IMO, if one is 'at it' then they all are to a greater or lesser extent.

Isn't Huawei a government funded company?
The US has strict regulation when it comes to dealing with companies that operate with government backing. AFAIK they are not using any Huawei gear in the mobile networks in the US as they're not allowed. They only sell end user gear there? Or has that changed?

ED E

Officially, Huawei is an employee-owned company, a fact the company emphasizes to distance itself from allegations of government control.

In practice they're totally at the beck and call of Beijing.

turbbo

ED E wrote: »

In practice they're totally at the beck and call of Beijing.

Yeah don't think anybody(country) believes they are anything else?