HUAWEI TECHNOLOGIES CO., LTD. Anti-DDoS Solution

Transcription

1 HUAWEI TECHNOLOGIES CO., LTD. Anti-DDoS Solution

2 1 Anti-DDoS Solution Dear Huawei Employees, Heartiest Congratulations to the Huawei team for the successful vision and ingenuity demonstrated in attaining the Product Innovation Award for its anti-ddos solutions in Network Security Market in the Middle East. Huawei received this Award for its leadership and accomplishments displayed in the network security space. It has been able to achieve it due to its technology innovation, dedicated workforce, a well stratified channel structure and a strategic focus towards developing a cost effective and efficient security product offering in the form of its anti-ddos solution. The Award is an accomplishment to be truly proud of, as this recognition stems from an in-depth analysis of the Network Security space by our experienced industry research team. Frost & Sullivan is a global growth consulting company with more than fifty years of research and consulting experience. We take great pride in rewarding those few companies who exhibit excellence in their growth strategies. Our expert analysts confer Frost & Sullivan Awards upon companies in each market sector that demonstrate exceptional leadership, successful customer acquisition and service strategies, and sound execution in business plans, in addition to other critical marketing factors. On behalf of everyone at Frost & Sullivan, I would like to congratulate you all on this outstanding achievement. We are proud to present you the Frost & Sullivan 2012 Middle East New Product Innovation Award in Network Security Market. Yours Sincerely, Y S. Shashidar Managing Director Frost & Sullivan Middle East, North Africa and South Asia

3 Anti-DDoS Solution 2 1 Background and Challenges With the IT and network evolution, the Distributed Denial of Service (DDoS) attack has already broken away from original hacker behaviors. Instead, it forms an integral dark industry chain with overwhelming damages. Severe DDoS attacks At present, a single DDoS attack consumes more than 100 Gbit/s bandwidth. The number of DDoS attacks is 20 times of that in 2007, and over 30,000,000 zombie hosts flood the network. Moreover, attack tools become easily available. Large numbers of botnets break off the technical threshold for DDoS attacks. A DDoS attack is launched by only three steps, namely, downloading the attack tool, purchasing zombie hosts, and initiating the attack. Traffic DDoS attacks evolve to application attacks In the past, flood attacks were prevailing on the carrier network and infrastructure. In comparison, current DDoS attacks are specific to applications and services, such as enterprise portal applications, e-shopping, online videos, online games, DNS, and . The targets of attacks become more extensive. A single attack consumes less traffic and fewer costs. The attack behavior becomes more complex and difficult to distinguish. This brings difficulty in detecting and defending against DDoS attacks. Service interruption adversely affects enterprise operation DDoS attacks frequently intrude into the service systems of enterprises, and severely interrupt the normal service operation. On the one hand, service interruption damages enterprises' brand images, takes away their customers, and reduces their profits, especially for small Internet enterprises on e-business, online games, and portals. On the other hand, constructing an anti- DDoS system brings intensive investment and maintenance pressure on these enterprises and deteriorates their normal service operation. DDoS attacks cause IDC customer loss If a service system suffers from DDoS attacks, the attack traffic occupies the entire IDC bandwidth, affecting the service systems of other leasers. As a result, IDC leasers quit, competitiveness lowers, and operation costs rise. These side impacts severely deteriorate the service operation and profits.

4 3 Anti-DDoS Solution 2 Solution Highlights 2.1 Overview Designed for carriers, enterprises, data centers, and ICP service providers (including providers for Web portals, online games, online videos, and DNS services), Huawei anti-ddos solution incorporates extensive experience in network security and full understanding of customer demands. Huawei anti-ddos solution enhances defense against application-layer attacks, IPv4-IPv6 attack defense, and defense against zombies, Trojan horses, and worms. This fully ensures network security and service continuity. Huawei anti-ddos solution uses the leaser-specific service design for management configuration, which implements a series of functions, including leaser service model learning, leaser configuration, and report self-service. Moreover, IDC operators can provide the anti-ddos solution for their leasers as an SAAS service to increase the leaser viscosity, improve IDC competitiveness, and add IDC operation profits. 2.2 Functions Service-based defense policy Huawei anti-ddos solution supports continuously periodic learning and analysis on the service traffic of the Zone, draws the outline of normal service traffic, and enables differentiated defense types and policies for various services or one service in different time ranges, therefore implementing refined defense. Accurate abnormal traffic cleaning Huawei anti-ddos solution uses the per-packet detect technology. Defense is triggered immediately by an attack. This solution applies multiple technologies, including seven-layer filtering, behavior analysis, and session monitoring, to accurately defend against various flood attacks, Web application attacks, DNS attacks, SSL DoS/DDoS attacks, and protocol stack vulnerability attacks. In this way, application servers are protected. Intelligently caching DNS traffic Besides accurately defending against various attacks on the DNS server, Huawei anti-ddos solution supports DNS cache for improved performance under heavy DNS server traffic. Defense against prevailing zombies/trojan horses/worms By spreading Trojan horses and worms to large numbers of hosts, hackers control the hosts hierarchically and form the botnet to launch attacks. Therefore, botnets breed DDoS attacks. Huawei anti-ddos solution identifies and blocks over 200 common zombies/trojan horses/worms worldwide, therefore smashing botnets. Perfect IPv4-IPv6 defense In February 2011, IANA declared that IPv4 addresses were exhausted. Enterprises have no new IPv4 addresses and begin

5 Anti-DDoS Solution 4 to put IPv6 network construction into agenda. The particular IPv4-IPv6 technology of Huawei anti-ddos solution supports concurrent defense against DDoS attacks on both IPv4 and IPv6 networks. The solution addresses the DDoS attack defense requirements in dual stack and helps users transit to the next generation network. Flexible networking The anti-ddos solution must be adaptive to various network environments and address different grades of service requirements. On this basis, Huawei anti-ddos solution provides multiple in-line and off-line deployments, which enable customers to select flexibly by their services and networks. In-line deployment: serially connects the detecting and cleaning modules to the network to be protected for direct traffic detecting and cleaning. The high-performance and multi-core hardware platform in use not only ensures the detecting and cleaning accuracy, but also minimizes the processing delay. Moreover, Huawei anti-ddos solution provides the bypass module. When an anomaly occurs, traffic is sent to the cleaning module, which avoids introducing new failures. Off-line traffic-diversion deployment: deploys the cleaning module on the network in off-line mode. Once detecting DDoS attack traffic, the detecting and cleaning centers perform actions based on the policies configured in the management center. 2.3 Highlights Highlights of Huawei anti-ddos solution: Efficient and speedy: 200 Gbit/s defense performance and response within seconds High-performance and multi-core CPU, providing anti-ddos products covering 2 Gbit/s to 200 Gbit/s performance to defend against all types of DDoS attack. Self-learning of the service model and per-packet detect technology. Once a traffic or packet anomaly is found, the defense policy is automatically triggered. The defense latency is within two seconds. Accurate and comprehensive: defense against hundreds of attacks and IPv6 defense Multiple technologies, including seven-layer filtering, behavior analysis, and session monitoring, to defend against over 100 DDoS attacks, with the industry-leading defense types. Protocol stack threat Featured DoS/DDoS attack Transport-layer threat Application-layer threat Abnormal connection threat Low-rate attack Burst traffic Normal traffic Abnormal traffic filtering Feature filtering Forged source authentication Application-layer authentication Session analysis Behavior analysis Intelligent rate limiting

6 5 Anti-DDoS Solution Defense against over 200 zombies, Trojan horses, and worms, protecting users from hackers. IPv4/IPv6, as the first to support IPv6 attack defense and concurrent IPv4 and IPv6 attack defense. Particular terminal identification technology to accurately identify client types, such as smart terminals, set-boxes, and common clients, as well as client-specific defense technologies to ensure zero false positive. Value-added operation: protection for tens of thousands of leasers and diverse self-services Leaser-based service design to protect 100,000 leasers concurrently. Self-configuration of defense policies and the generation of independent security reports, providing visibility into defense effects. Capture of attack packets, extraction of attack features, and user-defined attack feature filtering to effectively defend against DDoS attacks and zero-day attacks. 2.4 Solution Components As shown in the following figure, Huawei anti-ddos solution comprises the detecting center, cleaning center, and ATIC management center. By means of policy interworking and control interworking, the three centers provide a professional anti- DDoS solution with easy management and flexible deployment for customers. Management center Policy interworking Device management Policy management Report display Control interworking Detecting center Traffic feature exchange Cleaning center Detecting center: As the "antenna" of the entire solution, the detecting center receives detecting policies delivered by the ATIC management center, identities and detects DDoS traffic, and gives detecting results back to the ATIC management center. Cleaning center: As the "executor" of the entire solution, the cleaning center cleans DDoS traffic on the network based on the control signals delivered by the ATIC management center. ATIC management center: As the "brain" of the solution, the ATIC management center allows the user to customize detecting and cleaning policies and delivers the policies to the detecting center and cleaning center to control the detecting and cleaning process.meanwhile, the user can also generate and view attack reports and cleaning records in the ATIC management center.

7 Anti-DDoS Solution 6 Note 1: In practice, the detecting center can be a Per-packet detect technology-enabled detecting device or Netflow sampling detecting device. Note 2: The cleaning center can be serially connected to the user network, without a detecting center, for bidirectional defense. The networking depends on actual requirements. 3 Typical Application Scenarios 3.1 IDC Secure and Profitable Operation Internet Anti-DDoS cleaning center IDC Anti-DDoS management center Leaser A Leaser A Huawei anti-ddos solution deployed at the IDC egress delivers the following functions: 1. Defends against attacks on the DNS server, for example, DNS protocol stack vulnerability attacks, DNS reflection attacks, DNS flood attacks, and DNS CacheMiss attacks, and supports DNS cache for improved DNS server performance under heavy traffic. 2. Defends against attacks on Web servers, for example, SYN flood attacks, HTTP flood attacks, CC attacks, and low-rate connection attacks. 3. Defends against attacks on online games, for example, UDP flood attacks, SYN flood attacks, and TCP attacks. 4. Defends against SSL DoS/DDoS attacks on HTTPS servers. 5. Provides customers with self-service policy configuration and report by operating anti-ddos as a security service.

8 7 Anti-DDoS Solution 4 Success Stories 4.1 Tencent IDC Service Protection Customer Challenges Tencent IDC processes huge services and suffers from various DDoS attacks from the Internet every day, especially those attacks on online games and DNS servers. Defending devices, such as traditional firewalls and IPS devices, are not sharp in DDoS attack defense. When DDoS attacks are launched, these devices may exhaust connections and resources. Enabling attack defense may interrupt normal services. Therefore, Tencent is confronted with big security challenges. Solution Deploy an anti-ddos cleaning device at the Tencent IDC egress in off-line mode to defend against DDoS attacks on the IDC service system. Management center Cleaning center Detecting center Detecting center Cleaning center Data center A Data center B This deployment requires high performance, reliability, and scalability of the anti-ddos device. Then, the device must be able to restore services rapidly after an incident occurs. Next, all the deployed anti-ddos devices can be managed in a global way. Huawei anti-ddos solution, applying to multiple Tencent IDCs, features high performance, sound reliability, and fine defense effects, and meets with a favorable reception in Tencent. Customer Benefits "Huawei device displays normal status during IDC attack defense and successfully defends against continuous DNS flood attacks. The protected services operate stably, and no user complaint is received. Therefore, Huawei device is highly regarded by the personnel in the service line." ----Tencent Aegis team

9 Anti-DDoS Solution 8 5 Products in the Solution AntiDDoS1000 series AntiDDoS8000 series 6 Specifications AntiDDoS1000 series AntiDDoS8000 series Model AntiDDoS1520 AntiDDoS1550 AntiDDoS1500-D AntiDDoS8030 AntiDDoS8080 AntiDDoS8160 Flood defense performance 3 Mpps 3 Mpps 3 Mpps 30 Mpps (15 Mpps/SPU) 75 Mpps (15 Mpps/SPU) 150 Mpps (15 Mpps/SPU) Detecting/ Cleaning performance 2 Gbit/s 5 Gbit/s 5 Gbit/s (detecting) 40 Gbit/s (20 Gbit/s per SPU) 100 Gbit/s (20 Gbit/s per SPU) 200 Gbit/s (20 Gbit/s per SPU) Defense start latency 2 seconds 2 seconds 2 seconds 2 seconds 2 seconds 2 seconds Fixed interface 4 GE (RJ45)+4 GE (combo) None Expansion slot 2 FIC 2 FIC 2 FIC Expansion interface card Bypass card 2 10GE (SFP+) 2 10GE (SFP+)+8 GE (RJ45) 8 1GE (SFP) 8 1GE (RJ45) 4 1 GE (RJ45) Dual-link LC/UPC multi-mode optical interface Dual-link LC/UPC single-mode optical interface 1 10GE (XFP) 2 10GE (XFP) 1 10G POS (XFP) 12 1GE (SFP) 20 1GE (SFP) None Dimensions (H W D) (DC) (AC) (DC) (AC) (DC) (AC)

10 9 Anti-DDoS Solution AntiDDoS1000 series AntiDDoS8000 series Model AntiDDoS1520 AntiDDoS1550 AntiDDoS1500-D AntiDDoS8030 AntiDDoS8080 AntiDDoS8160 Maximum power consumption 150 W 150 W 150 W 1330 W (DC) 1368 W (AC) 3038 W (DC) 3231 W (AC) 5824 W (DC) 6195 W (AC) IPv4 defense types Anomaly filtering Protocol vulnerability defense Transport-layer attack defense Scanning and sniffing attack defense DNS attack defense Web attack defense VoIP attack defense Zombie/Trojan horse/worm attack defense Blacklist, HTTP field-based filtering, and TCP/UDP/Other protocol load feature-based filtering Defense against IP spoofing, LAND, Fraggle, Smurf, WinNuke, Ping of Death, Tear Drop, IP Option, IP fragment control packet, TCP label validity check, large ICMP control packet, ICMP redirect control packet, and ICMP unreachable control packet attacks Defense against SYN flood, ACK flood, SYN-ACK flood, FIN/RST flood, TCP fragment flood, UDP flood, UDP fragment flood, and ICMP flood attacks Defense against port scanning, address scanning, Tracert control packet, IP Option, IP timestamp, and IP routing record attacks Defense against forged source DNS query flood attacks, real source DNS query flood attacks, DNS reply flood attacks, DNS cache poisoning attacks, DNS protocol vulnerability attacks, and fast flux botnet Defense against HTTP get/post flood attacks, CC attacks, HTTP slow header/post attacks, HTTPS flood attacks, SSL DoS/DDoS attacks, TCP connection attacks, Sockstress attacks, TCP retransmission attacks, and TCP null connection attacks Defense against SIP flood attacks Defense against over 200 zombies, Trojan horses, and worms, such as LOIC, HOIC, Slowloris, Pyloris, HttpDosTool, Slowhttptest, and Thc-ssl-dos IPv6 defense types IPv6 defense types IPv4/IPv6 dualstack attack defense Defense against ICMP fragment attacks, blacklist, HTTP field-based filtering, TCP/UDP/Other protocol load feature-based filtering, SYN flood attacks, ACK flood attacks, SYN-ACK flood attacks, FIN/RST flood attacks, TCP fragment flood attacks, UDP flood attacks, UDP fragment flood attacks, ICMP flood attacks, Forged source DNS query flood attacks, real source DNS query flood attacks, DNS reply flood attacks, DNS cache poisoning attacks, DNS protocol vulnerability attacks, fast flux botnet, HTTP get/post flood attacks, CC attacks, HTTP slow header/post flood attacks, HTTPS flood attacks, SSL DoS/DDoS attacks, TCP connection attacks, Sockstress attacks, TCP retransmission attacks, TCP null connection attacks, and SIP flood attacks Supported

11 Anti-DDoS Solution 10 7 Ordering Information 7.1 Ordering Information of AntiDDoS1000 Ordering Information of AntiDDoS1000 Basic configurations of the AntiDDoS1500-D AntiDDoS1500D-AC AntiDDoS1500D-DC AntiDDoS1500 D-SUBZ31UAH-AMS1500-D AC Host, with HS General Security Platform Software AntiDDoS1500 D-SUBZ31UDH-AMS1500-D DC Host, with HS General Security Platform Software Alternative Basic configurations of the AntiDDoS1520 AntiDDoS1520-AC AntiDDoS1520-DC AntiDDoS1520-SUBZ11UAH-AMS1520 AC Host, with HS General Security Platform Software AntiDDoS1520-SUBZ11UDH-AMS1520 DC Host, with HS General Security Platform Software Alternative Basic configurations of the AntiDDoS1550 AntiDDoS1550-AC AntiDDoS1550-DC AntiDDoS1550-SUBZ21UAH-AMS1550 AC Host, with HS General Security Platform Software AntiDDoS1550-SUBZ21UDH-AMS1550 DC Host, with HS General Security Platform Software Alternative Interface modules of the AntiDDoS series FIC-2SFP+&8GE 2 x 10GE optical interface card+8 GE electrical interface card, with HS General Security Platform Software FIC-8GE 8 GE electrical interface card, with HS General Security Platform Software FIC-2SFP+ 2 x 10GE optical FIC, with HS General Security Platform Software FIC-8SFP 8 GE optical FIC, with HS General Security Platform Software FIC-8SFP 8 GE optical FIC, with HS General Security Platform Software FIC-2LINE-M- BYPASS FIC-2LINE-S-BYPASS Anti-DDoS components ADSCT001WIN01 ADSCT001WIN03 2 Link LC/UPC Multimode Optical Interface Bypass Protect Card, with HS General Security Platform Software 2 Link LC/UPC Singlemode Optical Interface Bypass Protect Card, with HS General Security Platform Software Windows Chinese Platform (AC PC Server, Hard Disk, Microsoft Windows Server and Patches, Chinese), Including OS License Windows Chinese Platform (DC PC Server, Hard Disk, Microsoft Windows Server and Patches, Chinese), Including OS License

12 11 Anti-DDoS Solution Ordering Information of AntiDDoS1000 NS19MKM00 KB&Mouse, Monitor 19-Inch TFT LCD Anti-DDoS management center LIC-ADS-NOFA00 ATIC Basic Feature Summary, with HS General Security Platform Software Alternative Product customization and development expense E8KE-EXTRAD01 Extra Product Function Requirement Customized Development Fee-with HS General Security Platform Software 7.2 Ordering Information of AntiDDoS8000 AntiDDoS8000 Series AntiDDoS8030 AntiDDoS8030- BASE-DC AntiDDoS8030- BASE-AC AntiDDoS8080 AntiDDoS8080- BASE-DC CR52-PWRA-AC-DF USG9500-PWR-AC AntiDDoS8160 AntiDDoS8160- BASE-DC CR52-PWRA-AC-DF USG9500-PWR-AC AntiDDoS8030 DC Basic Configuration (include X3 DC Chassis, 2*MPU), with HS General Security Platform Software AntiDDoS8030 DC Basic Configuration (include X3 DC Chassis, 2*MPU), with HS General Security Platform Software AntiDDoS8080 DC Basic Configuration (include X8 DC Chassis, 2*SRU, 1*SFU), with HS General Security Platform Software AC Distribution Frame for Cabinet, 2 or 6 Input, 6 (2*3) Output, 6 Group of 2 Poles 20A Air Switch AC Power Supply Module AntiDDoS8160 DC Basic Configuration (include X16 DC Chassis, 2*MPU, 4*SFU), with HS General Security Platform Software AC Distribution Frame for Cabinet, 2 or 6 Input, 6 (2*3) Output, 6 Group of 2 Poles 20A Air Switch AC Power Supply Module Alternative Mandatory AC mandatory AC mandatory Mandatory AC mandatory AC mandatory SPU of the AntiDDoS 8000 series

13 Anti-DDoS Solution 12 AntiDDoS8000 Series ADS-SPUA01 LIC-ADS-10GDDD00 LIC-ADS-10GDDC00 ADS-SPUA02 LIC-ADS- 20GDDD00 LIC-ADS-20GDDC00 Service Processing Unit, Double CPUs, with HS General Security Platform Software Capability for Detector (a multiple of 10G), with HS General Security Platform Software Capability for Cleanning (a multiple of 10G), with HS General Security Platform Software Service Processing Unit, Four CPUs, with HS General Security Platform Software Capability for Detector (a multiple of 20G), with HS General Security Platform Software Capability for Cleanning (a multiple of 20G), with HS General Security Platform Software (the SPU must be used with a license) (the SPU must be used with a license) LPU of the AntiDDoS 8000 series LPUF40 FWCD0LPUF40A01 Flexible Card Line Processing Unit (LPUF-40, 2 sub-slots) A, with HS General Security Platform Software FWCD00L2XX01 2-Port 10GBase LAN/WAN-XFP Flexible Card (P40) FWCD00EFGF01 20-Port 100/1000Base-X-SFP Flexible Card (P40) LPUF21 FWCD0LPUKD01 FWCD00L1XX01 FWCD00EBGF01 FWCD00EBGE01 FWCD0P1XBZ01 Flexible Card Line Processing Unit (LPUF-21, 2 Sub-Slots) B, With HS General Security Platform Software 1-Port 10GBase WAN/LAN XFP Flexible Interface Daughter Card, With HS General Security Platform Software 12-Port 100/1000Base-X SFP Flexible Interface Daughter Card, With HS General Security Platform Software 12-Port 10/100/1000Base-TX RJ45 Flexible Interface Daughter Card, With HS General Security Platform Software 1 Port OC-192c/STM-64c POS-XFP Flexible Card, With HS General Security Platform Software Anti-DDoS components ADSCT001WIN01 ADSCT001WIN03 Windows Chinese Platform (AC PC Server, Hard Disk, Microsoft Windows Server and Patches, Chinese), Including OS License Windows Chinese Platform (DC PC Server, Hard Disk, Microsoft Windows Server and Patches, Chinese), Including OS License NS19MKM00 KB&Mouse, Monitor 19-Inch TFT LCD

14 13 Anti-DDoS Solution AntiDDoS8000 Series Anti-DDoS management center LIC-ADS-NOFA00 LIC-ADS-DOFA00 ATIC Basic Feature Summary,with HS General Security Platform Software ATIC Operation Feature Summary, with HS General Security Platform Software (including professional DNS defense) Alternative Product customization and development expense E8KE-EXTRAD01 Extra Product Function Requirement Customized Development Fee-with HS General Security Platform Software Professional anti-ddos defense LIC-ADS-DNS00 DNS Professional Protection Function, with HS General Security Platform Software LIC-ADS-WEB00 Web Professional Protection Function, with HS General Security Platform Software LIC-ADS-DOM50 Number of DDoS Zone (a multiple of 10G), with HS General Security Platform Software LIC-ADS-10GDDD00 Capability for Detector (a multiple of 10G), with HS General Security Platform Software LIC-ADS-10GDDC00 Capability for Cleanning (a multiple of 10G), with HS General Security Platform Software LIC-ADS- 20GDDD00 Capability for Detector (a multiple of 20G), with HS General Security Platform Software LIC-ADS-20GDDC00 Capability for Cleanning (a multiple of 20G), with HS General Security Platform Software Subrack optical splitter OOS314S00 OOS412S00 OOS413S00 OOS412M00 OOSSMRC00 OOS412S01 Optical Splitter, Single Mode, Support Three Optical Links (1*4 each), 1310/1550nm, +/-40nm, 70:10:10:10, LC/UPC, 0.25mm, SMF-28e, 180.3*144.45*18.1 Optical Splitter, Single Mode, Support Four Optical Links (1*2 each), 1310/1550nm, +/-40nm, 80:20, LC/UPC, 0.25mm, SMF-28e, 0.2dB, 180.3*144.45*18.1 Optical Splitter, Single Mode, Support Four Optical Links (1*3 each), 1310/1550nm, +/-40nm, 70:15:15, LC/UPC, 0.25mm, SMF-28e, 180.3*144.45*18.1 Optical Splitter, Multi-mode, Support Four Optical Links (1*2 each), 850nm, +/-40nm, 50:50, LC/UPC, 0.25mm, 62.5/125ume, 250um loose tube, 0.2dB, 180.3*144.45*18.1 Optical Splitter, Single Mode/Multi-mode, Rack-mounted Optical Splitter Chassis (Used with Optical Splitter Cards), 850/1310/1550nm, 482.6*209*43.6mm Optical Splitter, Single Mode, Support Four Optical Links (1*2 each), 1310/1550nm, +/-40nm, 50:50, LC/UPC, 0.25mm, SMF-28e, 0.2dB, 180.3*144.45*18.1mm

15 Anti-DDoS Solution 14

16 Copyright Huawei Technologies Co., Ltd All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd. Other trademarks, product, service and company names mentioned are the property of their respective owners. General Disclaimer THE INFORMATION IN THIS DOCUMENT MAY CONTAIN PREDICTIVE STATEMENTS INCLUDING, WITHOUT LIMITATION, STATEMENTS REGARDING THE FUTURE FINANCIAL AND OPERATING RESULTS, FUTURE PRODUCT PORTFOLIO, NEW TECHNOLOGY, ETC. THERE ARE A NUMBER OF FACTORS THAT COULD CAUSE ACTUAL RESULTS AND DEVELOPMENTS TO DIFFER MATERIALLY FROM THOSE EXPRESSED OR IMPLIED IN THE PREDICTIVE STATEMENTS. THEREFORE, SUCH INFORMATION IS PROVIDED FOR REFERENCE PURPOSE ONLY AND CONSTITUTES NEITHER AN OFFER NOR AN ACCEPTANCE. HUAWEI MAY CHANGE THE INFORMATION AT ANY TIME WITHOUT NOTICE. HUAWEI TECHNOLOGIES CO., LTD. Huawei Industrial Base Bantian Longgang Shenzhen , P.R. China Tel: Version No.: M C-1.0