Metro SRv6 BE Site-to-Cloud - Site-to-Site Private Line Solution

Metro SRv6 BE Site-to-Cloud & Site-to-Site Private
Line Solution
Department:
Author:
Date:
Security Level:
Contents
1 Solution Overview
2 Solution Design
2 Huawei Confidential
Solution Overview
Intra-AS site-to-site private line
DAP VPC
Inter-AS site-to-site private line
DAP VPC Intra-AS site-to-cloud private line
Cloud DC Cloud DC Inter-AS site-to-cloud private line
City A
City B
CE Network
ONU OLT MSE CR Cloud PE CR
PE
Cloud MSE CE
OLT ONU
backbone
CE Network
PE
• The MSEs on metro networks support the transport of the following types of site-to-site and site-to-cloud private
line services over SRv6 BE:
• Intra-AS site-to-site private line service
• Inter-AS site-to-site private line service
• Intra-AS site-to-cloud private line service
• Inter-AS site-to-cloud private line service
System Architecture
Presentation layer: provides unified GUIs for service provisioning.
 Provides service provisioning GUIs for tenants and carrier administrators.
 Can be implemented through a traditional BSS/OSS or new developments.
Presentation Admin Tenant Admin Service Tenant
BSS/OSS console
O&M app Console console Console
 Allows cloud services and site-to-cloud private line services to be either
layer provisioning app separately provisioned or uniformly provisioned through GUIs.
RESTful RESTful RESTful Cloud-network synergy layer:
Cloud management  Cloud-network synergy service orchestrator: orchestrates cloud and
Cloud-network RESTful Cloud-network synergy service orchestrator
platform network resources (including PON and metro network resources) and
synergy layer
RESTful uniformly allocates them.
 Resource management system (BSS/OSS): The VLAN access information
Network NCE-Super of PON network users is imported through the orchestrator to implement
orchestration layer RESTful RESTful orchestration with metro network resources.
RESTful Network orchestration layer (NCE-Super): E2E automated service
provisioning and visualized O&M
Management  E2E automated service deployment across metro and cloud backbone
and control DCN
PON NCE-IP
O&M networks
layer ITMS controller  BOD and bandwidth calendaring delivery across metro and cloud backbone
NMS
SNMP/NETCONF networks
Transport DAP VPC /OpenFlow/CLI
 E2E service display, quality monitoring, O&M, and fault demarcation
network TR069 SNMP SNMP/NETCONF/ Management and control layer (NCE-IP):
CLI Cloud DC  Basic route management and SRv6 locator address management on metro
and cloud backbone networks
FTTO FTTO  PON NMS: automated PON service deployment
ONT OLT LSW LSW OLT ONT  ITMS: ONT service configuration and management
Metro CR Network CR Metro Transport network:
FTTB MSE Cloud PE MSE FTTB
PE
CE MxU OLT LSW LSW OLT MxU CE
 Enterprise services access metro MSEs through PONs (FTTO/FTTB).
 EVPN/L3VPN is deployed between metro MSEs and cloud PEs based on
tenants/services to carry enterprises' site-to-cloud private line services.
 IS-IS IPv6 routes are deployed on both the metro and cloud backbone
ETH/QinQ ETH/QinQ networks, implementing intra-AS SRv6 locator advertisement.
Site-to-cloud private line Site-to-cloud private line  ASBRs/CRs on each metro network are connected to PEs on the cloud
VPN over SRv6 BE VPN over SRv6 BE backbone network through optical fibers or an OTN. IPv6 static routes are
deployed between the metro and cloud backbone networks, so that
loopback and SRv6 locator routes can be advertised across ASs.
ETH/QinQ ETH/QinQ  PEs on the cloud backbone network are connected to a cloud DC. They
Site-to-site private line over SRv6 BE interconnect with cloud DAPs through VLANs.
Note: NCE-IP V100R019C00 does not provide SRv6-related NBIs

and therefore cannot interconnect with the orchestration layer.
Product and Version Mappings
Category Device Device Model Software Version

Cloud PE NE40E-X8A/NE40E-
V800R011C10
Cloud backbone Network PE X16A
Cloud backbone core NE5000E V800R011C10
ASBR No specific requirements. Only dual stack needs to be supported.
Metro MSE V800R011C10
PON No specific requirements
NCE-IP (unified management of metro and cloud
V100R019C00
backbone networks)
Management and
control layer PON NMS No specific requirements
NCE-Super N/A
Contents
1 Solution Overview
2 Solution Design
Site-to-Cloud Private Line Transport
Solution
Site-to-Cloud Private Line
Provisioning and O&M
Site-to-Site Private Line Transport
Solution
Site-to-Site Private Line Provisioning
and O&M
Network Transport
DAP VPC
Local cloud DC
FTTO Network
CE ONT MSE CR Cloud PE
PE
CE MxU
FTTB OLT LSW Cloud backbone DAP VPC
Network
MSE CR
PE
Cloud PE Remote cloud DC
L2 VLAN/QinQ EVPN VPWS over SRv6 BE VLAN VRF

private
VLAN/QinQ EVPN VPWS over SRv6 BE VLAN VRF
line
L2
L3 VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

private VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF
line
L3
Enterprise-side access: Transport on the metro network: Interconnection with cloud DCs:
• Enterprise-side CEs are connected to • The PON provides VLAN access, and the QinQ solution can be used • PEs on the cloud backbone network are
ONTs/MxUs through physical interfaces or for VLAN deployment. interconnected with cloud DAPs through QinQ or
VLAN sub-interfaces. • IPv6 routes are deployed between the metro and cloud backbone VLAN sub-interfaces.
networks. • Each pair of PEs on the cloud backbone network can
be interconnected with multiple cloud DAPs.
VPN-based transport of site-to-cloud private line services: The site-to-cloud private line services of tenants can be carried over BGP
L3VPN/EVPN L3VPN or EVPN VPWS.
• One-hop VPN connection from an MSE to a PE on the cloud backbone network
 SRv6 BE is deployed for traffic forwarding based on SID locators.
IPv6 Address Planning
1. Different networks use different address spaces.

› Metro network IPv6 Addresses of Metro
› Cloud backbone network Network Devices
2. Different types of addresses at the same layer on
the same network use different address spaces. Loopback address Locator address of
› Interface interconnection address of metro network 1 metro network 1
› Loopback address Metro Loopback address Locator address
› SRv6 locator address Network
3. The addresses used to interconnect different MSE MSE1 MSE1
networks use different address spaces.
› Addresses of interfaces that connect ASBRs/CRs on a MSEn MSEn
metro network and PEs on a cloud backbone network ASBR/CR ASBR/CR1 ASBR/CR1
4. Address space aggregation must be considered. ASBR/CRn ASBR/CRn
5. Address redundancy must be considered in
address allocation.
6. Rules for mask length allocation:
› Interface address: 127 Example for aggregating the addresses of metro network
› Loopback address: 128 devices:
› SRv6 locator address: 96 Each metro network needs to advertise only two IPv6 summary routes
(loopback and locator routes) to the cloud backbone network.
MTU Planning
FTTO Network
CE ONT MSE CR Cloud PE
PE
CE MxU
FTTB OLT LSW Cloud backbone DAP VPC
Network
MSE CR
PE
Cloud PE Remote cloud DC
Adjust the MTU for all NNIs on the cloud backbone

network to prevent packet fragmentation.
MTU 4470/9600
MTU 1500
• To prevent SRv6-encapsulated packets from being dropped by interfaces when the

packet length exceeds the interface MTU, increase the IPv6 MTU of NNIs to 4470 or
9600 bytes for the following links:
• Links between MSEs and ASBRs/CRs on the metro network
• Links between the metro and cloud backbone networks
• Links on the cloud backbone network
Basic Routing Design
FTTO
CE ONT
OLT Network
LSW MSE CR Cloud PE DAP VPC
FTTB PE
CE MxU Remote cloud DC
IS-IS IPv4/v6 EBGP IS-IS IPv4/v6

Basic routing design
Process X
Enable IPv4/IPv6 dual stack on CR: IS-IS route import to BGP Network PE: IS-IS route import to IS-IS route advertisement:
the metro network and deploy • Configure a route-policy to import the BGP • Configure IPv6 loopback
IS-IS IPv6 multi-topology. IPv6 loopback and SRv6 locator • Configure a route-policy to import the routes for PEs on the cloud
routes of the MSE on the metro IPv6 loopback and SRv6 locator backbone network.
network from the IS-IS process to the routes of PEs on the cloud backbone • Configure SRv6 locator routes
BGP process. network from the IS-IS process to the for PEs on the cloud backbone
IS-IS process: BGP process. network.
• Configure a route-policy to import the
IPv6 loopback and SRv6 locator IS-IS process:
routes of devices on the cloud • Configure a route-policy to import the
backbone network from the BGP IPv6 loopback and SRv6 locator
process to the IS-IS process. In the routes of devices on all metro
case of an inter-AS site-to-site private networks from the BGP process to the
line, also import the IPv6 loopback IS-IS process.
and SRv6 locator routes of MSEs in
other ASs from the BGP process to
the IS-IS process.
• IS-IS IPv4/IPv6 multi-topology is deployed on the metro network.

• EBGP IPv6 routes are configured between the metro and cloud backbone networks.
• IS-IS IPv4/IPv6 multi-topology is deployed on the cloud backbone network.
Basic Routing Design (IS-IS Route-Policy Configuration on the
ASBR/CR)
FTTO
CE ONT
OLT LSW MSE CR Network DAP VPC
Cloud PE
FTTB PE

Process X
CR: Network PE:

• Apply tag 100 to the EBGP routes • Apply tag 100 to the EBGP routes
to be imported to the IS-IS IPv6 to be imported to the IS-IS IPv6
process. process.
• Configure a route-policy to filter out • Configure a route-policy to filter out
routes carrying tag 100. routes carrying tag 100.
• To control the import of BGP routes to IS-IS when the CR and network PE are deployed in square-looped mode,
configure a route tag and route filtering for the IS-IS process between the CR and network PE.
Basic Routing Design (Route Summarization)
FTTO
CE ONT
FTTB Cloud PE
PE
IS-IS IPv6 EBGP IBGP

Process X
BGP: BGP:
• The routes imported to IS-IS • The routes imported to IS-
are summarized into two IS are summarized into two
routes on the entire metro routes on the entire cloud
network, that is, the loopback backbone network, that is,
and SRv6 locator routes of the loopback and SRv6
the MSE. locator routes of PEs.
• The CR advertises only loopback and locator summary routes to the cloud backbone network.
• The network PE advertises only loopback and locator summary routes to the metro network.
Basic Routing Design (VPN RR)
RR
RR1 RR2
Cloud backbone
AS
MSE CR Network
Cloud PE
PE
DAP VPC
Metro AS Remote cloud DC
Network
MSE CR Cloud PE
PE
• Two RRs (P nodes) are deployed on the cloud backbone network. The RRs can be CRs or other independent devices.
• VPNv4 and EVPN address family peer relationships are established between the RRs.
• PEs on the cloud backbone network function as the clients of the RRs and establish VPNv4 and EVPN address family peer
relationships with the RRs.
• An EBGP peer relationship, VPNv4 address family peer relationship, and EVPN address family peer relationship are established
between each MSE on the metro network and each RR on the cloud backbone network.
• The metro and cloud backbone networks belong to different ASs. Therefore, the peer allow-as-loop 2 command needs to be run
in the VPNv4 address family view of each MSE.
Service Routing Design (L2 Site-to-Cloud Private Line)
IP2.2
IP1 FTTO IP2.1
CE ONT
OLT LSW MSE CR
Network
Cloud PE DAP VPC IP3
FTTB PE
Service routing design

L2
Static route
• Configure a route from • Configure a static route from the

the CE to the VPC, with cloud DAP to the enterprise side,
the next hop being a with the next hop being a CE's
cloud DAP's WAN-side address.
interconnection • Configure a static route from the
address. cloud DAP to the VPC.
• A static route must be configured between the CE and DAP to guide traffic forwarding.
Service Routing Design (L3 Site-to-Cloud Private Line in an
LSW Single-Homing Scenario)
Network IP3.1
CR Cloud PE
PE
IP1 IP2.2 IP3.2
FTTO IP2.1
CE ONT
Network DAP VPC IP5
OLT LSW MSE CR Cloud PE
FTTB PE IP4.1 IP4.2
VLAN/QinQ VPNv4 L3VPN over SRv6 VLAN VRF

L3
Static route BGP VPNv4 Static route
• Configure a route • Configure a route from the MSE to the • Configure a static route from the cloud • Configure a static route from
from the CE to the user side, with the next hop being a PE to the involved VPC, with the next the cloud DAP to the
VPC, with the next CE's interconnection address. hop being a DAP's interconnection enterprise side, with the next
hop being an MSE's • Import the static route into the address. hop being a cloud PE's
interconnection corresponding BGP VPN instance. • Import the static route into the interconnection address.
address. corresponding BGP VPN instance. • Configure a static route from
the cloud DAP to the VPC.
• A static route is configured between the CE and MSE.

• BGP VPNv4 L3VPN or EVPN L3VPN is deployed for the interworking between the MSE and cloud PE.
• Static routes are configured between the cloud PEs and the DAP.
Service Routing Design (L3 Site-to-Cloud Private Line in an
LSW Dual-Homing Scenario)
Network IP4.1
IP2.1 MSE CR Cloud PE
PE
IP1 IP2.2 IP4.2
FTTO
CE ONT
Network DAP VPC IP6
IP3.2 OLT LSW MSE CR Cloud PE
FTTB PE IP5.1 IP5.2
CE MxU IP3.1 Remote cloud DC
VLAN/QinQ VPNv4 L3VPN over SRv6 VLAN VRF

L3
Static route BGP VPNv4 Static route
• Configure a route from • Configure a route from the MSE to the • Configure a static route from the cloud PE to • Configure a static route from the
the CE to the VPC, with user side, with the next hop being a CE's the involved VPC, with the next hop being a cloud DAP to the enterprise
the next hop being an interconnection address. DAP's interconnection address. side, with the next hop being a
MSE's interconnection • Import the static route into the • Import the static route into the corresponding cloud PE's interconnection
address. corresponding BGP VPN instance. BGP VPN instance. address.
• Configure a static route from the
cloud DAP to the VPC.

• Static routes are configured between the cloud PEs and the DAP.
Multi-Cloud Access Model 1: Full Mesh (L3 Site-to-Cloud
Private Line) Multi-cloud access: Per-VPC per-VRF configuration is performed.
Multi-cloud access is controlled using the import RTs of VRFs.
DC access to the same cloud PE
VRF 4
MSE Cloud DC 1
CE VRF 1 RT export 1 Cloud PE1
Gateway VPC
VRF 1 RT import 1 VRF 4
Private line 1 of tenant 1 RT import 1
VRF 5 Cloud DC 2
VRF 5 Gateway VPC
RT export 1
RT import 1
DC access to different cloud PEs
MSE Cloud PE2
VRF 2 VRF 6 Cloud DC 3

CE VRF 3 RT export 1 RT export 1 VRF 6 Gateway VPC
Private line 2 of tenant 1 RT import 1 RT import 1
Inter-private line Inter-VPC isolation
isolation
 Multi-cloud access rules  Multi-cloud access control policies
 A tenant can access multiple VPCs on demand.  Inter-private line and inter-VPC access control
 Inter-private line and inter-VPC access is supported.  VRFs on MSEs can access one another.
 VRFs on cloud PEs can access one another.

 Multi-cloud access model
 Per-private line per-VRF on MSEs  Private line-based VPC access control
 An MSE and a cloud PE can access each other.
 Per-VPC per-VRF on cloud PEs
Multi-Cloud Access Model 2: Hub-Spoke (L3 Site-to-Cloud
Private Line) Multi-cloud access: Per-VPC per-VRF configuration is performed.
VRF 4
MSE Cloud DC 1
Gateway VPC
VRF 1 RT export 1 RT import 1, 2 VRF 4
Private line 1 of tenant 1 RT import 2

VRF 5 Cloud DC 2
VRF 5 Gateway VPC
RT export 2
RT import 1, 2
MSE Cloud PE2

Private line 2 of tenant 1 RT import 2 RT import 1, 2
Inter-private line
Inter-VPC isolation
isolation
 Multi-cloud access rules  Multi-cloud access control policies

 A tenant can access multiple VPCs on demand.  Inter-private line and inter-VPC access control
 Hub sites rather than spoke sites can access one another.  VRFs on MSEs (spoke sites) do not import the routes of one
 Multi-cloud access model another based on RTs, isolating private lines.

 Cloud PEs (hub sites) can access one another.
 Per-private line per-VRF on MSEs
 Private line-based VPC access control
 An MSE and a cloud PE can access each other.
Multi-Cloud Access Model 3: Flexible Connection (L3 Site-to-
Cloud Private Line) Multi-cloud access: Per-VPC per-VRF configuration is performed.
VRF 4
MSE Cloud DC 1
Gateway VPC
VRF 1 RT export 1 RT import 1 VRF 4
Private line 1 of tenant 1 RT import 4, 5, 6

VRF 5 Cloud DC 2
VRF 5 Gateway VPC
RT export 5
RT import 1, 2
MSE Cloud PE2

Private line 2 of tenant 1 RT import 5, 6 RT import 1, 2
Inter-private line Inter-VPC isolation

isolation
 Multi-cloud access rules
 Multi-cloud access control policies
 A tenant can access multiple VPCs on demand.
 Inter-private line and inter-VPC access control
 VRFs on MSEs do not import the routes of one another based on RTs, isolating private lines.
 Inter-private line and inter-VPC access is not supported.
 VRFs on cloud PEs do not import the routes of one another based on RTs, isolating VPCs.
 Multi-cloud access model  Private line-based VPC access control
 Per-private line per-VRF on MSEs
 The MSE imports the VPN routes of the desired VPC based on RTs to implement access to
the VPC.
 The cloud PE imports the VPN routes of the desired MSE based on RTs to implement access
to the corresponding VPC.
Currently, NCE-Super does not provide any service configuration

template. You need to manually configure RTs on NCE-Super.
QoS Design
DiffServ QoS policies are used to implement differentiated transport of cloud-to-cloud private line services. BOD and bandwidth
calendar functions are provided through dynamic bandwidth control.
DAP VPC
Local cloud DC
FTTO
CE ONT
OLT Network DAP VPC
LSW MSE CR Cloud PE
FTTB PE
EVPN VPWS over SRv6 BE or VPNv4 L3VPN
VLAN/QinQ over SRv6 BE VLAN VRF
VLAN/QinQ EVPN VPWS over SRv6 BE or VPNv4 L3VPN over SRv6 BE VLAN VRF
L2/L3
BOD/Bandwidth MSE PE on the cloud backbone network

calendar
Access-side bandwidth control (with Cloud-side bandwidth control (with
bidirectional rate limiting) on bidirectional rate limiting) on VLAN
interfaces or sub-interfaces sub-interfaces
MSE BA classification is performed on PE on the cloud backbone network

Priority mapping Inbound: manual configuration of other interfaces. Inbound: manual configuration of
packet priorities on UNIs packet priorities on UNIs
Outbound: scheduling based on Outbound: scheduling based on
existing packet priorities existing packet priorities
Queue
scheduling PQ and WFQ scheduling is performed on the transport network.
Reliability Design (L3 Private Line)
DAP VPC
CE ONT
FTTO Local cloud DC
Single-homing
FTTB OLT LSW LAG
CE MxU
Network
FTTO MSE CR Cloud PE
CE ONT PE
FTTB OLT LSW DAP VPC
CE MxU
Network Remote cloud DC
MSE CR Cloud PE
PE
VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF
L3
Reliability
design
PON reliability Reliability of the network Reliability of the metro network Reliability of the cloud Reliability of the network
• Type B protection between LSWs and MSEs  Single-homing scenario: LAG backbone network between the cloud backbone
protects backbone • An LSW can be single- protection • Metro side: route network and cloud DC
optical fibers. homed to an MSE through  Dual-homing scenario: static route- convergence and IP FRR • A DAP connects to cloud PEs
• Type C protection a LAG. based dual-homing protection • Cloud side: The addresses of through active and standby
protects both • An LSW can also be dual- • BFD for IS-IS on the metro network cloud PEs and the service static routes.
branch and homed to two MSEs addresses in a cloud DC are
• Fast IGP convergence on the metro
backbone optical through static routes. on different network
fibers. network
segments, and static route-
based dual-homing is
deployed.
Reliability Design (L3 Private Line in an LSW Single-Homing
Scenario) Single-homing
DAP VPC
Local cloud DC
LAG
FTTO
CE ONT 1 4 6 7
2 3 5 10
FTTB OLT LSW MSE CR PE
8
Network
9 Cloud PE
11
CE MxU
DAP VPC
FTTO
MSE CR Cloud PE
PE
L3
Failure
Detection Method Protection Method Rectification Method
Point
1 • Optical fiber PON type C protection for branch optical fibers
PON type B protection for backbone optical fibers; PON type
2 • Optical fiber C protection for both branch and backbone optical fibers
3 • LACP • LAG protection • LAG protection
4 • None • None • None
5/9 BFD for IS-IS (10 ms x 3) IGP FC and IP FRR IGP route convergence
MSE: BFD for IS-IS (10 ms x 3) MSE: IGP FC and IP FRR MSE: IGP route convergence
6
Network PE: link status detection Network PE: IP FRR Network PE: BGP route convergence
7 Link status detection IP FRR BGP route convergence
CR: link status detection CR: IP FRR CR: BGP route convergence
8
Network PE: BFD for IS-IS (10 ms x 3) Network PE: IGP FC and IP FRR Network PE: IGP route convergence
Cloud PE: configuration of a delay for cloud-side interfaces
MSE/RR: BFD for BGP peer (200 ms x 3) MSE: BGP route convergence
10 to go up
DAP: link status detection DAP: static route switching
DAP: static route switching
Cloud PE: IP FRR
11 Link status detection Static route switching
22 Huawei Confidential DAP: static route switching
Reliability Design (L3 Private Line in an LSW Dual-Homing
Scenario) DAP VPC
Local cloud DC
FTTO
CE ONT 1 3 4 6 7
2 5 10
8
Network
9 Cloud PE
11
CE MxU
DAP VPC
FTTO
MSE CR Cloud PE
PE
L3
Failure
Point
PON type B protection for backbone optical fibers; PON type C
2 • Optical fiber protection for both branch and backbone optical fibers
CE: route convergence
3 BFD for static route Route convergence
MSE: IP FRR or route convergence
CE: BFD for static route CE: static route switching Route convergence
4
Cloud PE/RR: BFD for BGP peer Cloud PE: BGP route convergence MSE: configuration of a delay for LSW-side interfaces to go up
6
8
MSE/RR: BFD for BGP peer (200 ms x 3) MSE: BGP route convergence Cloud PE: configuration of a delay for cloud-side interfaces to go up
10
DAP: link status detection DAP: static route switching DAP: static route switching
Cloud PE: IP FRR
11 Link status detection Static route switching
23 Huawei Confidential DAP: static route switching
DAP VPC
FTTO Single- Local cloud DC

CE ONT homing LAG
FTTB OLT LSW
CE MxU
Network E-Trunk
CE ONT PE
FTTB OLT LSW E-Trunk DAP VPC
CE MxU
MSE CR Cloud PE
PE
L2
Reliability
design
PON reliability Reliability of the network Reliability of the metro network Reliability of the cloud Reliability of the network
• Type B protection between LSWs and MSEs  Single-homing scenario: LAG backbone network between the cloud backbone
protects backbone • An LSW can be single- protection • Metro side: route network and cloud DC
optical fibers. homed to an MSE through  Dual-homing scenario: E-Trunk convergence and IP FRR • A DAP connects to cloud PEs
• Type C protection a LAG. • BFD for IS-IS on the metro network • Cloud side: E-Trunk on two in LACP mode.
protects both • An LSW can also be dual- • Fast IGP convergence on the metro cloud PEs connecting to a
branch and homed to two MSEs DAP
network
backbone optical through E-Trunk.
fibers. • E-Trunk is configured for
the two MSEs to work in
master/backup mode.
Reliability Design (L2 Private Line in an LSW Single-Homing
Scenario) Single-homing
DAP VPC
Local cloud DC
LAG
FTTO
CE ONT 1 4 6 7
2 3 5 10
8
Network E-Trunk 9 Cloud PE
11
CE MxU
E-Trunk DAP VPC
FTTO
MSE CR Cloud PE
PE
ETH/VLAN EVPN VPWS over SRv6 BE or VPNv4 L3VPN over SRv6 BE VLAN VRF
ETH/VLAN EVPN VPWS over SRv6 BE or VPNv4 L3VPN over SRv6 BE VLAN VRF
L2
Failure
Point
6
8
Cloud PE: BFD for IS-IS (10 ms x 3) Cloud PE: IGP FC and IP FRR Cloud PE: IGP route convergence
MSE: BFD for BGP peer (200 ms x 3) MSE: remote FRR
10 Cloud PE: configuration of a delay for cloud-side interfaces to go up
DAP: LACP DAP: LACP
Cloud PE: local-remote FRR
11 LACP LACP link switching
25 Huawei Confidential DAP: LACP
Reliability Design (L2 Private Line in an LSW Dual-Homing
Scenario) DAP VPC
Local cloud DC
FTTO
CE ONT 1 3 4 6 7
2 5 10
8
Network E-Trunk 9 Cloud PE
11
CE MxU
E-Trunk E-Trunk DAP VPC
FTTO
MSE CR Cloud PE
PE
L2
Failure
Point
MSE: local-remote FRR
LSW: LACP
Cloud PE/RR: BFD for BGP peer (200 ms x 3) Cloud PE: remote FRR
4 MSE: configuration of a delay for LSW-side interfaces to go up
LSW: LACP LSW: LACP
6
8
Cloud PE: BFD for IS-IS (10 ms x 3) Cloud PE: IGP FC and IP FRR Cloud PE: IGP route convergence
MSE/RR: BFD for BGP peer (200 ms x 3) MSE: remote FRR Cloud PE: configuration of a delay for cloud-side interfaces to
10
DAP: LACP DAP: LACP go up
26 Huawei Confidential DAP: LACP
Security Design (SRv6 Security Border)
SRv6 trusted
domain
ONT OLT LSW
MSE Metro CR Network Cloud Cloud DAP VPC
FTTB PE PE
CE MxU OLT LSW backbone
Cloud DC
VLAN EVPN IPv4 L3VPN over SRv6 BE VLAN
SRv6 trusted domain
Security control for access devices Security control for the metro network Security control for the cloud backbone network
• Irrelevant to SRv6 services. Original • Deploy IPv6 security hardening policies to enable • Deploy IPv6 security hardening policies to enable
security policies are used. dual stack. dual stack.
• For SRv6 services, configure IPv6 ACLs on • For SRv6 services, configure IPv6 ACLs on the
the MSE to achieve the following: cloud PE to achieve the following:
 Packets from a cloud PE can be sent to a local  Packets from an MSE on the metro network can
SID on the metro network. be sent to a local SID on the cloud backbone
 Packets from a local IPv6 loopback interface can network.
be sent to a local SID on the metro network.  Packets from a local IPv6 loopback interface can
 All IPv6 packets with the destination address be sent to a local SID on the metro network.
being a local SID or IPv6 loopback address are  All IPv6 packets with the destination address
dropped by default. being a local SID or IPv6 loopback address are
dropped by default.
• IPv6 security hardening policies need to be deployed to enable dual stack on the metro and cloud backbone networks.
• A cloud backbone network is a closed transport network and defined as an SRv6 trusted domain, whereas a metro network and an IDC are public
networks and defined as untrusted domains. ACLs are configured on the boundary devices of the trusted domain to permit only specified SRv6
packets to pass through.
• An ASBR/CR on the metro network and a cloud PE on the cloud backbone network advertise only their SRv6 SIDs and IPv6 loopback addresses
to each other through the EBGP peer relationship.
Security Design (CP-CAR Attack Defense and Management
Protection)
PEs on the cloud backbone network:

• Use the default security policy (application layer association).
RR:
• Perform MD5 authentication on BGP peers to prevent the establishment of BGP peer relationships with unauthorized MSEs.
• Enable application layer association.
• RRs support BGP-based application layer association. An RR can send BGP packets to the CPU only when a BGP peer relationship is
successfully established. If the BGP peer relationship is not established, the RR processes BGP packets through an independent CP-
CAR channel to prevent BGP attacks.
All devices:
• A device can log in to only a directly connected device.
• Only NMSs are allowed to obtain device information through SNMP.
• Only controllers are allowed to configure devices through NETCONF.
• MD5 authentication needs to be configured for the BGP-LS connections between the controller and devices. In addition, Telnet needs
to be disabled on the devices, and SSH server authentication needs to be configured.
Contents
1 Solution Overview
2 Solution Design
Solution
Solution
and O&M
O&M Design
FTTO Single-
CE ONT
homing LAG
FTTB OLT LSW
CE MxU
Network
CE ONT PE
FTTB OLT LSW DAP VPC
CE MxU
MSE CR Cloud PE
PE
VLAN/QinQ EVPN VPWS over SRv6 BE or VPNv4 L3VPN over SRv6 BE VLAN VRF
L2/L3
ICMP ping/trace
IP
L3VPN
Ping/Trace/TWAMP/Y.1564
VPN EVPN L3VPN
EVPN VPWS
Ping/Trace/Y.1731/Y.1564
VPN O&M scheme

• Service status visualization
• Continuity check: ping and trace
• Throughput test: Y.1564 (not supported yet)
• Path visualization: SRv6 locator ping/trace (not supported yet)
• Performance visualization: TWAMP (supporting real-time data) and Y.1731 (not supported yet)
• Log and alarm visualization
Contents
1 Solution Overview
2 Solution Design
Solution
Solution
and O&M
Overview of the Site-to-Site Private Line Transport Solution
Intra-AS site-to-site private line
Inter-AS site-to-site private line
City A City B
CE Network
PE
Cloud MSE CE
OLT ONU
backbone
CE Network
PE
L2
private VLAN/QinQ EVPN VPWS over SRv6 BE VLAN/QinQ
line
L2
L3
private
VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN/QinQ
line
L3
Enterprise-side access: Transport of site-to-site private line services between MSEs: Transport on the metro and cloud backbone
• Enterprise-side CEs are • SRv6 BE tunnels are deployed between MSEs for the transport networks:
connected to PON devices of site-to-site private line services. • IPv6 routes are deployed between the metro and
through physical interfaces • EVPN E-Line is deployed for L2 private lines. cloud backbone networks.
or VLAN sub-interfaces. • VPNv4 L3VPN or EVPN L3VPN is deployed for L3 private lines. • EBGP is deployed between the metro and cloud
• According to CE access points, there are two networking backbone networks.
scenarios: intra-AS site-to-site private line scenario and inter-AS
site-to-site private line scenario.
IPv6 Address Planning
1. Different networks use different address spaces.

› Metro network
IPv6 Addresses of Metro
› Cloud backbone network Network Devices
2. Different types of addresses at the same layer on
the same network use different address spaces. Loopback address Locator address of
› Interface interconnection address of metro network 1 metro network 1
› Loopback address
› SRv6 locator address Metro Loopback address Locator address
Network
3. The addresses used to interconnect different
networks use different address spaces. MSE MSE1 MSE1
› Addresses of interfaces that connect ASBRs/CRs on a MSEn MSEn
metro network and PEs on a cloud backbone network
ASBR/CR ASBR/CR1 ASBR/CR1
4. Address space aggregation must be considered.
ASBR/CRn ASBR/CRn
5. Address redundancy must be considered in
address allocation.
6. Rules for mask length allocation:
› Interface address: 127
› Loopback address: 128 Example for aggregating the addresses of metro network
› SRv6 locator address: 96 devices:
Each metro network needs to advertise only two IPv6 summary routes
(loopback and locator routes) to the cloud backbone network.
MTU Planning
FTTO Network
CE ONT MSE CR Cloud PE CR MSE
PE
Cloud
FTTB OLT LSW Metro Metro
Network backbone
CE MxU
MSE CR Cloud PE CR MSE
PE
Adjust the MTU for all NNIs on the

cloud backbone network to prevent
packet fragmentation.
MTU 4470/9600
MTU 1500
• To prevent SRv6-encapsulated packets from being dropped by interfaces when the

packet length exceeds the interface MTU, increase the IPv6 MTU of NNIs to 4470 or
9600 bytes for the following links:
• Links between MSEs and ASBRs/CRs on the metro network
• Links between the metro and cloud backbone networks
• Links on the cloud backbone network
Basic Routing Design
FTTO
CE ONT
OLT Network
LSW MSE CR Cloud PE DAP VPC
FTTB PE

Process X
Enable IPv4/IPv6 dual stack on CR: IS-IS route import to BGP Network PE: IS-IS route import to IS-IS route advertisement:
the metro network and deploy • Configure a route-policy to import the BGP • Configure IPv6 loopback
IS-IS IPv6 multi-topology. IPv6 loopback and SRv6 locator routes • Configure a route-policy to import the routes for PEs on the cloud
of the MSE on the metro network from IPv6 loopback and SRv6 locator backbone network.
the IS-IS process to the BGP process. routes of PEs on the cloud backbone • Configure SRv6 locator routes
IS-IS process: network from the IS-IS process to the for PEs on the cloud backbone
• Configure a route-policy to import the BGP process. network.
IPv6 loopback and SRv6 locator routes
of devices on the cloud backbone IS-IS process:
network from the BGP process to the • Configure a route-policy to import the
IS-IS process. In the case of an inter- IPv6 loopback and SRv6 locator
AS site-to-site private line, also import routes of devices on all metro
the IPv6 loopback and SRv6 locator networks from the BGP process to the
routes of MSEs in other ASs from the IS-IS process.
BGP process to the IS-IS process.
• IS-IS IPv4/IPv6 multi-topology is deployed on the metro network.

• EBGP IPv6 routes are configured between the metro and cloud backbone networks.
• IS-IS IPv4/IPv6 multi-topology is deployed on the cloud backbone network.
Basic Routing Design (IS-IS Route-Policy Configuration on the
ASBR/CR)
FTTO
CE ONT
Cloud PE
FTTB PE

Process X
CR: Network PE:

• Apply tag 100 to the EBGP routes • Apply tag 100 to the EBGP routes
to be imported to the IS-IS IPv6 to be imported to the IS-IS IPv6
process. process.
• Configure a route-policy to filter out • Configure a route-policy to filter out
routes carrying tag 100. routes carrying tag 100.
• To control the import of BGP routes to IS-IS when the CR and network PE are deployed in square-looped mode,
configure a route tag and route filtering for the IS-IS process between the CR and network PE.
Basic Routing Design (Route Summarization)
FTTO
CE ONT
Cloud PE
FTTB PE
IS-IS IPv6 EBGP IBGP

Process X
BGP: BGP:
• The routes imported to IS-IS are • The routes imported to IS-IS
summarized into two routes on are summarized into two
the entire metro network, that is, routes on the entire cloud
the loopback and SRv6 locator backbone network, that is,
routes of the MSE. the loopback and SRv6
locator routes of PEs.
• The CR advertises only loopback and locator summary routes to the cloud backbone network.
• The network PE advertises only loopback and locator summary routes to the metro network.
Basic Routing Design (VPN RR)
RR
RR1 RR2
Cloud backbone
AS
MSE CR Network
Cloud PE
PE
DAP VPC
Metro AS Remote cloud DC
Network
MSE CR Cloud PE
PE
• Two RRs (P nodes) are deployed on the cloud backbone network. The RRs can be CRs or other independent devices.
• VPNv4 and EVPN address family peer relationships are established between the RRs.
• PEs on the cloud backbone network function as the clients of the RRs and establish VPNv4 and EVPN address family peer
relationships with the RRs.
• An EBGP peer relationship, VPNv4 address family peer relationship, and EVPN address family peer relationship are established
between each MSE on the metro network and each RR on the cloud backbone network.
• The metro and cloud backbone networks belong to different ASs. Therefore, the peer allow-as-loop 2 command needs to be run
in the VPNv4 address family view of each MSE.
Service Routing Design (L2 Site-to-Site Private Line)
FTTO FTTO
CE ONT ONT CE
OLT Network OLT
LSW MSE CR Cloud PE CR MSE LSW
Site A FTTB PE FTTB Site B
CE MxU MxU CE
MSE CR Network
Cloud PE CR MSE LSW
PE
VLAN/QinQ EVPN VPWS over SRv6 BE VLAN/QinQ

L2
Static route BGP VPNv4/EVPN L3VPN Static route
• Configure a route from the • Configure a route from the

CE to site B, with the next CE to site A, with the next
hop being an interface hop being an interface
address of site B. address of site A.
• A static route must be configured between the CE of site A and the CE of site B to guide traffic forwarding.
Service Routing Design (L3 Site-to-Site Private Line)
FTTO FTTO
CE ONT ONT CE
OLT Network OLT
CE MxU MxU CE
MSE CR Network
Cloud PE CR MSE LSW
PE
VLAN/QinQ VPNv4 L3VPN over SRv6 VLAN/QinQ

L3
Static route BGP VPNv4/EVPN L3VPN Static route
• Configure a route from the • Configure a route from the MSE to site A, with • Configure a route from the MSE to site B, • Configure a route from the
CE to site B, with the next the next hop being a CE's interconnection with the next hop being a CE's CE to site B, with the next
hop being an MSE's address. interconnection address. hop being an MSE's
interconnection address. • Import the static route into the corresponding • Import the static route into the interconnection address.
BGP VPN instance. corresponding BGP VPN instance.

QoS Design
DiffServ QoS policies are used to implement differentiated transport of cloud-to-cloud private line services. BOD and bandwidth calendar functions are
provided through dynamic bandwidth control.
FTTO FTTO
CE ONT ONT CE
OLT Network OLT
CE MxU
Cloud MxU CE
backbone
VLAN/QinQ EVPN VPWS over SRv6 BE VLAN/QinQ
L2
VLAN/QinQ VPNv4 L3VPN/EVPN L3VPN over SRv6 BE VLAN/QinQ
L3
BOD/Bandwidth MSE MSE

calendar Access-side bandwidth control (with Access-side bandwidth control (with
bidirectional rate limiting) on bidirectional rate limiting) on
interfaces or sub-interfaces interfaces or sub-interfaces
MSE BA classification is performed on MSE

Priority mapping Inbound: manual configuration of other interfaces. Inbound: manual configuration of
packet priorities on UNIs packet priorities on UNIs
Outbound: scheduling based on Outbound: scheduling based on
existing packet priorities existing packet priorities
Queue
scheduling PQ and WFQ scheduling is performed on the transport network.
IP2.2
IP1 IP2.1
FTTO
CE ONT Network IP3.1
OLT LSW MSE CR Cloud PE CR MSE
FTTB PE
Site A CE Cloud FTTO IP3.2
IP5
MxU
Metro Metro OLT
ONT CE
backbone LSW
FTTB IP4.2 Site B
MSE CR Network MxU CE
Cloud PE CR MSE
PE
IP4.1
VLAN/QinQ VPNv4 L3VPN/EVPN L3VPN over SRv6 VLAN/QinQ
L3
Reliability
design
PON reliability Reliability of the network Reliability of the metro network Reliability of the cloud
• Type B protection between LSWs and MSEs  Single-homing scenario: LAG backbone network
protects backbone • An LSW can be single- protection • Metro side: route
optical fibers. homed to an MSE through  Dual-homing scenario: static route- convergence and IP FRR
• Type C protection a LAG. based dual-homing protection
protects both • An LSW can also be dual- • BFD for IS-IS on the metro network
branch and homed to two MSEs. The • Fast IGP convergence on the metro
backbone optical MSEs provide protection
fibers. network
through static routes for
which BFD is enabled.
1 4 6 8 10
FTTO 2 3 5 7 9
CE ONT Network
FTTB PE 11
Site A CE Cloud FTTO
MxU
Metro Metro OLT
ONT CE
backbone LSW
FTTB Site B
LSW single- Cloud PE CR MSE
PE
homing LSW dual-
homing
ETH/VLAN VPNv4 L3VPN/EVPN L3VPN over SRv6 VLAN
L3
Failure
Point
6
8
Remote MSE/RR: BFD for BGP peer (200 ms x 3) Remote MSE: BGP route convergence MSE: configuration of a delay for LSW-side interfaces to go up
10
CE: BFD for static route CE: static route convergence CE: static route convergence
MSE: IP FRR MSE: configuration of a delay for LSW-side interfaces to go up
11 BFD for static route
CE: static route convergence Static route convergence
IP2.2
IP1 FTTO
CE ONT Network
FTTB PE IP2.1
IP3
MxU
Metro Metro E-Trunk OLT
ONT CE
backbone LSW
FTTB Site B
Cloud PE CR MSE
PE
VLAN/QinQ EVPN VPWS over SRv6 VLAN/QinQ
L2
Reliability
design
PON reliability Reliability of the network Reliability of the metro network Reliability of the cloud
• Type B protection between LSWs and MSEs  Single-homing scenario: LAG backbone network
protects backbone • An LSW can be single- protection • Metro side: route
optical fibers. homed to an MSE through  Dual-homing scenario: E-Trunk convergence and IP FRR
• Type C protection a LAG. • BFD for IS-IS on the metro network
protects both • An LSW can also be dual- • Fast IGP convergence on the metro
branch and homed to two MSEs network
backbone optical through E-Trunk.
fibers.
1 4 6 8 10
FTTO 2 3 5 7 9
CE ONT Network
FTTB PE 11
MxU
Metro Metro E-Trunk OLT
ONT CE
backbone LSW
FTTB Site B
LSW single- Cloud PE CR MSE
PE
homing LSW dual-
homing
L3
Failure
Point
6
8
Remote MSE/RR: BFD for BGP peer (200 ms x 3) Remote MSE/RR: remote FRR
10 MSE: configuration of a delay for LSW-side interfaces to go up
LSW: LACP LSW: LACP
45 Huawei Confidential LSW: LACP
Security Design (SRv6 Security Border)
SRv6 trusted domain
ONT OLT LSW
FTTB MSE Metro CR Network
PE
Cloud Cloud
PE DAP VPC
CE MxU OLT LSW backbone Cloud DC
VLAN EVPN IPv4 L3VPN over SRv6 BE VLAN
SRv6 trusted domain
Security control for access devices Security control for the metro network Security control for the cloud backbone network
• Irrelevant to SRv6 services. Original • Deploy IPv6 security hardening policies to enable • Deploy IPv6 security hardening policies to enable
security policies are used. dual stack. dual stack.
• For SRv6 services, configure IPv6 ACLs on • For SRv6 services, configure IPv6 ACLs on the
the MSE to achieve the following: cloud PE to achieve the following:
 Packets from a cloud PE can be sent to a local  Packets from an MSE on the metro network can be
SID on the metro network. sent to a local SID on the cloud backbone network.
 Packets from a local IPv6 loopback interface can  Packets from a local IPv6 loopback interface can
be sent to a local SID on the metro network. be sent to a local SID on the metro network.
 All IPv6 packets with the destination address  All IPv6 packets with the destination address being
being a local SID or IPv6 loopback address are a local SID or IPv6 loopback address are dropped
dropped by default. by default.
• IPv6 security hardening policies need to be deployed to enable dual stack on the metro and cloud backbone networks.
• A cloud backbone network is a closed transport network and defined as an SRv6 trusted domain, whereas a metro network and an IDC are public
networks and defined as untrusted domains. ACLs are configured on the boundary devices of the trusted domain to permit only specified SRv6
packets to pass through.
• An ASBR/CR on the metro network and a cloud PE on the cloud backbone network advertise only their SRv6 SIDs and IPv6 loopback addresses
to each other through the EBGP peer relationship.
Security Design (CP-CAR Attack Defense and Management
Protection)
PEs on the cloud backbone network:
• Use the default security policy (application layer association).
RR:
• Perform MD5 authentication on BGP peers to prevent the establishment of BGP peer relationships with unauthorized MSEs.
• Enable application layer association.
• RRs support BGP-based application layer association. An RR can send BGP packets to the CPU only when a BGP peer relationship is
successfully established. If the BGP peer relationship is not established, the RR processes BGP packets through an independent CP-
CAR channel to prevent BGP attacks.
All devices:
• A device can log in to only a directly connected device.
• Only NMSs are allowed to obtain device information through SNMP.
• Only controllers are allowed to configure devices through NETCONF.
• MD5 authentication needs to be configured for the BGP-LS connections between the controller and devices. In addition, Telnet needs
to be disabled on the devices, and SSH server authentication needs to be configured.
Contents
1 Solution Overview
2 Solution Design
Solution
Solution
and O&M
O&M Design
FTTO FTTO
CE ONT ONT CE
OLT Network OLT
CE MxU MxU CE
MSE CR Network
Cloud PE CR MSE LSW
PE
IP ICMP ping/trace
L3VPN
VPN EVPN L3VPN
EVPN VPWS
Ping/Trace/Y.1731/Y.1564
VPN O&M scheme

• Service status visualization
• Continuity check: ping and trace
• Throughput test: Y.1564 (not supported yet)
• Path visualization: SRv6 locator ping/trace (not supported yet)
• Performance visualization: TWAMP (supporting real-time data) and Y.1731 (not supported yet)
• Log and alarm visualization
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home and
organization for a fully connected,
intelligent world.
Copyright©2020 Huawei Technologies Co., Ltd.

All Rights Reserved.
The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.

Metro SRv6 BE Site-to-Cloud - Site-to-Site Private Line Solution

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Metro SRv6 BE Site-to-Cloud - Site-to-Site Private Line Solution

Uploaded by

Copyright:

Available Formats

Metro SRv6 BE Site-to-Cloud & Site-to-Site Private

Note: NCE-IP V100R019C00 does not provide SRv6-related NBIs

Category Device Device Model Software Version

L2 VLAN/QinQ EVPN VPWS over SRv6 BE VLAN VRF

L3 VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

1. Different networks use different address spaces.

Adjust the MTU for all NNIs on the cloud backbone

• To prevent SRv6-encapsulated packets from being dropped by interfaces when the

IS-IS IPv4/v6 EBGP IS-IS IPv4/v6

• IS-IS IPv4/IPv6 multi-topology is deployed on the metro network.

IS-IS IPv4/v6 EBGP IS-IS IPv4/v6

CR: Network PE:

IS-IS IPv6 EBGP IBGP

Basic routing design

Service routing design

• Configure a route from • Configure a static route from the

Service routing design

Static route BGP VPNv4 Static route

• A static route is configured between the CE and MSE.

Service routing design

Static route BGP VPNv4 Static route

• A static route is configured between the CE and MSE.

VRF 2 VRF 6 Cloud DC 3

 VRFs on cloud PEs can access one another.

Private line 1 of tenant 1 RT import 2

VRF 2 VRF 6 Cloud DC 3

 Multi-cloud access rules  Multi-cloud access control policies

 Multi-cloud access model another based on RTs, isolating private lines.

Private line 1 of tenant 1 RT import 4, 5, 6

VRF 2 VRF 6 Cloud DC 3

Private line 2 of tenant 1 RT import 5, 6 RT import 1, 2

Inter-private line Inter-VPC isolation

Currently, NCE-Super does not provide any service configuration

BOD/Bandwidth MSE PE on the cloud backbone network

MSE BA classification is performed on PE on the cloud backbone network

VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

FTTO Single- Local cloud DC

VLAN/QinQ EVPN VPWS over SRv6 BE VLAN VRF

VLAN/QinQ EVPN VPWS over SRv6 BE VLAN VRF

VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

VLAN/QinQ VPNv4 L3VPN over SRv6 BE VLAN VRF

SRv6 trusted domain

PEs on the cloud backbone network:

VPN O&M scheme

1. Different networks use different address spaces.

Adjust the MTU for all NNIs on the

• To prevent SRv6-encapsulated packets from being dropped by interfaces when the

IS-IS IPv4/v6 EBGP IS-IS IPv4/v6

• IS-IS IPv4/IPv6 multi-topology is deployed on the metro network.

IS-IS IPv4/v6 EBGP IS-IS IPv4/v6

CR: Network PE:

IS-IS IPv6 EBGP IBGP

Basic routing design

VLAN/QinQ EVPN VPWS over SRv6 BE VLAN/QinQ

Service routing design

Static route BGP VPNv4/EVPN L3VPN Static route

• Configure a route from the • Configure a route from the

VLAN/QinQ VPNv4 L3VPN over SRv6 VLAN/QinQ

Service routing design