TAP DOAN CONG HOA XA HOI CHU NGHIA VIETNAM BUU CHINH VIEN THONG Déc lap - Ty do - Hanh phiie VIET NAM — ; S6:4743/QD-VNPT-VT Ha N6i, ngay 25 thang 08 ném 2009 (he Chad sane we pom P _ gta pee TT P24 QUYET BINH ' ip Go e ‘V8 vige phé duyét thiét ké mang MAN-E do Huawei cung cdp. eg We we poe TONG GIAM BOC TAP DOAN Can cit Quyét dinh sé 06/2006/QD-TTg ngay 09/01/2006 cita Thit tréng Chinh phi vé vigc thinh lap céng ty me - Tap doan Buu chinh Vign thong Vit Nam; Can ci Quyét dinh s6 265/2006/QD-TTg ngay 17/11/2006 ciia Tha neéng Chinh phi vé vige phé duyét Diéu 1g 5 chtte va hogt d6ng cia Tép doan Buu chinh én thong Vigt Nam; Theo 48 nghj cia Truémg Ban Vign thong, QUYET DINE: Diéu 1, Phé duyét thiét ké mite th4p (Low Level Design) mang MAN-E, do Huawei cung cdp thiét bi (dinh kém). ilu 2. Quyét dinh nay c6 bifu Ie ké tir ngay kj. Céc Ong/Ba Trung Ban Vien théng, Taréng Ban Diu nx phat trién, Giém dd Ban Quan ly dy én cdc cng trinh vién thong, Gidém déc Céng ty VIN, Giém déc cae Vién théng Bac Ninh, Binh Thugn, Dak Lak - Dak Néng, Hai Duong, Hung Yén, Khinh Hoa, Lam Déng, Long ‘An, Nam Dinh, Quang Nam, Quang Ngai, Thanh Hod, Vinh Phiic, Bic Kan, Bic Giang, Binh Dinh, Cao Bing, Dign Bién - Lai Chau, Gia Lai, Ha Giang, Ha Nam, Hoa Binh, KonTum, Lang Som, Lao Cai, Ninh Binh, Phit Tho, Son La, Thai Binh, Thai Nguyén, Tuyén Quang, Yén Bai chiu trich nhiém thi hanh quyét dinh nay. Noi nhdi KT, TONG GIAM BOC Nhu digu 2; GIAM DOC Wy = HBQT (Bie); = Linu: VP, VT, (4S ban) 2948VIETNAM POST AND TELECOMMUNICATIONS CORPORATION Dv MAN-E Project Low Level Design we HUAWEI Huawei Technologies Co., Ltd. 2009 Confidentiality Statement “The information in this Cocument is designated as “Commercial in Confidence”, Tiss a Non-Disclosure ‘Agreement meaning it shall not be handed over to any other party than Huawei and VNET Poge +Me Muawel Vietnam VNPT Metio Ethernet Network LL Confident Content 1 VNPT MANE OVERVIEW. Li Overview, 1.2 SERVICE REQUIREMENT. 2 NETWORK ARCHITECTURE, 24 OvERvIEW 8 2.2. STRUCTUREAND FUNCTION. : sesame SLA oF NETWORK ese 0 24 ETHERNET TRUNK. u 241 Scenario 1—UPE Ring or AGG Ring. : o u 24.2 Scenario 2—AGG connected SR/BRAS. R 24.3 Configuration Examples R 3. DEVICE NAMING... 4 IPADDRESS PLANNING 3 IGPPLANNING. 54 OVERVIEW. 52 STRUCTURE. : $3. IMPLEMENTATION — 6 $3.1 SISNET. 16 53.2 ISAS Cirewit Type o 0 $3.3 Routes Control sous 18 S34 Interfaces. 6 53.5 Interface Level 18 53.6 Metrics von IB 53.7 ISIS TE. 1 53.8 Security Measures 9 53.9 Configuration Examples 19 6 MPLS PLANNING scorn sn 61 OvERview : ee 62 srrucrure. oe 2 63° Basic Desicn sn 2 63.1 MPLS Lir-lD Design 2 63.2 Lsp-trigger method Design. 2 64 MPLSTE. 2 641 Overview. 2 642 Implementation. 2 6s MTU 2s 66 CONFIGURATION ExaMPLes o 25 Page 2we yp 7 VPNDESIGN.. . rT) 74 YPLSDEsIGN 26 7L1 Overview 6 71.2 Signaling Protocol 7 71.3 Remote Peer address 7 7.14 Access Mode 7 7.13 PW Encapsulation 28 ¥SEname 28 MAC-withdrav f 28 7.18 HVPLS. 2 7.19 Configuration Examples 2» 12 VLLDesIw... — . — 30 Overview. 30 Signaling Protocol —— 31 Remote Peer address. 3 7.24 Access Mode 31 7.25 PW Encapsulation 32 7.2.6 Configuration Example 32 73° YSEID aN VCD DistRIBUTR = : 2 74 SPECIAL SCENARIO. 33 741 Solution 3 742 Configuration Examples 4 8 MULTICAST PLANNING... 36 81 PIMPRotocoL.... —— — ee 82 IGMPPLANNING coro 36 821 IGMP Version ey 4822 IGMP Starc-Join 7 $23 SSM-Mapping. 7 83. MULTICASTSECURITY oo 7 831 IGMP Group Policy 7 832 PIM SSM Policy a 84 CONFIGURATION ExaMeLEs. 38 9 SERVICE DEPLOYMENT. 39 94 HSTSeRvicr. 39 Working Mechanism. 39 9.1.2 Implementation. “0 DLS Access Method a 9.1.4 Interruption Analysis, “4 9.1.3 Configuration Examples “ 9.2 SMB SERVICE. 33 9.21 Working Mechanism 33 Page dz iS : i yn VNPT Metra Ethernet Network LO 9.2.2 Implementation. 923 Access Method. 924 Interruption Analysis. 925 Configuration Examples 93 VoIP& VoD... 9.3.1 Working Mechanism. 9.3.2 Implementation 9.3.3 Scenario Analysis: 9.3.4 Interruption Analysis. 93.8 Configuration Examples 94 BIVStavice 9.4.1 Working Mechanism. 94.2 Implementation 9.4.3 Interruption Analysis, 9.44 Configuration Examples 9S _ ENTERPRISE LSVPN SERVICE SOLUTION. 9.5.1 Working Mechanism. 2.5.2 Implementation... 933 Access Method. 954 Interruption Analysis. 955 Configuration Examples 9.6 ENTERPRISE L2VPN SERVICE SOLUTION. 9.6.1 Working Mecknism 9.6.2 Implementation. 9.63 Access Method 9.64 Interruption Analysis. 9.65 Configuration Examples 9.7 MOBILE BACKHAULSOLUTION... 9.71 Working Mechanism 9.22 Clock Synchronization 9.23 Implementation 9.74 Configuration Examples 98 — WHOLESALE SOLUTION. 9.8.1 Implementation 10 HIGH AVAILABILITY SOLUTION, 101 Equwent ReLasiLiry. 102 Network AVAILABILITY. 10.21 IGP Fast Convergence. 10.22 BED (Bi-Direction Fault Detection). 10.2.3 TE Hot-standby. 1024 GR 10.3 CONFIGURATION EXAMPLES Page 4 123 23 124 15 125 126 126 18 bs 129 29 130 BI Bs bsaero 2 103.1 IGP Fast Convergence Configuration Bs 10.32 BED Configuration Bs 103.3 TE hot-standby configuration 136 103.4 GR Configuration 137 QOS... 138 11 YNPT QoS ARCHITECTURE 138 11.2 IP/MIPLS DirFSeRV MopeL Base QoS DESIGN sven BS 113 CONFIGURATION EXAMPLES. . 140 12. NTPPLANNING... mo 124 SoueTion Ma 12.2. CONFIGURATION EXAMPLES sessmses ssn sow 142 13. SECURITY PLANNING. sone AB 1B. SeRvIcE-BaSED SecuRITY SOLUTION. : o 143 13.2 EQUIPMENT-BaseD SECURITY SOLUTION. 143 13.21 Secure SSH login configuration : 1a 13.22 Protocol authentication we 13.23 Data tog : 14 13.24 CPCAR ve wa 1325 ACL(Access Control Lis. suse 4S 132.6 Disable unnecessary services o.o.ssssnsnn . us 13.2.7 Login related messages prompt as 1328 MAC Address learning Limit 146 13.29 Unknown Traffe Suppression. 16 14 NMS REACHABLE PLANNING. sesene AT 141 DMS Dercovwenr. o “7 142. EMS DEPLOYMENT ono 148 14.2.1 EMS Inside Province. 18 143 EMSacross To IP Core. 148 144 CONFIGURATION EXAMPLES. . 49 1441 DMS SNMP Configuration. . 19 1442 EMS Configuration 19 15. INTEGRATION WITH SR AND BRAS. 181 Page 5we Huawel Vietnam VNPT Metro Ethernet Network LLO Confidential VNPT MANE Overview 1.1 Overview In VNPT (Vietnam Post and Telecommunications) Group MAN (Metro Area Network) project, Huawei plays the role to design and deploy the MAN network for 13 provinces. 219 units of NEAOE-4 and 53 units of NE4OE-8 willbe used in this project. IPIMPLS acts 2s the fundamental technology in designing MAN. The MAN design works closely to fulil-two types of requirements which are service requirement and VNPT requirement. \VNPT MANE wil provide 2 seamless integration for various last mile access method and gateway peering solutions. it wil serve two major types of customers which are broadband residential customers and enterprise customers. Customers will connect to this MAN: using different access platform to gein access to the data, voice and video services. Future expansion of this network for @ wider coverage is also in VNPT rallout plan. All services will able to extend to more customers in other cites. 1.2 Service Requirement Various types of service will be provided to two major customer groups. HSI (High Speed Internet), BTV (Broadband TV), VOD (Video on Demand) and VoIP (Voice over IP) service will target on residential customers. Meanwhile SMB-VPN and Business VPN service wil target on enterprise or small medium business customers. in order to provide the best service and good user experience, MAN network should be abie to fulfil the service requirement as in Table 1 PPPoE | 512K~6Mbps over | vu Native iP | 2Mbps-toMbas | Mid | Mia | HighHuawel Server-Ciient | IPoE | 2Mbps-10Mbps | Mid | Mid | High vpLs oi PoP) PoE | <100Kbps High [High | Low over Pus ‘Server-Client | IPOE BasedonStA | Low | Low | High over VPLS. = VPLS | BasedonSlA | Mid | Mid | High P2MP. MP2MP FullMesh | PWE3 | Based ‘on | High | High | High Service Mtnam YNET Meo Een Naka LLD uta D Table 1: Service Requirement Referring Table 4, the bandwiath requirement and its sensitivity towerd the effect of delay, jiter ‘and lost packet for different service are summarized as above. The bottlenecks for each service are explained. Customer's vision on their new MAN network will be taken into consideration during the MAN solution design, VNPT MAN requirements are as below: > vyvy v Page ‘Able to cater 2 huge capacity of customer Able to provide fast service provisioning ‘Able to provide prompt and customizable service provisioning for new services Able to cater for mult! technologies access and multi services bearer ‘Able to guarantee @ carrier-class network quality and enrich customer user's experience ‘Able to reduce CAPEX and OPEX by using an unified 1 platformWe Network Architecture 2.1. Overview Figure 1: Network Architecture “The network structure of each MAN will consist of Metro access ring and Metro core ring, Two selected routers in the Metro core ring will be connected to the BRAS and the SR located at the backbone edge, Most of the provinces will connect to one BRAS and one SR except KHA and LAN will have two BRAS and two SR while THA will have one BRAS and two SR. IP DSLAM end MSAN wil connect to the UPE routers located in the Metro access ring. 2.2. Structure and Function ‘The structure af VNPT IP transport network consists of two clearly defined hierarchical layers which are the Core Layer and Metro Layer, Metro layer will function as a transparent pipe to transport all service to the core layer Therefore all services will be terminated at SPOP, either it is @ SR or a BRAS. However ‘exception is made for BTV service. BTV service routes will be distributed from core layer to ‘metro layer. By constraining the route cistibution from care layer to metro layer, an easy to maintain and secure metro network can be achieved Pagesse v For the Metro layer, its network topology isin ring structure. Ring topology will able to reduce the requirement on optical transmission. The rings in Metro layer are ali Ethemet ring, It is @ direct Ethemet connection from one router to another using optical media. The bandwidth for metro access ring and core ring varies from 1G to 10 There wil be either two, three or four units of PE-AGG router located in the met core ring. Two selected PE-AGG will have connections to the backbone. UPE routers, which connect to the MSAN or OSLAM, will also be connected in ring topology for the metro access, Metro ‘access ring wil pass through two PE-AGGS in the metro core ring. There is exceptional case where UPE routers ere connected directly to PE-AGG or passing only one PE-AGG. ‘Scenario where UPE routers are connected directly to PE-AGG can be found in OLK, QNI and ‘QNM province. in OLK, DSLAMS are connected directly to PE-AGG Buon Ma Thuot through the existing SDH equipment, which are Ring 1-4 and Ring 1-8 respectively. On the other hand, DSLAMSs are connected to PE-AGG Tan Loi through Ring 2-3 and Ring 2-4 SDH equipments respectively. For QNI, al 3 PE-AGG routers, which are Quang Ngai, Mo Due and Van Tuong, have DSLAM directly connected to them. For QNM, DSLAMSs are connected ta PE-AGG Dai Loc and PE-AGG Tem Ky through Ring 1 and Ring 2 STM 16 NG-SDH equipment respectively. Figure 2: Special Scenario Example - DSLAM directly connected to PE-AGG The normal scenario, all access rings wil pass through 2 PE-AGG. However, special case occurs in LDG province. For the access ring ~ ning 5 and ring 6, it only pass through single PE-AGG which is PE-AGG Bao Loc 2s shown in figure below. Page 9uawet Vietnam VNPT Metto Ethornet Network LO Content , CY it anc was Gia Daan 2097 208 voi Tv AN Don - remem 9 — Z STE BSB, Feet : mania ‘dosent ie [EIRENE g- A-~ O-— raouyse | reerionne [pitbeett Figure 3: Special Scenario Example - Access Ring passing through only single PE-AGG 2.3. SLA of Network Based on the solution provided by Huawei, SLA of VNPT MANE network is able to achieve the value below if transmission condition is fine: Delay: <40ms Loss: 0.1% ster: st0ms Page 10Sd Huawer \Viatnam VNPT Matro Ethecnat Network LLO Contidential 2.4 Ethernet Trunk 2.4.1 Scenario 1-—-UPE Ring or AGG Ring Figure 4: Ethernet Trunk for Ring In this scenario, there exists more than one link in UPE Ring or AGG Ring. Eth-Trunk is recommended to bind these links into only one logical ink, Advantages are listed below: > Only one logically connection between PE-AGG. > Load Balance of links betwen PE-AGG can be achieve for defining LSP compare only single link used > Increase the reliability ofthe ink and subsequently the reliability of the LSP path, Page 11Vietnam VNPT Moro Ethemet Network LLO Confident 2.4.2 Scenario 2---AGG connected SRIBRAS. PE-AGG PE-AGG, Figure 5: Ethernet Trunk for BRAS or SR In this scenario, there exists more than one link between PE-AGG and SR/BRAS. Eth-Trunk is recommended to bind these links into only one logical link. Advantages are list below: > > Ease of maintenance Definition of sub-interface can be done in one step rather than repetition for each physical interface Future expansion can be done easily where new interface can be added tothe trunk without additional configuration Faster switchover interval can achieve at milisecond when one link is faled Unk Reliability Increased 2.4.3 Configuration Examples ‘To realize Ethemet trunk in scenario 1 a Layer 3 Ethernet trunk is created using configuration below: {BNHOOSHA) interface eth-trunk t [BNHOOSHA-Etn-Trunkt] description " Connect to BNHOOTHO * [BNHOOSHA-Eth-Trunkt] ip address 10.16.0.1 255.255,255.252 [BNHOOSHA-Eth-Trunkt] quit Page 12we yp ‘Adding interface into Ethernet trunk is achieved as below: [BNHOOSHAJ interface gigabitethernet 1/0/0 [BNHOOSHA-GigabitEthernet*/0/0} description ** Connect to BNHOOTHO-g1/0/0 [BNHOOSHA-GigabitEthernett/0/0] undo shutdown [BNHOOSHA-GigabitEthernet/0/0]eth-trunk 1 [BNHOOSHA-GigabitEthernett/0/0] quit [BNHOOSHA] interface gigabitethemet 1/1/0 [BNHOOSHA-GigabitEthernet'/0/0] description * Connect to BNHOOTHO-g1/1/0 [BNHOOSHA-Gigabitethernet2/0/0] undo shutdown [BNHOOSHA.Gigabitethernat2/0/0] eth-runk 1 [BNHOOSHA.Gigabitethernet2/0/0} quit For scanario 2, when Ethemet trunk is created to connect to elther BRAS or SR, Ethernet trunk ‘sub-interface can be created to transport various services. There exist both Layer 3 and Layer 2 Ethemet trunk type to connect to SR. Configurations as below: [BNHOOSHA] interface eth-trunk 7 [BNHOOSHA-Etn-Trunk7] descristion “* Connect to SR ** [BNHOOSHA-Eth-Teunk7] quit [BNHOOSHA] Interface eth-trunk 7.10 [BNHOOSHA-Eth-Trunk7.10] ip address 10.16.9.254 255.255.255.252 [BNHOOSHA-Eth-Trunk7.10] vian-type dotig 10 [BNHOOSHA] interface eth-trunk 7.100 [BNHOOSHA-Etn-Trunk7.100] vian-type dotig 100 [BNHOOSHA-Etn-Trunk7.100] 2 binding vsi VolP_SNHOTCSN, Configurations for Ethernet Trunk to BRAS as below [BNHOOSHA] interface eth-trunk 8 [BNHOOSHA.Eth-Trunk8] description “* Connect to BRAS “* [BNHOOSHA-Eth-Trunk} quit [BNHOOSHA} interface eth-trunk 8.500 [BNHOOSHA -Eth-Trunk8.500) vian-type dottq 500 (BNHOOSHA -Eth-TrunkB.500] mpls I2ve 123.29.19.1 0110090500 Page 13Device Naming 7] Foxton ng: vert “ovos2008 a 8, IP address Planning Policies for IP address distribution within province are as below: > IP address for DMS client will be from public IP address pool. IP range will be provided by VNPT IP management personnel Loopback address for each NE4OE willbe allocated from the start of the given public IP address pool. The first /32 public IP wil be frst assigned to PE-AGG. A total of 10, public loopback IPs will be reserved for the MANE core PE-AGG routers usage. In ‘other words, UPE public loopback IP will start from the 11° IP address. Private IP address is used for interconnecting routers within the MANE. A subnet 30 network address will be segment out for PE-AGG from the beginning of the IP pool. Subsequent subnet /30 will be allocated to another interconnection link between PE-AGG. 10 subnet /30 will be used for the MANE core ring interconnection before assign for UPE interconnection Connection to SR will be using the subnet /30 network range taken from the end of the IP pool The detail IP address distribution is as below: Page 14 NeTRCE NEE 1? dress (3 verietnam VNPT Metro Ether Network LD Con IGP Planning 5.1 Overview Intermediate System — intermediate System (1S-1S) is selected as the IGP routing protocol due to reasons below, > Its 8 dynamie routing protocol, When there are changes in network topology due to link or node failure, routes will be updated and converge automatically. > Standardization of the IGP used in VNPT network. We understand that the core layer ofthis metro network uses 1S-IS too. > Able to integrate with IP backbone IGP so that destinations are reachable between IP core and MAN. This facilitates the deployment for services using multicast, NTP ‘and Network Management. > Able to cater better for VNPT future MAN expansion. 1S-1S will able to support more odes. In addition IS-IS will act as the baseline routing protocol. It ensures the basic connectivity between routers in the each province. 5.2. Structure earn Gora ed man Figure 6: SIS Design IS-IS as the IGP routing protocol, will integrate with the IGP in metro network core layer. In Page 15RAW! Viana NPT Mat Ethernet Naor LLD Content Dv IS-1S design, there are 2 routing levels which are Level 1 and Level 2. In MANE design, all routers in metro layer, which consist of UPE and PE-AGG, will be Level-1 router. The role of Level 1-2 willbe taken by the edge routers in the core layer which wil be SR. ISIS integration will complete with IP core routers as the Level 2 routers. Considering only metro layer IS-IS Levelt peer relationship will be formed between > Two PE-AGGs > Two UPES > PE-AGG and UPE > PE-AGG and SR 5.3 Implementation 5.3.1 ISIS NET In ISS, Network Entity (NET) is used as the form of address to identity routers. All routers running 1S-1S in this project wil have network-entity (NET) defined. NET will be unique for every ISIS routers in the network. ISIS routers use i to establish and keep the neighbor relationship with others. On top ofthat obtain routes from the neighbors. NET can be regarded as @ special form of Network Service Access Point (NSAP). Therefore the address structure is the same as NSAP but SEL (Selector) bit is always “00°. Ils minimum length is 8 bytes while maximum length is 20. For VNPT implementation, industry commonly used of 10 bytes is recommended. AREAID SYSTEM ID SEL 49 | 0 | 1 | 12 | 20 | 2 | ot | 9 | oF | 00 Toye NET = 49:0016:1220:2901:9001:00 ‘Area ID: xx x00 ‘There are 2 portion of information used to form an area ID. First byte of the Area ID is defined as “49°. This is commonly used for private network according to the industry standerd. The subsequent 2 byte of Area ID is defined using the second byte of the interconnection IP, Following IP addressing guideline from VNPT, private IP address for each province can be Uniquely identified by the second octet. Therefore this information can be used to define the area ID for each province. For example interconnection IP for BNH falls in the range of 10.16.x.x. Therefore area ID in NET for BNH routers will be 49.0016. Page 16suawer \Viewnam VNPT Metro Ethernat Network LLD ‘Area ID of each province is listed below: ‘NH 18 BIN 2 DUK 5 HOG Ea RYN 39 HA, 7 TAN a LG Gi ‘NOH a2 ON! 52, ‘NM 51 THA 4 vec 7 Table 2: 1SIS NET Area List System ID: For system ID there are total 6 bytes used, We use the unique loopback address of each router to define the system ID. Three digits will be used to represent each octet of the loop back address. Zero is inserted in front to make each octet having 3 digits. For example, the router loopback address is 123.29.18.1. Therefore the system iO wil be 4230.2901,9001 SEL: ‘SEL ID willbe always °00” for NET, 5.3.2 IS4S Circ Type IS-IS supports 2 network types ~ Broadcast link and P2P link. By default, Ethernet port on the ‘outers will regards as a broadcast link. However after details study, all links in this MANE network are point-to-point connected. Therefore itis recommended thatthe circuit type for ISIS is defined as p2p. (On a point-to-point link, Complete Sequence Network Packet (CSNP) only needs to be sent when the neighbor relationship is established the first time. This reduces the frequency of the unnecessary periodic CSNP sent by OR. In addition p2p will also enhance the speed of convergence. Page 17M Huawel Vieam VNET Metro Ethemet Network LLD Confidentist 5.3.3. Routes Control Referring to the area ID defining method, t can be concluded that each province in MANE wil be having diferent area ID. This further achieve our aim to realize the 1S-IS route control for VINPT IP Transport network. Since diferent provinces have diferent area ID, all routers in the same MAN will contain Its ‘own area routes only. Ths is because Level 1 routes will not exchange within different area. To further constraint the Interconnection between diferent province and between MANE and IP Core, route control need to be Implemented by SR. Using route policy, SR will not advertises the default route to MANE. As @ result, MANE ang IP CORE are separate natively by SR. Route entries of MANE cen be summarized by ISIS Level-t-2 SR. Therefore if flapping ‘occurred in MANE, it will not spread to IP CORE. On the other hand, SR can advertise certain routes to MANE based on service requirement. 5.3.4 Interfaces 18-18 protocol is enabled on intertaces below: > PE-AGG interface which connected to the SR in core layer > Allloopback interfaces of both PE-AGG and UPE > Allinterfaces between NE4OE routers, 5.3.5. Interface Level Interface level can be modified to restrict the setup of adjaceney relationships on the interface, By default, the interface tevel is set as Level 1-2. Since only level-t routers are deployed in MANE, therefore interface level willbe set as Level 1 for standardization, 5.3.6 Metrics |S:18 metrics design for VNPT MANE network will emphasize base on the interface bandwidth, Higher bandwidth interface will have lower metrics which means higher priority. By adjusting the bancwidth reference to a suitable value we can oblain a metic where it inversely proportional with the interface bandwidth at a same gradient. This reference bandwicth will be deployed unifarmly ia VNPT MANE network Page 18Huawer Vietnam VNPT Metro Ethernet Network LD Confident , Metric calculation method follows formula below: Bandwidth Reference MOE = Tar face Bandwidth * The recommended reference bandwidth recommended is 1006. Therefore metric of 10G link is 100 while metric of GE link is 1000. f 40G port is used inthe future, the metric wil be 25. 5.3.7 ISIS TE ‘Dus to the implementation of MPLS Tratfic Engineering (TE), advance feature of IS-IS TE wit eed to be implemented as well, IS-IS TE fulflls one of the MPLS TE requirements learning the link state information. In shor, IS-i8 TE supports the establishment or maintenance of the Label Switched Path (LSP) and provides the information of the link, For this project, 1S-1S TE wil be used to calculate the best-effort path for TE tunnel. It serves as the second backup resort 5.3.8 Security Measures To prevent unauthorized device from accessing ISIS domain, ISS MDS authentication for Interface Is enabled. IS-IS peer will only be established when the neighboring intertace is ‘enabled with IS-IS and the MDS authentication passed. 5.3.9 Configuration Examples ISIS configuration for implementation describe above are as below: [BNHOOSHAJ isis + [BNHOOSHA-isis-1]s-level level-t ‘evel of router set as Level 1 [BNHOOSHA-is's-1] network-entiy 49.0016.1230.2901.9001.00 define ISIS NET [BNHOOSHA-isis-1] bandwidth-reference 100000 define bandwicth-reference value [BNHOOSHA.isis-1] auto-cost enable #enable auto cast calculation [BNHOOSHA.isis-1} cost-style wide feet cost-stye fo wide to deliver TE information [BNHOOSHA-isis-1]taffic-eng level! enable TE feature of Levelt in (SIS process [BNHOOSHAWisis-1] log-peer-change ‘when peer status change, record i into log [BNHOOSHA.isis-1] quit [BNHOOSHA) interface eth-trunk 1 Page 19Me Haawet Vietnam VNPT Metro Ethemat Natwork LLD Contigentiat [BNHOOSHA-Eth-Trunk1] description “* Connect to BNHOOTHO-Eth-Trunkt [BNHOOSHA-Eth-Trunkt} isis enable + Henable isis in interface [BNHOOSHA-Cth-Trunkt] isis circult-ype p2p define circuit type [BNHOOSHA-Eth-Trunkt} sis circultevel level-t Hestablsh only L1 adjacency [BNHOOSHA-Eth-Trunk1} isis authentication-mode mdS v2n0p019 level-1 ‘#Secunty Measure - MDS authentication for interface [BNHOOSHA-Eth-Trunkt] quit ‘To enable ISIS in loopback interface [BNHOOSHAJ interface loopback {BNHOOSHA-Loopback0} isis enable 1 [BNHOOSHA-Loopback0} isis circuit [BNHOOSHA-Loopbacko} quit vel level-t Page 20we Muawel Vietnam VNPT Metro Ethernet Network LLD Confidential MPLS Planning 6.1 Overview In VNPT MANE Network, MPLS is chosen as the fundamental to forward packet in this, netwark. MPLS uses short label of fixed length to encapsulate packets and is forwarding will base on this label. As 2 result the forwarding speed will be increased. On top of that, MPLS will, also be used as fundamental for trafic engineering and fault protection. 6.2 Structure MPLS LOP Domain © For IP-CORE Figure 7: MPLS Structure Each metro layer for respective province will have its independent MPLS domain. In addition MPLS domain in each metro layer is separated from MPLS domain in the core layer 2s well. In another word, end-to-end inter province LSP and province to core layer LSP will not be ‘established, ‘This will be easily achieved as the router loopback /32 address needed for setting up LSP is not reachable, Routers in metro layer do not have inter province routes end routes to core layer as itis filtered in IGP implementation. Page 21Huawet Vietnam VNPT Neto Confidential 6.3 Basic Design 6.3.1. MPLS Lsr-ID Design Ler-I0 is @ unique identifier of each MPLS routers. Its used to establish the relationship with other MPLS routers. Lsr-ID is defined using Loopback 0 address of each router. 6: 2. Lep-trigger methed Design Jn order to avoid the existence of unnecessary LSP, Lsp-tigger method is designed to be ‘host’. That means, only loopback addresses in VNPT MANE can trigger the LSP establishment. 6.4 MPLS TE 6. .1 Overview ‘As mentioned earlier, MPLS works as the fundamental to forward packet in this network. By Integrating TE (Traffic Engineering) with MPLS, we can further optimize the network utiization, ‘Through MPLS TE, RSVP-TE will be used to set up LSP (Label Switch Path) tunnels to a ‘specific path. This can eliminate network congestion and balance the network trafic In addition, MPLS TE will also able to provide fast recovery from link and node failures where In VNPT scenario, TE hot standby will be used. Page 22Huawer Vietnam VNET Metso Ethemet Network LLO Confident! t 6.4.2 Implementation omer Te Tunnel Figure 8: MPLS TE Tunnel MPLS TE willbe established from every UPE in the metro layer to both PE-AGG that having connection to SR and BRAS in the core layer, For E-LINE service, MPLS TE wil be established from UPE to UPE, CR-LSP wil be established according to a specified path which ‘can also be known as explicit path, Explicit path can be categorized into: > Strict explicit path ~ the next hop defined in the explicit path must be directly connected to the previous hop. Using strict explicit path, we can precisely control the jeath that an LSP passes through by defining on a hop-by-hop basis. In Figure 9, Router Ais the LSP ingress while Router F is the LSP egress. An LSP from Router A to Router F is set up through the strict explicit path. 8 strict is defined as the next hop, This indicates that LSP must pass through Router 6 and the previous hop is Router A. When the subsequent next hop is indicated as C strict, LSP must pass through Router C. Router C must be directly connect to Router B and Router Bis the previous hop in the explicit path Page 23crisp using set Espo Pas Mate ‘Neshop Bit “Mesbop Eat sNectoo Feet Figure 9: Strict Explicit Path > Loose explicit path - nodes that the LSP must pass through is specified. Other LLSR can exist between a node and its previous hop. In Figure 10, an LSP is set up ‘rom the ingress Router A to the egress Router F through the loose explicit path. O loose indicates that LSP must pass through Router 0. However other LSRs can exist between Router D and Router A. Router D so not need to be directly connected to Router A. R Rewer Router CCRLLSP using Loove Epic Path Mathed - Naxchap 0 lose —— set —— is? 8th pat wil passthrough Reuter Figure 10: Loose Explicit Path Strict explicit path method will be deployed due to the reason that the path an LSP passes through can be precisely contralieg Page 24Huawet Vietnam VNPT Metro Etnemat Network LLD Confidential DB LSP backup plays an important role in protecting the MPLS TE tunnel, An active LSP and a backup LSP will be established. If the primary LSP fails, the traffic wil be switched to the backup LSP using hot standby LSP method, 6.5 MTU Considering that there will be mult! layers of MPLS labels tagged on the IP packets, itis recommended that the MTU value need to be increase to handie bigger size Ethernet packet. MTU willbe set at 9000 to standardize with industry practice, 6.6 Configuration Examples ‘Steps to configure MPLS are as below: [BNHO1CSN] mpls Isr-id 123.29.19.9 define MPLS Lsr.1D using loopback0 address [BNHOICSN] mals #enabie mpls [BNHO1CSN-mpis}Isp-rigger host ##define Isp-trigger by host [BNHO1CSN-mpis} mpls te #enable MPLE TE feature globally [BNHOICSN-mpis} mpls rsvp-te enable RSVP TE feature globally [BNHOICSN-mpis] mpis te cspf tenable CSPF [BNHOTCSN-mpls] quit ‘Steps to configure MPLS for an interface, both Ethernet trunk and physical interface, are as below: [BNHOTCSN] interface eth-runk 1 [BNHO1CSN-Eth-Trunkt] mols {BNHOTCSN-Eth-Trunkt-mpis] mpls te enable MPLE TE feature in interface [BNHOICSN-Eth-Trunkt-mpls] mpls rsvp-te Honable RSVP TE feature in interface MTU value of an interface can be adjusted using configuration below: [BNHO1CSN} interece sigabitetheret 4/010 [BNHO1CSN-Gigabit=tnemet4/0/0] descristion “* Connect to BNHO1THO-gai00 ** [BNHO1CSN-Gigabitethemet4/0/0] mtu 9000 Page 25w v VPN design In VNPT MANE network, three Layer-2 VPN technologies are used which are VPLS, VLL and PWES 7. VPLS Design TAA Overview With the development of Ethernet technology, Ethemet has become a crucial LAN technology. ‘As'an access technology, it is widely applied to Metro Area Network (MAN) and Wide Area Network (WAN). \Vitual Private LAN Service (VPLS) is used to connect more than one Ethernet LAN segment through the PSN and make them operate in an environment similar to a LAN. ‘The VPLS is also called Transparent LAN Service (TLS) or Virtual Private Switched Network Service, and ciffers from the point-to-point service of the common L2VPN. With the VPLS technology, the service provider offers Ethernet-based multipoint service to clients through the MPLS backbone network In VPLS, the PSN simulates network bridge devices and forwards packets based on MAC addresses, or MAC addresses and VLAN tags The following lists the basic concepts of VPLS: Pw ‘The Pseudo Wire (PW) is vitual connection used to transmit frames between two PEs. The PE establishes and maintains PWs through signaling and two PEs on both end of the PW maintain the PW status, vsi Every Virtual Switch Instance (VSI) offers separate VPLS service. The VSI implements Ethemet bridge function and terminates PW. ve Poge 26we yp ‘The Virtual Circuit (VC) is @ logical unidirectional circuit between two nodes. Two opposite directional VCs constitute a PW. AVC can be used 2s a unidirectionsl PW, ac ‘The CE accesses the PE through the Attachment Circuit (AC). The AC can be either a physical link or a logieal link. The AC transmits frames betwoen the CE and the PE, VPLS willbe used in SMB, VoIP, VoD and Enterprise VPN (except E-LINE) service to transport the trafic 7.4.2, Signaling Protocol ‘There are two drafts for VPLS which are Martini and Kompelia. Martini is recommended as itis ‘widely used in the world and can be supported by almost all mainstream vendors, ‘Martini define that al sites that belong to the same VPN must “share” the seme VC-ID. HSI, VoIP, VoD, Enterprise L2 and L3 VPN wil be forwarded from UPE to PE-AGG in this way. Signaling protocol acts as the basis on which VPLS is implemented. For Martini, the signaling protocol is LDP, Iti used to automaticaly discover the peers in the same VSI. In VNPT MANE deployment, @ MPLS tunnel is created to transport multiple VPLS instances. This tunnel is, established using RSVP-TE. In short, VPLS is transport over MPLS tunnel. As 2 result, at the packet level, two MPLS labels are added. inner label, which is the VC label, is added by LOP in VPLS implementation, On the other hand, the outer label ~ Tunnel label is added by RSVP-TE to be transported in the MPLS Tunnel. L2Header | IPHeader | Data 7.4.3, Remote Peer address (On UPE device, to create remote LDP peer to PE-AGG, the peer address is designed to be loopback address of PE-AGG. 7.1.4 Access Mode On Huewai Device, the access mode of Ethemet interface can be one of the following: Terminal VLAN interface: reuses a physical interface. For example, you can divide an Page a7a Ethernet interface into multiple sub interfaces, and take every sub interface as a VLAN interface, ‘Switched VLAN Interface: A logical interface, and not a sub interface of a physical interface, ‘ALAN interface contains more than one physical interface, that is, the VLAN packets are received from multiple physical interfaces, Due to natwork structure of VNPT, terminal interface is proferred 7.4.5 PW Encapsulation ‘There are two Encapsulation modes for Ethernet link of Layer-2 VPN technology. > Raw: Remove p-vian tag while forwarding on PW > Tagged: Keep p-vian tag while forwarding on PW ‘On VNPT Metro network, “tagged” mode is recommended for VPLS to make sure no changes con.the packets of services while they are forwarded on PW. 7.4.6 VSi-name HSI HSI_OSLAM name SMB. ‘SMB_Enterprise name a Se (Wor [WolP_UPE name | Veo [voD_UPE neme Enterprise [TEP Enterprise name Table 3: VSI Name Table above will only serves as @ suggestion. VNPT's.VSI naming convention will be used if available, 7.4.7 MAC-withdraw ‘After enabling MAC-withdraw, when an AC fault or @ UPE fault occurs and the VSI status remains Up, the local MAC address is deleted and all the remote peers are informed of the eletion. This configuration can speed up the MAC table refresh. MAC-withdraw will be ‘configured for Enterprise service Page 28uawer Vietnam VNPT Metro Ethemet Network LO Confident Dg 74.8 H-VPLS In the HVPLS model, PEs falls into the following two types: Underlayer PE (UPE} It refers to the user aggregation device. It Is directly connected with the CE. It is only necessary for the UPE to set up the connection with @ PE in the VPLS fully-connected network. ‘The UPE supports the routing and the MPLS encapsulation. if the UPE is connected with ‘multiple CEs and possesses the bridge function, the frame forwarding can be performed on the UPE, Thus, the load on the SPE can be relieved. Superstratum PE (SPE) ‘The SPE rofers to the core device that is connected with the UPE and loceted in the VPLS fully-connected network. The SPE sets up the connections with all the other devices within the VPLS fully-connected network. ‘The UPE connected with the SPE is ike 2 CE to the SPE. The PW set up between the UPE and the SPE works as the AC of the SPE, The SPE needs to learn the MAC addresses ofall the sites on the UPE side and that of the UPE interface connected with the SPE. In VNPT MANE Network, H-VPLS Is used to avoid fullmesh peer among UPE devices for E-LAN service, 7.1.9 Configuration Examples ‘Sample to configure VPLS 2s below: [BNHO1CSN] mols lap remote-peer BNHOOSHA #ereate mpls ldp remote-peer [BNHO1CSN-mpls-Idp-remate-BNHOOSHA] remote-ip 123.28.19.1 define peer using loopback ip [BNHO1CSN-mpls-Idp-remote-BNHOOSHA] quit [BNHOtCSN] mpls t2vpn #enabie L2VPN [BNHO1CSN] vsi EP_VNPT static, Hereate a VSI uses static member [BNHOTCSN-vsi-EP_VNPT] pwsignal dp LDP set as the signaling protocol in VSI [BNHO1CSN-vsi-EP_VNPT-idp] vsi-id 0500001010 set 1D for a VSI (BNHOICSN-vsi-GP_VNPTHdp] peer 123.29.19.1 set a VS! peer {BNHOICSN-vsi-EP_VNPT-dp] macawithdraw enable #enable MAC withdraw [BNHO1CSN) interface gigabitethemetsi0/2.50 #ereating subinterface Page 29Huawet Vietnam VNPT Metro Ethornet Network LL.D Contigenvat Dp [BNHOICSN-GigabltEthernet##0/2.1] description ** For Enterprise Service * [BNHOTCSN-GigabitEtnernet#/0/2.1] van-type dott 50 set interface as terminal VLAN interface [BNHOICSN-GigabitEtnemets/0/2.1] 2 binding vsiEP_VNPT —#bind L2 interface with VSI [BNHO1CSN-Gigabitethemet4i0/2.1} quit ‘To enable H-VPLS, peer will be defined as UPE in VSI as shown below: [BNHOOSHA] vsi EP_VNPT static [BNHOOSHA-vsI-EP_VNPT] pwsignal dp [BNHOOSHA.vsI-EP_VNPT-dp] vsi-id 0510080001 [BNHOOSHAvsI-EP_VNPT:1dp] peer 123.29.19.9 upe #H-VPLS - set peer as upe 7.2 VLL Design 7.2.4 Overview Traditional VPNs are based on Asynchronous Transfer Mode (ATM) or Frame Relay (FR), where diferent VPNs can share the network structure of carriers. Traditional VPNs have the following disadvantages: Dependence on special media (such as ATM or FR): The carriers must establish ATM networks or FR networks for ATM-based or FR-based VPNs across the country. This is 2 waste of network construction. Complicated VPN structure: when a site is added to an existing VPN, itis necessary to modify the configuration ofall the edge nodes that access the VPN site, ‘To avoid the preceding disadvantages, new solutions are introduced. Viral Leased Line (VLL) based on Multiprotocol Label Switching (MPLS) L2VEN is one ofthe solutions. ‘The VLL provides Layer 2 VPN services on the MPLS network. It allows the establishment of L2VPNs on citferant mecia including ATM, FR, VLAN, Ethernet and PPP. At the same time, the MPLS network provides traditional IP services, MPLS L3VPN, trafic engineering and Qos. ‘The VL transfers Layer 2 data of the user transparently on the MPLS network. The MPLS. network is @ Layer 2 switching network used to establish Layer 2 connections between nodes, ‘The following is the basic concepts of VLL: ‘Attachment Circuit (AC): AC Is an independent link or circuit that connects CE and PE, The AC interface may be a physical interface or a logical interface. The AC attributes include the encapsulation type, MTU and interface parameters of specified link type. Page 30wuawel \Visinam VNPT Mato Ethernet Network LD Confident Dd Virtual Circuit (VC); Itrefers to @ kind of logical connection betwoen two PES. ‘Tunnel (Network Tunnel): It transmits the user data transparently. ‘Through the label stack, VLL ean realize the transparent transmission of user datagram in an MPLS network Outer label: The label, which is also called tunnel label, is used in trensferring packets from lone PE to another. Inner label: The label, which is also called VC label in VLL. is used to identity different links between VPNs, The PE on the receiver side transfers packets to the corresponding CE according to the VC label VLL will be used io HSI and Enterprise VPN (E-LINE) service to transport the trafic. Thus, PE-AGG and UPE don't have lo learn MAC addresses. 7.2.2. Signaling Protocol ‘There are two drafts for VL which are Martini and Kompelia, Martin is recommended as itis widely used in the world and can be supported by almost all mainstream vendors. The signaling protocol of Martinis LOP. 7.2.3 Remote Peer address (On UPE device, to create remote LOP peer to PE-AGG, the peer address is designed to be loopback address of PE-AGG. 7.2.4 Access Mode ‘On Huawei Device, the access mode of Ethernet interface can be one of the following types: Terminal VLAN interface: reuses @ physical interface. For example, you can divide an Ethernet interface into multiple sub interfaces, and take every sub interface as @ VLAN interface Switched VLAN interface: A logica! interface, and not a sub interface of @ physical interface A VLAN interface contains more than one physical interface, that is, the VLAN packets are received from multiple physical interfaces, Page 31Me Hoawet Yiotnam VNPT Mato Ethernet Network LLD Confidenvat Due to network structure of VNPT, terminal interface is preferred. 7.2.5 PW Encapsulation (On VNPT Metro network, “tagged” mode is recommended for VLL to make sure no changes con the packets of services while they are forwarded on PW. 7: 6 Configuration Example Configurations for VLL as below: [BNHO1CSN} mpls tdp remote-peer BNHOOTHO oreate mpls idp remote-peer [BNHO‘CSN-mpis-dp-remote-BNHOOTHO] remote-ip 123.29.19.2 define peer using loopback ip [BNHO1CSN-mpis-idp-remote-BNHOOTHO} cuit [BNHO1CSN] mpis l2vpn enable L2VEN [BNHO1CSN-2vpn] mls I2vpn default martini [BNHOICSN-2vp0) quit [BNHO1CSN] interface gigabitethernetsi0/2.44 [BNHOICSN-Gigabitéthernets0/2.44] description ** HSI Service VLAN 44 °° [BNHOICSN-GigabitEtnemets/0/2.44) vian-type dottq 44 [BNHO1CSN-Gigabitéthernets/0/2.44] mpls I2ve 123.29.19.2 0120090044 tagged [BNHOICSN-Gigabitzthernets/0/2.44} quit 7.3. VSI4D and VC-ID Distribute ln Huawei device, bath VSI-ID and VC-ID value can range from 1 to 4294967295, VSHID and VC-ID defined for each instance must be unique within one province: For VNPT MANE Impiementation, we recommend that en !O numbering standard is used. The rationale behind are: > Comparing with random sequence allocation, since a guideline is provided it can reduce the possibilty of human error where duplicated ID is used. > From VC-ID and VSI-D, information such as service type, UPE IP, VLAN ID can be obtained. Huawei VC-ID and VSI-ID numbering standard will consists of 10 figures, The guideline is described as below, Page 32VANE! Vina VNET eto Enema ood LLD conn DW VSEID & VC-ID Client Sequence NumberIVLAN Service Type Table 4 VSI-IO and VCD Naming \VSHID and VC-ID are generated using 4 portions of information as described below: 1. Service Type. Hst: 01 VoiP: 02, Veo: 03 SMB: 04 \2 Enterprise VPN: 05 3 Enterprise VPN: 06 2. PE-AGG ID ‘There are two PE-AGG connected to SR ar BRAS in every province. PE-AGG ID will be defined as “1” for the router that has smaller loopback address while defined as “2° for the ‘other router. ‘When the service type is VolP, VoD, SMB, L3 Enterprise VPN and L2 Enterprise VPN E-LAN, PE-AGG ID wit defaut to “O" 3. UPE ID LUPE ID will use the last octet of loopback address of UPE. For example, UPE loopback ‘address: 10,1.1.55, therefore UPE (0 will be "055". For VoIP service, these three digits will ‘always be "000" 4, Client Sequence Number / VLAN ID For HSI and SMB service, the last four digits will be defined using VLAN IO. On the other hand, for enterprise VPN service, the last four digits will using client sequence number for Identification For VolP and VOD service, these four digits will always be “0000”. 7.4 Special Scenario 7.41. Solution In VNPT MANE network, some DSLAM directly connect to PE-AGG. This special scenario can bee found in DLK, QNI and GNM, Page 33Vietnam VNPT Mato Ethernet NPT IP/MPLS. Figure 11: Special Scenario To make traffic arrive BRAS or SR from DSLAM, local VSI will be used on PE-AGG. Both the interfaces connected to OSLAM and to BRAS or SR will be bind into same VSI. This will make them reachable. 7.4.2 Configuration Examples {OLKOOBMT] vsi HSI_BMThoutt static #ereate a VSI uses static member {[OLKOOBMT] macearing disable ‘Disable mac tearing {DLKOOBMT-vsi-HSI_BMThoutt] pwsignalidp LDP set as the signaling protocol in VSI [DLKO0BMT-vsi-HS!_BMThoutt-Idp] vsiid 012002046 set ID for@ VSI [OLKOOBMT] interface gigabitethemet2/1/7 [DLKOOBMT-Gigabitéthernet2/1/7] description ** Connect to DSLAM BMThout! * [OLKOOBMT] interface gigabitethemet2/1/7.101 creating subinterfaco (OLKOOBMT-Gigabitetnernet2/1/7,101] description ** For HS! Service ~ VLAN 101" [DLKOOEMT-Gigabitethernet2/1/7.101] vian-type dotig 101 set interface as ferminal VLAN interface [DLKOOBMT-Gigabitethernet2/1/7,101]i2 binging vsi HSI_SMThout! #bind L2 interface with vst [OLKOOBMT-Gigabitethernet2/1/7.101] quit [OLKOOBMT) interface Trunks Page 24BZ wo g a1 \Vietram VNET Met Ethernet Network LLO. Confidential Dp [OLKOOBMT-Trunka] description ** Connect to BRAS “ (PLK008MT] interface Trunks.101 ereating subinterface {OLKOOBMT-Trunk8, 101] description ** For HSI Service ~ VLAN 101 [DLKOOBNIT-Trunka.101] vian-type dottq 101 set interface as terminal VLAN interface [DLKOOBMT-Trunk8, 101] 2 binding vsi HSI_BMThout! #bind L2 interface with VSI [DLK00BMT-Trunks.104] quit Page 35Configentia y Multicast Planning 8.1. PIM Protocol PIMis a solution to multicast routing, It is widely used in practice. This technology willbe used in VNPT Metro network to provide BTV service, PIM uses the existing unicast routing information to perform RPF (Reserve Path Forward) check on mutticast packet to create multicast routing enies and set up a MDT (Multicast Distribution Tree). No routing updates are sent between PIM routers. Two models of PIM are ASM (Any-Source Multicast) and SSM (Source-Specific Multicast Due to the fact that the source of the multicast traffic in this network is able to be identified, PIM-SSM is recommended. Implementation wil be easier using SSM model. SPT can be established directly between the source and the group members. In addition, it does not need to maintain RP, join BSR, ‘construct the RPT or register the multicast source. 8.2 IGMP Planning To make sure muticast packets able to reach receivers, IGMP protocol is used. After IGMP is configured on the receiver hosts and the multicast routers, host will able to join related group ‘and routers will able to manage the members. 8.2.1 IGMP Version Currently, IGMP has three version which are IGMPv1 (RFC 1112), IGMPv2 (RFC2238) and IGMPv3 (RFC3376), IGMPv3 will able to work directly with the proposed PIM-SSM. For host land routers running on IGMPv3, the source is being specified in the Report message of Iompys, On the other hand, for Set Top Box (STB) that able to run only IGMPV1 or IGMPV2, SSM Mapping need to be configured on the router, where in our case will be UPE. Page 36Muawet Vietnam VNPT Metro Ethernet Network LLO Confidentiat D 8.2.2 IGMP Static-Join To join a multicast group, there are two methods available which are dynamically joining or statically joining, For VNPT Metro Network, we recommend IGMP statically joining @ multicast group. IGMP statically joining wil be configured on two different nodes based on two different scenarios respectively. ‘The first scenario wil be SR in the core layer to configure with static IGMP join for all TV channels, Multicast traffic for all channels wil be transported to SR. This will provide a better ser experiance for users in each province where channel fast switch willbe able to achieve. For more populer channel, it is recommended that UPE or PE-AGG, which has DSLAM ‘connects to it, will be configured with static IGMP join. This will enhanced the channel switching experience. Leopback0 will be used for IGMP staticjoin in UPE or PE-AGG. 8.2.3 SSM-Mapping SSM mapping will be enabled on UPE or PE-AGG, which has DSLAM connects tot, to provide SSM services for hosts that run IGMPvt or IGMPV2. 8.3 Multicast Security Referring MANE deployment, muticast security can be implemented on two major protocol used in multicast service which are IGMP and SSM, 8.3.1 IGMP Group Policy By default, routers able to join to any multicast group. Implementing IGMP group policy on the router interfaces that have connection with receiver hosts, we can mit the multicast group that is reachable by the receiver hosts 8.3.2. PIM SSM Policy PIM SSM Policy can be implemented on all routers to ist the available source for multicast service. This can fiter out unauthorized multicast source. Page a7Huawel Vieinam VNET Mot Ether confientat 8.4 Configuration Examples Configuration to enable PIM-SM and {GMP are as below: [BNHOtCSN} multicast routing-enable enable multicast function [BNHOTCSNjact number 2000, tereate ACL. for PIM SSM Policy [BNHOICSN-acl] rule 5 permit source 224.0.0.0 0.255.255.255 [BNHOICSN-acH] quit {BNHO1CSNJact number 2005 ereate ACL for IGMP Group Policy [BNHO1CSN-2cl} rule 5 permit source 225.1.1.1 0 [BNHOTCSN-acl quit [BNHOICSN} pim [BNHOtCSN-pim] ssm-policy 2000 [BNHOICSNJ igmp [BNHO1CSN-igmp] ssm-mapping 224.0.0.0 8 10.16.100.99 #erwate ssm-mapping policy [BNHO1CSN] interface eth-trunk 1 [BNHO1CSN-Eth-Trunkt] pim sm enable PIM on interface to other NEAOE [BNHOTCSN-Btn-Trunkt} quit [BNHO1CSN] interface gigabitethernet 4/0/2.99 [BNHOICSN-Gigabitetherneta/o/2.99] pim sm enable PIM on interface to receiver host [BNHO1CSN-Gigabitethernetsi0/2.99] igmp enabie enable igmp [BNHO1CSN-Gigabit=thernets/0/2.99] Igmp version 3 HIGMPV3 used [BNHO1CSN-Gigabitethernets/0/2.99] igmp ssm-mapping enable #enable SSM-mapping [BNHO1CSN-Gigabitethernets/0/2.99] igmp group-policy 2005 enable IGMP group-policy [BNHOICSN-Gigabitetherneteor2.99] quit For IGMP Static-Join, configuration is done using Loopback interface as below: [BNHO1CSN] interface loopback [BNHO1CSN-Loopbacko] gmp state-group 224.0.1.99 _Hioin 224.0. 1.99 muticast group Page 38we v Service Deployment 9.1 HSI Service Implementation of HSI service for residential and business customer will work together with the BRAS in IP backbone, Among the 13 provinces, only 2 provinces which are KHA and LAN will have 2 BRAS serving the MAN. The other provinces wil have 1 BRAS. 9.1.1 Working Mechanism Service Flows for HSI with PPPoE @ Perce chatenge (©) rpce autericaion : ee Figure 12: HSI Service Working Mechanism Working mechanism of the HSI is as below: > UPE wil establish 2 PW to 2 different PE-AGG which connected to the BRAS in IP backbone, one is master and another one is standby. Users make PPPOE request, PPPOE packets willbe over VL. Based on the outer service tag (S), UPE will bind the corresponding PW. PADI packet will be passing through master PW. BRAS terminate Q-in-Q or dott, then response with unicast PADO. User will establish PPPOE session with BRAS. vvvy Page 391m VNET Mazo Ethernet Network LO 9.1.2. Implementation Single Access Scenario Dual Access Scenario UPE DSLAM Figure 13: HSI Service Implementation Considering the huge quantity of HSI clients, VL is recommended because it doesn't need lear MAC adcresses. For DSLAM having single access, active and backup VLL will be deployed for each VLAN to achieve redundancy. For DSLAM having dual access, each UPE create single active VLL. VLAN will stil have trunk. to both UPE in this scenario, Implementation items for HSI are as below: > VL deployed in UPE and PE-AGG > TE Is deployed in the access ring. VL over TE is used, TE hot-standby is used for LSP protection. > Per OSLAM per lave Page 40Vietnam VNET Mot Ethernet Network LLD Confidential 3. Access Method 9.1.3.4 Scenario 1: Gina Access Peas — a [aa ses Figure 14: HSI Service Access Method - QinQ Access ‘The functions of diferent nedes in this scenario are as below: > DSLAM: Encapsulate two vian tags which are S-vlan and C-vlan. C-vien identifies lent while S-vian to identify DSLAM+Service > UPE: Create PW based on S-vlan > PE-AGG: Terminate PW and send Q in @ packets to BRAS. > BRAS: Terminate Qin Page 41s UA ~~ g et ‘Vietnam VNPT Meo Ethemet Network LD Confidentia 9.1.3.2 Seanario 2: Dot1@+ ACI Access Figure 15: HSI Service Access Method - Dot1Q + ACI Access ‘The functions of different nades in this scenario are as below: > DSLAM: Encapsulate S-vian.and PPPoE ACI. S-vlan represents OSLAM ané service, Smart-vian is recommended to separate diferent interfaces inside same vlan, > UPE: Create PW based on S-vian PE-AGG: Terminate PW and send packets to BRAS. > BRAS: Terminate S-vlan Page 42sw Huawer Vietnam VNPT Mato Eth 9 Network LLB. Confidentiat 9.1.3.3 Scenario 3: Dot1@ without ACI Access | Sai a SS8E Figure 16: HS! Service Access Method - Dott without ACI Access ‘The functions of cifferent nodes in this scenario are as below: > . DSLAM: Encapsulate C-vian. C-vian used to identify client, > Additional DLSAMILAN Switch: Encapsulate S-vian. Swlan stand for service and slam > UPE: Create PW based on S-vian PE-AGG: Terminate PW and send packets to BRAS, > BRAS: Terminate S-vian v Page «3Me awe ‘Vietnam VNPT Moto Ethernet Network LD Coniident 9.1.4 Interruption Analysis Figure 17: HSI Service Interruption Analysis: Table below summarize the corresponding scenario when failure occur ‘TE Hot-standby protects PW. 8FD for LSP detect main LSP goes down and will divert traffic using backup LSP. PPPoE session disconnected. User need to redial Tablo §: HS! Service Interruption Analysis - PPPoE Session Established 9.1.5 Configuration Examples 9.1.5.1 Single access scenario HSI users under DSLAM, using VLAN 360, connected to UPE HOGOBTHC located in ring 6 of Hoc. Page aswe Huawet \Vietnam VNPT Matra Ethernet Network LLO Consortia Dp MAS BACKEOIE S ress Tao 4 ove Pov tno Figure 18: HSI Example - Single Access Scenario 4. UPE (HDGOSTHC) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to Chapter § and 6. (2) Tunnel configuration Defining Explicit Path # cexplicit-path to_HOGOOTHD_main ext hop 10.34.0.129 next hop 10.34. 0.126 ext hop 123.29.30.1 4 ‘explici-path to HDGOOTED_main next hop 10.34.0.134 next hop 10.34.0.138 next hop 123.29.30.2, next hop 123.29.30.1 next hop 10.34.0.2 next hop 123.29.90.2 Page SOHO gateway send IPoE request > Ag Switch encapsulates S-vian. > UPE establish VPLS session to PE-AGG > PE-AGG terminates VPLS session and sends the request to SR. > SRallocate one public ip address to SOHO gateway > Servers send DHCP request to SOHO gateway SOHO gateway allocates public subnet address for NAT server and other servers. Page 83ZB ~ 5 vi xm VNPT Metro Ethornet Cconfigentiat 9.2.1.2 SMB without Gateway SMB service access (switch) DHCE tly are tor Sec vomereston_ @vveiaesibasedononer €} |PoE {Allocate one /32 public IP address for each Enterprise Server} Figure 21: SMB Service — without gateway Work Mechanism of SMB with gateway is ist below: > Servers send IPoE request; Aggregate Switch encapsulates S-VLAN. UPE establish VPLS session to PE-AGG, PE-AGG terminates VPLS session and sends the request to SR. SR allocate one public IP address for each Enterprise server vvvy Poge 54NG HUAWEI Confidential py 9.2.2 Implementati Figure 22: SMB Implementation Implementation items for SMB are as below: > VPLS deployed In UPE and PE-AGG > TEs deployed in the access ring. VPLS over TE is used, TE hot-standby is used for LSP protection. > Per DSLAM/Aggregate switch per VSI 9.2.3 Access Method 9.2.9.1 Scenariot: DSLAM or Aggregate switch support @ in @ Peacs AGG aSLAN aeLsw ‘capsuim Oi) Page 55NG Huawel Vietnam VNPT Metro Ethernet Network LLD Confidentiat Figure 23: SMB Service Accass Method ~ DSLAM/Aggregate Switch support Q in Q ‘The functions of diferent nodes in this scenario are as below: > DSLAMor Aggragate switch: Encapsulale two VLAN tags: S+C. C-VLAN represents clients and S-VLAN use to identify DSLAM+Service. > UPE: Create VPLS session based on S-VLAN PE-AGG: Terminate VPLS session and send Q in Q packets to SR. > SR: Terminate Qin Q 9.2.2.2 Scenario2: DSLAM or Aggregate switch do not support Qin Q Figure 24: SMB Service Access Mathod ~ DSLAM/Aggregate Switch do not support Q in ‘The functions of diferent nades in this scenario are as below: > DSLAM/Aggregate switch: Encapsulate C-VLAN. C-VLAN used to identily clients, > Additional OSLAM/LAN Switch: Encapsulate S-VLAN. S-VLAN stand for service and DSLAM/Aggregate switen > UPE: Create VPLS session based on S-VLAN > PE-AGG: Terminate VPLS session and send packets to SR > SR: Terminate Qin @ 9.2.4 Interruption Analysis Same as HSI service Page 58we py 9.2.5 Configuration Examples ‘SMB client makes connection through DSLAM which uses VLAN 360 to UPE HOGOBTHC. Bren nn Pov ietne By recessive Figure 25: SMB Example 1. UPE (HOGOGTHC) configuration (1) Basie configuration (IP, IGP, MPLS) Configuration omitted. Refer to Chapter 5 and 6, (2) Tunnel configuration Define Explicit Path * cexplict-path to_HOGOOTHD_main next hop 10.34.0.129 next hop 10.34. 0.126 next hop 123.29.30.1 # explicit path to HDGOOTDB_main next hop 10.34.0.134 next hop 10.34.0.198 next hop 123.29.30.2 # Page $7s Wawel Vietnam VNPT Metro Ethernet Configura TE Tunnel a Interface Tunnet0/0rt description ** Connect to HOGOOTHO “* ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 123.29.30.1 imps te tunnels + imps te record-route label impis te backup hot-stancby wtr 60 pis te path explicipath to HDGOOTHD_main impis te backup ordinary best-effort pls te reserved-for-binding mpls te commit # interface Tunneio/0/2 description ** Connect to HDGOOTED ** Ip address unnumbered interface LoopBackO tunnel-protocol mpls te destination 123.29.30.2 impls te tunnel-id 2 imps te record-route iabel impls te backup hot-standby wir 60 imps te path explicitpatn to HOGOOTDB_main pis te backup ordinary best-effort, imps te reserved-for-bincing pls te commit, Configure Tunnel Policy # tunnet-policy to HOGOOTHD tunnet binding destination 123.29,30.1 tunnelOO/t * tunnet-policy to_HOGOOTBD tunnel binding destination 123,29.20.2 tunnelOV0/2 # BFD for LSP Configuration # fa mpls-passive # Page $8 Configertia% Huawel ‘Vietnam VNET eto Ethernet Network LLO mols imps te bf enable # interface TunnelG/o/t pis te bfd enable pls te bfd min-bcinterval 30 min-ncintarval 30 detect-multiptier § # interface Tunnel0/0/2 mpl te bfd enable impls te bfd min-tcinterval 30 min-rx-interval 30 detect-mutiptir 5 # @) VPLS configuration # imps idp cemote-peer HOGOOTHD remote-ip 123.29.30.1 # pis Idp remote-peer HDGOOTEO remote-ip 123.29.30.2 * vvsi SMB_HP static ‘pwsignal lp vsi id 0400270650 peer 123.29,30.1 tnk-policy to HDGOOTHD peer 123.29,30.2 tnk-poliey to_HDGOOTBD # interface gigabitethemet 4/0/3.650 description ** Connect to DSLAM ** vian-type dottq 650 12 binding vsi SMB_HP 2. PE-AGG (HDGOOTHD) configuration (1) Basie configuration (IP, IGP, MPLS) Configuration omitted. Refer to Chapter § and 6. (2) Tunnel configuration Define Explicit Path # cexplici-path to_HOGOSTHC_main next hop 10.34.0.125 next hop 10.34.0.190 next hop 123.29.30.27 Page $8% Configure TE Tune! # Interface Tunnel0/0/27 description ** Connect to HDGOBTHC ** ip address unnumbered interface LoopBack0 ‘unnel-protecol mpls te destination 123.28.30.27 pls te tunne.id 27 pls te recoré-route label impls te backup hotstandby wir 60 mols te path explict-path to HDGOSTHC_main pls te backup ordinary best-effort pls te reserved-for-binding impls te commit a Configure Tunnel Poticy # tunnelpoticy to_HDGO6THC tunnel binding destination 123.29.30.27 tunne'0/0/27 # BFD for LSP Configuration # fd mpls-passive # pls pls te bfd enable # interface Tunnei0/0/27 imps te bfd enable impls te bfd min-tx-nterval 30 min-rx-intervat 30 detect-muttipier 5 # (8) VPLS configuration # imps lp remote-peer HOGOBTHC remote-ip 123.29.30.27 # vsi SMB_HP static Page 60we Huawer Vietnary VNPT Netto Ethenmet Network LLD pwsignal lip vsi id 0400270850 peer 123.29,30.27 tn-policy to HOGOSTHC # interface gigabitethemet 2/1/9.650 {description ** Connect to SR “* Wlar-type dottq 650 [2 binding vsi SMB_HP # 3. PE-AGG(HDGOOTBD) configuration (1) Basie configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter 5 and 6. (2) Tunnel configuration Define Explicit Path * ‘explict-path to HOGOSTHC_main next hop 10.34.0.137 next hop 10.34.0.133 next hop 123.29.30.27 * Configure TE Tunnel # interface Tunneio/0/27 description ** Connect to HOGOBTHC ** Ip address unnumbered interface LoopSackO L-protocol mpls te destination 123.29.30.27 impls te tunnebid 27 impls te record-route labet inpls te backup hotstandby wtr 60 impls te path explicitpath to_ HDGO6THC_main imps te backup ordinary best-effort imps te reserved-for-binding impis te commit # Configure Tunnel Policy # tunnel-policy to_HDGOBTHC tunnel binding destination 123.29.30.27 tunnel0/0/27 Page 1uawer Vietnam VNPT Metro Ethemet Network LD Confident Bp * BFD for LSP Configuration * bd mpis-passive # pis mols te bid enable * Interface Tunnel0/0/27 impls te bid enable ps te bfd mia-bcinterval 30 min-re-interval 30 detect-muliplier 5 # (3) VPLS configuration # imps ldp remote-peer HOGOSTHC remote-p 123.28.30.27 * vei SMB_HP static pwsignal Idp vsi id 0400270650 peer 123.28,30.27 tnkpolicy to HDGOSTHC i : interface gigabitethemet 2/1/8.650 descciption ** Connect to SR ** Mlan-type dottq 650 2 binding vsi SMB_HP a 9.3 VoIP & VoD Implementation of VoIP/VOD service will work together with the SR router in IP backbone. 3 provinces which are KHA, LAN and THA wil have two SR routers to serve the entice MAN Meanwhile the other provinces will have one SR. Page 62Vietnam VNPT Ethernet Network LLD. Configerial .1 Working Mechanism 9.34.4 VoD Unlike BTV, VoO is a unicast service. Each subseriber requesting a program through VoD gets 18 copy of the program. If there are many subscribers request programs at the same time, the total bandwidth can be huge, so Connection Admission Control (CAC) is strongly recommended to limit the number of simultaneous subscribers. Itis recommended that CAC is configured in thé middlesware. Service flow for VoD is described in detail in Figure below. @ sence Demety i Figure 26: VOD Service Flow ‘The VoD service packet from the DSLAM is encapsulated into the dott, Por UPE per vian [After arriving at the UPE, the packet is not terminated but forwarded to the PE-AGG through VPLS. The PE-AGG terminates the MPLS and performs transparent iayer-2 transmission to SR. > The downlink VoD stream Is sant to the STB in unicast mode over the same path, The VoD service VLANs of diversified DSLAMs are VRRP is enabled on SR and VRRP hello message is transmitted into VLL from the path PE-AGGI to UPE to PE-AGG2. VRRP virtual MAC Is leamed on UPE. DHCP initial packets (with option60 to indicate this is VOD service request) broadcast to two PE, handled by master PE with OHCP Relay, security binging Page 63 vyss HUawer Vietnam VNPT Metro Ethernet Network LLD Contidenia Dp Status should be examined to them; DSLAM run OHCP Snooping (insert option 82) ‘and security binding checking, 9.3.1.2 VolP \VolP is also a unicast service. As a realtime service, it requires low delay and litle packet loss, But it consumes a small portion ofthe bandwidth, @ w forvoice @ for signal Figure 27: VoIP Service Flow Service flows for VoIP are as below: > Page 64 When traditional POTS phone want make a call, the analog signal will send to MSAN, MSAN first do the A/D convert and OSP process, then MSAN will use the signel IP + port id 2944 communicate with MGC using H.248 protocol; After MGC done the called number analyze, MGC wil ind the destination MSAN device connect to end POTS phone on DB. then MGC send signaling to info destination MSAN /POTS phone, later the voice RTP traffic will send to the remote MSAN's voice IP + specified port, the remote MSAN will do the D/A convert agai MSAN encapsulate VoIP with dotia, this Q represent location of DSLAM and service type. Same services will access one same VSI based on outside Q, UPE transmit dot1g packet transparently to PE-AGG through VPLS session: PE-AGG terminate VPLS. session, and performs transparent iayer-2 transmission to PE. As the quantity of MSAN of each province is not large. Per vlan per province is recommended (One vian for one province.Network LD 9.3.2 Implementation Service Deployment for VoD TeASR ods #8 GW WoO sano {ite WANE ats ane VLAN Bar PE Vo ri, ss Svan ty LP ‘Each UPE ces one NPL cay all VoD snsco (APE use Solas cons i rec occess vers No wee ‘mmuncaten, ot elon cnmaraan szeasnuscet atc Figure 28: Residential VoIP/VOD Service Solution Implementation items for VoD are as below: > vyuvvy Page 6s Different VSI for itferent UPE. VPLS is deployed in UPE VLLis deployed in PE-AGG. Disable spilt horizon in UPE, ‘Spoke isotate is deployed in UPE to prevent STB access each other locally. ‘TE fs deployed in the access ring, VPLS over TE and VLL over TE are used. TE hotstandby Is used for LSP protection,A Muawer Vietnam VNET Met Ethernet Network LD Confident Service Deployment for VoIP TSISR nr a8 GW 6 VO rade te Ane ue same cata VLAN fr VP rate ‘Bene eoPACGIPE nt ona HVPLS 0 any 1 VO sine ena {RPE tr sneak baradon dar OSC> wm doy SO+FO 9 Sune wie Implementation items for VolP are 2s below: > One vian for one province. > VPLS is deployed in UPE and PE-AGG > Disable spilt horizon in UPE > TE Is deployed in the access ring, VPLS over TE is used. TE hot-standy is used for LSP protection. 9.3.3. Scenario Analysis: 9.3.3.4 One SR Scenario Page 66Configential isabie vats spit ae eros = nn te gure 20: IPOD Sane - One SR Scenario I single SR sconaro, bot PE-AGG inthe MAK wit connect Lo deren era n SF. VRRP will be deployed between these two interfaces. In addition to that, Users end wi be pointing to the VRRP virtual IP as the gateway forthe service. Pages?Huawer Vietnam VNET Motto Ethernet Notwork LD Confidentiat 9.3.3.2 Two SR Scenario Tieable vetssoit | ‘roraon © cum tenes oat + Gao Figure 30: VoIP/VOD Service - Two SR Scenario In two-SR scenario, both PE-AGG in the MAN will connect to different SR. In adcition to that, ‘VRRP willbe implemented on SR. Users end will be pointing to the VRRP virtual IP as the gateway for tha service Page 68Vietnam VNPT Motto Ethemet NeWwork LLD Confident D 9.3.4 Interruption Analysis soon - @s Figure 31: VoIP/VOD Service interruption - Two SR Scenario, ‘Table below summarized the corresponding scenario when failure occurs at following point. Use BFD for VRRP to Getect failure. Traffic can pass through another PE-AGG. Remark: This subject to the avalabilty of the feature BFD for VRRP on SR. Else client may need to redial to get B connected. ‘Table 6: VolP/VOD Service Inierruption Analysis ~ Two SR Scenario 9.3.5. Configuration Examples Example below shows VoIP/VoD services using VLAN 1500 connected through DSLAM to LUPE HOGO6THC in ring 6 of HOG. Page 6sFigure 32: VolP/VOD Example 1. UPE (HDGO6THC) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter § and 6. (2) Tunnel configuration Define Explicit Path # expliit-patn to HOGOOTHD_main next hop 10.94.0.129 next hop 10.34. 0.126 ext hop 123.29.20.1 # cexpiicit-path to HOGOOTDB_main next hop 10.34.0.134 ext hop 10.3400.138 next hop 123.28.30.2 # Contigure TE Tunnel # interface Tunnei0/0/s Poge 70we Huawet Vietnam VNPT Metro Ethemet Network LLD descciption ** Connect to HOGOOTHD Ip adcress unnumbered interface LoopBackO tunnel-protocol mpls te destination 123.29.30.1 impts te unnel-id 1 impls te record-oute labet pls te backup hot-standby wtr 60 ‘mpls te path explicit-path to HOGOOTHD_main mpl te backup ordinary best-effort impls te reserved-for-binding pls te commit # interface Tunnei0/ol2 description ** Connect to HOGOOTBO “* Ip adcress unnumbered interface LoopBack tunnet-protoco! mpls te destination 123.29.30.2 imp's te tunnel-id 2 pls te record-route label impls te backup hot-standby wtr 60 impls te path explici-path to HDGOOTDB_main imps te backup ordinary best-effort Ips te reserved-tor-binding pls te commit # Configure Tunnel Policy # tunnet-policy to_HOGOOTHD tunnel binding destination 123.29.30.1 tunneio/o/t # tunnel-polcy to_HOGOOTED tunnel binding destination 123.29.30.2 tunnel0/0/2 # BFO for LSP configuration # ta mols-passive ® mpls pls te bid enable # Page 71 ConfidentHuawet Viatnam VNET| Ethornet Network LO interface Tunnelo/o/1 mpls te bid enable impls te bfd min-beinterval 30 min-reinterval 30 detect-multiplier § * Interace Tunne0/0/2 pls te bfd enable pls te bf min-te-intervat 30 min-neinterval 30 detect-multiptier 5 # {8) VPLS configuration # _mpls idp remote-peer HOGOOTHD remote-ip 123.29.30.1 # imps ep remote-peer HOGOOTBD remote-ip 123.29.30.2 # vsIVoD_HOGOSTHC static wsignal dp vsiid 0300270000, peer 123,29.30.1 tnl-palicy to HOGOOTHD upe peer 123.28.30.2 ink-policy to HOGOOTBO upe * interface gigabitethernet 4/0/3.1800 description ** Connect to DSLAM ** Vian-type dotig 1500 12 binding vsi Vod_HOGOSTHE # 2. PE-AGG (HDGOOTHD) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted, Refer to chapter 5 and 6, (2) Tunnel configuration Define Explicit Path # explicit-path to HDGOSTHC_main ‘next hop 10.94 0.125 next hop 10.34.0.130 next hop 123.29.30.27 # Configure TE Tunnel Page 72 ConfidentialMe Huawer Vietnam NPT Metro Ethernet Network LLD # interface Tunnel0i0/27 description “* Connect to HDGOSTHC " ip eddress unnumbered interface LoopBack tunnel-protocol mpls te destination 123.28.30.27 imps te tunnebie 27 imps te record-route label imps te backup hot-stanaby wtr 60 ‘mpis te path explicit-path to HDGOBTHC_main imps te backup ordinary besteffort impis te reserved-for-binding p's te commit # Configure Tunnel Policy * ‘unnel-policy to HOGOSTHC tunnel binding destination 123.29.30.27 tunnel0/0/27 4 BFD for LSP configuration * bra mpls-passive # mols imps te bfd enable # interface Tunnelo/0/27 mols te bd enable impls te bfd min-bcinterval 30 min-nx-interval 30 detect-muttiplir a (8) VLL configuration # ‘pls kip remote-peer HOGOSTHC remoterip 123.29.30.27 * interface gigaethernet 2/1/9.1500 escription ** Connect to SR Vian-type dotig 1500 imps I2ve 123.29.30.27 0300270000 tunne!-policy to HDGO6THC, Page 72 ContidentiatVietnam VNPT Mette Ethernet Nebwor LUO 3. PE-AGG(HDGOOTED) configuration (1) Basie configuration (IP, IGP, MPLS) ‘Configuration omitted. Refer to chapter § and 6, (2) Tunnel configuration Define Explicit Patn # explici-path to HDGOSTHC_main ext hop 10.34.0.137 next hop 10.34.0.133 ext hop 123.28.30.27 # Configure TE Tunnel # interface TunnelQi0/27 description ** Connect to HDGOSTHE ip adress unnumbered interface LoopBack0 tunnet-protocol mpis te destination 123.29.30.27 impls te tunnel-id 27, impls te record-route label impis te backup hotstandby wtr 60 pls te path explici-path to_HDGOSTHC_main imps te backup ordinery best-effort pls te reserved-for-binding mols te cornmit # Configure Tunnel Policy # tunnel-policy to HOGOSTHE tunnel binding destination 123.29 30.27 tunnel0/O/27 # BED for LSP configuration * bre mpls-passive a mols Page 74 contiHuawer Vietnam VNPT Mateo Ethernet Network LLO Confidential impls te bfé enable * interface Tunnelo/o/27 pls te b{d enable pls te bfd min-tcinterval 30 min-reintervel 30 detect-mutipior 5 # (3) VLL configuration # mpl lip remote-peer HOGOSTHE remote-ip 123.29.30.27 # interface g 2/1/8.1500 description * Connect to SR * vlan-type dottg 1500 ‘pls I2ve 123.28.20.27 0300270000 tunnel-policy to HOGOSTHC # 9.4 BTV Service Multicast over Native 1 network nowadays is stil the most mature and feasible solution, Among all the multicast routing protocol, PIM-SSM has not limitation in network scale, has not special requirement for network topology and the recovery time in case of network failure is deterministic. So considering the network topology and maintenance habits of service operator, Huawei proposes Native IP solution to implement BTV service deployment 9.4.1, Working Mechanism PIM-SSM Is recommended for multicast trafic delivery in VNPT Network. According to the Industry experience, there are no more than 10% of available channel is the most popular. So, It should be more than enough to push top 100 popular channels to MAN, with static IGMP ‘group joln and IGMP fast leave function in UPE. Per the different replication point in UPE, the IGMP fast leave message can be sent by DSLAM. This way, the multicast traffic would be pushed to the UPE, and the BTV channel zapping time between popular channels is very fast Service flow for BTV is described in dtl Figure below. Page 75ge v ~ [era Fn Su rapora otonal O vetinse O errno | Figure 33: Service Flow for BTV For popular program > UPE send Static IGMP join information to Source DR > Pull multicast trafic of popular program to UPE. > STB send IGMP join information to UPE. > UPE duplicate multicast traffic to STB For unpopular program > STB send IGMP join information to UPE. > Dynamic IGMP join on UPE > Pull muttcast trafic to UPE. > UPE duplicate multicast traffic to STB. Page 75we Huawer Vietnam VNPT Mateo Ethemet Network LLD Configentit 9.4.2 7, SA aaverise mliast source route Implem« > vvvy Page? Implementation ang to ensure UPEPEAGG can tris heer source 2 Sia 10M? jon pul ae cranes ‘SUPE rast manne ange 1 BED foc PIN ensure tasteamverge evan UPe tole 2' Sta GMP jin to out popuar enable ail SSM magaing wnen STS Sees swwoot GMP i ree Figure 34: BTV Service Deployment entation items for BTV are as below: SR only advertise multicast source route to Metro ring, it can ensure that multicast service can fast switchover when one SR broken down Deploy PIM SSM in the Metro Network IGP fast convergence enable on Metro Enable PIM SSM mapping in UPE, if STB can not support IGMPV3 ‘Static join for popular chennels in UPE% HUAWel Vietnam NPT Met Ethonst Network LD Contidentia 9.4.3. Interruption Analysis Figure 95: BTV Service Interruption Analysis It is unavoidable that in a single SR scenario, BTV service will fail when the SR fails. Other scenarios are summarized in table 4.5: Table 7: BTV Service Interruption Analysis ~ Two SR Scenario 9.4.4 Configuration Examples Contiguration omitted. Refer to Chapter 8.3 — Multicast Planning Configuration Examples. 9.5. Enterprise L3VPN Service Solution The proposed MAN solution supports dedicated point-to-point or multipoint-to-muttipoint ‘connection. The current technologies for deploying VPN service are MPLS L2 VPN (including \VUL and VPLS) and MPLS L3 VPN. Page 73UAW! Vietnam VNPT Metro Ethernet Network LO Confidential p 9.5.1. Working Mechanism Customer accessed by router for Enterprise L3VPN Service. Figure 36: Enterprise L3VPN Service Working Mechanism Working mechanism of the Enterprise LVPN is as below: > This scenario is used for customer accessed by router and Gateway is set on CE, VRRP is created in SR for enterprise L3VPN, > UPE will establish two diferent VPLS VSIs to PE-AGG, PE-AGG will establish VL to UPE for the retum path. Single Q tag willbe allocated for he enterprise user, Common Dott Sub-interface will be created for users CE access > Service inside province will be achieved by H-VPLS > Customers under same UPE can access each other localy inside vs. > TEs deployed in the access sing. VPLS and VLL over TE are used. TE hot-standby Is used for LSP protection > For the clients that have requirement to access Intemet, SR will erminate the vian ‘and do the needful Page 79Confident Figure 37: Enterprise LVPN Implementation Implementation items for L3VPN are as below: > Different VSI for diferent UPE, VPLS is depioyed in UPE : VLLis deployed in PE-AGG * Disable spit horizon in UPE. Serves inside province wil be achieved by H-VPLS. Customers under same UPE can access each other locally inside vel TE is deployed in the access ring. VPLS over TE and VLL over TE are used. TE hot-standby is used for LSP protection. Page 80id suaWeL Vietnam VNPT Mote Ethernet Network LLO Confidential DB 9.5.3 Access Method ure. wes Figure 38: Enterprise L3VPN Service Access Method For customer access using aggregate router, the access method are > Customer router set IGP peer with aggregate router, and aggregate router set IGP peer with SR, deploy VRF-Lite feature to ensure isolation between different users. > On UPE Dott sub interface is used fo transmit IGP packages, Page 81HUAWEL Vietnam VNPT Matro Ethernet Network LUD 9.5.4. Interruption Analysis ‘TE Hot-stancby protects PW. BFD for LSP detect main LSP. ‘goes down and will divert traffic using backup LSP. Use BF for VRRP to detect failure. Traffic can pass through ‘another PE-AGG. Remark: This subject to the avaiiabily of the feature BFD for VRRP on SR. Else client may need to redial to get connected. Table &: Enterprise L3VPN Service Interruption Analysis ~ Using Router 9.5.5 Configuration Examples Enterprise HP using VLAN 2200 and VLAN 2201 connected to UPE HDGO6THC through router. Meanwhile it uses also VLAN 2300 and 2301 connected to UPE HDGOSPON through router, Both HOGOBTHC and HOGOSPON are lacation in ring 6 of HOG. Page 82ZB (SJ Moan VAT Mero Eine! Noor LD oman WB Phe ida © rence, Tham Ht or mene PW He Figure 40: Enterprise L3VPN Example 1. UPE (HDGOSTHC) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter § and 6. (2) Tunnel configuration Define Explicit Path 4 ‘explici-path to HDGOOTHO_main ext hop 10.34.0.129, next hop 10.34. 0.126 next hop 123.29.90.t # explict-path to HDGOOTOB_main next hop 10.34.0.134 next hop 10.34.0.138 next hop 129.29.90.2, # Configure TE Tunnet # interface Tunnel0/0/1 Page 83ZB 2) ial Vietnam VNPT Metro Ethemet Network LLO Confident = description ** Connect to HDGOOTHO ** ip address unnumbered interface LoopBacko tunnel-protoco! mpls te destination 123.29.30.1 imps te tunnel-id 4 impls te record:-route label impls te backup hot-standby wir 60 rips te path explict-path to HOGOOTHD_main imps te backup ordinary best-effort imps te reserved-for-binding impls te commit # Interface Tunnel0/0/2 description ** Connect to HDGOOTED ** Ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 123.29.30.2 impls te tunnebid 2 mpls te record-route label pls te backup hot-standby wtr 60 impls te path explici-path to HDGOOTDB_main pls te backup ordinary best-effort impls te reserved-for-binding imps te commit # Configure Tunnel Poticy # tunnelpolicy to_HOGOOTHD tunnel binding destination 123.29.30.1 tunnelOV0rt # tunnel-policy to_HOGOOTED tunnel binding destination 123.28.30.2 tunnelOior2 # FD for LSP configuration # bid mpls-passive # empl impls te btd enable # Page 8+Me HUAWEL Vietnam VNPT Metro Ethernet Network LLO interface Tunnel0/0/t imps te bfd enable imps te bfd min-tx-interval 30 min-rx-interval 30 detect-multiplior 5 # interface Tunnelo/0/2 imps te bfd enable pls te bfd min-beinterval 30 min-rx.interval 30 detect-multiplier 5 * (3) VPLS configuration # impls Idp remote-peer HDGOOTHD remote-ip 123.29.30.1 # ‘mpls idp remote-peer HDGOOTBO remote-p 123.29.30.2 # vsi EP_HP static ‘pwsignal ip vvsiid 0800270001 peer 123.29.30.1 tnk-policy to HOGOOTHD upe peer 123,29.20.2 tnk-policy to HDGOOTED ue * Interface gigabitetheret 4/0/3.2200 description ** Connect to Enterprise router Man-type dottg 2200 l2 binding vsi €P_HP # 2. UPE (HOGOSPON) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter 5 and 6. (2) Tunnel Configuration Configuration omittes. Refer to the configuration of HOGOSTHC. (3) VPLS configuration # ‘mpls idp remote-peer HOGOOTHD romote-ip 123.29.30.1 # impls ldp cemate-peer HDGOOTSO remoterip 123.29.30.2 Page 85 Configentia tNZ # vsl EP_HP static pusignal Idp vi id 0600280001 peer 123,28.30.1 tnl-policy to HDGOOTHD upe peer 123.28,30.2 tn-palicy to HOGOOTAD upe # interface gigabitethernet 4/0/3.2300 desecption ** Connect to Enterprise router * Vian-type dottg 2300 [2 binding vsi EP_HP * 3, PE-AGG (HDGOOTHD) configuration (1) Basie configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter 5 and 6 (2) Tunnel configuration Define Explicit Path 4 ‘explicit-path to HOGOSTHC_main /( HOGOOTHD —HOGOSTMN-- HOGOSTHC) next hop 10.94.0.125 next hop 10.34.0130 next hop 123.29.30.27 # ‘explici-path to HDGOSPON_main next hop 10.34.0.2 next hop 10.94.0.137 next hop 123.29.30.28 # Configure TE Tunnel # interface Tunne!010/27 description ** Connect to HDGOSTHE ** ip adress unnumbered interface LoopBecko tunnel-protocol mpis te destination 123.29.30.27 imps te tunnel-id 27 impls te record-route label rps te backup hotstandby wir 60 mols te path explict-path to HDGOSTHC_main mpls te backup orsinary best-effort Page 86NW Huawer Vietnam VNET. imps te reserved-for-binding imps te commit # interface Tunne!0/0/28 description ** Connect to HOGOSTHC * Ip address unnumbered interface LoopBack0 tunnel-protocol mp's te destination 123,29.30.28 imps te tunnel-i 28 impls te record-oute tabel pls te backup hot-standby wtr 60, ‘pis te path explicitpath to_ HDGOSPON_main impls te backup ordinary best-effort impls te reserved-for-binding impls te cornmit # Configure Tunnel Policy # tunnet-policy to_HOGOBTHC tunnet binding destination 123.29.30.27 tunnel0/0/27 # tunnel-policy to HOGOBPON tunnel binding destination 123.29.30.28 tunnel0/0/28 * BED for LSP configuration a bid mpls-passive * mpls imps te bid enable # Interface Tunnel0/0/27 mols te bf6 enable impls te bfd min-te-interval 30 min-rxcinterval 30 detect-multiplier 5 # interface Tunneio/0/28 impls te bid enable impis te ble min-tcinterval 30 min-ocinterval 30 detect-multiplier 5 # Page 87 ConfidentialNZ Huawel Vietnam VNPT Mato Ethernet Network LUD (3) ViLconfiguration impls idp remote-peer HOGOSTHC remote-ip 123.29.30.27 # impls Idp remote-peer HOGOSPON remote-ip 123.29,30.28 ® Interface gigaethernet 2/1/8.2200 description ™ Connect to SR** vian-type dottq 2200 impls [2ve 123.29,30.27 0600270001 tunnel-policy to_HDGOSTHC interface gigaethemet 2/1/9.2300 description ** Connect to SR vian-type dottq 2300 impls I2ve 123.29.30.28 0600280001 tunnel-policy to_HOGOEPON 4. PE-AGG(HDGOOTBD) configuration (1) Basic configuration (IP. IGP, MPLS) Configuration omitted, Refer to chapter § and 6 (2) Tunnel configuration Define Explicit Path # ‘explicit path fo_ HOGOSTHC_main next hop 10.34.0.137 rrext hop 10.34.0.133, ext hop 123.28.20.27 # explicit path to_ HOGOSPON_main next hop 10.34.0.137 ‘ext hop 123.29.30.28 # Configure TE Tunnel * interface Tunne!0/0/27 > For Intra-Metro connection of the Enterprise E-LINE, UPE will directly establish VL ‘each other. Its shown on the left ofthe Figure above. For Inter-Metro connection of the Enterprise E-LINE, UPE will establish VL to PE-AGG, and the trafic between different Metro will foward across the IP Core, Itis, shown on the right of Figure above Single Q tag will be allocated for the Enterprise user. And on the UPE or PE-AGG. there is no MAC learning. ‘TE is deployed in the access ring. VLL over TE is used. TE hot-stendby is used for LSP protectin. For the clients that have requirement to access Internet, SR will terminate the vlan and do the needful 9.6.1.2 Enterprise E-LAN (MPLS L2VPN VPLS) Enterprise E-LAN Service is always used for the scenario which has rubipoint-to-mutipoint (MP2MP} connections. This method is recommended for customer that has to connect to more than two access points. In this scenario, H-VPLS technology is used. Page 91Nea juawel Vietnam VNPT Metro Ethernet Network LLO Figure 42: Enterprise L2VPN Service ~ E-LAN ‘Working mechanism of the Enterprise E-LAN is as below: > For both intra-Metro and Inter-Metro connection of the Enterprise E-LAN, UPE will establish VPLS to two PE-AGGs, Different Enterprise user is defined in different VSI, one enterprise one vien. PE-AGG will disable VPLS split horizon, PE-AGGs wil not set up VPLS peer between each ather to avoid loop with IP Core, For te link protection, on PE-AGG. MAC-withdraw is enabled, Single Q tag will be allocated for the Enterprise user in UPE, MAC learning in the VSI is enabled on PE-AGG. And the MAC limit is enabled, Customers under same UPE can access each other locally inside vsi TE Is deployed in the access ring. VPLS over TE is used. TE hot-standby is used for LSP protection 9.6.1.3 Enterprise E-TREE (MPLS L2VPN VPLS) Enterprise E-TREE Service is used for point-to-mulipoint (P2MP) connections. This scenario is H@-Granch mode. Branches for one enterprise will only need access to HQ. No interconnection between branches. Therefore, access control's achieved. E-TREE model is Not suitable for targe network deployment. We recommend that access control to be done on customer's CE box, Page 92Wesearete Ipiemere te provins Eres Figure 43: Enterprise 121 ‘Serica — E-Tree Working mechanism of the Enterprise E-TREE is as below: > For connection of the Enterprise E-TREE, Branch PE will establish VLL session to HQ PE, HQ will establish VPLS to branch. itis shown in the Figure above. > Single Q tag will be allocated for the Enterprise user. And UPE or PE-AGG should ‘enable MAC learning in the VSI. And the MAC limit is enabled. > For the clients that have requirement to access Intemet, SR will terminate the vian ‘and do the needful Page 93s we el Vietnam VNPT Metro Ethernet Network LUD Configeria 2 9.6.2 Implementation 9.6.2.1 Enterprise E-LINE (MPLS L2VPN VLL) 3 3 3 Figure 44: Enterprise E-LINE Implementation Implementation items for E-LINE are as below > Different VC-ID for different elent > For intra-province, VL is deployed in UPE. For inter-province, VL is deployed in UPE and PE-AGG > TE'is deployed in the access ring. VLL over TE is used Page oenuawet Vietnam VNET Metro Ethemet Network LLD Consigontia 2 Enterprise E-LAN (MPLS L2VPN VPLS) Figure 45: Enterprise E-LAN Implementation Implementation items for E-LAN are as below: > VPLS is deployed on UPE > _HAVPLS is deployed on PE-AGG > TE ls deployed in the access ring. VPLS over TE is used. TE hot-standby is used for LSP protection. > Different VSt for citferent Enterprise cient. > VPLS split horizon is disabled on PE-AGG, PE-AGG does not set up VPLS peer between each other. > Customers under same UPE can access each other locally inside vsi > MAC-withdraw enabled on Enterprise VSI in PE-AGG. Page 95A Vietnam YNET Metro Ethernet Network LLO Confident v 9.6.2.3 Enterprise E-TREE (MPLS L2VPN VPLS) Figure 46: Enterprise &-TREE Implementation Implementation items for E-TREE are as below: > > > Page 96 YPLS is deployed in NE4OE at HO side, VLL is deployed in NE4OE at branch side Ditferent vian for different Enterprise client, ‘TE is deployed in the access ring. VPLS over TE and VLL over TE are used.-TE hhot-standby is used for LSP protection, Headquarter. PE should disable VPLS spilt horizon MAC-withdraw should be enabled on Enterprise VSt in PE-AGG,NZ iuawel Vietnam VNET Metro Ethernet Network LLD Confidentat D 9.6.3 Access Method rate win 10 = Tretiowitn na Figure 47: Enterprise L2VPN Service Access Method For customer access using aggregate switch, he access method are: > Page 97 Customer trafic wth Q-in-@ tag, aggregate switch wil transmit transparently. Customer traffic with single VLAN tag, agoregate switch will tag an different outer VLAN ag to cifferent customer (On UPE Dot1Q sub interface is used. VLAN tag is same as customer outer tagg Aw Viatnam VNPT Matro Ethernet Network LD Confident 9.6.4 Interruption Analysis Figure 48: Enterprise L2VPN Service Interruption Analysis TE Hot-standby protects PW. BFD for LSP detect main LSP. ‘goes down and will divert traffic using backup LSP. MAC-withdraw. will advertise 10 VPLS peer, and MAG. learning through another way. Its unavoidable that in a single SR scenario, the enterprise, LAVEN service wil fail when the SR falls Enterprise L2VPN under that UPE interrupted unti fault recover. Table 9: Enterprise L3VPN Service Interruption Analysis 9.6.5 Configuration Examples 9.6.6.1 Enterprise E-LINE (MPLS L2VPN VLL) Referring example below for HDG, on the ring 6 there are 2 scenarios where E-LINE can be deployed. Enterprise A, using VLAN 801, establishes E-LINE within the province which is from HOGOSTHC to HOGOSPON, Meanwhile VLAN 802 is for Enterprise B, using VLAN 802, Page seHUAWEI \Vietnam VNBT Noto Ethemet Network LO Confidential Dp establishes inter-province E-LINE. é Enrptens oo ool conan nae is 7 BE tame Stuwicr” @ Peace neme § ov a ecw Figure 49: Enterprise L2VPN - E-Line Example 1. UPE (HDGOSTHC) configuration (1) Basie configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter 5 and 6. (2) Tunnel Configuration Define Explicit Path # explicit path to HOGOOTHD_main next hop 10.34.0.129 next hop 10.34. 0.126 next hop 123.28.30.1 # ‘explicit path to_ HDGOOTBD_main next hop 10.34.0.134 ext hop 10.34.0.138 next hop 123.29.90.2 # ‘explicit path to HOGOSPON_maia next hop 10.34.0.134 next hop 123.29.30.28 Page 29NW Huawel Vietnam VNPT Motto Ethernet Network LLO Confident # Configure TE Tunnel # Interface Tunnelos0rt description ** Connect to HDGOOTHD “* Ip address unnumbered interface LoopBackO tunnet-protecol ms te destination 123.29.30.1 pls te tunnebid 1 mpis te record-route label pis te backup hot-standby wtr 60 impis te path explici-path to_HDGOOTHD_main pls te backup ordinary best-effort pls te reserved -for-binding ‘mpl te commit, # interface Tunnel0/0/2 description ** Connect to HDGOOTBD “* Ip address unnumbered interface LoopBack0. tunnet-protacel mpls te destination 123.29.30.2 impis te tunnebid 2 ‘mpl te record-route label imps te backup hotstandby wir 60 imps te path expiicpath to HDGOOTHE_main pls te backup ordinary best-effort ripls te reserved-for-binding impls te commit * Interface Tunnel0/0/28 ‘description ** Connect to HDGOBPDN “* ip address unnumbered interface LoopBack0 tunnel-protocel mpls te destination 123,29.30.28 imps te tunneid 28 impls te recorc-route label impis te backup hot-standby wir 60 imps te path explic-path to_HDGOBPDN_main impis te backup ordinary best-effort imps te reserved-for-binding imps te commit 4 Page 100w Huawet \Vieinam VNPT Meto Ethernet Network LLO Configure Tunnel Poticy # tunnelpolicy to_ HOGOOTHO tunnel binding destination 123.29.30.1 tunneloi0/t * tunnel-policy to HOGOOTED tunnel binding destination 123.29.30.2 tunnelO/0r2 # tunnel-policy to_HOGOBPON tunnel binding destination 123.29.30.28 tunnel0/0/28 # BED for LSP contiguration # fd mpls-passive # mpls imps te bfd enable # Interface Tunnel0/0/1 impls te bfé enable ‘pls te bfd min-beinterval 20 min-ocinterval 30 detect-muliptier 5 # interface Tunnelo/0/2 imps te bfd enable impls te bfd min-bcinterval 30 min-ncinterval 30 detect-muitiplier 5 a interface Tunneio/0/28 pis te bfd enable mols te bd min-bcinterval 30 min-rx-interval 30 detect-muttiplier 5 # (3) VLL configuration # impis kip remote-peer HOGOOTHO remote-ip 123.29.30.1 # imps idp remote-peer HOGOOTBD remote-ip 123.28.30.2 + imps Idp remote-peer HOGOSPDN Page 101 Confidential§ UAW remote-ip 123.29.30.28 # Interece gigabitethemet4/015,804 description “* Connect to Enterprise A** undo shutdown vlan-type dottq 801 pls I2ve 123.29.30.28 000001001 tunnel-polcy to_HOGO6PON # interface Gigabitéthernet4/0/5.802 description ** Connect to Enterprise B undo shutdown vlan-type dottq 802 imps 2vc 123.29,30.1 0510001002 tunnel-policy to _HOGOOTHD impls i2ve 123.29.30.2 0520001002 tunnel-policy to HOGOOTBO backup * 2. UPE (HDGO6PON) configuration (1) Basie configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter 5 and 6 (2) Tunnel configuration Gefine Explicit Path * ‘explicit path to HDGOSTHC_main next hop 10.94.0.133 next hop 123.28.30.27 # Configure TE Tunnel # interface Tunnelo/0/27 description * Connect to HOGOBTHC ip address unnumbered interface LoopBackd tunnelrotoco! mpls te destination 123.28.30.27 pis te tunnel-id 27 imps te record-route tabel ‘mpls te backup hot-standby wtr 60 ‘mpis te path explicitpath to HOGO6THC_main pis te backup ordinary best-effort pls te reserved-for-binding imps te commit, # Page 102 Vietnam VNET Metro Ethernet Network LO Confidontiat# Hua ~ a Viatnam VNPT Mel Ethernet Network LLO Configure Tunnel Policy # tunnel-policy to HDGOSTHC tunnet binging destination 128,29.30.27 tunnel0r0/27 # BFD for LSP configuration # ofd mpis-passive # mpls impls te bfd enable * interface Tunnelo/0/27 imps te bfd enable pls te bd min-bcinterval 30 min-x-interval 30 detect-multiplior 5 # (3) VL configuration * imps Idp remote-peer HDGOSTHC remote-ip 123.29.30.27 # interface gigabitethernet4/1/6.801 description ** Connect to Enterprise A ** Undo shutdown Man-type dotiq 801 imps '2ve 123,29.30.27 0500001001 tunnel-policy to_ HOGOSTHC # 3, PE-AGG (HOGOOTHD) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter § and 6. (2) Tunnel configuration Define Explicit Path # ‘explicitpath to_ HDGOSTHC_main next hop 10.34.0.125 next hop 10.34.0.130 next hop 129.29.30.27 Page 103, ConfidentialHuaw Vietnam vNPT Ethernet Network LLO onfigent Configure TE Tunnel # interface Tunneioi0/27 description ** Connect to HDGOSTHC “* ip address unnumbered interface LoapBackO tunnel-protocol mpls te destination 123.29.30.27 imps to tunnel-id 27 impls te record-route label impis te backup hot-standby wtr 60 impls te path explici-path to HOGOSTHC_main imps te backup ordinary best-effort pls te reserved-for-binding impls te commit # Configure Tunnel Policy * tunnelpoticy to HDGOSTHC tunne! binding destination 123.29,20.27 tunnel0/O/27 # FD for LSP configuration # ve mpls-passive ae mpls imps te bid enable * interface Tunnel0/0/27 pls te bid enable _mpis te bfd min-tcinterval 30 min-re-interval 30 detect-muliplier 5 # (9) VLL configuration # imps tdp remote-peer HOGOBTHE remote-ip 123.29.30.27 * interface Eth-Trunk3.802 Page 104M% wuawel Vietnam VNPT Metro Ethornet Network LLD description ** Connect to BRAS“ Vlan-type dottq 802 pls I2ve 123.29.30.27 0510001002 tunnel-policy to HOGOSTHC. a 4. PE-AGG(HDGOOTBD) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter § and 6. (2) Tunnel configuration Define Explicit Path # ‘explici-path to_HDGOSTHC_main next hop 10.34.0.137 next hop 10.34.0.133 next hop 123.29.0.27 * Configure TE Tunnel * interface Tunnei0/0/27 description “* Connect to HOGOBTHC ip address unnumbered interface LoopBackO tunnet-protocol mpis te destination 123.29.30.27 mpl te tunne!-ié 27, imps te record-route label imps te backup hot-standby wr 60 _mpis te path explicitgath to HOGOSTHC_main _mpls te backup ordinary best-effort mpls te eeserved-for-binding mols te commit * Configure Tunnel Poticy a tunnel-oliey to HOGOSTHE tunnel binding destination 12.29,30.27 tunnel0/0127 # BFD for LSP configuration # bie mpls-passive Page 105 ConfidentNZ wuawe Vietnam VNPT Moti Ethernet Network ULD Consisenta # mpls rps te bid enable # Interface Tunnel0/0/27 impls te bid enable mpl te bid minctx-interval 30 min-nc-interval 30 detect-muliplier 5 # (3) Vit configuration # mols Idp remate-peer HOGOBTHC romoteip 123.29.30.27 # interface Eth-Teunk6.802 description ** Connect to BRAS ** Vianstype dottq 802 impls l2ve 123.28.30.27 0510001002 tunnel-policy to HOGOSTHC # 9.6.5.2 Enterprise E-LAN (MPLS L2VPN VPLS) E-LAN for Enterprise A, using VLAN 805, can be establish using configuration describe below. Page 106Huawel Vietnam VNPT Meto Ethemet Ntwork LD Confidential a eromorsno 2 pAGonnn oe eee mK reg § ev a8 BD ewsisw Figure 50: Enterprise L2VPN - E-LAN Example 4. UPE (HDGOSTHC) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter § and 6. (2) Tunnel configuration Define Explicit Path * explicit-peth to HOGOOTHD_main ext hop 10.34.0.129 next hop 10.34. 0.126 next hop 123.29.90.1 # exoliit-path to HDGOOTED_main next hop 10.34.0.134 next hop 10.34.0.138, next hop 123.29.30.2 # Configure TE Tunnel interface Tunnel0/0/t Page 107WZ Huawel Vieinam VNPT Metro Ethernet Network LD Confident description ** Connect to HDGOOTHD ** ip address unnumbered interface LoopBackO tunnel-protoco! mpls te destination 123.29.30.1 pls te tunnebid 4 impls te record-route label rps te backup hotstandby wtr 60 pls te path explic- path to_HOGOOTHD_main impls te backup ordinary best-effort imps te reserved-for-binding mpls te commit # interface Tunne0/0/2 escripion * Connect to HDGOOTED ** ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 123.29.30.2 imps te tunnel-id 2 imple te record-route label imps te backup hot-standby wtr 60 ‘pls te path expiici-path to_HDGOOTBD_main imps te backup ordinary best-efort pls te reserved-for-binding imps te commit a Configure Tunnel Policy # tunnel-policy to HDGOOTHD ‘tinne} binding destination 123.29,30.1 tunnelo/o/t a tunnel-poticy to HOGOOTBD ‘tunnel binding destination 123.29,30.2 tunnel0/or2 a BFD for LSP configuration # oa mpls-passive # pls pis te bfé enable * interface Tunnel0/0!1 Page 108,we wuawer \Vieinam VNPT Metro Ethernet Network LLO impls te bfd enable pls te bd min-bc.interval 30 min-re-interval 30 detect-multplier 5 # interface Tunnel0/0/2 imps te bfé enable impls te bfd min-beinterval 30 min-ncinterval 30 detect-muttiplier S # (3) VPLS configuration # mpls dp remote-peer HOGOOTHO remote-ip 123.29.30.1 # imps idp romote-peer HOGOOTED remote-ip 123.28.30.2 # vsi EP_EnterpriseA static pwsignal lip vl id 0510001005 eer 123.29.30.1 tn-poliey to HOGOOTHD peer 123.29.20.2 tni-policy to HOGOOTED mac-withdraw enable # interface gigabitethemet4/0/6.805, description ** Connect to Enterprise router Vian-type dottg 805 2 binding vsi EP_Enterprisea 2. UPE (HDGOBPDN) configuration (1) Basie configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter 5 and 6 (2) Tunnel configuration Configuration omitted, Refer to the configuration of HOGOSTHC. (3) VPLS configuration * pls Idp remote-peer HDGOOTHD remote-p 123.29,30.1 # mpl Idp remate-peer HDGOOTED remote-ip 129.28.302 # Page 109Huawer Vietnam VNPT Metro Etheret Network LD Consigontia vsi EP_Enterprised static, pwsignal ldo vel id 0510001005 peer 123.29,30.1 tnkpolicy to HOGOOTHD peer 123.29,30.2 tnk-policy to HOGOOTED mac-withdraw enable # interface gigabltethemet4/0/8.805 description ** Connect to Enterprise router * vlanstype dottg 805 {2 binding vsi EP_EnterpriseA * 3. PE-AGG (HDGOOTHD) configuration (1) Basie configuration (IP, IGP, MPLS) Itis omitted. Refer to chapter 5 and 6. (2) Tunnel configuration Define Explicit Path ae explicit-path to HDGOSTHC_main ‘next hop 10.34.0.125 ‘next hop 10.34.0.130 next hop 123,29.30.27 : # explicit-path to HOGOSPON_main next hop 10.34.0.2 next hop 10.34.0.137 next hop 123.28.30.28 # Configure TE Tunnel # interface Tunne!0/0/27 description “* Connect to HDGOBTHC ** ip address unnumbered interface LoopBackO tunne-protacol mols te destination 123.29.30.27 mols te tunnel-id 27 _mpls te record-raute label ‘mpls te backup hot-standby wir 60 pis te path explicitpath to HOGOSTHC_main impls te backup ordinary best-effort Page 110M Huawel Vietnam VNPT Metio Ethernet Network LUD impls te reservad-for-binding pls te commit, interface Tunnel0/0/28 description “ Connect to HDGOSPON ** ip address unnumbered interface LoopBack? tunnel-protecal mpls te destination 123.29.30.28 pls te tunnels 28 pls te record-route tabel _mpls te beckup hot-standby wir 60 ‘mpls te path explicit path to HDGOSPDN_main imps te backup ordinary besteffort pls te reserved-for-binding impls te commit * Configure Tunnel Policy a ‘unnet-policy to_HDGOSTHC tunnel binding destination 123.29.30.27 tunnelO/0/27 # tunnel-palicy to_HDGOSPON tunnel binding destination 123.29.30.28 tunneiQ/0/28, # BFO for LSP configuration ® ote mpls-passive # mols impls te bfa enable # Interface Tunnel0i0/27 pls te bfd enable _mpls te bfd min-be-interval 30 min-rx-interval 30 detectsmultiplier S # interface Tunnel0/0/28 mpl te bfd enable imps te bfd min-bcinterval 30 min-reinterval 30 detectmultiplier Page 111 Contisontia!inam VNPT Metro Ethernat (3) VPLS configuration # imps idp remote-peer HOGOSTHC remote-lp 123.29.30.27 # mpis Idp remote-peer HOGOSPON cemote-ip 123,29.30.28 # vsi EP_EnterpriseA static, pwsignal idp vsi id 0510001005 peer 129.29.30,27 tni-policy to HDGODETHC upe peer 129.29.30.26 int-policy to HOGOOSPON upe mac-withdraw enable rmacslimit action discard maximum 2000 # interface gigabitetnernet2/1/9.805, description ** Connect to SR Vianetype dottg 805 [2 binding vsi EP_EnterpriseA, # 4, PE-AGG(HDGOOTED) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter § and 6. (2) Tunnel configuration Define Explicit Path ts explicit path to_HOGOSTHC_main next hop 10.34 0.137 next hop 10.34.0.133 next hop 123,28.30.27 # ‘explici-path to_HDGOSPON_main ext hop 10.34.0.137 next nop 123.28.30.28 # Configure TE Tunnel # interface Tunneioi0/27 description ** Connect to HDGOSTHC ** Page 112UA aw = ‘Vietnam VNPT Metto Ethemet Network LD ip address unnumberad interface LoopBack0 tunnet-protecol mpls te destination 123.28.30.27 rmpls te tunnel-id 27 impls te record-route label pls te backup het-standby wir 60 mpls te path explicit path to HOGOSTHC_main impls te backup ordinary best-effort imps te reserved-for-binding imps te commit # interface Tunnel0/0/28 description ** Connect to HDGOBTHC ** ip address unnumbered interface LoopBackO tunnel-protocol mpis te destination 123,28.30.28 impls te tunnelid 28 ‘mpls te recoré-route label imps te backup hot-standby wtr 60 rmpls te path expiicit-path to HOGO6PON_mein impis te backup ordinary besteffort pis te reserved-for-binding mols te commit, # ‘Configure Tunnel Policy # tunnetpolicy to HDGOSTHC tunnel binding destination 123.29.30.27 tunnel0/0/27 # tunnet-policy to_HDGOSPON tunne! binding destination 123,29.30.28 tunnel0/0/28 # BFD for LSP configuration # fe mpls-passive # mois impls te bfd enable # interface Tunnel0/0/27 Page 113,% Huawel Confidential imps te bfd enable impls te bfd min-be-interval 30 min-nc-interval 30 detect-multiplier 5 # interface Tunne0/0/28 impls te bid enable imps te bto min-tx-interval 30 min-neinterval 30 detect-mutiplier 5 # (3) VPLS configuration # rmpls dp remote-peer HOGOSTHC remote-ip 123.29.30.27 # imps kip remote-peer HOGOGPON remote-ip 123.29.30.28 * vsi EP_Enterprised static jpwsignalIdp vel ig 0520001005 peer 123.28,30.27 tn-palicy to HOGOOSTHC upe peer 123.29.30.28 tnipolicy to HOGOOSPDN upe mac-withdraw enable ‘mac-imit action discard maximum 2000 # interface gigabiethomet2/1/8.805 {description ** Connect to SR“ vian-type dottq 805 Ia binding vsi EP_EnterpriseA, #. 9.6.5.3 Enterprise E-TREE (MPLS L2VPN VPLS) Enterprise Y, allocated with VLAN 808, can be establish E-TREE where all trafic pass through headquerter using configuration below. Poge 114uawel Viena VNPT Mateo Confidential DB wt aa iB a panna = ox g 8 BD kemisw Figure 51: Enterprise L2VPN - E-TREE Example 4. UPE (HOGOSTHC) configuration (1) Basie configuration (1, IGP, MPLS) Configuration omited, Refer to chaptar 5 and 6 (2) Tunnel configuration Define Explicit Path # explcitpath to HOGOOTHD_main next hop 10.34.0.129, next hop 10.34. 0.126 next hop 123.29.30.1 # explicit path to_HOGOOTBD_main ext hop 10.34.0.134 next hop 10.34.0.198 next hop 123.29:20.2 # ‘xplici-path to HOGOSPON_main next hop 10.34.0.134 next hop 123.28.30.28 # Page 15Configure TE Tunnel # interface Tunnelo/o/t description ** Connect to HOGOOTHD ** ip address unnumbered interface LoopBackO tunnel-protocol mots te destination 123,29.30.1 impls te tunnel 4 pls te record-route label imps te backup hot standby wir 60 ‘pls te path explicit-path to_ HDGOOTHD_main impis te backup ordinary best-effort. imps te reserved-for-binding imps te commit # interface Tunne!aiol2 description “* Connect to HOGOOTBD “* ip address unnumbered interface LoopBackO tunnet-protocol mpls te destination 123,29.30.2 pis te tunnetid 2 ‘pis te record-route label pls te backup hot-stanaby wir 60 ‘mpls te path explicit path to HOGOOTBO_main _mpls te backup ordinary best-effort pls te eserved-for-binding impis te commit a Interface Tunnel0/0/28 ‘description ** Connect to HOGO6PON * Ip address unnumbered intertace LoopBackd tunnel-protocol mols te destination 123.29.30.28 imps te tunnel-id 28 imps te record-route labet imps te backup hot-standby wir 60 impls te path explicitgath to_HDGOBPON_main impis te backup ordinary best-effort imps te reserved-for-binding pls te commit, # Configure Tunael Policy Page 118 1am VNPT Mateo Ethernet Network LLO Confisertia!% Huawer Vietnam VNPT Moto Ethernet Network LLD # tunnel-policy to_HOGOOTHD tunnel binding destination 123.29.20.1 tunnel0/o/t # tunnel-policy to_ HOGOOTBD tunnel binding destination 123.29.30.2 tunnei0/0/2 # tunnel-policy to_HDGOBPON tunnel binding destination 123,29.30.28 tunnel0/0/28 * BFO for LSP configuration # fa mpls-passive # mols impls te bid enable * interface Tunnel0/0/1 pis te bfd enable _mpls te bfd min-bxinterval 20 min-reinterval 30 detect-multiptier 5 # interface Tunnei0/0/2 pis te bfd enable _mpls te bfd min-beintervat 30 min-neinterval 30 detect-multiptier 5 * interface Tunnel0/0/28 pls te ofé enable imps te bfd min-tinterval 30 min-cx-interval 30 detect-mutiplior § * (3) VL configuration # imps idp remote-peer HDGOOTHD remote-p 123.29.30.1 # impis ldp remote-peer HOGOOTBD remotep 123.29.30.2 # imps idp remote-peer HDGOSFON remote-p 123.28.30.28 Page 117 Contigential# interface GigabitEthemet4/0/10.808 description ** Connect to Enterprise ¥ * undo shutdown vian-type dottq 808 pls [2ve 123.29.30.1 0600010008 tunnel-policy to HOGOOTHD # interface Gigabit thernet/0/10.809 description ** Connect to Enterprise Y ** Undo shutdown Mlan-type dott 608 imps I2vc 123.29.30.2 080001008 tunne'-poticy to HOGOOTED # Interface Gigabitethernet4/0/10.810 description * Connect to Enterprise Y undo shutdown Man-type dottq 808 pls l2ve 123.29,90.28 060001007 tunnel-policy to_HOGOPDN # 2. UPE (HDGOBPON) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter 5 and 6. (2) Tunnel configuration Define Explicit Path # explici-path to HOGOSTHC_main next hop 10.34.0.133, next hop 123.29.30.27 # Configure TE Tunnel # interface Tunnel0/0/27 description ~* Connect to HDGOBTHC ** lp address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 12329.30.27 pis te tunnel-d 27 mpis te record-route abel impls te backup hot-standby wir 60 pis te path explicipath to HDGOSTHC_main Poge 118,Vietnam VNPT Matto £1 impls te backup ordinary best-effort mpl te reserved-for-binding mpl te cornmit # Contigure Tunnel Policy # tunnel-policy to HOGOSTHC tunnel binding destination 128.29.90.27 tunnel0/0/27 # BFD for LSP configuration # bid mpls-passive # mpls imps te bfd enable # interface Tunneigio/27 _mpls te bfd enable impls te bf mine a terval 30 min-ncinterval 30 detect-multiplier § @) Vit configuration # imps lop remote-peer HDGOSTHC remote-lp 123.29.30.27 # interface Gigabitéthemet4/0/10.808 ‘description ** Connect to Enterprise Y ** undo shutdown vian-type datig 808, impls I2ve 123.29.30.1 0600010008 tunnet-policy to_ HOGOOTHD # interface Gigabitéthernet4/0/10.809 description "* Connect to Enterprise Y ** undo shutdown Vian-type dott 808 pls I2ve 123.29.30.2 080001009 tunnel-policy to HOGOOTED * interface GigabitEthemets/0/10.810 descriotion ** Connect to Enterprise Y ** Page 119 Confdentitwy HuAWel Vietnam VNPT Metro Ethernet Network LO undo shutdown Vlanetype dottq 808 imps I2ve 123.29.30.28 060001007 tunnel-policy to HOGOSTHC * 3. PE-AGG (HDGOOTHD) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter 5 and 6 (2) Tunnel configuration Define Explicit Path # explici-path to HOGOSTHC_main ext hop 10.34.0.125 next hop 10:34.0.130 next hop 123.29.30.27 # Configure TE Tunnel # interface Tunneto/o/27 description ** Connect to HOGOBTHC ip address unnumbered interface LoopBack0 tunnel-protocol mpls te destination 123.28.30.27 imps te tunnel-id 27 imps te record-route label impis te backup hot-standby wir 60 imps te path explici-path to_ HDGOSTHC_main imps te backup ordinary best-effort impls te reserved-for-bin imps te commit # Configure Tunnel Polley # tunne!-policy to_HDGOBTHC tunnet binding destination 123,29.30.27 tunnel0/0/27 # 8FO for LSP configuration 4 bra Page 120 content pgConvigentia mpls-passive # mols pls te bf¢ enable # Interface Tunnel0/0/27 rmpls te bfd enable impls te bf min-tcinterval 30 min-rx-interval 30 detect-muliplier § # (3) VPLS configuration # imps Idp romote-peer HOGOTHC remote-p 123.29.30.27 # vvsi EP_EnterpriseY static pwsignal lip vsi id 0500001008, peer 123.23.20.27 inkpalicy to HDGOOSTHC mac-withdraw enable ‘mac-limit action discard maximum 2000 # Interface gigabitetnemet2/1/9.808 description ** Connect to SR “* Vlan-type dottg 808 I2 binging vsi EP_EnterpriseY # 4, PE-AGG(HDGOOTBD) configuration (1) Basic configuration (IP, IGP, MPLS) Configuration omitted. Refer to chapter § and 6. (2) Tunnel configuration Define Explicit Path # explicit-path to HOGOSTHC_main next hop 10.34.0.197 next hop 10.34.0.133 next hop 123,28.30.27 * Configure TE Tunnel * Page 121% y interface Tunneo10r27 description “* Connect to HDGOBTHC ** ip address unnumbered interface LoopBack0 tunnel-protocal mpls te estination 123.29.30.27 mols te tunnebid 27 mpl te record-route label rmpls te backup hotstandby wir 60 impls te path expiic-path to_HDGOSTHC_main imps te backup ordinary best-effort mpl te reserved-for-binding pls te commit # Configure Tunnel Policy # tunne-policy to HOGOSTHC tunnel binding destination 123.28.30.27 tunnei0/0/27 ae BFD for LSP configuration # be mpls-passive # pls impls te bid enable # Interface Tunne(or0r27 imps te bid enable ips te bid ein # interval 30 min-re-interval 30 detectsmustiplier § (8) VPLS configuration # ‘mpls Idp remote-peer HDGOSTHC remote-ip 123,29.30.27 # si EP_EnterpriseY static pwsignal ldp vst id 060001008 peer 123.29.30.27 tni-polcy ta HDGOOSTHC mac-withdraw enable Page 122vuawel Vietnam VNPT Metro Ethemet Network LO Configentiat D ‘mecclimit action discard maximum 2000 a interface gigabitetnernet2/1/8.808, description ** Connect to SR * Vian-type dott 808 12 binding vst EP_EnterpriseY * 9.7 Mobile Backhaul solution Huawei suggests that service operator uses Gateways CSG & RSG mode to access the mobile service into IP/MPLS Metro network. CSG means Call Ste Gateway. It is used to terminate the mobile service such as TOM/ATMIETH, All the mobile services will be encapsulated into PWES tunnel on CSG. CSS is deployed on BTS sice. RSG means Remote Site Gateway, Itis used to aggregate the mobile traffic and recover the TOMIATMIETH service from the IP network and then deliver this trafic to the RNC/BSC. RSG Is doployed on RNCIBSC side 9.7.4. Working Mechanism ey Figure 52: Mobile Backhaul Working Mechanism Page 123WM Working mechanism of the Mobile service is as below: > 3G R99 controVuser plane is IP based and AALS encapsulation is used to tansport itover ATM. > CSG encapsulate the arriving traffic in PWE3 and send to UPE, > The traffic wil go into VLL pipe when then arrives at the UPE. > Once the lub R99 PWES trafic arives at the RSG, the original ATM cells have to be delivered to the STM-1 interface connected to the RNC. 9.7.2. Clock Synchronization ‘Clock synchronization over Ethernet networks is a clock frequency synchronization technology. It transmits clock signals over the Ethernet networks to implement synchronized Ethemet networks. The clock transmission method en an Ethernet network and clack synchronization {quality is similar to those on an SDH network, Huawei recommend implement the sync.Eth feature to achieve whole network clock synchronize, Figure 83: Sync.Eth Mechanism ‘Working mechanism of sync. Eth in VNPT as below: > Im the central node ,BITS provide precise reference clock to RNC, RSG and PE-AGG, > PE-AGG distribute clock vie the GE interface with Sync Eth feature to achieve clock synchronize within MAN. > _UPE distribute clock to remote CSG with sync.eth, then CSG encapsulate the clock Page 124we Huawer Vietam VNPT Metto Ethernet Network LUD Convidential info into TOMATM link , > Node-B obtain clock for the IMA E1 link. £2 clock transmit over MANE is achieved. 9.7.3. Implementation Implementation methods are: > Deploy PWES between CSG and RSG. > Deploy VLL between UPE and PE-AGG for transparent transport 3G service > Deploy VLL redundancy for high availability. > Deploy Sync.fth in MAN. 9.7.4 Configuration Examples Mes 5 1/010 tgs t/0it ure PEAGG RNC Figure 54: Sync. th Example In this scenario, RNC connects to BITS. PE-AGG and UPE will transport the clock for RNC and Nodes. 4. Enable syn.Eth on PE-AGG and UPE (HOGOOTHD) clock ethernet-synchronizetion enable #anable clock synchranizstion (HOGOSTHC} clock ethernet synchronization enable 2. To configure clack source on PE-AGG and UPE [HOGOOTHO] clock source Ipupor slot t card 0 por 1 define port used for source [HDGOSTHC) clock source Ipuport slot t card 0 port 0 Page 125ZB wr : Vietnam VNET Metro Eth Confidentat 9.8 Wholesale solution 9.8.1 Implementation For wholesale VoD service: > vyvy v ‘Several vians for several VoD server, VPLS is deployed in UPE VLLis deployed in PE-AGG. Disable spilt horizon in UPE TE Is deployed in the access ring. VPLS over TE and VLL over TE are used. TE hot-standby is used for LSP protection, Deploy different Gos based on diferent vian For wholesale BTV service: > vvvy Page 128 Different source for itferent channels SSR only advertise multicast source route to Metro ring, can ensure that multicast service can fast switchover when one SR broken down Depioy PIM SSM in the Metro Network IGP fast convergence enable on Metro Enable PIM SSM mapping in UPE, if STB can not support IGMPv3 Static join for popular channels in UPEsuawel Vietnam VNPT Matro Ethernet Network LLD 9.9 Vian Planning SIT ‘S-VLAN Tir Dén ‘Ting sd 1 | Reserved 1 98 (98 2__| Multicast (PTV) [99 [99 1 3_[intemet 100 [599 [500 4__| VEN 600 [1999 | 1500 5 VoD 2000 {2098 | 99 6 [Wore 2099 | 2099 [1 7__ [Reserved for services 2100__| 3699 | 1600 S__| Connect to the other networks 3700 | 3899 [200 9 | Reserved for equipment management 3900 [3998 | 99 10 _| DSLAM Management 3999 [3999 | T1__[ Reserved for equipment management 4000 [4096 [97 Page 1279 Hoaw Vietnam VNPT Metro Ethernet Network LLO Consigentia 10 High Availability Solution ‘The raliabilty of the MEN depends on multiple factors, such as the reliabilty of equipment, redundancy design, layout. The Huawei proposed MEN solution achieves high availabilty by edopting highly reliable equipment, high-availabilty technologies, redundant network design, and end-to-end service protection ink availabilty and protection mechanism of protocol layout and address 10.1 Equipment Reliability The, equipment reliability should be considered in terms of hardware and software. Huawel strictly folows international quality Management standards and takes full advantage of more than ten years’ experience in telecommunication equipment design and Manufacture to provide carrier-class reliability forthe equipment. For herduware, the folowing measures are taken to achieve high-raliabilty, > Huawei conducts adequate aging experiments on each type of new equipment and The passive backplane is used. = > Allthe boards support hot-swapping and all the key parts adopt redundancy beckup to avoid single point fault. The main processing unit, switching network, clock unit ‘and Management bus adopts 1:1 backup (the NE4OE switching network adopts 3 + 1 backup). The power supply and fan adopt N + 1 backup, In addition, multiple reliability software features are adopted, > The control plane and forwarding plane are independent of each other. The main control board implements route calculation and delivers the forwarding table to each ‘he ine cards. The line cards maintain the status of the link layer protocel. Therefore, the interface board can forward service normally without reset after the activelstandby switchover. (Note: In case that the dynamic routing protacel is funning, the neighbor router recelculates routes when finding the loss of its ‘neighbors, which resulting in temporary service interruption), > The online patch function which can repair main Zontrol board and interface board program bugs without interrupting services is also used so users can dynamically load, activate, deactivate or unicad one or many patch programs, Page 128Vietnam VNPT Metzo Ethemet Nadwork LLO Confident ity, For 2 carrier-class MAN, network availabilty is an important factor that has direct impact on ‘customer satisfaction and carrier profitability. While equipment reliabilty focuses on the reliability design of single equipment, network availabilty emphasizes the technologies and network design which guarantee non-stop service provision. 10.2 Network Availal ‘The network availabilty concerns not only the MAN area, but the whole IP network. Therefore every layer of the network is taken into consideration. For each service failure protection is discussed in service deployment section, please refer to related section. The following describes the overview of high avallablty for VNPT Metro. As folowing reravensey | Te netatanery Ere tra invaces Eee amie soa m8 Figure 55: Overview of High Availabilty Solution 10.2.1 IGP Fast Convergence IGP fast convergence is an integrated technology that implements fast route calculation on a single router basad on ISPF and PRC. In combination with fast advertisement of link state information and exponential back off timer, fast route convergence of the whole network can be realized. The convergence time can be below 1 second, which varies a litle with network scale. Without IGP fast convergence, normal IGP convergence time can be as long as more than 10 seconds. 1S-IS Fast-Convergence is implemented by means of configurion the parameters which are listed as below LSP fast flood: When the IS-IS routers receive the LSPs, flood the LSPs quickly Page 129Be ~ i : Vietnam VNPT Metro Ethernet Notwork LO Contdentat Configuration command: flash-food level-1. The default value Is toms LSP generation wise timer: Whan the status of links or routes changes, router generates the LSP and floods them out quickly. Configuration command: > timer Isp-generation 1 $0 120 level-t > timer spt 1 100 100 10.2.2 BFD (Bi-Direction Fault Detection) BFD allows failure detection on any types of channels between systems, including direct physical link, virtual circul, tunneling, MPLS LSP, mul-hop route channel, and indirect channel. Meanwhile, as the failure detection the BFD implements is simple and single, the BFD can be devoled to fast detection of forwarding fallures to help networks realize the transmission of voice, video, and other on-demand services with good QoS, and to help service providers offer VoIP of high reliability and high applicability and other real-time services required by their customers. ‘The BFD protocol is a simple "Helo" protocol. Many ofits aspects are similar to the neighbor etect part of those famous routing protocols, Two systems periodically send and receive detection packets through a channel established between them. if ne system does receive a detect-muttiplier: 5 > min-bcinterval: 30ms > min-ocinterval: 30ms BFO for ISI defined as below: > detect-muitiplier: § > min-teinterval: 20m > min-pcinterval: 20ms configured on all NEOE for detecting the ISIS failure, Parameters will be Page 130% Huawel 10.2.3 TE Hot-standby MPLS TE provides a good solution for service reliabilly, TE hot-standby is an end-to-end high available technology. Primary and backup LSP are set up for one TE tunnel. When the primary LSP fails, traffic is switched to the backup LSP. When the primary LSP recovers from the fault, traffic is switched back to the primary LSP. There are two scenarios for deploying TE Hot standby > Between PE-AGG and UPE: To protect the traffic towards SR and BRAS in MANE, > Between UPE and UPE: To protect the E-LINE service The work model of TE-Hot-stanaby is below: em TE Tunnel > Tehotatanedy Active Ls > Tehotstincdy Backup U3 Figure $6: MPLS TE 10.2.3.4 Strict explicit path In VNET MANE, master CR-LSP will be built manually, using Strict Explicit Path method. To design the master explicit path for the TE tunnel, we follow the principies below. When there is multiple principles match, the higher prirty principle will be followed. TE explicit path design principles ere listed according to priority, from higher priority to fower priority. > 1" Priority: Bo not pass through anather access ring when building to TE Tunnel to PE-AGG Page 131w Huawer Vietnam VNPT Metro Ethernet Network LO Confientiat i i Figure 57: TE Explicit Path - 1 Prionty > 2™ Priority: Path with smaller cost s selected. Figure 58: TE Explicit Path - 3rd Priority > 3" Priority: Master path for both tunnel do not overlap _ a7a)a Semper 3 Fy Figure 59: TE Explicit Path - ath Priority > 4 Priority: Master path do not pass through two PE-AGGs which are connected to Page 132we yp Figure 60: TE Explicit Path - Sth Priority > SM Priority: Use access ring 3" _ i oNS iB i iy 4 Figure 61: TE Explicit Path - 6th Priority 10.2.3.2 MPLS TE LSP Backup In VNPT MANE, CR-LSP backup for 2 TE tunnel will be established dynamically This backup tunnel is buit dynamically by the router using principle below: > Exclude the path used by master LSP > The constraint used to built the path is based on the IGP cost, which is ISIS metric efined in section 6.9.6 In addition, this backup LSP is pre-established before the master LSP fail, which is in hot-standby mode. Therefore the protection on the TE tune! will be within 200ms. Page 133,% z 10.2.3.3 Tunnel-id “Tunnebid is defined as the last octet of loopback address of destination. It can be overlap in diferent routers. Example: Greate Bi-Direction tunnels between UPE! and PE-AGGt. Loopback of UPE1: 10.1.1.234 Loopback of PE-AGGI: 10.1.1.55, Tunnebié on UPET: 055 Tunnel-id on PE-AGG1: 234 10.2.3. Tunnel interface number ‘TE tunnel can be created on MPU or LPU. In VNPT MANE network, TE tunnel will be created lon MPU because of the board redundancy of MPU. ‘Tunnel interface number is defined as the last octet of loopback address of destination. Example: Create Bi-Direction tunnels between UPE1 and PE-AGGt. Loopback of UPE1: 10.1.1.234 Loopback of PE-AGGI: 10.1.1.55) ‘Tunnel interface number on UPEt: Tunnel0/0/55 ‘Tunnel interface number on PE-AGG1: Tunnel0/0/234 10, 5 WTR Considering the possiblity of transmission flap, WTR (wait to recover) is recommended to be corifigured for backup LSP. WTR will be set to “80" That means, after master LSP recovery, traffic will be switched back trom backup LSP to master LSP in 60 seconds. 10.2.3.8 Tunnel Policy VPLS and VLL will be over TE Tunnel from end to end in VNPT MANE network, Tunnel Policy |s a mature method to put the VPLS and VL traffic into TE Tunnel Example: Tunnel-policy VPLSoTE ‘Tunnel binding destination 10.1.1.55 te tunnel O/O/S5 Page 198Huawer \Vieinam VNPT Met Ethernet Network LLO Confidential a 10.2.2.7 Bestetfort LSP Considering the possibilty that both master LSP and backup LSP fall its recommended that ‘we deploy best-effort LSP in VNPT MANE network When master and backup LSP paths are down, if there is another reachable path, besteffort LSP wil take effect, 10.2.4GR ‘The Graceful Restart (GR) is used to Further improve system reliability. GR is the extension of ISIS and RSVP protocols. During the rebooting ofthe local router, the neighbor router forwards packets continuously and does not recalculate routes. Aer the local router is restarted, the neighbor router sends all the routing information tothe local router and helps the locel router to restore network topology. GR only maintains forwarding table and does not require the local router to backup routing information. In VNPT MANE network, two protocols nead to be protected by GR. They are: > ISIS - Study routing information and build FIB. > RSVP -.Bulld TE Tunnel ‘SR should play a role a8 GR help for ISIS. 40.3 Configuration Examples 10.3.1 IGP Fast Convergence Configuration [BNHOOSHA] isis + [BNHOOSHA-isis] flash-flood lovel-+ enable fash-flood for level-t {BNHOOSHA-isis| timer Isp-generation 1 50 120 levelst configure delay for same LSP [BNHOOSHA-sis] timer spf 1 100 100 eanfigure delay for SPF Calculation 10.3.2 BFD Configuration 4. Configure BFD for LSP {BNHOOSHA| bts [BNHOOSHA-bfa] mpls-passive [BNHOOSHA] mls, Page 135HuAWel \Viotnam VNPT Metro Ethemet Network LUD Configertia [BNHOOSHA.mpls} mpls te bfd enable Henable mpls fe bfd global [BNHOOSHA-mpls] quit [BNHOOSHAY interface TunnelOfors4 [BNHOOSHA-TunnelO/0/14] mpls te bfd enable enable mpls te bfd on interface [BNHOOSHA-TunnelO/0/14] mpls te bfd min-te-interval 30 min-rx-interval 30 detect-multiplier 5 ‘Hset bf0 parameters for LSP 2. Configure BFD for ISIS [BNHOOSHA) bf¢ [BNHOOSHAJ interface g 1/0/0 [BNHOOSHA-gigabitethernet/0/0] isis bfd enable enable isis bf [BNHOOSHA-gigabitethernet"/0/0] isis bfd min-tcinterval 20 min-r«interval 20 detect-multiplier 5 ‘set bf parameters for ISIS z 10.3.3 TE hot-standby configuration 1. Greate main explicit path {BNHOICSN] explicttpath to_BNHOOSHA. master ereate master explicit path [BNHOICSN -explicitpath-to_ BNHOOSHA_maste] next hop 10.16.0.33 [BNHO1CSN -explicitpath- to BNHOOSHA_master] next hop 10.16.0.30 [BNHO{CSN -explci-path-t9_BNHOOSHA_mester] next hop 123.29.18.1 [BNHO1CSN -explcipath-to_BNHOOSHA_master] quit 2. ~Creating MPLS Tunnel [BNHO1CSNy interface tunnel 0/01 #ereating tunnel interface [BNHO1CSN-Tunnel/0/1] description ** Connect to BNHOOSHA** [BNHOtCSN-TunnelOV0/1] ip address unnumbered interface loopback 0 using loopback as tunnel ip [BNHOTCSN-TunnelOV0/1] tunnel-protocol mpls te using mpls te for encapsulation [BNHOICSN-TunnelO/0/1] destination 123.29.19.1 define destination of tunnel {BNHO1CSN-TunnelO/0/1] mpis te tunnel-id t define tunnel it [BNHO1CSN-Tunnel0/0/1] mpis te backup hot-standby wir 60 define hot-standby as backup mode and WTR as 60 (BNHO1CSN-Tunnei0/0/1] mpis te path explcit-path to_ 8NHOOSHA_master ‘define explicit path used (GNHO1CSN-Tunnei0/0/1] mpls te backup ordinary besteffort enable best effort path (BNHOICSN-TunnelOi6/1) mpls te record-route label ‘record route and abe! when estabtisning tunnes [BNHO1CSN-Tunnel0!0/1] mpls te reserved-for-binding VPN bind with TE Poge 136we wuawel Vietnam VNPT Matro Ethemet Network LUD Confident [BNHO1CSN-TunnelQ/0/1] mpls te cornmit commit tunnel configuration [@NHO1CSN-Tunnel0/0/1] quit 3. Tunnel policy [BNHO1CSN} tunnel policy to_BNHOOSHA tereating tunnel policy [BNHO1CSN-tunnel-policy} tunnel binding destination 123.29.18.1 te tunnel O/O/t ‘binding destination to tune} [BNHO1CSN} tunnel policy to_BNHOOTHO (BNHOTCSN-tunnel-palicy] tunnel binding destination 123.29.19.2 te tunnel 0/0/2 4. VPLS over TE and VLL over TE [BNHO1CSN] vsi EP_VNPT static Hereate VSI instance [BNHO1CSN-vsi-EP_VNPT] vst id 05000001010 define vsiid [BNHO1CSN-vsi-EP_VNPT] peer 123,29.19.1 tnl-policy to_BNHOOSHA define destination peer and bind to tunnel using tunnel policy [BNHO‘CSN-vsi-EP_VNPT] peer 123.29.19.2 tnk-policy to_BNHOOTHO [BNHO1CSN] interface g 4/0/2.700 [BNHO1CSN] mpls I2ve 123.29.19.1 0110090700 tunnel-policy to BNHOOSHA tagged ‘define VLL peer and bind on tunnel. Tagged mode used [BNHO1CSN] mpls !2ve 123,29.19.2 0120090700 tunnel-policy toBNHOOTHO tagged secondary ‘define backup PW 10.3.4 GR Configuration 4. ISIS GR [BNHOICSN] isis + [BNHOICSN -sis-1] gracofulrestart Henable ISIS GR 2. RSVPGR (BNHOtCSNimpls [BNHOtCSN-mpls] mpls rsvp-te hello (BNHO1CSN-mpls] mpls rsvp-e hello ful-gr enable RSVP GR global [BNHO1CSN-mpls} quit [BNHOICSN] Interface g 1/010 [BNHO1CSN-gigabitetnernet1/0/0] mpis rsvp-te helio enable on interface [BNHO1CSN-mpis} quit Page 137w Muawel Vietnam VNET Metro Ethernet Network LUD 11 .. SGPP TS 22.105 V6.2.0 and ITU-T Y.1841 outline the end to end QoS requirements for each traffic classes. Bandwidth, delay, iter, packet loss are the four key indexes to measure the QoS. The Huawei proposed solution can fully comply with these requirements, ‘The end to end delay is contributed by the following factors: Codec delay, jitter buffering, transmission delay, as well as queuingischeduling/switching delay caused by the routers. Typically, the transmission detay is about Sus/Km for ber and the switching delay of route?is, ‘about 10-30us per nade. A well-engineered IP/MPLS bearer network shall introduce a delay of less tan 30ms and a jter of less than ims. Huawei proposes network architecture with no more than 10 transit nodes between every two lend service systems. Thus we can guarantee the end to end latency and iter. In case of traffic congestions caused by failure of trafic prediction, falure of capacity planning, or malicious attacks, the latency and jitter could increase. WRED or tall drop can be used to limit the latency ‘and jiter in such cases. To guarantee the QoS for each trafic class and to maximize profit with given investment, several measures shall be taken, including capacity planning, call admission control, [PIMPLS Diffserv, and SLA measurement. x 14.4 VNPT QoS Architecture Before implementing IP/MPLS QoS technologies, QoS trust boundary shail be clearly defined Generally, the nodes in VNBT internal networks are trustable for service operator, and the nodes in external networks are not trustable. ‘There are three DiffServ models defined in RFC3270, including pipe model, uniform model ‘and short pipe model. Pipe model is suitable for scenarios in which the MPLS LSP spans one (oF more DiffServ Domains with different PHB. Uniform modal is suitable for scenarios in which the MPLS LSP spans one or more DiffServ Domains with same PHB, Short pipe model is Similar to pipe model, but has a different PHB on the LSP egrass node, Huawei proposed equioments are able to support all the three DiffServ models. For VNPT, pipe model based MLS DiffServ are recommended for deployment. E2€ QoS design as below: Page 138% Huawet Vietnam VNPT Meo Ethemet Network LD Confidential vn Nn UN S a vig aot Pie Mode = [UPE: PEAGG ‘SRIGRAS Downevearm |_ UNE Ras 00s NE Scheduling Upstream ~ Normal O05: che duling Scheduling Figure 62: E2E QoS Design oS deploying procedure are as below: > Guarantee E2€ QoS with PIPE mode! > Implement queve schedule at NNI side, > Implement H-QoS at the UNI side. Deploy $0 (Subscriber Queue) to guarantee and limit bandwidth of diferent enterprise clients. 14.2 IPIMPLS DiffServ Model Based QoS Design MPLS DiffServ is proposed to guarantee QoS for each traffic class including control trafic and service traf. ‘Traffic classification and marking can be done on the end service systems, end service systems, firewalls, L2 aggregation nodes, PE routers, end then QoS scheduling can be performed on each egress interface of core routers. Table below iustrates an example of service policies & PHB definitions for each service class. 86 (PQ) 3 3 5 EF (PQ) 4 4 4 (AF (WFO) 4 4 4 ARS (WFO) 3 3 3 ‘ARS (WFQ)Viewram VNET Metro Ethemet Network LUO Contigentiat 12 12 AF I-2 (WFO) 2 ° BE (WFO) Table 10: GoS Design 14.3 Configuration Examples 1. PIPE [BNHOtCSN} VSI VolP_8NHO1CSN static [BNHOICSN-VSI-VoIP_BNHO‘CSN] diffserv-mode pipeAF4 green #Configure Pipe for VPLS [BNHOICSN) interface gigabitethernet 4/0/2.1700 [BNHOICSN-gigabitetneet4/0/2.1700] diffser-mode pipe AF4 green #Configure Pipe for vu. 2. sa [BNHO1CSN] interface gigabitethemet 4/0/2.700 [BNHO1CSN-gigabitethernet4/0/2.700] vian-type dottq 700 [BNHO1CSN-gigabitethernet4/0/2.700} 2 binding vsi EP_VNPT [BNHO*CSN-gigabitethemet4/0/2.700} user-queue cir 10000 pir 20000 inbound #Configure SO [BNHO‘CSN-gigabitethermet4/0/2.700] user-queue cir 10000 pir 20000 outbound 3. Scheduling [BNHO1CSN] interface gigabitethemet 4/0/0, [BNHO‘CSN-gigabitetnermet4/0/0] port-queue aft wig weight 10 outdound [BNHOICSN-gigabitethernet4/0/0} port-queue af2 wig weight 20 outbound [BNHOICSN-gigabitetherrel4/0/0] port-queve af3 wig weight 30 outbound {BNHOICSN-gigabltethemet4/0/0) port-queue até wiq weight 10 outbound [BNHOICSN-gigabitetne:net4/0/0] port-queue EF pq shaping'shaping-percentage 70 (BNHOICSN-gigabitethernet4/0/0] trust upsteam defauit Page 140Ww Pp NTP Planning 12.1 Solution In VNPT MANE itis necessary to implement Network Time Protocol for synchronize time forall, network elements, as below: NTP-tecert NTP-sewved HTP-teeveR . 9 , eS fae ["utipie NTP servers tor 7 redundancy { | SRrnode synchronize ime trom Figure 63: NTP Planning ‘To deploy NTP, the procedures are as below: > SR node will synchronize time with Intemet NTP server, and NTP server redundancy is recommended, > SR nodes synchronize their clocks from IPIMPLS backbone NTP server, > PE-AGG and UPE nodes synchronize clocks from SR as NTP lower stratum server. > NTP session works in uni-cast peer mode. > NTP authentication should be deployed. Page 141wy HUAWEL Vietnam VNPT Metro Ethernet Network LLO Confidential 12.2 Configuration Examples [BNHOOCSN] ntp-service authentication enable enable NTP service [BNHOGCSN} ntp-service authentication-keyid 42 authentication-mode mdS V2NOPOTS set NTP authentication key [BNHOGCSN} nip-servios reliable authentication-keyid 42 specify authentication key to be reliable [BNHOOCSN] ntp-service unicast-server 123.X.XX authentication-keyid 42 Hoonfigure NTP server mode Page 1421 3 Security Planning 13.4 Service-Based Security Solution Contidenta Huawei solution has strong ability to separate and isolate different trafic for diferent services. Details are as below: > For VLL service, NE4OE sets up a mapping table between the interface and L2VPN tunnel, Traffic will be put into the related tunnel and transported when the traffic comes from the specified intertace, > For VPLS service, Gina and PW willbe used to access the VPLS network. NE4OE can set up two types of mapping table. NE4OE can easily separate the traffic according these two tables, > There is no effect among diferent Watfic channels due to separating different services through diferent PW. 13.2 Equipment-Based Security Solution ‘As operable carrier-class metro routers, our NE4OE have plenty of features for security, separate into management plane / date plane / control plane, as shown in figure below: A layer scunty twenoeon Logiastan RCL torn: eauaTacacs 8. Renamuem on Page 143, Figure 64: Secunty Feature Deployment agar Ast anv ‘ame potoets 09 CAR» preven D005ie Vietnam VNET Metro Ethemet Network LLO When fit inte this MANE project, we recommend deploy network security from five aspects below. 13.2.4 Secure SSH login configuration NE4QE supporis local or remote authentication of login uses and also provides different configuration rights for diferent levels of users. NEAOE supports users to use SSH to log on to routers to make configuration, to prevent remotely configured packets from being monitored by the thee party 13.2.2 Protocol authentic: NE4OE supports the plain text and MDSHMAC-MDS encrypted text authentication of RIP, (OSPF, IS-IS and BGP v4 packets, and also supports the encryption and authentication of the network Management protocol SNMPV3. 13.2.3 Data log The fle system of NE40E core routers is @ DOS-Ike system, which has a storage medium composed of max to 1G CF card and can record system and user logs. The system log refers to related information recorded in“system operation. which is used for fault analysis and location. NE4OE supports thread-based system log, and log fles can be transferred to the Nefwork Management Center remotely by means of XModem, FTP and TFTP. 13.2.4CP CAR Huawei routers adopt CP-CAR to rate-imit and priorize the packets sent to CPU. CP-CAR cen prevent CPU from 00S attacking and guarantee high priority of eritical control plane traffic upon attacking occurs. The packets that are sent to the CPU are classified by LPU ‘Switching-Engine based on the faiowing modes: > Whitelist: is used to protect valid and critical control plane traffic, whitelist includes dynamic established trafic group end user-defined traffic group. > Blacklist: traffic defined in blacklist is dropped or forwarded with low-priort can be defined by user based on specific traffic characteristics, User-Defined Default Group: is used to define’ default traffic group that don't match ‘any pre-defined traffic group, blacklist Page 144HUAWel Vietnam VNET Moto Ethemet Network LLD Contigential Bp ‘These different types of packets can be applied with different CAR and priority policy In HUAWEI routers, the CP-CAR is active by default. 13.2.5 ACL(Access Control List) AA series of matching rules need to be configured for the network devices to fiter the data packets, After the rules are matched, whether the data packets are allowed or forbidden to pass is based on the preset policies, which are implemented by the Access Control List (ACL. [At present, ACL can be divided into two parts: |Pvé ACL and Iv ACL. The IPv4 ACL is SNMPv3 Is recommended, end the DMS server access the equipment using encrypted packages. > ACL Is recommended to only allow the dedicated IP Address For the SNMP community, as below: > Read: VNPT2009 > Write: VNPT_MANE PegeW v 14.2 EMS Deployment achpronce hung neeotsrt ES Huan abe eeatoreSLaMENS Figure 66: EMS Deployment 14.2.1 EMS Inside Province There is en EMS server in each province, Inside each province, the vian-id for DSLAM management is vian3999. The gateway of vian3999 is on the LSW in the diagram above. Between UPE and PE-AGG, VPLS is deployed for layer-2 tunnel, ‘The flow of EMS service inside province: > Management traffic sent by OSLAM based on default route. > Traffic arrive UPE, UPE send it to VPLS Tunnel > PE-AGG terminates the VSI, and sends the traffic to LSW. v As the gateway of vian3999, LSW terminate the vlan and forward the traffic to EMS. server 14.3 EMS across to IP Core For centralized management in the whole network, there is an EMS server located in IP Core, All DSLAM should be monitored by this server. COmthe interfaces of LSW connecting to PE-AGG1, two VLANs should be trunk: vian3999 and vian100 (for logical interconnection with SR). For PE-AGG2, two VLANs at the mean time: vian399 and vian200. Page 148% HUawel Vietnam VNPT Met ‘To create local Layer-2 tunnel on PE-AGG, CCC is recommended to be deployed between two interfaces of PE-AGG: one interface connecting to LSW, and another one connecting SR. ‘The flow of EMS service to IP Core: > Management traffic sent by DSLAM based on default route, Traffic arrive UPE, UPE send it to VPLS Tunnel PE-AGG terminates the VSI, and sends the trafic to LSW. ‘As the gateway of vian3999, LSW terminate the vlan LSW run OSPF with SR in vlan 100 and vlan 200 with the help of CCC. vyvy 14,4 Configuration Examples 14.4.1 DMS SNMP Configuration [BNHO1CSN] snmp-agent ftenable SNMP agent IBNHO1CSN] snmp-egent community read VNPT2009 set read community access [BNHO1CSN} snmp-agent community write VNPT_MANE set read community access [BNHO1CSN] snmp-agent sys-info version v3 ‘sat SNMP system information [BNHO1CSN] samp-agent target-host trap address udp-domin 10.178.3.254 params securityname VNPT2009 ‘set destination that receive SNMP notification [BNHO1CSN] samp-agent trap enable all enable device to send all trap packets (BNHOICSN} snmp-agent trap source LoopBackO ——sspecily source adress for rap sent 14.4.2 EMS Configuration 1. UPE configuration (1) VPLS configuration [BNHO1CSN] mpls Idp remote-peer BNHOOSHA IBNHO1CSN-mpls-ldp-remote-BNHOOSHA] remoterip 123.29.19.1 [BNHO1CSN-mpls-Idp-remote- BNHOOSHA] quit [BNHO1CSNI mpls Idp remote-peer BNHOOTHO [BNHO1CSN-mpls-Idp-remote-BNHOOTHO] remote-ip 123.29.19.2 [BNHO1CSN-mpls-idp-remote-BNHOOTHO} quit [BNHOTCSN} vsi ems static. {BNHO1CSN-vsi-ams] ewsignal dp [BNHOICSN-vsi-ems-iop] valid 3998 [BNHO1CSN-vsi-ems-idp] peer 123.29.19.1 Page 149A Huawer Vietnam VNPT Metro Ethernet Network LLO [BNHOICSN-vsi-ems-ldp] peer 123.29.19.2 [BNHO1CSN-vsi-emsdp} quit [BNHOICSN-vsi-oms] tn-policy VPLSOTE [BNHOICSN] interface gigabitethernets/0/2.3999 [BNHO1CSN-Gigabitethemet4/0/2.3999] description ** For DSLAM management [BNHOICSN-Gigabitethemat4/0/2.3968] vian-type dotg 3999 [BNHO1CSN.Gigabitethemet4/0/2.3989] 12 binding vsi ems [BNHO1CSN-Gigabitethemet4/0/2.3989] quit (2) TE Tunnel configuration [BNHO1CSN] tunnel policy VPLSoTE [BNHO1CSN-tunnel-policy} tunnel binging destination 12.29.19. te tunnel O/0/1 [BNHOTCSN-tunnel-policy] tunnel binging destination 123.29.19.2 te tunnel O/0/2 2. PE-AGG configuration (1) VPLS configuration Configuration omitted. Similar 2s UPE. (@) TE Tunnel configuration Configuration omitted. Similar as UPE, (@) CCC configuration [BNHOOSHAlinterface gigabitethemet 1/0/9.100 [BNHOOSHA-GigabitEthernet{/0/9. 100] description “* Connect fo EMS-LSW [BNHOOSHA-Gigabitethernett/0/9, 100] vlan-type dottg 100 [BNHOOSHAjccc ems interface gigabitethernet 1/0/9.100 out-nterface interface g 1/0/7 ereate local COC connection between interface [BNHOOTHO}intertace gigabitetnernet 1/0/9.200 [ENHOOTHO-GigabitEthemets/0/9.200} descrition ™ Connect to EMS-LSW ** [BNHOOTHO-Gigabitethemet1/0/9.200] vian-type dottq 200 [BNHOOTHO) coc ems interface gigabitetheret 1/0/9.200 out-interface interface g 1/07, Page 150Vietnam VNPT Matto Ethernet Confidential 1 5 Integration with SR and BRAS. 1. Bth-trunk In some province, more than one link between PE-AGG and SR/BRAS. Manually Eth-Trunk is recommended to bind these links into only one logical link. SR. and BRAS need do the same. 2. ISIS GR helper ISIS GR willbe deployed in MANE, SR needs to work as GR helper. 3. ISIS Fast Convergence Two timers should be same with SR > timer isp-generation 1 50 120 level-t > timer spf 1 100 100 4, ISIS network type P2P is deployed on PE-AGG side. SR need do the same. 5. ISIS Authentication ‘Same MOS value should be configured on SR and PE-AGG side, 6. NTP ‘SR will work as level 2 time server for MANE. 7. Routes for DMS and IPTV source SSR should leak 1P addresses of OMS ang IPTV source to MANE. At the mean time, SR should ‘avoid to send the default route to MANE. Page 151