Login
02-AD-WAN 6.5 Branch Solution WAN Service Configuration Guide in the MSP Scenario-book.pdf 
(8.51 MB)
- Released At: 16-12-2024
- Page Views:
- Downloads:
- Related Documents
-
|
|
|
AD-WAN 6.5 Branch Solution |
|
WAN Service Configuration Guide |
|
in the MSP Scenario |
|
|
Document version: 5W100-20240118
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Configure the system and tenants
Install the controller in converged deployment mode
Create an MSP tenant and operator
Create a non-MSP tenant and operator
Configure WAN service networks
Configure WAN service network details
Add LAN service network details
Configure WAN service networks
Import WAN service network details
Add LAN service network details
Overview
The controller in the AD-WAN 6.5 branch solution supports automated deployment and WAN service deployment in the Managed Service Provider (MSP) scenario. For information about how to configure WAN services, see AD-WAN 6.5 Branch Solution WAN Service Configuration Guide. MSP-specific service deployment includes:
· MSP tenant service deployment
· Tenant resources planning
· Non-MSP tenant service deployment
Plan the networks
Network diagram
Figure 1 Underlay network diagram
Figure 2 Overlay network diagram
Network configuration
· CPE1.1 and CPE1.2 are both connected to DC1 and DC2, with traffic distribution managed by routing configurations. Production traffic is forwarded through DC1, while office traffic is forwarded through DC2.
· CPE2.1 and CPE2.2 are both connected to DC1 and DC2, with traffic distribution managed by routing configurations. Production traffic is forwarded through DC1, while office traffic is forwarded through DC2.
· CPE3.1 establishes connections to POP3 and POP4 with the connection to POP3 as the primary link and the connection to POP4 as the backup link.
· CPE4.1 establishes connections to POP3 and POP4 with the connection to POP4 as the primary link and the connection to POP3 as the backup link.
· All POPs are connected in a full-mesh topology over the Layer 3 dedicated MPLS network.
· Each CPE accesses POPs in a hub-spoke topology over the Layer 3 dedicated MPLS network and Internet.
· POP1-1 and POP1-2 are dual gateways of the site for connection to DC1. POP2-1 and POP2-2 are dual gateways of the site for connection to DC2.
Configure the system and tenants
Install the controller in converged deployment mode
In the MSP scenario, you must install the controller in converged deployment mode and turn on the switch for the MSP scenario on the converged deployment page. For the procedure, see SeerEngine-SDWAN Controller Component Deployment Guide.
1. Log in to Unified Platform with the default system administrator account (username admin) and then navigate to the Deploy > Deploy Management page. With converged deployment, you need to upload the installation dependencies on this page. If the installation dependencies have already been installed, click Data Synchronization, as shown in Figure 3.
2. Click Install to access the page for uploading installation packages. On this page, you can upload and delete installation packages. After an installation package is uploaded, information about the installation package such as the package name, version, size, and creation time will be displayed on the page. You can upload the application installation packages in bulk.
Figure 4 Uploading installation packages
3. On the Select Applications page, select the SDWAN Scenario application group (The applications that the application group depends on will be selected by default. For the dependency relationship between applications, see Figure 5), and then click Next.
Figure 5 Selecting applications
4. On the Configure Parameters page, turn on the switch for the MSP scenario.
Figure 6 Parameter configuration
Create an MSP tenant and operator
In the MSP scenario, you must deploy the controller in converged mode, turn on the switch for the MSP scenario, and create an MSP tenant to incorporate POPs.
1. Log in to Unified Platform with the default system administrator account (username admin) and then navigate to the System > Tenants > Tenants page.
Figure 7 Tenant management page
2. Click the 
icon to the right
of the tenant named System
to add a new tenant. Select the MSP tenant type and then click OK, as shown in Figure 8.
3. Navigate to the System > Operator Management > Operators page and view the operator list of the current tenant.
4. Click Add, configure the relevant parameters as shown in Figure 10, and then click OK.
Figure 10 Adding an MSP tenant operator
Create a non-MSP tenant and operator
1. Login to Unified Platform using the MSP system administrator (MSP) account, and then navigate to the System > Tenants > Tenants page.
2. Click the 
icon to the right
of the tenant named MSP to add a new tenant. Select the non-MSP tenant type and then click OK, as shown in Figure 12.
Figure 12 Adding a non-MSP tenant
3. Navigate to the System > Operator Management > Operators page and view the operator list of the current tenant.
Figure 13 Operator list
4. Click Add, configure the relevant parameters as shown in Figure 14, and then click OK.
Figure 14 Adding a non-MSP tenant operator
Deploy MSP tenant services
To deploy MSP tenant services, use the MSP tenant operator account to log in to the controller.
Plan device onboarding
The MSP tenant incorporates and manages RRs and POPs. For the specific parameter descriptions and configuration procedures, see AD-WAN 6.5 Branch WAN Service Configuration Guide.
Deployment workflow
Figure 15 Deployment workflow
Configure global settings
Configure basic settings
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > Basic Configuration page, configure the BGP AS number, system IP interface number, and SDWAN server port, and then click OK.
Figure 16 Configuring basic settings
Configure resource pools
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > Configure Resource Pools page. To add a resource pool, click Add, configure the settings as shown in Figure 17, and then click OK.
Figure 17 Configuring resource pools
Configure IPsec
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > Configure IPsec page. Configure IPsec parameters, and then click OK to save the configuration.
Figure 18 Configuring IPsec
Configure O&M settings
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > O&M Settings page. Configure parameters in Global Quality and Traffic Statistics Sampling area and the Controller Quality and Traffic Statistics Sampling area, as shown in Figure 19. Make sure the BFD detection time and number of detections are greater than those for tunnel BFD keepalive packets.
Figure 19 Configure O&M settings
Configure a WebSocket template
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > WebSocket Templates page. WebSocket templates are typically used for generating configuration files for deployment via USB or URL. You do not need to edit this configuration if the deployment is not performed via USB or URL. The address of the global default template is the northbound VIP. For devices to come online through the public network as planned, add a public network address. Then click OK.
Figure 20 Configuring a WebSocket template
Configure an SNMP template
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > SNMP Templates page. The controller does not require using SNMP to manage devices. For the network management component or analyzer to manage devices through SNMP, the controller supports deploying SNMP configuration. Click Add to add an SNMP template. When you add a new SNMP template, select SNMP version v2c, set the read community name to pubic, and set the write community to private, as shown in Figure 21.
Figure 21 Configuring an SNMP template
Configure a tunnel BFD template
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > Tunnel BFD Templates page. Click Add to add a tunnel BFD template, as shown in Figure 22.
Figure 22 Configuring a tunnel BFD template
Configure WAN service networks
Create WAN service networks
Create the WAN service networks of the Layer 3 dedicated MPLS type and Internet type.
Figure 23 Configuring WAN service networks
Service plane planning
Two types of service planes exist in the scenario. One is the POP-POP lane, where all POPs establish overlay links on the plane. The other is the POP-CPE plane, where each CPE selects the plane with the POP it needs to access.
Layer 3 dedicated MPLS network: In this example, POPs need to establish overlay links and CPEs and POPs need to establish overlay links over the Layer 3 dedicated MPLS network.
Figure 24 Service plane list over the Layer 3 dedicated MPLS network
Internet: In this example, POPs do not need to establish overlay links over the Internet. CPEs need to establish overlay links with the POPs they need to access over the Internet, as shown in Figure 25.
Figure 25 Service plane list over the Internet
Add sites and devices
Import sites and devices
Import sites and devices from the templates. Select RR and CPE roles for the POP sites incorporated by the MSP tenant.
Figure 26 Sites and devices
Key parameters:
· Site Role: As a best practice, do not configure the NAT Transfer role for the solution in the current software version.
¡ RR: Route reflector.
¡ CPE: Customer premises equipment. Configure the three branch sites as CPEs.
¡ RR_CPE: Route reflector and customer premises equipment. Configure the HQ sites as RR_CPEs.
· Enable POP: Sites on which POP is enabled can be accessed by devices managed by other tenants. Sites on which POP are not enabled can be accessed only by devices incorporated by the MSP account.
Configure STUN
POPs managed by the MSP tenant require a fixed public IP address. CPEs need to use a STUN server to obtain a public IP address, which can be configured here and then allocated to non-MSP tenants.
Configure WAN service network details
Select the service plane for device interfaces based on the plane specification. Import the WAN details template as shown in Figure 28.
Figure 28 WAN service network details
Deploy devices via USB/email
POPs managed by MSP accounts are typically deployed manually. To deploy devices via USB/email, you must configure a mail server.
Plan branch networks
For information about how to configure POP area topology and VPN settings for a MSP tenant, see AD-WAN 6.5 Branch Solution WAN Service Configuration Guide.
Configuration workflow
Figure 29 Configuration workflow
Manage access zones
Create access zones
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Access Zones page or navigate to the Automation > Branch Networks > Virtual Networks > Access Zones page.
2. Click Add to add an access zone. Specify the RR for the access zone and make sure the WAN network services details have been deployed to the RR site. Select to enable Block Communication Between CPE Sites. Enable BFD as a best practice in a primary/backup POP scenario.
Figure 30 Adding an access zone
Key parameters:
¡ Tenant Access Site Capability: Maximum number of sites that the tenant can access from this access zone. The access zone will not be allocated to the tenant if this parameter is not configured.
¡ Block Communication Between CPE Sites: As a best practice, enable this feature in the MSP scenario. If you enable this feature, the CPE sites attached to the access zone cannot communicate with each other by default. In this case, you must configure an area topology to enable communication between CPE sites attached to the access zone.
¡ BFD: As a best practice, enable BFD for the access zone in a network with primary and backup POPs.
In this example, all POPs are in one access zone. Create an access zone separately for each POP to be allocated to non-MSP tenants. CPE devices of non-MSP tenants access the access zone allocated by the MSP as needed.
Attach sites
1. Click the 
icon
in the Actions column. Select Attach as Client in the access zone of all POP sites. As a best practice, select Attach as Client in the MSP
scenario.
Figure 32 Attaching sites as clients
Configure O&M settings
Add device-specific O&M settings, as shown in Figure 33. In this example, global sampling settings are used in the MSP scenario, and the O&M settings are not configured currently.
Figure 33 Configure O&M settings
Manage VPNs
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > VPNs page or navigate to the Automation > Branch Networks > Virtual Networks > VPNs Management > VPNs page.
2. Click Add, configure the following parameters, and then click OK to save the configuration, as shown in Figure 34. The VPNs created by the MSP tenant will be allocated to non-MSP tenants.
Figure 34 Adding a VPN instance
Key parameters:
¡ VPN Name: VPN name saved on the controller.
¡ VPN Instance Name: VPN instance configuration deployed to devices.
¡ Tenant Access Site Capability: To allocate VPNs to tenants, specify this parameter. VPNs will not allocate to non-MSP tenants if this parameter is not configured.
Add an area topology
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Area Topology page and then click Add. On the page that opens, add a full-mesh area topology for POPs, and then click OK, as shown in Figure 35. The higher the area local priority, the more likely the routes through the site will be selected. Traffic forwarding between POPs does not involve primary and secondary links. In this example, the area local priority is not configured.
Figure 35 Adding a full-mesh area topology
Add a topology policy
After an area topology is added, you can add topology policies for some branch sites in the area. In this example, no topology policy is not configured.
Add an area interconnect
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Area Interconnect page and configure the boundary sites between regions according to the networking requirements. All CPEs communicate with each other through POPs, so POP are the boundary devices.
To add an area interconnect, first add area topologies for non-MSP tenants as described in "Add an area topology", and then configure area interconnects for the MPS tenant.
Figure 36 Adding an area interconnect
Figure 37 Area interconnection creation completed
Configure LAN networks
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Configure LAN Networks page or the Automation > Branch Networks > Virtual Networks > VPNs Management > LAN Networks Deployment page. Click Add to add LAN networks as needed, as shown in Figure 38.
Figure 38 Configuring LAN networks
Add LAN service network details
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > LAN Service Network Details page or the Automation > Branch Networks > Virtual Networks > VPNs Management > LAN Networks Deployment page. Click Download Template to download a template, and then enter LAN network detail information in the template according to the networking model and the instructions, as shown in Figure 39.
Figure 39 Importing LAN service network details
Plan tenant resources
An MSP tenant can assign its RR, WAN network, and VPN resources to common tenants after authorizing them.
Authorize common tenants
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > Tenants page. Click Add to add a common user, as shown in Figure 40 and Figure 41.
Figure 40 Adding a common tenant
Add system IP pools
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > System IP Pool Service page. Click Add to add a system IP pool, as shown in Figure 42 and Figure 43. A common tenant must use the system IP pool of the MSP tenant to assign system IP addresses to devices.
Figure 42 Adding a system IP pool
Configure RR service
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > RR Service page. The RR Access Zone Statistics area displays all MSP access zones and their uses.
Figure 44 Configuring RR service
2. In the Tenant Access
area, click the 
icon in the Actions column. On the RR Access Zone Assignment page that opens, select access
zones for the tenant, as shown in Figure 45 and Figure 46. The
devices incorporated by the tenant can access the assigned access zones. In
this example, four POP sites are selected.
Figure 45 Selecting access zones for the tenant
Figure 46 Assigned RR access zones
Configure VPN service
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > VPN Service page. Click Add to select a VPN for the tenant, as shown in Figure 47 and Figure 48 The devices connected to the POP must use the VPN assigned by the MSP tenant.
Configure POP service
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > POP Service page. The POP Access Statistics area displays all POP sites that can be assigned, as shown in Figure 49. A common tenant can select only assigned POP sites when configuring an area topology.
Figure 49 Configuring POP service
2. In the Tenant Access
area, click the 
icon in the Actions column. On the POP Assignment page that opens, click Add to assign POP sites, as shown in Figure 50 and Figure 51.
Figure 50 Assigning a POP site
Configure a WAN service network
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > WAN Service page. Click Add to select a WAN service network for the tenant, as shown in Figure 52 and Figure 53. A common tenant can use the WAN service network, transport network, and service plane assigned by the MSP tenant when configuring WAN service network details.
Figure 52 Assigning a WAN service network
Figure 53 Assigned WAN service networks
Configure STUN service
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > STUN Service page. Click Add to select a STUN service for the tenant, as shown in Figure 54. In this example, STUN service is not configured.
Figure 54 Adding a STUN service
Configure application TE
Perform this task to configure TE groups and QoS for POP devices. For the parameters and configuration steps. See AD-WAN 6.5 Branch Solution WAN Service Configuration Guide.
Configuration workflow
Figure 55 Configuration workflow
Add TE scopes
Navigate to the Guide > Branch Network Deployment > Application TE > TE Scopes page. Click Add to add a TE scope. In this example, a TE group is configured for each POP, and each TE scope is configured with only one POP device, as shown in Figure 56 and Figure 57.
Configure RIR
Navigate to the Guide > Branch Network Deployment > Application TE > RIR Settings page. Enable or disable the Bandwidth Scheduling Policy option and the Priority-Based Link Selection option as needed. Configure per-flow load balancing, as shown in Figure 58.
Configure TE policies
Navigate to the Guide > Branch Network Deployment > Application TE > TE Policies page. Configure the path priority. In this example, an SLA profile is configured for each POP of the same TE, as shown in Figure 59.
Figure 59 Adding a TE policy for application flow1
Configure TE groups
Navigate to the Guide > Branch Network Deployment > Application TE > TE Policies page. Click Add to add a TE group, and configure an SLA profile for pop1, as shown in Figure 60 and Figure 61.
Configure QoS
Perform this task to configure QoS policies for POP devices incorporated by the MSP tenant. Before performing this task, navigate to the Automation > Network Common Settings > Device Management page, and verify that the device list contains all incorporated devices and the synchronization state is successful.
Configure ACL templates
Navigate to the Automation > Network Common Settings > QoS Manager > ACL Templates page. Configure Add to add an ACL template, as shown in Figure 62. Configure the 5-tuple and VPN information.
Figure 62 Adding an ACL template
Configure traffic class templates
Navigate to the Automation > Network Common Settings > QoS Manager > CBQoS Templates > Traffic Class Templates page. Add a traffic class template, and use the created ACL template, as shown in Figure 63.
Figure 63 Adding a traffic class template
Configure traffic behavior templates
Navigate to the Automation > Network Common Settings > QoS Manager > CBQoS Templates > Traffic Behavior Templates page. Add a behavior template, as shown in Figure 64.
Figure 64 Adding a traffic behavior template
Configure QoS policy templates
1. Navigate to the Automation > Network Common Settings > QoS Manager > CBQoS Templates > QoS Policy Templates page. Add a QoS policy, and associate the traffic behavior template with the traffic class template, as shown in Figure 65.
Figure 65 Adding a QoS policy template
2. Click the 
icon in the Actions column for a QoS policy and deploy it to
interfaces, as shown in Figure 66.
Figure 66 Deploying a QoS policy to interfaces
Deploy common tenant services
Log in to the controller as a common tenant. For the parameters and configuration steps. See AD-WAN 6.5 Branch Solution WAN Service Configuration Guide.
Plan device onboarding
Some parameters are assigned by the MSP tenant and do not need to be configured.
Configuration workflow
Figure 67 Configuration workflow
Global configuration
Configure basic settings
All basic parameters are assigned by the MSP tenant and cannot be modified, as shown in Figure 68.
Figure 68 Configure basic settings
Configure resource pools
Resource pools are assigned by the MSP tenant and cannot be modified, as shown in Figure 69.
Figure 69 Configuring resource pools
Configure IPsec settings
IPsec settings are assigned by the MSP tenant and cannot be modified, as shown in Figure 70.
Figure 70 Configuring IPsec settings
Configure O&M settings
O&M settings are assigned by the MSP tenant and cannot be modified, as shown in Figure 71.
Figure 71 Configuring O&M settings
Configure a WebSocket template
If the CPE devices incorporated by the common tenant use USB/email deployment, you can modify the WebSocket template, as shown in Figure 72. In this example, the WebSocket template is not modified.
Figure 72 Configuring a WebSocket template
Configure an SNMP template
The SNMP template must be added by the common tenant, as shown in Figure 73.
Figure 73 Adding an SNMP template
Configure a tunnel BFD template
The tunnel BFD template is assigned by the MSP tenant and cannot be modified, as shown in Figure 74.
Figure 74 Configuring a tunnel BFD template
Configure WAN service networks
The common tenant uses the WAN service network configured by the MSP tenant in "Configure a WAN service network", as shown in Figure 75.
Figure 75 Configuring a WAN service network
Import sites and devices
Import the CPE devices incorporated by the common tenant, as shown in Figure 76.
The STUN server (if required) is assigned by the MSP tenant.
Figure 76 Importing sites and devices
Import WAN service network details
Select a service plane as needed, and import a WAN service network detail template, as shown in Figure 77.
Figure 77 Importing WAN service network details
Deploy via USB/email
To deploy settings to devices, download the URLs or USB configuration files or directly send them through email, as shown in Figure 78.
Figure 78 Deploy via USB/email
Plan branch networks
Configuration workflow
Figure 79 Configuration workflow
Manage access zones
Navigate to the Guide > Branch
Network Deployment > Plan Branch Networks > Access Zones
page. The common tenant can see the access zones assigned by the MSP tenant in "Configure RR service", as shown in Figure 80.
Click the 
icon, select CPE sites, and click Attach
as Client, as shown in Figure 81. As a
best practice, attach CPE sites as non-clients and block communication between
CPE sites attached to the access zone in an MSP scenario. A common tenant can
also create its own access zones.
Figure 80 Managing access zones
Figure 81 Attaching client sites
Configure O&M settings
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > O&M Settings page. Click Add to configure device-specific O&M settings, as shown in Figure 82. In this example, global settings are used.
Figure 82 Configuring O&M settings
Manage VPN instances
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > VPNs Management page. You can see the VPNs assigned by the MSP tenant, as shown in Figure 83.
Figure 83 Managing VPN instances
2. Click the 
icon and select
the sites to bind, as shown in Figure 84. You
can create your own VPN instances, which cannot be used by other common tenants
or the MSP tenant.
Add an area topology
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Area Topology page. Click Add to add a hub-spoke area topology, and click OK, as shown in Figure 85. In this example, CPE1.1, CPE1.2, CPE2.1, and CPE2.2 are connected to both POP1 and POP2 in dual active mode. Therefore, the local priority is not configured. After the MSP tenant configures POP service in "Configure POP service", a common tenant can select POP devices when creating an area topology.
Figure 85 Adding area topology POP1
CPE3.1 is connected to POP3 as the master and to POP4 as the backup. CPE4.1 is connected to POP4 as the master and to POP3 as the backup. The higher the local priority value, the higher the CPE’s priority. In area topology POP3, the local priority of CPE3.1 is 200, and the local priority of CPE4.1 is 100, as shown in Figure 86. In area topology POP4, the and the local priority of CPE4.1 is 200, and the local priority of CPE3.1 is 100, as shown in Figure 87 and Figure 88.
Figure 86 Adding area topology POP3
Figure 87 Adding area topology POP4
Add a topology policy
After an area topology is added, you can add a topology policy to configure the interconnect mode between branch sites. In this example, no topology policy is added.
Add an area interconnect
Perform this task to configure a border site between areas to enable inter-area connectivity. An area interconnect must be configured by the tenant where the border device resides.
CPE devices interconnect through POP devices, so the MSP tenant configures an area interconnect. If a common tenant contains three site levels, you can also add an area interconnect for it. In this example, no area interconnect is added in the common tenant.
Configuring LAN networks
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Configure LAN Networks page or the Automation > Branch Networks > Virtual Networks > VPNs Management > LAN Networks Deployment page. Click Add to add LAN networks as needed, as shown in Figure 89.
Figure 89 Configuring LAN networks
Add LAN service network details
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > LAN Service Network Details page or the Automation > Branch Networks > Virtual Networks > VPNs Management > LAN Networks Deployment page. Click Download Template to download a template, and then enter LAN network detail information in the template according to the networking model and the instructions, as shown in Figure 90.
Figure 90 Importing LAN service network details
Configure application TE
Perform this task to configure TE groups for incorporated CPE devices.
Configuration workflow
Figure 91 Configuration workflow
Add TE scopes
Navigate to the Guide > Branch Network Deployment > Application TE > TE Scopes page. Add one TE scope for all CPEs, as shown in Figure 92.
Figure 92 Adding a policy scope
Configure RIR
Navigate to the Guide > Branch Network Deployment > Application TE > RIR Settings page. Enable or disable the Bandwidth Scheduling Policy option and the Priority-Based Link Selection option as needed, as shown in Figure 93.
Configure TE policies
Navigate to the Guide > Branch Network Deployment > Application TE > TE Policies page. Configure the path priority. In this example, the path between the CPE and POP is configured, as shown in Figure 94.
Configure TE groups
Navigate to the Guide > Branch Network Deployment > Application TE > TE Policies page. Click Add to add a TE group, as shown in Figure 95 and Figure 96.
Figure 96 Configuring the TE group
Configure QoS
Perform this task to configure QoS policies for incorporated CPE devices. Before performing this task, navigate to the Automation > Network Common Settings > Device Management page, and verify that the device list contains all incorporated devices and the synchronization state is successful.
Configure ACL templates
Navigate to the Automation > Network Common Settings > QoS Manager > ACL Templates page. Click Add to add an ACL template, as shown in Figure 97.
Figure 97 Adding an ACL template
Configure traffic class templates
Navigate to the Automation > Network Common Settings > QoS Manager > Traffic Class Templates page. Add a traffic class template, and use the created ACL template, as shown in Figure 98.
Figure 98 Adding a traffic class template
Configure traffic behavior templates
Navigate to the Automation > Network Common Settings > QoS Manager > CBQoS Templates > Traffic Behavior Templates page. Add a behavior template, as shown in Figure 99.
Figure 99 Adding a traffic behavior template
Configure QoS policy templates
1. Navigate to the Automation > Network Common Settings > QoS Manager > CBQoS Templates > QoS Policy Templates page. Add a QoS policy, and associate the traffic behavior template with the traffic class template, as shown in Figure 100.
Figure 100 Adding a QoS policy template
2. Click the 
icon in the Actions column for a QoS policy and deploy it to
interfaces, as shown in Figure 101.
Figure 101 Deploying a QoS policy to interfaces
