Login
02-AD-WAN 6.6 Branch Solution WAN Service Configuration Guide in the MSP Scenario-book.pdf 
(12.56 MB)
- Released At: 11-09-2024
- Page Views:
- Downloads:
- Related Documents
-
|
|
|
AD-WAN 6.6 Branch Solution |
|
WAN Service Configuration Guide |
|
in the MSP Scenario |
|
|
Document version: 5W100-20240603
Copyright © 2024 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Configure the system and tenants
Install the controller in converged deployment mode
Create an MSP tenant and operator
Create a non-MSP tenant and operator
Configure WAN service networks
Configure WAN service network details
Configure dual-gateway route synchronization
Configure WAN service networks
Import WAN service network details
Overview
The controller in the AD-WAN 6.6 branch solution supports automated deployment and WAN service deployment in the Managed Service Provider (MSP) scenario. For information about how to configure WAN services, see AD-WAN 6.6 Branch Solution WAN Service Configuration Guide. MSP-specific service deployment includes:
· MSP tenant service deployment
· Tenant resources planning
· Non-MSP tenant service deployment
Plan the networks
Network diagram
Figure 1 Underlay network diagram
Figure 2 Overlay network diagram
Network configuration
· CPE1.1 and CPE1.2 are both connected to DC1 and DC2, with traffic distribution managed by routing configurations. Production traffic is forwarded through DC1, while office traffic is forwarded through DC2.
· CPE2.1 and CPE2.2 are both connected to DC1 and DC2, with traffic distribution managed by routing configurations. Production traffic is forwarded through DC1, while office traffic is forwarded through DC2.
· CPE3.1 establishes connections to POP3 and POP4 with the connection to POP3 as the primary link and the connection to POP4 as the backup link.
· CPE4.1 establishes connections to POP3 and POP4 with the connection to POP4 as the primary link and the connection to POP3 as the backup link.
· All POPs are connected in a full-mesh topology over the Layer 3 dedicated MPLS network.
· Each CPE accesses POPs in a hub-spoke topology over the Layer 3 dedicated MPLS network and Internet.
· POP1-1 and POP1-2 are dual gateways of the site for connection to DC1. POP2-1 and POP2-2 are dual gateways of the site for connection to DC2.
|
|
NOTE: The backbone network RRs must be deployed separately. |
Configure the system and tenants
Install the controller in converged deployment mode
In the MSP scenario, you must install the controller in converged deployment mode and turn on the switch for the MSP scenario on the converged deployment page. For the procedure, see AD-WAN Branch 6.6 Unified Platform and Component Deployment Guide.
|
|
CAUTION: · In the MSP scenario, you must enable the MSP switch when deploying the controller on the convergence deployment page. If the MSP switch is not enabled, you must uninstall and redeploy the controller. · To use the admin account (system tenant as the MSP tenant), you must first change the system tenant to the MSP type before installing the controller. After the SDWAN controller is deployed, you cannot modify the MSP type for the admin tenant, and you can specify the MSP type only when adding a new tenant. To use the admin account as an MSP type account, uninstall the controller and reconfigure the account. |
Create an MSP tenant and operator
In the MSP scenario, you must deploy the controller in converged mode, turn on the switch for the MSP scenario, and create an MSP tenant to incorporate POPs.
1. Log in to Unified Platform with the default system administrator account (username admin) and then navigate to the System > Tenants > Tenants page.
Figure 3 Tenant management page
2. Click the 
icon to the right of the tenant named System to add a new tenant. Select the MSP tenant type and then click OK, as shown in Figure 4.
3. Navigate to the System > Operator Management > Operators page and view the operator list of the current tenant.
4. Click Add, configure the relevant parameters as shown in Figure 6, and then click OK.
Figure 6 Adding an MSP tenant operator
Create a non-MSP tenant and operator
1. Login to Unified Platform using the MSP system administrator (MSP) account, and then navigate to the System > Tenants > Tenants page.
2. Click the 
icon to the right
of the tenant named MSP to add a new tenant. Select the non-MSP tenant type and then click OK, as shown in Figure 8.
Figure 8 Adding a non-MSP tenant
3. Navigate to the System > Operator Management > Operators page and view the operator list of the current tenant.
Figure 9 Operator list
4. Click Add, configure the relevant parameters as shown in Figure 10, and then click OK.
Figure 10 Adding a non-MSP tenant operator
Deploy MSP tenant services
To deploy MSP tenant services, use the MSP tenant operator account to log in to the controller.
Plan device onboarding
The MSP tenant incorporates and manages RRs and POPs. For the specific parameter descriptions and configuration procedures, see AD-WAN 6.6 Branch WAN Service Configuration Guide.
Deployment workflow
Figure 11 Deployment workflow
Configure global settings
Configure basic settings
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > Basic Configuration page, configure the BGP AS number, system IP interface number, and SDWAN server port, and then click OK.
Figure 12 Configuring basic settings
Configure the system IP address pool
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > IP Address Pools page. Click the Add button in the system IP address pool list to add a system IP address pool, as shown in Figure 13, and then click OK.
Figure 13 Configuring the system IP address pool
Configure IPsec
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > Configure IPsec page. Configure IPsec parameters, and then click OK to save the configuration.
Figure 14 Configuring IPsec
Configure O&M settings
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > O&M Settings page. Configure parameters in Global Quality and Traffic Statistics Sampling area and the Controller Quality and Traffic Statistics Sampling area, as shown in Figure 15. Make sure the BFD detection time and number of detections are greater than those for tunnel BFD keepalive packets.
Figure 15 Configure O&M settings
Configure a WebSocket template
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > WebSocket Templates page. WebSocket templates are typically used for generating configuration files for deployment via USB or URL. You do not need to edit this configuration if the deployment is not performed via USB or URL. The address of the global default template is the northbound VIP. For devices to come online through the public network as planned, add a public network address. Then click OK.
Figure 16 Configuring a WebSocket template
Configure an SNMP template
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > SNMP Templates page. The controller does not require using SNMP to manage devices. For the network management component or analyzer to manage devices through SNMP, the controller supports deploying SNMP configuration. Click Add to add an SNMP template. When you add a new SNMP template, select SNMP version v2c, set the read community name to pubic, and set the write community to private, as shown in Figure 17.
Figure 17 Configuring an SNMP template
Configure a tunnel BFD template
Navigate to the Guide > Branch Network Deployment > Plan Device Onboarding > Global Config > Tunnel BFD Templates page. Click Add to add a tunnel BFD template, as shown in Figure 18.
Figure 18 Configuring a tunnel BFD template
Configure WAN service networks
Create WAN service networks
Create the WAN service networks of the Layer 3 dedicated MPLS type and Internet type.
Figure 19 Configuring WAN service networks
Service plane planning
Two types of service planes exist in the scenario. One is the POP-POP lane, where all POPs establish overlay links on the plane. The other is the POP-CPE plane, where each CPE selects the plane with the POP it needs to access.
Layer 3 dedicated MPLS network: In this example, POPs need to establish overlay links and CPEs and POPs need to establish overlay links over the Layer 3 dedicated MPLS network.
Figure 20 Service plane list over the Layer 3 dedicated MPLS network
Internet: In this example, POPs do not need to establish overlay links over the Internet. CPEs need to establish overlay links with the POPs they need to access over the Internet, as shown in Figure 21.
Figure 21 Service plane list over the Internet
|
|
NOTE: To reduce the number of tunnels between POP sites and facilitate POP site scheduling, make sure each POP site has been assigned a separate plane for CPE access. Different POP sites must be assigned different planes for CPE access to prevent establishing TTE tunnels between POP sites by using these planes. |
Add sites and devices
Import sites and devices
Import sites and devices from the templates. Select RR and CPE roles for the POP sites incorporated by the MSP tenant.
Figure 22 Sites and devices
Key parameters:
· Site Role: As a best practice, do not configure the NAT Transfer role for the solution in the current software version.
¡ RR: Route reflector.
¡ CPE: Customer premises equipment. Configure the three branch sites as CPEs.
¡ RR_CPE: Route reflector and customer premises equipment. Configure the HQ sites as RR_CPEs.
· Enable POP: Sites on which POP is enabled can be accessed by devices managed by other tenants. Sites on which POP are not enabled can be accessed only by devices incorporated by the MSP account.
Configure STUN
POPs managed by the MSP tenant require a fixed public IP address. CPEs need to use a STUN server to obtain a public IP address, which can be configured here and then allocated to non-MSP tenants.
Key parameters
· IP Address: IP address of the STUN server, 127.0.0.1. The current solution requires the address to be configured as 127.0.0.1. Do not add other options.
Configure dynamic QoS
Configure dynamic QoS services for MSP tenants. For more information, see AD-WAN Branch 6.6 WAN Service Deployment Guide.
Configure WAN service network details
Select the service plane for device interfaces based on the plane specification. Import the WAN details template as shown in Figure 24.
Figure 24 WAN service network details
Deploy devices via USB/email
POPs managed by MSP accounts are typically deployed manually. To deploy devices via USB/email, you must configure a mail server.
Plan branch networks
For information about how to configure POP area topology and VPN settings for a MSP tenant, see AD-WAN 6.6 Branch Solution WAN Service Configuration Guide.
Configuration workflow
Figure 25 Configuration workflow
Manage access zones
Create access zones
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Access Zones page or navigate to the Automation > Branch Networks > Virtual Networks > Access Zones page.
2. Click Add to add an access zone. Specify the RR for the access zone and make sure the WAN network services details have been deployed to the RR site. Select to enable Block Communication Between CPE Sites. Enable BFD as a best practice in a primary/backup POP scenario.
Figure 26 Adding an access zone
Key parameters:
¡ Tenant Access Site Capability: Maximum number of sites that the tenant can access from this access zone. The access zone will not be allocated to the tenant if this parameter is not configured.
¡ Block Communication Between CPE Sites: You must enable this feature for the access zones to be assigned in the MSP scenario. If you enable this feature, the CPE sites attached to the access zone cannot communicate with each other by default. In this case, you must configure an area topology to enable communication between CPE sites attached to the access zone. This parameter is not editable in the current software version.
¡ BFD: As a best practice, enable BFD for the access zone in a network with primary and backup POPs. This parameter is not editable in the current software version.
In this example, all POPs are in one access zone. Create an access zone separately for each POP to be allocated to non-MSP tenants. CPE devices of non-MSP tenants access the access zone allocated by the MSP as needed.
Attach sites
1. Click the 
icon
in the Actions column. Select Attach as Client in the access zone of all POP sites. As a best practice, select Attach as Client in the MSP
scenario.
Figure 28 Attaching sites as clients
Configure O&M settings
Add device-specific O&M settings, as shown in Figure 29. In this example, global sampling settings are used in the MSP scenario, and the O&M settings are not configured currently.
Figure 29 Configure O&M settings
Manage VPNs
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > VPNs page or navigate to the Automation > Branch Networks > Virtual Networks > VPNs Management > VPNs page.
2. Click Add, configure the following parameters, and then click OK to save the configuration, as shown in Figure 30. The VPNs created by the MSP tenant will be allocated to non-MSP tenants.
Figure 30 Adding a VPN instance
Key parameters:
¡ VPN Name: VPN name saved on the controller.
¡ VPN Instance Name: VPN instance configuration deployed to devices.
¡ Tenant Access Site Capability: To allocate VPNs to tenants, specify this parameter. VPNs will not allocate to non-MSP tenants if this parameter is not configured.
Add an area topology
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Area Topology page and then click Add. On the page that opens, add a full-mesh area topology for POPs, and then click OK, as shown in Figure 31. The higher the area local priority, the more likely the routes through the site will be selected. Traffic forwarding between POPs does not involve primary and secondary links. In this example, the area local priority is not configured.
Figure 31 Adding a full-mesh area topology
Add a topology policy
After an area topology is added, you can add topology policies for some branch sites in the area. In this example, no topology policy is not configured.
Add an area interconnect
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Area Interconnect page and configure the boundary sites between regions according to the networking requirements. All CPEs communicate with each other through POPs, so POP are the boundary devices.
To add an area interconnect, first add area topologies for non-MSP tenants as described in "Add an area topology", and then configure area interconnects for the MPS tenant.
Figure 32 Adding an area interconnect
Figure 33 Area interconnection creation completed
Configure LAN networks
For more information about configuring LAN service network details at POP sites, see AD-WAN Branch 6.6 WAN Service Deployment Guide.
Configure dual-gateway route synchronization
For more information about dual-gateway route synchronization configuration for POP dual-gateway sites, see AD-WAN Branch 6.6 WAN Service Deployment Guide.
Plan tenant resources
An MSP tenant can assign its RR, WAN network, and VPN resources to common tenants after authorizing them.
Authorize common tenants
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > Tenants page. Click Add to add a common user, as shown in Figure 34 and Figure 35.
Figure 34 Adding a common tenant
Add system IP pools
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > System IP Pool Service page. Click Add to add a system IP pool, as shown in Figure 36 and Figure 37. A common tenant must use the system IP pool of the MSP tenant to assign system IP addresses to devices.
Figure 36 Adding a system IP pool
Configure RR service
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > RR Service page. The RR Access Zone Statistics area displays all MSP access zones and their uses.
Figure 38 Configuring RR service
2. In the Tenant Access
area, click the 
icon in the Actions column. On the RR Access Zone Assignment page that opens, select access
zones for the tenant, as shown in Figure 39 and Figure 40. The
devices incorporated by the tenant can access the assigned access zones. In
this example, four POP sites are selected.
Figure 39 Selecting access zones for the tenant
Figure 40 Assigned RR access zones
Configure VPN service
Navigate to the Guide > Branch
Network Deployment > Plan Branch Networks > Tenant Resource
Planning > VPN Service page. Click the 
icon
in the Actions column for a tenant access to access
the VPN assignment page. Click Add, and select a
VPN for the tenant, as shown in Figure 41 and Figure 42 The
devices connected to the POP must use the VPN assigned by the MSP tenant.
When an authorized tenant needs to configure application Internet access in the assigned VPN, the tenant must also configure the address pool for the assigned VPN. To do that, click the Add button. In the dialog box that opens, configure the VPN name, start IP, end IP, and mask length, and click OK to add an address pool in the assigned VPN, as shown in Figure 43.
Figure 43 Adding a VPN address pool
Configure POP service
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > POP Service page. The POP Access Statistics area displays all POP sites that can be assigned, as shown in Figure 44. A common tenant can select only assigned POP sites when configuring an area topology.
Figure 44 Configuring POP service
2. In the Tenant Access
area, click the 
icon in the Actions column. On the POP Assignment page that opens, click Add to assign POP sites, as shown in Figure 45 and Figure 46.
Figure 45 Assigning a POP site
Configure a WAN service network
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > WAN Service page. Click Add to select a WAN service network for the tenant, as shown in Figure 47 and Figure 48. A common tenant can use the WAN service network, transport network, and service plane assigned by the MSP tenant when configuring WAN service network details.
Figure 47 Assigning a WAN service network
Figure 48 Assigned WAN service networks
Configure STUN service
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Tenant Resource Planning > STUN Service page. Click Add to select a STUN service for the tenant, as shown in Figure 49. If dynamic NAT translation exists on the Internet link between the branch and the POP in the tenant network (NAT or carrier-grade NAT translation exists on the branch egress), use STUN. In other cases, skip this step. In this example, STUN service is not configured.
Figure 49 Adding a STUN service
Configure a dynamic QoS service
Navigate to the Automation > Parameter Settings > Global Settings > Tenant Resource Planning > Dynamic QoS Service page. Add a dynamic QoS service based on network requirements, as shown in Figure 50.
Figure 50 Adding a dynamic QoS service
Do not delete dynamic QoS related sites when a dynamic QoS service exists.
Deploy WAN services
After completing the basic settings, you can deploy route-based redirection, TE, and QoS services. For more information, see AD-WAN Branch 6.6 WAN Service Deployment Guide.
The user completes the configuration related to the tenant devices.
|
|
CAUTION: · An MSP tenant can configure TE groups and QoS polices for only MSP-incorporated devices and can only see outbound paths of MSP-incorporated devices. · Since each POP site requires a separate plane for CPE access, many optional paths are available for application traffic across POPs. You can configure a separate application group with the same flow ID for each POP site. |
Configure basic O&M
For more information about configuring the dashboards, basic O&M, and alarm parameters for an MSP tenant, see AD-WAN Branch 6.6 WAN Service Deployment Guide.
Configure MSP dashboards
When you log in as the administrator of the MSP tenant, you can view the home page information for the tenant. As shown in Figure 51, the home page provides two default widget windows, which the administrator can edit.
Figure 51 MSP tenant dashboard
Widgets:
· Tenant Summary: Displays O&M statistics for the current MSP tenant. The tenant statistics objects include authorized tenants, managed tenants, and tenants applying for management. The statistics include the number of tenants, the number of sites, the number of devices, and device alarm status information.
· Tenant List: Displays O&M statistics for authorized tenants, managed tenants, and tenants applying for management under the current MSP tenant. The statistics information includes tenant name, number of sites, tenant description, number of devices, device alarm status, authorization status, and management status. The following operations are supported:
¡ Click the Create button to create a child tenant managed by the current MSP tenant.
¡ Click the name of a managed tenant to perform management operations on the managed tenant.
¡ Click the authorization status of a tenant to access the tenant authorization page for authorization operations. In the current software version, only the MSP deployment mode supports authorizing tenants.
¡ Click the Edit icon in the Actions column for a tenant to edit the tenant description.
¡ Click the Revoke icon in the Actions column for a tenant to cancel management for that tenant.
¡ Click the Approve or Reject icon in the Actions column for a tenant to approve or reject the management request of that tenant.
|
|
NOTE: In the MSP deployment scenario, all MSP tenants will register the MSP dashboard resources. Adding a new MSP tenant in a supported version will directly set the MSP dashboard as the default dashboard. Existing MSP tenants will retain their service dashboards without automatic switchover after upgrade to a version that supports MSP dashboards. They can use the Settings icon in the upper right corner of the page to switch between the service dashboard (default-sdwan-tenant) and the MSP dashboard (default-sdwan-msp). |
Deploy common tenant services
Log in to the controller as a common tenant. For the parameters and configuration steps. See AD-WAN 6.6 Branch Solution WAN Service Configuration Guide.
Plan device onboarding
Some parameters are assigned by the MSP tenant and do not need to be configured.
Configuration workflow
Figure 52 Configuration workflow
Global configuration
Configure basic settings
All basic parameters are assigned by the MSP tenant and cannot be modified, as shown in Figure 53.
Figure 53 Configure basic settings
Configure IP address pools
Resource pools are assigned by the MSP tenant and cannot be modified, as shown in Figure 54.
Figure 54 Configuring resource pools
Configure IPsec settings
IPsec settings are assigned by the MSP tenant and cannot be modified, as shown in Figure 55.
Figure 55 Configuring IPsec settings
Configure O&M settings
O&M settings are assigned by the MSP tenant and cannot be modified, as shown in Figure 56.
Figure 56 Configuring O&M settings
Configure a WebSocket template
If the CPE devices incorporated by the common tenant use USB/email deployment, you can modify the WebSocket template, as shown in Figure 57. In this example, the WebSocket template is not modified.
Figure 57 Configuring a WebSocket template
Configure an SNMP template
The SNMP template must be added by the common tenant, as shown in Figure 58.
Figure 58 Adding an SNMP template
Configure a tunnel BFD template
The tunnel BFD template is assigned by the MSP tenant and cannot be modified, as shown in Figure 59.
Figure 59 Configuring a tunnel BFD template
Configure WAN service networks
The common tenant uses the WAN service network configured by the MSP tenant in "Configure a WAN service network", as shown in Figure 60.
Figure 60 Configuring a WAN service network
Import sites and devices
Import the CPE devices incorporated by the common tenant, as shown in Figure 61. The system IP of a device can be automatically allocated by the controller. When it is manually specified, the address must be within the system IP address pool allocated by the MSP tenant.
The STUN server (if required) is assigned by the MSP tenant.
Figure 61 Importing sites and devices
Import WAN service network details
Select a service plane as needed, and import a WAN service network detail template, as shown in Figure 62.
Figure 62 Importing WAN service network details
Deploy via USB/email
To deploy settings to devices, download the URLs or USB configuration files or directly send them through email, as shown in Figure 63.
Figure 63 Deploy via USB/email
Plan branch networks
Configuration workflow
Figure 64 Configuration workflow
Manage access zones
Navigate to the Guide > Branch
Network Deployment > Plan Branch Networks > Access Zones
page. The common tenant can see the access zones assigned by the MSP tenant in "Configure RR service", as shown in Figure 65.
Click the 
icon, select CPE sites, and click Attach
as Client, as shown in Figure 66. As a
best practice, attach CPE sites as non-clients and block communication between
CPE sites attached to the access zone in an MSP scenario. A common tenant can
also create its own access zones.
Figure 65 Managing access zones
Figure 66 Attaching client sites
Configure O&M settings
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > O&M Settings page. Click Add to configure device-specific O&M settings, as shown in Figure 67. In this example, global settings are used.
Figure 67 Configuring O&M settings
Manage VPN instances
1. Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > VPNs Management page. You can see the VPNs assigned by the MSP tenant, as shown in Figure 68.
Figure 68 Managing VPN instances
2. Click the 
icon and select
the sites to bind, as shown in Figure 69. You
can create your own VPN instances, which cannot be used by other common tenants
or the MSP tenant.
Add an area topology
Navigate to the Guide > Branch Network Deployment > Plan Branch Networks > Area Topology page. Click Add to add a hub-spoke area topology, and click OK, as shown in Figure 70. In this example, CPE1.1, CPE1.2, CPE2.1, and CPE2.2 are connected to both POP1 and POP2 in dual active mode. Therefore, the local priority is not configured. After the MSP tenant configures POP service in "Configure POP service", a common tenant can select POP devices when creating an area topology.
Figure 70 Adding area topology POP1
CPE3.1 is connected to POP3 as the master and to POP4 as the backup. CPE4.1 is connected to POP4 as the master and to POP3 as the backup. The higher the local priority value, the higher the CPE’s priority. In area topology POP3, the local priority of CPE3.1 is 200, and the local priority of CPE4.1 is 100. In area topology POP4, the and the local priority of CPE4.1 is 200, and the local priority of CPE3.1 is 100.
Add a topology policy
After an area topology is added, you can add a topology policy to configure the interconnect mode between branch sites. In this example, no topology policy is added.
Add an area interconnect
Perform this task to configure a border site between areas to enable inter-area connectivity. An area interconnect must be configured by the tenant where the border device resides.
CPE devices interconnect through POP devices, so the MSP tenant configures an area interconnect. If a common tenant contains three site levels, you can also add an area interconnect for it. In this example, no area interconnect is added in the common tenant.
Configuring LAN networks
For more information about configuring LAN service networks, see AD-WAN Branch 6.6 WAN Service Deployment Guide.
Deploy WAN services
The user completes the configuration related to the tenant device.
|
|
NOTE: · A common tenant can configure TE groups and QoS polices for only its incorporated devices and can only see outbound paths of the incorporated devices. · Because CPE sites access different POP sites through different planes, many optional paths are available when CPEs forward application traffic across multiple POPs. You can configure a separate application group with the same flow ID for each CPE site under each POP. |
