Got it

Service Requirements and Solution Description

340 0 0 0 0

Traveling by subway has become a major way to avoid traffic congestion in cities. The subway public transportation system must therefore be highly secure and reliable given the more diverse range of IP services and increasing data traffic. However, the legacy subway bearer network can no longer meet these requirements. A more robust, reliable bearer network is required by a digital subway system and needs to meet the following requirements:

  • Ensures high reliability and security: Subways belong to the public transportation system, requiring the subway bearer network to be reliable and secure.
  • Provides sufficient data capacity: The subway system has high passenger traffic and an increasing number of data terminals, requiring the subway bearer network to provide sufficient data capacity and data switching capacity.
  • Supports a diverse range of service types: The subway system involves different service types such as the control system, advertising media, and daily working, requiring the subway bearer network to support a diverse range of service types.

The IP data communication network is the mainstream data communication network. It supports various access modes and can scale to a large size. Therefore, the trend in constructing subway bearer networks has shifted towards IP.

Huawei offers the HoVPN-based HSR solution to implement secure and reliable subway system operation and support a diverse range of service types for the subway system. The HSR solution uses Huawei agile switches to construct a hierarchical network based on MPLS L3VPN technology, provides powerful service supporting capabilities and simple as well as flexible networking modes, and is suitable for large-scale subway bearer networks. This solution adopts multiple protection technologies, including hardware bidirectional forwarding detection (BFD), TE hot standby (HSB), VPN fast reroute (FRR), and traffic forwarding on the Virtual Route Redundancy Protocol (VRRP) backup device and provides protection switchovers within milliseconds to complete an end-to-end link switchover without being noticed by users.


The Hierarchy of VPN (HoVPN)-based High-Speed Self Recovery (HSR) solution is designed to ensure network reliability, scalability, maintainability, and multi-service supporting capability, provide a hierarchical network structure, and reduce networking costs. Figure 1-18 shows the network topology in the HSR solution.

Figure 1-18  Network topology 

In Figure 1-18,

  • Three S9700 switches are fully connected on the core layer to form a core ring, while the data center site and two subway sites exchange data across the core ring.

  • Two S5720HIs are deployed as aggregation switches in each subway site and form square networking with two S9700s on the core ring. Alternatively, S5720HIs in multiple sites are connected in serial networking and then form square networking with two S9700s on the core ring. S5720HIs have VRRP configured to function as user gateways of each subway site. The data center site uses two S9700s as aggregation switches and has the same services as S5720HIs deployed.

  • Layer 2 switches are deployed on the access layer in each site to form an access ring and are dual-homed to two S5720HIs in subway sites or two S9700s in the data center site.

This network transmits all service traffic of the subway system, including traffic of daily work, advertising media, and train control management.

Service Deployment

Table 1-14  Service deployment


Use OSPF as an IGP and run OSPF between aggregation and core switches to ensure that these switches can be reached through routes and set up Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) and MPLS Traffic Engineering (TE) over OSPF routes.


Deploy Multiprotocol Border Gateway Protocol (MP-BGP) to set up L3VPN tunnels over MP-BGP routes. Establish Internal BGP (IBGP) neighbor relationships between aggregation and core switches, and between core switches, and advertise VPN routes.

Routing policy

Use routing policies to set the preferred value, and community attribute to filter, select, and back up routes.


Run LDP between aggregation and core switches to transmit L3VPN data on links for label switching. Configure BFD for label switched paths (LSPs) to implement fast link switchovers.


Deploy MPLS TE tunnels to transmit L3VPN traffic. That is, establish the primary and backup TE tunnels between each S5720HI and its directly connected S9700, and establish the primary and backup tunnels between each S9700 and its directly connected S5720HI. Enable TE HSB and configure BFD for TE HSB to allow traffic to be switched from the faulty primary TE tunnel to the backup TE tunnel within 50 ms.


Configure different VPNs for services such as daily office, advertising media, and train control management to isolate these services. In this scenario, one VPN is configured as an example.


Use BFD on each node to detect faults and implement fast traffic switchovers in case of faults. In this example, you need to deploy multiple services, including BFD for VRRP, BFD for LSP, and BFD for TE, to complete end-to-end switchovers within 50 ms.


Establish bidirectional TE tunnels between S5720HI aggregation switches and S9700 core switches, and deploy HSB for MPLS TE tunnels to provide the primary and backup constraint-based routed label switched paths (CR-LSPs) for each TE tunnel. Configure BFD for CR-LSP to fast detect CR-LSP faults. When a fault occurs on the primary CR-LSP, L3VPN traffic can be fast switched to the backup CR-LSP, providing end-to-end traffic protection.

Hybrid fast reroute (FRR)

Enable IP+VPN hybrid FRR on S5720HIs. When a fault occurs on the downlink access link, the connected interface on one S5720HI will detect the fault and fast switch traffic to the peer S5720HI, which then forwards traffic to access devices.


Deploy VRRP between two S5720HIs to implement gateway backup for access users. Configure BFD for VRRP to speed up fault detection, VRRP convergence, and traffic switchovers. To prevent traffic loss caused by aggregation switch faults and shorten service interruptions, you also need to configure the VRRP backup device to forward service traffic.

Device Selection and Restrictions

Table 1-15  Device selection and restrictions
Network ElementDevice Selection and Restrictions

Core nodes and data center aggregation nodes

Use S9706s or S9712s as core nodes and data center aggregation nodes, and install SRUDs and X series cards on these switches.

To provide high reliability, ensure that:
  • Eth-Trunk member interfaces reside on the same LPU.
  • On the same device, any two interfaces connected to other devices reside on different LPUs.

Aggregation nodes in subway sites

Use S5720HIs as aggregation switches.

Version Mapping

Table 1-16  Version mapping

V200R009C00 and later versions

Use S12700s, S9700s, or S7700s as core switches and S5720HIs as aggregation switches.


This configuration example uses S series switches running V200R009C00.

See more please click

  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.