How Orange Connects Its Global Offices Using EDIA, Hybrid WAN, and EVPN

-

Preface:

Orange, a global telecoms company, uses EDIA (Ethernet Dedicated Internet Access) at its HQs in London, Berlin and Paris to ensure each site has guaranteed, high-speed and low-latency internet for critical business apps like Office 365, cloud collaboration tools and secure remote access. These EDIA circuits provide dedicated bandwidth with SLA-backed performance so they’re perfect for HQs that can’t afford downtime or performance degradation. For its branch offices and regional sites across Europe, Orange has a Hybrid WAN architecture where MPLS lines (for latency-sensitive traffic like VoIP and internal systems) and broadband/EDIA connections (for general internet traffic) are combined through an SD-WAN platform, so traffic is intelligently routed and fails over seamlessly during outages. Orange also connects its data centers in Paris and Berlin with EVPN-VXLAN links over its MPLS backbone, so there’s Layer 2 and Layer 3 connectivity between virtualized environments. This EVPN deployment supports active-active data center operations, workload mobility and multi-tenant cloud hosting so services are highly available and scalable across regions without relying on traditional, flood-based Layer 2 technologies.

 


Advantages of Unified Architecture using Hybrid, EDIA, EVPN links

A single architecture that combines multiple link types such as EDIA, Hybrid WAN and EVPN is a highly resilient, scalable and intelligent network design for modern enterprise and service provider environments. By deploying EDIA at headquarter sites, you get dedicated, high speed and SLA backed internet connectivity for latency sensitive services like video conferencing, cloud collaboration and remote access. Hybrid WAN at branch or regional sites brings cost efficiency and redundancy by combining MPLS, broadband and EDIA links under a dynamic SD-WAN fabric, so the network can route traffic based on application priority, link health or bandwidth availability – ensuring high availability and user experience without over-reliance on expensive circuits. At the core or data center level EVPN links provide scalable and flexible Layer 2 and Layer 3 connectivity using VXLAN or MPLS encapsulation, so you can have workload mobility, active-active data centers and multi-tenant segmentation without traditional flooding or spanning-tree limitations. Together this unified architecture simplifies management, increases fault tolerance, supports automation and analytics and ensures secure application aware traffic handling across geographically dispersed locations – making the entire network more agile, cloud ready and future proof.




Configuration Steps:

 

1.   At London location Router need to create EDIA with QoS

Step-1 Need to create new Lag

London-R1 (config) # lag "lag-1" create

                               #description "London EDIA LAG"

                                # port 1/1/1

                                 # port 1/1/2

                                  # mode active

                                    # exit

Step-2 Need to create new QoS Policy

London-R1 (config-qos) # qos ingress qos-edia

London-R1 (config-qos)    # match criteria dscp 0 create

London-R1 (config-qos)      #  action

 London-R1 (config-qos)   #fc be

  London-R1 (config-qos)  # policer 1

  London-R1  (config-qos)    # exit

London-R1 (config)   # exit

# exit

 

Step-3 Need to create new QoS Policy  

London-R1 (config) # cir 100 mbps

  London-R1 (config) #cbs 100000

London-R1 (config) #eir 0

London-R1 (config) #mbs 0

 London-R1 (config) #action exceed drop

exit

 

Step-4 Create IES Service

London-R1 (config) # service ies 100 customer 100 create

  London-R1 (config) #   interface "edia-london" create

London-R1 (config-if) # address 192.168.1.1/30

      London-R1 (config-sap) #   sap lag-1:100 create

         London-R1 (config-sap-qos) #   ingress qos qos-edia

       London-R1 (config-sap) # exit

  London-R1 (config) #   exit

London-R1 (config) # exit

 ========================================

2       At Berlin location Router need to create EDIA with QoS

 

Step-1 create EDIA port

Berlin-R1 (config) # interface "int-edia" create

Berlin-R1 (config-if) # address 192.168.10.2/30

 Berlin-R1(config-if)# port 1/1/3

Berlin-R1(config-if)# exit

 

Step-2 create MPLS Port

Berlin-R1 (config) # interface "int-mpls" create

 Berlin-R1 (config-if) #   address 10.10.10.2/30

 Berlin-R1 (config-if) # port 1/1/4

Berlin-R1 (config-if) # exit

# SD-WAN device (external) manages traffic path selection.

 =================================================


At Paris location Router need to create EVPN over IP/MPLS for DC interconnect

 

Step-1: Enable BGP EVPN on Paris router location

 

Paris-R1 (config) # router bgp

Paris-R1 (config-router) # autonomous-system 65001

 Paris-R1 (config-router) # group "EVPN-GRP"

 Paris-R1 (config-router) # type internal

  Paris-R1 (config-router) # local-as 65001

  Paris-R1 (config-router) # family evpn

  Paris-R1 (config-router) # neighbor 10.10.10.2

   Paris-R1 (config-router) # exit

Paris-R1 (config) # exit

 

Step-2 Create VPLS Service with EVPN

Paris-R1 (config) # service vpls 200 customer 200 create

Paris-R1 (config-service) # vxlan

Paris-R1 (config-service) # vni 1001

 Paris-R1 (config-service-vni) # bridge-table

Paris-R1 (config-service-vni) #mac-learning enable

Paris-R1 (config-service)#exit

Paris-R1 (config)# exit

Paris-R1 (config-router)# bgp-evpn

Paris-R1 (config-router)# evi 200

 Paris-R1 (config-router)# route-distinguisher 65001:200

  Paris-R1 (config-router)# route-target import 65001:200

Paris-R1 (config-router)# route-target export 65001:200

Paris-R1 (config-router)# exit

Paris-R1 (config)# interface "dc-bridge" create

 Paris-R1 (config-if)#sap 1/1/1:300 create

 Paris-R1 (config-if)#exit

Paris-R1 (config)#exit


Conclusion:

In summary, having a single network architecture that uses EDIA for dedicated high performance internet access, Hybrid WAN for intelligent traffic distribution and EVPN for inter-data center connectivity allows you to build networks that are not only resilient and secure but also agile enough for cloud driven operations. This integrated approach simplifies management, improves application performance, ensures high availability and future proofs the network by aligning the infrastructure to the business. By combining these into one framework you can have a robust, flexible and future proof connectivity model for digital transformation at scale.


Comments

Post a Comment

Popular posts from this blog

Configuring NNI Interface Policies and Container Integration in Nokia SR and Juniper AG Networks

-
Image
 Objective: - This blog aims to give a comprehensive overview of the process for integrating containerized network services in a multi-vendor setting, specifically using Nokia Service Routers (SR) and Juniper Aggregation Routers (AG). It emphasizes the importance of NNI interface policies for facilitating smooth communication between different network segments and provides guidance on configuring management interfaces and routing to optimize connectivity and traffic flow. The goal of this guide is to help network engineers implement scalable and interoperable solutions while making complex network operations easier to manage. Scenario :- In Vodafone ISP, Pune location 2 SR non-production devices need to be launched in production. Router R1 acts as a primary and Router R2 acts as a secondary back up router. Both routers aggregate traffic combines at uplink Nasik Aggregate router. This uplink is connected with IXR router at Mumbai location. To automate process flow AWS containers are...
Read more

Step-by-Step Guide: Password Recovery for Nokia Routers

-
Image
 Objective :- If admin and system admin password of Nokia router is forgotten and you can’t login through red interface then you may need to go for password recovery process. This usually involves accessing the router through management port or console connection depending on the model. Nokia routers limit administrative access through management (mgmt.) interface or specific secure channels to prevent unauthorized access. Make sure “admin” user credentials are correct and red interface is configured to allow administrative access. In many cases physical access to the device is required along with credentials for recovery or reset. how to retrieve access of router, we need to follow process as below with the help of technician on site.     Password recovery process for “admin” on device with the help of technician. 1.    Power off the device. 2.    Remove stand by CPM card. 3.    Ensure that console cable is plugged to the de...
Read more

Designing a Secure Multi-VPC Architecture with AWS Transit Gateway and IGW

-
Image
 Preface In an AWS cloud Proof of Concept (PoC), Transit Gateway (TGW) and Internet Gateway (IGW) are key to secure, scalable and efficient communication between different VPCs and external networks. Transit Gateway (TGW) is a central routing hub where multiple VPCs can communicate without the complexity of multiple VPC peering connections. It simplifies network management, scales and enforces security policies through route tables to control traffic between connected VPCs. Internet Gateway (IGW) is required for outbound and inbound internet access for resources in public subnets. It allows public facing workloads like web servers and APIs to talk to external services while keeping private subnets secure through NAT Gateways . Together TGW and IGW provide a structured and controlled networking environment, so critical workloads are secure, isolated when needed and connected efficiently in a multi-VPC architecture. POC  The proposed Proof of Concept (PoC) focuses on estab...
Read more