BSS/OSS Academy
Domain Examples/Enterprise VPN Activation

Enterprise VPN Activation

End-to-end flow for provisioning a multi-site MPLS L3VPN for an enterprise customer, from enquiry and solution design through design & assign, NSO activation, CPE deployment, phased site rollout, SLA baselining, and ongoing managed service monitoring.

Architecture Overview

An MPLS L3VPN connects multiple enterprise sites over the operator's MPLS backbone. Each site has a CE router connecting to the operator's PE router. VRFs on the PE isolate customer traffic. NSO or equivalent automates PE/CE configuration across the network.

L3VPN PRODUCTENABLERSEnterprise VPN Sites + VASCustomer premisesCE / CPEOperator-suppliedAccess / AggregationOperator-ownedMPLS Core NetworkOperator-ownedBSS/OSS EnablersOperator-ownedExternal / PeeringInter-carrierUser Network Interface — service demarcation between the customer network (CE) and the service provider network (PE).Network-to-Network Interface — internal provider interface connecting different network segments such as access, aggregation, and core.External Network-to-Network Interface — interconnection between different service provider networks for services such as peering or inter-carrier VPN.HQ / Main Office (Hub)Core apps, servers, DCBranch Offices (Spoke)End users, LAN, Wi-FiVAS: Managed LANPublic IPs, behind CEVAS: FWA Backup4G/5G, behind CEVAS ADD-ONS ↓CE RoutereBGP/OSPF → PEOperator CPEBranch CEConfig via NSOManaged FWUTM / behind CEAccess SwitchEthernet / fibre handoffLast-mile transportAggregationMetro Ethernet / DSLAMMicrowave / FWARural / backup accessP Routers (Core)PE RouterVRF / MP-BGP / MPLSSOMNetwork InventoryPhysical + logical (EAI)ROM (Cisco NSO)Activates resources → PE/CEIPAMPublic + private IPsITSM / CMDBCIs & SLA trackingAssurance / SLAMonitoring & faultsNSO activates network resources via NETCONF/YANG: customer access circuit, CE-PE interface/sub-interface, VLAN/802.1Q tagging, VRF, Route Distinguisher (RD), Route Targets (RT import/export), CE-PE BGP neighbor, MP-BGP VPNv4/VPNv6 configuration.Internet PeeringVAS internet breakoutPartner / Wholesale3rd-party access circuitsInter-Carrier VPNMulti-operator MPLS

Enterprise VPN Sites

HQ and branch offices with LAN. Each site connects via CE router. VAS products (managed LAN, managed firewall, FWA backup) may require public IP allocation for internet breakout or management.

CE Router (CPE)

Customer Edge router at each site. Operator-supplied, runs BGP/OSPF peering with the PE. Configured remotely via NSO.

MPLS Backbone

Operator MPLS core with P routers and label-switched paths. VRFs on PE routers provide per-customer traffic isolation.

PE Routers & NSO

PE routers host per-customer VRFs. NSO automates VRF, interface, and routing config across all PE/CE devices.

BSS/OSS Enablers

SOM orchestrates fulfilment, ROM configures resources. Network Inventory (EAI) provides topology. IPAM allocates IPs. ITSM/CMDB tracks CIs and SLAs.

Provisioning Workflow

Step-by-step orchestration flow — click any step to view systems, inputs/outputs, and eTOM mapping.

Interactive Flow Steps

BSSOSSPartnerBSS+OSS

Tap any step to view details, systems, and eTOM mapping.

Step-to-eTOM Mapping

eTOM L2 CapabilitySteps
CRM & Retention Management
Selling
Order Handling
Service Configuration & Activation
Resource Provisioning
Billing & Revenue Management
Service Quality Management