| Internet-Draft | Enhanced L3SM for dynamic-L3VPN | February 2026 |
| Fu, et al. | Expires 15 August 2026 | [Page] |
This document defines extensions to the Layer 3 VPN Service Model (L3SM) defined in RFC8299 to support dynamic L3VPN services. The extensions enable (1) dynamic network provisioning with temporary connectivity, (2) dynamic bandwidth adjustment, and (3) integration of Slice Service Templates for enhanced Service Level Objective (SLO) specification. These capabilities address operational requirements for data-intensive workloads that are not supported by the base L3SM model, which assumes static connectivity and fixed bandwidth allocations.¶
This is the first submission of this document to the IETF, submitted on February 11, 2026. No pre-RFC5378 disclaimer is required as this submission is post-RFC5378.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 15 August 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 14 August 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
RFC 8299 defines the Layer 3 VPN Service Model (L3SM), which provides a customer-facing abstraction for Layer 3 VPN services. L3SM assumes relatively static service characteristics: persistent connectivity between fixed sites with bandwidth parameters specified at service creation time.¶
Operational experience with data-intensive workloads (e.g., large- scale data transfer, temporary compute clusters) has identified requirements not addressed by the base L3SM model:¶
Dynamic network provisioning: The ability to establish and tear down connectivity on demand, rather than maintaining persistent connections. Conventional L3VPN services must perform frequent network reconfigurations to support such dynamic networking. Frequent reconfigurations for dynamic networking may introduce potential risks to network stability and are generally unacceptable for network operations.¶
Dynamic bandwidth adjustment: The ability to modify bandwidth allocations within seconds or minutes, rather than through configuration changes that may take hours or days.¶
These operational requirements create corresponding gaps in the service model:¶
L3SM does not support temporary connectivity with explicit activation/deactivation time windows.¶
L3SM does not provide parameters for elastic bandwidth ranges or adjustment time constraints.¶
L3SM lacks integration with network slicing constructs (Slice Service Templates) needed for differentiated service tiers.¶
This document defines YANG augmentations to RFC 8299 to address these gaps. The extensions are designed to be backward compatible: implementations that do not require dynamic capabilities can ignore the new parameters.¶
The scope of this document is limited to service model extensions. Implementation details of underlying mechanisms (e.g., signaling protocols, encryption algorithms) are out of scope.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document uses the following terms:¶
AC: Attachment Circuit, as defined in [RFC9833].¶
CE: Customer Edge, as defined in [RFC4026].¶
COA: Change of Authorization, as defined in [RFC5176].¶
Dynamic-L3VPN: A Layer 3 VPN service supporting dynamic network provisioning and/or dynamic bandwidth adjustment.¶
L3SM: Layer 3 VPN Service Model, as defined in [RFC8299].¶
L3VPN: Layer 3 Virtual Private Network, as defined in [RFC4026].¶
PE: Provider Edge, as defined in [RFC4026].¶
Slice Service Template (SST): A reusable policy container defining Service Level Objectives (SLOs) and Service Level Expectations (SLEs) for network slices, as defined in [I-D.ietf-teas-ietf-network-slice-nbi-yang].¶
Several IETF Working Groups have developed multiple YANG modules in order to communicate between customers and network operators and to deliver VPN service. A set of these models is listed here:¶
[RFC8299] defines the Layer 3 Virtual Private Network Service Model (L3SM), which is used for communication between customers and service providers. This model provides an abstracted view of the Layer 3 IP VPN service configuration components. It will be up to the management system to take this model as input and use specific configuration models to configure the different network elements to deliver the service.¶
[RFC9834] documents a YANG Data Models for Bearers and Attachment Circuits as a Service for managing ACs that are exposed by a network to its customers. Exposing Attachment Circuits as a Service (ACaaS) greatly simplifies the provisioning of services delivered over an AC.¶
[RFC9061] defines YANG Data Models for Network Resource Partition (NRP), which is closely related to network slicing technology. The model provides a standardized way to model, provision and manage isolated network resource partitions, supporting the requirement of service-specific resource isolation, and is highly relevant to the network slicing capability designed in this document.¶
The dynamic-L3VPN service delivery example is shown in Figure 1. As an end-to-end service, dynamic-L3VPN connection may consist of multiple segments, which may be defined by different RFCs.¶
The dynamic-L3VPN can be established either between CEs or between CEs and DC-GWs.¶
+----------+
| Customer |
+-----+----+
|
Dynamic-L3VPN |
Service Models |
+-------+-------+
| Service |
| Orchestrator |
+-------+-------+
|
Network Models |
|
+-------+-----+
| Network |
| Controller |
+-----+-+-+---+
Device | | |
Configuration | | |
Models | | |
+---------------+ | +-----------+
| +----------+-------+ | +---------+
+--+--+ | | | | |
| CE1 +---+ +-----+ +----+ | +--+--+-+ |
+-----+ | | PE1 | |PE2 | +--+ DC-GW | DC |
+-----+ | +-----+ +----+ | +-----+-+ |
| CE2 +---+ | | |
+-----+ +------------------+ +---------+
The extensions are defined in the module ietf-l3vpn-svc-dynamic-ext, which augments the base L3SM module (ietf-l3vpn-svc) at the following locations:¶
/l3vpn-svc/vpn-profiles: Adds profiles for bandwidth adjustment ranges, and SLO/SLE templates.¶
/l3vpn-svc/sites/site: Adds temporary connection indicators, and effective time windows.¶
/l3vpn-svc/sites/site/site-network-accesses/site-network-access/ service: Adds dynamic bandwidth indicators and adjustment ranges.¶
/l3vpn-svc/sites/site/security/encryption: Adds quantum encryption parameters.¶
Figure 2 illustrates the module augmentation structure.¶
module: ietf-l3vpn-svc-dynamic-ext
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:vpn-profiles:
+--rw maximum-adjustment-profiles
| +--rw maximum-adjustment-profile* [id]
| +--rw id string
+--rw slo-sle-profiles
+--rw slo-sle-profile* [id]
+--rw id string
+--rw description? string
+--rw profile-ref? ->
/l3vpn-svc:l3vpn-svc
/vpn-profiles
/l3vpn-svc-dyn:maximum-adjustment-profiles
/maximum-adjustment-profile/id
+--rw slo-policy
| +--rw metric-bound* [metric-type]
| | +--rw metric-type identityref
| | +--rw metric-unit? string
| | +--rw value-description? string
| | +--rw percentile-value? uint8
| | +--rw bound? uint64
| +--rw availability? identityref
| +--rw mtu? uint32
+--rw sle-policy
+--rw security* identityref
+--rw isolation* identityref
+--rw max-occupancy-level? uint8
+--rw path-constraints
+--rw service-functions? string
+--rw diversity
+--rw diversity-type? identityref
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site:
+--rw temporary-connection-indicator? boolean
+--rw effective-time-window? yang:date-and-time
+--rw service
| +--rw qos
| +--rw qos-profile
| +--rw slo-sle-profile? ->
/l3vpn-svc:l3vpn-svc
/vpn-profiles
/l3vpn-svc-dyn:slo-sle-profiles
/slo-sle-profile/id
| +--rw qos-profile-enabled? boolean
+--rw security-encryption
+--rw quantum-encryption-enable? boolean
+--rw quantum-encryption-mode? uint8
+--ro quantum-encryption-status? enumeration
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site
/l3vpn-svc:site-network-accesses
/l3vpn-svc:site-network-access:
+--rw service
| +--rw dynamic-bandwidth-indicator? boolean
| +--rw effective-time-window? yang:date-and-time
| +--rw maximum-adjustment-bandwidth-range? ->
/l3vpn-svc:l3vpn-svc
/vpn-profiles
/l3vpn-svc-dyn:maximum-adjustment-profiles
/maximum-adjustment-profile/id
+--rw ip-connection-security
+--rw quantum-encryption-enable? boolean
+--rw quantum-encryption-mode? uint8
+--ro quantum-encryption-status? enumeration
+--rw service
+--rw qos
+--rw qos-profile
+--rw slo-sle-profile? ->
/l3vpn-svc:l3vpn-svc
/vpn-profiles
/l3vpn-svc-dyn:slo-sle-profiles
/slo-sle-profile/id
+--rw qos-profile-enabled? boolean
Requirement: Support on-demand establishment and release of VPN connectivity between specified endpoints, with activation times ranging from seconds (for pre-configured tunnels) to minutes (for configuration-driven setup).¶
Gap in [RFC8299]: L3SM assumes persistent connectivity; it provides no mechanism to specify temporary connections or activation time constraints.¶
Extensions:¶
temporary-connection-indicator: Boolean flag indicating whether a site connection is temporary (default false).¶
effective-time-window: Time range parameter specifying when the connection must be active. When sub-minute activation is required, this indicates that pre-configured tunnels with dynamic authorization (e.g., RADIUS COA [RFC5176]) should be used.¶
Requirement: Support modification of bandwidth allocations within customer-specified time windows, ranging from seconds to hours.¶
Gap in [RFC8299]: L3SM specifies static bandwidth parameters (input-bandwidth, output-bandwidth) without support for elastic ranges or adjustment constraints.¶
Extensions:¶
dynamic-bandwidth-indicator: Boolean flag indicating whether bandwidth adjustment is supported (default false).¶
maximum-adjustment-bandwidth-range (bandwidth context): Maximum allowed duration to complete a bandwidth modification¶
effective-time-window (bandwidth context): Maximum allowed duration to complete a bandwidth modification¶
Requirement: Enable binding of L3VPN services to predefined service tiers with specific performance guarantees (latency, bandwidth, isolation), decoupling service catalog definition from resource allocation.¶
Gap in [RFC8299]: L3SM provides basic QoS profiles but lacks integration with network slicing constructs and parameterized SLO/SLE specifications.¶
Extensions:¶
slo-sle-profile: Reference to a Slice Service Template defining quantitative SLOs (metric bounds, availability) and qualitative SLEs (security, isolation, path constraints).¶
The SLO/SLE profile structure aligns with [I-D.ietf-teas-ietf-network-slice-nbi-yang], enabling consistent policy application across VPN and slice services.¶
Requirement: Support quantum-safe encryption for high-security data transmission scenarios.¶
Gap in [RFC8299]: L3SM defines basic encryption enablement but lacks parameters for quantum key distribution (QKD) and post-quantum cryptography (PQC) integration.¶
Extensions:¶
This modules augments the L3SM.¶
module ietf-l3vpn-svc-dynamic-ext {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc-dynamic-ext";
prefix l3vpn-svc-dyn;
import ietf-l3vpn-svc {
prefix l3vpn-svc;
revision-date 2018-01-19;
}
import ietf-yang-types {
prefix yang;
revision-date 2013-07-15;
}
organization
"IETF ONSEN Working Group";
contact
"Editor: Fengchao Fu
<fufengc@chinatelecom.cn>
Cancan Huang
<huangcanc@chinatelecom.cn>
Bo Wu
<lana.wubo@huawei.com>
Chongfeng Xie
<xiechf@chinatelecom.cn>";
description
"This module defines extensions to the L3VPN service model
for supporting dynamic bandwidth adjustment, SLO/SLE profile
binding, quantum-safe encryption, and QoS enhancement.
Copyright (c) 2026 IETF Trust and the persons identified
as authors of the code.
All rights reserved.";
revision 2026-02-11 {
description
"Initial revision with dynamic bandwidth, SLO/SLE,
and quantum encryption extensions.
Compatible with RFC 7950 (YANG 1.1).";
reference "I-D: draft-fu-onions-update-l3sm-service-models-00";
}
identity metric-type-base {
description "Base identity for performance metric types";
}
identity latency {
base metric-type-base;
description "End-to-end latency metric";
}
identity bandwidth {
base metric-type-base;
description "Available bandwidth metric";
}
identity availability-level-base {
description "Base identity for service availability levels";
}
identity security-policy-base {
description "Base identity for security policy types";
}
identity isolation-level-base {
description "Base identity for isolation levels";
}
identity te-link-disjoint {
description "Link-disjoint path diversity
(IETF TE type semantics)";
}
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:vpn-profiles {
container maximum-adjustment-profiles {
description "Collection of maximum adjustment profiles
for dynamic bandwidth";
list maximum-adjustment-profile {
key "id";
description "Single maximum adjustment profile
for dynamic bandwidth";
leaf id {
type string;
description "Unique identifier
for the maximum adjustment profile";
}
}
}
container slo-sle-profiles {
description "Reusable SLO/SLE profiles
for Dynamic-L3VPN QoS binding";
list slo-sle-profile {
key "id";
description "SLO/SLE profile defining performance
and experience constraints";
leaf id {
type string;
description "Unique identifier for the SLO/SLE profile";
}
leaf description {
type string;
mandatory false;
description "Human-readable description
of the SLO/SLE profile";
}
leaf profile-ref {
type leafref {
path "/l3vpn-svc:l3vpn-svc/
l3vpn-svc:vpn-profiles/
l3vpn-svc-dyn:maximum-adjustment-profiles/
l3vpn-svc-dyn:maximum-adjustment-profile/id";
}
mandatory false;
description "Reference to an associated
network slice profile";
}
container slo-policy {
description "Service Level Objective (SLO)
policy constraints";
list metric-bound {
key "metric-type";
description "Bound on a specific performance metric";
leaf metric-type {
type identityref {
base metric-type-base;
}
description "Type of performance metric
(latency, bandwidth, etc.)";
}
leaf metric-unit {
type string;
description "Unit of measurement for the metric
(ms, Mbps, %)";
}
leaf value-description {
type string;
mandatory false;
description "Additional context for the metric value";
}
leaf percentile-value {
type uint8;
mandatory false;
description "Percentile for the metric bound (0-100)";
}
leaf bound {
type uint64;
mandatory false;
description "Threshold value
for the performance metric";
}
}
leaf availability {
type identityref {
base availability-level-base;
}
mandatory false;
description "Required service availability level
(99.999%, etc.)";
}
leaf mtu {
type uint32;
mandatory false;
description "Maximum Transmission Unit (bytes)
for the service";
}
}
container sle-policy {
description "Service Level Experience
(SLE) policy constraints";
leaf-list security {
type identityref {
base security-policy-base;
}
description "Security policies applied
(TLS 1.3, IPsec, etc.)";
}
leaf-list isolation {
type identityref {
base isolation-level-base;
}
description "Isolation requirements
(network, tenant, etc.)";
}
leaf max-occupancy-level {
type uint8;
mandatory false;
description "Maximum resource occupancy level
(0-255, percentage scale)";
}
container path-constraints {
description "Constraints on data path selection";
leaf service-functions {
type string;
description "Required service functions on the path
(firewall, IDS, etc.)";
}
container diversity {
description "Path diversity requirements
for redundancy";
leaf diversity-type {
type identityref {
base te-link-disjoint;
}
mandatory false;
description "Type of path disjointness
(link-disjoint)";
}
}
}
}
}
}
}
augment /l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site {
leaf temporary-connection-indicator {
type boolean;
default false;
description "Indicator if this site has
a temporary connection";
}
leaf effective-time-window {
type yang:date-and-time;
mandatory false;
when "../l3vpn-svc-dyn:temporary-connection-indicator
= 'true'";
description "Time window for temporary connection validity";
}
container service {
container qos {
container qos-profile {
leaf slo-sle-profile {
type leafref {
path "/l3vpn-svc:l3vpn-svc/
l3vpn-svc:vpn-profiles/
l3vpn-svc-dyn:slo-sle-profiles/
l3vpn-svc-dyn:slo-sle-profile/id";
}
mandatory false;
when "../qos-profile-enabled = 'true'";
description "Reference to SLO/SLE profile
for site-level QoS binding";
}
leaf qos-profile-enabled {
type boolean;
default false;
description "QoS profile enable flag";
}
}
}
}
container security-encryption {
leaf quantum-encryption-enable {
type boolean;
default false;
description "Enable quantum-resistant encryption
for site security";
}
leaf quantum-encryption-mode {
type uint8;
default 1;
mandatory false;
when "../quantum-encryption-enable = 'true'";
description "Quantum encryption mode
(1=default, 2=enhanced)";
}
leaf quantum-encryption-status {
type enumeration {
enum idle {
description "Quantum encryption not active";
}
enum active {
description "Quantum encryption in use";
}
enum error {
description "Quantum encryption error state";
}
}
config false;
description "Operational status of quantum encryption
(read-only)";
}
}
}
augment "/l3vpn-svc:l3vpn-svc/l3vpn-svc:sites/l3vpn-svc:site"
+"/l3vpn-svc:site-network-accesses"
+"/l3vpn-svc:site-network-access" {
container service {
leaf dynamic-bandwidth-indicator {
type boolean;
default false;
description "Enable dynamic bandwidth adjustment
for this service";
}
leaf effective-time-window {
type yang:date-and-time;
mandatory false;
when "../dynamic-bandwidth-indicator = 'true'";
description "Time window for dynamic bandwidth validity";
}
leaf maximum-adjustment-bandwidth-range {
type leafref {
path "/l3vpn-svc:l3vpn-svc
/l3vpn-svc:vpn-profiles
/l3vpn-svc-dyn:maximum-adjustment-profiles
/l3vpn-svc-dyn:maximum-adjustment-profile/id";
}
mandatory false;
when "../dynamic-bandwidth-indicator = 'true'";
description "Reference to maximum adjustment
bandwidth profile";
}
}
container ip-connection-security {
leaf quantum-encryption-enable {
type boolean;
default false;
description "Enable quantum-resistant encryption
for IP connection security";
}
leaf quantum-encryption-mode {
type uint8;
default 1;
mandatory false;
when "../quantum-encryption-enable = 'true'";
description "Quantum encryption mode
(1=default, 2=enhanced)";
}
leaf quantum-encryption-status {
type enumeration {
enum idle {
description "Quantum encryption not active";
}
enum active {
description "Quantum encryption in use";
}
enum error {
description "Quantum encryption error state";
}
}
config false;
description "Operational status of quantum encryption
(read-only)";
}
container service {
container qos {
container qos-profile {
leaf slo-sle-profile {
type leafref {
path "/l3vpn-svc:l3vpn-svc
/l3vpn-svc:vpn-profiles
/l3vpn-svc-dyn:slo-sle-profiles
/l3vpn-svc-dyn:slo-sle-profile/id";
}
mandatory false;
when "../qos-profile-enabled = 'true'";
description "Reference to SLO/SLE profile
for IP connection-level QoS binding";
}
leaf qos-profile-enabled {
type boolean;
default false;
description "QoS profile enable flag";
}
}
}
}
}
}
}
¶
This document requests IANA to register the following URI in the "IETF XML Registry":¶
URI: urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc-dynamic-ext Registrant Contact: The IESG XML: N/A; the requested URI is an XML namespace.¶
This document requests IANA to register the following YANG module in the "YANG Module Names" registry:¶
Name: ietf-l3vpn-svc-dynamic-ext Namespace: urn:ietf:params:xml:ns:yang:ietf-l3vpn-svc-dynamic-ext Prefix: l3vpn-svc-dyn Reference: RFC XXXX¶
The extensions defined in this document inherit the security considerations of RFC 8299.¶
Additional considerations:¶
Dynamic provisioning mechanisms (e.g., RADIUS COA) MUST be secured using mutual authentication and integrity protection.¶
Quantum encryption parameters are sensitive; access to these configuration nodes SHOULD be restricted to authorized administrators.¶
Communication between customers and service orchestrators SHOULD use TLS 1.3 or equivalent encryption.¶
The VPN instances on the PE devices may be pre-configured as defined in [RFC4364], with the VPN instance bound to an AC only when establishing end-to-end VPN connectivity. Alternatively, the VPN instance may also be dynamically configured via configuration commands based on customer requirements.¶
The dynamic-L3VPN service provisioning and lifecycle procedure is as follows, and we take customer A ordering dynamic-L3VPN service as an example.¶
+------------+ +---------+ +----+ +----+ +----------+
| Customer-A | | Ordering| | CE | | PE | | Network |
| | | System | | | | | |Controller|
+------------+ +---------+ +----+ +----+ +----+-----+
| | | | |
| 1. Register | | | |
+------------->| | | |
| | | | |
| 2. Submit VPN Service Info | | |
| (Peer, BW, Start, End) | | |
+------------->| | | |
| | | | |
| | 3. Configure CE | |
| +------------->| | |
| | | | |
| | | 4. Connect to PE |
| | +---------->| |
| | | | |
| | | 5. Bind AC to VPN
| | | |<-------------+
| | | | |
| 6. Submit Dynamic BW Request| | |
+------------->| | | |
| | | | |
| | 7. Update Bandwidth (PE) | |
| +------------------------->| |
| | | | |
| 8. Request Add User to VPN | | |
+------------->| | | |
| | | | |
| | 9. Config New CE & PE | |
| +------------------------->| |
| | | | |
| 10. Request Remove User | | |
+------------->| | | |
| | | | |
| | 11. Config: Remove AC | |
| +------------->| | |
| | | | |
| | 12. Config:Remove AC from PE |
| +------------------------->| |
| | | | |
The procedure consists of 12 key steps covering the full lifecycle of dynamic-L3VPN: registration, initial service provisioning, dynamic bandwidth adjustment, peer addition/removal, and resource cleanup. The Network Controller coordinates configuration across CEs and PEs to ensure end-to-end service delivery, while the Ordering System acts as the interface between customers and the network infrastructure. SRv6 (defined in [RFC8986] and [RFC9252]) may be used for path optimization in dynamic-L3VPN.¶
Customer A registers in the service ordering system.¶
Customer A enters VPN service parameters into the ordering system, including peer VPN customers, bandwidth requirement, start time, and end time, etc.¶
The Network controller provisions configuration to the CE devices of the involved customers.¶
Each CE device establishes a connection to its attached PE device.¶
The Network controller sends configuration or signaling to the PE devices to bind the customer's AC to the VPN instance.¶
Customer A submits an elastic bandwidth adjustment request via the ordering system.¶
The Network controller delivers configuration or signaling to the PE devices to modify the bandwidth of the VPN service.¶
Customer A submits a request via the ordering system to add one or more new customers to the VPN.¶
The Network controller provisions the new customers' CE device and sends configuration or signaling to the corresponding PE devices.¶
Customer A submits a request via the ordering system to remove one or more existing customers from the VPN.¶
The Network controller updates the configuration of the removed customers' CE devices.¶
The Network controller sends configuration or signaling to the corresponding PE devices to delete the associated AC from the VPN.¶
The authors wish to thank Mingjiang Fu, Zhuojun Huang, Zhenlin Tan, Wenkuan Qu of China Telecom for their contributions to the dynamic L3VPN operational requirements.¶