No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IP+VPNv4 Hybrid FRR

Configuring IP+VPNv4 Hybrid FRR

Context

Hybrid FRR is used in CE dual-homing scenarios. If the next hop of the route from a PE to a CE is unreachable, hybrid FRR can quickly switch the route to the backup link. The traffic is then forwarded to the backup PE over a VPN tunnel and finally sent to the destination through IP forwarding on the private network.

IP+VPNv4 hybrid FRR can be configured in CE dual-homing scenarios to quickly switch traffic to the backup PE when the next hop of the route from a PE to a CE is unreachable.

As shown in Figure 3-43, IP+VPNv4 hybrid FRR is configured on PE2. Link A between PE2 and CE3 is the primary link, and Link B along PE2, PE3, and CE3 is the backup link. When PE2 detects that Link A is unreachable, it immediately switches VPN traffic to Link B and then performs other operations to trigger VPN route convergence. This minimizes impact of the link failure on VPN services.

Figure 3-43  Networking for IP+VPNv4 hybrid FRR

The device supports two ways to implement IP+VPNv4 hybrid FRR, which is applicable to different networking environments and configured differently:

  • IP FRR: used when a routing protocol other than BGP is running between PE and CE devices.

  • BGP auto FRR: used when only BGP is running between PE and CE devices.

Perform the following configuration on PE devices to which a CE is dual homed.

Procedure

  • Configure IP FRR.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      route-policy route-policy-name { permit | deny } node node

      A route-policy node is created, and the route-policy view is displayed.

    3. Run:

      apply backup-nexthop ipv4-address

      A backup next hop is specified.

      To ensure that the route can be iterated to the backup tunnel, set ipv4-address to the loopback interface address of the peer PE.

    4. Run:

      quit

      Return to the system view.

    5. Run:

      ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    6. Run:

      ipv4-family

      The VPN instance IPv4 address family view is displayed.

    7. Run:

      ip frr route-policy route-policy-name

      IP FRR is enabled.

  • Configure BGP auto FRR.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run:

      ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run:

      auto-frr

      BGP auto FRR is enabled for the BGP-VPN instance IPv4 address family.

Checking the Configuration

Run the display ip routing-table vpn-instance vpn-instance-name [ ip-address ] verbose command to check the backup next hop, backup tunnel, and backup label for a VPN route.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141944

Views: 110832

Downloads: 588

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next