No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VPN FRR

Configuring VPN FRR

Pre-configuration Tasks

Before configuring VPN FRR, complete the following tasks:

  • Configure basic BGP/MPLS IP VPN functions (OSPF between the PE and CE). For details, see Configuring Basic BGP/MPLS IP VPN Functions.
  • Generate two unequal-cost routes on the PE by setting different costs or metrics.

Context

VPN FRR is used in PE multi-homing scenarios to enhance network reliability. As shown in Figure 3-44, if the primary link (Link A) between PE1 and ASBR1 fails, VPN FRR quickly switches traffic to the backup link (Link B) between PE1 and ASBR2 to minimize the impact of the link failure on VPN services.
Figure 3-44  VPN FRR networking

You can configure VPN FRR in either of the following modes:
  • Manual VPN FRR: Information such as the backup next hop is specified.

  • Auto VPN FRR: The backup next hop is unspecified, but a proper next hop is selected for the VPN route.

You can select either mode as required. If both of them are configured, manual VPN FRR has a higher priority. When manual VPN FRR fails, auto VPN FRR takes effect.
NOTE:
  • Configuring the lsp-trigger command on the P is not recommended when an LSP is created on the VPN backbone network. Use the default configuration on the P. Otherwise, VPN FRR switchback may fail.

  • To implement fast switching within milliseconds, configure BFD for LSPs. For details about BFD, see Configuring Static BFD to Detect an LDP LSP, Configuring Dynamic BFD for LDP LSPs in "MPLS LDP Configuration" and Configuring Static BFD for TE Tunnels in "MPLS TE Configuration" in S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - MPLS. Perform the BFD configuration based on the tunnel used for forwarding VPN services.

Perform the following steps on a PE device.

Procedure

  • Configure manual VPN FRR.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      route-policy route-policy-name { permit | deny } node node

      The routing policy node is created and the routing policy view is displayed.

    3. Run:

      apply backup-nexthop ip-address

      The backup next hop is configured.

    4. Run:

      quit

      Return to the system view.

    5. Run:

      ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    6. Run:

      ipv4-family

      The VPN instance IPv4 address family view is displayed.

    7. Run:

      vpn frr route-policy route-policy-name

      The VPN FRR is enabled.

  • Enable VPN auto FRR using a routing policy.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      route-policy route-policy-name { permit | deny } node node

      The routing policy node is created and the routing policy view is displayed.

    3. Run:

      apply backup-nexthop auto

      The auto mode is used.

    4. Run:

      quit

      Return to the system view.

    5. Run:

      ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    6. Run:

      ipv4-family

      The VPN instance IPv4 address family view is displayed.

    7. Run:

      vpn frr route-policy route-policy-name

      The VPN FRR is enabled.

  • Enable VPN auto FRR without using a routing policy
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run:

      ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run:

      auto-frr

      VPN Auto FRR is enabled.

  • (Optional) Add multiple VPNv4 routes to the VPN instance with a different RD from these routes' RDs.

    By default, if the RD of the VPN instance on the local PE is different from the RDs of the VPN instances on multiple remote PEs, and the RDs of the VPN instances on remote PEs are the same, the local PE adds only the optimal route to the VPN instance after receiving VPNv4 or VPNv6 routes with the same destination address from the remote PEs. As a result, load balancing or VPN FRR does not take effect. To resolve this problem, run the vpn-route cross multipath command on the local PE.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run:

      ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run:

      vpn-route cross multipath

      Multiple VPNv4 routes are added to the VPN instance with a different RD from these routes' RDs.

  • (Optional) Disable VPN FRR in all VPN instances.

    To disable VPN FRR in a VPN instance, run the undo vpn frr command in the VPN instance view. However, if multiple VPN instances are configured on a PE and VPN FRR is enabled for each VPN instance, it is complex to disable VPN FRR one by one in these VPN instances.

    To address this problem, the device allows you to disable VPN FRR in all VPN instances using one command.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      undo vpn frr all

      VPN FRR is disabled from all VPN instances.

      NOTE:

      The undo vpn frr all command disables VPN FRR in all VPN instance views but does not disable VPN auto FRR in the BGP-VPN instance IPv4 address family view. To disable VPN auto FRR from a BGP-VPN instance IPv4 address family, run the undo auto-frr command in the BGP-VPN instance IPv4 address family view.

Checking the Configuration

All VPN FRR configurations are complete, run the display ip routing-table vpn-instance vpn-instance-name [ ip-address ] verbose command to check information about the backup next-hop PE, backup tunnel, and backup label.

Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000141944

Views: 70955

Downloads: 505

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next