No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - VPN

S9300, S9300E, and S9300X V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).


IP+VPN FRR ensures high reliability of traffic transmission between the CE and PEs. If a link between the CE and a PE fails, the PE can use IP+VPN FRR to switch traffic bound for the CE to the other PE for transmission.

After IP+VPN FRR is deployed, a PE stores a CE-bound VPNv4 cross route sent from its peer as a backup route for its local VPNv4 route, and generates an FRR entry. If the local VPNv4 route to the CE becomes unreachable, the PE will immediately select the backup route to transmit traffic to the CE. This ensures high reliability of traffic transmission between the PE and CE, bringing benefits of fast link switching, link multiplexing.

On the network shown in Figure 2-30, CE2 is dual-homed to PE2 and PE3. A BGP VPNv4 peer relationship is set up between PE2 and PE3. Each of the PEs sends its route that is bound for CE2 to the other PE. PE2 selects the local route, not the route sent from PE3, to transmit traffic to CE2. In normal situations, the traffic sent from PE2 to CE2 travels along link A.

If link A fails, route reselection is triggered on PE2. PE2 activates the VPNv4 cross route sent from PE3, switching the traffic bound for CE2 to link B. Route convergence is an important factor in this switchover mode, and the convergence time is determined by the number of VPN routes. The larger the number of VPN routes, the longer the route convergence time. Therefore, the link switchover time in this mode is varying and may fail to meet requirements if routers are heavily loaded.

Figure 2-30  Networking diagram for IP+VPN FRR

After IP+VPN FRR is deployed, PE2 stores the CE2-bound VPNv4 route that is sent from PE3 as a backup route for its local route bound for CE2, and generates an FRR entry. If link A fails, PE2 can quickly switch the traffic bound for CE2 to link B. The link switchover speed in IP+VPN FRR mode is very fast (within subseconds) because it depends on the fault detection speed on the PE, not on route convergence speed (this means that the number of VPN routes does not matter). Long-term service interruption is therefore prevented. If the fault on link A is cleared, routes on PE2 converge again, PE2 will preferentially select local routes but not the cross routes, and the traffic to CE2 is switched back to link A.

IP+VPN FRR includes IPv4+VPN FRR and IPv6+VPN FRR. The working principle and deployment method of IPv6+VPN FRR are similar to that of IPv4+VPN FRR.

Updated: 2019-08-21

Document ID: EDOC1000142068

Views: 113146

Downloads: 208

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next