No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)

Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)

Networking Requirements

As shown in Figure 10-23, the MPLS network of an ISP provides the L2VPN service for users. All users connect to the MPLS network through PE1, PE2, and PE3, and new sites will be added in the future. A proper VPN solution is required to provide secure VPN services for users and to simplify configuration when new users connect to the network. In addition, this solution must ensure highly stable communication between CE1 and CE2.

Figure 10-23  Martini VLL FRR (asymmetrically connected CEs)

Configuration Roadmap

VLL FRR can be configured to ensure highly stable communication between CE1 and CE2. If a few sites will be added in the future, Martini VLL FRR can be configured.

The configuration roadmap is as follows:

  1. Configure OSPF on the backbone network to implement interworking between backbone devices.

  2. Set up an MPLS TE tunnel between PE1 and PE3, which will be used by the primary PW.

    Set up an MPLS LSP tunnel between PE1 and PE2, which will be used by the secondary PW.

  3. Configure a PW template on each PE to simplify the PW configuration. Configure a tunnel policy to enable the primary PW to use the MPLS TE tunnel.

  4. Configure BFD for PW between PE1 and PE2 and between PE1 and PE3 to quickly detect a PW fault.

  5. Configure Ethernet in the First Mile (EFM) between CE2 and PE2, and PE3 and CE2 to detect link connectivity.

  6. Enable OAM mapping on the PEs so that L2VPN traffic can be quickly switched to the secondary PW. When fault on the primary PW is recovered, L2VPN traffic can be switched back to the primary PW.

  7. Configure association between EFM and interfaces on CE2. When EFM detects a PW fault, the interface is logically Down, quickly switching traffic to a right forwarding path.

  8. Set the revertive switchover policy to immediate switchover on PE1 to prevent data loss because CE2 can quickly detect a PW fault.

Procedure

  1. Assign IP addresses to interfaces.

    # Configure PE1. The configuration on P, PE2, PE3, CE1, and CE2 is similar to the configuration on PE1 and is not mentioned here.

    <Huawei> system-view
    [Huawei] sysname PE1
    [PE1] interface gigabitethernet 1/0/0
    [PE1-GigabitEthernet1/0/0] ip address 172.1.1.1 255.255.255.0
    [PE1-GigabitEthernet1/0/0] quit
    [PE1] interface gigabitethernet 2/0/0
    [PE1-GigabitEthernet2/0/0] ip address 172.2.1.1 255.255.255.0
    [PE1-GigabitEthernet2/0/0] quit
    [PE1] interface loopback 1
    [PE1-LoopBack1] ip address 1.1.1.9 255.255.255.255
    [PE1-LoopBack1] quit
    

  2. Configure an IGP protocol on the MPLS backbone network so that the PE and P devices can communicate with each other.

    # Configure PE1. The configuration on P, PE2, and PE3 is similar to the configuration on PE1 and is not mentioned here.

    [PE1] ospf 1
    [PE1-ospf-1] area 0
    [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
    [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
    [PE1-ospf-1-area-0.0.0.0] quit
    [PE1-ospf-1] quit

    After completing the configuration, run the display ip routing-table command on each PE. The command output shows that PE1 and PE2, and PE1 and PE3 have learned the routes to each other's Loopback1 interface.

  3. Enable MPLS on backbone devices to set up an MPLS TE tunnel between PE1 and PE3 and an LDP LSP between PE1 and PE2.

    • Set up an MPLS TE tunnel between PE1 and PE3.

      # Configure PE1.

      [PE1] mpls lsr-id 1.1.1.9
      [PE1] mpls
      [PE1-mpls] mpls te
      [PE1-mpls] mpls rsvp-te
      [PE1-mpls] mpls te cspf
      [PE1-mpls] quit
      [PE1] ospf 1
      [PE1-ospf-1] opaque-capability enable
      [PE1-ospf-1] area 0
      [PE1-ospf-1-area-0.0.0.0] mpls-te enable
      [PE1-ospf-1-area-0.0.0.0] quit
      [PE1-ospf-1] quit
      [PE1] interface gigabitethernet 2/0/0
      [PE1-GigabitEthernet2/0/0] mpls
      [PE1-GigabitEthernet2/0/0] mpls te
      [PE1-GigabitEthernet2/0/0] mpls rsvp-te
      [PE1-GigabitEthernet2/0/0] quit
      [PE1] interface tunnel 0/0/1
      [PE1-Tunnel0/0/1] ip address unnumbered interface loopback 1
      [PE1-Tunnel0/0/1] tunnel-protocol mpls te
      [PE1-Tunnel0/0/1] destination 3.3.3.9
      [PE1-Tunnel0/0/1] mpls te tunnel-id 100
      [PE1-Tunnel0/0/1] mpls te commit
      [PE1-Tunnel0/0/1] quit
      

      # Configure the P device.

      [P] mpls lsr-id 4.4.4.9
      [P] mpls
      [P-mpls] mpls te
      [P-mpls] mpls rsvp-te
      [P-mpls] quit
      [P] ospf 1
      [P-ospf-1] opaque-capability enable
      [P-ospf-1] area 0
      [P-ospf-1-area-0.0.0.0] mpls-te enable
      [P-ospf-1-area-0.0.0.0] quit
      [P-ospf-1] quit
      [P] interface gigabitethernet 1/0/0
      [P-GigabitEthernet1/0/0] mpls
      [P-GigabitEthernet1/0/0] mpls te
      [P-GigabitEthernet1/0/0] mpls rsvp-te
      [P-GigabitEthernet1/0/0] quit
      [P]interface gigabitethernet 2/0/0
      [P-GigabitEthernet2/0/0] mpls
      [P-GigabitEthernet2/0/0] mpls te
      [P-GigabitEthernet2/0/0] mpls rsvp-te
      [P-GigabitEthernet2/0/0] quit
      

      # Configure PE3.

      [PE3] mpls lsr-id 3.3.3.9
      [PE3] mpls
      [PE3-mpls] mpls te
      [PE3-mpls] mpls rsvp-te
      [PE3-mpls] mpls te cspf
      [PE3-mpls] quit
      [PE3] ospf 1
      [PE3-ospf-1] opaque-capability enable
      [PE3-ospf-1] area 0
      [PE3-ospf-1-area-0.0.0.0] mpls-te enable
      [PE3-ospf-1-area-0.0.0.0] quit
      [PE3-ospf-1] quit
      [PE3] interface gigabitethernet 1/0/0
      [PE3-GigabitEthernet1/0/0] mpls
      [PE3-GigabitEthernet1/0/0] mpls te
      [PE3-GigabitEthernet1/0/0] mpls rsvp-te
      [PE3-GigabitEthernet1/0/0] quit
      [PE3] interface tunnel 0/0/1
      [PE3-Tunnel0/0/1] ip address unnumbered interface loopback 1
      [PE3-Tunnel0/0/1] tunnel-protocol mpls te
      [PE3-Tunnel0/0/1] destination 1.1.1.9
      [PE3-Tunnel0/0/1] mpls te tunnel-id 101
      [PE3-Tunnel0/0/1] mpls te commit
      [PE3-Tunnel0/0/1] quit
      
    • Set up an LDP LSP between PE1 and PE2.

      # Configure PE1.

      [PE1] mpls ldp
      [PE1-mpls-ldp] quit
      [PE1] interface gigabitethernet 1/0/0
      [PE1-GigabitEthernet1/0/0] mpls
      [PE1-GigabitEthernet1/0/0] mpls ldp
      [PE1-GigabitEthernet1/0/0] quit

      # Configure PE2.

      [PE2] mpls lsr-id 2.2.2.9
      [PE2] mpls
      [PE2-mpls] quit
      [PE2] mpls ldp
      [PE2-mpls-ldp] quit
      [PE2] interface gigabitethernet 1/0/0
      [PE2-GigabitEthernet1/0/0] mpls
      [PE2-GigabitEthernet1/0/0] mpls ldp
      [PE2-GigabitEthernet1/0/0] quit

    After completing the configuration, run the display tunnel-info all command on the PEs. The command output shows that an MPLS TE tunnel has been set up between PE1 and PE3, and an LSP tunnel has been set up between PE1 and PE2.

    The display on PE1 is used as an example:

    [PE1] display tunnel-info all
     * -> Allocated VC Token                                                        
    Tunnel ID           Type                 Destination           Token            
    ----------------------------------------------------------------------          
    0x1                 cr lsp                3.3.3.9                1              
    0x2                 lsp                   3.3.3.9                2              
    0x3                 lsp                   2.2.2.9                3              
    0x4                 lsp                   2.2.2.9                4              

  4. Create a remote LDP session between PE1 and PE3.

    When configuring a remote LDP session, specify the loopback interface address of the LDP remote peer as the IP address.

    NOTE:

    PE1 and PE2 in this example are directly connected; therefore, you do not need to configure a remote LDP session between them.

    # Configure PE1.

    [PE1] mpls ldp remote-peer 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] remote-ip 3.3.3.9
    [PE1-mpls-ldp-remote-3.3.3.9] quit

    # Configure PE3.

    [PE3] mpls ldp
    [PE3-mpls-ldp] quit
    [PE3] mpls ldp remote-peer 1.1.1.9
    [PE3-mpls-ldp-remote-1.1.1.9] remote-ip 1.1.1.9
    [PE3-mpls-ldp-remote-1.1.1.9] quit

    After completing the configuration, run the display mpls ldp session command on the PEs. The command output shows that the status of the remote LDP peer relationship is Operational. This indicates that remote LDP session has been set up.

    The display on PE1 is used as an example:

    [PE1] display mpls ldp session
                                                                                    
     LDP Session(s) in Public Network                                               
     Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)                  
     A '*' before a session means the session is being deleted.                     
     ------------------------------------------------------------------------------ 
     PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv            
     ------------------------------------------------------------------------------ 
     2.2.2.9:0         Operational DU   Passive  0000:00:02  9/9                   
     3.3.3.9:0         Operational DU   Passive  0000:00:00  1/1                   
     ------------------------------------------------------------------------------ 
     TOTAL: 2 session(s) Found.

  5. Configure tunnel policies on the PEs.

    # Configure PE1.

    [PE1] tunnel-policy p1
    [PE1-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1
    [PE1-tunnel-policy-p1] quit

    # Configure PE3.

    [PE3] tunnel-policy p1
    [PE3-tunnel-policy-p1] tunnel select-seq cr-lsp load-balance-number 1
    [PE3-tunnel-policy-p1] quit

  6. Use a PW template to create PWs on the PEs.

    Create primary and secondary PWs on PE1. Create a PW on each of PE2 and PE3.

    # Configure PE1.

    [PE1] mpls l2vpn
    [PE1-l2vpn] quit
    [PE1] pw-template 1to2
    [PE1-pw-template-1to2] peer-address 2.2.2.9
    [PE1-pw-template-1to2] control-word
    [PE1-pw-template-1to2] quit
    [PE1] pw-template 1to3
    [PE1-pw-template-1to3] peer-address 3.3.3.9
    [PE1-pw-template-1to3] control-word
    [PE1-pw-template-1to3] quit
    [PE1] interface gigabitethernet 3/0/0
    [PE1-GigabitEthernet3/0/0] mpls l2vc pw-template 1to3 200 tunnel-policy p1
    [PE1-GigabitEthernet3/0/0] mpls l2vc pw-template 1to2 201 secondary
    [PE1-GigabitEthernet3/0/0] quit

    # Configure PE2.

    [PE2] mpls l2vpn
    [PE2-l2vpn] quit
    [PE2] pw-template 2to1
    [PE2-pw-template-2to1] peer-address 1.1.1.9
    [PE2-pw-template-2to1] control-word
    [PE2-pw-template-2to1] quit
    [PE2] interface gigabitethernet 2/0/0
    [PE2-GigabitEthernet2/0/0] mpls l2vc pw-template 2to1 201
    [PE2-GigabitEthernet2/0/0] quit

    # Configure PE3.

    [PE3] mpls l2vpn
    [PE3-l2vpn] quit
    [PE3] pw-template 3to1
    [PE3-pw-template-3to1] peer-address 1.1.1.9
    [PE3-pw-template-3to1] control-word
    [PE3-pw-template-3to1] quit
    [PE3] interface gigabitethernet 2/0/0
    [PE3-GigabitEthernet2/0/0] mpls l2vc pw-template 3to1 200 tunnel-policy p1
    [PE3-GigabitEthernet2/0/0] quit

  7. Configure devices to ensure network connectivity.

    Configure two default routes on CE2, specify GE1/0/0 and GE2/0/0 as outbound interfaces, and assign preference to the route with GE1/0/0 as the outbound interface.

    # Configure CE2.

    [CE2] ip route-static 0.0.0.0 0.0.0.0 gigabitethernet 1/0/0 192.168.1.2
    [CE2] ip route-static 0.0.0.0 0.0.0.0 gigabitethernet 2/0/0 192.168.2.2 preference 100
    

  8. Configure BFD for PW on the PEs.

    # Configure PE1.

    [PE1] bfd
    [PE1-bfd] quit
    [PE1] bfd pe1tope3 bind pw interface gigabitethernet 3/0/0
    [PE1-bfd-lsp-session-pe1tope3] discriminator local 100
    [PE1-bfd-lsp-session-pe1tope3] discriminator remote 200
    [PE1-bfd-lsp-session-pe1tope3] min-tx-interval 100
    [PE1-bfd-lsp-session-pe1tope3] min-rx-interval 100
    [PE1-bfd-lsp-session-pe1tope3] commit
    [PE1-bfd-lsp-session-pe1tope3] quit
    [PE1] bfd pe1tope2 bind pw interface gigabitethernet 3/0/0 secondary
    [PE1-bfd-lsp-session-pe1tope2] discriminator local 101
    [PE1-bfd-lsp-session-pe1tope2] discriminator remote 201
    [PE1-bfd-lsp-session-pe1tope2] min-tx-interval 100
    [PE1-bfd-lsp-session-pe1tope2] min-rx-interval 100
    [PE1-bfd-lsp-session-pe1tope2] commit
    [PE1-bfd-lsp-session-pe1tope2] quit
    

    # Configure PE3.

    [PE3] bfd
    [PE3-bfd] quit
    [PE3] bfd pe3tope1 bind pw interface gigabitethernet 2/0/0
    [PE3-bfd-lsp-session-pe3tope1] discriminator local 200
    [PE3-bfd-lsp-session-pe3tope1] discriminator remote 100
    [PE3-bfd-lsp-session-pe3tope1] min-tx-interval 100
    [PE3-bfd-lsp-session-pe3tope1] min-rx-interval 100
    [PE3-bfd-lsp-session-pe3tope1] commit
    [PE3-bfd-lsp-session-pe3tope1] quit
    

    # Configure PE2.

    [PE2] bfd
    [PE2-bfd] quit
    [PE2] bfd pe2tope1 bind pw interface gigabitethernet 2/0/0
    [PE2-bfd-lsp-session-pe2tope1] discriminator local 201
    [PE2-bfd-lsp-session-pe2tope1] discriminator remote 101
    [PE2-bfd-lsp-session-pe2tope1] min-tx-interval 100
    [PE2-bfd-lsp-session-pe2tope1] min-rx-interval 100
    [PE2-bfd-lsp-session-pe2tope1] commit
    [PE2-bfd-lsp-session-pe2tope1] quit
    

    After completing the configuration, you can find that BFD sessions have been set up between PE1 and PE2, and between PE1 and PE3. Run the display bfd session all command on each PE. The command output shows that both BFD sessions are Up.

    The display on PE1 is used as an example:

    [PE1] display bfd session all
    --------------------------------------------------------------------------------
    Local Remote     PeerIpAddr      State     Type         InterfaceName           
    --------------------------------------------------------------------------------
    100   200        --.--.--.--     Up        S_PW(M)      GigabitEthernet3/0/0
    101   201        --.--.--.--     Up        S_PW(S)      GigabitEthernet3/0/0
    --------------------------------------------------------------------------------
         Total UP/DOWN Session Number : 2/0                                         

  9. Enable the OAM mapping function.

    Before enabling the OAM mapping function on the PEs, enable EFM on AC interfaces to detect link connectivity.

    1. Enable EFM to detect link connectivity.

      # Configure PE2. The configuration on PE3 and CE2 is similar to the configuration on PE2 and is not mentioned here.

      [PE2] efm enable
      [PE2] interface gigabitethernet 2/0/0
      [PE2-GigabitEthernet2/0/0] efm enable
      [PE2-GigabitEthernet2/0/0] quit
      

      After completing the configuration, run the display efm session all command on each device. You can find that the status of the EFM protocol on each interface is detect. The display on PE2 is used as an example:

      [PE2] display efm session all
        Interface                 EFM State                   Loopback Timeout        
        ----------------------------------------------------------------------        
        GigabitEthernet2/0/0      detect                      --                      

    2. Enable the OAM mapping function.

      # Configure PE2.

      [PE2] interface gigabitethernet 2/0/0
      [PE2-GigabitEthernet2/0/0] mpls l2vpn oam-mapping 3ah
      [PE2-GigabitEthernet2/0/0] quit
      

      # Configure PE3.

      [PE3] interface gigabitethernet 2/0/0
      [PE3-GigabitEthernet2/0/0] mpls l2vpn oam-mapping 3ah
      [PE3-GigabitEthernet2/0/0] quit
      

      After completing the configuration, run the display mpls l2vc oam-mapping interface command on each PE. The command output shows information about OAM mapping. You can find that the AC OAM status is Up. The display on PE2 is used as an example:

      [PE2] display mpls l2vc oam-mapping interface gigabitethernet 2/0/0
       AC OAM Info:                                                                   
        EOAM Type      : 802.3ah                                                      
        AC OAM State   : Up                                                           
        OAM-mapping    : Enable                                                       
       PSN info:                                                                      
        VC-ID          : 201                                                          
        VC status      : Primary                                                      
        Active State   : Active                                                       
        Link State     : Up                                                           
        BFD for PW     : Disable                                                      
        BFD for LSP    : 0    TunnelNum: 1    PSN State : up                          

  10. Configure association between EFM and interfaces.

    Configure association between EFM and interfaces on CE2. When EFM detects a PW fault, the interface is logically Down.

    # Configure CE2.

    [CE2] interface gigabitethernet 1/0/0
    [CE2-GigabitEthernet1/0/0] efm trigger if-down
    [CE2-GigabitEthernet1/0/0] quit
    [CE2] interface gigabitethernet 2/0/0
    [CE2-GigabitEthernet2/0/0] efm trigger if-down
    [CE2-GigabitEthernet2/0/0] quit
    

  11. Configure the revertive switchover policy.

    When the primary PW becomes faulty, GE1/0/0 on CE2 becomes Down. When the primary PW recovers, GE1/0/0 on CE2 becomes Up. If traffic is not switched back to the primary PW on PE1 immediately (delayed switchover is configured by default), data loss will occur.

    # Configure PE1.

    [PE1] interface gigabitethernet 3/0/0
    [PE1-GigabitEthernet3/0/0] mpls l2vpn reroute immediately
    [PE1-GigabitEthernet3/0/0] quit
    

  12. Verify the configuration.

    # After completing the configurations, run the display mpls l2vc interface command on PE1. You can find that primary and secondary PWs have been set up, the VC status for both is Up, the status of the primary PW is active, and the status of the secondary PW is inactive.

    [PE1] display mpls l2vc interface gigabitethernet 3/0/0
     *client interface        : GigabitEthernet3/0/0 is up
      Administrator PW       : no                                                   
      session state          : up                                                   
      AC status              : up                                                   
      Ignore AC state        : disable
      VC state               : up                                                   
      Label state            : 0                                                    
      Token state            : 0                                                    
      VC ID                  : 200                                                  
      VC type                : Ethernet                                             
      destination            : 3.3.3.9                                              
      local group ID         : 0            remote group ID      : 0                
      local VC label         : 1025         remote VC label      : 1024             
      local AC OAM State     : up                                                   
      local PSN OAM State    : up                                                   
      local forwarding state : forwarding                                           
      local status code      : 0x0                                                  
      remote AC OAM state    : up                                                   
      remote PSN OAM state   : up                                                   
      remote forwarding state: forwarding                                           
      remote status code     : 0x0                                                  
      ignore standby state   : no                                                   
      BFD for PW             : unavailable                                          
      VCCV State             : up                                                   
      manual fault           : not set                                              
      active state           : active                                               
      forwarding entry       : exist                                                
      link state             : up                                                   
      local VC MTU           : 1500         remote VC MTU        : 1500             
      local VCCV             : cw alert ttl lsp-ping bfd                            
      remote VCCV            : cw alert ttl lsp-ping bfd                            
      local control word     : enable       remote control word  : enable           
      tunnel policy name     : p1                                                   
      PW template name       : 1to3                                                 
      primary or secondary   : primary                                              
      load balance type      : flow                                                 
      Access-port            : false                                                
      Switchover Flag        : false                                                
      VC tunnel/token info   : 1 tunnels/tokens                                     
        NO.0  TNL type       : cr lsp, TNL ID : 0x1                                 
        Backup TNL type      : lsp   , TNL ID : 0x0                                 
      create time            : 0 days, 0 hours, 2 minutes, 25 seconds               
      up time                : 0 days, 0 hours, 0 minutes, 41 seconds               
      last change time       : 0 days, 0 hours, 0 minutes, 41 seconds               
      VC last up time        : 2013/12/20 20:13:46                                  
      VC total up time       : 0 days, 0 hours, 0 minutes, 41 seconds               
      CKey                   : 2                                                    
      NKey                   : 1                                                    
      PW redundancy mode     : frr                                                  
      AdminPw interface      : --                                                   
      AdminPw link state     : --                                                   
      Diffserv Mode          : uniform                                              
      Service Class          : --                                                   
      Color                  : --                                                   
      DomainId               : --                                                   
      Domain Name            : --                                                   
                                                                                    
     *client interface       : GigabitEthernet3/0/0 is up                           
      Administrator PW       : no                                                   
      session state          : up                                                   
      AC status              : up                                                   
      Ignore AC state        : disable
      VC state               : up                                                   
      Label state            : 0                                                    
      Token state            : 0                                                    
      VC ID                  : 201                                                  
      VC type                : Ethernet                                             
      destination            : 2.2.2.9                                              
      local group ID         : 0            remote group ID      : 0                
      local VC label         : 1026         remote VC label      : 1025             
      local AC OAM State     : up                                                   
      local PSN OAM State    : up                                                   
      local forwarding state : forwarding                                           
      local status code      : 0x0                                                  
      remote AC OAM state    : up                                                   
      remote PSN OAM state   : up                                                   
      remote forwarding state: forwarding                                           
      remote status code     : 0x0                                                  
      ignore standby state   : no                                                   
      BFD for PW             : unavailable                                          
      VCCV State             : up                                                   
      manual fault           : not set                                              
      active state           : inactive                                             
      forwarding entry       : exist                                                
      link state             : up                                                   
      local VC MTU           : 1500         remote VC MTU        : 1500             
      local VCCV             : cw alert ttl lsp-ping bfd                            
      remote VCCV            : cw alert ttl lsp-ping bfd                            
      local control word     : enable       remote control word  : enable           
      tunnel policy name     : --                                                   
      PW template name       : 1to2                                                 
      primary or secondary   : secondary                                            
      load balance type      : flow                                                 
      Access-port            : false                                                
      VC tunnel/token info   : 1 tunnels/tokens                                     
        NO.0  TNL type       : lsp   , TNL ID : 0x3                                 
        Backup TNL type      : lsp   , TNL ID : 0x0                                 
      create time            : 0 days, 0 hours, 2 minutes, 21 seconds               
      up time                : 0 days, 0 hours, 1 minutes, 34 seconds               
      last change time       : 0 days, 0 hours, 1 minutes, 34 seconds               
      VC last up time        : 2013/12/20 20:12:54                                  
      VC total up time       : 0 days, 0 hours, 1 minutes, 34 seconds               
      CKey                   : 4                                                    
      NKey                   : 3                                                    
      PW redundancy mode     : frr                                                  
      AdminPw interface      : --                                                   
      AdminPw link state     : --                                                   
      Diffserv Mode          : uniform                                              
      Service Class          : --                                                   
      Color                  : --                                                   
      DomainId               : --                                                   
      Domain Name            : --                                                   
                                                                                    
     reroute policy          : immediately, resume 10 s               
     reason of last reroute  : New LDP mapping message was received                 
     time of last reroute    : 0 days, 0 hours, 11 minutes, 12 seconds               
     delay timer ID          : --           residual time :--                       
     resume timer ID         : --           residual time :--                       
           
    

    # Run the display ip routing-table command on CE2. You can find that the outbound interface on CE2 for the default route is GE1/0/0. This indicates that traffic is transmitted along the primary path.

    # The display on CE2 is used as an example:

    [CE2] display ip routing-table 0.0.0.0
    Route Flags:
    R - relay, D - download to fib                                     
    ------------------------------------------------------------------------------  
    Routing Table : Public                                                          
    Summary Count : 1                                                               
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                    
            0.0.0.0/0   Static  60   0           D   192.168.1.2     GigabitEthernet1/0/0         

    # CE2 can ping address 192.168.3.1 of CE1 successfully.

    [CE2] ping 192.168.3.1
      PING 192.168.3.1: 56  data bytes, press CTRL_C to break                       
        Reply from 192.168.3.1: bytes=56 Sequence=1 ttl=255 time=2 ms               
        Reply from 192.168.3.1: bytes=56 Sequence=2 ttl=255 time=3 ms               
        Reply from 192.168.3.1: bytes=56 Sequence=3 ttl=255 time=2 ms               
        Reply from 192.168.3.1: bytes=56 Sequence=4 ttl=255 time=6 ms               
        Reply from 192.168.3.1: bytes=56 Sequence=5 ttl=255 time=6 ms               
                                                                                    
      --- 192.168.3.1 ping statistics ---                                           
        5 packet(s) transmitted                                                     
        5 packet(s) received                                                        
        0.00% packet loss                                                           
        round-trip min/avg/max = 2/3/6 ms                                           

    # Set the status of GE1/0/0 on PE3 to Down manually.

    [PE3] interface gigabitethernet 1/0/0
    [PE3-GigabitEthernet1/0/0] shutdown
    [PE3-GigabitEthernet1/0/0] quit

    # Run the display bfd session all command on PE1. The command output shows that the BFD session of the primary PW is Down.

    [PE1] display bfd session all
    --------------------------------------------------------------------------------
    Local Remote     PeerIpAddr      State     Type         InterfaceName           
    --------------------------------------------------------------------------------
    100   200        --.--.--.--     Down    S_PW(M)      GigabitEthernet3/0/0
    101   201        --.--.--.--     Up        S_PW(S)      GigabitEthernet3/0/0
    --------------------------------------------------------------------------------
         Total UP/DOWN Session Number : 1/1                                         

    # Run the display mpls l2vc interface command on PE1. You can find that the VC status of the primary PW changes to Down, the status of the primary PW changes to inactive, and the status of the secondary PW changes to active.

    [PE1] display mpls l2vc interface gigabitethernet 3/0/0
     *client interface        : GigabitEthernet3/0/0 is up
      Administrator PW       : no                                                   
      session state          : down                                                 
      AC status              : up                                                   
      Ignore AC state        : disable
      VC state               : down                                                 
      Label state            : 0                                                    
      Token state            : 0                                                    
      VC ID                  : 200                                                  
      VC type                : Ethernet                                             
      destination            : 3.3.3.9                                              
      local group ID         : 0            remote group ID      : 0                
      local VC label         : 1025         remote VC label      : 0                
      local AC OAM State     : up                                                   
      local PSN OAM State    : up                                                   
      local forwarding state : not forwarding                                       
      local status code      : 0x1                                                  
      BFD for PW             : unavailable                                          
      VCCV State             : up                                                   
      manual fault           : not set                                              
      active state           : inactive                                             
      forwarding entry       : not exist                                            
      link state             : down                                                 
      local VC MTU           : 1500         remote VC MTU        : 0                
      local VCCV             : cw alert ttl lsp-ping bfd                            
      remote VCCV            : none                                                 
      local control word     : enable       remote control word  : none             
      tunnel policy name     : p1                                                   
      PW template name       : 1to3                                                 
      primary or secondary   : primary                                              
      load balance type      : flow                                                 
      Access-port            : false                                                
      Switchover Flag        : false                                                
      VC tunnel/token info   : 0 tunnels/tokens                                     
        Backup TNL type      : lsp   , TNL ID : 0x0                                 
      create time            : 0 days, 0 hours, 44 minutes, 51 seconds              
      up time                : 0 days, 0 hours, 0 minutes, 0 seconds                
      last change time       : 0 days, 0 hours, 1 minutes, 27 seconds               
      VC last up time        : 2013/12/20 20:44:26                                  
      VC total up time       : 0 days, 0 hours, 28 minutes, 0 seconds               
      CKey                   : 2                                                    
      NKey                   : 1                                                    
      PW redundancy mode     : frr                                                  
      AdminPw interface      : --                                                   
      AdminPw link state     : --                                                   
      Diffserv Mode          : uniform                                              
      Service Class          : --                                                   
      Color                  : --                                                   
      DomainId               : --                                                   
      Domain Name            : --                                                   
                                                                                    
     *client interface       : GigabitEthernet3/0/0 is up                           
      Administrator PW       : no                                                   
      session state          : up                                                   
      AC status              : up                                                   
      Ignore AC state        : disable
      VC state               : up                                                   
      Label state            : 0                                                    
      Token state            : 0                                                    
      VC ID                  : 201                                                  
      VC type                : Ethernet                                             
      destination            : 2.2.2.9                                              
      local group ID         : 0            remote group ID      : 0                
      local VC label         : 1026         remote VC label      : 1025             
      local AC OAM State     : up                                                   
      local PSN OAM State    : up                                                   
      local forwarding state : forwarding                                           
      local status code      : 0x0                                                  
      remote AC OAM state    : up                                                   
      remote PSN OAM state   : up                                                   
      remote forwarding state: forwarding                                           
      remote status code     : 0x0                                                  
      ignore standby state   : no                                                   
      BFD for PW             : unavailable                                          
      VCCV State             : up                                                   
      manual fault           : not set                                              
      active state           : active                                               
      forwarding entry       : exist                                                
      link state             : up                                                   
      local VC MTU           : 1500         remote VC MTU        : 1500             
      local VCCV             : cw alert ttl lsp-ping bfd                            
      remote VCCV            : cw alert ttl lsp-ping bfd                            
      local control word     : enable       remote control word  : enable           
      tunnel policy name     : --                                                   
      PW template name       : 1to2                                                 
      primary or secondary   : secondary                                            
      load balance type      : flow                                                 
      Access-port            : false                                                
      VC tunnel/token info   : 1 tunnels/tokens                                     
        NO.0  TNL type       : lsp   , TNL ID : 0x3                                 
        Backup TNL type      : lsp   , TNL ID : 0x0                                 
      create time            : 0 days, 0 hours, 44 minutes, 47 seconds              
      up time                : 0 days, 0 hours, 44 minutes, 0 seconds               
      last change time       : 0 days, 0 hours, 44 minutes, 0 seconds               
      VC last up time        : 2013/12/20 20:12:54                                  
      VC total up time       : 0 days, 0 hours, 44 minutes, 0 seconds               
      CKey                   : 4                                                    
      NKey                   : 3                                                    
      PW redundancy mode     : frr                                                  
      AdminPw interface      : --                                                   
      AdminPw link state     : --                                                   
      Diffserv Mode          : uniform                                              
      Service Class          : --                                                   
      Color                  : --                                                   
      DomainId               : --                                                   
      Domain Name            : --                                                   
                                                                                    
     reroute policy          : immediately, resume 10 s                     
     reason of last reroute  : New LDP mapping message was received                 
     time of last reroute    : 0 days, 0 hours, 11 minutes, 58 seconds              
     delay timer ID          : --           residual time :--                       
     resume timer ID         : --           residual time :--                       

    # Run the display interface gigabitethernet 1/0/0 command on CE2 to check interface status. You can find that the Line protocol current state field is displayed as DOWN (EFM down), indicating that PE3 has notified CE2 of the primary PW fault.

    [CE2] display interface gigabitethernet 1/0/0
    GigabitEthernet1/0/0 current state : UP 
    Line protocol current state : DOWN (EFM down)                                   
    Description:...
    

    Check the routing table on CE2. You can find that the outbound interface of the default route has changed to GE2/0/0. This indicates that L2VPN traffic has been switched to the secondary path.

    [CE2] display ip routing-table 0.0.0.0
    Route Flags:
    R - relay, D - download to fib                                     
    ------------------------------------------------------------------------------  
    Routing Table : Public                                                          
    Summary Count : 1                                                               
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                    
            0.0.0.0/0   Static  100  0           D   192.168.2.2     GigabitEthernet2/0/0         

    # Remove the fault on GE1/0/0 on PE3 manually.

    [PE3] interface gigabitethernet 1/0/0
    [PE3-GigabitEthernet1/0/0] undo shudown
    [PE3-GigabitEthernet1/0/0] quit

    # Check the routing table on CE2. You can find that the outbound interface of the default route has changed to GE1/0/0. This indicates that L2VPN traffic has been switched back to the primary path.

    [CE2] display ip routing-table 0.0.0.0
    Route Flags:
    R - relay, D - download to fib                                     
    ------------------------------------------------------------------------------  
    Routing Table : Public                                                          
    Summary Count : 1                                                               
    Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface      
                                                                                    
            0.0.0.0/0   Static  60   0           D   192.168.1.2     GigabitEthernet1/0/0         

Configuration Files

  • Configuration file of CE1

    #
    sysname CE1
    #
    interface GigabitEthernet1/0/0
     ip address 192.168.1.2 255.255.255.0
     ip address 192.168.2.2 255.255.255.0 sub
    #
    interface GigabitEthernet2/0/0
     ip address 192.168.3.1 255.255.255.0
    #
    return
  • Configuration file of PE1

    #
    sysname PE1
    #
    bfd
    #
    mpls lsr-id 1.1.1.9
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    mpls l2vpn
    #
    pw-template 1to2
     peer-address 2.2.2.9
     control-word
    #
    pw-template 1to3
     peer-address 3.3.3.9
     control-word
    #
    mpls ldp
    #
    mpls ldp remote-peer 3.3.3.9
     remote-ip 3.3.3.9
    #
    interface GigabitEthernet1/0/0
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     ip address 172.2.1.1 255.255.255.0
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet3/0/0
     mpls l2vc pw-template 1to3 200 tunnel-policy p1
     mpls l2vc pw-template 1to2 201 secondary
     mpls l2vpn reroute immediately resume 10
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    interface Tunnel0/0/1
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 3.3.3.9
     mpls te tunnel-id 100
     mpls te commit
    #
    ospf 1              
     opaque-capability enable             
     area 0.0.0.0                         
      network 1.1.1.9 0.0.0.0                 
      network 172.1.1.0 0.0.0.255                    
      network 172.2.1.0 0.0.0.255                        
      mpls-te enable
    #
    tunnel-policy p1
     tunnel select-seq cr-lsp load-balance-number 1
    #                    
    bfd pe1tope2 bind pw interface GigabitEthernet3/0/0 secondary                   
     discriminator local 101                                                        
     discriminator remote 201                                                       
     min-tx-interval 100 
     min-rx-interval 100    
     commit                                                                         
    #                                                                               
    bfd pe1tope3 bind pw interface GigabitEthernet3/0/0                             
     discriminator local 100                                                        
     discriminator remote 200                                                       
     min-tx-interval 100 
     min-rx-interval 100    
     commit
    #
    return
  • Configuration file of the P device

    #
    sysname P
    #
    mpls lsr-id 4.4.4.9
    mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet1/0/0
     ip address 172.2.1.2 255.255.255.0 
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet2/0/0
     ip address 172.3.1.1 255.255.255.0 
     mpls
     mpls te
     mpls rsvp-te
    #
    interface LoopBack1
     ip address 4.4.4.9 255.255.255.255
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 4.4.4.9 0.0.0.0                                                       
      network 172.2.1.0 0.0.0.255                                                   
      network 172.3.1.0 0.0.0.255 
      mpls-te enable
    #
    return
  • Configuration file of PE2

    #
    sysname PE2
    #
    efm enable 
    #
    bfd
    #
    mpls lsr-id 2.2.2.9
    mpls
    #
    mpls l2vpn
    #
    pw-template 2to1
     peer-address 1.1.1.9
     control-word
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     ip address 172.1.1.2 255.255.255.0 
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     mpls l2vc pw-template 2to1 201                                                 
     mpls l2vpn oam-mapping 3ah                                                     
     efm enable
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 2.2.2.9 0.0.0.0
      network 172.1.1.0 0.0.0.255
    #
    bfd pe2tope1 bind pw interface GigabitEthernet2/0/0          
     discriminator local 201                                                        
     discriminator remote 101                                                       
     min-tx-interval 100 
     min-rx-interval 100    
     commit                                                                         
    #
    return
  • Configuration file of PE3

    #
    sysname PE3
    #
    efm enable
    #
    bfd
    #
    mpls lsr-id 3.3.3.9
    mpls
     mpls te
     mpls rsvp-te
     mpls te cspf
    #
    mpls l2vpn
    #
    pw-template 3to1
     peer-address 1.1.1.9
     control-word
    #
    mpls ldp
    #
    mpls ldp remote-peer 1.1.1.9
     remote-ip 1.1.1.9
    #
    interface GigabitEthernet1/0/0
     ip address 172.3.1.2 255.255.255.0 
     mpls
     mpls te
     mpls rsvp-te
    #
    interface GigabitEthernet2/0/0
     mpls l2vc pw-template 3to1 200 tunnel-policy p1                                
     mpls l2vpn oam-mapping 3ah                                                     
     efm enable
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    interface Tunnel0/0/1
     ip address unnumbered interface LoopBack1
     tunnel-protocol mpls te
     destination 1.1.1.9
     mpls te tunnel-id 101
     mpls te commit
    #
    ospf 1
     opaque-capability enable
     area 0.0.0.0
      network 3.3.3.9 0.0.0.0                                                       
      network 172.3.1.0 0.0.0.255 
      mpls-te enable
    #
    tunnel-policy p1
     tunnel select-seq cr-lsp load-balance-number 1
    #
    bfd pe3tope1 bind pw interface GigabitEthernet2/0/0                   
     discriminator local 200                                                        
     discriminator remote 100                                                       
     min-tx-interval 100 
     min-rx-interval 100    
     commit                                                                         
    #
    return
  • Configuration file of CE2

    #
    sysname CE2
    #
    efm enable
    #
    interface GigabitEthernet1/0/0
     ip address 192.168.1.3 255.255.255.0
     efm enable
     efm trigger if-down
    #
    interface GigabitEthernet2/0/0
     ip address 192.168.2.3 255.255.255.0
     efm enable
     efm trigger if-down
    #
    ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet1/0/0 192.168.1.2
    ip route-static 0.0.0.0 0.0.0.0 GigabitEthernet2/0/0 192.168.2.2 preference 100 
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 153222

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next