No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring PWE3 FRR

Configuring PWE3 FRR

After PWE3 FRR is configured, the L2VPN traffic is rapidly switched to the secondary path when a fault occurs on the primary path. After the fault on the primary path is rectified, the L2VPN traffic is switched back to the primary path based on a revertive switchover policy.

Context

On the network where CEs are asymmetrically connected to PEs, the secondary PW cannot transmit data when the primary path and secondary path work properly. If the AC interface of the secondary PW borrows the IP address of the AC interface of the primary PW, note the following points:

  • The switching policy No revertive switchover cannot be configured.

  • The local CE has two equal-cost and direct routes to the remote CE. The destination addresses and next hops of the two routes are the same. The route that passes through the secondary PW is unreachable.

  • If the CEs exchange routing information using routing protocols, change the cost or metric value of the AC interface of the secondary path to a value greater than that of the AC interface of the primary path. The local CE may be unable to communicate with the remote CE, but can communicate with other remote user devices.

  • If CEs use static routes and the AC links are Ethernet links, BFD for static routes needs to be configured on CEs.

Pre-configuration Tasks

Before configuring PWE3 FRR, complete the following tasks:

  • Configuring primary and secondary PWs of the same type on the network where CEs are asymmetrically connected to PEs

  • Configuring CEs to exchange routing information using routing protocols or static routes

  • Setting up a tunnel (GRE tunnel, LSP tunnel, or TE tunnel) between the PEs

    You also need to configure tunnel policies when PWE3 services need to be transmitted over TE tunnels or when PWE3 services need to be load balanced among multiple tunnels to fully use network resources. For details, see step 1 in Configuring and Applying a Tunnel Policy.

Configuration Procedure

Perform the operations in the following sequence. You can determine whether to perform optional operations based on site requirements.

Configuring Primary and Secondary PWs

Context

You can configure primary and secondary PWs to protect services on the PWs.

  • On the network where CEs are symmetrically dual-homed to PEs, configure one primary PW for each of the primary and secondary paths. The primary and secondary paths can be configured with different types of PWs.

  • On the network where CEs are asymmetrically connected to PEs, configure primary and secondary PWs for the primary and secondary paths respectively. The primary and secondary PWs must be of the same type.

Devices support only dynamic primary and secondary PWs.

Perform the following operations on the two PEs of a PW.

Procedure

  1. Configure dynamic primary and secondary PWs on the PEs. For details, see Configuring a Dynamic PW.

    NOTE:
    • Primary and secondary PWs must have different VC IDs.

    • Primary and secondary PWs must use the same control word; otherwise, many packets may be lost during service switching.

  2. (Optional) Configure other primary and secondary PW functions.
    1. Run interface interface-type interface-number

      The AC interface view is displayed.

    2. Run mpls l2vpn stream-dual-receiving

      The primary and secondary PWs are configured to receive packets simultaneously.

      When PWE3 FRR is configured on a network, you must configure the primary and secondary PWs to receive packets simultaneously on the PE to which the PWs are single-homed, preventing packet loss during PW revertive switchover.

(Optional) Configuring Fast Fault Notification - OAM Mapping

Context

OAM mapping expedites the fault detection and notification on the AC end. OAM mapping can be configured on various types of links. To configure OAM mapping on Ethernet links, the PE and CE devices must support the Ethernet OAM function.

Choose either of the following procedures to configure OAM mapping according to the AC types.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The view of the AC interface is displayed.

  3. Run mpls l2vpn oam-mapping 3ah

    The fault mapping between the AC and the PW is enabled.

    NOTE:
    • The PW need be configured in homogeneous interworking mode when the AC is an Ethernet. Otherwise, the use device may learn a wrong outbound interface according to ARP.

    • Before running the mpls l2vpn oam-mapping 3ah command, you need configure Ethernet OAM on the AC link. For details, refer to "EFM Configuration" in the Huawei AR Series Access Routers Configuration Guide - Reliability.

    • If the mpls l2vpn oam-mapping command is configured, run the display mpls l2vc interface command to check the VC status. In the command output, "Local AC OAM State" indicates the status of the AC link; if the mpls l2vpn oam-mapping command is not configured, run the display mpls l2vc interface command to check the VC status. In the command output, "Local AC OAM State" is always Up, and has no relationship with the AC link status.

(Optional) Configuring BFD for PW

Context

BFD for PW is recommended because it speeds up fault detection.

Procedure
For details, see the following topics.
NOTE:
  • BFD for PW on both PEs at the two ends must be configured or deleted simultaneously. Otherwise, the statuses of PWs on the PEs are inconsistent.
  • To monitor statuses of tunnels that carry PWs, configure BFD for tunnel. For detailed configurations, see "MPLS LDP Configuration" and "MPLS TE Configuration" in Huawei AR Series Access Routers Configuration Manual MPLS.

(Optional) Configuring a Revertive Switchover Policy

Context

Revertive switching policies are classified into the following types:

  • Immediate revertive switchover: When the primary PW recovers from a fault, the local PE switches traffic back to the primary PW immediately and notifies the peer PE on the secondary PW of the fault. In FRR mode, the local PE notifies the peer PE on the secondary PW of the recovery after a delay of resume-time. In PW redundancy master/slave mode, the parameter resume-time is not supported.

    This revertive switchover applies to scenarios in which users hope traffic to be restored as soon as possible.

  • Delayed revertive switchover: When the primary PW recovers from a fault, traffic is switched back to the primary PW after a period specified by delay-time. After traffic is switched back, the local device immediately notifies the peer device on the secondary PW of the fault. If resume-time is configured in FRR mode,  the local device notifies the peer device on the secondary PW of the recovery after a delay of resume-time.

    On a large-scale network, packet loss caused by incomplete route convergence may occur during the switchback. To prevent this problem, configure traffic to be switched back after a delay.

  • None revertive switchover: When the primary PW recovers from a fault, traffic is not switched back to the primary PW until the secondary PW becomes faulty.

    If you do not want traffic to be frequently switched between the primary and secondary PWs, you can use the non-revertive switchover.

By default, the delayed revertive switchover is performed.

A revertive switchover policy is configured on a PE. In asymmetric networking, if the active PW is faulty, the PE to which a CE is connected through a single link switches traffic. When the active PW is restored, configure a revertive switchover policy on this PE. The PE then processes traffic based on the configured revertive switchover policy.

Perform the following operations on the PE (where traffic is switched) to which the CE is connected through a single link.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The AC interface view is displayed.

  3. Run mpls l2vpn reroute { { delay delay-time | immediately } [ resume resume-time ] | never }

    The revertive switchover policy is configured.

    For an asymmetric networking with ACs of the Ethernet type, if the Ethernet OAM function is configured on the PE interface connected to a CE, and a revertive switching policy is also configured, do not set resume-time to 0 seconds. Set resume-time to 1 second or longer.

    NOTE:

    On the network where CEs are asymmetrically connected to PEs, the secondary PW cannot transmit data when the primary and secondary paths work normally. On the CE in the dual-homed site, if the interface of the secondary PW borrows the IP address of the interface of the primary PW, you cannot configure revertive switchover.

Verifying the PWE3 FRR Configuration

Prerequisites

All configurations about PWE3 FRR are complete.

After PWE3 FRR is configured, you can view information about the local and remote PWs, BFD sessions, L2VPN forwarding, and OAM mapping. You can also run the manual-set pw-ac-fault command to simulate faults on a PW to verify whether the switchover between the primary and secondary PWs is normal.

Procedure

  • Run the manual-set pw-ac-fault command on the interface of the primary PW to simulate faults on it to verify whether the switchover between the primary and secondary PWs is normal.
  • Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command to check information about the local PWs.
  • Run the display mpls l2vc remote-info [ vc-id ] command to check information about the remote PWs.
  • Run the display bfd session pw interface interface-type interface-number [ secondary ] [ verbose ] command to check information about the BFD session.
  • Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-number command to check the MPLS L2VPN forwarding information.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 152156

Downloads: 367

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next