No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Support Documentation

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VPN FRR

Configuring VPN FRR

In the networking of CE dual-homing, you can configure VPN FRR to ensure VPN service switchover to a secondary link when the primary link between PEs fails.

Pre-configuration Tasks

Before configuring VPN FRR, complete the following tasks:

Context

VPN FRR is used in PE multi-homing scenarios to enhance network reliability. As shown in Figure 7-41, if the primary link (Link A) between PE1 and ASBR1 fails, VPN FRR quickly switches traffic to the backup link (Link B) between PE1 and ASBR2 to minimize the impact of the link failure on VPN services.
Figure 7-41  VPN FRR networking

You can configure VPN FRR in either of the following modes:

  • Manual VPN FRR: Information such as the backup next hop is specified.

  • Auto VPN FRR: The backup next hop is unspecified, but a proper next hop is selected for the VPN route.

You can select either mode as required. If both of them are configured, manual VPN FRR has a higher priority. When manual VPN FRR fails, auto VPN FRR takes effect.
NOTE:

  • Configuring the lsp-trigger command on the P is not recommended when an LSP is created on the VPN backbone network. Use the default configuration on the P. Otherwise, VPN FRR switchback may fail.

  • To implement fast switching within milliseconds, configure BFD for LSPs. For details about BFD, see Configuring Static BFD to Detect an LDP LSP, Configuring Dynamic BFD for LDP LSPs and Configuring Static BFD for TE Tunnels in Huawei AR Series Access Routers Configuration Guide - MPLS. Perform the BFD configuration based on the tunnel used for forwarding VPN services.

  • In the L3VPN over GRE scenario, the device does not support VPN FRR function.

Perform the following steps on a PE device.

Procedure

  • Configure manual VPN FRR.
    1. Run system-view

      The system view is displayed.

    2. Run route-policy route-policy-name { permit | deny } node node

      The routing policy node is created and the routing policy view is displayed.

    3. Run apply backup-nexthop ip-address

      The backup next hop is configured.

    4. Run quit

      Return to the system view.

    5. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    6. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    7. Run vpn frr route-policy route-policy-name

      The VPN FRR is enabled.

  • Enable VPN auto FRR using a routing policy.
    1. Run system-view

      The system view is displayed.

    2. Run route-policy route-policy-name { permit | deny } node node

      The routing policy node is created and the routing policy view is displayed.

    3. Run apply backup-nexthop auto

      The auto mode is used.

    4. Run

      quit

      Return to the system view.

    5. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    6. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    7. Run vpn frr route-policy route-policy-name

      The VPN FRR is enabled.

  • (Optional) Add multiple VPNv4 routes to the VPN instance with a different RD from these routes' RDs.

    By default, if the RD of the VPN instance on the local PE is different from the RDs of the VPN instances on multiple remote PEs, and the RDs of the VPN instances on remote PEs are the same, the local PE adds only the optimal route to the VPN instance after receiving VPNv4 or VPNv6 routes with the same destination address from the remote PEs. As a result, load balancing or VPN FRR does not take effect. To resolve this problem, run the vpn-route cross multipath command on the local PE.

    1. Run system-view

      The system view is displayed.

    2. Run bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run vpn-route cross multipath

      Multiple VPNv4 routes are added to the VPN instance with a different RD from these routes' RDs.

  • (Optional) Disable VPN FRR in all VPN instances.

    To disable VPN FRR in a VPN instance, run the undo vpn frr command in the VPN instance view. However, if multiple VPN instances are configured on a PE and VPN FRR is enabled for each VPN instance, it is complex to disable VPN FRR one by one in these VPN instances.

    To address this problem, the device allows you to disable VPN FRR in all VPN instances using one command.

    1. Run system-view

      The system view is displayed.

    2. Run undo vpn frr all

      VPN FRR is disabled from all VPN instances.

Verifying the Configuration

All VPN FRR configurations are complete, run the display ip routing-table vpn-instance vpn-instance-name [ ip-address ] verbose command to check information about the backup next-hop PE, backup tunnel, and backup label.

Translation
简体中文
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 153236

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next
Enterprise APP

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.