Configuring VPN FRR
In the networking of CE dual-homing, you can configure VPN FRR to ensure VPN service switchover to a secondary link when the primary link between PEs fails.
Pre-configuration Tasks
Before configuring VPN FRR, complete the following tasks:
- Configuring Basic BGP/MPLS IP VPN Functions
-
Generating two unequal-cost routes on the PE by setting different costs or metrics
Context
Manual VPN FRR: Information such as the backup next hop is specified.
Auto VPN FRR: The backup next hop is unspecified, but a proper next hop is selected for the VPN route.
-
Configuring the lsp-trigger command on the P is not recommended when an LSP is created on the VPN backbone network. Use the default configuration on the P. Otherwise, VPN FRR switchback may fail.
-
To implement fast switching within milliseconds, configure BFD for LSPs. For details about BFD, see Configuring Static BFD to Detect an LDP LSP, Configuring Dynamic BFD for LDP LSPs and Configuring Static BFD for TE Tunnels in Huawei AR Series Access Routers Configuration Guide - MPLS. Perform the BFD configuration based on the tunnel used for forwarding VPN services.
- In the L3VPN over GRE scenario, the device does not support VPN FRR function.
Perform the following steps on a PE device.
Procedure
- Configure manual VPN FRR.
- Enable VPN auto FRR using a routing policy.
- (Optional) Add multiple VPNv4 routes to the VPN instance with a different RD from these routes' RDs.
By default, if the RD of the VPN instance on the local PE is different from the RDs of the VPN instances on multiple remote PEs, and the RDs of the VPN instances on remote PEs are the same, the local PE adds only the optimal route to the VPN instance after receiving VPNv4 or VPNv6 routes with the same destination address from the remote PEs. As a result, load balancing or VPN FRR does not take effect. To resolve this problem, run the vpn-route cross multipath command on the local PE.
- (Optional) Disable VPN FRR in all VPN instances.
To disable VPN FRR in a VPN instance, run the undo vpn frr command in the VPN instance view. However, if multiple VPN instances are configured on a PE and VPN FRR is enabled for each VPN instance, it is complex to disable VPN FRR one by one in these VPN instances.
To address this problem, the device allows you to disable VPN FRR in all VPN instances using one command.