No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VLL FRR

Configuring VLL FRR

You can configure VLL FRR to provide link-layer protection to improve reliability for VLL networks.

Context

Only the Martini VLL modes support VLL FRR. VLL FRR is mainly used in a CE asymmetrical networking, as shown in Figure 10-17.
Figure 10-17  CE asymmetrical networking

In the networking:

  • The primary and secondary IP addresses need to be configured on the interface on the CE connected to the PE through a single link. When the primary link is available, the CE in the single-homed site uses the primary IP address to communicate with the remote CE. When a fault occurs on the primary link, this CE communicates with the remote CE by using the secondary IP address.

  • The secondary PW cannot transmit data when the primary and secondary paths work normally. On the CE in the dual-homed site, if the interface of the secondary PW borrows the IP address of the interface of the primary PW, the following situations occur:

    • The policy of none revertive switching cannot be configured.

    • The local CE has two equal-cost and direct routes to the remote CE. The destination addresses and next hops of the two routes are the same. Actually, the route that passes through the secondary PW is invalid.

    • If CEs exchange routing information by using routing protocols, you need to modify the cost or metric of the AC interface of the secondary path to be greater than that of the AC interface of the primary path. The local CE cannot communicate with the peer CE, but can communicate with other user devices.

    • If CEs use static routes to exchange routing information, you need to modify the preference of the backup route to be lower than that of the primary route (the greater the value, the lower the preference) by using the ip route-static dest-ip-address mask out-interface preference preference-value command.

Pre-configuration Tasks

Before configuring VPN FRR, complete the following tasks:

  • Configuring basic VLL functions

  • Configuring CEs to exchange routing information by using routing protocols or static routes

  • Setting up a tunnel (GRE tunnel, LSP tunnel, or TE tunnel) between the PEs

    You also need to configure tunnel policies when VLL services need to be transmitted over TE tunnels or when VLL services need to be load balanced among multiple tunnels to fully use network resources. For details, see step 1 in Configuring and Applying a Tunnel Policy.

Configuration Procedure

Some of the following operations are optional. Perform the operations in the following sequence.

Configuring Primary and Secondary PWs

Context

You can configure primary and secondary PWs for PW backup on a network. VLL FRR uses redundant networking to improve L2VPN reliability. When a PW or PE device fails, VLL FRR fast switches traffic to a backup link. VLL FRR is only supported by the Martini modes.

Perform the following configurations on the PEs.

Procedure

  • Configure primary and secondary PWs for the Martini VLL.
    1. Run system-view

      The system view is displayed.

    2. Run mpls l2vpn

      The MPLS L2VPN view is displayed.

    3. Run quit

      Return to the system view.

    4. Run interface interface-type interface-number

      The AC interface view is displayed.

      The PE devices to which CE device is dual-homed must use a main interface as the AC interface.

    5. Run mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ tunnel-policy policy-name | [ control-word | no-control-word ] | [ raw | tagged ] | mtu mtu-value ] *

      The primary PW is configured.

    6. (Optional) Run mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ tunnel-policy policy-name | [ control-word | no-control-word ] | [ raw | tagged ] | mtu mtu-value ] * secondary

      The secondary PW is configured.

      If a CE device is single-homed to a PE device, configure primary and secondary PWs. If a CE device is dual-homed to two PE devices, configure the primary PW on each PE device.

      Primary and secondary PWs must have different VC IDs.

(Optional) Configuring Fast Fault Notification - OAM Mapping

Context

OAM mapping expedites the fault detection and notification on the AC end. OAM mapping can be configured on various types of links. To configure OAM mapping on Ethernet links, the PE and CE devices must support the Ethernet OAM function.

Choose either of the following procedures to configure OAM mapping according to the AC types.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The view of the AC interface is displayed.

  3. Run mpls l2vpn oam-mapping 3ah

    The fault mapping between the AC and the PW is enabled.

    NOTE:
    • The PW need be configured in homogeneous interworking mode when the AC is an Ethernet. Otherwise, the use device may learn a wrong outbound interface according to ARP.

    • Before running the mpls l2vpn oam-mapping 3ah command, you need configure Ethernet OAM on the AC link. For details, refer to "EFM Configuration" in the Huawei AR Series Access Routers Configuration Guide - Reliability.

    • If the mpls l2vpn oam-mapping command is configured, run the display mpls l2vc interface command to check the VC status. In the command output, "Local AC OAM State" indicates the status of the AC link; if the mpls l2vpn oam-mapping command is not configured, run the display mpls l2vc interface command to check the VC status. In the command output, "Local AC OAM State" is always Up, and has no relationship with the AC link status.

(Optional) Configuring BFD for PW

Context

BFD for PW is recommended because it speeds up fault detection.

Procedure
For details, see the following topics.
NOTE:
  • BFD for PW on both PEs at the two ends must be configured or deleted simultaneously. Otherwise, the statuses of PWs on the PEs are inconsistent.
  • To monitor statuses of tunnels that carry PWs, configure BFD for tunnel. For detailed configurations, see "MPLS LDP Configuration" and "MPLS TE Configuration" in Huawei AR Series Access Routers Configuration Manual MPLS.

(Optional) Configuring a Revertive Switchover Policy

Context

Revertive switching policies are classified into the following types:

  • Immediate revertive switchover: When the primary PW recovers from a fault, the local PE switches traffic back to the primary PW immediately and notifies the peer PE on the secondary PW of the fault. In FRR mode, the local PE notifies the peer PE on the secondary PW of the recovery after a delay of resume-time. In PW redundancy master/slave mode, the parameter resume-time is not supported.

    This revertive switchover applies to scenarios in which users hope traffic to be restored as soon as possible.

  • Delayed revertive switchover: When the primary PW recovers from a fault, traffic is switched back to the primary PW after a period specified by delay-time. After traffic is switched back, the local device immediately notifies the peer device on the secondary PW of the fault. If resume-time is configured in FRR mode,  the local device notifies the peer device on the secondary PW of the recovery after a delay of resume-time.

    On a large-scale network, packet loss caused by incomplete route convergence may occur during the switchback. To prevent this problem, configure traffic to be switched back after a delay.

  • None revertive switchover: When the primary PW recovers from a fault, traffic is not switched back to the primary PW until the secondary PW becomes faulty.

    If you do not want traffic to be frequently switched between the primary and secondary PWs, you can use the non-revertive switchover.

By default, the delayed revertive switchover is performed.

A revertive switchover policy is configured on a PE. In asymmetric networking, if the active PW is faulty, the PE to which a CE is connected through a single link switches traffic. When the active PW is restored, configure a revertive switchover policy on this PE. The PE then processes traffic based on the configured revertive switchover policy.

Perform the following operations on the PE (where traffic is switched) to which the CE is connected through a single link.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The AC interface view is displayed.

  3. Run mpls l2vpn reroute { { delay delay-time | immediately } [ resume resume-time ] | never }

    The revertive switchover policy is configured.

    For an asymmetric networking with ACs of the Ethernet type, if the Ethernet OAM function is configured on the PE interface connected to a CE, and a revertive switching policy is also configured, do not set resume-time to 0 seconds. Set resume-time to 1 second or longer.

    NOTE:

    On the network where CEs are asymmetrically connected to PEs, the secondary PW cannot transmit data when the primary and secondary paths work normally. On the CE in the dual-homed site, if the interface of the secondary PW borrows the IP address of the interface of the primary PW, you cannot configure revertive switchover.

Verifying the VLL FRR Configuration

Context

After configuring VLL FRR, you can check information about local and remote PWs, BFD sessions, and L2VPN forwarding. You can also run the manual-set pw-ac-fault command to set faults on a PW to verify whether the switchover between the primary and secondary PWs is normal.

Procedure

  • Run the manual-set pw-ac-fault command on the primary PW to set faults on it to verify whether the switchover between the primary and secondary PWs is normal.
  • Run the display mpls l2vc [ vc-id | interface interface-type interface-number ] command to check information about the local end of the Martini VC.
  • Run the display mpls l2vc remote-info [ vc-id ] command to check information about the remote end of the Martini VC.
  • Run the display bfd session pw interface interface-type interface-number [ secondary ] [ verbose ] command to check information about the BFD session.
  • Run the display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-number command to check forwarding information about the L2VPN.
  • Run the display mpls l2vc oam-mapping [ interface interface-type interface-number ] command to check OAM mapping between ACs and PWs.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 141679

Downloads: 357

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next