No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



As networks develop rapidly, the time used for end-to-end service convergence if a fault occurs on a carrier's network has been used as an indicator to measure bearer network performance. MPLS TE Fast Reroute (FRR) is one of the commonly used fast switching technologies. The solution is to create an end-to-end TE tunnel between two PEs and a backup LSP that protects a primary LSP. When either of the PE devices detects that the primary LSP is unavailable because of a node or link failure, the PE switches the traffic to the backup LSP.

MPLS TE FRR protects services in the case of a link or node failure between two PE devices at both ends of a TE tunnel; however, MPLS TE FRR cannot protect services in the case of a PE device failure. If a fault occurs on the ingress or egress, services can only be restored through end-to-end route convergence and LSP convergence. The service convergence time is closely related to the number of routes inside an MPLS VPN and the number of LSP hops on the bearer network. The more VPN routes, the longer the service convergence time, and the more traffic is lost.

VPN FRR sets in advance on a remote PE device forwarding entries pointing to the active and standby PE devices, respectively. In collaboration with fast PE fault detection, VPN FRR can reduce end-to-end service convergence time if a fault occurs on an MPLS VPN where a CE device is dual-homed to two PE devices. In VPN FRR, service convergence time depends on only the time required to detect remote PE device faults and change tunnel status. VPN FRR enables the service convergence time to be irrelevant to the number of VPN routes on the bearer network.


Figure 7-27  Typical VPN FRR networking

As shown in Figure 7-27, normally, CE1 accesses CE2 over Link A. If PE2 is Down, CE1 accesses CE2 over Link B.
  • Based on the traditional BGP/MPLS VPN technology, both PE2 and PE3 advertise routes destined for CE2 to PE1, and assign VPN labels to these routes. PE1 then selects a preferred VPNv4 route based on the routing policy. In this example, the preferred route is the one advertised by PE2, and only the routing information, including the forwarding prefix, inner label, selected LSP, advertised by PE2 is filled in the forwarding entry of the forwarding engine to guide packet forwarding.
  • When PE2 fails, PE1 detects the fault of PE2 (the BGP peer relationship becomes Down or the outer LSP is unavailable). Then PE1 selects the route advertised by PE3 and updates the forwarding entry to complete end-to-end convergence. Before PE1 delivers the forwarding entry matching the route advertised by PE3, CE1 cannot communicate with CE2 for a certain period because the destination of the outer LSP, PE2, is Down. As a result, end-to-end services are interrupted.
  • VPN FRR is an improvement on the traditional reliability technology. VPN FRR enables PE1 to add the optimal route advertised by PE2 and the secondary optimal route advertised by PE3 to a forwarding entry. The optimal route is used for traffic forwarding, and the secondary optimal route is used as a backup route.
  • If a fault occurs on PE2, the MPLS LSP between PE1 and PE2 becomes unavailable. After detecting the fault, PE1 marks the corresponding entry in the LSP status table as unavailable, and delivers the setting to the forwarding table. After selecting a forwarding entry, the forwarding engine examines the status of the LSP corresponding to the forwarding entry. If the LSP is unavailable, the forwarding engine uses the second-best route carried in the forwarding entry to forward packets. After being tagged with the inner labels assigned by PE3, packets are transmitted to PE3 over the LSP between PE1 and PE3 and then forwarded to CE2. In this manner, fast end-to-end service convergence is implemented and traffic from CE1 to CE2 is restored.

VPN FRR performs fast switching based on inner labels. Outer tunnels can be LDP LSPs or RSVP TE tunnels. When the forwarding engine detects that the outer tunnel is unavailable, it triggers fast switching based on inner labels.

Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 154314

Downloads: 372

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next