No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring RUI in Shared Address Pool Mode

Example for Configuring RUI in Shared Address Pool Mode

This section provides an example for configuring Redundancy User Information (RUI) in shared address pool mode.

Usage Scenario

With the rapid development of IP technologies, various value-added services are widely used on the Internet. Carrier-class services, such as emerging IPTV, NGN, 4G, VIP customers' leased line, and VPN interconnection, have high requirements for IP network reliability. IP network reliability for carrier-class services includes device, link, and network reliability. On a bearer network, the availability of a network device is required to reach 99.999%; that is, the device downtime in a year must be less than 5 minutes. High reliability is a basic requirement for carrier-class devices and must be considered by telecom carriers during network construction.

The NE40E functions as an edge router that carries multiple services. It is connected to a core network to implement Layer 3 routing functions and to the aggregation layer to terminate Layer 2 user packets for user access. The NE40E can carry multiple services, such as triple play services (HSI, VoIP, and IPTV). Therefore, The NE40E must have high reliability. The NE40E provides service-level high-reliability technologies. Non-stop data flow forwarding does not mean that user services are not interrupted. If a network node or link fails, user traffic is switched to a backup device. If user information is not synchronized to a backup device, user services are still interrupted. High reliability has been considered when the NE40E is designed to function as a network edge service aggregation and control device, which ensures that users' HSI, IPTV, and VoIP services are not interrupted if a network node or link fault occurs. RUI is designed to meet the preceding reliability requirements.

Requirements on Software and Hardware

  • Requirements on software: V800R009C00 or later
  • Requirements on hardware: User access boards are installed

Requirements on Interconnected Devices

  • Upstream device: There are no special requirements. The upstream device is generally a CR for route switching and supports MPLS and MPLS L3VPN. It is recommended that the upstream device be able to provide MPLS L2VPN capabilities. In multi-device backup scenarios, protection tunnels must be established. If no direct link can be deployed between NE40Es, a protection path must be established from the IP core network. An MPLS tunnel is ideal.
    NOTE:

    If the upstream device is a firewall, disable the IP spoofing attack defense function on the firewall.

  • Downstream device: An aggregation switch is used as the downstream device to learn MAC addresses from Layer 2 VLAN packets.

Solution Limitations

  • In shared address pool mode, an address pool (an IP network segment) is planned based on services. A service (for example, Internet access or VoIP service) corresponds to a domain's configuration. If terminals that go online through different access links have a service (for example, Internet access service), the terminals share address pool resources in a domain. This mode is called multi-link address pool sharing.
  • During the actual deployment, planning address pools based on links is difficult, because the number of public addresses is limited and dividing address pools causes address resource waste. Address pools can be divided based on authentication domains, which allows an address pool on the NE40E to be shared between links or backup groups. In this situation, forwarding control cannot be performed by advertising or withdrawing a network segment route of an address pool. To implement forwarding control, using a shared address pool and tunnel protection is recommended.

Networking Requirements

On the network shown in Figure 11-2, the user logs in to Device A and Device B through a LAN switch. The two Devices run VRRP to determine the master/backup status. Basic user access functions are configured on Device A and Device B so that the user goes online through the master device. If the master device or the link on the network or user side of the master device fails, service traffic needs to be quickly switched to the backup device.

Figure 11-2 Example for configuring RUI in shared address pool mode
NOTE:

Interface 1 interface 2 and interface 3 in this example are GE1/0/0, GE2/0/2 and GE1/0/2, respectively.



Device Interface IP Address
Device A Eth-Trunk3.501 192.168.254.2/29
Loopback 0 172.20.1.1/32
Loopback 10 172.20.1.3/32
Eth-Trunk 2 172.20.0.41/30
GE 1/0/0 172.20.0.33/30
GE 2/0/2 172.20.0.57/30
Device B Eth-Trunk3.501 192.168.254.3/29
Loopback 0 172.20.1.1/32
Loopback 10 172.20.1.2/32
Eth-Trunk 2 172.20.0.42/30
GE 1/0/0 172.20.0.34/30
GE 2/0/2 172.20.0.58/30

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure interfaces and assign IP addresses to them.

  2. Establish a dual-device backup platform.

  3. Configure IP address pool binding.

  4. Bind an RBP to an interface from which the user goes online.

  5. Configure routes to ensure IP connectivity between devices. For details, see HUAWEI NetEngine40E Universal Service Router Configuration Guide - IP Routing.

Data Preparation

To complete the configuration, you need the following data:

  • VRRP ID

  • IP address of each interface on routers that back up each other

  • Backup ID, which works together with an RBS to identify an RBP to which the user belongs

Procedure

  1. Configure interfaces for connecting Device A and Device B to the LAN switch, and assign IP addresses to them.

    The configuration on Device A is used in this example. The configuration on Device B is similar to that on Device A.

    [~DeviceA]interface GigabitEthernet1/0/3
    [*DeviceA-GigabitEthernet1/0/3] description ToJiaohuanji 
    [*DeviceA-GigabitEthernet1/0/3]undo shutdown 
    [*DeviceA-GigabitEthernet1/0/3] eth-trunk 3
    [*DeviceA-GigabitEthernet1/0/3] commit 
    [~DeviceA-GigabitEthernet1/0/3] quit 
    [~DeviceA]interface Eth-Trunk3
    [*DeviceA-Eth-Trunk3] description ToJiaohuanji 
    [*DeviceA-Eth-Trunk3] commit 
    [~DeviceA-Eth-Trunk3] quit 
    [~DeviceA]interface Eth-Trunk3.4001
    [*DeviceA-Eth-Trunk3.4001] control-vid 4001 dot1q-termination
    [*DeviceA-Eth-Trunk3.4001]dot1q termination vid 4001
    [*DeviceA-Eth-Trunk3.4001]ip address 192.168.254.2 255.255.255.248
    [*DeviceA-Eth-Trunk3.4001] commit 
    [~DeviceA-Eth-Trunk3.4001] quit 

  2. Configure IP addresses for loopback and interconnection interfaces on Device A and Device B.

    Configure IP addresses for loopback interfaces. The configuration on Device A is used in this example. The configuration on Device B is similar to that on Device A.

    [~DeviceA]interface loopback10
    [*DeviceA-loopback10]ip address 172.20.1.3 255.255.255.255
    [*DeviceA-loopback10] commit 
    [~DeviceA-loopback10] quit 
    [~DeviceA]interface loopback0
    [*DeviceA-loopback0]ip address 172.20.1.1 255.255.255.255
    [*DeviceA-loopback0] commit 
    [~DeviceA-loopback0] quit 

    Configure IP addresses for interconnection interfaces. The configuration on Device A is used in this example. The configuration on Device B is similar to that on Device A.

    [~DeviceA]interface GigabitEthernet1/0/2
    [*DeviceA-GigabitEthernet1/0/2] description Beiji
    [*DeviceA-GigabitEthernet1/0/2]undo shutdown 
    [*DeviceA-GigabitEthernet1/0/2] eth-trunk 2
    [*DeviceA-GigabitEthernet1/0/2] commit 
    [~DeviceA-GigabitEthernet1/0/2] quit 
    [~DeviceA]interface Eth-Trunk2
    [*DeviceA-Eth-Trunk2] description Beiji 
    [*DeviceA-Eth-Trunk2]ip address 172.20.0.41 255.255.255.252
    [*DeviceA-Eth-Trunk2] commit 
    [~DeviceA-Eth-Trunk2] quit 

  3. Establish a dual-device backup platform. The configuration on Device A is used in this example. The configuration on Device B is similar to that on Device A.

    NOTE:

    In this example, only RUI-related configurations are described. For other configurations, see the corresponding configuration guide.

    # Configure a BFD session on the access side to rapidly detect faults in interfaces or links and trigger a master/backup VRRP switchover. 192.168.254.3 is the IP address of Eth-Trunk 3.4001 on Device B.

    [~DeviceA] bfd 
    [*DeviceA-bfd] quit 
    [*DeviceA]bfd eth-trunk3-peer bind peer-ip 192.168.254.3 source-ip 192.168.254.2
    [*DeviceA-bfd-session-bfd] discriminator local 2 
    [*DeviceA-bfd-session-bfd] discriminator remote 3 
    [*DeviceA-bfd-session-bfd] commit 
    [~DeviceA-bfd-session-bfd] quit 

    # Configure a VRRP backup group on Eth-Trunk 3.4001, and configure the VRRP backup group to track the BFD session and network-side interface.

    [~DeviceA] interface Eth-Trunk3.4001
    [*DeviceA-Eth-Trunk3.4001] vrrp vrid 3 virtual-ip 192.168.254.1
    [*DeviceA-Eth-Trunk3.4001] admin-vrrp vrid 3
    [*DeviceA-Eth-Trunk3.4001]vrrp vrid 3 priority 120
    [*DeviceA-Eth-Trunk3.4001]vrrp vrid 3 preempt-mode timer delay 1200
    [*DeviceA-Eth-Trunk3.4001]vrrp vrid 3 track interface GigabitEthernet1/0/0 reduced 30
    [*DeviceA-Eth-Trunk3.4001]vrrp vrid 3 track bfd-session 2 peer
    [*DeviceA-Eth-Trunk3.4001] commit 
    [~DeviceA-Eth-Trunk3.4001] quit 
    NOTE:

    Different priorities must be configured for devices in a VRRP backup group. The device with a high priority is the master device.

    # Configure an RBS.

    [~DeviceA] remote-backup-service rbs_qhmd 
    [*DeviceA-rm-backup-rbs_qhmd] peer 172.20.1.2 source 172.20.1.3 port 2046
    [*DeviceA-rm-backup-rbs_qhmd] track interface GigabitEthernet1/0/0
    [*DeviceA-rm-backup-rbs_qhmd]track interface GigabitEthernet2/0/2
    [*DeviceA-rm-backup-rbs_qhmd]protect redirect ip-nexthop 172.20.0.42 interface Eth-Trunk2
    [*DeviceA-rm-backup-rbs_qhmd commit 
    [~DeviceA-rm-backup-rbs_qhmd] quit 
    NOTE:

    Ensure that the master and backup devices can ping each other.

    # Configure an RBP.

    [~DeviceA] remote-backup-profile rbp3 
    [*DeviceA-rm-backup-prf-rbp3] service-type bras 
    [*DeviceA-rm-backup-prf-rbp3] backup-id 3 remote-backup-service rbs_qhmd
    [*DeviceA-rm-backup-prf-rbp3] peer-backup hot 
    [*DeviceA-rm-backup-prf-rbp3] vrrp-id 3 interface Eth-Trunk3.4001
    [*DeviceA-rm-backup-prf-rbp3] nas logic-port Gigabitethernet 1/0/3
    [*DeviceA-rm-backup-prf-rbp3] nas logic-sysname zhuji
    [*DeviceA-rm-backup-prf-rbp3] nas logic-ip 172.20.1.1
    [*DeviceA-rm-backup-prf-rbp3] commit 
    [~DeviceA-rm-backup-prf-rbp3] quit 

  4. Configure IP address pool binding. The configuration on Device A is used in this example. The configuration on Device B is similar to that on Device A.

    # Configure an address pool.

    <HUAWEI> system-view
    [~HUAWEI] ip pool dmtjs_xi bas local
    [*HUAWEI-ip-pool-dmtjs_xi] gateway 192.168.1.1 255.255.255.0
    [*HUAWEI-ip-pool-dmtjs_xi] section 0 192.168.1.2 192.168.1.254 
    [*HUAWEI-ip-pool-dmtjs_xi] dns-server 192.168.1.1
    [*HUAWEI-ip-pool-dmtjs_xi] commit
    [~HUAWEI-ip-pool-dmtjs_xi] quit

    # Bind the address pool to the RBP.

    [~DeviceA] remote-backup-service rbs_qhmd
    [*DeviceA-rm-backup-service rbs_qhmd] ip-pool dmtjs_xi metric 10
    [*DeviceA-rm-backup-service rbs_qhmd] commit 
    [~HUAWEI-backup-service rbs_qhmd] quit

  5. Configure authentication and accounting policies for user access. The configuration on Device A is used in this example. The configuration on Device B is similar to that on Device A.

    <HUAWEI> system-view
    [~HUAWEI] aaa
    [*HUAWEI-aaa]  authentication-scheme wu
    [*HUAWEI-aaa-authen-wu] authentication-mode none
    [*HUAWEI-aaa-authen-wu] commit
    [~HUAWEI-aaa-authen-wu] quit
    [*HUAWEI-aaa]  accounting-scheme wu
    [*HUAWEI-aaa-accounting-wu] accounting-mode none
    [*HUAWEI-aaa-accounting-wu] commit
    [~HUAWEI-aaa-accounting-wu] quit
    [*HUAWEI-aaa]  domain dmtjs_xi
    [*HUAWEI-aaa-dmtjs_xi] authentication-scheme wu
    [*HUAWEI-aaa-dmtjs_xi] accounting-scheme wu
    [*HUAWEI-aaa-dmtjs_xi]  ip-pool dmtjs_xi
    [*HUAWEI-ip-pool-dmtjs_xi] commit
    [~HUAWEI-ip-pool-dmtjs_xi] quit

  6. Bind the RBP to Eth-Trunk3.501 from which users go online. The configuration on Device A is used in this example. The configuration on Device B is similar to that on Device A.

    [~DeviceA] interface Eth-Trunk3.501
    [*DeviceA-Eth-Trunk3.501] user vlan 1
    [*DeviceA-Eth-Trunk3.501-vlan-1-1] remote-backup-profile rbp3 
    [*DeviceA-Eth-Trunk3.501-vlan-1-1] quit
    [*DeviceA-Eth-Trunk3.501] bas
    [*DeviceA-Eth-Trunk3.501-bas]access-type layer2-subscriber default-domain authentication dmtjs_xi
    [*DeviceA-Eth-Trunk3.501-bas] authentication-method bind
    [*DeviceA-Eth-Trunk3.501-bas] commit 
    [~DeviceA-Eth-Trunk3.501-bas] quit 

  7. Configure advertisement of address pool routes. The configuration on Device A is used in this example. The configuration on Device B is similar to that on Device A.

    [~DeviceA] ospf 1
    [*DeviceA-ospf-1] import-route unr
    [*DeviceA-ospf-1] area 0
    [*DeviceA-ospf-1-area-0.0.0.0] network 172.20.1.1 0.0.0.0
    [*DeviceA-ospf-1-area-0.0.0.0] network 172.20.1.3 0.0.0.0
    [*DeviceA-ospf-1-area-0.0.0.0] network 172.20.0.32 0.0.0.3
    [*DeviceA-ospf-1-area-0.0.0.0] network 172.20.0.40 0.0.0.3
    [*DeviceA-ospf-1-area-0.0.0.0] network 172.20.0.56 0.0.0.3
    [*DeviceA-ospf-1-area-0.0.0.0] commit 
    [~DeviceA-ospf-1-area-0.0.0.0] quit 

  8. Verify the configuration.

    After successfully configuring the RBP, run the display remote-backup-profile command. The RBS type is bras. The RBP named rbp3 is bound to Eth-Trunk3.501 from which users go online. Device A is in the Master state.

    <DeviceA> display remote-backup-profile rbp3
    -----------------------------------------------
     Profile-Index        : 0x802
     Profile-Name         : rbp3
     Service              : bras
     Remote-backup-service: service1
     Backup-ID            : 10
     track protocol       : VRRP
     VRRP-ID              : 3
     VRRP-Interface       : Eth-Trunk3.4001
     Interface            : 
                           Eth-Trunk3.501
     State           	 : Master
     Peer-state      	 : Slave
     Backup mode          : hot
     Slot-Number          : 1
     Card-Number          : 0
     Port-Number          : 0
     Nas logic-port       : Gigabitethernet 1/0/3
     Nas logic-ip         : 172.20.1.1
     Nas logic-sysname    : zhuji
     Traffic interval     : 10(minutes)

    After successfully configuring the RBS, run the display remote-backup-service command. The TCP connection is in the Connected state.

    <DeviceA> display remote-backup-service rbs_qhmd 
    ----------------------------------------------------------
     Service-Index    : 0
     Service-Name     : rbs_qhmd
     TCP-State        : Connected
     Peer-ip          : 172.20.1.2 
     Source-ip        : 172.20.1.3 
     TCP-Port         : 2046
     Track-BFD        : --
     Track-interface0 : 1/0/0
                      Weight : 10
     Track-interface1 : 2/0/2
                      Weight : 10
     SSL-Policy-Name  : --
     SSL-State        : --
    Uplink state     : 2 (1:DOWN 2:UP)
     Domain-map-list  : --
    ----------------------------------------------------------
    
     ip pool:  
             dmtjs_xi metric 10
     ipv6 pool:  
     Failure ratio    : 100%
     Failure duration : 0 min
    --------------------------------------------------------

    After users go online, run the display backup-user command to view user information that is backed up.

    <DeviceA> display backup-user
      Remote-backup-service: rbs3
      Total Users Numer: 3
    ------------------------------------------------------------------------
     100     101     102    
    ------------------------------------------------------------------------
    

    Run the display access-user interface command to view online user information on a specified interface.

    <DeviceA> display access-user interface Eth-Trunk.501
    ------------------------------------------------------------------------------
      UserID  Username              Interface       IP address       MAC                   IPv6 address
      ------------------------------------------------------------------------------
      --------------------------------------------------------------------------
      100     user1@dmtjs_xi        Eth-Trunk.501   192.168.1.10     0002-0101-0101          -
      101     user2@dmtjs_xi        Eth-Trunk.501   192.168.1.9      0002-0101-0102          -
      102     user3@dmtjs_xi        Eth-Trunk.501   192.168.1.8      0002-0101-0103          -
      --------------------------------------------------------------------------
      Total users                        :3

Configuration Files

  • Device A configuration file

    #
     sysname DeviceA
    #
    router id 172.20.1.3
    #
    vlan batch 2 to 9 11 to 504 506 to 3999 4001 to 4094
    #
    bfd
    #
    ip pool dmtjs_xi bas local 
    gateway 192.168.1.1 255.255.255.0
    section 0 192.168.1.2 192.168.1.254 
    dns-server 192.168.1.1
    #
    aaa
     authentication-scheme wu
     authentication-mode none
     accounting-scheme wu 
    accounting-mode none
     domain dmtjs_xi 
     authentication-scheme wu 
     authentication-scheme wu
     ip-pool dmtjs_xi 
    #
    bfd eth-trunk3-peer bind peer-ip 192.168.254.3 source-ip 192.168.254.2
     discriminator local 2 
     discriminator remote 3 
    #
    interface GigabitEthernet1/0/3
    description ToJiaohuanji
    undo shutdown
    eth-trunk 3
    interface Eth-Trunk3.4001
     encapsulation 4001 dot1q-termination
     dot1q termination vid 4001
    ip address 192.168.254.2 255.255.255.248
    vrrp vrid 3 virtual-ip 192.168.254.1
     admin-vrrp vrid 3 
     vrrp vrid 3 priority 120 
     vrrp vrid 3 preempt-mode timer delay 1200
     vrrp vrid 3 track bfd-session 2 peer
     vrrp vrid 3 track interface GigabitEthernet1/0/0 reduced 30
    #
    interface LoopBack0
     ip address 172.20.1.1 255.255.255.255
    #
    interface LoopBack10
     ip address 172.20.1.3 255.255.255.255
    #
    interface GigabitEthernet1/0/0
    undo shutdown
     ip address 172.20.0.33 255.255.255.252
    #
    interface GigabitEthernet2/0/2
    undo shutdown
     ip address 172.20.0.57 255.255.255.252
    #
    interface GigabitEthernet1/0/2
    undo shutdown
    eth-trunk 2
    #
    interface Eth-Trunk2
    description Beiji
    ip address 172.20.0.41 255.255.255.252
    #
    remote-backup-service rbs_qhmd
     peer 172.20.1.2 source 172.20.1.3 port 2046
     track interface gigabitethernet 1/0/0 
     track interface gigabitethernet 2/0/2 
    protect redirect ip-nexthop 172.20.0.42 interface Eth-Trunk2
    ip-pool dmtjs_xi metric 10
    #
    remote-backup-profile rbp3 
     service-type bras
     backup-id 3 remote-backup-service rbs_qhmd
     peer-backup hot 
     vrrp-id 3 interface Eth-Trunk3.4001
     nas logic-port gigabitethernet1/0/3 
     nas logic-sysname zhuji 
     nas logic-ip 172.20.1.1 
    #
    interface Eth-Trunk3.501
     user-vlan 501 
     remote-backup-profile rbp3 
     bas 
      access-type layer2-subscriber default-domain authentication dmtjs_xi
      authentication-method bind 
     #
    #
    ospf 1
     import-route unr
     area 0.0.0.0
      network 172.20.0.32 0.0.0.3
      network 172.20.0.56 0.0.0.3
      network 172.20.0.40 0.0.0.3
      network 172.20.1.1 0.0.0.0
      network 172.20.1.3 0.0.0.0
    #
     return 
  • Device B configuration file

    #
     sysname DeviceB
    #
    router id 172.20.1.2
    #
    vlan batch 2 to 9 11 to 504 506 to 3999 4001 to 4094
    #
    bfd
    #
    ip pool dmtjs_xi bas local rui-slave
    gateway 192.168.1.1 255.255.255.0
    section 0 192.168.1.2 192.168.1.254 
    dns-server 192.168.1.1
    #
    aaa
     authentication-scheme wu
     authentication-mode none
     accounting-scheme wu 
    accounting-mode none
     domain dmtjs_xi 
     authentication-scheme wu 
     authentication-scheme wu
     ip-pool dmtjs_xi 
    #
    bfd eth-trunk3-peer bind peer-ip 192.168.254.2 source-ip 192.168.254.3
     discriminator local 3 
     discriminator remote 2 
    #
    interface GigabitEthernet1/0/3
    description ToJiaohuanji
    undo shutdown
    eth-trunk 3
    interface Eth-Trunk3.4001
     control-vid 4001 dot1q-termination
     dot1q termination vid 4001
    ip address 192.168.254.3 255.255.255.248
    vrrp vrid 3 virtual-ip 192.168.254.1
     admin-vrrp vrid 3 
     vrrp vrid 3 track bfd-session 3 peer
    #
    interface LoopBack0
     ip address 172.20.1.1 255.255.255.255
    #
    interface LoopBack10
     ip address 172.20.1.2 255.255.255.255
    #
    interface GigabitEthernet1/0/0
    undo shutdown
     ip address 172.20.0.34 255.255.255.252
    #
    interface GigabitEthernet2/0/2
    undo shutdown
     ip address 172.20.0.58 255.255.255.252
    #
    interface GigabitEthernet1/0/2
    undo shutdown
    eth-trunk 2
    #
    interface Eth-Trunk2
    description Zhuji
    ip address 172.20.0.42 255.255.255.252
    #
    remote-backup-service rbs_qhmd
     peer 172.20.1.3 source 172.20.1.2 port 2046
     track interface gigabitethernet 1/0/0
     track interface gigabitethernet 2/0/2
    protect redirect ip-nexthop 172.20.0.41 interface Eth-Trunk2
    ip-pool dmtjs_xi metric 20
    #
    remote-backup-profile rbp3 
     service-type bras
     backup-id 3 remote-backup-service rbs_qhmd
     peer-backup hot 
     vrrp-id 3 interface Eth-Trunk3.4001
     nas logic-port gigabitethernet1/0/3 
     nas logic-sysname zhuji 
     nas logic-ip 172.20.1.1 
    #
    interface Eth-Trunk3.501
     user-vlan 501 
     remote-backup-profile rbp3 
     bas 
      access-type layer2-subscriber default-domain authentication dmtjs_xi
      authentication-method bind 
     #
    #
    ospf 1
     import-route unr
     area 0.0.0.0
      network 172.20.0.32 0.0.0.3
      network 172.20.0.56 0.0.0.3
      network 172.20.0.40 0.0.0.3
      network 172.20.1.2 0.0.0.0
      network 172.20.1.3 0.0.0.0
    #
     return 
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17247

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next