No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Dual-device Hot Backup for Layer 3 Static IPv4 Users

Example for Configuring Dual-device Hot Backup for Layer 3 Static IPv4 Users

This section provides an example for configuring dual-device hot backup for Layer 3 static IPv4 users and a networking diagram for understanding usage scenarios and configuration procedures.

Usage Scenario

With the rapid development of IP technologies, various value-added services are widely used on the Internet. Carrier-class services, such as emerging IPTV, NGN, 4G, VIP customers' leased line, and VPN interconnection, place higher requirements on IP network reliability. IP network reliability for carrier-class services includes device, link, and network reliability. On a bearer network, the availability of a network device is required to reach 99.999%; that is, the device downtime in a year must be less than 5 minutes. High reliability is a basic requirement for carrier-class devices.

The NE40E functions as an edge router that carries multiple services and plays a transitional role on a network. It is connected to the core network to implement the Layer 3 routing function and to the aggregation network to terminate the Layer 2 user packets so that users can access the aggregation network. Additionally, the NE40E carries triple play services including HSI, VoIP, and IPTV, which raises the bar for high reliability.NE40E The NE40E provides service-level high-reliability technologies. Non-stop data flow forwarding does not mean that user services are not interrupted. If a network node or link fails, user traffic is switched to a backup device. However, if user information is not synchronized to a backup device, user services will be interrupted. High reliability has been considered when the NE40E is designed to function as a network edge service aggregation and control device, which ensures that users' HSI, IPTV, and VoIP services are not interrupted if a network node or link fault occurs. Dual-device hot backup is designed to meet the preceding reliability requirements.

Networking Requirements

As shown in Figure 11-9, users access PE1 and PE2 through the CE. An Eth-Trunk interface is configured on each PE, and the two PEs are directly connected. A VRRP backup group is configured on PE1 and PE2 to track the status of Eth-Trunk member interfaces. Access links are bound together on the CE, and the LACP protocol is run to work with the PEs to select the active and standby links. This ensures that services can be immediately switched to the backup device if the master device fails after users go online.

Figure 11-9 Networking diagram for configuring dual-device hot backup for Layer 3 static IPv4 users
NOTE:

In this example, interface1, interface2, interface3, interface4, and interface5 represent GE1/0/0, GE1/0/1, GE1/0/5, GE2/0/0, and GE2/0/3, respectively.



Device Interface IP Address
PE1 GE1/0/0 Trunk member interface
GE1/0/1 10.1.1.1/24 (network-side interface)
GE1/0/5

193.1.2.2/24 (IP address of the interface running VRRP)

Loopback1 10.1.2.2/32 (IP address of PE1's interface with an RBS deployed)
PE2 GE1/0/2 Trunk member interface
GE1/0/3 11.1.1.2/24 (network-side interface)
GE1/0/5

193.1.2.1/24 (IP address of the interface running VRRP)

Loopback1 10.1.2.2/32 (IP address of PE2's interface with an RBS deployed)

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure basic user access functions and ensure that the two devices working in master/back mode have the same configuration. For configuration details, see HUAWEI NetEngine40E Universal Service Router Configuration Guide > User Access.

  2. Configure Eth-Trunk interfaces to work in static LACP mode. For configuration details, see HUAWEI NetEngine40E Universal Service Router Configuration Guide > LAN Access and MAN Access.

  3. Configure a VRRP backup group on PE1 and PE2.

  4. Configure VRRP to track the interface status.

  5. Associate the Eth-Trunk interfaces working in static LACP mode on the PEs with the VRRP backup group.

Data Preparation

To complete the configuration, you need the following data:

  • VRRP parameters (VRRP ID)

  • IP address of each interface on PE1 and PE2

  • Backup ID, which works together with an RBS to identify an RBP to which users belong

  • User access parameters

Procedure

  1. Configure user access.

    For configuration details, see HUAWEI NetEngine40E Universal Service Router Configuration Guide > User Guide > AAA and User Management Configuration.

  2. Configure Eth-Trunk interfaces to work in static LACP mode, and add the member interfaces GE2/0/0 and GE2/0/3 to the Eth-Trunk interfaces.

    # Configure CE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname CE1
    [*HUAWEI] commit
    [~CE1] interface Eth-Trunk 20
    [*CE1-Eth-Trunk20] mode lacp-static
    [*CE1-Eth-Trunk20] lacp timeout fast
    [*CE1-Eth-Trunk20] trunkport gigabitethernet 2/0/0 to 2/0/3
    [*CE1-Eth-Trunk20] commit
    [~CE1-Eth-Trunk20] quit

    # Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*HUAWEI] commit
    [~PE1] interface Eth-Trunk 10
    [*PE1-Eth-Trunk10] mac-address 0000-0000-0001
    [*PE1-Eth-Trunk10] mode lacp-static
    [*PE1-Eth-Trunk10] lacp timeout fast
    [*PE1-Eth-Trunk10] trunkport gigabitethernet 1/0/0
    [*PE1-Eth-Trunk10] commit
    [~PE1-Eth-Trunk10] quit

    # Configure PE2.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE2
    [*HUAWEI] commit
    [~PE2] interface Eth-Trunk 12
    [*PE2-Eth-Trunk12] mac-address 0000-0000-0001
    [*PE2-Eth-Trunk12] mode lacp-static
    [*PE2-Eth-Trunk12] lacp timeout fast
    [*PE2-Eth-Trunk12] trunkport gigabitethernet 1/0/2
    [*PE2-Eth-Trunk12] commit
    [~PE2-Eth-Trunk12] quit

  3. Configure a VRRP backup group.

    # Configure the IP address of the GE interface, and set the LACP priority of PE1 in the VRRP backup group to 120 (as the master device).

    [~PE1] interface Gigabitethernet 1/0/5
    [~PE1-Gigabitethernet1/0/5] undo shutdown
    [*PE1-Gigabitethernet1/0/5] ip address 193.1.2.2 255.255.255.0
    [*PE1-Gigabitethernet1/0/5] vrrp vrid 120 virtual-ip 193.1.2.100
    [*PE1-Gigabitethernet1/0/5] vrrp vrid 120 priority 120
    [*PE1-Gigabitethernet1/0/5] admin-vrrp vrid 120 ignore-if-down
    [*PE1-Gigabitethernet1/0/5] commit

    # Configure the IP address of the GE interface, and set the LACP priority of PE2 in the VRRP backup group to the default value (as the backup device).

    [~PE2] interface Gigabitethernet 1/0/5
    [*PE2-Gigabitethernet1/0/5] undo shutdown
    [*PE2-Gigabitethernet1/0/5] ip address 193.1.2.1 255.255.255.0
    [*PE2-Gigabitethernet1/0/5] vrrp vrid 120 virtual-ip 193.1.2.100
    [*PE2-Gigabitethernet1/0/5] admin-vrrp vrid 120 ignore-if-down
    [*PE2-Gigabitethernet1/0/5] commit

  4. Configure the VRRP backup group to track the interface status.

    # Configure VRRP on PE1 to track the interface status.

    [~PE1-Gigabitethernet1/0/5] vrrp vrid 120 track interface Gigabitethernet 1/0/0 reduced 40
    [~PE1-Gigabitethernet1/0/5] vrrp vrid 120 track interface Gigabitethernet 1/0/1 reduced 40
    [*PE1-Gigabitethernet1/0/5] commit
    [~PE1-Gigabitethernet1/0/5] quit

    # Configure VRRP on PE2 to track the interface status.

    [~PE2-Gigabitethernet1/0/5] vrrp vrid 120 track interface Gigabitethernet 1/0/3 reduced 40
    [~PE2-Gigabitethernet1/0/5] vrrp vrid 120 track interface Gigabitethernet 1/0/2 reduced 40
    [*PE2-Gigabitethernet1/0/5] commit
    [~PE2-Gigabitethernet1/0/5] quit

  5. Associate the Eth-Trunk interfaces working in static LACP mode with the VRRP backup group.

    # Associate PE1's Eth-Trunk interface working in static LACP mode with the VRRP backup group.

    [~PE1] interface Eth-Trunk 10
    [*PE1-Eth-Trunk 10] lacp track vrrp vrid 120 interface Gigabitethernet 1/0/5
    [*PE1-Eth-Trunk 10] commit
    [~PE1-Eth-Trunk 10] quit

    # Associate PE2's Eth-Trunk interface working in static LACP mode with the VRRP backup group.

    [~PE2] interface Eth-Trunk 12
    [*PE2-Eth-Trunk 12] lacp track vrrp vrid 1 interface Gigabitethernet 1/0/5
    [*PE2-Eth-Trunk 12] commit
    [~PE2-Eth-Trunk 12] quit

  6. Configure an IP address pool.

    # Configure an address pool named ln.

    [~PE1] ip pool ln bas local
    [*PE1-ip-pool-ln] gateway 200.0.0.1 255.255.255.0
    [*PE1-ip-pool-ln] section 200.0.0.2 200.0.0.255
    [*PE1-ip-pool-ln] excluded-ip-address 200.0.0.2 200.0.0.254
    [*PE1-ip-pool-ln] commit
    [~PE1-ip-pool-ln] quit

  7. Configure an RBS, address pool, and RBP. Take the command output on PE1 as an example.

    # Configure an RBS named s1.

    [~PE1] remote-backup-service s1
    [*PE1-rm-backup-srv-s1] peer 172.16.18.1 source 172.16.18.2 port 12012
    [*PE1-rm-backup-srv-s1] track interface GigabitEthernet 1/0/1
    [*PE1-rm-backup-srv-s1] commit
    [~PE1-rm-backup-srv-s1] quit

    Configure an RBP named pl.

    [~PE1] remote-backup-profile p1
    [*PE1-rm-backup-prf-p1] service-type bras
    [*PE1-rm-backup-prf-p1] backup-id 1 remote-backup-service s1
    [*PE1-rm-backup-prf-p1] peer-backup hot
    [*PE1-rm-backup-prf-p1] vrrp-id 1 interface gigabitethernet 1/0/5
    [*PE1-rm-backup-prf-p1] ip-pool ln
    [*PE1-rm-backup-prf-p1] commit
    [~PE1-rm-backup-prf-p1] quit

  8. Configure a user-side interface.

    # Configure PE1.

    # Configure Layer 3 static users to be triggered to go online through IP packets.

    [~PE1] layer3-subscriber 200.0.0.1 200.0.0.254 domain-name test_hou
    [*PE1] interface Eth-Trunk 10.1
    [*PE1-Eth-Trunk 10.1] vlan-type dot1q 10
    [*PE1-Eth-Trunk 10.1] ip address 20.0.0.1 255.255.255.0
    [*PE1-Eth-Trunk 10.1] bas
    [*PE1-Eth-Trunk 10.1-bas] access-type layer3-subscriber default-domain authentication test_hou
    [*PE1-Eth-Trunk 10.1-bas] commit

    # Configure PE2.

    # Configure Layer 3 static users to be triggered to go online through IP packets.

    [~PE2] layer3-subscriber 200.0.0.1 200.0.0.254 domain-name test_hou
    [*PE2] interface Eth-Trunk 12.1
    [*PE2-Eth-Trunk 12.1] vlan-type dot1q 10
    [*PE2-Eth-Trunk 12.1] ip address 20.0.0.1 255.255.255.0
    [*PE2-Eth-Trunk 12.1] bas
    [*PE2-Eth-Trunk 12.1-bas] access-type layer3-subscriber default-domain authentication test_hou
    [*PE2-Eth-Trunk 12.1-bas] commit

  9. Verify the configuration.

    After completing the configurations, run the display remote-backup-profile command. The command output shows that the status of PE1 is Master and that of PE2 is Slave.

    <PE1> display remote-backup-profile p1
    -----------------------------------------------
     Profile-Index        : 0x1000
     Profile-Name         : p1
     Service              : bras 
     Remote-backup-service: s1
     Backup-ID            : 1
     track protocol       : VRRP
     VRRP-ID              : 120
     VRRP-Interface       : GigabitEthernet1/0/5
     Access-Control       : --
     State                : Slave
     Peer State           : Master
     Interface            :
                            Eth-Trunk12.2
                            Eth-Trunk12.111
     Backup mode          : hot
     Slot-Number          : --
     Card-Number          : --
     Port-Number          : --
     Traffic threshold    : 50(MB)
     Traffic interval     : 10(minutes)
     IP-Pool              :
                            ln
     Forwarding Configured: Slave Forwarding 
    <PE1> display remote-backup-service S1
    ----------------------------------------------------------
     Service-Index    : 1
     Service-Name     : s1
     TCP-State        : Connected
     Peer-ip          : 172.16.18.2
     Source-ip        : 172.16.18.1
     TCP-Port         : 12012
     Track-BFD        : -
     SSL-Policy-Name  : --
     SSL-State        : --
     Last up time     : 2016-08-02 15:34:36
     Track-interface0 : GigabitEthernet1/0/1
                        Weight : 10
     Uplink state     : 2 (1:DOWN 2:UP)
     Domain-map-list  : --
     Send Q pkt count : 0
    ----------------------------------------------------------
    
     ip pool:  
     ipv6 pool:  
     Failure ratio    : 100%
     Failure duration : 0 min
     pool route status: 2
     switch mark      : 2
    ----------------------------------------------------------
     Rbs-ID         : 0
     Protect-type   : public(unknown)
     Tunnel-policy  : yhz
     Peer-ip        : 172.16.18.2
     Vrfid          : 0
     Tunnel-state   : DOWN
     Tunnel-OperFlag: NORMAL
     Spec-interface : Null
     Total users    : 0

Configuration Files

  • PE1 configuration file

    #
    sysname PE1
    #
    aaa
     domain huawei   
      authentication-scheme default0                    
      accounting-scheme default0                  
      ip-pool ln
    #
    ip pool ln bas local
     gateway 200.0.0.1 255.255.255.0
     section 0 200.0.0.2 200.0.0.255
     excluded-ip-address 200.0.0.2 200.0.0.254  
    #
    remote-backup-service s1
     peer 172.16.18.1 source 172.16.18.2 port 12012
     track interface GigabitEthernet1/0/1 
    #
    remote-backup-profile p1
     service-type bras
     backup-id 1 remote-backup-service s1
     peer-backup hot
     vrrp-id 120 interface GigabitEthernet1/0/5
     ip-pool ln
    #
    layer3-subscriber 200.0.0.2 200.0.0.254 domain-name test
    #
    interface Eth-Trunk10
     mac-address 0000-0000-0001
     mode lacp-static
     lacp timeout fast
     lacp track vrrp vrid 120 interface GigabitEthernet1/0/5
    #
    interface Eth-Trunk 10.1
    
     vlan-type dot1q 10
     ip address 50.0.0.1 255.255.255.0
     bas
     #
      access-type layer3-subscriber default-domain pre-authentication test authentication test_hou
     #
    #
    interface GigabitEthernet1/0/1
     undo shutdown
     ip address 10.1.1.2 255.255.255.0
     dcn
    #
    interface GigabitEthernet1/0/5
     undo shutdown
     ip address 193.1.2.2 255.255.255.0
     vrrp vrid 120 virtual-ip 193.1.2.100
     admin-vrrp vrid 120 ignore-if-down
     vrrp vrid 120 priority 120
     vrrp vrid 120 track interface GigabitEthernet1/0/0 reduced 40
     vrrp vrid 120 track interface GigabitEthernet1/0/1 reduced 40
     dcn
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     eth-trunk 10
     dcn
    #
    interface GigabitEthernet1/0/1
     undo shutdown
     ip address 10.1.1.2 255.255.255.0
     dcn
    #
    #
    ospf 1 
     default cost inherit-metric
     import-route direct
     import-route unr
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 12.1.1.0 0.0.0.255
    #
    
  • PE2 configuration file

    #
    sysname PE1
    #
    aaa
     domain huawei   
      authentication-scheme default0                    
      accounting-scheme default0                  
      ip-pool ln
    #
    ip pool ln bas local
     gateway 200.0.0.1 255.255.255.0
     section 0 200.0.0.2 200.0.0.255
     excluded-ip-address 200.0.0.2 200.0.0.254  
    #
    remote-backup-service s2
     peer 172.16.18.2 source 172.16.18.1 port 12012
     track interface GigabitEthernet1/0/3 
    #
    interface Eth-Trunk12
     mac-address 0000-0000-0001
     mode lacp-static
     lacp timeout fast
     lacp track vrrp vrid 120 interface GigabitEthernet1/0/5
    #
    interface Eth-Trunk 12.1
     vlan-type dot1q 10
     ip address 193.1.2.1 255.255.255.0
     bas
     #
      access-type layer3-subscriber default-domain pre-authentication test authentication test_hou
     #
    #
    interface GigabitEthernet1/0/5
     undo shutdown
    vrrp vrid 120 virtual-ip 193.1.2.100
     admin-vrrp vrid 120 ignore-if-down
     vrrp vrid 120 track interface GigabitEthernet1/0/2
     vrrp vrid 120 track interface GigabitEthernet1/0/3 reduced 40
     dcn
    #
    interface GigabitEthernet1/0/3
     undo shutdown
     ip address 11.1.1.2 255.255.255.0
    #
    interface GigabitEthernet1/0/2
     undo shutdown
     eth-trunk 12
     dcn
    #
    #
    ospf 1
     default cost inherit-metric
     import-route direct
     import-route unr
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 11.1.1.0 0.0.0.255
      network 12.1.1.0 0.0.0.255
    #
    interface Loopback1
     undo shutdown
     ip address 172.16.18.1 255.255.255.0
    #
    
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 19378

Downloads: 87

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next