No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VPN FRR

Configuring VPN FRR

If a CE is dual-homed to two PEs, you can configure VPN FRR to ensure that VPN services switch to a secondary link if the primary link between PEs fails.

Usage Scenario

VPN FRR applies to services that are sensitive to packet loss and delay on VPNs. On the network shown in Figure 5-13, CE1 is dual-homed to PE2 and PE3. VPN FRR is configured on PE1. When the link between PE1 and PE2 fails, VPN traffic needs to be fast switched to the link between PE1 and PE3.

Figure 5-13 VPN FRR

You can enable VPN FRR in either of the following views as required: VPN instance IPv4 address family view and BGP-VPN instance IPv4 address family view. If only a BGP VPNv4 peer relationship is configured and no VPN instance is configured, enable VPN FRR in the BGP-VPN instance IPv4 address family view.

Pre-configuration Tasks

Before configuring VPN FRR, complete the following tasks:

  • Configure a routing protocol on the NE to ensure IP connectivity.

  • Generate two unequal-cost routes on the PE by setting different costs or metrics.

  • Set up the VPN.

Procedure

  • Enable VPN FRR in the VPN instance IPv4 address family view.
    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    4. Run vpn frr

      VPN FRR is enabled.

    5. (Optional) Run quit

      Return to the VPN instance view.

    6. (Optional) Run quit

      Return to the system view.

    7. (Optional) Run bgp as-number

      The BGP view is displayed.

    8. (Optional) Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    9. (Optional) Run route-select delay delay-value

      A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.

      The delay-value value is an integer ranging from 0 to 3600, in seconds. The default delay-value value is 0, indicating that the device on which FRR is configured selects a route to the intermediate device on the primary path without a delay.

    10. Run commit

      The configuration is committed.

  • Enable VPN FRR in the BGP-VPN instance IPv4 address family view.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run auto-frr

      VPN FRR is enabled.

    5. (Optional) Run route-select delay delay-value

      A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.

      The delay-value value is an integer ranging from 0 to 3600, in seconds. The default delay-value value is 0, indicating that the device on which FRR is configured selects a route to the intermediate device on the primary path without a delay.

    6. Run commit

      The configuration is committed.

Example

After completing VPN FRR configurations, run the display ip routing-table vpn-instance vpn-instance-name [ ip-address ] verbose command. The command output shows information about the backup next-hop PE, backup tunnel, and backup label.

<HUAWEI> display ip routing-table vpn-instance vpn1 10.1.1.0 verbose
Route Flags: R - relay, D - download
to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
Summary Count : 1
Destination: 10.3.1.0/24
     Protocol: IBGP            Process ID: 0
   Preference: 255                   Cost: 0
      NextHop: 2.2.2.2          Neighbour: 2.2.2.2
        State: Active Adv GotQ        Age: 00h15m06s
          Tag: 0                 Priority: low
        Label: 15361              QoSInfo: 0x0
   IndirectID: 0x13
 RelayNextHop: 0.0.0.0          Interface: GigabitEthernet0/2/0
     TunnelID: 0x000000000100000001 Flags: RD
    BkNextHop: 3.3.3.3        BkInterface: Unknown
      BkLabel: 15362          SecTunnelID: 0x0
 BkPETunnelID: 0x000000000100000002  BkPESecTunnelID: 0x0
 BkIndirectID: 0x15
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 33080

Downloads: 59

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next