No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Feature Description - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Feature Description - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



As networks develop rapidly, the time used for end-to-end service convergence if a fault occurs on a carrier's network has been used as an indicator to measure bearer network performance. MPLS TE FRR is one of the commonly used fast switching technologies. The solution is to create an end-to-end TE tunnel between two PEs and a backup label switched path (LSP) that protects a primary LSP. When either of the PEs detects that the primary LSP is unavailable because of a node or link failure, the PE switches the traffic to the backup LSP.

MPLS TE FRR, however, cannot implement fast switching if faults occur on the ingress or egress. If a fault occurs on the ingress or egress, services can only be restored through end-to-end route convergence and LSP convergence. The service convergence time is closely related to the number of routes inside an MPLS VPN and the number of LSP hops on the bearer network. The more VPN routes, the longer the service convergence time.

VPN FRR sets in advance on a remote PE forwarding entries pointing to the active and standby PEs, respectively. In collaboration with fast PE fault detection, VPN FRR can reduce end-to-end service convergence time if a fault occurs on an MPLS VPN where a CE is dual-homed to two PEs. In VPN FRR, service convergence time depends on only the time required to detect remote PE faults and change tunnel status. VPN FRR enables the service convergence time to be irrelevant to the number of VPN routes on the bearer network.


As shown in Figure 5-42, normally, CE1 accesses CE2 over Link A. If PE2 is Down, CE1 accesses CE2 over Link B.

Based on the traditional BGP/MPLS IP VPN technology, both PE2 and PE3 advertise routes destined for CE2 to PE1, and assign VPN labels to these routes. PE1 then selects a preferred VPNv4 route based on the routing policy. In this example, the preferred route is the one advertised by PE2, and only the routing information, including the forwarding prefix, inner label, selected LSP, advertised by PE2 is filled in the forwarding entry of the forwarding engine to guide packet forwarding.

If PE2 fails, PE1 detects the fault on PE2 (the BGP peer goes Down or the MPLS LSP is unavailable), re-selects the route advertised by PE3, and updates the forwarding entry to complete E2E service convergence. Before PE1 re-delivers the forwarding entry for the route advertised by PE3, CE1 cannot access CE2 for a certain period. This is because PE2 is the end point of the MPLS LSP to which the forwarding entry refers and fails. As a result, E2E services are interrupted.

VPN FRR is an improvement on the traditional reliability technology. VPN FRR enables PE1 to add the optimal route advertised by PE2 and the second optimal route advertised by PE3 to a forwarding entry. The optimal route is used for traffic forwarding, and the second optimal route is used as a backup route.

If a fault occurs on PE2, the MPLS LSP between PE1 and PE2 becomes unavailable. After detecting the fault by means of techniques such as BFD, PE1 marks the corresponding entry in the LSP status table as unavailable, and delivers the setting to the forwarding table. After selecting a forwarding entry, the forwarding engine examines the status of the LSP corresponding to the forwarding entry. If the LSP is unavailable, the forwarding engine uses the second optimal route carried in the forwarding entry to forward packets. After being tagged with the inner labels assigned by PE3, packets are transmitted to PE3 over the LSP between PE1 and PE3 and then forwarded to CE2. In this manner, fast end-to-end service convergence is implemented and traffic from CE1 to CE2 is restored.

Figure 5-42 VPN FRR networking

Other Functions

VPN FRR is a fast switching technique based on inner labels. The outer tunnels can be LDP LSPs, RSVP-TE tunnels. When the forwarding engine detects that the outer tunnel is unavailable during packet forwarding, fast switching based on inner labels can be implemented.

VPNv6 FRR implements fast switching of IPv6 VPN routes on an IPv6 VPN where a CE is dual-homed to two PEs. The working principle of VPNv6 FRR is similar to that of VPN FRR.

Usage Scenario

On a VPN where a CE is dual-homed to two PEs, after a PE fails, VPN FRR ensures that the VPN services from the CE to the PE can be rapidly switched to the standby PE for transmission.


On a VPN where a CE is dual-homed to two PEs, VPN FRR speeds up service convergence and enhances network availability in the case of PE failures.

Updated: 2019-01-14

Document ID: EDOC1100058940

Views: 17030

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next