No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - Virtual Access 01

This is ME60 V800R010C10SPC500 Configuration Guide - Virtual Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Virtual Access Dual-Device Hot Backup

Configuring Virtual Access Dual-Device Hot Backup

This section describes how to configure virtual access dual-device hot backup. After the configuration is complete, service control data on the primary master is backed up to the secondary master, implementing service continuity during a primary/secondary master switchover.

Usage Scenario

In a virtual access system, an AP can be dual-homed a primary and secondary master. In normal cases, the control plane of a virtual access system resides on the primary master, and services are carried by the primary master. If the primary master fails, the control plane is switched to the secondary master. Service control data must be reestablished on the secondary master for services to run properly. Services may be interrupted during this process. To resolve this issue, configure virtual access dual-device hot backup. After the configuration is complete, service control data on the primary master is backed up to the secondary master, implementing service continuity during a primary/secondary master switchover.

Pre-configuration Tasks

Before configuring virtual access dual-device hot backup, complete the following tasks:

Configuration Procedures

Figure 2-20 Flowchart for configuring virtual access dual-device hot backup

Establishing a Virtual Access Dual-Device Backup Platform

This section describes how to establish a virtual access dual-device backup platform to implement user information backup.

Context

Redundancy User Information (RUI) is a Huawei-specific redundancy protocol that backs up user information between devices. A virtual access dual-device backup platform uses RUI to back up service control data from the primary master to the secondary master. Establishing a virtual access dual-device backup platform includes configuring a remote backup profile (RBP) and a remote backup service (RBS).

Perform the following steps on the primary and secondary masters.

Procedure

  • Configure an RBP.
    1. Run system-view

      The system view is displayed.

    2. Run remote-backup-profile profile-name

      An RBP is created, and the RBP view is displayed.

    3. Run peer-backup { hot | virtual }

      Inter-device hot backup, or virtual backup is enabled.

      The parameter virtual is supported only on the Admin-VS.

    4. Run binding virtual-access

      The RBP is bound to virtual access.

    5. Run backup-id backup-id remote-backup-service service-name

      A backup ID is configured for the RBP, and the RBP is associated with a specified RBS.

      backup-id specifies a backup ID for an RBP. You can use a backup ID and an RBS to determine an RBP. The backup IDs configured for the same RBP must be the same on the primary and secondary masters and can no longer be configured for other RBPs.

    6. Run commit

      The configuration is committed.

  • Configure an RBS.
    1. Run system-view

      The system view is displayed.

    2. Run remote-backup-service service-name

      An RBS is created, and the RBS view is displayed.

    3. (Optional) Run bind ssl-policy ssl-policy-name

      An SSL policy is bound to a TCP connection.

    4. Run peer peer-ip-address source source-ip-address port port-id

      TCP connection parameters are set for the RBS.

      peer-ip-address and source-ip-address specify the IP addresses of a peer and local master, respectively. The IP addresses of the primary and secondary masters must have been configured on their own interfaces, sub-interfaces, or logical interfaces (such as loopback interfaces) and be able to ping each other.

      port-id specifies a TCP port number. The TCP port numbers configured on the primary and secondary masters must be the same.

    5. Run commit

      The configuration is committed.

    NOTE:

    The RBS has no security authentication mechanism by default. You are advised to bind an SSL policy to improve RBS security. Before binding an SSL policy to a TCP connection, configure an SSL policy and load a digital certificate. For detailed configuration procedure, see Configuring and Binding an SSL Policy.

Enabling Remote Backup for a Service

This section describes how to enable remote backup for a service. After remote backup is enabled for a service, the service's control data on the primary master is promptly backed up to the secondary master. If a primary/secondary master switchover is triggered, the service is switched accordingly.

Context

After establishing a virtual access dual-device backup platform, perform the following configurations on the primary and secondary masters to enable remote backup for a specified service.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run remote-backup-profile profile-name

    A remote backup profile (RBP) is created, and the RBP view is displayed.

  3. Run service-type { bras | multicast | igmp | lacp }

    Remote backup is enabled for a specified service.

    Services supported by virtual access dual-device hot backup include BRAS, multicast, IGMP and LACP services. You can specify a keyword to enable remote backup for the corresponding service.

    The parameter bras and multicast are supported only on the Admin-VS.

  4. Run commit

    The configuration is committed.

  5. Run quit

    Return to the system view.

  6. Run interface interface-type interface-number [.subinterface-number ]

    The virtual access interface view is displayed.

  7. Run remote-backup-profile profile-name

    An RBP is bound to the virtual access interface.

    After enabling remote backup for a service in an RBP, bind the RBP to a virtual access interface for remote backup to take effect for the service.

  8. Run commit

    The configuration is committed.

(Optional) Configuring LACP Parameters for the Primary and Secondary Masters

When deploying virtual access LACP dual-device hot backup, configure LACP parameters on the virtual access Eth-Trunk interfaces and their virtual access member interfaces of the primary and secondary masters.

Context

In a virtual access scenario, to increase the link bandwidth and conserve IP addresses without adding hardware resources, configure an Eth-Trunk interface on a master and CE. You can configure a virtual access Eth-Trunk interface in static LACP mode on a master. When an AP is dual-homed to a primary and secondary master, if the primary master fails, the LACP control data on the secondary master must take effect immediately to implement a rapid primary/secondary switchover. To meet this requirement, configure the same LACP parameters on the primary and secondary masters after enabling LACP dual-device hot backup.

Perform the following procedure on both the primary and secondary masters.

Prerequisites

Before performing this procedure, complete the following tasks:

  • Configuring a Virtual Access Eth-Trunk Interface to Work in Static LACP Mode.

    NOTE:

    When creating a virtual access Eth-Trunk interface in static LACP mode, you must configure the same Eth-Trunk ID on the primary and secondary masters. You must also configure the same LACP parameters on the virtual access Eth-Trunk interfaces and their virtual access member interfaces of the primary and secondary masters for virtual access LACP dual-device hot backup to take effect.

  • Enable remote backup for LACP services in Enabling Remote Backup for a Service, and bind a remote backup profile (RBP) to a virtual access Eth-Trunk interface.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface eth-trunk trunk-id remote

    The virtual access Eth-Trunk interface view is displayed.

  3. Run lacp system-id mac-address

    An LACP system ID is configured for the virtual access Eth-Trunk interface.

    You must configure the same LACP system ID for the virtual access Eth-Trunk interfaces with the same Eth-Trunk ID on the primary and secondary masters.

  4. Run commit

    The configuration is committed.

  5. Run quit

    Return to the system view.

  6. Run interface interface-type interface-number

    The member interface view of the virtual access Eth-Trunk interface is displayed.

  7. Run lacp port-id port-id

    A port number used for LACP packet negotiation is configured for the member interface.

    You must configure the same port number used for LACP packet negotiation for the member interfaces with the same interface ID on the primary and secondary masters.

  8. Run commit

    The configuration is committed.

    Repeat Step 5 through Step 8 to complete configurations for all member interfaces of the specified virtual access Eth-Trunk interface.

(Optional) Configuring MAC Dual Fed

MAC dual fed helps accelerate traffic convergence during primary/secondary master switchover.

Context

In scenarios where an AP is dual-homed to a pair of primary and secondary masters, to prevent downstream traffic flooding during primary/secondary master switchover, run the remote-interface traffic-replication enable command. The AP then sends traffic to both the primary and secondary masters. After learning the MAC addresses of received traffic, the secondary master does not forward the traffic to other devices. After MAC dual fed is enabled, the AP requires additional bandwidth to send replicated packets to the secondary master. A bandwidth limit must be configured for these packets.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run vsi vsi-name bd-mode

    The BD VSI view is displayed.

  3. Run remote-interface traffic-replication enable

    MAC dual fed is enabled.

  4. Run commit

    The configuration is committed.

  5. Run quit

    Return to the system view.

  6. Run ap-id ap-id

    An AP is configured on a master and the AP view is displayed.

  7. Run remote-interface traffic-replication suppression cir cir-value [ cbs cbs-value ]

    A bandwidth limit is configured for packets to be sent to the secondary master.

  8. Run commit

    The configuration is committed.

(Optional) Configuring ARP Dual Fed

ARP dual fed helps accelerate traffic convergence during primary/secondary master switchover.

Context

In scenarios where an AP is dual-homed to a pair of primary and secondary masters, to shorten the convergence time of primary/secondary master switchover when the primary master fails, run the remote-interface arp-replication enable command. Then, when the primary master sends ARP requests through the AP to the peer end upon receipt of downstream traffic, the AP also sends a copy of ARP reply packets to the secondary master. This implementation ensures that the secondary master also has the ARP entry of the peer end. If an ARP packet attack occurs, the AP requires a lot of bandwidth to send replicated packets. A bandwidth limit must be configured for these packets.

NOTE:

In a scenario where an AP is dual-homed to masters, if you want the AP to send the ARP packet to both the primary and secondary masters, the AP must have been online on both the masters.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Enable ARP dual fed based on interface types.

    • # Enable ARP dual fed in the VPN IPv4 address family view.

      1. Run ip [ dcn ] vpn-instance vpn-instance-name

        The VPN instance view is displayed.

      2. Run ipv4-family

        The IPv4 address family for a VPN instance is enabled and the VPN instance IPv4 address family view is displayed.

      3. Run remote-interface arp-replication enable

        ARP dual fed is enabled.

      4. Run commit

        The configuration is committed.

      5. Run quit

        Return to the VPN instance IPv4 address family view.

    • # Enable ARP dual fed in the virtual access interface view.

      1. Run the interface interface-type interface-number[ .subinterface-number command to enter the PWIF interface view, or run the interface eth-trunk trunk-id[ .subnumber ] remote command to enter the PWIF remote Eth-Trunk interface view.

        NOTE:

        The remote-interface arp-replication enable command can be used only when the main interface or sub-interface of the PWIF interface or PWIF remote Eth-Trunk interface is bound to IP services.

      2. Run remote-interface arp-replication enable

        ARP dual fed is enabled.

      3. Run commit

        The configuration is committed.

  3. Run quit

    Return to the system view.

  4. Run ap-id ap-id

    An AP is configured on a master and the AP view is displayed.

  5. Run remote-interface arp-replication suppression cir cir-value [ cbs cbs-value ]

    A bandwidth limit is configured for ARP packets to be sent to the secondary master.

  6. Run commit

    The configuration is committed.

Checking the Configurations

After configuring virtual access dual-device hot backup, check the configurations.

Prerequisites

Virtual access dual-device hot backup has been configured.

Procedure

  • Run the display remote-backup-profile [ profile-name ] command to check information about a specified remote backup profile (RBP). track protocol in the command output is Virtual-access.
  • Run the display remote-backup-service [ service-name [ verbose ] ] command to check information about a specified remote backup service (RBS).
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059451

Views: 3764

Downloads: 18

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next