No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Feature Description - WAN Access 01

This is ME60 V800R010C10SPC500 Feature Description - WAN Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Association Between the IPv4 Direct Routes and IPSec Instance Status

Association Between the IPv4 Direct Routes and IPSec Instance Status

Figure 2-13 shows an IP radio access network (IPRAN) scenario, and some services require high security. To meet such requirements, cell site gateways (CSGs) encrypt data of these services using IPsec. After the data flows to RSGs (IPsec gateways) through an IPsec tunnel, the RSGs decrypt the data. In most cases, carriers deploy master and backup RSGs and configure the same IP address for the IPsec tunnel interfaces of the master and backup RSGs to improve network reliability.

Without the association between IPv4 direct routes and IPsec instance status, IPv4 direct routes with the same prefix generated on the IPsec tunnel interfaces of the master and backup RSGs share the same default cost (0). As a result, after receiving these routes from the master and backup RSGs, CSGs cannot select an optimal one based on the cost.

Association between IPv4 direct routes and IPsec instance status can address this problem. After the association is configured:
  • If the IPsec instance status is master on an IPsec tunnel interface, the cost of the IPv4 direct routes generated on the interface is 0.
  • If the IPsec instance status is backup on an IPsec tunnel interface or the system cannot detect the IPsec instance status, the cost of the IPv4 direct routes generated on the interface is the cost configured on the interface.
NOTE:
In IPsec dual-device hot backup scenarios, if a tunnel interface borrows the IP address of another interface, the cost of direct routes on the tunnel interface cannot be associated with the IPSec instance status.

After receiving the IPv4 direct routes with the same prefix from the master and backup RSGs, CSGs can select an optimal one based on the cost. Therefore, the CSGs can transmit data encrypted using IPsec to the correct RSG.

Figure 2-13 Networking for the association between IPv4 direct routes and IPsec instance status
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059473

Views: 14526

Downloads: 10

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next