Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring RSVP Authentication Based on Manual TE FRR
Networking Requirements
As shown in Figure 4-52, the primary CR-LSP is along the path LSRA -> LSRB -> LSRC -> LSRD, and the link between LSRB and LSRC needs to be protected by TE FRR.
A bypass CR-LSP is set up along the path LSRB -> LSRE -> LSRC. LSRB functions as the PLR and LSRC functions as the MP.
The primary and bypass MPLS TE tunnels are set up by using explicit paths. RSVP-TE is used as the signaling protocol.
RSVP authentication needs to be configured on LSRB and LSRC.
Procedure
- Configure MPLS TE FRR.
Configure the primary and bypass MPLS TE tunnels according to Example for Configuring Manual TE FRR, and then bind the two tunnels.
- Configure RSVP authentication on LSRB and LSRC.
The Handshake function and local password are configured to check whether RSVP authentication is configured successfully.
NOTE:
The neighbor node is identified by its LSR-ID, therefore, you must enable CSPF on two neighboring devices where RSVP authentication is required.
# Configure RSVP authentication on LSRB.
[LSRB] mpls rsvp-te peer 3.3.3.9 [LSRB-mpls-rsvp-te-peer-3.3.3.9] mpls rsvp-te authentication cipher Huawei@1234 [LSRB-mpls-rsvp-te-peer-3.3.3.9] mpls rsvp-te authentication handshake [LSRB-mpls-rsvp-te-peer-3.3.3.9] quit
# Configure RSVP authentication on LSRC.
[LSRC] mpls [LSRC-mpls] mpls te cspf [LSRC-mpls] quit [LSRC] mpls rsvp-te peer 2.2.2.9 [LSRC-mpls-rsvp-te-peer-2.2.2.9] mpls rsvp-te authentication cipher Huawei@1234 [LSRC-mpls-rsvp-te-peer-2.2.2.9] mpls rsvp-te authentication handshake [LSRC-mpls-rsvp-te-peer-2.2.2.9] quit
- Verify the configuration.
# Run the display mpls rsvp-te statistics global command on LSRB. You can view the status of RSVP authentication. If the command output shows that the values of SendChallengeMsgCounter, RecChallengeMsgCounter, SendResponseMsgCounter, and RecResponseMsgCounter are not zero, the PLR and the MP successfully shake hands with each other and RSVP authentication is configured successfully.
[LSRB] display mpls rsvp-te statistics global LSR ID: 2.2.2.9 LSP Count: 2 PSB Count: 2 RSB Count: 2 RFSB Count: 1 Total Statistics Information: PSB CleanupTimeOutCounter: 0 RSB CleanupTimeOutCounter: 1 SendPacketCounter: 81 RecPacketCounter: 82 SendCreatePathCounter: 12 RecCreatePathCounter: 16 SendRefreshPathCounter: 41 RecRefreshPathCounter: 12 SendCreateResvCounter: 3 RecCreateResvCounter: 6 SendRefreshResvCounter: 11 RecRefreshResvCounter: 26 SendResvConfCounter: 0 RecResvConfCounter: 0 SendHelloCounter: 0 RecHelloCounter: 0 SendAckCounter: 0 RecAckCounter: 0 SendPathErrCounter: 0 RecPathErrCounter: 0 SendResvErrCounter: 0 RecResvErrCounter: 0 SendPathTearCounter: 7 RecPathTearCounter: 5 SendResvTearCounter: 1 RecResvTearCounter: 1 SendSrefreshCounter: 3 RecSrefreshCounter: 6 SendAckMsgCounter: 3 RecAckMsgCounter: 3 SendChallengeMsgCounter: 1 RecChallengeMsgCounter: 1 SendResponseMsgCounter: 1 RecResponseMsgCounter: 1 SendErrMsgCounter: 0 RecErrMsgCounter: 0 SendRecoveryPathMsgCounter: 0 RecRecoveryPathMsgCounter: 0 SendGRPathMsgCounter: 0 RecGRPathMsgCounter: 0 ResourceReqFaultCounter: 0 RecGRPathMsgFromLSPMCounter: 0 Bfd neighbor count: 3 Bfd session count: 0# Shut down the protected outbound interface on the LSRB.
[LSRB] interface gigabitethernet 2/0/0 [LSRB-GigabitEthernet2/0/0] shutdown
# Run the display interface tunnel 0/0/1 command on LSRA. You can view the status of the primary CR-LSP and that the status of the tunnel interface is still Up.[LSRA] display interface tunnel 0/0/1 Tunnel0/0/1 current state : UP Line protocol current state : UP Last line protocol up time : 2013-01-21 10:58:49 Description: ...
# Run the tracert lsp te tunnel 0/0/1 command on LSRA. You can view the path that the tunnel passes.
[LSRA] tracert lsp te tunnel 0/0/1 LSP Trace Route FEC: TE TUNNEL IPV4 SESSION QUERY Tunnel0/0/1 , press CTRL_C t o break. TTL Replier Time Type Downstream 0 Ingress 172.1.1.2/[1037 ] 1 172.1.1.2 1 ms Transit 172.4.1.2/[1045 1027 ] 2 172.4.1.2 1 ms Transit 172.5.1.2/[3 ] 3 172.5.1.2 2 ms Transit 172.3.1.2/[3 ] 4 4.4.4.9 2 ms Egress
# The preceding information shows that services on the link have been switched to the bypass CR-LSP.
# Run the display mpls te tunnel name Tunnel0/0/1 verbose command on LSRB. You can see that the bypass CR-LSP is in use.
[LSRB] display mpls te tunnel name Tunnel0/0/1 verbose No : 1 Tunnel-Name : Tunnel0/0/1 Tunnel Interface Name : - TunnelIndex : 1 LSP Index : 2049 Session ID : 100 LSP ID : 8 LSR Role : Transit Ingress LSR ID : 1.1.1.9 Egress LSR ID : 4.4.4.9 In-Interface : GE1/0/0 Out-Interface : GE2/0/0 Sign-Protocol : RSVP TE Resv Style : SE IncludeAnyAff : 0x0 ExcludeAnyAff : 0x0 IncludeAllAff : 0x0 ER-Hop Table Index : - AR-Hop Table Index: 2 C-Hop Table Index : - PrevTunnelIndexInSession: - NextTunnelIndexInSession: - PSB Handle : 16710 Created Time : 2013/01/19 08:05:13 RSVP LSP Type : - -------------------------------- DS-TE Information -------------------------------- Bandwidth Reserved Flag : Unreserved CT0 Bandwidth(Kbit/sec) : 0 CT1 Bandwidth(Kbit/sec): 0 CT2 Bandwidth(Kbit/sec) : 0 CT3 Bandwidth(Kbit/sec): 0 CT4 Bandwidth(Kbit/sec) : 0 CT5 Bandwidth(Kbit/sec): 0 CT6 Bandwidth(Kbit/sec) : 0 CT7 Bandwidth(Kbit/sec): 0 Setup-Priority : 7 Hold-Priority : 7 -------------------------------- FRR Information -------------------------------- Primary LSP Info TE Attribute Flag : 0x63 Protected Flag : 0x1 Bypass In Use : In Use Bypass Tunnel Id : 27 BypassTunnel : Tunnel Index[Tunnel0/0/2], InnerLabel[1045] Bypass LSP ID : 4 FrrNextHop : 172.5.1.2 ReferAutoBypassHandle : - FrrPrevTunnelTableIndex : - FrrNextTunnelTableIndex: - Bypass Attribute(Not configured) Setup Priority : - Hold Priority : - HopLimit : - Bandwidth : - IncludeAnyGroup : - ExcludeAnyGroup : - IncludeAllGroup : - Bypass Unbound Bandwidth Info(Kbit/sec) CT0 Unbound Bandwidth : - CT1 Unbound Bandwidth: - CT2 Unbound Bandwidth : - CT3 Unbound Bandwidth: - CT4 Unbound Bandwidth : - CT5 Unbound Bandwidth: - CT6 Unbound Bandwidth : - CT7 Unbound Bandwidth: - -------------------------------- BFD Information -------------------------------- NextSessionTunnelIndex : - PrevSessionTunnelIndex: - NextLspId : - PrevLspId : -
# Run the display mpls rsvp-te peer command to check whether the bypass CR-LSP is successfully set up.
[LSRB] display mpls rsvp-te peer Remote Node id Neighbor Neighbor Addr: ----- SrcInstance: 0x60128590 NbrSrcInstance: 0x0 PSB Count: 1 RSB Count: 0 Hello Type Sent: NONE SRefresh Enable: NO Last valid seq # rcvd: NULL Remote Node id Neighbor Neighbor Addr: 3.3.3.9 SrcInstance: 0x60128590 NbrSrcInstance: 0x0 PSB Count: 0 RSB Count: 1 Hello Type Sent: NONE SRefresh Enable: NO Last valid seq # rcvd: NULL Interface: GigabitEthernet1/0/0 Neighbor Addr: 172.1.1.1 SrcInstance: 0x60128590 NbrSrcInstance: 0x0 PSB Count: 1 RSB Count: 0 Hello Type Sent: NONE SRefresh Enable: NO Last valid seq # rcvd: NULL Interface: GigabitEthernet3/0/0 Neighbor Addr: 172.4.1.2 SrcInstance: 0x60128590 NbrSrcInstance: 0x0 PSB Count: 0 RSB Count: 1 Hello Type Sent: NONE SRefresh Enable: NO Last valid seq # rcvd: NULL# The command output shows that the number of RSBs on neighbor of LSRB is not zero. This indicates that RSVP authentication is successful on LSRB and its neighbor LSRC, and resources are successfully reserved.
Configuration Files
LSRA configuration file
# sysname LSRA # mpls lsr-id 1.1.1.9 mpls mpls te mpls rsvp-te mpls te cspf # explicit-path pri-path next hop 172.1.1.2 next hop 172.2.1.2 next hop 172.3.1.2 next hop 4.4.4.9 # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0001.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 ip address 172.1.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 isis enable 1 # interface Tunnel0/0/1 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 4.4.4.9 mpls te record-route label mpls te path explicit-path pri-path mpls te tunnel-id 100 mpls te fast-reroute mpls te commit # returnLSRB configuration file
# sysname LSRB # mpls lsr-id 2.2.2.9 mpls mpls te mpls te timer fast-reroute 120 mpls rsvp-te mpls te cspf # explicit-path by-path next hop 172.4.1.2 next hop 172.5.1.2 next hop 3.3.3.9 # mpls rsvp-te peer 3.3.3.9 mpls rsvp-te authentication cipher %#%#G4g(Xz3UvFK$8.Y\J>X,lGF4WE8vVPuw#$K(YQu3%#%# mpls rsvp-te authentication handshake # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0002.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 ip address 172.1.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet2/0/0 ip address 172.2.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet3/0/0 ip address 172.4.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 isis enable 1 # interface Tunnel0/0/2 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.9 mpls te tunnel-id 300 mpls te record-route mpls te path explicit-path by-path mpls te bypass-tunnel mpls te protected-interface GigabitEthernet 2/0/0 mpls te commit # return
LSRC configuration file
# sysname LSRC # mpls lsr-id 3.3.3.9 mpls mpls te mpls rsvp-te mpls te cspf # mpls rsvp-te peer 2.2.2.9 mpls rsvp-te authentication cipher %#%#@3N-/[cRrQFEPOP7FK&Q3AxYJ%jhk=C}G~Q}}#-J%#%# mpls rsvp-te authentication handshake # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0003.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 ip address 172.2.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet2/0/0 ip address 172.3.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet3/0/0 ip address 172.5.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 isis enable 1 # returnLSRD configuration file
# sysname LSRD # mpls lsr-id 4.4.4.9 mpls mpls te mpls rsvp-te # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0004.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 ip address 172.3.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 4.4.4.9 255.255.255.255 isis enable 1 # return
LSRE configuration file
# sysname LSRE # mpls lsr-id 5.5.5.9 mpls mpls te mpls rsvp-te # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0005.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 ip address 172.4.1.2 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet2/0/0 ip address 172.5.1.1 255.255.255.0 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 5.5.5.9 255.255.255.255 isis enable 1 # return