No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).



On carrier networks, the end-to-end service convergence time upon a failure is one of the indicators used to measure bearer network performance. If a fault occurs on a PE device on the BGP/MPLS VPN network, traditional convergence technologies can restore services only through end-to-end route convergence and LSP convergence. The service convergence time is closely related to the number of routes inside an MPLS VPN and the number of LSP hops on the bearer network. As the number of VPN routes increases, so too does the service convergence time, and the more traffic is lost.

VPN FRR sets forwarding entries in advance on a remote PE device. These entries point to the active and standby PE devices. On an MPLS VPN where a CE device is dual-homed to two PE devices, VPN FRR can work with fast PE fault detection to reduce end-to-end service convergence time. In VPN FRR, service convergence time depends on only the time required to detect remote PE device faults and change tunnel status. VPN FRR decouples the service convergence time from the number of VPN routes on the bearer network.


Figure 2-24 Typical VPN FRR networking

As shown in Figure 2-24, normally, CE1 accesses CE2 over Link A. If PE2 is Down, CE1 accesses CE2 over Link B.
  • Based on the traditional BGP/MPLS VPN technology, both PE2 and PE3 advertise routes destined for CE2 to PE1, and distribute VPN labels to these routes. PE1 then selects a preferred VPNv4 route based on the routing policy. In this example, the preferred route is the one advertised by PE2, and only the routing information advertised by PE2 is filled in the forwarding entry of the forwarding engine to guide packet forwarding. The routing information includes the forwarding prefix, inner label, and selected LSP.
  • If PE2 fails (the BGP peer relationship becomes Down or the LSP is unavailable), PE1 detects the fault and then selects the route advertised by PE3. PE1 updates the forwarding entry to complete end-to-end convergence. Before PE1 delivers the forwarding entry matching the route advertised by PE3, CE1 cannot communicate with CE2 for a certain period. This is because the destination of the LSP, PE2, is Down. As a result, end-to-end services are interrupted.
  • VPN FRR improves the traditional reliability technology by enabling PE1 to add the optimal route advertised by PE2 and the secondary optimal route advertised by PE3 to a forwarding entry. The optimal route is used for traffic forwarding, and the secondary optimal route is used as a backup route.
  • If a fault occurs on PE2, the MPLS LSP between PE1 and PE2 becomes unavailable. After detecting the fault, PE1 marks the corresponding entry in the LSP status table as unavailable, and delivers the setting to the forwarding table. After selecting a forwarding entry, the forwarding engine examines the status of the LSP corresponding to the forwarding entry. If the LSP is unavailable, the forwarding engine uses the secondary optimal route carried in the forwarding entry to forward packets. After being tagged with the inner labels distributed by PE3, packets are transmitted to PE3 over the LSP between PE1 and PE3 and then forwarded to CE2. In this manner, fast end-to-end service convergence is implemented and traffic from CE1 to CE2 is restored.

VPN FRR performs fast switching based on inner labels. Tunnels on the backbone network can be LDP LSPs. When the forwarding engine detects that the outer tunnel is unavailable, it triggers fast switching based on inner labels.

Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14078

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next