Configure a Protection Tunnel When a Shared Address Pool Is Deployed in a Dual-Device Hot Backup Scenario
A protection tunnel must be configured when a shared address pool is deployed in a dual-device hot backup scenario. If the master device's user-side link fails but no protection tunnel is configured, downstream traffic cannot enter the protection tunnel. As a result, traffic loss occurs.
Scenario
- The address pool cannot be bound to a remote backup profile (RBP).
- Both the master and backup devices must advertise the address pool's network segment route. A routing policy must be configured, so that the address pool's network segment route advertised by the master device has a higher priority. This configuration prevents load balancing on the network-side device.
- A protection tunnel (for example, an LSP) must be established between the master and backup devices. If a user's uplink fails, the user's downstream traffic is switched to the protection tunnel.
- The ip-pool pool-name command must be run in the RBS view to bind the address pool to the RBS. This configuration ensures that network-side traffic can be forwarded through the protection tunnel before host routes are generated.
NOTE:
Only the master device's address pool must be bound to the RBS.
Configuration Requirements
For details, see Configuring User Information Backup in Shared IP Address Pool Mode.
Misconfiguration Risks
Risk description:
When a shared address pool is configured in a dual-device hot backup scenario, downstream traffic arriving at the master device is switched to the backup device through a protection tunnel if the master device's user-side link fails. If no a protection tunnel is configured, downstream traffic is lost and cannot reach the user side.
Identification method:
- Run the display remote-backup-service service-name command to check all RBS information.
- Check whether a shared address pool is bound to an RBS.
Check whether an address pool name exists in the ip pool field in the command output.
If an address pool name exists in the ip pool field, a shared address pool has been bound to the RBS. Go to the next step.
If no address pool name exists in the ip pool field, the configuration requirements are not involved.
- Check whether a protection tunnel is configured for the RBS.
Check whether the command output contains the Protect-type and Out-interface fields.
- Check whether a shared address pool is bound to an RBS.
Recovery measures:
Perform configurations according to the configuration requirements.