Disable URPF on a Network-Side Interface When a Shared Address Pool Is Deployed in a Dual-Device Hot Backup Scenario
Scenario
Deploying exclusive address pools requires a large number of address pools to be planned, which wastes address resources. To resolve the preceding issue, deploy a shared address pool. The following figure shows the deployment of a shared address pool in a dual-device hot backup scenario.
Configuration Requirements
The undo ip urpf command must be run on a network-side interface to disable URPF.
Misconfiguration Risks
Risk description:
When a shared address pool is configured in a dual-device hot backup scenario, traffic passes through the protection tunnel and reaches the user side if the master device's user-side link fails. If URPF is configured on the network-side interface, there is a possibility that downstream traffic cannot enter the protection tunnel. As a result, traffic loss occurs.
Identification method:
Run the display remote-backup-service service-name command to check all RBS information.
[HUAWEI] display remote-backup-service rbs ---------------------------------------------------------- Service-Index : 2 Service-Name : rbs TCP-State : Initial Peer-ip : 28.1.1.1 Source-ip : 6.6.6.3 TCP-Port : 6002 Track-BFD : -- Uplink state : 2 (1:DOWN 2:UP) Domain-map-list : -- ---------------------------------------------------------- ip pool: zw metric 20 ipv6 pool: Failure ratio : 100% Failure duration : 0 min ---------------------------------------------------------- Rbs-ID : 2 Protect-type : ip-redirect Next-hop : 115.1.1.2 Vlanid : 0 Peer-ip : 115.1.1.2 Vrfid : 0 Tunnel-state : UP Tunnel-OperFlag: NORMAL Spec-interface : GigabitEthernet1/0/2 Total users : 0 Path 1: Tunnel-index : 0x0 Tunnel-index-v6: 0x0 Out-interface : GigabitEthernet1/0/2 Vc-lable : 4294967295 Vc-lable-v6 : 4294967295 User-number : 0 Public-Lsp-Load: FALSE ---------------------------------------------------------- Rbs-ID : 2 Protect-type : public(LSP) Peer-ip : 17.17.17.17 Vrfid : 4091 Tunnel-state : UP Tunnel-OperFlag: NORMAL Spec-interface : Null Total users : 0 Path 1: Tunnel-index : 0x400000f Tunnel-index-v6: 0x0 Out-interface : GigabitEthernet2/0/1 Vc-lable : 4294967295 Vc-lable-v6 : 4294967295 User-number : 0 Public-Lsp-Load: TRUE
Check whether a shared address pool is bound to an RBS.
Check whether an address pool name exists in the ip pool field in the command output.
If an address pool name exists in the ip pool field, a shared address pool has been bound to the RBS. Go to the next step.
If no address pool name exists in the ip pool field, the configuration requirements are not involved.
Check whether a protection tunnel is configured for the RBS.
Check whether the command output contains the Protect-type and Out-interface fields.
Run the display this command in the network-side interface view to check whether URPF is configured.
[HUAWEI -GigabitEthernet2/0/1] display this # interface GigabitEthernet2/0/1 description ith undo shutdown ipv6 enable ip address 186.0.0.17 255.255.255.0 ipv6 address 13:16::2/64 mpls mpls ldp undo dcn ip urpf strict ipv6 urpf strict #
Recovery measures:
Run the undo ip urpf command on a network-side interface to disable URPF.
Click to Read The Full Documentation...
If you have any problems, please post them in our Community. We are happy to solve them for you!