Got it

[Configuration and Deployment Instructions]Disable URPF on a Network-Side Interface When a Shared Address Pool Is Deployed in a Dual-Device Hot Backup

1081 0 0 0 0

未标题-1


Disable URPF on a Network-Side Interface When a Shared Address Pool Is Deployed in a Dual-Device Hot Backup Scenario


Scenario

Deploying exclusive address pools requires a large number of address pools to be planned, which wastes address resources. To resolve the preceding issue, deploy a shared address pool. The following figure shows the deployment of a shared address pool in a dual-device hot backup scenario.


imgDownload?uuid=b1bac458ca624ba18292494



Configuration Requirements

The undo ip urpf command must be run on a network-side interface to disable URPF.

Misconfiguration Risks

Risk description:

When a shared address pool is configured in a dual-device hot backup scenario, traffic passes through the protection tunnel and reaches the user side if the master device's user-side link fails. If URPF is configured on the network-side interface, there is a possibility that downstream traffic cannot enter the protection tunnel. As a result, traffic loss occurs.


imgDownload?uuid=040104af79714f788bef79a

Identification method:

  • Run the display remote-backup-service service-name command to check all RBS information.

    [HUAWEI] display remote-backup-service rbs                                                                                                  ----------------------------------------------------------                                                                          
     Service-Index    : 2                                                                                                               
     Service-Name     : rbs                                                                                                             
     TCP-State        : Initial                                                                                                         
     Peer-ip          : 28.1.1.1                                                                                                        
     Source-ip        : 6.6.6.3                                                                                                         
     TCP-Port         : 6002                                                                                                            
     Track-BFD        : --                                                                                                              
     Uplink state     : 2 (1:DOWN 2:UP)                                                                                                 
     Domain-map-list  : --                                                                                                              
    ----------------------------------------------------------                                                                          
                                                                                                                                        
     ip pool:                                                                                                                           
             zw metric 20                                                                                                               
     ipv6 pool:                                                                                                                         
     Failure ratio    : 100%                                                                                                            
     Failure duration : 0 min                                                                                                           
    ----------------------------------------------------------                                                                          
     Rbs-ID         : 2                                                                                                                 
     Protect-type   : ip-redirect                                                                                                       
     Next-hop       : 115.1.1.2                                                                                                         
     Vlanid         : 0                                                                                                                 
     Peer-ip        : 115.1.1.2                                                                                                         
     Vrfid          : 0                                                                                                                 
     Tunnel-state   : UP                                                                                                                
     Tunnel-OperFlag: NORMAL                                                                                                            
     Spec-interface : GigabitEthernet1/0/2                                                                                              
     Total users    : 0                                                                                                                 
     Path 1:                                                                                                                            
         Tunnel-index   : 0x0                                                                                                           
         Tunnel-index-v6: 0x0                                                                                                           
         Out-interface  : GigabitEthernet1/0/2                                                                                          
         Vc-lable       : 4294967295                                                                                                    
         Vc-lable-v6    : 4294967295                                                                                                    
         User-number    : 0                                                                                                             
         Public-Lsp-Load: FALSE                                                                                                         
                                                                                                                                        
    ----------------------------------------------------------                                                                          
     Rbs-ID         : 2                                                                                                                 
     Protect-type   : public(LSP)                                                                                                       
     Peer-ip        : 17.17.17.17                                                                                                       
     Vrfid          : 4091                                                                                                              
     Tunnel-state   : UP                                                                                                                
     Tunnel-OperFlag: NORMAL                                                                                                            
     Spec-interface : Null                                                                                                              
     Total users    : 0                                                                                                                 
     Path 1:                                                                                                                            
         Tunnel-index   : 0x400000f                                                                                                     
         Tunnel-index-v6: 0x0                                                                                                           
         Out-interface  : GigabitEthernet2/0/1                                                                                          
         Vc-lable       : 4294967295                                                                                                    
         Vc-lable-v6    : 4294967295                                                                                                    
         User-number    : 0                                                                                                             
         Public-Lsp-Load: TRUE
    • Check whether a shared address pool is bound to an RBS.

      Check whether an address pool name exists in the ip pool field in the command output.

      If an address pool name exists in the ip pool field, a shared address pool has been bound to the RBS. Go to the next step.

      If no address pool name exists in the ip pool field, the configuration requirements are not involved.

    • Check whether a protection tunnel is configured for the RBS.

      Check whether the command output contains the Protect-type and Out-interface fields.

  • Run the display this command in the network-side interface view to check whether URPF is configured.

    [HUAWEI -GigabitEthernet2/0/1] display this                                                                                                      #                                                                                                                                   
    interface GigabitEthernet2/0/1                                                                                                      
     description ith                                                                                                                    
     undo shutdown                                                                                                                      
     ipv6 enable                                                                                                                        
     ip address 186.0.0.17 255.255.255.0                                                                                                
     ipv6 address 13:16::2/64                                                                                                           
     mpls                                                                                                                               
     mpls ldp                                                                                                                           
     undo dcn ip urpf strict   ipv6 urpf strict                                                                                                                       #

Recovery measures:

Run the undo ip urpf command on a network-side interface to disable URPF.


Click to Read The Full Documentation...

If you have any problems, please post them in our Community. We are happy to solve them for you!

The post is synchronized to: Configuration and Deployment Instructions

  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.