Method used to configure two egresses for backup on the AR

3

Huawei AR routers can establish IPSec tunnels with remote devices using two egress links in backup or load balancing mode.
There is no difference on the configuration between different models and versions. For details about the configuration, see "Example for Establishing an IPSec Tunnel Between the Enterprise Headquarters and Branch Using a Multi-Link Shared IPSec Policy Group" of "IPSec Configuration" in based Configuration Guide - VPN .

Other related questions:
Example for associating a static route with NQA on the AR router
Requirements: There are two egresses from the AR to the destination network segment. By default, services are transmitted through the primary egress. If the primary egress fails, services are switched to the backup egress. Because intermediate devices are deployed, the AR may not detect the fault of the intermediate link or device. In this case, services cannot be immediately switched to the backup link, causing service interruptions. The procedure for associating NQA with static route on the AR router is as follows: 1. Configure an NQA test instance of ICMP. 2. Associate the static route with the NQA test instance. Example: Associate the static route with the NQA test instance admin test. When the destination IP address is unreachable, the static route is ineffective. [HUAWEI] nqa test-instance admin test //The test instance administrator is admin. Associate the static route with the NQA test instance and the test instance name is test. The two parameters can be user-defined. [HUAWEI-nqa-admin-test] test-type icmp //Configure the NQA test instance of ICMP. [HUAWEI-nqa-admin-test] destination-address ipv4 192.168.10.1 //Configure the destination address of the NQA test instance. [HUAWEI-nqa-admin-test] frequency 10 //Configure the interval between two tests. [HUAWEI-nqa-admin-test] probe-count 2 //Configure the probe count. [HUAWEI-nqa-admin-test] start now //Start the NQA test instance immediately. [HUAWEI-nqa-admin-test] q [HUAWEI] ip route-static 10.0.0.0 255.255.0.0 192.168.0.254 track nqa admin test //sociate the static route with the NQA test instance. [HUAWEI] ip route-static 10.0.0.0 255.255.0.0 192.168.1.254 preference 80 //Configure the static route of 10.0.0.0/16 and set the priority to 80.

Method used to configure interworking between BFD sessions and the two-node cluster hot backup on the USG firewall
The VGMP management group is the core of the two-node cluster hot backup. It determines the active/standby state of a device. By means of interworking between BFD sessions and the two-node cluster hot backup, the VGMP management group monitors static BFD sessions, and the priority of the VGMP management group varies depending on the BFD session state. In this way, the active/standby switchover between devices is triggered. This case describes key configuration for the interworking between BFD sessions and the two-node cluster hot backup using active/standby two-node cluster hot backup as an example. 1. Establish the two-node cluster hot backup on two devices. 2. On USG_A and Router_A, create BFD sessions. # On USG_A, configure BFD session 1, and set the peer IP address to 1.1.1.2, local identifier to 10, and remote identifier to 20. HRP_A[USG_A] bfd HRP_A[USG_A-bfd] quit HRP_A[USG_A] bfd 1 bind peer-ip 1.1.1.2 HRP_A[USG_A-bfd-session-1] discriminator local 10 HRP_A[USG_A-bfd-session-1] discriminator remote 20 HRP_A[USG_A-bfd-session-1] commit HRP_A[USG_A-bfd-session-1] quit # On Router_A, configure BFD session 1, and set the peer IP address to 10.100.30.2, local identifier to 20, and remote identifier to 10. 3. On USG_A, configure the interworking between BFD sessions and the two-node cluster hot backup. HRP_A[USG_A] hrp track bfd-session 10 master 4. On USG_B and Router_B, create BFD sessions. # On USG_B, configure BFD session 1, and set the peer IP address to 2.2.2.2, local identifier to 10, and remote identifier to 20. HRP_S[USG_B] bfd HRP_S[USG_B-bfd] quit HRP_S[USG_B] bfd 1 bind peer-ip 2.2.2.2 HRP_S[USG_B-bfd-session-1] discriminator local 10 HRP_S[USG_B-bfd-session-1] discriminator remote 20 HRP_S[USG_B-bfd-session-1] commit HRP_S[USG_B-bfd-session-1] quit # On Router_B, configure BFD session 1, and set the peer IP address to 10.100.40.2, local identifier to 20, and remote identifier to 10. 5. On USG_A, configure the interworking between BFD sessions and the two-node cluster hot backup. HRP_S[USG_B] hrp track bfd-session 10 slave Note: The USG6000 configuration must be consistent with the key configuration of the USG2000&5000. This case takes the USG2000&5000 as an example to describe the configuration. You can learn the USG6000 configuration in other configurations. For specific configurations, click Method used to configure interworking between BFD sessions and the two-node cluster hot backup client on the USG firewall.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top