Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
NE40E-How to check VPN se...

NE40E-How to check VPN services in case the primary link between PEs fails.

Created: Aug 22, 2019 09:57:47Latest reply: Oct 31, 2019 20:06:35 317 4 0 0 0
  Rewarded HiCoins: 5 (problem resolved)
View the author 1#

How to check VPN services?

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Difference of setting L2VPN between Huawei and Juniper device
Next: Load Balancing on the Backbone Network
Featured Answers

Best answer

(0) (0)
E.DR_91
MVE Author Created Aug 22, 2019 10:01:34

Hi Dear
please check below :

Configuring VPN FRR
If a CE is dual-homed to two PEs, you can configure VPN FRR to ensure that VPN services switch to a secondary link if the primary link between PEs fails.
Usage Scenario
VPN FRR applies to services that are sensitive to packet loss and delay on VPNs. On the network shown in Figure 1, CE1 is dual-homed to PE2 and PE3. VPN FRR is configured on PE1. When the link between PE1 and PE2 fails, VPN traffic needs to be fast switched to the link between PE1 and PE3.


You can enable VPN FRR in either of the following views as required: VPN instance IPv4 address family view and BGP-VPN instance IPv4 address family view. If only a BGP VPNv4 peer relationship is configured and no VPN instance is configured, enable VPN FRR in the BGP-VPN instance IPv4 address family view.
Pre-configuration Tasks
Before configuring VPN FRR, complete the following tasks:
Configure a routing protocol on the router to ensure IP connectivity.
Generate two unequal-cost routes on the PE by setting different costs or metrics.
Set up the VPN.
Procedure
Enable VPN FRR in the VPN instance IPv4 address family view.
Run system-view

The system view is displayed.

Run ip vpn-instance vpn-instance-name

The VPN instance view is displayed.

Run ipv4-family

The VPN instance IPv4 address family view is displayed.

Run vpn frr

VPN FRR is enabled.

(Optional) Run quit

Return to the VPN instance view.

(Optional) Run quit

Return to the system view.

(Optional) Run bgp as-number

The BGP view is displayed.

(Optional) Run ipv4-family vpn-instance vpn-instance-name

The BGP-VPN instance IPv4 address family view is displayed.

(Optional) Run route-select delay delay-value

A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default value is 0, indicating that the device on which FRR is configured selects a route to the intermediate device on the primary path without a delay.

Run commit

The configuration is committed.

Enable VPN FRR in the BGP-VPN instance IPv4 address family view.
Run system-view

The system view is displayed.

Run bgp as-number

The BGP view is displayed.

Run ipv4-family vpn-instance vpn-instance-name

The BGP-VPN instance IPv4 address family view is displayed.

Run auto-frr

VPN FRR is enabled.

(Optional) Run route-select delay delay-value

A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default value is 0, indicating that the device on which FRR is configured selects a route to the intermediate device on the primary path without a delay.

Run commit

The configuration is committed.

The reference : NetEngine40E_V800R011C00SPC300

Regards.
View more
  • x
  • convention:
All Answers
(1) (0)
2#
Vic_Mar
Vic_Mar Created Aug 22, 2019 10:00:54

@spotoclub
View more
  • x
  • convention:
(0) (0)
3#
E.DR_91
E.DR_91 MVE Author Created Aug 22, 2019 10:01:34

Hi Dear
please check below :

Configuring VPN FRR
If a CE is dual-homed to two PEs, you can configure VPN FRR to ensure that VPN services switch to a secondary link if the primary link between PEs fails.
Usage Scenario
VPN FRR applies to services that are sensitive to packet loss and delay on VPNs. On the network shown in Figure 1, CE1 is dual-homed to PE2 and PE3. VPN FRR is configured on PE1. When the link between PE1 and PE2 fails, VPN traffic needs to be fast switched to the link between PE1 and PE3.


You can enable VPN FRR in either of the following views as required: VPN instance IPv4 address family view and BGP-VPN instance IPv4 address family view. If only a BGP VPNv4 peer relationship is configured and no VPN instance is configured, enable VPN FRR in the BGP-VPN instance IPv4 address family view.
Pre-configuration Tasks
Before configuring VPN FRR, complete the following tasks:
Configure a routing protocol on the router to ensure IP connectivity.
Generate two unequal-cost routes on the PE by setting different costs or metrics.
Set up the VPN.
Procedure
Enable VPN FRR in the VPN instance IPv4 address family view.
Run system-view

The system view is displayed.

Run ip vpn-instance vpn-instance-name

The VPN instance view is displayed.

Run ipv4-family

The VPN instance IPv4 address family view is displayed.

Run vpn frr

VPN FRR is enabled.

(Optional) Run quit

Return to the VPN instance view.

(Optional) Run quit

Return to the system view.

(Optional) Run bgp as-number

The BGP view is displayed.

(Optional) Run ipv4-family vpn-instance vpn-instance-name

The BGP-VPN instance IPv4 address family view is displayed.

(Optional) Run route-select delay delay-value

A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default value is 0, indicating that the device on which FRR is configured selects a route to the intermediate device on the primary path without a delay.

Run commit

The configuration is committed.

Enable VPN FRR in the BGP-VPN instance IPv4 address family view.
Run system-view

The system view is displayed.

Run bgp as-number

The BGP view is displayed.

Run ipv4-family vpn-instance vpn-instance-name

The BGP-VPN instance IPv4 address family view is displayed.

Run auto-frr

VPN FRR is enabled.

(Optional) Run route-select delay delay-value

A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.
The delay-value value is an integer ranging from 0 to 3600, in seconds. The default value is 0, indicating that the device on which FRR is configured selects a route to the intermediate device on the primary path without a delay.

Run commit

The configuration is committed.

The reference : NetEngine40E_V800R011C00SPC300

Regards.
View more
  • x
  • convention:
(0) (0)
4#
Ge_In
Ge_In Created Oct 31, 2019 14:26:02

Good Question
View more
  • x
  • convention:
(0) (0)
5#
ViktorG
ViktorG Created Oct 31, 2019 20:06:35

Hello Guys!

VPN FRR is just a service protection technique that can rely upon not optimal route. We, as network engineers should also
consider:
- Peer or route or LSP failure detection - which can trigger the VPN FRR
- service protection
- After failure route/LSP normalisation /optimisation

Best Regards!
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.