Configuring VPN FRR

Pre-configuration Tasks

Before configuring VPN FRR, complete the following tasks:

Configure basic BGP/MPLS IP VPN functions (OSPF between the PE and CE). For details, see Configuring Basic BGP/MPLS IP VPN Functions.
Generate two unequal-cost routes on the PE by setting different costs or metrics.

Context

VPN FRR is used in PE multi-homing scenarios to enhance network reliability. As shown in Figure 1, if the primary link (Link A) between PE1 and ASBR1 fails, VPN FRR quickly switches traffic to the backup link (Link B) between PE1 and ASBR2 to minimize the impact of the link failure on VPN services.

Figure 1 VPN FRR networking

You can configure VPN FRR in either of the following modes:

Manual VPN FRR: Information such as the backup next hop is specified.
Auto VPN FRR: The backup next hop is unspecified, but a proper next hop is selected for the VPN route.

You can select either mode as required. If both of them are configured, manual VPN FRR has a higher priority. When manual VPN FRR fails, auto VPN FRR takes effect.

Configuring the lsp-trigger command on the P is not recommended when an LSP is created on the VPN backbone network. Use the default configuration on the P. Otherwise, VPN FRR switchback may fail.
To implement fast switching within milliseconds, configure BFD for LSPs. For details about BFD, see Configuring Static BFD to Detect an LDP LSP, Configuring Dynamic BFD for LDP LSPs in "MPLS LDP Configuration" and Configuring Static BFD for TE Tunnels in "MPLS TE Configuration" in S2720, S5700, and S6700 V200R019C10 Configuration Guide - MPLS. Perform the BFD configuration based on the tunnel used for forwarding VPN services.

Perform the following steps on a PE device.

Procedure

Configure manual VPN FRR.
1. Run system-view
  
  The system view is displayed.
2. Run route-policy route-policy-name { permit | deny } node node
  
  The routing policy node is created and the routing policy view is displayed.
3. Run apply backup-nexthop ip-address
  
  The backup next hop is configured.
4. Run quit
  Return to the system view.
5. Run ip vpn-instance vpn-instance-name
  
  The VPN instance view is displayed.
6. Run ipv4-family
  
  The VPN instance IPv4 address family view is displayed.
7. Run vpn frr route-policy route-policy-name
  
  The VPN FRR is enabled.
Enable VPN auto FRR using a routing policy.
1. Run system-view
  
  The system view is displayed.
2. Run route-policy route-policy-name { permit | deny } node node
  
  The routing policy node is created and the routing policy view is displayed.
3. Run apply backup-nexthop auto
  
  The auto mode is used.
4. Run quit
  Return to the system view.
5. Run ip vpn-instance vpn-instance-name
  
  The VPN instance view is displayed.
6. Run ipv4-family
  
  The VPN instance IPv4 address family view is displayed.
7. Run vpn frr route-policy route-policy-name
  
  The VPN FRR is enabled.
Enable VPN auto FRR without using a routing policy
1. Run system-view
  
  The system view is displayed.
2. Run bgp { as-number-plain | as-number-dot }
  
  The BGP view is displayed.
3. Run ipv4-family vpn-instance vpn-instance-name
  
  The BGP-VPN instance IPv4 address family view is displayed.
4. Run auto-frr
  
  VPN Auto FRR is enabled.
(Optional) Add multiple VPNv4 routes to the VPN instance with a different RD from these routes' RDs.

By default, if the RD of the VPN instance on the local PE is different from the RDs of the VPN instances on multiple remote PEs, and the RDs of the VPN instances on remote PEs are the same, the local PE adds only the optimal route to the VPN instance after receiving VPNv4 or VPNv6 routes with the same destination address from the remote PEs. As a result, load balancing or VPN FRR does not take effect. To resolve this problem, run the vpn-route cross multipath command on the local PE.
1. Run system-view
  
  The system view is displayed.
2. Run bgp { as-number-plain | as-number-dot }
  
  The BGP view is displayed.
3. Run ipv4-family vpn-instance vpn-instance-name
  
  The BGP-VPN instance IPv4 address family view is displayed.
4. Run vpn-route cross multipath
  
  Multiple VPNv4 routes are added to the VPN instance with a different RD from these routes' RDs.
(Optional) Disable VPN FRR in all VPN instances.

To disable VPN FRR in a VPN instance, run the undo vpn frr command in the VPN instance view. However, if multiple VPN instances are configured on a PE and VPN FRR is enabled for each VPN instance, it is complex to disable VPN FRR one by one in these VPN instances.

To address this problem, the device allows you to disable VPN FRR in all VPN instances using one command.
1. Run system-view
  
  The system view is displayed.
2. Run undo vpn frr all
  
  VPN FRR is disabled from all VPN instances.
  
  The undo vpn frr all command disables VPN FRR in all VPN instance views but does not disable VPN auto FRR in the BGP-VPN instance IPv4 address family view. To disable VPN auto FRR from a BGP-VPN instance IPv4 address family, run the undo auto-frr command in the BGP-VPN instance IPv4 address family view.

Verifying the Configuration

All VPN FRR configurations are complete, run the display ip routing-table vpn-instance vpn-instance-name [ ip-address ] verbose command to check information about the backup next-hop PE, backup tunnel, and backup label.