Configuring User Information Backup in Shared IP Address Pool Mode

In shared address pool mode, links need to be added, and the networking mode is flexible.

Context

The deployment in unshared address pool mode requires a large number of address pools to be planned, which wastes address resources. To resolve the preceding issue, a shared address pool needs to be deployed. When a shared address pool is deployed, the following requirements must be met:

The address pool cannot be bound to a remote backup profile (RBP).
Both the master and backup devices need to be configured with the route control function to advertise address pool subnet routes so that the address pool subnet routes advertised by the master device have a higher priority. This prevents load balancing between network-side devices.
A protection tunnel (for example, an LSP) must be established between the master and backup devices. If a user's uplink fails, the user's downstream traffic will be switched to the protection tunnel.
The primary and secondary address pools need to be bound to the RBS using the ip-pool pool-name command in the RBS view. This ensures that network-side traffic can be forwarded through the protection tunnel before host routes are generated.

Perform the following steps on the devices that back up each other:

Procedure

Configure a protection path in IP redirection mode for public network users.
Before configuring a protection path in IP redirection mode, ensure that a direct link has been deployed between the devices that back up each other.
1. Run the system-view command to enter the system view.
2. Run the remote-backup-service service-name command to enter the RBS view.
3. Run the protect redirect ip-nexthop ip-address interface { interface-name | interface-type interface-num } command to configure a protection path in IP redirection mode for public network users, with the peer IP address and the local outbound interface specified.
4. Run the ip-pool pool-name command to bind the primary address pool to the RBS.
5. Run the commit command to commit the configuration.
Configure a protection path in tunnel mode for public network users.
1. Run the system-view command to enter the system view.
2. Run the remote-backup-service service-name command to enter the RBS view.
3. Run the protect tnl-policy policy-name peer-ip ip-address [ interface interface-type interface-number ] command to configure a protection path for public network users as an LSP, MPLS TE tunnel, or GRE tunnel. The tunnel type is specified through the tunnel policy, and the outbound interface is optional.
4. Run the ip-pool pool-name command to bind the primary address pool to the RBS.
5. Run the commit command to commit the configuration.
Configure a protection path for VPN users.
1. Run the system-view command to enter the system view.
2. Run the remote-backup-service service-name command to enter the RBS view.
3. Run the protect ip-vpn-instance vpn-instance-name peer-ip ip-address [ interface interface-type interface-number ] command to configure a protection tunnel for VPN users, with the VPN instance name specified. peer-ip specifies the IP address of the loopback interface bound to the VPN instance on the peer end. The tunnel type cannot be specified. Instead, it is automatically selected by the device. The outbound interface is optional.
4. Run the ip-pool pool-name command to bind the primary address pool to the RBS.
5. Run the commit command to commit the configuration.
Configure a protection tunnel template for the public and private networks.
1. Run the system-view command to enter the system view.
2. Run the remote-backup-service service-name command to enter the RBS view.
3. Either of the following methods can be used:
  - Run the protect lsp-tunnel for-all-instance peer-ip ip-address command to configure a protection tunnel template in LSP mode.
  - After a tunnel policy is created using the tunnel-policy command, run the protect srv6 tunnel-policy policy-name endpoint ipv6-address color color-number command to configure a protection tunnel template in SRv6 mode.
4. Run the ip-pool pool-name command to bind the primary address pool to the RBS.
5. Run the commit command to commit the configuration.
A protection tunnel template can be configured concurrently for both a private network and a public network. After the protect lsp-tunnel for-all-instance peer-ip command is run, a protection tunnel for a public network is directly created, and a protection tunnel for private networks is triggered by user login. This eliminates the need for configuring a protection tunnel for each private network, simplifying tunnel configuration.

To specifically create a protection tunnel for a public network, run the protect tnl-policy policy-name peer-ip ip-address [ interface interface-type interface-number ] command. To specifically create a protection for a private network, run the protect ip-vpn-instance vpn-instance-name peer-ip ip-address [ interface interface-type interface-number ] command. If one protection path is deployed using the protect lsp-tunnel for-all-instance peer-ip command and the other protection path is deployed specifically for a private or public network, the protection path deployed using the protect lsp-tunnel for-all-instance peer-ip command has a higher priority and the corresponding configuration takes effect.

If both the protect lsp-tunnel for-all-instance peer-ip and protect srv6 commands are configured on the device, the protect srv6 command takes effect and has the highest priority.

Before running the protect srv6 command, you need to run the tunnel-policy command on the network side to create a tunnel policy. For details, see the SRv6 TE Policy configuration (static configuration) in the product documentation.