Configuring Private Network IP FRR

This section describes how to configure private network IP FRR. At a VPN site where multiple CEs connect to the same PE, this feature can immediately switch traffic to another PE-CE link when the next hop of the active route is unreachable.

Usage Scenario

This feature is suitable for IP services that are sensitive to the packet loss and delay on a private network. After private network IP FRR is configured, traffic is immediately switched to another PE-CE link when the next hop of the active route is unreachable. This reduces IP service interruption time.

On the network shown in Figure 1, in normal situations, the PE selects Link_A to forward traffic to site vpn1 and uses Link_B as the backup link. If the PE detects that the route to CE1 is unreachable, it will immediately switch traffic to Link_B and private network routes will be converged. Private network IP FRR minimizes the impact on VPN services.

Figure 1 Private network IP FRR

At present, the NetEngine 8000 F supports the following private network IP FRR modes:

  • IP FRR: applies to the networking where different PE-CE pairs use different routing protocols.

  • Private network BGP auto FRR: applies to the networking where BGP runs between the PEs and CE.

Pre-configuration Tasks

Before configuring private network IP FRR, complete the following tasks:

  • Configure a BGP/MPLS IP VPN.

  • Configure the PE to learn private network routes with the same prefix from different CEs attached to it.

Procedure

  • Configure IP FRR.
    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    4. Run ip frr

      Private network IP FRR is enabled.

    5. Run commit

      The configuration is committed.

  • Configure private network BGP auto FRR.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv4-family vpn-instance vpn-instance-name

      The BGP-VPN instance IPv4 address family view is displayed.

    4. Run auto-frr

      BGP auto FRR is enabled.

    5. (Optional) Run route-select delay delay-value

      A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.

    6. Run commit

      The configuration is committed.

  • (Optional) Enable IP FRR poison reverse.

    In Figure 2, IP FRR is deployed on the IP ring network, and the traffic enters the ring network from Device D and leaves the ring network from Device A. The primary and secondary next hops of Device D are Device C and Device E, respectively. The primary and secondary next hops of Device C are Device B and Device D, respectively. If the link between Device B and Device C fails and the traffic reaches Device C, Device C forwards the traffic back to Device D. However, before the route convergence is complete, Device D cannot detect the link failure between Device B and Device C, and continues to forward the traffic to Device C. As a result, an instantaneous traffic storm is generated between Device C and Device D. After Device D detects the link failure between Device B and Device C through the route convergence, the traffic is forwarded from Device D to the secondary next hop, Device E.

    To prevent instantaneous traffic storms caused by the route convergence and enable Device D to detect the link failure quickly, the poison-reverse enable command can be configured to enable IP FRR poison reverse. Device D forwards the traffic to Device E if the following conditions are met:

    • The next hop obtained based on the destination IP address in the FIB is the FRR primary interface.

    • The FRR primary interface is Up.

    • The outbound interface information is the same as the inbound interface information.

    If the link between Device B and Device C fails, the traffic forwarded from Device D to Device C goes back to Device D. However, Device D will not forward the traffic to Device C again but forward it to the secondary next hop, Device E. In Figure 3, the traffic leaves the ring network from Device A.

    Figure 2 Networking of the IP ring network
    Figure 3 Networking of the IP ring network with IP FRR poison reverse

    1. Run interface interface-type interface-number

      The interface or sub-interface view is displayed.

      The Eth-Trunk interface, Eth-Trunk sub-interface, GE interface, or GE sub-interface view can be displayed.

    2. Run poison-reverse enable

      IP FRR poison reverse is enabled.

      On an IP ring network configured with IP FRR, the poison-reverse enable command is used to prevent instantaneous traffic storms caused by the route convergence.

      In a load balancing scenario, poison reverse does not take effect.

Parent Topic: BGP/MPLS IP VPN Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >