(Optional) Configuring the Protection Switching Function

Protection switching can be configured to provide high availability for an intra-AS seamless MPLS network.

Context

On an intra-AS seamless MPLS network that has protection switching enabled, if a link or node fails, traffic switches to a backup path, which implements uninterrupted traffic transmission.

Tunnel Type	Protected Object	Nodes to Be Configured	Detection Method	Protection Function
MPLS TE tunnel (without Ps on links at the network layer)	Protects access rings, aggregation rings, and links at the core layer.	All nodes	Configure BFD for interface.	Configure either of the following TE FRR functions: Configure TE manual FRR. Configure TE Auto FRR.
MPLS TE tunnel (with Ps on links at the network layer)	Protects access rings, aggregation rings, and links at the core layer.	All nodes	Configure static BFD for CR-LSP or dynamic BFD for CR-LSP.	Configure CR-LSP hot standby.
MPLS TE tunnel	Protects AGGs and core ABRs.	All nodes	Configure BFD for TE.	Configure BGP LSP FRR.
MPLS LDP LSP	Protects access and aggregation rings, as well as links, AGGs, and core ABRs at the core layer.	All nodes	Configure static BFD to monitor an LDP LSP or dynamic BFD for LDP LSPs.	Configure BGP LSP FRR.
MPLS TE tunnel or MPLS LDP LSP	Protects a whole BGP LSP and MP-BGP peers on an L3VPN.	CSGs and MASGs	Configure BFD for BGP tunnel.	Configure either of the following VPN FRR functions: Enable VPN FRR in the VPN instance IPv4 address family view. Enable VPN FRR in the BGP-VPN instance IPv4 address family view.

Procedure

Configure BFD for interface.
1. Run system-view
  The system view is displayed.
2. Run bfd session-name bind peer-ip peer-ip [ vpn-instance vpn-name ] interface interface-type interface-number [ source-ip source-ip ]
  A BFD session for IPv4 is bound to an interface.
3. Run discriminator local discr-value
  The local discriminator of the BFD session is created.
4. Run discriminator remote discr-value
  The remote discriminator of the BFD session is created.
  
  The local and remote discriminators on the two ends of a BFD session must be correctly associated. That is, the local discriminator of the local device must be the same as the remote discriminator of the remote device, and the remote discriminator of the local device must be the same as the local discriminator of the remote device. If the association is incorrect, a BFD session cannot be set up.
5. Run commit
  The configuration is committed.
Configure TE manual FRR.
Perform the following steps on the ingress of the primary tunnel:
1. Run system-view
  The system view is displayed.
2. Run interface tunnel tunnel-number
  The tunnel interface view of the primary tunnel is displayed.
3. Run mpls te fast-reroute [ bandwidth ]
  The TE FRR function is enabled.
4. Run commit
  The configuration is committed.
Configure an FRR bypass tunnel.
1. Run system-view
  The system view is displayed.
2. Run interface tunnel tunnel-number
  The tunnel interface view of a bypass tunnel is displayed.
3. Run tunnel-protocol mpls te
  MPLS TE is configured as a tunnel protocol.
4. Run destination ip-address
  The LSR ID of an MP is configured as the destination address of the bypass tunnel.
5. Run mpls te tunnel-id tunnel-id
  A tunnel ID of the bypass tunnel is set.
6. (Optional) Run mpls te path explicit-path path-name
  An explicit path is specified for the bypass tunnel.
  
  Physical links of a bypass tunnel cannot overlap protected physical links of the primary tunnel.
7. (Optional) Run mpls te bandwidth ct0 bandwidth
  The bandwidth is set for the bypass tunnel.
8. Run mpls te bypass-tunnel
  The bypass tunnel function is enabled.
  
  After a bypass tunnel is configured, the device automatically records routes related to the bypass tunnel.
  Note the following settings to prevent a protection failure:
  - A tunnel interface can only be used by either a bypass tunnel or a backup tunnel. A protection failure will occur if the mpls te bypass-tunnel and mpls te backup commands are both run on the tunnel interface.
  - A tunnel interface can only be used by either a bypass tunnel or a primary tunnel. A protection failure will occur if the mpls te bypass-tunnel and mpls te fast-reroute commands are both run on the tunnel interface.
9. Run mpls te protected-interface interface-type interface-number
  The interface on which traffic is protected by the bypass tunnel is specified.
  - A tunnel interface can only be used by either a bypass tunnel or a backup tunnel. A protection failure will occur if the mpls te protected-interface and mpls te backup commands are both run on the tunnel interface.
  - A tunnel interface can only be used by either a bypass tunnel or a backup tunnel. A protection failure will occur if the mpls te protected-interface and mpls te fast-reroute commands are both run on the tunnel interface.
10. Run commit
  The configuration is committed.
Configure MPLS TE Auto FRR.
Perform the following steps on the ingress or a transit node of a primary tunnel:
1. Run system-view
  The system view is displayed.
2. Run mpls
  The MPLS view is displayed.
3. Run mpls te auto-frr
  MPLS TE Auto FRR is enabled globally.
4. Run quit
  Return to the system view.
5. Run interface interface-type interface-number
  The view of the outbound interface on the primary tunnel is displayed.
6. (Optional) Run mpls te auto-frr { link | node | default | self-adapting }
  TE Auto FRR is enabled on the interface.
  
  By default, all MPLS TE-enabled interfaces support TE Auto FRR after MPLS TE Auto FRR is enabled globally. To disable TE Auto FRR on interfaces, run the mpls te auto-frr block command on these interfaces. The mpls te auto-frr block command disables TE Auto FRR on interfaces, even if TE Auto FRR is enabled or re-enabled globally.
  
  By default, TE Auto FRR is disabled.
  - If the mpls te auto-frr default command is run, the interface Auto FRR capability status is the same as the global Auto FRR capability status.
7. Run mpls te fast-reroute [ bandwidth ]
  The TE FRR function is enabled.
  
  The bandwidth parameter can be configured to enable FRR bandwidth protection for the primary tunnel.
8. (Optional) Run mpls te bypass-attributes bandwidth bandwidth [ priority setup-priority [ hold-priority ] ]
  Attributes for the Auto FRR bypass tunnel are set.
  - These attributes for the Auto FRR bypass tunnel can be set only after the mpls te fast-reroute bandwidth command is run for the primary tunnel.
  - The Auto FRR bypass tunnel bandwidth cannot exceed the primary tunnel bandwidth.
  - If no attributes are configured for an Auto FRR bypass tunnel, the Auto FRR bypass tunnel by default uses the same bandwidth as that of the primary tunnel.
  - The setup priority of the bypass tunnel cannot be higher than the holding priority. Each priority of the bypass tunnel cannot be higher than that of the primary tunnel.
  - If the primary tunnel FRR is disabled, the bypass tunnel attributes are automatically deleted.
  - On one TE tunnel interface, the bypass tunnel bandwidth and the multi-CT are mutually exclusive.
9. Run commit
  The configuration is committed.
Configure static BFD for CR-LSP.
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is enabled globally on the local node, and the BFD view is displayed.
3. Run bfd session-name bind mpls-te interface tunnel interface-number te-lsp [ backup ]
  The BFD session is bound to the primary or backup CR-LSP of the specified tunnel.
  
  If the backup parameter is specified, the BFD session is bound to the backup CR-LSP.
4. Run discriminator local discr-value
  The local discriminator of the BFD session is configured.
5. Run discriminator remote discr-value
  The remote discriminator of the BFD session is configured.
  
  The local discriminator of the local device and the remote discriminator of the remote device are the same, and the remote discriminator of the local device and the local discriminator of the remote device are the same. A discriminator inconsistency causes the BFD session to fail to be established.
6. Run process-pst
  BFD is enabled to modify the port status table or link status table.
  
  If the BFD session on a trunk or VLAN member interface allows BFD to modify the port status table or link status table, and the interface is configured with the BFD session, you must configure the WTR time for the BFD session for detecting the interface. This prevents the BFD session on the interface from flapping when the member interface joins or leave the interface.
7. (Optional) Run min-tx-interval tx-interval
  The minimum interval at which BFD packets are sent is configured.
8. (Optional) Run min-rx-interval rx-interval
  The local minimum interval at which BFD packets are received is configured.
9. (Optional) Run detect-multiplier multiplier
  The local BFD detection multiplier is configured.
10. Run commit
  The configuration is committed.
Configure dynamic BFD for CR-LSP.
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is enabled globally on the local node, and the BFD view is displayed.
3. Run interface tunnel interface-number
  The TE tunnel interface view is displayed.
4. Run mpls te bfd enable
  The capability of dynamically creating BFD sessions is enabled on the TE tunnel.
  
  The command configured in the tunnel interface view takes effect only on the current tunnel interface.
5. Run commit
  The configuration is committed.
Configure CR-LSP hot standby.
1. Run system-view
  The system view is displayed.
2. Run interface tunnel tunnel-number
  The MPLS TE tunnel interface view is displayed.
3. Run mpls te backup hot-standby [ mode { revertive [ wtr interval ] | non-revertive } | overlap-path | wtr [ interval ] | dynamic-bandwidth ]
  CR-LSP hot standby is configured.
  Select the following parameters as needed to enable sub-functions:
  - mode revertive [ wtr interval ]: enables a device to switch traffic back to the primary CR-LSP.
  - mode non-revertive: disables a device from switching traffic back to the primary CR-LSP.
  - overlap-path: allows a hot-standby CR-LSP to overlap the primary CR-LSP if no available path is provided for the hot-standby CR-LSP.
  - wtr interval: sets the time before a traffic switchback is performed.
  - dynamic-bandwidth: enables a hot-standby CR-LSP to obtain bandwidth resources only after the hot-standby CR-LSP takes over traffic from a faulty primary CR-LSP. This function helps efficiently use network resources and reduce network costs.
4. Run commit
  The configuration is committed.
Configure BFD for TE.
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is enabled globally on the local node, and the BFD view is displayed.
3. Run bfd session-name bind mpls-te interface tunnel interface-number
  The TE tunnel to be detected by BFD sessions is specified.
  
  When the TE tunnel is in the Down state, a BFD session cannot be established.
4. Run discriminator local discr-value
  The local discriminator of the BFD session is configured.
5. Run discriminator remote discr-value
  The remote discriminator of the BFD session is configured.
  
  The local discriminator of the local device and the remote discriminator of the remote device are the same, and the remote discriminator of the local device and the local discriminator of the remote device are the same. A discriminator inconsistency causes the BFD session to fail to be established.
6. Run process-pst
  BFD is enabled to modify the port status table or link status table.
  
  If the BFD session on a trunk or VLAN member interface allows BFD to modify the port status table or link status table, and the interface is configured with the BFD session, you must configure the WTR time for the BFD session for detecting the interface. This prevents the BFD session on the interface from flapping when the member interface joins or leave the interface.
7. (Optional) Run min-tx-interval tx-interval
  The minimum interval at which BFD packets are sent is configured.
8. (Optional) Run min-rx-interval rx-interval
  The local minimum interval at which BFD packets are received is configured.
9. (Optional) Run detect-multiplier multiplier
  The local BFD detection multiplier is configured.
10. Run commit
  The configuration is committed.
Configure static BFD to monitor an LDP LSP.
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is enabled globally on the local node, and the BFD view is displayed.
3. Run bfd session-name bind ldp-lsp peer-ip ip-address nexthop ip-address [ interface interface-type interface-number ]
  A BFD session is bound to an LDP LSP.
4. Run discriminator local discr-value
  The local discriminator of the BFD session is configured.
5. Run discriminator remote discr-value
  The remote discriminator of the BFD session is configured.
  
  The local discriminator of the local device and the remote discriminator of the remote device are the same, and the remote discriminator of the local device and the local discriminator of the remote device are the same. A discriminator inconsistency causes the BFD session to fail to be established.
6. Run process-pst
  BFD is enabled to modify the port status table or link status table.
  
  If the BFD session on a trunk or VLAN member interface allows BFD to modify the port status table or link status table, and the interface is configured with the BFD session, you must configure the WTR time for the BFD session for detecting the interface. This prevents the BFD session on the interface from flapping when the member interface joins or leave the interface.
7. (Optional) Run min-tx-interval tx-interval
  The minimum interval at which BFD packets are sent is configured.
8. (Optional) Run min-rx-interval rx-interval
  The local minimum interval at which BFD packets are received is configured.
9. (Optional) Run detect-multiplier multiplier
  The local BFD detection multiplier is configured.
10. Run commit
  The configuration is committed.
Configure dynamic BFD for LDP LSPs.
Perform the following steps on the ingress:
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is globally enabled.
3. Run quit
  Return to the system view.
4. Run mpls
  The MPLS view is displayed.
5. Run mpls bfd enable
  The capability of dynamically establishing a BFD session is configured on the ingress.
6. Run mpls bfd-trigger { host | fec-list list-name }
  A policy is configured to establish a BFD session to monitor an LDP LSP.
7. Run commit
  The configuration is committed.
Perform the following steps on the egress:
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is globally enabled, and the BFD view is displayed.
3. Run mpls-passive
  The capability of passively creating a BFD session is configured on the egress.
4. Run commit
  The configuration is committed.
Configure BGP LSP FRR.

In a seamless MPLS scenario, BGP LSP FRR must be configured on both the ingress and a transit node.

Perform the following steps on the ingress:
1. Run system-view
  The system view is displayed.
2. Run bgp { as-number-plain | as-number-dot }
  The BGP view is displayed.
3. Run ipv4-family unicast
  The BGP-IPv4 unicast address family view is displayed.
4. Run auto-frr
  BGP Auto FRR is enabled for unicast routes.
5. Run bestroute nexthop-resolved tunnel [ inherit-ip-cost ]
  Labeled BGP IPv4 unicast routes can participate in route selection only when their next hops recurse to tunnels.
6. Run ingress-lsp protect-mode bgp-frr
  The BGP LSP FRR protection mode is configured.
  
  Perform this step on each CSG and MASG to implement protection switching for the entire BGP LSP.
7. (Optional) Run route-select delay delay-value
  A delay for selecting a route to the intermediate device on the primary path is configured.
  
  After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.
8. Run commit
  The configuration is committed.
Perform the following steps on the transit node:
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is enabled globally.
3. Run ipv4-family unicast
  The BGP-IPv4 unicast address family view is displayed.
4. Run auto-frr
  BGP Auto FRR for unicast routes is enabled.
5. Run bestroute nexthop-resolved tunnel [ inherit-ip-cost ]
  The device is enabled to allow labeled BGP IPv4 unicast routes that recurse only to MPLS tunnels to participate in route selection.
6. (Optional) Run route-select delay delay-value
  A delay for selecting a route is configured.
  
  After the primary path recovers, a delay for selecting a route to the intermediate device on the primary path is configured. An appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.
7. Run commit
  The configuration is committed.
Configure BFD for BGP tunnel.
Perform the following steps on the ingress of an E2E BGP tunnel
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is enabled globally.
3. Run quit
  Return to the system view.
4. Run mpls
  The MPLS view is displayed.
5. Run mpls bgp bfd enable
  The ability to dynamically establish BGP BFD sessions is enabled on the ingress.
6. Run mpls bgp bfd-trigger-tunnel { host | ip-prefix ip-prefix-name }
  A policy for dynamically establishing a BGP BFD session is configured.
7. Run commit
  The configuration is committed.
Perform the following steps on the egress of an E2E BGP tunnel:
1. Run system-view
  The system view is displayed.
2. Run bfd
  BFD is enabled globally, and the BFD view is displayed.
3. Run mpls-passive
  The capability of passively creating a BFD session is configured on the egress.
4. Run commit
  The configuration is committed.
Enable VPN FRR in the VPN instance IPv4 address family view.
1. Run system-view
  The system view is displayed.
2. Run ip vpn-instance vpn-instance-name
  The VPN instance view is displayed.
3. Run ipv4-family
  The VPN instance IPv4 address family view is displayed.
4. Run vpn frr
  VPN FRR is enabled.
5. (Optional) Run quit
  Return to the system view.
6. (Optional) Run quit
  Return to the system view.
7. (Optional) Run bgp { as-number-plain | as-number-dot }
  The BGP view is displayed.
8. (Optional) Run ipv4-family vpn-instance vpn-instance-name
  The BGP-VPN instance IPv4 address family view is displayed.
9. (Optional) Run bestroute nexthop-resolved tunnel [ inherit-ip-cost ]
  A VPN route is configured to participate in route selection only when its next hop recurses to a tunnel. This configuration ensures that packets are not lost during a traffic switchback.
10. (Optional) Run route-select delay delay-value
  A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.
  
  The delay-value is an integer ranging from 0 to 3600, in seconds. The default delay-value is 0, indicating that the device on which FRR is configured selects a route to the intermediate device on the primary path without a delay.
11. Run commit
  The configuration is committed.
Enable VPN FRR in the BGP-VPN instance IPv4 address family view.
1. Run system-view
  The system view is displayed.
2. Run bgp { as-number-plain | as-number-dot }
  The BGP view is displayed.
3. (Optional) Run ipv4-family vpn-instance vpn-instance-name
  The BGP-VPN instance IPv4 address family view is displayed.
4. Run auto-frr
  VPN Auto FRR is enabled.
5. (Optional) Run bestroute nexthop-resolved tunnel [ inherit-ip-cost ]
  A VPN route is configured to participate in route selection only when its next hop recurses to a tunnel. This configuration ensures that packets are not lost during a traffic switchback.
6. (Optional) Run route-select delay delay-value
  A delay for selecting a route to the intermediate device on the primary path is configured. After the primary path recovers, an appropriate delay ensures that traffic switches back to the primary path after the intermediate device completes refreshing forwarding entries.
  
  The delay-value is an integer ranging from 0 to 3600, in seconds. The default delay-value is 0, indicating that the device on which FRR is configured selects a route to the intermediate device on the primary path without a delay.
7. Run commit
  The configuration is committed.