VPN FRR

Background

As networks develop rapidly, the time used for end-to-end service convergence if a fault occurs on a carrier's network has been used as an indicator to measure bearer network performance. MPLS TE FRR is one of the commonly used fast switching technologies. The solution is to create an end-to-end TE tunnel between two PEs and a backup label switched path (LSP) that protects a primary LSP. When either of the PEs detects that the primary LSP is unavailable because of a node or link failure, the PE switches the traffic to the backup LSP.

MPLS TE FRR protects services in case a link or node fails between two PEs at both ends of a TE tunnel. MPLS TE FRR, however, cannot protect services against endpoint PE faults. If a PE fault occurs, services can only be restored through end-to-end route convergence and LSP convergence. The service convergence time is closely related to the number of routes inside an MPLS VPN and the number of hops on the bearer network. The more VPN routes, the longer the service convergence time.

VPN FRR sets in advance on a remote PE forwarding entries pointing to the active and standby PEs, respectively. In collaboration with fast PE fault detection, VPN FRR can reduce end-to-end service convergence time if a fault occurs on an MPLS VPN where a CE is dual-homed to two PEs. In VPN FRR, service convergence time depends on only the time required to detect remote PE faults and change tunnel status. VPN FRR enables the service convergence time to be irrelevant to the number of VPN routes on the bearer network.

Implementation

As shown in Figure 1, normally, CE1 accesses CE2 over Link A. If PE2 is Down, CE1 accesses CE2 over Link B.

Based on the traditional BGP/MPLS IP VPN technology, both PE2 and PE3 advertise routes destined for CE2 to PE1, and assign VPN labels to these routes. PE1 then selects a preferred VPNv4 route based on the routing policy. In this example, the preferred route is the one advertised by PE2, and only the routing information, including the forwarding prefix, inner label, selected LSP, advertised by PE2 is filled in the forwarding entry of the forwarding engine to guide packet forwarding.

If PE2 fails, PE1 detects the fault on PE2 (the BGP peer goes Down or the MPLS LSP is unavailable), re-selects the route advertised by PE3, and updates the forwarding entry to complete E2E service convergence. Before PE1 re-delivers the forwarding entry for the route advertised by PE3, CE1 cannot access CE2 for a certain period. This is because PE2 is the end point of the MPLS LSP to which the forwarding entry refers and fails. As a result, E2E services are interrupted.

VPN FRR is an improvement on the traditional reliability technology. VPN FRR enables PE1 to add the optimal route advertised by PE2 and the second optimal route advertised by PE3 to a forwarding entry. The optimal route is used for traffic forwarding, and the second optimal route is used as a backup route.

If a fault occurs on PE2, the MPLS LSP between PE1 and PE2 becomes unavailable. After detecting the fault by means of techniques such as BFD, PE1 marks the corresponding entry in the LSP status table as unavailable, and delivers the setting to the forwarding table. After selecting a forwarding entry, the forwarding engine examines the status of the LSP corresponding to the forwarding entry. If the LSP is unavailable, the forwarding engine uses the second optimal route carried in the forwarding entry to forward packets. After being tagged with the inner labels assigned by PE3, packets are transmitted to PE3 over the LSP between PE1 and PE3 and then forwarded to CE2. In this manner, fast end-to-end service convergence is implemented and traffic from CE1 to CE2 is restored.

If both EVPN L3VPN over SRv6 and L3VPN over SRv6 are deployed on the network, PE2 and PE3 advertise four routes destined for CE2 to PE1. To prevent routes from the same device (PE2 or PE3) from being selected as the optimal route and sub-optimal route, configure an export routing policy to change the local preference of routes. This policy ensures that the route with the highest preference is preferred, and the selected optimal route and sub-optimal route correspond to link A and link B, respectively.

Figure 1 VPN FRR networking

Other Functions

VPN FRR is a fast switching technique based on inner labels. The outer tunnels can be LDP LSPs, RSVP-TE tunnels. When the forwarding engine detects that the outer tunnel is unavailable during packet forwarding, fast switching based on inner labels can be implemented.

VPNv6 FRR implements fast switching of IPv6 VPN routes on an IPv6 VPN where a CE is dual-homed to two PEs. The working principle of VPNv6 FRR is similar to that of VPN FRR.

Usage Scenario

On a VPN where a CE is dual-homed to two PEs, after a PE fails, VPN FRR ensures that the VPN services from the CE to the PE can be rapidly switched to the standby PE for transmission.

Benefits

On a VPN where a CE is dual-homed to two PEs, VPN FRR speeds up service convergence and enhances network availability in the case of PE failures.

Parent Topic: Understanding BGP/MPLS IP VPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >