Post on 04-Jun-2018
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
1/18
www.huawei.com
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
ODP500058VPN FRR Technology
ISSUE 1.0
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
2/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Objectives
Upon completion of this course, you will be able to:
Describe VPN FRR Technologies Evolution
Describe VPN FRR Technologies Principle
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
3/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Technology History
2. Tec h n o lo g y A n a ly s is
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
4/18Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
FRR Technology
FRR (fast re-route) technologies is a kind of mean aboutfailure restoration.
IP FRR
MPLS TE FRR
VPN FRR
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
5/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
MPLS TE FRR- Protect Link and Node
IP Co re
Primary LSP
Backup L SP
Deploy a backup LSP for the primary LSP, when the Primary LSP is broken, the traffic istransferred to the backup LSP. When the Primary LSP restores, the traffic comes back.
The hot -standby mode the backup LSP is built in advance. The ordinary mode the backup LSP is built when the Primary LSP is broken. MPLS OAM should be used for this situation to detect the end-to-end failure of Primary
LSP quickly.
PEPE
200
300
210
210
310
210
210
PECE
Protection methods is built between PEs (Outer Label) for Link and middle Node
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
6/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Why VPN FRR
IP Co re
PEs seriously fails, what happens?
PEPE
PE
CE
PE become down with Power Off, etc.
Traditional Methods IGP will convergence with several seconds
LDP will convergence with several seconds Path switch will cost 5 seconds including internal and external label switch MBGP will convergence the private routers which depended by the quantity of
routes Long Time cost, for the carriers important service such as NGN,3G. How to quickly convergence??
IGP convergenceLDP convergencePrivate route convergence
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
7/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Why?- VPN FRR
The VPN FRR uses the VPN-based fast switchover technologies for privatenetwork routes.
Forward entries pointing to the active and standby PEs are set on the remotePE, together with the fast PE fault detection, to reduce the time needed for theservice convergence on a CE dual homing network in case of PE fault.
This also breaks the correlation between the time for PE fault recovery and thequantity of private network routes in the bearer network.
IP Co re
PEPE
PECE
PE become down with Power Off, etc.
IGP convergence
LDP convergencePrivate route convergence
Only Used In CE dual-home situation
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
8/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
1. Technology History
2. Technology Analysis
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
9/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
VRF for NGN VPN Site1DIP PE-ID Interface Label Priority LSP Stat
MG2 PE2 POS1/Tunnel1 100 10 ActiveMG2 PE3 POS2/Tunnel 2 200 20 backup
MG1 MG2
The tunnel LSP can be built by VPN over RSVP, VPN over LDP, VPN over LDP over RSVP.For NGN VPN Site1, PE1 has two VPN routes to MG2.
PE1 maintains the MP-BGP keep-alive MSGs with PE2 and PE3 to defect the neighbor failure. Thetimeout time is several seconds.
When PE2 is broken, based on the keep-alive MSGs, PE1 would select the PE3 as the next-hop PEfor MG2 in NGN VPN, the time of switch-over is several seconds. During the time, all the traffic from MG1 to MG2 by PE2 would be dropped.
PE1 PE2
PE3
Tunnel LSP1
Tunnel LSP2
NGN VPN Site1NGN VPN Site2
VRF for NGN VPN Site1DIP PE-ID Interface Label Priority LSP Stat
MG2 PE3 POS2/Tunnel 2 200 20 Active
IP/MPLS Core
VPN FRR
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
10/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
VRF for NGN VPN Site1DIP PE-ID Interface Label Priority LSP Stat
MG2 PE2 POS1/Tunnel1 100 10 ActiveMG2 PE3 POS2/Tunnel 2 200 20 backup
MG1 MG2
Switch-over by VPN FRR
Enable the multi-hop BFD between PE1 and PE2. Enable the multi-hop BFD between PE1 and PE3. When PE2 is broken, BFD finds it, the VRN interacts with BFD, and adopts the new routes.
The time of switch-over can be 100-200 ms.
PE1 PE2
PE3
Tunnel LSP1
Tunnel LSP2
NGN VPN Site1NGN VPN Site2
VRF for NGN VPN Site1DIP PE-ID Interface Label Priority LSP Stat
MG2 PE3 POS2/Tunnel 2 200 20 Active
HelloHello IP/MPLS Core
VPN FRR is a node feature available in Huawei router. It need not to work with othervendor product to achieve the switchover advantages.
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
11/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
VPN FRR Analysis
Use the FRR technology
Select optimum and suboptimum VPN routes from two PE These two routes both are written into forwarding entry The forwarding entry consists of forward prefix, internal label andselected external LSP tunnel
PEA PE-B
PE-C
CE
VPNRT1 FIB RT1 RT2
Priority optimum suboptimum
LSP status available backup
Prefix A A
I-label m n
E-label i j
After VPN FRR Enabled
Both RT1 and RT2 are written in FIB
VPNRT2
Control flowOuter LSP
Prefix A
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
12/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
VPN FRR Analysis
Configure BFD to detect PE to PE faults
When faults occur, set flag in FIB to unavailable Outer LSP will switch first Then the optimum FIB entry take in use with LSP status change
PE-A PE-B
PE-C
CE
VPNRT1
VPN
RT2
In use
BFD session
When failure, BFD session down
FIB RT1 RT2
Priority optimum suboptimum
LSP status available backup
Prefix A A
I-label m n
E-label i j
unavailable
RT2 FIB entry take in use
RT2
In use after BFDsession down
Outer LSP Control Flow
Data Flow
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
13/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Normal Forwarding Flow
P-CPE-A
PE-B P-D
PE-E CE-BCE-A10.0.0.0/2410.0.1.0/2410.0.2.0/24
.
11.0.0.0/2411.0.1.0/24
VPN1(BGP)Route inner label outer label
10.0.0.0/24 M N10.0.1.0/24 M N.
10.n.3.0/24 M N
VPN1(BGP)Route inner label outer label10.0.0.0/24 K L10.0.1.0/24 K L
. 10.n.3.0/24 K L
VPN1( BGP)Route inner label outer label priority
10.0.0.0/24 K Y sub-Primary10.0.0.0/24 M Z primary10.0.1.0/24 K Y sub-Primary10.0.1.0/24 M Z Primary10.n.2.0/24 K Y sub-Primary10.0.2.0/24 M Z Primary
FTN and NHLFERoute inner label outer label10.0.0.0/24 M Z10.0.1.0/24 M Z10.0.2.0/24 M Z
Z M IP Data
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
14/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
VPN1( BGP)Route inner label outer label priority
10.0.0.0/24 K Y sub-Primary10.0.1.0/24 K Y sub-Primary10.n.2.0/24 K Y sub-Primary
Normal Forwarding Flow
P-CPE-A
PE-B P-D
PE-E CE-BCE-A10.0.0.0/2410.0.1.0/2410.0.2.0/24
.
11.0.0.0/2411.0.1.0/24
VPN1(BGP)Route inner label outer label
10.0.0.0/24 M N10.0.1.0/24 M N.
10.n.3.0/24 M N
VPN1(BGP)Route inner label outer label10.0.0.0/24 K L10.0.1.0/24 K L
. 10.n.3.0/24 K L
VPN1( BGP)Route inner label outer label priority
10.0.0.0/24 K Y sub-Primary10.0.0.0/24 M Z primary10.0.1.0/24 K Y sub-Primary10.0.1.0/24 M Z Primary10.n.2.0/24 K Y sub-Primary10.0.2.0/24 M Z Primary
FTN and NHLFERoute inner label outer label10.0.0.0/24 K Y10.0.1.0/24 K Y10.0.2.0/24 K Y
Y K IP Data
FTN and NHLFERoute inner label outer label10.0.0.0/24 M Z10.0.1.0/24 M Z10.0.2.0/24 M Z
M Z IP Data
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
15/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Traffic Forwarding by VPN FRR Enable
P-CPE-A
CE-BCE-A
10.0.0.0/2410.0.1.0/2410.0.2.0/24
.
11.0.0.0/2411.0.1.0/24
VPN1(BGP)Route inner label outer label10.0.0.0/24 M N10.0.1.0/24 M N
. 10.n.3.0/24 M N
VPN1(BGP)Route inner label outer label10.0.0.0/24 K L10.0.1.0/24 K L
. 10.n.3.0/24 K L
VPN1( BGP)
Route inner label outer label priority10.0.0.0/24 K Y sub-Primary10.0.0.0/24 M Z primary10.0.1.0/24 K Y sub-Primary10.0.1.0/24 M Z Primary10.n.3.0/24 K Y sub-Primary10.n.3.0/24 M Z Primary
FTN and NHLFERoute inner label outer label LSP stat
10.0.0.0/24 M Z available10.0.1.0/24 M Z available10.n.3.0/24 M Z available
10.0.0.0/24 K Y backup10.0.1.0/24 K Y backup10.n.3.0/24 K Y backup
Z M IP Data
BFD session
PE-B
PE-E
P-D
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
16/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
FTN and NHLFERoute inner label outer label LSP Stat10.0.0.0/24 M Z unavailable
10.0.1.0/24 M Z unavailable 10.n.3.0/24 M Z unavailable 10.0.0.0/24 K Y available 10.0.1.0/24 K Y available 10.n.3.0/24 K Y available
FTN and NHLFERoute inner label outer label LSP stat10.0.0.0/24 M Z available10.0.1.0/24 M Z available
10.n.3.0/24 M Z available10.0.0.0/24 K Y backup 10.0.1.0/24 K Y backup 10.n.3.0/24 K Y backup
Traffic Forwarding by VPN FRR Enable
P-CPE-A
PE-B P-D
PE-E CE-BCE-A10.0.0.0/2410.0.1.0/2410.0.2.0/24
.
11.0.0.0/2411.0.1.0/24
VPN1(BGP)Route inner label outer label10.0.0.0/24 M N10.0.1.0/24 M N
. 10.n.3.0/24 M N
VPN1(BGP)Route inner label outer label10.0.0.0/24 K L10.0.1.0/24 K L
. 10.n.3.0/24 K L
VPN1( BGP)Route inner label outer label priority
10.0.0.0/24 K Y sub-Primary10.0.0.0/24 M Z primary10.0.1.0/24 K Y sub-Primary10.0.1.0/24 M Z Primary10.n.3.0/24 K Y sub-Primary10.n.3.0/24 M Z Primary
Z M IP Data
BFD session
Y K IP Data
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
17/18
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
VPN FRR configure
Configure IP address on the interface (omitted)Configure IGP protocol In MPLS backbone (omitted)Configure MPLS basic capability and MPLS-TE for TE tunnel (omitted)Configure VPN instance on PE router (omitted)Establish EBGP(or igp) adjacency between PE and CE, import VPN route (omitted)Establish MP-IBGP adjacency between PEs (omitted)Configure VPN FRR on PE
Example:#Configure VPN FRR route policy< PEA> system-view [PEA] ip ip-prefixlist vpn_frr_list permit 10.0.241.2 32 [PEA] route-policy vpn_frr_rp permit node 10
[PEA -route-policy] if-match ip nexthop ip-prefix vpn_frr_list[PEA -route-policy] apply backup- nexthop ip address sub-optimum [PEA -route-policy] quit #Enable VPN FRR[PEA] ip vpn-instance vpn1 [PEA-vpn-instance-vpn1] vpn frr route-policy vpn_frr_rp
8/13/2019 Odp500058 VPN Frr Technology Issue1.0_20070312_a
18/18
www.huawei.com
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.
Thank You
www.huawei.com