18.2 vpn frr technology
DESCRIPTION
VPN FRR TechnologyTRANSCRIPT
PowerPoint PresentationODP500058
Objectives
Upon completion of this course, you will be able to:
Describe VPN FRR Technologies Evolution
Describe VPN FRR Technologies Principle
Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
FRR Technology
FRR (fast re-route) technologies is a kind of mean about failure restoration.
IP FRR
MPLS TE FRR- Protect Link and Node
IP Core
Primary LSP
Backup LSP
Deploy a backup LSP for the primary LSP, when the Primary LSP is broken, the traffic is transferred to the backup LSP. When the Primary LSP restores, the traffic comes back.
The “hot-standby” mode – the backup LSP is built in advance.
The “ordinary” mode – the backup LSP is built when the Primary LSP is broken.
MPLS OAM should be used for this situation to detect the end-to-end failure of Primary LSP quickly.
PE
PE
200
300
210
210
310
210
210
PE
CE
Protection methods is built between PEs (Outer Label) for Link and middle Node
Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved.
Why–VPN FRR
PE
PE
PE
CE
Traditional Methods
IGP will convergence with several seconds
LDP will convergence with several seconds
Path switch will cost 5 seconds including internal and external label switch
MBGP will convergence the private routers which depended by the quantity of routes
Long Time cost, for the carrier’s important service such as NGN,3G.
How to quickly convergence??
Why?- VPN FRR
The VPN FRR uses the VPN-based fast switchover technologies for private network routes.
Forward entries pointing to the active and standby PEs are set on the remote PE, together with the fast PE fault detection, to reduce the time needed for the service convergence on a CE dual homing network in case of PE fault.
This also breaks the correlation between the time for PE fault recovery and the quantity of private network routes in the bearer network.
IP Core
IGP convergence
LDP convergence
Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
VRF for NGN VPN Site1
DIP PE-ID Interface Label Priority LSP Stat
MG2 PE2 POS1/Tunnel1 100 10 Active
MG2 PE3 POS2/Tunnel 2 200 20 backup
MG1
MG2
The tunnel LSP can be built by VPN over RSVP, VPN over LDP, VPN over LDP over RSVP.
For NGN VPN Site1, PE1 has two VPN routes to MG2.
PE1 maintains the MP-BGP keep-alive MSGs with PE2 and PE3 to defect the neighbor failure. The timeout time is several seconds.
When PE2 is broken, based on the keep-alive MSGs, PE1 would select the PE3 as the next-hop PE for MG2 in NGN VPN, the time of switch-over is several seconds.
During the time, all the traffic from MG1 to MG2 by PE2 would be dropped.
PE1
PE2
PE3
DIP PE-ID Interface Label Priority LSP Stat
MG2 PE3 POS2/Tunnel 2 200 20 Active
IP/MPLS Core
VPN FRR
VRF for NGN VPN Site1
DIP PE-ID Interface Label Priority LSP Stat
MG2 PE2 POS1/Tunnel1 100 10 Active
MG2 PE3 POS2/Tunnel 2 200 20 backup
MG1
MG2
Enable the multi-hop BFD between PE1 and PE2.
Enable the multi-hop BFD between PE1 and PE3.
When PE2 is broken, BFD finds it, the VRN interacts with BFD, and adopts the new routes. The time of switch-over can be less than 100 ms.
PE1
PE2
PE3
DIP PE-ID Interface Label Priority LSP Stat
MG2 PE3 POS2/Tunnel 2 200 20 Active
Hello
Hello
IP/MPLS Core
VPN FRR is a node feature available in Huawei router. It need not to work with other vendor product to achieve the switchover advantages.
147.unknown
148.unknown
VPN FRR Analysis
The forwarding entry consists of forward prefix, internal label and
selected external LSP tunnel
VPNRT2
VPN FRR Analysis
When faults occur, set flag in FIB to unavailable
Outer LSP will switch first
Then the optimum FIB entry take in use with LSP status change
PE-A
PE-B
PE-C
CE
unavailable
RT2
Outer LSP
Control Flow
Data Flow
Normal Forwarding Flow
10.0.0.0/24 M N
10.0.1.0/24 M N
10.0.0.0/24 K L
10.0.1.0/24 K L
10.0.0.0/24 K Y sub-Primary
10.0.0.0/24 M Z primary
10.0.1.0/24 K Y sub-Primary
10.0.1.0/24 M Z Primary
10.n.2.0/24 K Y sub-Primary
10.0.2.0/24 M Z Primary
10.0.0.0/24 M Z 10.0.1.0/24 M Z 10.0.2.0/24 M Z
Z
M
IP
Data
Normal Forwarding Flow
10.0.0.0/24 K Y sub-Primary
10.0.1.0/24 K Y sub-Primary
10.n.2.0/24 K Y sub-Primary
10.0.0.0/24 M N
10.0.1.0/24 M N
10.0.0.0/24 K L
10.0.1.0/24 K L
10.0.0.0/24 K Y sub-Primary
10.0.0.0/24 M Z primary
10.0.1.0/24 K Y sub-Primary
10.0.1.0/24 M Z Primary
10.n.2.0/24 K Y sub-Primary
10.0.2.0/24 M Z Primary
10.0.0.0/24 K Y 10.0.1.0/24 K Y 10.0.2.0/24 K Y
FTN and NHLFE
10.0.0.0/24 M Z 10.0.1.0/24 M Z 10.0.2.0/24 M Z
Y
K
IP
Data
M
Z
IP
Data
Traffic Forwarding by VPN FRR Enable
P-C
PE-A
CE-B
CE-A
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.0.0/24 M N
10.0.1.0/24 M N
10.0.0.0/24 K L
10.0.1.0/24 K L
10.0.0.0/24 K Y sub-Primary
10.0.0.0/24 M Z primary
10.0.1.0/24 K Y sub-Primary
10.0.1.0/24 M Z Primary
10.n.3.0/24 K Y sub-Primary
10.n.3.0/24 M Z Primary
Route inner label outer label LSP stat
10.0.0.0/24 M Z available 10.0.1.0/24 M Z available 10.n.3.0/24 M Z available
10.0.0.0/24 K Y backup 10.0.1.0/24 K Y backup 10.n.3.0/24 K Y backup
BFD session
Traffic Forwarding by VPN FRR Enable
FTN and NHLFE
Route inner label outer label LSP Stat
10.0.0.0/24 M Z unavailable 10.0.1.0/24 M Z unavailable 10.n.3.0/24 M Z unavailable
10.0.0.0/24 K Y available 10.0.1.0/24 K Y available 10.n.3.0/24 K Y available
FTN and NHLFE
Route inner label outer label LSP stat
10.0.0.0/24 M Z available 10.0.1.0/24 M Z available 10.n.3.0/24 M Z available
10.0.0.0/24 K Y backup 10.0.1.0/24 K Y backup 10.n.3.0/24 K Y backup
P-C
PE-A
PE-B
P-D
PE-E
CE-B
CE-A
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.0.0/24 M N
10.0.1.0/24 M N
10.0.0.0/24 K L
10.0.1.0/24 K L
10.0.0.0/24 K Y sub-Primary
10.0.0.0/24 M Z primary
10.0.1.0/24 K Y sub-Primary
10.0.1.0/24 M Z Primary
10.n.3.0/24 K Y sub-Primary
10.n.3.0/24 M Z Primary
VPN FRR configure
Configure MPLS basic capability and MPLS-TE for TE tunnel (omitted)
Configure VPN instance on PE router (omitted)
Establish EBGP adjacency between PE and CE, import VPN route (omitted)
Establish MP-IBGP adjacency between PEs (omitted)
Configure VPN FRR on PE
Example:
< PEA> system-view
[PEA]route-policy vpn_frr_rp permit node 10
[PEA -route-policy]if-match ip nexthop ip-prefix vpn_frr_list
[PEA -route-policy]apply backup-nexthop “ip address sub-optimum”
[PEA -route-policy]quit
#Enable VPN FRR
www.huawei.com
Thank You
Objectives
Upon completion of this course, you will be able to:
Describe VPN FRR Technologies Evolution
Describe VPN FRR Technologies Principle
Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
FRR Technology
FRR (fast re-route) technologies is a kind of mean about failure restoration.
IP FRR
MPLS TE FRR- Protect Link and Node
IP Core
Primary LSP
Backup LSP
Deploy a backup LSP for the primary LSP, when the Primary LSP is broken, the traffic is transferred to the backup LSP. When the Primary LSP restores, the traffic comes back.
The “hot-standby” mode – the backup LSP is built in advance.
The “ordinary” mode – the backup LSP is built when the Primary LSP is broken.
MPLS OAM should be used for this situation to detect the end-to-end failure of Primary LSP quickly.
PE
PE
200
300
210
210
310
210
210
PE
CE
Protection methods is built between PEs (Outer Label) for Link and middle Node
Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved.
Why–VPN FRR
PE
PE
PE
CE
Traditional Methods
IGP will convergence with several seconds
LDP will convergence with several seconds
Path switch will cost 5 seconds including internal and external label switch
MBGP will convergence the private routers which depended by the quantity of routes
Long Time cost, for the carrier’s important service such as NGN,3G.
How to quickly convergence??
Why?- VPN FRR
The VPN FRR uses the VPN-based fast switchover technologies for private network routes.
Forward entries pointing to the active and standby PEs are set on the remote PE, together with the fast PE fault detection, to reduce the time needed for the service convergence on a CE dual homing network in case of PE fault.
This also breaks the correlation between the time for PE fault recovery and the quantity of private network routes in the bearer network.
IP Core
IGP convergence
LDP convergence
Copyright © 2006 Huawei Technologies Co., Ltd. All rights reserved.
Contents
VRF for NGN VPN Site1
DIP PE-ID Interface Label Priority LSP Stat
MG2 PE2 POS1/Tunnel1 100 10 Active
MG2 PE3 POS2/Tunnel 2 200 20 backup
MG1
MG2
The tunnel LSP can be built by VPN over RSVP, VPN over LDP, VPN over LDP over RSVP.
For NGN VPN Site1, PE1 has two VPN routes to MG2.
PE1 maintains the MP-BGP keep-alive MSGs with PE2 and PE3 to defect the neighbor failure. The timeout time is several seconds.
When PE2 is broken, based on the keep-alive MSGs, PE1 would select the PE3 as the next-hop PE for MG2 in NGN VPN, the time of switch-over is several seconds.
During the time, all the traffic from MG1 to MG2 by PE2 would be dropped.
PE1
PE2
PE3
DIP PE-ID Interface Label Priority LSP Stat
MG2 PE3 POS2/Tunnel 2 200 20 Active
IP/MPLS Core
VPN FRR
VRF for NGN VPN Site1
DIP PE-ID Interface Label Priority LSP Stat
MG2 PE2 POS1/Tunnel1 100 10 Active
MG2 PE3 POS2/Tunnel 2 200 20 backup
MG1
MG2
Enable the multi-hop BFD between PE1 and PE2.
Enable the multi-hop BFD between PE1 and PE3.
When PE2 is broken, BFD finds it, the VRN interacts with BFD, and adopts the new routes. The time of switch-over can be less than 100 ms.
PE1
PE2
PE3
DIP PE-ID Interface Label Priority LSP Stat
MG2 PE3 POS2/Tunnel 2 200 20 Active
Hello
Hello
IP/MPLS Core
VPN FRR is a node feature available in Huawei router. It need not to work with other vendor product to achieve the switchover advantages.
147.unknown
148.unknown
VPN FRR Analysis
The forwarding entry consists of forward prefix, internal label and
selected external LSP tunnel
VPNRT2
VPN FRR Analysis
When faults occur, set flag in FIB to unavailable
Outer LSP will switch first
Then the optimum FIB entry take in use with LSP status change
PE-A
PE-B
PE-C
CE
unavailable
RT2
Outer LSP
Control Flow
Data Flow
Normal Forwarding Flow
10.0.0.0/24 M N
10.0.1.0/24 M N
10.0.0.0/24 K L
10.0.1.0/24 K L
10.0.0.0/24 K Y sub-Primary
10.0.0.0/24 M Z primary
10.0.1.0/24 K Y sub-Primary
10.0.1.0/24 M Z Primary
10.n.2.0/24 K Y sub-Primary
10.0.2.0/24 M Z Primary
10.0.0.0/24 M Z 10.0.1.0/24 M Z 10.0.2.0/24 M Z
Z
M
IP
Data
Normal Forwarding Flow
10.0.0.0/24 K Y sub-Primary
10.0.1.0/24 K Y sub-Primary
10.n.2.0/24 K Y sub-Primary
10.0.0.0/24 M N
10.0.1.0/24 M N
10.0.0.0/24 K L
10.0.1.0/24 K L
10.0.0.0/24 K Y sub-Primary
10.0.0.0/24 M Z primary
10.0.1.0/24 K Y sub-Primary
10.0.1.0/24 M Z Primary
10.n.2.0/24 K Y sub-Primary
10.0.2.0/24 M Z Primary
10.0.0.0/24 K Y 10.0.1.0/24 K Y 10.0.2.0/24 K Y
FTN and NHLFE
10.0.0.0/24 M Z 10.0.1.0/24 M Z 10.0.2.0/24 M Z
Y
K
IP
Data
M
Z
IP
Data
Traffic Forwarding by VPN FRR Enable
P-C
PE-A
CE-B
CE-A
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.0.0/24 M N
10.0.1.0/24 M N
10.0.0.0/24 K L
10.0.1.0/24 K L
10.0.0.0/24 K Y sub-Primary
10.0.0.0/24 M Z primary
10.0.1.0/24 K Y sub-Primary
10.0.1.0/24 M Z Primary
10.n.3.0/24 K Y sub-Primary
10.n.3.0/24 M Z Primary
Route inner label outer label LSP stat
10.0.0.0/24 M Z available 10.0.1.0/24 M Z available 10.n.3.0/24 M Z available
10.0.0.0/24 K Y backup 10.0.1.0/24 K Y backup 10.n.3.0/24 K Y backup
BFD session
Traffic Forwarding by VPN FRR Enable
FTN and NHLFE
Route inner label outer label LSP Stat
10.0.0.0/24 M Z unavailable 10.0.1.0/24 M Z unavailable 10.n.3.0/24 M Z unavailable
10.0.0.0/24 K Y available 10.0.1.0/24 K Y available 10.n.3.0/24 K Y available
FTN and NHLFE
Route inner label outer label LSP stat
10.0.0.0/24 M Z available 10.0.1.0/24 M Z available 10.n.3.0/24 M Z available
10.0.0.0/24 K Y backup 10.0.1.0/24 K Y backup 10.n.3.0/24 K Y backup
P-C
PE-A
PE-B
P-D
PE-E
CE-B
CE-A
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
10.0.0.0/24 M N
10.0.1.0/24 M N
10.0.0.0/24 K L
10.0.1.0/24 K L
10.0.0.0/24 K Y sub-Primary
10.0.0.0/24 M Z primary
10.0.1.0/24 K Y sub-Primary
10.0.1.0/24 M Z Primary
10.n.3.0/24 K Y sub-Primary
10.n.3.0/24 M Z Primary
VPN FRR configure
Configure MPLS basic capability and MPLS-TE for TE tunnel (omitted)
Configure VPN instance on PE router (omitted)
Establish EBGP adjacency between PE and CE, import VPN route (omitted)
Establish MP-IBGP adjacency between PEs (omitted)
Configure VPN FRR on PE
Example:
< PEA> system-view
[PEA]route-policy vpn_frr_rp permit node 10
[PEA -route-policy]if-match ip nexthop ip-prefix vpn_frr_list
[PEA -route-policy]apply backup-nexthop “ip address sub-optimum”
[PEA -route-policy]quit
#Enable VPN FRR
www.huawei.com
Thank You