Configuration Guide - Reliability (V600R001C00 - 03)

HUAWEI NetEngine80E/40E Router V600R001C00
Configuration Guide - Reliability

Issue Date 03 2010-03-31
HUAWEI TECHNOLOGIES CO., LTD.
Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://www.huawei.com support@huawei.com
Website: Email:
Issue 03 (2010-03-31)
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability
About This Document
About This Document

Purpose
This part describes the organization of this document, product version, intended audience, conventions, and update history.
Related Versions
The following table lists the product versions related to this document. Product Name HUAWEI NetEngine80E/40E Version V600R001C00
Intended Audience
This document is intended for:
l l l l
Commissioning Engineer Data Configuration Engineer Network Monitoring Engineer System Maintenance Engineer
Organization
This document is organized as follows. Chapter 1 Reliability Overview 2 Interface Backup Configuration
Issue 03 (2010-03-31)
Describes This chapter describes the reliability technology of the IP network and the reliability networking solution. This chapter the methods of backing up the interface. It also provides related configuration examples.
iii
About This Document
Chapter 3 APS Configuration 4 VRRP Configuration
Describes This chapter describes the basic principles, configuration procedures, and configuration examples of APS. This chapter describes the fundamentals, the configurations of basic and advanced functions of VRRP as well as VRRP maintenance. This chapter describes the fundamentals, configurations of BFD basic functions and BFD for IS-IS, maintenance and provides configuration examples. This chapter describes the HA implementation, the configurations of protocol-level GR (BGP GR, OSPF GR, IS-IS GR and MPLS LDP GR), system-level GR as well as HA maintenance and provides configuration examples. This chapter describes the basic principles and the implementations of the Ethernet OAM. It also provides configuration examples. This section describes the concepts, working mechanism, configuration procedures, and maintenance commands of ISSU, and provides configuration examples. This appendix collates frequently used glossaries in this document. This appendix collates frequently used acronyms and abbreviations in this document.
5 BFD Configuration
6 GR Configuration
7 Ethernet OAM Configuration 8 Configuring ISSU
A Glossary B Acronyms and Abbreviations
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description Indicates a hazard with a high level of risk that, if not avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk which, if not avoided, could result in minor or moderate injury.
iv
Issue 03 (2010-03-31)
About This Document
Symbol
Description Indicates a potentially hazardous situation that, if not avoided, could cause device damage, data loss, and performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save your time. Provides additional information to emphasize or supplement important points of the main text.
General Conventions
The general conventions that may be found in this document are defined as follows. Convention Times New Roman boldface Italic Courier New Description Normal paragraphs are in Times New Roman. Names of files, directories, folders, and users are in boldface. For example, log in as user root. Book titles are in italics. Terminal display is in Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows. Convention boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... }* Description The keywords of a command line are in boldface. Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by vertical bars. One is selected. Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected. Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.
Issue 03 (2010-03-31)
About This Document
Convention [ x | y | ... ]*
Description Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected. This parameter before the & sign can be repeated 1 to n times. A line starting with the # sign is comments.
&<1-n> #
GUI Conventions
The GUI conventions that may be found in this document are defined as follows. Convention boldface > Description Buttons, menus, parameters, tabs, windows, and dialog titles are in boldface. For example, click OK. Multi-level menus are in boldface and separated by the ">" signs. For example, choose File > Create > Folder.
Keyboard Operation
The keyboard operations that may be found in this document are defined as follows. Format Key Key 1+Key 2 Description Press the key. For example, press Enter and press Tab. Press the keys concurrently. For example, pressing Ctrl +Alt+A means the three keys should be pressed concurrently. Press the keys in turn. For example, pressing Alt, A means the two keys should be pressed in turn.
Key 1, Key 2
Mouse Operation
The mouse operations that may be found in this document are defined as follows. Action Click Double-click Description Select and release the primary mouse button without moving the pointer. Press the primary mouse button twice continuously and quickly without moving the pointer.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
vi
About This Document
Action Drag
Description Press and hold the primary mouse button and move the pointer to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions.
Updates in Issue 03 (2010-03-31)

The document is released for the third time.

The document is released for the second time.

The document is released for the first time.
Issue 03 (2010-03-31)
vii
Contents
Contents
About This Document...................................................................................................................iii 1 Reliability Overview.................................................................................................................1-1
1.1 Introduction.....................................................................................................................................................1-2 1.1.1 Technology of Reliability Overview......................................................................................................1-2 1.1.2 Indices of Reliability..............................................................................................................................1-2 1.1.3 Levels of Reliability Requirements........................................................................................................1-3 1.1.4 Principles of Highly-Reliable IP Networking........................................................................................1-3 1.2 Reliability Technologies for IP Network........................................................................................................1-4 1.2.1 Failure Detection for IP Network...........................................................................................................1-4 1.2.2 Protection Switching for IP Network.....................................................................................................1-4 1.3 Reliability Technologies Supported by the NE80E/40E.................................................................................1-5 1.3.1 FRR (Fast ReRoute)...............................................................................................................................1-5 1.3.2 OAM (Operation Administration & Maintenance)................................................................................1-7 1.3.3 VRRP (Virtual Router Redundancy Protocol).......................................................................................1-7 1.3.4 BFD (Bidirectional Forwarding Detection)........................................................................................... 1-8 1.4 Networking of Reliability over an IP Network...............................................................................................1-8 1.4.1 Failures on Intermediate Nodes or on the Link Between PEs - LDP FRR/TE FRR..............................1-8 1.4.2 Link Failure During Transimission........................................................................................................1-9 1.4.3 Failure on the Remote PE - VPN FRR.................................................................................................1-11 1.4.4 Failure of Downlink Interface on the PE - IP FRR..............................................................................1-12
2 Interface Backup Configuration..............................................................................................2-1

2.1 Introduction of Interface Backup.................................................................................................................... 2-2 2.1.1 Interface Backup Overview....................................................................................................................2-2 2.1.2 Characteristics of the Interface Backup Supported by the NE80E/40E.................................................2-3 2.2 Configuring the Active/Standby Interface Backup.........................................................................................2-4 2.2.1 Establishing the Configuration Task......................................................................................................2-4 2.2.2 Configuring a Standby Interface............................................................................................................2-5 2.2.3 Configuring the Active/Standby Switchover Delay...............................................................................2-5 2.2.4 Checking the Configuration...................................................................................................................2-6 2.3 Configuring the Load Balancing Interface Backup.........................................................................................2-7 2.3.1 Establishing the Configuration Task......................................................................................................2-7 2.3.2 Configuring a Standby Interface............................................................................................................2-8 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. ix
Contents
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability 2.3.3 Configuring the Percentage Thresholds for Load Balancing.................................................................2-8 2.3.4 (Optional) Configuring the Bandwidth and Flow Check Interval for the Active Interface...................2-9 2.3.5 Checking the Configuration.................................................................................................................2-10
2.4 Maintaining the Interface Backup.................................................................................................................2-10 2.4.1 Monitoring Working Status of the Interface Backup...........................................................................2-11 2.5 Configuration Examples................................................................................................................................2-11 2.5.1 Example for Configuring the Active/Standby Mode of Multiple Interfaces........................................2-11 2.5.2 Example for Configuring Load Balancing on Multiple Standby Interfaces........................................2-14
3 APS Configuration.....................................................................................................................3-1
3.1 APS Overview.................................................................................................................................................3-2 3.1.1 Introduction to APS................................................................................................................................3-2 3.1.2 APS Features Supported by the NE80E/40E.........................................................................................3-2 3.2 Configuring Single-Chassis APS....................................................................................................................3-2 3.2.1 Establishing the Configuration Task......................................................................................................3-3 3.2.2 Configuring the Working Interface of an APS Group...........................................................................3-3 3.2.3 Configuring the Protection Interface of an APS Group.........................................................................3-4 3.2.4 (Optional) Configuring the Working Mode for an APS Group.............................................................3-5 3.2.5 (Optional) Setting the WTR Time for an APS Group............................................................................3-5 3.2.6 Adding Members of an APS Group to a Trunk.....................................................................................3-6 3.2.7 Checking the Configuration...................................................................................................................3-7 3.3 Configuring E-APS.........................................................................................................................................3-7 3.3.1 Establishing the Configuration Task......................................................................................................3-8 3.3.2 Configuring the Working Interface of an APS Group...........................................................................3-8 3.3.3 Configuring the Protection Interface of an APS Group.........................................................................3-9 3.3.4 Configuring the Working Mode for an APS Group.............................................................................3-10 3.3.5 (Optional) Setting the Interval for Sending APS Negotiation Messages and the Hold Time of an APS Connection....................................................................................................................................................3-11 3.3.6 (Optional) Configuring the Authentication String for the PGP Message............................................3-11 3.3.7 (Optional) Setting the WTR Time for an APS Group..........................................................................3-12 3.3.8 Adding Members of an APS Group to a Trunk...................................................................................3-12 3.3.9 Checking the Configuration.................................................................................................................3-13 3.4 Configuration Examples................................................................................................................................3-14 3.4.1 Example for Associating PW Redundancy with APS..........................................................................3-14 3.4.2 Example for Configuring TDM on the CPOS interfaces Configured with APS ................................3-31
4 VRRP Configuration.................................................................................................................4-1
4.1 VRRP Introduction..........................................................................................................................................4-3 4.1.1 VRRP Overview.....................................................................................................................................4-3 4.1.2 VRRP Features Supported by the NE80E/40E......................................................................................4-3 4.2 Configuring the VRRP Backup Group............................................................................................................4-6 4.2.1 Establishing the Configuration Task......................................................................................................4-7 4.2.2 Creating a Backup Group and Configuring a Virtual IP Address..........................................................4-8 4.2.3 Configuring the Priority of an Interface in a Backup Group..................................................................4-9 x Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Contents
4.2.4 Checking the Configuration.................................................................................................................4-10 4.3 Configuring VRRP to Track the Status of an Interface.................................................................................4-11 4.3.1 Establishing the Configuration Task....................................................................................................4-11 4.3.2 Configuring VRRP to Track the Status of an Interface........................................................................4-12 4.3.3 Checking the Configuration.................................................................................................................4-13 4.4 Configuring VRRP Fast Switchover (Common Mode)................................................................................4-13 4.4.1 Establishing the Configuration Task....................................................................................................4-14 4.4.2 Tracking the BFD Session Status.........................................................................................................4-15 4.4.3 Tracking EFM Session Status..............................................................................................................4-16 4.4.4 Checking the Configuration.................................................................................................................4-16 4.5 Configuring VRRP Fast Switchover (Using BFD Sampling).......................................................................4-17 4.5.1 Establishing the Configuration Task....................................................................................................4-18 4.5.2 Binding the Service VRRP Backup Group to the mVRRP Backup Group.........................................4-20 4.5.3 Configuring the mVRRP Backup Group to Track the BFD Session Status........................................4-20 4.5.4 Setting the Threshold for VRRP Fast Switchover...............................................................................4-22 4.5.5 Enabling the Association Between the mVRRP Backup Group Status and the Route........................4-22 4.5.6 Checking the Configuration.................................................................................................................4-23 4.6 Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured.....4-24 4.6.1 Establishing the Configuration Task....................................................................................................4-24 4.6.2 Configuring the mVRRP Backup Group.............................................................................................4-26 4.6.3 Binding the Service VRRP Backup Group to the mVRRP Backup Group.........................................4-27 4.6.4 Configuring the mVRRP Backup Group to Track the BFD Session Status........................................4-27 4.6.5 Setting the Threshold for VRRP Fast Switchover...............................................................................4-29 4.6.6 Enabling the Association Between the mVRRP Backup Group Status and the Route........................4-29 4.6.7 Checking the Configuration.................................................................................................................4-30 4.7 Configuring VRRP Applications in VLANIF...............................................................................................4-31 4.7.1 Establishing the Configuration Task....................................................................................................4-31 4.7.2 Configuring VRRP on VLANIF..........................................................................................................4-32 4.7.3 (Optional) Configuring the Sending Mode of VRRP Packets in Super-VLAN..................................4-32 4.7.4 Checking the Configuration.................................................................................................................4-33 4.8 Configuring VRRP Security..........................................................................................................................4-33 4.8.1 Establishing the Configuration Task....................................................................................................4-33 4.8.2 Configuring the Authentication Mode of VRRP Packets....................................................................4-34 4.8.3 Checking the Configuration.................................................................................................................4-35 4.9 Configuring VRRP Smooth Switching.........................................................................................................4-36 4.9.1 Establishing the Configuration Task....................................................................................................4-36 4.9.2 Configuring VRRP Smooth Switching................................................................................................4-36 4.9.3 Checking the Configuration.................................................................................................................4-37 4.10 Adjusting and Optimizing VRRP................................................................................................................4-38 4.10.1 Establishing the Configuration Task..................................................................................................4-38 4.10.2 Configuring the Interval for Sending VRRP Advertising Messages.................................................4-39 4.10.3 Configuring the Preemption Delay Time of Backup Group Routers.................................................4-40 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xi
Contents
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability 4.10.4 Enabling the Reachability Test of the Virtual IP Address.................................................................4-41 4.10.5 Disabling a Router from Checking Number of Hops in VRRP Packets............................................4-41 4.10.6 Configuring the Timeout Time of Sending Gratuitous ARP Packets by the Master router...............4-42 4.10.7 Checking the Configuration...............................................................................................................4-42
4.11 Configuring mVRRP Backup Groups.........................................................................................................4-43 4.11.1 Establishing the Configuration Task..................................................................................................4-43 4.11.2 Configuring mVRRP Backup Group.................................................................................................4-45 4.11.3 (Optional) Configuring VRRP Backup Group Members and Binding them to the mVRRP Backup Group .......................................................................................................................................................................4-45 4.11.4 (Optional) Binding Member Interface and Management Backup Group...........................................4-46 4.11.5 (Optional) Binding the PW to the mVRRP Backup Group Through VPLS......................................4-47 4.11.6 Checking the Configuration...............................................................................................................4-47 4.12 Maintaining VRRP......................................................................................................................................4-48 4.12.1 Monitoring the VRRP Running..........................................................................................................4-48 4.13 Configuration Examples..............................................................................................................................4-49 4.13.1 Example for Configuring VRRP in Master/Backup Mode................................................................4-49 4.13.2 Example for Configuring VRRP in Load Balancing Mode...............................................................4-53 4.13.3 Example for Configuring the Multi-Instance VRRP..........................................................................4-57 4.13.4 Example for Configuring VRRP Fast Switchover.............................................................................4-62 4.13.5 Example for Configuring VRRP Fast Switchover (Using BFD Sampling).......................................4-67 4.13.6 Example for Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured.....................................................................................................................................................4-85 4.13.7 Example for Configuring VRRP on VLANIF Interfaces.................................................................4-105
5 BFD Configuration.....................................................................................................................5-1
5.1 BFD Introduction............................................................................................................................................5-3 5.1.1 BFD Overview.......................................................................................................................................5-3 5.1.2 BFD Features Supported by the NE80E/40E.........................................................................................5-3 5.2 Configuring the One-Hop BFD.......................................................................................................................5-9 5.2.1 Establishing the Configuration Task....................................................................................................5-10 5.2.2 Enabling the Global BFD.....................................................................................................................5-10 5.2.3 Setting Up a BFD Session....................................................................................................................5-11 5.2.4 Checking the Configuration.................................................................................................................5-12 5.3 Configuring the BFD Passive Echo Function...............................................................................................5-13 5.3.1 Establishing the Configuration Task....................................................................................................5-13 5.3.2 Configuring the BFD Passive Echo Function......................................................................................5-14 5.3.3 Checking the Configuration.................................................................................................................5-15 5.4 Configuring the Association Between the BFD Status and the Interface Status...........................................5-16 5.4.1 Establishing the Configuration Task....................................................................................................5-16 5.4.2 Configuring the Association Between BFD Status and Interface Status.............................................5-17 5.4.3 Checking the Configuration.................................................................................................................5-18 5.5 Configuring the Association Between the BFD Status and the Sub-Interface Status...................................5-19 5.5.1 Establishing the Configuration Task....................................................................................................5-19 5.5.2 Configuring the Association Between BFD Status and Sub-Interface Status......................................5-20 xii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Contents
5.5.3 Checking the Configuration.................................................................................................................5-21 5.6 Configuring the BFD to Modify the PST......................................................................................................5-21 5.6.1 Establishing the Configuration Task....................................................................................................5-22 5.6.2 Permitting the BFD to Modify the PST...............................................................................................5-22 5.6.3 Checking the Configuration.................................................................................................................5-23 5.7 Configuring the Multi-Hop BFD...................................................................................................................5-24 5.7.1 Establishing the Configuration Task....................................................................................................5-24 5.7.2 Enabling BFD Globally........................................................................................................................5-25 5.7.3 Setting Up a BFD Session....................................................................................................................5-25 5.7.4 Checking the Configuration.................................................................................................................5-26 5.8 Configuring the BFD Session with Automatically Negotiated Discriminator..............................................5-27 5.8.1 Establishing the Configuration Task....................................................................................................5-27 5.8.2 Enabling BFD Globally........................................................................................................................5-28 5.8.3 Configuring the BFD Session with Automatically Negotiated Discriminator.....................................5-28 5.8.4 Checking the Configuration.................................................................................................................5-29 5.9 Configuring the Delay of the BFD Session to Be Up...................................................................................5-30 5.9.1 Establishing the Configuration Task....................................................................................................5-30 5.9.2 Configuring the Delay of the BFD Session to Be Up..........................................................................5-30 5.9.3 Checking the Configuration.................................................................................................................5-31 5.10 Adjusting BFD Parameters..........................................................................................................................5-32 5.10.1 Establishing the Configuration Task..................................................................................................5-32 5.10.2 Modifying the Detection Time...........................................................................................................5-33 5.10.3 Configuring the BFD WTR................................................................................................................5-34 5.10.4 Adding the Description of a BFD Session.........................................................................................5-34 5.10.5 Checking the Configuration...............................................................................................................5-35 5.11 Globally Configuring the Destination Port Number for the Multi-Hop BFD Control Packet....................5-36 5.11.1 Establishing the Configuration Task..................................................................................................5-36 5.11.2 Globally Configuring the Destination Port Number..........................................................................5-37 5.11.3 Checking the Configuration...............................................................................................................5-38 5.12 Configuring the TTL Globally....................................................................................................................5-38 5.12.1 Establishing the Configuration Task..................................................................................................5-39 5.12.2 Configuring the TTL Globally...........................................................................................................5-39 5.12.3 Checking the Configuration...............................................................................................................5-40 5.13 Configuring the Interval for Sending Trap Messages.................................................................................5-40 5.13.1 Establishing the Configuration Task..................................................................................................5-40 5.13.2 Configuring the Interval for Sending Trap Messages........................................................................5-41 5.13.3 Checking the Configuration...............................................................................................................5-41 5.14 Maintaining BFD.........................................................................................................................................5-42 5.14.1 Clearing the BFD Statistics................................................................................................................5-42 5.14.2 Monitoring the Running of BFD........................................................................................................5-42 5.15 Configuration Examples..............................................................................................................................5-43 5.15.1 Example for Configuring One-Hop BFD for Layer 3 Physical Link.................................................5-43 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xiii
Contents
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability 5.15.2 Example for Configuring the One-Hop BFD for IP-Trunk Member Link.........................................5-46 5.15.3 Example for Configuring One-Hop BFD for IP-Trunk..................................................................... 5-51 5.15.4 Example for Configuring One-Hop BFD for Layer 3 Eth-Trunk Member Link...............................5-57 5.15.5 Example for Configuring One-Hop BFD for Layer 3 Eth-Trunk......................................................5-61 5.15.6 Example for Configuring One-Hop BFD for VLANIF Interfaces.....................................................5-67 5.15.7 Example for Configuring the Association Between the BFD Status and the Interface Status...........5-71 5.15.8 Example for Configuring the Association Between the BFD Status and the Sub-Interface Status .......................................................................................................................................................................5-76 5.15.9 Example for Configuring Multi-Hop BFD.........................................................................................5-80 5.15.10 Example for Configuring the BFD for VPN Routes........................................................................5-83
6 GR Configuration.......................................................................................................................6-1
6.1 GR Introduction...............................................................................................................................................6-2 6.1.1 HA Overview.........................................................................................................................................6-2 6.1.2 GR Features Supported in the NE80E/40E............................................................................................6-9 6.2 Configuring the System-Level GR..................................................................................................................6-9 6.2.1 Establishing the Configuration Task....................................................................................................6-10 6.2.2 (Optional) Configuring the Default Slot Number for the SMB...........................................................6-10 6.2.3 Enabling the Automatic Synchronization of the AMB/SMB Configuration.......................................6-11 6.2.4 Enabling the Force AMB/SMB Switchover.........................................................................................6-11 6.2.5 (Optional) Restarting the SMB............................................................................................................ 6-12 6.2.6 Checking the Configuration.................................................................................................................6-12 6.3 Maintaining HA.............................................................................................................................................6-12 6.3.1 Monitoring the Running of HA............................................................................................................6-12 6.4 Configuration Examples................................................................................................................................6-13 6.4.1 Example for Configuring the System-Level GR..................................................................................6-13
7 Ethernet OAM Configuration..................................................................................................7-1

7.1 Ethernet OAM Overview................................................................................................................................7-3 7.1.1 Introduction to Ethernet OAM...............................................................................................................7-3 7.1.2 Ethernet OAM Supported by the NE80E/40E.......................................................................................7-4 7.2 Configuring Basic EFM OAM......................................................................................................................7-14 7.2.1 Establishing the Configuration Task....................................................................................................7-14 7.2.2 Enabling EFM OAM Globally.............................................................................................................7-15 7.2.3 Configuring the Working Mode of EFM OAM on an Interface..........................................................7-15 7.2.4 (Optional) Setting the Maximum Size of an EFM OAMPDU.............................................................7-16 7.2.5 Enabling EFM OAM on an Interface...................................................................................................7-16 7.2.6 Checking the Configuration.................................................................................................................7-17 7.3 Configuring EFM OAM Link Monitoring....................................................................................................7-18 7.3.1 Establishing the Configuration Task....................................................................................................7-18 7.3.2 (Optional) Detecting Errored Frames of EFM OAM...........................................................................7-18 7.3.3 (Optional) Detecting Errored Codes of EFM OAM.............................................................................7-19 7.3.4 (Optional) Detecting Errored Frame Seconds of EFM OAM..............................................................7-20 7.3.5 Checking the Configuration.................................................................................................................7-21 xiv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Contents
7.4 Testing the Packet Loss Ratio on the Physical Link.....................................................................................7-21 7.4.1 Establishing the Configuration Task....................................................................................................7-22 7.4.2 Enabling EFM OAM Remote Loopback.............................................................................................7-23 7.4.3 Sending Test Packets............................................................................................................................7-23 7.4.4 Checking the Statistics on Returned Test Packets...............................................................................7-24 7.4.5 (Optional) Manually Disabling EFM OAM Remote Loopback..........................................................7-24 7.4.6 Checking the Configuration.................................................................................................................7-25 7.5 Associating EFM OAM with an Interface....................................................................................................7-26 7.5.1 Establishing the Configuration Task....................................................................................................7-26 7.5.2 Associating EFM OAM with an Interface...........................................................................................7-27 7.5.3 Checking the Configuration.................................................................................................................7-27 7.6 Configuring Basic Ethernet CFM.................................................................................................................7-28 7.6.1 Establishing the Configuration Task....................................................................................................7-29 7.6.2 Switching IEEE 802.1ag Versions.......................................................................................................7-30 7.6.3 Enabling Ethernet CFM Globally........................................................................................................7-30 7.6.4 Creating an MD....................................................................................................................................7-31 7.6.5 (Optional) Creating the Default MD....................................................................................................7-31 7.6.6 Creating an MA....................................................................................................................................7-32 7.6.7 Creating a MEP....................................................................................................................................7-33 7.6.8 Creating an RMEP...............................................................................................................................7-34 7.6.9 (Optional) Setting the Rule for Creating a MIP...................................................................................7-35 7.6.10 Enabling CC Detection.......................................................................................................................7-36 7.6.11 (Optional) Creating a VLAN..............................................................................................................7-37 7.6.12 Checking the Configuration...............................................................................................................7-37 7.7 Configuring Related Parameters of Ethernet CFM.......................................................................................7-41 7.7.1 Establishing the Configuration Task....................................................................................................7-41 7.7.2 (Optional) Configuring the RMEP Activation Time............................................................................7-42 7.7.3 (Optional) Configuring the Anti-Jitter Time During Alarm Restoration.............................................7-43 7.7.4 (Optional) Configuring the Anti-Jitter Time During Alarm Generation..............................................7-43 7.8 Fault Verification on the Ethernet.................................................................................................................7-44 7.8.1 Establishing the Configuration Task....................................................................................................7-44 7.8.2 (Optional) Implementing 802.1ag MAC Ping......................................................................................7-45 7.8.3 (Optional) Implementing Gmac ping...................................................................................................7-46 7.9 Locating the Fault on the Ethernet................................................................................................................7-46 7.9.1 Establishing the Configuration Task....................................................................................................7-47 7.9.2 (Optional) Implementing 802.1ag MAC Trace....................................................................................7-47 7.9.3 (Optional) Implementing Gmac trace...................................................................................................7-48 7.10 Associating Ethernet CFM with an Interface..............................................................................................7-49 7.10.1 Establishing the Configuration Task..................................................................................................7-49 7.10.2 Associating Ethernet CFM with an Interface.....................................................................................7-52 7.10.3 Checking the Configuration...............................................................................................................7-52 7.11 Associating EFM OAM with Ethernet CFM..............................................................................................7-53 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xv
Contents
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability 7.11.1 Establishing the Configuration Task..................................................................................................7-53 7.11.2 Associating Ethernet OAM with Ethernet OAM...............................................................................7-54 7.11.3 Checking the Configuration...............................................................................................................7-55
7.12 Associating Ethernet CFM with VPLS.......................................................................................................7-55 7.12.1 Establishing the Configuration Task..................................................................................................7-55 7.12.2 Configuring Ethernet CFM Based on the VPLS Between the PEs....................................................7-56 7.12.3 Configuring Ethernet CFM Between the CE and Local PE...............................................................7-57 7.12.4 Configuring Ethernet CFM Between the CE and Peer PE.................................................................7-59 7.12.5 Checking the Configuration...............................................................................................................7-59 7.13 Associating Ethernet OAM with MPLS OAM or BFD..............................................................................7-59 7.13.1 Establishing the Configuration Task..................................................................................................7-59 7.13.2 Configuring Ethernet OAM Functions...............................................................................................7-60 7.13.3 Associating Ethernet OAM with MPLS OAM or BFD.....................................................................7-61 7.13.4 Checking the Configuration...............................................................................................................7-62 7.14 Configuring Ethernet CFM and 1+1 Protection of Multicast VLANs........................................................7-62 7.15 Maintaining Ethernet OAM........................................................................................................................ 7-62 7.15.1 Clearing the Statistics on Error CCMs...............................................................................................7-62 7.15.2 Monitoring the Running Status of Ethernet OAM.............................................................................7-63 7.16 Configuration Examples..............................................................................................................................7-63 7.16.1 Example for Configuring EFM OAM................................................................................................7-64 7.16.2 Example for Testing the Packet Loss Ratio on the Link....................................................................7-67 7.16.3 Example for Configuring Ethernet CFM........................................................................................... 7-70 7.16.4 Example for Configuring the Default MD for Ethernet CFM............................................................7-78 7.16.5 Example for Associating Ethernet CFM with an Interface................................................................7-85 7.16.6 Example for Associating EFM OAM with Ethernet CFM................................................................ 7-91 7.16.7 Example for Configuring VPLS Ethernet CFM.................................................................................7-95 7.16.8 Example for Associating EFM OAM with MPLS OAM.................................................................7-106 7.16.9 Example for Configuring EFM OAM Extension for VRRP............................................................7-115 7.16.10 Exmaple for Configuring EFM OAM Extension for Static Routes...............................................7-125
8 Configuring ISSU.......................................................................................................................8-1
8.1 Introduction.....................................................................................................................................................8-2 8.1.1 Introduction to ISSU..............................................................................................................................8-2 8.1.2 ISSU Supported by the NE80E/40E.......................................................................................................8-2 8.2 Implementing ISSU.........................................................................................................................................8-3 8.2.1 Establishing the Configuration Task......................................................................................................8-4 8.2.2 (Optional) Configuring ISSU Precheck.................................................................................................8-4 8.2.3 (Optional) Configuring the Length of the ISSU Rollback Timer..........................................................8-5 8.2.4 Implementing ISSU................................................................................................................................8-5 8.2.5 Checking the Configuration...................................................................................................................8-8 8.3 Maintaining ISSU..........................................................................................................................................8-11 8.3.1 Monitoring the Running Status of ISSU..............................................................................................8-11 8.4 Configuration Examples................................................................................................................................8-12 xvi Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Contents
8.4.1 Example for Implementing ISSU.........................................................................................................8-12
A Glossary.....................................................................................................................................A-1 B Acronyms and Abbreviations.................................................................................................B-1
Issue 03 (2010-03-31)
xvii
Figures
Figures
Figure 1-1 LAN default gateway..........................................................................................................................1-7 Figure 1-2 Networking diagram of LDP/TE FRR application.............................................................................1-8 Figure 1-3 Networking diagram of MPLS OAM protecting switchover...........................................................1-10 Figure 1-4 Networking diagram of BFD for VRRP...........................................................................................1-11 Figure 1-5 Networking diagram of VPN FRR application................................................................................ 1-11 Figure 1-6 Networking diagram of IP FRR application.....................................................................................1-12 Figure 2-1 Interface backups................................................................................................................................2-2 Figure 2-2 Active/standby mode..........................................................................................................................2-3 Figure 2-3 Load-balancing mode.........................................................................................................................2-4 Figure 2-4 Networking diagram of configuring the active/standby interface backup........................................2-11 Figure 3-1 Networking of the association between PW redundancy and APS..................................................3-14 Figure 3-2 Networking diagram of configuring TDMoPSN..............................................................................3-32 Figure 4-1 LAN default gateway..........................................................................................................................4-3 Figure 4-2 Typical networking of VRRP fast switchover (using BFD sampling).............................................4-19 Figure 4-3 Typical networking of ignorance of the down of an interface where the mVRRP backup group is configured............................................................................................................................................................4-25 Figure 4-4 mVRRP determines the dual-homing of the master and slave routers.............................................4-43 Figure 4-5 Networking diagram of configuring VRRP in the master/backup mode......................................... 4-49 Figure 4-6 Networking diagram of configuring VRRP in load balancing mode...............................................4-54 Figure 4-7 Networking diagram of configuring VRRP multi-instance..............................................................4-58 Figure 4-8 Networking diagram of configuring VRRP fast switchover............................................................ 4-63 Figure 4-9 Typical networking of VRRP fast switchover (using BFD sampling).............................................4-68 Figure 4-10 Typical networking of ignorance of the down of an interface where the mVRRP backup group is configured............................................................................................................................................................4-87 Figure 4-11 Networking diagram of VRRP configured on VLANIF interfaces..............................................4-106 Figure 5-1 Application scenario of the BFD passive Echo function..................................................................5-13 Figure 5-2 Networking diagram of devices between the both end routers.........................................................5-16 Figure 5-3 Networking diagram of configuring the one-hop BFD.................................................................... 5-43 Figure 5-4 Networking diagram of configuring one-hop BFD for IP-Trunk member link................................5-46 Figure 5-5 Networking diagram of configuring one-hop BFD for IP-Trunk.....................................................5-51 Figure 5-6 Networking diagram of configuring one-hop BFD for Layer 3 Eth-Trunk member link...............5-57 Figure 5-7 Networking diagram of configuring one-hop BFD for Layer 3 Eth-Trunk......................................5-62 Figure 5-8 Networking diagram of configuring one-hop BFD for VLANIF interfaces.................................... 5-67 Figure 5-9 Configuring the association between the BFD status and the interface status.................................5-71 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xix
Figures
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability Figure 5-10 Association between the BFD status and the sub-interface status..................................................5-76
Figure 5-11 Networking diagram of the multi-hop BFD...................................................................................5-81 Figure 5-12 Networking diagram of configuring the BFD for VPN routes.......................................................5-84 Figure 6-1 Basic mechanism of HSB...................................................................................................................6-4 Figure 6-2 Setting up sessions between the GR Helper and the GR Restarter.....................................................6-6 Figure 6-3 AMB/SMB switchover of the GR Restarter.......................................................................................6-6 Figure 6-4 GR Restarter sending signals to the neighbors after the AMB/SMB switchover...............................6-7 Figure 6-5 GR Restarter obtaining topology information from neighbors...........................................................6-7 Figure 6-6 Networking diagram of configuring the system-level GR...............................................................6-13 Figure 7-1 Networking diagram of EFM OAM extension for VRRP................................................................7-10 Figure 7-2 Networking diagram of EFM OAM extension for static routes.......................................................7-13 Figure 7-3 Diagram of configuring EFM OAM.................................................................................................7-14 Figure 7-4 Diagram of testing the packet loss ratio on the link.........................................................................7-22 Figure 7-5 Diagram of associating EFM OAM with an interface......................................................................7-26 Figure 7-6 Diagram of associating Ethernet CFM with an interface (1)............................................................7-50 Figure 7-7 Diagram of associating Ethernet CFM with an interface (2)............................................................7-50 Figure 7-8 Diagram of associating Ethernet CFM with an interface (3)............................................................7-50 Figure 7-9 Diagram of associating Ethernet CFM with an interface (4)............................................................7-51 Figure 7-10 Diagram of associating Ethernet OAM with Ethernet OAM.........................................................7-53 Figure 7-11 Figure 6-11 Networking diagram of associating Ethernet CFM with VPLS.................................7-55 Figure 7-12 Diagram of associating Ethernet OAM with MPLS OAM or BFD...............................................7-60 Figure 7-13 Diagram of configuring EFM OAM...............................................................................................7-64 Figure 7-14 Diagram of testing the packet loss ratio on the link.......................................................................7-67 Figure 7-15 Diagram of configuring Ethernet CFM..........................................................................................7-70 Figure 7-16 Networking diagram of configuring the default MD for Ethernet CFM........................................7-78 Figure 7-17 Diagram of associating Ethernet CFM with an interface...............................................................7-86 Figure 7-18 Diagram of associating EFM OAM with Ethernet CFM...............................................................7-91 Figure 7-19 Diagram of configuring VPLS Ethernet CFM...............................................................................7-95 Figure 7-20 Diagram of associating EFM OAM with MPLS OAM................................................................7-106 Figure 7-21 Networking diagram of configuring EFM OAM extension for VRRP........................................7-116 Figure 7-22 Networking diagram of configuring EFM OAM extension for static routes...............................7-125
xx
Issue 03 (2010-03-31)
Tables
Tables
Table 1-1 Levels of reliability requirements........................................................................................................1-3 Table 3-1 Interfaces and IP address....................................................................................................................3-15 Table 4-1 Networking requirements of the multi-instance VRRP.....................................................................4-57 Table 6-1 Comparison between the GR and the HSB..........................................................................................6-8 Table 7-1 Differences between IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007..................................7-5 Table 8-1 Description of the issu check command output...................................................................................8-6 Table 8-2 Description of the issu start command output....................................................................................8-7 Table 8-3 Description of the issu abort command output...................................................................................8-8
Issue 03 (2010-03-31)
xxi
1 Reliability Overview
1
About This Chapter
Reliability Overview
This chapter describes the technologies and indices of the reliability. 1.1 Introduction This section describes the technologies and indices of the reliability. 1.2 Reliability Technologies for IP Network This section describes the common reliability technologies applied to IP networks. 1.3 Reliability Technologies Supported by the NE80E/40E This section describes the common reliability technologies supported by the NE80E/40E. 1.4 Networking of Reliability over an IP Network This section describes the typical networking schemes of IP network reliability.
Issue 03 (2010-03-31)
1-1
1.1 Introduction
This section describes the technologies and indices of the reliability. 1.1.1 Technology of Reliability Overview 1.1.2 Indices of Reliability 1.1.3 Levels of Reliability Requirements 1.1.4 Principles of Highly-Reliable IP Networking
1.1.1 Technology of Reliability Overview

The reliability of a router is assessed in the following aspects:
l l l l
Principle of reliable system and hardware design Principle of reliable software design Test and authentication of reliability Reliable IP network design
With the popularity of networks and diversification of applications, various value-added services are deployed on networks. The bandwidth increases in index number. Therefore, even a shorttime interrupt may impact a huge number of services critically and make an incredible loss. For a fundamental network that bears various services, its reliability is highlighted much more than ever. This chapter focuses on reliability technologies applicable to the IP network over the Versatile Routing Platform (NE80E/40E).
1.1.2 Indices of Reliability

Generally, the reliability of a product or a system is evaluated based on two indices, namely, Mean Time to Repair (MTTR) and Mean Time Between Failures (MTBF).
MTTR
MTTR: identifies the default recovery capability in terms of maintainability. The term refers to an average time that a component or a device takes to recover from a failure. In fact, it is the fault-tolerance capability. In a broader sense, the MTTR also includes spare part management and customer service. The MTTR plays an important role in evaluating maintainability. The formula of the MTTR is as follows: MTTR = Fault detection time + Board replacement time + System initialization time + Link recovery time + Route coverage time + Forwarding recovery time The smaller the addends are, the smaller the MTTR is and the higher the availability the device offers.
1-2
Issue 03 (2010-03-31)
MTBF
MTBF identifies the probability of faults in terms of reliability. The term refers to the average time when a component or a device runs without any failure, usually in hours. In the telecommunication industry, the availability of 99.999% means that the MTTR must be no more than five minutes each year.
Availability
Availability identifies the utility of a system. The availability is improved when the MTBF increases or the MTTR decreases. In real networking, however, it may be inevitable to witness network faults and service interruption for various causes. Therefore, a kind of technology to recover the device from the fault rapidly becomes even important. This technology can just improve the availability by reducing MTTR.
1.1.3 Levels of Reliability Requirements

Table 1-1 describes three requirement levels, their targets, and implementation methods. Table 1-1 Levels of reliability requirements Level 1 Target Less faults on the software and hardware of a system Implementation
l
Hardware: simplified design, standardized circuits, reliable application of components, reliability control in purchased components, reliable manufacture, environment endurability, and reliability experiment (HALT/HASS) Software: checklist of reliable software design Redundancy design Switchover policy High availability of switchover Fault detection Diagnosis Isolation Recovery
No impact on a system when a default occurs
l l l
Rapid recovery when a fault occurs and affects the system
l l l l
1.1.4 Principles of Highly-Reliable IP Networking

The principles of reliable IP networking are as follows:
l
Hierarchical networking: A network is divided into three layers, that is, core layer, convergence layer, and edge layer. According to the current and future services, redundancy backup is configured on a device connects to access nodes on the edge layer. The active and standby nodes connect to convergence nodes. Devices of convergence layer are dualhomed to single node multi-device of the upper layer or to multi-node device of
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-3
Issue 03 (2010-03-31)
convergence layer and core layer alternatively. Devices of core layer are enabled with full interconnection or half interconnection. In this manner, two devices are reachable to each other with one route at a fast traffic rate, avoiding multi-interconnection.
l
On the same layer, multi-interconnection is applicable; multi-device is applicable to a single node. The lower-layer devices are dual-homed or multi-homed to single nodes or multiple nodes of devices on the upper layer. Adjustment should be taken according to traffic.
1.2 Reliability Technologies for IP Network

This section describes the common reliability technologies applied to IP networks. 1.2.1 Failure Detection for IP Network 1.2.2 Protection Switching for IP Network
1.2.1 Failure Detection for IP Network

In terms of implementation range, fault detection technologies include special detection technology and common detection technology.
l
Special fault detection technologies include:

APS (on transport layer) RPR OAM, Eth-OAM (on link layer) MPLS OAM (for MPLS)
Common fault detection technology includes the Bidirectional Forwarding Detection (BFD) that detects faults on all layers.
The fault detection mechanism is available on each layer of the TCP/IP reference module. The fault detection mechanisms are as follows:
l l l l
Transport/Physical layer: APS Data link layer: RPR OAM, MPLS OAM, Eth-OAM, STP, RSTP, MSTP, and RRPP Network layer: Hello mechanism in different protocols, VRRP, and GR Application layer: heartbeat mechanism and re-forwarding mechanism of various protocols
The modes of fault detection are as follows:

l l l
Asynchronous mode: The detection packet is sent periodically. Query mode: A series of packets for confirmation are sent. Echo mode: The received packet is sent back to the peer without any change.
1.2.2 Protection Switching for IP Network

On data communication networks, 50 ms is a standard time for performing the protection switching. The protection switching takes place based on the link redundancy. The protection modes are as follows:
1-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)

l l
End-to-end protection: 1:1, 1+1, 1:N, and M:N Local protection: FRR
The trigger mode includes BFD trigger mode and Fast Reroute (FRR) trigger mode. The protection switching functions are as follows:
l l l l l l
Local request protection Local real-time protection Latency of switchover signal processing Anti-switching of a single node Coexistence and preemption of switchover request Switchover recovery mode
1.3 Reliability Technologies Supported by the NE80E/40E

This section describes the common reliability technologies supported by the NE80E/40E. 1.3.1 FRR (Fast ReRoute) 1.3.2 OAM (Operation Administration & Maintenance) 1.3.3 VRRP (Virtual Router Redundancy Protocol) 1.3.4 BFD (Bidirectional Forwarding Detection)
1.3.1 FRR (Fast ReRoute)

IP FRR
In the forwarding module, an interface status table is created to save information about working status of every interface on a device. After an abnormality is detected, for example, the physical link is unavailable or an interface is shut down manually, the interface status table is updated. At the same time, when a packet is forwarded to a next hop listed in a forwarding table that contains load balancing entries, that is, several next hops, the next hop is selected by certain rules and its outgoing interface is detected in the interface status table. If the outgoing interface of one next hop is invalid, another next hop is selected and its outgoing interface status is detected until the outgoing interface of a next hop is valid. When the last next hop is detected, the packet is forwarded directly without checking the outgoing interface. Because detecting and updating the interface status is much faster than route convergence, the rerouting takes effect faster with the IP FRR technology. Moreover, the load balancing entries in the forwarding table are checked that ensures highly-reliable forwarding. The enhanced IP FRR technology supports the next hop of non-equivalence load balancer. An active next hop is selected by the Interior Gateway Protocol (IGP) and a standby next hop is configured manually. When a failure occurs, the fast switchover is performed.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-5
LDP FRR
Conventional IP FRR cannot effectively protect traffic on a Multiprotocol Label Switching (MPLS) network. The NE80E/40E provides MPLS networks with the LDP FRR for protection at the interface level. Compared with fast convergence in IGP, the LDP FRR calculates a secondary interface in advance. Route calculation and re-establishment of an LSP after a failure take less time. As a result, the switchover speeds up. When LDP works in a mode of Downstream Unsolicited (DU) label distribution, ordered label control and liberal label retention, a Label Switching Router (LSR) saves all label mapping messages. Only the label mapping messages sent by the next hop corresponding to the Forwarding Equivalence Class (FEC) can generate a label forwarding table. With the preceding features, when a forwarding table is generated for mapping of liberal retention label, this means that a bypass LSP is established. Normally, a packet is forwarded through the primary LSP. When the outgoing interface of the primary LSP is Down, the packet is forwarded along the bypass LSP. This ensures continuous traffic follow in the short period before network convergence.
MPLS TE FRR
The MPLS TE FRR is a commonly used switchover technology to deal with a failure. The solution is to create an end-to-end TE tunnel between Provider Edge (PE) devices and a bypass Label Switched Path (LSP) for protecting a primary LSP. When the router detects that the primary LSP is unavailable because of an intermediate node failure or link failure, the traffic is switched to the bypass LSP. In terms of principle, MPLS TE FRR can enable fast switchover to respond to link failures and node failures between two PEs that serve as the start node and end node of a TE tunnel respectively. Nevertheless, MPLS TE FRR cannot deal with the failure of PEs that serves as the start node and end node on a TE tunnel. When a PE fails, the traffic can resume by end-to-end route convergence and LSP convergence. The time of convergence relates closely to the number of routes of the MPLS VPN and the number of hops of the bearer network. Generally, the convergence takes about 5s in typical networking, longer than 1s that is required for the end-toend traffic convergence when a node fails.
VPN FRR
Based on the VPN fast route switching technology, VPN FRR sets a switchover forwarding entry that is destined for the primary PE and backup PE on a remote PE. With VPN FRR and the technology of fast sense of PE failures, on an MPLS VPN where Costumer Edge (CE) devices are dual-homed to PEs, the time of end-to-end service convergence is shortened and the time of PE failure recovery cannot be affected by the number of private network routes. When a PE node fails, the convergence of end-to-end service takes less than 1s. On a PE device configured with VPN FRR, proper VPNv4 routes are selected by the matching policy. For these routes, in addition to the routing information sent by the preferential next hop (including forwarding prefix, inner tag, and selected outer LSP tunnel), information about the inferior priority next hop (including forwarding prefix, inner tag, and selected outer LSP tunnel) are also contained in the forwarded entry. When preferential next hop node fails, through BFD and MPLS OAM, the PE detects that the outer tunnel connecting the PE to the preferential node is unavailable. The PE sets a
corresponding flag in the LSP tunnel status table to indicates the outer LSP is unavailable and delivers the flag to the forwarding engine. When the forwarding engine selects a forwarding entry, it checks the LSP tunnel status corresponding to this forwarding entry. If the LSP tunnel is unavailable, the engine uses the route of a inferior priority carried in this forwarding entry to forward packets.
1.3.2 OAM (Operation Administration & Maintenance)

In board sense, the Operation Administration & Maintenance (OAM) exists on every layer, link, and node of a network. With OAM, you can simplify the operation, check the network performance at any moment, and cut the cost of network operation. This section describes only MPLS OAM. MPLS is a key bearer technology applied to the extendable next generation network (NGN), supporting multiple services guaranted by QoS. A unique network layer is introduced to MPLS and this layer may lead to faults. Therefore, MPLS must be competent with OAM. MPLS supports different Layer 2 and Layer 3 protocols, such as IP, FR, ATM, and Ethernet. MPLS offers an OAM mechanism entirely independent from upper and lower layers, enabling the following features on the MPLS user plane:
l l
Detecting the TE LSP connectivity Performing switchover when a link fails to provide services according to Service Level Agreements (SLAs)
With the MPLS OAM mechanism, the router can detect, identify, and locate a fault of MPLS layer effectively. Then, the fault is reported and processed. In addition, when a failure occurs, the protection switching mechanism can be triggered.
1.3.3 VRRP (Virtual Router Redundancy Protocol)

Generally, all hosts of a LAN are configured with the same default route to the gateway, for example, Router A in Figure 1-1. In this manner, the hosts can communicate with external networks. When the gateway fails, the communication between hosts and external networks is interrupted. Figure 1-1 LAN default gateway
Ethernet
IP Address:10.0.0.2/24 Gateway:10.0.0.1 Gateway:10.0.0.1 IP Address:10.0.0.3/24 Gateway:10.0.0.1 IP Address:10.0.0.4/24
10.0.0.1/24
RouterA
Network
A common method to enhance the system reliability is to configure several gateways, but how to select routes among several gateways becomes a problem. As a type of redundancy protocol,
the Virtual Router Redundancy Protocol (VRRP) can separate physical device and logical device to select routes among different gateways. On a LAN enabled with multicast or broadcast, for example, Ethernet, VRRP offers logical gateways to ensure highly available link. This solves the problem that services are interrupted because of a gateway router failure, without changing the configuration of routing protocol.
1.3.4 BFD (Bidirectional Forwarding Detection)

BFD is a set of entire-network applicable detection mechanisms. It is used to detect and monitor the connectivity of a link or an IP route during forwarding packets. To improve the network performance, a communication failure between adjacent systems must be detected quickly and the standby channel must be created faster for communication recovery. The BFD features are as follows:
l
Detecting channel failures between adjacent forwarding engines with light load in a short time Detecting any media and any protocol layer with single mechanism in real time and supporting different detection time and costs
1.4 Networking of Reliability over an IP Network

This section describes the typical networking schemes of IP network reliability. 1.4.1 Failures on Intermediate Nodes or on the Link Between PEs - LDP FRR/TE FRR 1.4.2 Link Failure During Transimission 1.4.3 Failure on the Remote PE - VPN FRR 1.4.4 Failure of Downlink Interface on the PE - IP FRR
1.4.1 Failures on Intermediate Nodes or on the Link Between PEs LDP FRR/TE FRR
Figure 1-2 Networking diagram of LDP/TE FRR application PE1 P1 P2 P3 PE3
PE2
1-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.
PE4
Issue 03 (2010-03-31)
As shown in Figure 1-2, LDP LSP serves as a public network tunnel and TE is enabled with QoS between P devices. This network deployment enhances the QoS across the entire network and simplifies the TE deployment in changing PE devices. Without transmission devices, if a failure occurs on the link between P1 and P2, or P2 fails on a non-broadcast network, the LDP FRR performs switching on PE1 and ensures that the switching takes no more than 50 ms. The premise of preceding application is that no transmission device exists, since the switching performed by the TE FRR/LDP FRR depends on the detection of the interface status through signals or optical signals. If transmission devices exist and a link fails, the router cannot detect the interrupt of optical signals, and the switching cannot be performed. Then, another mechanism is required to detect the link between transmission devices, namely, BFD or OAM.
1.4.2 Link Failure During Transimission

OAM
The OAM is a unidirectional detection mechanism. Bidirectional OAM can be configured for bidirectional protection. The detection end of OAM sends a packet to detect the link. If the link works normally, the other end can receive the detection packet timely. If the receiver cannot receive the detection packet within a specified period, a link-interrupt packet is sent through a reverse path to report the link failure to the detection end. Then, the detection end responds to the failure with a series of actions, one of which is the switchover of the OAM protection group. In an OAM protection group, a primary tunnel and a bypass tunnel are created to form a protection group. When one tunnel of the protection group is available, the primary tunnel is available logically. Normally, a packet is forwarded through the primary tunnel, that is, the working tunnel. When the primary tunnel is Down and the bypass tunnel is available, the tunnel is iterated to the primary tunnel logically. In fact, the bypass tunnel, also named protection tunnel, works. With fast detection performed by the OAM, the protection group is listed in the forwarding table with its primary tunnel entry and bypass tunnel entry. This enables fast switchover after a failure is detected, providing high reliability for network connectivity.
Issue 03 (2010-03-31)
1-9
Figure 1-3 Networking diagram of MPLS OAM protecting switchover
P1
PE1
P2
PE2
MPLS TE Tunnel
P3
As shown in Figure 1-3, two TE tunnels are created between the ingress PE1 and egress PE2, forming a protection group. A TE tunnel is created between PE2 and PE1 through P1 as a reverse channel, advertising a failure to ingress PE1.
VRRP, BFD
BFD and OAM are similar because both of them define a set of mechanisms including detection, failure report, and switchover. For BFD and OAM, the detection is carried out by sending fast detection packets through a preset path to detect the link status. If the detection packets cannot pass through the link, the packets are dropped. To avoid the jitters, the number of detection packets is specified. When the number of the lost detection packets reaches the set value, the link is considered as interrupted. BFD is a bidirectional detection mechanism, and its detection packets are sent bidirectionally. If one end does not receive the detection packets within a specified period, the end assumes that the link is interrupted and reports to related modules to perform switchover.
1-10
Issue 03 (2010-03-31)
Figure 1-4 Networking diagram of BFD for VRRP
Switch1
PE1
BFD for VRRP
VRRP
Backbone
Switch2
PE2
As shown in Figure 1-4, PE1 and PE2 form a VRRP master and backup group, serving as the backup for each other. The VRRP backup group monitors BFD session. For example, when PE1 serves as the primary PE and the link between Switch1 and PE1 fails, the failure is fast detected through BFD and reported to VRRP. The VRRP master and backup group performs switchover fast and then PE2 becomes the primary PE.
1.4.3 Failure on the Remote PE - VPN FRR

Figure 1-5 Networking diagram of VPN FRR application PE1 P1 P2 P3 PE3
PE2
PE4
As shown in Figure 1-5, PE3 and PE4 access the VPN. If the user network on the left of PE1 needs to communicate with the user network on the right of PE3, PE1 can access the user network on the right through PE3 and PE4. In this case, PE3 and PE4 serve as the backup for each other, through which PE1 sends packets. This is how VPN FRR works. Similar to other FRR technologies, in the VPN FRR, an available bypass path is reserved for fast switchover before the primary path fails. For VPN FRR, two next hops (PEs) are reserved for the local device to access the private network. One is the active PE and the other is the standby PE. The active and standby PEs are configured manually.
As shown in Figure 1-5, PE1 reserves two next hops, that is, PE3 and PE4, to access the remote VPN. PE1 can select either of them as the active next hop and the standby next hop.
l
Without the VPN FRR, only an active next hop entry is delivered from the control plane to the forwarding plane. When the active next hop becomes invalid, the standby next hop entry is delivered to the forwarding plane. As a result, the switchover is slow. After the configuration of VPN FRR, both next hop entries are delivered from the control plane to the forwarding plane. When the active next hop becomes invalid, the standby next hop can be applied quickly to the forwarding plane. The switchover speeds up.
After BFD detects that the PE of the active next hop fails, switchover is performed within a very short period, which ensures high reliability.
1.4.4 Failure of Downlink Interface on the PE - IP FRR

Figure 1-6 Networking diagram of IP FRR application PE1 MPLS-VPN
Backbone
CE
PE2
As shown in As shown in Figure 1-6, the traffic to the CE is forwarded by PE1 (the active PE). If the link between PE1 and the CE fails, IP FRR switches the traffic from the link between PE1 and the CE to the link between PE2 to the CE. The principle of FRR is to retain a bypass path on the forwarding plane for fast switchover. Similarly, with IP FRR, two paths exist between PE1 and CE. For one path, packets are transmitted through direct route. For the other path, packets are transmitted from PE1 to PE2 and then forwarded to CE. Generally, PE accesses the Layer 3 Virtual Private Network (L3VPN). IP FRR is applied to a private network. Then, the private network neighbor relationship between PE1 and PE2 needs to be created, and the primary and bypass paths are created for PE1 accessing CE.
1-12
Issue 03 (2010-03-31)
2 Interface Backup Configuration
Interface Backup Configuration
About This Chapter

This chapter describes the concepts, working mechanism, and configuration procedures of the IP address and provides configuration examples. 2.1 Introduction of Interface Backup This section describes the principles, and concepts of the interface backup. 2.2 Configuring the Active/Standby Interface Backup 2.3 Configuring the Load Balancing Interface Backup This section describes how to configure the load balancing interface backup. 2.4 Maintaining the Interface Backup 2.5 Configuration Examples This section provides several configuration examples of interface backup.
Issue 03 (2010-03-31)
2-1
2.1 Introduction of Interface Backup

This section describes the principles, and concepts of the interface backup. 2.1.1 Interface Backup Overview 2.1.2 Characteristics of the Interface Backup Supported by the NE80E/40E
2.1.1 Interface Backup Overview

The router plays an important role in the network. When an interface on a router fails, a key method to ensure the security and smooth functioning of the service is to rapidly switch the service on the interface to other normal interfaces. Interface backup means that interfaces on a router serve as the backup for each other. Usually, a single interface undertakes services while the other interfaces are in the backup state. Figure 2-1 shows the interface backup. Figure 2-1 Interface backups
if1
LAN
if2 if3
if4
Interfaces if1, if2, and if3 are backed up for each other. For example, if2 transmits services. if1 and if3 are in the backup state and have their respective backup priorities. The router traces the status of each interface. When if2 fails, the router enables the standby interface with a higher priority to replace if2. This ensures smooth and reliable transmission of services. The interface backup mechanism divides interfaces into the active interface and the standby interface according to their roles in the service transmission process.
Active Interface
The active interface undertakes service transmission and is backed up by other interfaces, such as if2 in Figure 2-1. Any physical interface or sub-interface like POS ,Ethernet or ATM interface serves as an active interface on a router. An active interface with larger bandwidth provides a higher transmission rate.
Standby Interface
The standby interface does not transmit services and is often in the standby mode. The standby interface backs up the active interface, such as if1 and if3 in Figure 2-1.
Any physical interface (POS , AUX Ethernet or ATM interface for example) on a router serves as a standby interface.
NOTE
l l l
An active interface is backed up by several standby interfaces. When the active interface fails, the standby interface with the highest priority takes over services from the active interface. The same standby interface backs up only one active interface. ISDN BRI/PRI interfaces that have multiple physical channels provide backup for multiple active interfaces through the Dialer route in the Dial Control Center (DCC) configuration.
2.1.2 Characteristics of the Interface Backup Supported by the NE80E/40E

Active/Standby Mode
Figure 2-2 shows that if2 serves as the active interface. Figure 2-2 Active/standby mode
if1 LAN 100% if2 if3 if4
In the active/standby mode, only one interface transmits services transmission all the time.
l
When the active interface works normally, all traffic flows pass through the active interface; the standby interfaces like if1 and if3 remain in the standby mode even if the active interface is overloaded. The standby interface with the highest priority takes over the work of the active interface and transmits all traffic flows only when the active interface fails. When the failed active interface is restored, it transmits traffic again.
Load-Balancing Mode
In the load-balancing mode, the interfaces share the flow.
l
When the data flow of the active interface reaches the specified upper limit, the router automatically enables an available standby interface with the highest priority. Both interfaces undertake the transmission together and share the load. When the flows of these two interfaces reach the highest threshold again, the router enables another available interface with the second highest priority for balancing the load among these interfaces, and so on. When the data flow of the active interface reaches the pre-defined lower limit, the router disables the standby interface with the lowest priority that is taking part in load balancing until the active interface can undertake the flow on its own.
Issue 03 (2010-03-31)
Figure 2-3 Load-balancing mode A% LAN B% C% if1 if2
if4
if3 A%+B%+C%=100%
NOTE
The working mode is selected depending on configuration of the percentage threshold of load balancing by the users. If the percentage threshold is configured, the router uses the load-balancing mode. Alternatively, the router uses the active/standby mode.
2.2 Configuring the Active/Standby Interface Backup

2.2.1 Establishing the Configuration Task 2.2.2 Configuring a Standby Interface 2.2.3 Configuring the Active/Standby Switchover Delay 2.2.4 Checking the Configuration
2.2.1 Establishing the Configuration Task

Applicable Environment
The interface backup can be configured for multiple devices to improve their reliability through standby interfaces. In the active/standby mode, the active interface undertakes all the services, whereas the standby interfaces are in the standby state and do not undertake services. Switchover delay is an important parameter in the active/standby mode. An appropriate delay not only ensures timely switchover but also prevents frequent switching.
Pre-configuration Tasks
Before configuring the active/standby interface backup, complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring IP addresses for interfaces Configuring a static route to the destination network segment through the active/standby interface
NOTE
Configure these parameters on the active interface and standby interfaces. To efficiently use IP addresses, you can borrow the address of the active interface for the standby interface.
2-4
Issue 03 (2010-03-31)
Data Preparation
To configure the active/standby interface backup, you need the following data. No 1 2 3 Data Standby interfaces that serve as backup for the active interface Priorities of standby interfaces Delay time of the active/standby switchover
2.2.2 Configuring a Standby Interface

Context
Do as follows on the router that needs to be configured with the active/standby interface backup:
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Run:

interface interface-type interface-number
The interface view is displayed. Step 3 Run:

standby interface interface-type interface-number [ priority ]
A standby interface and its priority are configured.

NOTE
l l l
If multiple standby interfaces need to be configured for a main interface, run the standby interface command for several times to configure all the standby interfaces. A main interface can be configured with a maximum of three standby interfaces. In addition, a standby interface can be configured only for one main interface. A maximum of 10 main interfaces can exist at the same time.
----End
2.2.3 Configuring the Active/Standby Switchover Delay

Context
To avoid frequent interface switching due to unstable interface status, the system does not switch traffic from the active interface to the standby interface until a pre-set delay after the active interface changes from Up to Down.

l
If the active interface is still in the Down state when the delay period expires, the system switches traffic from the active interface to the standby interface. If the active interface restores within the delay, switching does not occur.
Do as follows on the router that needs to be configured with the active/standby interface backup:
Procedure
Step 1 Run:
system-view

The active interface view is displayed. Step 3 Run:

standby timer delay enable-delay disable-delay
The switchover delay for the active/standby interfaces is configured. When enable-delay and disable-delay are set to 0, the switching is performed immediately. ----End
2.2.4 Checking the Configuration

Prerequisite
The configurations of the Active/Standby Interface Backup function are complete.
Procedure
Step 1 Run the display standby state command to Check the status of the active or the standby interface. ----End
Example
Running the display standby state command, you can view information about the status of the active and standby interfaces as follows:
<HUAWEI> display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate GigabitEthernet3/0/0 UP MUP MU GigabitEthernet3/0/4 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL
As shown in the command output, GE 3/0/0 serves as an active interface and is in the Up state. GE 3/0/4 serves as a standby interface and is in the Standby state and its priority is 20.
2.3 Configuring the Load Balancing Interface Backup

This section describes how to configure the load balancing interface backup. 2.3.1 Establishing the Configuration Task 2.3.2 Configuring a Standby Interface 2.3.3 Configuring the Percentage Thresholds for Load Balancing 2.3.4 (Optional) Configuring the Bandwidth and Flow Check Interval for the Active Interface 2.3.5 Checking the Configuration

The interface backup can be configured for multiple devices to improve their reliability through standby interfaces. In the load-balancing mode, if the flows on the active interface exceed the threshold, the router automatically enables an available standby interface to undertake the transmission. Two important parameters in the load-balancing mode are:
l l
Percentage threshold of load balancing Bandwidth of the active interface
The two parameters affect the service throughput on each interface. Meanwhile, the bandwidth of the active interface is preferentially used.
Before configuring the load balancing interface backup, you need to complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring IP addresses for interfaces Configuring static routes to the destination network segment on the active interface and standby interfaces
NOTE
The preceding parameters are required on both the active interface and the standby interfaces. To efficiently use IP addresses, you can the address of the active interface for the standby interfaces .
Data Preparation
To configure the load balancing interface backup, you need the following data.
No 1 2 3 4
Data Standby interface and its priority Percentage thresholds for enabling and disabling load balancing Bandwidth of the active interface Interval for checking the traffic on the active interface
2.3.2 Configuring a Standby Interface

Context
Do as follows on the router that needs to be configured with the load balancing interface backup:
Procedure
Step 1 Run:
system-view


standby interface interface-type interface-number [ priority ]
A standby interface and its priority are configured.

NOTE
l l l
You can use the standby interface command repeatedly to configure multiple standby interfaces for an active interface. An active interface can be backed up by a maximum of three standby interfaces. One standby interface can back up only one active interface. The NE80E/40E supports up to 10 active interfaces simultaneously.
----End
2.3.3 Configuring the Percentage Thresholds for Load Balancing

Context
Do as follows on the router that needs to be configured with the load balancing interface backup:
Procedure
Step 1 Run:
system-view
2-8
Issue 03 (2010-03-31)


standby threshold enable-threshold disable-threshold
The percentage threshold for load balancing is set. By default, the system does not support the load-balancing mode, that is, no threshold percentage is configured. When the flow of the active interface reaches the pre-defined upper limit (enable-threshold), the router automatically enables an available standby interface with the highest priority. This standby interface undertakes the service transmission with the active interface. When the flow of the active interface is less than the pre-defined lower limit (disablethreshold), the router disables a standby interface with the lowest priority that transmits services in load balancing mode. ----End
2.3.4 (Optional) Configuring the Bandwidth and Flow Check Interval for the Active Interface
Context
Do as follows on the router that needs to be configured the load balancing interface backup:
Procedure
Step 1 Run:
system-view


standby bandwidth size
The maximum bandwidth of the active interface is configured. By default, on the active interface, its actual physical bandwidth is adopted as its maximum available bandwidth. Step 4 Run:
standby timer flow-check time
The flow check interval for the active interface is configured.

By default, the flow check interval is set to 30 seconds. ----End

Prerequisite
The configurations of the Load Balancing Interface Backup function are complete.
Procedure
l l Run the display standby flow command to Check the flow statistics of the active interface working in load-balancing mode. Run the display standby state command to Check the status of the active and standby interfaces.
----End
Example
After the configuration, you can run the display standby flow command and the display standby state command.
<HUAWEI> display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 UP MUP MUD Pos 1/0/0 UP UP BU 40 Pos 3/0/0 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL <HUAWEI> display standby flow Interfacename : Pos2/0/0 Flow-interval(s) : 30 LastInOctets : 5298 LastOutOctets : 398807420 InFlow(Octets) : 1038 OutFlow(Octets) : 78717892 BandWidth(b/s) : 40000000 UsedBandWidth(b/s) : 20991432
As shown, POS 2/0/0 is configured as an active interface and POS 1/0/0 and POS 3/0/0 as standby interfaces. The bandwidth of the active interface is 40000000 bit/s. When the traffic exceeds the load-balancing limit, the percentages of upper and lower thresholds for load balancing are 50% and 30% respectively. As shown in the command output, the bandwidth in use on the active interface is 20991432 bit/s exceeding 40 Mbit/s by 50%. Then, the standby interface POS 1/0/0 with a higher priority starts to undertake the traffic.
2.4 Maintaining the Interface Backup

2.4.1 Monitoring Working Status of the Interface Backup
2-10
Issue 03 (2010-03-31)
2.4.1 Monitoring Working Status of the Interface Backup

Context
In routine maintenance, you can select to run the following commands in any view to view the working status of the interface backup.
Procedure
l l Run the display standby state command in any view to check the configuration and status of the interface backups. Run the display standby flow command in any view to check statistics of the traffic on the active interface in load balancing.
----End
2.5 Configuration Examples

This section provides several configuration examples of interface backup. 2.5.1 Example for Configuring the Active/Standby Mode of Multiple Interfaces 2.5.2 Example for Configuring Load Balancing on Multiple Standby Interfaces
2.5.1 Example for Configuring the Active/Standby Mode of Multiple Interfaces

Networking Requirements
As shown in Figure 2-4, Router A is connected to Router B. The active/standby backup relationship exists between multiple interfaces on Router B:
l l l
POS 2/0/0 serves as the active interface. POS 1/0/0 and POS 3/0/0 serve as standby interfaces of POS 2/0/0. POS 1/0/0 takes a higher priority than that of POS 3/0/0.
Figure 2-4 Networking diagram of configuring the active/standby interface backup POS1/0/0 10.1.1.1/24 POS2/0/0 10.1.2.1/24 POS3/0/0 10.1.3.1/24 POS1/0/0 10.1.1.2/24 POS2/0/0 10.1.2.2/24 POS3/0/0 10.1.3.2/24
RouterA
GE4/0/0 10.10.1.2/24
RouterB
GE4/0/0 10.20.1.2/24
10.10.1.1/24
Issue 03 (2010-03-31)
HostA
10.20.1.1/24
2-11
HostB
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure POS 2/0/0 on Router B as the active interface to bear all the services. Configure POS 1/0/0 and POS 3/0/0 in the interface view of POS 2/0/0 as the standby interfaces without any service. POS 1/0/0 has a higher priority.
Data Preparation
To complete the configuration, you need to configure the priority of the standby interface.
Procedure
Step 1 Configure the network layer attributes. # Configure IP addresses for routers as shown in Figure 2-4. The configuration details are omitted here. # Configure a static route to Host B network segment on Router A.
<RouterA> [RouterA] [RouterA] [RouterA] system-view ip route-static 10.20.1.0 255.255.255.0 pos1/0/0 ip route-static 10.20.1.0 255.255.255.0 pos2/0/0 ip route-static 10.20.1.0 255.255.255.0 pos3/0/0
# Configure a static route to Host A network segment on Router B.

<RouterB> [RouterB] [RouterB] [RouterB] system-view ip route-static 10.10.1.0 255.255.255.0 pos1/0/0 ip route-static 10.10.1.0 255.255.255.0 pos2/0/0 ip route-static 10.10.1.0 255.255.255.0 pos3/0/0
# Configure Host A and Host B to use Router A and Router B as their gateways respectively. The configuration details are omitted here. After the configuration, Host A and Host B can ping through each other. Step 2 Configure the interface backup on Router B. # Configure POS 2/0/0 as the active interface and POS 1/0/0 and POS 3/0/0 as the standby interfaces. POS 1/0/0 has a higher priority. Immediate switching is adopted.
[RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] standby interface pos1/0/0 40 [RouterB-Pos2/0/0] standby interface pos3/0/0 20 [RouterB-Pos2/0/0] quit
After the configuration, display the state of the active/standby interfaces, and you can find that POS2/0/0 is UP, and POS 1/0/0 and POS 3/0/0 are STANDBY.
[RouterB] display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 UP MUP MU Pos 1/0/0 STANDBY STANDBY BU 40 Pos 3/0/0 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL
2-12
Issue 03 (2010-03-31)
After the Tracert test of Host B address on Host A, you can view the packets reaches the destination through the link layer of POS 2/0/0 on Router B.
C:\> tracert 10.20.1.1 Tracing route to 10.20.1.1 over a maximum of 30 hops 1 60 ms 60 ms 50 ms 10.10.1.2 2 50 ms 40 ms 70 ms 10.1.2.2 3 70 ms 70 ms 60 ms 10.20.1.1 Trace complete.
Step 3 Verify the configuration. # Run the shutdown command on POS 2/0/0 on Router B to simulate a fault.
[RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] shutdown [RouterB-Pos2/0/0] quit
# Display the state of the active and standby interfaces again, and you can find that POS 1/0/0 becomes UP and POS 3/0/0 is still STANDBY.
[RouterB] display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 DOWN MDOWN MU Pos 1/0/0 UP UP BU 40 Pos 3/0/0 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL
After the Tracert test of Host B address on Host A, you can display the packets reaching the destination through POS 1/0/0 of the link layer on Router B.
C:\> tracert 10.20.1.1 Tracing route to 10.20.1.1 over a maximum of 30 hops 1 60 ms 60 ms 50 ms 10.10.1.2 2 50 ms 40 ms 70 ms 10.1.1.2 3 70 ms 70 ms 60 ms 10.20.1.1 Trace complete.
----End
Configuration Files
l
Configuration file of Router A

# sysname RouterA # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.2.1 255.255.255.0 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 10.1.3.1 255.255.255.0 # interface GigabitEthernet4/0/0 undo shutdown ip address 10.10.1.2 255.255.255.0 #
Issue 03 (2010-03-31)
2-13
ip route-static 10.20.1.0 255.255.255.0 Pos1/0/0 ip route-static 10.20.1.0 255.255.255.0 Pos2/0/0 ip route-static 10.20.1.0 255.255.255.0 Pos3/0/0 # return l
Configuration file of Router B

# sysname RouterB # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.0 standby interface Pos1/0/0 40 standby interface Pos3/0/0 20 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 10.1.3.2 255.255.255.0 # interface GigabitEthernet4/0/0 undo shutdown ip address 10.20.1.2 255.255.255.0 # ip route-static 10.10.1.0 255.255.255.0 Pos1/0/0 ip route-static 10.10.1.0 255.255.255.0 Pos2/0/0 ip route-static 10.10.1.0 255.255.255.0 Pos3/0/0 # return
2.5.2 Example for Configuring Load Balancing on Multiple Standby Interfaces

As shown in Figure 2-4, Router A is connected to Router B. The load balancing backup relationship exists among multiple interfaces on Router B. POS 2/0/0 serves as the active interface, and POS 1/0/0 and POS 3/0/0 serve as the load balancing interfaces of POS 2/0/0. The maximum transmission bandwidth of the active interface is configured to be 40 Mbit/s. When the traffic of the active interface reaches 50% of the threshold, the interface POS 1/0/0 is enabled for load balancing. Standby interfaces with low priority are disabled when the traffic of the active interface is less than 30% of the threshold.
The configuration roadmap is as follows: 1. 2. Configure POS 2/0/0 on Router B as the active interface. Configure POS 1/0/0 and POS 3/0/0 in the interface view of POS 2/0/0 as the standby interfaces. POS 1/0/0 has a higher priority.
2-14
3.
Configure the threshold of the load balancing percentage and the active interface bandwidth.
Data Preparation
To complete the configuration, you need the following data:
l l
The priority of the standby interface The threshold of the load balancing percentage and the active interface bandwidth
Procedure
Step 1 Configure the network layer attributes. # Configure IP addresses of all interfaces as shown in Figure 2-4. The configuration details are not mentioned here. # Configure a static route to Host B network segment on Router A.
<RouterA> [RouterA] [RouterA] [RouterA] system-view ip route-static 10.20.1.0 255.255.255.0 pos1/0/0 ip route-static 10.20.1.0 255.255.255.0 pos2/0/0 ip route-static 10.20.1.0 255.255.255.0 Pos3/0/0
# Configure a static route to Host A network segment on Router B.

<RouterB> [RouterB] [RouterB] [RouterB] system-view ip route-static 10.10.1.0 255.255.255.0 pos1/0/0 ip route-static 10.10.1.0 255.255.255.0 pos2/0/0 ip route-static 10.10.1.0 255.255.255.0 pos3/0/0
# Configure Host A and Host B to use Router A and Router B as their gateways respectively. The configuration details are omitted here. After the configuration, Host A and Host B can Ping through each other. Step 2 Configure the interface backup on Router B. # Configure POS 2/0/0 as the active interface and POS 1/0/0 and POS 3/0/0 as the standby interfaces with the priorities of 40 and 20 respectively.
[RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] standby interface pos1/0/0 40 [RouterB-Pos2/0/0] standby interface pos3/0/0 20
# Configure the percentage threshold of load balancing and the bandwidth of the active interface.
[RouterB-Pos2/0/0] standby bandwidth 40000 [RouterB-Pos2/0/0] standby threshold 50 30
Step 3 Verify the configuration. # Running the display standby state command on Router B, you can view information about the status of active and standby interfaces. As shown in the command output, POS 2/0/0 is in the Up state. POS 1/0/0 and POS 3/0/0 are in the Standby state. Also, you can run the display standby flow command to view traffic changes on POS 2/0/0.
<RouterB> display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 UP MUP MU Pos 1/0/0 STANDBY STANDBY BU 40
Issue 03 (2010-03-31)
2-15

Pos 3/0/0 STANDBY STANDBY BU Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL <RouterB> display standby flow Interfacename : Pos2/0/0 Flow-interval(s) : 30 LastInOctets : 2494 LastOutOctets : 86086500 InFlow(Octets) : 258 OutFlow(Octets) : 258 BandWidth(b/s) : 40000000 UsedBandWidth(b/s) : 64

20
# Router A sends great traffic to Host B, making the traffic on POS 2/0/0 exceeds 20 Mbit/s. After 30 seconds, you can view the state of the active and standby interfaces on Router B again and you can find that both POS 2/0/0 and POS 1/0/0 are Up.
<RouterB> display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 UP MUP MUD Pos 1/0/0 UP UP BU 40 Pos 3/0/0 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL <RouterB> display standby flow Interfacename : Pos2/0/0 Flow-interval(s) : 30 LastInOctets : 5298 LastOutOctets : 398807420 InFlow(Octets) : 1038 OutFlow(Octets) : 78717892 BandWidth(b/s) : 40000000 UsedBandWidth(b/s) : 20991432
----End
Configuration Files
l

# sysname RouterA # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.2.1 255.255.255.0 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 10.1.3.1 255.255.255.0 # interface GigabitEthernet4/0/0 undo shutdown ip address 10.10.1.2 255.255.255.0 # ip route-static 10.20.1.0 255.255.255.0 Pos1/0/0 ip route-static 10.20.1.0 255.255.255.0 Pos2/0/0 ip route-static 10.20.1.0 255.255.255.0 Pos3/0/0 #
2-16
Issue 03 (2010-03-31)

return l

# sysname RouterB # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.0 standby interface Pos1/0/0 40 standby interface Pos3/0/0 20 standby threshold 50 30 standby bandwidth 40000 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 10.1.3.2 255.255.255.0 # interface GigabitEthernet4/0/0 undo shutdown ip address 10.20.1.2 255.255.255.0 # ip route-static 10.10.1.0 255.255.255.0 Pos1/0/0 ip route-static 10.10.1.0 255.255.255.0 Pos2/0/0 ip route-static 10.10.1.0 255.255.255.0 Pos3/0/0 # return
Issue 03 (2010-03-31)
2-17
3 APS Configuration
3
About This Chapter
APS Configuration
This chapter describes the basic principle, configuration procedures, and configuration examples for Automatic Protection Switching (APS). 3.1 APS Overview This section describes the principle and concepts of APS. 3.2 Configuring Single-Chassis APS This section describes how to configure single-chassis APS. 3.3 Configuring E-APS This section describes how to configure Efficiency APS (E-APS). 3.4 Configuration Examples This section provides several configuration examples of APS.
Issue 03 (2010-03-31)
3-1
3 APS Configuration
3.1 APS Overview

This section describes the principle and concepts of APS. 3.1.1 Introduction to APS 3.1.2 APS Features Supported by the NE80E/40E
3.1.1 Introduction to APS

To protect STM-N links in the SDH hierarchy, the ITU-T defines APS for linear multiplex sections. APS implements the traffic switching and recovery in linear multiplex section protection mode. When a transmission link is faulty, traffic is quickly switched to a normal link to ensure a normal transmission. APS is implemented through the transmission of K1 and K2 bytes in the Multiplex Section Overhead (MSOH). K1 transmits Changeover Order (COO) signals; K2 transmits Changeover Acknowledgement (COA) signals. APS has two protection modes, namely, 1+1 and 1:N. When the N is 1, the protection mode is 1:1.
l
In 1+1 mode, a protection interface is paired with each working interface. Normally, the receiver only processes the traffic being received on the working link. When the working link is faulty, traffic is switched to the protect link on the receiver, which is called unidirectional switchover. In 1:1 mode, the working link transmits high-level traffic and the protect link transmits nothing to the receiver. When the working link is faulty, the sender switches the high-level traffic to the protect link and the receiver obtains the high-level traffic from the protect link. This is called bidirectional switchover.
3.1.2 APS Features Supported by the NE80E/40E

At present, the NE80E/40E supports the following APS features:
l l l l l l l l
1+1 unidirectional mode and 1:1 bidirectional mode. Manual switching of APS groups. Forcible switching of APS groups. Locking of APS groups. APS implemented on interfaces. APS implemented on the same SIC or inter-SIC APS. E-APS. Adding the working and protection interfaces of an APS group to a trunk and configuring services on the trunk.
3.2 Configuring Single-Chassis APS

This section describes how to configure single-chassis APS.
3 APS Configuration
3.2.1 Establishing the Configuration Task 3.2.2 Configuring the Working Interface of an APS Group 3.2.3 Configuring the Protection Interface of an APS Group 3.2.4 (Optional) Configuring the Working Mode for an APS Group 3.2.5 (Optional) Setting the WTR Time for an APS Group 3.2.6 Adding Members of an APS Group to a Trunk 3.2.7 Checking the Configuration

APS can be configured when the router is connected to the Radio Network Controller (RNC).
Pre-configuration Task
Before configuring APS, complete the following tasks:
l
Configure an interface on the router and ensure that the link layer protocol between the router and the RNC is Up.
Data Preparation
To configure APS, you need the following data. No. 1 2 3 Data ID of an APS group IDs of the working and protection interfaces in an APS group (Optional) WTR time set for an APS group
3.2.2 Configuring the Working Interface of an APS Group

Context
Do as follows on the router that requires APS:
Procedure
Step 1 Run:
system-view
The system view is displayed.

3 APS Configuration
Step 2 Run:
or
controller cpos cpos-number
The interface view is displayed.

NOTE
Only ATM interfaces and CPOS interfaces on LPUF-10 support APS .
Step 3 Run:
aps group group-id
An APS group is created and an interface is added to the APS group. Step 4 Run:
aps working [ peer-ip]
The interface added to the APS group is specified as the working interface.
NOTE
In the case of single-chassis APS, you needn't configure peer-ip when specifying the protection interface for an APS group.
----End
3.2.3 Configuring the Protection Interface of an APS Group

Context
Do as follows on the router that requires APS.
Procedure
Step 1 Run:
system-view

or

NOTE
Step 3 Run:
aps group group-id
An APS group is created and an interface is added to the APS group.

3 APS Configuration
CAUTION
The working and protection group must be added to the same APS group. Step 4 Run:
aps protect [ peer-ip]
The interface added to the APS group is specified as the protection interface.
NOTE
In the case of single-chassis APS, you needn't configure peer-ip when specifying the protection interface for an APS group.
----End
3.2.4 (Optional) Configuring the Working Mode for an APS Group

Context
Do as follows on the protection interface of an APS group.
Procedure
Step 1 Run:
system-view

or

aps mode { one2one bidirection | one-plus-one unidirection }
The working mode of an APS group is configured. ----End
3.2.5 (Optional) Setting the WTR Time for an APS Group

Context
Procedure
Step 1 Run:
system-view
Issue 03 (2010-03-31)
3-5
3 APS Configuration

or
The protection interface view of the APS group is entered. Step 3 Run:
aps revert wtr-time
The WTR time is set for the APS group. When setting the WTR time, note the following items:
l
In the case of APS 1:1 mode, after the fault is rectified and the WTR time (one minute) expires, traffic is switched back to the working link by default. In the case of the APS 1+1 mode, after the fault is rectified, traffic is not switched back to the working interface by default.
----End
3.2.6 Adding Members of an APS Group to a Trunk

Context
Do as follows separately on the working and s of an APS group.
Procedure
Step 1 Run:
system-view

interface atm-trunk interface-number
An ATM-Trunk interface is created and the view of the ATM-Trunk interface is displayed.
NOTE
APS can be configured on the ATM interfaces and CPOS interfaces. There are corresponding trunk interfaces which are ATM-Trunk and CPOS-Trunk. Take the configuration on the ATM-Trunk as an example.
Step 3 Run:
quit


3 APS Configuration
Step 5 Run:
atm-trunk trunk-id
The interface is added to a trunk.
CAUTION
The working and protection interfaces of an APS group must be added to the trunk with the same trunk ID. ----End

Procedure
Step 1 Run the display aps group group-id command to view the configuration information about an APS group. Step 2 Run the commands below ,you can view the configuration information about Trunk interfaces.
l
Run the display atm-trunk trunk-idcommand to view the configuration information about ATM-Trunk interfaces. Run the display cpos-trunk trunk-idcommand to view the configuration information about CPOS-Trunk interfaces.
----End
Example
<HUAWEI> display aps group 1 APS Group 1: Atm1/0/1 working channel 1(Active) Atm1/0/2 protection channel 0(Inactive) Unidirectional, 1+1 mode, Revert time(10 minutes) No Request on Both Working and Protection Side -----------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult -----------------------------------------------------------------------1 Atm1/0/1 Atm1/0/2 10 ok ok NA idle -----------------------------------------------------------------------total entry: 1 <HUAWEI> display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------PortName Status Active Status Atm1/0/1 Up Active Atm1/0/2 Up Inactive
3.3 Configuring E-APS

This section describes how to configure Efficiency APS (E-APS). 3.3.1 Establishing the Configuration Task
3 APS Configuration
3.3.2 Configuring the Working Interface of an APS Group 3.3.3 Configuring the Protection Interface of an APS Group 3.3.4 Configuring the Working Mode for an APS Group 3.3.5 (Optional) Setting the Interval for Sending APS Negotiation Messages and the Hold Time of an APS Connection 3.3.6 (Optional) Configuring the Authentication String for the PGP Message 3.3.7 (Optional) Setting the WTR Time for an APS Group 3.3.8 Adding Members of an APS Group to a Trunk 3.3.9 Checking the Configuration

When the router is connected to an RNC and the RNC is dual homed to the router, E-APS can be configured.
Pre-configuration Task
Before configuring E-APS, complete the following tasks:
l
Configure an interface on the router and ensure that the link layer protocol between the router and the RNC is Up.
Data Preparation
To configure E-APS, you need the following data. No. 1 2 3 4 5 6 Data ID of an APS group IDs of the working and protection interfaces in an APS group (Optional) WTR time set for an APS group (Optional) Authentication string configured for the PGP message (Optional) Interval for sending APS negotiation messages between the working interface and the protection interface (Optional) Hold time of an APS connection
3.3.2 Configuring the Working Interface of an APS Group

3 APS Configuration
Context
Do as follows on the router that requires APS:
Procedure
Step 1 Run:
system-view

or

NOTE
Step 3 Run:
aps group group-id
An APS group is created and an interface is added to the APS group. Step 4 Run:
aps working [ peer-ip]
The interface added to the APS group is specified as the working interface.
NOTE
In the case of E-APS, you must configure peer-ip when specifying the working interface for an APS group.
----End
3.3.3 Configuring the Protection Interface of an APS Group

Context
Do as follows on the router that requires APS.
Procedure
Step 1 Run:
system-view

or

3 APS Configuration
NOTE
Only ATM interfaces,POS and CPOS interfaces on LPUF-10 support APS .
Step 3 Run:
aps group group-id
An APS group is created and an interface is added to the APS group.
CAUTION
The working and protection group must be added to the same APS group. Step 4 Run:
aps protect [ peer-ip]
The interface added to the APS group is specified as the protection interface.
NOTE
In the case of E-APS, you must configure peer-ip when specifying the protection interface for an APS group.
----End
3.3.4 Configuring the Working Mode for an APS Group

Context
Procedure
Step 1 Run:
system-view

or
The protection interface view of the APS group is displayed. Step 3 Run:
aps mode { one2one bidirection | one-plus-one unidirection }
The working mode of an APS group is configured.

NOTE
To associate E-APS with PW redundancy, you must ensure that APS is working in 1:1 bidirection mode.
----End
3 APS Configuration
3.3.5 (Optional) Setting the Interval for Sending APS Negotiation Messages and the Hold Time of an APS Connection
Context
Do as follows separately on the working and protection interfaces of an APS group.
Procedure
Step 1 Run:
system-view

or
The working interface view or the protection interface view is displayed. Step 3 Run:
aps timers keep-alive-time hold-time
The interval for sending APS negotiation messages and the hold time of the APS connection between the working and protection interfaces are set. ----End
3.3.6 (Optional) Configuring the Authentication String for the PGP Message
Context
Procedure
Step 1 Run:
system-view

or
The working interface view or the protection interface view is displayed. Step 3 Run:
3 APS Configuration
aps authenticate string
The authentication string is configured for the PGP message.
CAUTION
Before configuring the authentication string for the PGP message on an interface, you must specify the interface as the working interface or the protection interface. A normal PGP negotiation can be established only when the authentication strings configured on the protect and working interfaces are identical. ----End
3.3.7 (Optional) Setting the WTR Time for an APS Group

Context
Procedure
Step 1 Run:
system-view

or
The protection interface view of the APS group is entered. Step 3 Run:
aps revert wtr-time
The WTR time is set for the APS group. When setting the WTR time, note the following items:
l
In the case of APS 1:1 mode, after the fault is rectified and the WTR time (one minute) expires, traffic is switched back to the working link by default. In the case of the APS 1+1 mode, after the fault is rectified, traffic is not switched back to the working interface by default.
----End
3.3.8 Adding Members of an APS Group to a Trunk

3 APS Configuration
Context
Procedure
Step 1 Run:
system-view

interface atm-trunk interface-number
An ATM-Trunk interface is created and the view of the ATM-Trunk interface is displayed.
NOTE
APS can be configured on the ATM interfaces and CPOS interfaces. There are three corresponding trunk interfaces which are ATM-Trunk and CPOS-Trunk. Take the configuration on the ATM-Trunk as an example.
Step 3 Run:
quit


atm-trunk trunk-id
The interface is added to a trunk. ----End

Procedure
Step 1 Run the display aps group group-id command, and you can view the configuration information about an APS group. Step 2 Run the commands below ,you can view the configuration information about Trunk interfaces.
l
Run the display atm-trunk trunk-idcommand to view the configuration information about ATM-Trunk interfaces. Run the display cpos-trunk trunk-idcommand to view the configuration information about CPOS-Trunk interfaces.
----End
Example
After E-APS is configured, run the display aps group group-id command on the router where the protection interface is located to view the configuration information about the APS group.
3 APS Configuration

<HUAWEI> display aps group 1 APS Group 1: APS working channel is 72.72.72.72 Atm1/0/1 protection channel 0(Inactive) PGP authentication string: 111 Bidirection, 1:1 mode, Revert time(1 minutes) KeepAlive Timer: 1(seconds), Hold Timer: 3(seconds) No Request on Both Working and Protection Side -------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd Switch-Result -------------------------------------------------------------------------------1 72.72.72.72 Atm1/0/1 1 ok ok NA idle -------------------------------------------------------------------------------<HUAWEI> display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1 -------------------------------------------------------------------------------PortName Status Active Status Atm1/0/1 Up Active

This section provides several configuration examples of APS. 3.4.1 Example for Associating PW Redundancy with APS 3.4.2 Example for Configuring TDM on the CPOS interfaces Configured with APS
3.4.1 Example for Associating PW Redundancy with APS

As shown in Figure 3-1, PE1 is dual-homed to PE2 and PE3 through two PWs. When a fault occurs on the network side, the switchover of LSP groups rather than PWs is performed. When a fault occurs on the AC side, the switchover between the working interface and the protection interface is performed on the AC side according to APS. This leads to the switchover of PWs and thus avoids the loss of the network data. Figure 3-1 Networking of the association between PW redundancy and APS
Loopback0 2.2.2.2 Loopback0 1..1.1.1

G 2 GE 1 /0 /
Loopback0 4.4.4.4 PE4

AT M1 /0/ 1
PE2
/0 / E2 1
GE3/0/2 GE3/0/2
GE1/0/2 GE1/0/2
AT M2 /0
PE1
ATM 1/0/0
GE 2 /0 / 2 GE 2/0 /
E-APS
GE1/0/2 GE1/0/2
2
/2 1 /0 TM A M AT
/1
2
CE2
/ 2/0
ATM 1/0/0
PE3
GE3/0/2 GE3/0/2
PE5
CE1
3-14
Loopback0 3.3.3.3
Loopback0 5.5.5.5
Issue 03 (2010-03-31)
3 APS Configuration
Table 3-1 Interfaces and IP address Devices PE1 Interface No. GE2/0/1 GE2/0/2 Loopback0 P1 GE2/0/1 GE3/0/2 Loopback0 P2 GE2/0/2 GE3/0/2 Loopback0 PE2 GE3/0/2 GE1/0/2 Loopback0 PE3 GE3/0/2 GE1/0/2 Loopback0 IP Address of the Interfaces 101.1.1.1/24 102.1.1.1/24 1.1.1.1/32 101.1.1.2/24 104.1.1.1/24 2.2.2.2/32 102.1.1.2/24 105.1.1.1/24 3.3.3.3/32 104.1.1.2/24 106.1.1.1/24 4.4.4.4/32 105.1.1.2/24 106.1.1.2/24 5.5.5.5/32
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the IP address and routing protocol to make PEs routable. Configure basic MPLS functions and set up the local LDP session between each PE and remote LDP session on PE1,PE2 and PE3. Configure E-APS between PE2 and PE3 and single APS on CE2. Configure the primary and backup PWs on PE1 to be dual homed to PE2 and PE3, and configure a PW on both PE2 and PE3.
Data Preparation
l l
IP address of each interface MPLS LSR ID of each PE

Issue 03 (2010-03-31)
3 APS Configuration
l
Parameters necessary for configuring E-APS, such as the WTR time and authentication string for the PGP message
Procedure
Step 1 Configure IP addresses and IGP to make PEs routable. 1. Configure IP addresses on the interfaces. Assign the IP address and mask to each interface according to Table 3-1. The configuration details are not mentioned here. 2. Configure IGP. In this example, OSPF is adopted. # Configure PE1.
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1] quit
network 101.1.1.1 0.0.0.255 network 102.1.1.1 0.0.0.255 network 1.1.1.1 0.0.0.0 quit
# Configure P1.
[P1] ospf [P1-ospf-1] area 0 [P1-ospf-1-area-0.0.0.0] [P1-ospf-1-area-0.0.0.0] [P1-ospf-1-area-0.0.0.0] [P1-ospf-1-area-0.0.0.0] [P1-ospf-1] quit
# Configure P2.
[P2] ospf [P2-ospf-1] area 0 [P2-ospf-1-area-0.0.0.0] [P2-ospf-1-area-0.0.0.0] [P2-ospf-1-area-0.0.0.0] [P2-ospf-1-area-0.0.0.0] [P2-ospf-1] quit
# Configure PE2
# Configure PE3
# Check whether OSPF is successfully configured. Take the command output on PE1 as an example. The value of the state field is Full, indicating that the OSPF neighbor relationship is already set up.

[PE1] display ospf peer OSPF Process 1 with Router ID 128.128.18.38 Neighbors
3 APS Configuration
Area 0.0.0.0 interface 101.1.1.1(GigabitEthernet2/0/1)'s neighbors Router ID: 128.128.16.31 Address: 101.1.1.2 State: Full Mode:Nbr is Slave Priority: 1 DR: 101.1.1.2 BDR: 101.1.1.1 MTU: 0 Dead timer due in 39 sec Retrans timer interval: 0 Neighbor is up for 00:04:30 Authentication Sequence: [ 0 ] Neighbors Area 0.0.0.0 interface 102.1.1.1(GigabitEthernet2/0/2)'s neighbors Router ID: 128.128.16.31 Address: 102.1.1.2 State: Full Mode:Nbr is Slave Priority: 1 DR: 102.1.1.2 BDR: 102.1.1.1 MTU: 0 Dead timer due in 40 sec Retrans timer interval: 5 Neighbor is up for 02:40:02 Authentication Sequence: [ 0 ]
Step 2 Configure MPLS functions. 1. Configure basic MPLS functions and MPLS LDP. # Configure PE1.
[PE1] interface loopBack 0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] mpls [PE1-GigabitEthernet2/0/1] mpls ldp [PE1-GigabitEthernet2/0/1] quit [PE1] interface gigabitethernet 2/0/2 [PE1-GigabitEthernet2/0/2] mpls [PE1-GigabitEthernet2/0/2] mpls ldp [PE1-GigabitEthernet2/0/2] quit
# Configure P1.
[P1] interface loopBack 0 [P1-LoopBack0] ip address 2.2.2.2 32 [P1-LoopBack0] quit [P1] mpls lsr-id 2.2.2.2 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface gigabitethernet 2/0/1 [P1-GigabitEthernet2/0/1] mpls [P1-GigabitEthernet2/0/1] mpls ldp [P1-GigabitEthernet2/0/1] quit [P1] interface gigabitethernet 3/0/2 [P1-GigabitEthernet3/0/2] mpls [P1-GigabitEthernet3/0/2] mpls ldp [P1-GigabitEthernet3/0/2] quit
# Configure P2.
[P2] interface loopBack 0 [P2-LoopBack0] ip address 3.3.3.3 32
Issue 03 (2010-03-31)
3-17
3 APS Configuration
[P2-LoopBack0] quit [P2] mpls lsr-id 3.3.3.3 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface gigabitethernet [P2-GigabitEthernet2/0/2] mpls [P2-GigabitEthernet2/0/2] mpls [P2-GigabitEthernet2/0/2] quit [P2] interface gigabitethernet [P2-GigabitEthernet3/0/2] mpls [P2-GigabitEthernet3/0/2] mpls [P2-GigabitEthernet3/0/2] quit
2/0/2 ldp 3/0/2 ldp
# Configure PE2
[PE2] interface loopBack 0 [PE2-LoopBack0] ip address 4.4.4.4 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 4.4.4.4 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet 3/0/2 [PE2-GigabitEthernet3/0/2] mpls [PE2-GigabitEthernet3/0/2] mpls ldp [PE2-GigabitEthernet3/0/2] quit
# Configure PE3
[PE3] interface loopBack 0 [PE3-LoopBack0] ip address 5.5.5.5 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 5.5.5.5 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface gigabitethernet 3/0/2 [PE3-GigabitEthernet3/0/2] mpls [PE3-GigabitEthernet3/0/2] mpls ldp [PE3-GigabitEthernet3/0/2] quit
# Check whether the MPLS LDP sessions are successfully set up. Take the command output on PE1 as an example. The value of the status field is Operational, indicating that the MPLS LDP session is successfully set up.
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 0000:00:28 113/113 3.3.3.3:0 Operational DU Passive 0000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
2.
Configure the remote LDP session between PE1 and PE2 , PE1 and PE3. # Configure PE1
[PE1] mpls ldp remote-peer 4.4.4.4 [PE1-mpls-ldp-remote-4.4.4.4] remote-ip 4.4.4.4
3-18
Issue 03 (2010-03-31)

[PE1-mpls-ldp-remote-4.4.4.4] quit [PE1] mpls ldp remote-peer 5.5.5.5 [PE1-mpls-ldp-remote-5.5.5.5] remote-ip 5.5.5.5 [PE1-mpls-ldp-remote-5.5.5.5] quit
3 APS Configuration
#Configure PE2
[PE2] mpls ldp remote-peer 1.1.1.1 [PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE2-mpls-ldp-remote-1.1.1.1] quit
#Configure PE3
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit
# Check whether the remote MPLS LDP sessions are successfully set up. Take the command output on PE1 as an example. The value of the status field is Operational, indicating that the remote MPLS LDP session is successfully set up.
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------4.4.4.4:0 Operational DU Passive 0000:00:01 8/8 5.5.5.5:0 Operational DU Passive 0000:00:03 6/6 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found.
Step 3 Configure E-APS 1. Configure APS on PE2, PE3, and CE2. # Configure PE2.
[PE2] interface atm 1/0/1 [PE2-Atm1/0/1] undo shutdown [PE2-Atm1/0/1] aps group 1 [PE2-Atm1/0/1] aps working 5.5.5.5 [PE2-Atm1/0/1] quit
# Configure PE3.
[PE3] interface atm 1/0/2 [PE3-Atm1/0/2] undo shutdown [PE3-Atm1/0/2] aps group 1 [PE3-Atm1/0/2] aps protect 4.4.4.4 [PE3-Atm1/0/2] aps mode one2one bidirection [PE3-Atm1/0/2] aps revert 1 [PE3-Atm1/0/2] aps timers 1 3 [PE3-Atm1/0/2] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] interface atm 2/0/1 [CE2-Atm2/0/1] aps group 1 [CE2-Atm2/0/1] aps working [CE2-Atm2/0/1] quit [CE2] interface atm 2/0/2 [CE2-Atm2/0/2] aps group 1 [CE2-Atm2/0/2] aps protect
Issue 03 (2010-03-31)
3-19
3 APS Configuration
[CE2-Atm2/0/2] aps mode one2one bidirection [CE2-Atm2/0/2] aps revert 1 [CE2-Atm2/0/2] quit
2.
Create an ATM-Trunk on PE2, PE3, and CE2 and add interfaces to the ATM-Trunk. # Configure PE2.
[PE2] interface atm-trunk 1 [PE2-Atm-Trunk1] quit [PE2] interface atm 1/0/1 [PE2-Atm1/0/1] atm-trunk 1
# Configure PE3.
[PE3] interface atm-trunk 1 [PE3-Atm-Trunk1] quit [PE3] interface atm 1/0/2 [PE3-Atm1/0/2] atm-trunk 1
# Configure CE2.
[CE2] interface atm-trunk 1 [CE2-Atm-Trunk1] quit [CE2] interface atm 2/0/1 [CE2-Atm2/0/1] atm-trunk 1 [CE2-Atm2/0/1] quit [CE2] interface atm 2/0/2 [CE2-Atm2/0/2] atm-trunk 1
3.
Verify the configuration. # Run the display aps group 1 command on PE2 and PE3 to view E-APS configurations.
[PE2] display aps group 1 APS Group 1: Atm1/1/1 working channel 1(Active) APS protection channel is 5.5.5.5 ------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult ------------------------------------------------------------------------------1 Atm1/0/1 5.5.5.5 NA ok ok NA idle ------------------------------------------------------------------------------[PE3] display aps group 1 APS Group 1: APS working channel is 4.4.4.4 Atm1/0/2 protection channel 0(Inactive) Bidirection, 1:1 mode, Revert time(1 minutes) KeepAlive Timer: 1(seconds), Hold Timer: 3(seconds) No Request on Both Working and Protection Side ------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult ------------------------------------------------------------------------------1 4.4.4.4 Atm1/0/2 1 ok ok NA idle ------------------------------------------------------------------------------[PE2] display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1 ------------------------------------------------------------------------------PortName Status Active Status Atm1/0/1 Up Active [PE3] display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1
3-20
Issue 03 (2010-03-31)
3 APS Configuration
------------------------------------------------------------------------------PortName Status Active Status Atm1/0/2 Up Inactive
Step 4 Configure PWs. # Configure PE1.

[PE1] mpls l2vpn [PE1-l2vpn] quit [PE1] interface atm 1/0/0 [PE1-Atm1/0/0] undo shutdown [PE1-Atm1/0/0] quit [PE1] interface atm 1/0/0.1 p2p
CAUTION
The type of the ATM subinterface which will be configured with PW Redundancy must be p2p.
[PE1-Atm1/0/0.1] atm cell transfer [PE1-Atm1/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm1/0/0.1-1/100] quit [PE1-Atm1/0/0.1] mpls l2vc 4.4.4.4 1 [PE1-Atm1/0/0.1] mpls l2vc 5.5.5.5 2 secondary [PE1-Atm1/0/0.1] mpls l2vpn reroute immediately-switch [PE1-Atm1/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm-trunk 1.1 p2p [PE2-Atm-Trunk1.1] pvc 1/100 [PE1-atm-pvc-Atm-trunk1.1-1/100] quit [PE2-Atm-Trunk1.1] mpls l2vc 1.1.1.1 1 [PE2-Atm-Trunk1.1] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] interface atm-trunk 1.1 p2p [PE3-Atm-Trunk1.1] pvc 1/100 [PE1-atm-pvc-Atm-trunk1.1-1/100] quit [PE3-Atm-Trunk1.1] mpls l2vc 1.1.1.1 2 [PE3-Atmh-Trunk1.1] quit
# Check whether the PWs are successfully set up.

[PE1] display mpls l2vc interface atm 1/0/0.1 *client interface : Atm1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 1 VC type : ATM 1to1 VCC destination : 4.4.4.4 local group ID : 0 remote group ID local VC label : 146434 remote VC label local AC OAM State : up local PSN State : up local forwarding state : forwarding local status code : 0x0 remote AC OAM state : up
: 0 : 146432
Issue 03 (2010-03-31)
3-21
3 APS Configuration
remote PSN state : remote forwarding state: remote statuscode : BFD for PW : manual fault : active state : forwarding entry : link state : local ATM cells : local VCCV : remote VCCV : local control word : tunnel policy name : traffic behavior name : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : VC last up time : VC total up time : CKey : NKey :

up forwarding 0x0 unavailable not set active exist up 0 remote ATM cells : 28 cw alert lsp-ping bfd cw alert lsp-ping bfd enable remote control word : enable ---primary 1 tunnels/tokens , TNL ID : 0x2000812a 0 days, 0 hours, 5 minutes, 29 seconds 0 days, 0 hours, 1 minutes, 11 seconds 0 days, 0 hours, 1 minutes, 11 seconds 2009/11/09 12:05:41 0 days, 0 hours, 1 minutes, 11 seconds 5 1
*client interface : Atm1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 2 VC type : ATM 1to1 VCC destination : 5.5.5.5 local group ID : 0 remote group ID : 0 local VC label : 146435 remote VC label : 146432 local AC OAM state : up local PSN state : up local forwarding state : forwarding local status code : 0x0 remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding remote status code : 0x20 BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : exist link state : down local ATM cells : 0 remote ATM cells : 28 local VCCV : cw alert lsp-ping bfd remote VCCV : cw alert lsp-ping bfd local control word : enable remote control word : enable tunnel policy name : -traffic behavior name : -PW template name : -primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x20008126 create time : 0 days, 0 hours, 5 minutes, 23 seconds up time : 0 days, 0 hours, 0 minutes, 35 seconds last change time : 0 days, 0 hours, 0 minutes, 35 seconds VC last up time : 2009/11/09 12:06:25 VC total up time : 0 days, 0 hours, 0 minutes, 35 seconds CKey : 6 NKey : 3 reroute policy reason of last reroute time of last reroute : immediately, resume 10 s : -: -- days, -- hours, -- minutes, -- seconds
3-22
Issue 03 (2010-03-31)

delay timer ID resume timer ID : -: -residual time :-residual time :--
3 APS Configuration
The command output shows that PE1 has the primary PW and backup PW, which are in the Active and Inactive states respectively. Step 5 Verify the configuration. 1. Simulate the fault at the dual-homing access side of CE2. # Shut down ATM 1/0/1, a member interface of the ATM-Trunk on PE2.
[PE2] interface atm 1/0/1 [PE2-Atm1/0/1] shutdown
Run the display aps group command on PE3, you can view the status of protection interface is active.
[PE3] display aps group 1 APS Group 1: APS working channel is 4.4.4.4 Atm1/0/2 protection channel 0(Active) Bidirection, 1:1 mode, Revert time(1 minutes) KeepAlive Timer: 1(seconds), Hold Timer: 3(seconds) Remote detect Signal Fail High priority on working side ------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult ------------------------------------------------------------------------------1 4.4.4.4 Atm1/0/2 1 sf ok NA switch ------------------------------------------------------------------------------total entry: 1 [PE3] display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1 ------------------------------------------------------------------------------PortName Status Active Status Atm1/0/2 Up Active
# Run the display mpls l2vpn forwarding-info command. You can view the following information: PE1 does not have the forwarding information about the primary PW and the backup PW on PE1 becomes Active; PE2 does not have forwarding information about the PW; the PW on PE3 is in the Active state and the Admin status becomes Up.
[PE1] display mpls l2vpn forwarding-info interface atm 2/0/0.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146432 LSP SEND ACTIVE UP UP TRUE 3 a 0x2000812 6 1 Record(s) Found. [PE2] display mpls l2vpn forwarding-info interface atm-trunk 1.1 he Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found.
Issue 03 (2010-03-31)
3-23
3 APS Configuration

[PE3] display mpls l2vpn forwarding-info interface atm-trunk 1.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146435 LSP SEND ACTIVE UP UP TRUE 3 a 0x4008001 1 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found.
# Rectify the fault.

[PE2] interface atm 1/0/1 [PE2-Atm1/0/1] undo shutdown
Run the display aps group command on PE2, you can view that the working interface becomes active.
[PE2] display aps group 1 APS Group 1: Atm1/0/1 working channel 1(Active) APS protection channel is 5.5.5.5 ------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult ------------------------------------------------------------------------------1 Atm1/0/1 5.5.5.5 NA ok ok NA idle ------------------------------------------------------------------------------[PE2] display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1 ------------------------------------------------------------------------------PortName Status Active Status Atm1/0/1 Up Active
Run the following commands, you can view the following information: the primary PW on PE1 becomes Active and the backup PW becomes Inactive; the Admin of the PW on PE2 becomes Up; the Admin of the PW on PE3 becomes Down.
[PE1] display mpls l2vpn forwarding-info interface atm 1/0/0.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146432 LSP SEND ACTIVE UP UP TRUE 3 a 0x2000812 a 1 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146432 LSP SEND INACTIVE UP DOWN TRUE 3 a 0x2000812 6 1 Record(s) Found. [PE2] display mpls l2vpn forwarding-info interface atm-trunk 1.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146434 LSP SEND ACTIVE UP UP TRUE 3 a 0x2000800
3-24
Issue 03 (2010-03-31)

1 1 Record(s) Found.
3 APS Configuration
The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found. [PE3] display mpls l2vpn forwarding-info interface atm-trunk 1.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146435 LSP SEND ACTIVE UP DOWN TRUE 3 a 0x4008001 1 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found.
----End
Configuration File
l
Configuration File on PE1

# sysname PE1 # mpls lsr-id 1.1.1.1 mpls # mpls l2vpn # mpls ldp # interface Atm1/0/0 undo shutdown # mpls ldp remote-peer 4.4.4.4 remote-ip 4.4.4.4 mpls ldp remote-peer 5.5.5.5 remote-ip 5.5.5.5 undo remote-ip pwe3 # # interface Atm1/0/0.1 atm cell transfer pvc 1/100 mpls l2vc 4.4.4.4 1 mpls l2vc 5.5.5.5 2 secondary mpls l2vpn reroute immediatelyswitch #
Issue 03 (2010-03-31)
3-25
3 APS Configuration
interface GigabitEthernet2/0/2 undo shutdown ip address 102.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/1 undo shutdown ip address 101.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 101.1.1.0 0.0.0.255 network 102.1.1.0 0.0.0.255 network 1.1.1.1 0.0.0.0 # return l
Configuration File on P1
# sysname P1 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet2/0/1 undo shutdown ip address 101.1.1.2 255.255.255.0 mpls mpls ldp
3-26
Issue 03 (2010-03-31)

# interface GigabitEthernet3/0/2 undo shutdown ip address 104.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 101.1.1.0 0.0.0.255 network 104.1.1.0 0.0.0.255 network 2.2.2.2 0.0.0.0 # return l
3 APS Configuration
Configuration File on P2
# sysname P2 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # interface GigabitEthernet2/0/2 undo shutdown ip address 102.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/2 undo shutdown ip address 105.1.1.2 255.255.255.0 mpls
Issue 03 (2010-03-31)
3-27
3 APS Configuration
mpls ldp # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 102.1.1.0 0.0.0.255 network 105.1.1.0 0 0 0 255 # return l

# sysname PE2 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 undo remote-ip pwe3 # interface AtmTrunk1 # interface Atm-Trunk1.1 p2p pvc 1/100 mpls l2vc 1.1.1.1 1 # interface GigabitEthernet1/0/2 undo shutdown ip address 106.1.1.1 255.255.255.0 # interface GigabitEthernet3/0/2 undo
3-28
Issue 03 (2010-03-31)

shutdown ip address 104.1.1.2 255.255.255.0 mpls mpls ldp # interface Atm1/0/1 undo shutdown aps group 1 aps working 5.5.5.5 # atm-trunk 1 # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 104.1.1.0 0.0.0.255 network 106.1.1.0 0.0.0.255 network 4.4.4.4 0.0.0.0 # return l
3 APS Configuration

# sysname PE3 # mpls lsr-id 5.5.5.5 mpls # mpls l2vpn # mpls ldp # mpls ldp remote-peer 1.1.1.1 remote-ip 1.1.1.1 undo remote-ip pwe3 # interface AtmTrunk1 #
Issue 03 (2010-03-31)
3-29
3 APS Configuration
interface Atm-Trunk1.1 p2p pvc 1/100 mpls l2vc 1.1.1.1 2 # interface GigabitEthernet1/0/2 undo shutdown ip address 106.1.1.2 255.255.255.0 # interface GigabitEthernet3/0/2 undo shutdown ip address 105.1.1.2 255.255.255.0 mpls mpls ldp # interface Atm1/0/2 undo shutdown aps group 1 aps protect 4.4.4.4 aps mode one2one bidirection aps revert 1 aps timers 1 3 # atm-trunk 1 # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 105.1.1.0 0.0.0.255 network 106.1.1.0 0.0.0.255 # return l
Configuration File on CE1

# sysname CE1 # interface Atm1/0/0 undo shutdown
3-30
Issue 03 (2010-03-31)

# interface Atm1/0/0.1 p2p # return l
3 APS Configuration
Configuration File on CE2

# sysname CE2 # interface AtmTrunk1 # interface Atm2/0/1 undo shutdown aps group 1 aps working # atm-trunk 1 # interface Atm2/0/2 undo shutdown aps group 1 aps protect aps mode one2one bidirection aps revert 1 # atm-trunk 1 # return
3.4.2 Example for Configuring TDM on the CPOS interfaces Configured with APS
Generally, on a 2G RAN, one to three E1 interfaces on a BTS are connected to a BSC. Some mobile operators do not own fixed network infrastructure, and have to rent E1 lines of fixedline network operators at a high price. By deploying TDMoPSN service, that is, TDM transparent transmission on a 2G RAN, these mobile operators can achieve transparent transmission of 2G services between the BTSs and BSCs in the same city over TDM links in a Metro Ethernet (ME) network, which is both simple and cost-saving. As shown in Figure 3-2, it is required that the BTS and PE1 should be connected through two E1 links The BSC and PE2 should be connected through the CPOS interface ,and the CPOS interfaces are configured with APS so as to increase reliability of data. On the channelized serial interface of E1 links, configure the encapsulation protocol as TDM. Then, a PW is set up between PE1 and PE2 to transparently transmit TDM cells.
Issue 03 (2010-03-31)
3-31
3 APS Configuration
Figure 3-2 Networking diagram of configuring TDMoPSN
E12/0/1 E12/0/2 2TDM E1 PE1 GE2/0/0 GE1/0/0 GE2/0/0 GE2/0/0 PE2 CPOS3/0/1 CPOS3/0/2 BSC
P PWE3 TDM Transparent Cell Transport
BTS
Router PE1 Interface GE2/0/0 Loopback0 P GE1/0/0 GE2/0/0 Loopback0 PE2 GE2/0/0 Loopback0 IP Address 10.1.1.1/24 192.2.2.2/32 10.1.1.2/24 10.2.1.1/24 192.4.4.4/32 10.2.1.2/24 192.3.3.3/32
The configuration roadmap is as follows: 1. 2. Run the IGP protocol on the backbone network so that devices can communicate with each other. Configure basic MPLS functions on the backbone network, and configure MPLS L2VPN functions on PE devices. Establish the remote MPLS LDP peer relationship between PEs at both ends of the PW. Configure parameters for the TDM interface. Configure the PW template. Establish MPLS L2VC connections on PEs. Configure APS on PE2
3. 4. 5. 6.
Data Preparation
l l l
L2VC IDs at both ends of the PW (must be the same) MPLS LSR IDs of the PEs and P router IP addresses of the remote peers of PEs
3-32
3 APS Configuration
Procedure
Step 1 Run the IGP protocol on the backbone network so that devices can communicate with each other. For detailed configurations, see the configuration file of this example. Step 2 Configure basic MPLS functions on the backbone network, and configure MPLS L2VPN functions on PE devices. Then, establish the remote MPLS LDP peer relationship between PEs at both ends of the PW. For detailed configurations, see the configuration file of this example. The remote MPLS LDP peer relationship is required only for the dynamic PW. Step 3 Configure APS. Configure PE2
CAUTION
The BSC device connected with PE2 must support APS.
[PE2] controller cpos 3/0/1 [PE2-Cpos3/0/1] aps group 1 [PE2-Cpos3/0/1] aps working [PE2-Cpos3/0/1] quit [PE2] controller cpos 3/0/2 [PE2-Cpos3/0/2] aps group 1 [PE2-Cpos3/0/2] aps protect [PE2-Cpos3/0/2] aps mode one-plus-one unidirection [PE2-Cpos3/0/2] quit [PE2] interface cpos-trunk 1 [PE2-cpos-trunk1] quit [PE2] controller cpos 3/0/1 [PE2-Cpos3/0/1] cpos-trunk 1 [PE2-Cpos3/0/1] quit [PE2] controller cpos 3/0/2 [PE2-Cpos3/0/2] cpos-trunk 1
Step 4 Configure parameters for the TDM interface. 1. Configure PE1. # Configure the channelized mode for CE1 2/0/1 and CE1 2/0/2 on PE1.
[PE1] controller e1 2/0/1 [PE1-E1 2/0/1] using ce1 [PE1-E1 2/0/1] channel-set 1 timeslot-list 1-15 ts0 [PE1-E1 2/0/1] quit [PE1] controller e1 2/0/2 [PE1-E1 2/0/2] using ce1 [PE1-E1 2/0/2] channel-set 1 timeslot-list 16-31 ts0 [PE1-E1 2/0/2] quit
2.
Configure PE2. # Set parameters for the CPOS-Trunk interface on PE2.

[PE2] interface cpos-trunk 1 [PE2-Cpos-trunk1] e1 1 channel-set 1 timeslot-list 1-15 ts0 [PE2-Cpos-trunk1] e1 2 channel-set 2 timeslot-list 16-31 ts0
Step 5 Configure the encapsulation protocol on the serial interface as TDM. 1. Configure PE1.
[PE1] interface serial2/0/1:1 [PE1-Serial2/0/1:0] link-protocol tdm
Issue 03 (2010-03-31)
3-33
3 APS Configuration
[PE1-Serial2/0/1:0] quit [PE1] interface serial2/0/2:1 [PE1-Serial2/0/2:1] link-protocol tdm [PE1-Serial2/0/2:1] quit
2.
Configure PE2.
[PE2] interface trunk-serial1/1:1 [PE2-Trunk-Serial1/1:1] link-protocol tdm [PE2-Serial1/1:1] quit [PE2] interface trunk-serial1/2:2 [PE2-Trunk-Serial1/2:2] link-protocol tdm [PE2-Trunk-Serial1/2:2] quit
Step 6 Configuring the PW. 1. Configure PE1.

[PE1] pw-template 1to3 [PE1-pw-template-1to3] peer-address 192.3.3.3 [PE1-pw-template-1to3] jitter-buffer depth 20 [PE1-pw-template-1to3] tdm-encapsulation-number 40 [PE1-pw-template-1to3] idle-code 33 [PE1-pw-template-1to3] quit [PE1] interface serial2/0/1:1 [PE1-Serial2/0/1:0] mpls l2vc pw-template 1to3 100 [PE1] interface serial2/0/2:1 [PE1-Serial2/0/2:1] mpls l2vc pw-template 1to3 200
2.
Configure PE2.
[PE2] pw-template 3to1 [PE2-pw-template-3to1] peer-address 192.2.2.2 [PE2-pw-template-3to1] jitter-buffer depth 20 [PE2-pw-template-3to1] tdm-encapsulation-number 40 [PE2-pw-template-3to1] idle-code 33 [PE2-pw-template-3to1] quit [PE2] interface trunk-serial1/1:1 [PE2-Trunk-Serial1/1:1] mpls l2vc pw-template 3to1 100 [PE2-Trunk-Serial1/1:1] undo shutdown [PE2-Trunk-Serial1/1:1] quit [PE2] interface trunk-serial1/2:2 [PE2-Trunk-Serial1/2:2] mpls l2vc pw-template 3to1 200 [PE2-Trunk-Serial1/2:2] undo shutdown [PE2-Trunk-Serial1/2:2] quit
Step 7 Verify the configuration. Simulate a fault on the side of PE2 connecting to the BSC # Run the shutdown command on CPOS3/0/1.
[PE2] controller cpos 3/0/1 [PE2-Cpos3/0/1] shutdown
Run the display aps group and display cpos-trunk commands ,you can view that the status of protection interface CPOS3/0/2 becomes active.
[PE2] display aps group 1 APS Group 1: Cpos 3/0/1 working channel 1(Inactive) Pos3/0/2 protection channel 0(Active) Unidirection, 1+1 mode, No Revert mode No Request on Both Working and Protection Side -----------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd Switch-Result -----------------------------------------------------------------------1 Cpos 3/0/1 Cpos 3/0/2 NA sf ok NA switch -----------------------------------------------------------------------total entry: 1
3-34
Issue 03 (2010-03-31)
3 APS Configuration
<PE2> display cpos-trunk 1 Interface Cpos-Trunk1's state information is:, Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------PortName Status Active Status Cpos3/0/1 Down Inactive Cpos3/0/2 Up Active
Run the display mpls l2vc command on PEs. You can view that the status of the PW is Up , and it has not been influenced by the fault of CPOS3/0/1. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface serial2/0/1:1 *client interface : Serial2/0/1:1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : CESoPSN basic mode destination : 192.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 146432 remote VC label : 145287 TDM encapsulation number : 40 jitter-buffer : 20 idle-code : 33 rtp-header : disable local AC OAM State : up local PSN State : up local forwarding state : forwarding local status code : 0x0 remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding remote statuscode : 0x0 BFD for PW : unavailable manual fault : not set active state : active forwarding entry : not exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : alert lsp-ping bfd remote VCCV : none local control word : disable remote control word : disable tunnel policy name : -traffic behavior name : -PW template name : -primary or secondary : primary VC tunnel/token info : 0 tunnels/tokens create time : 0 days, 4 hours, 48 minutes, up time : 0 days, 4 hours, 02 minutes, last change time : 0 days, 0 hours, 39 minutes, VC last up time : 2008/12/26 12:02:49 VC total up time : 0 days, 4 hours, 02 minutes, CKey : 11 NKey : 10
51 seconds 39 seconds 29 seconds 39 seconds
----End
Configuration Files
l
Configuration file of PE1:

# sysname PE1
Issue 03 (2010-03-31)
3-35
3 APS Configuration
# mpls lsr-id 192.2.2.2 mpls # mpls l2vpn # pw-template 1to3 peer-address 192.3.3.3 jitter-buffer depth 20 tdm-encapsulation-number 40 idle-code 33 # mpls ldp # mpls ldp remote-peer 192.3.3.3 remote-ip 192.3.3.3 # controller e1 2/0/1 using ce1 channel-set 1 timeslot-list 1-15 ts0 undo shutdown # controller e1 2/0/2 using ce1 channel-set 1 timeslot-list 16-31 ts0 undo shutdown # interface serial2/0/1:1 link-protocol tdm mpls l2vc pw-template 1to3 100 undo shutdown # interface serial2/0/2:1 link-protocol tdm mpls l2vc pw-template 1to3 200 undo shutdown # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 192.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.2.2.2 0.0.0.0 network 10.1.1.0 0.0.0.255 # return l
Configuration file of PE2:

# sysname PE2 # mpls lsr-id 192.3.3.3 mpls # mpls l2vpn # pw-template 3to1 peer-address 192.2.2.2 jitter-buffer depth 20 tdm-encapsulation-number 40 idle-code 33 # mpls ldp #
3-36
Issue 03 (2010-03-31)

mpls ldp remote-peer 192.2.2.2 remote-ip 192.2.2.2 # cpos-trunk 1 e1 1 channel-set 1 timeslot-list 1-15 ts0 code ami e1 2 channel-set 2 timeslot-list 16-31 ts0 # interface serial1/1:1 link-protocol tdm mpls l2vc pw-template 3to1 100 undo shutdown # interface serial1/2:2 link-protocol tdm mpls l2vc pw-template 3to1 200 undo shutdown # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.2.2 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 192.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.3.3.3 0.0.0.0 network 10.2.2.0 0.0.0.255 # return l
3 APS Configuration
Configuration file of P:
# sysname P # mpls lsr-id 192.4.4.4 mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 192.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.4.4.4 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return
Issue 03 (2010-03-31)
3-37
4 VRRP Configuration
4
About This Chapter
VRRP Configuration
This chapter describes the fundamentals of VRRP, the configurations of basic and advanced functions of VRRP, and VRRP maintenance and troubleshooting. 4.1 VRRP Introduction This section describes the fundamentals and concepts of VRRP. 4.2 Configuring the VRRP Backup Group This section describes basic configurations such as how to create a backup group and how to configure a virtual IP address and priorities of interfaces in the backup group. 4.3 Configuring VRRP to Track the Status of an Interface This section describes how to configure VRRP to track the interface status to improve the system reliability. 4.4 Configuring VRRP Fast Switchover (Common Mode) This section describes how to configure VRRP to track BFD sessions to implement fast switchover. 4.5 Configuring VRRP Fast Switchover (Using BFD Sampling) 4.6 Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured 4.7 Configuring VRRP Applications in VLANIF This section describes how to configure VRRP on the VLANIF interface. 4.8 Configuring VRRP Security This section describes how to implement the VRRP authentication. 4.9 Configuring VRRP Smooth Switching This section describes the application and configuration of VRRP smooth switching 4.10 Adjusting and Optimizing VRRP This section describes how to adjust the related parameters of VRRP packets to optimize VRRP. 4.11 Configuring mVRRP Backup Groups This section describes how to create a VRRP backup group and configure VRRP members and member interfaces bind to mVRRP.
4.12 Maintaining VRRP 4.13 Configuration Examples This section describes how to debug VRRP.
4-2
Issue 03 (2010-03-31)
4.1 VRRP Introduction

This section describes the fundamentals and concepts of VRRP. 4.1.1 VRRP Overview 4.1.2 VRRP Features Supported by the NE80E/40E
4.1.1 VRRP Overview

In general, all hosts in an internal network are configured with the same default route. Internal hosts send all the packets whose destination addresses are not on the local network segment to the default egress gateway, such as Router A in Figure 4-1. Thus, the internal hosts and external networks can communicate with each other. When the egress gateway is Down, however, all the hosts using this gateway fail to communicate with external networks. Figure 4-1 LAN default gateway
Gateway:10.0.0.1 IP Address:10.0.0.2/24 Gateway:10.0.0.1 IP Address:10.0.0.3/24 Gateway:10.0.0.1 IP Address:10.0.0.4/24 10.0.0.1/24 Network
RouterA Ethernet
The common method to improve the system reliability is to deploy multiple egress gateways. In addition, the problem of selecting routes among these gateways should be solved. The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol defined in RFC 3768. VRRP solves the problem of route selection among egress gateways by separating the physical devices from logical devices. On a LAN with multicast and broadcast capabilities (like the Ethernet), VRRP uses logical gateways to ensure high availability of transmission links. This prevents service interruptions that are resulted from a gateway device failure, without changing the configuration of routing protocols.
4.1.2 VRRP Features Supported by the NE80E/40E

Master/Backup Mode
In VRRP, it is the basic mode for the backup of IP addresses. In the master/backup mode, a VRRP backup group consists of a master router and multiple backup routers. Different routers have different priorities in this backup group. The router with the highest priority serves as the master router.
l l
The master router undertakes all the services in normal condition. The backup routers undertakes the services only when the master router fails.
Load Balancing Mode

In the load balancing mode, two or more backup groups are created. Multiple backup groups undertake services at the same time. In the load balancing mode, the VRRP backup groups have the following features:
l
In the NE80E/40E, a router can join several VRRP backup groups and has different priorities in different backup groups. Multiple virtual routers carry out load balancing. Each backup group consists of a master router and several backup routers. The master router of each backup group can be different.
l l
Tracking the Interface Status

In the NE80E/40E, the interfaces can be tracked. When the interface status changes, the priority of the router is automatically adjusted. The priorities of routers in the backup group change and a new master router is elected.
VRRP Fast Switchover

l
In the NE80E/40E, Bidirectional Forwarding Detection (BFD) is implemented to rapidly detect and track the connectivity of network links or IP routes. VRRP implements fast master/backup switchover by tracking the BFD session status. A maximum of eight BFD sessions can be configured and the master/backup switchover is performed at millisecond level. The VRRP master/backup switchover is accelerated because of tracking BFD sessions. The VRRP tracks the following types of BFD sessions:

Normal BFD session Peer BFD session Link BFD session Similarity:

The comparison of three types of BFD sessions tracked by VRRP are as follows:
These three types of BFD sessions can detect faults on a link or a device. The VRRP backup group can perform the switchover at millisecond level by tracking BFD sessions. When VRRP tracks normal BFD sessions, the status of a VRRP backup group varies according to its priority change. This function is similar to that of tracking interface status, but it is faster. When the status of the tracked BFD session becomes Up, the priority of the router in the backup group restores the original value. When the BFD session is configured on a backup router, the BFD session should be on the same interface with the VRRP backup group. When VRRP tracks peer BFD sessions and link BFD sessions, the status of the backup group is changed and its priority is unchanged.
Differences:
4-4
The peer BFD session can detect faults of local and remote NPEs and the links. It cannot distinguish whether the failure occurs locally or remotely. The link BFD session can only detect the faults of local links or NPEs.
On a Metro Ethernet (ME) network, Bidirectional Forwarding Detection (BFD) is usually used to detect and protect the link between the master and backup Network Provider Edges (NPEs), and the links between the Underlayer Provider Edge (UPE) and both NPEs. If BFD cannot be configured on the UPE, the links between the UPE and NPEs becomes vulnerable and you need a new link protection mechanism. Ethernet in the First Mile (EFM), a slow link detection protocol that requires fewer resources, can just be your choice, provided that EFM is configured on the UPE.
VRRP Fast Switchover Using BFD Sampling

Generally, the VRRP backup group implements master/backup fast switchover by tracking the BFD session status. However, this method is not applicable in some special network environments or when the device does not support the BFD function. In this case, you can use the BFD sampling mode to implement master/backup fast switchover.
NOTE
In BFD sampling mode, the NPE establishes multiple link BFD sessions directly with each CE without establishing the link BFD session with the PE.
Ignorance of Interface Down of the mVRRP Backup Group

VRRP defines three status types: Initialize, Master, and Backup. On being notified that the interface where the VRRP backup group is configured is shut down, the VRRP backup group switches its status to Initialize. The mVRRP backup group is configured on two directly connected devices and Heartbeat messages of the mVRRP backup group are transmitted over the direct link between the two devices. When one device fails, the interface of its peer device goes Down and the status of the mVRRP backup group on the interface becomes Initialize. As a result, the peer device also fails. To prevent this, you can use the function of ignorance of the down of an interface where the mVRRP backup group is configured to implement VRRP fast switchover, thus switching the status of the mVRRP backup group to Master rather than Initialize.
Enable/Disable the Ping Function to the Virtual IP Address

To ping through virtual IP addresses that are used in the VRRP backup group, you can monitor the operating status of the virtual routers but the VRRP backup group may suffer the ICMP attack. In the NE80E/40E, you can run a command to enable the function to ping the virtual IP address.
VRRP Security Functions

For different security levels of networks, you can set different authentication modes and authentication keys in the header of VRRP packets. In a secure network, you can adopt the default configuration. That is, the router does not authenticate the VRRP packets to be sent and received. The router considers all the received packets as real and valid VRRP packets. In this case, no authentication key is required. VRRP provides simple text authentication and MD5 authentication for networks that are vulnerable to attacks. In simple text authentication mode, a string of 1 to 8 characters can be
configured as the authentication key. In MD5 authentication mode, a string of 1 to 8 characters in plain text or a string of 24 characters in encrypted text can be configured as the authentication key.
VRRP Smooth Switching

On a network where VRRP backup groups are configured, the backup router switches to be the master router because the original master router and backup router cannot communicate when the original master router performs the AMB/SMB switchover. After the AMB/SMB switchover, the original master router preempts to be the master router again because its priority is higher than the priority of the original backup router. During the AMB/SMB switchover, the system is busy with packet processing. Thus, the gratuitous ARP packets sent by the master router are blocked or processed abnormally, and the master router must keep sending gratuitous ARP packets to refresh the MAC entries on the downstream switch. As a result, user packets are lost during this period. After VRRP smooth switching is configured, before the AMB/SMB switchover, the master router sets the interval for sending VRRP broadcast packets to a large value and notifies the value to the backup router through a VRRP packet. After receiving the VRRP packet, the backup router learns the interval carried in the packet. This ensures the stability of VRRP backup groups during or after the AMB/SMB switchover. Packet loss is thus prevented. After VRRP smooth switching is enabled, the learning function takes precedence over the preemption function. That is, if the interval carried in the received packet is inconsistent with the current interval and the priority carried in the received packet is lower than the current priority, VRRP performs the learning and timer resetting functions first, and then the preemption function. VRRP smooth switching also depends on the system. If the system is quite busy since the AMB/ SMB switchover and cannot schedule the operation on the VRRP module, VRRP smooth switching cannot take effect.
mVRRP
Many VRRP backup groups run between routers for different services. If each VRRP backup group needs to maintain its own state machine, a large number of VRRP packets are generated between routers. To simplify the process and reduce the bandwidth occupied by protocol packets, you can configure a VRRP backup group to be an mVRRP backup group and bind it to other backup group members. Then, the status of the backup group member is determined by the status of the bound mVRRP backup group.
NOTE
For the detailed configuration of the mVRRP, refer to Chapter 9 "VPLS Convergence Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
4.2 Configuring the VRRP Backup Group

This section describes basic configurations such as how to create a backup group and how to configure a virtual IP address and priorities of interfaces in the backup group. 4.2.1 Establishing the Configuration Task 4.2.2 Creating a Backup Group and Configuring a Virtual IP Address
4.2.3 Configuring the Priority of an Interface in a Backup Group 4.2.4 Checking the Configuration

The VRRP backup group works in master/backup mode or load balancing mode.
l
The master/backup switchover is a basic function provided by VRRP. The master/backup mode is as follows:

Only one backup group exist. The router with the highest priority in the backup group serves as the master router and undertakes the services. Except for the master router, other routers in the backup group serve as the backup routers and work in the Backup state. If the master router fails, backup routers select a new master router based on their priorities to provide routing service.
In the load balancing mode, multiple backup groups are created to share the traffic of a network. One router can join different backup groups. The load balancing mode is as follows:
Router A serves as the master device in backup group 1 and the backup device in backup group 2. Router B serves as the master device in backup group 2 and the backup device in backup group 1. Some hosts on the network use backup group 1 as their gateways and others use backup group 2 as their gateways.
In this case, they can back up each other and share the traffic.
NOTE
The GigabitEthernet,Ethernet, virtual Ethernet (VE),Eth-Trunk, VLANIF and the GE sub-interface support VRRP.
Before configuring the VRRP backup group, complete the following tasks:
l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring network layer attributes for the interface to connect the network
Data Preparation
To configure the VRRP backup group, you need the following data. No. 1
Issue 03 (2010-03-31)
Data Backup group ID

No. 2 3
Data Virtual IP address of the backup group Priorities of routers in the VRRP backup group
4.2.2 Creating a Backup Group and Configuring a Virtual IP Address

Context
Do as follows on each router of a backup group:
Procedure
l For VRRP for IPv4, run the following commands: 1. Run:
system-view
The system view is displayed. 2. Run:

The interface view is displayed. 3. Run:

vrrp vrid virtual-router-id virtual-ip virtual-address
A backup group is created and its virtual IP address is specified.

NOTE
l l l
Virtual IP addresses of backup groups must be different. Both ends of the same backup group must be configured with the same virtual router IDs. Virtual router IDs on different interfaces can be the same.
When you assign the first virtual IP address to a VRRP backup group, the system creates this backup group. Then, when you assign another virtual IP address to the backup group, the system adds this address into the virtual IP address list of this backup group. For users who require equivalent VRRP reliability, a backup group can be configured with multiple virtual IP addresses. Different addresses serve different user groups. This is easy to manage and can prevent users' default gateway addresses from varying with the VRRP configuration. A maximum number of 16 virtual IP addresses can be configured for a backup group. For a VRRP backup working in load balancing mode, you need to repeat the procedure to configure multiple backup groups on an interface. At least two backup groups are required on an interface. Backup groups are identified by VRIDs and their virtual IP addresses cannot be identical.

NOTE
On the NE80E/40E, a maximum number of 255 backup groups can be configured on each interface.
CAUTION
To configure VRRP and static ARP simultaneously on a device, note that when VRRP is enabled on an interface such as a sub-interface for Dot1q VLAN tag termination, a sub-interface for QinQ VLAN tag termination, or a VLANIF interface, you cannot use the IP addresses mapping to static ARP entries related to these interfaces as the VRRP virtual addresses. Otherwise, incorrect host routes are generated and abnormal forwarding of the device may take place. ----End
4.2.3 Configuring the Priority of an Interface in a Backup Group

Context
In the master/backup mode, only one backup group is required. Devices have different priorities in this backup group. When the router with the highest priority serves as the master router and other routers are backup routers. In the load balancing mode, two backup groups or more are required. Each router has different priorities in different backup groups. VRRP identifies the role of a router in a backup group according to the priority. You can repeat configuring the priority of a router to ensure that the masters of VRRP backup groups are distributed on different routers. Do as follows on the interface of each router in the backup group:
Procedure
system-view


vrrp vrid virtual-router-id priority priority-value
The priority of the router in the backup group is configured. By default, the priority is 100. Priority 0 is reserved for special purpose. Priority 255 is reserved for the IP address owner and this priority cannot be configured. A priority ranges from 1 to 254. ----End

Prerequisite
The configurations of the VRRP Backup Group function are complete.
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] [ brief ] command to Check the status of VRRP.
----End
Example
In the master/backup mode, after the configuration, you can run the display vrrp command to view the status of a VRRP backup group.
<HUAWEI> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
In the load balancing mode, after the configuration, you can run the display vrrp command to view the status of a router in different backup groups.
<HUAWEI> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 GigabitEthernet2/0/0 | Virtual Router 2 state : Backup Virtual IP : 10.1.1.112 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES
4-10
Issue 03 (2010-03-31)

Config type : normal-vrrp Config track link-bfd down-number : 0
4.3 Configuring VRRP to Track the Status of an Interface

This section describes how to configure VRRP to track the interface status to improve the system reliability. 4.3.1 Establishing the Configuration Task 4.3.2 Configuring VRRP to Track the Status of an Interface 4.3.3 Checking the Configuration

VRRP can monitor the status of the interface. That is, the backup is performed when the backup group is faulty, and the backup also can be performed when one interface of the router is faulty. The methods of tracking the status of the interface are as follows:
l
When the tracked interface is Down, the priority of the router in the backup group reduces by a certain value automatically to be lower than that of other routers in the group. The router with the highest priority becomes the master router and thus the master/backup switchover of the VRRP backup group is complete.
Before configuring VRRP to track the status of an interface, complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring network layer attributes for interfaces to connect the network Configuring a VRRP backup group
Data Preparation
To configure VRRP to track the status of an interface, you need the following data. No. 1 2 Data Backup group ID Interfaces to be tracked and the values by which the priority increases or decreases
Issue 03 (2010-03-31)
4-11
4.3.2 Configuring VRRP to Track the Status of an Interface

Context
The backup is performed when other interfaces on a router are unavailable. This feature is required in NAT applications. Do as follows on the router of the tracked interface:
Procedure
system-view


vrrp vrid virtual-router-id track interface interface-type interfacenumber [ increased value-increased | reduced value-reduced ]
A interface to be tracked is specified.
By default, when the tracked interface is Down, the priorities of routers in the tracking backup group decrease by 10. increased value-increased: specifies the value by which the priority increases when the tracked interface goes Down. The value ranges from 1 to 255. The highest priority is 254. The value takes effect on backup routers in a VRRP backup group. reduced value-reduced: specifies the value by which the priority decreases when the tracked interface goes Down. The value ranges from 1 to 255. The lowest priority is 1. When a VRRP backup group monitors both BFD sessions and interfaces, the maximum number of eight BFD sessions and interfaces can be created. If increased value-increased is specified, the value of the increased VRRP backup group priority can exceed the priority of the master VRRP backup group only when all the tracked BFD sessions or interfaces go Down. Otherwise, if the VRRP backup group takes precedence of the peer because its priority increases when one or part of tracked BFD sessions or interfaces go Down, the additional increasing of the priority is of no significance when other BFD sessions or interfaces are Down. To configure a VRRP6 backup group with the function of tracking the interface status, ensure that an IPv4 address is assigned to the interface to be tracked. For example, GE 1/0/0 to be tracked is assigned an IPv6 address rather than an IPv4 address. When a VRRP backup group tracks the interface, if IPv6 status on the interface becomes Down, the routers in the VRRP backup group may fail to reduce or increase priorities to re-elect a new master router.
4-12
Issue 03 (2010-03-31)

NOTE
One router can track up to eight interfaces. When the router is the IP address owner, the router cannot be configured to track the interface status. At present, the status of the loopback interface, NULL interface, CPOS interface, and AUX interface cannot be tracked.
----End

Prerequisite
The configurations of the VRRP to Track the Status of an Interface function are complete.
Procedure
----End
Example
Run the display vrrp command, and you can view the Track IF field and the IF State field. The Track IF field indicates the type and number of the tracked interface, and the IF State field indicates the interface status, that is, Up or Down.
<HUAWEI> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 Track IF : GigabitEthernet2/0/1 IF State : UP
priority reduced
: 10
4.4 Configuring VRRP Fast Switchover (Common Mode)

This section describes how to configure VRRP to track BFD sessions to implement fast switchover. 4.4.1 Establishing the Configuration Task 4.4.2 Tracking the BFD Session Status 4.4.3 Tracking EFM Session Status 4.4.4 Checking the Configuration

You can apply VRRP to track BFD sessions or EFM. The changes of BFD sessions or EFM sessions are notified to the VRRP module to perform fast VRRP switchover. A VRRP backup group can track the peer BFD session, link BFD session, and normal BFD session at the same time. Moreover, the VRRP backup group can track the interface status. Generally, a VRRP backup group can only track the status of a peer BFD session or a link BFD session, whereas the VRRP backup group can track the statuses of multiple normal BFD sessions or interfaces. The VRRP backup group tracks several BFD sessions. The changes of the status of BFD sessions do not affect each other. When the VRRP backup group tracks normal BFD sessions and the BFD session status changes, the master/backup switchover is performed through the modification of the priority of the VRRP backup group. When the tracked normal BFD sessions are restored, the priorities of routers in the VRRP backup group are restored to their original values. When the VRRP backup group tracks a peer BFD session and a link BFD session and the status of the BFD sessions changes, the status of the backup group is changed directly without the change of the backup group priority.
NOTE
l l
For the detailed information of EFM , refer to "Ethernet OAM Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability. For the detailed configuration of the VRRP backup group tracking peer BFD sessions , link BFD sessions and EFM sessions, refer to Chapter 9 "VPLS Convergence Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
Before configuring VRRP fast switchover, complete the following tasks:
l l l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring network layer attributes for interfaces to connect the network Configuring basic EFM OAM functions Configuring the VRRP backup group Configuring BFD sessions including normal BFD sessions, link BFD sessions, and peer BFD sessions
Data Preparation
To configure VRRP fast switchover, you need the following data. No. 1 Data Backup group ID
4-14
Issue 03 (2010-03-31)
4.4.2 Tracking the BFD Session Status

Context
Do as follows on a router that needs the fast VRRP switchover:
NOTE
l l
When configuring fast VRRP switchover, if VRRP monitors the peer BFD session, you must configure peer BFD sessions on both the master router and the backup router. Otherwise, VRRP flapping occurs. When a VRRP backup group is bound to the mVRRP backup group, the VRRP backup group cannot track any BFD session to perform the fast switchover, and the status of the VRRP backup group should be consistent with the status of the mVRRP backup group.
Procedure
Step 1 Run:
system-view

interface interface-type interface-number [.subinterface-number ]
The view of the interface configured with VRRP backup group is displayed. Step 3 Run:
l vrrp vrid virtual-router-id track bfd-session { session-name bfd-session-id | bfd-configure-name } [ increased value-increased | reduced value-reduced ]
The normal BFD session is tracked. increased value-increased: specifies the value by which the priority increases when the tracked BFD session goes Down. The value ranges from 1 to 255. The maximum value of the priority is 254. The value takes effect only when the status of the VRRP backup group is Backup. reduced value-reduced: specifies the value by which the priority decreases when the tracked BFD session goes Down. The value ranges from 1 to 255. The lowest priority is 1. By default, when the tracked BFD sessions go Down, the value of the priority decreases by 10. When configuring the value by which the priority increases or decreases, especially the default value, ensure that the priority of a backup router in a backup group is higher than that of a master router whose priority is changed. In this manner, the VRRP status can be switched fast. When a VRRP backup group monitors both BFD sessions and interfaces, the maximum number of BFD sessions and interfaces is 8. If increased value-increased is specified, the value of the increased VRRP backup group priority can exceed the priority of the master VRRP backup group only when all the tracked BFD sessions or interfaces go Down. Otherwise, if the VRRP backup group takes precedence of the peer because its priority is increased when one or part of tracked BFD sessions or interfaces go Down, the additional increasing of the priority is of no significance when other BFD sessions or interfaces go Down. Or, run:
l vrrp vrid virtual-router-id track bfd-session { bfd-session-id | session-name bfd-configure-name } [ peer | link ]
The status of a link or peer BFD session is tracked.

If the type of the link BFD is of any of following, you must run the process-pst command to allow the BFD session to modify the port status table (PST). Otherwise, the link BFD session status monitored by mVRRP is not the same as the actual session status.

BFD for static LSP BFD for LDP LSP BFD for CR-LSP BFD for TE
----End
4.4.3 Tracking EFM Session Status

Context
Do as follows on each router of the VRRP backup group:
Procedure
Step 1 Run:
system-view


vrrp vrid virtual-router-id track efm interface interface-type interface-number
The VRRP backup group is configured to track EFM. ----End

Prerequisite
The configurations of the VRRP Fast Switchover function are complete.
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to Check the status of VRRP. ----End
Example
run the display vrrp command, and you can view that the BFD session that is tracked by VRRP is Up. The command output is as follows:
<HUAWEI> display vrrp
4-16
Issue 03 (2010-03-31)

GigabitEthernet1/0/0.3 | Virtual Router 1 state : Backup Virtual IP : 192.168.1.100 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 Track BFD : 1 Priority increased : 20 BFD-Session State : Up GigabitEthernet1/0/0.2 | Virtual Router 2 state : Backup Virtual IP : 192.168.2.254 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : yes Delay time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 0 Track EFM : GigabitEthernet2/0/0 EFM state : up Track BFD : 2 type : peer bfd-session state : up GigabitEthernet1/0/0.1 | Virtual Router 1 state : Master Virtual IP : 192.168.1.254 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : yes Delay time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 0 Track BFD : 4 type : link bfd-session state : up Track BFD : 1 type : peer bfd-session state : up
4.5 Configuring VRRP Fast Switchover (Using BFD Sampling)

4.5.1 Establishing the Configuration Task 4.5.2 Binding the Service VRRP Backup Group to the mVRRP Backup Group 4.5.3 Configuring the mVRRP Backup Group to Track the BFD Session Status 4.5.4 Setting the Threshold for VRRP Fast Switchover 4.5.5 Enabling the Association Between the mVRRP Backup Group Status and the Route 4.5.6 Checking the Configuration

Generally, the VRRP backup group implements master/backup switchover by tracking the BFD session status. However, this method does not work in some special network environments or when the device does not support the BFD function. As shown in Figure 4-2, the CE connects to the sub-interface for QinQ VLAN tag termination of the NPE across the VPLS convergence network. On the NPE, the mVRRP backup group and the service VRRP backup group are configured and the mVRRP backup group implements VRRP fast switchover by tracking the BFD session. Between NPE1 and NPE2, the peer BFD session is established. In this networking, however, VRRP fast switchover does not work because of the following causes:
l
The VPLS convergence network belongs to another operator, so the link BFD session cannot be established between NPE1 and PE1 or between NPE2 and PE2. PE1 or PE2 does not support the BFD function.
In this case, you can use the BFD sampling mode to implement VRRP fast switchover. In BFD sampling mode, the NPE establishes multiple link BFD sessions directly with each CE rather than with the PE.
NOTE
Suppose that the CE supports the BFD function.
Thus, the mVRRP backup group can implement master/backup switchover by tracking multiple link BFD sessions between the NPE and the CE, although it cannot track the BFD session between the NPE and the PE.
4-18
Issue 03 (2010-03-31)
Figure 4-2 Typical networking of VRRP fast switchover (using BFD sampling)
Access
IP:10.100.1.1/24 GW:10.100.1.200 Inner VLAN: 110 Outer VLAN: 10
VPLS convergence network
Core
CE1
NPE1 CE2
Link BFD
PE1 PE2
Peer BFD
MPLS/IP Core
CE3
NPE2
CE4
Before configuring VRRP fast switchover using BFD sampling, complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link attributes for interfaces Configuring network layer attributes for interfaces to ensure network connectivity Configuring VRRP backup groups, including service VRRP backup groups and mVRRP backup groups Configuring BFD sessions, including link BFD sessions and peer BFD sessions (It is required to configure BFD sessions between the PE and each CE.)
Data Preparation
To configure VRRP fast switchover using BFD sampling, you need the following data.
No. 1 2 3
Data Virtual Router IDs (VRIDs) and virtual IP addresses Priorities of VRRP backup groups Local and remote discriminators of BFD sessions
4.5.2 Binding the Service VRRP Backup Group to the mVRRP Backup Group
Context
Do as follows on the device that need perform VRRP fast switchover:
Procedure
Step 1 Run:
system-view

The view of the interface where the service VRRP backup group is configured is displayed. Step 3 Run:
vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interfacenumber [.subinterface-number ] vrid virtual-router-id2
The service VRRP backup group is bound to the mVRRP backup group. After the binding, the state machine of the service VRRP backup group becomes dependent. That is, the service VRRP backup group deletes the protocol timer and stops sending or receiving VRRP packets. Alternatively, it implements its state machine by directly copying the status of the mVRRP back group. A service VRRP backup group can be bound to only one mVRRP backup group. ----End
4.5.3 Configuring the mVRRP Backup Group to Track the BFD Session Status
Context
4-20
Issue 03 (2010-03-31)

NOTE
l l
Procedure
Step 1 Run:
system-view

The status of a link or peer BFD session is tracked. If the type of the link BFD is of any of following, you must run the process-pst command to allow the BFD session to modify the port status table (PST). Otherwise, the link BFD session status monitored by mVRRP is not the same as the actual session status.
BFD for static LSP

Issue 03 (2010-03-31)

BFD for LDP LSP BFD for CR-LSP BFD for TE
In this scenario, the NPEs establish the peer BFD session between each other but the NPE does not establish the link BFD session with the PE; instead, the NPE establishes multiple link BFD sessions directly with each CE. By tracking the BFD session status, the NPE implements master/ backup fast switchover of the mVRRP backup group. ----End
4.5.4 Setting the Threshold for VRRP Fast Switchover

Context
Procedure
Step 1 Run:
system-view

The view of the interface where the mVRRP backup group is configured is displayed. Step 3 Run:
vrrp vrid track link-bfd down-number down-number
The threshold of VRRP fast switchover is set. Among the link BFD sessions tracked by the mVRRP backup group, when the number of sessions in the Down state reaches or exceeds this threshold, the mVRRP backup group performs master/backup fast switchover. ----End
4.5.5 Enabling the Association Between the mVRRP Backup Group Status and the Route
Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
vrrp trigger route
The association between the mVRRP backup group status and the route is enabled. At present, multiple VRRP backup groups can be configured on an interface and thus different statuses of VRRP backup groups coexist. Hence, after the association between the VRRP backup group status and the route is enabled, it is recommended that only one VRRP backup group be configured on an interface to avoid the chaotic route status.
NOTE
In the scenario where the association between the VRRP backup group and the route is enabled:
l
For the sub-interface for QinQ VLAN tag termination and VLANIF interface:
l l
When the status of the VRRP backup group becomes Initialize, the device deletes the network segment route and remote host route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Master, the device advertises the network segment route and remote host route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Initialize, the device deletes the network segment route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Master, the device advertises the network segment route of the interface where the VRRP backup group is configured.
For other types of interfaces:

l l
----End

Prerequisite
All configurations of VRRP fast switchover using BFD sampling are complete.
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to view the status of the VRRP backup group.
----End
Example
Run the display vrrp command. The command output shows that the status of the BFD session tracked by the mVRRP backup group is Up and the threshold of VRRP fast switchover is 2.
[HUAWEI] display vrrp interface gigabitethernet1/0/1.1 GigabitEthernet1/0/1.1 | Virtual Router 10 State : Master Virtual IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES TimerRun : 1
Delay Time : 0
Issue 03 (2010-03-31)
4-23

TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 BFD-session state : UP Track BFD : peer1 BFD-session state : UP Track BFD : link2 BFD-session state : UP Track BFD : link3 type: link BFD-session state : UP Track BFD : link4 type: link BFD-session state : UP
type: link type: peer type: link
4.6 Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured
4.6.1 Establishing the Configuration Task 4.6.2 Configuring the mVRRP Backup Group 4.6.3 Binding the Service VRRP Backup Group to the mVRRP Backup Group 4.6.4 Configuring the mVRRP Backup Group to Track the BFD Session Status 4.6.5 Setting the Threshold for VRRP Fast Switchover 4.6.6 Enabling the Association Between the mVRRP Backup Group Status and the Route 4.6.7 Checking the Configuration

VRRP defines three status types: Initialize, Master, and Backup. On being notified that the interface is shut down, the VRRP backup group switches its status to Initialize. As shown in Figure 4-3, the CE connects to the sub-interface for QinQ VLAN tag termination of the NPE across the VPLS convergence network. On the NPE, the mVRRP backup group and the service VRRP backup group are configured and the mVRRP backup group is responsible for tracking the BFD session to implement VRRP fast switchover. Between NPE1 and NPE2, the peer BFD session is established. In this networking, however, VRRP fast switchover may not work because of the following causes:
l
In the VPLS convergence network, the PW is established only between PE1 and PE3 and between PE2 and PE3. According to the VPLS split horizon rule, the mVRRP backup group and the peer BFD session cannot be established between NPE1 and NPE2. The VPLS convergence network belongs to another operator, so the link BFD session cannot be established between NPE1 and PE1 or between NPE2 and PE2.
In this scenario, you can use the function of ignorance of interface down of the mVRRP backup group to implement VRRP fast switchover.
NPE1 and NPE2 establish the mVRRP backup group and peer BFD session through a direct link rather than the VPLS convergence network. Thus, when the interface where the mVRRP backup group is configured goes Down, the status of the mVRRP backup group is switched to Master rather than Initialize.
NOTE
In practical networking, NPE1 and NPE2 establish the mVRRP backup group and peer BFD session through the direct link rather than their respective interfaces connecting to the VPLS convergence network. Therefore, the cross-board Eth-Trunk link is recommended between NPE1 and NPE2 to ensure the reliability of the status of the mVRRP backup group and peer BFD session.
Figure 4-3 Typical networking of ignorance of the down of an interface where the mVRRP backup group is configured
Access
VPLS convergence network
Core
CE1 Horizontal split CE2 PE1

PW
NPE1
PW
CE3 PE3
Peer BFD
Admin VRRP
MPLS/IP Core
PE2 NPE2
CE4
Before configuring ignorance of the down of an interface where the mVRRP backup group is configured, complete the following tasks:
l l l
Configuring physical parameters for interfaces Configuring link attributes for interfaces Configuring network layer attributes for interfaces to ensure network connectivity
Issue 03 (2010-03-31)
l
Configuring VRRP backup groups, including the service VRRP backup groups and the mVRRP backup group Configuring BFD sessions, including the link BFD sessions and the peer BFD session (It is required to configure Link BFD sessions between the PE and each CE.)
Data Preparation
To configure ignorance of the down of an interface where the mVRRP backup group is configured, you need the following data. No. 1 2 3 Data VRRP Virtual Router IDs (VRIDs) and virtual IP addresses Priorities of VRRP backup groups Local and remote discriminators of BFD sessions
4.6.2 Configuring the mVRRP Backup Group

Context
Do as follows on the router where the mVRRP backup group is configured:
Procedure
Step 1 Run:
system-view

A VRRP backup group is created, and a virtual IP address is assigned to the VRRP backup group. Step 4 Run:
The priority of the VRRP backup group is configured. Step 5 Run:

admin-vrrp vrid virtual-router-id ignore-if-down
This VRRP backup group is configured as an mVRRP backup group. In the scenario as shown in Figure 4-3, if NPE is not faulty, it is not recommended to shut down the direct link between NPE1 and NPE2. Otherwise, the mVRRP backup groups on NPE1 and NPE2 both become Master, causing service interruption.
In all networking environments except the scenario as shown in Figure 4-3, it is not recommended to enable the function of ignorance of interface down of the mVRRP backup group. Otherwise, the state machine of the VRRP backup group is inconsistent with that defined in the RFC. ----End
4.6.3 Binding the Service VRRP Backup Group to the mVRRP Backup Group
Context
Procedure
Step 1 Run:
system-view

vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interfacenumber [.subinterface-number ] vrid virtual-router-id2
The service VRRP backup group is bound to the mVRRP backup group. After the binding, the state machine of the service VRRP backup group becomes dependent. That is, the service VRRP backup group deletes the protocol timer and stops sending or receiving VRRP packets. Alternatively, it implements its state machine by directly copying the status of the mVRRP back group. A service VRRP backup group can be bound to only one mVRRP backup group. ----End
4.6.4 Configuring the mVRRP Backup Group to Track the BFD Session Status
Context
NOTE
l l
Issue 03 (2010-03-31)
4-27
Procedure
Step 1 Run:
system-view

The status of a link or peer BFD session is tracked. If the type of the link BFD is of any of following, you must run the process-pst command to allow the BFD session to modify the port status table (PST). Otherwise, the link BFD session status monitored by mVRRP is not the same as the actual session status.

BFD for static LSP BFD for LDP LSP BFD for CR-LSP BFD for TE
In this scenario, the NPEs establish the peer BFD session between each other but the NPE does not establish the link BFD session with the PE; instead, the NPE establishes multiple link BFD
sessions directly with each CE. By tracking the BFD session status, the NPE implements master/ backup fast switchover of the mVRRP backup group. ----End
4.6.5 Setting the Threshold for VRRP Fast Switchover

Context
Procedure
Step 1 Run:
system-view

vrrp vrid track link-bfd down-number down-number
The threshold of VRRP fast switchover is set. Among the link BFD sessions tracked by the mVRRP backup group, when the number of sessions in the Down state reaches or exceeds this threshold, the mVRRP backup group performs master/backup fast switchover. ----End
4.6.6 Enabling the Association Between the mVRRP Backup Group Status and the Route
Context
Procedure
Step 1 Run:
system-view

vrrp trigger route
The association between the mVRRP backup group status and the route is enabled.
At present, multiple VRRP backup groups can be configured on an interface and thus different statuses of VRRP backup groups coexist. Hence, after the association between the VRRP backup group status and the route is enabled, it is recommended that only one VRRP backup group be configured on an interface to avoid the chaotic route status.
NOTE
In the scenario where the association between the VRRP backup group and the route is enabled:
l
For the sub-interface for QinQ VLAN tag termination and VLANIF interface:
l l
When the status of the VRRP backup group becomes Initialize, the device deletes the network segment route and remote host route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Master, the device advertises the network segment route and remote host route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Initialize, the device deletes the network segment route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Master, the device advertises the network segment route of the interface where the VRRP backup group is configured.
For other types of interfaces:

l l
----End

Prerequisite
All configurations of VRRP fast switchover using BFD sampling are complete.
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to view the status of the VRRP backup group.
----End
Example
Run the display vrrp command. The command output shows that the status of the BFD session tracked by the mVRRP backup group is Up and the threshold of VRRP fast switchover is 2.
[HUAWEI] display vrrp interface gigabitethernet1/0/1.1 GigabitEthernet1/0/1.1 | Virtual Router 10 State : Master Virtual IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 BFD-session state : UP Track BFD : peer1 BFD-session state : UP Track BFD : link2
Delay Time : 0
type: link type: peer type: link
4-30
Issue 03 (2010-03-31)

BFD-session state Track BFD BFD-session state Track BFD BFD-session state : : : : : UP link3 UP link4 UP
type: link type: link
4.7 Configuring VRRP Applications in VLANIF

This section describes how to configure VRRP on the VLANIF interface. 4.7.1 Establishing the Configuration Task 4.7.2 Configuring VRRP on VLANIF 4.7.3 (Optional) Configuring the Sending Mode of VRRP Packets in Super-VLAN 4.7.4 Checking the Configuration

VLANIF supports VRRP functions.
Before configuring VRRP on the VLANIF interface, complete the followings tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring sub-VLAN Configuring super-VLAN
Data Preparation
To configure VRRP on the VLANIF interface, you need the following data. No. 1 2 3 4 Data Super-VLAN ID Sub-VLAN ID Backup group ID Virtual IP address of the backup group
Issue 03 (2010-03-31)
4-31
4.7.2 Configuring VRRP on VLANIF

Context
Do as follows on a router on which VRRP runs on the VLANIF interface:
Procedure
Step 1 Run:
system-view

interface vlanif vlan-id
The VLAN interface view is displayed. Step 3 Run:

A backup group is created and its virtual IP address is specified. Step 4 Run:
The priority of the router in the backup group is configured. ----End
4.7.3 (Optional) Configuring the Sending Mode of VRRP Packets in Super-VLAN

Context
Do as follows on a VRRP router that is configured with a super-VLAN:
Procedure
Step 1 Run:
system-view

interface vlanif vlan-id
The VLAN interface view is displayed. Step 3 Run:

vrrp advertise send-mode { sub-vlan-id | all }
The sending mode of VRRP advertising messages is configured. By default, the super-VLAN does not send advertisement messages to its sub-VLANs. ----End

Prerequisite
The configurations of the VRRP Applications in VLANIF are complete.
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to Check the status of VRRP. ----End
Example
After the configuration, run the display vrrp interface vlanif command, and you can view the VRRP status on the VLANIF interface.
<HUAWEI> display vrrp interface vlanif 40 Vlanif40 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
4.8 Configuring VRRP Security

This section describes how to implement the VRRP authentication. 4.8.1 Establishing the Configuration Task 4.8.2 Configuring the Authentication Mode of VRRP Packets 4.8.3 Checking the Configuration

In a secure network, by default, the router considers received and sent VRRP packets real and valid without authenticating them. In this case, you need not configure an authentication key. VRRP provides simple text authentication and MD5 authentication for networks that are vulnerable to attacks. In simple text authentication mode, a string of 1 to 8 characters can be configured as the authentication key. In MD5 authentication mode, a string of 1 to 8 characters in plain text or a string of 24 characters in encrypted text can be configured as the authentication key.
The process of simple text authentication is as follows:

l l
Device that sends packets adds the authentication key into VRRP packets. Device that receives packets compares the received authentication key with the local authentication key. If they are the same, VRRP packets are valid. Otherwise, the router discards the received VRRP packets and sends a Trap packet to the Network Management System (NMS). The router adds the authentication key to the VRRP packet. The receiver generates a summary based on the locally configured authentication key and compares the summary of the received VRRP packet with the locally generated summary. If they are the same, the receiver considers the received VRRP packet valid. Otherwise, the receiver considers the received VRRP packet illegal and discards it, and then reports a trap message to the network management system.
The process of MD5 authentication is as follows:

l l
Before configuring the VRRP security function, complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring network layer attributes for interfaces to connect the network Configuring the VRRP backup group
Data Preparation
To configure the VRRP security function, you need the following data. No. 1 2 3 Data Backup group ID Virtual IP address of the backup group Authentication key of the VRRP packet
4.8.2 Configuring the Authentication Mode of VRRP Packets

Context
Do as follows on the router that needs to be configured with an authentication mode for VRRP packets:
Procedure
Step 1 Run:
system-view

Step 2 Run:

A backup group is created and its virtual IP address is specified. Step 4 (optional) Run:
The priority of the router in the backup group is configured. Step 5 Run:
vrrp vrid virtual-router-id authentication-mode { simple key | md5 md5-key }
The authentication mode for VRRP packets is configured. The authentication key on the master device must be the same as the authentication key on the backup device. The devices in a VRRP backup group must be configured with the same authentication mode; otherwise, the negotiation between the master and backup routers cannot succeed. ----End

Prerequisite
The configurations of the VRRP Security function are complete.
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to check the status of VRRP. ----End
Example
After the configuration, run the display vrrp command, and you can view the mode of the packet authentication.
<HUAWEI> display vrrp GigabitEthernet1/0/0 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 TimerRun : 1 TimerConfig : 1 Auth Type : MD5 Auth key : >6M*PO438G/Q=^Q`MAF4<1!! Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp
Issue 03 (2010-03-31)
4-35
Config track link-bfd down-number : 0
According to the preceding command output, the Auth Type field displays MD5, and the Auth key field displays >6M*PO438G/Q=^Q`MAF4<1!!. That is, VRRP backup group 1 adopts MD5 authentication, and the authentication key is >6M*PO438G/Q=^Q`MAF4<1!!.
4.9 Configuring VRRP Smooth Switching

This section describes the application and configuration of VRRP smooth switching 4.9.1 Establishing the Configuration Task 4.9.2 Configuring VRRP Smooth Switching 4.9.3 Checking the Configuration

In the network where VRRP backup groups are configured, the backup router switches to the master router because the original master router and backup router cannot communicate in time when the original master router performs the AMB/SMB switchover. After the AMB/SMB switchover, the original master router preempts to be the master router again because its priority is higher than the priority of the original backup router. Because the system is too busy during the switchover, the master router cannot send Hello packets normally and the backup router cannot receive packets timely. In this case, the backup router preempts to be the master router. Then, the link switchover is performed and this causes packet loss. Enabling VRRP smooth switching on a router can optimize the VRRP performance and reduce the impact on the user traffic.
None.
Data Preparation
To configure VRRP smooth switching, you need the following data. No. 1 Data Interval for the master router to send VRRP packets during VRRP smooth switching
4.9.2 Configuring VRRP Smooth Switching

Context
Do as follows on the router of a VRRP backup group:
Procedure
Step 1 Run:
vrrp timer-advertise learning enable
The function of learning the interval for receiving VRRP packets is enabled. By default, this function is enabled. Step 2 Run:
vrrp smooth-switching timer timer-value
VRRP smooth switching is enabled, and the interval carried in the VRRP packet during VRRP smooth switching is configured. By default, VRRP smooth switching is enabled, and the interval carried in the VRRP packet is 100 seconds. Before running the command, you must enable the function of learning the interval for receiving VRRP packets. When the learning function is disabled, VRRP smooth switching is also disabled.
NOTE
If the interval set by the master router for sending VRRP broadcast packets is much greater than the interval set by the backup router, the backup router resets the "masterdown" time after the backup router is restarted and the interface recovers. The master router may not send packets after the "masterdown" time of the backup router expires. In this case, the backup router becomes the master router. As a result, two master routers exist. During the AMB/SMB switchover, the master router sends VRRP smooth switching packets at the configured interval. If the time configured by the master router for VRRP smooth switching, such as 1s, is shorter than the configured interval for sending VRRP broadcast packets, such as 10s, VRRP packets are sent at the interval of 10s, and the interval carried in the VRRP packet is 1s. As a result, the status of the backup router continuously flaps.
----End

Prerequisite
The configurations of the VRRP Smooth Switching function are complete.
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to check the status of the VRRP backup group. ----End
Example
After configuring VRRP smooth switching, perform the AMB/SMB switchover on the device. During the AMB/SMB switchover, the status of the VRRP backup group does not switch, and thus the user traffic is not affected. After the AMB/SMB switchover, all VRRP configurations of the new AMB are consistent with those of the original AMB.
<HUAWEI> display vrrp Ethernet2/0/0 | Virtual Router 1 State : Master
Issue 03 (2010-03-31)
4-37
Virtual IP : 10.10.10.158 PriorityRun : 180 PriorityConfig : 180 MasterPriority : 180 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
4.10 Adjusting and Optimizing VRRP

This section describes how to adjust the related parameters of VRRP packets to optimize VRRP. 4.10.1 Establishing the Configuration Task 4.10.2 Configuring the Interval for Sending VRRP Advertising Messages 4.10.3 Configuring the Preemption Delay Time of Backup Group Routers 4.10.4 Enabling the Reachability Test of the Virtual IP Address 4.10.5 Disabling a Router from Checking Number of Hops in VRRP Packets 4.10.6 Configuring the Timeout Time of Sending Gratuitous ARP Packets by the Master router 4.10.7 Checking the Configuration

You can configure the related parameters of VRRP packets to optimize the functions of backup groups.
l
By increasing the interval for sending VRRP advertisement packets by the backup group, you can reduce the network load caused by negotiation packets. In VRRP for IPv4, the members in a VRRP backup group are configured with the same interval for sending VRRP packets, which prevents multiple backup routers from being switched to master routers simultaneously in one VRRP backup group. By configuring the preemption mode and preemption delay time of the router in the backup group, you can increase or reduce the speed of the master/backup switchover. By enabling the test on the reachability of the virtual IP address, you can ping the virtual IP address to check the network connectivity. By prohibiting the system from checking number of hops in VRRP packets, you can improve the compatibility of Huawei routers with different vendors' routers.
Before adjusting and optimizing VRRP, complete the following tasks:
l
Configuring physical parameters for interfaces

4-38

l l l
Configuring link layer attributes for interfaces Configuring network layer attributes for interfaces to connect to the network Configuring the VRRP backup group
Data Preparation
To adjust and optimize VRRP, you need the following data. No. 1 2 3 Data Interval for sending VRRP advertisement packets Preemption delay of the routers in the backup group Timeout period for the master to send gratuitous ARP packets
4.10.2 Configuring the Interval for Sending VRRP Advertising Messages

Context
The master router sends VRRP advertisement packets at intervals to other backup routers. If the backup routers do not receive VRRP advertising messages when the timer times out, the backup router with the highest priority becomes the master router automatically. Do as follows on the router to adjust the interval for sending VRRP advertisement packets:
Procedure
system-view


vrrp vrid virtual-router-id timer advertise advertise-interval
The interval for sending VRRP advertisement packets is configured. By default, the interval for sending VRRP advertisement packets is 1 second. When multiple backup groups exist, sending VRRP advertisement packets at very short intervals may lead to frequent VRRP switchover. In this case, you can increase the interval. ----End
4.10.3 Configuring the Preemption Delay Time of Backup Group Routers

Context
Do as follows on the VRRP backup router of which the latency of preemption needs to be adjusted:
Procedure
system-view


vrrp vrid virtual-router-id preempt-mode timer delay delay-value
The preemption delay of routers in the backup group is configured. By default, the preemption mode is adopted and the delay period is 0, indicating immediate preemption. In immediate preemption mode, the backup router becomes the new master router when its priority is higher than that of the current master router. The original master router becomes a backup router. After the preemption delay period is set, the backup router is delayed to preempt the master router. Run the vrrp vrid virtual-router-id preempt-mode disable command to configure routers in the backup group with the non-preemption mode. In the non-preemption mode, if a router in the backup group becomes the master router and works normally, other routers do not become the master router even if they are configured with higher priorities later. After the IP address owner recovers from a fault, it switches to be the master router immediately in spite of the preemption delay. The preemption delay refers to a delay period for the backup router to be switched to be the master router. The preemption delay is unavailable for the IP address owner. For the VRRP backup group that needs to support the preemption delay, the master virtual router cannot be configured as the IP address owner. Run the undo vrrp vrid virtual-router-id preempt-mode command to restore the default preemption mode.
NOTE
On each router to be configured with a delay mode in a VRRP backup group, it is recommended to configure backup routers with the immediate preemption mode (whose delay time is 0 seconds) and configure the master router with the preemption mode (whose delay time is specified). Configuring the delay time for the master router can ensure that the original primary link has enough time to restore and work stably, and then switch back. At the same time, the backup link works normally. If the data is switched back to the original primary link, the application is not affected.
----End
4.10.4 Enabling the Reachability Test of the Virtual IP Address

Context
In the NE80E/40E, you can ping the virtual IP address to check the following items:
l l
Whether the master router in the backup group is available. Whether the internal user can access external networks through the virtual IP address that serves as the default gateway.
Do as follows on the router that needs to be enabled with a reachable virtual IP address:
Procedure
system-view

vrrp virtual-ip ping enable
Testing reachability of a virtual address is enabled. By default, the ping function is enabled. The master router responds to ping packets to the virtual IP address of this backup group. Pinging a virtual address may cause ICMP attacks. To prevent this, you can run the undo vrrp virtual-ip ping enable command to disable the function of testing reachability of a virtual IP address. ----End
4.10.5 Disabling a Router from Checking Number of Hops in VRRP Packets

Context
Defined in RFC 3768, the system detects number of hops in received VRRP packets. The packets whose number of hops is not 255 are discarded. In certain networking environments where Huawei devices and non-Huawei devices work together, checking the number of hops in VRRP packets may result in discarding VRRP packets incorrectly. You can disable the system from checking the number of hops in VRRP packets. Do as follows on the router that is prohibited from checking the number of hops of VRRP packets:
Procedure
l For VRRP for IPv4, 1. Run:
system-view

2.
Run:

vrrp un-check ttl
Checking TTLs in VRRP packets is disabled. By default, TTLs in VRRP packets are detected. You can run the undo vrrp un-check ttl command to enable the router to check TTLs in VRRP packets. ----End
4.10.6 Configuring the Timeout Time of Sending Gratuitous ARP Packets by the Master router
Context
Do as follows on the router to send gratuitous ARP packets:
Procedure
Step 1 Run:
system-view

vrrp gratuitous-arp timeout time
The timeout period is configured for the master router to send gratuitous ARP packets. The master router sends the ARP packets with the virtual MAC address. By default, the master router sends a gratuitous ARP packet every 300 seconds (5 minutes). Run the undo vrrp gratuitous-arp timeout command in the system view to restore the default timeout period of sending gratuitous ARP packets. Run the vrrp gratuitous-arp timeout disable command in the system view to disable the master router to send gratuitous ARP packets. ----End

Prerequisite
The configurations of Adjusting and Optimizing VRRP function are complete.
Procedure
----End
Example
Run the display vrrp command, and you can view the modified VRRP parameter. For example, the TimerRun field and the TimerConfig field display 20. That is, the interval for sending the VRRP advertisement packet is modified as 20 seconds. The default interval is 1 second.
<HUAWEI> display vrrp GigabitEthernet1/0/0 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 20 TimerConfig : 20 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
4.11 Configuring mVRRP Backup Groups

This section describes how to create a VRRP backup group and configure VRRP members and member interfaces bind to mVRRP. 4.11.1 Establishing the Configuration Task 4.11.2 Configuring mVRRP Backup Group 4.11.3 (Optional) Configuring VRRP Backup Group Members and Binding them to the mVRRP Backup Group 4.11.4 (Optional) Binding Member Interface and Management Backup Group 4.11.5 (Optional) Binding the PW to the mVRRP Backup Group Through VPLS 4.11.6 Checking the Configuration

Application Environment
Figure 4-4 mVRRP determines the dual-homing of the master and slave routers
NPE1
mVRRP
UPE
NPE2
As shown in Figure 4-4, when the convergence layer of the Metro Ethernet (ME) dual NPEs are deployed for high reliability. The master and standby routers are determined by mVRRP between NPEs. The mVRRP backup group is actually the ordinary VRRP backup group. The difference is that the mVRRP backup group can be bound to other backup groups of different services. The status of the backup group of related services depends on the binding relationship. The mVRRP backup group can be bound to several backup group members. The mVRRP backup group cannot be bound to other management backup groups. According to different applications, the binding relationship of the mVRRP backup group is as follows:
l
The VRRP backup group is bound to the mVRRP backup group: UPEs are dual-homed to NPEs. VRRP is run between NPEs. The master NPE and backup NPE are determined by the configured priority of VRRP. Multiple VRRP backup groups run between NPEs with different services. If each VRRP backup group needs to maintain its own state machine, a huge number of VRRP packets exist among NPEs. To simplify the process and decrease occupancy of bandwidth, you can set one VRRP backup group as the mVRRP backup group. Other backup group members are bound to the mVRRP backup group. The master and slave routers are determined directly by the binding relationship.
The service interfaces are bound to the mVRRP backup group. If the UPEs are dual-homed to NPEs through two physical links. You can bind the member interfaces to the mVRRP backup group to determine the master member interfaces and the slave interfaces. PW is bound to the mVRRP backup group. If VPLS is run between UPEs and NPEs, the UPEs are dual-homed to NPEs through two PWs. Then, you can bind the PW and the mVRRP backup group to determine the master PW and the slave PW.
Before configuring mVRRP, complete the following tasks:
l l l
Configuring physical parameters of an interface Configuring link attributes of interfaces Configuring attributes of network layer of interfaces for connectivity
Data Preparation
To configure mVRRP, you need the following data. No. 1 2 3 4
4-44
Data ID of the mVRRP and IDs of VRRP backup group members Virtual IP address of the mVRRP and virtual IP addresses of VRRP backup group members Priority of the mVRRP Number of the member interface
No. 5
Data PW peer IP address
4.11.2 Configuring mVRRP Backup Group

Context
Do as follows on each router of an mVRRP backup group:
Procedure
Step 1 Run:
system-view


A backup group is created and a virtual IP address is assigned to the backup group. Step 4 Run:
The priority of the VRRP backup group is configured. Step 5 Run:

admin-vrrp vrid virtual-router-id
This VRRP backup group is configured as an mVRRP backup group. ----End
4.11.3 (Optional) Configuring VRRP Backup Group Members and Binding them to the mVRRP Backup Group
Context
Do as follows on each router on which the VRRP backup group members need to be bound to an mVRRP backup group.
Procedure
Step 1 Run:
system-view

Step 2 Run:
interface interface-type interface-number[.subinterface-number ]
The interface view of a VRRP member is displayed. Step 3 Run:

A backup group is created with a virtual IP address. The status of the VRRP backup group member is determined by the mVRRP backup group. Therefore, the VRRP group member needs not a priority. Step 4 Run:
vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interfacenumber [ .subinterface-number ] vrid virtual-router-id2
The VRRP backup group member is bound to the mVRRP backup group. After the VRRP backup group member is bound to the mVRRP backup group, the state machine of the VRRP backup group member becomes dependent. That is, the VRRP backup group member deletes the protocol timer, and no longer sends or receives packets, and implements its state machine by directly copying the status of the mVRRP backup group. The backup member can be bound to only one mVRRP. ----End
4.11.4 (Optional) Binding Member Interface and Management Backup Group

Context
Do as follows on the routers that need to bind the member interface to the mVRRP backup group.
Procedure
Step 1 Run:
system-view

interface interface-type interface-number[.subinterface-number ]
The member interface view is displayed. Step 3 Run:

track admin-vrrp interface interface-type interface-number vrid virtual-router-id
The member interface is bound to the mVRRP backup group. ----End
4-46
Issue 03 (2010-03-31)
4.11.5 (Optional) Binding the PW to the mVRRP Backup Group Through VPLS
Context
Do as follows on the routers that need to bind the PW to the mVRRP backup group.
Procedure
Step 1 Run:
system-view

vsi vsi-name static
The VSI view is displayed. Step 3 Run:

pwsignal ldp
The VSI-LDP view is displayed. Step 4 Run:

peer peer-address [ negotiation-vc-id vc-id ] track admin-vrrp interface interfacetype interface-number vrid virtual-router-id
The PW is bound to the VRRP backup group. Before the PW is bound to the mVRRP backup group, the peer must exist. For the configuration of the PW, refer to Chapter "VPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN. ----End

Prerequisite
The configurations of the mVRRP backup groups function are complete.
Procedure
l Run the display vrrp binding admin-vrrp [ interface interface-type interface-number ] [ vrid virtual-router-id ] command to check all binding information about the mVRRP backup group. Run the display vrrp binding admin-vrrp [ interface interface-type1 interfacenumber1 ] [ vrid virtual-router-id ] member-vrrp [ interface interface-type2 interfacenumber2 ] [ vrid virtual-router-id ] command to check the binding between the mVRRP backup group and the VRRP backup group members. Run the display vrrp binding admin-vrrp [ interface interface-type1 interfacenumber1 ] [ vrid virtual-router-id ] member-interface [ interface interface-type2
Issue 03 (2010-03-31)
interface-number2 ] command to check the binding between the mVRRP backup group and the member interface members. l Run the following commands to check the binding between the mVRRP backup group and the PW members.
display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id ] member-pw display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id ] member-pw vc interface interface-type2 interface-number2 display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id ] member-pw vsi vsi-name peer ip-address [ negotiation-vcid vc-id1 ] display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id ] member-pw vc switch-vc peer ip-address vc-id2
Run the display vrrp admin-vrrp command to check the status of all mVRRP backup groups in the current configuration.
----End
Example
After the configuration, you can run the display vrrp binding admin-vrrp command to view all binding information about the VRRP backup group member, interface member, and PW member.
<HUAWEI> display vrrp binding admin-vrrp Interface: GigabitEthernet2/0/0, admin-vrrp vrid: 6, state: Master Member-vrrp number: 1 Interface: GigabitEthernet2/0/0.1, vrid: 8, state: Master Member-interface number: 1 Interface: GigabitEthernet2/0/0.2, state: Up
4.12 Maintaining VRRP

4.12.1 Monitoring the VRRP Running
4.12.1 Monitoring the VRRP Running

Context
In routine maintenance, you can run the following command in any view to display the running status of VRRP.
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] [ brief ] command in any view to check the current running status and parameters of VRRP.
----End
4-48
Issue 03 (2010-03-31)

This section describes how to debug VRRP. 4.13.1 Example for Configuring VRRP in Master/Backup Mode 4.13.2 Example for Configuring VRRP in Load Balancing Mode 4.13.3 Example for Configuring the Multi-Instance VRRP 4.13.4 Example for Configuring VRRP Fast Switchover 4.13.5 Example for Configuring VRRP Fast Switchover (Using BFD Sampling) 4.13.6 Example for Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured 4.13.7 Example for Configuring VRRP on VLANIF Interfaces
4.13.1 Example for Configuring VRRP in Master/Backup Mode

As shown in Figure 4-5, Host A accesses Host B through the default gateway. The requirements are as follows:
l
Router A and Router B form a VRRP backup group that serves as the default gateway for Host A. Normally, Router A serves as the gateway. When Router A fails, Router B serves as the gateway. Router A continues to function as the master router within 20 seconds after it recovers.
Figure 4-5 Networking diagram of configuring VRRP in the master/backup mode
Backup group 1 Virtual IP Address: 10.1.1.111 RouterA Master

GE2/0/0 10.1.1.1/24
POS1/0/0 192.168.1.1/24 POS1/0/0 192.168.1.2/24
10.1.1.100/24 GE2/0/0 10.1.1.2/24
HostA
RouterC
Ethernet
Eth3/0/0 20.1.1.1/24 POS2/0/0 HostB 192.168.2.2/24 20.1.1.100/24 POS1/0/0 192.168.2.1/24
RouterB Backup
4-49
Issue 03 (2010-03-31)
The configuration roadmap is as follows: 1. Create the backup group 1 on the GE 2/0/0 on Router A and configure Router A with the highest priority in the backup group to be the master router. Configure the preemption mode. Create backup group 1 on the GE 2/0/0 interface on Router B and use the default priority.
2.
Data Preparation
l l l
Virtual router ID and virtual IP address Priority of each router in the backup group Preemption mode
Procedure
Step 1 Configure network interconnection between devices. # Configure the default gateway of Host A with 10.1.1.111 and the default gateway of Host B with 20.1.1.1. # Configure Router A, Router B and Router C to use OSPF for interconnection. Step 2 Configure VRRP. # On Router A, configure the IP address of the interface, create backup group 1 and configure the priority of Router A in this group with 120 (as the master router).
<RouterA> system-view [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 priority 120 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 preempt-mode timer delay 20 [RouterA-GigabitEthernet2/0/0] quit
# On Router B, configure the IP address of the interface, create backup group 1 and configure the priority of Router B in this group with the default value (as the backup router).
<RouterB> system-view [RouterB] interface gigabitethernet 2/0/0 [RouterB-GigabitEthernet2/0/0] undo shutdown [RouterB-GigabitEthernet2/0/0] ip address 10.1.1.2 24 [RouterB-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterB-GigabitEthernet2/0/0] quit
Step 3 Verify the configuration.

l
Check that the VRRP backup group can serve as a gateway. After the previous configuration, Host A can ping through Host B. Running the display vrrp command on Router A, you can view that the status of Router A is Master. Running the display vrrp command on Router B, you can view that the Router B is Backup.
4-50
Issue 03 (2010-03-31)

<RouterA> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp <RouterB> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Backup Virtual IP : 10.1.1.111 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp
Running the display ip routing-table command on Router A and Router B, you can view a direct route with the destination address being the virtual IP address on Router A, and an OSPF route to the same destination on Router B. The displays on Router A and Router B are as follows.
<RouterA> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.0/24 OSPF 10 2 D 192.168.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Pos1/0/0 192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.2/32 Direct 0 0 D 192.168.1.2 Pos1/0/0 192.168.2.0/24 OSPF 10 2 D 10.1.1.2 GigabitEthernet2/0/0 <RouterB> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.111/32 OSPF 10 2 D 10.1.1.1 GigabitEthernet2/0/0 20.1.1.0/24 OSPF 10 2 D 192.168.2.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 OSPF 10 2 D 10.1.1.1 GigabitEthernet2/0/0 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Pos1/0/0 192.168.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.2/32 Direct 0 0 D 192.168.2.2 Pos1/0/0 l
Check whether Router B can become the master when Router A fails.
Issue 03 (2010-03-31)
4-51
To simulate the election of the master router when Router A fails, run the shutdown command on the GE 2/0/0 on Router A. Running the display vrrp command on Router B to view the VRRP status, you can view that Router B is in the Master state. The command output is as follows:
<RouterB> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp l
Check that Router A can perform preemption after recovering. Run the undo shutdown command on GE 2/0/0. On Router A, run the display vrrp command to view VRRP status 20 seconds after GE 2/0/0 being Up. You can view that Router A restores to be the master router.
----End
Configuration Files
l

# sysname RouterA # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120 vrrp vrid 1 preempt-mode timer delay 20 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return

# sysname RouterB # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.2.1 255.255.255.0 #
4-52
Issue 03 (2010-03-31)

ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return l
Configuration file of Router C

# sysname RouterC # interface Ethernet3/0/0 undo shutdown ip address 20.1.1.1 255.255.255.0 # interface Pos1/0/0 link-protocol ppp undo shutdown clock master ip address 192.168.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown clock master ip address 192.168.2.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return
4.13.2 Example for Configuring VRRP in Load Balancing Mode

As shown in Figure 4-6.
l l l
Router A serves as the master router of group 1 and the backup router of group 2. Router B serves as the master router of backup group 2 and the backup router of group 1. Host A in the internal network takes backup group 1 as its gateway and Host C takes backup group 2 as its gateway to share the traffic and backup each other.
Issue 03 (2010-03-31)
4-53
Figure 4-6 Networking diagram of configuring VRRP in load balancing mode
Backup group 2 Virtual IP Address: RouterA 10.1.1.112 group 1:Master
HostA
10.1.1.100/24
group 2:Backup POS1/0/0 192.168.1.1/24 GE2/0/0 POS1/0/0 10.1.1.1/24 192.168.1.2/24
RouterC
Eth3/0/0 20.1.1.1/24
POS2/0/0 HostB 192.168.2.2/24 20.1.1.100/24 10.1.1.101/24 POS1/0/0 GE2/0/0 192.168.2.1/24 10.1.1.2/24 RouterB Ethernet group 2:Master Backup group 1 group 1:Backup
HostC
Virtual IP Address: 10.1.1.111
The configuration roadmap is as follows: 1. 2. Create two backup groups on the GE 2/0/0 interface on Router A. Router A is the master router in the backup group 1 and the backup in group 2. Create two backup groups on the GE 2/0/0 interface on Router B. Router B is the backup router in the backup group 1 and the master in group 2.
Data Preparation
l l
Virtual router ID and virtual IP address Priority of each router in the backup group
Procedure
Step 1 Configure the network interconnection between devices. # Configure the default gateway of Host A as the virtual IP address 10.1.1.111 in backup group 1, the default gateway of Host B as 20.1.1.1, and the default gateway of Host C as the virtual IP address 10.1.1.112 in backup group 2. # Configure Router A, Router B, and Router C to use OSPF for interconnection. Step 2 Configure VRRP. # On Router A, configure the IP address of the interface, create backup group 1 and configure the priority of Router A in this group as 120 (as the master router). Create backup group 2 and
configure the priority of Router A in this group with the default value 100 (as the backup router).
<RouterA> system-view [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 priority 120 [RouterA-GigabitEthernet2/0/0] vrrp vrid 2 virtual-ip 10.1.1.112 [RouterA-GigabitEthernet2/0/0] quit
# On Router B, configure the IP address of the interface, create backup group 1 and configure the priority of Router B in this group with the default value 100 (as the backup router). Create backup group 2, and configure the priority of Router B in this group with 120 (as the master router).
<RouterB> system-view [RouterB] interface gigabitethernet 2/0/0 [RouterB-GigabitEthernet2/0/0] undo shutdown [RouterB-GigabitEthernet2/0/0] ip address 10.1.1.2 24 [RouterB-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterB-GigabitEthernet2/0/0] vrrp vrid 2 virtual-ip 10.1.1.112 [RouterB-GigabitEthernet2/0/0] vrrp vrid 2 priority 120 [RouterB-GigabitEthernet2/0/0] quit
Step 3 Verify the configuration. After the previous configuration, Host A and Host C in the network can ping through Host B. Tracert Host B from Host A and Host C. Packets from Host A to Host B pass through Router A and Router C. Packets from Host C to Host B pass through Router A and Router C. That is, the load balancing is enabled for Router A and Router B to share the internal traffic.
<HostA> tracert 20.1.1.100 traceroute to 20.1.1.100(20.1.1.100) 30 hops max,40 bytes packet 1 10.1.1.1 120 ms 50 ms 60 ms 2 192.168.1.2 100 ms 60 ms 60 ms 3 20.1.1.100 130 ms 90 ms 90 ms <HostC> tracert 20.1.1.100 traceroute to 20.1.1.100(20.1.1.100) 30 hops max,40 bytes packet 1 10.1.1.2 30 ms 60 ms 40 ms 2 192.168.2.2 90 ms 60 ms 60 ms 3 20.1.1.100 70 ms 60 ms 90 ms
Running the display vrrp command on Router A, you can view that Router A serves as the master router in backup group 1 and the backup router in backup group 2.
<RouterA> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp GigabitEthernet2/0/0 | Virtual Router 2 state : Backup Virtual IP : 10.1.1.112 PriorityRun : 100 PriorityConfig : 100
Issue 03 (2010-03-31)
4-55
MasterPriority Preempt TimerRun TimerConfig Auth Type Virtual Mac Check TTL Config type : : : : : : : : 120 YES Delay Time : 0 1 1 NONE 0000-5e00-0102 YES normal-vrrp
----End
Configuration Files
l

# sysname RouterA # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120 vrrp vrid 2 virtual-ip 10.1.1.112 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return

# sysname RouterB # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 2 virtual-ip 10.1.1.112 vrrp vrid 2 priority 120 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 192.168.2.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return

# sysname RouterC # interface Ethernet3/0/0 undo shutdown ip address 20.1.1.1 255.255.255.0 # interface Pos1/0/0
4-56
Issue 03 (2010-03-31)

link-protocol ppp undo shutdown ip address 192.168.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 192.168.2.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 20.1.1.0 0.0.0.255 # return
4.13.3 Example for Configuring the Multi-Instance VRRP

As shown in Figure 4-7, there are two VPN networks: VPN RED and VPN BLUE. Configure MPLS and VRRP according to the requirements listed in Table 4-1. Table 4-1 Networking requirements of the multi-instance VRRP Item Backup groups Networking Requirements
l
PE-A and PE-B form backup group 1 and backup group 2. PE-A serves as the master device, and PE-B serves as the backup device. CE-A uses the virtual IP address of VRRP backup group 1 as its default gateway. CE-B uses the virtual IP address of VRRP backup group 2 as its default gateway. CE-A and CE-D belong to the VPN-BLUE instances. CE-B and CE-C belong to the VPN-RED instances. The GE 1/0/0 interfaces on PE-A belong to the VPN-BLUE instances. The GE 2/0/0 interfaces belong to VPN-RED instances. The GE 1/0/0 interfaces on PE-B belong to the VPN-BLUE instances. The GE 2/0/0 interfaces belong to VPN-RED instances. The GE 1/0/0 interfaces on PE-C belong to the VPN-RED instances. The GE 2/0/0 interfaces belong to VPN-BLUE instances. Configure the OSPF and enable the MPLS forwarding. Configure default routes on CE-A and CE-B to exchange VPN routing information with PE-A and PE-B. Establish BGP peer relationship among PE-A, PE-B and PE-C to transmit all VPN routes.
VPN instance that CE belongs to VPN instance that the interface on PE belongs to
l l l
Routing protocol and MPLS
l l
Issue 03 (2010-03-31)
4-57
Figure 4-7 Networking diagram of configuring VRRP multi-instance
HostA VPN BLUE PE-A CE-A Loopback1 GE1/0/0 GE1/0/0 Backup group1 for VPN BLUE Backup group2 for VPN RED CE-C
HostC VPN RED
GE2/0/0
GE1/0/0
PO
0/
/0 /
Public Network POS3/0/0 P POS3/0/0 POS1/0/0
GE1/0/0 GE1/0/0 Loopback1 PE-C GE2/0/0 GE1/0/0
E2 /
E1 /
0/
CE-B VPN RED HostB
Loopback1 PE-B
S2
POS3/0/0 Loopback1
POS3/0/0
CE-D HostD VPN BLUE
router P
Interface POS 1/0/0 POS 2/0/0 POS 3/0/0 Loopback1
IP Address 192.168.1.2/24 192.168.2.2/24 192.168.3.2/24 4.4.4.4/32 10.1.1.1/24 20.1.1.1/24 192.168.1.1/24 1.1.1.1/32 10.1.1.2/24 20.1.1.2/24 192.168.2.1/24 2.2.2.2/32 10.2.1.1/24 20.2.1.1/24 192.168.3.1/24 3.3.3.3/32 10.1.1.100/24 20.1.1.100/24 20.2.1.100/24 10.2.1.100/24
VPN-Instance VPN-BLUE VPN-RED VPN-BLUE VPN-RED VPN-RED VPN-BLUE -
PE-A
GE 1/0/0 GE 2/0/0 POS 3/0/0 Loopback1
PE-B
PE-C
CE-A CE-B CE-C CE-D
GE 1/0/0 GE 1/0/0 GE 1/0/0 GE 1/0/0
4-58
Issue 03 (2010-03-31)
The configuration roadmap is as follows: 1. 2. 3. 4. Create the backup group 1 and the backup group 2 on PE-A and PE-B. PE-A is the master router in the backup group 1 and PE-B is the backup router. PE-A is the backup router in the backup group 2 and PE-B is the master router. PE-A and PE-B share the traffic and back up each other.
Data Preparation
l l
Virtual router ID and virtual IP address Priority of each router in the backup group
Procedure
Step 1 Configure OSPF between PEs, or between PEs and Ps to implement the interconnection of the backbone networks (omitted). Step 2 Configure MPLS basic functions and MPLS LDP on the MPLS backbone network and establish LDP LSP (omitted). Step 3 Configure VPN instances on PEs and enable CEs to access PEs (omitted). Step 4 Configure MP-IBGP peer connections between PEs (omitted). Step 5 Configure default routes on CE-A and CE-B (omitted). For the configurations from Step 1 to Step 5, refer to Chapter "BGP MPLS IP VPN Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN. You can also refer to the following configuration files. Step 6 Configure the multi-instance VRRP instance on PE-A and PE-B. # On PE-A, create backup group 1, and configure the priority of PE-A in this group to 120 (as the master router).
<PE-A> system-view [PE-A] interface gigabitethernet 1/0/0 [PE-A-GigabitEthernet1/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [PE-A-GigabitEthernet1/0/0] vrrp vrid 1 priority 120 [PE-A-GigabitEthernet1/0/0] quit
# On PE-A, create backup group 2, and configure the priority of PE-A in this group to the default value (as the backup router).
[PE-A] interface gigabitethernet 2/0/0 [PE-A-GigabitEthernet2/0/0] vrrp vrid 2 virtual-ip 20.1.1.111 [PE-A-GigabitEthernet2/0/0] quit
# On PE-B, create backup group 1, and configure the priority of PE-B in this group to the default value (as the backup router).
<PE-B> system-view [PE-B] interface gigabitethernet 1/0/0
Issue 03 (2010-03-31)
4-59
[PE-B-GigabitEthernet1/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [PE-B-GigabitEthernet1/0/0] quit
# On PE-B, create backup group 2, and configure the priority of PE-B in this group to 120 (as the master router).
[PE-B] interface gigabitethernet 2/0/0 [PE-B-GigabitEthernet2/0/0] vrrp vrid 2 virtual-ip 20.1.1.111 [PE-B-GigabitEthernet2/0/0] vrrp vrid 2 priority 120 [PE-B-GigabitEthernet2/0/0] quit
Step 7 Verify the configuration. Running the display ip routing-table vpn-instance vpn-instance-name command on PE-A and PE-B, you can view a route with the destination address being the virtual IP address in the VPN routing table on PE-A. There is no such route on PE-B. The display on PE-A is as follows:
<PE-A> display ip routing-table vpn-instance VPN-BLUE Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: VPN-BLUE Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 InLoopBack0 10.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0... ...
Run the ping command on PE-A and PE-B:

<PE-A> ping -vpn-instance VPN-BLUE 10.1.1.111
You can ping through the virtual IP address 10.1.1.111. ----End
Configuration Files
l
Configure file of PE-A

# sysname PE-A # ip vpn-instance VPN-BLUE route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance VPN-RED route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance VPN-BLUE ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120 # interface GigabitEthernet2/0/0 undo shutdown
4-60
Issue 03 (2010-03-31)
ip binding vpn-instance VPN-RED ip address 20.1.1.1 255.255.255.0 vrrp vrid 2 virtual-ip 20.1.1.111 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 192.168.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance VPN-BLUE import-route direct import-route static # ipv4-family vpn-instance VPN-RED import-route direct import-route static # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 1.1.1.1 0.0.0.0 # ip route-static vpn-instance VPN-BLUE 0.0.0.0 0.0.0.0 10.1.1.100 ip route-static vpn-instance VPN-RED 0.0.0.0 0.0.0.0 20.1.1.100 # return l
Configuration file of PE-B

# sysname PE-B # ip vpn-instance VPN-BLUE route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity # ip vpn-instance VPN-RED route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance VPN-BLUE ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 # interface GigabitEthernet2/0/0
Issue 03 (2010-03-31)
4-61

undo shutdown ip binding vpn-instance VPN-RED ip address 20.1.1.2 255.255.255.0 vrrp vrid 2 virtual-ip 20.1.1.111 vrrp vrid 2 priority 120 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 192.168.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance VPN-BLUE import-route direct import-route static # ipv4-family vpn-instance VPN-RED import-route direct import-route static # ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 2.2.2.2 0.0.0.0 # ip route-static vpn-instance VPN-BLUE 0.0.0.0 0.0.0.0 10.1.1.100 ip route-static vpn-instance VPN-RED 0.0.0.0 0.0.0.0 20.1.1.100 # return
4.13.4 Example for Configuring VRRP Fast Switchover

As shown in Figure 4-8, Router A, Router B, Switch A, Switch B and Universal Medium Gateway (UMG) compose a simple Next Generation Network (NGN) network.
l l
Connect UMG with Router A and Router B through Switch A and Switch B respectively. Run VRRP on Router A and Router B. Router A serves as the master router and Router B serves as the backup router.
When Router A fails or the GE link between Router A and Router B fails, VRRP switchover should be performed in less than one second to implement fast convergence in NGN.
4-62
Issue 03 (2010-03-31)
Figure 4-8 Networking diagram of configuring VRRP fast switchover
Backbone Network POS1/0/0 POS1/0/0 192.168.0.1/24192.168.0.2/24 Backup group 10 Virtual IP address: 10.1.1.3/24
RouterA GE2/0/0 10.1.1.1/24 SwitchA
RouterB GE2/0/0 10.1.1.2/24 SwitchB
VLAN
UMG
The configuration roadmap is as follows: 1. 2. Configure BFD sessions on GE interfaces on Router A and Router B to monitor the link Router A - Switch A - Switch B - Router B as well as Router A itself. Enable VRRP to track BFD sessions on Router B so that once the sessions are Down, the priority of Router B increases by 40 and then the switchover is enabled.
NOTE
l l
This example covers only configurations on Router A and Router B. If the switchover needs to be implemented only on Router A, configure BFD sessions on the POS interface that is directly connected to Router A and Router B in Step 1. This configuration is not covered in this example.
Data Preparation
l l l
The local and remote BFD session identifier Virtual router ID and virtual IP address Priority of each router in the backup group
Procedure
Step 1 Configure BFD. # Configure a BFD session on Router A.
<RouterA> system-view [RouterA] bfd [RouterA-bfd] quit [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet2/0/0] bfd [RouterA-GigabitEthernet2/0/0] quit [RouterA] bfd atob bind peer-ip 10.1.1.2 interface gigabitethernet 2/0/0 [RouterA-bfd-session-atob] discriminator local 1 [RouterA-bfd-session-atob] discriminator remote 2 [RouterA-bfd-session-atob] min-rx-interval 50 [RouterA-bfd-session-atob] min-tx-interval 50 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Configure a BFD session on Router B.

<RouterB> system-view [RouterB] bfd [RouterB-bfd] quit [RouterB] interface gigabitethernet2/0/0 [RouterB-GigabitEthernet2/0/0] ip address 10.1.1.2 24 [RouterB-GigabitEthernet2/0/0] bfd [RouterB-GigabitEthernet2/0/0] quit [RouterB] bfd btoa bind peer-ip 10.1.1.1 interface gigabitethernet 2/0/0 [RouterB-bfd-session-btoa] discriminator local 2 [RouterB-bfd-session-btoa] discriminator remote 1 [RouterB-bfd-session-btoa] min-rx-interval 50 [RouterB-bfd-session-btoa] min-tx-interval 50 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Running the display bfd session command on Router A and Router B, you can view that BFD sessions are Up. Take the display on Router A as an example.
[RouterA] display bfd session all -------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type -------------------------------------------------------------------------1 2 10.1.1.2 GigabitEthernet2/0/0 Up S_IP_IF -------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 2 Configure VRRP fast switchover. # Create a backup group 10 and configure Router A to be the master router with the priority as 160.
[RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] vrrp vrid 10 virtual-ip 10.1.1.3 [RouterA-GigabitEthernet2/0/0] vrrp vrid 10 priority 160 [RouterA-GigabitEthernet2/0/0] quit
# Create a backup group 10 and configure Router B to be the backup router with the priority as 140.
[RouterB] interface gigabitethernet2/0/0 [RouterB-GigabitEthernet2/0/0] vrrp vrid 10 virtual-ip 10.1.1.3 [RouterB-GigabitEthernet2/0/0] vrrp vrid 10 priority 140
# Track the BFD session on the backup router. If the BFD session is Down, the priority of Router B increases by 40.
[RouterB-GigabitEthernet2/0/0] vrrp vrid 10 track bfd-session 2 increased 40 [RouterB-GigabitEthernet2/0/0] quit
Running the display vrrpcommand on Route A or Router B, you can view that Router A is the master and Router B is the backup. You can also view the tracked BFD session and its status on Router B.

[RouterA] display vrrp GigabitEthernet2/0/0 | Virtual Router 10 state : Master Virtual IP : 10.1.1.3 PriorityRun : 160 PriorityConfig : 160 MasterPriority : 160 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0110 Check TTL : YES Config type : normal-vrrp [RouterB] display vrrp GigabitEthernet2/0/0 | Virtual Router 10 state : Backup Virtual IP : 10.1.1.3 PriorityRun : 140 PriorityConfig : 140 MasterPriority : 160 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0110 Check TTL : YES Config type : normal-vrrp Track BFD : 2 Priority increased BFD-Session State : UP
: 40
Step 3 Verify the configuration. # Run the shutdowncommand on GE 2/0/0 on Router A to simulate a link fault.
[RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] shutdown
On Router B, VRRP fast switchover is performed after BFD fails.

%May 10 15:48:30 2006 RouterB BFD/5/BFD:Slot=1;IO(1) BFD Session(Discr:2) FSM Change To Down(Detect) %May 10 15:48:30 2006 RouterB VRRP/5/BfdWarning: Virtual Router 10 | BFD-SESSION 2 : BFD_STATE_UP --> BFD_STATE_DOWN %May 10 15:48:30 2006 RouterB VRRP/5/StateWarning: GigabitEthernet2/0/0 | Virtual Router 10 : BACKUP --> MASTER
Running the display vrrp command on Router A, you can view that the status of Router A changes to Initialize.
[RouterA] display vrrp GigabitEthernet2/0/0 | Virtual Router 10 state : Initialize Virtual IP : 10.1.1.3 PriorityRun : 160 PriorityConfig : 160 MasterPriority : 0 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0110 Check TTL : YES Config type : normal-vrrp
Running the display vrrp command on Router B, you can view that Router B becomes the master router and the BFD session when it is Down.
[RouterB] display vrrp
Issue 03 (2010-03-31)
4-65

GigabitEthernet2/0/0 | Virtual Router 10 state : Master Virtual IP : 10.1.1.3 PriorityRun : 180 PriorityConfig : 140 MasterPriority : 180 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0110 Check TTL : YES Config type : normal-vrrp Track BFD : 2 Priority increased : 40 BFD-Session State : DOWN
----End
Configuration Files
l

# sysname RouterA # bfd # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.3 vrrp vrid 10 priority 160 # bfd atob bind peer-ip 10.1.1.2 interface gigabitethernet2/0/0 discriminator local 1 discriminator remote 2 min-tx-interval 50 min-rx-interval 50 commit # return

# sysname RouterB # bfd # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.3 vrrp vrid 10 priority 140 vrrp vrid 10 track bfd-session 2 increased 40 # bfd btoa bind peer-ip 10.1.1.1 interface gigabitethernet2/0/0 discriminator local 2 discriminator remote 1 min-tx-interval 50 min-rx-interval 50 commit # Return
4-66
Issue 03 (2010-03-31)
4.13.5 Example for Configuring VRRP Fast Switchover (Using BFD Sampling)
As shown in Figure 4-9, the CE connects to the sub-interface for QinQ VLAN tag termination of the NPE across the VPLS convergence network. On the NPE, the mVRRP backup group and the service VRRP backup group are configured and the mVRRP backup group implements master/backup fast switchover by tracking the BFD session. Between NPE1 and NPE2, the peer BFD session is established. In this configuration example, the following restrictions are imposed on the network:
l
The VPLS convergence network belongs to another operator, so the link BFD session cannot be directly established between NPE1 and PE1 or between NPE2 and PE2. PE1 or PE2 does not support the BFD function.
In this case, you can use BFD sampling to implement VRRP fast switchover.
NOTE
With BFD sampling, the NPE establishes link BFD sessions with each CE.
For the NPE:

l
NPE1 and NPE2 establish the mVRRP backup group, the service VRRP backup group, and the peer BFD session through their respective interfaces GE 1/0/1 that connect to the VPLS convergence network. NPE1 or NPE2 establishes four link BFD sessions with four CEs respectively through GE 1/0/1. The mVRRP backup group is responsible for tracking the status of the four BFD sessions concurrently. When two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover.
Issue 03 (2010-03-31)
4-67
Figure 4-9 Typical networking of VRRP fast switchover (using BFD sampling)
Access
Aggregation VPLS Network

# interface GigabitEthernet1/0/1.1 ip address 10.1.1.254 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 # interface GigabitEthernet1/0/1.100 ip address 10.100.1.254 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 # interface GigabitEthernet1/0/1.101 ip address 10.101.1.254 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 # interface GigabitEthernet1/0/1.102 ip address 10.102.1.254 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 # interface GigabitEthernet1/0/1.103 ip address 10.103.1.254 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 #
Core
CE1
NPE1
CE2
Link BFD PE3
PE1 PE2
Peer BFD
MPLS/IP Core
CE3
NPE2
# interface GigabitEthernet1/0/1.1 ip address 10.1.1.253 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 # interface GigabitEthernet1/0/1.100 ip address 10.100.1.253 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 # interface GigabitEthernet1/0/1.101 ip address 10.101.1.253 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 # interface GigabitEthernet1/0/1.102 ip address 10.102.1.253 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 # interface GigabitEthernet1/0/1.103 ip address 10.103.1.253 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 #
CE4
The configuration roadmap is as follows:
1. 2.
Configure the sub-interface for QinQ VLAN tag termination on NPE1 and NPE2. Configure the mVRRP backup group and service VRRP backup group on the sub-interfaces for QinQ VLAN tag termination of NPE1 and NPE2 and bind the service VRRP backup group with the mVRRP backup group. Establish the BFD session between NPE1 and NPE2 and between the NPE and the CE. Configure master/backup fast switchover of the mVRRP backup group using BFD sampling.
3. 4.
Data Preparation
l l
Virtual Router IDs (VRIDs) and virtual IP addresses Priorities of VRRP backup groups
Procedure
Step 1 Configure the sub-interface for QinQ VLAN tag termination on NPE1 and NPE2.
NOTE
Only the configuration procedures of NPE1 and NPE2 are provided here. For the configuration procedures of the BFD function of the CE as shown in Figure 4-9 and the VPLS convergence network, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability and Configuration Guide - VPN.
# Configure NPE1.
<HUAWEI> system-view [HUAWEI] sysname NPE1 [NPE1] interface gigabitethernet1/0/1 [NPE1-GigabitEthernet1/0/1] mode user-termination [NPE1-GigabitEthernet1/0/1] undo shutdown [NPE1-GigabitEthernet1/0/1] quit [NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/1.1] control-vid 1 qinq-termination [NPE1-GigabitEthernet1/0/1.1] qinq termination pe-vid 10 ce-vid 1 [NPE1-GigabitEthernet1/0/1.1] ip address 10.1.1.254 24 [NPE1-GigabitEthernet1/0/1.1] arp broadcast enable [NPE1-GigabitEthernet1/0/1.1] quit [NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] control-vid 100 qinq-termination [NPE1-GigabitEthernet1/0/1.100] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.100] ip address 10.100.1.254 24 [NPE1-GigabitEthernet1/0/1.100] arp broadcast enable [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] control-vid 101 qinq-termination [NPE1-GigabitEthernet1/0/1.101] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.101] ip address 10.101.1.254 24 [NPE1-GigabitEthernet1/0/1.101] arp broadcast enable [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] control-vid 102 qinq-termination [NPE1-GigabitEthernet1/0/1.102] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.102] ip address 10.102.1.254 24 [NPE1-GigabitEthernet1/0/1.102] arp broadcast enable [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] control-vid 103 qinq-termination [NPE1-GigabitEthernet1/0/1.103] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.103] ip address 10.103.1.254 24 [NPE1-GigabitEthernet1/0/1.103] arp broadcast enable [NPE1-GigabitEthernet1/0/1.103] quit
to 100
101 to 200
201 to 300
301 to 400
401 to 500
Issue 03 (2010-03-31)
4-69
# Configure NPE2.
<HUAWEI> system-view [HUAWEI] sysname NPE2 [NPE2] interface gigabitethernet1/0/1 [NPE2-GigabitEthernet1/0/1] mode user-termination [NPE2-GigabitEthernet1/0/1] undo shutdown [NPE2-GigabitEthernet1/0/1] quit [NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/1.1] control-vid 1 qinq-termination [NPE2-GigabitEthernet1/0/1.1] qinq termination pe-vid 10 ce-vid 1 [NPE2-GigabitEthernet1/0/1.1] ip address 10.1.1.253 24 [NPE2-GigabitEthernet1/0/1.1] arp broadcast enable [NPE2-GigabitEthernet1/0/1.1] quit [NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] control-vid 100 qinq-termination [NPE2-GigabitEthernet1/0/1.100] qinq termination pe-vid 10 ce-vid [NPE2-GigabitEthernet1/0/1.100] ip address 10.100.1.253 24 [NPE2-GigabitEthernet1/0/1.100] arp broadcast enable [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] control-vid 101 qinq-termination [NPE2-GigabitEthernet1/0/1.101] qinq termination pe-vid 10 ce-vid [NPE2-GigabitEthernet1/0/1.101] ip address 10.101.1.253 24 [NPE2-GigabitEthernet1/0/1.101] arp broadcast enable [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] control-vid 102 qinq-termination [NPE2-GigabitEthernet1/0/1.102] qinq termination pe-vid 10 ce-vid [NPE2-GigabitEthernet1/0/1.102] ip address 10.102.1.253 24 [NPE2-GigabitEthernet1/0/1.102] arp broadcast enable [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] control-vid 103 qinq-termination [NPE2-GigabitEthernet1/0/1.103] qinq termination pe-vid 10 ce-vid [NPE2-GigabitEthernet1/0/1.103] ip address 10.103.1.253 24 [NPE2-GigabitEthernet1/0/1.103] arp broadcast enable [NPE2-GigabitEthernet1/0/1.103] quit
NOTE
to 100
101 to 200
201 to 300
301 to 400
401 to 500
After the IP address is assigned to a sub-interface for QinQ VLAN tag termination, it is recommended to run the arp broadcast enable command. Otherwise, the sub-interfaces for QinQ VLAN tag termination fail to ping through each other.
# After the configuration, the sub-interfaces for QinQ VLAN tag termination in the same network segment on NPE1 and NPE2 can ping through each other across the VPLS convergence network. It indicates that the link between NPE1 and NPE2 works normally. Take the ping between NPE1 and NPE2 as an example. The interfaces of NPE1 and NPE2 where the mVRRP backup group is configured can ping through each other.
[NPE1] ping 10.1.1.253 PING 10.1.1.253: 56 data bytes, press CTRL_C to break Reply from 10.1.1.253: bytes=56 Sequence=1 ttl=255 time=160 ms Reply from 10.1.1.253: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 10.1.1.253: bytes=56 Sequence=3 ttl=255 time=160 ms Reply from 10.1.1.253: bytes=56 Sequence=4 ttl=255 time=180 ms Reply from 10.1.1.253: bytes=56 Sequence=5 ttl=255 time=120 ms --- 10.1.1.253 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/142/180 ms
The interfaces of NPE1 and NPE2 where the service VRRP backup group is configured can ping through each other.
The NPE and the CE in the same network segment can ping through each other. It indicates that the link between the NPE and the CE works normally. Take the ping between NPE1 and CE1 or between NPE2 and CE1 as an example.
[NPE1] ping 10.100.1.1 PING 10.100.1.1: 56 data Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: bytes, press CTRL_C bytes=56 Sequence=1 bytes=56 Sequence=2 bytes=56 Sequence=3 bytes=56 Sequence=4 bytes=56 Sequence=5 to break ttl=255 time=180 ttl=255 time=160 ttl=255 time=150 ttl=255 time=150 ttl=255 time=120
ms ms ms ms ms
--- 10.100.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 120/152/180 ms [NPE2] ping 10.100.1.1 PING 10.100.1.1: 56 data bytes, press CTRL_C to break Reply from 10.100.1.1: bytes=56 Sequence=1 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=2 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=3 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=4 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=5 ttl=255 --- 10.100.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 70/122/190 ms
time=190 ms time=120 ms time=130 ms time=100 ms time=70 ms
Step 2 Configure basic VRRP functions on the sub-interfaces for QinQ VLAN tag termination of NPE1 and NPE2. # On NPE1, configure the mVRRP backup group with VRID being 10 on GE 1/0/1.1 and configure the service VRRP backup group on other sub-interfaces.
[NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/1.1] qinq vrrp pe-vid 10 ce-vid 100 [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 virtual-ip 10.1.1.1 [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 priority 120 [NPE1-GigabitEthernet1/0/1.1] admin-vrrp vrid 10 [NPE1-GigabitEthernet1/0/1.1] quit [NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] qinq vrrp pe-vid 10 ce-vid 101 [NPE1-GigabitEthernet1/0/1.100] vrrp vrid 100 virtual-ip 10.100.1.200 [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] qinq vrrp pe-vid 10 ce-vid 201 [NPE1-GigabitEthernet1/0/1.101] vrrp vrid 101 virtual-ip 10.101.1.200 [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] qinq vrrp pe-vid 10 ce-vid 301 [NPE1-GigabitEthernet1/0/1.102] vrrp vrid 102 virtual-ip 10.102.1.200
Issue 03 (2010-03-31)
4-71
[NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] qinq vrrp pe-vid 10 ce-vid 401 [NPE1-GigabitEthernet1/0/1.103] vrrp vrid 103 virtual-ip 10.103.1.200 [NPE1-GigabitEthernet1/0/1.103] quit
# On NPE2, configure the mVRRP backup group with VRID being 10 on GE 1/0/1.1 and configure the service VRRP backup group on other sub-interfaces.
[NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/1.1] qinq vrrp pe-vid 10 ce-vid 100 [NPE2-GigabitEthernet1/0/1.1] vrrp vrid 10 virtual-ip 10.1.1.1 [NPE2-GigabitEthernet1/0/1.1] admin-vrrp vrid 10 [NPE2-GigabitEthernet1/0/1.1] quit [NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] qinq vrrp pe-vid 10 ce-vid 101 [NPE2-GigabitEthernet1/0/1.100] vrrp vrid 100 virtual-ip 10.100.1.200 [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] qinq vrrp pe-vid 10 ce-vid 201 [NPE2-GigabitEthernet1/0/1.101] vrrp vrid 101 virtual-ip 10.101.1.200 [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] qinq vrrp pe-vid 10 ce-vid 301 [NPE2-GigabitEthernet1/0/1.102] vrrp vrid 102 virtual-ip 10.102.1.200 [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] qinq vrrp pe-vid 10 ce-vid 401 [NPE2-GigabitEthernet1/0/1.103] vrrp vrid 103 virtual-ip 10.103.1.200 [NPE2-GigabitEthernet1/0/1.103] quit
After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows: On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, Type is Normal.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Normal 10.100.1.200 101 Master GE1/0/1.101 Normal 10.101.1.200 102 Master GE1/0/1.102 Normal 10.102.1.200 103 Master GE1/0/1.103 Normal 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, Type is Normal.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Normal 10.100.1.200 101 Backup GE1/0/1.101 Normal 10.101.1.200 102 Backup GE1/0/1.102 Normal 10.102.1.200 103 Backup GE1/0/1.103 Normal 10.103.1.200
Step 3 Bind the service VRRP backup group to the mVRRP backup group on NPE1 and NPE2. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] vrrp vrid 100 track admin-vrrp interface
4-72
Issue 03 (2010-03-31)
gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] vrrp vrid 101 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] vrrp vrid 102 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] vrrp vrid 103 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.103] quit
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] vrrp vrid gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] vrrp vrid gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] vrrp vrid gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] vrrp vrid gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.103] quit
NOTE
100 track admin-vrrp interface
l l
In this configuration example, using the vrrp vrid track admin-vrrp command, you need to specify the keyword unflowdown. If unspecified, when the status of the mVRRP backup group tracked by the service VRRP backup is Backup, the status of the interface where the service VRRP backup group is configured becomes Flow down, the status of the service VRRP backup group becomes Initialize, and the status of the link BFD session becomes Down. When the number of link BFD sessions in the Down state reaches the threshold, the status of the mVRRP backup also becomes Initialize, thus failing to implement master/backup switchover of the mVRRP backup group.
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin.
Issue 03 (2010-03-31)
4-73
l
For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
At that time, the service VRRP backup group is bound to the mVRRP backup group and their respective status is normal. Step 4 Configure basic BFD functions on NPE1 and NPE2. # Configure the peer BFD session between NPE1 and NPE2; configure the link BFD session between NPE1 and each CE and between NPE2 and each CE. # Configure NPE1.
[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 10.1.1.253 interface gigabitethernet1/0/1.1 source-ip 10.1.1.254 auto [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit [NPE1] bfd link1 bind peer-ip 10.100.1.1 interface gigabitethernet1/0/1.100 sourceip 10.100.1.254 auto [NPE1-bfd-session-link1] commit [NPE1-bfd-session-link1] quit [NPE1] bfd link2 bind peer-ip 10.101.1.1 interface gigabitethernet1/0/1.101 sourceip 10.101.1.254 auto [NPE1-bfd-session-link2] commit [NPE1-bfd-session-link2] quit [NPE1] bfd link3 bind peer-ip 10.102.1.1 interface gigabitethernet1/0/1.102 sourceip 10.102.1.254 auto [NPE1-bfd-session-link3] commit [NPE1-bfd-session-link3] quit [NPE1] bfd link4 bind peer-ip 10.103.1.1 interface gigabitethernet1/0/1.103 sourceip 10.103.1.254 auto [NPE1-bfd-session-link4] commit [NPE1-bfd-session-link4] quit
# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 10.1.1.254 interface gigabitethernet1/0/1.1 source-ip 10.1.1.253 auto [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit [NPE2] bfd link1 bind peer-ip 10.100.1.1 interface gigabitethernet1/0/1.100 sourceip 10.100.1.253 auto [NPE2-bfd-session-link1] commit [NPE2-bfd-session-link1] quit [NPE2] bfd link2 bind peer-ip 10.101.1.1 interface gigabitethernet1/0/1.101 sourceip 10.101.1.253 auto [NPE2-bfd-session-link2] commit [NPE2-bfd-session-link2] quit [NPE2] bfd link3 bind peer-ip 10.102.1.1 interface gigabitethernet1/0/1.102 sourceip 10.102.1.253 auto [NPE2-bfd-session-link3] commit [NPE2-bfd-session-link3] quit [NPE2] bfd link4 bind peer-ip 10.103.1.1 interface gigabitethernet1/0/1.103 sourceip 10.103.1.253 auto [NPE2-bfd-session-link4] commit [NPE2-bfd-session-link4] quit
4-74
Issue 03 (2010-03-31)
After the previous configurations are finished and the CE is correctly configured with the BFD session, run the display bfd configuration all command on the NPE. The command output shows that Commit is True. # Take NPE1 as an example.
[NPE1] display bfd configuration all -------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown -------------------------------------------------------------------------------peer1 S_AUTO_IF 8192 256 1 True False link1 S_AUTO_IF 8193 257 1 True False link2 S_AUTO_IF 8194 258 1 True False link3 S_AUTO_IF 8195 259 1 True False link4 S_AUTO_IF 8196 260 1 True False -------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 5/0
Run the display bfd session all command. The command output shows that State is Up. # Take NPE1 as an example.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF GigabitEthernet1/0/1.1 8193 8192 10.100.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 5/0
Step 5 Configure VRRP fast switchover using BFD sampling.

NOTE
Since the service VRRP backup group is bound to the mVRRP backup group, it is only required to configure the mVRRP backup group on GE 1/0/1.1 of NPE1 and NPE2 to implement VRRP fast switchover using BFD sampling.
# Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 peer [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 link [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 link [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 link [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 link [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 [NPE1-GigabitEthernet1/0/1.1] vrrp trigger [NPE1-GigabitEthernet1/0/1.1] quit track bfd-session session-name peer1 track bfd-session session-name link1 track bfd-session session-name link2 track bfd-session session-name link3 track bfd-session session-name link4 track link-bfd down-number 2 route
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/1.1] vrrp vrid peer [NPE2-GigabitEthernet1/0/1.1] vrrp vrid link [NPE2-GigabitEthernet1/0/1.1] vrrp vrid link [NPE2-GigabitEthernet1/0/1.1] vrrp vrid 10 track bfd-session session-name peer1 10 track bfd-session session-name link1 10 track bfd-session session-name link2 10 track bfd-session session-name link3
Issue 03 (2010-03-31)
4-75
link [NPE2-GigabitEthernet1/0/1.1] link [NPE2-GigabitEthernet1/0/1.1] [NPE2-GigabitEthernet1/0/1.1] [NPE2-GigabitEthernet1/0/1.1]
vrrp vrid 10 track bfd-session session-name link4 vrrp vrid 10 track link-bfd down-number 2 vrrp trigger route quit
After the previous configurations, run the display vrrp interface command on the NPE. The command output shows that, the allowable maximum number of the link BFD sessions in the Down state tracked by the mVRRP backup group is 2, the mVRRP backup group is bound to one peer BFD session and four link BFD sessions, and the status of all BFD sessions is Up.
[NPE1] display vrrp interface gigabitethernet1/0/1.1 GigabitEthernet1/0/1.1 | Virtual Router 10 State : Master Virtual IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 BFD-session state : UP Track BFD : link2 BFD-session state : UP Track BFD : link3 BFD-session state : UP Track BFD : link4 BFD-session state : UP Track BFD : peer1 BFD-session state : UP
Delay Time : 0
type: link type: link type: link type: link type: peer
[NPE2] display vrrp interface gigabitethernet1/0/1.1 GigabitEthernet1/0/1.1 | Virtual Router 10 State : Backup Virtual IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 type: link BFD-session state : UP Track BFD : link2 type: link BFD-session state : UP Track BFD : link3 type: link BFD-session state : UP Track BFD : link4 type: link BFD-session state : UP Track BFD : peer1 type: peer BFD-session state : UP
Step 6 Verify the configuration. After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows:
On NPE1:
l l
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
On NPE1, run the shutdown command on GE 1/0/1.100 to replicate the fault between NPE1 and CE1.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] shutdown [NPE1-GigabitEthernet1/0/1.100] quit
The command output shows that the BFD session between NPE1 and CE1 goes Down.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF GigabitEthernet1/0/1.1 8193 0 10.100.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 4/1
In this configuration example, when two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover. Currently, only one link BFD session is Down, so the mVRRP backup group does not perform master/backup switchover. On NPE1:
l l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID being 100, State is Initialize and Type is Member. For the VRRP backup group with the VRID not being 10 or 100, State is Master and Type is Member.
Type Virtual IP
[NPE1] display vrrp brief VRID State Interface
Issue 03 (2010-03-31)
4-77
-------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Initialize GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF GigabitEthernet1/0/1.1 8193 0 10.100.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.100 8194 0 10.101.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 3/2
In this configuration example, the threshold for the number of link BFD sessions in the Down state tracked by the mVRRP backup group is 2. That is, when two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover. Currently, two link BFD sessions go Down, so the mVRRP backup group performs master/ backup switchover. On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Initialize and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Initialize and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Initialize GE1/0/1.1 Admin 10.1.1.1 100 Initialize GE1/0/1.100 Member 10.100.1.200 101 Initialize GE1/0/1.101 Member 10.101.1.200 102 Initialize GE1/0/1.102 Member 10.102.1.200 103 Initialize GE1/0/1.103 Member 10.103.1.200
On NPE2:

l l
On NPE1, run the undo shutdown command on GE 1/0/1.100 and GE1/0/1.101 to replicate the recovery of the fault between NPE1 and CE1 or between NPE1 and CE2. The command output shows that the BFD sessions between NPE1 and CE1 and between NPE1 and CE2 go Up.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF GigabitEthernet1/0/1.1 8193 8192 10.100.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 5/0
It indicates that the statuses of VRRP backup groups on NPE1 and NPE2 recover. On NPE1:
l l
On NPE2:
l l
----End
Issue 03 (2010-03-31)
4-79
Configuration Files
l
Configuration file of NPE1

# sysname NPE1 # bfd # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 qinq-termination qinq termination pe-vid 10 ce-vid 1 to 100 qinq vrrp pe-vid 10 ce-vid 100 ip address 10.1.1.254 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 vrrp vrid 10 priority 120 vrrp vrid 10 track bfd-session session-name link1 link vrrp vrid 10 track bfd-session session-name link2 link vrrp vrid 10 track bfd-session session-name link3 link vrrp vrid 10 track bfd-session session-name link4 link vrrp vrid 10 track bfd-session session-name peer1 peer vrrp vrid 10 track link-bfd down-number 2 vrrp trigger route arp broadcast enable # interface GigabitEthernet1/0/1.100 control-vid 100 qinq-termination qinq termination pe-vid 10 ce-vid 101 to 200 qinq vrrp pe-vid 10 ce-vid 101 ip address 10.100.1.254 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 vrrp vrid 100 track admin-vrrp interface GigabitEthernet1/0/1.1 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.101 control-vid 101 qinq-termination qinq termination pe-vid 10 ce-vid 201 to 300 qinq vrrp pe-vid 10 ce-vid 201 ip address 10.101.1.254 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 vrrp vrid 101 track admin-vrrp interface GigabitEthernet1/0/1.1 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.102 control-vid 102 qinq-termination qinq termination pe-vid 10 ce-vid 301 to 400 qinq vrrp pe-vid 10 ce-vid 301 ip address 10.102.1.254 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 vrrp vrid 102 track admin-vrrp interface GigabitEthernet1/0/1.1 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.103 control-vid 103 qinq-termination qinq termination pe-vid 10 ce-vid 401 to 500 qinq vrrp pe-vid 10 ce-vid 401 ip address 10.103.1.254 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 vrrp vrid 103 track admin-vrrp interface GigabitEthernet1/0/1.1 unflowdown arp broadcast enable #
vrid 10
vrid 10
vrid 10
vrid 10
4-80
Issue 03 (2010-03-31)

bfd link1 bind peer-ip 10.100.1.254 auto commit # bfd link2 bind peer-ip 10.101.1.254 auto commit # bfd link3 bind peer-ip 10.102.1.254 auto commit # bfd link4 bind peer-ip 10.103.1.254 auto commit # bfd peer1 bind peer-ip 10.1.1.254 auto commit # return l
10.100.1.1 interface GigabitEthernet1/0/1.100 source-ip

# sysname NPE2 # bfd # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.1 control-vid 1 qinq-termination qinq termination pe-vid 10 ce-vid 1 to 100 qinq vrrp pe-vid 10 ce-vid 100 ip address 10.1.1.253 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 vrrp vrid 10 track bfd-session session-name link1 link vrrp vrid 10 track bfd-session session-name link2 link vrrp vrid 10 track bfd-session session-name link3 link vrrp vrid 10 track bfd-session session-name link4 link vrrp vrid 10 track bfd-session session-name peer1 peer vrrp vrid 10 track link-bfd down-number 2 vrrp trigger route arp broadcast enable # interface GigabitEthernet1/0/1.100 control-vid 100 qinq-termination qinq termination pe-vid 10 ce-vid 101 to 200 qinq vrrp pe-vid 10 ce-vid 101 ip address 10.100.1.253 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 vrrp vrid 100 track admin-vrrp interface GigabitEthernet1/0/1.1 vrid 10 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.101 control-vid 101 qinq-termination qinq termination pe-vid 10 ce-vid 201 to 300 qinq vrrp pe-vid 10 ce-vid 201 ip address 10.101.1.253 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 vrrp vrid 101 track admin-vrrp interface GigabitEthernet1/0/1.1 vrid 10 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.102 control-vid 102 qinq-termination
Issue 03 (2010-03-31)
4-81

qinq termination pe-vid 10 ce-vid 301 to 400 qinq vrrp pe-vid 10 ce-vid 301 ip address 10.102.1.253 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 vrrp vrid 102 track admin-vrrp interface GigabitEthernet1/0/1.1 vrid 10 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.103 control-vid 103 qinq-termination qinq termination pe-vid 10 ce-vid 401 to 500 qinq vrrp pe-vid 10 ce-vid 401 ip address 10.103.1.253 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 vrrp vrid 103 track admin-vrrp interface GigabitEthernet1/0/1.1 vrid 10 unflowdown arp broadcast enable # bfd link1 bind peer-ip 10.100.1.1 interface GigabitEthernet1/0/1.100 source-ip 10.100.1.253 auto commit # bfd link2 bind peer-ip 10.101.1.1 interface GigabitEthernet1/0/1.101 source-ip 10.101.1.253 auto commit # bfd link3 bind peer-ip 10.102.1.1 interface GigabitEthernet1/0/1.102 source-ip 10.102.1.253 auto commit # bfd link4 bind peer-ip 10.103.1.1 interface GigabitEthernet1/0/1.103 source-ip 10.103.1.253 auto commit # bfd peer1 bind peer-ip 10.1.1.254 interface GigabitEthernet1/0/1.1 source-ip 10.1.1.253 auto commit # return
Configuration file of PE1

# sysname PE1 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 100 peer 4.4.4.4 peer 5.5.5.5 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 200.1.34.3 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 l2 binding vsi ldp1 #
4-82
Issue 03 (2010-03-31)

interface GigabitEthernet1/0/3 undo shutdown ip address 200.1.35.3 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 200.1.34.0 0.0.0.255 network 200.1.35.0 0.0.0.255 # return l

# sysname PE2 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 100 peer 3.3.3.3 peer 5.5.5.5 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 200.1.34.4 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/4 undo shutdown ip address 200.1.45.4 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 200.1.34.0 0.0.0.255 network 200.1.45.0 0.0.0.255 # return

# sysname PE3 # mpls lsr-id 5.5.5.5 mpls
Issue 03 (2010-03-31)
4-83
# mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 100 peer 3.3.3.3 peer 4.4.4.4 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1 undo shutdown ip address 200.1.35.5 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown ip address 200.1.45.5 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 200.1.35.0 0.0.0.255 network 200.1.45.0 0.0.0.255 # return l
Configuration file of CE
# sysname CE1 # bfd # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.100 control-vid 100 qinq-termination qinq termination pe-vid 10 ce-vid 110 ip address 10.100.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.101 control-vid 101 qinq-termination qinq termination pe-vid 10 ce-vid 210 ip address 10.101.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.102 control-vid 102 qinq-termination qinq termination pe-vid 10 ce-vid 310 ip address 10.102.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.103
4-84
Issue 03 (2010-03-31)

control-vid 103 qinq-termination qinq termination pe-vid 10 ce-vid 410 ip address 10.103.1.1 255.255.255.0 arp broadcast enable # bfd link11 bind peer-ip 10.100.1.254 interface i p 10.100.1.1 auto commit # bfd link12 bind peer-ip 10.101.1.254 interface i p 10.101.1.1 auto commit # bfd link13 bind peer-ip 10.102.1.254 interface i p 10.102.1.1 auto commit # bfd link14 bind peer-ip 10.103.1.254 interface i p 10.103.1.1 auto commit # bfd link21 bind peer-ip 10.100.1.253 interface i p 10.100.1.1 auto commit # bfd link22 bind peer-ip 10.101.1.253 interface i p 10.101.1.1 auto commit # bfd link23 bind peer-ip 10.102.1.253 interface i p 10.102.1.1 auto commit # bfd link24 bind peer-ip 10.103.1.253 interface i p 10.103.1.1 auto commit # return
GigabitEthernet1/0/1.100 source-
4.13.6 Example for Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured
As shown in Figure 4-10, the CE connects to the sub-interface for QinQ termination of the NPE across the VPLS convergence network. On the NPE, the mVRRP backup group and the service VRRP backup group are configured and the mVRRP backup group implements master/backup fast switchover by tracking the BFD session. In this configuration example, the following restrictions are imposed on the network:
l
The VPLS convergence network belongs to another operator, so the link BFD session cannot be directly established between NPE1 and PE1 and between NPE2 and PE2.
Issue 03 (2010-03-31)
4-85
l
In the VPLS convergence network, the PW is established only between PE1 and PE3 and between PE1 and PE2. According to the VPLS split horizon rule, the mVRRP backup group or the peer BFD session cannot be established between NPE1 and NPE2.
In this scenario, you can use the function of ignorance of interface down to implement VRRP fast switchover.
NOTE
l l
With BFD sampling, the NPE establishes link BFD sessions with each CE. ignore-if-down: If the status of the interface where the mVRRP backup group is configured is Down, the status of the mVRRP backup group is switched to Master rather than Initialize.
For the NPE:

l
NPE1 and NPE2 establish the mVRRP backup group and peer BFD session through their respective interfaces Eth-Trunk1. NPE1 and NPE2 establish the service VRRP backup group through their respective interfaces GE 1/0/1 that connect to the VPLS convergence network. NPE1 or NPE2 establishes four link BFD sessions respectively with four CEs through GE 1/0/1. The mVRRP backup group is responsible for tracking the status of the four BFD sessions concurrently. When two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover.
4-86
Issue 03 (2010-03-31)
Figure 4-10 Typical networking of ignorance of the down of an interface where the mVRRP backup group is configured
Access
Aggregation VPLS Network

# interface GigabitEthernet1/0/1.100 ip address 10.100.1.254 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 # interface GigabitEthernet1/0/1.101 ip address 10.101.1.254 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 # interface GigabitEthernet1/0/1.102 ip address 10.102.1.254 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 # interface GigabitEthernet1/0/1.103 ip address 10.103.1.254 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 #
Core
CE1
# interface Eth-Trunk 1.1 ip address 10.1.1.254 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 #
NPE1 CE2
CE3
PW Link BFD PW
PE1 PE2 Peer BFD
MPLS/IP Core
PE3
NPE2
# interface GigabitEthernet1/0/1.100 ip address 10.100.1.253 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 # interface GigabitEthernet1/0/1.101 ip address 10.101.1.253 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 # interface GigabitEthernet1/0/1.102 ip address 10.102.1.253 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 # interface GigabitEthernet1/0/1.103 ip address 10.103.1.253 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 # # interface Eth-Trunk 1.1 ip address 10.1.1.253 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 #
CE4
Issue 03 (2010-03-31)
4-87
The configuration roadmap is as follows: 1. 2. Configure the sub-interface for QinQ VLAN tag termination on NPE1 and NPE2. Configure the mVRRP backup group and service VRRP backup group on the sub-interfaces for QinQ VLAN tag termination of NPE1 and NPE2 and bind the service VRRP backup group with the mVRRP backup group. Establish the BFD session between NPE1 and NPE2 and between the NPE and the CE. Configure master/backup fast switchover of the mVRRP backup group using BFD sampling.
3. 4.
Data Preparation
l l
Virtual Router IDs (VRIDs) and virtual IP addresses Priorities of VRRP backup groups
Procedure
Step 1 Configure the Eth-Trunk interface on NPE1 and NPE2.
NOTE
Only the configuration procedures of NPE1 and NPE2 are provided here. For the configuration procedures of the BFD function of the CE as shown in Figure 4-9 and the VPLS convergence network, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability and Configuration Guide - VPN.
# Configure NPE1.
<HUAWEI> system-view [HUAWEI] sysname NPE1 [NPE1] interface Eth-Trunk 1 [NPE1-Eth-Trunk1] quit [NPE1] interface gigabitethernet1/0/2 [NPE1-GigabitEthernet1/0/2] undo shutdown [NPE1-GigabitEthernet1/0/2] eth-trunk 1 [NPE1-GigabitEthernet1/0/2] quit [NPE1] interface gigabitethernet2/0/1 [NPE1-GigabitEthernet2/0/1] undo shutdown [NPE1-GigabitEthernet2/0/1] eth-trunk 1 [NPE1-GigabitEthernet2/0/1] quit
# Configure NPE2.
<HUAWEI> system-view [HUAWEI] sysname NPE2 [NPE2] interface Eth-Trunk 1 [NPE2-Eth-Trunk1] quit [NPE2] interface gigabitethernet1/0/2 [NPE2-GigabitEthernet1/0/2] undo shutdown [NPE2-GigabitEthernet1/0/2] eth-trunk 1 [NPE2-GigabitEthernet1/0/2] quit [NPE2] interface gigabitethernet2/0/1 [NPE2-GigabitEthernet2/0/1] undo shutdown [NPE2-GigabitEthernet2/0/1] eth-trunk 1 [NPE2-GigabitEthernet2/0/1] quit
Step 2 Configure the sub-interface for QinQ VLAN tag termination on NPE1 and NPE2. # Configure NPE1.
[NPE1] interface eth-trunk 1 [NPE1-Eth-Trunk1] mode user-termination [NPE1-Eth-Trunk1] undo shutdown [NPE1-Eth-Trunk1] quit [NPE1] interface eth-trunk 1.1 [NPE1-Eth-Trunk1.1] control-vid 1 qinq-termination [NPE1-Eth-Trunk1.1] qinq termination pe-vid 10 ce-vid 1 to 100 [NPE1-Eth-Trunk1.1] ip address 10.1.1.254 24 [NPE1-Eth-Trunk1.1] arp broadcast enable [NPE1-Eth-Trunk1.1] quit [NPE1] interface gigabitethernet1/0/1 [NPE1-GigabitEthernet1/0/1] mode user-termination [NPE1-GigabitEthernet1/0/1] undo shutdown [NPE1-GigabitEthernet1/0/1] quit [NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] control-vid 100 qinq-termination [NPE1-GigabitEthernet1/0/1.100] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.100] ip address 10.100.1.254 24 [NPE1-GigabitEthernet1/0/1.100] arp broadcast enable [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] control-vid 101 qinq-termination [NPE1-GigabitEthernet1/0/1.101] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.101] ip address 10.101.1.254 24 [NPE1-GigabitEthernet1/0/1.101] arp broadcast enable [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] control-vid 102 qinq-termination [NPE1-GigabitEthernet1/0/1.102] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.102] ip address 10.102.1.254 24 [NPE1-GigabitEthernet1/0/1.102] arp broadcast enable [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] control-vid 103 qinq-termination [NPE1-GigabitEthernet1/0/1.103] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.103] ip address 10.103.1.254 24 [NPE1-GigabitEthernet1/0/1.103] arp broadcast enable [NPE1-GigabitEthernet1/0/1.103] quit
101 to 200
201 to 300
301 to 400
401 to 500
# Configure NPE2.
[NPE2] interface eth-trunk 1 [NPE2-Eth-Trunk1] mode user-termination [NPE2-Eth-Trunk1] quit [NPE2] interface eth-trunk 1.1 [NPE2-Eth-Trunk1.1] control-vid 1 qinq-termination [NPE2-Eth-Trunk1.1] qinq termination pe-vid 10 ce-vid 1 to 100 [NPE2-Eth-Trunk1.1] ip address 10.1.1.253 24 [NPE2-Eth-Trunk1.1] arp broadcast enable [NPE2-Eth-Trunk1.1] quit [NPE2] interface gigabitethernet1/0/1 [NPE2-GigabitEthernet1/0/1] mode user-termination [NPE2-GigabitEthernet1/0/1] undo shutdown [NPE2-GigabitEthernet1/0/1] quit [NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] control-vid 100 qinq-termination [NPE2-GigabitEthernet1/0/1.100] qinq termination pe-vid 10 ce-vid 101 to 200 [NPE2-GigabitEthernet1/0/1.100] ip address 10.100.1.253 24 [NPE2-GigabitEthernet1/0/1.100] arp broadcast enable [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] control-vid 101 qinq-termination [NPE2-GigabitEthernet1/0/1.101] qinq termination pe-vid 10 ce-vid 201 to 300 [NPE2-GigabitEthernet1/0/1.101] ip address 10.101.1.253 24 [NPE2-GigabitEthernet1/0/1.101] arp broadcast enable [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] control-vid 102 qinq-termination [NPE2-GigabitEthernet1/0/1.102] qinq termination pe-vid 10 ce-vid 301 to 400 [NPE2-GigabitEthernet1/0/1.102] ip address 10.102.1.253 24
Issue 03 (2010-03-31)
4-89
[NPE2-GigabitEthernet1/0/1.102] arp broadcast enable [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] control-vid 103 qinq-termination [NPE2-GigabitEthernet1/0/1.103] qinq termination pe-vid 10 ce-vid 401 to 500 [NPE2-GigabitEthernet1/0/1.103] ip address 10.103.1.253 24 [NPE2-GigabitEthernet1/0/1.103] arp broadcast enable [NPE2-GigabitEthernet1/0/1.103] quit
NOTE
After the IP address is assigned to a sub-interface for QinQ VLAN tag termination, it is recommended to run the arp broadcast enable command. Otherwise, the sub-interfaces for QinQ VLAN tag termination fail to ping through each other.
# After the configuration, the IP address of Eth-Trunk1.1 on NPE1 and the IP address of EthTrunk1.1 of NPE2 can ping through each other. It indicates that the link between NPE1 and NPE2 works normally. Take the ping between NPE1 and NPE2 as an example. The interfaces where the mVRRP backup group is configured can ping through each other.
According to the split horizon rule of the VPLS convergence network, the interfaces of NPE1 and NP2 where the service VRRP backup group is configured cannot ping through each other. Take GE 1/0/1.100 of NPE1 as an example:
[NPE1] ping 10.100.1.253 PING 10.100.1.253: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 3.3.3.3 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
The NPE and the CE in the same network segment can ping through each other. It indicates that the link between the NPE and the CE works normally. Take the ping between NPE1 and CE1 or between NPE2 and CE1 as an example.
[NPE1] ping 10.100.1.1 PING 10.100.1.1: 56 data Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: bytes, press CTRL_C bytes=56 Sequence=1 bytes=56 Sequence=2 bytes=56 Sequence=3 bytes=56 Sequence=4 bytes=56 Sequence=5 to break ttl=255 time=180 ttl=255 time=160 ttl=255 time=150 ttl=255 time=150 ttl=255 time=120
ms ms ms ms ms
--- 10.100.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
4-90
Issue 03 (2010-03-31)

round-trip min/avg/max = 120/152/180 ms [NPE2] ping 10.100.1.1 PING 10.100.1.1: 56 data bytes, press CTRL_C to break Reply from 10.100.1.1: bytes=56 Sequence=1 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=2 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=3 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=4 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=5 ttl=255 --- 10.100.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 70/122/190 ms
time=190 ms time=120 ms time=130 ms time=100 ms time=70 ms
Step 3 Configure basic VRRP functions on the sub-interfaces for QinQ VLAN tag termination of NPE1 and NPE2.
NOTE
In this configuration example, you need to specify the keyword ignore-if-down in using the adminvrrp command. Thus, when the interface where the VRRP backup group is configured goes Down, the status of the VRRP backup group is switched to Master. If unspecified, when Eth-Trunk1.1 on NPE1 goes Down because of a fault, Eth-Trunk1.1 on NPE2 goes Down accordingly and the status of the VRRP backup group configured on this interface is switched from Backup to Initialize, thus failing to implement VRRP fast switchover. In the scenario as shown in Figure 4-10, if NPE1 is not faulty, it is not recommended to run the shutdown command on Eth-Trunk1.1 on NPE1. Otherwise, the mVRRP backup groups on NPE1 and NPE2 both become the Master status, causing service interruption. In all networking environments except the scenario as shown in , it is not recommended to use the keyword ignore-if-down. Otherwise, the state machine of the VRRP backup group is inconsistent with that defined in RFC.
# On NPE1, configure the mVRRP backup group with VRID being 10 on Eth-Trunk1.1 and configure the service VRRP backup group on the sub-interfaces of GE 1/0/1.
[NPE1] interface eth-trunk 1.1 [NPE1-Eth-Trunk1.1] qinq vrrp pe-vid 10 ce-vid 100 [NPE1-Eth-Trunk1.1] vrrp vrid 10 virtual-ip 10.1.1.1 [NPE1-Eth-Trunk1.1] vrrp vrid 10 priority 120 [NPE1-Eth-Trunk1.1] admin-vrrp vrid 10 ignore-if-down [NPE1-Eth-Trunk1.1] quit [NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] qinq vrrp pe-vid 10 ce-vid 101 [NPE1-GigabitEthernet1/0/1.100] vrrp vrid 100 virtual-ip 10.100.1.200 [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] qinq vrrp pe-vid 10 ce-vid 201 [NPE1-GigabitEthernet1/0/1.101] vrrp vrid 101 virtual-ip 10.101.1.200 [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] qinq vrrp pe-vid 10 ce-vid 301 [NPE1-GigabitEthernet1/0/1.102] vrrp vrid 102 virtual-ip 10.102.1.200 [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] qinq vrrp pe-vid 10 ce-vid 401 [NPE1-GigabitEthernet1/0/1.103] vrrp vrid 103 virtual-ip 10.103.1.200 [NPE1-GigabitEthernet1/0/1.103] quit
# On NPE2, configure the mVRRP backup group with VRID being 10 on Eth-Trunk1.1 and configure the service VRRP backup group on the sub-interfaces of GE 1/0/1.
[NPE2] interface eth-trunk 1.1 [NPE2-Eth-Trunk1.1] qinq vrrp pe-vid 10 ce-vid 100 [NPE2-Eth-Trunk1.1] vrrp vrid 10 virtual-ip 10.1.1.1
Issue 03 (2010-03-31)
4-91
[NPE2-Eth-Trunk1.1] admin-vrrp vrid 10 ignore-if-down [NPE2-Eth-Trunk1.1] quit [NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] qinq vrrp pe-vid 10 ce-vid 101 [NPE2-GigabitEthernet1/0/1.100] vrrp vrid 100 virtual-ip 10.100.1.200 [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] qinq vrrp pe-vid 10 ce-vid 201 [NPE2-GigabitEthernet1/0/1.101] vrrp vrid 101 virtual-ip 10.101.1.200 [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] qinq vrrp pe-vid 10 ce-vid 301 [NPE2-GigabitEthernet1/0/1.102] vrrp vrid 102 virtual-ip 10.102.1.200 [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] qinq vrrp pe-vid 10 ce-vid 401 [NPE2-GigabitEthernet1/0/1.103] vrrp vrid 103 virtual-ip 10.103.1.200 [NPE2-GigabitEthernet1/0/1.103] quit
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Normal.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Normal 10.100.1.200 101 Master GE1/0/1.101 Normal 10.101.1.200 102 Master GE1/0/1.102 Normal 10.102.1.200 103 Master GE1/0/1.103 Normal 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Normal.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Normal 10.100.1.200 101 Master GE1/0/1.101 Normal 10.101.1.200 102 Master GE1/0/1.102 Normal 10.102.1.200 103 Master GE1/0/1.103 Normal 10.103.1.200
NOTE
According to the split horizon rule of the VPLS convergence network, VRRP packets cannot be exchanged between the service VRRP backup groups of NPE1 and NPE2. Hence, the status of the service VRRP backup groups of NPE1 and NPE2 is Master.
Step 4 Bind the service VRRP backup group to the mVRRP backup group on NPE1 and NPE2. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] vrrp vrid 100 track admin-vrrp interface ethtrunk1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] vrrp vrid 101 track admin-vrrp interface ethtrunk1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.101] quit
4-92
Issue 03 (2010-03-31)
[NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] vrrp vrid 102 track admin-vrrp interface ethtrunk1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] vrrp vrid 103 track admin-vrrp interface ethtrunk1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.103] quit
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] vrrp vrid trunk1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] vrrp vrid trunk1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] vrrp vrid trunk1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.102] quit NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] vrrp vrid trunk1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.103] quit
NOTE
100 track admin-vrrp interface eth-
l l
In this configuration example, using the vrrp vrid track admin-vrrp command, you need to specify the keyword unflowdown. If unspecified, when the status of the mVRRP backup group tracked by the service VRRP backup is Backup, the status of the interface where the service VRRP backup group is configured becomes Flow down, the status of the service VRRP backup group becomes Initialize, and the status of the link BFD session becomes Down. When the number of link BFD sessions in the Down state reaches the threshold, the status of the mVRRP backup also becomes Initialize, thus failing to implement master/backup switchover of the mVRRP backup group.
l l
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup Eth-Trunk1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200
Issue 03 (2010-03-31)
4-93
101 102 103 Backup Backup Backup GE1/0/1.101 GE1/0/1.102 GE1/0/1.103 Member Member Member

10.101.1.200 10.102.1.200 10.103.1.200
At that time, the service VRRP backup group is bound to the mVRRP backup group and their status is normal.
NOTE
After the binding is finished, the service VRRP backup group no longer sends VRRP packets. The status of the service VRRP backup group is the same as the status of the bound mVRRP backup group.
Step 5 Configure basic BFD functions on NPE1 and NPE2. # Configure the peer BFD session between NPE1 and NPE2; configure the link BFD session between NPE1 and each CE and between NPE2 and each CE. # Configure NPE1.
[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 10.1.1.253 10.1.1.254 auto [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit [NPE1] bfd link1 bind peer-ip 10.100.1.1 ip 10.100.1.254 auto [NPE1-bfd-session-link1] commit [NPE1-bfd-session-link1] quit [NPE1] bfd link2 bind peer-ip 10.101.1.1 ip 10.101.1.254 auto [NPE1-bfd-session-link2] commit [NPE1-bfd-session-link2] quit [NPE1] bfd link3 bind peer-ip 10.102.1.1 ip 10.102.1.254 auto [NPE1-bfd-session-link3] commit [NPE1-bfd-session-link3] quit [NPE1] bfd link4 bind peer-ip 10.103.1.1 ip 10.103.1.254 auto [NPE1-bfd-session-link4] commit [NPE1-bfd-session-link4] quit
interface eth-trunk 1.1 source-ip
interface gigabitethernet1/0/1.100 source-
# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 10.1.1.254 10.1.1.253 auto [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit [NPE2] bfd link1 bind peer-ip 10.100.1.1 ip 10.100.1.253 auto [NPE2-bfd-session-link1] commit [NPE2-bfd-session-link1] quit [NPE2] bfd link2 bind peer-ip 10.101.1.1 ip 10.101.1.253 auto [NPE2-bfd-session-link2] commit [NPE2-bfd-session-link2] quit [NPE2] bfd link3 bind peer-ip 10.102.1.1 ip 10.102.1.253 auto [NPE2-bfd-session-link3] commit [NPE2-bfd-session-link3] quit [NPE2] bfd link4 bind peer-ip 10.103.1.1 ip 10.103.1.253 auto [NPE2-bfd-session-link4] commit [NPE2-bfd-session-link4] quit
interface eth-trunk 1.1 source-ip
4-94
Issue 03 (2010-03-31)
After the previous configurations are finished and the CE is correctly configured with the BFD session, run the display bfd configuration all command on the NPE. The command output shows that Commit is True. # Take NPE1 as an example.
[NPE1] display bfd configuration all -------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown -------------------------------------------------------------------------------peer1 S_AUTO_IF 8192 4096 1 True False link1 S_AUTO_IF 8193 4097 1 True False link2 S_AUTO_IF 8194 4098 1 True False link3 S_AUTO_IF 8195 4099 1 True False link4 S_AUTO_IF 8196 4100 1 True False -------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 5/0
Run the display bfd session all command on NPE1 to view the status of the BFD session. The command output shows that State is Up. # Take NPE1 as an example.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF Eth-Trunk1.1 8193 8192 10.100.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 5/0
Step 6 Configure VRRP fast switchover using BFD sampling.

NOTE
Since the service VRRP backup group is bound to the mVRRP backup group, it is only required to configure the mVRRP backup group on Eth-Trunk1.1 of NPE1 and NPE2 to implement VRRP fast switchover using BFD sampling.
# Configure NPE1.
[NPE1] interface eth-trunk 1.1 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp trigger [NPE1-Eth-Trunk1.1] quit track track track track track track route bfd-session session-name bfd-session session-name bfd-session session-name bfd-session session-name bfd-session session-name link-bfd down-number 2 peer1 link1 link2 link3 link4 peer link link link link
# Configure NPE2.
[NPE2] interface eth-trunk 1.1 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp trigger [NPE2-Eth-Trunk1.1] quit track track track track track track route bfd-session session-name bfd-session session-name bfd-session session-name bfd-session session-name bfd-session session-name link-bfd down-number 2 peer1 link1 link2 link3 link4 peer link link link link
Issue 03 (2010-03-31)
4-95
After the configuration, run the display vrrp interface command on NPE1 and NPE2. The command output shows that the mVRRP backup group is bound to one peer BFD session and four link BFD sessions and the BFD session status is Up.
[NPE1] display vrrp interface eth-trunk 1.1 Eth-Trunk1.1 | Virtual Router 10 State : Master Virtual IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 type : link BFD-session state : UP Track BFD : link2 type : link BFD-session state : UP Track BFD : link3 type : link BFD-session state : UP Track BFD : link4 type : link BFD-session state : UP Track BFD : peer1 type : peer BFD-session state : UP [NPE2] display vrrp interface eth-trunk 1.1 Eth-Trunk1.1 | Virtual Router 10 State : Backup Virtual IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 type : link BFD-session state : UP Track BFD : link2 type : link BFD-session state : UP Track BFD : link3 type : link BFD-session state : UP Track BFD : link4 type : link BFD-session state : UP Track BFD : peer1 type : peer BFD-session state : UP
Step 7 Verify the configuration. After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows: On NPE1:
l l
[NPE1] display vrrp brief VRID State Interface Type Virtual IP --------------------------------------------------------
4-96
Issue 03 (2010-03-31)

10 100 101 102 103 Master Master Master Master Master Eth-Trunk1.1 GE1/0/1.100 GE1/0/1.101 GE1/0/1.102 GE1/0/1.103 Admin Member Member Member Member 10.1.1.1 10.100.1.200 10.101.1.200 10.102.1.200 10.103.1.200
On NPE2:
l l
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup Eth-Trunk1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF Eth-Trunk1.1 8193 0 10.100.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 4/1
In this configuration example, the threshold for the number of link BFD sessions in the Down state tracked by the mVRRP backup group is 2. That is, when two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover. Currently, only one link BFD session is Down, so the mVRRP backup group does not perform master/backup switchover. On NPE1:
l l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID being 100, State is Initialize and Type is Member. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP ---------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Initialize GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
[NPE2] display vrrp brief VRID State Interface Type Virtual IP --------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF Eth-Trunk1.1 8193 0 10.100.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.100 8194 0 10.101.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 3/2
In this configuration example, the threshold for the number of link BFD sessions in the Down state tracked by the mVRRP backup group is 2. That is, when two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover. Currently, two link BFD sessions go Down, so the mVRRP backup group performs master/ backup switchover. On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Initialize and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Initialize and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP ----------------------------------------------------------10 Initialize Eth-Trunk1.1 Admin 10.1.1.1 100 Initialize GE1/0/1.100 Member 10.100.1.200 101 Initialize GE1/0/1.101 Member 10.101.1.200 102 Initialize GE1/0/1.102 Member 10.102.1.200 103 Initialize GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
[NPE2] display vrrp brief VRID State Interface Type Virtual IP ---------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200
4-98
Issue 03 (2010-03-31)

101 102 103 Master Master Master GE1/0/1.101 GE1/0/1.102 GE1/0/1.103 Member Member Member 10.101.1.200 10.102.1.200 10.103.1.200
On NPE1, run the undo shutdown command on GE 1/0/1.100 and GE1/0/1.101 to replicate the recovery of the fault between NPE1 and CE1 and between NPE1 and CE2.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] undo shutdown [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] undo shutdown [NPE1-GigabitEthernet1/0/1.101] quit
The command output shows that the BFD sessions between NPE1 and CE1 and between NPE1 and CE2 go Up.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF Eth-Trunk1.1 8193 8192 10.100.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 5/0
It indicates that the statuses of the VRRP backup groups on NPE1 and NPE2 recover respectively. On NPE1:
l l
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup Eth-Trunk1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
----End
Configuration Files
l

Issue 03 (2010-03-31)

# sysname NPE1 # bfd # interface Eth-Trunk1 mode user-termination # interface Eth-Trunk1.1 control-vid 1 qinq-termination qinq termination pe-vid 10 ce-vid 1 to 100 qinq vrrp pe-vid 10 ce-vid 100 ip address 10.1.1.254 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 ignore-if-down vrrp vrid 10 priority 120 vrrp vrid 10 track bfd-session session-name link1 link vrrp vrid 10 track bfd-session session-name link2 link vrrp vrid 10 track bfd-session session-name link3 link vrrp vrid 10 track bfd-session session-name link4 link vrrp vrid 10 track bfd-session session-name peer1 peer vrrp vrid 10 track link-bfd down-number 2 vrrp trigger route arp broadcast enable # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.100 control-vid 100 qinq-termination qinq termination pe-vid 10 ce-vid 101 to 200 qinq vrrp pe-vid 10 ce-vid 101 ip address 10.100.1.254 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 vrrp vrid 100 track admin-vrrp interface Eth-Trunk1.1 vrid arp broadcast enable # interface GigabitEthernet1/0/1.101 control-vid 101 qinq-termination qinq termination pe-vid 10 ce-vid 201 to 300 qinq vrrp pe-vid 10 ce-vid 201 ip address 10.101.1.254 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 vrrp vrid 101 track admin-vrrp interface Eth-Trunk1.1 vrid arp broadcast enable # interface GigabitEthernet1/0/1.102 control-vid 102 qinq-termination qinq termination pe-vid 10 ce-vid 301 to 400 qinq vrrp pe-vid 10 ce-vid 301 ip address 10.102.1.254 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 vrrp vrid 102 track admin-vrrp interface Eth-Trunk1.1 vrid arp broadcast enable # interface GigabitEthernet1/0/1.103 control-vid 103 qinq-termination qinq termination pe-vid 10 ce-vid 401 to 500 qinq vrrp pe-vid 10 ce-vid 401 ip address 10.103.1.254 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 vrrp vrid 103 track admin-vrrp interface Eth-Trunk1.1 vrid arp broadcast enable # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 1 #
10 unflowdown
10 unflowdown
10 unflowdown
10 unflowdown
4-100
Issue 03 (2010-03-31)

interface GigabitEthernet2/0/1 undo shutdown eth-trunk 1 # bfd link1 bind peer-ip 10.100.1.1 10.100.1.254 auto commit # bfd link2 bind peer-ip 10.101.1.1 10.101.1.254 auto commit # bfd link3 bind peer-ip 10.102.1.1 10.102.1.254 auto commit # bfd link4 bind peer-ip 10.103.1.1 10.103.1.254 auto commit # bfd peer1 bind peer-ip 10.1.1.253 auto commit # return l
interface GigabitEthernet1/0/1.100 source-ip
interface Eth-Trunk1.1 source-ip 10.1.1.254

# sysname NPE2 # bfd # interface Eth-Trunk1 mode user-termination # interface Eth-Trunk1.1 control-vid 1 qinq-termination qinq termination pe-vid 10 ce-vid 1 to 100 qinq vrrp pe-vid 10 ce-vid 100 ip address 10.1.1.253 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 ignore-if-down vrrp vrid 10 track bfd-session session-name link1 link vrrp vrid 10 track bfd-session session-name link2 link vrrp vrid 10 track bfd-session session-name link3 link vrrp vrid 10 track bfd-session session-name link4 link vrrp vrid 10 track bfd-session session-name peer1 peer vrrp vrid 10 track link-bfd down-number 2 vrrp trigger route arp broadcast enable # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.100 control-vid 100 qinq-termination qinq termination pe-vid 10 ce-vid 101 to 200 qinq vrrp pe-vid 10 ce-vid 101 ip address 10.100.1.253 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 vrrp vrid 100 track admin-vrrp interface Eth-Trunk1.1 vrid 10 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.101 control-vid 101 qinq-termination qinq termination pe-vid 10 ce-vid 201 to 300 qinq vrrp pe-vid 10 ce-vid 201 ip address 10.101.1.253 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200
Issue 03 (2010-03-31)
4-101

vrrp vrid 101 track admin-vrrp interface Eth-Trunk1.1 vrid 10 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.102 control-vid 102 qinq-termination qinq termination pe-vid 10 ce-vid 301 to 400 qinq vrrp pe-vid 10 ce-vid 301 ip address 10.102.1.253 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 vrrp vrid 102 track admin-vrrp interface Eth-Trunk1.1 vrid 10 unflowdown arp broadcast enable # interface GigabitEthernet1/0/1.103 control-vid 103 qinq-termination qinq termination pe-vid 10 ce-vid 401 to 500 qinq vrrp pe-vid 10 ce-vid 401 ip address 10.103.1.253 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 vrrp vrid 103 track admin-vrrp interface Eth-Trunk1.1 vrid 10 unflowdown arp broadcast enable # interface GigabitEthernet1/0/2 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/1 undo shutdown eth-trunk 1 # bfd link1 bind peer-ip 10.100.1.1 interface GigabitEthernet1/0/1.100 source-ip 10.100.1.253 auto commit # bfd link2 bind peer-ip 10.101.1.1 interface GigabitEthernet1/0/1.101 source-ip 10.101.1.253 auto commit # bfd link3 bind peer-ip 10.102.1.1 interface GigabitEthernet1/0/1.102 source-ip 10.102.1.253 auto commit # bfd link4 bind peer-ip 10.103.1.1 interface GigabitEthernet1/0/1.103 source-ip 10.103.1.253 auto commit # bfd peer1 bind peer-ip 10.1.1.254 interface Eth-Trunk1.1 source-ip 10.1.1.253 auto commit # return

# sysname PE1 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 100 peer 5.5.5.5 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 200.1.34.3 255.255.255.0
4-102
Issue 03 (2010-03-31)

mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/3 undo shutdown ip address 200.1.35.3 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 200.1.34.0 0.0.0.255 network 200.1.35.0 0.0.0.255 # return l

# sysname PE2 # mpls lsr-id 4.4.4.4 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 100 peer 5.5.5.5 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 200.1.34.4 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/1 undo shutdown # interface GigabitEthernet1/0/1.1 vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/4 undo shutdown ip address 200.1.45.4 255.255.255.0 mpls mpls ldp interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 200.1.34.0 0.0.0.255 network 200.1.45.0 0.0.0.255
Issue 03 (2010-03-31)
4-103
# return l

# sysname PE3 # mpls lsr-id 5.5.5.5 mpls # mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 100 peer 3.3.3.3 peer 4.4.4.4 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1 undo shutdown ip address 200.1.35.5 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown ip address 200.1.45.5 255.255.255.0 mpls mpls ldp # ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 200.1.35.0 0.0.0.255 network 200.1.45.0 0.0.0.255 # return
Configuration file of CE
# sysname CE1 # bfd # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.100 control-vid 100 qinq-termination qinq termination pe-vid 10 ce-vid 110 ip address 10.100.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.101 control-vid 101 qinq-termination qinq termination pe-vid 10 ce-vid 210 ip address 10.101.1.1 255.255.255.0 arp broadcast enable
4-104
Issue 03 (2010-03-31)

# interface GigabitEthernet1/0/1.102 control-vid 102 qinq-termination qinq termination pe-vid 10 ce-vid 310 ip address 10.102.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.103 control-vid 103 qinq-termination qinq termination pe-vid 10 ce-vid 410 ip address 10.103.1.1 255.255.255.0 arp broadcast enable # bfd link11 bind peer-ip 10.100.1.254 interface i p 10.100.1.1 auto commit # bfd link12 bind peer-ip 10.101.1.254 interface i p 10.101.1.1 auto commit # bfd link13 bind peer-ip 10.102.1.254 interface i p 10.102.1.1 auto commit # bfd link14 bind peer-ip 10.103.1.254 interface i p 10.103.1.1 auto commit # bfd link21 bind peer-ip 10.100.1.253 interface i p 10.100.1.1 auto commit # bfd link22 bind peer-ip 10.101.1.253 interface i p 10.101.1.1 auto commit # bfd link23 bind peer-ip 10.102.1.253 interface i p 10.102.1.1 auto commit # bfd link24 bind peer-ip 10.103.1.253 interface i p 10.103.1.1 auto commit # return
4.13.7 Example for Configuring VRRP on VLANIF Interfaces

As shown in Figure 4-11, the networking requirements are as follows:
l
Router A and Router B work in backup mode. Router A functions as the master and Router B as the backup. Network 1 belongs to VLAN 10 and Network 2 belongs to VLAN 20. Both Router A and Router B connect all networks through LAN switches.
Issue 03 (2010-03-31)
l
Network 1, Network 2, and Network 3 respectively correspond to the virtual IP addresses 10.1.1.1, 10.1.2.1, and 100.10.1.1 of the three backup groups.
Figure 4-11 Networking diagram of VRRP configured on VLANIF interfaces
Backup group 1 Virtual IP Address VLAN10 10.1.1.1/24 RouterA Network1 Master

GE1/0/1
2 0/ 1/ E G GE 1/ 0/ 1
GE3/0/0
Eth-Trunk1
VLAN30 Network3
GE1/0/2
GE3/0/0
RouterB Slave VLAN20 Backup group 3 Network2 Backup group 2 Virtual IP Address Virtual IP Address 100.10.1.1/24
10.1.2.1/24
Both Router A and Router B are connected to Network1, Network2, and Network3 through GE 1/0/1, GE 1/0/2, and GE 3/0/0. Router A and Router B are connected through Eth-Trunk 1, including member interfaces GE 2/0/0 and GE 2/0/1.
The configuration roadmap is as follows: 1. 2. 3. Configure IP addresses for the interfaces of the physical interfaces and VLANIF interfaces. Configure MSTP. Create VRRP backup groups and set priorities.
Data Preparation
l l l l
IP addresses of physical interfaces and VLANIF interfaces Name of the domain RG 1 that Router A and Router B join Virtual router ID and virtual IP address Priorities of VRRP backup groups
4-106
Issue 03 (2010-03-31)
Procedure
Step 1 Configure IP addresses for the interfaces of Router A and Router B. # Take Router A as an example: Create VLAN 10 and VLAN 20. Add GE 1/0/1 to VLAN 10 and GE 1/0/2 to VLAN 20.
<RouterA> system-view [RouterA] interface gigabitethernet 1/0/1 [RouterA-GigabitEthernet1/0/1] undo shutdown [RouterA-GigabitEthernet1/0/1] portswitch [RouterA-GigabitEthernet1/0/1] quit [RouterA] interface gigabitethernet 1/0/2 [RouterA-GigabitEthernet1/0/2] undo shutdown [RouterA-GigabitEthernet1/0/2] portswitch [RouterA-GigabitEthernet1/0/2] quit [RouterA] interface gigabitethernet 3/0/0 [RouterA-GigabitEthernet3/0/0] undo shutdown [RouterA-GigabitEthernet3/0/0] ip address 100.10.1.2 255.255.255.0 [RouterA-GigabitEthernet3/0/0] quit [RouterA] vlan 10 [RouterA-vlan10] port gigabitethernet 1/0/1 [RouterA-vlan10] interface vlanif10 [RouterA-vlanif10] ip address 10.1.1.2 255.255.255.0 [RouterA-vlanif10] quit [RouterA] vlan 20 [RouterA-vlan20] port gigabitethernet 1/0/2 [RouterA-vlan20] interface vlanif20 [RouterA-vlanif20] ip address 10.1.2.2 255.255.255.0 [RouterA-vlanif20] quit
# Configure Router A to connect Router B through an Eth-Trunk.

[RouterA] interface eth-trunk1 [RouterA-Eth-Trunk1] quit [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] eth-trunk1 [RouterA-GigabitEthernet2/0/0] quit [RouterA] interface gigabitethernet 2/0/1 [RouterA-GigabitEthernet2/0/1] undo shutdown [RouterA-GigabitEthernet2/0/1] eth-trunk1 [RouterA-GigabitEthernet2/0/1] quit [RouterA] interface eth-trunk1 [RouterA-Eth-Trunk1] portswitch [RouterA-Eth-Trunk1] port link-type trunk [RouterA-Eth-Trunk1] port trunk allow-pass vlan 10 20 [RouterA-Eth-Trunk1] quit
The configurations of Router B are the same as those of Router A. Step 2 Configure MSTP. # Configure the MST region on Router A.
[RouterA] stp region-configuration [RouterA-mst-region] region-name RG1 [RouterA-mst-region] instance 1 vlan 10 [RouterA-mst-region] instance 2 vlan 20
# Activate the MST region configuration.

[RouterA-mst-region] active region-configuration [RouterA-mst-region] quit
# Configure the priority of Router A so that it functions as the root bridge.

[RouterA] stp instance 1 priority 0
Issue 03 (2010-03-31)
4-107
# Activate the MST region configuration.

[RouterA] interface Eth-Trunk1 [RouterA-Eth-Trunk1] stp enable [RouterA-Eth-Trunk1] quit [RouterA] interface GigabitEthernet1/0/1 [RouterA-GigabitEthernet1/0/1] stp enable [RouterA-GigabitEthernet1/0/1] quit
The configurations of Router B are the same as those of Router A. Step 3 Configure the backup groups for Router A and Router B. # Take Router A as an example: Configure the VRRP backup groups on the interfaces of Router A.
[RouterA] interface vlanif10 [RouterA-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.1 [RouterA-vlanif10] vrrp vrid 1 priority 130 [RouterA-vlanif10] quit [RouterA] interface vlanif20 [RouterA-vlanif20] vrrp vrid 2 virtual-ip 10.1.2.1 [RouterA-vlanif20] vrrp vrid 2 priority 130 [RouterA-vlanif20] quit [RouterA] interface gigabitethernet 3/0/0 [RouterA-GigabitEthernet3/0/0] vrrp vrid 3 virtual-ip 100.10.1.1 [RouterA-GigabitEthernet3/0/0] vrrp vrid 3 priority 130 [RouterA-GigabitEthernet3/0/0] quit
The configurations of Router B are the same as those of Router A. Step 4 Verify the configuration. Run the display vrrp command on Router A and Router B to view information about the VRRP backup groups.
[RouterA] display vrrp Vlanif20 | Virtual Router 2 State : Master Virtual IP : 10.1.2.1 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : normal-vrrp Vlanif10 | Virtual Router 1 State : Master Virtual IP : 10.1.1.1 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES <RouterB> display vrrp Vlanif20 | Virtual Router 2 State : Backup Virtual IP : 10.1.2.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 130
4-108
Issue 03 (2010-03-31)

Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : normal-vrrp Vlanif10 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp
# Run the shutdown command on VLANIF 10 of Router A to simulate a link fault.

[RouterA] interface vlanif10 [RouterA-Vlanif10] quit
At this time, run the display vrrp command on Router A, and you can view that the status of Router A in back group 1 is Initialize.
[RouterA] display vrrp Vlanif20 | Virtual Router 2 State : Master Virtual IP : 10.1.2.1 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : normal-vrrp Vlanif10 | Virtual Router 1 State : Initialize Virtual IP : 10.1.1.1 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 0 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp
Run the display vrrp command on Router B, and you can view that the status of Router B in back group 1 is Master.
[RouterB] display vrrp Vlanif20 | Virtual Router 2 State : Backup Virtual IP : 10.1.2.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1
Issue 03 (2010-03-31)
4-109
TimerConfig : Auth Type : Virtual Mac : Check TTL : Config type : Vlanif10 | Virtual State : Virtual IP : PriorityRun : PriorityConfig : MasterPriority : Preempt : TimerRun : TimerConfig : Auth Type : Virtual Mac : Check TTL : Config type : 1 NONE 0000-5e00-0102 YES normal-vrrp Router 1 Master 10.1.1.1 100 100 100 YES Delay Time : 0 1 1 NONE 0000-5e00-0101 YES normal-vrrp
----End
Configuration Files
l

# sysname RouterA # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 10 # interface GigabitEthernet1/0/2 undo shutdown portswitch port default vlan 20 # interface GigabitEthernet3/0/0 undo shutdown ip address 100.10.1.2 255.255.255.0 vrrp vrid 3 virtual-ip 100.10.1.1 vrrp vrid 3 priority 130 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/1 undo shutdown eth-trunk 1 # interface Vlanif10 ip address 10.1.1.3 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.1 vrrp vrid 1 priority 130 # interface vlanif20 undo shutdown ip address 10.1.2.2 255.255.255.0 vrrp vrid 2 virtual-ip 10.1.2.1 vrrp vrid 2 priority 130 # return # interface eth-trunk1 undo shutdown port link-type trunk port trunk allow-pass vlan 10 20
4-110
Issue 03 (2010-03-31)

# stp region-configuration region-name RG1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # Return l

# sysname RouterB # interface GigabitEthernet1/0/1 undo shutdown portswitch port default vlan 10 # interface GigabitEthernet1/0/2 undo shutdown portswitch port default vlan 20 # interface GigabitEthernet3/0/0 undo shutdown ip address 100.10.1.2 255.255.255.0 vrrp vrid 3 virtual-ip 100.10.1.1 vrrp vrid 3 priority 100 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/1 undo shutdown eth-trunk 1 # interface vlanif10 undo shutdown ip address 10.1.1.3 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.1 vrrp vrid 1 priority 100 # interface vlanif20 undo shutdown ip address 10.1.2.3 255.255.255.0 vrrp vrid 2 virtual-ip 10.1.2.1 vrrp vrid 1 priority 100 # return # interface eth-trunk1 undo shutdown port link-type trunk port trunk allow-pass vlan 10 20 # stp region-configuration region-name RG1 instance 1 vlan 10 instance 2 vlan 20 active region-configuration # return
Issue 03 (2010-03-31)
4-111
5 BFD Configuration
5
About This Chapter
BFD Configuration
This chapter describes the fundamentals of BFD , configurations of BFD basic functions , and BFD maintenance and provides configuration examples. 5.1 BFD Introduction This section describes the principles, concepts, and applications of BFD. 5.2 Configuring the One-Hop BFD This section describes the application and the configuration of the one-hop BFD. 5.3 Configuring the BFD Passive Echo Function The section describes the configuration of the BFD passive Echo function. 5.4 Configuring the Association Between the BFD Status and the Interface Status The section describes the application and the configuration of the association between the BFD status and the interface status. 5.5 Configuring the Association Between the BFD Status and the Sub-Interface Status The section describes the application and the configuration of the association between the BFD status and the sub-interface status. 5.6 Configuring the BFD to Modify the PST This section describes the application and the configuration of the BFD to modify the PST. 5.7 Configuring the Multi-Hop BFD This section describes the application and the configuration of the multi-hop BFD. 5.8 Configuring the BFD Session with Automatically Negotiated Discriminator The section describes the configuration and function of the BFD session with the automatically negotiated discriminator. 5.9 Configuring the Delay of the BFD Session to Be Up The section describes the configuration and function of the delay of the BFD session to be up. 5.10 Adjusting BFD Parameters This section describes how to adjust parameters of a BFD session. 5.11 Globally Configuring the Destination Port Number for the Multi-Hop BFD Control Packet
5 BFD Configuration
This section describes the application of the destination port number of the multi-hop BFD control packet and how to configure the destination port number globally. 5.12 Configuring the TTL Globally This section describes the application of the global TTL and how to configure the TTL globally. 5.13 Configuring the Interval for Sending Trap Messages 5.14 Maintaining BFD 5.15 Configuration Examples This section provides several configuration examples of BFD.
5-2
Issue 03 (2010-03-31)
5 BFD Configuration
5.1 BFD Introduction

This section describes the principles, concepts, and applications of BFD. 5.1.1 BFD Overview 5.1.2 BFD Features Supported by the NE80E/40E
5.1.1 BFD Overview

To improve network performance, the system must be able to rapidly detect a communication failure, and then set up a backup channel to resume the communication. In the current network, the following detection methods are used:
l
Hardware detection signals, such as SDH alarm, are used to detect hardware faults on the link. If no hardware detection signal is available to locate faults, the network often uses the Hello message provided by a routing protocol, which takes some time to detect a fault. Such a long detection time causes loss of considerable amount of data. If the small scale network does not run the routing protocol, other derived detection mechanisms are used. This may increase the difficulty in locating the interconnection fault.To solve the preceding problems, the Bidirectional Forwarding Detection (BFD), a unified detection mechanism, is developed.
BFD is a unified detection mechanism used to rapidly detect and track the connectivity of the network links or IP routing. To improve network performance, adjacent systems must be able to rapidly detect a communication failure, and then set up a backup channel to resume the communication. The BFD performs the following functions:
l
Provides low-load and short-duration detection for path faults between two adjacent forwarding engines. Uses a single mechanism to perform real-time detection of all media or protocol layers, and supports different detection time and costs.
5.1.2 BFD Features Supported by the NE80E/40E

As a unified detection mechanism, BFD can be used by multiple protocols. This section briefly describes the applications provided by BFD.
BFD Session Establishment Supported by the NE80E/40E

BFD uses the local discriminator and remote discriminator to differentiate multiple BFD sessions between the same pair of systems. According to the difference in the methods of creating the local discriminator and the remote discriminator, the NE80E/40E supports the following BFD session types:
l l
Static BFD sessions with manually specified discriminators Static BFD sessions with automatically negotiated discriminators
Issue 03 (2010-03-31)
5 BFD Configuration
l
Dynamic BFD sessions triggered by a protocol
The dynamic BFD session triggered by a protocol is implemented as follows:

l l
Dynamically allocating the local discriminator Self learning the remote discriminator
NOTE
At present, in the NE80E/40E, OSPF, BGP, IS-IS, MPLS, MPLS LDP, RSVP-TE, PWE3, and PIM can dynamically trigger the establishment of BFD sessions.
When the two ends of a BFD session create discriminators in different methods, the following must be satisfied:
l
If the static BFD session is established by manually specifying the discriminators on the local end, the static BFD session on the remote end must also be established by manually specifying the discriminators. If the static BFD session is established by automatically negotiating the discriminators on the local end, the static BFD session on the remote end can be established by automatically negotiating the discriminators or by configuring the dynamic BFD session. On the local end, if the static BFD session is established by automatically negotiating the discriminators and by configuring the dynamic BFD session, the following principles are applicable:
If the dynamic BFD session and static BFD session with automatically negotiated discriminators share the same configurations (the source address, destination address, outgoing interface, and VPN index), the dynamic BFD session coexists with the static BFD session with automatically negotiated discriminators. If the dynamic BFD session named DYN_local discriminator is configured first and then the static BFD session with automatically negotiated discriminators is configured, the name of the dynamic BFD session is updated as the name of the static BFD session. Parameters of the shared session adopt the minimum values.
At present, the dynamic sessions that can coexist with static BFD sessions include BFD for OSPF, BFD for IS-IS, BFD for BGP, BFD for PIM, and BFD for RSVP-TE.
BFD Modes
The NE80E/40E supports asynchronous mode
l
Asynchronous mode Each system sends BFD Control packets based on the negotiated period. If a system does not receive any packet from the peer within the detection time, it sets the session to Down.
One-Hop BFD and Multi-Hop BFD

The NE80E/40E supports one-hop BFD and multi-hop BFD. This section describes the one-hop BFD. The NE80E/40E supports the following one-hop BFDs of links:
l l
Layer 3 physical interface Ethernet sub-interface (including Eth-Trunk sub-interface)

5-4
5 BFD Configuration
If a physical Ethernet interface has multiple sub-interfaces, the BFD session can be set up on each sub-interface and the physical Ethernet interface.
l
The sub-interface for dot1q vlan tag termination and the sub-interface for qinq vlan tag termination IP-Trunk

IP-Trunk link IP-Trunk member link
The BFD sessions can be used independently to detect the Trunk member interface and the Trunk interface at the same time.
l
Eth-Trunk

Layer 2 Eth-Trunk link Layer 2 Eth-Trunk member link Layer 3 Eth-Trunk link Layer 3 Eth-Trunk member link
The BFD sessions can be used independently to detect the trunk member interface and the trunk interface at the same time.
NOTE
IP-Trunk and Eth-Trunk consist of member links, providing high bandwidth and reliability. When the number of member links that are Up reaches a certain value, corresponding trunks can keep Up. BFD for NE80E/40E can detect the trunk and its members separately for the connectivity of the entire trunk or an important member of a trunk.
l
VLANIF

Ethernet member links in a VLAN VLANIF interface
The BFD session of the VLANIF and the BFD session of the VLANIF member are separate, and VLANIF and VLANIF members can be detected simultaneously.
Association Between the BFD Status and the Interface Status

Compared with the fault detection mechanism of the link protocol of the interface, BFD can detect the link fault faster if transmission devices exist in the directly connected link. The link protocol status of the Trunk interface or the VLAN interface depends on the link protocol status of the member interfaces. Therefore, to notify the BFD detection result to the application faster, each attribute of the interface management module is added to the interface, namely, the BFD status. The BFD status indicates the status of the BFD session that is bound to the interface. The system determines the interface status according to the link status, protocol status, and BFD status. Then, the system notifies the interface status to the application. The association between the BFD status and the interface status indicates that when the BFD session status changes, the BFD status of the interface in the IFNET module is modified. In this function, the one-hop BFD session is bound to the outgoing interface and uses the default multicast address for detection, covering the following aspects:
l
Association between the BFD status and the status of its bound interface
Issue 03 (2010-03-31)
5 BFD Configuration
When the BFD session becomes Down, the BFD status of the interface that is bound to the BFD session also becomes Down. The interface status change is notified to the application on the interface. When the BFD session status of the Trunk member interface or the VLAN member interface becomes Down, the link protocol status of the Trunk member interface or the VLAN member interface also changes. The BFD session change accelerates the change of the link protocol status and the route convergence of the Trunk interfaceor the VLAN interface .
NOTE
For the trunk whose member interfaces reside on different LPUs, when a BFD session is created to detect the link between member interfaces of the trunk, you should use the process-pst command to associate the BFD session with the status of the interface. Otherwise, the traffic may be lost in some situations. For example, the LPU where the member interface of the trunk resides is restarted.
When the BFD session status is Up, the BFD status of the interface bound to the BFD session also goes Up.
This function can notify the BFD detection result more rapidly to the application.
l
Association between the BFD status and the status of the sub-interface of the interface bound to the BFD session The BFD session must be bound to the main interface.
When the BFD session status goes Down, the BFD statuses of its bound interface and all the sub-interfaces go Down. The status change is notified to the application on the sub-interface. The service configured on the sub-interface, such as RRPP can use the detection result of the BFD session.
When the BFD session status reverts to Up, the BFD statuses of the interface that is bound to the BFD session and all the sub-interfaces are also Up.
This function can save the session resources of the system and provide reliability for more applications. This function is typically used in the networking in which high reliability is required and a great number of services are configured on the sub-interface, such as the large-scale MAN Ethernet.
Changing Detection Parameters Dynamically

After a BFD session is set up, you can change the detection parameters, such as minimum sending interval, minimum receiving interval, and detecting mode. This does not affect the current status of the session.
Binding VPN Instance

In the NE80E/40E, a BFD session can be bound to a VPN instance. The BFD Control packet can be thus transmitted in the specified VPN.
BFD for VRRP

The BFD detects and monitors the link or IP routes forwarding at a fast pace. So VRRP fast switch is implemented.
NOTE
For the detailed configuration of the BFD for VRRP, refer to Chapter "VRRP Configuration."
5-6
Issue 03 (2010-03-31)
5 BFD Configuration
BFD for Static Routes

Static routes do not have the detection mechanism. When the network fails, administrator interference is needed. With the feature of BFD for static routes, the BFD session can be used to detect the status of the IPv4 static route in the public network. The routing management system determines whether the static route is available according to the BFD session status.
NOTE
For the detailed configuration of BFD for static routes, refer to Chapter "IP Static Route Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Routing.
BFD for Routing Protocols

BFD uses the local discriminator and the remote discriminator to distinguish different BFD sessions between two systems. IS-IS can dynamically and statically create BFD sessions; BGP and OSPF can dynamically create BFD sessions. The BFD session dynamically triggered by a routing protocol is implemented as follows:
l l
Dynamically allocating the local discriminator Self learning the remote discriminator
When the routing protocol neighbor relation is established successfully, a routing protocol notifies the establishment of a BFD session through routing management module and fast detects the neighbor relation of the routing protocol. Detection parameters of BFD session are configured by the routing protocols. When a BFD session detects a failure, the session turns Down. BFD triggers the route convergence through a routing management module.
NOTE
Generally, a routing protocol based on the keepalive mechanism is contained in a Hello packet and the detection is only at second level. BFD works at millisecond level at a detection interval of 3 x 10 ms. BFD advertises a protocol failure within 50 ms. The route convergence speeds up.
When the neighbor is unreachable, the routing protocol notifies the BFD to delete the session through a routing management module.
BFD for Fast Reroute

l
BFD for LDP FRR For the MPLS products forwarded by the software, the BFD can detect the protected interfaces. LDP FRR switchover is triggered when the BFD session is Down.
BFD for IP FRR and BFD for VPN FRR For NE80E/40E devices,the IP FRR and VPN FRR switchovers are triggered only after the detected faults are reported to the control plane.
BFD provides reliability to MPLS-based applications, such as VPN FRR, TE FRR, and VLL FRR for protecting services.
BFD for IS-IS

In the NE80E/40E, the statically configured BFD session is used to detect the IS-IS peer relationship.
5 BFD Configuration
The BFD detects the link fault between IS-IS peer nodes, and fast reports it to IS-IS. The IS-IS fast convergence is thus triggered.
NOTE
l l
Because ISIS can be set up only one-hop IS-IS adjacencies, the BFD limits its operations to one-hop IS-IS adjacencies. For the detailed configuration of the BFD for IS-IS, refer to Chapter "IS-IS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Routing.
BFD for LSP

BFD can detect the failure in an MPLS LSP forwarding path on the data plane. At the same time, the format of BFD packets is constant, so the BFD packets are easily transmitted on hardware and traverse the firewall. The advantages of BFD for LDP LSP on data plane are as follows:
l l l
For the backward link, only the reachable IP route is required Fast detection Support large scale failure detection on LSP
To detect LDP LSP connectivity, the negotiation of BFD session is performed in two modes:
l
Static establishment of the BFD session: After the local discriminator and remote discriminator of BFD are configured manually, the BFD session is established through the negotiation mechanism. Dynamic establishment of the BFD session: The BFD session is established through negotiation of BFD Discriminator Type Length Value (TLV) carried in LSP Ping messages.
In static mode, at present NE80E/40E, BFD is available for the following LSPs:
l l l
Static LSP LDP LSP TE: Tunnel, static CR-LSP bound to the tunnel, and dynamic RSVP CR-LSP. BFD is available for the TE tunnels with signaling protocols as CE-static and RSVP-TE, and the primary LSP bound to the TE tunnel.
In dynamic mode, BFD is available for the following forwarding paths:

l l
LDP LSP RSVP LSP
At present, the dynamic BFD session can only detect RSVP LSP, but neither detects TE LSPs based on other signaling protocol, nor TE tunnels. When BFD works on unidirectional link like LSP and TE, only a reachable IP route is required for the backward link. The backward link can be IP, LSP, or TE tunnel.
NOTE
l l
For the configuration of BFD for static LSP and BFD for LDP LSP, refer to Chapter 1 "Basic MPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS. For the configuration of BFD for MPLS TE, refer to Chapter 2 "MPLS TE Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS.
5-8
Issue 03 (2010-03-31)
5 BFD Configuration
BFD for PW
With BFD, the PW link between the local and remote PEs can be fast detected for defaults. BFD supports the VLL FRR to reduce the impact of link failure to services. The NE80E/40E supports the establishment of BFD for PW session in static (discriminator is configured manually) and dynamic modes. The NE80E/40E combines VCCV ping and BFD for detecting PW connectivity dynamically. This can lead to fast switchover of upper layer services for protection.
NOTE
For the configuration of BFD for PW, refer to Chapter 7 "PWE3 Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
BFD for PIM

The NE80E/40E supports the dynamic creation of a BFD session between PIM neighbors, which is used to detect the status of the link between the PIM neighbors. When a fault occurs on the link, BFD notifies PIM of the fault.
NOTE
For the configuration of BFD for PIM, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Multicast.
CAUTION
The preceding BFD session is delivered to the selected LPU with the outgoing interface of LDP, TE, PIM, or a route orderly. If the outgoing interface is a logical interface with multiple interfaces, such as an Eth-trunk interface, which has multiple sub-interfaces across different LPUs, the BFD session select one of these LPUs randomly. When an interface board that is bound to BFD sessions but has no service interfaces is unplugged, the service may be switched. Thus, before unplugging the board, you can run the display bfd session all verbose command to find out which sessions are bound to the board. If BFD sessions are bound to the board, you can enter the BFD session view to shut all sessions down and then unplug the board. After this, you can create the session again.
5.2 Configuring the One-Hop BFD

This section describes the application and the configuration of the one-hop BFD. 5.2.1 Establishing the Configuration Task 5.2.2 Enabling the Global BFD 5.2.3 Setting Up a BFD Session 5.2.4 Checking the Configuration
Issue 03 (2010-03-31)
5-9
5 BFD Configuration

To fast detect and monitor the directly-connected links, configure the one-hop BFD.
Before configuring the one-hop BFD, complete the following tasks:
l l
Connecting each interface correctly Configuring IP addresses for the Layer 3 interfaces
Data Preparation
To configure the one-hop BFD, you need the following data. No. 1 2 Data BFD configuration name Peer IP address, local interface name, and number of the directly-connected link of the BFD. The default multicast address of the BFD for the physical-layer status of the link BFD session parameters: local discriminator and remote discriminator
5.2.2 Enabling the Global BFD

Context
If one-hop BFD detection is performed on the Layer 2 interfaces or the Layer 3 physical interfaces without IP addresses, such as IP-Trunk member interface and Layer 3 Eth-Trunk member interface, the default multicast IP address is adopted. Do as follows on the both ends of the link to be detected:
Procedure
Step 1 Run:
system-view

bfd
BFD is enabled on this node and the BFD global view is displayed. Step 3 (Optional) Run:
default-ip-address ip-address
The default multicast IP address of the BFD is configured.

5 BFD Configuration
By default, the multicast address used by the BFD is 224.0.0.184.

NOTE
If more than one BFD session exists on the BFD path, for example, the Layer 3 interface is connected by the Layer 2 switches and is configured with BFD, you need to configure different default multicast addresses for the devices. Thus, the devices are configured with different BFD sessions. This ensures that BFD packets are correctly forwarded.
----End
5.2.3 Setting Up a BFD Session

Context
Do as follows on the both ends of the link to be detected:
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 According to the link type, run the following commands to create BFD binding:
l
For the Layer 3 interface with an IP address, run:

bfd cfg-name bind peer-ip peer-ip [ vpn-instance vpn-instance-name ] interface interface-type interface-number [ source-ip source-ip ]
For the Layer 2 interface and the Layer 3 physical member interface without an IP address, run:
bfd cfg-name bind peer-ip default-ip interface interface-type interface-number [ source-ip source-ip ]
CAUTION
You can run the command only on the physical layer 3 trunk or VLANIF member interfaces that have no IP addresses, rather than on the physical layer 3 interfaces that have no IP addresses.
NOTE
When a one-hop BFD session is set up for the first time, the peer IP address and the corresponding local interface must be bound to the BFD session. After the one-hop BFD session is set up, you cannot modify it. When the BFD configuration items are created, the system checks only the format of the IP address rather than the correctness. The BFD session cannot be created if incorrect peer IP address or source IP address is bound to the session. When the BFD and Unicast Reverse Path Forwarding (URPF) are used together, URPF checks the source IP address of the received packets. Therefore, when creating a BFD binding, you need sourceip to specify the source IP address of the BFD packet in case the BFD packet is incorrectly discarded.
Step 3 Configure the discriminators:

l
To configure the local discriminator, run:

Issue 03 (2010-03-31)
5 BFD Configuration
discriminator local discr-value l
To configure the remote discriminator, run:

discriminator remote discr-value
NOTE
The local discriminator of the local device corresponds to the remote discriminator of the remote device, and the remote discriminator of the local device corresponds to the local discriminator of the remote device. The local discriminator of the local device needs to be the same as the remote discriminator of the remote device. Otherwise, the session cannot be correctly set up. After the local discriminator and the remote discriminator are configured, you cannot modify it. For the BFD sessions to which the default multicast address is bound, the local discriminator and the remote discriminator of a BFD session cannot be the same.
Step 4 Run:
commit
The configuration is committed.

NOTE
When setting up a single-hop BFD session, you must run the commit command after configuring necessary parameters, such as local and remote discriminators; otherwise, the session cannot be set up.
----End

Prerequisite
The configurations of the One-Hop BFD function are complete.
Context
NOTE
You can view statistics of BFD sessions and detailed information about sessions only after BFD session parameters are set and BFD sessions are set up.
Procedure
l Run the display bfd configuration { all | dynamic | peer-ip peer-ip [ vpn-instance vpninstance-name ] | static [ name cfg-name ] | discriminator local discr-value } [ verbose ] command to check BFD configurations. Run the display bfd interface [ interface-type interface-number ] command to check BFD interfaces. Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to check the BFD session. Run the display bfd statistics [ slot slot-id ] command to check the global statistics of the BFD sessions. Run the display bfd statistics session { all | static | dynamic | discriminator discrvalue | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } [ slot slot-id ] command to check statistics of the BFD session.
l l
l l
----End
5 BFD Configuration
Example
# After the configuration, you can run the display bfd session all verbose command to view information about a BFD session.
<HUAWEI> display bfd session all verbose --------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : aa --------------------------------------------------------------------Local Discriminator : 11 Remote Discriminator : 22 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/2/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/2/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : ---------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
A one-hop BFD session is established and is in the Up state.
5.3 Configuring the BFD Passive Echo Function

The section describes the configuration of the BFD passive Echo function. 5.3.1 Establishing the Configuration Task 5.3.2 Configuring the BFD Passive Echo Function 5.3.3 Checking the Configuration

The BFD passive Echo function is applicable only to the one-hop BFD session. If a device supports the Echo function in the network, the BFD passive Echo function needs to be configured to be compatible with other devices. Figure 5-1 Application scenario of the BFD passive Echo function
RouterA
Single-hop BFD
RouterB
RouterA Supports BFD Passive Echo Function

Issue 03 (2010-03-31)
RouterB Supports BFD Echo Function

5-13
5 BFD Configuration
As shown in Figure 5-1, the passive Echo function needs to be enabled on Router A.
Before configuring the BFD passive Echo function, complete the following tasks:
l l
Enabling BFD globally (Optional) Setting up the ACL

NOTE
The BFD Echo packet is looped back through ICMP redirect at the remote end. In the IP packet that encapsulates the BFD Echo packet, the destination address and the source address are the IP address of the outgoing interface of the local end. Therefore, in the ACL rule, both the source addresses of the remote end and the local end must be permitted.
Data Preparation
To configure the BFD passive Echo function, you need the following data. No. 1 Data (Optional) ACL number
5.3.2 Configuring the BFD Passive Echo Function

Context
Do as follows on the router that is enabled with the passive Echo function:
Procedure
Step 1 Run:
system-view

bfd
The BFD view is displayed. Step 3 Run:

echo-passive { all | acl basic-acl-number }
The BFD passive Echo function is enabled.

l l
all: enables the passive Echo function of all the BFD sessions. acl: enables the passive Echo function of the BFD session that matches the ACL. In the ACL, the source addresses of both the remote end and the local end must be permitted.
5-14

NOTE
5 BFD Configuration
If the creation or modification of ACL rules takes place when the BFD session goes Up, the created or modified ACL rules can take effective only after the BFD session goes Down or parameters of the BFD session are modified.
----End

Prerequisite
The configurations of the BFD Passive Echo Function are complete.
Procedure
Step 1 Run the display bfd session { all | static | dynamic | discriminator discr-value | peer-ip peerip [ vpn-instance vpn-instance-name ] } verbose [ slot slot-id ] command to check information about the BFD session. ----End
Example
# Display information about all the BFD sessions.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : aa -------------------------------------------------------------------------------Local Discriminator : 11 Remote Discriminator : 22 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Ethernet1/2/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 Bind Interface : Ethernet1/2/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Enable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : ---------------------------------------------------------------------------------
The preceding display shows that the value of the field Session Detect Mode is Asynchronous Mode Without Echo Function. This indicates that the BFD session is not enabled with the passive Echo function. The value of the field Echo Passive is Enable. This indicates that the BFD session is enabled with the Echo function and can respond to the request of the remote end for the Echo function. Currently, no request for the Echo function is received from the remote end; therefore, the BFD session is in asynchronous mode that is not enabled with the Echo function.
5 BFD Configuration
5.4 Configuring the Association Between the BFD Status and the Interface Status
The section describes the application and the configuration of the association between the BFD status and the interface status. 5.4.1 Establishing the Configuration Task 5.4.2 Configuring the Association Between BFD Status and Interface Status 5.4.3 Checking the Configuration

When a transport device exists on the link and a fault occurs on a link, the routers on both ends of the link need a long time to detect the fault. This is because although the two routers are directly connected, the actual physical path is segmented by the transport device. Figure 5-2 Networking diagram of devices between the both end routers
RouterA
RouterB
To solve the problem, the NE80E/40E implements the association between BFD status and interface status. The change of the BFD session status affects the protocol status of the interface. Fast convergence of routes is thus triggered. After the association between BFD status and interface status is configured, the BFD session becomes Down when it detects a fault, and the corresponding interface status becomes BFD_Down. When the interface is BFD_Down, the direct route of this interface is deleted from the routing table; however, the forwarding of BFD packets is not affected.
Before configuring the association between BFD status and interface status, you need to complete the task of 5.2 Configuring the One-Hop BFD.
NOTE
Only the one-hop BFD session to which the default multicast IP address is bound can implement the association between BFD status and interface status. You can run the bfd cfg-name bind peer-ip defaultip interface interface-type interface-number [ source-ip source-ip ] command to set up a BFD session.
Data Preparation
To configure the association between BFD status and interface status, you need the following data.
5 BFD Configuration
No. 1
Data BFD configuration name
5.4.2 Configuring the Association Between BFD Status and Interface Status
Context
Do as follows on the NE80E/40E that needs to be configured with the association between BFD status and interface status:
Procedure
Step 1 Run:
system-view

bfd cfg-name
The BFD session view is displayed. Step 3 Run:

process-interface-status
The status association between the current BFD session and the interface bound to the BFD session is configured. By default, the status of the current BFD session is not associated with the status of the interface. That is, the change of the BFD session status does not affect the interface status. Step 4 Run:
commit
Issue 03 (2010-03-31)
5-17
5 BFD Configuration
NOTE
When the process-interface-status command and the commit command are run in succession, the BFD session may not be set up or the BFD session does not go Up through negotiation. Therefore, the BFD session does not notify the interface of the BFD status immediately, avoiding that the BFD session notifies the interface of incorrect status information that results in incorrect interface status change. After the configuration is committed, the BFD sessions can notify the interface of the BFD status change. In this manner, the BFD session status is associated with the interface status. If the process-interface-status command is saved in the configuration file, the BFD session that is bound to the interface notifies the interface that the BFD session is Down when the NE80E/40E is restarted, in view of the initial status of an interface being Down. Before the BFD status is associated with the interface status, the BFD configurations on the two NE80E/ 40Es must be correct and symmetrical. If the BFD status on the local interface is Down, check whether the BFD configuration on the peer is correct or whether the BFD session is shut down. If the networking requires that the BFD status must be synchronized with the interface status, you can run the shutdown and undo shudown commands to change the status of the BFD session. When the undo shutdown command is run, a timer to test the BFD session status is started. If the BFD session goes Up through negotiation before the timer expires, the BFD session notifies the interface of the Up state. Otherwise, the BFD session regards the link as failed and notifies the interface of the Down state after the timer expires. In this manner, the BFD session status and the interface status are in real-time synchronization.
----End

Prerequisite
The configurations of the Association Between the BFD Status and the Interface Status function are complete.
Procedure
Step 1 Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peer-ip [ vpninstance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to check the BFD session. ----End
Example
After the configuration, running the display bfd session command, you can view that "Enable" is displayed in the field of "Proc interface status" of corresponding sessions.
-------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : test -------------------------------------------------------------------------------Local Discriminator : 22 Remote Discriminator : 11 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet2/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabiEthernet2/0/0 FSM Board Id : 2 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms) : 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : --
5-18
Issue 03 (2010-03-31)
5 BFD Configuration
Destination Port : 3784 TTL : 255 Proc interface status : Enable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
5.5 Configuring the Association Between the BFD Status and the Sub-Interface Status
The section describes the application and the configuration of the association between the BFD status and the sub-interface status. 5.5.1 Establishing the Configuration Task 5.5.2 Configuring the Association Between BFD Status and Sub-Interface Status 5.5.3 Checking the Configuration

In the networking in which high reliability is required and a great number of services are configured on the sub-interface, you need to set up BFD sessions to verify the connectivity of the main interface link. In addition, you need to configure the association between the BFD status and the sub-interface status. Thus, you can enhance the reliability of the service on the sub-interface and save session resources.
Before configuring the association between the BFD status and the sub-interface status, complete the following tasks:
l l
Enabling BFD globally Setting up the one-hop BFD session, which is bound to the main interface and uses the default multicast address for detection Setting up the BFD session and ensuring that the BFD session is Up
Data Preparation
To configure the association between the BFD status and the sub-interface status, you need the following data. No. 1
Issue 03 (2010-03-31)
Data Name of the BFD session

5 BFD Configuration
5.5.2 Configuring the Association Between BFD Status and SubInterface Status
Context
Do as follows on the NE80E/40E that needs to rapidly detect the link fault:
Procedure
Step 1 Run:
system-view

bfd cfg-name

process-interface-status sub-if
The association between the BFD status and the sub-interface status is configured. Step 4 Run:
commit
The configuration is committed. When the BFD session goes Down, the BFD statuses of the main interface bound to the BFD session and its sub-interface also go Down.
NOTE
When the process-interface-status command and the commit command are run in succession, the BFD session may not be set up or the BFD session does not go Up through negotiation. Therefore, the BFD session does not notify the interface of the BFD status immediately, avoiding that the BFD session notifies the interface of incorrect status information that results in incorrect interface status change. After the configuration is committed, the BFD sessions can notify the interface of the BFD status change. In this manner, the BFD session status is associated with the interface status. If the process-interface-status command is saved in the configuration file, the BFD session that is bound to the interface notifies the interface that the BFD session is Down when the NE80E/40E is restarted, in view of the initial status of an interface being Down. Before the BFD status is associated with the interface status, the BFD configurations on the two NE80E/ 40Es must be correct and symmetrical. If the BFD status on the local interface is Down, check whether the BFD configuration on the peer is correct or whether the BFD session is shut down. If the networking requires that the BFD status must be synchronized with the interface status, you can run the shutdown and undo shudown commands to change the status of the BFD session. When the undo shutdown command is run, a timer to test the BFD session status is started. If the BFD session goes Up through negotiation before the timer expires, the BFD session notifies the interface of the Up state. Otherwise, the BFD session regards the link as failed and notifies the interface of the Down state after the timer expires. In this manner, the BFD session status and the interface status are in real-time synchronization.
----End
5 BFD Configuration

Prerequisite
The configurations of the Association Between the BFD Status and the Sub-Interface Status function are complete.
Procedure
Step 1 Run the display bfd session { all | static | dynamic | discriminator discr-value | peer-ip peerip [ vpn-instance vpn-instance-name ] } verbose [ slot slot-id ] command to check information about the BFD session. ----End
Example
Run the display bfd session all verbose command.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : aa -------------------------------------------------------------------------------Local Discriminator : 11 Remote Discriminator : 22 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/2/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/2/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Enable(Sub-If) Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : -Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : ---------------------------------------------------------------------------------
The preceding display shows that the value of the field Proc interface status is Enable(SubIf). This indicates that the status of the BFD session aa is associated with the status of the main interface and the sub-interface.
5.6 Configuring the BFD to Modify the PST

This section describes the application and the configuration of the BFD to modify the PST. 5.6.1 Establishing the Configuration Task 5.6.2 Permitting the BFD to Modify the PST
5 BFD Configuration

If the BFD can modify the Port State Table (PST), it modifies the corresponding entry in the PST when it detects that an interface is Down. Through the PST, other upper application protocols can acknowledge whether the interface has a fault. Currently, for the NE80E/40E, LDP FRR and IP FRR based on BFD detection need to know the BFD detection result through the PST. You do not need to run the process-pst command on the applications that do not learn the BFD results through the PST.
NOTE
l l
For the LDP FRR, refer to chapter "MPLS Basic Configuration"in the HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS. IP FRR works for the public network and for the private network. For information about the IP FRR for the public network, refer to Chapter 10 "Routing Policy Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Routing. For information about the IP FRR for the private network, refer to Chapter 4 "BGP MPLS IP VPN Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
Before configuring the BFD to modify the PST, complete the task of 5.2 Configuring the OneHop BFD.
Data Preparation
To configure the BFD to modify the PST, you need the following data. No. 1 Data Configuration name of the BFD session
5.6.2 Permitting the BFD to Modify the PST

Context
Do as follows on the router that learns the BFD results through the PST:
Procedure
Step 1 Run:
system-view

5 BFD Configuration
Step 2 Run:
bfd cfg-name

process-pst
The BFD is permitted to modify the PST. By default, the BFD does not modify the PST. If the BFD session on the Trunk member interface or the VLAN member interface allows BFD to modify the PST, and the main interface is configured with the BFD session, you must configure the Wait to Recovery (WTR) for the BFD session that detects the main interface. This can prevent the BFD session on the main interface from flapping when the member interface joins or exits from the main interface. For the configuration of the WTR for the BFD session, see "5.10.3 Configuring the BFD WTR." Step 4 Run:
commit
The configurations are committed. ----End

Prerequisite
The configurations of the BFD to Modify the PST function are complete.
Procedure
l Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to check the BFD session.
----End
Example
After the configuration, running the display bfd session command, you can view that the field of "Process PST" in the command output is "Enable".
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : test -------------------------------------------------------------------------------Local Discriminator : 22 Remote Discriminator : 11 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet2/0/0) Bind Session Type : Static Bind Peer Ip Address : 10.100.10.2 NextHop Ip Address : 10.100.10.2 Bind Interface : GigabitEthernet2/0/0 FSM Board Id : 2 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10
Issue 03 (2010-03-31)
5-23
5 BFD Configuration
Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
5.7 Configuring the Multi-Hop BFD

This section describes the application and the configuration of the multi-hop BFD. 5.7.1 Establishing the Configuration Task 5.7.2 Enabling BFD Globally 5.7.3 Setting Up a BFD Session 5.7.4 Checking the Configuration

To rapidly detect the faults occur during IP router forwarding, configure the multi-hop BFD.
Before configuring the multi-hop BFD, complete the following tasks:
l l
Correctly connecting each interface and configuring IP addresses for them Configuring the routing protocol to ensure that the network layer is reachable
Data Preparation
To configure the multi-hop BFD, you need the following data. No. 1 2 3 Data Remote IP address BFD configuration name BFD session parameters: local discriminator and remote discriminator
5-24
Issue 03 (2010-03-31)
5 BFD Configuration
5.7.2 Enabling BFD Globally

Context
Do as follows on the router:
Procedure
Step 1 Run:
system-view

bfd
The global BFD is enabled. ----End
5.7.3 Setting Up a BFD Session

Context
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Run the bfd cfg-name bind peer-ip peer-ip [ vpn-instance vpn-instance-name ] [ source-ip source-ip ] command to configure a BFD session.
NOTE
l l
When a BFD session is set up for the first time, you need to bind the peer IP address to it. After the BFD session is set up, you cannot modify it. When the BFD configuration items are created, the system checks only the format of the IP address rather than the correctness. The BFD session cannot be established if incorrect peer IP address or source IP address is bound. When the BFD and URPF are used together, URPF checks the source IP address of the received packets. Therefore, when creating a BFD binding, you need to specify the source IP address of the BFD packet in case the BFD packet is incorrectly discarded.
Step 3 Configure the discriminators.

l
Run:
discriminator local discr-value
The local discriminator is configured.

l
Run:
discriminator remote discr-value
The remote discriminator is configured.

5 BFD Configuration
NOTE
The local discriminator of the local device corresponds to the remote discriminator of the remote device, and the remote discriminator of the local device corresponds to the local discriminator of the remote device. The local discriminator of the local device needs to be the same with the remote discriminator of the remote device. Otherwise, the session cannot be correctly set up. After the local discriminator and the remote discriminator are configured, you cannot modify it.
Step 4 Run:
commit
The configurations are committed.

NOTE
When setting up a BFD session, you must run the commit command after configuring necessary parameters, such as local and remote discriminators; otherwise, the session cannot be set up.
----End

Prerequisite
The configurations of the Multi-Hop BFD function are complete.
Context
NOTE
Only after the parameters of the session are set and the session is set up, you can view the information on the session.
Procedure
l Run the display bfd configuration { all | dynamic | peer-ip peer-ip [ vpn-instance vpninstance-name ] | static [ name cfg-name ] } [ verbose ] command to check BFD configurations. Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] to check the BFD session. Run the display bfd statistics [ slot slot-id ] to check the global statistics of the BFD session. Run the display bfd statistics session { all | static | discriminator discr-value | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } [ slot slot-id ] to check the statistics of the BFD session.
l l
----End
Example
After the configuration, run the display bfd session all verbose command.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (Multi Hop) State : Up Name : atoc -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer Ip Address
5-26
Issue 03 (2010-03-31)
5 BFD Configuration
Bind Session Type : Static Bind Peer Ip Address : 10.2.1.2 Bind Interface : -FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
You can view that a multi-hop BFD session is established. The BFD session is Up.
5.8 Configuring the BFD Session with Automatically Negotiated Discriminator

The section describes the configuration and function of the BFD session with the automatically negotiated discriminator. 5.8.1 Establishing the Configuration Task 5.8.2 Enabling BFD Globally 5.8.3 Configuring the BFD Session with Automatically Negotiated Discriminator 5.8.4 Checking the Configuration

If the dynamic BFD session is adopted by the remote device, you must configure the static BFD session with automatically negotiated discriminators on the local device to interwork with the remote device and support the static route to track BFD.
Before configuring the static BFD session with automatically negotiated discriminators, complete the following tasks:
l l
Correctly connecting each interface Correctly configuring the IP address of the Layer 3 interface
Data Preparation
To complete the configuration, you need the following data.
5 BFD Configuration
No. 1 2
Data Name of the BFD session IP addresses of the local and remote ends of the link detected by BFD, and name and number of the local interface
5.8.2 Enabling BFD Globally

Context
Do as follows on the router on which the static BFD session with automatically negotiated discriminators is used to detect the link.
Procedure
Step 1 Run:
system-view

bfd
BFD is enabled globally and the BFD view is displayed. ----End
5.8.3 Configuring the BFD Session with Automatically Negotiated Discriminator

Context
Do as follows on the router on which the static BFD session with the automatically negotiated discriminator is used to detect the link: Perform the following step as required to configure BFD for IPv4 or VRRP for IPv6.
Procedure
l For BFD for IPv4 1. Run:
system-view

bfd cfg-name bind peer-ip ip-address [ vpn-instance vpn-name ] [ interface interface-type interface-number ] source-ip ip-address auto
A static BFD session with automatically negotiated discriminators is set up.
You must specify the source IP address.

5-28
5 BFD Configuration
You must specify the peer IP address but cannot use a multicast IP address.
3.
Run:
commit
The configuration is committed. ----End

Prerequisite
The configurations of the BFD Session with Automatically Negotiated Discriminator function are complete.
Procedure
l Run the display bfd session { all | static | dynamic | discriminator discr-value | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } verbose [ slot slot-id ] command to check information about the BFD session.
----End
Example
# After the configuration, run the display bfd session all verbose command.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16385 (One Hop) State : Up Name : auto -------------------------------------------------------------------------------Local Discriminator : 8193 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet2/0/1) Bind Session Type : Static_Auto Bind Peer IP Address : 192.168.1.2 NextHop Ip Address : 192.168.1.2 Bind Interface : GigabitEthernet2/0/1 Bind Source IP Address : 192.168.1.1 FSM Board Id : 2 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : Destination Port : 3784 TTL : 255 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : Last Local Diagnostic : No Diagnostic Bind Application : AUTO Session TX TmrID : Session Detect TmrID : Session Init TmrID : Session WTR TmrID : Session Echo Tx TmrID : PDT Index : FSM-3010000 | RCV-0 | IF-3010000 | TOKEN-0 Session Description : -------------------------------------------------------------------------------Total UP/DOWN Session Number : 0/1
You can view that a BFD session with the type as Static_Auto is established. The local discriminator and the remote discriminator of this BFD session are 8193 and 8192 respectively, which are obtained by automatic negotiation.
5 BFD Configuration
5.9 Configuring the Delay of the BFD Session to Be Up

The section describes the configuration and function of the delay of the BFD session to be up. 5.9.1 Establishing the Configuration Task 5.9.2 Configuring the Delay of the BFD Session to Be Up 5.9.3 Checking the Configuration

In actual networking, some devices switch the traffic according to whether BFD is Up but the routing protocol becomes Up later than the interface; therefore, no route can be found when the traffic is switched back. The traffic is thus lost. Thus, the difference between the time when the routing protocol becomes Up and the time when the interface becomes Up must be eliminated.
Before configuring the delay of the BFD session to be Up, ensure that the router runs normally.
Data Preparation
To complete the configuration, you need the following data. No. 1 Data Delay up time
5.9.2 Configuring the Delay of the BFD Session to Be Up

Context
Do as follows on the routers on which the setup of the BFD session needs to be delayed.
Procedure
Step 1 Run:
system-view

bfd
BFD is enabled globally and the BFD view is displayed. Step 3 Run:

delay-up seconds
5 BFD Configuration
The time that the BFD session is delayed to become Up is set. By default, the delay time is 0 seconds. ----End

Prerequisite
The configurations of the Delay of the BFD Session to Be Up function are complete.
Procedure
Step 1 Run the display bfd statistics [ slot slot-id ] command to check statistics of BFD globally. ----End
Example
# After the configuration, restart the router. After the restart, run the display bfd statistics command.
<HUAWEI> display bfd statistics Current Display Board Number : Main ; Current Product Register type: IP Multihop Destination Port : 3784 Total Up/Down Session Number : 0/1 Current Session Number : Static session : 0 Dynamic session : 0 E_Dynamic session : 0 STATIC_AUTO session : 1 LDP_LSP session : 0 STATIC_LSP session : 0 TE_TUNNEL session : 0 TE_LSP session : 0 PW session : 0 IP session : 1 -------------------------------------------------------------------------------PAF/LCS Name Maxnum Minnum Create -------------------------------------------------------------------------------BFD_CFG_NUM 8192 1 1 BFD_IF_NUM 512 1 1 BFD_SESSION_NUM 8192 1 1 BFD_IO_SESSION_NUM 512 1 0 BFD_PER_TUNNEL_CFG_NUM 16 1 0 -------------------------------------------------------------------------------IO Board Current Created Session Statistics Information :(slot/number) -------------------------------------------------------------------------------0 /0 1 /0 2 /1 3 /0 4 /0 5 /0 6 /0 7 /0 8 /0 9 /0 10/0 11/0 12/0 13/0 14/0 15/0 16/0 17/0 18/0 19/0 20/0 21/0 22/0 23/0 24/0 25/0 26/0 27/0 28/0 29/0 30/0 31/0 32/0 33/0 34/0 35/0 36/0 37/0 -------------------------------------------------------------------------------Current Total Used Discriminator Num : 1 -------------------------------------------------------------------------------IO Board Reserved Sessions Number Information :(slot/number) -------------------------------------------------------------------------------0 /0 1 /0 2 /0 3 /0 4 /0 5 /0 6 /0 7 /0 8 /0 9 /0 10/0 11/0 12/0 13/0 14/0 15/0 16/0 17/0 18/0 19/0 20/0 21/0 22/0 23/0 24/0 25/0 26/0 27/0 28/0 29/0 30/0 31/0 32/0 33/0 34/0 35/0 36/0 37/0 -------------------------------------------------------------------------------BFD HA Information : --------------------------------------------------------------------------------
Issue 03 (2010-03-31)
5-31
5 BFD Configuration
Core Current HA Status : Normal Shell Current HA Status : Normal -------------------------------------------------------------------------------BFD for LSP Information : -------------------------------------------------------------------------------Ability of auto creating BFD session on egress : Disable Period of LSP Ping : 60 System Session Delay Up Timer : OFF --------------------------------------------------------------------------------
You can view the field System Session Delay Up Timer in the command output. This field displays the status of the current system delay Up time. OFF indicates that the system is in the normal state; Xs indicates that after X seconds, the system recovers, and the BFD session is Up.
5.10 Adjusting BFD Parameters

This section describes how to adjust parameters of a BFD session. 5.10.1 Establishing the Configuration Task 5.10.2 Modifying the Detection Time 5.10.3 Configuring the BFD WTR 5.10.4 Adding the Description of a BFD Session 5.10.5 Checking the Configuration

When a BFD session is set up, the sending interval, the receiving interval and the local detection multiplier can be adjusted on the basis of the network status and performance requirement. You can also configure the Wait to Recovery (WTR) of the BFD session to avoid the frequent active/standby switchover caused by the BFD session flapping. Users can add the description of the BFD session to describe the link monitored by the BFD session. Generally, the default configuration is used.
Before adjusting BFD parameters, you need to set up a BFD session.
Data Preparation
To adjust the BFD parameters, you need the following data. No 1 2
5-32
Data BFD configuration name Interval during which local BFD packets are sent or received
5 BFD Configuration
No 3
Data Local detection multiplier of the BFD
5.10.2 Modifying the Detection Time

Context
Procedure
Step 1 Run:
system-view

bfd cfg-name

min-tx-interval interval
The sending interval is set. By default, the minimum sending interval is 10 milliseconds. Step 4 Run:
min-rx-interval interval
The receiving interval is set. By default, the minimum sending interval is 10 milliseconds. Step 5 Run:
detect-multiplier multiplier
The local detection multiplier is set. By default, the local detection multiplier is 3. Step 6 Run:
commit
Postrequisite
To reduce the usage of the system resources, once the BFD session is Down, the system automatically adjusts the local sending or receiving interval to a random value between 1000 milliseconds and 3000 milliseconds. When the BFD session is Up, the user-configured interval is used.
5 BFD Configuration
NOTE
To efficiently use system resources, when detecting that the BFD session goes Down, the system automatically adjusts the interval for receiving and sending BFD control packets to be a random value larger than 10000 ms. When the BFD session goes Up, the set interval is restored.
5.10.3 Configuring the BFD WTR

Context
You can configure the Wait to Recovery (WTR) of the BFD session to avoid the frequent active/ standby switchover caused by the BFD session flapping. When the BFD session changes from Down to Up, the BFD reports the change to the upper layer applications after the WTR times out. Do as follows on the router:
Procedure
Step 1 Run:
system-view

bfd cfg-name

wtr wtr-value
The WTR is configured. By default, the WTR is 0, that is, it does not wait to restore.
NOTE
The BFD session is unidirectional. If the WTR is applied, you must configure the same WTR at both ends. Otherwise, when the session status changes at one end, applications at both ends know different BFD session status.
Step 4 Run:
commit
5.10.4 Adding the Description of a BFD Session

Context
Procedure
Step 1 Run:

system-view
5 BFD Configuration

bfd cfg-name

description description
The description of a BFD session is added. description is a string of 1 to 51 characters. By default, the description of the BFD session is Null. You can run the undo description command to delete the description of the BFD session. Step 4 Run:
commit

Prerequisite
The configurations of Adjusting BFD Parameters function are complete.
Context
NOTE
You can view the information on the BFD session, only when the parameters of the BFD session are set and the session is set up.
Procedure
l Run the display bfd configuration { all | dynamic | peer-ip peer-ip [ vpn-instance vpninstance-name ] | static [ name cfg-name ] | discriminator local discr-value } [ verbose ] to check the BFD configuration. Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] to check information about the BFD session.
----End
Example
After the configuration, run the display bfd session all verbose command.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : aa -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20
Issue 03 (2010-03-31)
5-35
5 BFD Configuration
Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/2/0) Bind Session Type : Static Bind Peer Ip Address : 10.1.1.2 NextHop Ip Address : 10.1.1.2 Bind Interface : GigabitEthernet1/2/0 FSM Board Id : 6 TOS-EXP : 6 Min Tx Interval (ms) : 500 Min Rx Interval (ms) : 500 Actual Tx Interval (ms): 500 Actual Rx Interval (ms): 500 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Enable WTR Interval (ms) : 60000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : RouterA_to_RouterB -------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
You can view that Min Tx Interval is 500 milliseconds; Min Rx Interval is 500 milliseconds. WTR Interval is 60000 milliseconds. Session Description is RouterA_to_RouterB.
5.11 Globally Configuring the Destination Port Number for the Multi-Hop BFD Control Packet
This section describes the application of the destination port number of the multi-hop BFD control packet and how to configure the destination port number globally. 5.11.1 Establishing the Configuration Task 5.11.2 Globally Configuring the Destination Port Number 5.11.3 Checking the Configuration

The BFD control packet is encapsulated in the UDP packet for transmission, using the source port in the range of 49152 to 65535 and destination port 3784 or 4784. According to the BFD draft, the destination port 4784 is used for the multi-hop BFD control packet. On the NE80E/ 40E of the earlier version, however, destination port 3784 is used for the multi-hop BFD control packet. The destination port number of the multi-hop BFD control packet can be configured globally according to the requirements:
l
To interwork with the device running the version earlier than the NE80E/40E, the device running the NE80E/40E can be configured with destination port 3784 for the multi-hop BFD control packet. To interwork with the non-Huawei device, the device running the NE80E/40E can be configured with destination port 4784 for the multi-hop BFD control packet.
5-36
5 BFD Configuration
Before globally configuring the destination port number for the multi-hop BFD control packet, complete the following tasks:
l l
Installing the device and turning it on properly Connecting interfaces correctly
Data Preparation
To globally configure the destination port number for the multi-hop BFD control packet, you need the following data. No. 1 Data Name of the device
5.11.2 Globally Configuring the Destination Port Number

Context
Do as follows on each device:
Procedure
Step 1 Run:
system-view

bfd
BFD is enabled globally on the local node and the BFD view is displayed. Step 3 Run:
multi-hop destination-port { 3784 | 4784 }
The destination port number is configured globally for the multi-hop BFD control packet.
NOTE
If destination port 3784 is used by the multi-hop BFD control packets on a router, the router can successfully negotiate with the router on which destination port 4784 is used by the multi-hop BFD control packets. At the same time, on the router that is configured with destination port 3784, destination port 3784 is automatically updated to destination port 4784. To change the destination port number from 4784 to 3784, run the shutdown command to terminate the BFD session on destination port 4784, then, run the multihop destination-port 3784 command on destination ports 4784 and 3784, and finally run the undo shutdown command to restore the BFD session.
----End
5 BFD Configuration

Prerequisite
All global configurations of the destination port number of the multi-hop BFD control packet are completed.
Context
NOTE
You can view information about the BFD session and its statistics only after only after BFD session parameters are configured and the BFD session is set up successfully.
Procedure
l Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to view information about the BFD session. Run the display bfd statistics [ slot slot-id ] command to view information about statistics of global BFD.
----End
Example
<HUAWEI> display bfd session all verbose --------------------------------------------------------------------Session MIndex : 16384 (Multi Hop) State : Up Name : test --------------------------------------------------------------------Local Discriminator : 111 Remote Discriminator : 222 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Pos6/0/0) Bind Session Type : Static Bind Peer IP Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Pos6/0/0 FSM Board Id : 6 TOS-EXP : 6 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : Destination Port : 3784 TTL : 254 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : Session Detect TmrID : Session Init TmrID : Session WTR TmrID : Session Echo Tx TmrID : PDT Index : FSM-B030000 | RCV-0 | IF-B030000 | TOKEN-0 Session Description : ---------------------------------------------------------------------------
According to the preceding command output, you can view that destination port 3784 is used for the multi-hop BFD control packet.
5.12 Configuring the TTL Globally

This section describes the application of the global TTL and how to configure the TTL globally.
5 BFD Configuration
5.12.1 Establishing the Configuration Task 5.12.2 Configuring the TTL Globally 5.12.3 Checking the Configuration

When devices running different versions interwork with each other, the TTL values and detection modes on both ends of the BFD session are different and the BFD packets are discarded. You can set the TTL globally to enable Huawei devices running different NE80E/40E versions to interwork with each other and non-Huawei devices.
Before configuring the TTL globally, complete the following tasks:
l l
Connecting interfaces correctly Configuring the IP address of the Layer 3 interface correctly
Data Preparation
To configure the TTL globally, you need the following data. No. 1 Data Name and number of each interface
5.12.2 Configuring the TTL Globally

Context
Procedure
Step 1 Run:
system-view

bfd
BFD is enabled globally on the local node and the BFD view is displayed. Step 3 Run:
peer-ip peer-ip mask-length ttl { single-hop | multi-hop } ttl-value
The TTL of the BFD control packet is configured.

5 BFD Configuration
NOTE
By default, for the static BFD session, the TTL of the single-hop BFD packet is 255 and the TTL of the multi-hop BFD packet is 254. For the dynamic BFD session, the TTL of the single-hop BFD packet is 255; the TTL of the multi-hop BFD packet is 253.
----End

Prerequisite
All global configurations of the TTL are completed.
Procedure
l Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to view information about the BFD session. Run the display bfd ttl [ slot slot-id ] command to view information about the globally configured TTL.
----End
Example
After the configurations are successful, run the display bfd ttl command, and you can view information about the global TTL.
<HUAWEI> display bfd ttl -------------------------------------------------------------------------Peer IP Mask Type Value --------------------------------------------------------------------------1.1.1.0 24 Single-hop 255 ---------------------------------------------------------------------------
5.13 Configuring the Interval for Sending Trap Messages

5.13.1 Establishing the Configuration Task 5.13.2 Configuring the Interval for Sending Trap Messages 5.13.3 Checking the Configuration

If BFD is enabled with the SNMP trap function, the NMS can receive messages indicating that the BFD session is Up or Down. If the BFD session flaps, the NMS receives a large number of trap messages. In this case, BFD trap messages need to be suppressed. You can prevent overflow of trap messages by setting the interval for sending trap messages.
Before configuring the Interval for Sending Trap Messages, complete the following tasks:

l
5 BFD Configuration
Enabling BFD globally
Data Preparation
To configure the Interval for Sending Trap Messages, you need the following data. No. 1 Data Interval for sending trap messages
5.13.2 Configuring the Interval for Sending Trap Messages

Context
Do as follows on the router that needs to be configured with the interval for sending trap messages:
Procedure
Step 1 Run:
system-view

bfd
BFD is enabled globally, and the global BFD view is displayed. Step 3 Run:
snmp-agent bfd trap-interval interval
The interval for sending trap messages is set. By default, the interval for sending trap messages is 120s. ----End

Prerequisite
All configurations of the interval for sending trap massages are complete.
Procedure
l Run the display current-configuration configuration bfd command to view the configuration of the BFD trap function.
----End
5 BFD Configuration
Example
Run the display current-configuration configuration bfd command, and you can view that the interval for sending trap messages is 300 seconds.
<HUAWEI> display current-configuration configuration bfd # bfd snmp-agent bfd trap-interval 300 # return
5.14 Maintaining BFD

5.14.1 Clearing the BFD Statistics 5.14.2 Monitoring the Running of BFD
5.14.1 Clearing the BFD Statistics

Context
CAUTION
BFD statistics cannot be restored after you clear it. So, confirm the action before you use the command.
Procedure
Step 1 Run the reset reset bfd statistics { all [ slot slot-id ] | discriminator discr-value } command in the user view to clear the BFD statistics. ----End
5.14.2 Monitoring the Running of BFD

Context
In routine maintenance, you can run the following commands in any view to display the running of BFD.
Procedure
l Run the display bfd configuration { all | static [ name cfg-name ] | dynamic | peer-ip peer-ip [ vpn-instance vpn-instance-name ] | discriminator local discr-value } [ verbose ] command in any view to check the BFD configuration. Run the display bfd interface [ interface-type interface-number ] command in any view to check the information about the interface that is enabled with BFD.
5-42
5 BFD Configuration
Run the display bfd session { all | static | dynamic | discriminator discr-value | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } [ verbose ] [ slot slot-id ] command in any view to check information about the BFD session. Run the display bfd statistics [ slot slot-id ] command in any view to check the statistics of BFD globally. Run the display bfd statistics session { all | static | dynamic | discriminator discrvalue | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } [ slot slot-id ] command in any view to check the statistics of the BFD session.
l l
----End

This section provides several configuration examples of BFD. 5.15.1 Example for Configuring One-Hop BFD for Layer 3 Physical Link 5.15.2 Example for Configuring the One-Hop BFD for IP-Trunk Member Link 5.15.3 Example for Configuring One-Hop BFD for IP-Trunk 5.15.4 Example for Configuring One-Hop BFD for Layer 3 Eth-Trunk Member Link 5.15.5 Example for Configuring One-Hop BFD for Layer 3 Eth-Trunk 5.15.6 Example for Configuring One-Hop BFD for VLANIF Interfaces 5.15.7 Example for Configuring the Association Between the BFD Status and the Interface Status 5.15.8 Example for Configuring the Association Between the BFD Status and the Sub-Interface Status 5.15.9 Example for Configuring Multi-Hop BFD 5.15.10 Example for Configuring the BFD for VPN Routes
5.15.1 Example for Configuring One-Hop BFD for Layer 3 Physical Link
As shown in Figure 5-3, the asynchronous mode of the BFD is used to detect the directly connected link between Router A and Router B. Figure 5-3 Networking diagram of configuring the one-hop BFD
POS1/0/0 10.1.1.1/24
POS1/0/0 10.1.1.2/24
RouterA
RouterB
Issue 03 (2010-03-31)
5-43
5 BFD Configuration
The configuration roadmap is as follows: 1. 2. Configure a BFD session on Router A to detect the directly-connected link between Router A and Router B. Configure a BFD session on Router B to detect the directly-connected link between Router B and Router A.
Data Preparation
l l l
Peer IP address of the BFD The local interface of sending and receiving the BFD control packets The local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure IP addresses of the directly-connected interfaces on Router A and Router B. # Configure the IP address of the interface on Router A.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] undo shutdown [RouterA-Pos1/0/0] ip address 10.1.1.1 24 [RouterA-Pos1/0/0] quit
# Configure the IP address of the interface on Router B.

<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface pos 1/0/0 [RouterB-Pos1/0/0] undo shutdown [RouterB-Pos1/0/0] ip address 10.1.1.2 24 [RouterB-Pos1/0/0] quit
Step 2 Configure the one-hop BFD. # Enable the BFD on Router A, set up the BFD session with Router B and bind the interface to BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip 10.1.1.2 interface pos 1/0/0 [RouterA-bfd-session-atob] discriminator local 1 [RouterA-bfd-session-atob] discriminator remote 2 [RouterA-bfd-session-atob] min-tx-interval 10 [RouterA-bfd-session-atob] min-rx-interval 10 [RouterA-bfd-session-atob] wtr 5 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Enable the BFD on Router B, set up the BFD session with Router A, and bind the interface to the BFD session.
[RouterB] bfd
5-44
Issue 03 (2010-03-31)

[RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip 10.1.1.1 interface pos 1/0/0 [RouterB-bfd-session-btoa] discriminator local 2 [RouterB-bfd-session-btoa] discriminator remote 1 [RouterB-bfd-session-btoa] min-tx-interval 10 [RouterB-bfd-session-btoa] min-rx-interval 10 [RouterB-bfd-session-btoa] wtr 5 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
5 BFD Configuration
Step 3 Verify the configuration. After the configurations, run the display bfd session all verbose command on Router A and Router B, and you can view that a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
<RouterA> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 1 Remote Discriminator : 2 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Pos1/0/0) Bind Session Type : Static Bind Peer Ip Address : 10.1.1.2 NextHop Ip Address : 10.1.1.2 Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l

# sysname RouterA # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # bfd atob bind peer-ip 10.1.1.2 interface Pos1/0/0 discriminator local 1 discriminator remote 2 min-tx-interval 10 min-rx-interval 10 wtr 5
Issue 03 (2010-03-31)
5-45
5 BFD Configuration
commit # return l

# sysname RouterB # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # bfd btoa bind peer-ip 10.1.1.1 interface Pos1/0/0 discriminator local 2 discriminator remote 1 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return
5.15.2 Example for Configuring the One-Hop BFD for IP-Trunk Member Link
As shown in Figure 5-4, an IP-Trunk that consists of two POS links exists between Router A and Router B. Perform the BFD on the member link POS 1/0/0. Figure 5-4 Networking diagram of configuring one-hop BFD for IP-Trunk member link
POS1/0/0
POS1/0/0
RouterA
IP-Trunk1 POS2/0/0 100.1.1.1/24
IP-Trunk1 100.1.1.2/24 POS2/0/0
RouterB
The configuration roadmap is as follows: 1. 2. Create an IP-Trunk interface. Configure the one-hop BFD for the member link.
Data Preparation
To configure the one-hop BFD for the member link, you need the following data:
l
Peer IP address of the BFD, that is, the IP address of the IP-Trunk
5-46

l l
5 BFD Configuration
Local member link interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
Procedure
Step 1 Configure an IP-Trunk interface. # Configure an IP-Trunk interface on Router A and set the lower threshold of the links in the Up state of the IP-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface ip-trunk 1 [RouterA-Ip-Trunk1] undo shutdown [RouterA-Ip-Trunk1] ip address 100.1.1.1 255.255.255.0 [RouterA-Ip-Trunk1] least active-linknumber 1 [RouterA-Ip-Trunk1] quit [RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] undo shutdown [RouterA-Pos1/0/0] link-protocol hdlc [RouterA-Pos1/0/0] ip-trunk 1 [RouterA-Pos1/0/0] quit [RouterA] interface pos 2/0/0 [RouterA-Pos2/0/0] undo shutdown [RouterA-Pos2/0/0] link-protocol hdlc [RouterA-Pos2/0/0] ip-trunk 1 [RouterA-Pos2/0/0] quit
# Configure an IP-Trunk interface on Router B and set the lower threshold of the links in the Up state of the IP-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface ip-trunk 1 [RouterB-Ip-Trunk1] undo shutdown [RouterB-Ip-Trunk1] ip address 100.1.1.2 255.255.255.0 [RouterB-Ip-Trunk1] least active-linknumber 1 [RouterB-Ip-Trunk1] quit [RouterB] interface pos 1/0/0 [RouterB-Pos1/0/0] undo shutdown [RouterB-Pos1/0/0] link-protocol hdlc [RouterB-Pos1/0/0] ip-trunk 1 [RouterB-Pos1/0/0] quit [RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] undo shutdown [RouterB-Pos2/0/0] link-protocol hdlc [RouterB-Pos2/0/0] ip-trunk 1 [RouterB-Pos2/0/0] quit
After the configurations are complete, running the display interface ip-trunk command on Router A or Router B, you can find that the status of the IP-Trunk is Up. Take the display on Router A as an example.
[RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-12, 10:12:19 Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24 Link layer protocol is nonstandard HDLC Physical is IP_TRUNK
Issue 03 (2010-03-31)
5-47
5 BFD Configuration
Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------Pos1/0/0 UP 1 Pos2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
The IP-Trunk interfaces of Router A and Router B can ping through each other.
[RouterA] ping -a 100.1.1.1 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=310 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=40 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/94/310 ms
Step 2 Configure the one-hop BFD for the IP-Trunk. # Configure the BFD session on Router A and Bind the member link interface POS 1/0/0 to the BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd to_Link1 bind peer-ip default-ip interface pos 1/0/0 [RouterA-bfd-session-to_Link1] discriminator local 10 [RouterA-bfd-session-to_Link1] discriminator remote 20 [RouterA-bfd-session-to_Link1] min-tx-interval 10 [RouterA-bfd-session-to_Link1] min-rx-interval 10 [RouterA-bfd-session-to_Link1] wtr 5 [RouterA-bfd-session-to_Link1] commit [RouterA-bfd-session-to_Link1] quit
# Configure the BFD session on Router B and Bind the member link interface POS 1/0/0 to the BFD session.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd to_Link1 bind peer-ip default-ip interface pos 1/0/0 [RouterB-bfd-session-to_Link1] discriminator local 20 [RouterB-bfd-session-to_Link1] discriminator remote 10 [RouterB-bfd-session-to_Link1] min-tx-interval 10 [RouterB-bfd-session-to_Link1] min-rx-interval 10 [RouterB-bfd-session-to_Link1] wtr 5 [RouterB-bfd-session-to_Link1] commit [RouterB-bfd-session-to_Link1] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Router A or Router B, you can find that a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
5 BFD Configuration
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : to_link1 -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Pos1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the shutdown command on POS 1/0/0 of Router A to simulate the link fault.
[RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] shutdown [RouterA-Pos1/0/0] quit
Running the display bfd session all verbose command and the display interface ip-trunk command on Router A and Router B, you can find that the status of the BFD session is Down and the status of the IP-Trunk is still Up.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : to_link1 -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Pos1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Local Demand Mode : Control Detection Time Expired Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : UP
Issue 03 (2010-03-31)
5-49
5 BFD Configuration
Line protocol current state : UP Last line protocol up time: 2007-11-11, 11:12:19 Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24 Link layer protocol is nonstandard HDLC Physical is IP_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------Pos1/0/0 DOWN 1 Pos2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 1
----End
Configuration Files
l

# sysname RouterA # bfd # interface Ip-Trunk1 undo shutdown ip address 100.1.1.1 255.255.255.0 # interface Pos1/0/0 link-protocol hdlc undo shutdown ip-trunk 1 # interface Pos2/0/0 link-protocol hdlc undo shutdown ip-trunk 1 # bfd to_Link1 bind peer-ip default-ip interface pos 1/0/0 discriminator local 10 discriminator remote 20 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return

# sysname RouterB # bfd # interface Ip-Trunk1 undo shutdown ip address 100.1.1.2 255.255.255.0 #
5-50
Issue 03 (2010-03-31)

interface Pos1/0/0 link-protocol hdlc undo shutdown ip-trunk 1 # interface Pos2/0/0 link-protocol hdlc undo shutdown ip-trunk 1 # bfd to_Link1 bind peer-ip default-ip interface pos 1/0/0 discriminator local 20 discriminator remote 10 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return
5 BFD Configuration
5.15.3 Example for Configuring One-Hop BFD for IP-Trunk

As shown in Figure 5-5, an IP-Trunk that consists of two POS links exists between Router A and Router B. Perform the one-hop BFD on the IP-Trunk link. Figure 5-5 Networking diagram of configuring one-hop BFD for IP-Trunk
POS1/0/0
POS1/0/0
RouterA POS2/0/0 IP-Trunk1 100.1.1.1/24
IP-Trunk1 100.1.1.2/24
POS2/0/0 RouterB
The configuration roadmap is as follows: 1. 2. Create an IP-Trunk interface. Configure the one-hop BFD for IP-Trunk link.
Data Preparation
To configure the one-hop BFD for the IP-Trunk link, you need the following data:
l l l
Peer IP address of the BFD, that is, the IP address of the IP-Trunk Local IP-Trunk interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
5 BFD Configuration
Procedure
Step 1 Configure an IP-Trunk interface. # Create an IP-Trunk interface on Router A and set the lower threshold of the links in the Up state of the IP-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface ip-trunk 1 [RouterA-Ip-Trunk1] undo shutdown [RouterA-Ip-Trunk1] ip address 100.1.1.1 255.255.255.0 [RouterA-Ip-Trunk1] least active-linknumber 1 [RouterA-Ip-Trunk1] quit [RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] undo shutdown [RouterA-Pos1/0/0] link-protocol hdlc [RouterA-Pos1/0/0] ip-trunk 1 [RouterA-Pos1/0/0] quit [RouterA] interface pos 2/0/0 [RouterA-Pos2/0/0] undo shutdown [RouterA-Pos2/0/0] link-protocol hdlc [RouterA-Pos2/0/0] ip-trunk 1 [RouterA-Pos2/0/0] quit
# Create an IP-Trunk interface on Router B and set the lower threshold of the links in the Up state of the IP-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface ip-trunk 1 [RouterB-Ip-Trunk1] undo shutdown [RouterB-Ip-Trunk1] ip address 100.1.1.2 255.255.255.0 [RouterB-Ip-Trunk1] least active-linknumber 1 [RouterB-Ip-Trunk1] quit [RouterB] interface pos 1/0/0 [RouterB-Pos1/0/0] undo shutdown [RouterB-Pos1/0/0] link-protocol hdlc [RouterB-Pos1/0/0] ip-trunk 1 [RouterB-Pos1/0/0] quit [RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] undo shutdown [RouterB-Pos2/0/0] link-protocol hdlc [RouterB-Pos2/0/0] ip-trunk 1 [RouterB-Pos2/0/0] quit
After the configurations are complete, running the display interface ip-trunk command on Router A or Router B, you can find that the status of the interface is Up. Take the display on Router A as an example.
[RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-13, 10:18:19 Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24 Link layer protocol is nonstandard HDLC Physical is IP_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops
5-52
Issue 03 (2010-03-31)

----------------------------------------------------PortName Status Weight ----------------------------------------------------Pos1/0/0 UP 1 Pos2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
5 BFD Configuration
The IP-Trunk interface of Router A and Router B can ping through each other. Take the results on Router A as an example.
[RouterA] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=220 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=40 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/66/220 ms
Step 2 Configure the one-hop BFD for the IP-Trunk. # Enable the BFD on Router A, configure the BFD session with Router B and bind the IP-Trunk interface to the BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip 100.1.1.2 interface ip-trunk 1 [RouterA-bfd-session-atob] discriminator local 10 [RouterA-bfd-session-atob] discriminator remote 20 [RouterA-bfd-session-atob] min-tx-interval 10 [RouterA-bfd-session-atob] min-rx-interval 10 [RouterA-bfd-session-atob] wtr 5 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Enable the BFD on Router B, configure the BFD session with Router A and bind the IP-Trunk interface to the BFD session.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip 100.1.1.1 interface ip-trunk 1 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] min-tx-interval 10 [RouterB-bfd-session-btoa] min-rx-interval 10 [RouterB-bfd-session-btoa] wtr 5 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Router A or Router B, you can find that a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function
Issue 03 (2010-03-31)
5-53
5 BFD Configuration
BFD Bind Type : Interface(Ip-Trunk 1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Ip-Trunk 1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the shutdown command on the POS 1/0/0 of Router A to simulate the link fault.
Running the display bfd session all verbose command and the display interface ip-trunk command on Router A and Router B, you can find that the status of the BFD session and that of the IP-Trunk interface are Up.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Ip-Trunk 1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Ip-Trunk 1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-14, 10:12:45 Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24
5-54
Issue 03 (2010-03-31)

Link layer protocol is nonstandard HDLC Physical is IP_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 errors,0 drops Output:0 packets,0 bytes, 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------Pos1/0/0 DOWN 1 Pos2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 1
5 BFD Configuration
Run the shutdown command on POS 2/0/0 of Router A to simulate the link fault.
Running the display bfd session all verbose command and the display interface ip-trunk command on Router A and Router B, you can find that the status of the BFD session and that of the IP-Trunk interface are Down.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Ip-Trunk 1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Ip-Trunk 1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : Down Line protocol current state : Down Last line protocol up time: 2007-11-15, 12:12:19 Description : HUAWEI, Ip-Trunk1 Interface, Route Port Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24 Link layer protocol is nonstandard HDLC Physical is IP_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 errors,0 drops
Issue 03 (2010-03-31)
5-55
5 BFD Configuration
Output:0 packets,0 bytes, 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------Pos1/0/0 DOWN 1 Pos2/0/0 DOWN 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 0
----End
Configuration Files
l

# sysname RouterA # bfd # interface Ip-Trunk1 undo shutdown ip address 100.1.1.1 255.255.255.0 # interface Pos1/0/0 link-protocol hdlc undo shutdown ip-trunk 1 # interface Pos2/0/0 link-protocol hdlc undo shutdown ip-trunk 1 # bfd atob bind peer-ip 100.1.1.2 interface ip-trunk 1 discriminator local 10 discriminator remote 20 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return
Configuration file Router B

# sysname RouterB # bfd # interface Ip-Trunk1 undo shutdown ip address 100.1.1.2 255.255.255.0 # interface Pos1/0/0 link-protocol hdlc undo shutdown ip-trunk 1 # interface Pos2/0/0 link-protocol hdlc undo shutdown ip-trunk 1 # bfd btoa bind peer-ip 100.1.1.1 interface ip-trunk 1 discriminator local 20 discriminator remote 10
5-56
Issue 03 (2010-03-31)

min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return
5 BFD Configuration
5.15.4 Example for Configuring One-Hop BFD for Layer 3 EthTrunk Member Link
As shown in Figure 5-6, an Eth-Trunk that consists of two GE links exists between Router A and Router B. Perform the BFD on the GE 1/0/0 of the member link. Figure 5-6 Networking diagram of configuring one-hop BFD for Layer 3 Eth-Trunk member link
GE1/0/0 Eth-Trunk1 100.1.1.1/24 Eth-Trunk1 100.1.1.2/24
GE1/0/0
RouterA GE2/0/0
GE2/0/0 RouterB
The configuration roadmap is as follows: 1. 2. Create an Eth-Trunk interface. Configure the one-hop BFD for the specified member link.
Data Preparation
To configure the one-hop BFD for Layer 3 Eth-Trunk member link, you need the following data:
l l l
Peer IP address of the BFD, that is, the IP address of the Eth-Trunk Local member link interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
Procedure
Step 1 Configure an Eth-Trunk interface. # Create an Eth-Trunk interface on Router A.
5 BFD Configuration
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface eth-trunk 1 [RouterA-Eth-Trunk1] undo shutdown [RouterA-Eth-Trunk1] ip address 100.1.1.1 24 [RouterA-Eth-Trunk1] least active-linknumber 1 [RouterA-Eth-Trunk1] quit [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] eth-trunk 1 [RouterA-GigabitEthernet1/0/0] quit [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] eth-trunk 1 [RouterA-GigabitEthernet2/0/0] quit
# Create an Eth-Trunk interface on Router B.

<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface eth-trunk 1 [RouterB-Eth-Trunk1] undo shutdown [RouterB-Eth-Trunk1] ip address 100.1.1.2 24 [RouterB-Eth-Trunk1] least active-linknumber 1 [RouterB-Eth-Trunk1] quit [RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] undo shutdown [RouterB-GigabitEthernet1/0/0] eth-trunk 1 [RouterB-GigabitEthernet1/0/0] quit [RouterB] interface gigabitethernet 2/0/0 [RouterB-GigabitEthernet2/0/0] undo shutdown [RouterB-GigabitEthernet2/0/0] eth-trunk 1 [RouterB-GigabitEthernet2/0/0] quit
After the above configurations, running the display interface eth-trunk command on Router A or Router B, you can find that the status of the interface is Up. Take the display on Route A as an example.
[RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-10, 11:35:19 Hash arithmetic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-271e-f652 Physical is ETH_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 UP 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
The Eth-Trunk interfaces of Router A and Router B can ping through each other.
[RouterA] ping -a 100.1.1.1 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
5-58
Issue 03 (2010-03-31)

Reply from 100.1.1.2: bytes=56 Sequence=2 Reply from 100.1.1.2: bytes=56 Sequence=3 Reply from 100.1.1.2: bytes=56 Sequence=4 Reply from 100.1.1.2: bytes=56 Sequence=5 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/49/62 ms ttl=255 ttl=255 ttl=255 ttl=255 time=31 time=62 time=62 time=62 ms ms ms ms
5 BFD Configuration
Step 2 Configure the one-hop BFD for the Layer 3 Eth-Trunk member link. # Configure the BFD session on Router A and bind the member link interface GE 1/0/0.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd to_link1 bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterA-bfd-session-to_link1] discriminator local 10 [RouterA-bfd-session-to_link1] discriminator remote 11 [RouterA-bfd-session-to_link1] min-tx-interval 10 [RouterA-bfd-session-to_link1] min-rx-interval 10 [RouterA-bfd-session-to_link1] wtr 5 [RouterA-bfd-session-to_link1] commit [RouterA-bfd-session-to_link1] quit
# Configure the BFD session on Router B and bind the member link interface GE 1/0/0.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd to_link1 bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterB-bfd-session-to_link1] discriminator local 11 [RouterB-bfd-session-to_link1] discriminator remote 10 [RouterB-bfd-session-to_link1] min-tx-interval 10 [RouterB-bfd-session-to_link1] min-rx-interval 10 [RouterB-bfd-session-to_link1] wtr 5 [RouterB-bfd-session-to_link1] commit [RouterB-bfd-session-to_link1] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Route A and Route B, you can find that the one-hop BFD session is set up and its status is Up. Take the display on Route A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : to_link1 -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 11 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : --
Issue 03 (2010-03-31)
5-59
5 BFD Configuration
Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Running the shutdown command on GE 1/0/0 of Router A to simulate the link fault, you can find that the BFD session is in the Down state and the Eth-Trunk status is still in the Up state.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : to_link1 -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 11 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-23, 11:52:49 Hash arithmatic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK Last 300 seconds input rate bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 DOWN 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 1
----End
Configuration Files
l

5-60
5 BFD Configuration
# sysname RouterA # bfd # interface Eth-Trunk1 undo shutdown ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # bfd to_link1 bind peer-ip default-ip interface GigabitEthernet 1/0/0 discriminator local 10 discriminator remote 11 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return l

# sysname RouterB # bfd # interface Eth-Trunk1 undo shutdown ip address 100.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # bfd to_link1 bind peer-ip default-ip interface GigabitEthernet 1/0/0 discriminator local 11 discriminator remote 10 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return
5.15.5 Example for Configuring One-Hop BFD for Layer 3 EthTrunk

Networking requirements
As shown in Figure 5-7, an Eth-Trunk that consists of two GE links exists between Route A and Route B. Perform the BFD on the Eth-Trunk link.
Issue 03 (2010-03-31)
5-61
5 BFD Configuration
Figure 5-7 Networking diagram of configuring one-hop BFD for Layer 3 Eth-Trunk
GE1/0/0 Eth-Trunk1 100.1.1.1/24 Eth-Trunk1 100.1.1.2/24
GE1/0/0
RouterA GE2/0/0
GE2/0/0
RouterB
The configuration roadmap is as follows: 1. 2. Create an Eth-Trunk interface. Configure the one-hop BFD for the Eth-Trunk link.
Data Preparation
To configure the one-hop BFD for the Layer 3 Eth-Trunk, you need the following data:
l l l
Peer IP address of the BFD, that is, the IP address of the Eth-Trunk Local Eth-Trunk interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
Procedure
Step 1 Configure an Eth-Trunk interface. # Create an Eth-Trunk interface on Router A and set the lower threshold of the Up links of the Eth-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface eth-trunk 1 [RouterA-Eth-Trunk1] undo shutdown [RouterA-Eth-Trunk1] ip address 100.1.1.1 24 [RouterA-Eth-Trunk1] least active-linknumber 1 [RouterA-Eth-Trunk1] quit [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] eth-trunk 1 [RouterA-GigabitEthernet1/0/0] quit [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] eth-trunk 1 [RouterA-GigabitEthernet2/0/0] quit
# Create an Eth-Trunk interface on Router B and set the lower threshold of the Up links of the Eth-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterB
5-62
Issue 03 (2010-03-31)

[RouterB] interface eth-trunk 1 [RouterB-Eth-Trunk1] undo shutdown [RouterB-Eth-Trunk1] ip address 100.1.1.2 24 [RouterB-Eth-Trunk1] least active-linknumber 1 [RouterB-Eth-Trunk1] quit [RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] undo shutdown [RouterB-GigabitEthernet1/0/0] eth-trunk 1 [RouterB-GigabitEthernet1/0/0] quit [RouterB] interface gigabitethernet 2/0/0 [RouterB-GigabitEthernet2/0/0] undo shutdown [RouterB-GigabitEthernet2/0/0] eth-trunk 1 [RouterB-GigabitEthernet2/0/0] quit
5 BFD Configuration
After these configurations are complete, running the display interface eth-trunk command on Router A or Router B, you can find that the status of the interface is Up. Take the display on Router A as an example.
[RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-19, 12:17:09 Hash arithmetic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-271e-f652 Physical is ETH_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 UP 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
The Eth-Trunks of Router A and Router B can ping though each other.
[RouterA] ping -a 100.1.1.1 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=31 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=62 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=62 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=62 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/49/62 ms
ms ms ms ms ms
Step 2 Configure the one-hop BFD for Layer 3 Eth-Trunk link. # Enable the BFD on Router A, configure the BFD session with Router B and bind the EthTrunk to the BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip 100.1.1.2 interface eth-trunk 1 [RouterA-bfd-session-atob] discriminator local 10
Issue 03 (2010-03-31)
5-63
5 BFD Configuration
[RouterA-bfd-session-atob] [RouterA-bfd-session-atob] [RouterA-bfd-session-atob] [RouterA-bfd-session-atob] [RouterA-bfd-session-atob] [RouterA-bfd-session-atob] discriminator remote 20 min-tx-interval 10 min-rx-interval 10 wtr 5 commit quit
# Enable the BFD on Router B, configure the BFD session with Router A and bind the EthTrunk to the BFD session.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip 100.1.1.1 interface eth-trunk 1 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] min-tx-interval 10 [RouterB-bfd-session-btoa] min-rx-interval 10 [RouterB-bfd-session-btoa] wtr 5 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Router A and Router B, you can find a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Eth-Trunk1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Eth-Trunk1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the shutdown command on the GE 1/0/0 of Router A to simulate the link fault.
[RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] shutdown [RouterA-GigabitEthernet1/0/0] quit
Running the display bfd session all verbose command and the display interface eth-trunk command on Router A and Router B, you can find that the status of the BFD session and the Eth-Trunk is still Up.
[RouterA] display bfd session all verbose --------------------------------------------------------------------------------
5-64
Issue 03 (2010-03-31)
5 BFD Configuration
Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Eth-Trunk1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Eth-Trunk1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-17, 10:15:34 Hash arithmatic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK Last 300 seconds input rate bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 DOWN 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 1
Run the shutdown command on the GE 2/0/0 of Router A to simulate the link fault. Running the display bfd session all verbose command and the display interface eth-trunk command on Router A and Router B, you can find that status of the BFD session and that of the Eth-Trunk interface become Down.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Eth-Trunk1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Eth-Trunk1
Issue 03 (2010-03-31)
5-65
5 BFD Configuration
FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : Down Line protocol current state : Down Last line protocol up time: 2007-11-09, 10:45:18 Hash arithmatic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK Last 300 seconds input rate bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 DOWN 1 GigabitEthernet2/0/0 DOWN 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 0
----End
Configuration Files
l

# sysname RouterA # bfd # interface Eth-Trunk1 undo shutdown ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # bfd atob bind peer-ip 100.1.1.2 interface Eth-Trunk 1 discriminator local 10 discriminator remote 20
5-66
Issue 03 (2010-03-31)

min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return l
5 BFD Configuration

# sysname RouterB # bfd # interface Eth-Trunk1 undo shutdown ip address 100.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # bfd btoa bind peer-ip 100.1.1.1 interface Eth-Trunk 1 discriminator local 20 discriminator remote 10 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return
5.15.6 Example for Configuring One-Hop BFD for VLANIF Interfaces

As shown in Figure 5-8, one Ethernet link that belongs to the same VLANIF exists between Route A and Router B.
NOTE
The VLAN between two directly-connected routers should apply one link.
Figure 5-8 Networking diagram of configuring one-hop BFD for VLANIF interfaces
VLANIF10: 110.1.1.1/24 GE1/0/0
VLANIF10: 110.1.1.2/24 GE1/0/0
RouterA
RouterB
Configuration Roadmaps
The configuration roadmap is as follows:
5 BFD Configuration
1. 2.
Configure the VLAN that is based on the interface. Configure the one-hop BFD for the VLANIF.
Data Preparation
To configure the one-hop BFD for the VLANIF, you need the following data:
l l l
Peer IP address of the BFD, that is, the IP address of the VLANIF interface Local VLANIF interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
Procedure
Step 1 Configure VLAN 10. # Configure VLAN 10 on Router A.
<RouterA> system-view [HUAWEI] sysname RouterA [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] portswitch [RouterA-GigabitEthernet1/0/0] quit [RouterA] vlan 10 [RouterA-vlan10] port gigabitethernet 1/0/0 [RouterA-vlan10] quit [RouterA] interface vlanif 10 [RouterA-Vlanif10] undo shutdown [RouterA-Vlanif10] ip address 110.1.1.1 24 [RouterA-Vlanif10] quit
# Configure VLAN 10 on Router B.

<RouterB> system-view [HUAWEI] sysname RouterB [RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] undo shutdown [RouterB-GigabitEthernet1/0/0] portswitch [RouterB-GigabitEthernet1/0/0] quit [RouterB] vlan 10 [RouterB-vlan10] port gigabitethernet 1/0/0 [RouterB-vlan10] quit [RouterB] interface vlanif 10 [RouterB-Vlanif10] undo shutdown [RouterB-Vlanif10] ip address 110.1.1.2 24 [RouterB-Vlanif10] quit
After the configuration, run the display interface vlanif command on Router A or Router B, and you can view that the interface is Up. Take the display onRouter A as an example.
[RouterA] display interface vlanif 10 Vlanif10 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-23, 13:11:19 Description : Vlanif10 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 110.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7a-9e35
5-68
Issue 03 (2010-03-31)

Physical is VLANIF Last 300 seconds input rate 0 bits/sec, 0 packets/sec Last 300 seconds output rate 0 bits/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicast Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicast
5 BFD Configuration
The VLANIF interfaces on Router A and Router B can ping through each other.
[RouterA] ping -a 110.1.1.1 110.1.1.2 PING 110.1.1.2: 56 data bytes, press CTRL_C to break Reply from 110.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 Reply from 110.1.1.2: bytes=56 Sequence=2 ttl=255 time=31 Reply from 110.1.1.2: bytes=56 Sequence=3 ttl=255 time=62 Reply from 110.1.1.2: bytes=56 Sequence=4 ttl=255 time=62 Reply from 110.1.1.2: bytes=56 Sequence=5 ttl=255 time=62 --- 110.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/49/62 ms
ms ms ms ms ms
Step 2 Configure the one-hop BFD for the VLANIF. # Enable the BFD on Router A, configure the BFD session with Router B and bind the VLANIF interface to the BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip 110.1.1.2 interface vlanif 10 [RouterA-bfd-session-atob] discriminator local 10 [RouterA-bfd-session-atob] discriminator remote 20 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Enable the BFD on Router B, configure the BFD session with Router A and bind the VLANIF interface to the BFD session.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip 110.1.1.1 interface vlanif 10 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 3 Verify the configuration. After the configurations are complete, run the display bfd session all verbose command on Router A and Router B, you can view that a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Vlanif10) Bind Session Type : Static Bind Peer Ip Address : 110.1.1.2 NextHop Ip Address : 110.1.1.2 Bind Interface : Vlanif10 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30
Issue 03 (2010-03-31)
5-69
5 BFD Configuration
Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 4
[RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] shutdown [RouterA-GigabitEthernet1/0/0] quit
Run the display bfd session all verbose command on Router A and Router B, and you can view that the status of the BFD session goes Down. Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Vlanif10) Bind Session Type : Static Bind Peer Ip Address : 110.1.1.2 NextHop Ip Address : 110.1.1.2 Bind Interface : Vlanif10 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l

# sysname RouterA # vlan batch 10 # bfd # interface Vlanif10 undo shutdown ip address 110.1.1.1 255.255.255.0 #
5-70
Issue 03 (2010-03-31)

interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 # bfd atob bind peer-ip 110.1.1.2 interface vlanif 10 discriminator local 10 discriminator remote 20 commit # return l
5 BFD Configuration

# sysname RouterB # vlan batch 10 # bfd # interface Vlanif10 undo shutdown ip address 110.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 # bfd btoa bind peer-ip 110.1.1.1 interface vlanif 10 discriminator local 20 discriminator remote 10 commit # return
5.15.7 Example for Configuring the Association Between the BFD Status and the Interface Status
As shown in Figure 5-9, transmission devices exist on the link. By configuring the association between the BFD status and the interface status, the status change of the BFD session between GE 1/0/0 of Router A and GE 1/0/0 of Router B can affect the protocol status of the interface, and can trigger the fast convergence of routes when the link between transmission devices fails. Figure 5-9 Configuring the association between the BFD status and the interface status GE1/0/0 GE1/0/0
RouterA
RouterB
The configuration roadmap is as follows: 1.
Issue 03 (2010-03-31)
Configure a BFD session on Router A.

5 BFD Configuration
2. 3. 4.
Configure a BFD session on Router B. Configure the association between the BFD status and the interface status on Router A when the BFD session is Up. Configure the association between the BFD status and the interface status on Router B when the BFD session is Up.
Data Preparation
l l l
Peer IP address detected by BFD Local interface that sends and receives BFD Control packets Local discriminator and remote discriminator of the BFD session
Procedure
Step 1 Configure the IP address of the interface that directly connects Router A to Router B. # Configure the IP address of the interface on Router A.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet1/0/0] quit
# Configure the IP address of the interface on Router B.

<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] undo shutdown [RouterB-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [RouterB-GigabitEthernet1/0/0] quit
Step 2 Configure the one-hop BFD detection. # On Router A, enable BFD and configure the BFD session between Router A and Router B.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterA-bfd-session-atob] discriminator local 10 [RouterA-bfd-session-atob] discriminator remote 20 [RouterA-bfd-session-atob] min-tx-interval 10 [RouterA-bfd-session-atob] min-rx-interval 10 [RouterA-bfd-session-atob] wtr 5 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# On Router B, enable BFD and configure the BFD session between Router B and Router A.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] min-tx-interval 10
5-72
Issue 03 (2010-03-31)

[RouterB-bfd-session-btoa] [RouterB-bfd-session-btoa] [RouterB-bfd-session-btoa] [RouterB-bfd-session-btoa] min-rx-interval 10 wtr 5 commit quit
5 BFD Configuration
# After the configuration, run the display bfd session all verbose command on Router A and Router B, and you can view that a one-hop BFD session is established. The session is in the Up state. Take Router A as an example:
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 3 Configure the association between the BFD status and the interface status. # Configure the association between the BFD status and the interface status on Router A.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob [RouterA-bfd-session-atob] process-interface-status [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Configure the association between the BFD status and the interface status on Router B.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa [RouterB-bfd-session-btoa] process-interface-status [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 4 Verify the configuration. After the configuration is complete, run the display bfd session all verbose command on Router A and Router B, and you can view that the field Proc interface status displays Enable. Take Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Up Name : atob --------------------------------------------------------------------------------
Issue 03 (2010-03-31)
5-73
5 BFD Configuration
Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Enable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application :IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the shutdown command on GE 1/0/0 of Router B to terminate the BFD session.
[RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] shutdown [RouterB-GigabitEthernet1/0/0] quit
Run the display bfd session all verbose and display interface gigabitethernet 1/0/0 commands on Router A, and you can view that the status of the BFD session is Down, and the status of GE 1/0/0 is UP (BFD status down).
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Enable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Neighbor Signaled Session Down Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface gigabitethernet 1/0/0 GigabitEthernet1/0/0 current state : UP Line protocol current state : UP(BFD status down) Last line protocol up time: 2008-10-16 09:25:17 Description : HUAWEI, GigabitEthernet1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes
5-74
Issue 03 (2010-03-31)
5 BFD Configuration
Internet Address is 10.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcc7-565a The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send an d Receive Enable Last physical up time : 2008-10-16 09:18:48 Last physical down time : 2008-10-16 09:18:42 Statistics last cleared:never Last 300 seconds input rate: 56 bits/sec, 0 packets/sec Last 300 seconds output rate: 88 bits/sec, 0 packets/sec Input: 420904 bytes, 5802 packets Output: 1250456 bytes, 13926 packets Input: Unicast: 461 packets, Multicast: 5331 packets Broadcast: 10 packets, Jumbo: 0 packets CRC: 3 packets, Symbol: 0 packets Overrun: 0 packets, InRangeLength: 0 packets LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets Fragment: 0 packets, Undersized Frame: 0 packets RxPause: 0 packets Output: Unicast: 8622 packets, Multicast: 5293 packets Broadcast: 11 packets, Jumbo: 0 packets Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets TxPause: 0 packets Unknown Vlan: 0 packets
----End
Configuration Files
l

# sysname RouterA # bfd # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 # bfd atob bind peer-ip default-ip interface GigabitEthernet1/0/0 discriminator local 10 discriminator remote 20 min-tx-interval 10 min-rx-interval 10 wtr 5 process-interface-status commit # return

# sysname RouterB # bfd # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 # bfd btoa bind peer-ip default-ip interface GigabitEthernet1/0/0 discriminator local 20 discriminator remote 10 min-tx-interval 10
Issue 03 (2010-03-31)
5-75
5 BFD Configuration
min-rx-interval 10 wtr 5 process-interface-status commit # return
5.15.8 Example for Configuring the Association Between the BFD Status and the Sub-Interface Status
As shown in Figure 5-10, in the large-scale MAN Ethernet network that has high requirements for reliability, a large number of services need to be configured on the sub-interface. You can set up BFD sessions to detect the connectivity of the main interface link and configure the association between the BFD status and the sub-interface status. This can improve the reliability of the service on the sub-interface and save the session resources. Figure 5-10 Association between the BFD status and the sub-interface status
GE1/0/0 GE1/0/0.1 RouterA
GE1/0/0 GE1/0/0.1 RouterB
The configuration roadmap is as follows: 1. 2. 3. 4. Configure a BFD session on Router A. Configure a BFD session on Router B. Configure the association between the BFD status and the sub-interface status when the BFD session on Router A is Up. Configure the association between the BFD status and the sub-interface status when the BFD session on Router B is Up.
Data Preparation
To configure the association between the BFD status and the sub-interface status, you need the following data:
l l l
IP address of the main interface on the remote end detected by BFD Local interface that sends and receives BFD Control packets Local discriminator and remote discriminator of the BFD session
5 BFD Configuration
Procedure
Step 1 Configure the IP addresses of the main interfaces on Router A and Router B and create the subinterface. # Configure the IP address of the interface on Router A and create the sub-interface.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet1/0/0] quit [RouterA] interface gigabitethernet 1/0/0.1 [RouterA-GigabitEthernet1/0/0.1] undo shutdown [RouterA-GigabitEthernet1/0/0.1] ip address 11.1.1.1 24 [RouterA-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [RouterA-GigabitEthernet1/0/0.1] quit
# Configure the IP address of the interface on Router B and create the sub-interface.
<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] undo shutdown [RouterB-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [RouterB-GigabitEthernet1/0/0] quit [RouterB] interface gigabitethernet 1/0/0.1 [RouterB-GigabitEthernet1/0/0.1] undo shutdown [RouterB-GigabitEthernet1/0/0.1] ip address 11.1.1.2 24 [RouterB-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [RouterB-GigabitEthernet1/0/0.1] quit
Step 2 Configure the one-hop BFD detection. # On Router A, enable BFD and configure the BFD session between Router A and Router B and bind the session with the main interface.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterA-bfd-session-atob] discriminator local 10 [RouterA-bfd-session-atob] discriminator remote 20 [RouterA-bfd-session-atob] min-tx-interval 10 [RouterA-bfd-session-atob] min-rx-interval 10 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# On Router B, enable BFD and configure the BFD session between Router B and Router A and bind the session with the main interface.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] min-tx-interval 10 [RouterB-bfd-session-btoa] min-rx-interval 10 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
# After the configuration is complete, run the display bfd session all verbose command on Router A and Router B, and you can view that a one-hop BFD session is set up, and the session status is Up. Take the display on Router A as an example.
[RouterA] display bfd session all verbose
Issue 03 (2010-03-31)
5-77
5 BFD Configuration
-------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 3 Configure the association between the BFD status and the sub-interface status. # Configure the association between the BFD status and the sub-interface status on Router A.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob [RouterA-bfd-session-atob] process-interface-status sub-if [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Configure the association between the BFD status and the sub-interface status on Router B.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa [RouterB-bfd-session-btoa] process-interface-status sub-if [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 4 Verify the configuration. # After the configuration is complete, run the display bfd session all verbose command on Router A and Router B, and you can view that the field Proc interface status displays Enable (Sub-If). Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7
5-78
Issue 03 (2010-03-31)
5 BFD Configuration
Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Enable (Sub-If) Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
# Run the shutdown command on GE 1/0/0 of Router B to shut BFD sessions Down.
[RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] shutdown [RouterB-GigabitEthernet1/0/0] quit
# Run the display bfd session all verbose and display interface gigabitethernet1/0/0.1 commands on Router A, and you can view that the status of the BFD session is Down, and the status of GE1/0/0.1 is UP (Main BFD status down).
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Neighbor Signaled Session Down Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface gigabitethernet 1/0/0.1 GigabitEthernet1/0/0.1 current state : UP Line protocol current state : UP(Main BFD status down) Last line protocol up time: 2007-11-10, 11:09:19 Route Port,The Maximum Transmit Unit is 1500 bytes Internet Address is 11.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcc7-565a Encapsulation dot1q Virtual LAN, Vlan number 1 Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicast 0 errors,0 drops
Issue 03 (2010-03-31)
5-79
5 BFD Configuration
Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicast 0 errors,0 drops
----End
Configuration Files
l

# sysname RouterA # bfd # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 11.1.1.1 255.255.255.0 # bfd atob bind peer-ip 10.1.1.2 interface GigabitEthernet1/0/0 discriminator local 10 discriminator remote 20 min-tx-interval 10 min-rx-interval 10 process-interface-status sub-if commit # return

# sysname RouterB # bfd # interface GigabitEthernet1/0/0 undo shutdown ip address 11.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.2 255.255.255.0 # bfd btoa bind peer-ip 10.1.1.1 interface GigabitEthernet1/0/0 discriminator local 20 discriminator remote 10 min-tx-interval 10 min-rx-interval 10 process-interface-status sub-if commit # return
5.15.9 Example for Configuring Multi-Hop BFD

As shown in Figure 5-11, the asynchronous mode of the BFD is used to detect the multi-hop routes between Router A and Router C.
5 BFD Configuration
Figure 5-11 Networking diagram of the multi-hop BFD
POS1/0/0 10.1.1.1/24
POS1/0/0 10.1.1.2/24
POS2/0/0 10.2.1.1/24
POS1/0/0 10.2.1.2/24
RouterA
RouterB
RouterC
The configuration roadmap is as follows: 1. 2. Configure a BFD session on Router A to detect the multi-hop routes between Router A and Router C. Configure a BFD session on Router C to detect the multi-hop routes between Router C and Router A.
Data Preparation
l l
Peer IP address of the BFD Local discriminator and remote discriminator of the BFD session
Procedure
Step 1 Configure the reachable routes between Router A, Router B, and Router C. In this example, the static route is used. The detailed configuration is not mentioned here. Step 2 Configure the multi-hop detection between Router A and Router C. # Configure a BFD session with Router C on Router A. You do not need to bind the interface.
<RouterA> system-view [RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atoc bind peer-ip 10.2.1.2 [RouterA-bfd-session-atoc] discriminator local 10 [RouterA-bfd-session-atoc] discriminator remote 20 [RouterA-bfd-session-atoc] min-tx-interval 10 [RouterA-bfd-session-atoc] min-rx-interval 10 [RouterA-bfd-session-atoc] wtr 10 [RouterA-bfd-session-atoc] commit [RouterA-bfd-session-atoc] quit
# Configure a BFD session with Router A on Router C. You do not need to bind the interface.
<RouterC> system-view [RouterC] bfd [RouterC-bfd] quit
Issue 03 (2010-03-31)
5-81
5 BFD Configuration
[RouterC] bfd ctoa bind peer-ip 10.1.1.1 [RouterC-bfd-session-ctoa] discriminator local 20 [RouterC-bfd-session-ctoa] discriminator remote 10 [RouterC-bfd-session-ctoa] min-tx-interval 10 [RouterC-bfd-session-ctoa] min-rx-interval 10 [RouterC-bfd-session-ctoa] wtr 10 [RouterC-bfd-session-ctoa] commit [RouterC-bfd-session-ctoa] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Router A and Router C, you can view that a multi-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
<RouterA> display bfd session all -------------------------------------------------------------------------------Session MIndex : 256 (Multi Hop) State : Up Name : atoc -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer Ip Address Bind Session Type : Static Bind Peer Ip Address : 10.2.1.2 Bind Interface : -FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 254 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 600000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l

# sysname RouterA # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # bfd atoc bind peer-ip 10.2.1.2 discriminator local 10 discriminator remote 20 min-tx-interval 10 min-rx-interval 10 wtr 10 commit #
5-82
Issue 03 (2010-03-31)

ip route-static 10.2.1.0 255.255.255.0 10.1.1.2 # return l
5 BFD Configuration

# sysname RouterB # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.2.1.1 255.255.255.0 # return

# sysname RouterC # bfd # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.2.1.2 255.255.255.0 # bfd ctoa bind peer-ip 10.1.1.1 discriminator local 20 discriminator remote 10 min-tx-interval 10 min-rx-interval 10 wtr 10 commit # ip route-static 10.1.1.0 255.255.255.0 10.2.1.1 # return
5.15.10 Example for Configuring the BFD for VPN Routes

Figure 5-12 shows a networking diagram of configuring the BFD for VPN routes.
l
CE1 and CE2 belong to VPN-A. They access the MPLS backbone network through PE1 and PE2 respectively. GE 1/0/0 of PE1 and GE 1/0/0 of PE2 are bound to VPN-A. BFD in asynchronous mode is used to detect the VPN route between PE1 and PE2.
l l
Issue 03 (2010-03-31)
5-83
5 BFD Configuration
Figure 5-12 Networking diagram of configuring the BFD for VPN routes
Loopback1 1.1.1.1/32
Loopback1 2.2.2.2/32 POS1/0/0 172.1.1.2/24
Loopback1 3.3.3.3/32
PE1
GE1/0/0 10.1.1.2/24
POS2/0/0 172.1.1.1/24
P MPLS Backbone AS:100
POS2/0/0 172.2.1.1/24 POS2/0/0 172.2.1.2/24
PE2
GE1/0/0 10.2.1.2/24
GE1/0/0 10.1.1.1/24
GE1/0/0 10.2.1.1/24
CE1 VPN-A AS:65410
CE2 VPN-A AS:65420
The configuration roadmap is as follows: 1. 2. Configure a BFD session on PE1 to detect the multi-hop path from PE1 to PE2. Configure a BFD session on PE2 to detect the multi-hop path from PE2 to PE1.
Data Preparation
To configure the BFD for VPN routes, you need the following data:
l l
Peer IP address of the BFD Local discriminator and remote discriminator of the BFD session
Procedure
Step 1 Configure the MPLS backbone network to interconnect PE1 and PE2. The configuration details are not mentioned here. Step 2 Configure the VPN instance. The configuration details are not mentioned here. Step 3 Configure the VPN route between PE1 and PE2 to be reachable. The configuration details are not mentioned here. After the configuration is complete, PE1 can ping through the IP address of GE 1/0/0 on PE2.
<PE1> ping -vpn-instance vpna 10.2.1.2 PING 10.2.1.2: 56 data bytes, press CTRL_C to break Reply from 10.2.1.2: bytes=56 Sequence=1 ttl=254 time=60 ms Reply from 10.2.1.2: bytes=56 Sequence=2 ttl=254 time=50 ms Reply from 10.2.1.2: bytes=56 Sequence=3 ttl=254 time=50 ms
5-84
Issue 03 (2010-03-31)

Reply from 10.2.1.2: bytes=56 Sequence=4 ttl=254 time=60 ms Reply from 10.2.1.2: bytes=56 Sequence=5 ttl=254 time=50 ms --- 10.2.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 50/54/60 ms
5 BFD Configuration
Step 4 Configure the detection on the VPN route between PE1 and PE2. # On PE1, configure the BFD session between PE1 and PE2 and bind the session with the VPN instance.
<PE1> system-view [PE1] bfd [PE1-bfd] quit [PE1] bfd 1to2_vpn bind peer-ip 10.2.1.2 vpn-instance vpna [PE1-bfd-session-1to2_vpn] discriminator local 12 [PE1-bfd-session-1to2_vpn] discriminator remote 21 [PE1-bfd-session-1to2_vpn] min-tx-interval 10 [PE1-bfd-session-1to2_vpn] min-rx-interval 10 [PE1-bfd-session-1to2_vpn] wtr 5 [PE1-bfd-session-1to2_vpn] commit
# On PE2, configure the BFD session between PE2 and PE1 and bind the session and the VPN instance.
<PE2> system-view [PE2] bfd [PE2-bfd] quit [PE2] bfd 2to1_vpn bind peer-ip 10.1.1.2 vpn-instance vpna [PE2-bfd-session-2to1_vpn] discriminator local 21 [PE2-bfd-session-2to1_vpn] discriminator remote 12 [PE2-bfd-session-2to1_vpn] min-tx-interval 10 [PE2-bfd-session-2to1_vpn] min-rx-interval 10 [PE2-bfd-session-2to1_vpn] wtr 5 [PE2-bfd-session-2to1_vpn] commit
Step 5 Verify the configuration. After the configuration is complete, run the display bfd session peer-ip command on PE1 and PE2, and you can view that a multi-hop BFD session is set up, and the session is Up. Take PE1 as an example:
<PE1> display bfd session peer-ip 10.2.1.2 vpn-instance vpna verbose -------------------------------------------------------------------------------Session MIndex : 256 (Multi Hop) State : Up Name : 1to2_vpn -------------------------------------------------------------------------------Local Discriminator : 12 Remote Discriminator : 21 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer Ip Address Bind Session Type : Static Bind Peer Ip Address : 10.2.1.2 NextHop Ip Address : 10.2.1.2 Bind Interface : -Vpn Instance Name : vpna FSM Board Id : 6 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 254 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : --
Issue 03 (2010-03-31)
5-85
5 BFD Configuration
Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l

# sysname PE1 # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls # mpls ldp # bfd # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bfd 1to2_vpn bind peer-ip 10.2.1.2 vpn-instance vpna discriminator local 12 discriminator remote 21 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance vpna peer 10.1.1.1 as-number 65410 import-route direct # ospf 100 area 0.0.0.0 network 1.1.1.1 0.0.0.0
5-86
Issue 03 (2010-03-31)

network 172.1.1.0 0.0.0.255 # return l
5 BFD Configuration

# sysname PE2 # ip vpn-instance vpna route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.3 mpls # mpls ldp # bfd # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 172.2.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bfd 2to1_vpn bind peer-ip 10.1.1.2 vpn-instance vpna discriminator local 21 discriminator remote 12 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance vpn1 peer 10.2.1.1 as-number 65420 import-route direct # ospf 100 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 172.2.1.0 0.0.0.255 # return
Configuration file of the P

# sysname P #
Issue 03 (2010-03-31)
5-87
5 BFD Configuration
mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 100 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 network 2.2.2.2 0.0.0.0 # Return l
Configuration file of CE1

# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast import-route direct peer 10.1.1.2 enable # return

# sysname CE2 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.2.1.1 255.255.255.0 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast import-route direct peer 10.2.1.2 enable # return
5-88
Issue 03 (2010-03-31)
6 GR Configuration
6
About This Chapter
GR Configuration
This chapter describes the HA implementation in the NE80E/40E, the configurations of systemlevel GR as well as maintenance commands and provides configuration examples. 6.1 GR Introduction This section describes how to implement HA and related technologies. 6.2 Configuring the System-Level GR This section describes how to configure the system-level GR. 6.3 Maintaining HA This section describes how to monitor the working status of the HA. 6.4 Configuration Examples This section provides an example for GR.
Issue 03 (2010-03-31)
6-1
6 GR Configuration
6.1 GR Introduction
This section describes how to implement HA and related technologies. 6.1.1 HA Overview 6.1.2 GR Features Supported in the NE80E/40E
6.1.1 HA Overview
In practical network, the network may fail and the service may be interrupted because of inevitable non-technical factors. To improve the system availability, it is feasible to improve the fault-tolerance capability of the system, speed up recovery from faults, and reduce the impact of faults on the service. High availability (HA) indicates that a device has high reliability. Generally, Mean Time to Repair (MTTR) and Mean Time Between Failures (MTBF) are used to assess the reliability of a device.
l
MTTR: indicates the average time that a component or a device takes to recover from a failure. In broader sense, MTTR refers to spare part management, customer service, and is an important index to evaluate equipment maintenance. The formula of MTTR is as follows: MTTR = Fault detection time + Board replacement time + System initialization time + Link recovery time + Route coverage time + Forwarding recovery time
The less the time is, the greater the MTTR is and the higher the device reliability is. In the telecommunication industry, 99.999% availability means that the value of MTTR should not be more than 5 minutes each year.
l
MTBF: indicates the average time (usually in hours) when a component or a device works without any failure.
AMB/SMB switchover is an important method to ensure the system availability when the system fails. Data may be lost during AMB/SMB switchover. Most lost data can be restored smoothly through hot standby (HSB). The lost data that cannot be restored through HSB can be restored through Graceful Restart (GR).
Redundancy Backup
Redundancy backup for the key components in the system is an important method to improve the fault-tolerance capability of the system. Redundancy backup is performed in the following modes:
l
1+1 backup: Two components must mirror each other. If the master component is Down, the slave component takes over the previous component to ensure that the system service is not interrupted.
6-2

l
6 GR Configuration
n+1 backup: If you need n similar components to provide services, another component is necessary to act as the backup for all the n components. If one of the n components fails, the backup component takes over the faulty component to ensure the smooth service.
At present, the router provides the following hardware backup functions:

l l l l l
Fabric Board: 3+1 backup Main Control Unit (also named main board): 1+1 backup Service Process Unit (also named service board): 1+1 or n+1 backup Power Module: 1+1 backup Cool Fan: n+1 backup
The system performs the AMB/SMB switchover on the premise of 1+1 backup of the main board, that is, two main boards.
HSB
HSB is a key technology providing hot backup. The components and terms related to HSB are described as follows:
l
Active Main Board (AMB): indicates the current active main board of the two main boards on a router. Standby Main Board (SMB): indicates the backup main board of the two main boards on a router. HA channel: indicates the communication channel between the AMB and SMB. Switchover: indicates the AMB is switched to the SMB. It is triggered by the commands or by a serious fault. In the switchover, the original AMB is reset and becomes an SMB. Smooth: After the switchover is performed on a router, the SMB is switched to be the AMB, but the data in different modules on the new AMB may be inconsistent. Thus, the data needs to be synchronized on the new AMB.
l l
The HSB can back up the static and dynamic configurations of the system from the AMB to the SMB. The AMB and SMB communicate as shown in Figure 6-1.
Issue 03 (2010-03-31)
6-3
6 GR Configuration
Figure 6-1 Basic mechanism of HSB
GR Capabiliby Negotiation to support Passive GR
Download FIB
SMB Routing / MPLS Protocol AMB State Sync RPA MPLS RPA MPLS Socket /TCP Link RIB RIB Synchronize IFnet IFnet FIB configuration FIB and change IPC IPC Heart Beat Check
IPC
Switch Fabric
IPC
IO board Interface
FIB
FIB
FIB
FIB
Incoming Packet
Outcoming Packet
When the system is restarted, the AMB backs up its static configurations on the SMB and the SMB re-execute the static configurations. When the system runs normally, any data changes in the AMB, including static and dynamic data changes, are backed up to the SMB. Note that the AMB can download the routing information from the data plane to the interface board but the SMB cannot download the routing information. In addition, the SMB cannot receive any information from the interface board. After the switchover, the SMB switches itself to the AMB and runs smoothly. All data on the AMB is backed up; therefore, the sessions with other routers are not affected and other routers are not aware of the switchover. That is, the HSB switchover is "self-contained". The requirements for the hardware and software to implement the HSB are as follows:
l l l
Supporting two main boards that serve as the backup for each other Providing a physical communication channel between the AMB and the SMB Supporting AMB heart beat detection on hardware or software
The HSB performs the following functions:

l l l l
Supporting backup of static configuration data from the AMB to the SMB Supporting dynamic backup and update of protocol status data from the AMB to the SMB Supporting the protocol-level GR capability Supporting data smoothing between modules
6-4
6 GR Configuration
GR
In IETF, protocols related to Internet Protocol/Multiprotocol Label Switching (IP/MPLS) such as Open Shortest Path First (OSPF), Intermediate System-Intermediate System (IS-IS), Border Gateway Protocol (BGP), Label Distribution Protocol (LDP), and Resource Reservation Protocol (RSVP) are extended to ensure that the forwarding is not interrupted when the system is restarted. This reduces the flapping of the protocols at the control plane when the system performs the AMB/SMB switchover. This series of standards is called GR extension to each protocol. Currently, GR has been widely applied to the AMB/SMB switchover and system upgrade. The system can perform GR on the condition that the forwarding plane is separated from control plane. That is, the router has a main board and an Interface board, and the Interface board forwards packets. When the system restarts the protocol or performs AMB/SMB switchover, the interface board is not reset. The interface board continues forwarding packets; thus, packets can be forwarded in the entire system without interruption. The prerequisite to uninterrupted forwarding in the system is that the network topology and interface status do not change in the GR period; otherwise, the system exits from the GR and the forwarding is interrupted. The concepts related to the GR are as follows:
l
Roles
GR Restarter: indicates a router on which the routing protocol is enabled with the GR capability. The router has dual main boards, and is capable of notifying the neighbor to maintain the adjacency during AMB/SMB switchover. GR Helper: indicates the neighbor of the GR Restarter. The GR Helper should be able to identify the GR signaling, maintain the adjacency with the GR Restarter during the AMB/SMB switchover, and help the GR Restarter to restore the network topology.
NOTE
The GR Restarter and the GR Helper interact with each other. When the GR Helper is enabled with the GR capability, the GR Restarter and the GR Helper can interchange.
l
Session and timer
GR session: indicates the session that has the GR capability. Through the session, the GR Restarter and the GR Helper negotiate the GR capability. GR time: indicates the time of maintaining the undeleted routing information after the GR Helper finds that the GR Restarter becomes Down. The GR time can be regarded as the period between the start and end of the GR session.
NOTE
The mechanisms of implementing GR in each protocol are different. For the detailed value of the GR time, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Routing and HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS.
The administrator and the fault can trigger the restart and AMB/SMB switchover of the GR Restarter. The following describes the GR process during the AMB/SMB switchover.
NOTE
If the network topology or the interface status changes, the system exits from GR. In the following description, it is assumed that the network topology and interface status do not change.
1.
Issue 03 (2010-03-31)
The GR Restarter and the GR Helper negotiate the GR capability and establish a session.
6 GR Configuration
Figure 6-2 Setting up sessions between the GR Helper and the GR Restarter
RouterD
GR Helper
RouterA RouterB
GR Restarter
RouterC
GR Helper
GR Helper
Session with GR capability
Router A serves as the GR Restarter. Router B, Router C and Router D are GR Helpers responding to Router A. A session with the GR capability is established between the GR Restarter and each GR Helper. 2. The GR Restarter performs the AMB/SMB switchover. Figure 6-3 AMB/SMB switchover of the GR Restarter
RouterD
GR Helper
RouterA
GR Restarter RouterC
RouterB
GR Helper
GR Helper Session with GR capability The administrator restarts the GR restarter,or the GR restarter itself fails
When the GR Helpers find that the GR Restarter fails, they maintain the adjacency with the GR Restarter and retain the routing information related to the GR Restarter before the GR time times out. 3.
6-6
After the SMB is started, the GR Restarter sends signals to the neighbors.
6 GR Configuration
Figure 6-4 GR Restarter sending signals to the neighbors after the AMB/SMB switchover
RouterD
GR Helper
RouterA RouterB
GR Restarter
RouterC
GR Helper
GR Helper
Signals sent to estabilish a GR Session
The SMB of the GR Restarter is restarted to sends signals to the GR Helpers, and reestablish sessions. 4. The GR Restarter obtains topology information from neighbors. Figure 6-5 GR Restarter obtaining topology information from neighbors
RouterD
GR Helper
RouterA RouterB
GR Restarter
RouterC
GR Helper
GR Helper
GR restarter gets topology information or routes from neighbors
After the GR Restarter obtains the topology information from its neighbors, it recalculates the routing table and triggers the aging of the old routes. Thus, the GR Restarter completes the AMB/SMB switchover during which packet forwarding is not interrupted.
Issue 03 (2010-03-31)
6-7
6 GR Configuration
Comparison Between the GR and the HSB

Table 6-1 Comparison between the GR and the HSB Name GR Advantage
l
Drawback
l
It is easy to implement and does not need great modifications to the existing software. It does not need to back up the protocol status information. Few data needs to be backed up from the AMB to the SMB. The data includes configuration modification, updated messages and events, interface status change, and topology information and routing information from neighbors after restart. During the switchover, there is little probability of service interruption. Normally, the network converges rapidly.
Interoperability: Some of the GR specifications are still drafts and the implementation varies with vendors. Concurrent collapse: If a GR router and its neighbor(s) collapse concurrently, GR cannot work normally. Long convergence time: When a GR router in the Down state cannot recover again, its neighbors assume that the GR Restarter will restart, so the neighbors do not delete the related routing and topology information before the Recovery timer times out. Compared with the common network in which the routers do not have the GR capability, this network takes a longer period to converge. Dependence of the recovery process on neighbor routers: Neighboring routers must support the GR capability, because GR is not "selfcontained". More difficult to implement than GR: More information, including the protocol status, the session, the route, the policy, and the update, needs to be backed up. Usage of more communication channel bandwidth: The HSB needs to support the TCP backup between the AMB and the SMB. Dependence on the hot backup of the BGP/LDP session on the TCP connection. If you do not expect the neighbors to be aware of the switchover, you must back up the continuously changing TCP link status from the AMB to the SMB.
HSB
The AMB/SMB switchover on the HSB router does not affect the service forwarding and routing process. The routing information and topology information are not lost and the protocol session is not interrupted during the switchover. The switchover between the AMB and SMB is self-contained. The neighbour routers do not need to have the GR capability. There is no problem of compatibility. The switchover does not affect the neighbors. The network convergence is faster than the network with GR routers.
6-8
Issue 03 (2010-03-31)
6 GR Configuration
6.1.2 GR Features Supported in the NE80E/40E

The NE80E/40E integrates the redundancy backup, GR, and HSB technologies to implement the system-level GR. When the router performs the AMB/SMB switchover, the forwarding is not interrupted and the impact on the service is reduced; thus, HA of the device is ensured. Currently, the following protocols in the NE80E/40E support the GR capability:
l l l l
MPLS LDP (DU or DoD) OSPF (IPv4) IS-IS (IPv4/IPv6) BGP (IPv4/IPv6), VPNv4 BGP, and BGP with labelled routes
The NE80E/40E integrates the advantages of the GR and the HSB to implement the HA as follows:
l l
Provides the 1+1 backup through redundancy backup Backs up static configuration from the AMB to the SMB through HSB, and backs up the status of the protocols that do not have the GR capability. Restores the session status of the protocol extended with the GR capability, with the help of the neighbouring routers.
The HA feature that integrates dual main control boards, GR, and HSB is called system-level GR. The function of the system-level GR is to decrease the impact of the AMB/SMB switchover on the packet forwarding. A router can perform the system-level GR on the following conditions:
l l l
The router has dual main control boards. BGP, OSPF, IS-IS, and LDP support the GR function. The router supports HSB.
NOTE
When a router supports only GR rather than HSB, this router can be used as a GR Helper to support the GR process of other routers.
6.2 Configuring the System-Level GR

This section describes how to configure the system-level GR. 6.2.1 Establishing the Configuration Task 6.2.2 (Optional) Configuring the Default Slot Number for the SMB 6.2.3 Enabling the Automatic Synchronization of the AMB/SMB Configuration 6.2.4 Enabling the Force AMB/SMB Switchover 6.2.5 (Optional) Restarting the SMB 6.2.6 Checking the Configuration
Issue 03 (2010-03-31)
6-9
6 GR Configuration

The system-level GR function is used in the following situations:
l l
A system fault triggers the AMB/SMB switchover. When upgrading the software or maintaining the system, the administrator manually triggers the AMB/SMB switchover.
To ensure that services are not affected during the switchover, configure information synchronization between AMB and SMB. So far, there are two modes: automatic and manual.
Before configuring system level GR, you need to complete the following tasks:
l l
Configuring a protocol basic functions Configuring a protocol level GR capability

NOTE
For the detailed configurations of OSPF GR, IS-IS GR, and BGP GR, refer to the HUAWEI NetEngine80E/ 40E Router Configuration Guide - IP Routing; for the detailed configurations of LDP GR, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS.
Data Preparation
To configure the system-level GR, you need the following data. No. 1 Data Default slot number of the SMB
6.2.2 (Optional) Configuring the Default Slot Number for the SMB
Context
If both main boards are available, the system determines which one is to be the SMB when the router restarts. Set the default slot number of the SMB using the command mentioned in this section. Do as follows on the GR Restarter:
Procedure
Step 1 Run:
system-view

slave default slot-number
6-10
Issue 03 (2010-03-31)
6 GR Configuration
The default slot number for the SMB is configured. ----End
6.2.3 Enabling the Automatic Synchronization of the AMB/SMB Configuration

Context
Do as follows on the GR Restarter:
Procedure
Step 1 Run:
system-view

slave auto-update config
The automatic synchronization of the AMB/SMB configuration is enabled. If the save command is run on the AMB to save the configuration, the system automatically updates the configuration on the SMB to synchronize the configurations on the AMB and the SMB. By default, the automatic synchronization of configuration data between AMB and SMB is enabled. To disable the automatic synchronization of configuration data between AMB and SMB, run the undo slave auto-update config command. ----End
6.2.4 Enabling the Force AMB/SMB Switchover

Context
Do as follows on the GR Restarter:
Procedure
Step 1 Run:
system-view

slave switchover enable
The force AMB/SMB switchover is enabled. After the configuration, you can run the slave switchover command to perform the force AMB/ SMB switchover manually. By default, the force AMB/SMB switchover is enabled.
6 GR Configuration
To disable the force AMB/SMB switchover, run the slave switchover disable command. ----End
6.2.5 (Optional) Restarting the SMB

Context
During the on-line software upgrade, the SMB software is upgraded when the AMB works normally. Then, the SMB must be restarted. After the SMB is ready, the AMB/SMB switchover can be performed. Do as follows on the GR Restarter:
Procedure
Step 1 Run:
system-view

slave restart
The SMB is restarted. ----End

Prerequisite
The configurations of the System-Level GR function are complete.
Procedure
Step 1 Run the display switchover state [ slot-number ] command to check the status of AMB and SMB. ----End
6.3 Maintaining HA
This section describes how to monitor the working status of the HA. 6.3.1 Monitoring the Running of HA
6.3.1 Monitoring the Running of HA

Context
In routine maintenance, you can run the following command in any view to display the running of HA.
6 GR Configuration
Procedure
Step 1 Run the display switchover state [ slot-id ] command in any view to display the backup status of the AMB and the SMB according to the specified slot ID. ----End

This section provides an example for GR. 6.4.1 Example for Configuring the System-Level GR
6.4.1 Example for Configuring the System-Level GR

Figure 6-6 shows a networking diagram of configuring the system-level GR.
l
In AS65009, OSPF is used as the IGP protocol; an EBGP connection is set up between Router A and Router B; Router C is a non-BGP router in the AS. Router B has dual main control boards. The AMB and the SMB back up each other, and support HSB. That is, the AMB and the SMB are configured with the HSB function. BGP GR is enabled on Router A; OSPF GR and BGP GR are enabled on Router B; and OSPF GR is enabled on Router C.
When Router B performs the AMB/SMB switchover triggered by the system fault or the administrator, it is required that the service is not interrupted, that is, the current network service is not affected. Figure 6-6 Networking diagram of configuring the system-level GR
GE1/0/0 10.1.4.1/24
POS2/0/0 10.1.1.1/24 POS1/0/0 10.1.2.1/24
GE2/0/0 10.1.3.1/24
RouterA AS 65008 POS2/0/0 10.1.1.2/24
POS1/0/0 RouterB 10.1.2.2/24 RouterC AS 65009
The configuration roadmap is as follows: 1. Enable BGP GR on Router A; enable OSPF GR and BGP GR on Router B; enable OSPF GR on Router C; configure GR parameters.
Issue 03 (2010-03-31)
6 GR Configuration
2.
Configure the synchronization of the AMB/SMB configuration on Router B.
Data Preparation
l l l
IP address of each interface OSPF and BGP parameters GR parameters
Procedure
Step 1 Configure the IP address for each interface. The configuration details are not mentioned here. Step 2 Configure basic OSPF and BGP functions. The configuration details are not mentioned here. Step 3 Configure OSPF GR functions. # Enable the link-local signaling and out-of-band synchronization capability of OSPF on Router B. The configuration of Router C is the same as the configuration of Router B.
[RouterB] ospf 100 [RouterB-ospf-100] opaque-capability enable
# Enable the OSPF GR capability on Router B. The configuration of Router C is the same as the configuration of Router B.
[RouterB-ospf-100] graceful-restart [RouterB-ospf-100] graceful-restart period 600
Step 4 Configure BGP GR functions. # Enable the BGP GR capability on Router B.

[RouterB] bgp [RouterB-bgp] [RouterB-bgp] [RouterB-bgp] 65009 graceful-restart graceful-restart timer restart 600 graceful-restart timer wait-for-rib 600
# Enable the BGP GR capability on Router A.

[RouterA] bgp [RouterA-bgp] [RouterA-bgp] [RouterA-bgp] 65008 graceful-restart graceful-restart timer restart 600 graceful-restart timer wait-for-rib 600
Step 5 Configure the parameters of the AMB/SMB switchover. # Specify the default slot number of the SMB.
<RouterB> system-view [RouterB] slave default 17
# Enable the force AMB/SMB switchover on Router B.

<RouterB> system-view [RouterB] slave switchover enable
# Enable the automatic synchronization of the AMB/SMB configurations.

<RouterB> system-view [RouterB] slave auto-update config [RouterB] quit
6-14
Issue 03 (2010-03-31)

<RouterB> save
6 GR Configuration
Step 6 Verify the configuration. # Perform the force AMB/SMB switchover on Router B.
[RouterB] slave switchover Caution!!! Confirm switch slave to master[Y/N]?y
# Running the display fib command on Router C and Router A, you can view that the forwarding entry related to Router B still exists. The forwarding is not interrupted and the service transmission is not affected.
<RouterC> display fib FIB Table: Total number of Routes : 9 Destination/Mask Nexthop 127.0.0.1/32 127.0.0.1 127.0.0.0/8 127.0.0.1 10.1.2.2/32 127.0.0.1 10.1.2.0/24 10.1.2.2 10.1.2.1/32 10.1.2.1 10.1.3.1/32 127.0.0.1 10.1.3.0/24 10.1.3.1 3.3.3.3/32 127.0.0.1 10.1.4.0/24 10.1.2.1 <RouterA> display fib FIB Table: Total number of Routes : 10 Destination/Mask Nexthop 127.0.0.1/32 127.0.0.1 127.0.0.0/8 127.0.0.1 10.1.4.1/32 127.0.0.1 10.1.4.0/24 10.1.4.1 10.1.1.1/32 127.0.0.1 10.1.1.0/24 10.1.1.1 10.1.1.2/32 10.1.1.2 10.1.2.0/24 10.1.1.2 10.1.3.0/24 10.1.1.2 1.1.1.1/32 127.0.0.1
Flag HU U HU U HU HU U HU DGU
TimeStamp t[42] t[42] t[561] t[561] t[561] t[578] t[578] t[724] t[1422]
Interface InLoop0 InLoop0 InLoop0 Pos1/0/0 Pos1/0/0 InLoop0 GE1/0/0 InLoop0 Pos1/0/0
TunnelID 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
Flag HU U HU U HU U HU DGU DGU HU
TimeStamp t[28] t[28] t[28] t[28] t[444] t[444] t[444] t[1402] t[1402] t[2060]
Interface InLoop0 InLoop0 InLoop0 GE1/0/0 InLoop0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoop0
TunnelID 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
----End
Configuration Files
l

# sysname RouterA # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.4.1 255.255.255.0 # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 65008 router-id 1.1.1.1 graceful-restart graceful-restart timer restart 600 peer 10.1.1.2 as-number 65009 # ipv4-family unicast
Issue 03 (2010-03-31)
6-15
6 GR Configuration
undo synchronization network 10.1.4.0 255.255.255.0 peer 10.1.1.2 enable # return l

# sysname RouterB # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 10.1.1.2 255.255.255.0 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.2.1 255.255.255.0 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 65009 router-id 2.2.2.2 graceful-restart graceful-restart timer restart 600 peer 10.1.1.1 as-number 65008 # ipv4-family unicast undo synchronization import-route ospf 100 peer 10.1.1.1 enable # # ospf 100 import-route bgp opaque-capability enable graceful-restart period 600 area 0.0.0.0 network 10.1.2.0 0.0.0.255 # return

# sysname RouterC # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.3.1 255.255.255.0 # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 10.1.2.2 255.255.255.0 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # ospf 100 opaque-capability enable graceful-restart period 600 area 0.0.0.0 network 10.1.3.0 0.0.0.255 network 10.1.2.0 0.0.0.255 # return
6-16
Issue 03 (2010-03-31)
7 Ethernet OAM Configuration
7
About This Chapter
Ethernet OAM Configuration
This chapter describes the basic principles and the implementations of the Ethernet OAM. It also provides configuration examples. 7.1 Ethernet OAM Overview This section describes the background and functions of Ethernet OAM, and the Ethernet OAM functions supported by the NE80E/40E. 7.2 Configuring Basic EFM OAM This section describes how to configure basic EFM OAM. 7.3 Configuring EFM OAM Link Monitoring This section describes how to configure EFM OAM link monitoring. 7.4 Testing the Packet Loss Ratio on the Physical Link This section describes the method of testing the packet loss ratio on the link by configuring remote loopback and sending testing packets. 7.5 Associating EFM OAM with an Interface This section describes how to associate EFM OAM with an interface. 7.6 Configuring Basic Ethernet CFM This section describes how to configure basic Ethernet CFM. 7.7 Configuring Related Parameters of Ethernet CFM This section describes how to Configure Related Parameters of Ethernet CFM. 7.8 Fault Verification on the Ethernet This section describes the method of testing the connectivity on the Ethernet through 802.1ag MAC ping or MAC ping, and the method of detecting the connectivity on the PBB-TE tunnel through PBB-TE MAC ping. 7.9 Locating the Fault on the Ethernet This section describes the method of locating the connectivity fault on the Ethernet through 802.1ag MAC trace or MAC trace, and the method of locating the connectivity fault on the PBBTE tunnel through PBB-TE MAC trace. 7.10 Associating Ethernet CFM with an Interface
This section describes how to associate Ethernet CFM with an interface. 7.11 Associating EFM OAM with Ethernet CFM This section describes how to associate EFM OAM with Ethernet CFM. 7.12 Associating Ethernet CFM with VPLS 7.13 Associating Ethernet OAM with MPLS OAM or BFD This section describes how to associate Ethernet OAM with MPLS OAM or BFD. 7.14 Configuring Ethernet CFM and 1+1 Protection of Multicast VLANs This section describes how to configure Ethernet CFM and 1+1 Protection of Multicast VLANs. 7.15 Maintaining Ethernet OAM This section describes how to clear statistics of error CCMs, and how to monitor the running status of Ethernet OAM. 7.16 Configuration Examples This section provides several configuration examples of Ethernet OAM.
7-2
Issue 03 (2010-03-31)
7.1 Ethernet OAM Overview

This section describes the background and functions of Ethernet OAM, and the Ethernet OAM functions supported by the NE80E/40E. 7.1.1 Introduction to Ethernet OAM 7.1.2 Ethernet OAM Supported by the NE80E/40E
7.1.1 Introduction to Ethernet OAM

Background
The Ethernet has developed as the major Local Area Network (LAN) technology because it features easy implementation and low cost. Recently, along with the applications of Gigabit Ethernet and the later 10-Gigabit Ethernet, Ethernet has been extended to the Metropolitan Area Network (MAN) and Wide Area Network (WAN). Compared with MANs and WANs, reliability and stability are not highly required for LANs. Therefore, a mechanism for network Operations, Administration and Maintenance (OAM) is always required for the Ethernet. The lack of the OAM mechanism prevents Ethernet from effectively functioning as the Internet Service Provider (ISP) network. In this manner, Ethernet OAM is becoming a trend.
Functions
Ethernet OAM has the following functions:
l
Fault management
Ethernet OAM can detect the network connectivity by sending detection messages regularly or through manual triggering. Ethernet OAM can locate faults on the Ethernet by using means similar to the Packet Internet Groper (ping) and traceroute tools on IP networks. Ethernet OAM can work with the Automatic Protection Switching (APS) to trigger protection switching when detecting connectivity faults. This ensures service interruption in no more than 50 ms to achieve carrier-class reliability.
Performance management Performance management is used to measure the packet loss ratio, delay, and jitter during the transmission of packets. It also collects statistics on various kinds of traffic. Performance management is implemented at the access point of users. By using the performance management tools, the ISP can monitor the network status and locate faults through the Network Management System (NMS). The ISP checks whether the forwarding capacity of the network complies with the Service Level Agreement (SLA) signed with users.
Ethernet OAM improves network management and maintenance capabilities on the Ethernet and guarantees a steady network.
Issue 03 (2010-03-31)
7-3
7.1.2 Ethernet OAM Supported by the NE80E/40E

EFM OAM
Ethernet in the First Mile (EFM) defined in IEEE 802.3ah specifies the physical layer specifications and Ethernet OAM of the Ethernet for user access networks. It is used to detect the last mile of the Ethernet link. EFM OAM is OAM at the link level. EFM OAM supported by the NE80E/40E provides the following functions:
l
OAM discovery When an interface on the NE80E/40E and the remote interface are both enabled with EFM OAM, the interface and the remote interface send and respond with a slow protocol frame, that is, an OAM Protocol Data Unit (OAM PDU) to determine whether the EFM OAM configurations on both interfaces match. This is called OAM discovery. If the EFM OAM configurations on both interfaces match, the two interfaces enter the EFM OAM Detect state. In the Detect state, the two interfaces send OAM PDUs regularly to maintain adjacencies. In normal situations, the interval for sending OAM PDUs is 1 second.
Link monitoring Link monitoring is a mechanism for an interface to notify the peer of the fault by sending the event notification OAM PDU when the interface detects the errored frame event, errored code event, or errored frame seconds event.
The errored frame event means that the number of errored frames detected on an interface reaches or exceeds the specified threshold within a set period. The errored code event means that the number of errored codes detected on an interface reaches or exceeds the specified threshold within a set period. The errored frame seconds summary event means that the number of errored frame seconds detected on an interface reaches or exceeds the specified threshold within a set period.
An errored frame second is a one-second interval during which at least one errored frame is detected.
l
Fault notification When a link event about a fault occurs on the local interface, the local interface notifies the peer of the fault through OAM PDUs. The local interface then records the event in the log, and reports the event to the NMS. This is called fault notification. A link event can be one of the following:

The system reboots. The Line Processing Unit (LPU) resets. A physical link fails. OAM PDUs time out. Errors transmitted by the OAM management module.
After receiving OAM PDUs, the peer records the event carried in OAM PDUs to the log and reports it to the NMS.
l
Remote loopback When the local interface sends non-OAM PDUs to the peer, instead of forwarding nonOAM PDUs based on their destination MAC addresses, the peer loops back non-OAM
7-4
Issue 03 (2010-03-31)
PDUs to the local interface. This is called remote loopback. Remote loopback can be used to locate faults and test link performance. The working mode of EFM OAM is an attribute of the interface enabled with EFM OAM. The working mode of EFM OAM on an interface is active or passive. OAM discovery and remote loopback are initiated only by the interface in active mode.
Ethernet CFM
Connectivity Fault Management (CFM) defined in IEEE 802.1ag specifies the OAM functions of connectivity check for Ethernet bearer networks. It includes the Continuity Check (CC), Loopback (LB), and Linktrace (LT). Ethernet CFM applies to end-to-end scenarios on largescale networks. Ethernet CFM is OAM at the network level. Currently, IEEE 802.1ag has two versions, that is, IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007. Table 7-1 shows the differences between these two versions. Table 7-1 Differences between IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007 Feature Maintenance Domain IEEE 802.1ag Draft 7 Supported IEEE Standard 802.1ag-2007 Supported Remarks Thefeatures and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same. The features and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same. The features and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same.
Default MD Maintenance Association
Not supported Supported
Supported Supported
Maintenance association End Point
Supported
Supported
Issue 03 (2010-03-31)
7-5
Feature Remote Maintenance association End Point
IEEE 802.1ag Draft 7 Supported
IEEE Standard 802.1ag-2007 Supported
Remarks The features and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same. The MIP generation rules in both 802.1ag Draft 7 and Standard 802.1ag-2007 are classified into the same types, that is, default, explicit, and none. The difference between the MIP generation rules in 802.1ag Draft 7 and Standard 802.1ag-2007, however, is as follows:
l
Maintenance association Intermediate Point
Supported
Supported
According to 802.1ag Draft 7, the MIP is created on the basis of the interface. According to Standard 802.1ag-200 7, the MIP is created on the basis of the MD or default MD.
7-6
Issue 03 (2010-03-31)
Feature Maintenance Point
IEEE 802.1ag Draft 7 Supported
IEEE Standard 802.1ag-2007 Supported
Remarks The features and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same.
Basic concepts
MD A Maintenance Domain (MD) refers to the network or a part of the network where CFM is performed. Devices in an MD are managed by a single ISP.
Default MD According to IEEE Standard 802.1ag-2007, each device can be configured with one default MD. The default MD must be of a higher level than all MDs to which MEPs configured on the local device belong. In addition, the default MD must be of the same level as the high-level MD. The default MD transmits high-level CCMs and creates MIPs to reply LTR packets.
MA A Maintenance Association (MA) is part of an MD. An MD can be divided into one or multiple MAs. On the NE80E/40E, each MA is associated with a VLAN or a VSI. Ethernet CFM maintains the connectivity of each MA separately.
MEP A Maintenance association End Point (MEP) is an edge point within an MA. For the devices on the network enabled with Ethernet CFM, their MEPs are called local MEPs. For the other devices in the same MA, their MEPs are called the Remote Maintenance association End Points (RMEPs).
CAUTION
l
One Trunk interface can be configured with only one MEP, regardless of how many sub-interfaces the Trunk interface has. The system does not support hot swapping of boards.
MIP A Maintenance association Intermediate Point (MIP) is an intermediate point within an MA. According to IEEE 802.1ag Draft 7, MIPs reside on the interfaces of the device and are automatically generated on the basis of the interface. According to IEEE Standard 802.1ag-2007, MIPs are automatically generated on the basis of the MD or default MD.
Issue 03 (2010-03-31)
7-7
The MIP is automatically generated.

l
Connectivity check Ethernet CFM divides the network into one MD or multiple MDs. Each MD is further divided into one MA or multiple MAs. Ethernet CFM can detect the connectivity between MEPs within an MA by exchanging Continuity Check Messages (CCMs) periodically between MEPs.
Fault verification
802.1ag MAC ping Similar to ping, 802.1ag MAC ping works by sending test packets and waiting for a reply to test whether the destination device is reachable. 802.1ag MAC ping is initiated by a MEP and destined for a MEP or MIP within an MA.
GMAC ping GMAC ping works similarly to 802.1ag MAC ping. A MEP, however, is not required to initiate GMAC ping. The destination node does not need to be a MEP or a MIP. GMAC ping can be implemented without configuring the MD, MA, or MEP on the source device, the intermediate device, and the destination device.
PBB-TE Ping The Provider Backbone Bridging-Traffic Engineering (PBB-TE) ping operation is performed to detect connectivity of the PBB-TE tunnel.
Fault location
802.1ag MAC trace Similar to traceroute or tracert, 802.1ag MAC trace works by sending test packets and waiting for a reply to test the path between the local device and the destination device and to locate faults. 802.1ag MAC trace is initiated by a MEP and destined for a MEP or MIP within an MA.
GMAC trace GMAC trace works similarly to 802.1ag MAC trace. A MEP, however, is not required to initiate GMAC trace. The destination node does not need to be a MEP or a MIP. That is, GMAC trace can be implemented without configuring the MD, MA, or MEP on the source device, the intermediate device, and the destination device. All the intermediate devices can respond with a Linktrace Reply (LTR).
PBB-TE MAC trace PBB-TE MAC trace locates the connectivity fault on the PBB-TE tunnel. PBB-TE MAC trace is initiated by one end of the PBB-TE tunnel and destined for the other end.
Fault Association
l
Association between EFM OAM and an interface When EFM OAM is associated with the current interface and detects a link fault through the current interface, no other packets except EFM protocol packets can be forwarded on the interface and Layer 2 and Layer 3 services are blocked. Therefore, the association of EFM OAM and the current interface may greatly affect services. When the current interface detects the link fault recovery through EFM OAM, all packets can be forwarded on the interface and Layer 2 and Layer 3 services are unblocked. Before configuring the association between EFM OAM and an interface, ensure that the EFM OAM protocol on both ends of the link is in the detect state.
Association between Ethernet CFM and an interface

7-8
When a MEP detects a connectivity fault between the MEP and a specified RMEP within the same MA, the OAM management module performs the restart function, that is, shuts down the interface on which the MEP resides for seven seconds and then starts it.
l
Association between EFM OAM and the PBB-TE service instance (SI) When the EFM OAM module detects a connectivity fault, the OAM management module sends fault messages to the device at the other end through the PBB-TE tunnel to which the SI that EFM OAM associates with is bound.
Association between Ethernet CFM and the PBB-TE SI When the Ethernet CFM module detects a connectivity fault, the OAM management module sends fault messages to the device at the other end through the PBB-TE tunnel to which the SI that Ethernet CFM associates with is bound.
Association between Ethernet CFM and EFM OAM When the Ethernet CFM module detects a fault in an MA, the OAM management module sends fault messages to the peer device enabled with EFM OAM through the interface. When the EFM OAM module detects a fault, the OAM management module sends fault messages to the MA through the interface.

Ethernet CFM sends fault messages to EFM OAM. EFM OAM sends fault messages to Ethernet CFM. Ethernet CFM and EFM OAM perform bidirectional transmission of fault messages.
Association between Ethernet CFM and Ethernet CFM When the Ethernet CFM module detects a fault in an MA, the OAM management module sends fault messages to the MA at the other side through the binding relationship.

Ethernet CFM at one side sends fault messages to Ethernet CFM at the other side. Ethernet CFMs at both sides perform bidirectional transmission of fault messages.
Association between Ethernet CFM and Bidirectional Forwarding Detection (BFD) When the Ethernet CFM module detects a fault in an MA, the OAM management module sends fault messages to BFD at the other side through the binding relationship. When BFD detects a fault, BFD sends fault messages to the MA through the binding relationship.

Ethernet CFM sends fault messages to BFD. BFD sends fault messages to Ethernet CFM. Ethernet CFM and BFD perform bidirectional transmission of fault messages.
Association between Ethernet CFM and Multiprotocol Label Switching (MPLS) OAM When the Ethernet CFM module detects a fault in an MA, the OAM management module sends fault messages to MPLS OAM through the binding relationship. When MPLS OAM detects a fault, the OAM management module sends fault messages to the MA through the binding relationship.

Ethernet CFM sends fault messages to MPLS OAM. MPLS OAM sends fault messages to Ethernet CFM.
Association between EFM OAM and BFD When the EFM OAM module detects a fault, the OAM management module sends fault messages to BFD at the other side through the interface. When BFD detects a fault, BFD sends fault messages to EFM OAM through the interface.

EFM OAM sends fault messages to BFD. BFD sends fault messages to EFM OAM.
Issue 03 (2010-03-31)

l
EFM OAM and BFD perform bidirectional transmission of fault messages.
Association between EFM OAM and MPLS OAM When the EFM OAM module detects a fault, the OAM management module sends fault messages to MPLS OAM through the interface. When MPLS OAM detects a fault, the OAM management module sends fault messages to EFM OAM through the interface.

EFM OAM sends fault messages to MPLS OAM. MPLS OAM sends fault messages to EFM OAM.
EFM OAM Extension

Generally, a CE accesses an IP network by connecting the two PEs in master/slave mode. This can ensure the reliability of IP services. To be specific, the CE usually accesses the two PEs in a Router Redundancy Protocol (VRRP) backup group. The VRRP access, however, is originally designed for PC terminals, and therefore cannot guarantee the carrier-class reliability and performance. Ethernet in the First Mile, Operation, Administration and Maintenance (EFM OAM), a linkdetecting technology operative either on Layer 3 networks, such as the IP and MPLS, or Layer 2 networks, such as Provider Backbone Transport-Traffic Engineering (PBT-TE), Transport MPLS (T-MPLS), and Virtual Private LAN Service (VPLS), is currently supported on various vendors' devices. An EFM OAM extension Protocol Data Unit (PDU) carries the flag bit that indicates the link state. The router that receives the PDU can control the status of the access link according to the flag bit. By associating EFM OAM extension with interfaces or static routes, you can control the traffic flow and achieve the primary/bypass link failover, which can ensure the carrier-class reliability in network access.
l
As shown in Figure 7-1. Figure 7-1 Networking diagram of EFM OAM extension for VRRP
IP/MPLS RouterA interface IP RouterB interface IP
VLANIF/VPLS VRRP
UNI interface link detection by EFM OAM extension SoftX Master link Slave link link detection by EFM OAM extension
7-10
Issue 03 (2010-03-31)
Router A functions as the master router and Router B functions as the backup router. The SoftX uses two interface boards, namely, a master interface board and a slave interface board, to respectively connect both routers. On the master and slave interface boards, the interfaces that are respectively connected to Router A and Router B are configured with the same IP address. Normally, the IP address of the interface on the master interface board is valid. The SoftX is dual homed to the gateways, that is, Router A and Router B. A VRRP backup group is configured on VLANIF interfaces. The virtual IP address of the VRRP backup group and the IP addresses of Router A and Router B are in the same network segment. The downstream interfaces of Router A and Router B are common Ethernet interfaces. The VRRP backup group is configured to track the traffic of the downstream interfaces in reduce mode, and EFM OAM extension for VRRP is enabled. In addition, the link between Router A and Router B can be configured in either of the following modes:
Configuring the link in VLANIF mode - To configure the link in VLANIF mode, you need to perform the following steps:
Configure VLANIF interfaces. Therefore, both routers are in one broadcast domain, that is, a VLAN. Add the downstream interface (a Layer 2 interface) of each router into the VLAN.
Configuring the link in VPLS mode - To configure the link in VPLS mode, you need to perform the following steps:
Set up a PW, and configure the downstream interfaces of both routers as the attachment circuit (AC) interfaces to access the VPLS. Configure Layer 2 Virtual Ethernet (L2VE) interfaces between the routers, and bind the L2VE interfaces and VC interfaces into the same virtual switching instance (VSI). Configure the VRRP backup group on Layer 3 VE (L3VE) interfaces, and bind the L3VE interfaces and the L2VE interfaces into the same VE group. In this manner, you can configure Router A and Router B into the same broadcast domain.
All the preceding configurations ensure that the SoftX can detect the faults on the master link and slave link based on EFM OAM extension and all devices can achieve EFM OAM extension for VRRP. Generally, the SoftX decides the link status based on relevant calculations, and then advertises the link status information to the downstream interfaces of both routers by sending EFM OAM extension PDUs. As just mentioned, the VRRP backup group is configured to track the traffic of the downstream interfaces in reduce mode, and EFM OAM extension for VRRP is enabled. Therefore, after Router A receives the PDU indicating the link-down state, the VRRP priority of Router A is reduced, and Router A becomes the backup router. Conversely, after Router B receives the PDU indicating the link-up state, the VRRP priority of Router B is increased, and Router B becomes the master router. This can ensure the consistency between the VRRP master/slave status and the master/slave status of the downstream interfaces. In addition, if Router A is notified of a fault that is detected by EFM OAM extension, Router A considers that the master link is faulty, and thus lowers its VRRP priority. The SoftX then performs the master/slave failover, and sends the PDU indicating the link-up state to Router B. The VRRP priority of Router B is thus increased, and Router B becomes the master router. This can ensure the consistency between the master/slave status of the SoftX and the master/slave status of both routers.
Link Failover Between Downstream Interfaces: If a fault on the master link is detected by EFM OAM extension, the SoftX performs the master/slave failover and sends the gratuitous ARP packet and EFM OAM extension PDU to Router B. 1. If Router B receives the gratuitous ARP packet earlier than the EFM OAM extension PDU, the procedure is as follows:
Router B refreshes the MAC entries and ARP entries, creates the route destined for the SoftX, and broadcasts the gratuitous ARP packet to Router A. Router A also refreshes ARP entries and updates the status of its downstream interface. In this manner, the downstream traffic from Router A to the SoftX is sent to Router B, and Router B then forwards the traffic to the SoftX according to its MAC table. At the moment, the downstream traffic is forwarded by Router B, but the backup link between Router B and the SoftX is still Down. Therefore, the downstream traffic is discarded.
Then Router B receives the PDU indicating the link-up state. Consequently, Router B advertises routes, increases the VRRP priority, and changes its link to the master link. The downstream traffic is thus directly forwarded by Router B. After Router A is informed of the fault detected by EFM OAM extension, Router A deletes all routes, lowers its VRRP priority, and changes its link to the backup link. Therefore, the upstream and downstream traffic through Router A is blocked.
2.
If Router B receives the PDU indicating the link-up state earlier than the gratuitous ARP packet, the procedure is as follows:
Router B advertises routes and unblocks its links. The VRRP priority of Router B is increased, and the VRRP link between Router B and the SoftX is switched into the master link. Then Router B forwards the upstream and downstream traffic, and sends gratuitous ARP packets to Router A and the SoftX. After Router A is informed of the fault detected by EFM OAM extension, Router A deletes all its routes, lowers its VRRP priority, and changes its VRRP link to the backup link. At the same time, Router A blocks its downstream interface. After the SoftX learns the gratuitous ARP packets sent by Router B, the SoftX establishes a route to Router B. Then the downstream traffic is forwarded by Router B.
When the faulty link between Router A and the SoftX recovers, the SoftX still notifies Router A of keeping the current slave state. Therefore, no gratuitous ARP packet is sent, and traffic is not switched from Router B to Router A.
Link Failover Between Upstream Interfaces: When the upstream link of Router A fails, the remote PE converges the route destined for Router A. Then both the downstream traffic and upstream traffic are forwarded by Router B.
Figure 7-2 shows EFM OAM extension for static routes.
7-12
Issue 03 (2010-03-31)
Figure 7-2 Networking diagram of EFM OAM extension for static routes IP/MPLS RouterA interface IP VRRP RouterB interface IP
Traffic before the failover UNI interface
Traffic after the failover
Link detection performed by EFM OAM extension SoftX
Link detection performed by EFM OAM extension
Master link Slave link
Router A functions as the master router and Router B functions as the backup router. The SoftX uses two interface boards, namely, a master interface board and a slave interface board, to respectively connect both routers. On the master and slave interface boards, the interfaces that are respectively connected to Router A and Router B are configured with the same IP address. On Router A and Router B, the interfaces that are connected to the SoftX are configured with the same IP address. All the IP addresses are configured in the same network segment. A service IP address is configured on the SoftX to transmit services, and either router is configured with a static route destined for the service IP address. Router A and Router B, both as PEs, are connected through Ethernet interfaces or Eth-Trunk interfaces. The downstream interfaces of both routers are Ethernet interfaces. EFM OAM extension is enabled on the SoftX, and the SoftX advertises the link-status information to both routers; EFM OAM extension for static routes is enabled on both routers. Router A advertises the static route destined for the service IP address on the SoftX, and Router B does not advertise any route. If EFM OAM extension detects a fault, the link failover between Router A and Router B is performed. After route convergence is completed, the upstream and downstream traffic flows through the new master link.
Link Failover Between Downstream Interfaces: When the master link fails, the SoftX performs the link failover, and sends the PDU indicating the link-up state to Router B. After receiving the PDU, Router B changes to the master router, and advertises the static route destined for the service IP address on the SoftX. Router A, being informed of a fault detected by EFM OAM extension, changes to the backup router, and deletes the route destined for the service IP address on the SoftX. When the faulty link between the SoftX and Router A recovers, the SoftX still notifies Router A of keeping the current backup state. Therefore, the traffic is not switched from Router B to Router A, and Router A does not advertise any route.
Issue 03 (2010-03-31)
7-13
Link Failover Between Upstream Interfaces: When the upstream link of Router A fails, the remote PE converges the route destined for Router A. Then the downstream and downstream traffic is forwarded by Router B.
7.2 Configuring Basic EFM OAM

This section describes how to configure basic EFM OAM. 7.2.1 Establishing the Configuration Task 7.2.2 Enabling EFM OAM Globally 7.2.3 Configuring the Working Mode of EFM OAM on an Interface 7.2.4 (Optional) Setting the Maximum Size of an EFM OAMPDU 7.2.5 Enabling EFM OAM on an Interface 7.2.6 Checking the Configuration

As shown in Figure 7-3, you can perform the configuration task to detect the connectivity between two directly connected devices. Figure 7-3 Diagram of configuring EFM OAM
EFM OAM Interface 1 (Active) Interface 2 (Passive)
None.
Data Preparation
To configure EFM OAM, you need the following data. No. 1 Data (Optional) Maximum size of an EFM OAM PDU
7-14
Issue 03 (2010-03-31)
7.2.2 Enabling EFM OAM Globally

Context
Do as follows on the devices at both ends of the link:
Procedure
Step 1 Run:
system-view

efm enable
EFM OAM is enabled globally. By default, EFM OAM is disabled globally. ----End
7.2.3 Configuring the Working Mode of EFM OAM on an Interface

Context
NOTE
The working mode of EFM OAM on the interface can be configured only after EFM OAM is enabled globally and before EFM OAM is enabled on the interface. The working mode of EFM OAM on the interface cannot be modified after EFM OAM is configured on the interface.
Procedure
Step 1 Run:
system-view

The interface view of an interface at one end of the link is displayed. Step 3 Run:
efm mode { active | passive }
The working mode of EFM OAM on the interface is configured. By default, EFM OAM on an interface works in active mode. At least one interface at both ends of the link must be configured to work in active mode. The interface in active mode initiates OAM discovery after EFM OAM is enabled on the interface. Instead of initiating OAM discovery, the interface in passive mode waits for an OAM PDU sent from the interface in active mode. If both interfaces are configured to work in active mode, you
can implement link detection. If both interfaces are configured to work in passive mode, OAM discovery fails. ----End
7.2.4 (Optional) Setting the Maximum Size of an EFM OAMPDU

Context
Procedure
Step 1 Run:
system-view

efm packet max-size size
The maximum size of an EFM OAM PDU is set. By default, the maximum size of an EFM OAM PDU on an interface is 128 bytes. EFM OAM PDUs that exceed 128 bytes are discarded as invalid packets. If the maximum size of an EFM OAM PDU on both interfaces of the link is configured differently, the two interfaces negotiate and determine the value during the OAM discovery process. The smaller maximum size of an EFM OAM PDU set on the local interface and the peer is selected. ----End
7.2.5 Enabling EFM OAM on an Interface

Context
Procedure
Step 1 Run:
system-view

The interface view of an interface at one end of the link is displayed.

Step 3 Run:
efm enable
EFM OAM is enabled on the interface. By default, EFM OAM on an interface is disabled. ----End

Prerequisite
The configurations of the EFM OAM function are complete.
Procedure
l l Run the display efm { all | interface interface-type interface-number } command to check information about EFM OAM on an interface. Run the display efm session { all | interface interface-type interface-number } command to check the status of the EFM OAM protocol on an interface.
----End
Example
Run the display efm command. You can view all the EFM OAM configurations on the local interface and part of the EFM OAM configurations on the remote interface. For example:
<HUAWEI> display efm interface gigabitethernet2/0/1 Item Value ---------------------------------------------------Interface: GigabitEthernet2/0/1 EFM Enable Flag: enable Mode: active OAMPDU MaxSize: 128 ErrCodeNotification: disable ErrCodePeriod: 1 ErrCodeThreshold: 1 ErrFrameNotification: disable ErrFramePeriod: 45 ErrFrameThreshold: 1 ErrFrameSecondNotification: disable ErrFrameSecondPeriod: 60 ErrFrameSecondThreshold: 1 TriggerIfDown: disable Remote MAC: 00e0-fc7f-724f Remote EFM Enable Flag: enable Remote Mode: passive Remote MaxSize: 128
Run the display efm session command. If the EFM OAM protocol on the interface is in the Detect state, it means that the configuration succeeds. The two interfaces succeed in negotiation and enter the Detect state.
<HUAWEI> display efm session interface gigabitethernet2/0/1 Interface EFM State Loopback Timeout -------------------------------------------------------------------GigabitEthernet2/0/1 detect --
Issue 03 (2010-03-31)
7-17
7.3 Configuring EFM OAM Link Monitoring

This section describes how to configure EFM OAM link monitoring. 7.3.1 Establishing the Configuration Task 7.3.2 (Optional) Detecting Errored Frames of EFM OAM 7.3.3 (Optional) Detecting Errored Codes of EFM OAM 7.3.4 (Optional) Detecting Errored Frame Seconds of EFM OAM 7.3.5 Checking the Configuration

Link monitoring can be used to detect and locate faults at the link layer in different scenarios. It uses the event notification OAMPDU. When a link fails, the local link notifies the remote OAM entity of the fault after detecting a fault through events.
Before configuring EFM OAM link monitoring, complete the following tasks:
l
Configuring EFM OAM
Data Preparation
To configure EFM OAM link monitoring, you need the following data. No. 1 2 3 Data (Optional) Period and threshold for detecting errored frames of EFM OAM (Optional) Period and threshold for detecting errored codes of EFM OAM (Optional) Period and threshold for detecting errored frame seconds of EFM OAM
7.3.2 (Optional) Detecting Errored Frames of EFM OAM

Context
When an interface is enabled to detect errored frames, the NE80E/40E generates an errored frame event and notifies the peer, if the number of errored frames reaches or exceeds the threshold within a set period. Do as follows on the devices at one end or both ends of the link:
Procedure
Step 1 Run:
system-view

efm error-frame period period
The period for detecting errored frames on the interface is set. By default, the period for detecting errored frames on an interface is 1 second. Step 4 Run:
efm error-frame threshold threshold
The threshold for detecting errored frames on the interface is set. By default, the threshold for detecting errored frames on an interface is 1. Step 5 Run:
efm error-frame notification enable
The interface is enabled to detect errored frames. By default, an interface cannot detect errored frames. ----End
7.3.3 (Optional) Detecting Errored Codes of EFM OAM

Context
When an interface is enabled to detect errored codes, the NE80E/40E generates an errored code event and notifies the peer, if the number of errored codes reaches or exceeds the threshold within a set period. Do as follows on the devices at one end or both ends of the link:
Procedure
Step 1 Run:
system-view

efm error-code period period
Issue 03 (2010-03-31)
7-19
The period for detecting errored codes on the interface is set. By default, the period for detecting errored codes on an interface is 1 second. Step 4 Run:
efm error-code threshold threshold
The threshold for detecting errored codes on the interface is set. By default, the threshold for detecting errored codes on an interface is 1. Step 5 Run:
efm error-code notification enable
The interface is enabled to detect errored codes. By default, an interface cannot detect errored codes. ----End
7.3.4 (Optional) Detecting Errored Frame Seconds of EFM OAM

Context
An errored frame second is a one-second interval during which at least one errored frame is detected. It specifies the seconds when errored frames are deteced. When an interface is enabled to detect errored frame seconds, the NE80E/40E generates an errored frame seconds summary event and notifies the peer, if the number of errored frame seconds reaches or exceeds the threshold within a set period. Do as follows on the devices at one end or both ends of the link:
Procedure
Step 1 Run:
system-view

efm error-frame-second period period
The period for detecting errored frame seconds on the interface is set. By default, the period for detecting errored frame seconds on an interface is 60 seconds. Step 4 Run:
efm error-frame-second threshold threshold
The threshold for detecting errored frame seconds on the interface is set. By default, the threshold for detecting errored frame seconds on an interface is 1. Step 5 Run:

efm error-frame-second notification enable
The interface is enabled to detect errored frame seconds. By default, an interface cannot detect errored frame seconds. ----End

Prerequisite
The configurations of the EFM OAM Link Monitoring function are complete.
Procedure
Step 1 Run the display efm { all | interface interface-type interface-number } command to check information about EFM OAM on an interface. ----End
Example
Run the display efm command. You can view information about link monitoring on the interface. For example:
<HUAWEI> display efm interface gigabitethernet1/0/0 Item Value ---------------------------------------------------------Interface: GigabitEthernet1/0/0 EFM Enable Flag: enable Mode: active OAMPDU MaxSize: 128 ErrCodeNotification: enable ErrCodePeriod: 1 ErrCodeThreshold: 1 ErrFrameNotification: enable ErrFramePeriod: 45 ErrFrameThreshold: 1 ErrFrameSecondNotification: enable ErrFrameSecondPeriod: 60 ErrFrameSecondThreshold: 1 TriggerIfDown: disable RemoteMAC 00e0-fc7f-7258 Remote EFM Enable Flag enable Remote Mode passive Remote MaxSize 128
7.4 Testing the Packet Loss Ratio on the Physical Link

This section describes the method of testing the packet loss ratio on the link by configuring remote loopback and sending testing packets. 7.4.1 Establishing the Configuration Task 7.4.2 Enabling EFM OAM Remote Loopback 7.4.3 Sending Test Packets 7.4.4 Checking the Statistics on Returned Test Packets
7.4.5 (Optional) Manually Disabling EFM OAM Remote Loopback 7.4.6 Checking the Configuration

CAUTION
The forwarding of service data is affected after EFM OAM remote loopback is enabled. So, enable EFM OAM remote loopback on the link that need not forward service data. You can perform the configuration task to detect the packet loss ratio on a link. As shown in Figure 7-4, enable EFM OAM on Router A and Router B and enable remote loopback on GE 1/0/1 on Router A. Send test packets from Router A to Router B. You can get the packet loss ratio on the link by observing the receiving of test packets on Router A. Figure 7-4 Diagram of testing the packet loss ratio on the link
Test packets RouterA GE1/0/1 (Active) EFM OAM RouterB GE2/0/1 (Passive) Test packets data flow
Before testing the packet loss ratio on the link, complete the following tasks:
l
Configuring EFM OAM
Data Preparation
To test the packet loss ratio on the link, you need the following data. No. 1 2 Data Timeout period for remote loopback Destination MAC address, VLAN ID, outbound interface, size, number, and sending rate of test packets
7-22
Issue 03 (2010-03-31)
7.4.2 Enabling EFM OAM Remote Loopback

Context
Do as follows on the device with an active interface on the link:
Procedure
Step 1 Run:
system-view


efm loopback start [ timeout timeout ]
Remote loopback is initiated by the interface. By default, the timeout period for remote loopback is 20 minutes. After the timeout period, remote loopback is automatically disabled. You can set the timeout period to 0 for a link to remain in the remote loopback state. The following requirements must be met to implement remote loopback:
l l
The EFM OAM protocols on the local interface and the peer are in the Detect state. EFM OAM on the local interface works in active mode.
You can use the display efm session command to check whether the EFM OAM protocols running on the local interface and the peer are in the Detect state. Step 4 Run:
efm loopback action discard
The interface is configured to discard the packets looped back. By default, the interface discards the packets looped back. ----End
7.4.3 Sending Test Packets

Context
Procedure
Step 1 Run:
system-view

Step 2 Run:
test-packet start [ mac mac-address ] [ vlan vlan-id ] interface interface-type interface-number [ -c count | -p speed | -s size ] *
Test packets are sent. By default, the size of a test packet is 64 bytes; the transmitting rate is 1 Mbit/s; the number of test packets sent is 5. The outbound interface for the test packets is the interface that connects the link to be tested. ----End
Postrequisite
The parameter in this command cannot be modified when test packets are being sent. Press Ctrl+C to stop sending test packets.
7.4.4 Checking the Statistics on Returned Test Packets

Context
Procedure
Step 1 Run:
display test-packet result
Statistics of the returned test packets are displayed. The displayed information includes:
l l l l l l l l
Number of sent test packets Number of received test packets Number of discarded test packets Total number of bytes of sent test packets Total number of bytes of received test packet Total number of bytes of discarded test packet Time to start the sending of test packet Time to end the sending of test packet
You can obtain the packet loss ratio on the link based on the preceding data. ----End
7.4.5 (Optional) Manually Disabling EFM OAM Remote Loopback

Context
Procedure
Step 1 Run:
system-view


efm loopback stop
Remote loopback is disabled on the interface. If EFM OAM remote loopback is left enabled, the link fails to forward service data for a long time. To prevent this, EFM OAM remote loopback on the NE80E/40E can be automatically disabled after a timeout period. By default, the timeout period for remote loopback is 20 minutes. After 20 minutes, remote loopback stops. If you need to disable remote loopback manually, perform the preceding operation procedures. ----End

Prerequisite
The configurations of the Packet Loss Ratio on the Physical Link function are complete.
Procedure
Step 1 Run the display efm session { all | interface interface-type interface-number } command to check the status of the EFM OAM protocol on an interface. ----End
Example
Run the display efm session command on the device with an active interface on the link. If the EFM OAM protocol on the active interface is in the loopback (control) state, which indicates that the active interface initiates remote loopback, it means that the configuration succeeds.
<RouterA> display efm session interface gigabitethernet 1/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet1/0/1 Loopback(be controlled) 20
Run the display efm session command on the device with a passive interface on the link. If the EFM OAM protocol on the passive interface is in the loopback (be controlled) state, which indicates that the passive interface responds to remote loopback, it means that the configuration succeeds.
<RouterB> display efm session interface gigabitethernet 2/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet2/0/8 Loopback(be controlled) --
Issue 03 (2010-03-31)
7-25
Run the display efm session command on any of the devices on the link after remote loopback is automatically or manually disabled, you can view that the EFM OAM protocol status on the interface is no longer loopback (control) or loopback (be controlled).
<RouterA> display efm session interface gigabitethernet 1/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet2/0/8 Detect --
7.5 Associating EFM OAM with an Interface

This section describes how to associate EFM OAM with an interface. 7.5.1 Establishing the Configuration Task 7.5.2 Associating EFM OAM with an Interface 7.5.3 Checking the Configuration

As shown in Figure 7-5, EFM OAM is enabled on Router A and Router B. EFM OAM is associated with GE 1/0/1 on Router A. When the EFM OAM module on Router A detects a connectivity fault between Router A and Router B, no other packets except EFM protocol packets can be forwarded on the interface GE 1/0/1 and Layer 2 and Layer 3 services are blocked. Therefore, the association of EFM OAM and the current interface may greatly affect services. When the current interface detects the link fault recovery through EFM OAM, all packets can be forwarded on the interface and Layer 2 and Layer 3 services are unblocked. Figure 7-5 Diagram of associating EFM OAM with an interface
EFM OAM RouterA GE1/0/1 GE2/0/1 RouterB
The interface associated with EFM OAM
Before associating EFM OAM with an interface, complete the following tasks:
l
Configuring EFM OAM
Data Preparation
To associate EFM OAM with an interface, you need the following data.
7-26
Issue 03 (2010-03-31)
No. 1
Data Type and number of an interface
7.5.2 Associating EFM OAM with an Interface

Context
Do as follows on the devices at one end or both ends of the link:
Procedure
Step 1 Run:
system-view

efm trigger if-down
EFM OAM is associated with the interface. By default, an interface is not associated with EFM OAM. The efm trigger if-down command is valid in the interface view only after EFM OAM is enabled on the interface with the efm enable command. When EFM OAM is associated with the current interface and detects a link fault through the current interface, no other packets except EFM protocol packets can be forwarded on the interface and Layer 2 and Layer 3 services are blocked. Therefore, the association of EFM OAM and the current interface may greatly affect services. When the current interface detects the link fault recovery through EFM OAM, all packets can be forwarded on the interface and Layer 2 and Layer 3 services are unblocked. Before configuring the association between EFM OAM and an interface, ensure that the EFM OAM protocol on both ends of the link is in the detect state. If Layer 2 and Layer 3 services are blocked due to a misoperation, you can run the undo efm trigger if-down command in the interface view to restore services. ----End

Prerequisite
The configurations of Associating EFM OAM with an Interface function are complete.
Procedure
Step 1 Run the display efm { all | interface interface-type interface-number } command to check the EFM OAM configuration information on an interface. ----End
Example
Run the display efm command. If the item "TriggerIfDown" is displayed as "enable", it means that the configuration succeeds.
<HUAWEI> display efm interface gigabitethernet1/0/1 Item Value ---------------------------------------------------Interface: GigabitEthernet1/0/1 EFM Enable Flag: enable Mode: active OAMPDU MaxSize: 128 ErrCodeNotification: disable ErrCodePeriod: 1 ErrCodeThreshold: 1 ErrFrameNotification: disable ErrFramePeriod: 1 ErrFrameThreshold: 1 ErrFrameSecondNotification: disable ErrFrameSecondPeriod: 60 ErrFrameSecondThreshold: 1 TriggerIfDown: enable TriggerMacRenew: disable Remote MAC: 0018-8200-0001 Remote EFM Enable Flag: enable Remote Mode: passive Remote MaxSize: 128
7.6 Configuring Basic Ethernet CFM

This section describes how to configure basic Ethernet CFM. 7.6.1 Establishing the Configuration Task 7.6.2 Switching IEEE 802.1ag Versions 7.6.3 Enabling Ethernet CFM Globally 7.6.4 Creating an MD 7.6.5 (Optional) Creating the Default MD 7.6.6 Creating an MA 7.6.7 Creating a MEP 7.6.8 Creating an RMEP 7.6.9 (Optional) Setting the Rule for Creating a MIP 7.6.10 Enabling CC Detection 7.6.11 (Optional) Creating a VLAN 7.6.12 Checking the Configuration

You can perform the configuration task to implement the following functions on the Ethernet:
l l
Automatic end-to-end connectivity detection Automatic connectivity detection on directly connected links
You need to ensure that the following conditions be met before implementing automatic endto-end connectivity detection on the Ethernet:
l
MDs are classified based on the ISP that manages the devices. All the devices that are managed by a single ISP and enabled with CFM can be configured in an MD. One default MD can be configured on each device, that it transmits high-level CCMs and generates MIPs to reply LTR packets.
MAs are classified based on different SIs. An MA is associated with a VLAN. A VLAN generally maps to an SI. When the MA is classified, fault detection in connectivity can be carried out on the network where an SI is transmitted. You need to determine the interfaces on which devices are located at the edge of the MA, that is, to determine that MEPs must be configured on the interfaces on which devices.
When implementing automatic connectivity detection on directly connected links, you also need to ensure that:
l l l
The devices at both ends must be configured in the same MA within an MD. An MA can be either associated with a VLAN or not. MEPs must be configured on the interfaces at both ends of the directly connected link.
None.
Data Preparation
To configure Ethernet CFM, you need the following data. No. 1 2 3 4 5 6 7
Issue 03 (2010-03-31)
Data Name and level of an MD (Optional) Name and level of a default MD Name of an MA, ID of the VLAN associated with the MA ID of a MEP, name of the interface on which the MEP resides, type of the MEP (Optional) ID of an RMEP and bridge MAC address of the device on which the RMEP resides Rule for creating a MIP Interval for a MEP sending or detecting CCMs in an MA
No. 8
Data (Optional) ID of the specified VLAN
7.6.2 Switching IEEE 802.1ag Versions

Context
By default, IEEE 802.1ag Draft 7 is enabled on the device. Do as follows on each NE80E/40E that requires IEEE Standard 802.1ag-2007:
Procedure
Step 1 Run:
system-view

cfm version { draft7 | standard }
The IEEE 802.1ag version is switched.

NOTE
All the devices on the network must be enabled with either IEEE 802.1ag Draft 7 or IEEE Standard 802.1ag-2007. IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007 cannot be enabled at the same time on a network.
----End
7.6.3 Enabling Ethernet CFM Globally

Context
Do as follows on the router that requires Ethernet CFM:
Procedure
Step 1 Run:
system-view

cfm enable
Ethernet CFM is enabled globally. By default, Ethernet CFM on the router is disabled globally. ----End
7.6.4 Creating an MD
Context
Procedure
Step 1 Run:
system-view

cfm md md-name [ format { no-md-name | dnsname-and-mdname | mac-address | mdname } ] [ level level ]
An MD is created and the MD view is displayed. Parameters format, no-md-name, dnsname-and-mdname, and mac-address can be used only on the device running IEEE Standard 802.1ag-2007. By default, an MD is at level 0. Level 0 is the lowest level. Repeat Step 2 to create more MDs. Up to 64 MDs can be created on the NE80E/40E.
NOTE
The 802.1ag packets from a lower-level MD are discarded when being transmitted through the same level MD or a higher-level MD. The 802.1ag packets from a higher-level MD can be transmitted through a lowerlevel MD.
----End
7.6.5 (Optional) Creating the Default MD

Context
Do as follows on each NE80E/40E device that requires Ethernet CFM:
Procedure
Step 1 Run:
system-view

cfm default md [ level level ]
The default MD is created and the default MD view is displayed. By default, the default MD is at Level 7, the highest level. Each device can create only one default MD.

NOTE
The default MD must be of a higher level than all MDs to which MEPs configured on the local device belong. In addition, the default MD must be of the same level as the high-level MD. The default MD transmits high-level CCMs and generates MIPs to reply LTR packets.
----End
7.6.6 Creating an MA
Context
Do as follows on the NE80E/40E that requires Ethernet CFM:
Procedure
Step 1 Run:
system-view

cfm md md-name
The MD view is displayed. Step 3 Run:

ma ma-name
An MA is created and the MA view is displayed. Up to 4K MAs can be created in an MD. On the NE80E/40E, up to 4K MAs can be created. One or multiple MA can map to one VLAN. Step 4 Run:
map vlan vlan-id
Associate the MA with a VLAN. By default, an MA is not associated with any VLAN. Ethernet CFM maintains the connectivity of each MA separately. After an MA is associated with a VLAN, Ethernet CFM can detect the connectivity fault on the network within the VLAN. This step is optional. If an MA is classified to detect the connectivity fault between two directly connected devices, the MA is not required to be associated with a VLAN. Otherwise, the MA must be associated with a VLAN. ----End
Postrequisite
An MA is associated with a VLAN only.
l l
If you need to create multiple MAs in an MD, repeat Step 3 and Step 4. If you need to create multiple MAs in multiple MDs, repeat Step 2 to Step 4.
7-32
7.6.7 Creating a MEP

Context
When creating a MEP in an MA, also note that:
l
When an inward-facing MEP is created, the MA must be associated with a VLAN and the interface on which the MEP resides must be added to the VLAN. The inward-facing MEP then broadcasts the OAMPDUs in the VLAN associated with the MA. That is, the inwarding-facing MEP sends the OAMPDUs out through all the interfaces excluding the interface on which the MEP resides in the VLAN associated with the MAC. When the outward-facing MEP is created, the MA is not required to be associated with a VLAN. However, if the MA is associated with a VLAN, the interface on which the MEP resides must be added to the VLAN. The outward-facing MEP sends out the OAMPDUs through the interface on which the MEP resides. When the VLAN-based MEP is created, the MA must be associated with a VLAN.
The following lists the requirements for the number and types of MEPs created in an MA:
l
The inward-facing interface-based MEP and the outward-facing interface-based MEP cannot coexist. Only one outward-facing interface-based MEP can be created. Multiple inward-facing interface-based MEPs can be created. However, only one inward-facing interface-based MEP can be created on an interface. Only one VLAN-based MEP can be created.
CAUTION
l
One Trunk interface can be configured with only one MEP, regardless of how many subinterfaces the Trunk interface has. The system does not support hot swapping of boards.
Do as follows on the edge devices of an MA:
Procedure
Step 1 Run:
system-view

cfm md md-name

ma ma-name
The MA view is displayed.

Step 4 Run the following command as required.

l
To create an interface-based MEP, run:

mep mep-id mep-id interface {interface-type interface-number | interface-type interface-number. subnumber } [ vlan vlan-id ] { inward | outward }
To create a VLAN-based MEP, run:

mep mep-id mep-id vlan
NOTE
On the NE80E/40E, the VLAN-based MEP is only used to detect connectivity faults in the multicast VLAN. The interface-based MEP is used for other scenarios.
----End
Postrequisite
l l l
If you need to create multiple MEPs in an MA, repeat Step 4. If you need to create multiple MEPs in multiple MAs, repeat Step 3 and Step 4. If you need to create multiple MEPs in multiple MDs, repeat Step 2 to Step 4.
7.6.8 Creating an RMEP

Context
If you need to detect the connectivity between a device and an RMEP, you need to create the RMEP first. Do as follows on the edge devices of an MA:
Procedure
Step 1 Run:
system-view

cfm md md-name

ma ma-name
The MA view is displayed. Step 4 Run:

remote-mep mep-id mep-id [ mac mac-address ]
An RMEP in the current MA is created. ----End
Postrequisite
l
If you need to create multiple RMEPs in an MA, repeat Step 4.

7-34

l l
If you need to create multiple RMEPs in multiple MAs, repeat Step 3 and Step 4. If you need to create multiple RMEPs in multiple MDs, repeat Step 2 to Step 4.
7.6.9 (Optional) Setting the Rule for Creating a MIP

Context
Currently, IEEE 802.1ag has two versions, that is, IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007. The types of the MIP generation rule are the same in these two versions. Differences of the MIP generation rules between these two versions, however, are as follows:
l
According to IEEE 802.1ag Draft 7, MIPs are automatically generated on the basis of the interface. According to IEEE Standard 802.1ag-2007, MIPs are automatically generated on the basis of the MD or default MD.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Choose the following commands to configure the MIP generation rule.
l
To configure the MIP generation rule in accordance with IEEE 802.1ag Draft 7, run:
mip create-type { default | explicit | none } [ interface interface-type interface-number ]
The MIP generation rule in accordance with IEEE 802.1ag Draft 7 is configured.
l
To configure the MIP generation rule in accordance with IEEE Standard 802.1ag-2007, choose one of the following commands to enter the proper view. 1. Run:
cfm md md-name [ format { no-md-name | dnsname-and-mdname | mac-address | md-name } ] [ level level ]
The MD view is displayed. Or, run:

The default MD view is displayed. 2. Run:

mip create-type { default | explicit | none }
The MIP generation rule in accordance with IEEE Standard 802.1ag-2007 is configured. By default, the rule for creating a MIP is set to none.
l
default: MIPs can be generated on the interface, to which the MD or default MD belongs, without a MEP of a higher level and a MIP of a lower level. explicit: MIPs can be generated on the interface, to which the MD or default MD belongs, with a MEP of a lower level but without a MEP of a higher level or a MIP of a lower level. none: MIPs cannot be generated on the interface, to which the MD or default MD belongs.
If the rule for creating the MIP is default or explicit, the device generates the MIP automatically according to the rule.
The level of a MIP depends on the level of the MD generating the MIP and the level generation rule. ----End
7.6.10 Enabling CC Detection

Context
Do as follows on the edge devices on which MEPs reside within MAs:
Procedure
Step 1 Run:
system-view

cfm md md-name

ma ma-name

ccm-interval interval
The interval for the MEP sending or detecting CCMs within the local MA is set. By default, the interval for the MEP sending or detecting CCMs within an MA is 1 second.
l l
The sending of CCMs is enabled by using the mep ccm-send enable command. The receiving of CCMs is enabled by using the remote-mep ccm-receive enable command.
If any of the preceding conditions is met in an MA, the interval for sending or detecting CCMs in the MA cannot be modified. If you want to modify the interval for sending or detecting CCMs in an MA, you must run the related undo commands to disable the sending or receiving of CCMs. Step 5 Run:
mep ccm-send [ mep-id mep-id ] enable
The sending of CCMs is enabled on the MEP. By default, a MEP is disabled to send CCMs. If mep-id mep-id is not specified, all the MEPs in the MA are enabled to send CCMs. Step 6 Run:
remote-mep ccm-receive [ mep-id mep-id ] enable
The receiving of CCMs from the RMEP within the same MA is enabled on the local MEP. By default, the local MEP cannot receive CCMs from the RMEP.
When the local device is enabled to receive CCMs from an RMEP, and if connectivity faults are detected between the local device and the RMEP through CC detection, the local device prompts alarms of RMEP connectivity. If mep-id mep-id is not specified, all the MEPs in the MA are enabled to receive CCMs from all the RMEPs. ----End
Postrequisite
l l
If you need to enable the CC detection in multiple MAs, repeat Step 3 to Step 6. If you need to enable the CC detection in multiple MDs, repeat Step 2 to Step 6.
7.6.11 (Optional) Creating a VLAN

Context
Procedure
Step 1 Run:
system-view

The default MD is created and the default MD view is displayed. Step 3 Run:
vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>
The specified VLAN is created. ----End

Prerequisite
The configurations of the Ethernet CFM function are complete.
Procedure
l l l Run the display cfm md [ md-name ] [ | { begin | include | exclude } regularexpression ] command to check the configuration information about an MD. Run the display cfm ma [ md md-name [ ma ma-name ] ] [ | { begin | include | exclude } regular-expression ] command to check detailed information about an MA. Run the display cfm mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command to check detailed information about a MEP.
Issue 03 (2010-03-31)
l l l l l
Run the display cfm remote-mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command to check detailed information about an RMEP. Run the display mip create-type [ interface interface-type interface-number ] command to check the rule for creating a MIP. Run the display cfm mip [ interface interface-type interface-number | level level ] command to check information about a MIP. Run the display cfm default md command to check the configuration of the default MD. Run the display cfm error-info [ interface { interface-name | interface-type interfacenumber } ] [ vlan vlanid | vsi vsi-name ] [ error-type { ccm-interval-error | maiderror | mac-error | cfm-leak } ] command to check information about incorrect configurations of the specified error type. Run the display cfm mp-info [ interface { interface-name | interface-type interfacenumber } [ level md-level ] [ inward | outward ] [ vlan vlanid | vsi vsi-name | no-associatedvlan ] command to check information about the CFM objects on the specified interface and VLAN or VSI.
----End
Example
The output of the display cfm md command on the device running IEEE 802.1ag Draft 7 is different from that on the device running IEEE Standard 802.1ag-2007. Run the display cfm md command on the device running IEEE 802.1ag Draft 7. If information about the MD and the MD level is displayed, it means that the MD is created successfully.
<HUAWEI> display cfm md The total number of MDs is 2 MD-Name Level -------------------------------------------------md2 7 md3 3
Run the display cfm md command on the device running IEEE Standard 802.1ag-2007. If information about the name of the MD, MD name format, MD level, MIP generation rule, and sender ID TLV type is displayed, it means that the MD is created successfully.
<HUAWEI> display cfm md mdcustomer The total number of MDs is : 1 -------------------------------------------------MD Name : mdcustomer MD Name Format : md-name Level : 1 MIP Create-type : default SenderID TLV-type : SendIdDefer MA list : MA name : macustomer Interval : 20 Vlan ID : 400 VSI Name : --
Run the display cfm ma command. If information about the MA is displayed, it means that the configuration is successful.
<HUAWEI> display cfm ma <HUAWEI> display cfm ma md md1 The total number of MAs is 2: MD Name : md1 MD Name Format : md-name Level : 7
7-38
Issue 03 (2010-03-31)

MIP Create-type SenderID TLV-type MA Name Interval Priority Vlan ID VSI Name MEP Number RMEP Number MD Name MD Name Format Level MIP Create-type SenderID TLV-type MA Name Interval Priority Vlan ID VSI Name MEP Number RMEP Number : none : SendIdDefer : ma1 : 10ms : 4 : 7 : -: 2 : 3 : md1 : md-name : 7 : none : SendIdDefer : ma2 : 10ms : 5 : 8 : -:1 : 4
Run the display cfm mep command. If information about the MEP is displayed, it means that the configuration is successful.
The total number of MEPs is 2 MD Name : md2 Level : 7 MA Name : ma3 MEP ID : 40 Vlan ID : 10 VSI Name : -Interface Name : GigabitEthernet1/0/1 CCM Send : enabled Direction : outward MD Name : md3 Level : 3 MA Name : ma1 MEP ID : 100 Vlan ID : 20 VSI Name : -Interface Name : GigabitEthernet2/0/1 CCM Send : enabled Direction : outward
Run the display cfm remote-mep command. If information about the RMEP is displayed, it means that the configuration is successful.
<HUAWEI> display cfm remote-mep The total number of RMEPs is 2 MD Name : md2 Level : 7 MA Name : ma3 RMEP ID : 110 Vlan ID : 20 VSI Name : -MAC : 0000-0121-0222 CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up MD Name : md2 Level : 4 MA Name : ma3 RMEP ID : 30 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled
Issue 03 (2010-03-31)
7-39

CFM Status : up
Run the display mip create-type command. If the MIP generation rule is correct, it means that the configuration is successful.
<HUAWEI> display mip create-type interface gigabitethernet1/0/1 Interface Name MIP Create-Type MIP Create-Type On Interface --------------------------------------------------------------------------GigabitEthernet1/0/1 none --
Run the display cfm mip command. If information about the MIP is displayed, it means that the configuration is successful.
<HUAWEI> display cfm mip Interface Name Level ----------------------------------GigabitEthernet2/0/8 0
Run the display cfm default md command. If information about the level of the default MD, MIP generation rule, sender ID TLV type, and VLAN chain associated with the default MD is displayed, it means that the configuration is successful.
<HUAWEI> display cfm default md Level MIP Create-type SenderID TLV-type VLAN List --------------------------------------------------------------------------------------7 default SendIdDefer 100 to 200 2049
Run the display cfm error-info command. If information about the incorrect configuration of the specified error type is displayed, it means that the configuration is successful.
<HUAWEI> display cfm error-info interface gigabitethernet1/0/2 error-type cfm-leak The total number of Errors is : 1 ---------------------------------------Interface : gigabitethernet1/0/2 VLAN ID : 100 VSI Name : -Error Type : ccm-interval-error cfm-leak MD Name : md1 MA Name : ma1 Level : 3 MEP ID : 10 CCM-Interval : 20 MAC Address : 0018-8247-b977
Run the display cfm mp-info command. If information about the CFM objects of the specified interface and VLAN or VSI is displayed, it means that the configuration is successful.
<HUAWEI> display cfm mp-info interface gigabitethernet1/0/1 level 6 inward vlan 300 MD Name : md1 MD Name Format : md-name Level : 6 MA Name : ma1 MEP ID : 10 VLAN ID : 300 VSI Name : -Interface Name : gigabitethernet1/0/1 CCM Send :enable Direction : inward MAC Address : 0018-8247-b977 ----------------------------------------------------The total number of MPs is 1. The number of MEPs is 1. The number of MIPs is 0.
7-40
Issue 03 (2010-03-31)
7.7 Configuring Related Parameters of Ethernet CFM

This section describes how to Configure Related Parameters of Ethernet CFM. 7.7.1 Establishing the Configuration Task 7.7.2 (Optional) Configuring the RMEP Activation Time 7.7.3 (Optional) Configuring the Anti-Jitter Time During Alarm Restoration 7.7.4 (Optional) Configuring the Anti-Jitter Time During Alarm Generation

If Ethernet CFM is enabled, you can adjust related parameters according to your requirement. In different application environments, you can adjust the following parameters:
l
RMEP activation time After the local device is enabled with the function of receiving CCMs from a certain RMEP, the local device can display RMEP connectivity alarm in one of the following situations:
If the CC detects a connectivity fault between the local MEP and the RMEP, then, the local device displays the alarm of the RMEP connectivity fault.. The physical link works normally between the local MEP and the RMEP. The peer device is not configured with a MEP when the CC is performed; or, the MEP configuration is performed after the CC is performed. In this case, if the local MEP does not receive any CCMs from the RMEP in three consecutive sending intervals, the local device considers that a connectivity fault occurs between the local MEP and the RMEP. According to the preceding description, the RMEP connectivity fault alarm is incorrect. To solve the problem, you can set the RMEP activation time.
If the local device is configured with the RMEP activation time and enabled with the function of receiving CCMs from a certain RMEP, the local device can receive CCMs at the set RMEP activation time. That is, the activation time for receiving CCMs from the RMEP is the time reserved for configuring the RMEP. At the set RMEP activation time, if the local MEP does not receive any CCMs in three consecutive sending intervals, this means that a connectivity fault occurs between the local MEP and the RMEP. In addition, the local device displays the alarm of the RMEP connectivity fault.
l
Anti-jitter time during alarm restoration All the RMEPs of each MA use the following timers:

Alarm generation timer: Its interval is set to the anti-jitter time during alarm generation. Alarm restoration timer: Its interval is set to the anti-jitter time during alarm restoration.
When the RMEP detects an alarm, the alarm generation timer is activated. After the timer expires, the alarm is notified to the device. When the RMEP detects that the alarm is restored, the alarm restoration timer is activated. After the timer expires, the alarm restoration event is notified to the device. If the RMEP frequently detects the alarm and alarm restoration signals, this means that alarm flapping occurs.
To suppress alarm flapping, you can set the anti-jitter time during alarm generation.
l
VLAN or VLAN chain All interfaces of the specified VLAN generate MIPs according to the configured MIP generation rule in the MD.
None.
Data Preparation
To adjust parameters of Ethernet CFM, you need the following data. No. 1 2 3 Data (Optional) RMEP activation time (Optional) Anti-jitter time during alarm restoration (Optional) Anti-jitter time during alarm generation
7.7.2 (Optional) Configuring the RMEP Activation Time

Context
Do as follows on each edge device in an MA:
Procedure
Step 1 Run:
system-view

cfm md md-name

ma ma-name

active time time
The RMEP activation time is configured. ----End

7.7.3 (Optional) Configuring the Anti-Jitter Time During Alarm Restoration

Context
Procedure
Step 1 Run:
system-view

cfm md md-name

ma ma-name

alarm finish time time
The anti-jitter time during alarm restoration is configured. ----End
7.7.4 (Optional) Configuring the Anti-Jitter Time During Alarm Generation

Context
Procedure
Step 1 Run:
system-view

cfm md md-name

ma ma-name


alarm occur time time
The anti-jitter time during alarm generation is configured. ----End
7.8 Fault Verification on the Ethernet

This section describes the method of testing the connectivity on the Ethernet through 802.1ag MAC ping or MAC ping, and the method of detecting the connectivity on the PBB-TE tunnel through PBB-TE MAC ping. 7.8.1 Establishing the Configuration Task 7.8.2 (Optional) Implementing 802.1ag MAC Ping 7.8.3 (Optional) Implementing Gmac ping

To manually detect the connectivity between two devices, you can send test packets and wait for a reply to test whether the destination device is reachable. There are the following scenarios based on the type of the link to be tested:
l
For the network where the MD, MA, and MEP are configured, you can implement 802.1ag MAC ping to test the connectivity between MEPs at the same maintenance level or between MEPs and MIPs at the same maintenance level. For the network where the MD, MA, and MEP are not configured, you can implement Gmac ping to test the connectivity between two devices. You can implement PBB-TE MAC ping to test the connectivity on the PBB-TE tunnel.
Before implementing 802.1ag MAC ping, complete the following tasks:
l
Configuring Ethernet CFM
No pre-configuration tasks are needed to implement Gmac ping and PBB-TE MAC ping.
Data Preparation
To detect the connectivity on the Ethernet, you need the following data. No. 1 2 3
7-44
Data (Optional) Bridge MAC address of the device on which the destination MEP resides or ID of the destination MEP (Optional) Bridge MAC address of the device on which the destination MIP resides (Optional) Number, size, timeout period, and outbound interface of LBMs
No. 4 5
Data (Optional) VLAN to which the destination node belongs (Optional) Name of the PBB-TE tunnel
7.8.2 (Optional) Implementing 802.1ag MAC Ping

Context
Do as follows on the router with a MEP at one end of the link to be tested:
Procedure
Step 1 Run:
system-view

cfm md md-name

ma ma-name

ping mac-8021ag { mac mac-address | remote-mep mep-id mep-id } [ -c count | interface interface-type interface-number | -s packetsize | -t timeout ] *
The connectivity between a MEP and a MEP or a MIP on other devices is tested. When implementing 802.1ag MAC ping, ensure that:
l l l
The MA is associated with a VLAN. The MEP is configured in the MA. If the outbound interface is specified, it cannot be configured with an inward-facing MEP. The interface must be added to the VLAN associated with the MA. If the destination node is a MEP, either mac mac-address or remote-mep mep-id mep-id can be selected. If remote-mep mep-id mep-id is selected, the RMEP must already be created with the remote-mep command and the bridge MAC address of the device on which the RMEP resides must be specified. If the destination node is a MIP, select mac mac-address.
The intermediate device on the link to be tested only forwards LBMs and LBRs. In this manner, the MD, MA, or MEP are not required to be configured on the intermediate device. ----End
7.8.3 (Optional) Implementing Gmac ping

Context
Perform Step 1 and Step 2 on the routers at both ends of the link to be tested. Perform Step 3 on any of the routers.
Procedure
Step 1 Run:
system-view

ping mac enable
Gmac ping is enabled globally. By default, Gmac ping is disabled. When Gmac ping is enabled:
l l
MAC ping can be implemented on the routers. The routers can respond to LBMs.
Step 3 Run:
ping mac mac-address vlan vlan-id [ interface interface-type interface-number | -c count | -s packetsize |-t timeout ] *
The connectivity between the router and the remote device is tested. A MEP is not required to initiate Gmac ping. The destination node does not need to be a MEP or a MIP. Gmac ping can be implemented without configuring the MD, MA, or MEP on the source device, the intermediate device, and the destination device. The two devices must be enabled with 802.1ag of the same version. If the local device is enabled with IEEE 802.1ag Draft 7 and the peer is enabled with IEEE Standard 802.1ag-2007, the local device cannot ping through the peer device when the ping mac command is run to detect connectivity of the link between the local and peer devices. ----End
7.9 Locating the Fault on the Ethernet

This section describes the method of locating the connectivity fault on the Ethernet through 802.1ag MAC trace or MAC trace, and the method of locating the connectivity fault on the PBBTE tunnel through PBB-TE MAC trace. 7.9.1 Establishing the Configuration Task 7.9.2 (Optional) Implementing 802.1ag MAC Trace 7.9.3 (Optional) Implementing Gmac trace

To locate the connectivity fault between two devices, you can send test packets and wait for reply packets to test the path between the local device and the destination device and to locate faults. There are the following scenarios based on what kind of link is being tested:
l
For the network where the MD, MA, and MEP are configured, you can implement 802.1ag MAC trace to locate the connectivity fault between MEPs at the same maintenance level or between MEPs and MIPs at the same maintenance level. For the network where the MD, MA, and MEP are not configured, you can implement Gmac trace to locate the connectivity fault between two devices. You can implement PBB-TE MAC trace to locate the connectivity fault on the PBB-TE tunnel.
Before implementing 802.1ag MAC trace, complete the following tasks:
l
Configuring Ethernet CFM
No pre-configuration tasks are needed to implement Gmac trace and PBB-TE MAC trace.
Data Preparation
To locate the connectivity fault on the Ethernet, you need the following data. No. 1 2 3 4 5 6 7 Data (Optional) Bridge MAC address of the device on which the destination MEP resides or ID of the destination MEP (Optional) Bridge MAC address of the device on which the destination MIP resides (Optional) Outbound interface of Linktrace Messages (LTMs) (Optional) Timeout period for waiting for an LTR (Optional) Time to Live (TTL) of LTMs (Optional) VLAN to which the destination node belongs (Optional) Name of the PBB-TE tunnel
7.9.2 (Optional) Implementing 802.1ag MAC Trace

Context
Do as follows on the router with a MEP at one end of the link to be tested:
Procedure
Step 1 Run:
system-view

cfm md md-name

ma ma-name

trace mac-8021ag { mac mac-address | remote-mep mep-id mep-id } [ interface interface-type interface-number | -t timeout | ttl ttl ] *
The connectivity fault between the router and the remote router is located. When implementing 802.1ag MAC trace, ensure that:
l l l
The MA is associated with a VLAN. The MEP is configured in the MA. If the outbound interface is specified, it cannot be configured with an inward-facing MEP. The interface must be added to the VLAN associated with the MA. If the destination node is a MEP, either mac mac-address or remote-mep mep-id mep-id can be selected. If remote-mep mep-id mep-id is selected, the RMEP must already be created with the remote-mep command and the bridge MAC address of the device on which the RMEP resides must be specified. If the destination node is a MIP, select mac mac-address. If the forwarding entry of the destination node does not exist in the MAC address table, interface interface-type interface-number must be specified.
l l
The intermediate device on the link to be tested only forwards LTMs and LTRs. In this manner, the MD, MA, or MEP are not required to be configured on the intermediate device. ----End
7.9.3 (Optional) Implementing Gmac trace

Context
You need to configure the routers at both ends and the intermediate router on the link to be tested.
Procedure
Step 1 Configuring the routers at both Ends and the Intermediate router Do as follows on the routers at both ends and the intermediate router on the link to be tested: 1. Run:
system-view
7-48
Issue 03 (2010-03-31)

trace mac enable
Gmac trace is enabled globally. By default, Gmac trace is disabled. The following can be performed only after Gmac trace is enabled:
l l
Gmac trace can be implemented on the router. The routers can respond to LTMs of Gmac trace.
Step 2 Implementing Gmac trace Do as follows on the router at one end of the link to be tested: 1. Run:
system-view

trace mac mac-address vlan vlan-id [ interface interface-type interfacenumber | -t timeout ] *
The connectivity fault between the router and the remote router is located. A MEP is not required to initiate Gmac trace. The destination node does not need to be a MEP or a MIP. Gmac trace can be implemented without configuring the MD, MA, or MEP on the source device, the intermediate device, and the destination device. The two devices must be enabled with 802.1ag of the same version. If the local device is enabled with IEEE 802.1ag Draft 7 and the peer device is enabled with IEEE Standard 802.1ag-2007, the faulty node cannot be located when the trace mac command is run to detect connectivity of the link between the local and peer devices. ----End
7.10 Associating Ethernet CFM with an Interface

This section describes how to associate Ethernet CFM with an interface. 7.10.1 Establishing the Configuration Task 7.10.2 Associating Ethernet CFM with an Interface 7.10.3 Checking the Configuration

After Ethernet CFM is associated with an interface, when a MEP detects a connectivity fault between the MEP and a specified RMEP within the same MA, the OAM management module shuts down and then turns on the interface on which the MEP resides so that the other modules can sense the fault.
Figure 7-6 Diagram of associating Ethernet CFM with an interface (1)
Ethernet CFM RouterA GE1/0/1 GE2/0/1 RouterB
The interface associated with Ethernet CFM
Figure 7-7 Diagram of associating Ethernet CFM with an interface (2)
Ethernet CFM
RouterA
GE1/0/1 GE2/0/1
GE1/0/1 GE2/0/1 RouterC RouterB
The interface associated with Ethernet CFM
Ethernet CFM is used to detect a directly connected link shown in Figure 7-6, or a multi-hop link shown in Figure 7-7. Configure Ethernet CFM on Router A and Router B; associate Ethernet CFM with GE 1/0/1 on Router A. When the CFM OAM module on Router A detects a connectivity fault between Router A and Router B, the OAM management module shuts down GE 1/0/1 and then starts it so that the other interfaces on Router A can sense the fault. Figure 7-8 Diagram of associating Ethernet CFM with an interface (3)
GE1/0/1 RouterA GE1/0/3 GE1/0/2
Ethernet CFM GE1/0/1 Link1 GE1/0/2 Link2 RouterB Link3 GE1/0/3 Active link Inactive link Aggregation group in static LACP mode MEPs in MA1 MEPs in MA2 MEPs in MA3
Configure the link aggregation group in static LACP mode on Router A and Router B. Enable Ethernet CFM on Router A and Router B. Router A and Router B belong to the same MD. Configure the MEP on all the member interfaces of the aggregation group. MEPs on the interfaces of the same link are configured within the same MA. MEPs on the interfaces along the same link belong to the same MA. MEPs on the interfaces on different links belong to different MAs. Ethernet CFM detects the link connectivity by exchanging CCMs between MEPs of the same link. You can then associate Ethernet CFM with the interfaces. When a connectivity fault occurs on Link 1, the OAM management modules on Router A and Router B shut down and then turn on their GE 1/0/1 interfaces respectively. In this manner, the
LACP module senses the connectivity fault on Link 1 and switches the service data forwarded on Link 1 to the inactive Link 3. This implements protection switching in no more than 50 ms to achieve carrier-class reliability. Figure 7-9 Diagram of associating Ethernet CFM with an interface (4)
RouterC
rnet Ethe
GE2/0/1 CFM
GE2/0/2 Ethe rn
GE1/0/1
et C F
GE1/0/1
Eth-Trunk1 RouterA GE1/0/2
Eth-Trunk1
Ethe r
net
Et GE2/0/1 RouterD GE2/0/2
CFM
F et C hern
RouterB GE1/0/2
Aggregation group in 1:1 active/standby mode
Active link Inactive link
MEPs in MA1 MEPs in MA2 MEPs in MA3 MEPs in MA4
Configure the link aggregation group in 1:1 active/standby mode on Router A and Router B. Configure Ethernet CFM on Router A, Router B, Router C, and Router D respectively. Associate Ethernet CFM with GE 1/0/1 and GE 1/0/2 on Router A and Router B. Assume that a connectivity fault occurs on the link between Router A and Router C. The Ethernet CFM module detects the fault and notifies the OAM management module of the fault. The OAM management module shuts down and then starts GE 1/0/1. This allows the link aggregation group to sense the fault and switch the service data to the inactive link. The procedure for processing connectivity faults on the other links is similar to that for processing the link fault between Router A and Router C. This implements protection switching in no more than 50 ms to achieve carrierclass reliability.
Before associating Ethernet CFM with an interface, complete the following tasks:
l l
Configuring the link aggregation group Configuring Ethernet CFM
Data Preparation
To associate Ethernet CFM with an interface, you need the following data. No. 1 2 Data Type and number of an interface Name of an MD, MA, and ID of an RMEP
Issue 03 (2010-03-31)
7-51
7.10.2 Associating Ethernet CFM with an Interface

Context
Do as follows on the NE80E/40E configured with the link aggregation group in static LACP mode:
Procedure
Step 1 Run:
system-view

The view of a member interface of the link aggregation group is displayed. Step 3 Run:
cfm md md-name ma ma-name remote-mep mep-id mep-id trigger if-down
Ethernet CFM is associated with an interface. By default, an interface is not associated with Ethernet CFM. It is required that outward-facing MEPs be created in the specified MA and the current interface is configured with outward-facing MEPs before you use the cfm md md-name ma ma-name remote-mep mep-id mep-id trigger if-down command. An interface can be associated with an RMEP only. You need to delete the current configurations to modify the mapping between the interface and the RMEP. If multiple member interfaces exist in the link aggregation group, you should repeat Step 2 and Step 3 to associate Ethernet CFM with all the member interfaces. ----End

Prerequisite
The configurations of Associating Ethernet CFM with an Interface function are complete.
Procedure
Step 1 Run the display cfm remote-mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command to check detailed information about an RMEP. ----End
Example
Run the display cfm remote-mep command. If the "Trigger If-down" field for the RMEP is displayed as "enable", it means that the configuration succeeds.
<HUAWEI> display cfm remote-mep
7-52
Issue 03 (2010-03-31)

The total number of RMEPs is 2 The status of RMEPS : 2 up, 0 down -------------------------------------------------MD Name : md1 Level : 4 MA Name : ma1 RMEP ID : 50 Vlan ID : 10 VSI Name : -MAC : 0000-0121-0222 CCM Receive : enabled Trigger-If-Down : enabled CFM Status : up MD Name : md2 Level : 7 MA Name : ma1 RMEP ID : 30 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : enabled CFM Status : up
7.11 Associating EFM OAM with Ethernet CFM

This section describes how to associate EFM OAM with Ethernet CFM. 7.11.1 Establishing the Configuration Task 7.11.2 Associating Ethernet OAM with Ethernet OAM 7.11.3 Checking the Configuration

IEEE 802.3ah is designed for the last mile of the Ethernet to detect the direct link between a CE and a PE. IEEE 802.1ag is designed for a group of services or some specific network devices to detect faults on the network. It functions between the following devices:
l l l
CE and CE PE and PE CE and PE
As shown in Figure 7-10, EFM OAM or Ethernet CFM runs between CE1 and PE1, and between CE2 and PE2; Ethernet CFM runs between PE1 and PE2. Configure the association between Ethernet OAMs. When a fault occurs on the link between CE1 and PE1, Ethernet CFM sends alarms of the fault to CE2. Figure 7-10 Diagram of associating Ethernet OAM with Ethernet OAM
CE1
PE1
PE2
CE2
Issue 03 (2010-03-31)
7-53
Before associating Ethernet OAM with Ethernet OAM, complete the following tasks:
l l
Configuring EFM OAM Configuring Ethernet CFM
Data Preparation
To associate Ethernet OAM with Ethernet OAM, you need the following data. No. 1 2 Data Number of the interfaces to be associated Name of an MD and an MA
7.11.2 Associating Ethernet OAM with Ethernet OAM

Context
Do as follows on the CEs:
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Run the following command as required.
l
Run:
oam-bind cfm md md-name ma ma-name efm interface interface-type interface-number
The bidirectional transmission of fault messages between EFM OAM and Ethernet CFM is configured.
l
Run:
oam-bind ingress efm interface interface-type interface-number egress cfm md mdname ma ma-name
EFM OAM is configured to send fault messages to Ethernet CFM.

l
Run:
oam-bind ingress cfm md md-name ma ma-name egress efm interface interface-type interface-number
Ethernet CFM is configured to send fault messages to EFM OAM.

l
Run:
oam-bind ingress cfm md md-name1 ma ma-name1 egress cfm md md-name2 ma ma-name2
Ethernet CFM at one side is configured to send fault messages to Ethernet CFM at the other side.

l
Run:
oam-bind cfm md md-name1 ma ma-name1 cfm md md-name2 ma ma-name2
The bidirectional transmission of fault messages between Ethernet CFMs at both sides is configured.
NOTE
After Ethernet OAM is associated with other functional modules, note the following:
l l
If EFM OAM is disabled on an interface, the association between EFM OAM and other functional modules is deleted. If an MA or MD is deleted, the association between Ethernet CFM and other functional modules is deleted.
----End

Prerequisite
After the preceding configuration, when Ethernet OAM running between CE1 and PE1detects faults, Ethernet CFM notifies Ethernet OAM running between CE2 and PE2 of the fault.
7.12 Associating Ethernet CFM with VPLS

7.12.1 Establishing the Configuration Task 7.12.2 Configuring Ethernet CFM Based on the VPLS Between the PEs 7.12.3 Configuring Ethernet CFM Between the CE and Local PE 7.12.4 Configuring Ethernet CFM Between the CE and Peer PE 7.12.5 Checking the Configuration

As shown in Figure 7-11, VPLS runs between PE1 and PE2; CEs, CEs and PEs, and PEs belong to different MAs. CFM OAM runs between CEs and between CEs and PEs. CCMs are exchanged to detect the connectivity. MAC ping is performed to detect the reachability of the destination. MAC trace is performed to locate the fault. VPLS OAM runs between the PEs to detect the connectivity of the VPLS network. Figure 7-11 Figure 6-11 Networking diagram of associating Ethernet CFM with VPLS
CE1
802.1ag
PE1
PE2
VPLS
802.1ag
CE2
Issue 03 (2010-03-31)
7-55
Before associating Ethernet CFM with VPLS, complete the following tasks:
l l
Configuring the Martini VPLS Configuring basic Ethernet functions
Data Preparation
To associate Ethernet CFM with VPLS, you need the following data. No. 1 2 3 4 5 Data Name and ID of the VSI IP address of the peer and tunnel policy used for setting up the peer Interfaces bound to a VSI Types of detection packets Name of an MD and MA
7.12.2 Configuring Ethernet CFM Based on the VPLS Between the PEs
Context
NOTE
l l
If 802.1ag MAC trace needs to be implemented to locate the connectivity fault between the PEs, you cannot specify the outbound interface for sending trace packets. The current MA must be associated with a VSI and the type of the MEP must be inward-facing.
Do as follows on the PEs:
Procedure
Step 1 Run:
system-view

cfm md md-name[ level level ]
An MD is created and the MD view is displayed. Step 3 Run:

ma ma-name
7-56
Issue 03 (2010-03-31)
An MA is created and the MA view is displayed. Step 4 Run:

map vsi vsi-name
The MA is associated with a VSI. Step 5 Run:

mep mep-id mep-id interface { interface-type interface-number | interface-type interface-number. subnumber } inward
An inward-facing MEP is created. Step 6 Run:

remote-mep mep-id mep-id[ mac mac-address ]
An RMEP in the MA is created. Step 7 Run:

The MEPs are enabled to send CCMs. Step 8 Run:

The local MEP is enabled to receive CCMs from the RMEP within the same MA. ----End
7.12.3 Configuring Ethernet CFM Between the CE and Local PE

Procedure
l Do as follows on the PEs:
NOTE
The MA configured on the PE must be associated with a VSI and the type of the MEP must be outward-facing.
1.
Run:
system-view

cfm md md-name [ level level ]
An MD is created and the MD view is displayed. 3. Run:

ma ma-name
An MA is created and the MA view is displayed. 4. Run:

map vsi vsi-name
The MA is associated with a VSI. 5. Run:

mep mep-id mep-id interface { interface-type interface-number | interfacetype interface-number. subnumber } outward
Issue 03 (2010-03-31)
7-57
An outward-facing MEP is created. 6. Run:

remote-mep mep-id mep-id[ mac mac-address ]
An RMEP in the MA is created. 7. Run:

The MEPs are enabled to send CCMs on a MEP. 8. Run:

The local MEP is enabled to receive CCMs from the RMEP in a same MA. l Do as follows on the CEs:
NOTE
The MA configured on the CE must be associated with a VLAN and the type of the MEP must be outward-facing.
1.
Run:
system-view

cfm md md-name [ level level ]
An MD is created and the MD view is displayed. 3. Run:

ma ma-name
An MA is created and the MA view is displayed. 4. Run:

map vlan vlan-id
The MA is associated with a VLAN. 5. Run:

mep mep-id mep-id interface { interface-type interface-number | interfacetype interface-number. subnumber } outward
An outward-facing MEP is created. 6. Run:

remote-mep mep-id mep-id [ mac mac-address ]
An RMEP in the MA is created. 7. Run:

The MEPs are enabled to send CCMs on a MEP. 8. Run:

The local MEP is enabled to receive CCMs from the RMEP in a same MA. ----End
7.12.4 Configuring Ethernet CFM Between the CE and Peer PE

Context
The configuration is similar to that in7.12.3 Configuring Ethernet CFM Between the CE and Local PE.
NOTE
l l l
The MA configured on the PE must be associated with a VSI and the type of the MEP must be inwardfacing. The MA configured on the CE must be associated with a VLAN and the type of the MEP must be outward-facing. The rule for creating the MIP needs to be configured on transit nodes.

Prerequisite
After the preceding configuration, run the display cfm mep command and the display cfm remote-mep command on CE1, PE1, PE2, and CE2. You can view that the configuration of Ethernet CFM succeeds. Ethernet CFM can fast detect faults between the PEs and between the CEs and PEs, and can notify the NMS of the faults.
7.13 Associating Ethernet OAM with MPLS OAM or BFD

This section describes how to associate Ethernet OAM with MPLS OAM or BFD. 7.13.1 Establishing the Configuration Task 7.13.2 Configuring Ethernet OAM Functions 7.13.3 Associating Ethernet OAM with MPLS OAM or BFD 7.13.4 Checking the Configuration

As shown in Figure 7-12, CEs access PEs in dual-homing mode. PEs communicate through the MPLS network. To implement the end-to-end link detection, you can configure MPLS OAM or BFD on the MPLS Label Switch Path (LSP) or Virtual Leased Line (VLL) between PEs. Ethernet OAM runs between CEs and PEs. When detecting faults, MPLS OAM or BFD at the core side notifies Ethernet OAM of the faults through PEs and the traffic is switched to the backup path between CEs.
Issue 03 (2010-03-31)
7-59
Figure 7-12 Diagram of associating Ethernet OAM with MPLS OAM or BFD
PE1
PE2
802.3ah CE1 PE3
MPLS OAM / BFD MPLS Core
802.3ah CE2 PE4
Before associating Ethernet OAM with MPLS OAM or BFD, complete the following tasks:
l l l
Configuring VLL Fast Reroute (FRR) in Martini mode Configuring the BFD session Configuring MPLS OAM
Data Preparation
To associate Ethernet OAM with MPLS OAM or BFD, you need the following data. No. 1 2 3 4 5 6 7 Data Numbers of the interfaces to be associated Name of an MD and an MA IP addresses of interfaces on each equipment, names of tunnel interfaces, and tunnel IDs Types of detect packets sent Ingresses and Egresses of the detected LSP and the backward tunnel BFD names Parameters of BFD sessions
7.13.2 Configuring Ethernet OAM Functions

Context
Configure Ethernet OAM to run between CEs and PEs. For details, see "Configuring EFM OAM" and "Configuring Ethernet CFM."
7.13.3 Associating Ethernet OAM with MPLS OAM or BFD

Context
Do as follows on the PEs:
Procedure
Step 1 Run:
system-view

oam-mgr
The OAM management view is displayed. Step 3 Run the following command as required.
l
Run:
oam-bind ingress cfm md md-name ma ma-name egress bfd-session bfd-session-id
Ethernet CFM is configured to send fault messages to BFD.

l
Run:
oam-bind ingress bfd-session bfd-session-id egress cfm md md-name ma ma-name
BFD is configured to send fault messages to Ethernet CFM.

l
Run:
oam-bind cfm md md-name ma ma-name bfd-session bfd-session-id
The bidirectional transmission of fault messages between Ethernet CFM and BFD is configured.
l
Run:
oam-bind ingress efm interface interface-type interface-number egress bfdsession bfd-session-id
EFM OAM is configured to send fault messages to BFD.

l
Run:
oam-bind ingress bfd-session bfd-session-id egress efm interface interface-type interface-number
BFD is configured to send fault messages to EFM OAM.

l
Run:
oam-bind efm interface interface-type interface-number bfd-session bfd-sessionid
The bidirectional transmission of fault messages between EFM OAM and BFD is configured.
l
Run:
oam-bind efm interface md-name ma ma-name egress mpls oam tunnel tunnel-number
Ethernet CFM is configured to send fault messages to MPLS OAM.

l
Run:
oam-bind ingress mpls oam { lsp-name lsp-name | lsr-id lsr-id tunnel-id tunnelid } egress cfm md md-name ma ma-name
MPLS OAM is configured to send fault messages to Ethernet CFM.


l
Run:
oam-bind ingress efm interface interface-type interface-number egress mpls oam tunnel tunnel-number
EFM OAM is configured to send fault messages to MPLS OAM.

l
Run:
oam-bind ingress mpls oam { lsp-name lsp-name | lsr-id ingress-lsr-id tunnel-id tunnel-id } egress efm interface interface-type interface-number
MPLS OAM is configured to send fault messages to EFM OAM. ----End

Prerequisite
After the preceding configuration, when MPLS OAM or BFD enabled between PE1 and PE2 detects faults, EFM OAM and CFM notify CE1 of the faults and then traffic is switched to the bypass tunnel for CE1.
7.14 Configuring Ethernet CFM and 1+1 Protection of Multicast VLANs

This section describes how to configure Ethernet CFM and 1+1 Protection of Multicast VLANs.
Context
For details, refer to the chapter "Layer 2 Multicast Configuration" in the the HUAWEI NetEngine80E/40E Router Configuration Guide - Device Management IP Multicast.
7.15 Maintaining Ethernet OAM

This section describes how to clear statistics of error CCMs, and how to monitor the running status of Ethernet OAM. 7.15.1 Clearing the Statistics on Error CCMs 7.15.2 Monitoring the Running Status of Ethernet OAM
7.15.1 Clearing the Statistics on Error CCMs

Context
CAUTION
Statistics on Error CCMs cannot be restored after you clear it. So, confirm the action before you use the command.
7-62
Issue 03 (2010-03-31)
Procedure
Step 1 Run the reset reset cfm error-packet receive statistics [ md md-name [ ma ma-name [ remotemep mep-id mep-id ] ] ] command in the user view to clear statistics of error CCMs. ----End
7.15.2 Monitoring the Running Status of Ethernet OAM

Context
In routine maintenance, you can select to run the following commands in any view To check the running status of Ethernet OAM.
Procedure
l l Run the display oam global configuration command in any view to check the global configurations of Ethernet OAM on the device. Run the display cfm error-packet statistics [ md md-name [ ma ma-name [ remote-mep mep-id mep-id ] ] ] command in any view to check statistics of error CCMs received on the device. Run the display cfm mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command in any view to check information about a MEP. Run the display cfm mip [ interface interface-type interface-number | level level ] command in any view to check information about a MIP. Run the display cfm remote-mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command in any view to check information about an RMEP. Run the display efm session { all | interface interface-type interface-number } command in any view to check information about the EFM OAM session between the specified interface and the peer.
l l l l
----End

This section provides several configuration examples of Ethernet OAM. 7.16.1 Example for Configuring EFM OAM 7.16.2 Example for Testing the Packet Loss Ratio on the Link 7.16.3 Example for Configuring Ethernet CFM 7.16.4 Example for Configuring the Default MD for Ethernet CFM 7.16.5 Example for Associating Ethernet CFM with an Interface 7.16.6 Example for Associating EFM OAM with Ethernet CFM 7.16.7 Example for Configuring VPLS Ethernet CFM 7.16.8 Example for Associating EFM OAM with MPLS OAM 7.16.9 Example for Configuring EFM OAM Extension for VRRP
7.16.10 Exmaple for Configuring EFM OAM Extension for Static Routes
7.16.1 Example for Configuring EFM OAM

As shown in Figure 7-13, a user network is connected to an ISP network through Router A and Router B. Router A acts as the CE device. Router B acts as the Underlayer Provider Edge (UPE) device. It is required that the following be achieved:
l
Automatic connectivity detection can be performed on the link between Router A and Router B. After detecting connectivity faults, Router A and RouterB generate alarms. Router B monitors the errored frames, errored codes, and errored frame seconds on GE 2/0/1. When the number of errored frames, errored codes, and errored frame seconds exceed the corresponding threshold, Router B generates alarms.
Figure 7-13 Diagram of configuring EFM OAM
RouterA User network GE1/0/1
RouterB
ISP network
GE2/0/1
The configuration roadmap is as follows: 1. 2. 3. 4. Enable EFM OAM on Router A and Router B globally. Configure EFM OAM on GE 1/0/1 on Router A to work in passive mode. Configure GE 2/0/1 on Router B to detect the errored frames, errored codes, and errored frame seconds. Enable EFM OAM on GE 2/0/1 on Router B. Enable EFM OAM on GE 1/0/1 on Router A.
Data Preparation
l
The period for detecting errored frames on GE 2/0/1 on Router B is five seconds and the threshold is five. The period for detecting errored codes on GE 2/0/1 on Router B is five seconds and the threshold is five. The period for detecting errored frame seconds on GE 2/0/1 on Router B is 120 seconds and the threshold is five.
7-64
Procedure
Step 1 Enable EFM OAM globally. # Enable EFM OAM globally on Router A.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] efm enable
# Enable EFM OAM globally on Router B.

<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] efm enable
Step 2 Configure EFM OAM on GE 1/0/1 on Router A to work in passive mode.

[RouterA] interface gigabitethernet 1/0/1 [RouterA-GigabitEthernet1/0/1] efm mode passive
Step 3 Configure GE 2/0/1 on Router B to detect the errored frames, errored codes, and errored frame seconds. # Configure GE 2/0/1 on Router B to detect the errored frames.
[RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] efm error-frame period 5 [RouterB-GigabitEthernet2/0/1] efm error-frame threshold 5 [RouterB-GigabitEthernet2/0/1] efm error-frame notification enable
# Configure GE 2/0/1 on Router B to detect the errored codes.

[RouterB-GigabitEthernet2/0/1] efm error-code period 5 [RouterB-GigabitEthernet2/0/1] efm error-code threshold 5 [RouterB-GigabitEthernet2/0/1] efm error-code notification enable
# Configure GE 2/0/1 on Router B to detect the errored frame seconds.

[RouterB-GigabitEthernet2/0/1] efm error-frame-second period 120 [RouterB-GigabitEthernet2/0/1] efm error-frame-second threshold 5 [RouterB-GigabitEthernet2/0/1] efm error-frame-second notification enable
Step 4 Enable EFM OAM on GE 2/0/1 on Router B. Enable EFM OAM on GE 1/0/1 on Router A. # Enable EFM OAM on GE 1/0/1 on Router A.
[RouterA-GigabitEthernet1/0/1] efm enable [RouterA-GigabitEthernet1/0/1] quit
# Enable EFM OAM on GE 2/0/1 on Router B.

[RouterB-GigabitEthernet2/0/1] efm enable [RouterB-GigabitEthernet2/0/1] quit
Step 5 Verify the configuration. # Run the display efm session command. If the EFM OAM state on the interface is Detect, it means that the configuration succeeds. EFM OAM is correctly configured on Router A and Router B, and GE 2/0/1 and GE 1/0/1 succeed in negotiation and enter the Detect state. For example, the EFM OAM state on GE 2/0/1 on RouterB is displayed as follows:
[RouterB] display efm session interface gigabitethernet 2/0/1 Interface EFM State Loopback Timeout -------------------------------------------------------------------GigabitEthernet2/0/1 detect --
Issue 03 (2010-03-31)
7-65
# Run the display efm command. If the EFM OAM configuration information on GE 2/0/1 on Router B is displayed, it means that the configuration succeeds. The displayed information is as follows:
[RouterB] display efm interface gigabitethernet 2/0/1 Item Value ------------------------------------Interface: GigabitEthernet2/0/1 EFM Enable Flag: enable Mode: active OAMPDU MaxSize: 128 ErrCodeNotification: enable ErrCodePeriod: 5 ErrCodeThreshold: 5 ErrFrameNotification: enable ErrFramePeriod: 5 ErrFrameThreshold: 5 ErrFrameSecondNotification: enable ErrFrameSecondPeriod: 120 ErrFrameSecondThreshold: 5 TriggerIfDown: disable Remote MAC: 0010-0010-0010 Remote EFM Enable Flag: enable Remote Mode: passive Remote MaxSize: 128
----End
Configuration Files
l

# sysname RouterA # efm enable # interface GigabitEthernet1/0/1 efm mode passive efm enable # return

# sysname RouterB # efm enable # interface GigabitEthernet2/0/1 efm enable efm error-frame period 5 efm error-frame threshold 5 efm error-frame notification enable efm error-frame-second period 120 efm error-frame-second threshold 5 efm error-frame-second notification enable efm error-code period 5 efm error-code threshold 5 efm error-code notification enable # return
7-66
Issue 03 (2010-03-31)
7.16.2 Example for Testing the Packet Loss Ratio on the Link
As shown in Figure 7-14, a user network is connected to an ISP network through Router A and Router B. Router A acts as the CE device. Router B acts as the UPE device. The link between Router A and Router B is newly established. The ISP needs to test the packet loss ratio on the link on Router B before using the link. Figure 7-14 Diagram of testing the packet loss ratio on the link
RouterA User network GE1/0/1
RouterB
ISP network
GE2/0/1
The configuration roadmap is as follows: 1. 2. 3. 4. Enable EFM OAM on Router A and Router B. Configure EFM OAM on GE 1/0/1 on Router A to work in passive mode. Enable EFM OAM remote loopback on Router B. Send test packets from RouterB to Router A. Check the returning of test packets on Router B.
Data Preparation
l l
Timeout period for remote loopback Size, number, and sending rate of test packets
Procedure
Step 1 Configure EFM OAM. # Enable EFM OAM globally on Router B.
<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] efm enable
# Enable EFM OAM globally on Router A.

<HUAWEI> system-view [HUAWEI] sysname RouterA
Issue 03 (2010-03-31)
7-67

[RouterA] efm enable
# Configure EFM OAM on GE 1/0/1 on Router A to work in passive mode.

[RouterA] interface gigabitethernet 1/0/1 [RouterA-GigabitEthernet1/0/1] efm mode passive
# Enable EFM OAM on GE 1/0/1 on Router A.

[RouterA-GigabitEthernet1/0/1] efm enable [RouterA-GigabitEthernet1/0/1] quit
# Enable EFM OAM on GE 2/0/1 on Router B.

[RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] efm enable [RouterB-GigabitEthernet2/0/1] quit
# Verify the configuration. Run the display efm session command. If the EFM OAM protocol on the interface is in the Detect state, it means that the configuration succeeds. EFM OAM is correctly configured on Router A and Router B, and GE 2/0/1 and GE 1/0/1 succeed in negotiation and enter the Detect state. For example, the EFM OAM state on GE 2/0/1 on Router B is displayed as follows:
[RouterB] display efm session interface gigabitethernet 2/0/1 Interface EFM State Loopback Timeout -------------------------------------------------------------------GigabitEthernet2/0/1 detect --
Step 2 Configure EFM OAM remote loopback. # Enable remote loopback on Router B.
[RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] efm loopback start [RouterB-GigabitEthernet2/0/1] quit
# Verify the configuration. Run the display efm session command on Router B. If the EFM OAM protocol on GE 2/0/1 is in the loopback (control) state, that is, GE 2/0/1 initiates remote loopback, it means that the configuration succeeds. The displayed information is as follows:
[RouterB] display efm session interface gigabitethernet2/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet2/0/1 Loopback(control) 20
Run the display efm session command on Router A. If the EFM OAM protocol on GE 1/0/1 is in the loopback (be controlled) state, that is, GE 1/0/1 responds to remote loopback, it means that the configuration succeeds. The displayed information is as follows:
[RouterA] display efm session interface gigabitethernet1/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet1/0/1 Loopback(be controlled) --
Step 3 Send test packets from Router B to Router A.

[RouterB] test-packet start interface gigabitethernet 2/0/1 please waiting.. Info: The test is complete.
Step 4 Check the receiving of test packets on Router B.

[RouterB] display test-packet result TestResult Value --------------------------------------------------------
7-68
Issue 03 (2010-03-31)

PacketsSend : PacketsReRouterAive : PacketsLost : BytesSend : BytesReRouterAive : BytesLost : StartTime : EndTime : 5 5 0 320 320 0 07-06-2007 09:41:41 07-06-2007 09:41:41
You can obtain the packet loss ratio on the link based on the preceding data. Step 5 Disable EFM OAM remote loopback. # Disable EFM OAM remote loopback on Router B.
[RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] efm loopback stop [RouterB-GigabitEthernet2/0/1] quit
NOTE
By default, the timeout period for remote loopback is 20 minutes. After 20 minutes, remote loopback stops. To disable remote loopback, you can perform the preceding steps.
# Verify the configuration. Run the display efm session command after remote loopback is automatically or manually disabled, you can view that the status of the EFM OAM protocol on the interface is no longer loopback (control) or loopback (be controlled). For example, the EFM OAM status on GE 2/0/1 on RouterB is displayed as follows:
[RouterB] display efm session interface gigabitethernet2/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet2/0/1 Detect --
----End
Configuration Files
l

# sysname RouterA # efm enable # interface GigabitEthernet1/0/1 efm mode passive efm enable # return

# sysname RouterB # efm enable # interface GigabitEthernet2/0/1 efm enable # return
Issue 03 (2010-03-31)
7-69
7.16.3 Example for Configuring Ethernet CFM

The Ethernet shown in Figure 7-15 is managed by two ISPs. ISP 1 manages Router A, Router B, and Router D. ISP 2 manages Router C, Router E, Router F, Router G, Router H, and Router I. It is required that connectivity detection be implemented on the network. Figure 7-15 Diagram of configuring Ethernet CFM
VLAN2
VLAN2
GE1/0/1 RouterA GE1/0/0 GE1/0/1 RouterI GE1/0/2 GE1/0/1 MD2 RouterE GE1/0/0 RouterB RouterF GE1/0/1 GE1/0/2
GE1/0/0
GE1/0/0 RouterD RouterH
RouterC RouterG GE1/0/0
MD1
GE1/0/2
GE1/0/1
VLAN2
VLAN3 MD1 MEP of MA1 MEP of MA2
VLAN3
MD2 MEP of MA3
The configuration roadmap is as follows: 1. 2. 3. Create VLANs and add interfaces to the corresponding VLAN. Create MD 1 at level 6 on all the routers. Create MA 1 within MD 1 on all the routers except Router G. Associate MA 1 with VLAN 2.
7-70
4. 5. 6. 7. 8. 9.
Create MA 2 within MD 1 on all the routers except Router E and Router I. Associate MA 2 with VLAN 3. Create MD 2 at level 4 on Router A, Router B, Router C, and Router D. Create MA 3 within MD 2. Associate MA 3 with VLAN 4. Create MEPs and RMEPs on Router I, Router H, and Router E in MA 1 within MD 1. Create MEPs and RMEPs on Router H and Router G in MA 2 within MD 1. Create MEPs and RMEPs on Router A, Router C, and Router D in MA 3 within MD 2. Enable the sending and receiving of CCMs.
Data Preparation
l l
MD 1 at level 6 MD 2 at level 4
Procedure
Step 1 Create VLANs and add interfaces to the corresponding VLAN. The detailed configuration is not mentioned here. Step 2 Create MD 1. # Create MD 1 on Router A.
<RouterA> system-view [RouterA] cfm enable [RouterA] cfm md md1 level 6
# Create MD 1 on Router B, Router C, Router D, Router E, Router F, Router G, Router H, and Router I. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. Step 3 Create and configure MA 1 within MD 1 on all the device except Router G. # Create and configure MA 1 on Router A within MD 1.
[RouterA-md-md1] ma ma1 [RouterA-md-md1-ma-ma1] map vlan 2 [RouterA-md-md1-ma-ma1] quit
# Create and configure MA 1 on Router B, Router C, Router D, Router E, Router F, Router H, and Router I within MD 1. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. Step 4 Create and configure MA 2 within MD 1 on all the device except Router E and Router I. # Create and configure MA 2 on Router A within MD 1.
[RouterA-md-md1] ma ma2 [RouterA-md-md1-ma-ma2] map vlan 3 [RouterA-md-md1-ma-ma2] quit [RouterA-md-md1] quit
Issue 03 (2010-03-31)
7-71
# Create and configure MA 2 on Router B, Router C, Router D, Router F, Router G, and Router H within MD 1. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. Step 5 Create MD 2 on Router A, Router B, Router C, and Router D. Create and configure MA 3 within MD 2. # Create MD 2 on Router A. Create and configure MA 3 within MD 2.
[RouterA] cfm md md2 level 4 [RouterA-md-md2] ma ma3 [RouterA-md-md2-ma-ma3] map vlan 4 [RouterA-md-md2-ma-ma3] quit [RouterA-md-md2] quit
# Create MD 2 on Router B, Router C, and RouterD. Create and configure MA 3 within MD 2. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. Step 6 Configure MEPs and RMEPs on Router E, Router H, and Router I in MA 1 within MD 1. # Configure a MEP on Router E in MA 1 within MD 1.
[RouterE] cfm md md1 [RouterE-md-md1] ma ma1 [RouterE-md-md1-ma-ma1] mep mep-id 3 interface gigabitethernet 1/0/1 inward
# Configure a MEP on RouterH in MA 1 within MD 1.

[RouterH] cfm md md1 [RouterH-md-md1] ma ma1 [RouterH-md-md1-ma-ma1] mep mep-id 2 interface gigabitethernet 1/0/2 inward
# Configure a MEP on RouterI in MA 1 within MD 1.

[RouterI] cfm md md1 [RouterI-md-md1] ma ma1 [RouterI-md-md1-ma-ma1] mep mep-id 1 interface gigabitethernet 1/0/1 inward
# Configure an RMEP on RouterE in MA 1 within MD 1.

[RouterE-md-md1-ma-ma1] remote-mep mep-id 1 [RouterE-md-md1-ma-ma1] remote-mep mep-id 2
# Configure an RMEP on RouterH in MA 1 within MD 1.

[RouterH-md-md1-ma-ma1] remote-mep mep-id 1 [RouterH-md-md1-ma-ma1] remote-mep mep-id 3
# Configure an RMEP on RouterI in MA 1 within MD 1.

[RouterI-md-md1-ma-ma1] remote-mep mep-id 2 [RouterI-md-md1-ma-ma1] remote-mep mep-id 3
Step 7 Configure MEPs and RMEPs on Router H and Router G in MA 2 within MD 1. # Configure a MEP on Router H in MA 2 within MD 1.
[RouterH] cfm md md1 [RouterH-md-md1] ma ma2 [RouterH-md-md1-ma-ma2] mep mep-id 1 interface gigabitethernet 1/0/1 inward
# Configure a MEP on Router G in MA 2 within MD 1.

[RouterG] cfm md md1
7-72
Issue 03 (2010-03-31)
[RouterG-md-md1] ma ma2 [RouterG-md-md1-ma-ma2] mep mep-id 2 interface gigabitethernet 1/0/0 inward
# Configure an RMEP on Router H in MA 2 within MD 1.

[RouterH-md-md1-ma-ma2] remote-mep mep-id 2
# Configure an RMEP on Router G in MA 2 within MD 1.

[RouterG-md-md1-ma-ma2] remote-mep mep-id 1
Step 8 Configure MEPs and RMEPs on Router A, Router C, and Router D in MA 3 within MD 2. # Configure a MEP on Router A in MA 3 within MD 2.
[RouterA] cfm md md2 [RouterA-md-md2] ma ma3 [RouterA-md-md2-ma-ma3] mep mep-id 1 interface gigabitethernet 1/0/0 inward
# Configure a MEP on Router C in MA 3 within MD 2.

[RouterC] cfm md md2 [RouterC-md-md2] ma ma3 [RouterC-md-md2-ma-ma3] mep mep-id 2 interface gigabitethernet 1/0/1 outward
# Configure a MEP on Router D in MA 3 within MD 2.

[RouterD] cfm md md2 [RouterD-md-md2] ma ma3 [RouterD-md-md2-ma-ma3] mep mep-id 3 interface gigabitethernet 1/0/0 inward
# Configure an RMEP on Router A in MA 3 within MD 2.

[RouterA-md-md2-ma-ma3] remote-mep mep-id 2 [RouterA-md-md2-ma-ma3] remote-mep mep-id 3
# Configure an RMEP on Router C in MA 3 within MD 2.

[RouterC-md-md2-ma-ma3] remote-mep mep-id 1 [RouterC-md-md2-ma-ma3] remote-mep mep-id 3
# Configure an RMEP on Router D in MA 3 within MD 2.

[RouterD-md-md2-ma-ma3] remote-mep mep-id 1 [RouterD-md-md2-ma-ma3] remote-mep mep-id 2
Step 9 Enable the sending and receiving of CCMs. # Enable the sending of CCMs on the MEP on Router A.
[RouterA-md-md2-ma-ma3] mep ccm-send enable
# Enable the receiving of CCMs from the RMEP on Router A.

[RouterA-md-md2-ma-ma3] remote-mep ccm-receive enable
# Enable the sending of CCMs on MEPs and the receiving of CCMs from RMEPs on Router B, Router C, Router D, Router E, Router F, Router G, Router H, and Router I. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. ----End
Configuration Files
l

#
Issue 03 (2010-03-31)
7-73
sysname RouterA # vlan batch 2 to 4 # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 to 4 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 to 4 # interface GigabitEthernet1/0/2 portswitch port trunk allow-pass vlan 2 to 4 # cfm md md1 level 6 ma ma1 map vlan 2 ma ma2 map vlan 3 # cfm md md2 level 4 ma ma3 map vlan 4 mep mep-id 1 interface gigabitethernet 1/0/0 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # return l

# sysname RouterB # vlan batch 2 to 4 # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 to 4 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 to 4 # cfm md md1 level 6 ma ma1 map vlan 2 ma ma2 map vlan 3 # cfm md md2 level 4 ma ma3 map vlan 4 # return

# sysname RouterC # vlan batch 2 to 4 #
7-74
Issue 03 (2010-03-31)
cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 to 4 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 to 4 # cfm md md1 level 6 ma ma1 map vlan 2 ma ma2 map vlan 3 # cfm md md2 level 4 ma ma3 map vlan 4 mep mep-id 2 interface gigabitethernet 1/0/0 outward mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # return l
Configuration file of Router D

# sysname RouterD # vlan batch 2 to 4 # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 to 4 # interface GigabitEthernet1/0/2 portswitch port trunk allow-pass vlan 2 to 4 # cfm md md1 level 6 ma ma1 map vlan 2 ma ma2 map vlan 3 # cfm md md2 level 4 ma ma3 map vlan 4 mep mep-id 3 interface gigabitethernet 1/0/0 inward mep ccm-send mep-id 3 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # return
Configuration file of Router E

# sysname RouterE # vlan batch 2 # cfm enable #
Issue 03 (2010-03-31)
7-75
interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 # cfm md md1 level 6 ma ma1 map vlan 2 mep mep-id 3 interface gigabitethernet 1/0/1 inward mep ccm-send mep-id 3 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # return l
Configuration file of Router F

# sysname RouterF # vlan batch 2 to 3 # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 to 3 # interface GigabitEthernet1/0/2 portswitch port trunk allow-pass vlan 3 # cfm md md1 level 6 ma ma1 map vlan 2 ma ma2 map vlan 3 # return
Configuration file of Router G

# sysname RouterG # vlan batch 3 # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 3 # interface GigabitEthernet1/0/2 portswitch port trunk allow-pass vlan 3 # cfm md md1 level 6 ma ma2 map vlan 3 mep mep-id 2 interface gigabitethernet 1/0/0 inward mep ccm-send mep-id 2 enable remote-mep mep-id 1
7-76
Issue 03 (2010-03-31)

remote-mep ccm-receive mep-id 1 enable # return l
Configuration file of Router H

# sysname RouterH # vlan batch 2 to 3 # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 to 3 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 3 # interface GigabitEthernet1/0/2 portswitch port trunk allow-pass vlan 2 # cfm md md1 level 6 ma ma1 map vlan 2 mep mep-id 2 interface gigabitethernet 1/0/2 inward mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable ma ma2 map vlan 3 mep mep-id 1 interface gigabitethernet 1/0/1 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # return
Configuration file of Router I

# sysname RouterI # vlan batch 2 # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 # cfm md md1 level 6 ma ma1 map vlan 2 mep mep-id 1 interface gigabitethernet 1/0/1 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # return
Issue 03 (2010-03-31)
7-77
7.16.4 Example for Configuring the Default MD for Ethernet CFM

As shown in Figure 7-16, Router B and Router C are managed by ISP1, and Router A, Router D, Router E, and Router F are managed by ISP2. To enable the CFM function, you can configure the default MD on the device configured with an MD of a low level. Figure 7-16 Networking diagram of configuring the default MD for Ethernet CFM
VLAN3 RouterC RouterB VLAN2 GE1/0/3 GE1/0/1 GE1/0/2 RouterA

/0/1 GE1
RouterE
1/ 0/ 1
GE1/0/2
GE
E1 /0 /2
RouterF
RouterD GE1/0/3
GE1/0/1
VLAN3 MEP of MA1 MEP of MA2 MIP
VLAN2
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Switch IEEE 802.1ag Draft 7 to IEEE Standard 802.1ag-2007. Create a VLAN and add related interfaces to the VLAN. Create MD1 at Level 6 on all the devices except for Router B and Router C. Create MD2 at Level 4 on Router B and Router C. Create the default MD at Level 6 on Router B and Router C, associate the default MD with VLAN 2 and VLAN 3, and set the MIP generation rule to default. Create and configure MA1 within MD1 on all the devices except for Router B and Router C. (MA1 is associated with VLAN 2.) Create and configure MA2 within MD1 on all the devices except for Router B and Router C.. (MA2 is associated with VLAN 3.)
6. 7.
Create and configure MEPs and RMEPs on MA1 in MD1 of Router A and Router F. Create and configure MEPs and RMEPs in MA2 within MD1 of Router A and Router E. Enable the CCM transmission function.
Data Preparation
l l l l
Range of VLAN IDs to which interfaces belong MD1 at Level 6 MD2 at Level 4 Default MD at Level 6
Procedure
Step 1 Switch the IEEE 802.1ag version.
NOTE
By default, IEEE 802.1ag Draft 7 is enabled on the device.
# Switch IEEE 802.1ag Draft 7 to IEEE Standard 802.1ag-2007 on Router A.

<RouterA> system-view [RouterA] cfm version standard Warning: Warning:CFM will be disabled before the version of CFM is changed, and all information about the MD will be deleted . Continue?[Y/N]:y Info: Succeeded in changing the version of CFM.
# Switch IEEE 802.1ag Draft 7 to IEEE Standard 802.1ag-2007 on Router B, Router C, Router D, Router E, and Router F. The configurations on Router B, Router C, Router D, Router E, and Router F are the same as the configurations on Router A, and are not mentioned here.
NOTE
All the devices on the network must be enabled with either IEEE 802.1ag Draft 7 or IEEE Standard 802.1ag-2007. IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007 cannot be enabled at the same time on a network.
Step 2 Create a VLAN and add related interfaces to the VLAN. The configuration is not mentioned here. Step 3 Create MD1. # Create MD1 on Router A.
<RouterA> system-view [RouterA] cfm enable Info: Enable the CFM successfully! [RouterA] cfm md md1 level 6 [RouterA] quit
# Create MD1 on Router D, Router E, and Router F. The configurations on Router D, Router E, and Router F are the same as the configurations on Router A, and are not mentioned here. Step 4 Create MD2. # Create MD2 on Router B.

<RouterB> system-view [RouterB] cfm enable Info: Enable the CFM successfully! [RouterB] cfm md md2 level 4 [RouterB] quit
# Create MD2 on Router C. The configurations on Router C are the same as the configurations on Router B, and are not mentioned here. Step 5 Create the default MD and associate the default MD with VLAN 2 and VLAN 3 on Router B and Router C. # Create the default MD and associate the default MD to VLAN 2 and VLAN 3 on Router C.
<RouterB> system-view [RouterB] cfm default md level 6 [RouterB-default-md] vlan 2 to 3 [Router B-default-md] quit
Create the default MD and associate the default MD to VLAN 2 and VLAN 3 on Router C. The configurations on Router C are the same as the configurations on Router B, and are not mentioned here. Step 6 Set the MIP generation rule in the default MD on Router B and Router C. # Set the MIP generation rule in the default MD on Router B.
<RouterB> system-view [RouterB] cfm default md [RouterB-default-md] mip create-type default [RouterB-default-md] quit
# Set the MIP generation rule in the default MD on Router C. The configurations on Router C are the same as the configurations on Router B, and are not mentioned here. Step 7 Create and configure MA1 within MD1 on all the devices except for Router B and Router C. # Create MA1 within MD1 on Router A.
[RouterA] cfm md md1 [RouterA-md-md1] ma ma1 [RouterA-md-md1-ma-ma1] map vlan 2 [RouterA-md-md1-ma-ma1] quit
# Create MA1 within MD1 on Router D and Router F. The configurations on Router D and Router F are the same as the configurations on Router A, and are not mentioned here. Step 8 Create and configure MA2 within MD1 on all the devices except for Router B and Router C. # Create MA2 within MD1 on Router A.
[RouterA-md-md1] ma ma2 [RouterA-md-md1-ma-ma2] map vlan 3 [RouterA-md-md1-ma-ma2] quit [RouterA-md-md1] quit
# Create MA2 within MD1 on Router D and Router E.

The configurations on Router D and Router E are the same as the configurations on Router A, and are not mentioned here. Step 9 Create and configure MEPs and RMEPs in MA1 within MD1 on Router A and Router F. # Create and configure a MEP in MA1 within MD1 on Router A.
# Create and configure a MEP in MA1 within MD1 on Router F.

[RouterF] cfm md md1 [RouterF-md-md1] ma ma1 [RouterF-md-md1-ma-ma1] mep mep-id 1 interface gigabitethernet 1/0/1 inward
# Create and configure an RMEP in MA1 within MD1 on Router A.

[RouterA-md-md1-ma-ma1] remote-mep mep-id 1
# Create and configure an RMEP in MA1 within MD1 on RouterF.

[RouterF-md-md1-ma-ma1] remote-mep mep-id 2
Step 10 Create and configure MEPs and RMEPs in MA2 within MD1 on Router A and Router E. # Create and configure a MEP in MA2 within MD1 on Router A.
# Create and configure a MEP in MA2 within MD1 on Router E.

[RouterE] cfm md md1 [RouterE-md-md1] ma ma2 [RouterE-md-md1-ma-ma2] mep mep-id 2 interface gigabitethernet 1/0/2 inward
# Create and configure an RMEP in MA2 within MD1 on Router A.

[RouterA-md-md1-ma-ma2] remote-mep mep-id 2
# Create and configure an RMEP in MA2 within MD1 on Router E.

[RouterE-md-md1-ma-ma2] remote-mep mep-id 1
Step 11 Enable the CCM transmission function. # Enable the function of sending CCMs on all MEPs of Router A.
[RouterA-md-md1-ma-ma2] mep ccm-send enable
# Enable Router A with the function of receiving CCMs from the RMEP.
[RouterA-md-md1-ma-ma2] remote-mep ccm-receive enable
# Enable the function of sending CCMs on all MEPs of Router E and Router F, and enable the function of receiving CCMs from all RMEPs on Router E and Router F. The configurations on Router E and Router F are the same as the configurations on Router A, and are not mentioned here. Step 12 Verify the configuration. After the preceding configurations are successful and the network converges, run the following commands to verify the configuration. Take the display on Router B and Router A as an example:

l
Run the display cfm default md command on Router B. You can view that the default MD at Level 6 is configured and associated with VLAN 2 and VLAN 3. You can also view that the MIP generation rule is set to default.
[RouterB] display cfm default md Level MIP Create-type SenderID TLV-type VLAN List --------------------------------------------------------------------------------------6 default SendIdDefer 2 to 3
Perform the 802.1ag MAC trace operation on Router A. You can view that the 802.1ag MAC trace operation is successful and no connectivity fault occurs between Router A and Router E
<RouterA> system [RouterA] cfm md md1 [RouterA-md-md1] ma ma1 [RouterA--md-md1-ma-ma1] trace mac-8021ag mac aa99-6600-5600 Tracing the route to aa99-6600-5600 over a maximum of 255 hops: Hops Mac Ingress Ingress Action Relay Action Forwarded Egress Egress Action Ismep 1 2155-2201-3302 gigabitethernet1/0/3 IngOK RlyFDB Forwarded gigabitethernet1/0/1 EgrOK 2 5522-1101-5503 gigabitethernet1/0/1 IngOK RlyFDB Forwarded gigabitethernet1/0/2 EgrOk 3 2234-6432-3344 gigabitethernet1/0/2 IngOK RlyFDB Forwarded gigabitethernet1/0/3 EgrOk 4 4323-5332-5522 gigabitethernet1/0/3 IngOK RlyFDB Forwarded gigabitethernet1/0/1 EgrOk 5 aa99-6600-5600 gigabitethernet1/0/1 IngOK RlyHit Not Forwarded Yes Info: Succeed in tracing the destination address aa99-6600-5600.
No No No No
----End
Configuration Files
l

# sysname RouterA # vlan batch 2 to 3 # cfm version standard cfm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 3 # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 2 to 3
7-82
Issue 03 (2010-03-31)
# cfm md md1 level 6 ma ma1 map vlan 2 mep mep-id 2 interface gigabitethernet 1/0/1 inward mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable ma ma2 map vlan 3 mep mep-id 1 interface gigabitethernet 1/0/2 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # return l

# sysname RouterB # vlan batch 2 to 3 # cfm version standard cfm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 2 to 3 # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 2 to 3 # cfm md md2 level 4 # cfm default md level 6 mip create-type defaul vlan 2 to 3 # return

# sysname RouterC # vlan batch 2 to 3 # cfm version standard cfm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 2 to 3 # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 2 to 3 # cfm md md2 level 4 # cfm default md level 6 mip create-type defaul vlan 2 to 3 #
Issue 03 (2010-03-31)
7-83

return l

# sysname RouterD # vlan batch 2 to 3 # cfm version standard cfm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 2 to 3 # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 2 to 3 # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 2 to 3 # cfm md md1 level 6 ma ma1 map vlan 2 ma ma2 map vlan 3 # return
Configuration file of Router E

# sysname RouterE # vlan batch 3 # cfm version standard cfm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 3 # interface GigabitEthernet1/0/2 undo shutdown portswitch port trunk allow-pass vlan 3 # cfm md md1 level 6 ma ma2 map vlan 3 mep mep-id 2 interface gigabitethernet 1/0/2 inward mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable # return
Configuration file of Router F

# sysname RouterF # vlan batch 2 # cfm version standard
7-84
Issue 03 (2010-03-31)
cfm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 2 # cfm md md1 level 6 ma ma1 map vlan 2 mep mep-id 1 interface gigabitethernet 1/0/1 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # return
7.16.5 Example for Associating Ethernet CFM with an Interface

As shown in Figure 7-17, a user network is connected to an ISP network through Router A and Router B. Router A acts as the CE device. Router B acts as the UPE device. It is required that the following be achieved:
l
The bandwidth for the user network to access the ISP network is 2000 Mbit/s and an inactive link that serves as a backup is provided. When the active link between the user network and the ISP network fails, the LACP module on the interface can sense the fault within 50 ms and stop forwarding data on the active link.
Issue 03 (2010-03-31)
7-85
Figure 7-17 Diagram of associating Ethernet CFM with an interface
ISP network RouterB GE1/0/3 GE1/0/2 GE1/0/3
GE1/0/1 GE1/0/2 GE1/0/1 RouterA User network 1
Active link Inactive link Link aggregation group in static LACP mode
The configuration roadmap is as follows: 1. 2. Configure the link aggregation group with three member interfaces on Router A and Router B respectively. The three member interfaces are all GE interfaces. Configure Ethernet CFM on Router A and Router B. To allow the LACP module to sense the connectivity fault within 50 ms, set the interval for sending and detecting CCMs to 10 ms within each MA. Associate Ethernet CFM with all the member interfaces of the aggregation groups in static LACP mode on Router A and Router B.
3.
Data Preparation
l
The number of the aggregation groups in static LACP mode on Router A and Router B is 2. The three member interfaces of the aggregation group in static LACP mode on Router B are GE 1/0/1, GE 1/0/2, and GE 1/0/3. The three member interfaces of the aggregation group in static LACP mode on Router A are GE 1/0/1, GE 1/0/2, and GE 1/0/3.
7-86
Issue 03 (2010-03-31)
Procedure
Step 1 Configure the aggregation group in static LACP mode. The detailed configuration is not mentioned here. For details, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - LAN and MAN Access. Step 2 Configure Ethernet CFM. # Enable Ethernet CFM globally on Router A.
[RouterA] cfm enable
# Create the MD, MA, MEP, and RMEP on Router A.

[RouterA] cfm md md1 [RouterA-md-md1] ma ma1 [RouterA-md-md1-ma-ma1] [RouterA-md-md1-ma-ma1] [RouterA-md-md1-ma-ma1] [RouterA-md-md1-ma-ma1] [RouterA-md-md1-ma-ma1] [RouterA-md-md1-ma-ma1] [RouterA-md-md1] ma ma2 [RouterA-md-md1-ma-ma2] [RouterA-md-md1-ma-ma2] [RouterA-md-md1-ma-ma2] [RouterA-md-md1-ma-ma2] [RouterA-md-md1-ma-ma2] [RouterA-md-md1-ma-ma2] [RouterA-md-md1] ma ma3 [RouterA-md-md1-ma-ma3] [RouterA-md-md1-ma-ma3] [RouterA-md-md1-ma-ma3] [RouterA-md-md1-ma-ma3] [RouterA-md-md1-ma-ma3] [RouterA-md-md1-ma-ma3] [RouterA-md-md1] quit
ccm-interval 10 mep mep-id 2 interface gigabitethernet 1/0/1 outward remote-mep mep-id 1 mep ccm-send enable remote-mep ccm-receive enable quit ccm-interval 10 mep mep-id 4 interface gigabitethernet 1/0/2 outward remote-mep mep-id 3 mep ccm-send enable remote-mep ccm-receive enable quit ccm-interval 10 mep mep-id 6 interface gigabitethernet 1/0/3 outward remote-mep mep-id 5 mep ccm-send enable remote-mep ccm-receive enable quit
# Enable Ethernet CFM globally on Router B.

[RouterB] cfm enable
# Create the MD, MA, MEP, and RMEP on Router B.

[RouterB] cfm md md1 [RouterB-md-md1] ma ma1 [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1] ma ma2 [RouterB-md-md1-ma-ma2] [RouterB-md-md1-ma-ma2] [RouterB-md-md1-ma-ma2] [RouterB-md-md1-ma-ma2] [RouterB-md-md1-ma-ma2] [RouterB-md-md1-ma-ma2] [RouterB-md-md1] ma ma3 [RouterB-md-md1-ma-ma3] [RouterB-md-md1-ma-ma3] [RouterB-md-md1-ma-ma3] [RouterB-md-md1-ma-ma3] [RouterB-md-md1-ma-ma3] [RouterB-md-md1-ma-ma3] [RouterB-md-md1] quit [RouterB] quit
ccm-interval 10 mep mep-id 1 interface gigabitethernet 1/0/1 outward remote-mep mep-id 2 mep ccm-send enable remote-mep ccm-receive enable quit ccm-interval 10 mep mep-id 3 interface gigabitethernet 1/0/2 outward remote-mep mep-id 4 mep ccm-send enable remote-mep ccm-receive enable quit ccm-interval 10 mep mep-id 5 interface gigabitethernet 1/0/3 outward remote-mep mep-id 6 mep ccm-send enable remote-mep ccm-receive enable quit
Issue 03 (2010-03-31)
7-87
# Verify the configuration. Run the display cfm mep command and the display cfm remote-mep command. If information about the MEP and RMEP is displayed, it means that the configuration succeeds. For example, the detailed information on Router B is displayed as follows:
[RouterB] display cfm mep md md1 The total number of MEPs is 3 MD Name : md1 Level : 0 MA Name : ma1 MEP ID : 1 Vlan ID : -VSI Name : -Interface Name : GigabitEthernet1/0/1 CCM Send : enabled Direction : outward MD Name : md1 Level : 0 MA Name : ma2 MEP ID : 3 Vlan ID : -VSI Name : -Interface Name : GigabitEthernet1/0/2 CCM Send : enabled Direction : outward MD Name : md1 Level : 0 MA Name : ma3 MEP ID : 5 Vlan ID : -VSI Name : -Interface Name : GigabitEthernet1/0/3 CCM Send : enabled Direction : outward [RouterB] display cfm remote-mep md md1 The total number of RMEPs is 3 The status of RMEPS : 3 up, 0 down -------------------------------------------------MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 2 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma2 RMEP ID : 4 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma3 RMEP ID : 6 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up
7-88
Issue 03 (2010-03-31)
Step 3 Associate Ethernet CFM with the member interfaces of the aggregation group in static LACP mode. # Associate Ethernet CFM with the member interfaces of Eth-Trunk 2 on Router A.
[RouterA] interface gigabitethernet1/0/1 [RouterA-GigabitEthernet1/0/1] cfm md md1 ma ma1 remote-mep mep-id 1 trigger if-down [RouterA-GigabitEthernet1/0/1] quit [RouterA] interface gigabitethernet1/0/2 [RouterA-GigabitEthernet1/0/2] cfm md md1 ma ma2 remote-mep mep-id 3 trigger if-down [RouterA-GigabitEthernet1/0/2] quit [RouterA] interface gigabitethernet1/0/3 [RouterA-GigabitEthernet1/0/3] cfm md md1 ma ma3 remote-mep mep-id 5 trigger if-down [RouterA-GigabitEthernet1/0/3] quit
# Associate Ethernet CFM with the member interfaces of Eth-Trunk 2 on Router B.

[RouterB] interface gigabitethernet1/0/1 [RouterB-GigabitEthernet1/0/1] cfm md md1 ma ma1 remote-mep mep-id 2 trigger if-down [RouterB-GigabitEthernet1/0/1] quit [RouterB] interface gigabitethernet1/0/2 [RouterB-GigabitEthernet1/0/2] cfm md md1 ma ma2 remote-mep mep-id 4 trigger if-down [RouterB-GigabitEthernet1/0/2] quit [RouterB] interface gigabitethernet1/0/3 [RouterB-GigabitEthernet1/0/3] cfm md md1 ma ma3 remote-mep mep-id 6 trigger if-down [RouterB-GigabitEthernet1/0/3] quit
# Verify the configuration. Run the display cfm remote-mep command. If the item of "Trigger-If-down" is displayed as "enable", it means that the configuration succeeds. For example, the detailed information on Router B is displayed as follows:
[RouterB] display cfm remote-mep md md1 The total number of RMEPs is 3 MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 2 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : enabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma2 RMEP ID : 4 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : enabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma3 RMEP ID : 6 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : enabled CFM Status : up
----End
Configuration Files
l

# sysname RouterA # cfm enable # interface Eth-Trunk2 portswitch mode lacp-static # interface GigabitEthernet1/0/1 eth-trunk 2 cfm md md1 ma ma1 remote-mep mep-id 1 trigger # interface GigabitEthernet1/0/2 eth-trunk 2 cfm md md1 ma ma2 remote-mep mep-id 3 trigger # interface GigabitEthernet1/0/3 eth-trunk 2 cfm md md1 ma ma3 remote-mep mep-id 5 trigger # cfm md md1 ma ma1 ccm-interval 10 mep mep-id 2 interface GigabitEthernet1/0/1 mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable ma ma2 ccm-interval 10 mep mep-id 4 interface GigabitEthernet1/0/2 mep ccm-send mep-id 4 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable ma ma3 ccm-interval 10 mep mep-id 6 interface GigabitEthernet1/0/3 mep ccm-send mep-id 6 enable remote-mep mep-id 5 remote-mep ccm-receive mep-id 5 enable # return
if-down
if-down
if-down
outward
outward
outward

# sysname RouterB # lacp priority 100 # cfm enable # interface Eth-Trunk2 portswitch mode lacp-static max bandwidth-affected-linknumber 2 # interface GigabitEthernet1/0/1 eth-trunk 2 lacp priority 2000 cfm md md1 ma ma1 remote-mep mep-id 2 trigger if-down # interface GigabitEthernet1/0/2 eth-trunk 2 lacp priority 2000 cfm md md1 ma ma2 remote-mep mep-id 4 trigger if-down #
7-90
Issue 03 (2010-03-31)

interface GigabitEthernet1/0/3 eth-trunk 2 cfm md md1 ma ma3 remote-mep mep-id 6 trigger # cfm md md1 ma ma1 ccm-interval 10 mep mep-id 1 interface GigabitEthernet1/0/1 mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable ma ma2 ccm-interval 10 mep mep-id 3 interface GigabitEthernet1/0/2 mep ccm-send mep-id 3 enable remote-mep mep-id 4 remote-mep ccm-receive mep-id 4 enable ma ma3 ccm-interval 10 mep mep-id 5 interface GigabitEthernet1/0/3 mep ccm-send mep-id 5 enable remote-mep mep-id 6 remote-mep ccm-receive mep-id 6 enable # return
if-down
outward
outward
outward
7.16.6 Example for Associating EFM OAM with Ethernet CFM

As shown in Figure 7-18, configure EFM OAM to run between Router A and Router B, and between Router C and Router D; configure Ethernet CFM to run between Router B and Router C. This implements end-to-end link detection. When a fault occurs on the link between Router A and Router B, Ethernet CFM is triggered to send alarms of the fault to Router D.When a fault occurs on the link between Router C and Router D, Ethernet CFM is triggered to send alarms of the fault to Router A. Figure 7-18 Diagram of associating EFM OAM with Ethernet CFM
RouterA RouterB RouterC RouterD GE1/0/0 GE2/0/0 GE1/0/0 GE1/0/0 GE2/0/0 VLAN10 GE2/0/0 GE1/0/0 GE2/0/0 VLAN10
The configuration roadmap is as follows: 1.
Issue 03 (2010-03-31)
Create a VLAN and add interfaces to the VLAN.

2. 3. 4. 5.
Configure EFM OAM to run between Router A and Router B. Configure Ethernet CFM to run between Router B and Router C. Configure EFM OAM to run between RouterC and RouterD. Associate EFM OAM with Ethernet CFM on Router B and Router C.
Procedure
Step 1 Create VLAN 10 and add interfaces to VLAN 10. Step 2 Configure EFM OAM to run between Router A and Router B. # Configure Router A.
[RouterA] efm enable [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] efm mode passive [RouterA-GigabitEthernet1/0/0] efm enable [RouterA-GigabitEthernet1/0/0] quit
# Configure RouterB.
[RouterB] efm enable [RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] efm enable [RouterB-GigabitEthernet1/0/0] quit
Step 3 Configure Ethernet CFM to run between Router B and Router C. # Configure Router B.
[RouterB] cfm enable [RouterB] cfm md md1 [RouterB-md-md1] ma ma1 [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1]
map vlan 10 mep mep-id 1 interface gigabitethernet 2/0/0 outward remote-mep mep-id 2 mep ccm-send enable remote-mep ccm-receive enable return
# Configure Router C.
[RouterC] cfm enable [RouterC] cfm md md1 [RouterC-md-md1] ma ma1 [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1]
map vlan 10 mep mep-id 2 interface gigabitethernet 2/0/0 outward remote-mep mep-id 1 mep ccm-send enable remote-mep ccm-receive enable return
Step 4 Configure EFM OAM to run between Router C and Router D. # Configure Router C.
[RouterC] efm enable [RouterC] interface gigabitethernet 1/0/0 [RouterC-GigabitEthernet1/0/0] efm enable [RouterC-GigabitEthernet1/0/0] quit
# Configure Router D.
[RouterD] efm enable [RouterD] interface gigabitethernet 1/0/0 [RouterD-GigabitEthernet1/0/0] efm mode passive
7-92
Issue 03 (2010-03-31)

[RouterD-GigabitEthernet1/0/0] efm enable [RouterD-GigabitEthernet1/0/0] quit
Step 5 Associate EFM OAM with Ethernet CFM. # Associate EFM OAM running between Router A and Router B with Ethernet CFM running between Router B and Router C.
[RouterB] oam-mgr [RouterB] oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0
# Associate Ethernet CFM running between RouterB and RouterC with EFM OAM running between Router C and Router D.
[RouterC] oam-mgr [RouterC] oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0
Step 6 Verify the configuration. After the preceding configuration, when EFM OAM running between Router A and Router B detects faults, Ethernet CFM notifies EFM OAM running between Router C and Router D of the faults. ----End
Configuration Files
l

# sysname RouterA # vlan batch 10 # efm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 10 efm mode passive efm enable # interface GigabitEthernet2/0/0 portswitch port trunk allow-pass vlan 10 # return

# sysname RouterB # vlan batch 10 # efm enable # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 10 efm enable # interface GigabitEthernet2/0/0 portswitch port trunk allow-pass vlan 10 # cfm md md1
Issue 03 (2010-03-31)
7-93
ma ma1 map vlan 10 mep mep-id 1 interface gigabitethernet 2/0/0 outward mep ccm-send enable remote-mep mep-id 2 remote-mep ccm-receive enable # oam-mgr oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0 # return l

# sysname RouterC # vlan batch 10 # efm enable # cfm enable # interface GigabitEthernet2/0/0 portswitch port trunk allow-pass vlan 10 efm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 10 # cfm md md1 ma ma1 map vlan 10 mep mep-id 2 interface gigabitethernet 1/0/0 outward mep ccm-send enable remote-mep mep-id 1 remote-mep ccm-receive enable # oam-mgr oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0 # return

# sysname RouterD # vlan batch 10 # efm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 10 efm mode passive efm enable # interface GigabitEthernet2/0/0 portswitch port trunk allow-pass vlan 10 # return
7-94
Issue 03 (2010-03-31)
7.16.7 Example for Configuring VPLS Ethernet CFM

As shown in Figure 7-19, Martini VPLS runs on the backbone network and LDP is used as signaling to create Pseudo Wires (PWs). Configure VPLS Ethernet CFM on PEs to fast detect VPLS connectivity between PEs. Figure 7-19 Diagram of configuring VPLS Ethernet CFM
CE3 GE1/0/0.1 10.1.1.3/24 PE3 GE1/0/0.1 GE2/0/0 100.2.1.2/30 GE3/0/0 100.2.1.1/30 Loopback1 1.1.1.1/32 GE1/0/0.1 GE1/0/0.1 10.1.1.1/24 CE1 GE3/0/0 100.3.1.2/30
Loopback1 3.3.3.3/32 PE2 GE2/0/0 100.1.1.2/30
GE3/0/0 100.3.1.1/30 Loopback1 2.2.2.2/32 GE1/0/0.1 GE1/0/0.1 10.1.1.2/24 CE2
PE1 GE2/0/0 100.1.1.1/30
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run the Interior Gateway Protocol (IGP) on the backbone network. routers across the backbone network then can communicate. Configure the routing protocols on the backbone network to enable communication between routers and basic functions of MPLS. Set up LSP tunnels between PEs. Enable MPLS L2VPN on PEs. Create Virtual Switch Instances (VSIs) on PEs and bind VSIs to Attachment Circuit (AC) interfaces. Configure VPLS Ethernet CFM on PEs.
Data Preparation

l l l l l
IP address of each interface MPLS LSR ID of each PE VSI name and VSI ID of each PE Interfaces bound to the VSI Name and level of the MD, name of the MA, MEP ID, name of the interface on which the MEP resides, and type of the MEP
Procedure
Step 1 Assign an IP address to each interface. # Configure PE1.
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ip address 100.1.1.1 30 [PE1-GigabitEthernet2/0/0] undo shutdown [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] ip address 100.2.1.1 30 [PE1-GigabitEthernet3/0/0] undo shutdown [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] interface LoopBack 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip address 100.1.1.2 30 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] ip address 100.3.1.1 30 [PE2-GigabitEthernet3/0/0] undo shutdown [PE2-GigabitEthernet3/0/0] quit
# Configure PE3.
<HUAWEI> system-view [HUAWEI] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface gigabitethernet 2/0/0 [PE3-GigabitEthernet2/0/0] ip address 100.2.1.2 30 [PE3-GigabitEthernet2/0/0] undo shutdown [PE3-GigabitEthernet2/0/0] quit [PE3] interface gigabitethernet 3/0/0 [PE3-GigabitEthernet3/0/0] ip address 100.3.1.2 30 [PE3-GigabitEthernet3/0/0] undo shutdown [PE3-GigabitEthernet3/0/0] quit
Step 2 Configure the IGP on the MPLS backbone network. The Open Shortest Path First (OSPF) is used as the IGP protocol in this example.
NOTE
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs.
7-96
Issue 03 (2010-03-31)
# Configure PE1.
[PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1] quit
# Configure PE2.
# Configure PE3.
After the preceding configuration, PE1 and PE2, PE1 and PE3 can learn IP addresses of loopback1 interfaces from each other through OSPF. Take the display on PE1 as an example.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 12 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0 3.3.3.3/32 OSPF 10 2 D 100.2.1.2 GigabitEthernet3/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 GigabitEthernet2/0/0 100.3.1.0/30 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0 OSPF 10 2 D 100.2.1.2 GigabitEthernet3/0/0 100.2.1.0/30 Direct 0 0 D 100.2.1.1 GigabitEthernet3/0/0 100.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.2.1.2/32 Direct 0 0 D 100.2.1.2 GigabitEthernet3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Step 3 Enable basic MPLS functions and LDP on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] mpls [PE1-GigabitEthernet2/0/0] mpls ldp [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0
Issue 03 (2010-03-31)
7-97

[PE1-GigabitEthernet3/0/0] mpls [PE1-GigabitEthernet3/0/0] mpls ldp [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] mpls [PE2-GigabitEthernet2/0/0] mpls ldp [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet3/0/0 [PE2-GigabitEthernet3/0/0] mpls [PE2-GigabitEthernet3/0/0] mpls ldp [PE2-GigabitEthernet3/0/0] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface gigabitethernet [PE3-GigabitEthernet2/0/0] mpls [PE3-GigabitEthernet2/0/0] mpls [PE3-GigabitEthernet2/0/0] quit [PE3] interface gigabitethernet [PE3-GigabitEthernet3/0/0] mpls [PE3-GigabitEthernet3/0/0] mpls [PE3-GigabitEthernet3/0/0] quit
2/0/0 ldp 3/0/0 ldp
After the preceding configuration, LDP sessions are set up between PEs. Run the display mpls ldp session command. You can view that the Status field displays Operational. Take the display on PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:02 10/10 3.3.3.3:0 Operational DU Passive 000:00:02 9/9 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
NOTE
If PEs are indirectly connected, you need to run the mpls ldp remote-peer command and the remote-ip command to create remote LDP sessions between PEs.
Step 4 Enable MPLS L2VPN on PEs. # Configure PE1.

[PE1] mpls l2vpn [PE1-l2vpn] quit
# Configure PE2.
# Configure PE3.

Step 5 Create VSIs and specify LDP as the signaling protocol of VSIs. # Configure PE1.
[PE1] vsi ldp1 static [PE1-vsi-ldp1] pwsignal ldp [PE1-vsi-ldp1-ldp] vsi-id 2 [PE1-vsi-ldp1-ldp] peer 2.2.2.2 [PE1-vsi-ldp1-ldp] peer 3.3.3.3
# Configure PE2.
# Configure PE3.
Step 6 Bind VSIs to AC interfaces and connect CEs to PEs. # Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi ldp1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
# Configure PE3.
# Configure CE1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] interface gigabitethernet 1/0/0.1
Issue 03 (2010-03-31)
7-99

[CE2-GigabitEthernet1/0/0.1] [CE2-GigabitEthernet1/0/0.1] [CE2-GigabitEthernet1/0/0.1] [CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 ip address 10.1.1.2 24 undo shutdown quit
# Configure CE3.
<HUAWEI> system-view [HUAWEI] sysname CE3 [CE3] interface gigabitethernet 1/0/0.1 [CE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE3-GigabitEthernet1/0/0.1] ip address 10.1.1.3 24 [CE3-GigabitEthernet1/0/0.1] undo shutdown [CE3-GigabitEthernet1/0/0.1] quit
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1. You can view that PWs are set up between PE1 and PE2, PE1 and PE3 by the VSI named ldp1. The VSI is in the Up state. Take the display on PE1 as an example.
[PE1] display vsi name bgp1 verbose ***VSI Name : ldp1 VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 2 *Peer Router ID : 3.3.3.3 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x6002003, *Peer Router ID : 2.2.2.2 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x6002000, Interface Name : GigabitEthernet1/0/0.1 State : up **PW Information: *Peer Ip Address : 2.2.2.2 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x6002000, *Peer Ip Address : 3.3.3.3 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x6002003,
Hosts attached to CE1, CE2, and CE3 can ping through each other. Take CE1 as an example.
[CE1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.1.2 ping statistics ---
7-100
Issue 03 (2010-03-31)
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/10/50 ms [CE1] ping 10.1.1.3 PING 10.1.1.3: 56 data bytes, press CTRL_C to break Reply from 10.1.1.3: bytes=56 Sequence=1 ttl=255 time=1 Reply from 10.1.1.3: bytes=56 Sequence=2 ttl=255 time=1 Reply from 10.1.1.3: bytes=56 Sequence=3 ttl=255 time=1 Reply from 10.1.1.3: bytes=56 Sequence=4 ttl=255 time=1 Reply from 10.1.1.3: bytes=56 Sequence=5 ttl=255 time=1 --- 10.1.1.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
ms ms ms ms ms
Step 7 Configure Ethernet CFM on PEs. # Configure PE1.

[PE1] cfm enable [PE1] cfm md md1 [PE1-md-md1] ma ma1 [PE1-md-md1-ma-ma1] [PE1-md-md1-ma-ma1] [PE1-md-md1-ma-ma1] [PE1-md-md1-ma-ma1] [PE1-md-md1-ma-ma1] [PE1-md-md1-ma-ma1] [PE1-md-md1-ma-ma1] [PE1-md-md1-ma-ma1]
ccm-interval 30 map vsi ldp1 mep mep-id 1 interface gigabitethernet 1/0/0.1 inward remote-mep mep-id 2 remote-mep mep-id 3 mep ccm-send enable remote-mep ccm-receive enable quit
# Configure PE2.
# Configure PE3.
Step 8 Verify the configuration. After the preceding configuration, run the display cfm mep command and the display cfm remote-mep command on PE1, PE2, and PE3. You can view that the configuration of Ethernet CFM succeeds. Ethernet CFM can fast detect faults between PEs of VSIs and notify the NMS. Take PE1 as an example.

[PE1] display cfm mep md md1 The total number of MEPs is 2 MD Name : md1 Level : 0 MA Name : ma1 MEP ID : 2 Vlan ID : -VSI Name : -Interface Name : GigabitEthernet1/0/1.1 CCM Send : enabled Direction : inward MD Name : md1 Level : 0 MA Name : ma1 MEP ID : 3 Vlan ID : -VSI Name : -Interface Name : GigabitEthernet1/0/1.1 CCM Send : enabled Direction : inward [PE1] display cfm remote-mep md md1 The total number of RMEPs is 2 The status of RMEPS : 2 up, 0 down -------------------------------------------------MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 2 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 3 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up
----End
Configuration Files
l

# sysname PE1 # cfm enable # mpls lsr-id 1.1.1.1 mpls mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 2.2.2.2 peer 3.3.3.3 # mpls ldp # interface GigabitEthernet1/0/0
7-102
Issue 03 (2010-03-31)
undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip address 100.2.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # cfm md md1 ma ma1 ccm-interval 30 map vsi ldp1 mep mep-id 1 interface gigabitethernet 1/0/0.1 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 # return l

# sysname PE2 # cfm enable # mpls lsr-id 2.2.2.2 mpls mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 1.1.1.1 peer 3.3.3.3 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.1.2 255.255.255.252
Issue 03 (2010-03-31)
7-103
mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip address 100.3.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # cfm md md1 ma ma1 ccm-interval 30 map vsi ldp1 mep mep-id 2 interface gigabitethernet 1/0/0.1 inward mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.3.1.0 0.0.0.3 # return l

# sysname PE3 # cfm enable # mpls lsr-id 3.3.3.3 mpls mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 2 peer 1.1.1.1 peer 2.2.2.2 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.2.1.2 255.255.255.252 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip address 100.3.1.2 255.255.255.252 mpls mpls ldp # interface LoopBack1
7-104
Issue 03 (2010-03-31)
ip address 3.3.3.3 255.255.255.255 # cfm md md1 ma ma1 ccm-interval 30 map vsi ldp1 mep mep-id 3 interface gigabitethernet 1/0/0.1 inward mep ccm-send mep-id 3 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.2.1.0 0.0.0.3 network 100.3.1.0 0.0.0.3 # return l

# sysname CE1 # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 ip address 10.1.1.1 255.255.255.0 # return


Issue 03 (2010-03-31)
7-105
7.16.8 Example for Associating EFM OAM with MPLS OAM

On the provider network shown in Figure 7-20, NPEs and P are connected through Ethernet links; UPEs and NPEs are connected through Ethernet links. The requirements are as follows:
l l l
Configuring MPLS OAM between NPEs Configuring EFM OAM between UPEs and NPEs Associating EFM OAM with MPLS OAM
This allows MPLS OAM to send fault messages detected by EFM OAM running between UPE1 and NPE1 to EFM OAM running between NPE2 and UPE2. Figure 7-20 Diagram of associating EFM OAM with MPLS OAM Loopback1 4.4.4.4/32 P GE2/0/0 100.4.1.2/30 Loopback1 3.3.3.3/32 Loopback1 5.5.5.5/32 GE 1/0/0 100.5.1.2/30
GE 1/0/0 100.3.1.2/30 Loopback1 1.1.1.1/32 Loopback1 2.2.2.2/32
GE 1/0/0 100.1.1.1/30 GE 2/0/0 GE 2/0/0 GE 1/0/0 GE 1/0/0 100.5.1.1/30 100.1.1.2/30 NPE1100.2.1.1/30 100.2.1.2/30 UPE1 NPE2
GE 3/0/0 GE 3/0/0 100.3.1.1/30 100.4.1.1/30
UPE2
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the IGP on the provider network so that devices can communicate. Configure MPLS OAM between NPEs. Configure EFM OAM between NPEs and UPEs. Configure EFM OAM between UPE1 and NPE1 to send fault messages to MPLS OAM and MPLS OAM then sends fault messages to EFM OAM between NPE2 and UPE2.
Data Preparation
l l
IP addresses of the interface on the routers, name of tunnel interfaces, and tunnel ID Type of the sent detection packets
7-106

l
Parameters such as the mode of the backward tunnel
Procedure
Step 1 Configure IP addresses of the interfaces. Configure the IP address and mask for each interface including each loopback interface as shown in Figure 7-20. The detailed configuration is omitted here. For details, see "Configuration Files." Step 2 Configure the IGP. The Intermediate System-to-Intermediate System (IS-IS) is used as the IGP protocol in this example. # Configure UPE1.
[UPE1] isis 1 [UPE1-isis-1] network-entity 00.0005.0000.0000.0001.00 [UPE1-isis-1] is-level level-2 [UPE1-isis-1] quit [UPE1] interface gigabitethernet 1/0/0 [UPE1-GigabitEthernet1/0/0] isis enable 1 [UPE1-GigabitEthernet1/0/0] undo shutdown [UPE1-GigabitEthernet1/0/0] quit [UPE1] interface loopback 1 [UPE1-LoopBack1] isis enable 1 [UPE1-LoopBack1] quit
# Configure NPE1.
[NPE1] isis 1 [NPE1-isis-1] network-entity 00.0005.0000.0000.0002.00 [NPE1-isis-1] is-level level-2 [NPE1-isis-1] quit [NPE1] interface gigabitethernet 1/0/0 [NPE1-GigabitEthernet1/0/0] isis enable 1 [NPE1-GigabitEthernet1/0/0] undo shutdown [NPE1-GigabitEthernet1/0/0] quit [NPE1] interface gigabitethernet 2/0/0 [NPE1-GigabitEthernet2/0/0] isis enable 1 [NPE1-GigabitEthernet2/0/0] undo shutdown [NPE1-GigabitEthernet2/0/0] quit [NPE1] interface gigabitethernet 3/0/0 [NPE1-GigabitEthernet3/0/0] isis enable 1 [NPE1-GigabitEthernet3/0/0] undo shutdown [NPE1-GigabitEthernet3/0/0] quit [NPE1] interface loopback 1 [NPE1-LoopBack1] isis enable 1 [NPE1-LoopBack1] quit
# Configure P.
[P] isis 1 [P-isis-1] network-entity 00.0005.0000.0000.0004.00 [P-isis-1] is-level level-2 [P-isis-1] quit [P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] isis enable 1 [P-GigabitEthernet1/0/0] undo shutdown [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] isis enable 1 [P-GigabitEthernet2/0/0] undo shutdown [P-GigabitEthernet2/0/0] quit [P] interface loopback 1 [P-LoopBack1] isis enable 1 [P-LoopBack1] quit
# Configure NPE2.
[NPE2] isis 1 [NPE2-isis-1] network-entity 00.0005.0000.0000.0003.00 [NPE2-isis-1] is-level level-2 [NPE2-isis-1] quit [NPE2] interface gigabitethernet 1/0/0 [NPE2-GigabitEthernet1/0/0] isis enable 1 [NPE2-GigabitEthernet1/0/0] undo shutdown [NPE2-GigabitEthernet1/0/0] quit [NPE2] interface gigabitethernet 2/0/0 [NPE2-GigabitEthernet2/0/0] isis enable 1 [NPE2-GigabitEthernet2/0/0] undo shutdown [NPE2-GigabitEthernet2/0/0] quit [NPE2] interface gigabitethernet 3/0/0 [NPE2-GigabitEthernet3/0/0] isis enable 1 [NPE2-GigabitEthernet3/0/0] undo shutdown [NPE2-GigabitEthernet3/0/0] quit [NPE2] interface loopback 1 [NPE2-LoopBack1] isis enable 1 [NPE2-LoopBack1] quit
# Configure UPE2.
[UPE2] isis 1 [UPE2-isis-1] network-entity 00.0005.0000.0000.0005.00 [UPE2-isis-1] is-level level-2 [UPE2-isis-1] quit [UPE2] interface gigabitethernet 1/0/0 [UPE2-GigabitEthernet1/0/0] isis enable 1 [UPE2-GigabitEthernet1/0/0] undo shutdown [UPE2-GigabitEthernet1/0/0] quit [UPE2] interface loopback 1 [UPE2-LoopBack1] isis enable 1 [UPE2-LoopBack1] quit
After the preceding configuration, run the display ip routing-table command on each router. You can view that the routers learn the routes from each other. Take the display on UPE1 as an example.
[UPE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 100.1.1.2 GigabitEthernet1/0/0 3.3.3.9/32 ISIS 15 20 D 100.1.1.2 GigabitEthernet1/0/0 4.4.4.9/32 ISIS 15 20 D 100.1.1.2 GigabitEthernet1/0/0 5.5.5.9/32 ISIS 15 30 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 GigabitEthernet1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.2.1.0/24 ISIS 15 20 D 100.1.1.2 GigabitEthernet1/0/0 100.3.1.0/24 ISIS 15 20 D 100.1.1.2 GigabitEthernet1/0/0 100.4.1.0/24 ISIS 15 30 D 100.1.1.2 GigabitEthernet1/0/0 100.5.1.0/24 ISIS 15 30 D 100.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Step 3 Configure basic MPLS functions on NPEs and P; enable MPLS Traffic Engineering (TE), Resource Reservation Protocol TE (RSVP-TE), and Constraint Shortest Path First (CSPF). # Configure NPE1.
[NPE1] mpls [NPE1] mpls [NPE1-mpls] [NPE1-mpls] [NPE1-mpls] [NPE1-mpls] lsr-id 2.2.2.2 mpls te mpls rsvp-te mpls te cspf quit
7-108
Issue 03 (2010-03-31)

[NPE1] interface gigabitethernet [NPE1-GigabitEthernet2/0/0] mpls [NPE1-GigabitEthernet2/0/0] mpls [NPE1-GigabitEthernet2/0/0] mpls [NPE1-GigabitEthernet2/0/0] quit [NPE1] interface gigabitethernet [NPE1-GigabitEthernet3/0/0] mpls [NPE1-GigabitEthernet3/0/0] mpls [NPE1-GigabitEthernet3/0/0] mpls [NPE1-GigabitEthernet3/0/0] quit 2/0/0 te rsvp-te 3/0/0 te rsvp-te
# Configure P.
[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] quit
1/0/0 te rsvp-te 2/0/0 te rsvp-te
# Configure NPE2.
[NPE2] mpls lsr-id 3.3.3.3 [NPE2] mpls [NPE2-mpls] mpls te [NPE2-mpls] mpls rsvp-te [NPE2-mpls] mpls te cspf [NPE2-mpls] quit [NPE2] interface gigabitethernet [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] quit [NPE2] interface gigabitethernet [NPE2-GigabitEthernet3/0/0] mpls [NPE2-GigabitEthernet3/0/0] mpls [NPE2-GigabitEthernet3/0/0] mpls [NPE2-GigabitEthernet3/0/0] quit
2/0/0 te rsvp-te 3/0/0 te rsvp-te
Step 4 Configure IS-IS TE on NPEs and P. # Configure NPE1.

[NPE1] isis 1 [NPE1-isis-1] cost-style wide [NPE1-isis-1] traffic-eng level-2 [NPE1-isis-1] quit
# Configure P.
[P] isis 1 [P-isis-1] cost-style wide [P-isis-1] traffic-eng level-2 [P-isis-1] quit
# Configure NPE2.
[NPE2] isis 1 [NPE2-isis-1] cost-style wide [NPE2-isis-1] traffic-eng level-2
Issue 03 (2010-03-31)
7-109

[NPE2-isis-1] quit
Step 5 Use explicit paths to set up TE tunnels on NPEs. # Configure NPE1.

[NPE1] explicit-path npe1-to-npe2 [NPE1-explicit-path-npe1-to-npe2] next hop 100.2.1.2 [NPE1-explicit-path-npe1-to-npe2] quit [NPE1] interface tunnel 2/0/0 [NPE1-Tunnel2/0/0] ip address unnumbered interface loopback 1 [NPE1-Tunnel2/0/0] tunnel-protocol mpls te [NPE1-Tunnel2/0/0] destination 3.3.3.3 [NPE1-Tunnel2/0/0] mpls te tunnel-id 100 [NPE1-Tunnel2/0/0] mpls te signal-protocol rsvp-te [NPE1-Tunnel2/0/0] mpls te path explicit-path work [NPE1-Tunnel2/0/0] mpls te commit [NPE1-Tunnel2/0/0] quit
# Configure NPE2.
[NPE2] explicit-path npe2-to-npe1 [NPE2-explicit-path-npe2-to-npe1] next hop 100.4.1.2 [NPE2-explicit-path-npe2-to-npe1] quit [NPE2] interface tunnel 3/0/0 [NPE2-Tunnel3/0/0] ip address unnumbered interface loopback 1 [NPE2-Tunnel3/0/0] tunnel-protocol mpls te [NPE2-Tunnel3/0/0] destination 2.2.2.2 [NPE2-Tunnel3/0/0] mpls te tunnel-id 200 [NPE2-Tunnel3/0/0] mpls te signal-protocol rsvp-te [NPE2-Tunnel3/0/0] mpls te path explicit-path work [NPE2-Tunnel3/0/0] mpls te commit [NPE2-Tunnel3/0/0] quit
After the preceding configuration, run the display interface tunnel command on each NPE. You can view the tunnel interface is Up. Take the display on NPE1 as an example.
[NPE1] display interface tunnel Tunnel2/0/0 current state : UP Line protocol current state : UP Description : Tunnel2/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(2.2.2.2/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 3.3.3.3 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002001, secondary tunnel id is 0x0 The tunnelIfIndex is 0xc000505 5 minutes output rate 0 bits/s, 0 packets/s 0 packets output, 0 bytes 0 packets output dropped
Step 6 Configure MPLS OAM on NPEs. NPE1 acts as the ingress and NPE2 acts as the egress. # Configure NPE1.
[NPE1] mpls [NPE1-mpls] [NPE1-mpls] [NPE1] mpls [NPE1] mpls mpls oam quit oam ingress tunnel2/0/0 type ffd frequency 100 oam ingress enable all
# Configure NPE2.
[NPE2] mpls [NPE2-mpls] mpls oam [NPE2-mpls] quit [NPE2] mpls oam egress lsr-id 2.2.2.2 tunnel-id 100 auto-protocol backward-lsp tunnel 3/0/0 private
7-110
Issue 03 (2010-03-31)
After the preceding configuration, you can use the command to view the parameters and status of MPLS OAM on the ingress NPE1 and egress NPE2. The command output shows that the ingress and egress are in normal detection state. Take the display on NPE2 as an example.
[NPE2] display mpls oam egress all verbose ------------------------------------------------------------------------Verbose information about the NO.1 oam at the egress ------------------------------------------------------------------------lsp basic information: oam basic information: --------------------------------------------------------------------Lsp name : -Oam-Index : 256 Lsp signal status : Up Oam select board : 1 Lsp establish type : Rsvp lsp Enable-state : -Lsp incoming Label : 3 Auto-protocol : Enable Lsp ingress lsr-id : 2.2.2.2 Auto-overtime (s) : 300 Lsp tnl-id/lsp-id : 100/1 Ttsi/lsr-id : 2.2.2.2 Lsp Incoming-int GigabitEthernet2/0/0 Ttsi/tunnel-id : 100 oam detect information: oam backward information: --------------------------------------------------------------------Type : FFD Tunnel name : Tunnel2/0/0 Frequency : 100 ms Share attribute : Private Detect-state : Start Lsp signal status : Up Defect-state : Non-defect Bdi-frequency : Detect-freq Available state : Available Unavailable time (s): 0 ------------------------------------------------------------------------Total Oam Num: 1 Total Start Oam Num: 1 Total Defect Oam Num: 0 Total Unavaliable Oam Num: 0
Step 7 Configure EFM OAM on UPEs and NPEs. # Configure UPE1.

[UPE1] efm enable [UPE1] interface gigabitethernet 1/0/0 [UPE1-GigabitEthernet1/0/0] efm enable [UPE1-GigabitEthernet1/0/0] quit
# Configure NPE1.
[NPE1] efm enable [NPE1] interface gigabitethernet 1/0/0 [NPE1-GigabitEthernet1/0/0] efm enable [NPE1-GigabitEthernet1/0/0] quit
# Configure UPE2.
[UPE2] efm enable [UPE2] interface gigabitethernet 1/0/0 [UPE2-GigabitEthernet1/0/0] efm enable [UPE2-GigabitEthernet1/0/0] quit
# Configure NPE2.
[NPE2] efm enable [NPE2] interface gigabitethernet 1/0/0 [NPE2-GigabitEthernet1/0/0] efm enable [NPE2-GigabitEthernet1/0/0] quit
After the preceding configuration, run the display efm session command on UPEs or NPEs. You can view that the status of EFM OAM on GE 1/0/0 is detect. Take the display on UPE2 as an example.
[UPE2] display efm session interface gigabitethernet 1/0/0
Issue 03 (2010-03-31)
7-111
Interface EFM State Loopback Timeout -------------------------------------------------------------------GigabitEthernet1/0/0 detect --
Step 8 Associate EFM OAM with MPLS OAM on NPEs. # Configure NPE1.
[NPE1] oam-mgr [NPE1-oam-mgr] oam tunnel 2/0/0 oam-bind ingress efm interface gigabitethernet 1/0/0 egress mpls
# Configure NPE2.
[NPE2] oam-mgr [NPE2-oam-mgr] oam-bind ingress mpls oam lsr-id 2.2.2.2 tunnel-id 200 egress efm interface gigabitethernet 1/0/0
NOTE
When you create static LSPs, MPLS OAM instances created accordingly record LSR ID and tunnel ID only, if lsr-id and tunnel-id are specified. In this manner, you must specify lsr-id and tunnel-id when associating Ethernet OAM with MPLS OAM.
Step 9 Verify the configuration. After the preceding configuration, when EFM OAM running between UPE1 and NPE1 detects faults, the faults can be sent to EFM OAM running between UPE2 and NPE2 through MPLS OAM. ----End
Configuration Files
l
Configuration file of UPE1

# sysname UPE1 # efm enable # isis 1 is-level level-2 network-entity 00.0005.0000.0000.0001.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.1.1 255.255.255.252 isis enable 1 efm enable # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 isis enable 1 # return

# sysname NPE1 # efm enable # mpls lsr-id 2.2.2.2 mpls mpls te mpls rsvp-te mpls oam
7-112
Issue 03 (2010-03-31)
mpls te cspf # explicit-path npe1-to-npe2 next hop 100.2.1.2 # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0002.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.1.2 255.255.255.252 isis enable 1 efm enable # interface GigabitEthernet2/0/0 undo shutdown ip address 100.2.1.2 255.255.255.252 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet3/0/0 undo shutdown ip address 100.3.1.1 255.255.255.252 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 100 mpls te path explicit-path npe1-to-npe2 mpls te commit # mpls oam ingress Tunnel2/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel2/0/0 # oam-mgr oam-bind ingress efm interface GigabitEthernet 1/0/0 egress mpls oam Tunnel 2/0/0 # return l
Configuration file of P
# sysname P # mpls lsr-id 4.4.4.4 mpls mpls te mpls rsvp-te # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0004.00 traffic-eng level-2 # interface GigabitEthernet1/0/0
Issue 03 (2010-03-31)
7-113

undo shutdown ip address 100.3.1.2 255.255.255.252 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet2/0/0 undo shutdown ip address 100.4.1.2 255.255.255.252 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 isis enable 1 # return l

# sysname NPE2 # efm enable # mpls lsr-id 3.3.3.3 mpls mpls te mpls rsvp-te mpls oam mpls te cspf # explicit-path npe2-to-npe1 next hop 100.4.1.2 # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0003.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.5.1.1 255.255.255.252 isis enable 1 efm enable # interface GigabitEthernet2/0/0 undo shutdown ip address 100.2.1.2 255.255.255.252 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet3/0/0 undo shutdown ip address 100.4.1.1 255.255.255.252 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # interface Tunnel3/0/0
7-114
Issue 03 (2010-03-31)
ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 200 mpls te path explicit-path npe2-to-npe1 mpls te commit # mpls oam egress lsr-id 1.1.1.1 tunnel-id 100 backward-lsp Tunnel3/0/0 private # oam-mgr oam-bind ingress mpls oam lsr-id 2.2.2.2 tunnel-id 200 egress efm interface GigabitEthernet 1/0/0 # return l
Configuration file of UPE1

# sysname UPE1 # efm enable # isis 1 is-level level-2 network-entity 00.0005.0000.0000.0005.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.5.1.2 255.255.255.252 isis enable 1 efm enable # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 isis enable 1 # return
7.16.9 Example for Configuring EFM OAM Extension for VRRP

As shown in Figure 7-21.
Issue 03 (2010-03-31)
7-115
Figure 7-21 Networking diagram of configuring EFM OAM extension for VRRP
EFM OAM Extension GE1/0/0 Vlanif10: 10.1.1.1/24 Loopback1 2.2.2.2/32 PE1
AS:100
PO 100 S1/0/ .1.1 0 Loopback1 .1/2 Loopback1 P 4 1 OS1 1.1.1.1/32 /0/0 4.4.4.4/32 00. GE2/0/0 1.1 .2/2 Vlanif10 100.3.1.1/24 4 10.1.1.2/24 Loopback1 VRRP 4.4.4.4/32 Vlanif10 /0 GE2/0/0 2/0 CE1 10.1.1.3/24 OS .2/24 PE3 100.3.1.2/24 P (SoftX) .2.1 /0 100 GE 1/0 4 VPNA 3/0 POS .1.1/2 /0 .2 GE2/0/0 PE2 100 MPLS Vlanif10: Loopback1 backbone 10.1.1.1/24 3.3.3.3/32
/0/0 E3 G
EFM OAM Extension
The master interface board of CE1 is connected to the master router, and the slave interface board of CE1 is connected to the backup router. The interfaces on the master interface board and slave interface board that are connected to PE1 and PE2 are configured with the same IP address. Normally, the IP address of the interface on the master interface board is valid. The SoftX is dual homed to the gateways, that is, PE1 and PE2. VLAN IF interfaces are configured to group PE1 and PE2 into a broadcast domain, that is, a VLAN. Then the downstream interfaces (configured as a Layer 2 interfaces) of the two PEs are added into the VLAN. Based on EFM OAM extension, the SoftX can detect the faults on the links connecting the SoftX to PE1 and PE2.
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure Intermediate System to Intermediate System (IS-IS) between PEs to implement interworking between the PEs. Establish MPLS Label Switched Paths (LSPs) between PEs. Configure VPN instances on PEs and associate the interfaces that connect the PEs to the CE with the corresponding VPN instances. Configure Multiprotocol Interior Border Gateway Protocol (MP IBGP) between PEs to exchange VPN routing information. Enable EFM OAM extension between PE1 and CE1, and between PE2 and CE1. Then associate EFM OAM extension with interfaces. Create the VRRP backup group and enable EFM OAM extension to track the interface status.
7-116
Data Preparation
l l l l
IP address of each interface, including the physical interface and VLANIF interface MPLS LSR IDs of PEs Names of the VPN instances, router distinguishers (RDs), and VPN targets on PEs Virtual IP address of the VRRP backup group and VRRP priorities of master and backup routers
Procedure
Step 1 Assign IP addresses to interfaces on PE1, PE2, PE3, and CE1. # Configure PE1. Create VLAN 10, and add GE 2/0/0 and GE 3/0/0 into VLAN 10.
<PE1> system-view [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] portswitch [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] portswitch [PE1-GigabitEthernet3/0/0] quit [PE1-vlan10] port gigabitethernet 2/0/0 [PE1-vlan10] port gigabitethernet 3/0/0 [PE1-vlan10] interface vlanif10 [PE1-vlanif10] ip address 10.1.1.2 255.255.255.0 [PE1-vlanif10] quit
# Configure PE2. Create VLAN 10, and add GE 2/0/0 and GE 3/0/0 into VLAN 10.
<PE2> system-view [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] portswitch [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] portswitch [PE2-GigabitEthernet3/0/0] quit [PE2-vlan10] port gigabitethernet 2/0/0 [PE2-vlan10] port gigabitethernet 3/0/0 [PE2-vlan10] interface vlanif10 [PE2-vlanif10] ip address 10.1.1.3 255.255.255.0 [PE2-vlanif10] quit
# Configure CE1. Create VLAN 10, and add GE 1/0/0 and GE 2/0/0 into VLAN 10.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] portswitch [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] portswitch [CE1-GigabitEthernet2/0/0] quit [CE1-vlan10] port gigabitethernet 1/0/0 [CE1-vlan10] port gigabitethernet 2/0/0 [CE1-vlan10] interface vlanif10 [CE1-vlanif10] ip address 10.1.1.1 255.255.255.0 [CE1-vlanif10] quit
Step 2 Configure IGP on the MPLS backbone network to implement device interworking on the backbone network. # Configure PE1.
[PE1] interface loopback 1
Issue 03 (2010-03-31)
7-117

[PE1-LoopBack1] ip address 2.2.2.2 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 24 [PE1-Pos1/0/0] isis enable [PE1-Pos1/0/0] quit [PE1] isis 1 [PE1-isis-1] is-level level-1-2 [PE1-isis-1] network-entity 10.0000.0000.0001.00 [PE1-isis-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.3 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.2.1.1 24 [PE2-Pos1/0/0] isis enable [PE2-Pos1/0/0] quit [PE2] isis 1 [PE2-isis-1] is-level level-1-2 [PE2-isis-1] network-entity 10.0000.0000.0002.00 [PE2-isis-1] quit
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 4.4.4.4 32 [PE3-LoopBack1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] ip address 100.1.1.2 24 [PE3-Pos1/0/0] isis enable [PE3-Pos1/0/0] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] ip address 100.2.1.2 24 [PE3-Pos2/0/0] isis enable [PE3-Pos2/0/0] quit [PE3] isis 1 [PE3-isis-1] is-level level-1-2 [PE3-isis-1] network-entity 10.0000.0000.0003.00 [PE3-isis-1] quit
Step 3 Configure basic MPLS functions and MPLS Label Distribution Protocol (LDP) on the MPLS backbone network and set up LDP LSPs. # Configure PE1.
[PE1] mpls lsr-id 2.2.2.2 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit
7-118
Issue 03 (2010-03-31)
# Configure PE3.
[PE3] mpls lsr-id 4.4.4.4 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-ldp] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls [PE3-Pos1/0/0] mpls ldp [PE3-Pos1/0/0] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit
After the preceding configuration, LDP sessions are set up between PEs. Run the display mpls ldp session command. The command output shows that the Status field displays Operational. Step 4 Configure VPN instances on PE1 and PE2 so that CE1 can access both PEs. # Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit [PE1] interface vlanif 10 [PE1-vlanif10] ip binding vpn-instance vpna [PE1-vlanif10] ip address 10.1.1.2 24 [PE1-vlanif10] quit
# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 100:2 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] interface vlanif 10 [PE2-vlanif10] ip binding vpn-instance vpna [PE2-vlanif10] ip address 10.1.1.3 24 [PE2-vlanif10] quit
Step 5 Enable EFM OAM extension between PE1 and CE1, and between PE2 and CE1. # Configure PE1.
[PE1] efm enable [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] efm enable [PE1-GigabitEthernet3/0/0] efm trigger if-down [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
[PE2] efm enable [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] efm enable [PE2-GigabitEthernet3/0/0] efm trigger if-down [PE2-GigabitEthernet3/0/0] quit
Step 6 Configure the static routes on PE1 and PE2 that are destined for CE1, and import the static routes to the Border Gateway Protocol (BGP). # Configure PE1.
[PE1] ip route-static vpn-instance vpna 1.1.1.1 32 10.1.1.1 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna
Issue 03 (2010-03-31)
7-119

[PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] import-route static [PE1-bgp-vpna] quit [UPE] interface gigabitethernet 1/0/3 [UPE-GigabitEthernet1/0/2] efm enable [UPE-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] ip route-static vpn-instance vpna 1.1.1.1 32 10.1.1.1 [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-vpna] import-route direct [PE2-bgp-vpna] import-route static [PE2-bgp-vpna] quit
# Configure CE1. Configure the virtual IP address of the VRRP backup group as the gateway address.
[CE1] ip route-static 0.0.0.0 0.0.0.0 10.1.1.111
Step 7 Set up MP-IBGP peer relationships between PE1, PE2, and PE3. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface loopback 1 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface loopback 1 ipv4-family vpnv4 peer 3.3.3.3 enable peer 4.4.4.4 enable quit
# Configure PE2.
# Configure PE3.
Step 8 Configure the VRRP backup group on PE1 and PE2 to track the traffic of the downstream interface. # Configure PE1.
[PE1] interface vlanif 10 [PE1-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.111 [PE1-vlanif10] vrrp vrid 1 track interface gigabitethernet 3/0/0 reduced 60 [PE1-vlanif10] quit
7-120
Issue 03 (2010-03-31)
# Configure PE2.
[PE1] interface vlanif 10 [PE2-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.111 [PE2-vlanif10] vrrp vrid 1 track interface gigabitethernet 3/0/0 reduced 60 [PE21-vlanif10] quit
Step 9 Verify the configuration. After the configuration, run the display interface command on PE2 to check the status of the backup interface. The command output shows that the protocol status of the backup interface is DOWN (EFM down). That is, the backup interface is blocked, and cannot forward traffic.
[PE2] display interface GigabitEthernet 3/0/0 GigabitEthernet3/0/0 current state : UP Line protocol current state : DOWN (EFM down) Description: GigabitEthernet3/0/0 Interface Switch Port,PVID : 10,The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-0003-0003 The Vendor Name is AGILENT , The Vendor PN is HFCT-5710L Transceiver BW: 1G, Transceiver Mode: Single Mode WaveLength: 1310nm, Transmission Distance: 10km Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Receive Enable and Send Enable Last physical up time : 2008-12-27 19:40:57 Last physical down time : 2008-12-27 19:40:56Statistics last cleared:2008-12-27 17:13:58 Last 300 seconds input rate: 520 bits/sec, 1 packets/sec Last 300 seconds output rate: 592 bits/sec, 1 packets/sec Input: 2041312 bytes, 15821 packets Output: 591032 bytes, 9228 packets Input: Unicast: 6176 packets, Multicast: 9627 packets Broadcast: 18 packets, JumboOctets: 0 packets CRC: 0 packets, Symbol: 0 packets Overrun: 0 packets, InRangeLength: 0 packets LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets Fragment: 0 packets, Undersized Frame: 0 packets RxPause: 0 packets Output: Unicast: 21 packets, Multicast: 9144 packets Broadcast: 63 packets, JumboOctets: 0 packets Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets System: 0 packets, Overruns: 0 packets TxPause: 0 packets Unknown Vlan: 0 packets
Run the display vrrp command on PE1 and PE2 to check the status of the VRRP backup group. The command output shows that the VRRP status of PE1 is Master, and the VRRP status of PE2 is Backup. That is, PE1 functions as the master PE, and is responsible for forwarding traffic. PE2 functions as the backup PE, and cannot forward traffic.
[PE1] display vrrp Vlanif10 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 PriorityRun : 40 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES
Issue 03 (2010-03-31)
7-121

Config type : normal-vrrp Track IF : GigabitEthernet3/0/0 IF State : Up [PE2] display vrrp Vlanif10 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.111 PriorityRun : 40 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track IF : GigabitEthernet3/0/0 IF State : DOWN
priority reduced : 60
priority reduced : 60
----End
Configuration Files
l

# sysname PE1 # vlan 10 # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 2.2.2.2 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 # interface Vlanif10 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 track interface GigabitEthernet3/0/0 reduced 60 ip binding vpn-instance vpna # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown portswitch port default vlan 10 # interface GigabitEthernet3/0/0 undo shutdown portswitch port default vlan 10 # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 #
7-122
Issue 03 (2010-03-31)
bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct import-route static # ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.1.1.1 # return l

# sysname PE2 # vlan 10 # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.3 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface Vlanif10 ip address 10.1.1.3 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 track interface GigabitEthernet3/0/0 reduced 60 ip binding vpn-instance vpna # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown portswitch port default vlan 10 # interface GigabitEthernet3/0/0 undo shutdown portswitch port default vlan 10 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 100 peer 4.4.4.4 as-number 100
Issue 03 (2010-03-31)
7-123
peer 4.4.4.4 connect-interface LoopBack1 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct import-route static # ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.1.1.1 # return l

# sysname PE3 # mpls lsr-id 4.4.4.4 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast peer 2.2.2.2 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 3.3.3.3 enable # return

# sysname CE1 #
7-124
Issue 03 (2010-03-31)

efm enable # interface GigabitEthernet1/0/0 undo shutdown portswitch port default vlan 10 # interface GigabitEthernet2/0/0 undo shutdown portswitch port default vlan 10 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ip route-static 0.0.0.0 0.0.0.0 10.1.1.111 # return
7.16.10 Exmaple for Configuring EFM OAM Extension for Static Routes
Figure 7-22 shows the networking requirements: Figure 7-22 Networking diagram of configuring EFM OAM extension for static routes
EFM OAM Extension Loopback1 AS:100 2.2.2.2/32 GE1/0/0 PE1 P 10.1.1.1/24 O 100 S1/0/ .1.1 0 0/0 3/ Loopback1 .1/2 Loopback1 P GE 4 1 OS1 1.1.1.1/32 /0/0 4.4.4.4/32 00. 4 GE2/0/0 2 1.1 .2/ .2/2 100.3.1.1/24 1.1 4 0. 1 CE1 (SoftX) GE2/0/0 100.3.1.2/24 24 GE 0/0 3/0 S1/ VPNA /0 PO .1.1/24 .2 GE2/0/0 PE2 100 10.1.1.1/24 Loopback1 3.3.3.3/32 EFM OAM Extension
10.1 .1.2 /
/0 2/0 OS .2/24 PE3 P .2.1 100
MPLS backbone
The master interface board of CE1 (SoftX) is connected to the master router, and the slave interface board of CE1 is connected to the backup router. The interfaces on the master interface board and slave interface board that are connected to PE1 and PE2 are configured with the same IP address. Normally, the IP address of the interface on the master interface board is valid. The SoftX is dual homed to the gateways, that is, PE1 and PE2.
On PE1 and PE2, static routes destined for CE1 are configured, and EFM OAM extension for static routes are configured to realize link protection and failover.
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure IS-IS between PEs to implement interworking between the PEs. Establish MPLS LSPs between PEs. Configure VPN instances on PEs and associate the interfaces that connect PEs to CEs with the corresponding VPN instances. Configure MP IBGP between PEs to exchange VPN routing information. Enable EFM OAM extension between PE1 and CE1, and between PE2 and CE1. Configure the static routes on PE1 and PE2 that are destined for CE1. Then configure EFM OAM extension for static routes, and import the static routes to BGP.
Data Preparation
l l l
IP address of each physical interface MPLS LSR IDs of the PEs Names of the VPN instances, RDs, and VPN targets on the PEs
Procedure
Step 1 Configure IGP on the MPLS backbone network to implement device interworking on the backbone network. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 2.2.2.2 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 24 [PE1-Pos1/0/0] isis enable [PE1-Pos1/0/0] quit [PE1] interface pos 20/0 [PE1-Pos2//0] ip address 100.3.1.1 24 [PE1-Pos2/0/0] isis enable [PE1-Pos20/0] quit [PE1] isis 1 [PE1-isis-1] is-level level-1-2 [PE1-isis-1] network-entity 10.0000.0000.0001.00 [PE1-isis-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.3 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.2.1.1 24 [PE2-Pos1/0/0] isis enable [PE2-Pos1/0/0] quit [PE2] interface pos 20/0 [PE2-Pos2/0/0] ip address 100.3.1.1 24 [PE2-Pos2/0/0] isis enable
7-126
Issue 03 (2010-03-31)

[PE2-Pos2/0/0] quit [PE2] isis 1 [PE2-isis-1] is-level level-1-2 [PE2-isis-1] network-entity 10.0000.0000.0002.00 [PE2-isis-1] quit
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 4.4.4.4 32 [PE3-LoopBack1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] ip address 100.1.1.2 24 [PE3-Pos1/0/0] isis enable [PE3-Pos1/0/0] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] ip address 100.2.1.2 24 [PE3-Pos2/0/0] isis enable [PE3-Pos2/0/0] quit [PE3] isis 1 [PE3-isis-1] is-level level-1-2 [PE3-isis-1] network-entity 10.0000.0000.0003.00 [PE3-isis-1] quit
After the configuration, IS-IS neighbor relationships are set up between PE1, PE2, and PE3. Run the display ip routing-table command. The command output shows that the PEs learn the Loopback1 route from each other. Take the display on PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 29 Routes : 30 Destination/Mask 1.1.1.1/32 3.3.3.3/32 0/0 4.4.4.4/32 10.1.1.0/24 0/0 10.1.1.2/32 Direct 0 10.1.1.255/32 Direct 0 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 127.255.255.255/32 Direct 0 100.1.1.0/24 Direct 0 100.1.1.1/32 Direct 0 100.1.1.255/32 Direct 0 100.2.1.0/24 ISIS 15 0/0 ISIS 15 100.3.1.0/24 Direct 0 0/0 100.3.1.1/32 Direct 0 100.3.1.255/32 Direct 0 255.255.255.255/32 Direct 0 0 0 0 0 0 0 0 0 20 20 0 0 0 0 D D D D D D D D D D D D D D 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 100.1.1.1 127.0.0.1 127.0.0.1 100.3.1.2 100.1.1.2 100.3.1.1 127.0.0.1 127.0.0.1 127.0.0.1 InLoopBack0 InLoopBack0 InLoopBack0 InLoopBack0 InLoopBack0 POS1/0/0 InLoopBack0 InLoopBack0 GigabitEthernet2/ POS1/0/0 GigabitEthernet2/ InLoopBack0 InLoopBack0 InLoopBack0 ISIS 15 Direct 0 10 0 D D 100.1.1.2 10.1.1.2 POS1/0/0 GigabitEthernet3/ Proto Pre Cost 0 10 Flags NextHop D D 127.0.0.1 100.3.1.2 Interface InLoopBack0 GigabitEthernet2/
Direct 0 ISIS 15
Step 2 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network and set up LDP LSPs. # Configure PE1.
[PE1] mpls lsr-id 2.2.2.2 [PE1] mpls [PE1-mpls] quit
Issue 03 (2010-03-31)
7-127

[PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] quit [PE1] interface pos [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] mpls [PE1-Pos2/0/0] quit
1/0/0 ldp 2/0/0 ldp
# Configure PE2.
# Configure PE3.
After the preceding configuration, LDP sessions are set up between PEs. Run the display mpls ldp session command. The command output shows that the LDP session status is Operational. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:02:22 572/572 4.4.4.4:0 Operational DU Passive 000:02:21 566/566 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Step 3 Configure VPN instances on PE1 and PE2 so that CE1 can access both PEs. # Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit
7-128
Issue 03 (2010-03-31)

[PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet3/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 100:2 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] ip binding vpn-instance vpna [PE2-GigabitEthernet3/0/0] ip address 10.1.1.2 24 [PE2-GigabitEthernet3/0/0] quit
# Configure CE1. Note that the IP addresses of the interfaces on the master and slave interface boards are the same.
[CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet2/0/0] quit
After the configuration, run the display ip vpn-instance verbose command on PEs. The command output shows the configurations of VPN instances. In addition, you can find that PE1 and PE2 can ping CE1 successfully. Take PE1 and CE1 as an example:
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2008/12/27 15:42:43 Up time : 0 days, 00 hours, 04 minutes and 15 seconds Route Distinguisher : 100:1 Export VPN Targets : 111:1 Import VPN Targets : 111:1 Label policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Interfaces : GigabitEthernet3/0/0 [PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=2 Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=2 Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=2 Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=2 --- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/5 ms
ms ms ms ms ms
Step 4 Enable EFM OAM extension between PE1 and CE1, and between PE2 and CE1. # Configure PE1.
[PE1] efm enable [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] efm enable [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.

[PE2] efm enable [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] efm enable [PE2-GigabitEthernet3/0/0] quit
# Configure CE1.
[CE1] efm enable [CE1] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] efm enable [PE2-GigabitEthernet1/0/0] quit interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] efm enable [PE2-GigabitEthernet2/0/0] quit
Step 5 Configure the static routes on PE1 and PE2 that are destined for CE1. Then configure EFM OAM extension for static routes, and import the static routes to BGP. # Configure PE1.
[PE1] ip route-static vpn-instance vpna 1.1.1.1 32 10.1.1.1 track efm-state gigabitethernet 3/0/0 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] import-route static [PE1-bgp-vpna] quit [UPE] interface gigabitethernet 1/0/3 [UPE-GigabitEthernet1/0/2] efm enable [UPE-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] ip route-static vpn-instance vpna 1.1.1.1 32 10.2.1.1 track efm-state gigabitethernet 3/0/0 [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-vpna] import-route direct [PE2-bgp-vpna] import-route static [PE2-bgp-vpna] quit
Step 6 Set up MP-IBGP peer relationships between PE1, PE2, and PE3. # Configure PE1.
# Configure PE2.
# Configure PE3.

After the configuration, run the display bgp peer command on the PEs. The command output shows that peer relationships are set up between the PEs and the status of the peer relationships is Established.
[PE1] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peer 4.4.4.4 3.3.3.3 V 4 4 AS 100 100 MsgRcvd 205 197 MsgSent 202 254
Peers in established state : 2 OutQ Up/Down State PrefRcv 0 0
0 03:05:25 Established 0 03:06:54 Established
Step 7 Verify the configuration. # # Run the display ip routing-table vpn-instance command on the PEs. The command output shows that the static route exists in the routing table of each PE.
[PE2] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre 60 0 0 0 255 255 255 0 Cost 0 0 0 0 0 0 0 0 Flags NextHop RD D D D RD RD RD D 10.1.1.1 10.1.1.2 127.0.0.1 127.0.0.1 3.3.3.9 4.4.4.4 4.4.4.4 127.0.0.1 InLoopBack0 InLoopBack0 POS1/0/0 POS1/0/0 InLoopBack0 Interface
1.1.1.1/32 Static GigabitEthernet3/0/0 10.1.1.0/24 Direct GigabitEthernet3/0/0 10.1.1.2/32 Direct 10.1.1.255/32 Direct 10.2.1.0/24 BGP GigabitEthernet2/0/0 10.3.1.0/24 BGP 10.3.1.2/32 BGP 255.255.255.255/32 Direct
[PE2] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre 255 255 0 0 0 255 Cost 0 0 0 0 0 0 Flags NextHop RD RD D D D RD 1.1.1.1 1.1.1.1 10.2.1.2 127.0.0.1 127.0.0.1 4.4.4.4 InLoopBack0 InLoopBack0 POS1/0/0 Interface
1.1.1.1/32 BGP GigabitEthernet3/0/0 10.1.1.0/24 BGP GigabitEthernet2/0/0 10.2.1.0/24 Direct GigabitEthernet3/0/0 10.2.1.2/32 Direct 10.2.1.255/32 Direct 10.3.1.0/24 BGP
Issue 03 (2010-03-31)
7-131

10.3.1.2/32 255.255.255.255/32 BGP 255 Direct 0 0 0 RD D

4.4.4.4 127.0.0.1 POS1/0/0 InLoopBack0
If the master/slave failover occurs on the interface boards of CE1, the gateway of CE1 also changes from PE1 to PE2. The routing information is displayed as follows:
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 BGP 255 0 RD 3.3.3.9 GigabitEthernet3/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet3/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 RD 3.3.3.9 GigabitEthernet2/0/0 10.3.1.0/24 BGP 255 0 RD 4.4.4.4 POS1/0/0 10.3.1.2/32 BGP 255 0 RD 4.4.4.4 POS1/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [PE2] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre 60 255 0 0 0 255 255 0 Cost 0 0 0 0 0 0 0 0 Flags NextHop RD RD D D D RD RD D 10.2.1.1 1.1.1.1 10.2.1.2 127.0.0.1 127.0.0.1 4.4.4.4 4.4.4.4 127.0.0.1 InLoopBack0 InLoopBack0 POS1/0/0 POS1/0/0 InLoopBack0 Interface
1.1.1.1/32 Static GigabitEthernet3/0/0 10.1.1.0/24 BGP GigabitEthernet2/0/0 10.2.1.0/24 Direct GigabitEthernet3/0/0 10.2.1.2/32 Direct 10.2.1.255/32 Direct 10.3.1.0/24 BGP 10.3.1.2/32 BGP 255.255.255.255/32 Direct
----End
Configuration Files
l

# sysname PE1 # efm enable # ip vpn-instance vpna route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 2.2.2.2 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0001.00 #
7-132
Issue 03 (2010-03-31)
interface GigabitEthernet3/0/0 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 efm enable # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.3.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct import-route static # ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.1.1.1 track efmstate gigabitethernet 3/0/0 # return l

# sysname PE2 # efm enable # ip vpn-instance vpna route-distinguisher 100:2 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # mpls lsr-id 3.3.3.3 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface GigabitEthernet3/0/0 ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 efm enable # interface Pos1/0/0
Issue 03 (2010-03-31)
7-133
link-protocol ppp ip address 100.2.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.3.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct import-route static # ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.2.1.1 track efmstate gigabitethernet 3/0/0 # return l

# sysname PE3 # mpls lsr-id 4.4.4.4 mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 4.4.4.4 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 3.3.3.3 as-number 100
7-134
Issue 03 (2010-03-31)

peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast peer 2.2.2.2 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 3.3.3.3 enable # return l

# sysname CE1 # efm enable # interface GigabitEthernet1/0/0 ip address 10.1.1.1 255.255.255.0 efm enable # interface GigabitEthernet2/0/0 ip address 10.2.1.1 255.255.255.0 efm enable # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 ip route-static 0.0.0.0 0.0.0.0 10.2.1.2 # return
Issue 03 (2010-03-31)
7-135
8 Configuring ISSU
8
About This Chapter
8.2 Implementing ISSU This section describes how to implement ISSU. 8.3 Maintaining ISSU This section describes how to monitor ISSU.
Configuring ISSU
This section describes the concepts, working mechanism, configuration procedures, and maintenance commands of ISSU, and provides configuration examples. 8.1 Introduction This section describes the concept, modes, and system requirements of ISSU.
8.4 Configuration Examples This section describes examples for configuring ISSU.
Issue 03 (2010-03-31)
8-1
8 Configuring ISSU
8.1 Introduction
This section describes the concept, modes, and system requirements of ISSU. 8.1.1 Introduction to ISSU 8.1.2 ISSU Supported by the NE80E/40E
8.1.1 Introduction to ISSU

ISSU Overview
In-Service Software Upgrade (ISSU) provides the mechanism in which current service forwarding is not interrupted to the maximum extent during upgrade or rollback of software version on the device. ISSU reduces service interruption time as possible during software upgrade, thus increasing device reliability; it also minimizes the impact of upgrade failure on the system through rollback.
Requirements on the System

To implement the ISSU on a single device, the system should meet the following requirements:
l l
The software version running in the system supports ISSU. The main boards support 1:1 redundancy backup and the interface board supports dual processes. A new process for the new version is created on the interface board because the interface board does not support 1:1 backup. During ISSU, the new process replaces the old process, which implements the switch of forwarding planes. During ISSU, the SMB is upgraded to the new version, and a new process is created on the interface board. Then, the SMB and the new process of the interface board replace the AMB and the old process of the interface board respectively. Finally, the original AMB is upgraded to the new version and thus ISSU of the whole device is complete. The system supports the Graceful Restart (GR). When the device is being reset and performing master/slave switch, its neighbors can forward and receive packets according to the routing table before switch. After being reset, the device obtains routing information from its neighbors. In this manner, service interruption can be minimized and thus network flapping caused by large-scale route recalculation is avoided. The configuration data of different versions before master/slave switch can be synchronized between the AMB and the SMB. ISSU synchronizes the configuration data of the AMB and the SMB by restoring configurations. That is, the AMB saves a temporary configuration file, through which the SMB restores the configurations.
8.1.2 ISSU Supported by the NE80E/40E

ISSU Mode
NE80E/40E supports two ISSU modes:
l
Lossless ISSU In this mode, the configurations and data of the old AMB are synchronized with the new AMB; the configurations and data of the old process on the interface board are synchronized
8-2
Issue 03 (2010-03-31)
8 Configuring ISSU
with the new process on the interface board. This upgrade mode requires a higher performance of the system.
l
Lossy ISSU In this mode, the configurations of the old AMB are synchronized with the new AMB; the configurations of the old process on the interface board are synchronized with the new process on the interface board; however, the dynamic data is not synchronized.
NOTE
In lossless or lossy ISSU, the interface board that does not support ISSU is commonly reset. In this way, the interface board is commonly reset at the ISSU plane switch phase.
Two Hybrid Modes Supported by ISSU

Two hybrid modes supported by ISSU are as follows:
l l
Lossy ISSU and lossless ISSU are simultaneously performed. Lossy ISSU and fast-startup ISSU are simultaneously performed.
LPUs Supporting ISSU

The following LPUs support ISSU: the LPUE, LPUF, LPUH, LPUI, and LPUK.
ISSU Process
The ISSU process is as follows: 1. ISSU resets the SMB based on the new version and creates a new process based on the new version on the interface board. In this manner, the new process on the interface board and the SMB form a new forwarding plane and control plane. Data synchronization and configuration restoration are performed between the AMB and the SMB and between the new process and old process on the interface board. The old control plane and forwarding plane are replaced with the new control plane and forwarding plane. Then, ISSU is complete.
2. 3.
8.2 Implementing ISSU

This section describes how to implement ISSU. 8.2.1 Establishing the Configuration Task 8.2.2 (Optional) Configuring ISSU Precheck 8.2.3 (Optional) Configuring the Length of the ISSU Rollback Timer 8.2.4 Implementing ISSU 8.2.5 Checking the Configuration
Issue 03 (2010-03-31)
8-3
8 Configuring ISSU

ISSU ensures the reliability of upgrades, reduces service interruption time, and relieves the impact of upgrade on users. Before ISSU, ensure that the current version of the system supports ISSU. During ISSU, it is recommended that you not make any change on hardware. Ensure that the control terminal of the router is connected to the AMB and SMB on the network.
Before implementing ISSU, complete the following tasks:
l l l
Powering on the router or switch and starting it normally Configuring GR Downloading resource files of the new version to the AMB and SMB. For the configuration procedures of downloading resource files, refer to the chapter "Upgrade and Maintenance" in the HUAWEI NetEngine80E/40E Router Configuration Guide - Basic Configuration
Data Preparation
To implement ISSU, you need the following data. No. 1 Data Length of the ISSU rollback timer
8.2.2 (Optional) Configuring ISSU Precheck

Context
Before implementing ISSU, you can run the issu precheck command to perform precheck. ISSU precheck contains hardware compatibility check and software compatibility check.
l
Hardware compatibility check, also called resource check, is performed to determine whether the interface board supports ISSU. ISSU software compatibility check is performed to determine the ISSU modes supported by each module.
ISSU precheck has little impact on the system and does not cause the SMB to reset, and thus can be used in non-ISSU phases. Do as follows on the device on which ISSU is performed:
Procedure
Step 1 Run:

issu precheck system-software system-file
8 Configuring ISSU
The ISSU precheck is performed. After ISSU precheck is complete, the system automatically provides the precheck result. ----End
8.2.3 (Optional) Configuring the Length of the ISSU Rollback Timer

Context
Do as follows on the device on which ISSU is performed:
Procedure
Step 1 Run:
issu timer rollback time
The length of the ISSU rollback timer is set. When the system enters the ISSU check phase, the ISSU rollback timer is automatically activated and its length is 120 minutes by default. ----End
8.2.4 Implementing ISSU

Context
During implementing ISSU, follow the prompts and interactive information of the system. Do as follows on the device on which ISSU is performed:
Procedure
Step 1 Run:
issu check system-software system-file paf paf-file license license-file
ISSU is checked. Once the command is run, the system has entered the ISSU check phase. ISSU check is performed to obtain the ISSU modes supported by the system and provides the check result in prompt information. ISSU check has the following impact on the system:
l l l
The SMB is reset on the basis of the new version and then becomes the new AMB. The system view cannot be entered. The ISSU rollback timer is activated. ISSU must be finished before the timer expires. Otherwise, ISSU may fail.
For the interactive information and description during ISSU check, refer to Table 8-1.
8 Configuring ISSU
Table 8-1 Description of the issu check command output Interactive information Warning: The value of the ISSU rollback timer is 120 minutes. The system will begin the ISSU upgrade. Continue? [Y/N]: Description Warning: The length of the ISSU rollback timer is 120 minutes. The system will start ISSU. Continue? [Y/N]
l
If you enter y, the system starts ISSU and performs ISSU check. If you enter n, the system aborts the running of the issu check command and then quits ISSU.
Warning: The slave board will be rebooted and check the software compatibility. Continue? [Y/N]:
Warning: The SMB will be reset and then the system will check software compatibility. Continue? [Y/N]
l
When you enter y, the SMB will be reset on the basis of the new version. The process lasts about two minutes in normal situations. After the SMB is reset, the system checks software compatibility. If you enter n, the system aborts the running of the issu check command and then quits ISSU.
NOTE When the R versions are the same, the preceding prompt is displayed.
Warning: The slave board will be rebooted and generate the configuration file. Continue? [Y/N]:
Warning: The SMB will be reset and then the system will generate a configuration file. Continue? [Y/N]
l
When you enter y, the SMB will be reset on the basis of the new version. The process lasts about two minutes in normal situations. After the SMB is reset, the old AMB (that is, the SMB before reset) generates a configuration file. If you enter n, the system aborts the running of the issu check command and then quits ISSU.
l When the R versions are different, the preceding
NOTE prompt is displayed.

l When ISSU is performed between different R
versions, the system supports the ISSU lossy mode only. After the SMB is reset, the system skips software compatibility check, and instead the old AMB (that is, the SMB before reset) generates a configuration file.
Step 2 Run:
issu start
ISSU is started. If you need to abort ISSU, run the Step 4 command.
8 Configuring ISSU
For the interactive information and description during ISSU startup, refer to Table 8-2. Table 8-2 Description of the issu start command output Interactive information Info: The lossless ISSU process will start. Continue? [Y/N]: Description Info: Lossless ISSU will start. Continue? [Y/N]
l
If you enter Y, the system starts ISSU in lossless mode. If you enter N, the system aborts the running of the issu start command and waits for the next operation.
If you need to continue ISSU, run the issu start command according to the prompt before the ISSU rollback timer expires. If you need to abort ISSU, run the issu abort command. If you do not run the issu start or issu abort command before the ISSU rollback timer expires, the system rolls back and quits ISSU.
Step 3 (Optional) Run:

issu common-reboot slot slot-id
The board is set to common reset mode. If you consider the registration time of the new process or the configuration restoration time on an interface board to be over long, you can set the interface board to common reset mode. The interface board that is commonly reset does not create any new process or back up data. It is not commonly used. Step 4 (Optional) Run:
issu abort
ISSU is aborted.
l l
If you need to abort ISSU, follow this step instead of Step 5 and Step 6. If you need to continue ISSU, skip this step and follow Step Step 5.
For interactive information and description during ISSU check, refer to Table 8-3.
Issue 03 (2010-03-31)
8-7
8 Configuring ISSU
Table 8-3 Description of the issu abort command output Interactive information Warning: The ISSU upgrade will be aborted, and the system will roll back to old version. Continue? [Y/N]: Description Warning: The ISSU will be aborted, and the system will roll back to the old version. Continue? [Y/N]
l
If you enter y, the ISSU is aborted, and the system will roll back to the old version. If you enter n, the system aborts the running of the issu abort command and continues ISSU.
Warning: The ISSU will be aborted, the system will be rolled back to the old version, and the new AMB will be rebooted. This operation will take 10 minutes. Continue? [Y/N]:
Warning: The ISSU upgrade will be aborted, the system will roll back to the old version, and the new AMB will be reset on the basis of the old version. The process lasts 10 minutes. Continue? [Y/N]
l
If you enter y, the ISSU upgrade is aborted, the system will roll back to the old version, and the new AMB will be reset on the basis of the old version. If you enter n, the system aborts the running of the issu abort command and continues ISSU.
Step 5 Run:
issu slave-switchover [ force ]
The planes are switched.

NOTE
During the ISSU plane switch, the Telnet connection may be terminated. This indicates a normal situation and you need to wait for 30 seconds. After 30 seconds, you can press Enter to re-log in to the device that performs ISSU.
Step 6 Run:
issu confirm
ISSU is confirmed.
NOTE
If you check the status of the AMB and SMB after the ISSU plane switch is complete, you can find that the new AMB is still in the slave state. This is because the hardware switch has not finished yet. After you run the issu confirm command to confirm the ISSU operation and the old AMB restarts with the new version, check the status of the AMB and SMB. At this time, you can find that both ISSU plane switch and hardware switch are complete and the status of the new AMB becomes Master.
----End

Prerequisite
All configurations of ISSU are complete.
8-8
Issue 03 (2010-03-31)
8 Configuring ISSU
Procedure
l l l l l Run the display issu timer rollback command to view the length of the ISSU rollback timer. Run the display issu module [ slot slot-id ] command to view the modules that supports ISSU. Run the display issu check-result [ slot slot-id ] command to view the result of ISSU check. Run the display issu backup state [ slot slot-id ] command to view the status of ISSU backup. Run the display issu backup-result [ state { resource-prepare | backup-prepare | backup1 | backup2 | backup3 | smooth | smooth-over } ] [ slot slot-id ] command to view the result of ISSU backup. Run the display issu recover-configuration command to view the commands that fail to restore configurations. Run the display issu switch-result { check | prepare | age } [ slot slot-id ] command to view the result of ISSU switch check, switch preparation, and the cause of switch failure. Run the display issu state command to view which ISSU phase the system passes.
l l l
----End
Example
Run the display issu timer rollback command to view the length of the ISSU rollback timer.
<HUAWEI> display issu timer The length of the rollback timer is 60 minutes. There are 31 minutes left.
Run the display issu module [ slot slot-id ] command to view the modules that supports ISSU.
<HUAWEI> display issu module ----------------------------------------------------------Slot ModuleId ModuleName ----------------------------------------------------------9 0x41470000 AAA 9 0x40E90000 ND 9 0x40E00000 FIB6 9 0x41270000 RPR 9 0x416E0000 ARP 9 0x40A40000 CHDLC 9 0x400F0000 DHCPS 9 0x400D0000 DHCPR 9 0x404A0000 PPP ... ...... ...... 7 0x70120000 RM 7 0x70170000 OSPF 7 0x70180000 BGP 7 0x70290000 L3VPN 7 0x702B0000 TNLM 7 0x70320000 L3VPN V6 7 0x70140000 RIP -----------------------------------------------------------
Run the display issu check-result [ slot slot-id ] command to view the result of ISSU check.
<HUAWEI> display issu check-result System upgrade type : lossless System maximum down time : 500s Interface board compatibility: --------------------------------------------------------Slot Type SupportStatus MaxDownTime(s)
Issue 03 (2010-03-31)
8-9
8 Configuring ISSU

Reason --------------------------------------------------------4 LPU ISSU 5 null 6 LPU fast-reboot 500 not enough memory 7 LPU common-reboot 500 configured to common-reboot by user ---------------------------------------------------------
Run the display issu backup state [ slot slot-id ] command to view the status of ISSU backup.
<HUAWEI> display issu backup state Main board backup status: real-time backup Interface board backup status
Run the display issu backup-result [ state { resource-prepare | backup-prepare | backup1 | backup2 | backup3 | smooth | smooth-over } ] [ slot slot-id ] command to view the result of ISSU backup.
<HUAWEI> display issu backup-result System backup-result: -------------------------------------------State Result -------------------------------------------resource-prepare success backup-prepare success backup1 success backup2 success backup3 fail smooth smooth-all-over ------------------------------------------Interface board backup-result: ----------------------------------------------------------------Slot State Result 1 resource-prepare success 1 backup-prepare success 1 backup 1 success 1 backup2 fail 1 smooth 1 smooth-all-over 2 resource-prepare success 2 backup-prepare success 2 backup 1 success 2 backup 2 success 2 smooth 2 smooth-all-over -----------------------------------------------------------------
Run the display issu recover-configuration command to view the result of ISSU configuration restoration.
<HUAWEI> display issu recover-configuration --------------------------------------------------------------Slot ViewName Command Reason --------------------------------------------------------------9 System-view display bgp peer parse failure 9 Interface Ethernet 1/0/0 display this run failure ---------------------------------------------------------------
Run the display issu switch-result { check | prepare | age } [ slot slot-id ] command to view the result of ISSU switch and switch preparation, and the cause of switch failure.

<HUAWEI> display issu switch-result check --------------------------------------------------------Slot Type Result --------------------------------------------------------2 new RTP success 2 old RTP success 18 old AMB success 4 old RTP success 4 new RTP success ---------------------------------------------------------
8 Configuring ISSU
Run the display issu state command to view which ISSU phase the system passes.
HUAWEI display issu state -----------------------------------------------Phase State -----------------------------------------------1.ISSU check finished 2.ISSU start finished 3.ISSU switchover finished 4.ISSU confirm -----------------------------------------------The cancel ISSU command : issu abort.
8.3 Maintaining ISSU

This section describes how to monitor ISSU. 8.3.1 Monitoring the Running Status of ISSU
8.3.1 Monitoring the Running Status of ISSU

Context
In routine maintenance, you can run the following command in any view to display the running of ISSU.
Procedure
l l l l l Run the display issu timer rollback command in the user view to view the length of the ISSU rollback timer. Run the display issu module [ slot slot-id ] command in the user view to view the modules that supports ISSU. Run the display issu check-result [ slot slot-id ] command in the user view to check the result of ISSU check. Run the display issu backup state [ slot slot-id ] command in the user view to check the status of ISSU backup. Run the display issu backup-result [ state { resource-prepare | backup-prepare | backup1 | backup2 | backup3 | smooth | smooth-over } ] [ slot slot-id ] command in the the user view to view the result of ISSU backup. Run the display issu recover-configuration command in the user view to view the result of ISSU configuration restoration.
Issue 03 (2010-03-31)
8-11
8 Configuring ISSU
Run the display issu switch-result { check | prepare | age } [ slot slot-id ] command in the user view to view the result of ISSU switch check, switch preparation, and the cause of switch failure.
----End

This section describes examples for configuring ISSU. 8.4.1 Example for Implementing ISSU
8.4.1 Example for Implementing ISSU

ISSU can be performed on a single device in any networking environment.
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Perform ISSU precheck to check whether the interface board supports ISSU and ISSU modes supported by each module. Set the length of the ISSU rollback timer. Perform ISSU feasibility check. Start ISSU. Switch planes. Confirm ISSU.
Data Preparation
l l
System software, PAF file, and License file of the new version Length of the ISSU rollback timer
Procedure
Step 1 Perform ISSU precheck.
<HUAWEI> issu precheck system-software VRPV500R007.cc System Upgrade Type : lossless System Maximum Down Time : 500s Interface board compatibility: ------------------------------------------------------------------Slot Type SupportStatus MaxDownTime(s) Reason ------------------------------------------------------------------4 LPU ISSU 5 null 6 LPU fast-reboot 500 not enough memory
8-12
Issue 03 (2010-03-31)
8 Configuring ISSU
-------------------------------------------------------------------
Step 2 Set the length of the ISSU rollback timer to 240 minutes.
<HUAWEI> issu timer rollback 240 Info: Please complete the ISSU upgrade within 240 minutes. Otherwise, the system will roll back to the old version.
Step 3 Perform ISSU check to determine ISSU mode.

<HUAWEI> issu check system-software VRPV500R007.cc paf paf.txt license license.txt Warning: The value of the ISSU rollback timer is 240 minutes. The system will begin the ISSU upgrade. Continue? [Y/N]:y Info: The system is comparing compatibility IDs... Info: The system is checking the hardware compatibility... Warning: Some boards do not support ISSU, and have been configured to upgrade in common reboot mode. The detailed information can be viewed by using the display command (display issu check-result). Warning: The slave board will be rebooted and check the software compatibility. Continue? [Y/N]: y Info: The slave board is rebooting in VRPV500R007... Info: The new AMB is registered. Info: The system is checking the specification compatibility... Info: The system is checking the software compatibility... Info: The system is generating the configuration file... Info: The system supports Lossless ISSU. The following operations can be done: 1. View detailed information about ISSU check result by using the command (display issu check-result). 2. The ISSU rollback timer can be configured before ISSU start by using the command (issu timer rollback).The default value of the timer is 120 minutes. 3. To start ISSU, run the command (issu start). Otherwise, the system will roll back to the old version after the ISSU timer times out. 4. To roll back the system to the old version immediately, run the command (issu abort).
Step 4 Start ISSU.

<HUAWEI> issu start Info: The lossless ISSU process will start. Continue? [Y/N]: y Info: The system will start Lossless ISSU upgrade. Info: The system is busy with the operation of coping configuration file... Info: The operation of coping configuration file is complete. Info: The system is busy with resource preparation... Info: The resource preparation is complete. Info: The system is busy with preparation for batch backup... Info: The preparation for batch backup is complete. Info: The system is busy with phase 1 batch backup... Info: Phase 1 batch backup is complete. Info: The system is busy with configuration recovery of the new AMB... Info: Configuration recovery of the new AMB is complete. Info: The system is busy with phase 2 batch backup... Warning: Some errors occurred in the phase 2 of the batch backup. The top error level: Affect ISSU Upgrade. Detailed information can be obtained by using the command (display issu backup-result) in the old AMB. Info: Phase 2 batch backup is complete. Info: Configuration of interface boards is recovering... Info: Configuration recovery of interface boards is complete. Info: The system is busy with phase 3 batch backup.. Info: Phase 3 batch backup is complete. Warning: Some errors occurred. The top error level: Affect ISSU Upgrade. Detail information can be got by the command (display issu recover-configuration) in the new AMB. Info: The system is in real-time backup phase. Please check the backup status before performing the ISSU switchover (Command: display issu backup state; issu switchover).
Step 5 Switch planes.

<HUAWEI> issu switchover Info: The system will check the ready mode of all modules first. Please wait... Info: The system is performing ISSU switchover on the forwarding plane...
Issue 03 (2010-03-31)
8-13
8 Configuring ISSU

Info: Forwarding plane switch check starts... Error: Slot 7 new RTP switchover check is incorrect. This board will be set commonreboot. Info: Forwarding plane switch check is complete. Info: Forwarding plane switch starts... Info: Slot 7 forwarding plane switch fail. This board will be rebooted immediately. Info: Slot 7 forwarding plane switch succeeded. Info: Slot 7 New Procedure forwarding plane switch succeeded. Info: Forwarding plane switch is complete. Info: Data smoothing starts... Info: Data smoothing is complete. Info: Aging starts... Info: The aging of slot 7 succeeded. Info: Aging is complete. Info: The switchover is complete. Please confirm the operation of the ISSU upgrade (Command: issu confirm).
NOTE
During the ISSU plane switch, the Telnet connection may be terminated. This indicates a normal situation and you need to wait for 30 seconds. After 30 seconds, you can press Enter to re-log in to the device that performs ISSU.
Step 6 Confirm ISSU on the new AMB.

<HUAWEI> issu confirm Info: The old AMB (slot 9) will be rebooted in the new version. This operation will take 10 minutes. After that, ISSU will be complete normally.
NOTE
If you check the status of the AMB and SMB after the ISSU plane switch is complete, you can find that the new AMB is still in the slave state. This is because the hardware switch has not finished yet. After you run the ISSU confirm command to confirm the ISSU operation and the old AMB restarts with the new version, check the status of the AMB and SMB. At this time, you can find that both ISSU plane switch and hardware switch are complete and the status of the new AMB becomes Master.
Step 7 Check whether the software version of the current system is correct to further confirm ISSU.
<HUAWEI> display startup MainBoard: Configured startup system software: Startup system software: Next startup system software: Startup saved-configuration file: Next startup saved-configuration file: Startup paf file: Next startup paf file: Startup license file: Next startup license file: Startup patch package: Next startup patch package: SlaveBoard: Configured startup system software: Startup system software: Next startup system software: Startup saved-configuration file: Next startup saved-configuration file: Startup paf file: Next startup paf file: Startup license file: Next startup license file: Startup patch package: Next startup patch package: cfcard:/VRPV500R007.cc cfcard:/VRPV500R007.cc cfcard:/VRPV500R007.cc cfcard:/vrpcfg.cfg cfcard:/vrpcfg.cfg cfcard:/paf.txt cfcard:/paf.txt cfcard:/license.txt cfcard:/license.txt cfcard:/$_patchstate_a cfcard:/$_patchstate_a cfcard:/VRPV500R007.cc cfcard:/VRPV500R007.cc cfcard:/VRPV500R007.cc cfcard:/vrpcfg.cfg cfcard:/vrpcfg.cfg cfcard:/paf.txt cfcard:/paf.txt cfcard:/license.txt cfcard:/license.txt cfcard:/$_patchstate_a cfcard:/$_patchstate_a
----End
8-14
Issue 03 (2010-03-31)
8 Configuring ISSU
Configuration Files
None
Issue 03 (2010-03-31)
8-15
A Glossary
A
This appendix collates frequently used glossaries in this document. Numerics 802.1 ag MAC Trace 802.1ag MAC Ping
Glossary
Similar to traceroute or tracert, 802.1ag MAC trace works by sending test packets and waiting for a reply to test the path between the local device and the destination device and to locate faults. 802.1ag MAC trace is initiated by a MEP and destined for a MEP or MIP at the same maintenance level within any MA. Similar to ping, 802.1ag MAC ping works by sending test packets and waiting for a reply to test whether the destination device is reachable. 802.1ag MAC ping is initiated by a MEP and destined for an MEP or MIP at the same maintenance level within any MA.
A AMB B BFD BGP C CCM Termination CCMs are generated and also terminated by MEPs. A MEP forwards received CCMs at a higher level but drops CCMs at a lower level or at the same level. In this manner, CCMs from a lowlevel MD are confined within the bounds of the MD. Bidirectional Forwarding Detection Border Gateway Protocol Active Main Board
D DMTI DM E
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. A-1
Desired Min TX Interval Detect Multiplier
A Glossary
Ethernet OAM at the Link Level
Ethernet OAM at the link level, such as Ethernet in the First Mile OAM (EFM OAM) defined in IEEE 802.3ah, provides the following functions for the link between the two directly connected devices: Link connectivity check, Link monitoring, Remote failure indication, Remote loopback. Ethernet OAM at the network level, such as Ethernet Connectivity Fault Management (CFM) defined in IEEE 802.1ag, provides the following functions for the network: Fault detection, Fault notification, Fault verification, and Fault location.
Ethernet OAM at the Network Level
F FRR G GR H HA L LSP M MA MD A Maintenance Association (MA) is part of an MD. An MD can be divided into one or multiple MAs. The Maintenance Domain (MD) refers to the network or the part of the network for which connectivity is managed by CFM. The devices in an MD are managed by a single ISP. A Maintenance association End Point (MEP) is an end point within an MA. There is a MEP database on each device enabled with Ethernet CFM. Each MEP database contains the local MEPs and RMEPs. A Maintenance association Intermediate Point (MIP) is an intermediate point within an MA. Either a MEP or a MIP is called a Maintenance Point (MP). Mean Time Between Failure Mean Time to Repair Label Switched Path High Availability Graceful Restart Fast ReRoute
MEP MEP Database MIP MP MTBF MTTR O OAMPDU
OAM Protocol Data Unit
A-2
Issue 03 (2010-03-31)
A Glossary
R RMEP RMTI S SMB SP U URL UMG V VRRP W working mode of EFM OAM WTR The working mode of EFM OAM is an attribute of the interface enabled with EFM OAM. EFM OAM has two working modes: active mode and passive mode. Wait To Restore Virtual Router Redundancy Protocol universal resource locator Universal Media Gateway Second Main Board service provider For the other devices in the same MA, their MEPs are called the Remote Maintenance association End Points (RMEPs). Required Min TX Interval
Issue 03 (2010-03-31)
A-3
B Acronyms and Abbreviations
B
A AMB B BFD BGP D DMTI DM F FRR G GR H HA L LSP M MPLS TE FRR MTBF
Acronyms and Abbreviations
This appendix collates frequently used acronyms and abbreviations in this document.
Active Main Board
Bidirectional Forwarding Detection Border Gateway Protocol
Desired Min TX Interval Detect Multiplier
Fast ReRoute
Graceful Restart
High Availability
Label Switched Path
MultiProtocol Label Switching Traffic Engineering Fast Reroute Mean Time Between Failure
Issue 03 (2010-03-31)
B-1
B Acronyms and Abbreviations
MTTR R RMTI S SMB SP U URL UMG V VRRP W WTR
Mean Time to Repair
Required Min TX Interval
Second Main Board service provider
universal resource locator Universal Media Gateway
Virtual Router Redundancy Protocol
Wait To Restore
B-2
Issue 03 (2010-03-31)

Configuration Guide - Reliability (V600R001C00 - 03)

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Configuration Guide - Reliability (V600R001C00 - 03)

Загружено:

Авторское право:

Доступные форматы

HUAWEI NetEngine80E/40E Router V600R001C00

Configuration Guide - Reliability

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

About This Document

About This Document

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

Chapter 3 APS Configuration 4 VRRP Configuration

7 Ethernet OAM Configuration 8 Configuring ISSU

A Glossary B Acronyms and Abbreviations

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

About This Document

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

About This Document

Updates in Issue 03 (2010-03-31)

Updates in Issue 02 (2009-12-10)

Updates in Issue 01 (2009-09-05)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

2 Interface Backup Configuration..............................................................................................2-1

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

7 Ethernet OAM Configuration..................................................................................................7-1

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

8.4.1 Example for Implementing ISSU.........................................................................................................8-12

A Glossary.....................................................................................................................................A-1 B Acronyms and Abbreviations.................................................................................................B-1

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

1.1.1 Technology of Reliability Overview

1.1.2 Indices of Reliability

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

1.1.3 Levels of Reliability Requirements

No impact on a system when a default occurs

Rapid recovery when a fault occurs and affects the system

1.1.4 Principles of Highly-Reliable IP Networking

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

1.2 Reliability Technologies for IP Network

1.2.1 Failure Detection for IP Network

Special fault detection technologies include:

The modes of fault detection are as follows:

1.2.2 Protection Switching for IP Network

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability

1.3 Reliability Technologies Supported by the NE80E/40E

1.3.1 FRR (Fast ReRoute)

HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability