Академический Документы
Профессиональный Документы
Культура Документы
Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
Website: Email:
Issue 03 (2010-03-31)
Related Versions
The following table lists the product versions related to this document. Product Name HUAWEI NetEngine80E/40E Version V600R001C00
Intended Audience
This document is intended for:
l l l l
Commissioning Engineer Data Configuration Engineer Network Monitoring Engineer System Maintenance Engineer
Organization
This document is organized as follows. Chapter 1 Reliability Overview 2 Interface Backup Configuration
Issue 03 (2010-03-31)
Describes This chapter describes the reliability technology of the IP network and the reliability networking solution. This chapter the methods of backing up the interface. It also provides related configuration examples.
iii
Describes This chapter describes the basic principles, configuration procedures, and configuration examples of APS. This chapter describes the fundamentals, the configurations of basic and advanced functions of VRRP as well as VRRP maintenance. This chapter describes the fundamentals, configurations of BFD basic functions and BFD for IS-IS, maintenance and provides configuration examples. This chapter describes the HA implementation, the configurations of protocol-level GR (BGP GR, OSPF GR, IS-IS GR and MPLS LDP GR), system-level GR as well as HA maintenance and provides configuration examples. This chapter describes the basic principles and the implementations of the Ethernet OAM. It also provides configuration examples. This section describes the concepts, working mechanism, configuration procedures, and maintenance commands of ISSU, and provides configuration examples. This appendix collates frequently used glossaries in this document. This appendix collates frequently used acronyms and abbreviations in this document.
5 BFD Configuration
6 GR Configuration
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description Indicates a hazard with a high level of risk that, if not avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk which, if not avoided, could result in minor or moderate injury.
iv
Issue 03 (2010-03-31)
Symbol
Description Indicates a potentially hazardous situation that, if not avoided, could cause device damage, data loss, and performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save your time. Provides additional information to emphasize or supplement important points of the main text.
General Conventions
The general conventions that may be found in this document are defined as follows. Convention Times New Roman boldface Italic Courier New Description Normal paragraphs are in Times New Roman. Names of files, directories, folders, and users are in boldface. For example, log in as user root. Book titles are in italics. Terminal display is in Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows. Convention boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... }* Description The keywords of a command line are in boldface. Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by vertical bars. One is selected. Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected. Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.
Issue 03 (2010-03-31)
Convention [ x | y | ... ]*
Description Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected. This parameter before the & sign can be repeated 1 to n times. A line starting with the # sign is comments.
&<1-n> #
GUI Conventions
The GUI conventions that may be found in this document are defined as follows. Convention boldface > Description Buttons, menus, parameters, tabs, windows, and dialog titles are in boldface. For example, click OK. Multi-level menus are in boldface and separated by the ">" signs. For example, choose File > Create > Folder.
Keyboard Operation
The keyboard operations that may be found in this document are defined as follows. Format Key Key 1+Key 2 Description Press the key. For example, press Enter and press Tab. Press the keys concurrently. For example, pressing Ctrl +Alt+A means the three keys should be pressed concurrently. Press the keys in turn. For example, pressing Alt, A means the two keys should be pressed in turn.
Key 1, Key 2
Mouse Operation
The mouse operations that may be found in this document are defined as follows. Action Click Double-click Description Select and release the primary mouse button without moving the pointer. Press the primary mouse button twice continuously and quickly without moving the pointer.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
vi
Action Drag
Description Press and hold the primary mouse button and move the pointer to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions.
Issue 03 (2010-03-31)
vii
Contents
Contents
About This Document...................................................................................................................iii 1 Reliability Overview.................................................................................................................1-1
1.1 Introduction.....................................................................................................................................................1-2 1.1.1 Technology of Reliability Overview......................................................................................................1-2 1.1.2 Indices of Reliability..............................................................................................................................1-2 1.1.3 Levels of Reliability Requirements........................................................................................................1-3 1.1.4 Principles of Highly-Reliable IP Networking........................................................................................1-3 1.2 Reliability Technologies for IP Network........................................................................................................1-4 1.2.1 Failure Detection for IP Network...........................................................................................................1-4 1.2.2 Protection Switching for IP Network.....................................................................................................1-4 1.3 Reliability Technologies Supported by the NE80E/40E.................................................................................1-5 1.3.1 FRR (Fast ReRoute)...............................................................................................................................1-5 1.3.2 OAM (Operation Administration & Maintenance)................................................................................1-7 1.3.3 VRRP (Virtual Router Redundancy Protocol).......................................................................................1-7 1.3.4 BFD (Bidirectional Forwarding Detection)........................................................................................... 1-8 1.4 Networking of Reliability over an IP Network...............................................................................................1-8 1.4.1 Failures on Intermediate Nodes or on the Link Between PEs - LDP FRR/TE FRR..............................1-8 1.4.2 Link Failure During Transimission........................................................................................................1-9 1.4.3 Failure on the Remote PE - VPN FRR.................................................................................................1-11 1.4.4 Failure of Downlink Interface on the PE - IP FRR..............................................................................1-12
Contents
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability 2.3.3 Configuring the Percentage Thresholds for Load Balancing.................................................................2-8 2.3.4 (Optional) Configuring the Bandwidth and Flow Check Interval for the Active Interface...................2-9 2.3.5 Checking the Configuration.................................................................................................................2-10
2.4 Maintaining the Interface Backup.................................................................................................................2-10 2.4.1 Monitoring Working Status of the Interface Backup...........................................................................2-11 2.5 Configuration Examples................................................................................................................................2-11 2.5.1 Example for Configuring the Active/Standby Mode of Multiple Interfaces........................................2-11 2.5.2 Example for Configuring Load Balancing on Multiple Standby Interfaces........................................2-14
3 APS Configuration.....................................................................................................................3-1
3.1 APS Overview.................................................................................................................................................3-2 3.1.1 Introduction to APS................................................................................................................................3-2 3.1.2 APS Features Supported by the NE80E/40E.........................................................................................3-2 3.2 Configuring Single-Chassis APS....................................................................................................................3-2 3.2.1 Establishing the Configuration Task......................................................................................................3-3 3.2.2 Configuring the Working Interface of an APS Group...........................................................................3-3 3.2.3 Configuring the Protection Interface of an APS Group.........................................................................3-4 3.2.4 (Optional) Configuring the Working Mode for an APS Group.............................................................3-5 3.2.5 (Optional) Setting the WTR Time for an APS Group............................................................................3-5 3.2.6 Adding Members of an APS Group to a Trunk.....................................................................................3-6 3.2.7 Checking the Configuration...................................................................................................................3-7 3.3 Configuring E-APS.........................................................................................................................................3-7 3.3.1 Establishing the Configuration Task......................................................................................................3-8 3.3.2 Configuring the Working Interface of an APS Group...........................................................................3-8 3.3.3 Configuring the Protection Interface of an APS Group.........................................................................3-9 3.3.4 Configuring the Working Mode for an APS Group.............................................................................3-10 3.3.5 (Optional) Setting the Interval for Sending APS Negotiation Messages and the Hold Time of an APS Connection....................................................................................................................................................3-11 3.3.6 (Optional) Configuring the Authentication String for the PGP Message............................................3-11 3.3.7 (Optional) Setting the WTR Time for an APS Group..........................................................................3-12 3.3.8 Adding Members of an APS Group to a Trunk...................................................................................3-12 3.3.9 Checking the Configuration.................................................................................................................3-13 3.4 Configuration Examples................................................................................................................................3-14 3.4.1 Example for Associating PW Redundancy with APS..........................................................................3-14 3.4.2 Example for Configuring TDM on the CPOS interfaces Configured with APS ................................3-31
4 VRRP Configuration.................................................................................................................4-1
4.1 VRRP Introduction..........................................................................................................................................4-3 4.1.1 VRRP Overview.....................................................................................................................................4-3 4.1.2 VRRP Features Supported by the NE80E/40E......................................................................................4-3 4.2 Configuring the VRRP Backup Group............................................................................................................4-6 4.2.1 Establishing the Configuration Task......................................................................................................4-7 4.2.2 Creating a Backup Group and Configuring a Virtual IP Address..........................................................4-8 4.2.3 Configuring the Priority of an Interface in a Backup Group..................................................................4-9 x Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Contents
4.2.4 Checking the Configuration.................................................................................................................4-10 4.3 Configuring VRRP to Track the Status of an Interface.................................................................................4-11 4.3.1 Establishing the Configuration Task....................................................................................................4-11 4.3.2 Configuring VRRP to Track the Status of an Interface........................................................................4-12 4.3.3 Checking the Configuration.................................................................................................................4-13 4.4 Configuring VRRP Fast Switchover (Common Mode)................................................................................4-13 4.4.1 Establishing the Configuration Task....................................................................................................4-14 4.4.2 Tracking the BFD Session Status.........................................................................................................4-15 4.4.3 Tracking EFM Session Status..............................................................................................................4-16 4.4.4 Checking the Configuration.................................................................................................................4-16 4.5 Configuring VRRP Fast Switchover (Using BFD Sampling).......................................................................4-17 4.5.1 Establishing the Configuration Task....................................................................................................4-18 4.5.2 Binding the Service VRRP Backup Group to the mVRRP Backup Group.........................................4-20 4.5.3 Configuring the mVRRP Backup Group to Track the BFD Session Status........................................4-20 4.5.4 Setting the Threshold for VRRP Fast Switchover...............................................................................4-22 4.5.5 Enabling the Association Between the mVRRP Backup Group Status and the Route........................4-22 4.5.6 Checking the Configuration.................................................................................................................4-23 4.6 Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured.....4-24 4.6.1 Establishing the Configuration Task....................................................................................................4-24 4.6.2 Configuring the mVRRP Backup Group.............................................................................................4-26 4.6.3 Binding the Service VRRP Backup Group to the mVRRP Backup Group.........................................4-27 4.6.4 Configuring the mVRRP Backup Group to Track the BFD Session Status........................................4-27 4.6.5 Setting the Threshold for VRRP Fast Switchover...............................................................................4-29 4.6.6 Enabling the Association Between the mVRRP Backup Group Status and the Route........................4-29 4.6.7 Checking the Configuration.................................................................................................................4-30 4.7 Configuring VRRP Applications in VLANIF...............................................................................................4-31 4.7.1 Establishing the Configuration Task....................................................................................................4-31 4.7.2 Configuring VRRP on VLANIF..........................................................................................................4-32 4.7.3 (Optional) Configuring the Sending Mode of VRRP Packets in Super-VLAN..................................4-32 4.7.4 Checking the Configuration.................................................................................................................4-33 4.8 Configuring VRRP Security..........................................................................................................................4-33 4.8.1 Establishing the Configuration Task....................................................................................................4-33 4.8.2 Configuring the Authentication Mode of VRRP Packets....................................................................4-34 4.8.3 Checking the Configuration.................................................................................................................4-35 4.9 Configuring VRRP Smooth Switching.........................................................................................................4-36 4.9.1 Establishing the Configuration Task....................................................................................................4-36 4.9.2 Configuring VRRP Smooth Switching................................................................................................4-36 4.9.3 Checking the Configuration.................................................................................................................4-37 4.10 Adjusting and Optimizing VRRP................................................................................................................4-38 4.10.1 Establishing the Configuration Task..................................................................................................4-38 4.10.2 Configuring the Interval for Sending VRRP Advertising Messages.................................................4-39 4.10.3 Configuring the Preemption Delay Time of Backup Group Routers.................................................4-40 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xi
Contents
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability 4.10.4 Enabling the Reachability Test of the Virtual IP Address.................................................................4-41 4.10.5 Disabling a Router from Checking Number of Hops in VRRP Packets............................................4-41 4.10.6 Configuring the Timeout Time of Sending Gratuitous ARP Packets by the Master router...............4-42 4.10.7 Checking the Configuration...............................................................................................................4-42
4.11 Configuring mVRRP Backup Groups.........................................................................................................4-43 4.11.1 Establishing the Configuration Task..................................................................................................4-43 4.11.2 Configuring mVRRP Backup Group.................................................................................................4-45 4.11.3 (Optional) Configuring VRRP Backup Group Members and Binding them to the mVRRP Backup Group .......................................................................................................................................................................4-45 4.11.4 (Optional) Binding Member Interface and Management Backup Group...........................................4-46 4.11.5 (Optional) Binding the PW to the mVRRP Backup Group Through VPLS......................................4-47 4.11.6 Checking the Configuration...............................................................................................................4-47 4.12 Maintaining VRRP......................................................................................................................................4-48 4.12.1 Monitoring the VRRP Running..........................................................................................................4-48 4.13 Configuration Examples..............................................................................................................................4-49 4.13.1 Example for Configuring VRRP in Master/Backup Mode................................................................4-49 4.13.2 Example for Configuring VRRP in Load Balancing Mode...............................................................4-53 4.13.3 Example for Configuring the Multi-Instance VRRP..........................................................................4-57 4.13.4 Example for Configuring VRRP Fast Switchover.............................................................................4-62 4.13.5 Example for Configuring VRRP Fast Switchover (Using BFD Sampling).......................................4-67 4.13.6 Example for Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured.....................................................................................................................................................4-85 4.13.7 Example for Configuring VRRP on VLANIF Interfaces.................................................................4-105
5 BFD Configuration.....................................................................................................................5-1
5.1 BFD Introduction............................................................................................................................................5-3 5.1.1 BFD Overview.......................................................................................................................................5-3 5.1.2 BFD Features Supported by the NE80E/40E.........................................................................................5-3 5.2 Configuring the One-Hop BFD.......................................................................................................................5-9 5.2.1 Establishing the Configuration Task....................................................................................................5-10 5.2.2 Enabling the Global BFD.....................................................................................................................5-10 5.2.3 Setting Up a BFD Session....................................................................................................................5-11 5.2.4 Checking the Configuration.................................................................................................................5-12 5.3 Configuring the BFD Passive Echo Function...............................................................................................5-13 5.3.1 Establishing the Configuration Task....................................................................................................5-13 5.3.2 Configuring the BFD Passive Echo Function......................................................................................5-14 5.3.3 Checking the Configuration.................................................................................................................5-15 5.4 Configuring the Association Between the BFD Status and the Interface Status...........................................5-16 5.4.1 Establishing the Configuration Task....................................................................................................5-16 5.4.2 Configuring the Association Between BFD Status and Interface Status.............................................5-17 5.4.3 Checking the Configuration.................................................................................................................5-18 5.5 Configuring the Association Between the BFD Status and the Sub-Interface Status...................................5-19 5.5.1 Establishing the Configuration Task....................................................................................................5-19 5.5.2 Configuring the Association Between BFD Status and Sub-Interface Status......................................5-20 xii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Contents
5.5.3 Checking the Configuration.................................................................................................................5-21 5.6 Configuring the BFD to Modify the PST......................................................................................................5-21 5.6.1 Establishing the Configuration Task....................................................................................................5-22 5.6.2 Permitting the BFD to Modify the PST...............................................................................................5-22 5.6.3 Checking the Configuration.................................................................................................................5-23 5.7 Configuring the Multi-Hop BFD...................................................................................................................5-24 5.7.1 Establishing the Configuration Task....................................................................................................5-24 5.7.2 Enabling BFD Globally........................................................................................................................5-25 5.7.3 Setting Up a BFD Session....................................................................................................................5-25 5.7.4 Checking the Configuration.................................................................................................................5-26 5.8 Configuring the BFD Session with Automatically Negotiated Discriminator..............................................5-27 5.8.1 Establishing the Configuration Task....................................................................................................5-27 5.8.2 Enabling BFD Globally........................................................................................................................5-28 5.8.3 Configuring the BFD Session with Automatically Negotiated Discriminator.....................................5-28 5.8.4 Checking the Configuration.................................................................................................................5-29 5.9 Configuring the Delay of the BFD Session to Be Up...................................................................................5-30 5.9.1 Establishing the Configuration Task....................................................................................................5-30 5.9.2 Configuring the Delay of the BFD Session to Be Up..........................................................................5-30 5.9.3 Checking the Configuration.................................................................................................................5-31 5.10 Adjusting BFD Parameters..........................................................................................................................5-32 5.10.1 Establishing the Configuration Task..................................................................................................5-32 5.10.2 Modifying the Detection Time...........................................................................................................5-33 5.10.3 Configuring the BFD WTR................................................................................................................5-34 5.10.4 Adding the Description of a BFD Session.........................................................................................5-34 5.10.5 Checking the Configuration...............................................................................................................5-35 5.11 Globally Configuring the Destination Port Number for the Multi-Hop BFD Control Packet....................5-36 5.11.1 Establishing the Configuration Task..................................................................................................5-36 5.11.2 Globally Configuring the Destination Port Number..........................................................................5-37 5.11.3 Checking the Configuration...............................................................................................................5-38 5.12 Configuring the TTL Globally....................................................................................................................5-38 5.12.1 Establishing the Configuration Task..................................................................................................5-39 5.12.2 Configuring the TTL Globally...........................................................................................................5-39 5.12.3 Checking the Configuration...............................................................................................................5-40 5.13 Configuring the Interval for Sending Trap Messages.................................................................................5-40 5.13.1 Establishing the Configuration Task..................................................................................................5-40 5.13.2 Configuring the Interval for Sending Trap Messages........................................................................5-41 5.13.3 Checking the Configuration...............................................................................................................5-41 5.14 Maintaining BFD.........................................................................................................................................5-42 5.14.1 Clearing the BFD Statistics................................................................................................................5-42 5.14.2 Monitoring the Running of BFD........................................................................................................5-42 5.15 Configuration Examples..............................................................................................................................5-43 5.15.1 Example for Configuring One-Hop BFD for Layer 3 Physical Link.................................................5-43 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xiii
Contents
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability 5.15.2 Example for Configuring the One-Hop BFD for IP-Trunk Member Link.........................................5-46 5.15.3 Example for Configuring One-Hop BFD for IP-Trunk..................................................................... 5-51 5.15.4 Example for Configuring One-Hop BFD for Layer 3 Eth-Trunk Member Link...............................5-57 5.15.5 Example for Configuring One-Hop BFD for Layer 3 Eth-Trunk......................................................5-61 5.15.6 Example for Configuring One-Hop BFD for VLANIF Interfaces.....................................................5-67 5.15.7 Example for Configuring the Association Between the BFD Status and the Interface Status...........5-71 5.15.8 Example for Configuring the Association Between the BFD Status and the Sub-Interface Status .......................................................................................................................................................................5-76 5.15.9 Example for Configuring Multi-Hop BFD.........................................................................................5-80 5.15.10 Example for Configuring the BFD for VPN Routes........................................................................5-83
6 GR Configuration.......................................................................................................................6-1
6.1 GR Introduction...............................................................................................................................................6-2 6.1.1 HA Overview.........................................................................................................................................6-2 6.1.2 GR Features Supported in the NE80E/40E............................................................................................6-9 6.2 Configuring the System-Level GR..................................................................................................................6-9 6.2.1 Establishing the Configuration Task....................................................................................................6-10 6.2.2 (Optional) Configuring the Default Slot Number for the SMB...........................................................6-10 6.2.3 Enabling the Automatic Synchronization of the AMB/SMB Configuration.......................................6-11 6.2.4 Enabling the Force AMB/SMB Switchover.........................................................................................6-11 6.2.5 (Optional) Restarting the SMB............................................................................................................ 6-12 6.2.6 Checking the Configuration.................................................................................................................6-12 6.3 Maintaining HA.............................................................................................................................................6-12 6.3.1 Monitoring the Running of HA............................................................................................................6-12 6.4 Configuration Examples................................................................................................................................6-13 6.4.1 Example for Configuring the System-Level GR..................................................................................6-13
Contents
7.4 Testing the Packet Loss Ratio on the Physical Link.....................................................................................7-21 7.4.1 Establishing the Configuration Task....................................................................................................7-22 7.4.2 Enabling EFM OAM Remote Loopback.............................................................................................7-23 7.4.3 Sending Test Packets............................................................................................................................7-23 7.4.4 Checking the Statistics on Returned Test Packets...............................................................................7-24 7.4.5 (Optional) Manually Disabling EFM OAM Remote Loopback..........................................................7-24 7.4.6 Checking the Configuration.................................................................................................................7-25 7.5 Associating EFM OAM with an Interface....................................................................................................7-26 7.5.1 Establishing the Configuration Task....................................................................................................7-26 7.5.2 Associating EFM OAM with an Interface...........................................................................................7-27 7.5.3 Checking the Configuration.................................................................................................................7-27 7.6 Configuring Basic Ethernet CFM.................................................................................................................7-28 7.6.1 Establishing the Configuration Task....................................................................................................7-29 7.6.2 Switching IEEE 802.1ag Versions.......................................................................................................7-30 7.6.3 Enabling Ethernet CFM Globally........................................................................................................7-30 7.6.4 Creating an MD....................................................................................................................................7-31 7.6.5 (Optional) Creating the Default MD....................................................................................................7-31 7.6.6 Creating an MA....................................................................................................................................7-32 7.6.7 Creating a MEP....................................................................................................................................7-33 7.6.8 Creating an RMEP...............................................................................................................................7-34 7.6.9 (Optional) Setting the Rule for Creating a MIP...................................................................................7-35 7.6.10 Enabling CC Detection.......................................................................................................................7-36 7.6.11 (Optional) Creating a VLAN..............................................................................................................7-37 7.6.12 Checking the Configuration...............................................................................................................7-37 7.7 Configuring Related Parameters of Ethernet CFM.......................................................................................7-41 7.7.1 Establishing the Configuration Task....................................................................................................7-41 7.7.2 (Optional) Configuring the RMEP Activation Time............................................................................7-42 7.7.3 (Optional) Configuring the Anti-Jitter Time During Alarm Restoration.............................................7-43 7.7.4 (Optional) Configuring the Anti-Jitter Time During Alarm Generation..............................................7-43 7.8 Fault Verification on the Ethernet.................................................................................................................7-44 7.8.1 Establishing the Configuration Task....................................................................................................7-44 7.8.2 (Optional) Implementing 802.1ag MAC Ping......................................................................................7-45 7.8.3 (Optional) Implementing Gmac ping...................................................................................................7-46 7.9 Locating the Fault on the Ethernet................................................................................................................7-46 7.9.1 Establishing the Configuration Task....................................................................................................7-47 7.9.2 (Optional) Implementing 802.1ag MAC Trace....................................................................................7-47 7.9.3 (Optional) Implementing Gmac trace...................................................................................................7-48 7.10 Associating Ethernet CFM with an Interface..............................................................................................7-49 7.10.1 Establishing the Configuration Task..................................................................................................7-49 7.10.2 Associating Ethernet CFM with an Interface.....................................................................................7-52 7.10.3 Checking the Configuration...............................................................................................................7-52 7.11 Associating EFM OAM with Ethernet CFM..............................................................................................7-53 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xv
Contents
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability 7.11.1 Establishing the Configuration Task..................................................................................................7-53 7.11.2 Associating Ethernet OAM with Ethernet OAM...............................................................................7-54 7.11.3 Checking the Configuration...............................................................................................................7-55
7.12 Associating Ethernet CFM with VPLS.......................................................................................................7-55 7.12.1 Establishing the Configuration Task..................................................................................................7-55 7.12.2 Configuring Ethernet CFM Based on the VPLS Between the PEs....................................................7-56 7.12.3 Configuring Ethernet CFM Between the CE and Local PE...............................................................7-57 7.12.4 Configuring Ethernet CFM Between the CE and Peer PE.................................................................7-59 7.12.5 Checking the Configuration...............................................................................................................7-59 7.13 Associating Ethernet OAM with MPLS OAM or BFD..............................................................................7-59 7.13.1 Establishing the Configuration Task..................................................................................................7-59 7.13.2 Configuring Ethernet OAM Functions...............................................................................................7-60 7.13.3 Associating Ethernet OAM with MPLS OAM or BFD.....................................................................7-61 7.13.4 Checking the Configuration...............................................................................................................7-62 7.14 Configuring Ethernet CFM and 1+1 Protection of Multicast VLANs........................................................7-62 7.15 Maintaining Ethernet OAM........................................................................................................................ 7-62 7.15.1 Clearing the Statistics on Error CCMs...............................................................................................7-62 7.15.2 Monitoring the Running Status of Ethernet OAM.............................................................................7-63 7.16 Configuration Examples..............................................................................................................................7-63 7.16.1 Example for Configuring EFM OAM................................................................................................7-64 7.16.2 Example for Testing the Packet Loss Ratio on the Link....................................................................7-67 7.16.3 Example for Configuring Ethernet CFM........................................................................................... 7-70 7.16.4 Example for Configuring the Default MD for Ethernet CFM............................................................7-78 7.16.5 Example for Associating Ethernet CFM with an Interface................................................................7-85 7.16.6 Example for Associating EFM OAM with Ethernet CFM................................................................ 7-91 7.16.7 Example for Configuring VPLS Ethernet CFM.................................................................................7-95 7.16.8 Example for Associating EFM OAM with MPLS OAM.................................................................7-106 7.16.9 Example for Configuring EFM OAM Extension for VRRP............................................................7-115 7.16.10 Exmaple for Configuring EFM OAM Extension for Static Routes...............................................7-125
8 Configuring ISSU.......................................................................................................................8-1
8.1 Introduction.....................................................................................................................................................8-2 8.1.1 Introduction to ISSU..............................................................................................................................8-2 8.1.2 ISSU Supported by the NE80E/40E.......................................................................................................8-2 8.2 Implementing ISSU.........................................................................................................................................8-3 8.2.1 Establishing the Configuration Task......................................................................................................8-4 8.2.2 (Optional) Configuring ISSU Precheck.................................................................................................8-4 8.2.3 (Optional) Configuring the Length of the ISSU Rollback Timer..........................................................8-5 8.2.4 Implementing ISSU................................................................................................................................8-5 8.2.5 Checking the Configuration...................................................................................................................8-8 8.3 Maintaining ISSU..........................................................................................................................................8-11 8.3.1 Monitoring the Running Status of ISSU..............................................................................................8-11 8.4 Configuration Examples................................................................................................................................8-12 xvi Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Contents
Issue 03 (2010-03-31)
xvii
Figures
Figures
Figure 1-1 LAN default gateway..........................................................................................................................1-7 Figure 1-2 Networking diagram of LDP/TE FRR application.............................................................................1-8 Figure 1-3 Networking diagram of MPLS OAM protecting switchover...........................................................1-10 Figure 1-4 Networking diagram of BFD for VRRP...........................................................................................1-11 Figure 1-5 Networking diagram of VPN FRR application................................................................................ 1-11 Figure 1-6 Networking diagram of IP FRR application.....................................................................................1-12 Figure 2-1 Interface backups................................................................................................................................2-2 Figure 2-2 Active/standby mode..........................................................................................................................2-3 Figure 2-3 Load-balancing mode.........................................................................................................................2-4 Figure 2-4 Networking diagram of configuring the active/standby interface backup........................................2-11 Figure 3-1 Networking of the association between PW redundancy and APS..................................................3-14 Figure 3-2 Networking diagram of configuring TDMoPSN..............................................................................3-32 Figure 4-1 LAN default gateway..........................................................................................................................4-3 Figure 4-2 Typical networking of VRRP fast switchover (using BFD sampling).............................................4-19 Figure 4-3 Typical networking of ignorance of the down of an interface where the mVRRP backup group is configured............................................................................................................................................................4-25 Figure 4-4 mVRRP determines the dual-homing of the master and slave routers.............................................4-43 Figure 4-5 Networking diagram of configuring VRRP in the master/backup mode......................................... 4-49 Figure 4-6 Networking diagram of configuring VRRP in load balancing mode...............................................4-54 Figure 4-7 Networking diagram of configuring VRRP multi-instance..............................................................4-58 Figure 4-8 Networking diagram of configuring VRRP fast switchover............................................................ 4-63 Figure 4-9 Typical networking of VRRP fast switchover (using BFD sampling).............................................4-68 Figure 4-10 Typical networking of ignorance of the down of an interface where the mVRRP backup group is configured............................................................................................................................................................4-87 Figure 4-11 Networking diagram of VRRP configured on VLANIF interfaces..............................................4-106 Figure 5-1 Application scenario of the BFD passive Echo function..................................................................5-13 Figure 5-2 Networking diagram of devices between the both end routers.........................................................5-16 Figure 5-3 Networking diagram of configuring the one-hop BFD.................................................................... 5-43 Figure 5-4 Networking diagram of configuring one-hop BFD for IP-Trunk member link................................5-46 Figure 5-5 Networking diagram of configuring one-hop BFD for IP-Trunk.....................................................5-51 Figure 5-6 Networking diagram of configuring one-hop BFD for Layer 3 Eth-Trunk member link...............5-57 Figure 5-7 Networking diagram of configuring one-hop BFD for Layer 3 Eth-Trunk......................................5-62 Figure 5-8 Networking diagram of configuring one-hop BFD for VLANIF interfaces.................................... 5-67 Figure 5-9 Configuring the association between the BFD status and the interface status.................................5-71 Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. xix
Figures
HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability Figure 5-10 Association between the BFD status and the sub-interface status..................................................5-76
Figure 5-11 Networking diagram of the multi-hop BFD...................................................................................5-81 Figure 5-12 Networking diagram of configuring the BFD for VPN routes.......................................................5-84 Figure 6-1 Basic mechanism of HSB...................................................................................................................6-4 Figure 6-2 Setting up sessions between the GR Helper and the GR Restarter.....................................................6-6 Figure 6-3 AMB/SMB switchover of the GR Restarter.......................................................................................6-6 Figure 6-4 GR Restarter sending signals to the neighbors after the AMB/SMB switchover...............................6-7 Figure 6-5 GR Restarter obtaining topology information from neighbors...........................................................6-7 Figure 6-6 Networking diagram of configuring the system-level GR...............................................................6-13 Figure 7-1 Networking diagram of EFM OAM extension for VRRP................................................................7-10 Figure 7-2 Networking diagram of EFM OAM extension for static routes.......................................................7-13 Figure 7-3 Diagram of configuring EFM OAM.................................................................................................7-14 Figure 7-4 Diagram of testing the packet loss ratio on the link.........................................................................7-22 Figure 7-5 Diagram of associating EFM OAM with an interface......................................................................7-26 Figure 7-6 Diagram of associating Ethernet CFM with an interface (1)............................................................7-50 Figure 7-7 Diagram of associating Ethernet CFM with an interface (2)............................................................7-50 Figure 7-8 Diagram of associating Ethernet CFM with an interface (3)............................................................7-50 Figure 7-9 Diagram of associating Ethernet CFM with an interface (4)............................................................7-51 Figure 7-10 Diagram of associating Ethernet OAM with Ethernet OAM.........................................................7-53 Figure 7-11 Figure 6-11 Networking diagram of associating Ethernet CFM with VPLS.................................7-55 Figure 7-12 Diagram of associating Ethernet OAM with MPLS OAM or BFD...............................................7-60 Figure 7-13 Diagram of configuring EFM OAM...............................................................................................7-64 Figure 7-14 Diagram of testing the packet loss ratio on the link.......................................................................7-67 Figure 7-15 Diagram of configuring Ethernet CFM..........................................................................................7-70 Figure 7-16 Networking diagram of configuring the default MD for Ethernet CFM........................................7-78 Figure 7-17 Diagram of associating Ethernet CFM with an interface...............................................................7-86 Figure 7-18 Diagram of associating EFM OAM with Ethernet CFM...............................................................7-91 Figure 7-19 Diagram of configuring VPLS Ethernet CFM...............................................................................7-95 Figure 7-20 Diagram of associating EFM OAM with MPLS OAM................................................................7-106 Figure 7-21 Networking diagram of configuring EFM OAM extension for VRRP........................................7-116 Figure 7-22 Networking diagram of configuring EFM OAM extension for static routes...............................7-125
xx
Issue 03 (2010-03-31)
Tables
Tables
Table 1-1 Levels of reliability requirements........................................................................................................1-3 Table 3-1 Interfaces and IP address....................................................................................................................3-15 Table 4-1 Networking requirements of the multi-instance VRRP.....................................................................4-57 Table 6-1 Comparison between the GR and the HSB..........................................................................................6-8 Table 7-1 Differences between IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007..................................7-5 Table 8-1 Description of the issu check command output...................................................................................8-6 Table 8-2 Description of the issu start command output....................................................................................8-7 Table 8-3 Description of the issu abort command output...................................................................................8-8
Issue 03 (2010-03-31)
xxi
1 Reliability Overview
1
About This Chapter
Reliability Overview
This chapter describes the technologies and indices of the reliability. 1.1 Introduction This section describes the technologies and indices of the reliability. 1.2 Reliability Technologies for IP Network This section describes the common reliability technologies applied to IP networks. 1.3 Reliability Technologies Supported by the NE80E/40E This section describes the common reliability technologies supported by the NE80E/40E. 1.4 Networking of Reliability over an IP Network This section describes the typical networking schemes of IP network reliability.
Issue 03 (2010-03-31)
1-1
1 Reliability Overview
1.1 Introduction
This section describes the technologies and indices of the reliability. 1.1.1 Technology of Reliability Overview 1.1.2 Indices of Reliability 1.1.3 Levels of Reliability Requirements 1.1.4 Principles of Highly-Reliable IP Networking
Principle of reliable system and hardware design Principle of reliable software design Test and authentication of reliability Reliable IP network design
With the popularity of networks and diversification of applications, various value-added services are deployed on networks. The bandwidth increases in index number. Therefore, even a shorttime interrupt may impact a huge number of services critically and make an incredible loss. For a fundamental network that bears various services, its reliability is highlighted much more than ever. This chapter focuses on reliability technologies applicable to the IP network over the Versatile Routing Platform (NE80E/40E).
MTTR
MTTR: identifies the default recovery capability in terms of maintainability. The term refers to an average time that a component or a device takes to recover from a failure. In fact, it is the fault-tolerance capability. In a broader sense, the MTTR also includes spare part management and customer service. The MTTR plays an important role in evaluating maintainability. The formula of the MTTR is as follows: MTTR = Fault detection time + Board replacement time + System initialization time + Link recovery time + Route coverage time + Forwarding recovery time The smaller the addends are, the smaller the MTTR is and the higher the availability the device offers.
1-2
Issue 03 (2010-03-31)
1 Reliability Overview
MTBF
MTBF identifies the probability of faults in terms of reliability. The term refers to the average time when a component or a device runs without any failure, usually in hours. In the telecommunication industry, the availability of 99.999% means that the MTTR must be no more than five minutes each year.
Availability
Availability identifies the utility of a system. The availability is improved when the MTBF increases or the MTTR decreases. In real networking, however, it may be inevitable to witness network faults and service interruption for various causes. Therefore, a kind of technology to recover the device from the fault rapidly becomes even important. This technology can just improve the availability by reducing MTTR.
Hardware: simplified design, standardized circuits, reliable application of components, reliability control in purchased components, reliable manufacture, environment endurability, and reliability experiment (HALT/HASS) Software: checklist of reliable software design Redundancy design Switchover policy High availability of switchover Fault detection Diagnosis Isolation Recovery
l l l
l l l l
Hierarchical networking: A network is divided into three layers, that is, core layer, convergence layer, and edge layer. According to the current and future services, redundancy backup is configured on a device connects to access nodes on the edge layer. The active and standby nodes connect to convergence nodes. Devices of convergence layer are dualhomed to single node multi-device of the upper layer or to multi-node device of
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-3
Issue 03 (2010-03-31)
1 Reliability Overview
convergence layer and core layer alternatively. Devices of core layer are enabled with full interconnection or half interconnection. In this manner, two devices are reachable to each other with one route at a fast traffic rate, avoiding multi-interconnection.
l
On the same layer, multi-interconnection is applicable; multi-device is applicable to a single node. The lower-layer devices are dual-homed or multi-homed to single nodes or multiple nodes of devices on the upper layer. Adjustment should be taken according to traffic.
APS (on transport layer) RPR OAM, Eth-OAM (on link layer) MPLS OAM (for MPLS)
Common fault detection technology includes the Bidirectional Forwarding Detection (BFD) that detects faults on all layers.
The fault detection mechanism is available on each layer of the TCP/IP reference module. The fault detection mechanisms are as follows:
l l l l
Transport/Physical layer: APS Data link layer: RPR OAM, MPLS OAM, Eth-OAM, STP, RSTP, MSTP, and RRPP Network layer: Hello mechanism in different protocols, VRRP, and GR Application layer: heartbeat mechanism and re-forwarding mechanism of various protocols
Asynchronous mode: The detection packet is sent periodically. Query mode: A series of packets for confirmation are sent. Echo mode: The received packet is sent back to the peer without any change.
1 Reliability Overview
End-to-end protection: 1:1, 1+1, 1:N, and M:N Local protection: FRR
The trigger mode includes BFD trigger mode and Fast Reroute (FRR) trigger mode. The protection switching functions are as follows:
l l l l l l
Local request protection Local real-time protection Latency of switchover signal processing Anti-switching of a single node Coexistence and preemption of switchover request Switchover recovery mode
1 Reliability Overview
LDP FRR
Conventional IP FRR cannot effectively protect traffic on a Multiprotocol Label Switching (MPLS) network. The NE80E/40E provides MPLS networks with the LDP FRR for protection at the interface level. Compared with fast convergence in IGP, the LDP FRR calculates a secondary interface in advance. Route calculation and re-establishment of an LSP after a failure take less time. As a result, the switchover speeds up. When LDP works in a mode of Downstream Unsolicited (DU) label distribution, ordered label control and liberal label retention, a Label Switching Router (LSR) saves all label mapping messages. Only the label mapping messages sent by the next hop corresponding to the Forwarding Equivalence Class (FEC) can generate a label forwarding table. With the preceding features, when a forwarding table is generated for mapping of liberal retention label, this means that a bypass LSP is established. Normally, a packet is forwarded through the primary LSP. When the outgoing interface of the primary LSP is Down, the packet is forwarded along the bypass LSP. This ensures continuous traffic follow in the short period before network convergence.
MPLS TE FRR
The MPLS TE FRR is a commonly used switchover technology to deal with a failure. The solution is to create an end-to-end TE tunnel between Provider Edge (PE) devices and a bypass Label Switched Path (LSP) for protecting a primary LSP. When the router detects that the primary LSP is unavailable because of an intermediate node failure or link failure, the traffic is switched to the bypass LSP. In terms of principle, MPLS TE FRR can enable fast switchover to respond to link failures and node failures between two PEs that serve as the start node and end node of a TE tunnel respectively. Nevertheless, MPLS TE FRR cannot deal with the failure of PEs that serves as the start node and end node on a TE tunnel. When a PE fails, the traffic can resume by end-to-end route convergence and LSP convergence. The time of convergence relates closely to the number of routes of the MPLS VPN and the number of hops of the bearer network. Generally, the convergence takes about 5s in typical networking, longer than 1s that is required for the end-toend traffic convergence when a node fails.
VPN FRR
Based on the VPN fast route switching technology, VPN FRR sets a switchover forwarding entry that is destined for the primary PE and backup PE on a remote PE. With VPN FRR and the technology of fast sense of PE failures, on an MPLS VPN where Costumer Edge (CE) devices are dual-homed to PEs, the time of end-to-end service convergence is shortened and the time of PE failure recovery cannot be affected by the number of private network routes. When a PE node fails, the convergence of end-to-end service takes less than 1s. On a PE device configured with VPN FRR, proper VPNv4 routes are selected by the matching policy. For these routes, in addition to the routing information sent by the preferential next hop (including forwarding prefix, inner tag, and selected outer LSP tunnel), information about the inferior priority next hop (including forwarding prefix, inner tag, and selected outer LSP tunnel) are also contained in the forwarded entry. When preferential next hop node fails, through BFD and MPLS OAM, the PE detects that the outer tunnel connecting the PE to the preferential node is unavailable. The PE sets a
1-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
1 Reliability Overview
corresponding flag in the LSP tunnel status table to indicates the outer LSP is unavailable and delivers the flag to the forwarding engine. When the forwarding engine selects a forwarding entry, it checks the LSP tunnel status corresponding to this forwarding entry. If the LSP tunnel is unavailable, the engine uses the route of a inferior priority carried in this forwarding entry to forward packets.
Detecting the TE LSP connectivity Performing switchover when a link fails to provide services according to Service Level Agreements (SLAs)
With the MPLS OAM mechanism, the router can detect, identify, and locate a fault of MPLS layer effectively. Then, the fault is reported and processed. In addition, when a failure occurs, the protection switching mechanism can be triggered.
Ethernet
IP Address:10.0.0.2/24 Gateway:10.0.0.1 Gateway:10.0.0.1 IP Address:10.0.0.3/24 Gateway:10.0.0.1 IP Address:10.0.0.4/24
10.0.0.1/24
RouterA
Network
A common method to enhance the system reliability is to configure several gateways, but how to select routes among several gateways becomes a problem. As a type of redundancy protocol,
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-7
1 Reliability Overview
the Virtual Router Redundancy Protocol (VRRP) can separate physical device and logical device to select routes among different gateways. On a LAN enabled with multicast or broadcast, for example, Ethernet, VRRP offers logical gateways to ensure highly available link. This solves the problem that services are interrupted because of a gateway router failure, without changing the configuration of routing protocol.
Detecting channel failures between adjacent forwarding engines with light load in a short time Detecting any media and any protocol layer with single mechanism in real time and supporting different detection time and costs
1.4.1 Failures on Intermediate Nodes or on the Link Between PEs LDP FRR/TE FRR
Figure 1-2 Networking diagram of LDP/TE FRR application PE1 P1 P2 P3 PE3
PE2
1-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.
PE4
Issue 03 (2010-03-31)
1 Reliability Overview
As shown in Figure 1-2, LDP LSP serves as a public network tunnel and TE is enabled with QoS between P devices. This network deployment enhances the QoS across the entire network and simplifies the TE deployment in changing PE devices. Without transmission devices, if a failure occurs on the link between P1 and P2, or P2 fails on a non-broadcast network, the LDP FRR performs switching on PE1 and ensures that the switching takes no more than 50 ms. The premise of preceding application is that no transmission device exists, since the switching performed by the TE FRR/LDP FRR depends on the detection of the interface status through signals or optical signals. If transmission devices exist and a link fails, the router cannot detect the interrupt of optical signals, and the switching cannot be performed. Then, another mechanism is required to detect the link between transmission devices, namely, BFD or OAM.
Issue 03 (2010-03-31)
1-9
1 Reliability Overview
P1
PE1
P2
PE2
MPLS TE Tunnel
P3
As shown in Figure 1-3, two TE tunnels are created between the ingress PE1 and egress PE2, forming a protection group. A TE tunnel is created between PE2 and PE1 through P1 as a reverse channel, advertising a failure to ingress PE1.
VRRP, BFD
BFD and OAM are similar because both of them define a set of mechanisms including detection, failure report, and switchover. For BFD and OAM, the detection is carried out by sending fast detection packets through a preset path to detect the link status. If the detection packets cannot pass through the link, the packets are dropped. To avoid the jitters, the number of detection packets is specified. When the number of the lost detection packets reaches the set value, the link is considered as interrupted. BFD is a bidirectional detection mechanism, and its detection packets are sent bidirectionally. If one end does not receive the detection packets within a specified period, the end assumes that the link is interrupted and reports to related modules to perform switchover.
1-10
Issue 03 (2010-03-31)
1 Reliability Overview
Switch1
PE1
VRRP
Backbone
Switch2
PE2
As shown in Figure 1-4, PE1 and PE2 form a VRRP master and backup group, serving as the backup for each other. The VRRP backup group monitors BFD session. For example, when PE1 serves as the primary PE and the link between Switch1 and PE1 fails, the failure is fast detected through BFD and reported to VRRP. The VRRP master and backup group performs switchover fast and then PE2 becomes the primary PE.
PE2
PE4
As shown in Figure 1-5, PE3 and PE4 access the VPN. If the user network on the left of PE1 needs to communicate with the user network on the right of PE3, PE1 can access the user network on the right through PE3 and PE4. In this case, PE3 and PE4 serve as the backup for each other, through which PE1 sends packets. This is how VPN FRR works. Similar to other FRR technologies, in the VPN FRR, an available bypass path is reserved for fast switchover before the primary path fails. For VPN FRR, two next hops (PEs) are reserved for the local device to access the private network. One is the active PE and the other is the standby PE. The active and standby PEs are configured manually.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 1-11
1 Reliability Overview
As shown in Figure 1-5, PE1 reserves two next hops, that is, PE3 and PE4, to access the remote VPN. PE1 can select either of them as the active next hop and the standby next hop.
l
Without the VPN FRR, only an active next hop entry is delivered from the control plane to the forwarding plane. When the active next hop becomes invalid, the standby next hop entry is delivered to the forwarding plane. As a result, the switchover is slow. After the configuration of VPN FRR, both next hop entries are delivered from the control plane to the forwarding plane. When the active next hop becomes invalid, the standby next hop can be applied quickly to the forwarding plane. The switchover speeds up.
After BFD detects that the PE of the active next hop fails, switchover is performed within a very short period, which ensures high reliability.
Backbone
CE
PE2
As shown in As shown in Figure 1-6, the traffic to the CE is forwarded by PE1 (the active PE). If the link between PE1 and the CE fails, IP FRR switches the traffic from the link between PE1 and the CE to the link between PE2 to the CE. The principle of FRR is to retain a bypass path on the forwarding plane for fast switchover. Similarly, with IP FRR, two paths exist between PE1 and CE. For one path, packets are transmitted through direct route. For the other path, packets are transmitted from PE1 to PE2 and then forwarded to CE. Generally, PE accesses the Layer 3 Virtual Private Network (L3VPN). IP FRR is applied to a private network. Then, the private network neighbor relationship between PE1 and PE2 needs to be created, and the primary and bypass paths are created for PE1 accessing CE.
1-12
Issue 03 (2010-03-31)
Issue 03 (2010-03-31)
2-1
if1
LAN
if2 if3
if4
Interfaces if1, if2, and if3 are backed up for each other. For example, if2 transmits services. if1 and if3 are in the backup state and have their respective backup priorities. The router traces the status of each interface. When if2 fails, the router enables the standby interface with a higher priority to replace if2. This ensures smooth and reliable transmission of services. The interface backup mechanism divides interfaces into the active interface and the standby interface according to their roles in the service transmission process.
Active Interface
The active interface undertakes service transmission and is backed up by other interfaces, such as if2 in Figure 2-1. Any physical interface or sub-interface like POS ,Ethernet or ATM interface serves as an active interface on a router. An active interface with larger bandwidth provides a higher transmission rate.
Standby Interface
The standby interface does not transmit services and is often in the standby mode. The standby interface backs up the active interface, such as if1 and if3 in Figure 2-1.
2-2 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Any physical interface (POS , AUX Ethernet or ATM interface for example) on a router serves as a standby interface.
NOTE
l l l
An active interface is backed up by several standby interfaces. When the active interface fails, the standby interface with the highest priority takes over services from the active interface. The same standby interface backs up only one active interface. ISDN BRI/PRI interfaces that have multiple physical channels provide backup for multiple active interfaces through the Dialer route in the Dial Control Center (DCC) configuration.
In the active/standby mode, only one interface transmits services transmission all the time.
l
When the active interface works normally, all traffic flows pass through the active interface; the standby interfaces like if1 and if3 remain in the standby mode even if the active interface is overloaded. The standby interface with the highest priority takes over the work of the active interface and transmits all traffic flows only when the active interface fails. When the failed active interface is restored, it transmits traffic again.
Load-Balancing Mode
In the load-balancing mode, the interfaces share the flow.
l
When the data flow of the active interface reaches the specified upper limit, the router automatically enables an available standby interface with the highest priority. Both interfaces undertake the transmission together and share the load. When the flows of these two interfaces reach the highest threshold again, the router enables another available interface with the second highest priority for balancing the load among these interfaces, and so on. When the data flow of the active interface reaches the pre-defined lower limit, the router disables the standby interface with the lowest priority that is taking part in load balancing until the active interface can undertake the flow on its own.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-3
Issue 03 (2010-03-31)
if4
if3 A%+B%+C%=100%
NOTE
The working mode is selected depending on configuration of the percentage threshold of load balancing by the users. If the percentage threshold is configured, the router uses the load-balancing mode. Alternatively, the router uses the active/standby mode.
Pre-configuration Tasks
Before configuring the active/standby interface backup, complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring IP addresses for interfaces Configuring a static route to the destination network segment through the active/standby interface
NOTE
Configure these parameters on the active interface and standby interfaces. To efficiently use IP addresses, you can borrow the address of the active interface for the standby interface.
2-4
Issue 03 (2010-03-31)
Data Preparation
To configure the active/standby interface backup, you need the following data. No 1 2 3 Data Standby interfaces that serve as backup for the active interface Priorities of standby interfaces Delay time of the active/standby switchover
Procedure
Step 1 Run:
system-view
l l l
If multiple standby interfaces need to be configured for a main interface, run the standby interface command for several times to configure all the standby interfaces. A main interface can be configured with a maximum of three standby interfaces. In addition, a standby interface can be configured only for one main interface. A maximum of 10 main interfaces can exist at the same time.
----End
If the active interface is still in the Down state when the delay period expires, the system switches traffic from the active interface to the standby interface. If the active interface restores within the delay, switching does not occur.
Do as follows on the router that needs to be configured with the active/standby interface backup:
Procedure
Step 1 Run:
system-view
The switchover delay for the active/standby interfaces is configured. When enable-delay and disable-delay are set to 0, the switching is performed immediately. ----End
Procedure
Step 1 Run the display standby state command to Check the status of the active or the standby interface. ----End
Example
Running the display standby state command, you can view information about the status of the active and standby interfaces as follows:
<HUAWEI> display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate GigabitEthernet3/0/0 UP MUP MU GigabitEthernet3/0/4 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL
As shown in the command output, GE 3/0/0 serves as an active interface and is in the Up state. GE 3/0/4 serves as a standby interface and is in the Standby state and its priority is 20.
2-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
The two parameters affect the service throughput on each interface. Meanwhile, the bandwidth of the active interface is preferentially used.
Pre-configuration Tasks
Before configuring the load balancing interface backup, you need to complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring IP addresses for interfaces Configuring static routes to the destination network segment on the active interface and standby interfaces
NOTE
The preceding parameters are required on both the active interface and the standby interfaces. To efficiently use IP addresses, you can the address of the active interface for the standby interfaces .
Data Preparation
To configure the load balancing interface backup, you need the following data.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 2-7
No 1 2 3 4
Data Standby interface and its priority Percentage thresholds for enabling and disabling load balancing Bandwidth of the active interface Interval for checking the traffic on the active interface
Procedure
Step 1 Run:
system-view
l l l
You can use the standby interface command repeatedly to configure multiple standby interfaces for an active interface. An active interface can be backed up by a maximum of three standby interfaces. One standby interface can back up only one active interface. The NE80E/40E supports up to 10 active interfaces simultaneously.
----End
Procedure
Step 1 Run:
system-view
2-8
Issue 03 (2010-03-31)
The percentage threshold for load balancing is set. By default, the system does not support the load-balancing mode, that is, no threshold percentage is configured. When the flow of the active interface reaches the pre-defined upper limit (enable-threshold), the router automatically enables an available standby interface with the highest priority. This standby interface undertakes the service transmission with the active interface. When the flow of the active interface is less than the pre-defined lower limit (disablethreshold), the router disables a standby interface with the lowest priority that transmits services in load balancing mode. ----End
2.3.4 (Optional) Configuring the Bandwidth and Flow Check Interval for the Active Interface
Context
Do as follows on the router that needs to be configured the load balancing interface backup:
Procedure
Step 1 Run:
system-view
The maximum bandwidth of the active interface is configured. By default, on the active interface, its actual physical bandwidth is adopted as its maximum available bandwidth. Step 4 Run:
standby timer flow-check time
Procedure
l l Run the display standby flow command to Check the flow statistics of the active interface working in load-balancing mode. Run the display standby state command to Check the status of the active and standby interfaces.
----End
Example
After the configuration, you can run the display standby flow command and the display standby state command.
<HUAWEI> display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 UP MUP MUD Pos 1/0/0 UP UP BU 40 Pos 3/0/0 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL <HUAWEI> display standby flow Interfacename : Pos2/0/0 Flow-interval(s) : 30 LastInOctets : 5298 LastOutOctets : 398807420 InFlow(Octets) : 1038 OutFlow(Octets) : 78717892 BandWidth(b/s) : 40000000 UsedBandWidth(b/s) : 20991432
As shown, POS 2/0/0 is configured as an active interface and POS 1/0/0 and POS 3/0/0 as standby interfaces. The bandwidth of the active interface is 40000000 bit/s. When the traffic exceeds the load-balancing limit, the percentages of upper and lower thresholds for load balancing are 50% and 30% respectively. As shown in the command output, the bandwidth in use on the active interface is 20991432 bit/s exceeding 40 Mbit/s by 50%. Then, the standby interface POS 1/0/0 with a higher priority starts to undertake the traffic.
2-10
Issue 03 (2010-03-31)
Procedure
l l Run the display standby state command in any view to check the configuration and status of the interface backups. Run the display standby flow command in any view to check statistics of the traffic on the active interface in load balancing.
----End
POS 2/0/0 serves as the active interface. POS 1/0/0 and POS 3/0/0 serve as standby interfaces of POS 2/0/0. POS 1/0/0 takes a higher priority than that of POS 3/0/0.
Figure 2-4 Networking diagram of configuring the active/standby interface backup POS1/0/0 10.1.1.1/24 POS2/0/0 10.1.2.1/24 POS3/0/0 10.1.3.1/24 POS1/0/0 10.1.1.2/24 POS2/0/0 10.1.2.2/24 POS3/0/0 10.1.3.2/24
RouterA
GE4/0/0 10.10.1.2/24
RouterB
GE4/0/0 10.20.1.2/24
10.10.1.1/24
Issue 03 (2010-03-31)
HostA
10.20.1.1/24
2-11
HostB
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure POS 2/0/0 on Router B as the active interface to bear all the services. Configure POS 1/0/0 and POS 3/0/0 in the interface view of POS 2/0/0 as the standby interfaces without any service. POS 1/0/0 has a higher priority.
Data Preparation
To complete the configuration, you need to configure the priority of the standby interface.
Procedure
Step 1 Configure the network layer attributes. # Configure IP addresses for routers as shown in Figure 2-4. The configuration details are omitted here. # Configure a static route to Host B network segment on Router A.
<RouterA> [RouterA] [RouterA] [RouterA] system-view ip route-static 10.20.1.0 255.255.255.0 pos1/0/0 ip route-static 10.20.1.0 255.255.255.0 pos2/0/0 ip route-static 10.20.1.0 255.255.255.0 pos3/0/0
# Configure Host A and Host B to use Router A and Router B as their gateways respectively. The configuration details are omitted here. After the configuration, Host A and Host B can ping through each other. Step 2 Configure the interface backup on Router B. # Configure POS 2/0/0 as the active interface and POS 1/0/0 and POS 3/0/0 as the standby interfaces. POS 1/0/0 has a higher priority. Immediate switching is adopted.
[RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] standby interface pos1/0/0 40 [RouterB-Pos2/0/0] standby interface pos3/0/0 20 [RouterB-Pos2/0/0] quit
After the configuration, display the state of the active/standby interfaces, and you can find that POS2/0/0 is UP, and POS 1/0/0 and POS 3/0/0 are STANDBY.
[RouterB] display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 UP MUP MU Pos 1/0/0 STANDBY STANDBY BU 40 Pos 3/0/0 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL
2-12
Issue 03 (2010-03-31)
After the Tracert test of Host B address on Host A, you can view the packets reaches the destination through the link layer of POS 2/0/0 on Router B.
C:\> tracert 10.20.1.1 Tracing route to 10.20.1.1 over a maximum of 30 hops 1 60 ms 60 ms 50 ms 10.10.1.2 2 50 ms 40 ms 70 ms 10.1.2.2 3 70 ms 70 ms 60 ms 10.20.1.1 Trace complete.
Step 3 Verify the configuration. # Run the shutdown command on POS 2/0/0 on Router B to simulate a fault.
[RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] shutdown [RouterB-Pos2/0/0] quit
# Display the state of the active and standby interfaces again, and you can find that POS 1/0/0 becomes UP and POS 3/0/0 is still STANDBY.
[RouterB] display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 DOWN MDOWN MU Pos 1/0/0 UP UP BU 40 Pos 3/0/0 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL
After the Tracert test of Host B address on Host A, you can display the packets reaching the destination through POS 1/0/0 of the link layer on Router B.
C:\> tracert 10.20.1.1 Tracing route to 10.20.1.1 over a maximum of 30 hops 1 60 ms 60 ms 50 ms 10.10.1.2 2 50 ms 40 ms 70 ms 10.1.1.2 3 70 ms 70 ms 60 ms 10.20.1.1 Trace complete.
----End
Configuration Files
l
Issue 03 (2010-03-31)
2-13
ip route-static 10.20.1.0 255.255.255.0 Pos1/0/0 ip route-static 10.20.1.0 255.255.255.0 Pos2/0/0 ip route-static 10.20.1.0 255.255.255.0 Pos3/0/0 # return l
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure POS 2/0/0 on Router B as the active interface. Configure POS 1/0/0 and POS 3/0/0 in the interface view of POS 2/0/0 as the standby interfaces. POS 1/0/0 has a higher priority.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
2-14
3.
Configure the threshold of the load balancing percentage and the active interface bandwidth.
Data Preparation
To complete the configuration, you need the following data:
l l
The priority of the standby interface The threshold of the load balancing percentage and the active interface bandwidth
Procedure
Step 1 Configure the network layer attributes. # Configure IP addresses of all interfaces as shown in Figure 2-4. The configuration details are not mentioned here. # Configure a static route to Host B network segment on Router A.
<RouterA> [RouterA] [RouterA] [RouterA] system-view ip route-static 10.20.1.0 255.255.255.0 pos1/0/0 ip route-static 10.20.1.0 255.255.255.0 pos2/0/0 ip route-static 10.20.1.0 255.255.255.0 Pos3/0/0
# Configure Host A and Host B to use Router A and Router B as their gateways respectively. The configuration details are omitted here. After the configuration, Host A and Host B can Ping through each other. Step 2 Configure the interface backup on Router B. # Configure POS 2/0/0 as the active interface and POS 1/0/0 and POS 3/0/0 as the standby interfaces with the priorities of 40 and 20 respectively.
[RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] standby interface pos1/0/0 40 [RouterB-Pos2/0/0] standby interface pos3/0/0 20
# Configure the percentage threshold of load balancing and the bandwidth of the active interface.
[RouterB-Pos2/0/0] standby bandwidth 40000 [RouterB-Pos2/0/0] standby threshold 50 30
Step 3 Verify the configuration. # Running the display standby state command on Router B, you can view information about the status of active and standby interfaces. As shown in the command output, POS 2/0/0 is in the Up state. POS 1/0/0 and POS 3/0/0 are in the Standby state. Also, you can run the display standby flow command to view traffic changes on POS 2/0/0.
<RouterB> display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 UP MUP MU Pos 1/0/0 STANDBY STANDBY BU 40
Issue 03 (2010-03-31)
2-15
# Router A sends great traffic to Host B, making the traffic on POS 2/0/0 exceeds 20 Mbit/s. After 30 seconds, you can view the state of the active and standby interfaces on Router B again and you can find that both POS 2/0/0 and POS 1/0/0 are Up.
<RouterB> display standby state Interface Interfacestate Backupstate Backupflag Pri Loadstate Pos 2/0/0 UP MUP MUD Pos 1/0/0 UP UP BU 40 Pos 3/0/0 STANDBY STANDBY BU 20 Backup-flag meaning: M---MAIN B---BACKUP V---MOVED U---USED D---LOAD P---PULLED G---LOGICCHANNEL <RouterB> display standby flow Interfacename : Pos2/0/0 Flow-interval(s) : 30 LastInOctets : 5298 LastOutOctets : 398807420 InFlow(Octets) : 1038 OutFlow(Octets) : 78717892 BandWidth(b/s) : 40000000 UsedBandWidth(b/s) : 20991432
----End
Configuration Files
l
2-16
Issue 03 (2010-03-31)
Issue 03 (2010-03-31)
2-17
3 APS Configuration
3
About This Chapter
APS Configuration
This chapter describes the basic principle, configuration procedures, and configuration examples for Automatic Protection Switching (APS). 3.1 APS Overview This section describes the principle and concepts of APS. 3.2 Configuring Single-Chassis APS This section describes how to configure single-chassis APS. 3.3 Configuring E-APS This section describes how to configure Efficiency APS (E-APS). 3.4 Configuration Examples This section provides several configuration examples of APS.
Issue 03 (2010-03-31)
3-1
3 APS Configuration
In 1+1 mode, a protection interface is paired with each working interface. Normally, the receiver only processes the traffic being received on the working link. When the working link is faulty, traffic is switched to the protect link on the receiver, which is called unidirectional switchover. In 1:1 mode, the working link transmits high-level traffic and the protect link transmits nothing to the receiver. When the working link is faulty, the sender switches the high-level traffic to the protect link and the receiver obtains the high-level traffic from the protect link. This is called bidirectional switchover.
1+1 unidirectional mode and 1:1 bidirectional mode. Manual switching of APS groups. Forcible switching of APS groups. Locking of APS groups. APS implemented on interfaces. APS implemented on the same SIC or inter-SIC APS. E-APS. Adding the working and protection interfaces of an APS group to a trunk and configuring services on the trunk.
3 APS Configuration
3.2.1 Establishing the Configuration Task 3.2.2 Configuring the Working Interface of an APS Group 3.2.3 Configuring the Protection Interface of an APS Group 3.2.4 (Optional) Configuring the Working Mode for an APS Group 3.2.5 (Optional) Setting the WTR Time for an APS Group 3.2.6 Adding Members of an APS Group to a Trunk 3.2.7 Checking the Configuration
Pre-configuration Task
Before configuring APS, complete the following tasks:
l
Configure an interface on the router and ensure that the link layer protocol between the router and the RNC is Up.
Data Preparation
To configure APS, you need the following data. No. 1 2 3 Data ID of an APS group IDs of the working and protection interfaces in an APS group (Optional) WTR time set for an APS group
Procedure
Step 1 Run:
system-view
3 APS Configuration
Step 2 Run:
interface interface-type interface-number
or
controller cpos cpos-number
Step 3 Run:
aps group group-id
An APS group is created and an interface is added to the APS group. Step 4 Run:
aps working [ peer-ip]
The interface added to the APS group is specified as the working interface.
NOTE
In the case of single-chassis APS, you needn't configure peer-ip when specifying the protection interface for an APS group.
----End
Procedure
Step 1 Run:
system-view
or
controller cpos cpos-number
Step 3 Run:
aps group group-id
3 APS Configuration
CAUTION
The working and protection group must be added to the same APS group. Step 4 Run:
aps protect [ peer-ip]
The interface added to the APS group is specified as the protection interface.
NOTE
In the case of single-chassis APS, you needn't configure peer-ip when specifying the protection interface for an APS group.
----End
Procedure
Step 1 Run:
system-view
or
controller cpos cpos-number
Procedure
Step 1 Run:
system-view
Issue 03 (2010-03-31)
3-5
3 APS Configuration
or
controller cpos cpos-number
The protection interface view of the APS group is entered. Step 3 Run:
aps revert wtr-time
The WTR time is set for the APS group. When setting the WTR time, note the following items:
l
In the case of APS 1:1 mode, after the fault is rectified and the WTR time (one minute) expires, traffic is switched back to the working link by default. In the case of the APS 1+1 mode, after the fault is rectified, traffic is not switched back to the working interface by default.
----End
Procedure
Step 1 Run:
system-view
An ATM-Trunk interface is created and the view of the ATM-Trunk interface is displayed.
NOTE
APS can be configured on the ATM interfaces and CPOS interfaces. There are corresponding trunk interfaces which are ATM-Trunk and CPOS-Trunk. Take the configuration on the ATM-Trunk as an example.
Step 3 Run:
quit
3 APS Configuration
Step 5 Run:
atm-trunk trunk-id
CAUTION
The working and protection interfaces of an APS group must be added to the trunk with the same trunk ID. ----End
Run the display atm-trunk trunk-idcommand to view the configuration information about ATM-Trunk interfaces. Run the display cpos-trunk trunk-idcommand to view the configuration information about CPOS-Trunk interfaces.
----End
Example
<HUAWEI> display aps group 1 APS Group 1: Atm1/0/1 working channel 1(Active) Atm1/0/2 protection channel 0(Inactive) Unidirectional, 1+1 mode, Revert time(10 minutes) No Request on Both Working and Protection Side -----------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult -----------------------------------------------------------------------1 Atm1/0/1 Atm1/0/2 10 ok ok NA idle -----------------------------------------------------------------------total entry: 1 <HUAWEI> display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------PortName Status Active Status Atm1/0/1 Up Active Atm1/0/2 Up Inactive
3 APS Configuration
3.3.2 Configuring the Working Interface of an APS Group 3.3.3 Configuring the Protection Interface of an APS Group 3.3.4 Configuring the Working Mode for an APS Group 3.3.5 (Optional) Setting the Interval for Sending APS Negotiation Messages and the Hold Time of an APS Connection 3.3.6 (Optional) Configuring the Authentication String for the PGP Message 3.3.7 (Optional) Setting the WTR Time for an APS Group 3.3.8 Adding Members of an APS Group to a Trunk 3.3.9 Checking the Configuration
Pre-configuration Task
Before configuring E-APS, complete the following tasks:
l
Configure an interface on the router and ensure that the link layer protocol between the router and the RNC is Up.
Data Preparation
To configure E-APS, you need the following data. No. 1 2 3 4 5 6 Data ID of an APS group IDs of the working and protection interfaces in an APS group (Optional) WTR time set for an APS group (Optional) Authentication string configured for the PGP message (Optional) Interval for sending APS negotiation messages between the working interface and the protection interface (Optional) Hold time of an APS connection
3 APS Configuration
Context
Do as follows on the router that requires APS:
Procedure
Step 1 Run:
system-view
or
controller cpos cpos-number
Step 3 Run:
aps group group-id
An APS group is created and an interface is added to the APS group. Step 4 Run:
aps working [ peer-ip]
The interface added to the APS group is specified as the working interface.
NOTE
In the case of E-APS, you must configure peer-ip when specifying the working interface for an APS group.
----End
Procedure
Step 1 Run:
system-view
or
controller cpos cpos-number
3 APS Configuration
NOTE
Step 3 Run:
aps group group-id
CAUTION
The working and protection group must be added to the same APS group. Step 4 Run:
aps protect [ peer-ip]
The interface added to the APS group is specified as the protection interface.
NOTE
In the case of E-APS, you must configure peer-ip when specifying the protection interface for an APS group.
----End
Procedure
Step 1 Run:
system-view
or
controller cpos cpos-number
The protection interface view of the APS group is displayed. Step 3 Run:
aps mode { one2one bidirection | one-plus-one unidirection }
To associate E-APS with PW redundancy, you must ensure that APS is working in 1:1 bidirection mode.
----End
3-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
3 APS Configuration
3.3.5 (Optional) Setting the Interval for Sending APS Negotiation Messages and the Hold Time of an APS Connection
Context
Do as follows separately on the working and protection interfaces of an APS group.
Procedure
Step 1 Run:
system-view
or
controller cpos cpos-number
The working interface view or the protection interface view is displayed. Step 3 Run:
aps timers keep-alive-time hold-time
The interval for sending APS negotiation messages and the hold time of the APS connection between the working and protection interfaces are set. ----End
3.3.6 (Optional) Configuring the Authentication String for the PGP Message
Context
Do as follows separately on the working and protection interfaces of an APS group.
Procedure
Step 1 Run:
system-view
or
controller cpos cpos-number
The working interface view or the protection interface view is displayed. Step 3 Run:
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-11
3 APS Configuration
aps authenticate string
CAUTION
Before configuring the authentication string for the PGP message on an interface, you must specify the interface as the working interface or the protection interface. A normal PGP negotiation can be established only when the authentication strings configured on the protect and working interfaces are identical. ----End
Procedure
Step 1 Run:
system-view
or
controller cpos cpos-number
The protection interface view of the APS group is entered. Step 3 Run:
aps revert wtr-time
The WTR time is set for the APS group. When setting the WTR time, note the following items:
l
In the case of APS 1:1 mode, after the fault is rectified and the WTR time (one minute) expires, traffic is switched back to the working link by default. In the case of the APS 1+1 mode, after the fault is rectified, traffic is not switched back to the working interface by default.
----End
3 APS Configuration
Context
Do as follows separately on the working and protection interfaces of an APS group.
Procedure
Step 1 Run:
system-view
An ATM-Trunk interface is created and the view of the ATM-Trunk interface is displayed.
NOTE
APS can be configured on the ATM interfaces and CPOS interfaces. There are three corresponding trunk interfaces which are ATM-Trunk and CPOS-Trunk. Take the configuration on the ATM-Trunk as an example.
Step 3 Run:
quit
Run the display atm-trunk trunk-idcommand to view the configuration information about ATM-Trunk interfaces. Run the display cpos-trunk trunk-idcommand to view the configuration information about CPOS-Trunk interfaces.
----End
Example
After E-APS is configured, run the display aps group group-id command on the router where the protection interface is located to view the configuration information about the APS group.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 3-13
3 APS Configuration
PE2
/0 / E2 1
GE3/0/2 GE3/0/2
GE1/0/2 GE1/0/2
AT M2 /0
PE1
ATM 1/0/0
GE 2 /0 / 2 GE 2/0 /
E-APS
GE1/0/2 GE1/0/2
2
/2 1 /0 TM A M AT
/1
2
CE2
/ 2/0
ATM 1/0/0
PE3
GE3/0/2 GE3/0/2
PE5
CE1
3-14
Loopback0 3.3.3.3
Loopback0 5.5.5.5
Issue 03 (2010-03-31)
3 APS Configuration
Table 3-1 Interfaces and IP address Devices PE1 Interface No. GE2/0/1 GE2/0/2 Loopback0 P1 GE2/0/1 GE3/0/2 Loopback0 P2 GE2/0/2 GE3/0/2 Loopback0 PE2 GE3/0/2 GE1/0/2 Loopback0 PE3 GE3/0/2 GE1/0/2 Loopback0 IP Address of the Interfaces 101.1.1.1/24 102.1.1.1/24 1.1.1.1/32 101.1.1.2/24 104.1.1.1/24 2.2.2.2/32 102.1.1.2/24 105.1.1.1/24 3.3.3.3/32 104.1.1.2/24 106.1.1.1/24 4.4.4.4/32 105.1.1.2/24 106.1.1.2/24 5.5.5.5/32
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the IP address and routing protocol to make PEs routable. Configure basic MPLS functions and set up the local LDP session between each PE and remote LDP session on PE1,PE2 and PE3. Configure E-APS between PE2 and PE3 and single APS on CE2. Configure the primary and backup PWs on PE1 to be dual homed to PE2 and PE3, and configure a PW on both PE2 and PE3.
Data Preparation
To complete the configuration, you need the following data:
l l
Issue 03 (2010-03-31)
3 APS Configuration
l
Parameters necessary for configuring E-APS, such as the WTR time and authentication string for the PGP message
Procedure
Step 1 Configure IP addresses and IGP to make PEs routable. 1. Configure IP addresses on the interfaces. Assign the IP address and mask to each interface according to Table 3-1. The configuration details are not mentioned here. 2. Configure IGP. In this example, OSPF is adopted. # Configure PE1.
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1] quit
network 101.1.1.1 0.0.0.255 network 102.1.1.1 0.0.0.255 network 1.1.1.1 0.0.0.0 quit
# Configure P1.
[P1] ospf [P1-ospf-1] area 0 [P1-ospf-1-area-0.0.0.0] [P1-ospf-1-area-0.0.0.0] [P1-ospf-1-area-0.0.0.0] [P1-ospf-1-area-0.0.0.0] [P1-ospf-1] quit
network 101.1.1.2 0.0.0.255 network 104.1.1.1 0.0.0.255 network 2.2.2.2 0.0.0.0 quit
# Configure P2.
[P2] ospf [P2-ospf-1] area 0 [P2-ospf-1-area-0.0.0.0] [P2-ospf-1-area-0.0.0.0] [P2-ospf-1-area-0.0.0.0] [P2-ospf-1-area-0.0.0.0] [P2-ospf-1] quit
network 102.1.1.2 0.0.0.255 network 105.1.1.2 0.0.0.255 network 3.3.3.3 0.0.0.0 quit
# Configure PE2
[PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1] quit
network 104.1.1.2 0.0.0.255 network 106.1.1.2 0.0.0.255 network 4.4.4.4 0.0.0.0 quit
# Configure PE3
[PE3] ospf [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] [PE3-ospf-1-area-0.0.0.0] [PE3-ospf-1-area-0.0.0.0] [PE3-ospf-1-area-0.0.0.0] [PE3-ospf-1] quit
network 105.1.1.2 0.0.0.255 network 106.1.1.2 0.0.0.255 network 5.5.5.5 0.0.0.0 quit
# Check whether OSPF is successfully configured. Take the command output on PE1 as an example. The value of the state field is Full, indicating that the OSPF neighbor relationship is already set up.
3-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
3 APS Configuration
Area 0.0.0.0 interface 101.1.1.1(GigabitEthernet2/0/1)'s neighbors Router ID: 128.128.16.31 Address: 101.1.1.2 State: Full Mode:Nbr is Slave Priority: 1 DR: 101.1.1.2 BDR: 101.1.1.1 MTU: 0 Dead timer due in 39 sec Retrans timer interval: 0 Neighbor is up for 00:04:30 Authentication Sequence: [ 0 ] Neighbors Area 0.0.0.0 interface 102.1.1.1(GigabitEthernet2/0/2)'s neighbors Router ID: 128.128.16.31 Address: 102.1.1.2 State: Full Mode:Nbr is Slave Priority: 1 DR: 102.1.1.2 BDR: 102.1.1.1 MTU: 0 Dead timer due in 40 sec Retrans timer interval: 5 Neighbor is up for 02:40:02 Authentication Sequence: [ 0 ]
Step 2 Configure MPLS functions. 1. Configure basic MPLS functions and MPLS LDP. # Configure PE1.
[PE1] interface loopBack 0 [PE1-LoopBack0] ip address 1.1.1.1 32 [PE1-LoopBack0] quit [PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 2/0/1 [PE1-GigabitEthernet2/0/1] mpls [PE1-GigabitEthernet2/0/1] mpls ldp [PE1-GigabitEthernet2/0/1] quit [PE1] interface gigabitethernet 2/0/2 [PE1-GigabitEthernet2/0/2] mpls [PE1-GigabitEthernet2/0/2] mpls ldp [PE1-GigabitEthernet2/0/2] quit
# Configure P1.
[P1] interface loopBack 0 [P1-LoopBack0] ip address 2.2.2.2 32 [P1-LoopBack0] quit [P1] mpls lsr-id 2.2.2.2 [P1] mpls [P1-mpls] quit [P1] mpls ldp [P1-mpls-ldp] quit [P1] interface gigabitethernet 2/0/1 [P1-GigabitEthernet2/0/1] mpls [P1-GigabitEthernet2/0/1] mpls ldp [P1-GigabitEthernet2/0/1] quit [P1] interface gigabitethernet 3/0/2 [P1-GigabitEthernet3/0/2] mpls [P1-GigabitEthernet3/0/2] mpls ldp [P1-GigabitEthernet3/0/2] quit
# Configure P2.
[P2] interface loopBack 0 [P2-LoopBack0] ip address 3.3.3.3 32
Issue 03 (2010-03-31)
3-17
3 APS Configuration
[P2-LoopBack0] quit [P2] mpls lsr-id 3.3.3.3 [P2] mpls [P2-mpls] quit [P2] mpls ldp [P2-mpls-ldp] quit [P2] interface gigabitethernet [P2-GigabitEthernet2/0/2] mpls [P2-GigabitEthernet2/0/2] mpls [P2-GigabitEthernet2/0/2] quit [P2] interface gigabitethernet [P2-GigabitEthernet3/0/2] mpls [P2-GigabitEthernet3/0/2] mpls [P2-GigabitEthernet3/0/2] quit
# Configure PE2
[PE2] interface loopBack 0 [PE2-LoopBack0] ip address 4.4.4.4 32 [PE2-LoopBack0] quit [PE2] mpls lsr-id 4.4.4.4 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet 3/0/2 [PE2-GigabitEthernet3/0/2] mpls [PE2-GigabitEthernet3/0/2] mpls ldp [PE2-GigabitEthernet3/0/2] quit
# Configure PE3
[PE3] interface loopBack 0 [PE3-LoopBack0] ip address 5.5.5.5 32 [PE3-LoopBack0] quit [PE3] mpls lsr-id 5.5.5.5 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface gigabitethernet 3/0/2 [PE3-GigabitEthernet3/0/2] mpls [PE3-GigabitEthernet3/0/2] mpls ldp [PE3-GigabitEthernet3/0/2] quit
# Check whether the MPLS LDP sessions are successfully set up. Take the command output on PE1 as an example. The value of the status field is Operational, indicating that the MPLS LDP session is successfully set up.
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 0000:00:28 113/113 3.3.3.3:0 Operational DU Passive 0000:00:00 1/1 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found.
2.
Configure the remote LDP session between PE1 and PE2 , PE1 and PE3. # Configure PE1
[PE1] mpls ldp remote-peer 4.4.4.4 [PE1-mpls-ldp-remote-4.4.4.4] remote-ip 4.4.4.4
3-18
Issue 03 (2010-03-31)
3 APS Configuration
#Configure PE2
[PE2] mpls ldp remote-peer 1.1.1.1 [PE2-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE2-mpls-ldp-remote-1.1.1.1] quit
#Configure PE3
[PE3] mpls ldp remote-peer 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] remote-ip 1.1.1.1 [PE3-mpls-ldp-remote-1.1.1.1] quit
# Check whether the remote MPLS LDP sessions are successfully set up. Take the command output on PE1 as an example. The value of the status field is Operational, indicating that the remote MPLS LDP session is successfully set up.
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. -----------------------------------------------------------------------------PeerID Status LAM SsnRole SsnAge KASent/Rcv -----------------------------------------------------------------------------4.4.4.4:0 Operational DU Passive 0000:00:01 8/8 5.5.5.5:0 Operational DU Passive 0000:00:03 6/6 -----------------------------------------------------------------------------TOTAL: 1 session(s) Found.
Step 3 Configure E-APS 1. Configure APS on PE2, PE3, and CE2. # Configure PE2.
[PE2] interface atm 1/0/1 [PE2-Atm1/0/1] undo shutdown [PE2-Atm1/0/1] aps group 1 [PE2-Atm1/0/1] aps working 5.5.5.5 [PE2-Atm1/0/1] quit
# Configure PE3.
[PE3] interface atm 1/0/2 [PE3-Atm1/0/2] undo shutdown [PE3-Atm1/0/2] aps group 1 [PE3-Atm1/0/2] aps protect 4.4.4.4 [PE3-Atm1/0/2] aps mode one2one bidirection [PE3-Atm1/0/2] aps revert 1 [PE3-Atm1/0/2] aps timers 1 3 [PE3-Atm1/0/2] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] interface atm 2/0/1 [CE2-Atm2/0/1] aps group 1 [CE2-Atm2/0/1] aps working [CE2-Atm2/0/1] quit [CE2] interface atm 2/0/2 [CE2-Atm2/0/2] aps group 1 [CE2-Atm2/0/2] aps protect
Issue 03 (2010-03-31)
3-19
3 APS Configuration
[CE2-Atm2/0/2] aps mode one2one bidirection [CE2-Atm2/0/2] aps revert 1 [CE2-Atm2/0/2] quit
2.
Create an ATM-Trunk on PE2, PE3, and CE2 and add interfaces to the ATM-Trunk. # Configure PE2.
[PE2] interface atm-trunk 1 [PE2-Atm-Trunk1] quit [PE2] interface atm 1/0/1 [PE2-Atm1/0/1] atm-trunk 1
# Configure PE3.
[PE3] interface atm-trunk 1 [PE3-Atm-Trunk1] quit [PE3] interface atm 1/0/2 [PE3-Atm1/0/2] atm-trunk 1
# Configure CE2.
[CE2] interface atm-trunk 1 [CE2-Atm-Trunk1] quit [CE2] interface atm 2/0/1 [CE2-Atm2/0/1] atm-trunk 1 [CE2-Atm2/0/1] quit [CE2] interface atm 2/0/2 [CE2-Atm2/0/2] atm-trunk 1
3.
Verify the configuration. # Run the display aps group 1 command on PE2 and PE3 to view E-APS configurations.
[PE2] display aps group 1 APS Group 1: Atm1/1/1 working channel 1(Active) APS protection channel is 5.5.5.5 ------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult ------------------------------------------------------------------------------1 Atm1/0/1 5.5.5.5 NA ok ok NA idle ------------------------------------------------------------------------------[PE3] display aps group 1 APS Group 1: APS working channel is 4.4.4.4 Atm1/0/2 protection channel 0(Inactive) Bidirection, 1:1 mode, Revert time(1 minutes) KeepAlive Timer: 1(seconds), Hold Timer: 3(seconds) No Request on Both Working and Protection Side ------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult ------------------------------------------------------------------------------1 4.4.4.4 Atm1/0/2 1 ok ok NA idle ------------------------------------------------------------------------------[PE2] display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1 ------------------------------------------------------------------------------PortName Status Active Status Atm1/0/1 Up Active [PE3] display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1
3-20
Issue 03 (2010-03-31)
3 APS Configuration
CAUTION
The type of the ATM subinterface which will be configured with PW Redundancy must be p2p.
[PE1-Atm1/0/0.1] atm cell transfer [PE1-Atm1/0/0.1] pvc 1/100 [PE1-atm-pvc-Atm1/0/0.1-1/100] quit [PE1-Atm1/0/0.1] mpls l2vc 4.4.4.4 1 [PE1-Atm1/0/0.1] mpls l2vc 5.5.5.5 2 secondary [PE1-Atm1/0/0.1] mpls l2vpn reroute immediately-switch [PE1-Atm1/0/0.1] quit
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit [PE2] interface atm-trunk 1.1 p2p [PE2-Atm-Trunk1.1] pvc 1/100 [PE1-atm-pvc-Atm-trunk1.1-1/100] quit [PE2-Atm-Trunk1.1] mpls l2vc 1.1.1.1 1 [PE2-Atm-Trunk1.1] quit
# Configure PE3.
[PE3] mpls l2vpn [PE3-l2vpn] quit [PE3] interface atm-trunk 1.1 p2p [PE3-Atm-Trunk1.1] pvc 1/100 [PE1-atm-pvc-Atm-trunk1.1-1/100] quit [PE3-Atm-Trunk1.1] mpls l2vc 1.1.1.1 2 [PE3-Atmh-Trunk1.1] quit
: 0 : 146432
Issue 03 (2010-03-31)
3-21
3 APS Configuration
remote PSN state : remote forwarding state: remote statuscode : BFD for PW : manual fault : active state : forwarding entry : link state : local ATM cells : local VCCV : remote VCCV : local control word : tunnel policy name : traffic behavior name : PW template name : primary or secondary : VC tunnel/token info : NO.0 TNL type : lsp create time : up time : last change time : VC last up time : VC total up time : CKey : NKey :
*client interface : Atm1/0/0.1 is up session state : up AC state : up VC state : up VC ID : 2 VC type : ATM 1to1 VCC destination : 5.5.5.5 local group ID : 0 remote group ID : 0 local VC label : 146435 remote VC label : 146432 local AC OAM state : up local PSN state : up local forwarding state : forwarding local status code : 0x0 remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding remote status code : 0x20 BFD for PW : unavailable manual fault : not set active state : inactive forwarding entry : exist link state : down local ATM cells : 0 remote ATM cells : 28 local VCCV : cw alert lsp-ping bfd remote VCCV : cw alert lsp-ping bfd local control word : enable remote control word : enable tunnel policy name : -traffic behavior name : -PW template name : -primary or secondary : secondary VC tunnel/token info : 1 tunnels/tokens NO.0 TNL type : lsp , TNL ID : 0x20008126 create time : 0 days, 0 hours, 5 minutes, 23 seconds up time : 0 days, 0 hours, 0 minutes, 35 seconds last change time : 0 days, 0 hours, 0 minutes, 35 seconds VC last up time : 2009/11/09 12:06:25 VC total up time : 0 days, 0 hours, 0 minutes, 35 seconds CKey : 6 NKey : 3 reroute policy reason of last reroute time of last reroute : immediately, resume 10 s : -: -- days, -- hours, -- minutes, -- seconds
3-22
Issue 03 (2010-03-31)
3 APS Configuration
The command output shows that PE1 has the primary PW and backup PW, which are in the Active and Inactive states respectively. Step 5 Verify the configuration. 1. Simulate the fault at the dual-homing access side of CE2. # Shut down ATM 1/0/1, a member interface of the ATM-Trunk on PE2.
[PE2] interface atm 1/0/1 [PE2-Atm1/0/1] shutdown
Run the display aps group command on PE3, you can view the status of protection interface is active.
[PE3] display aps group 1 APS Group 1: APS working channel is 4.4.4.4 Atm1/0/2 protection channel 0(Active) Bidirection, 1:1 mode, Revert time(1 minutes) KeepAlive Timer: 1(seconds), Hold Timer: 3(seconds) Remote detect Signal Fail High priority on working side ------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult ------------------------------------------------------------------------------1 4.4.4.4 Atm1/0/2 1 sf ok NA switch ------------------------------------------------------------------------------total entry: 1 [PE3] display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1 ------------------------------------------------------------------------------PortName Status Active Status Atm1/0/2 Up Active
# Run the display mpls l2vpn forwarding-info command. You can view the following information: PE1 does not have the forwarding information about the primary PW and the backup PW on PE1 becomes Active; PE2 does not have forwarding information about the PW; the PW on PE3 is in the Active state and the Admin status becomes Up.
[PE1] display mpls l2vpn forwarding-info interface atm 2/0/0.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146432 LSP SEND ACTIVE UP UP TRUE 3 a 0x2000812 6 1 Record(s) Found. [PE2] display mpls l2vpn forwarding-info interface atm-trunk 1.1 he Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found.
Issue 03 (2010-03-31)
3-23
3 APS Configuration
Run the display aps group command on PE2, you can view that the working interface becomes active.
[PE2] display aps group 1 APS Group 1: Atm1/0/1 working channel 1(Active) APS protection channel is 5.5.5.5 ------------------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd SwitchResult ------------------------------------------------------------------------------1 Atm1/0/1 5.5.5.5 NA ok ok NA idle ------------------------------------------------------------------------------[PE2] display atm-trunk 1 Interface Atm-Trunk1's state information is: Operate status: up Number Of Up Port In Trunk: 1 ------------------------------------------------------------------------------PortName Status Active Status Atm1/0/1 Up Active
Run the following commands, you can view the following information: the primary PW on PE1 becomes Active and the backup PW becomes Inactive; the Admin of the PW on PE2 becomes Up; the Admin of the PW on PE3 becomes Down.
[PE1] display mpls l2vpn forwarding-info interface atm 1/0/0.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146432 LSP SEND ACTIVE UP UP TRUE 3 a 0x2000812 a 1 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146432 LSP SEND INACTIVE UP DOWN TRUE 3 a 0x2000812 6 1 Record(s) Found. [PE2] display mpls l2vpn forwarding-info interface atm-trunk 1.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146434 LSP SEND ACTIVE UP UP TRUE 3 a 0x2000800
3-24
Issue 03 (2010-03-31)
3 APS Configuration
The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found. [PE3] display mpls l2vpn forwarding-info interface atm-trunk 1.1 The Main PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------146435 LSP SEND ACTIVE UP DOWN TRUE 3 a 0x4008001 1 Record(s) Found. The Second PW Forward Information : VCLABEL TNLTYPE ENTRYTYPE PWSTATE BFDSTATE ADMIN CTLWORD CC CV TNLID -----------------------------------------------------------------------------0 Record(s) Found.
----End
Configuration File
l
Issue 03 (2010-03-31)
3-25
3 APS Configuration
interface GigabitEthernet2/0/2 undo shutdown ip address 102.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/1 undo shutdown ip address 101.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # ospf 1 area 0.0.0.0 network 101.1.1.0 0.0.0.255 network 102.1.1.0 0.0.0.255 network 1.1.1.1 0.0.0.0 # return l
Configuration File on P1
# sysname P1 # mpls lsr-id 2.2.2.2 mpls # mpls l2vpn # mpls ldp # interface GigabitEthernet2/0/1 undo shutdown ip address 101.1.1.2 255.255.255.0 mpls mpls ldp
3-26
Issue 03 (2010-03-31)
3 APS Configuration
Configuration File on P2
# sysname P2 # mpls lsr-id 3.3.3.3 mpls # mpls l2vpn # interface GigabitEthernet2/0/2 undo shutdown ip address 102.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/2 undo shutdown ip address 105.1.1.2 255.255.255.0 mpls
Issue 03 (2010-03-31)
3-27
3 APS Configuration
mpls ldp # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 102.1.1.0 0.0.0.255 network 105.1.1.0 0 0 0 255 # return l
3-28
Issue 03 (2010-03-31)
3 APS Configuration
Issue 03 (2010-03-31)
3-29
3 APS Configuration
interface Atm-Trunk1.1 p2p pvc 1/100 mpls l2vc 1.1.1.1 2 # interface GigabitEthernet1/0/2 undo shutdown ip address 106.1.1.2 255.255.255.0 # interface GigabitEthernet3/0/2 undo shutdown ip address 105.1.1.2 255.255.255.0 mpls mpls ldp # interface Atm1/0/2 undo shutdown aps group 1 aps protect 4.4.4.4 aps mode one2one bidirection aps revert 1 aps timers 1 3 # atm-trunk 1 # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 105.1.1.0 0.0.0.255 network 106.1.1.0 0.0.0.255 # return l
3-30
Issue 03 (2010-03-31)
3 APS Configuration
3.4.2 Example for Configuring TDM on the CPOS interfaces Configured with APS
Networking Requirements
Generally, on a 2G RAN, one to three E1 interfaces on a BTS are connected to a BSC. Some mobile operators do not own fixed network infrastructure, and have to rent E1 lines of fixedline network operators at a high price. By deploying TDMoPSN service, that is, TDM transparent transmission on a 2G RAN, these mobile operators can achieve transparent transmission of 2G services between the BTSs and BSCs in the same city over TDM links in a Metro Ethernet (ME) network, which is both simple and cost-saving. As shown in Figure 3-2, it is required that the BTS and PE1 should be connected through two E1 links The BSC and PE2 should be connected through the CPOS interface ,and the CPOS interfaces are configured with APS so as to increase reliability of data. On the channelized serial interface of E1 links, configure the encapsulation protocol as TDM. Then, a PW is set up between PE1 and PE2 to transparently transmit TDM cells.
Issue 03 (2010-03-31)
3-31
3 APS Configuration
E12/0/1 E12/0/2 2TDM E1 PE1 GE2/0/0 GE1/0/0 GE2/0/0 GE2/0/0 PE2 CPOS3/0/1 CPOS3/0/2 BSC
BTS
Router PE1 Interface GE2/0/0 Loopback0 P GE1/0/0 GE2/0/0 Loopback0 PE2 GE2/0/0 Loopback0 IP Address 10.1.1.1/24 192.2.2.2/32 10.1.1.2/24 10.2.1.1/24 192.4.4.4/32 10.2.1.2/24 192.3.3.3/32
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Run the IGP protocol on the backbone network so that devices can communicate with each other. Configure basic MPLS functions on the backbone network, and configure MPLS L2VPN functions on PE devices. Establish the remote MPLS LDP peer relationship between PEs at both ends of the PW. Configure parameters for the TDM interface. Configure the PW template. Establish MPLS L2VC connections on PEs. Configure APS on PE2
3. 4. 5. 6.
Data Preparation
To complete the configuration, you need the following data:
l l l
L2VC IDs at both ends of the PW (must be the same) MPLS LSR IDs of the PEs and P router IP addresses of the remote peers of PEs
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
3-32
3 APS Configuration
Procedure
Step 1 Run the IGP protocol on the backbone network so that devices can communicate with each other. For detailed configurations, see the configuration file of this example. Step 2 Configure basic MPLS functions on the backbone network, and configure MPLS L2VPN functions on PE devices. Then, establish the remote MPLS LDP peer relationship between PEs at both ends of the PW. For detailed configurations, see the configuration file of this example. The remote MPLS LDP peer relationship is required only for the dynamic PW. Step 3 Configure APS. Configure PE2
CAUTION
The BSC device connected with PE2 must support APS.
[PE2] controller cpos 3/0/1 [PE2-Cpos3/0/1] aps group 1 [PE2-Cpos3/0/1] aps working [PE2-Cpos3/0/1] quit [PE2] controller cpos 3/0/2 [PE2-Cpos3/0/2] aps group 1 [PE2-Cpos3/0/2] aps protect [PE2-Cpos3/0/2] aps mode one-plus-one unidirection [PE2-Cpos3/0/2] quit [PE2] interface cpos-trunk 1 [PE2-cpos-trunk1] quit [PE2] controller cpos 3/0/1 [PE2-Cpos3/0/1] cpos-trunk 1 [PE2-Cpos3/0/1] quit [PE2] controller cpos 3/0/2 [PE2-Cpos3/0/2] cpos-trunk 1
Step 4 Configure parameters for the TDM interface. 1. Configure PE1. # Configure the channelized mode for CE1 2/0/1 and CE1 2/0/2 on PE1.
[PE1] controller e1 2/0/1 [PE1-E1 2/0/1] using ce1 [PE1-E1 2/0/1] channel-set 1 timeslot-list 1-15 ts0 [PE1-E1 2/0/1] quit [PE1] controller e1 2/0/2 [PE1-E1 2/0/2] using ce1 [PE1-E1 2/0/2] channel-set 1 timeslot-list 16-31 ts0 [PE1-E1 2/0/2] quit
2.
Step 5 Configure the encapsulation protocol on the serial interface as TDM. 1. Configure PE1.
[PE1] interface serial2/0/1:1 [PE1-Serial2/0/1:0] link-protocol tdm
Issue 03 (2010-03-31)
3-33
3 APS Configuration
[PE1-Serial2/0/1:0] quit [PE1] interface serial2/0/2:1 [PE1-Serial2/0/2:1] link-protocol tdm [PE1-Serial2/0/2:1] quit
2.
Configure PE2.
[PE2] interface trunk-serial1/1:1 [PE2-Trunk-Serial1/1:1] link-protocol tdm [PE2-Serial1/1:1] quit [PE2] interface trunk-serial1/2:2 [PE2-Trunk-Serial1/2:2] link-protocol tdm [PE2-Trunk-Serial1/2:2] quit
2.
Configure PE2.
[PE2] pw-template 3to1 [PE2-pw-template-3to1] peer-address 192.2.2.2 [PE2-pw-template-3to1] jitter-buffer depth 20 [PE2-pw-template-3to1] tdm-encapsulation-number 40 [PE2-pw-template-3to1] idle-code 33 [PE2-pw-template-3to1] quit [PE2] interface trunk-serial1/1:1 [PE2-Trunk-Serial1/1:1] mpls l2vc pw-template 3to1 100 [PE2-Trunk-Serial1/1:1] undo shutdown [PE2-Trunk-Serial1/1:1] quit [PE2] interface trunk-serial1/2:2 [PE2-Trunk-Serial1/2:2] mpls l2vc pw-template 3to1 200 [PE2-Trunk-Serial1/2:2] undo shutdown [PE2-Trunk-Serial1/2:2] quit
Step 7 Verify the configuration. Simulate a fault on the side of PE2 connecting to the BSC # Run the shutdown command on CPOS3/0/1.
[PE2] controller cpos 3/0/1 [PE2-Cpos3/0/1] shutdown
Run the display aps group and display cpos-trunk commands ,you can view that the status of protection interface CPOS3/0/2 becomes active.
[PE2] display aps group 1 APS Group 1: Cpos 3/0/1 working channel 1(Inactive) Pos3/0/2 protection channel 0(Active) Unidirection, 1+1 mode, No Revert mode No Request on Both Working and Protection Side -----------------------------------------------------------------------Group Work-Channel Protect-Channel Wtr W-State P-State Switch-Cmd Switch-Result -----------------------------------------------------------------------1 Cpos 3/0/1 Cpos 3/0/2 NA sf ok NA switch -----------------------------------------------------------------------total entry: 1
3-34
Issue 03 (2010-03-31)
3 APS Configuration
<PE2> display cpos-trunk 1 Interface Cpos-Trunk1's state information is:, Operate status: up Number Of Up Port In Trunk: 2 -------------------------------------------------------------------------------PortName Status Active Status Cpos3/0/1 Down Inactive Cpos3/0/2 Up Active
Run the display mpls l2vc command on PEs. You can view that the status of the PW is Up , and it has not been influenced by the fault of CPOS3/0/1. Take the display on PE1 as an example:
<PE1> display mpls l2vc interface serial2/0/1:1 *client interface : Serial2/0/1:1 is up session state : up AC state : up VC state : up VC ID : 100 VC type : CESoPSN basic mode destination : 192.3.3.3 local group ID : 0 remote group ID : 0 local VC label : 146432 remote VC label : 145287 TDM encapsulation number : 40 jitter-buffer : 20 idle-code : 33 rtp-header : disable local AC OAM State : up local PSN State : up local forwarding state : forwarding local status code : 0x0 remote AC OAM state : up remote PSN state : up remote forwarding state: forwarding remote statuscode : 0x0 BFD for PW : unavailable manual fault : not set active state : active forwarding entry : not exist link state : up local VC MTU : 1500 remote VC MTU : 1500 local VCCV : alert lsp-ping bfd remote VCCV : none local control word : disable remote control word : disable tunnel policy name : -traffic behavior name : -PW template name : -primary or secondary : primary VC tunnel/token info : 0 tunnels/tokens create time : 0 days, 4 hours, 48 minutes, up time : 0 days, 4 hours, 02 minutes, last change time : 0 days, 0 hours, 39 minutes, VC last up time : 2008/12/26 12:02:49 VC total up time : 0 days, 4 hours, 02 minutes, CKey : 11 NKey : 10
----End
Configuration Files
l
Issue 03 (2010-03-31)
3-35
3 APS Configuration
# mpls lsr-id 192.2.2.2 mpls # mpls l2vpn # pw-template 1to3 peer-address 192.3.3.3 jitter-buffer depth 20 tdm-encapsulation-number 40 idle-code 33 # mpls ldp # mpls ldp remote-peer 192.3.3.3 remote-ip 192.3.3.3 # controller e1 2/0/1 using ce1 channel-set 1 timeslot-list 1-15 ts0 undo shutdown # controller e1 2/0/2 using ce1 channel-set 1 timeslot-list 16-31 ts0 undo shutdown # interface serial2/0/1:1 link-protocol tdm mpls l2vc pw-template 1to3 100 undo shutdown # interface serial2/0/2:1 link-protocol tdm mpls l2vc pw-template 1to3 200 undo shutdown # interface GigabitEthernet2/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 192.2.2.2 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.2.2.2 0.0.0.0 network 10.1.1.0 0.0.0.255 # return l
3-36
Issue 03 (2010-03-31)
3 APS Configuration
Configuration file of P:
# sysname P # mpls lsr-id 192.4.4.4 mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.2.1 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 192.4.4.4 255.255.255.255 # ospf 1 area 0.0.0.0 network 192.4.4.4 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.2.0 0.0.0.255 # return
Issue 03 (2010-03-31)
3-37
4 VRRP Configuration
4
About This Chapter
VRRP Configuration
This chapter describes the fundamentals of VRRP, the configurations of basic and advanced functions of VRRP, and VRRP maintenance and troubleshooting. 4.1 VRRP Introduction This section describes the fundamentals and concepts of VRRP. 4.2 Configuring the VRRP Backup Group This section describes basic configurations such as how to create a backup group and how to configure a virtual IP address and priorities of interfaces in the backup group. 4.3 Configuring VRRP to Track the Status of an Interface This section describes how to configure VRRP to track the interface status to improve the system reliability. 4.4 Configuring VRRP Fast Switchover (Common Mode) This section describes how to configure VRRP to track BFD sessions to implement fast switchover. 4.5 Configuring VRRP Fast Switchover (Using BFD Sampling) 4.6 Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured 4.7 Configuring VRRP Applications in VLANIF This section describes how to configure VRRP on the VLANIF interface. 4.8 Configuring VRRP Security This section describes how to implement the VRRP authentication. 4.9 Configuring VRRP Smooth Switching This section describes the application and configuration of VRRP smooth switching 4.10 Adjusting and Optimizing VRRP This section describes how to adjust the related parameters of VRRP packets to optimize VRRP. 4.11 Configuring mVRRP Backup Groups This section describes how to create a VRRP backup group and configure VRRP members and member interfaces bind to mVRRP.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-1
4 VRRP Configuration
4.12 Maintaining VRRP 4.13 Configuration Examples This section describes how to debug VRRP.
4-2
Issue 03 (2010-03-31)
4 VRRP Configuration
RouterA Ethernet
The common method to improve the system reliability is to deploy multiple egress gateways. In addition, the problem of selecting routes among these gateways should be solved. The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol defined in RFC 3768. VRRP solves the problem of route selection among egress gateways by separating the physical devices from logical devices. On a LAN with multicast and broadcast capabilities (like the Ethernet), VRRP uses logical gateways to ensure high availability of transmission links. This prevents service interruptions that are resulted from a gateway device failure, without changing the configuration of routing protocols.
4 VRRP Configuration
l l
The master router undertakes all the services in normal condition. The backup routers undertakes the services only when the master router fails.
In the NE80E/40E, a router can join several VRRP backup groups and has different priorities in different backup groups. Multiple virtual routers carry out load balancing. Each backup group consists of a master router and several backup routers. The master router of each backup group can be different.
l l
In the NE80E/40E, Bidirectional Forwarding Detection (BFD) is implemented to rapidly detect and track the connectivity of network links or IP routes. VRRP implements fast master/backup switchover by tracking the BFD session status. A maximum of eight BFD sessions can be configured and the master/backup switchover is performed at millisecond level. The VRRP master/backup switchover is accelerated because of tracking BFD sessions. The VRRP tracks the following types of BFD sessions:
Normal BFD session Peer BFD session Link BFD session Similarity:
The comparison of three types of BFD sessions tracked by VRRP are as follows:
These three types of BFD sessions can detect faults on a link or a device. The VRRP backup group can perform the switchover at millisecond level by tracking BFD sessions. When VRRP tracks normal BFD sessions, the status of a VRRP backup group varies according to its priority change. This function is similar to that of tracking interface status, but it is faster. When the status of the tracked BFD session becomes Up, the priority of the router in the backup group restores the original value. When the BFD session is configured on a backup router, the BFD session should be on the same interface with the VRRP backup group. When VRRP tracks peer BFD sessions and link BFD sessions, the status of the backup group is changed and its priority is unchanged.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Differences:
4-4
4 VRRP Configuration
The peer BFD session can detect faults of local and remote NPEs and the links. It cannot distinguish whether the failure occurs locally or remotely. The link BFD session can only detect the faults of local links or NPEs.
On a Metro Ethernet (ME) network, Bidirectional Forwarding Detection (BFD) is usually used to detect and protect the link between the master and backup Network Provider Edges (NPEs), and the links between the Underlayer Provider Edge (UPE) and both NPEs. If BFD cannot be configured on the UPE, the links between the UPE and NPEs becomes vulnerable and you need a new link protection mechanism. Ethernet in the First Mile (EFM), a slow link detection protocol that requires fewer resources, can just be your choice, provided that EFM is configured on the UPE.
In BFD sampling mode, the NPE establishes multiple link BFD sessions directly with each CE without establishing the link BFD session with the PE.
4 VRRP Configuration
configured as the authentication key. In MD5 authentication mode, a string of 1 to 8 characters in plain text or a string of 24 characters in encrypted text can be configured as the authentication key.
mVRRP
Many VRRP backup groups run between routers for different services. If each VRRP backup group needs to maintain its own state machine, a large number of VRRP packets are generated between routers. To simplify the process and reduce the bandwidth occupied by protocol packets, you can configure a VRRP backup group to be an mVRRP backup group and bind it to other backup group members. Then, the status of the backup group member is determined by the status of the bound mVRRP backup group.
NOTE
For the detailed configuration of the mVRRP, refer to Chapter 9 "VPLS Convergence Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
4 VRRP Configuration
4.2.3 Configuring the Priority of an Interface in a Backup Group 4.2.4 Checking the Configuration
The master/backup switchover is a basic function provided by VRRP. The master/backup mode is as follows:
Only one backup group exist. The router with the highest priority in the backup group serves as the master router and undertakes the services. Except for the master router, other routers in the backup group serve as the backup routers and work in the Backup state. If the master router fails, backup routers select a new master router based on their priorities to provide routing service.
In the load balancing mode, multiple backup groups are created to share the traffic of a network. One router can join different backup groups. The load balancing mode is as follows:
Router A serves as the master device in backup group 1 and the backup device in backup group 2. Router B serves as the master device in backup group 2 and the backup device in backup group 1. Some hosts on the network use backup group 1 as their gateways and others use backup group 2 as their gateways.
In this case, they can back up each other and share the traffic.
NOTE
The GigabitEthernet,Ethernet, virtual Ethernet (VE),Eth-Trunk, VLANIF and the GE sub-interface support VRRP.
Pre-configuration Tasks
Before configuring the VRRP backup group, complete the following tasks:
l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring network layer attributes for the interface to connect the network
Data Preparation
To configure the VRRP backup group, you need the following data. No. 1
Issue 03 (2010-03-31)
4 VRRP Configuration
No. 2 3
Data Virtual IP address of the backup group Priorities of routers in the VRRP backup group
Procedure
l For VRRP for IPv4, run the following commands: 1. Run:
system-view
l l l
Virtual IP addresses of backup groups must be different. Both ends of the same backup group must be configured with the same virtual router IDs. Virtual router IDs on different interfaces can be the same.
When you assign the first virtual IP address to a VRRP backup group, the system creates this backup group. Then, when you assign another virtual IP address to the backup group, the system adds this address into the virtual IP address list of this backup group. For users who require equivalent VRRP reliability, a backup group can be configured with multiple virtual IP addresses. Different addresses serve different user groups. This is easy to manage and can prevent users' default gateway addresses from varying with the VRRP configuration. A maximum number of 16 virtual IP addresses can be configured for a backup group. For a VRRP backup working in load balancing mode, you need to repeat the procedure to configure multiple backup groups on an interface. At least two backup groups are required on an interface. Backup groups are identified by VRIDs and their virtual IP addresses cannot be identical.
4-8 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
On the NE80E/40E, a maximum number of 255 backup groups can be configured on each interface.
CAUTION
To configure VRRP and static ARP simultaneously on a device, note that when VRRP is enabled on an interface such as a sub-interface for Dot1q VLAN tag termination, a sub-interface for QinQ VLAN tag termination, or a VLANIF interface, you cannot use the IP addresses mapping to static ARP entries related to these interfaces as the VRRP virtual addresses. Otherwise, incorrect host routes are generated and abnormal forwarding of the device may take place. ----End
Procedure
l For VRRP for IPv4, run the following commands: 1. Run:
system-view
The priority of the router in the backup group is configured. By default, the priority is 100. Priority 0 is reserved for special purpose. Priority 255 is reserved for the IP address owner and this priority cannot be configured. A priority ranges from 1 to 254. ----End
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-9
4 VRRP Configuration
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] [ brief ] command to Check the status of VRRP.
----End
Example
In the master/backup mode, after the configuration, you can run the display vrrp command to view the status of a VRRP backup group.
<HUAWEI> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
In the load balancing mode, after the configuration, you can run the display vrrp command to view the status of a router in different backup groups.
<HUAWEI> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 GigabitEthernet2/0/0 | Virtual Router 2 state : Backup Virtual IP : 10.1.1.112 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES
4-10
Issue 03 (2010-03-31)
4 VRRP Configuration
When the tracked interface is Down, the priority of the router in the backup group reduces by a certain value automatically to be lower than that of other routers in the group. The router with the highest priority becomes the master router and thus the master/backup switchover of the VRRP backup group is complete.
Pre-configuration Tasks
Before configuring VRRP to track the status of an interface, complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring network layer attributes for interfaces to connect the network Configuring a VRRP backup group
Data Preparation
To configure VRRP to track the status of an interface, you need the following data. No. 1 2 Data Backup group ID Interfaces to be tracked and the values by which the priority increases or decreases
Issue 03 (2010-03-31)
4-11
4 VRRP Configuration
Procedure
l For VRRP for IPv4, run the following commands: 1. Run:
system-view
By default, when the tracked interface is Down, the priorities of routers in the tracking backup group decrease by 10. increased value-increased: specifies the value by which the priority increases when the tracked interface goes Down. The value ranges from 1 to 255. The highest priority is 254. The value takes effect on backup routers in a VRRP backup group. reduced value-reduced: specifies the value by which the priority decreases when the tracked interface goes Down. The value ranges from 1 to 255. The lowest priority is 1. When a VRRP backup group monitors both BFD sessions and interfaces, the maximum number of eight BFD sessions and interfaces can be created. If increased value-increased is specified, the value of the increased VRRP backup group priority can exceed the priority of the master VRRP backup group only when all the tracked BFD sessions or interfaces go Down. Otherwise, if the VRRP backup group takes precedence of the peer because its priority increases when one or part of tracked BFD sessions or interfaces go Down, the additional increasing of the priority is of no significance when other BFD sessions or interfaces are Down. To configure a VRRP6 backup group with the function of tracking the interface status, ensure that an IPv4 address is assigned to the interface to be tracked. For example, GE 1/0/0 to be tracked is assigned an IPv6 address rather than an IPv4 address. When a VRRP backup group tracks the interface, if IPv6 status on the interface becomes Down, the routers in the VRRP backup group may fail to reduce or increase priorities to re-elect a new master router.
4-12
Issue 03 (2010-03-31)
4 VRRP Configuration
One router can track up to eight interfaces. When the router is the IP address owner, the router cannot be configured to track the interface status. At present, the status of the loopback interface, NULL interface, CPOS interface, and AUX interface cannot be tracked.
----End
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] [ brief ] command to Check the status of VRRP.
----End
Example
Run the display vrrp command, and you can view the Track IF field and the IF State field. The Track IF field indicates the type and number of the tracked interface, and the IF State field indicates the interface status, that is, Up or Down.
<HUAWEI> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0 Track IF : GigabitEthernet2/0/1 IF State : UP
priority reduced
: 10
4 VRRP Configuration
l l
For the detailed information of EFM , refer to "Ethernet OAM Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability. For the detailed configuration of the VRRP backup group tracking peer BFD sessions , link BFD sessions and EFM sessions, refer to Chapter 9 "VPLS Convergence Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
Pre-configuration Tasks
Before configuring VRRP fast switchover, complete the following tasks:
l l l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring network layer attributes for interfaces to connect the network Configuring basic EFM OAM functions Configuring the VRRP backup group Configuring BFD sessions including normal BFD sessions, link BFD sessions, and peer BFD sessions
Data Preparation
To configure VRRP fast switchover, you need the following data. No. 1 Data Backup group ID
4-14
Issue 03 (2010-03-31)
4 VRRP Configuration
l l
When configuring fast VRRP switchover, if VRRP monitors the peer BFD session, you must configure peer BFD sessions on both the master router and the backup router. Otherwise, VRRP flapping occurs. When a VRRP backup group is bound to the mVRRP backup group, the VRRP backup group cannot track any BFD session to perform the fast switchover, and the status of the VRRP backup group should be consistent with the status of the mVRRP backup group.
Procedure
Step 1 Run:
system-view
The view of the interface configured with VRRP backup group is displayed. Step 3 Run:
l vrrp vrid virtual-router-id track bfd-session { session-name bfd-session-id | bfd-configure-name } [ increased value-increased | reduced value-reduced ]
The normal BFD session is tracked. increased value-increased: specifies the value by which the priority increases when the tracked BFD session goes Down. The value ranges from 1 to 255. The maximum value of the priority is 254. The value takes effect only when the status of the VRRP backup group is Backup. reduced value-reduced: specifies the value by which the priority decreases when the tracked BFD session goes Down. The value ranges from 1 to 255. The lowest priority is 1. By default, when the tracked BFD sessions go Down, the value of the priority decreases by 10. When configuring the value by which the priority increases or decreases, especially the default value, ensure that the priority of a backup router in a backup group is higher than that of a master router whose priority is changed. In this manner, the VRRP status can be switched fast. When a VRRP backup group monitors both BFD sessions and interfaces, the maximum number of BFD sessions and interfaces is 8. If increased value-increased is specified, the value of the increased VRRP backup group priority can exceed the priority of the master VRRP backup group only when all the tracked BFD sessions or interfaces go Down. Otherwise, if the VRRP backup group takes precedence of the peer because its priority is increased when one or part of tracked BFD sessions or interfaces go Down, the additional increasing of the priority is of no significance when other BFD sessions or interfaces go Down. Or, run:
l vrrp vrid virtual-router-id track bfd-session { bfd-session-id | session-name bfd-configure-name } [ peer | link ]
4 VRRP Configuration
If the type of the link BFD is of any of following, you must run the process-pst command to allow the BFD session to modify the port status table (PST). Otherwise, the link BFD session status monitored by mVRRP is not the same as the actual session status.
BFD for static LSP BFD for LDP LSP BFD for CR-LSP BFD for TE
----End
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to Check the status of VRRP. ----End
Example
run the display vrrp command, and you can view that the BFD session that is tracked by VRRP is Up. The command output is as follows:
<HUAWEI> display vrrp
4-16
Issue 03 (2010-03-31)
4 VRRP Configuration
4 VRRP Configuration
The VPLS convergence network belongs to another operator, so the link BFD session cannot be established between NPE1 and PE1 or between NPE2 and PE2. PE1 or PE2 does not support the BFD function.
In this case, you can use the BFD sampling mode to implement VRRP fast switchover. In BFD sampling mode, the NPE establishes multiple link BFD sessions directly with each CE rather than with the PE.
NOTE
Thus, the mVRRP backup group can implement master/backup switchover by tracking multiple link BFD sessions between the NPE and the CE, although it cannot track the BFD session between the NPE and the PE.
4-18
Issue 03 (2010-03-31)
4 VRRP Configuration
Figure 4-2 Typical networking of VRRP fast switchover (using BFD sampling)
Access
IP:10.100.1.1/24 GW:10.100.1.200 Inner VLAN: 110 Outer VLAN: 10
Core
CE1
NPE1 CE2
IP:10.101.1.1/24 GW:10.101.1.200 Inner VLAN: 210 Outer VLAN: 10
Link BFD
PE1 PE2
Peer BFD
MPLS/IP Core
CE3
IP:10.102.1.1/24 GW:10.102.1.200 Inner VLAN: 310 Outer VLAN: 10
NPE2
CE4
IP:10.103.1.1/24 GW:10.103.1.200 Inner VLAN: 410 Outer VLAN: 10
Pre-configuration Tasks
Before configuring VRRP fast switchover using BFD sampling, complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link attributes for interfaces Configuring network layer attributes for interfaces to ensure network connectivity Configuring VRRP backup groups, including service VRRP backup groups and mVRRP backup groups Configuring BFD sessions, including link BFD sessions and peer BFD sessions (It is required to configure BFD sessions between the PE and each CE.)
Data Preparation
To configure VRRP fast switchover using BFD sampling, you need the following data.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-19
4 VRRP Configuration
No. 1 2 3
Data Virtual Router IDs (VRIDs) and virtual IP addresses Priorities of VRRP backup groups Local and remote discriminators of BFD sessions
4.5.2 Binding the Service VRRP Backup Group to the mVRRP Backup Group
Context
Do as follows on the device that need perform VRRP fast switchover:
Procedure
Step 1 Run:
system-view
The view of the interface where the service VRRP backup group is configured is displayed. Step 3 Run:
vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interfacenumber [.subinterface-number ] vrid virtual-router-id2
The service VRRP backup group is bound to the mVRRP backup group. After the binding, the state machine of the service VRRP backup group becomes dependent. That is, the service VRRP backup group deletes the protocol timer and stops sending or receiving VRRP packets. Alternatively, it implements its state machine by directly copying the status of the mVRRP back group. A service VRRP backup group can be bound to only one mVRRP backup group. ----End
4.5.3 Configuring the mVRRP Backup Group to Track the BFD Session Status
Context
Do as follows on a router that needs the fast VRRP switchover:
4-20
Issue 03 (2010-03-31)
4 VRRP Configuration
l l
When configuring fast VRRP switchover, if VRRP monitors the peer BFD session, you must configure peer BFD sessions on both the master router and the backup router. Otherwise, VRRP flapping occurs. When a VRRP backup group is bound to the mVRRP backup group, the VRRP backup group cannot track any BFD session to perform the fast switchover, and the status of the VRRP backup group should be consistent with the status of the mVRRP backup group.
Procedure
Step 1 Run:
system-view
The view of the interface configured with VRRP backup group is displayed. Step 3 Run:
l vrrp vrid virtual-router-id track bfd-session { session-name bfd-session-id | bfd-configure-name } [ increased value-increased | reduced value-reduced ]
The normal BFD session is tracked. increased value-increased: specifies the value by which the priority increases when the tracked BFD session goes Down. The value ranges from 1 to 255. The maximum value of the priority is 254. The value takes effect only when the status of the VRRP backup group is Backup. reduced value-reduced: specifies the value by which the priority decreases when the tracked BFD session goes Down. The value ranges from 1 to 255. The lowest priority is 1. By default, when the tracked BFD sessions go Down, the value of the priority decreases by 10. When configuring the value by which the priority increases or decreases, especially the default value, ensure that the priority of a backup router in a backup group is higher than that of a master router whose priority is changed. In this manner, the VRRP status can be switched fast. When a VRRP backup group monitors both BFD sessions and interfaces, the maximum number of BFD sessions and interfaces is 8. If increased value-increased is specified, the value of the increased VRRP backup group priority can exceed the priority of the master VRRP backup group only when all the tracked BFD sessions or interfaces go Down. Otherwise, if the VRRP backup group takes precedence of the peer because its priority is increased when one or part of tracked BFD sessions or interfaces go Down, the additional increasing of the priority is of no significance when other BFD sessions or interfaces go Down. Or, run:
l vrrp vrid virtual-router-id track bfd-session { bfd-session-id | session-name bfd-configure-name } [ peer | link ]
The status of a link or peer BFD session is tracked. If the type of the link BFD is of any of following, you must run the process-pst command to allow the BFD session to modify the port status table (PST). Otherwise, the link BFD session status monitored by mVRRP is not the same as the actual session status.
Issue 03 (2010-03-31)
4 VRRP Configuration
In this scenario, the NPEs establish the peer BFD session between each other but the NPE does not establish the link BFD session with the PE; instead, the NPE establishes multiple link BFD sessions directly with each CE. By tracking the BFD session status, the NPE implements master/ backup fast switchover of the mVRRP backup group. ----End
Procedure
Step 1 Run:
system-view
The view of the interface where the mVRRP backup group is configured is displayed. Step 3 Run:
vrrp vrid track link-bfd down-number down-number
The threshold of VRRP fast switchover is set. Among the link BFD sessions tracked by the mVRRP backup group, when the number of sessions in the Down state reaches or exceeds this threshold, the mVRRP backup group performs master/backup fast switchover. ----End
4.5.5 Enabling the Association Between the mVRRP Backup Group Status and the Route
Context
Do as follows on the device that need perform VRRP fast switchover:
Procedure
Step 1 Run:
system-view
4 VRRP Configuration
Step 2 Run:
interface interface-type interface-number [.subinterface-number ]
The view of the interface where the mVRRP backup group is configured is displayed. Step 3 Run:
vrrp trigger route
The association between the mVRRP backup group status and the route is enabled. At present, multiple VRRP backup groups can be configured on an interface and thus different statuses of VRRP backup groups coexist. Hence, after the association between the VRRP backup group status and the route is enabled, it is recommended that only one VRRP backup group be configured on an interface to avoid the chaotic route status.
NOTE
In the scenario where the association between the VRRP backup group and the route is enabled:
l
For the sub-interface for QinQ VLAN tag termination and VLANIF interface:
l l
When the status of the VRRP backup group becomes Initialize, the device deletes the network segment route and remote host route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Master, the device advertises the network segment route and remote host route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Initialize, the device deletes the network segment route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Master, the device advertises the network segment route of the interface where the VRRP backup group is configured.
----End
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to view the status of the VRRP backup group.
----End
Example
Run the display vrrp command. The command output shows that the status of the BFD session tracked by the mVRRP backup group is Up and the threshold of VRRP fast switchover is 2.
[HUAWEI] display vrrp interface gigabitethernet1/0/1.1 GigabitEthernet1/0/1.1 | Virtual Router 10 State : Master Virtual IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES TimerRun : 1
Delay Time : 0
Issue 03 (2010-03-31)
4-23
4 VRRP Configuration
4.6 Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured
4.6.1 Establishing the Configuration Task 4.6.2 Configuring the mVRRP Backup Group 4.6.3 Binding the Service VRRP Backup Group to the mVRRP Backup Group 4.6.4 Configuring the mVRRP Backup Group to Track the BFD Session Status 4.6.5 Setting the Threshold for VRRP Fast Switchover 4.6.6 Enabling the Association Between the mVRRP Backup Group Status and the Route 4.6.7 Checking the Configuration
In the VPLS convergence network, the PW is established only between PE1 and PE3 and between PE2 and PE3. According to the VPLS split horizon rule, the mVRRP backup group and the peer BFD session cannot be established between NPE1 and NPE2. The VPLS convergence network belongs to another operator, so the link BFD session cannot be established between NPE1 and PE1 or between NPE2 and PE2.
In this scenario, you can use the function of ignorance of interface down of the mVRRP backup group to implement VRRP fast switchover.
4-24 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
NPE1 and NPE2 establish the mVRRP backup group and peer BFD session through a direct link rather than the VPLS convergence network. Thus, when the interface where the mVRRP backup group is configured goes Down, the status of the mVRRP backup group is switched to Master rather than Initialize.
NOTE
In practical networking, NPE1 and NPE2 establish the mVRRP backup group and peer BFD session through the direct link rather than their respective interfaces connecting to the VPLS convergence network. Therefore, the cross-board Eth-Trunk link is recommended between NPE1 and NPE2 to ensure the reliability of the status of the mVRRP backup group and peer BFD session.
Figure 4-3 Typical networking of ignorance of the down of an interface where the mVRRP backup group is configured
Access
Core
NPE1
PW
CE3 PE3
Peer BFD
Admin VRRP
MPLS/IP Core
PE2 NPE2
CE4
Pre-configuration Tasks
Before configuring ignorance of the down of an interface where the mVRRP backup group is configured, complete the following tasks:
l l l
Configuring physical parameters for interfaces Configuring link attributes for interfaces Configuring network layer attributes for interfaces to ensure network connectivity
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-25
Issue 03 (2010-03-31)
4 VRRP Configuration
l
Configuring VRRP backup groups, including the service VRRP backup groups and the mVRRP backup group Configuring BFD sessions, including the link BFD sessions and the peer BFD session (It is required to configure Link BFD sessions between the PE and each CE.)
Data Preparation
To configure ignorance of the down of an interface where the mVRRP backup group is configured, you need the following data. No. 1 2 3 Data VRRP Virtual Router IDs (VRIDs) and virtual IP addresses Priorities of VRRP backup groups Local and remote discriminators of BFD sessions
Procedure
Step 1 Run:
system-view
The view of the interface where the service VRRP backup group is configured is displayed. Step 3 Run:
vrrp vrid virtual-router-id virtual-ip virtual-address
A VRRP backup group is created, and a virtual IP address is assigned to the VRRP backup group. Step 4 Run:
vrrp vrid virtual-router-id priority priority-value
This VRRP backup group is configured as an mVRRP backup group. In the scenario as shown in Figure 4-3, if NPE is not faulty, it is not recommended to shut down the direct link between NPE1 and NPE2. Otherwise, the mVRRP backup groups on NPE1 and NPE2 both become Master, causing service interruption.
4-26 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
In all networking environments except the scenario as shown in Figure 4-3, it is not recommended to enable the function of ignorance of interface down of the mVRRP backup group. Otherwise, the state machine of the VRRP backup group is inconsistent with that defined in the RFC. ----End
4.6.3 Binding the Service VRRP Backup Group to the mVRRP Backup Group
Context
Do as follows on the device that need perform VRRP fast switchover:
Procedure
Step 1 Run:
system-view
The view of the interface where the service VRRP backup group is configured is displayed. Step 3 Run:
vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interfacenumber [.subinterface-number ] vrid virtual-router-id2
The service VRRP backup group is bound to the mVRRP backup group. After the binding, the state machine of the service VRRP backup group becomes dependent. That is, the service VRRP backup group deletes the protocol timer and stops sending or receiving VRRP packets. Alternatively, it implements its state machine by directly copying the status of the mVRRP back group. A service VRRP backup group can be bound to only one mVRRP backup group. ----End
4.6.4 Configuring the mVRRP Backup Group to Track the BFD Session Status
Context
Do as follows on a router that needs the fast VRRP switchover:
NOTE
l l
When configuring fast VRRP switchover, if VRRP monitors the peer BFD session, you must configure peer BFD sessions on both the master router and the backup router. Otherwise, VRRP flapping occurs. When a VRRP backup group is bound to the mVRRP backup group, the VRRP backup group cannot track any BFD session to perform the fast switchover, and the status of the VRRP backup group should be consistent with the status of the mVRRP backup group.
Issue 03 (2010-03-31)
4-27
4 VRRP Configuration
Procedure
Step 1 Run:
system-view
The view of the interface configured with VRRP backup group is displayed. Step 3 Run:
l vrrp vrid virtual-router-id track bfd-session { session-name bfd-session-id | bfd-configure-name } [ increased value-increased | reduced value-reduced ]
The normal BFD session is tracked. increased value-increased: specifies the value by which the priority increases when the tracked BFD session goes Down. The value ranges from 1 to 255. The maximum value of the priority is 254. The value takes effect only when the status of the VRRP backup group is Backup. reduced value-reduced: specifies the value by which the priority decreases when the tracked BFD session goes Down. The value ranges from 1 to 255. The lowest priority is 1. By default, when the tracked BFD sessions go Down, the value of the priority decreases by 10. When configuring the value by which the priority increases or decreases, especially the default value, ensure that the priority of a backup router in a backup group is higher than that of a master router whose priority is changed. In this manner, the VRRP status can be switched fast. When a VRRP backup group monitors both BFD sessions and interfaces, the maximum number of BFD sessions and interfaces is 8. If increased value-increased is specified, the value of the increased VRRP backup group priority can exceed the priority of the master VRRP backup group only when all the tracked BFD sessions or interfaces go Down. Otherwise, if the VRRP backup group takes precedence of the peer because its priority is increased when one or part of tracked BFD sessions or interfaces go Down, the additional increasing of the priority is of no significance when other BFD sessions or interfaces go Down. Or, run:
l vrrp vrid virtual-router-id track bfd-session { bfd-session-id | session-name bfd-configure-name } [ peer | link ]
The status of a link or peer BFD session is tracked. If the type of the link BFD is of any of following, you must run the process-pst command to allow the BFD session to modify the port status table (PST). Otherwise, the link BFD session status monitored by mVRRP is not the same as the actual session status.
BFD for static LSP BFD for LDP LSP BFD for CR-LSP BFD for TE
In this scenario, the NPEs establish the peer BFD session between each other but the NPE does not establish the link BFD session with the PE; instead, the NPE establishes multiple link BFD
4-28 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
sessions directly with each CE. By tracking the BFD session status, the NPE implements master/ backup fast switchover of the mVRRP backup group. ----End
Procedure
Step 1 Run:
system-view
The view of the interface where the mVRRP backup group is configured is displayed. Step 3 Run:
vrrp vrid track link-bfd down-number down-number
The threshold of VRRP fast switchover is set. Among the link BFD sessions tracked by the mVRRP backup group, when the number of sessions in the Down state reaches or exceeds this threshold, the mVRRP backup group performs master/backup fast switchover. ----End
4.6.6 Enabling the Association Between the mVRRP Backup Group Status and the Route
Context
Do as follows on the device that need perform VRRP fast switchover:
Procedure
Step 1 Run:
system-view
The view of the interface where the mVRRP backup group is configured is displayed. Step 3 Run:
vrrp trigger route
The association between the mVRRP backup group status and the route is enabled.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-29
4 VRRP Configuration
At present, multiple VRRP backup groups can be configured on an interface and thus different statuses of VRRP backup groups coexist. Hence, after the association between the VRRP backup group status and the route is enabled, it is recommended that only one VRRP backup group be configured on an interface to avoid the chaotic route status.
NOTE
In the scenario where the association between the VRRP backup group and the route is enabled:
l
For the sub-interface for QinQ VLAN tag termination and VLANIF interface:
l l
When the status of the VRRP backup group becomes Initialize, the device deletes the network segment route and remote host route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Master, the device advertises the network segment route and remote host route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Initialize, the device deletes the network segment route of the interface where the VRRP backup group is configured. When the status of the VRRP backup group becomes Master, the device advertises the network segment route of the interface where the VRRP backup group is configured.
----End
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to view the status of the VRRP backup group.
----End
Example
Run the display vrrp command. The command output shows that the status of the BFD session tracked by the mVRRP backup group is Up and the threshold of VRRP fast switchover is 2.
[HUAWEI] display vrrp interface gigabitethernet1/0/1.1 GigabitEthernet1/0/1.1 | Virtual Router 10 State : Master Virtual IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 BFD-session state : UP Track BFD : peer1 BFD-session state : UP Track BFD : link2
Delay Time : 0
4-30
Issue 03 (2010-03-31)
4 VRRP Configuration
Pre-configuration Tasks
Before configuring VRRP on the VLANIF interface, complete the followings tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring sub-VLAN Configuring super-VLAN
Data Preparation
To configure VRRP on the VLANIF interface, you need the following data. No. 1 2 3 4 Data Super-VLAN ID Sub-VLAN ID Backup group ID Virtual IP address of the backup group
Issue 03 (2010-03-31)
4-31
4 VRRP Configuration
Procedure
Step 1 Run:
system-view
A backup group is created and its virtual IP address is specified. Step 4 Run:
vrrp vrid virtual-router-id priority priority-value
Procedure
Step 1 Run:
system-view
The sending mode of VRRP advertising messages is configured. By default, the super-VLAN does not send advertisement messages to its sub-VLANs. ----End
4-32 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to Check the status of VRRP. ----End
Example
After the configuration, run the display vrrp interface vlanif command, and you can view the VRRP status on the VLANIF interface.
<HUAWEI> display vrrp interface vlanif 40 Vlanif40 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
4 VRRP Configuration
Device that sends packets adds the authentication key into VRRP packets. Device that receives packets compares the received authentication key with the local authentication key. If they are the same, VRRP packets are valid. Otherwise, the router discards the received VRRP packets and sends a Trap packet to the Network Management System (NMS). The router adds the authentication key to the VRRP packet. The receiver generates a summary based on the locally configured authentication key and compares the summary of the received VRRP packet with the locally generated summary. If they are the same, the receiver considers the received VRRP packet valid. Otherwise, the receiver considers the received VRRP packet illegal and discards it, and then reports a trap message to the network management system.
Pre-configuration Tasks
Before configuring the VRRP security function, complete the following tasks:
l l l l
Configuring physical parameters for interfaces Configuring link layer attributes for interfaces Configuring network layer attributes for interfaces to connect the network Configuring the VRRP backup group
Data Preparation
To configure the VRRP security function, you need the following data. No. 1 2 3 Data Backup group ID Virtual IP address of the backup group Authentication key of the VRRP packet
Procedure
Step 1 Run:
system-view
4 VRRP Configuration
Step 2 Run:
interface interface-type interface-number
A backup group is created and its virtual IP address is specified. Step 4 (optional) Run:
vrrp vrid virtual-router-id priority priority-value
The priority of the router in the backup group is configured. Step 5 Run:
vrrp vrid virtual-router-id authentication-mode { simple key | md5 md5-key }
The authentication mode for VRRP packets is configured. The authentication key on the master device must be the same as the authentication key on the backup device. The devices in a VRRP backup group must be configured with the same authentication mode; otherwise, the negotiation between the master and backup routers cannot succeed. ----End
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to check the status of VRRP. ----End
Example
After the configuration, run the display vrrp command, and you can view the mode of the packet authentication.
<HUAWEI> display vrrp GigabitEthernet1/0/0 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 TimerRun : 1 TimerConfig : 1 Auth Type : MD5 Auth key : >6M*PO438G/Q=^Q`MAF4<1!! Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp
Issue 03 (2010-03-31)
4-35
4 VRRP Configuration
Config track link-bfd down-number : 0
According to the preceding command output, the Auth Type field displays MD5, and the Auth key field displays >6M*PO438G/Q=^Q`MAF4<1!!. That is, VRRP backup group 1 adopts MD5 authentication, and the authentication key is >6M*PO438G/Q=^Q`MAF4<1!!.
Pre-configuration Tasks
None.
Data Preparation
To configure VRRP smooth switching, you need the following data. No. 1 Data Interval for the master router to send VRRP packets during VRRP smooth switching
4 VRRP Configuration
Procedure
Step 1 Run:
vrrp timer-advertise learning enable
The function of learning the interval for receiving VRRP packets is enabled. By default, this function is enabled. Step 2 Run:
vrrp smooth-switching timer timer-value
VRRP smooth switching is enabled, and the interval carried in the VRRP packet during VRRP smooth switching is configured. By default, VRRP smooth switching is enabled, and the interval carried in the VRRP packet is 100 seconds. Before running the command, you must enable the function of learning the interval for receiving VRRP packets. When the learning function is disabled, VRRP smooth switching is also disabled.
NOTE
If the interval set by the master router for sending VRRP broadcast packets is much greater than the interval set by the backup router, the backup router resets the "masterdown" time after the backup router is restarted and the interface recovers. The master router may not send packets after the "masterdown" time of the backup router expires. In this case, the backup router becomes the master router. As a result, two master routers exist. During the AMB/SMB switchover, the master router sends VRRP smooth switching packets at the configured interval. If the time configured by the master router for VRRP smooth switching, such as 1s, is shorter than the configured interval for sending VRRP broadcast packets, such as 10s, VRRP packets are sent at the interval of 10s, and the interval carried in the VRRP packet is 1s. As a result, the status of the backup router continuously flaps.
----End
Procedure
Step 1 Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] command to check the status of the VRRP backup group. ----End
Example
After configuring VRRP smooth switching, perform the AMB/SMB switchover on the device. During the AMB/SMB switchover, the status of the VRRP backup group does not switch, and thus the user traffic is not affected. After the AMB/SMB switchover, all VRRP configurations of the new AMB are consistent with those of the original AMB.
<HUAWEI> display vrrp Ethernet2/0/0 | Virtual Router 1 State : Master
Issue 03 (2010-03-31)
4-37
4 VRRP Configuration
Virtual IP : 10.10.10.158 PriorityRun : 180 PriorityConfig : 180 MasterPriority : 180 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
By increasing the interval for sending VRRP advertisement packets by the backup group, you can reduce the network load caused by negotiation packets. In VRRP for IPv4, the members in a VRRP backup group are configured with the same interval for sending VRRP packets, which prevents multiple backup routers from being switched to master routers simultaneously in one VRRP backup group. By configuring the preemption mode and preemption delay time of the router in the backup group, you can increase or reduce the speed of the master/backup switchover. By enabling the test on the reachability of the virtual IP address, you can ping the virtual IP address to check the network connectivity. By prohibiting the system from checking number of hops in VRRP packets, you can improve the compatibility of Huawei routers with different vendors' routers.
Pre-configuration Tasks
Before adjusting and optimizing VRRP, complete the following tasks:
l
4-38
4 VRRP Configuration
Configuring link layer attributes for interfaces Configuring network layer attributes for interfaces to connect to the network Configuring the VRRP backup group
Data Preparation
To adjust and optimize VRRP, you need the following data. No. 1 2 3 Data Interval for sending VRRP advertisement packets Preemption delay of the routers in the backup group Timeout period for the master to send gratuitous ARP packets
Procedure
l For VRRP for IPv4, run the following commands: 1. Run:
system-view
The interval for sending VRRP advertisement packets is configured. By default, the interval for sending VRRP advertisement packets is 1 second. When multiple backup groups exist, sending VRRP advertisement packets at very short intervals may lead to frequent VRRP switchover. In this case, you can increase the interval. ----End
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-39
4 VRRP Configuration
Procedure
l For VRRP for IPv4, run the following commands: 1. Run:
system-view
The preemption delay of routers in the backup group is configured. By default, the preemption mode is adopted and the delay period is 0, indicating immediate preemption. In immediate preemption mode, the backup router becomes the new master router when its priority is higher than that of the current master router. The original master router becomes a backup router. After the preemption delay period is set, the backup router is delayed to preempt the master router. Run the vrrp vrid virtual-router-id preempt-mode disable command to configure routers in the backup group with the non-preemption mode. In the non-preemption mode, if a router in the backup group becomes the master router and works normally, other routers do not become the master router even if they are configured with higher priorities later. After the IP address owner recovers from a fault, it switches to be the master router immediately in spite of the preemption delay. The preemption delay refers to a delay period for the backup router to be switched to be the master router. The preemption delay is unavailable for the IP address owner. For the VRRP backup group that needs to support the preemption delay, the master virtual router cannot be configured as the IP address owner. Run the undo vrrp vrid virtual-router-id preempt-mode command to restore the default preemption mode.
NOTE
On each router to be configured with a delay mode in a VRRP backup group, it is recommended to configure backup routers with the immediate preemption mode (whose delay time is 0 seconds) and configure the master router with the preemption mode (whose delay time is specified). Configuring the delay time for the master router can ensure that the original primary link has enough time to restore and work stably, and then switch back. At the same time, the backup link works normally. If the data is switched back to the original primary link, the application is not affected.
----End
4-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
Whether the master router in the backup group is available. Whether the internal user can access external networks through the virtual IP address that serves as the default gateway.
Do as follows on the router that needs to be enabled with a reachable virtual IP address:
Procedure
l For VRRP for IPv4, run the following commands: 1. Run:
system-view
Testing reachability of a virtual address is enabled. By default, the ping function is enabled. The master router responds to ping packets to the virtual IP address of this backup group. Pinging a virtual address may cause ICMP attacks. To prevent this, you can run the undo vrrp virtual-ip ping enable command to disable the function of testing reachability of a virtual IP address. ----End
Procedure
l For VRRP for IPv4, 1. Run:
system-view
4 VRRP Configuration
2.
Run:
interface interface-type interface-number
Checking TTLs in VRRP packets is disabled. By default, TTLs in VRRP packets are detected. You can run the undo vrrp un-check ttl command to enable the router to check TTLs in VRRP packets. ----End
4.10.6 Configuring the Timeout Time of Sending Gratuitous ARP Packets by the Master router
Context
Do as follows on the router to send gratuitous ARP packets:
Procedure
Step 1 Run:
system-view
The timeout period is configured for the master router to send gratuitous ARP packets. The master router sends the ARP packets with the virtual MAC address. By default, the master router sends a gratuitous ARP packet every 300 seconds (5 minutes). Run the undo vrrp gratuitous-arp timeout command in the system view to restore the default timeout period of sending gratuitous ARP packets. Run the vrrp gratuitous-arp timeout disable command in the system view to disable the master router to send gratuitous ARP packets. ----End
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] [ brief ] command to Check the status of VRRP.
----End
4-42 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
Example
Run the display vrrp command, and you can view the modified VRRP parameter. For example, the TimerRun field and the TimerConfig field display 20. That is, the interval for sending the VRRP advertisement packet is modified as 20 seconds. The default interval is 1 second.
<HUAWEI> display vrrp GigabitEthernet1/0/0 | Virtual Router 1 State : Master Virtual IP : 100.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 20 TimerConfig : 20 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Config track link-bfd down-number : 0
NPE1
mVRRP
UPE
NPE2
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-43
4 VRRP Configuration
As shown in Figure 4-4, when the convergence layer of the Metro Ethernet (ME) dual NPEs are deployed for high reliability. The master and standby routers are determined by mVRRP between NPEs. The mVRRP backup group is actually the ordinary VRRP backup group. The difference is that the mVRRP backup group can be bound to other backup groups of different services. The status of the backup group of related services depends on the binding relationship. The mVRRP backup group can be bound to several backup group members. The mVRRP backup group cannot be bound to other management backup groups. According to different applications, the binding relationship of the mVRRP backup group is as follows:
l
The VRRP backup group is bound to the mVRRP backup group: UPEs are dual-homed to NPEs. VRRP is run between NPEs. The master NPE and backup NPE are determined by the configured priority of VRRP. Multiple VRRP backup groups run between NPEs with different services. If each VRRP backup group needs to maintain its own state machine, a huge number of VRRP packets exist among NPEs. To simplify the process and decrease occupancy of bandwidth, you can set one VRRP backup group as the mVRRP backup group. Other backup group members are bound to the mVRRP backup group. The master and slave routers are determined directly by the binding relationship.
The service interfaces are bound to the mVRRP backup group. If the UPEs are dual-homed to NPEs through two physical links. You can bind the member interfaces to the mVRRP backup group to determine the master member interfaces and the slave interfaces. PW is bound to the mVRRP backup group. If VPLS is run between UPEs and NPEs, the UPEs are dual-homed to NPEs through two PWs. Then, you can bind the PW and the mVRRP backup group to determine the master PW and the slave PW.
Pre-configuration Tasks
Before configuring mVRRP, complete the following tasks:
l l l
Configuring physical parameters of an interface Configuring link attributes of interfaces Configuring attributes of network layer of interfaces for connectivity
Data Preparation
To configure mVRRP, you need the following data. No. 1 2 3 4
4-44
Data ID of the mVRRP and IDs of VRRP backup group members Virtual IP address of the mVRRP and virtual IP addresses of VRRP backup group members Priority of the mVRRP Number of the member interface
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
No. 5
Procedure
Step 1 Run:
system-view
A backup group is created and a virtual IP address is assigned to the backup group. Step 4 Run:
vrrp vrid virtual-router-id priority priority-value
4.11.3 (Optional) Configuring VRRP Backup Group Members and Binding them to the mVRRP Backup Group
Context
Do as follows on each router on which the VRRP backup group members need to be bound to an mVRRP backup group.
Procedure
Step 1 Run:
system-view
4 VRRP Configuration
Step 2 Run:
interface interface-type interface-number[.subinterface-number ]
A backup group is created with a virtual IP address. The status of the VRRP backup group member is determined by the mVRRP backup group. Therefore, the VRRP group member needs not a priority. Step 4 Run:
vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interfacenumber [ .subinterface-number ] vrid virtual-router-id2
The VRRP backup group member is bound to the mVRRP backup group. After the VRRP backup group member is bound to the mVRRP backup group, the state machine of the VRRP backup group member becomes dependent. That is, the VRRP backup group member deletes the protocol timer, and no longer sends or receives packets, and implements its state machine by directly copying the status of the mVRRP backup group. The backup member can be bound to only one mVRRP. ----End
Procedure
Step 1 Run:
system-view
4-46
Issue 03 (2010-03-31)
4 VRRP Configuration
4.11.5 (Optional) Binding the PW to the mVRRP Backup Group Through VPLS
Context
Do as follows on the routers that need to bind the PW to the mVRRP backup group.
Procedure
Step 1 Run:
system-view
The PW is bound to the VRRP backup group. Before the PW is bound to the mVRRP backup group, the peer must exist. For the configuration of the PW, refer to Chapter "VPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN. ----End
Procedure
l Run the display vrrp binding admin-vrrp [ interface interface-type interface-number ] [ vrid virtual-router-id ] command to check all binding information about the mVRRP backup group. Run the display vrrp binding admin-vrrp [ interface interface-type1 interfacenumber1 ] [ vrid virtual-router-id ] member-vrrp [ interface interface-type2 interfacenumber2 ] [ vrid virtual-router-id ] command to check the binding between the mVRRP backup group and the VRRP backup group members. Run the display vrrp binding admin-vrrp [ interface interface-type1 interfacenumber1 ] [ vrid virtual-router-id ] member-interface [ interface interface-type2
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-47
Issue 03 (2010-03-31)
4 VRRP Configuration
interface-number2 ] command to check the binding between the mVRRP backup group and the member interface members. l Run the following commands to check the binding between the mVRRP backup group and the PW members.
display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id ] member-pw display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id ] member-pw vc interface interface-type2 interface-number2 display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id ] member-pw vsi vsi-name peer ip-address [ negotiation-vcid vc-id1 ] display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id ] member-pw vc switch-vc peer ip-address vc-id2
Run the display vrrp admin-vrrp command to check the status of all mVRRP backup groups in the current configuration.
----End
Example
After the configuration, you can run the display vrrp binding admin-vrrp command to view all binding information about the VRRP backup group member, interface member, and PW member.
<HUAWEI> display vrrp binding admin-vrrp Interface: GigabitEthernet2/0/0, admin-vrrp vrid: 6, state: Master Member-vrrp number: 1 Interface: GigabitEthernet2/0/0.1, vrid: 8, state: Master Member-interface number: 1 Interface: GigabitEthernet2/0/0.2, state: Up
Procedure
l Run the display vrrp [ interface interface-type interface-number [ virtual-router-id ] ] [ brief ] command in any view to check the current running status and parameters of VRRP.
----End
4-48
Issue 03 (2010-03-31)
4 VRRP Configuration
Router A and Router B form a VRRP backup group that serves as the default gateway for Host A. Normally, Router A serves as the gateway. When Router A fails, Router B serves as the gateway. Router A continues to function as the master router within 20 seconds after it recovers.
HostA
RouterC
Ethernet
RouterB Backup
4-49
Issue 03 (2010-03-31)
4 VRRP Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. Create the backup group 1 on the GE 2/0/0 on Router A and configure Router A with the highest priority in the backup group to be the master router. Configure the preemption mode. Create backup group 1 on the GE 2/0/0 interface on Router B and use the default priority.
2.
Data Preparation
To complete the configuration, you need the following data:
l l l
Virtual router ID and virtual IP address Priority of each router in the backup group Preemption mode
Procedure
Step 1 Configure network interconnection between devices. # Configure the default gateway of Host A with 10.1.1.111 and the default gateway of Host B with 20.1.1.1. # Configure Router A, Router B and Router C to use OSPF for interconnection. Step 2 Configure VRRP. # On Router A, configure the IP address of the interface, create backup group 1 and configure the priority of Router A in this group with 120 (as the master router).
<RouterA> system-view [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 priority 120 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 preempt-mode timer delay 20 [RouterA-GigabitEthernet2/0/0] quit
# On Router B, configure the IP address of the interface, create backup group 1 and configure the priority of Router B in this group with the default value (as the backup router).
<RouterB> system-view [RouterB] interface gigabitethernet 2/0/0 [RouterB-GigabitEthernet2/0/0] undo shutdown [RouterB-GigabitEthernet2/0/0] ip address 10.1.1.2 24 [RouterB-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterB-GigabitEthernet2/0/0] quit
Check that the VRRP backup group can serve as a gateway. After the previous configuration, Host A can ping through Host B. Running the display vrrp command on Router A, you can view that the status of Router A is Master. Running the display vrrp command on Router B, you can view that the Router B is Backup.
4-50
Issue 03 (2010-03-31)
4 VRRP Configuration
Running the display ip routing-table command on Router A and Router B, you can view a direct route with the destination address being the virtual IP address on Router A, and an OSPF route to the same destination on Router B. The displays on Router A and Router B are as follows.
<RouterA> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet2/0/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.0/24 OSPF 10 2 D 192.168.1.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Pos1/0/0 192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.2/32 Direct 0 0 D 192.168.1.2 Pos1/0/0 192.168.2.0/24 OSPF 10 2 D 10.1.1.2 GigabitEthernet2/0/0 <RouterB> display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet2/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.111/32 OSPF 10 2 D 10.1.1.1 GigabitEthernet2/0/0 20.1.1.0/24 OSPF 10 2 D 192.168.2.2 Pos1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 OSPF 10 2 D 10.1.1.1 GigabitEthernet2/0/0 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Pos1/0/0 192.168.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.2/32 Direct 0 0 D 192.168.2.2 Pos1/0/0 l
Check whether Router B can become the master when Router A fails.
Issue 03 (2010-03-31)
4-51
4 VRRP Configuration
To simulate the election of the master router when Router A fails, run the shutdown command on the GE 2/0/0 on Router A. Running the display vrrp command on Router B to view the VRRP status, you can view that Router B is in the Master state. The command output is as follows:
<RouterB> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp l
Check that Router A can perform preemption after recovering. Run the undo shutdown command on GE 2/0/0. On Router A, run the display vrrp command to view VRRP status 20 seconds after GE 2/0/0 being Up. You can view that Router A restores to be the master router.
----End
Configuration Files
l
4-52
Issue 03 (2010-03-31)
4 VRRP Configuration
Router A serves as the master router of group 1 and the backup router of group 2. Router B serves as the master router of backup group 2 and the backup router of group 1. Host A in the internal network takes backup group 1 as its gateway and Host C takes backup group 2 as its gateway to share the traffic and backup each other.
Issue 03 (2010-03-31)
4-53
4 VRRP Configuration
HostA
10.1.1.100/24
RouterC
Eth3/0/0 20.1.1.1/24
POS2/0/0 HostB 192.168.2.2/24 20.1.1.100/24 10.1.1.101/24 POS1/0/0 GE2/0/0 192.168.2.1/24 10.1.1.2/24 RouterB Ethernet group 2:Master Backup group 1 group 1:Backup
HostC
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Create two backup groups on the GE 2/0/0 interface on Router A. Router A is the master router in the backup group 1 and the backup in group 2. Create two backup groups on the GE 2/0/0 interface on Router B. Router B is the backup router in the backup group 1 and the master in group 2.
Data Preparation
To complete the configuration, you need the following data:
l l
Virtual router ID and virtual IP address Priority of each router in the backup group
Procedure
Step 1 Configure the network interconnection between devices. # Configure the default gateway of Host A as the virtual IP address 10.1.1.111 in backup group 1, the default gateway of Host B as 20.1.1.1, and the default gateway of Host C as the virtual IP address 10.1.1.112 in backup group 2. # Configure Router A, Router B, and Router C to use OSPF for interconnection. Step 2 Configure VRRP. # On Router A, configure the IP address of the interface, create backup group 1 and configure the priority of Router A in this group as 120 (as the master router). Create backup group 2 and
4-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
configure the priority of Router A in this group with the default value 100 (as the backup router).
<RouterA> system-view [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterA-GigabitEthernet2/0/0] vrrp vrid 1 priority 120 [RouterA-GigabitEthernet2/0/0] vrrp vrid 2 virtual-ip 10.1.1.112 [RouterA-GigabitEthernet2/0/0] quit
# On Router B, configure the IP address of the interface, create backup group 1 and configure the priority of Router B in this group with the default value 100 (as the backup router). Create backup group 2, and configure the priority of Router B in this group with 120 (as the master router).
<RouterB> system-view [RouterB] interface gigabitethernet 2/0/0 [RouterB-GigabitEthernet2/0/0] undo shutdown [RouterB-GigabitEthernet2/0/0] ip address 10.1.1.2 24 [RouterB-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [RouterB-GigabitEthernet2/0/0] vrrp vrid 2 virtual-ip 10.1.1.112 [RouterB-GigabitEthernet2/0/0] vrrp vrid 2 priority 120 [RouterB-GigabitEthernet2/0/0] quit
Step 3 Verify the configuration. After the previous configuration, Host A and Host C in the network can ping through Host B. Tracert Host B from Host A and Host C. Packets from Host A to Host B pass through Router A and Router C. Packets from Host C to Host B pass through Router A and Router C. That is, the load balancing is enabled for Router A and Router B to share the internal traffic.
<HostA> tracert 20.1.1.100 traceroute to 20.1.1.100(20.1.1.100) 30 hops max,40 bytes packet 1 10.1.1.1 120 ms 50 ms 60 ms 2 192.168.1.2 100 ms 60 ms 60 ms 3 20.1.1.100 130 ms 90 ms 90 ms <HostC> tracert 20.1.1.100 traceroute to 20.1.1.100(20.1.1.100) 30 hops max,40 bytes packet 1 10.1.1.2 30 ms 60 ms 40 ms 2 192.168.2.2 90 ms 60 ms 60 ms 3 20.1.1.100 70 ms 60 ms 90 ms
Running the display vrrp command on Router A, you can view that Router A serves as the master router in backup group 1 and the backup router in backup group 2.
<RouterA> display vrrp GigabitEthernet2/0/0 | Virtual Router 1 state : Master Virtual IP : 10.1.1.111 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp GigabitEthernet2/0/0 | Virtual Router 2 state : Backup Virtual IP : 10.1.1.112 PriorityRun : 100 PriorityConfig : 100
Issue 03 (2010-03-31)
4-55
4 VRRP Configuration
MasterPriority Preempt TimerRun TimerConfig Auth Type Virtual Mac Check TTL Config type : : : : : : : : 120 YES Delay Time : 0 1 1 NONE 0000-5e00-0102 YES normal-vrrp
----End
Configuration Files
l
4-56
Issue 03 (2010-03-31)
4 VRRP Configuration
PE-A and PE-B form backup group 1 and backup group 2. PE-A serves as the master device, and PE-B serves as the backup device. CE-A uses the virtual IP address of VRRP backup group 1 as its default gateway. CE-B uses the virtual IP address of VRRP backup group 2 as its default gateway. CE-A and CE-D belong to the VPN-BLUE instances. CE-B and CE-C belong to the VPN-RED instances. The GE 1/0/0 interfaces on PE-A belong to the VPN-BLUE instances. The GE 2/0/0 interfaces belong to VPN-RED instances. The GE 1/0/0 interfaces on PE-B belong to the VPN-BLUE instances. The GE 2/0/0 interfaces belong to VPN-RED instances. The GE 1/0/0 interfaces on PE-C belong to the VPN-RED instances. The GE 2/0/0 interfaces belong to VPN-BLUE instances. Configure the OSPF and enable the MPLS forwarding. Configure default routes on CE-A and CE-B to exchange VPN routing information with PE-A and PE-B. Establish BGP peer relationship among PE-A, PE-B and PE-C to transmit all VPN routes.
VPN instance that CE belongs to VPN instance that the interface on PE belongs to
l l l
l l
Issue 03 (2010-03-31)
4-57
4 VRRP Configuration
HostA VPN BLUE PE-A CE-A Loopback1 GE1/0/0 GE1/0/0 Backup group1 for VPN BLUE Backup group2 for VPN RED CE-C
GE2/0/0
GE1/0/0
PO
0/
/0 /
E2 /
E1 /
0/
Loopback1 PE-B
S2
POS3/0/0 Loopback1
POS3/0/0
router P
IP Address 192.168.1.2/24 192.168.2.2/24 192.168.3.2/24 4.4.4.4/32 10.1.1.1/24 20.1.1.1/24 192.168.1.1/24 1.1.1.1/32 10.1.1.2/24 20.1.1.2/24 192.168.2.1/24 2.2.2.2/32 10.2.1.1/24 20.2.1.1/24 192.168.3.1/24 3.3.3.3/32 10.1.1.100/24 20.1.1.100/24 20.2.1.100/24 10.2.1.100/24
PE-A
PE-B
PE-C
4-58
Issue 03 (2010-03-31)
4 VRRP Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Create the backup group 1 and the backup group 2 on PE-A and PE-B. PE-A is the master router in the backup group 1 and PE-B is the backup router. PE-A is the backup router in the backup group 2 and PE-B is the master router. PE-A and PE-B share the traffic and back up each other.
Data Preparation
To complete the configuration, you need the following data:
l l
Virtual router ID and virtual IP address Priority of each router in the backup group
Procedure
Step 1 Configure OSPF between PEs, or between PEs and Ps to implement the interconnection of the backbone networks (omitted). Step 2 Configure MPLS basic functions and MPLS LDP on the MPLS backbone network and establish LDP LSP (omitted). Step 3 Configure VPN instances on PEs and enable CEs to access PEs (omitted). Step 4 Configure MP-IBGP peer connections between PEs (omitted). Step 5 Configure default routes on CE-A and CE-B (omitted). For the configurations from Step 1 to Step 5, refer to Chapter "BGP MPLS IP VPN Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN. You can also refer to the following configuration files. Step 6 Configure the multi-instance VRRP instance on PE-A and PE-B. # On PE-A, create backup group 1, and configure the priority of PE-A in this group to 120 (as the master router).
<PE-A> system-view [PE-A] interface gigabitethernet 1/0/0 [PE-A-GigabitEthernet1/0/0] vrrp vrid 1 virtual-ip 10.1.1.111 [PE-A-GigabitEthernet1/0/0] vrrp vrid 1 priority 120 [PE-A-GigabitEthernet1/0/0] quit
# On PE-A, create backup group 2, and configure the priority of PE-A in this group to the default value (as the backup router).
[PE-A] interface gigabitethernet 2/0/0 [PE-A-GigabitEthernet2/0/0] vrrp vrid 2 virtual-ip 20.1.1.111 [PE-A-GigabitEthernet2/0/0] quit
# On PE-B, create backup group 1, and configure the priority of PE-B in this group to the default value (as the backup router).
<PE-B> system-view [PE-B] interface gigabitethernet 1/0/0
Issue 03 (2010-03-31)
4-59
4 VRRP Configuration
# On PE-B, create backup group 2, and configure the priority of PE-B in this group to 120 (as the master router).
[PE-B] interface gigabitethernet 2/0/0 [PE-B-GigabitEthernet2/0/0] vrrp vrid 2 virtual-ip 20.1.1.111 [PE-B-GigabitEthernet2/0/0] vrrp vrid 2 priority 120 [PE-B-GigabitEthernet2/0/0] quit
Step 7 Verify the configuration. Running the display ip routing-table vpn-instance vpn-instance-name command on PE-A and PE-B, you can view a route with the destination address being the virtual IP address in the VPN routing table on PE-A. There is no such route on PE-B. The display on PE-A is as follows:
<PE-A> display ip routing-table vpn-instance VPN-BLUE Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: VPN-BLUE Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/0 10.1.1.1/32 Direct 0 0 D 10.1.1.1 InLoopBack0 10.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0... ...
Configuration Files
l
4-60
Issue 03 (2010-03-31)
4 VRRP Configuration
ip binding vpn-instance VPN-RED ip address 20.1.1.1 255.255.255.0 vrrp vrid 2 virtual-ip 20.1.1.111 # interface Pos3/0/0 link-protocol ppp undo shutdown ip address 192.168.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance VPN-BLUE import-route direct import-route static # ipv4-family vpn-instance VPN-RED import-route direct import-route static # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 1.1.1.1 0.0.0.0 # ip route-static vpn-instance VPN-BLUE 0.0.0.0 0.0.0.0 10.1.1.100 ip route-static vpn-instance VPN-RED 0.0.0.0 0.0.0.0 20.1.1.100 # return l
Issue 03 (2010-03-31)
4-61
4 VRRP Configuration
Connect UMG with Router A and Router B through Switch A and Switch B respectively. Run VRRP on Router A and Router B. Router A serves as the master router and Router B serves as the backup router.
When Router A fails or the GE link between Router A and Router B fails, VRRP switchover should be performed in less than one second to implement fast convergence in NGN.
4-62
Issue 03 (2010-03-31)
4 VRRP Configuration
Backbone Network POS1/0/0 POS1/0/0 192.168.0.1/24192.168.0.2/24 Backup group 10 Virtual IP address: 10.1.1.3/24
VLAN
UMG
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure BFD sessions on GE interfaces on Router A and Router B to monitor the link Router A - Switch A - Switch B - Router B as well as Router A itself. Enable VRRP to track BFD sessions on Router B so that once the sessions are Down, the priority of Router B increases by 40 and then the switchover is enabled.
NOTE
l l
This example covers only configurations on Router A and Router B. If the switchover needs to be implemented only on Router A, configure BFD sessions on the POS interface that is directly connected to Router A and Router B in Step 1. This configuration is not covered in this example.
Data Preparation
To complete the configuration, you need the following data:
l l l
The local and remote BFD session identifier Virtual router ID and virtual IP address Priority of each router in the backup group
Procedure
Step 1 Configure BFD. # Configure a BFD session on Router A.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-63
4 VRRP Configuration
<RouterA> system-view [RouterA] bfd [RouterA-bfd] quit [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet2/0/0] bfd [RouterA-GigabitEthernet2/0/0] quit [RouterA] bfd atob bind peer-ip 10.1.1.2 interface gigabitethernet 2/0/0 [RouterA-bfd-session-atob] discriminator local 1 [RouterA-bfd-session-atob] discriminator remote 2 [RouterA-bfd-session-atob] min-rx-interval 50 [RouterA-bfd-session-atob] min-tx-interval 50 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
Running the display bfd session command on Router A and Router B, you can view that BFD sessions are Up. Take the display on Router A as an example.
[RouterA] display bfd session all -------------------------------------------------------------------------Local Remote PeerIpAddr InterfaceName State Type -------------------------------------------------------------------------1 2 10.1.1.2 GigabitEthernet2/0/0 Up S_IP_IF -------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 2 Configure VRRP fast switchover. # Create a backup group 10 and configure Router A to be the master router with the priority as 160.
[RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] vrrp vrid 10 virtual-ip 10.1.1.3 [RouterA-GigabitEthernet2/0/0] vrrp vrid 10 priority 160 [RouterA-GigabitEthernet2/0/0] quit
# Create a backup group 10 and configure Router B to be the backup router with the priority as 140.
[RouterB] interface gigabitethernet2/0/0 [RouterB-GigabitEthernet2/0/0] vrrp vrid 10 virtual-ip 10.1.1.3 [RouterB-GigabitEthernet2/0/0] vrrp vrid 10 priority 140
# Track the BFD session on the backup router. If the BFD session is Down, the priority of Router B increases by 40.
[RouterB-GigabitEthernet2/0/0] vrrp vrid 10 track bfd-session 2 increased 40 [RouterB-GigabitEthernet2/0/0] quit
Running the display vrrpcommand on Route A or Router B, you can view that Router A is the master and Router B is the backup. You can also view the tracked BFD session and its status on Router B.
4-64 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
: 40
Step 3 Verify the configuration. # Run the shutdowncommand on GE 2/0/0 on Router A to simulate a link fault.
[RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] shutdown
Running the display vrrp command on Router A, you can view that the status of Router A changes to Initialize.
[RouterA] display vrrp GigabitEthernet2/0/0 | Virtual Router 10 state : Initialize Virtual IP : 10.1.1.3 PriorityRun : 160 PriorityConfig : 160 MasterPriority : 0 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0110 Check TTL : YES Config type : normal-vrrp
Running the display vrrp command on Router B, you can view that Router B becomes the master router and the BFD session when it is Down.
[RouterB] display vrrp
Issue 03 (2010-03-31)
4-65
4 VRRP Configuration
----End
Configuration Files
l
4-66
Issue 03 (2010-03-31)
4 VRRP Configuration
4.13.5 Example for Configuring VRRP Fast Switchover (Using BFD Sampling)
Networking Requirements
As shown in Figure 4-9, the CE connects to the sub-interface for QinQ VLAN tag termination of the NPE across the VPLS convergence network. On the NPE, the mVRRP backup group and the service VRRP backup group are configured and the mVRRP backup group implements master/backup fast switchover by tracking the BFD session. Between NPE1 and NPE2, the peer BFD session is established. In this configuration example, the following restrictions are imposed on the network:
l
The VPLS convergence network belongs to another operator, so the link BFD session cannot be directly established between NPE1 and PE1 or between NPE2 and PE2. PE1 or PE2 does not support the BFD function.
In this case, you can use BFD sampling to implement VRRP fast switchover.
NOTE
With BFD sampling, the NPE establishes link BFD sessions with each CE.
NPE1 and NPE2 establish the mVRRP backup group, the service VRRP backup group, and the peer BFD session through their respective interfaces GE 1/0/1 that connect to the VPLS convergence network. NPE1 or NPE2 establishes four link BFD sessions with four CEs respectively through GE 1/0/1. The mVRRP backup group is responsible for tracking the status of the four BFD sessions concurrently. When two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover.
Issue 03 (2010-03-31)
4-67
4 VRRP Configuration
Figure 4-9 Typical networking of VRRP fast switchover (using BFD sampling)
Access
Core
CE1
NPE1
CE2
IP:10.101.1.1/24 GW:10.101.1.200 Inner VLAN: 210 Outer VLAN: 10
PE1 PE2
Peer BFD
MPLS/IP Core
CE3
IP:10.102.1.1/24 GW:10.102.1.200 Inner VLAN: 310 Outer VLAN: 10
NPE2
# interface GigabitEthernet1/0/1.1 ip address 10.1.1.253 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 # interface GigabitEthernet1/0/1.100 ip address 10.100.1.253 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 # interface GigabitEthernet1/0/1.101 ip address 10.101.1.253 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 # interface GigabitEthernet1/0/1.102 ip address 10.102.1.253 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 # interface GigabitEthernet1/0/1.103 ip address 10.103.1.253 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 #
CE4
IP:10.103.1.1/24 GW:10.103.1.200 Inner VLAN: 410 Outer VLAN: 10
Configuration Roadmap
The configuration roadmap is as follows:
4-68 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
1. 2.
Configure the sub-interface for QinQ VLAN tag termination on NPE1 and NPE2. Configure the mVRRP backup group and service VRRP backup group on the sub-interfaces for QinQ VLAN tag termination of NPE1 and NPE2 and bind the service VRRP backup group with the mVRRP backup group. Establish the BFD session between NPE1 and NPE2 and between the NPE and the CE. Configure master/backup fast switchover of the mVRRP backup group using BFD sampling.
3. 4.
Data Preparation
To complete the configuration, you need the following data:
l l
Virtual Router IDs (VRIDs) and virtual IP addresses Priorities of VRRP backup groups
Procedure
Step 1 Configure the sub-interface for QinQ VLAN tag termination on NPE1 and NPE2.
NOTE
Only the configuration procedures of NPE1 and NPE2 are provided here. For the configuration procedures of the BFD function of the CE as shown in Figure 4-9 and the VPLS convergence network, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability and Configuration Guide - VPN.
# Configure NPE1.
<HUAWEI> system-view [HUAWEI] sysname NPE1 [NPE1] interface gigabitethernet1/0/1 [NPE1-GigabitEthernet1/0/1] mode user-termination [NPE1-GigabitEthernet1/0/1] undo shutdown [NPE1-GigabitEthernet1/0/1] quit [NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/1.1] control-vid 1 qinq-termination [NPE1-GigabitEthernet1/0/1.1] qinq termination pe-vid 10 ce-vid 1 [NPE1-GigabitEthernet1/0/1.1] ip address 10.1.1.254 24 [NPE1-GigabitEthernet1/0/1.1] arp broadcast enable [NPE1-GigabitEthernet1/0/1.1] quit [NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] control-vid 100 qinq-termination [NPE1-GigabitEthernet1/0/1.100] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.100] ip address 10.100.1.254 24 [NPE1-GigabitEthernet1/0/1.100] arp broadcast enable [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] control-vid 101 qinq-termination [NPE1-GigabitEthernet1/0/1.101] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.101] ip address 10.101.1.254 24 [NPE1-GigabitEthernet1/0/1.101] arp broadcast enable [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] control-vid 102 qinq-termination [NPE1-GigabitEthernet1/0/1.102] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.102] ip address 10.102.1.254 24 [NPE1-GigabitEthernet1/0/1.102] arp broadcast enable [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] control-vid 103 qinq-termination [NPE1-GigabitEthernet1/0/1.103] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.103] ip address 10.103.1.254 24 [NPE1-GigabitEthernet1/0/1.103] arp broadcast enable [NPE1-GigabitEthernet1/0/1.103] quit
to 100
101 to 200
201 to 300
301 to 400
401 to 500
Issue 03 (2010-03-31)
4-69
4 VRRP Configuration
# Configure NPE2.
<HUAWEI> system-view [HUAWEI] sysname NPE2 [NPE2] interface gigabitethernet1/0/1 [NPE2-GigabitEthernet1/0/1] mode user-termination [NPE2-GigabitEthernet1/0/1] undo shutdown [NPE2-GigabitEthernet1/0/1] quit [NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/1.1] control-vid 1 qinq-termination [NPE2-GigabitEthernet1/0/1.1] qinq termination pe-vid 10 ce-vid 1 [NPE2-GigabitEthernet1/0/1.1] ip address 10.1.1.253 24 [NPE2-GigabitEthernet1/0/1.1] arp broadcast enable [NPE2-GigabitEthernet1/0/1.1] quit [NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] control-vid 100 qinq-termination [NPE2-GigabitEthernet1/0/1.100] qinq termination pe-vid 10 ce-vid [NPE2-GigabitEthernet1/0/1.100] ip address 10.100.1.253 24 [NPE2-GigabitEthernet1/0/1.100] arp broadcast enable [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] control-vid 101 qinq-termination [NPE2-GigabitEthernet1/0/1.101] qinq termination pe-vid 10 ce-vid [NPE2-GigabitEthernet1/0/1.101] ip address 10.101.1.253 24 [NPE2-GigabitEthernet1/0/1.101] arp broadcast enable [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] control-vid 102 qinq-termination [NPE2-GigabitEthernet1/0/1.102] qinq termination pe-vid 10 ce-vid [NPE2-GigabitEthernet1/0/1.102] ip address 10.102.1.253 24 [NPE2-GigabitEthernet1/0/1.102] arp broadcast enable [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] control-vid 103 qinq-termination [NPE2-GigabitEthernet1/0/1.103] qinq termination pe-vid 10 ce-vid [NPE2-GigabitEthernet1/0/1.103] ip address 10.103.1.253 24 [NPE2-GigabitEthernet1/0/1.103] arp broadcast enable [NPE2-GigabitEthernet1/0/1.103] quit
NOTE
to 100
101 to 200
201 to 300
301 to 400
401 to 500
After the IP address is assigned to a sub-interface for QinQ VLAN tag termination, it is recommended to run the arp broadcast enable command. Otherwise, the sub-interfaces for QinQ VLAN tag termination fail to ping through each other.
# After the configuration, the sub-interfaces for QinQ VLAN tag termination in the same network segment on NPE1 and NPE2 can ping through each other across the VPLS convergence network. It indicates that the link between NPE1 and NPE2 works normally. Take the ping between NPE1 and NPE2 as an example. The interfaces of NPE1 and NPE2 where the mVRRP backup group is configured can ping through each other.
[NPE1] ping 10.1.1.253 PING 10.1.1.253: 56 data bytes, press CTRL_C to break Reply from 10.1.1.253: bytes=56 Sequence=1 ttl=255 time=160 ms Reply from 10.1.1.253: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 10.1.1.253: bytes=56 Sequence=3 ttl=255 time=160 ms Reply from 10.1.1.253: bytes=56 Sequence=4 ttl=255 time=180 ms Reply from 10.1.1.253: bytes=56 Sequence=5 ttl=255 time=120 ms --- 10.1.1.253 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/142/180 ms
The interfaces of NPE1 and NPE2 where the service VRRP backup group is configured can ping through each other.
4-70 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
[NPE1] ping 10.100.1.253 PING 10.100.1.253: 56 data bytes, press CTRL_C to break Reply from 10.100.1.253: bytes=56 Sequence=1 ttl=255 time=90 ms Reply from 10.100.1.253: bytes=56 Sequence=2 ttl=255 time=100 ms Reply from 10.100.1.253: bytes=56 Sequence=3 ttl=255 time=190 ms Reply from 10.100.1.253: bytes=56 Sequence=4 ttl=255 time=100 ms Reply from 10.100.1.253: bytes=56 Sequence=5 ttl=255 time=90 ms --- 10.100.1.253 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/114/190 ms
The NPE and the CE in the same network segment can ping through each other. It indicates that the link between the NPE and the CE works normally. Take the ping between NPE1 and CE1 or between NPE2 and CE1 as an example.
[NPE1] ping 10.100.1.1 PING 10.100.1.1: 56 data Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: bytes, press CTRL_C bytes=56 Sequence=1 bytes=56 Sequence=2 bytes=56 Sequence=3 bytes=56 Sequence=4 bytes=56 Sequence=5 to break ttl=255 time=180 ttl=255 time=160 ttl=255 time=150 ttl=255 time=150 ttl=255 time=120
ms ms ms ms ms
--- 10.100.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 120/152/180 ms [NPE2] ping 10.100.1.1 PING 10.100.1.1: 56 data bytes, press CTRL_C to break Reply from 10.100.1.1: bytes=56 Sequence=1 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=2 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=3 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=4 ttl=255 Reply from 10.100.1.1: bytes=56 Sequence=5 ttl=255 --- 10.100.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 70/122/190 ms
Step 2 Configure basic VRRP functions on the sub-interfaces for QinQ VLAN tag termination of NPE1 and NPE2. # On NPE1, configure the mVRRP backup group with VRID being 10 on GE 1/0/1.1 and configure the service VRRP backup group on other sub-interfaces.
[NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/1.1] qinq vrrp pe-vid 10 ce-vid 100 [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 virtual-ip 10.1.1.1 [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 priority 120 [NPE1-GigabitEthernet1/0/1.1] admin-vrrp vrid 10 [NPE1-GigabitEthernet1/0/1.1] quit [NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] qinq vrrp pe-vid 10 ce-vid 101 [NPE1-GigabitEthernet1/0/1.100] vrrp vrid 100 virtual-ip 10.100.1.200 [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] qinq vrrp pe-vid 10 ce-vid 201 [NPE1-GigabitEthernet1/0/1.101] vrrp vrid 101 virtual-ip 10.101.1.200 [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] qinq vrrp pe-vid 10 ce-vid 301 [NPE1-GigabitEthernet1/0/1.102] vrrp vrid 102 virtual-ip 10.102.1.200
Issue 03 (2010-03-31)
4-71
4 VRRP Configuration
[NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] qinq vrrp pe-vid 10 ce-vid 401 [NPE1-GigabitEthernet1/0/1.103] vrrp vrid 103 virtual-ip 10.103.1.200 [NPE1-GigabitEthernet1/0/1.103] quit
# On NPE2, configure the mVRRP backup group with VRID being 10 on GE 1/0/1.1 and configure the service VRRP backup group on other sub-interfaces.
[NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/1.1] qinq vrrp pe-vid 10 ce-vid 100 [NPE2-GigabitEthernet1/0/1.1] vrrp vrid 10 virtual-ip 10.1.1.1 [NPE2-GigabitEthernet1/0/1.1] admin-vrrp vrid 10 [NPE2-GigabitEthernet1/0/1.1] quit [NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] qinq vrrp pe-vid 10 ce-vid 101 [NPE2-GigabitEthernet1/0/1.100] vrrp vrid 100 virtual-ip 10.100.1.200 [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] qinq vrrp pe-vid 10 ce-vid 201 [NPE2-GigabitEthernet1/0/1.101] vrrp vrid 101 virtual-ip 10.101.1.200 [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] qinq vrrp pe-vid 10 ce-vid 301 [NPE2-GigabitEthernet1/0/1.102] vrrp vrid 102 virtual-ip 10.102.1.200 [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] qinq vrrp pe-vid 10 ce-vid 401 [NPE2-GigabitEthernet1/0/1.103] vrrp vrid 103 virtual-ip 10.103.1.200 [NPE2-GigabitEthernet1/0/1.103] quit
After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows: On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, Type is Normal.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Normal 10.100.1.200 101 Master GE1/0/1.101 Normal 10.101.1.200 102 Master GE1/0/1.102 Normal 10.102.1.200 103 Master GE1/0/1.103 Normal 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, Type is Normal.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Normal 10.100.1.200 101 Backup GE1/0/1.101 Normal 10.101.1.200 102 Backup GE1/0/1.102 Normal 10.102.1.200 103 Backup GE1/0/1.103 Normal 10.103.1.200
Step 3 Bind the service VRRP backup group to the mVRRP backup group on NPE1 and NPE2. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] vrrp vrid 100 track admin-vrrp interface
4-72
Issue 03 (2010-03-31)
4 VRRP Configuration
gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] vrrp vrid 101 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] vrrp vrid 102 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] vrrp vrid 103 track admin-vrrp interface gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.103] quit
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] vrrp vrid gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] vrrp vrid gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] vrrp vrid gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] vrrp vrid gigabitethernet1/0/1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.103] quit
NOTE
l l
In this configuration example, using the vrrp vrid track admin-vrrp command, you need to specify the keyword unflowdown. If unspecified, when the status of the mVRRP backup group tracked by the service VRRP backup is Backup, the status of the interface where the service VRRP backup group is configured becomes Flow down, the status of the service VRRP backup group becomes Initialize, and the status of the link BFD session becomes Down. When the number of link BFD sessions in the Down state reaches the threshold, the status of the mVRRP backup also becomes Initialize, thus failing to implement master/backup switchover of the mVRRP backup group.
After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows: On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin.
Issue 03 (2010-03-31)
4-73
4 VRRP Configuration
l
For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
At that time, the service VRRP backup group is bound to the mVRRP backup group and their respective status is normal. Step 4 Configure basic BFD functions on NPE1 and NPE2. # Configure the peer BFD session between NPE1 and NPE2; configure the link BFD session between NPE1 and each CE and between NPE2 and each CE. # Configure NPE1.
[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 10.1.1.253 interface gigabitethernet1/0/1.1 source-ip 10.1.1.254 auto [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit [NPE1] bfd link1 bind peer-ip 10.100.1.1 interface gigabitethernet1/0/1.100 sourceip 10.100.1.254 auto [NPE1-bfd-session-link1] commit [NPE1-bfd-session-link1] quit [NPE1] bfd link2 bind peer-ip 10.101.1.1 interface gigabitethernet1/0/1.101 sourceip 10.101.1.254 auto [NPE1-bfd-session-link2] commit [NPE1-bfd-session-link2] quit [NPE1] bfd link3 bind peer-ip 10.102.1.1 interface gigabitethernet1/0/1.102 sourceip 10.102.1.254 auto [NPE1-bfd-session-link3] commit [NPE1-bfd-session-link3] quit [NPE1] bfd link4 bind peer-ip 10.103.1.1 interface gigabitethernet1/0/1.103 sourceip 10.103.1.254 auto [NPE1-bfd-session-link4] commit [NPE1-bfd-session-link4] quit
# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 10.1.1.254 interface gigabitethernet1/0/1.1 source-ip 10.1.1.253 auto [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit [NPE2] bfd link1 bind peer-ip 10.100.1.1 interface gigabitethernet1/0/1.100 sourceip 10.100.1.253 auto [NPE2-bfd-session-link1] commit [NPE2-bfd-session-link1] quit [NPE2] bfd link2 bind peer-ip 10.101.1.1 interface gigabitethernet1/0/1.101 sourceip 10.101.1.253 auto [NPE2-bfd-session-link2] commit [NPE2-bfd-session-link2] quit [NPE2] bfd link3 bind peer-ip 10.102.1.1 interface gigabitethernet1/0/1.102 sourceip 10.102.1.253 auto [NPE2-bfd-session-link3] commit [NPE2-bfd-session-link3] quit [NPE2] bfd link4 bind peer-ip 10.103.1.1 interface gigabitethernet1/0/1.103 sourceip 10.103.1.253 auto [NPE2-bfd-session-link4] commit [NPE2-bfd-session-link4] quit
4-74
Issue 03 (2010-03-31)
4 VRRP Configuration
After the previous configurations are finished and the CE is correctly configured with the BFD session, run the display bfd configuration all command on the NPE. The command output shows that Commit is True. # Take NPE1 as an example.
[NPE1] display bfd configuration all -------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown -------------------------------------------------------------------------------peer1 S_AUTO_IF 8192 256 1 True False link1 S_AUTO_IF 8193 257 1 True False link2 S_AUTO_IF 8194 258 1 True False link3 S_AUTO_IF 8195 259 1 True False link4 S_AUTO_IF 8196 260 1 True False -------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 5/0
Run the display bfd session all command. The command output shows that State is Up. # Take NPE1 as an example.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF GigabitEthernet1/0/1.1 8193 8192 10.100.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 5/0
Since the service VRRP backup group is bound to the mVRRP backup group, it is only required to configure the mVRRP backup group on GE 1/0/1.1 of NPE1 and NPE2 to implement VRRP fast switchover using BFD sampling.
# Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.1 [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 peer [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 link [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 link [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 link [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 link [NPE1-GigabitEthernet1/0/1.1] vrrp vrid 10 [NPE1-GigabitEthernet1/0/1.1] vrrp trigger [NPE1-GigabitEthernet1/0/1.1] quit track bfd-session session-name peer1 track bfd-session session-name link1 track bfd-session session-name link2 track bfd-session session-name link3 track bfd-session session-name link4 track link-bfd down-number 2 route
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/1.1 [NPE2-GigabitEthernet1/0/1.1] vrrp vrid peer [NPE2-GigabitEthernet1/0/1.1] vrrp vrid link [NPE2-GigabitEthernet1/0/1.1] vrrp vrid link [NPE2-GigabitEthernet1/0/1.1] vrrp vrid 10 track bfd-session session-name peer1 10 track bfd-session session-name link1 10 track bfd-session session-name link2 10 track bfd-session session-name link3
Issue 03 (2010-03-31)
4-75
4 VRRP Configuration
link [NPE2-GigabitEthernet1/0/1.1] link [NPE2-GigabitEthernet1/0/1.1] [NPE2-GigabitEthernet1/0/1.1] [NPE2-GigabitEthernet1/0/1.1]
vrrp vrid 10 track bfd-session session-name link4 vrrp vrid 10 track link-bfd down-number 2 vrrp trigger route quit
After the previous configurations, run the display vrrp interface command on the NPE. The command output shows that, the allowable maximum number of the link BFD sessions in the Down state tracked by the mVRRP backup group is 2, the mVRRP backup group is bound to one peer BFD session and four link BFD sessions, and the status of all BFD sessions is Up.
[NPE1] display vrrp interface gigabitethernet1/0/1.1 GigabitEthernet1/0/1.1 | Virtual Router 10 State : Master Virtual IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 BFD-session state : UP Track BFD : link2 BFD-session state : UP Track BFD : link3 BFD-session state : UP Track BFD : link4 BFD-session state : UP Track BFD : peer1 BFD-session state : UP
Delay Time : 0
type: link type: link type: link type: link type: peer
[NPE2] display vrrp interface gigabitethernet1/0/1.1 GigabitEthernet1/0/1.1 | Virtual Router 10 State : Backup Virtual IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 type: link BFD-session state : UP Track BFD : link2 type: link BFD-session state : UP Track BFD : link3 type: link BFD-session state : UP Track BFD : link4 type: link BFD-session state : UP Track BFD : peer1 type: peer BFD-session state : UP
Step 6 Verify the configuration. After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows:
4-76 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
On NPE1, run the shutdown command on GE 1/0/1.100 to replicate the fault between NPE1 and CE1.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] shutdown [NPE1-GigabitEthernet1/0/1.100] quit
The command output shows that the BFD session between NPE1 and CE1 goes Down.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF GigabitEthernet1/0/1.1 8193 0 10.100.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 4/1
In this configuration example, when two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover. Currently, only one link BFD session is Down, so the mVRRP backup group does not perform master/backup switchover. On NPE1:
l l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID being 100, State is Initialize and Type is Member. For the VRRP backup group with the VRID not being 10 or 100, State is Master and Type is Member.
Type Virtual IP
Issue 03 (2010-03-31)
4-77
4 VRRP Configuration
-------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Initialize GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
On NPE1, run the shutdown command on GE 1/0/1.101 to replicate the fault between NPE1 and CE2.
[NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] shutdown [NPE1-GigabitEthernet1/0/1.101] quit
The command output shows that the BFD session between NPE1 and CE2 goes Down.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF GigabitEthernet1/0/1.1 8193 0 10.100.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.100 8194 0 10.101.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 3/2
In this configuration example, the threshold for the number of link BFD sessions in the Down state tracked by the mVRRP backup group is 2. That is, when two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover. Currently, two link BFD sessions go Down, so the mVRRP backup group performs master/ backup switchover. On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Initialize and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Initialize and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Initialize GE1/0/1.1 Admin 10.1.1.1 100 Initialize GE1/0/1.100 Member 10.100.1.200 101 Initialize GE1/0/1.101 Member 10.101.1.200 102 Initialize GE1/0/1.102 Member 10.102.1.200 103 Initialize GE1/0/1.103 Member 10.103.1.200
On NPE2:
4-78 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE1, run the undo shutdown command on GE 1/0/1.100 and GE1/0/1.101 to replicate the recovery of the fault between NPE1 and CE1 or between NPE1 and CE2. The command output shows that the BFD sessions between NPE1 and CE1 and between NPE1 and CE2 go Up.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF GigabitEthernet1/0/1.1 8193 8192 10.100.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 5/0
It indicates that the statuses of VRRP backup groups on NPE1 and NPE2 recover. On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master GE1/0/1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
----End
Issue 03 (2010-03-31)
4-79
4 VRRP Configuration
Configuration Files
l
vrid 10
vrid 10
vrid 10
vrid 10
4-80
Issue 03 (2010-03-31)
4 VRRP Configuration
10.100.1.1 interface GigabitEthernet1/0/1.100 source-ip
Issue 03 (2010-03-31)
4-81
4 VRRP Configuration
4-82
Issue 03 (2010-03-31)
4 VRRP Configuration
Issue 03 (2010-03-31)
4-83
4 VRRP Configuration
# mpls l2vpn # vsi ldp1 static pwsignal ldp vsi-id 100 peer 3.3.3.3 peer 4.4.4.4 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown # interface GigabitEthernet1/0/0.1 vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet1/0/1 undo shutdown ip address 200.1.35.5 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/2 undo shutdown ip address 200.1.45.5 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 5.5.5.5 255.255.255.255 # ospf 1 area 0.0.0.0 network 5.5.5.5 0.0.0.0 network 200.1.35.0 0.0.0.255 network 200.1.45.0 0.0.0.255 # return l
Configuration file of CE
# sysname CE1 # bfd # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.100 control-vid 100 qinq-termination qinq termination pe-vid 10 ce-vid 110 ip address 10.100.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.101 control-vid 101 qinq-termination qinq termination pe-vid 10 ce-vid 210 ip address 10.101.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.102 control-vid 102 qinq-termination qinq termination pe-vid 10 ce-vid 310 ip address 10.102.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.103
4-84
Issue 03 (2010-03-31)
4 VRRP Configuration
GigabitEthernet1/0/1.100 source-
GigabitEthernet1/0/1.101 source-
GigabitEthernet1/0/1.102 source-
GigabitEthernet1/0/1.103 source-
GigabitEthernet1/0/1.100 source-
GigabitEthernet1/0/1.101 source-
GigabitEthernet1/0/1.102 source-
GigabitEthernet1/0/1.103 source-
4.13.6 Example for Configuring Ignorance of the Down of an Interface Where the mVRRP Backup Group Is Configured
Networking Requirements
As shown in Figure 4-10, the CE connects to the sub-interface for QinQ termination of the NPE across the VPLS convergence network. On the NPE, the mVRRP backup group and the service VRRP backup group are configured and the mVRRP backup group implements master/backup fast switchover by tracking the BFD session. In this configuration example, the following restrictions are imposed on the network:
l
The VPLS convergence network belongs to another operator, so the link BFD session cannot be directly established between NPE1 and PE1 and between NPE2 and PE2.
Issue 03 (2010-03-31)
4-85
4 VRRP Configuration
l
In the VPLS convergence network, the PW is established only between PE1 and PE3 and between PE1 and PE2. According to the VPLS split horizon rule, the mVRRP backup group or the peer BFD session cannot be established between NPE1 and NPE2.
In this scenario, you can use the function of ignorance of interface down to implement VRRP fast switchover.
NOTE
l l
With BFD sampling, the NPE establishes link BFD sessions with each CE. ignore-if-down: If the status of the interface where the mVRRP backup group is configured is Down, the status of the mVRRP backup group is switched to Master rather than Initialize.
NPE1 and NPE2 establish the mVRRP backup group and peer BFD session through their respective interfaces Eth-Trunk1. NPE1 and NPE2 establish the service VRRP backup group through their respective interfaces GE 1/0/1 that connect to the VPLS convergence network. NPE1 or NPE2 establishes four link BFD sessions respectively with four CEs through GE 1/0/1. The mVRRP backup group is responsible for tracking the status of the four BFD sessions concurrently. When two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover.
4-86
Issue 03 (2010-03-31)
4 VRRP Configuration
Figure 4-10 Typical networking of ignorance of the down of an interface where the mVRRP backup group is configured
Access
Core
CE1
# interface Eth-Trunk 1.1 ip address 10.1.1.254 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 #
NPE1 CE2
IP:10.101.1.1/24 GW:10.101.1.200 Inner VLAN: 210 Outer VLAN: 10
CE3
IP:10.102.1.1/24 GW:10.102.1.200 Inner VLAN: 310 Outer VLAN: 10
PW Link BFD PW
MPLS/IP Core
PE3
NPE2
# interface GigabitEthernet1/0/1.100 ip address 10.100.1.253 255.255.255.0 vrrp vrid 100 virtual-ip 10.100.1.200 # interface GigabitEthernet1/0/1.101 ip address 10.101.1.253 255.255.255.0 vrrp vrid 101 virtual-ip 10.101.1.200 # interface GigabitEthernet1/0/1.102 ip address 10.102.1.253 255.255.255.0 vrrp vrid 102 virtual-ip 10.102.1.200 # interface GigabitEthernet1/0/1.103 ip address 10.103.1.253 255.255.255.0 vrrp vrid 103 virtual-ip 10.103.1.200 # # interface Eth-Trunk 1.1 ip address 10.1.1.253 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 admin-vrrp vrid 10 #
CE4
IP:10.103.1.1/24 GW:10.103.1.200 Inner VLAN: 410 Outer VLAN: 10
Issue 03 (2010-03-31)
4-87
4 VRRP Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure the sub-interface for QinQ VLAN tag termination on NPE1 and NPE2. Configure the mVRRP backup group and service VRRP backup group on the sub-interfaces for QinQ VLAN tag termination of NPE1 and NPE2 and bind the service VRRP backup group with the mVRRP backup group. Establish the BFD session between NPE1 and NPE2 and between the NPE and the CE. Configure master/backup fast switchover of the mVRRP backup group using BFD sampling.
3. 4.
Data Preparation
To complete the configuration, you need the following data:
l l
Virtual Router IDs (VRIDs) and virtual IP addresses Priorities of VRRP backup groups
Procedure
Step 1 Configure the Eth-Trunk interface on NPE1 and NPE2.
NOTE
Only the configuration procedures of NPE1 and NPE2 are provided here. For the configuration procedures of the BFD function of the CE as shown in Figure 4-9 and the VPLS convergence network, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - Reliability and Configuration Guide - VPN.
# Configure NPE1.
<HUAWEI> system-view [HUAWEI] sysname NPE1 [NPE1] interface Eth-Trunk 1 [NPE1-Eth-Trunk1] quit [NPE1] interface gigabitethernet1/0/2 [NPE1-GigabitEthernet1/0/2] undo shutdown [NPE1-GigabitEthernet1/0/2] eth-trunk 1 [NPE1-GigabitEthernet1/0/2] quit [NPE1] interface gigabitethernet2/0/1 [NPE1-GigabitEthernet2/0/1] undo shutdown [NPE1-GigabitEthernet2/0/1] eth-trunk 1 [NPE1-GigabitEthernet2/0/1] quit
# Configure NPE2.
<HUAWEI> system-view [HUAWEI] sysname NPE2 [NPE2] interface Eth-Trunk 1 [NPE2-Eth-Trunk1] quit [NPE2] interface gigabitethernet1/0/2 [NPE2-GigabitEthernet1/0/2] undo shutdown [NPE2-GigabitEthernet1/0/2] eth-trunk 1 [NPE2-GigabitEthernet1/0/2] quit [NPE2] interface gigabitethernet2/0/1 [NPE2-GigabitEthernet2/0/1] undo shutdown [NPE2-GigabitEthernet2/0/1] eth-trunk 1 [NPE2-GigabitEthernet2/0/1] quit
Step 2 Configure the sub-interface for QinQ VLAN tag termination on NPE1 and NPE2. # Configure NPE1.
4-88 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
4 VRRP Configuration
[NPE1] interface eth-trunk 1 [NPE1-Eth-Trunk1] mode user-termination [NPE1-Eth-Trunk1] undo shutdown [NPE1-Eth-Trunk1] quit [NPE1] interface eth-trunk 1.1 [NPE1-Eth-Trunk1.1] control-vid 1 qinq-termination [NPE1-Eth-Trunk1.1] qinq termination pe-vid 10 ce-vid 1 to 100 [NPE1-Eth-Trunk1.1] ip address 10.1.1.254 24 [NPE1-Eth-Trunk1.1] arp broadcast enable [NPE1-Eth-Trunk1.1] quit [NPE1] interface gigabitethernet1/0/1 [NPE1-GigabitEthernet1/0/1] mode user-termination [NPE1-GigabitEthernet1/0/1] undo shutdown [NPE1-GigabitEthernet1/0/1] quit [NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] control-vid 100 qinq-termination [NPE1-GigabitEthernet1/0/1.100] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.100] ip address 10.100.1.254 24 [NPE1-GigabitEthernet1/0/1.100] arp broadcast enable [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] control-vid 101 qinq-termination [NPE1-GigabitEthernet1/0/1.101] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.101] ip address 10.101.1.254 24 [NPE1-GigabitEthernet1/0/1.101] arp broadcast enable [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] control-vid 102 qinq-termination [NPE1-GigabitEthernet1/0/1.102] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.102] ip address 10.102.1.254 24 [NPE1-GigabitEthernet1/0/1.102] arp broadcast enable [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] control-vid 103 qinq-termination [NPE1-GigabitEthernet1/0/1.103] qinq termination pe-vid 10 ce-vid [NPE1-GigabitEthernet1/0/1.103] ip address 10.103.1.254 24 [NPE1-GigabitEthernet1/0/1.103] arp broadcast enable [NPE1-GigabitEthernet1/0/1.103] quit
101 to 200
201 to 300
301 to 400
401 to 500
# Configure NPE2.
[NPE2] interface eth-trunk 1 [NPE2-Eth-Trunk1] mode user-termination [NPE2-Eth-Trunk1] quit [NPE2] interface eth-trunk 1.1 [NPE2-Eth-Trunk1.1] control-vid 1 qinq-termination [NPE2-Eth-Trunk1.1] qinq termination pe-vid 10 ce-vid 1 to 100 [NPE2-Eth-Trunk1.1] ip address 10.1.1.253 24 [NPE2-Eth-Trunk1.1] arp broadcast enable [NPE2-Eth-Trunk1.1] quit [NPE2] interface gigabitethernet1/0/1 [NPE2-GigabitEthernet1/0/1] mode user-termination [NPE2-GigabitEthernet1/0/1] undo shutdown [NPE2-GigabitEthernet1/0/1] quit [NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] control-vid 100 qinq-termination [NPE2-GigabitEthernet1/0/1.100] qinq termination pe-vid 10 ce-vid 101 to 200 [NPE2-GigabitEthernet1/0/1.100] ip address 10.100.1.253 24 [NPE2-GigabitEthernet1/0/1.100] arp broadcast enable [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] control-vid 101 qinq-termination [NPE2-GigabitEthernet1/0/1.101] qinq termination pe-vid 10 ce-vid 201 to 300 [NPE2-GigabitEthernet1/0/1.101] ip address 10.101.1.253 24 [NPE2-GigabitEthernet1/0/1.101] arp broadcast enable [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] control-vid 102 qinq-termination [NPE2-GigabitEthernet1/0/1.102] qinq termination pe-vid 10 ce-vid 301 to 400 [NPE2-GigabitEthernet1/0/1.102] ip address 10.102.1.253 24
Issue 03 (2010-03-31)
4-89
4 VRRP Configuration
[NPE2-GigabitEthernet1/0/1.102] arp broadcast enable [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] control-vid 103 qinq-termination [NPE2-GigabitEthernet1/0/1.103] qinq termination pe-vid 10 ce-vid 401 to 500 [NPE2-GigabitEthernet1/0/1.103] ip address 10.103.1.253 24 [NPE2-GigabitEthernet1/0/1.103] arp broadcast enable [NPE2-GigabitEthernet1/0/1.103] quit
NOTE
After the IP address is assigned to a sub-interface for QinQ VLAN tag termination, it is recommended to run the arp broadcast enable command. Otherwise, the sub-interfaces for QinQ VLAN tag termination fail to ping through each other.
# After the configuration, the IP address of Eth-Trunk1.1 on NPE1 and the IP address of EthTrunk1.1 of NPE2 can ping through each other. It indicates that the link between NPE1 and NPE2 works normally. Take the ping between NPE1 and NPE2 as an example. The interfaces where the mVRRP backup group is configured can ping through each other.
[NPE1] ping 10.1.1.253 PING 10.1.1.253: 56 data bytes, press CTRL_C to break Reply from 10.1.1.253: bytes=56 Sequence=1 ttl=255 time=160 ms Reply from 10.1.1.253: bytes=56 Sequence=2 ttl=255 time=90 ms Reply from 10.1.1.253: bytes=56 Sequence=3 ttl=255 time=160 ms Reply from 10.1.1.253: bytes=56 Sequence=4 ttl=255 time=180 ms Reply from 10.1.1.253: bytes=56 Sequence=5 ttl=255 time=120 ms --- 10.1.1.253 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 90/142/180 ms
According to the split horizon rule of the VPLS convergence network, the interfaces of NPE1 and NP2 where the service VRRP backup group is configured cannot ping through each other. Take GE 1/0/1.100 of NPE1 as an example:
[NPE1] ping 10.100.1.253 PING 10.100.1.253: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 3.3.3.3 ping statistics --5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
The NPE and the CE in the same network segment can ping through each other. It indicates that the link between the NPE and the CE works normally. Take the ping between NPE1 and CE1 or between NPE2 and CE1 as an example.
[NPE1] ping 10.100.1.1 PING 10.100.1.1: 56 data Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: Reply from 10.100.1.1: bytes, press CTRL_C bytes=56 Sequence=1 bytes=56 Sequence=2 bytes=56 Sequence=3 bytes=56 Sequence=4 bytes=56 Sequence=5 to break ttl=255 time=180 ttl=255 time=160 ttl=255 time=150 ttl=255 time=150 ttl=255 time=120
ms ms ms ms ms
--- 10.100.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss
4-90
Issue 03 (2010-03-31)
4 VRRP Configuration
Step 3 Configure basic VRRP functions on the sub-interfaces for QinQ VLAN tag termination of NPE1 and NPE2.
NOTE
In this configuration example, you need to specify the keyword ignore-if-down in using the adminvrrp command. Thus, when the interface where the VRRP backup group is configured goes Down, the status of the VRRP backup group is switched to Master. If unspecified, when Eth-Trunk1.1 on NPE1 goes Down because of a fault, Eth-Trunk1.1 on NPE2 goes Down accordingly and the status of the VRRP backup group configured on this interface is switched from Backup to Initialize, thus failing to implement VRRP fast switchover. In the scenario as shown in Figure 4-10, if NPE1 is not faulty, it is not recommended to run the shutdown command on Eth-Trunk1.1 on NPE1. Otherwise, the mVRRP backup groups on NPE1 and NPE2 both become the Master status, causing service interruption. In all networking environments except the scenario as shown in , it is not recommended to use the keyword ignore-if-down. Otherwise, the state machine of the VRRP backup group is inconsistent with that defined in RFC.
# On NPE1, configure the mVRRP backup group with VRID being 10 on Eth-Trunk1.1 and configure the service VRRP backup group on the sub-interfaces of GE 1/0/1.
[NPE1] interface eth-trunk 1.1 [NPE1-Eth-Trunk1.1] qinq vrrp pe-vid 10 ce-vid 100 [NPE1-Eth-Trunk1.1] vrrp vrid 10 virtual-ip 10.1.1.1 [NPE1-Eth-Trunk1.1] vrrp vrid 10 priority 120 [NPE1-Eth-Trunk1.1] admin-vrrp vrid 10 ignore-if-down [NPE1-Eth-Trunk1.1] quit [NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] qinq vrrp pe-vid 10 ce-vid 101 [NPE1-GigabitEthernet1/0/1.100] vrrp vrid 100 virtual-ip 10.100.1.200 [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] qinq vrrp pe-vid 10 ce-vid 201 [NPE1-GigabitEthernet1/0/1.101] vrrp vrid 101 virtual-ip 10.101.1.200 [NPE1-GigabitEthernet1/0/1.101] quit [NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] qinq vrrp pe-vid 10 ce-vid 301 [NPE1-GigabitEthernet1/0/1.102] vrrp vrid 102 virtual-ip 10.102.1.200 [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] qinq vrrp pe-vid 10 ce-vid 401 [NPE1-GigabitEthernet1/0/1.103] vrrp vrid 103 virtual-ip 10.103.1.200 [NPE1-GigabitEthernet1/0/1.103] quit
# On NPE2, configure the mVRRP backup group with VRID being 10 on Eth-Trunk1.1 and configure the service VRRP backup group on the sub-interfaces of GE 1/0/1.
[NPE2] interface eth-trunk 1.1 [NPE2-Eth-Trunk1.1] qinq vrrp pe-vid 10 ce-vid 100 [NPE2-Eth-Trunk1.1] vrrp vrid 10 virtual-ip 10.1.1.1
Issue 03 (2010-03-31)
4-91
4 VRRP Configuration
[NPE2-Eth-Trunk1.1] admin-vrrp vrid 10 ignore-if-down [NPE2-Eth-Trunk1.1] quit [NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] qinq vrrp pe-vid 10 ce-vid 101 [NPE2-GigabitEthernet1/0/1.100] vrrp vrid 100 virtual-ip 10.100.1.200 [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] qinq vrrp pe-vid 10 ce-vid 201 [NPE2-GigabitEthernet1/0/1.101] vrrp vrid 101 virtual-ip 10.101.1.200 [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] qinq vrrp pe-vid 10 ce-vid 301 [NPE2-GigabitEthernet1/0/1.102] vrrp vrid 102 virtual-ip 10.102.1.200 [NPE2-GigabitEthernet1/0/1.102] quit [NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] qinq vrrp pe-vid 10 ce-vid 401 [NPE2-GigabitEthernet1/0/1.103] vrrp vrid 103 virtual-ip 10.103.1.200 [NPE2-GigabitEthernet1/0/1.103] quit
After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows: On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Normal.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Normal 10.100.1.200 101 Master GE1/0/1.101 Normal 10.101.1.200 102 Master GE1/0/1.102 Normal 10.102.1.200 103 Master GE1/0/1.103 Normal 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Normal.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Normal 10.100.1.200 101 Master GE1/0/1.101 Normal 10.101.1.200 102 Master GE1/0/1.102 Normal 10.102.1.200 103 Master GE1/0/1.103 Normal 10.103.1.200
NOTE
According to the split horizon rule of the VPLS convergence network, VRRP packets cannot be exchanged between the service VRRP backup groups of NPE1 and NPE2. Hence, the status of the service VRRP backup groups of NPE1 and NPE2 is Master.
Step 4 Bind the service VRRP backup group to the mVRRP backup group on NPE1 and NPE2. # Configure NPE1.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] vrrp vrid 100 track admin-vrrp interface ethtrunk1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] vrrp vrid 101 track admin-vrrp interface ethtrunk1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.101] quit
4-92
Issue 03 (2010-03-31)
4 VRRP Configuration
[NPE1] interface gigabitethernet1/0/1.102 [NPE1-GigabitEthernet1/0/1.102] vrrp vrid 102 track admin-vrrp interface ethtrunk1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.102] quit [NPE1] interface gigabitethernet1/0/1.103 [NPE1-GigabitEthernet1/0/1.103] vrrp vrid 103 track admin-vrrp interface ethtrunk1.1 vrid 10 unflowdown [NPE1-GigabitEthernet1/0/1.103] quit
# Configure NPE2.
[NPE2] interface gigabitethernet1/0/1.100 [NPE2-GigabitEthernet1/0/1.100] vrrp vrid trunk1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.100] quit [NPE2] interface gigabitethernet1/0/1.101 [NPE2-GigabitEthernet1/0/1.101] vrrp vrid trunk1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.101] quit [NPE2] interface gigabitethernet1/0/1.102 [NPE2-GigabitEthernet1/0/1.102] vrrp vrid trunk1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.102] quit NPE2] interface gigabitethernet1/0/1.103 [NPE2-GigabitEthernet1/0/1.103] vrrp vrid trunk1.1 vrid 10 unflowdown [NPE2-GigabitEthernet1/0/1.103] quit
NOTE
l l
In this configuration example, using the vrrp vrid track admin-vrrp command, you need to specify the keyword unflowdown. If unspecified, when the status of the mVRRP backup group tracked by the service VRRP backup is Backup, the status of the interface where the service VRRP backup group is configured becomes Flow down, the status of the service VRRP backup group becomes Initialize, and the status of the link BFD session becomes Down. When the number of link BFD sessions in the Down state reaches the threshold, the status of the mVRRP backup also becomes Initialize, thus failing to implement master/backup switchover of the mVRRP backup group.
After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows: On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup Eth-Trunk1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200
Issue 03 (2010-03-31)
4-93
4 VRRP Configuration
101 102 103 Backup Backup Backup GE1/0/1.101 GE1/0/1.102 GE1/0/1.103 Member Member Member
At that time, the service VRRP backup group is bound to the mVRRP backup group and their status is normal.
NOTE
After the binding is finished, the service VRRP backup group no longer sends VRRP packets. The status of the service VRRP backup group is the same as the status of the bound mVRRP backup group.
Step 5 Configure basic BFD functions on NPE1 and NPE2. # Configure the peer BFD session between NPE1 and NPE2; configure the link BFD session between NPE1 and each CE and between NPE2 and each CE. # Configure NPE1.
[NPE1] bfd [NPE1-bfd] quit [NPE1] bfd peer1 bind peer-ip 10.1.1.253 10.1.1.254 auto [NPE1-bfd-session-peer1] commit [NPE1-bfd-session-peer1] quit [NPE1] bfd link1 bind peer-ip 10.100.1.1 ip 10.100.1.254 auto [NPE1-bfd-session-link1] commit [NPE1-bfd-session-link1] quit [NPE1] bfd link2 bind peer-ip 10.101.1.1 ip 10.101.1.254 auto [NPE1-bfd-session-link2] commit [NPE1-bfd-session-link2] quit [NPE1] bfd link3 bind peer-ip 10.102.1.1 ip 10.102.1.254 auto [NPE1-bfd-session-link3] commit [NPE1-bfd-session-link3] quit [NPE1] bfd link4 bind peer-ip 10.103.1.1 ip 10.103.1.254 auto [NPE1-bfd-session-link4] commit [NPE1-bfd-session-link4] quit
# Configure NPE2.
[NPE2] bfd [NPE2-bfd] quit [NPE2] bfd peer1 bind peer-ip 10.1.1.254 10.1.1.253 auto [NPE2-bfd-session-peer1] commit [NPE2-bfd-session-peer1] quit [NPE2] bfd link1 bind peer-ip 10.100.1.1 ip 10.100.1.253 auto [NPE2-bfd-session-link1] commit [NPE2-bfd-session-link1] quit [NPE2] bfd link2 bind peer-ip 10.101.1.1 ip 10.101.1.253 auto [NPE2-bfd-session-link2] commit [NPE2-bfd-session-link2] quit [NPE2] bfd link3 bind peer-ip 10.102.1.1 ip 10.102.1.253 auto [NPE2-bfd-session-link3] commit [NPE2-bfd-session-link3] quit [NPE2] bfd link4 bind peer-ip 10.103.1.1 ip 10.103.1.253 auto [NPE2-bfd-session-link4] commit [NPE2-bfd-session-link4] quit
4-94
Issue 03 (2010-03-31)
4 VRRP Configuration
After the previous configurations are finished and the CE is correctly configured with the BFD session, run the display bfd configuration all command on the NPE. The command output shows that Commit is True. # Take NPE1 as an example.
[NPE1] display bfd configuration all -------------------------------------------------------------------------------CFG Name CFG Type LocalDiscr MIndex SessNum Commit AdminDown -------------------------------------------------------------------------------peer1 S_AUTO_IF 8192 4096 1 True False link1 S_AUTO_IF 8193 4097 1 True False link2 S_AUTO_IF 8194 4098 1 True False link3 S_AUTO_IF 8195 4099 1 True False link4 S_AUTO_IF 8196 4100 1 True False -------------------------------------------------------------------------------Total Commit/Uncommit CFG Number : 5/0
Run the display bfd session all command on NPE1 to view the status of the BFD session. The command output shows that State is Up. # Take NPE1 as an example.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF Eth-Trunk1.1 8193 8192 10.100.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 5/0
Since the service VRRP backup group is bound to the mVRRP backup group, it is only required to configure the mVRRP backup group on Eth-Trunk1.1 of NPE1 and NPE2 to implement VRRP fast switchover using BFD sampling.
# Configure NPE1.
[NPE1] interface eth-trunk 1.1 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp vrid 10 [NPE1-Eth-Trunk1.1] vrrp trigger [NPE1-Eth-Trunk1.1] quit track track track track track track route bfd-session session-name bfd-session session-name bfd-session session-name bfd-session session-name bfd-session session-name link-bfd down-number 2 peer1 link1 link2 link3 link4 peer link link link link
# Configure NPE2.
[NPE2] interface eth-trunk 1.1 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp vrid 10 [NPE2-Eth-Trunk1.1] vrrp trigger [NPE2-Eth-Trunk1.1] quit track track track track track track route bfd-session session-name bfd-session session-name bfd-session session-name bfd-session session-name bfd-session session-name link-bfd down-number 2 peer1 link1 link2 link3 link4 peer link link link link
Issue 03 (2010-03-31)
4-95
4 VRRP Configuration
After the configuration, run the display vrrp interface command on NPE1 and NPE2. The command output shows that the mVRRP backup group is bound to one peer BFD session and four link BFD sessions and the BFD session status is Up.
[NPE1] display vrrp interface eth-trunk 1.1 Eth-Trunk1.1 | Virtual Router 10 State : Master Virtual IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 type : link BFD-session state : UP Track BFD : link2 type : link BFD-session state : UP Track BFD : link3 type : link BFD-session state : UP Track BFD : link4 type : link BFD-session state : UP Track BFD : peer1 type : peer BFD-session state : UP [NPE2] display vrrp interface eth-trunk 1.1 Eth-Trunk1.1 | Virtual Router 10 State : Backup Virtual IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-010a Check TTL : YES Config type : admin-vrrp Config track link-bfd down-number : 2 Track BFD : link1 type : link BFD-session state : UP Track BFD : link2 type : link BFD-session state : UP Track BFD : link3 type : link BFD-session state : UP Track BFD : link4 type : link BFD-session state : UP Track BFD : peer1 type : peer BFD-session state : UP
Step 7 Verify the configuration. After the previous configurations, run the display vrrp brief command on NPE1 and NPE2. The command output is as follows: On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP --------------------------------------------------------
4-96
Issue 03 (2010-03-31)
4 VRRP Configuration
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup Eth-Trunk1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
On NPE1, run the shutdown command on GE 1/0/1.100 to replicate the fault between NPE1 and CE1.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] shutdown [NPE1-GigabitEthernet1/0/1.100] quit
The command output shows that the BFD session between NPE1 and CE1 goes Down.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF Eth-Trunk1.1 8193 0 10.100.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 4/1
In this configuration example, the threshold for the number of link BFD sessions in the Down state tracked by the mVRRP backup group is 2. That is, when two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover. Currently, only one link BFD session is Down, so the mVRRP backup group does not perform master/backup switchover. On NPE1:
l l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID being 100, State is Initialize and Type is Member. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP ---------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Initialize GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-97
4 VRRP Configuration
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP --------------------------------------------------------10 Backup GE1/0/1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
On NPE1, run the shutdown command on GE 1/0/1.101 to replicate the fault between NPE1 and CE2.
[NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] shutdown [NPE1-GigabitEthernet1/0/1.101] quit
The command output shows that the BFD session between NPE1 and CE2 goes Down.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF Eth-Trunk1.1 8193 0 10.100.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.100 8194 0 10.101.1.1 Down S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 3/2
In this configuration example, the threshold for the number of link BFD sessions in the Down state tracked by the mVRRP backup group is 2. That is, when two or more link BFD sessions go Down, the mVRRP backup group performs master/backup fast switchover. Currently, two link BFD sessions go Down, so the mVRRP backup group performs master/ backup switchover. On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Initialize and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Initialize and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP ----------------------------------------------------------10 Initialize Eth-Trunk1.1 Admin 10.1.1.1 100 Initialize GE1/0/1.100 Member 10.100.1.200 101 Initialize GE1/0/1.101 Member 10.101.1.200 102 Initialize GE1/0/1.102 Member 10.102.1.200 103 Initialize GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP ---------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200
4-98
Issue 03 (2010-03-31)
4 VRRP Configuration
On NPE1, run the undo shutdown command on GE 1/0/1.100 and GE1/0/1.101 to replicate the recovery of the fault between NPE1 and CE1 and between NPE1 and CE2.
[NPE1] interface gigabitethernet1/0/1.100 [NPE1-GigabitEthernet1/0/1.100] undo shutdown [NPE1-GigabitEthernet1/0/1.100] quit [NPE1] interface gigabitethernet1/0/1.101 [NPE1-GigabitEthernet1/0/1.101] undo shutdown [NPE1-GigabitEthernet1/0/1.101] quit
The command output shows that the BFD sessions between NPE1 and CE1 and between NPE1 and CE2 go Up.
[NPE1] display bfd session all -------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName -------------------------------------------------------------------------------8192 8192 10.1.1.253 Up S_AUTO_IF Eth-Trunk1.1 8193 8192 10.100.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.100 8194 8193 10.101.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.101 8195 8194 10.102.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.102 8196 8195 10.103.1.1 Up S_AUTO_IF GigabitEthernet1/0/1.103 -------------------------------------------------------------------------------Total UP/DOWN Session Number : 5/0
It indicates that the statuses of the VRRP backup groups on NPE1 and NPE2 recover respectively. On NPE1:
l l
For the VRRP backup group with the VRID being 10, State is Master and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Master and Type is Member.
[NPE1] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Master Eth-Trunk1.1 Admin 10.1.1.1 100 Master GE1/0/1.100 Member 10.100.1.200 101 Master GE1/0/1.101 Member 10.101.1.200 102 Master GE1/0/1.102 Member 10.102.1.200 103 Master GE1/0/1.103 Member 10.103.1.200
On NPE2:
l l
For the VRRP backup group with the VRID being 10, State is Backup and Type is Admin. For the VRRP backup group with the VRID not being 10, State is Backup and Type is Member.
[NPE2] display vrrp brief VRID State Interface Type Virtual IP -------------------------------------------------------10 Backup Eth-Trunk1.1 Admin 10.1.1.1 100 Backup GE1/0/1.100 Member 10.100.1.200 101 Backup GE1/0/1.101 Member 10.101.1.200 102 Backup GE1/0/1.102 Member 10.102.1.200 103 Backup GE1/0/1.103 Member 10.103.1.200
----End
Configuration Files
l
Issue 03 (2010-03-31)
4 VRRP Configuration
10 unflowdown
10 unflowdown
10 unflowdown
10 unflowdown
4-100
Issue 03 (2010-03-31)
4 VRRP Configuration
Issue 03 (2010-03-31)
4-101
4 VRRP Configuration
4-102
Issue 03 (2010-03-31)
4 VRRP Configuration
Issue 03 (2010-03-31)
4-103
4 VRRP Configuration
# return l
Configuration file of CE
# sysname CE1 # bfd # interface GigabitEthernet1/0/1 undo shutdown mode user-termination # interface GigabitEthernet1/0/1.100 control-vid 100 qinq-termination qinq termination pe-vid 10 ce-vid 110 ip address 10.100.1.1 255.255.255.0 arp broadcast enable # interface GigabitEthernet1/0/1.101 control-vid 101 qinq-termination qinq termination pe-vid 10 ce-vid 210 ip address 10.101.1.1 255.255.255.0 arp broadcast enable
4-104
Issue 03 (2010-03-31)
4 VRRP Configuration
GigabitEthernet1/0/1.100 source-
GigabitEthernet1/0/1.101 source-
GigabitEthernet1/0/1.102 source-
GigabitEthernet1/0/1.103 source-
GigabitEthernet1/0/1.100 source-
GigabitEthernet1/0/1.101 source-
GigabitEthernet1/0/1.102 source-
GigabitEthernet1/0/1.103 source-
Router A and Router B work in backup mode. Router A functions as the master and Router B as the backup. Network 1 belongs to VLAN 10 and Network 2 belongs to VLAN 20. Both Router A and Router B connect all networks through LAN switches.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 4-105
Issue 03 (2010-03-31)
4 VRRP Configuration
l
Network 1, Network 2, and Network 3 respectively correspond to the virtual IP addresses 10.1.1.1, 10.1.2.1, and 100.10.1.1 of the three backup groups.
GE3/0/0
Eth-Trunk1
VLAN30 Network3
GE1/0/2
GE3/0/0
RouterB Slave VLAN20 Backup group 3 Network2 Backup group 2 Virtual IP Address Virtual IP Address 100.10.1.1/24
10.1.2.1/24
Both Router A and Router B are connected to Network1, Network2, and Network3 through GE 1/0/1, GE 1/0/2, and GE 3/0/0. Router A and Router B are connected through Eth-Trunk 1, including member interfaces GE 2/0/0 and GE 2/0/1.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Configure IP addresses for the interfaces of the physical interfaces and VLANIF interfaces. Configure MSTP. Create VRRP backup groups and set priorities.
Data Preparation
To complete the configuration, you need the following data:
l l l l
IP addresses of physical interfaces and VLANIF interfaces Name of the domain RG 1 that Router A and Router B join Virtual router ID and virtual IP address Priorities of VRRP backup groups
4-106
Issue 03 (2010-03-31)
4 VRRP Configuration
Procedure
Step 1 Configure IP addresses for the interfaces of Router A and Router B. # Take Router A as an example: Create VLAN 10 and VLAN 20. Add GE 1/0/1 to VLAN 10 and GE 1/0/2 to VLAN 20.
<RouterA> system-view [RouterA] interface gigabitethernet 1/0/1 [RouterA-GigabitEthernet1/0/1] undo shutdown [RouterA-GigabitEthernet1/0/1] portswitch [RouterA-GigabitEthernet1/0/1] quit [RouterA] interface gigabitethernet 1/0/2 [RouterA-GigabitEthernet1/0/2] undo shutdown [RouterA-GigabitEthernet1/0/2] portswitch [RouterA-GigabitEthernet1/0/2] quit [RouterA] interface gigabitethernet 3/0/0 [RouterA-GigabitEthernet3/0/0] undo shutdown [RouterA-GigabitEthernet3/0/0] ip address 100.10.1.2 255.255.255.0 [RouterA-GigabitEthernet3/0/0] quit [RouterA] vlan 10 [RouterA-vlan10] port gigabitethernet 1/0/1 [RouterA-vlan10] interface vlanif10 [RouterA-vlanif10] ip address 10.1.1.2 255.255.255.0 [RouterA-vlanif10] quit [RouterA] vlan 20 [RouterA-vlan20] port gigabitethernet 1/0/2 [RouterA-vlan20] interface vlanif20 [RouterA-vlanif20] ip address 10.1.2.2 255.255.255.0 [RouterA-vlanif20] quit
The configurations of Router B are the same as those of Router A. Step 2 Configure MSTP. # Configure the MST region on Router A.
[RouterA] stp region-configuration [RouterA-mst-region] region-name RG1 [RouterA-mst-region] instance 1 vlan 10 [RouterA-mst-region] instance 2 vlan 20
Issue 03 (2010-03-31)
4-107
4 VRRP Configuration
The configurations of Router B are the same as those of Router A. Step 3 Configure the backup groups for Router A and Router B. # Take Router A as an example: Configure the VRRP backup groups on the interfaces of Router A.
[RouterA] interface vlanif10 [RouterA-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.1 [RouterA-vlanif10] vrrp vrid 1 priority 130 [RouterA-vlanif10] quit [RouterA] interface vlanif20 [RouterA-vlanif20] vrrp vrid 2 virtual-ip 10.1.2.1 [RouterA-vlanif20] vrrp vrid 2 priority 130 [RouterA-vlanif20] quit [RouterA] interface gigabitethernet 3/0/0 [RouterA-GigabitEthernet3/0/0] vrrp vrid 3 virtual-ip 100.10.1.1 [RouterA-GigabitEthernet3/0/0] vrrp vrid 3 priority 130 [RouterA-GigabitEthernet3/0/0] quit
The configurations of Router B are the same as those of Router A. Step 4 Verify the configuration. Run the display vrrp command on Router A and Router B to view information about the VRRP backup groups.
[RouterA] display vrrp Vlanif20 | Virtual Router 2 State : Master Virtual IP : 10.1.2.1 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : normal-vrrp Vlanif10 | Virtual Router 1 State : Master Virtual IP : 10.1.1.1 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES <RouterB> display vrrp Vlanif20 | Virtual Router 2 State : Backup Virtual IP : 10.1.2.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 130
4-108
Issue 03 (2010-03-31)
4 VRRP Configuration
At this time, run the display vrrp command on Router A, and you can view that the status of Router A in back group 1 is Initialize.
[RouterA] display vrrp Vlanif20 | Virtual Router 2 State : Master Virtual IP : 10.1.2.1 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0102 Check TTL : YES Config type : normal-vrrp Vlanif10 | Virtual Router 1 State : Initialize Virtual IP : 10.1.1.1 PriorityRun : 130 PriorityConfig : 130 MasterPriority : 0 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp
Run the display vrrp command on Router B, and you can view that the status of Router B in back group 1 is Master.
[RouterB] display vrrp Vlanif20 | Virtual Router 2 State : Backup Virtual IP : 10.1.2.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 130 Preempt : YES Delay Time : 0 TimerRun : 1
Issue 03 (2010-03-31)
4-109
4 VRRP Configuration
TimerConfig : Auth Type : Virtual Mac : Check TTL : Config type : Vlanif10 | Virtual State : Virtual IP : PriorityRun : PriorityConfig : MasterPriority : Preempt : TimerRun : TimerConfig : Auth Type : Virtual Mac : Check TTL : Config type : 1 NONE 0000-5e00-0102 YES normal-vrrp Router 1 Master 10.1.1.1 100 100 100 YES Delay Time : 0 1 1 NONE 0000-5e00-0101 YES normal-vrrp
----End
Configuration Files
l
4-110
Issue 03 (2010-03-31)
4 VRRP Configuration
Issue 03 (2010-03-31)
4-111
5 BFD Configuration
5
About This Chapter
BFD Configuration
This chapter describes the fundamentals of BFD , configurations of BFD basic functions , and BFD maintenance and provides configuration examples. 5.1 BFD Introduction This section describes the principles, concepts, and applications of BFD. 5.2 Configuring the One-Hop BFD This section describes the application and the configuration of the one-hop BFD. 5.3 Configuring the BFD Passive Echo Function The section describes the configuration of the BFD passive Echo function. 5.4 Configuring the Association Between the BFD Status and the Interface Status The section describes the application and the configuration of the association between the BFD status and the interface status. 5.5 Configuring the Association Between the BFD Status and the Sub-Interface Status The section describes the application and the configuration of the association between the BFD status and the sub-interface status. 5.6 Configuring the BFD to Modify the PST This section describes the application and the configuration of the BFD to modify the PST. 5.7 Configuring the Multi-Hop BFD This section describes the application and the configuration of the multi-hop BFD. 5.8 Configuring the BFD Session with Automatically Negotiated Discriminator The section describes the configuration and function of the BFD session with the automatically negotiated discriminator. 5.9 Configuring the Delay of the BFD Session to Be Up The section describes the configuration and function of the delay of the BFD session to be up. 5.10 Adjusting BFD Parameters This section describes how to adjust parameters of a BFD session. 5.11 Globally Configuring the Destination Port Number for the Multi-Hop BFD Control Packet
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-1
5 BFD Configuration
This section describes the application of the destination port number of the multi-hop BFD control packet and how to configure the destination port number globally. 5.12 Configuring the TTL Globally This section describes the application of the global TTL and how to configure the TTL globally. 5.13 Configuring the Interval for Sending Trap Messages 5.14 Maintaining BFD 5.15 Configuration Examples This section provides several configuration examples of BFD.
5-2
Issue 03 (2010-03-31)
5 BFD Configuration
Hardware detection signals, such as SDH alarm, are used to detect hardware faults on the link. If no hardware detection signal is available to locate faults, the network often uses the Hello message provided by a routing protocol, which takes some time to detect a fault. Such a long detection time causes loss of considerable amount of data. If the small scale network does not run the routing protocol, other derived detection mechanisms are used. This may increase the difficulty in locating the interconnection fault.To solve the preceding problems, the Bidirectional Forwarding Detection (BFD), a unified detection mechanism, is developed.
BFD is a unified detection mechanism used to rapidly detect and track the connectivity of the network links or IP routing. To improve network performance, adjacent systems must be able to rapidly detect a communication failure, and then set up a backup channel to resume the communication. The BFD performs the following functions:
l
Provides low-load and short-duration detection for path faults between two adjacent forwarding engines. Uses a single mechanism to perform real-time detection of all media or protocol layers, and supports different detection time and costs.
Static BFD sessions with manually specified discriminators Static BFD sessions with automatically negotiated discriminators
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-3
Issue 03 (2010-03-31)
5 BFD Configuration
l
Dynamically allocating the local discriminator Self learning the remote discriminator
NOTE
At present, in the NE80E/40E, OSPF, BGP, IS-IS, MPLS, MPLS LDP, RSVP-TE, PWE3, and PIM can dynamically trigger the establishment of BFD sessions.
When the two ends of a BFD session create discriminators in different methods, the following must be satisfied:
l
If the static BFD session is established by manually specifying the discriminators on the local end, the static BFD session on the remote end must also be established by manually specifying the discriminators. If the static BFD session is established by automatically negotiating the discriminators on the local end, the static BFD session on the remote end can be established by automatically negotiating the discriminators or by configuring the dynamic BFD session. On the local end, if the static BFD session is established by automatically negotiating the discriminators and by configuring the dynamic BFD session, the following principles are applicable:
If the dynamic BFD session and static BFD session with automatically negotiated discriminators share the same configurations (the source address, destination address, outgoing interface, and VPN index), the dynamic BFD session coexists with the static BFD session with automatically negotiated discriminators. If the dynamic BFD session named DYN_local discriminator is configured first and then the static BFD session with automatically negotiated discriminators is configured, the name of the dynamic BFD session is updated as the name of the static BFD session. Parameters of the shared session adopt the minimum values.
At present, the dynamic sessions that can coexist with static BFD sessions include BFD for OSPF, BFD for IS-IS, BFD for BGP, BFD for PIM, and BFD for RSVP-TE.
BFD Modes
The NE80E/40E supports asynchronous mode
l
Asynchronous mode Each system sends BFD Control packets based on the negotiated period. If a system does not receive any packet from the peer within the detection time, it sets the session to Down.
5-4
5 BFD Configuration
If a physical Ethernet interface has multiple sub-interfaces, the BFD session can be set up on each sub-interface and the physical Ethernet interface.
l
The sub-interface for dot1q vlan tag termination and the sub-interface for qinq vlan tag termination IP-Trunk
The BFD sessions can be used independently to detect the Trunk member interface and the Trunk interface at the same time.
l
Eth-Trunk
Layer 2 Eth-Trunk link Layer 2 Eth-Trunk member link Layer 3 Eth-Trunk link Layer 3 Eth-Trunk member link
The BFD sessions can be used independently to detect the trunk member interface and the trunk interface at the same time.
NOTE
IP-Trunk and Eth-Trunk consist of member links, providing high bandwidth and reliability. When the number of member links that are Up reaches a certain value, corresponding trunks can keep Up. BFD for NE80E/40E can detect the trunk and its members separately for the connectivity of the entire trunk or an important member of a trunk.
l
VLANIF
The BFD session of the VLANIF and the BFD session of the VLANIF member are separate, and VLANIF and VLANIF members can be detected simultaneously.
Association between the BFD status and the status of its bound interface
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-5
Issue 03 (2010-03-31)
5 BFD Configuration
When the BFD session becomes Down, the BFD status of the interface that is bound to the BFD session also becomes Down. The interface status change is notified to the application on the interface. When the BFD session status of the Trunk member interface or the VLAN member interface becomes Down, the link protocol status of the Trunk member interface or the VLAN member interface also changes. The BFD session change accelerates the change of the link protocol status and the route convergence of the Trunk interfaceor the VLAN interface .
NOTE
For the trunk whose member interfaces reside on different LPUs, when a BFD session is created to detect the link between member interfaces of the trunk, you should use the process-pst command to associate the BFD session with the status of the interface. Otherwise, the traffic may be lost in some situations. For example, the LPU where the member interface of the trunk resides is restarted.
When the BFD session status is Up, the BFD status of the interface bound to the BFD session also goes Up.
This function can notify the BFD detection result more rapidly to the application.
l
Association between the BFD status and the status of the sub-interface of the interface bound to the BFD session The BFD session must be bound to the main interface.
When the BFD session status goes Down, the BFD statuses of its bound interface and all the sub-interfaces go Down. The status change is notified to the application on the sub-interface. The service configured on the sub-interface, such as RRPP can use the detection result of the BFD session.
When the BFD session status reverts to Up, the BFD statuses of the interface that is bound to the BFD session and all the sub-interfaces are also Up.
This function can save the session resources of the system and provide reliability for more applications. This function is typically used in the networking in which high reliability is required and a great number of services are configured on the sub-interface, such as the large-scale MAN Ethernet.
For the detailed configuration of the BFD for VRRP, refer to Chapter "VRRP Configuration."
5-6
Issue 03 (2010-03-31)
5 BFD Configuration
For the detailed configuration of BFD for static routes, refer to Chapter "IP Static Route Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Routing.
Dynamically allocating the local discriminator Self learning the remote discriminator
When the routing protocol neighbor relation is established successfully, a routing protocol notifies the establishment of a BFD session through routing management module and fast detects the neighbor relation of the routing protocol. Detection parameters of BFD session are configured by the routing protocols. When a BFD session detects a failure, the session turns Down. BFD triggers the route convergence through a routing management module.
NOTE
Generally, a routing protocol based on the keepalive mechanism is contained in a Hello packet and the detection is only at second level. BFD works at millisecond level at a detection interval of 3 x 10 ms. BFD advertises a protocol failure within 50 ms. The route convergence speeds up.
When the neighbor is unreachable, the routing protocol notifies the BFD to delete the session through a routing management module.
BFD for LDP FRR For the MPLS products forwarded by the software, the BFD can detect the protected interfaces. LDP FRR switchover is triggered when the BFD session is Down.
BFD for IP FRR and BFD for VPN FRR For NE80E/40E devices,the IP FRR and VPN FRR switchovers are triggered only after the detected faults are reported to the control plane.
BFD provides reliability to MPLS-based applications, such as VPN FRR, TE FRR, and VLL FRR for protecting services.
5 BFD Configuration
The BFD detects the link fault between IS-IS peer nodes, and fast reports it to IS-IS. The IS-IS fast convergence is thus triggered.
NOTE
l l
Because ISIS can be set up only one-hop IS-IS adjacencies, the BFD limits its operations to one-hop IS-IS adjacencies. For the detailed configuration of the BFD for IS-IS, refer to Chapter "IS-IS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Routing.
For the backward link, only the reachable IP route is required Fast detection Support large scale failure detection on LSP
To detect LDP LSP connectivity, the negotiation of BFD session is performed in two modes:
l
Static establishment of the BFD session: After the local discriminator and remote discriminator of BFD are configured manually, the BFD session is established through the negotiation mechanism. Dynamic establishment of the BFD session: The BFD session is established through negotiation of BFD Discriminator Type Length Value (TLV) carried in LSP Ping messages.
In static mode, at present NE80E/40E, BFD is available for the following LSPs:
l l l
Static LSP LDP LSP TE: Tunnel, static CR-LSP bound to the tunnel, and dynamic RSVP CR-LSP. BFD is available for the TE tunnels with signaling protocols as CE-static and RSVP-TE, and the primary LSP bound to the TE tunnel.
At present, the dynamic BFD session can only detect RSVP LSP, but neither detects TE LSPs based on other signaling protocol, nor TE tunnels. When BFD works on unidirectional link like LSP and TE, only a reachable IP route is required for the backward link. The backward link can be IP, LSP, or TE tunnel.
NOTE
l l
For the configuration of BFD for static LSP and BFD for LDP LSP, refer to Chapter 1 "Basic MPLS Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS. For the configuration of BFD for MPLS TE, refer to Chapter 2 "MPLS TE Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS.
5-8
Issue 03 (2010-03-31)
5 BFD Configuration
BFD for PW
With BFD, the PW link between the local and remote PEs can be fast detected for defaults. BFD supports the VLL FRR to reduce the impact of link failure to services. The NE80E/40E supports the establishment of BFD for PW session in static (discriminator is configured manually) and dynamic modes. The NE80E/40E combines VCCV ping and BFD for detecting PW connectivity dynamically. This can lead to fast switchover of upper layer services for protection.
NOTE
For the configuration of BFD for PW, refer to Chapter 7 "PWE3 Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
For the configuration of BFD for PIM, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Multicast.
CAUTION
The preceding BFD session is delivered to the selected LPU with the outgoing interface of LDP, TE, PIM, or a route orderly. If the outgoing interface is a logical interface with multiple interfaces, such as an Eth-trunk interface, which has multiple sub-interfaces across different LPUs, the BFD session select one of these LPUs randomly. When an interface board that is bound to BFD sessions but has no service interfaces is unplugged, the service may be switched. Thus, before unplugging the board, you can run the display bfd session all verbose command to find out which sessions are bound to the board. If BFD sessions are bound to the board, you can enter the BFD session view to shut all sessions down and then unplug the board. After this, you can create the session again.
Issue 03 (2010-03-31)
5-9
5 BFD Configuration
Pre-configuration Tasks
Before configuring the one-hop BFD, complete the following tasks:
l l
Connecting each interface correctly Configuring IP addresses for the Layer 3 interfaces
Data Preparation
To configure the one-hop BFD, you need the following data. No. 1 2 Data BFD configuration name Peer IP address, local interface name, and number of the directly-connected link of the BFD. The default multicast address of the BFD for the physical-layer status of the link BFD session parameters: local discriminator and remote discriminator
Procedure
Step 1 Run:
system-view
BFD is enabled on this node and the BFD global view is displayed. Step 3 (Optional) Run:
default-ip-address ip-address
5 BFD Configuration
If more than one BFD session exists on the BFD path, for example, the Layer 3 interface is connected by the Layer 2 switches and is configured with BFD, you need to configure different default multicast addresses for the devices. Thus, the devices are configured with different BFD sessions. This ensures that BFD packets are correctly forwarded.
----End
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 According to the link type, run the following commands to create BFD binding:
l
For the Layer 2 interface and the Layer 3 physical member interface without an IP address, run:
bfd cfg-name bind peer-ip default-ip interface interface-type interface-number [ source-ip source-ip ]
CAUTION
You can run the command only on the physical layer 3 trunk or VLANIF member interfaces that have no IP addresses, rather than on the physical layer 3 interfaces that have no IP addresses.
NOTE
When a one-hop BFD session is set up for the first time, the peer IP address and the corresponding local interface must be bound to the BFD session. After the one-hop BFD session is set up, you cannot modify it. When the BFD configuration items are created, the system checks only the format of the IP address rather than the correctness. The BFD session cannot be created if incorrect peer IP address or source IP address is bound to the session. When the BFD and Unicast Reverse Path Forwarding (URPF) are used together, URPF checks the source IP address of the received packets. Therefore, when creating a BFD binding, you need sourceip to specify the source IP address of the BFD packet in case the BFD packet is incorrectly discarded.
Issue 03 (2010-03-31)
5 BFD Configuration
discriminator local discr-value l
The local discriminator of the local device corresponds to the remote discriminator of the remote device, and the remote discriminator of the local device corresponds to the local discriminator of the remote device. The local discriminator of the local device needs to be the same as the remote discriminator of the remote device. Otherwise, the session cannot be correctly set up. After the local discriminator and the remote discriminator are configured, you cannot modify it. For the BFD sessions to which the default multicast address is bound, the local discriminator and the remote discriminator of a BFD session cannot be the same.
Step 4 Run:
commit
When setting up a single-hop BFD session, you must run the commit command after configuring necessary parameters, such as local and remote discriminators; otherwise, the session cannot be set up.
----End
Context
NOTE
You can view statistics of BFD sessions and detailed information about sessions only after BFD session parameters are set and BFD sessions are set up.
Procedure
l Run the display bfd configuration { all | dynamic | peer-ip peer-ip [ vpn-instance vpninstance-name ] | static [ name cfg-name ] | discriminator local discr-value } [ verbose ] command to check BFD configurations. Run the display bfd interface [ interface-type interface-number ] command to check BFD interfaces. Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to check the BFD session. Run the display bfd statistics [ slot slot-id ] command to check the global statistics of the BFD sessions. Run the display bfd statistics session { all | static | dynamic | discriminator discrvalue | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } [ slot slot-id ] command to check statistics of the BFD session.
l l
l l
----End
5-12 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
Example
# After the configuration, you can run the display bfd session all verbose command to view information about a BFD session.
<HUAWEI> display bfd session all verbose --------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : aa --------------------------------------------------------------------Local Discriminator : 11 Remote Discriminator : 22 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/2/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/2/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : ---------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
RouterA
Single-hop BFD
RouterB
5 BFD Configuration
As shown in Figure 5-1, the passive Echo function needs to be enabled on Router A.
Pre-configuration Tasks
Before configuring the BFD passive Echo function, complete the following tasks:
l l
The BFD Echo packet is looped back through ICMP redirect at the remote end. In the IP packet that encapsulates the BFD Echo packet, the destination address and the source address are the IP address of the outgoing interface of the local end. Therefore, in the ACL rule, both the source addresses of the remote end and the local end must be permitted.
Data Preparation
To configure the BFD passive Echo function, you need the following data. No. 1 Data (Optional) ACL number
Procedure
Step 1 Run:
system-view
all: enables the passive Echo function of all the BFD sessions. acl: enables the passive Echo function of the BFD session that matches the ACL. In the ACL, the source addresses of both the remote end and the local end must be permitted.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5-14
5 BFD Configuration
If the creation or modification of ACL rules takes place when the BFD session goes Up, the created or modified ACL rules can take effective only after the BFD session goes Down or parameters of the BFD session are modified.
----End
Procedure
Step 1 Run the display bfd session { all | static | dynamic | discriminator discr-value | peer-ip peerip [ vpn-instance vpn-instance-name ] } verbose [ slot slot-id ] command to check information about the BFD session. ----End
Example
# Display information about all the BFD sessions.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : aa -------------------------------------------------------------------------------Local Discriminator : 11 Remote Discriminator : 22 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Ethernet1/2/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 Bind Interface : Ethernet1/2/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Enable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : ---------------------------------------------------------------------------------
The preceding display shows that the value of the field Session Detect Mode is Asynchronous Mode Without Echo Function. This indicates that the BFD session is not enabled with the passive Echo function. The value of the field Echo Passive is Enable. This indicates that the BFD session is enabled with the Echo function and can respond to the request of the remote end for the Echo function. Currently, no request for the Echo function is received from the remote end; therefore, the BFD session is in asynchronous mode that is not enabled with the Echo function.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-15
5 BFD Configuration
5.4 Configuring the Association Between the BFD Status and the Interface Status
The section describes the application and the configuration of the association between the BFD status and the interface status. 5.4.1 Establishing the Configuration Task 5.4.2 Configuring the Association Between BFD Status and Interface Status 5.4.3 Checking the Configuration
RouterA
RouterB
To solve the problem, the NE80E/40E implements the association between BFD status and interface status. The change of the BFD session status affects the protocol status of the interface. Fast convergence of routes is thus triggered. After the association between BFD status and interface status is configured, the BFD session becomes Down when it detects a fault, and the corresponding interface status becomes BFD_Down. When the interface is BFD_Down, the direct route of this interface is deleted from the routing table; however, the forwarding of BFD packets is not affected.
Pre-configuration Tasks
Before configuring the association between BFD status and interface status, you need to complete the task of 5.2 Configuring the One-Hop BFD.
NOTE
Only the one-hop BFD session to which the default multicast IP address is bound can implement the association between BFD status and interface status. You can run the bfd cfg-name bind peer-ip defaultip interface interface-type interface-number [ source-ip source-ip ] command to set up a BFD session.
Data Preparation
To configure the association between BFD status and interface status, you need the following data.
5-16 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
No. 1
5.4.2 Configuring the Association Between BFD Status and Interface Status
Context
Do as follows on the NE80E/40E that needs to be configured with the association between BFD status and interface status:
Procedure
Step 1 Run:
system-view
The status association between the current BFD session and the interface bound to the BFD session is configured. By default, the status of the current BFD session is not associated with the status of the interface. That is, the change of the BFD session status does not affect the interface status. Step 4 Run:
commit
Issue 03 (2010-03-31)
5-17
5 BFD Configuration
NOTE
When the process-interface-status command and the commit command are run in succession, the BFD session may not be set up or the BFD session does not go Up through negotiation. Therefore, the BFD session does not notify the interface of the BFD status immediately, avoiding that the BFD session notifies the interface of incorrect status information that results in incorrect interface status change. After the configuration is committed, the BFD sessions can notify the interface of the BFD status change. In this manner, the BFD session status is associated with the interface status. If the process-interface-status command is saved in the configuration file, the BFD session that is bound to the interface notifies the interface that the BFD session is Down when the NE80E/40E is restarted, in view of the initial status of an interface being Down. Before the BFD status is associated with the interface status, the BFD configurations on the two NE80E/ 40Es must be correct and symmetrical. If the BFD status on the local interface is Down, check whether the BFD configuration on the peer is correct or whether the BFD session is shut down. If the networking requires that the BFD status must be synchronized with the interface status, you can run the shutdown and undo shudown commands to change the status of the BFD session. When the undo shutdown command is run, a timer to test the BFD session status is started. If the BFD session goes Up through negotiation before the timer expires, the BFD session notifies the interface of the Up state. Otherwise, the BFD session regards the link as failed and notifies the interface of the Down state after the timer expires. In this manner, the BFD session status and the interface status are in real-time synchronization.
----End
Procedure
Step 1 Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peer-ip [ vpninstance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to check the BFD session. ----End
Example
After the configuration, running the display bfd session command, you can view that "Enable" is displayed in the field of "Proc interface status" of corresponding sessions.
-------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : test -------------------------------------------------------------------------------Local Discriminator : 22 Remote Discriminator : 11 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet2/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabiEthernet2/0/0 FSM Board Id : 2 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms) : 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : --
5-18
Issue 03 (2010-03-31)
5 BFD Configuration
Destination Port : 3784 TTL : 255 Proc interface status : Enable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
5.5 Configuring the Association Between the BFD Status and the Sub-Interface Status
The section describes the application and the configuration of the association between the BFD status and the sub-interface status. 5.5.1 Establishing the Configuration Task 5.5.2 Configuring the Association Between BFD Status and Sub-Interface Status 5.5.3 Checking the Configuration
Pre-configuration Tasks
Before configuring the association between the BFD status and the sub-interface status, complete the following tasks:
l l
Enabling BFD globally Setting up the one-hop BFD session, which is bound to the main interface and uses the default multicast address for detection Setting up the BFD session and ensuring that the BFD session is Up
Data Preparation
To configure the association between the BFD status and the sub-interface status, you need the following data. No. 1
Issue 03 (2010-03-31)
5 BFD Configuration
5.5.2 Configuring the Association Between BFD Status and SubInterface Status
Context
Do as follows on the NE80E/40E that needs to rapidly detect the link fault:
Procedure
Step 1 Run:
system-view
The association between the BFD status and the sub-interface status is configured. Step 4 Run:
commit
The configuration is committed. When the BFD session goes Down, the BFD statuses of the main interface bound to the BFD session and its sub-interface also go Down.
NOTE
When the process-interface-status command and the commit command are run in succession, the BFD session may not be set up or the BFD session does not go Up through negotiation. Therefore, the BFD session does not notify the interface of the BFD status immediately, avoiding that the BFD session notifies the interface of incorrect status information that results in incorrect interface status change. After the configuration is committed, the BFD sessions can notify the interface of the BFD status change. In this manner, the BFD session status is associated with the interface status. If the process-interface-status command is saved in the configuration file, the BFD session that is bound to the interface notifies the interface that the BFD session is Down when the NE80E/40E is restarted, in view of the initial status of an interface being Down. Before the BFD status is associated with the interface status, the BFD configurations on the two NE80E/ 40Es must be correct and symmetrical. If the BFD status on the local interface is Down, check whether the BFD configuration on the peer is correct or whether the BFD session is shut down. If the networking requires that the BFD status must be synchronized with the interface status, you can run the shutdown and undo shudown commands to change the status of the BFD session. When the undo shutdown command is run, a timer to test the BFD session status is started. If the BFD session goes Up through negotiation before the timer expires, the BFD session notifies the interface of the Up state. Otherwise, the BFD session regards the link as failed and notifies the interface of the Down state after the timer expires. In this manner, the BFD session status and the interface status are in real-time synchronization.
----End
5-20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
Procedure
Step 1 Run the display bfd session { all | static | dynamic | discriminator discr-value | peer-ip peerip [ vpn-instance vpn-instance-name ] } verbose [ slot slot-id ] command to check information about the BFD session. ----End
Example
Run the display bfd session all verbose command.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : aa -------------------------------------------------------------------------------Local Discriminator : 11 Remote Discriminator : 22 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/2/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/2/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Enable(Sub-If) Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : -Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : ---------------------------------------------------------------------------------
The preceding display shows that the value of the field Proc interface status is Enable(SubIf). This indicates that the status of the BFD session aa is associated with the status of the main interface and the sub-interface.
5 BFD Configuration
l l
For the LDP FRR, refer to chapter "MPLS Basic Configuration"in the HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS. IP FRR works for the public network and for the private network. For information about the IP FRR for the public network, refer to Chapter 10 "Routing Policy Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Routing. For information about the IP FRR for the private network, refer to Chapter 4 "BGP MPLS IP VPN Configuration" in the HUAWEI NetEngine80E/40E Router Configuration Guide - VPN.
Pre-configuration Tasks
Before configuring the BFD to modify the PST, complete the task of 5.2 Configuring the OneHop BFD.
Data Preparation
To configure the BFD to modify the PST, you need the following data. No. 1 Data Configuration name of the BFD session
Procedure
Step 1 Run:
system-view
5 BFD Configuration
Step 2 Run:
bfd cfg-name
The BFD is permitted to modify the PST. By default, the BFD does not modify the PST. If the BFD session on the Trunk member interface or the VLAN member interface allows BFD to modify the PST, and the main interface is configured with the BFD session, you must configure the Wait to Recovery (WTR) for the BFD session that detects the main interface. This can prevent the BFD session on the main interface from flapping when the member interface joins or exits from the main interface. For the configuration of the WTR for the BFD session, see "5.10.3 Configuring the BFD WTR." Step 4 Run:
commit
Procedure
l Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to check the BFD session.
----End
Example
After the configuration, running the display bfd session command, you can view that the field of "Process PST" in the command output is "Enable".
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : test -------------------------------------------------------------------------------Local Discriminator : 22 Remote Discriminator : 11 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet2/0/0) Bind Session Type : Static Bind Peer Ip Address : 10.100.10.2 NextHop Ip Address : 10.100.10.2 Bind Interface : GigabitEthernet2/0/0 FSM Board Id : 2 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10
Issue 03 (2010-03-31)
5-23
5 BFD Configuration
Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Pre-configuration Tasks
Before configuring the multi-hop BFD, complete the following tasks:
l l
Correctly connecting each interface and configuring IP addresses for them Configuring the routing protocol to ensure that the network layer is reachable
Data Preparation
To configure the multi-hop BFD, you need the following data. No. 1 2 3 Data Remote IP address BFD configuration name BFD session parameters: local discriminator and remote discriminator
5-24
Issue 03 (2010-03-31)
5 BFD Configuration
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Run the bfd cfg-name bind peer-ip peer-ip [ vpn-instance vpn-instance-name ] [ source-ip source-ip ] command to configure a BFD session.
NOTE
l l
When a BFD session is set up for the first time, you need to bind the peer IP address to it. After the BFD session is set up, you cannot modify it. When the BFD configuration items are created, the system checks only the format of the IP address rather than the correctness. The BFD session cannot be established if incorrect peer IP address or source IP address is bound. When the BFD and URPF are used together, URPF checks the source IP address of the received packets. Therefore, when creating a BFD binding, you need to specify the source IP address of the BFD packet in case the BFD packet is incorrectly discarded.
Run:
discriminator local discr-value
Run:
discriminator remote discr-value
5 BFD Configuration
NOTE
The local discriminator of the local device corresponds to the remote discriminator of the remote device, and the remote discriminator of the local device corresponds to the local discriminator of the remote device. The local discriminator of the local device needs to be the same with the remote discriminator of the remote device. Otherwise, the session cannot be correctly set up. After the local discriminator and the remote discriminator are configured, you cannot modify it.
Step 4 Run:
commit
When setting up a BFD session, you must run the commit command after configuring necessary parameters, such as local and remote discriminators; otherwise, the session cannot be set up.
----End
Context
NOTE
Only after the parameters of the session are set and the session is set up, you can view the information on the session.
Procedure
l Run the display bfd configuration { all | dynamic | peer-ip peer-ip [ vpn-instance vpninstance-name ] | static [ name cfg-name ] } [ verbose ] command to check BFD configurations. Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] to check the BFD session. Run the display bfd statistics [ slot slot-id ] to check the global statistics of the BFD session. Run the display bfd statistics session { all | static | discriminator discr-value | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } [ slot slot-id ] to check the statistics of the BFD session.
l l
----End
Example
After the configuration, run the display bfd session all verbose command.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (Multi Hop) State : Up Name : atoc -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer Ip Address
5-26
Issue 03 (2010-03-31)
5 BFD Configuration
Bind Session Type : Static Bind Peer Ip Address : 10.2.1.2 Bind Interface : -FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Enable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
You can view that a multi-hop BFD session is established. The BFD session is Up.
Pre-configuration Tasks
Before configuring the static BFD session with automatically negotiated discriminators, complete the following tasks:
l l
Correctly connecting each interface Correctly configuring the IP address of the Layer 3 interface
Data Preparation
To complete the configuration, you need the following data.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-27
5 BFD Configuration
No. 1 2
Data Name of the BFD session IP addresses of the local and remote ends of the link detected by BFD, and name and number of the local interface
Procedure
Step 1 Run:
system-view
Procedure
l For BFD for IPv4 1. Run:
system-view
5-28
5 BFD Configuration
You must specify the peer IP address but cannot use a multicast IP address.
3.
Run:
commit
Procedure
l Run the display bfd session { all | static | dynamic | discriminator discr-value | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } verbose [ slot slot-id ] command to check information about the BFD session.
----End
Example
# After the configuration, run the display bfd session all verbose command.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16385 (One Hop) State : Up Name : auto -------------------------------------------------------------------------------Local Discriminator : 8193 Remote Discriminator : 8192 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet2/0/1) Bind Session Type : Static_Auto Bind Peer IP Address : 192.168.1.2 NextHop Ip Address : 192.168.1.2 Bind Interface : GigabitEthernet2/0/1 Bind Source IP Address : 192.168.1.1 FSM Board Id : 2 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : Destination Port : 3784 TTL : 255 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : Last Local Diagnostic : No Diagnostic Bind Application : AUTO Session TX TmrID : Session Detect TmrID : Session Init TmrID : Session WTR TmrID : Session Echo Tx TmrID : PDT Index : FSM-3010000 | RCV-0 | IF-3010000 | TOKEN-0 Session Description : -------------------------------------------------------------------------------Total UP/DOWN Session Number : 0/1
You can view that a BFD session with the type as Static_Auto is established. The local discriminator and the remote discriminator of this BFD session are 8193 and 8192 respectively, which are obtained by automatic negotiation.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-29
5 BFD Configuration
Pre-configuration Tasks
Before configuring the delay of the BFD session to be Up, ensure that the router runs normally.
Data Preparation
To complete the configuration, you need the following data. No. 1 Data Delay up time
Procedure
Step 1 Run:
system-view
BFD is enabled globally and the BFD view is displayed. Step 3 Run:
5-30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
The time that the BFD session is delayed to become Up is set. By default, the delay time is 0 seconds. ----End
Procedure
Step 1 Run the display bfd statistics [ slot slot-id ] command to check statistics of BFD globally. ----End
Example
# After the configuration, restart the router. After the restart, run the display bfd statistics command.
<HUAWEI> display bfd statistics Current Display Board Number : Main ; Current Product Register type: IP Multihop Destination Port : 3784 Total Up/Down Session Number : 0/1 Current Session Number : Static session : 0 Dynamic session : 0 E_Dynamic session : 0 STATIC_AUTO session : 1 LDP_LSP session : 0 STATIC_LSP session : 0 TE_TUNNEL session : 0 TE_LSP session : 0 PW session : 0 IP session : 1 -------------------------------------------------------------------------------PAF/LCS Name Maxnum Minnum Create -------------------------------------------------------------------------------BFD_CFG_NUM 8192 1 1 BFD_IF_NUM 512 1 1 BFD_SESSION_NUM 8192 1 1 BFD_IO_SESSION_NUM 512 1 0 BFD_PER_TUNNEL_CFG_NUM 16 1 0 -------------------------------------------------------------------------------IO Board Current Created Session Statistics Information :(slot/number) -------------------------------------------------------------------------------0 /0 1 /0 2 /1 3 /0 4 /0 5 /0 6 /0 7 /0 8 /0 9 /0 10/0 11/0 12/0 13/0 14/0 15/0 16/0 17/0 18/0 19/0 20/0 21/0 22/0 23/0 24/0 25/0 26/0 27/0 28/0 29/0 30/0 31/0 32/0 33/0 34/0 35/0 36/0 37/0 -------------------------------------------------------------------------------Current Total Used Discriminator Num : 1 -------------------------------------------------------------------------------IO Board Reserved Sessions Number Information :(slot/number) -------------------------------------------------------------------------------0 /0 1 /0 2 /0 3 /0 4 /0 5 /0 6 /0 7 /0 8 /0 9 /0 10/0 11/0 12/0 13/0 14/0 15/0 16/0 17/0 18/0 19/0 20/0 21/0 22/0 23/0 24/0 25/0 26/0 27/0 28/0 29/0 30/0 31/0 32/0 33/0 34/0 35/0 36/0 37/0 -------------------------------------------------------------------------------BFD HA Information : --------------------------------------------------------------------------------
Issue 03 (2010-03-31)
5-31
5 BFD Configuration
Core Current HA Status : Normal Shell Current HA Status : Normal -------------------------------------------------------------------------------BFD for LSP Information : -------------------------------------------------------------------------------Ability of auto creating BFD session on egress : Disable Period of LSP Ping : 60 System Session Delay Up Timer : OFF --------------------------------------------------------------------------------
You can view the field System Session Delay Up Timer in the command output. This field displays the status of the current system delay Up time. OFF indicates that the system is in the normal state; Xs indicates that after X seconds, the system recovers, and the BFD session is Up.
Pre-configuration Tasks
Before adjusting BFD parameters, you need to set up a BFD session.
Data Preparation
To adjust the BFD parameters, you need the following data. No 1 2
5-32
Data BFD configuration name Interval during which local BFD packets are sent or received
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
No 3
Procedure
Step 1 Run:
system-view
The sending interval is set. By default, the minimum sending interval is 10 milliseconds. Step 4 Run:
min-rx-interval interval
The receiving interval is set. By default, the minimum sending interval is 10 milliseconds. Step 5 Run:
detect-multiplier multiplier
The local detection multiplier is set. By default, the local detection multiplier is 3. Step 6 Run:
commit
Postrequisite
To reduce the usage of the system resources, once the BFD session is Down, the system automatically adjusts the local sending or receiving interval to a random value between 1000 milliseconds and 3000 milliseconds. When the BFD session is Up, the user-configured interval is used.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-33
5 BFD Configuration
NOTE
To efficiently use system resources, when detecting that the BFD session goes Down, the system automatically adjusts the interval for receiving and sending BFD control packets to be a random value larger than 10000 ms. When the BFD session goes Up, the set interval is restored.
Procedure
Step 1 Run:
system-view
The WTR is configured. By default, the WTR is 0, that is, it does not wait to restore.
NOTE
The BFD session is unidirectional. If the WTR is applied, you must configure the same WTR at both ends. Otherwise, when the session status changes at one end, applications at both ends know different BFD session status.
Step 4 Run:
commit
Procedure
Step 1 Run:
5-34 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
The description of a BFD session is added. description is a string of 1 to 51 characters. By default, the description of the BFD session is Null. You can run the undo description command to delete the description of the BFD session. Step 4 Run:
commit
Context
NOTE
You can view the information on the BFD session, only when the parameters of the BFD session are set and the session is set up.
Procedure
l Run the display bfd configuration { all | dynamic | peer-ip peer-ip [ vpn-instance vpninstance-name ] | static [ name cfg-name ] | discriminator local discr-value } [ verbose ] to check the BFD configuration. Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] to check information about the BFD session.
----End
Example
After the configuration, run the display bfd session all verbose command.
<HUAWEI> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : aa -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20
Issue 03 (2010-03-31)
5-35
5 BFD Configuration
Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/2/0) Bind Session Type : Static Bind Peer Ip Address : 10.1.1.2 NextHop Ip Address : 10.1.1.2 Bind Interface : GigabitEthernet1/2/0 FSM Board Id : 6 TOS-EXP : 6 Min Tx Interval (ms) : 500 Min Rx Interval (ms) : 500 Actual Tx Interval (ms): 500 Actual Rx Interval (ms): 500 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Enable WTR Interval (ms) : 60000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : RouterA_to_RouterB -------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
You can view that Min Tx Interval is 500 milliseconds; Min Rx Interval is 500 milliseconds. WTR Interval is 60000 milliseconds. Session Description is RouterA_to_RouterB.
5.11 Globally Configuring the Destination Port Number for the Multi-Hop BFD Control Packet
This section describes the application of the destination port number of the multi-hop BFD control packet and how to configure the destination port number globally. 5.11.1 Establishing the Configuration Task 5.11.2 Globally Configuring the Destination Port Number 5.11.3 Checking the Configuration
To interwork with the device running the version earlier than the NE80E/40E, the device running the NE80E/40E can be configured with destination port 3784 for the multi-hop BFD control packet. To interwork with the non-Huawei device, the device running the NE80E/40E can be configured with destination port 4784 for the multi-hop BFD control packet.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5-36
5 BFD Configuration
Pre-configuration Tasks
Before globally configuring the destination port number for the multi-hop BFD control packet, complete the following tasks:
l l
Data Preparation
To globally configure the destination port number for the multi-hop BFD control packet, you need the following data. No. 1 Data Name of the device
Procedure
Step 1 Run:
system-view
BFD is enabled globally on the local node and the BFD view is displayed. Step 3 Run:
multi-hop destination-port { 3784 | 4784 }
The destination port number is configured globally for the multi-hop BFD control packet.
NOTE
If destination port 3784 is used by the multi-hop BFD control packets on a router, the router can successfully negotiate with the router on which destination port 4784 is used by the multi-hop BFD control packets. At the same time, on the router that is configured with destination port 3784, destination port 3784 is automatically updated to destination port 4784. To change the destination port number from 4784 to 3784, run the shutdown command to terminate the BFD session on destination port 4784, then, run the multihop destination-port 3784 command on destination ports 4784 and 3784, and finally run the undo shutdown command to restore the BFD session.
----End
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-37
5 BFD Configuration
Context
NOTE
You can view information about the BFD session and its statistics only after only after BFD session parameters are configured and the BFD session is set up successfully.
Procedure
l Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to view information about the BFD session. Run the display bfd statistics [ slot slot-id ] command to view information about statistics of global BFD.
----End
Example
<HUAWEI> display bfd session all verbose --------------------------------------------------------------------Session MIndex : 16384 (Multi Hop) State : Up Name : test --------------------------------------------------------------------Local Discriminator : 111 Remote Discriminator : 222 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Pos6/0/0) Bind Session Type : Static Bind Peer IP Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Pos6/0/0 FSM Board Id : 6 TOS-EXP : 6 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : Destination Port : 3784 TTL : 254 Proc Interface Status : Disable Process PST : Disable WTR Interval (ms) : Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : Session Detect TmrID : Session Init TmrID : Session WTR TmrID : Session Echo Tx TmrID : PDT Index : FSM-B030000 | RCV-0 | IF-B030000 | TOKEN-0 Session Description : ---------------------------------------------------------------------------
According to the preceding command output, you can view that destination port 3784 is used for the multi-hop BFD control packet.
5 BFD Configuration
5.12.1 Establishing the Configuration Task 5.12.2 Configuring the TTL Globally 5.12.3 Checking the Configuration
Pre-configuration Tasks
Before configuring the TTL globally, complete the following tasks:
l l
Connecting interfaces correctly Configuring the IP address of the Layer 3 interface correctly
Data Preparation
To configure the TTL globally, you need the following data. No. 1 Data Name and number of each interface
Procedure
Step 1 Run:
system-view
BFD is enabled globally on the local node and the BFD view is displayed. Step 3 Run:
peer-ip peer-ip mask-length ttl { single-hop | multi-hop } ttl-value
5 BFD Configuration
NOTE
By default, for the static BFD session, the TTL of the single-hop BFD packet is 255 and the TTL of the multi-hop BFD packet is 254. For the dynamic BFD session, the TTL of the single-hop BFD packet is 255; the TTL of the multi-hop BFD packet is 253.
----End
Procedure
l Run the display bfd session { all | discriminator discr-value | dynamic | peer-ip peerip [ vpn-instance vpn-instance-name ] | static } [ verbose ] [ slot slot-id ] command to view information about the BFD session. Run the display bfd ttl [ slot slot-id ] command to view information about the globally configured TTL.
----End
Example
After the configurations are successful, run the display bfd ttl command, and you can view information about the global TTL.
<HUAWEI> display bfd ttl -------------------------------------------------------------------------Peer IP Mask Type Value --------------------------------------------------------------------------1.1.1.0 24 Single-hop 255 ---------------------------------------------------------------------------
Pre-configuration Tasks
Before configuring the Interval for Sending Trap Messages, complete the following tasks:
5-40 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
Data Preparation
To configure the Interval for Sending Trap Messages, you need the following data. No. 1 Data Interval for sending trap messages
Procedure
Step 1 Run:
system-view
BFD is enabled globally, and the global BFD view is displayed. Step 3 Run:
snmp-agent bfd trap-interval interval
The interval for sending trap messages is set. By default, the interval for sending trap messages is 120s. ----End
Procedure
l Run the display current-configuration configuration bfd command to view the configuration of the BFD trap function.
----End
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-41
5 BFD Configuration
Example
Run the display current-configuration configuration bfd command, and you can view that the interval for sending trap messages is 300 seconds.
<HUAWEI> display current-configuration configuration bfd # bfd snmp-agent bfd trap-interval 300 # return
CAUTION
BFD statistics cannot be restored after you clear it. So, confirm the action before you use the command.
Procedure
Step 1 Run the reset reset bfd statistics { all [ slot slot-id ] | discriminator discr-value } command in the user view to clear the BFD statistics. ----End
Procedure
l Run the display bfd configuration { all | static [ name cfg-name ] | dynamic | peer-ip peer-ip [ vpn-instance vpn-instance-name ] | discriminator local discr-value } [ verbose ] command in any view to check the BFD configuration. Run the display bfd interface [ interface-type interface-number ] command in any view to check the information about the interface that is enabled with BFD.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5-42
5 BFD Configuration
Run the display bfd session { all | static | dynamic | discriminator discr-value | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } [ verbose ] [ slot slot-id ] command in any view to check information about the BFD session. Run the display bfd statistics [ slot slot-id ] command in any view to check the statistics of BFD globally. Run the display bfd statistics session { all | static | dynamic | discriminator discrvalue | peer-ip peer-ip [ vpn-instance vpn-instance-name ] } [ slot slot-id ] command in any view to check the statistics of the BFD session.
l l
----End
5.15.1 Example for Configuring One-Hop BFD for Layer 3 Physical Link
Networking Requirements
As shown in Figure 5-3, the asynchronous mode of the BFD is used to detect the directly connected link between Router A and Router B. Figure 5-3 Networking diagram of configuring the one-hop BFD
POS1/0/0 10.1.1.1/24
POS1/0/0 10.1.1.2/24
RouterA
RouterB
Issue 03 (2010-03-31)
5-43
5 BFD Configuration
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure a BFD session on Router A to detect the directly-connected link between Router A and Router B. Configure a BFD session on Router B to detect the directly-connected link between Router B and Router A.
Data Preparation
To complete the configuration, you need the following data:
l l l
Peer IP address of the BFD The local interface of sending and receiving the BFD control packets The local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure IP addresses of the directly-connected interfaces on Router A and Router B. # Configure the IP address of the interface on Router A.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] undo shutdown [RouterA-Pos1/0/0] ip address 10.1.1.1 24 [RouterA-Pos1/0/0] quit
Step 2 Configure the one-hop BFD. # Enable the BFD on Router A, set up the BFD session with Router B and bind the interface to BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip 10.1.1.2 interface pos 1/0/0 [RouterA-bfd-session-atob] discriminator local 1 [RouterA-bfd-session-atob] discriminator remote 2 [RouterA-bfd-session-atob] min-tx-interval 10 [RouterA-bfd-session-atob] min-rx-interval 10 [RouterA-bfd-session-atob] wtr 5 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Enable the BFD on Router B, set up the BFD session with Router A, and bind the interface to the BFD session.
[RouterB] bfd
5-44
Issue 03 (2010-03-31)
5 BFD Configuration
Step 3 Verify the configuration. After the configurations, run the display bfd session all verbose command on Router A and Router B, and you can view that a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
<RouterA> display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 1 Remote Discriminator : 2 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Pos1/0/0) Bind Session Type : Static Bind Peer Ip Address : 10.1.1.2 NextHop Ip Address : 10.1.1.2 Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l
Issue 03 (2010-03-31)
5-45
5 BFD Configuration
commit # return l
5.15.2 Example for Configuring the One-Hop BFD for IP-Trunk Member Link
Networking Requirements
As shown in Figure 5-4, an IP-Trunk that consists of two POS links exists between Router A and Router B. Perform the BFD on the member link POS 1/0/0. Figure 5-4 Networking diagram of configuring one-hop BFD for IP-Trunk member link
POS1/0/0
POS1/0/0
RouterA
RouterB
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Create an IP-Trunk interface. Configure the one-hop BFD for the member link.
Data Preparation
To configure the one-hop BFD for the member link, you need the following data:
l
Peer IP address of the BFD, that is, the IP address of the IP-Trunk
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5-46
5 BFD Configuration
Local member link interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure an IP-Trunk interface. # Configure an IP-Trunk interface on Router A and set the lower threshold of the links in the Up state of the IP-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface ip-trunk 1 [RouterA-Ip-Trunk1] undo shutdown [RouterA-Ip-Trunk1] ip address 100.1.1.1 255.255.255.0 [RouterA-Ip-Trunk1] least active-linknumber 1 [RouterA-Ip-Trunk1] quit [RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] undo shutdown [RouterA-Pos1/0/0] link-protocol hdlc [RouterA-Pos1/0/0] ip-trunk 1 [RouterA-Pos1/0/0] quit [RouterA] interface pos 2/0/0 [RouterA-Pos2/0/0] undo shutdown [RouterA-Pos2/0/0] link-protocol hdlc [RouterA-Pos2/0/0] ip-trunk 1 [RouterA-Pos2/0/0] quit
# Configure an IP-Trunk interface on Router B and set the lower threshold of the links in the Up state of the IP-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface ip-trunk 1 [RouterB-Ip-Trunk1] undo shutdown [RouterB-Ip-Trunk1] ip address 100.1.1.2 255.255.255.0 [RouterB-Ip-Trunk1] least active-linknumber 1 [RouterB-Ip-Trunk1] quit [RouterB] interface pos 1/0/0 [RouterB-Pos1/0/0] undo shutdown [RouterB-Pos1/0/0] link-protocol hdlc [RouterB-Pos1/0/0] ip-trunk 1 [RouterB-Pos1/0/0] quit [RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] undo shutdown [RouterB-Pos2/0/0] link-protocol hdlc [RouterB-Pos2/0/0] ip-trunk 1 [RouterB-Pos2/0/0] quit
After the configurations are complete, running the display interface ip-trunk command on Router A or Router B, you can find that the status of the IP-Trunk is Up. Take the display on Router A as an example.
[RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-12, 10:12:19 Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24 Link layer protocol is nonstandard HDLC Physical is IP_TRUNK
Issue 03 (2010-03-31)
5-47
5 BFD Configuration
Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------Pos1/0/0 UP 1 Pos2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
The IP-Trunk interfaces of Router A and Router B can ping through each other.
[RouterA] ping -a 100.1.1.1 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=310 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=50 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=40 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=40 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 30/94/310 ms
Step 2 Configure the one-hop BFD for the IP-Trunk. # Configure the BFD session on Router A and Bind the member link interface POS 1/0/0 to the BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd to_Link1 bind peer-ip default-ip interface pos 1/0/0 [RouterA-bfd-session-to_Link1] discriminator local 10 [RouterA-bfd-session-to_Link1] discriminator remote 20 [RouterA-bfd-session-to_Link1] min-tx-interval 10 [RouterA-bfd-session-to_Link1] min-rx-interval 10 [RouterA-bfd-session-to_Link1] wtr 5 [RouterA-bfd-session-to_Link1] commit [RouterA-bfd-session-to_Link1] quit
# Configure the BFD session on Router B and Bind the member link interface POS 1/0/0 to the BFD session.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd to_Link1 bind peer-ip default-ip interface pos 1/0/0 [RouterB-bfd-session-to_Link1] discriminator local 20 [RouterB-bfd-session-to_Link1] discriminator remote 10 [RouterB-bfd-session-to_Link1] min-tx-interval 10 [RouterB-bfd-session-to_Link1] min-rx-interval 10 [RouterB-bfd-session-to_Link1] wtr 5 [RouterB-bfd-session-to_Link1] commit [RouterB-bfd-session-to_Link1] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Router A or Router B, you can find that a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
5-48 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : to_link1 -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Pos1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the shutdown command on POS 1/0/0 of Router A to simulate the link fault.
[RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] shutdown [RouterA-Pos1/0/0] quit
Running the display bfd session all verbose command and the display interface ip-trunk command on Router A and Router B, you can find that the status of the BFD session is Down and the status of the IP-Trunk is still Up.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : to_link1 -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Pos1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : Pos1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Local Demand Mode : Control Detection Time Expired Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : UP
Issue 03 (2010-03-31)
5-49
5 BFD Configuration
Line protocol current state : UP Last line protocol up time: 2007-11-11, 11:12:19 Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24 Link layer protocol is nonstandard HDLC Physical is IP_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------Pos1/0/0 DOWN 1 Pos2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 1
----End
Configuration Files
l
5-50
Issue 03 (2010-03-31)
5 BFD Configuration
POS1/0/0
POS1/0/0
IP-Trunk1 100.1.1.2/24
POS2/0/0 RouterB
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Create an IP-Trunk interface. Configure the one-hop BFD for IP-Trunk link.
Data Preparation
To configure the one-hop BFD for the IP-Trunk link, you need the following data:
l l l
Peer IP address of the BFD, that is, the IP address of the IP-Trunk Local IP-Trunk interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-51
5 BFD Configuration
Procedure
Step 1 Configure an IP-Trunk interface. # Create an IP-Trunk interface on Router A and set the lower threshold of the links in the Up state of the IP-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface ip-trunk 1 [RouterA-Ip-Trunk1] undo shutdown [RouterA-Ip-Trunk1] ip address 100.1.1.1 255.255.255.0 [RouterA-Ip-Trunk1] least active-linknumber 1 [RouterA-Ip-Trunk1] quit [RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] undo shutdown [RouterA-Pos1/0/0] link-protocol hdlc [RouterA-Pos1/0/0] ip-trunk 1 [RouterA-Pos1/0/0] quit [RouterA] interface pos 2/0/0 [RouterA-Pos2/0/0] undo shutdown [RouterA-Pos2/0/0] link-protocol hdlc [RouterA-Pos2/0/0] ip-trunk 1 [RouterA-Pos2/0/0] quit
# Create an IP-Trunk interface on Router B and set the lower threshold of the links in the Up state of the IP-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface ip-trunk 1 [RouterB-Ip-Trunk1] undo shutdown [RouterB-Ip-Trunk1] ip address 100.1.1.2 255.255.255.0 [RouterB-Ip-Trunk1] least active-linknumber 1 [RouterB-Ip-Trunk1] quit [RouterB] interface pos 1/0/0 [RouterB-Pos1/0/0] undo shutdown [RouterB-Pos1/0/0] link-protocol hdlc [RouterB-Pos1/0/0] ip-trunk 1 [RouterB-Pos1/0/0] quit [RouterB] interface pos 2/0/0 [RouterB-Pos2/0/0] undo shutdown [RouterB-Pos2/0/0] link-protocol hdlc [RouterB-Pos2/0/0] ip-trunk 1 [RouterB-Pos2/0/0] quit
After the configurations are complete, running the display interface ip-trunk command on Router A or Router B, you can find that the status of the interface is Up. Take the display on Router A as an example.
[RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-13, 10:18:19 Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24 Link layer protocol is nonstandard HDLC Physical is IP_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops
5-52
Issue 03 (2010-03-31)
5 BFD Configuration
The IP-Trunk interface of Router A and Router B can ping through each other. Take the results on Router A as an example.
[RouterA] ping 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=220 ms Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=30 ms Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=10 ms Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=30 ms Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=40 ms --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 10/66/220 ms
Step 2 Configure the one-hop BFD for the IP-Trunk. # Enable the BFD on Router A, configure the BFD session with Router B and bind the IP-Trunk interface to the BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip 100.1.1.2 interface ip-trunk 1 [RouterA-bfd-session-atob] discriminator local 10 [RouterA-bfd-session-atob] discriminator remote 20 [RouterA-bfd-session-atob] min-tx-interval 10 [RouterA-bfd-session-atob] min-rx-interval 10 [RouterA-bfd-session-atob] wtr 5 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Enable the BFD on Router B, configure the BFD session with Router A and bind the IP-Trunk interface to the BFD session.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip 100.1.1.1 interface ip-trunk 1 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] min-tx-interval 10 [RouterB-bfd-session-btoa] min-rx-interval 10 [RouterB-bfd-session-btoa] wtr 5 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Router A or Router B, you can find that a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function
Issue 03 (2010-03-31)
5-53
5 BFD Configuration
BFD Bind Type : Interface(Ip-Trunk 1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Ip-Trunk 1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Local Demand Mode : Disable Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the shutdown command on the POS 1/0/0 of Router A to simulate the link fault.
[RouterA] interface pos 1/0/0 [RouterA-Pos1/0/0] shutdown [RouterA-Pos1/0/0] quit
Running the display bfd session all verbose command and the display interface ip-trunk command on Router A and Router B, you can find that the status of the BFD session and that of the IP-Trunk interface are Up.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Ip-Trunk 1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Ip-Trunk 1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-14, 10:12:45 Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24
5-54
Issue 03 (2010-03-31)
5 BFD Configuration
Run the shutdown command on POS 2/0/0 of Router A to simulate the link fault.
[RouterA] interface pos 2/0/0 [RouterA-Pos2/0/0] shutdown [RouterA-Pos2/0/0] quit
Running the display bfd session all verbose command and the display interface ip-trunk command on Router A and Router B, you can find that the status of the BFD session and that of the IP-Trunk interface are Down.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Ip-Trunk 1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Ip-Trunk 1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface ip-trunk 1 Ip-Trunk1 current state : Down Line protocol current state : Down Last line protocol up time: 2007-11-15, 12:12:19 Description : HUAWEI, Ip-Trunk1 Interface, Route Port Hash arithmetic : According to flow The Maximum Transmit Unit is 4470 bytes Internet Address is 100.1.1.1/24 Link layer protocol is nonstandard HDLC Physical is IP_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 errors,0 drops
Issue 03 (2010-03-31)
5-55
5 BFD Configuration
Output:0 packets,0 bytes, 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------Pos1/0/0 DOWN 1 Pos2/0/0 DOWN 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 0
----End
Configuration Files
l
5-56
Issue 03 (2010-03-31)
5 BFD Configuration
5.15.4 Example for Configuring One-Hop BFD for Layer 3 EthTrunk Member Link
Networking Requirements
As shown in Figure 5-6, an Eth-Trunk that consists of two GE links exists between Router A and Router B. Perform the BFD on the GE 1/0/0 of the member link. Figure 5-6 Networking diagram of configuring one-hop BFD for Layer 3 Eth-Trunk member link
GE1/0/0
RouterA GE2/0/0
GE2/0/0 RouterB
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Create an Eth-Trunk interface. Configure the one-hop BFD for the specified member link.
Data Preparation
To configure the one-hop BFD for Layer 3 Eth-Trunk member link, you need the following data:
l l l
Peer IP address of the BFD, that is, the IP address of the Eth-Trunk Local member link interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure an Eth-Trunk interface. # Create an Eth-Trunk interface on Router A.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-57
5 BFD Configuration
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface eth-trunk 1 [RouterA-Eth-Trunk1] undo shutdown [RouterA-Eth-Trunk1] ip address 100.1.1.1 24 [RouterA-Eth-Trunk1] least active-linknumber 1 [RouterA-Eth-Trunk1] quit [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] eth-trunk 1 [RouterA-GigabitEthernet1/0/0] quit [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] eth-trunk 1 [RouterA-GigabitEthernet2/0/0] quit
After the above configurations, running the display interface eth-trunk command on Router A or Router B, you can find that the status of the interface is Up. Take the display on Route A as an example.
[RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-10, 11:35:19 Hash arithmetic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-271e-f652 Physical is ETH_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 UP 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
The Eth-Trunk interfaces of Router A and Router B can ping through each other.
[RouterA] ping -a 100.1.1.1 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 ms
5-58
Issue 03 (2010-03-31)
5 BFD Configuration
Step 2 Configure the one-hop BFD for the Layer 3 Eth-Trunk member link. # Configure the BFD session on Router A and bind the member link interface GE 1/0/0.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd to_link1 bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterA-bfd-session-to_link1] discriminator local 10 [RouterA-bfd-session-to_link1] discriminator remote 11 [RouterA-bfd-session-to_link1] min-tx-interval 10 [RouterA-bfd-session-to_link1] min-rx-interval 10 [RouterA-bfd-session-to_link1] wtr 5 [RouterA-bfd-session-to_link1] commit [RouterA-bfd-session-to_link1] quit
# Configure the BFD session on Router B and bind the member link interface GE 1/0/0.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd to_link1 bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterB-bfd-session-to_link1] discriminator local 11 [RouterB-bfd-session-to_link1] discriminator remote 10 [RouterB-bfd-session-to_link1] min-tx-interval 10 [RouterB-bfd-session-to_link1] min-rx-interval 10 [RouterB-bfd-session-to_link1] wtr 5 [RouterB-bfd-session-to_link1] commit [RouterB-bfd-session-to_link1] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Route A and Route B, you can find that the one-hop BFD session is set up and its status is Up. Take the display on Route A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : to_link1 -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 11 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : --
Issue 03 (2010-03-31)
5-59
5 BFD Configuration
Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Running the shutdown command on GE 1/0/0 of Router A to simulate the link fault, you can find that the BFD session is in the Down state and the Eth-Trunk status is still in the Up state.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : to_link1 -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 11 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-23, 11:52:49 Hash arithmatic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK Last 300 seconds input rate bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 DOWN 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 1
----End
Configuration Files
l
5-60
5 BFD Configuration
# sysname RouterA # bfd # interface Eth-Trunk1 undo shutdown ip address 100.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 undo shutdown eth-trunk 1 # interface GigabitEthernet2/0/0 undo shutdown eth-trunk 1 # bfd to_link1 bind peer-ip default-ip interface GigabitEthernet 1/0/0 discriminator local 10 discriminator remote 11 min-tx-interval 10 min-rx-interval 10 wtr 5 commit # return l
Issue 03 (2010-03-31)
5-61
5 BFD Configuration
Figure 5-7 Networking diagram of configuring one-hop BFD for Layer 3 Eth-Trunk
GE1/0/0
RouterA GE2/0/0
GE2/0/0
RouterB
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Create an Eth-Trunk interface. Configure the one-hop BFD for the Eth-Trunk link.
Data Preparation
To configure the one-hop BFD for the Layer 3 Eth-Trunk, you need the following data:
l l l
Peer IP address of the BFD, that is, the IP address of the Eth-Trunk Local Eth-Trunk interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure an Eth-Trunk interface. # Create an Eth-Trunk interface on Router A and set the lower threshold of the Up links of the Eth-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface eth-trunk 1 [RouterA-Eth-Trunk1] undo shutdown [RouterA-Eth-Trunk1] ip address 100.1.1.1 24 [RouterA-Eth-Trunk1] least active-linknumber 1 [RouterA-Eth-Trunk1] quit [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] eth-trunk 1 [RouterA-GigabitEthernet1/0/0] quit [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] undo shutdown [RouterA-GigabitEthernet2/0/0] eth-trunk 1 [RouterA-GigabitEthernet2/0/0] quit
# Create an Eth-Trunk interface on Router B and set the lower threshold of the Up links of the Eth-Trunk to 1.
<HUAWEI> system-view [HUAWEI] sysname RouterB
5-62
Issue 03 (2010-03-31)
5 BFD Configuration
After these configurations are complete, running the display interface eth-trunk command on Router A or Router B, you can find that the status of the interface is Up. Take the display on Router A as an example.
[RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-19, 12:17:09 Hash arithmetic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-271e-f652 Physical is ETH_TRUNK Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 UP 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 2
The Eth-Trunks of Router A and Router B can ping though each other.
[RouterA] ping -a 100.1.1.1 100.1.1.2 PING 100.1.1.2: 56 data bytes, press CTRL_C to break Reply from 100.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 Reply from 100.1.1.2: bytes=56 Sequence=2 ttl=255 time=31 Reply from 100.1.1.2: bytes=56 Sequence=3 ttl=255 time=62 Reply from 100.1.1.2: bytes=56 Sequence=4 ttl=255 time=62 Reply from 100.1.1.2: bytes=56 Sequence=5 ttl=255 time=62 --- 100.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/49/62 ms
ms ms ms ms ms
Step 2 Configure the one-hop BFD for Layer 3 Eth-Trunk link. # Enable the BFD on Router A, configure the BFD session with Router B and bind the EthTrunk to the BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip 100.1.1.2 interface eth-trunk 1 [RouterA-bfd-session-atob] discriminator local 10
Issue 03 (2010-03-31)
5-63
5 BFD Configuration
[RouterA-bfd-session-atob] [RouterA-bfd-session-atob] [RouterA-bfd-session-atob] [RouterA-bfd-session-atob] [RouterA-bfd-session-atob] [RouterA-bfd-session-atob] discriminator remote 20 min-tx-interval 10 min-rx-interval 10 wtr 5 commit quit
# Enable the BFD on Router B, configure the BFD session with Router A and bind the EthTrunk to the BFD session.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip 100.1.1.1 interface eth-trunk 1 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] min-tx-interval 10 [RouterB-bfd-session-btoa] min-rx-interval 10 [RouterB-bfd-session-btoa] wtr 5 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Router A and Router B, you can find a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Eth-Trunk1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Eth-Trunk1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the shutdown command on the GE 1/0/0 of Router A to simulate the link fault.
[RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] shutdown [RouterA-GigabitEthernet1/0/0] quit
Running the display bfd session all verbose command and the display interface eth-trunk command on Router A and Router B, you can find that the status of the BFD session and the Eth-Trunk is still Up.
[RouterA] display bfd session all verbose --------------------------------------------------------------------------------
5-64
Issue 03 (2010-03-31)
5 BFD Configuration
Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Eth-Trunk1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Eth-Trunk1 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-17, 10:15:34 Hash arithmatic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK Last 300 seconds input rate bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 DOWN 1 GigabitEthernet2/0/0 UP 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 1
Run the shutdown command on the GE 2/0/0 of Router A to simulate the link fault. Running the display bfd session all verbose command and the display interface eth-trunk command on Router A and Router B, you can find that status of the BFD session and that of the Eth-Trunk interface become Down.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Eth-Trunk1) Bind Session Type : Static Bind Peer Ip Address : 100.1.1.2 NextHop Ip Address : 100.1.1.2 Bind Interface : Eth-Trunk1
Issue 03 (2010-03-31)
5-65
5 BFD Configuration
FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface eth-trunk 1 Eth-Trunk1 current state : Down Line protocol current state : Down Last line protocol up time: 2007-11-09, 10:45:18 Hash arithmatic : According to flow The Maximum Transmit Unit is 1500 bytes Internet Address is 100.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc09-9722 Physical is ETH_TRUNK Last 300 seconds input rate bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops,0 unknownprotocol Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicasts 0 errors,0 drops ----------------------------------------------------PortName Status Weight ----------------------------------------------------GigabitEthernet1/0/0 DOWN 1 GigabitEthernet2/0/0 DOWN 1 ----------------------------------------------------The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 0
----End
Configuration Files
l
5-66
Issue 03 (2010-03-31)
5 BFD Configuration
The VLAN between two directly-connected routers should apply one link.
Figure 5-8 Networking diagram of configuring one-hop BFD for VLANIF interfaces
RouterA
RouterB
Configuration Roadmaps
The configuration roadmap is as follows:
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 5-67
5 BFD Configuration
1. 2.
Configure the VLAN that is based on the interface. Configure the one-hop BFD for the VLANIF.
Data Preparation
To configure the one-hop BFD for the VLANIF, you need the following data:
l l l
Peer IP address of the BFD, that is, the IP address of the VLANIF interface Local VLANIF interface that sends and receives BFD control packets Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure VLAN 10. # Configure VLAN 10 on Router A.
<RouterA> system-view [HUAWEI] sysname RouterA [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] portswitch [RouterA-GigabitEthernet1/0/0] quit [RouterA] vlan 10 [RouterA-vlan10] port gigabitethernet 1/0/0 [RouterA-vlan10] quit [RouterA] interface vlanif 10 [RouterA-Vlanif10] undo shutdown [RouterA-Vlanif10] ip address 110.1.1.1 24 [RouterA-Vlanif10] quit
After the configuration, run the display interface vlanif command on Router A or Router B, and you can view that the interface is Up. Take the display onRouter A as an example.
[RouterA] display interface vlanif 10 Vlanif10 current state : UP Line protocol current state : UP Last line protocol up time: 2007-11-23, 13:11:19 Description : Vlanif10 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet Address is 110.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7a-9e35
5-68
Issue 03 (2010-03-31)
5 BFD Configuration
The VLANIF interfaces on Router A and Router B can ping through each other.
[RouterA] ping -a 110.1.1.1 110.1.1.2 PING 110.1.1.2: 56 data bytes, press CTRL_C to break Reply from 110.1.1.2: bytes=56 Sequence=1 ttl=255 time=31 Reply from 110.1.1.2: bytes=56 Sequence=2 ttl=255 time=31 Reply from 110.1.1.2: bytes=56 Sequence=3 ttl=255 time=62 Reply from 110.1.1.2: bytes=56 Sequence=4 ttl=255 time=62 Reply from 110.1.1.2: bytes=56 Sequence=5 ttl=255 time=62 --- 110.1.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/49/62 ms
ms ms ms ms ms
Step 2 Configure the one-hop BFD for the VLANIF. # Enable the BFD on Router A, configure the BFD session with Router B and bind the VLANIF interface to the BFD session.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip 110.1.1.2 interface vlanif 10 [RouterA-bfd-session-atob] discriminator local 10 [RouterA-bfd-session-atob] discriminator remote 20 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Enable the BFD on Router B, configure the BFD session with Router A and bind the VLANIF interface to the BFD session.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip 110.1.1.1 interface vlanif 10 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 3 Verify the configuration. After the configurations are complete, run the display bfd session all verbose command on Router A and Router B, you can view that a one-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Vlanif10) Bind Session Type : Static Bind Peer Ip Address : 110.1.1.2 NextHop Ip Address : 110.1.1.2 Bind Interface : Vlanif10 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30
Issue 03 (2010-03-31)
5-69
5 BFD Configuration
Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 4
Run the display bfd session all verbose command on Router A and Router B, and you can view that the status of the BFD session goes Down. Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 256 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Vlanif10) Bind Session Type : Static Bind Peer Ip Address : 110.1.1.2 NextHop Ip Address : 110.1.1.2 Bind Interface : Vlanif10 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l
5-70
Issue 03 (2010-03-31)
5 BFD Configuration
5.15.7 Example for Configuring the Association Between the BFD Status and the Interface Status
Networking Requirements
As shown in Figure 5-9, transmission devices exist on the link. By configuring the association between the BFD status and the interface status, the status change of the BFD session between GE 1/0/0 of Router A and GE 1/0/0 of Router B can affect the protocol status of the interface, and can trigger the fast convergence of routes when the link between transmission devices fails. Figure 5-9 Configuring the association between the BFD status and the interface status GE1/0/0 GE1/0/0
RouterA
RouterB
Configuration Roadmap
The configuration roadmap is as follows: 1.
Issue 03 (2010-03-31)
5 BFD Configuration
2. 3. 4.
Configure a BFD session on Router B. Configure the association between the BFD status and the interface status on Router A when the BFD session is Up. Configure the association between the BFD status and the interface status on Router B when the BFD session is Up.
Data Preparation
To complete the configuration, you need the following data:
l l l
Peer IP address detected by BFD Local interface that sends and receives BFD Control packets Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure the IP address of the interface that directly connects Router A to Router B. # Configure the IP address of the interface on Router A.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet1/0/0] quit
Step 2 Configure the one-hop BFD detection. # On Router A, enable BFD and configure the BFD session between Router A and Router B.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterA-bfd-session-atob] discriminator local 10 [RouterA-bfd-session-atob] discriminator remote 20 [RouterA-bfd-session-atob] min-tx-interval 10 [RouterA-bfd-session-atob] min-rx-interval 10 [RouterA-bfd-session-atob] wtr 5 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# On Router B, enable BFD and configure the BFD session between Router B and Router A.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] min-tx-interval 10
5-72
Issue 03 (2010-03-31)
5 BFD Configuration
# After the configuration, run the display bfd session all verbose command on Router A and Router B, and you can view that a one-hop BFD session is established. The session is in the Up state. Take Router A as an example:
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 3 Configure the association between the BFD status and the interface status. # Configure the association between the BFD status and the interface status on Router A.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob [RouterA-bfd-session-atob] process-interface-status [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Configure the association between the BFD status and the interface status on Router B.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa [RouterB-bfd-session-btoa] process-interface-status [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 4 Verify the configuration. After the configuration is complete, run the display bfd session all verbose command on Router A and Router B, and you can view that the field Proc interface status displays Enable. Take Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Up Name : atob --------------------------------------------------------------------------------
Issue 03 (2010-03-31)
5-73
5 BFD Configuration
Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Enable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application :IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Run the shutdown command on GE 1/0/0 of Router B to terminate the BFD session.
[RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] shutdown [RouterB-GigabitEthernet1/0/0] quit
Run the display bfd session all verbose and display interface gigabitethernet 1/0/0 commands on Router A, and you can view that the status of the BFD session is Down, and the status of GE 1/0/0 is UP (BFD status down).
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Enable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Neighbor Signaled Session Down Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface gigabitethernet 1/0/0 GigabitEthernet1/0/0 current state : UP Line protocol current state : UP(BFD status down) Last line protocol up time: 2008-10-16 09:25:17 Description : HUAWEI, GigabitEthernet1/0/0 Interface, Route Port The Maximum Transmit Unit is 1500 bytes
5-74
Issue 03 (2010-03-31)
5 BFD Configuration
Internet Address is 10.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcc7-565a The Vendor PN is HFBR-5710L Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode WaveLength: 850nm, Transmission Distance: 550m Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send an d Receive Enable Last physical up time : 2008-10-16 09:18:48 Last physical down time : 2008-10-16 09:18:42 Statistics last cleared:never Last 300 seconds input rate: 56 bits/sec, 0 packets/sec Last 300 seconds output rate: 88 bits/sec, 0 packets/sec Input: 420904 bytes, 5802 packets Output: 1250456 bytes, 13926 packets Input: Unicast: 461 packets, Multicast: 5331 packets Broadcast: 10 packets, Jumbo: 0 packets CRC: 3 packets, Symbol: 0 packets Overrun: 0 packets, InRangeLength: 0 packets LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets Fragment: 0 packets, Undersized Frame: 0 packets RxPause: 0 packets Output: Unicast: 8622 packets, Multicast: 5293 packets Broadcast: 11 packets, Jumbo: 0 packets Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets TxPause: 0 packets Unknown Vlan: 0 packets
----End
Configuration Files
l
Issue 03 (2010-03-31)
5-75
5 BFD Configuration
min-rx-interval 10 wtr 5 process-interface-status commit # return
5.15.8 Example for Configuring the Association Between the BFD Status and the Sub-Interface Status
Networking Requirements
As shown in Figure 5-10, in the large-scale MAN Ethernet network that has high requirements for reliability, a large number of services need to be configured on the sub-interface. You can set up BFD sessions to detect the connectivity of the main interface link and configure the association between the BFD status and the sub-interface status. This can improve the reliability of the service on the sub-interface and save the session resources. Figure 5-10 Association between the BFD status and the sub-interface status
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure a BFD session on Router A. Configure a BFD session on Router B. Configure the association between the BFD status and the sub-interface status when the BFD session on Router A is Up. Configure the association between the BFD status and the sub-interface status when the BFD session on Router B is Up.
Data Preparation
To configure the association between the BFD status and the sub-interface status, you need the following data:
l l l
IP address of the main interface on the remote end detected by BFD Local interface that sends and receives BFD Control packets Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
5-76 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
5 BFD Configuration
Procedure
Step 1 Configure the IP addresses of the main interfaces on Router A and Router B and create the subinterface. # Configure the IP address of the interface on Router A and create the sub-interface.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] undo shutdown [RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [RouterA-GigabitEthernet1/0/0] quit [RouterA] interface gigabitethernet 1/0/0.1 [RouterA-GigabitEthernet1/0/0.1] undo shutdown [RouterA-GigabitEthernet1/0/0.1] ip address 11.1.1.1 24 [RouterA-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [RouterA-GigabitEthernet1/0/0.1] quit
# Configure the IP address of the interface on Router B and create the sub-interface.
<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] undo shutdown [RouterB-GigabitEthernet1/0/0] ip address 10.1.1.2 24 [RouterB-GigabitEthernet1/0/0] quit [RouterB] interface gigabitethernet 1/0/0.1 [RouterB-GigabitEthernet1/0/0.1] undo shutdown [RouterB-GigabitEthernet1/0/0.1] ip address 11.1.1.2 24 [RouterB-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [RouterB-GigabitEthernet1/0/0.1] quit
Step 2 Configure the one-hop BFD detection. # On Router A, enable BFD and configure the BFD session between Router A and Router B and bind the session with the main interface.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterA-bfd-session-atob] discriminator local 10 [RouterA-bfd-session-atob] discriminator remote 20 [RouterA-bfd-session-atob] min-tx-interval 10 [RouterA-bfd-session-atob] min-rx-interval 10 [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# On Router B, enable BFD and configure the BFD session between Router B and Router A and bind the session with the main interface.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa bind peer-ip default-ip interface gigabitethernet 1/0/0 [RouterB-bfd-session-btoa] discriminator local 20 [RouterB-bfd-session-btoa] discriminator remote 10 [RouterB-bfd-session-btoa] min-tx-interval 10 [RouterB-bfd-session-btoa] min-rx-interval 10 [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
# After the configuration is complete, run the display bfd session all verbose command on Router A and Router B, and you can view that a one-hop BFD session is set up, and the session status is Up. Take the display on Router A as an example.
[RouterA] display bfd session all verbose
Issue 03 (2010-03-31)
5-77
5 BFD Configuration
-------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
Step 3 Configure the association between the BFD status and the sub-interface status. # Configure the association between the BFD status and the sub-interface status on Router A.
[RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atob [RouterA-bfd-session-atob] process-interface-status sub-if [RouterA-bfd-session-atob] commit [RouterA-bfd-session-atob] quit
# Configure the association between the BFD status and the sub-interface status on Router B.
[RouterB] bfd [RouterB-bfd] quit [RouterB] bfd btoa [RouterB-bfd-session-btoa] process-interface-status sub-if [RouterB-bfd-session-btoa] commit [RouterB-bfd-session-btoa] quit
Step 4 Verify the configuration. # After the configuration is complete, run the display bfd session all verbose command on Router A and Router B, and you can view that the field Proc interface status displays Enable (Sub-If). Take the display on Router A as an example.
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Up Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 NextHop Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7
5-78
Issue 03 (2010-03-31)
5 BFD Configuration
Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Enable (Sub-If) Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
# Run the shutdown command on GE 1/0/0 of Router B to shut BFD sessions Down.
[RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] shutdown [RouterB-GigabitEthernet1/0/0] quit
# Run the display bfd session all verbose and display interface gigabitethernet1/0/0.1 commands on Router A, and you can view that the status of the BFD session is Down, and the status of GE1/0/0.1 is UP (Main BFD status down).
[RouterA] display bfd session all verbose -------------------------------------------------------------------------------Session MIndex : 16384 (One Hop) State : Down Name : atob -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(GigabitEthernet1/0/0) Bind Session Type : Static Bind Peer Ip Address : 224.0.0.184 Bind Interface : GigabitEthernet1/0/0 FSM Board Id : 3 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 255 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : -Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : Neighbor Signaled Session Down Bind Application : IFNET Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -Session Echo Tx TmrID : -PDT Index : FSM-5000000|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0 [RouterA] display interface gigabitethernet 1/0/0.1 GigabitEthernet1/0/0.1 current state : UP Line protocol current state : UP(Main BFD status down) Last line protocol up time: 2007-11-10, 11:09:19 Route Port,The Maximum Transmit Unit is 1500 bytes Internet Address is 11.1.1.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcc7-565a Encapsulation dot1q Virtual LAN, Vlan number 1 Last 300 seconds input rate 0 bytes/sec, 0 packets/sec Last 300 seconds output rate 0 bytes/sec, 0 packets/sec Input: 0 packets,0 bytes, 0 unicast,0 broadcast,0 multicast 0 errors,0 drops
Issue 03 (2010-03-31)
5-79
5 BFD Configuration
Output:0 packets,0 bytes, 0 unicast,0 broadcast,0 multicast 0 errors,0 drops
----End
Configuration Files
l
5 BFD Configuration
POS1/0/0 10.1.1.1/24
POS1/0/0 10.1.1.2/24
POS2/0/0 10.2.1.1/24
POS1/0/0 10.2.1.2/24
RouterA
RouterB
RouterC
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure a BFD session on Router A to detect the multi-hop routes between Router A and Router C. Configure a BFD session on Router C to detect the multi-hop routes between Router C and Router A.
Data Preparation
To complete the configuration, you need the following data:
l l
Peer IP address of the BFD Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure the reachable routes between Router A, Router B, and Router C. In this example, the static route is used. The detailed configuration is not mentioned here. Step 2 Configure the multi-hop detection between Router A and Router C. # Configure a BFD session with Router C on Router A. You do not need to bind the interface.
<RouterA> system-view [RouterA] bfd [RouterA-bfd] quit [RouterA] bfd atoc bind peer-ip 10.2.1.2 [RouterA-bfd-session-atoc] discriminator local 10 [RouterA-bfd-session-atoc] discriminator remote 20 [RouterA-bfd-session-atoc] min-tx-interval 10 [RouterA-bfd-session-atoc] min-rx-interval 10 [RouterA-bfd-session-atoc] wtr 10 [RouterA-bfd-session-atoc] commit [RouterA-bfd-session-atoc] quit
# Configure a BFD session with Router A on Router C. You do not need to bind the interface.
<RouterC> system-view [RouterC] bfd [RouterC-bfd] quit
Issue 03 (2010-03-31)
5-81
5 BFD Configuration
[RouterC] bfd ctoa bind peer-ip 10.1.1.1 [RouterC-bfd-session-ctoa] discriminator local 20 [RouterC-bfd-session-ctoa] discriminator remote 10 [RouterC-bfd-session-ctoa] min-tx-interval 10 [RouterC-bfd-session-ctoa] min-rx-interval 10 [RouterC-bfd-session-ctoa] wtr 10 [RouterC-bfd-session-ctoa] commit [RouterC-bfd-session-ctoa] quit
Step 3 Verify the configuration. After the configurations are complete, running the display bfd session all verbose command on Router A and Router C, you can view that a multi-hop BFD session is set up and its status is Up. Take the display on Router A as an example.
<RouterA> display bfd session all -------------------------------------------------------------------------------Session MIndex : 256 (Multi Hop) State : Up Name : atoc -------------------------------------------------------------------------------Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer Ip Address Bind Session Type : Static Bind Peer Ip Address : 10.2.1.2 Bind Interface : -FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 254 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 600000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : -Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l
5-82
Issue 03 (2010-03-31)
5 BFD Configuration
CE1 and CE2 belong to VPN-A. They access the MPLS backbone network through PE1 and PE2 respectively. GE 1/0/0 of PE1 and GE 1/0/0 of PE2 are bound to VPN-A. BFD in asynchronous mode is used to detect the VPN route between PE1 and PE2.
l l
Issue 03 (2010-03-31)
5-83
5 BFD Configuration
Figure 5-12 Networking diagram of configuring the BFD for VPN routes
Loopback1 1.1.1.1/32
Loopback1 3.3.3.3/32
PE1
GE1/0/0 10.1.1.2/24
POS2/0/0 172.1.1.1/24
PE2
GE1/0/0 10.2.1.2/24
GE1/0/0 10.1.1.1/24
GE1/0/0 10.2.1.1/24
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure a BFD session on PE1 to detect the multi-hop path from PE1 to PE2. Configure a BFD session on PE2 to detect the multi-hop path from PE2 to PE1.
Data Preparation
To configure the BFD for VPN routes, you need the following data:
l l
Peer IP address of the BFD Local discriminator and remote discriminator of the BFD session
The minimum sending interval, the minimum receiving interval, and the local detection multiplier of the BFD Control packet adopt the default values.
Procedure
Step 1 Configure the MPLS backbone network to interconnect PE1 and PE2. The configuration details are not mentioned here. Step 2 Configure the VPN instance. The configuration details are not mentioned here. Step 3 Configure the VPN route between PE1 and PE2 to be reachable. The configuration details are not mentioned here. After the configuration is complete, PE1 can ping through the IP address of GE 1/0/0 on PE2.
<PE1> ping -vpn-instance vpna 10.2.1.2 PING 10.2.1.2: 56 data bytes, press CTRL_C to break Reply from 10.2.1.2: bytes=56 Sequence=1 ttl=254 time=60 ms Reply from 10.2.1.2: bytes=56 Sequence=2 ttl=254 time=50 ms Reply from 10.2.1.2: bytes=56 Sequence=3 ttl=254 time=50 ms
5-84
Issue 03 (2010-03-31)
5 BFD Configuration
Step 4 Configure the detection on the VPN route between PE1 and PE2. # On PE1, configure the BFD session between PE1 and PE2 and bind the session with the VPN instance.
<PE1> system-view [PE1] bfd [PE1-bfd] quit [PE1] bfd 1to2_vpn bind peer-ip 10.2.1.2 vpn-instance vpna [PE1-bfd-session-1to2_vpn] discriminator local 12 [PE1-bfd-session-1to2_vpn] discriminator remote 21 [PE1-bfd-session-1to2_vpn] min-tx-interval 10 [PE1-bfd-session-1to2_vpn] min-rx-interval 10 [PE1-bfd-session-1to2_vpn] wtr 5 [PE1-bfd-session-1to2_vpn] commit
# On PE2, configure the BFD session between PE2 and PE1 and bind the session and the VPN instance.
<PE2> system-view [PE2] bfd [PE2-bfd] quit [PE2] bfd 2to1_vpn bind peer-ip 10.1.1.2 vpn-instance vpna [PE2-bfd-session-2to1_vpn] discriminator local 21 [PE2-bfd-session-2to1_vpn] discriminator remote 12 [PE2-bfd-session-2to1_vpn] min-tx-interval 10 [PE2-bfd-session-2to1_vpn] min-rx-interval 10 [PE2-bfd-session-2to1_vpn] wtr 5 [PE2-bfd-session-2to1_vpn] commit
Step 5 Verify the configuration. After the configuration is complete, run the display bfd session peer-ip command on PE1 and PE2, and you can view that a multi-hop BFD session is set up, and the session is Up. Take PE1 as an example:
<PE1> display bfd session peer-ip 10.2.1.2 vpn-instance vpna verbose -------------------------------------------------------------------------------Session MIndex : 256 (Multi Hop) State : Up Name : 1to2_vpn -------------------------------------------------------------------------------Local Discriminator : 12 Remote Discriminator : 21 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer Ip Address Bind Session Type : Static Bind Peer Ip Address : 10.2.1.2 NextHop Ip Address : 10.2.1.2 Bind Interface : -Vpn Instance Name : vpna FSM Board Id : 6 TOS-EXP : 7 Min Tx Interval (ms) : 10 Min Rx Interval (ms) : 10 Actual Tx Interval (ms): 10 Actual Rx Interval (ms): 10 Local Detect Multi : 3 Detect Interval (ms) : 30 Echo Passive : Disable Acl Number : -Destination Port : 3784 TTL : 254 Proc interface status : Disable Process PST : Disable WTR Interval (ms) : 300000 Local Demand Mode : Disable Active Multi : 3 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session TX TmrID : -Session Detect TmrID : --
Issue 03 (2010-03-31)
5-85
5 BFD Configuration
Session Init TmrID : -Session WTR TmrID : -PDT Index : FSM-0|RCV-0|IF-0|TOKEN-0 Session Description : --------------------------------------------------------------------------------Total UP/DOWN Session Number : 1/0
----End
Configuration Files
l
5-86
Issue 03 (2010-03-31)
5 BFD Configuration
Issue 03 (2010-03-31)
5-87
5 BFD Configuration
mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface Pos1/0/0 link-protocol ppp undo shutdown ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp undo shutdown ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # ospf 100 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 network 2.2.2.2 0.0.0.0 # Return l
5-88
Issue 03 (2010-03-31)
6 GR Configuration
6
About This Chapter
GR Configuration
This chapter describes the HA implementation in the NE80E/40E, the configurations of systemlevel GR as well as maintenance commands and provides configuration examples. 6.1 GR Introduction This section describes how to implement HA and related technologies. 6.2 Configuring the System-Level GR This section describes how to configure the system-level GR. 6.3 Maintaining HA This section describes how to monitor the working status of the HA. 6.4 Configuration Examples This section provides an example for GR.
Issue 03 (2010-03-31)
6-1
6 GR Configuration
6.1 GR Introduction
This section describes how to implement HA and related technologies. 6.1.1 HA Overview 6.1.2 GR Features Supported in the NE80E/40E
6.1.1 HA Overview
In practical network, the network may fail and the service may be interrupted because of inevitable non-technical factors. To improve the system availability, it is feasible to improve the fault-tolerance capability of the system, speed up recovery from faults, and reduce the impact of faults on the service. High availability (HA) indicates that a device has high reliability. Generally, Mean Time to Repair (MTTR) and Mean Time Between Failures (MTBF) are used to assess the reliability of a device.
l
MTTR: indicates the average time that a component or a device takes to recover from a failure. In broader sense, MTTR refers to spare part management, customer service, and is an important index to evaluate equipment maintenance. The formula of MTTR is as follows: MTTR = Fault detection time + Board replacement time + System initialization time + Link recovery time + Route coverage time + Forwarding recovery time
The less the time is, the greater the MTTR is and the higher the device reliability is. In the telecommunication industry, 99.999% availability means that the value of MTTR should not be more than 5 minutes each year.
l
MTBF: indicates the average time (usually in hours) when a component or a device works without any failure.
AMB/SMB switchover is an important method to ensure the system availability when the system fails. Data may be lost during AMB/SMB switchover. Most lost data can be restored smoothly through hot standby (HSB). The lost data that cannot be restored through HSB can be restored through Graceful Restart (GR).
Redundancy Backup
Redundancy backup for the key components in the system is an important method to improve the fault-tolerance capability of the system. Redundancy backup is performed in the following modes:
l
1+1 backup: Two components must mirror each other. If the master component is Down, the slave component takes over the previous component to ensure that the system service is not interrupted.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
6-2
6 GR Configuration
n+1 backup: If you need n similar components to provide services, another component is necessary to act as the backup for all the n components. If one of the n components fails, the backup component takes over the faulty component to ensure the smooth service.
Fabric Board: 3+1 backup Main Control Unit (also named main board): 1+1 backup Service Process Unit (also named service board): 1+1 or n+1 backup Power Module: 1+1 backup Cool Fan: n+1 backup
The system performs the AMB/SMB switchover on the premise of 1+1 backup of the main board, that is, two main boards.
HSB
HSB is a key technology providing hot backup. The components and terms related to HSB are described as follows:
l
Active Main Board (AMB): indicates the current active main board of the two main boards on a router. Standby Main Board (SMB): indicates the backup main board of the two main boards on a router. HA channel: indicates the communication channel between the AMB and SMB. Switchover: indicates the AMB is switched to the SMB. It is triggered by the commands or by a serious fault. In the switchover, the original AMB is reset and becomes an SMB. Smooth: After the switchover is performed on a router, the SMB is switched to be the AMB, but the data in different modules on the new AMB may be inconsistent. Thus, the data needs to be synchronized on the new AMB.
l l
The HSB can back up the static and dynamic configurations of the system from the AMB to the SMB. The AMB and SMB communicate as shown in Figure 6-1.
Issue 03 (2010-03-31)
6-3
6 GR Configuration
Download FIB
SMB Routing / MPLS Protocol AMB State Sync RPA MPLS RPA MPLS Socket /TCP Link RIB RIB Synchronize IFnet IFnet FIB configuration FIB and change IPC IPC Heart Beat Check
IPC
Switch Fabric
IPC
IO board Interface
FIB
FIB
FIB
FIB
Incoming Packet
Outcoming Packet
When the system is restarted, the AMB backs up its static configurations on the SMB and the SMB re-execute the static configurations. When the system runs normally, any data changes in the AMB, including static and dynamic data changes, are backed up to the SMB. Note that the AMB can download the routing information from the data plane to the interface board but the SMB cannot download the routing information. In addition, the SMB cannot receive any information from the interface board. After the switchover, the SMB switches itself to the AMB and runs smoothly. All data on the AMB is backed up; therefore, the sessions with other routers are not affected and other routers are not aware of the switchover. That is, the HSB switchover is "self-contained". The requirements for the hardware and software to implement the HSB are as follows:
l l l
Supporting two main boards that serve as the backup for each other Providing a physical communication channel between the AMB and the SMB Supporting AMB heart beat detection on hardware or software
Supporting backup of static configuration data from the AMB to the SMB Supporting dynamic backup and update of protocol status data from the AMB to the SMB Supporting the protocol-level GR capability Supporting data smoothing between modules
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
6-4
6 GR Configuration
GR
In IETF, protocols related to Internet Protocol/Multiprotocol Label Switching (IP/MPLS) such as Open Shortest Path First (OSPF), Intermediate System-Intermediate System (IS-IS), Border Gateway Protocol (BGP), Label Distribution Protocol (LDP), and Resource Reservation Protocol (RSVP) are extended to ensure that the forwarding is not interrupted when the system is restarted. This reduces the flapping of the protocols at the control plane when the system performs the AMB/SMB switchover. This series of standards is called GR extension to each protocol. Currently, GR has been widely applied to the AMB/SMB switchover and system upgrade. The system can perform GR on the condition that the forwarding plane is separated from control plane. That is, the router has a main board and an Interface board, and the Interface board forwards packets. When the system restarts the protocol or performs AMB/SMB switchover, the interface board is not reset. The interface board continues forwarding packets; thus, packets can be forwarded in the entire system without interruption. The prerequisite to uninterrupted forwarding in the system is that the network topology and interface status do not change in the GR period; otherwise, the system exits from the GR and the forwarding is interrupted. The concepts related to the GR are as follows:
l
Roles
GR Restarter: indicates a router on which the routing protocol is enabled with the GR capability. The router has dual main boards, and is capable of notifying the neighbor to maintain the adjacency during AMB/SMB switchover. GR Helper: indicates the neighbor of the GR Restarter. The GR Helper should be able to identify the GR signaling, maintain the adjacency with the GR Restarter during the AMB/SMB switchover, and help the GR Restarter to restore the network topology.
NOTE
The GR Restarter and the GR Helper interact with each other. When the GR Helper is enabled with the GR capability, the GR Restarter and the GR Helper can interchange.
l
GR session: indicates the session that has the GR capability. Through the session, the GR Restarter and the GR Helper negotiate the GR capability. GR time: indicates the time of maintaining the undeleted routing information after the GR Helper finds that the GR Restarter becomes Down. The GR time can be regarded as the period between the start and end of the GR session.
NOTE
The mechanisms of implementing GR in each protocol are different. For the detailed value of the GR time, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - IP Routing and HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS.
The administrator and the fault can trigger the restart and AMB/SMB switchover of the GR Restarter. The following describes the GR process during the AMB/SMB switchover.
NOTE
If the network topology or the interface status changes, the system exits from GR. In the following description, it is assumed that the network topology and interface status do not change.
1.
Issue 03 (2010-03-31)
The GR Restarter and the GR Helper negotiate the GR capability and establish a session.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-5
6 GR Configuration
Figure 6-2 Setting up sessions between the GR Helper and the GR Restarter
RouterD
GR Helper
RouterA RouterB
GR Restarter
RouterC
GR Helper
GR Helper
Router A serves as the GR Restarter. Router B, Router C and Router D are GR Helpers responding to Router A. A session with the GR capability is established between the GR Restarter and each GR Helper. 2. The GR Restarter performs the AMB/SMB switchover. Figure 6-3 AMB/SMB switchover of the GR Restarter
RouterD
GR Helper
RouterA
GR Restarter RouterC
RouterB
GR Helper
GR Helper Session with GR capability The administrator restarts the GR restarter,or the GR restarter itself fails
When the GR Helpers find that the GR Restarter fails, they maintain the adjacency with the GR Restarter and retain the routing information related to the GR Restarter before the GR time times out. 3.
6-6
After the SMB is started, the GR Restarter sends signals to the neighbors.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
6 GR Configuration
Figure 6-4 GR Restarter sending signals to the neighbors after the AMB/SMB switchover
RouterD
GR Helper
RouterA RouterB
GR Restarter
RouterC
GR Helper
GR Helper
The SMB of the GR Restarter is restarted to sends signals to the GR Helpers, and reestablish sessions. 4. The GR Restarter obtains topology information from neighbors. Figure 6-5 GR Restarter obtaining topology information from neighbors
RouterD
GR Helper
RouterA RouterB
GR Restarter
RouterC
GR Helper
GR Helper
After the GR Restarter obtains the topology information from its neighbors, it recalculates the routing table and triggers the aging of the old routes. Thus, the GR Restarter completes the AMB/SMB switchover during which packet forwarding is not interrupted.
Issue 03 (2010-03-31)
6-7
6 GR Configuration
Drawback
l
It is easy to implement and does not need great modifications to the existing software. It does not need to back up the protocol status information. Few data needs to be backed up from the AMB to the SMB. The data includes configuration modification, updated messages and events, interface status change, and topology information and routing information from neighbors after restart. During the switchover, there is little probability of service interruption. Normally, the network converges rapidly.
Interoperability: Some of the GR specifications are still drafts and the implementation varies with vendors. Concurrent collapse: If a GR router and its neighbor(s) collapse concurrently, GR cannot work normally. Long convergence time: When a GR router in the Down state cannot recover again, its neighbors assume that the GR Restarter will restart, so the neighbors do not delete the related routing and topology information before the Recovery timer times out. Compared with the common network in which the routers do not have the GR capability, this network takes a longer period to converge. Dependence of the recovery process on neighbor routers: Neighboring routers must support the GR capability, because GR is not "selfcontained". More difficult to implement than GR: More information, including the protocol status, the session, the route, the policy, and the update, needs to be backed up. Usage of more communication channel bandwidth: The HSB needs to support the TCP backup between the AMB and the SMB. Dependence on the hot backup of the BGP/LDP session on the TCP connection. If you do not expect the neighbors to be aware of the switchover, you must back up the continuously changing TCP link status from the AMB to the SMB.
HSB
The AMB/SMB switchover on the HSB router does not affect the service forwarding and routing process. The routing information and topology information are not lost and the protocol session is not interrupted during the switchover. The switchover between the AMB and SMB is self-contained. The neighbour routers do not need to have the GR capability. There is no problem of compatibility. The switchover does not affect the neighbors. The network convergence is faster than the network with GR routers.
6-8
Issue 03 (2010-03-31)
6 GR Configuration
MPLS LDP (DU or DoD) OSPF (IPv4) IS-IS (IPv4/IPv6) BGP (IPv4/IPv6), VPNv4 BGP, and BGP with labelled routes
The NE80E/40E integrates the advantages of the GR and the HSB to implement the HA as follows:
l l
Provides the 1+1 backup through redundancy backup Backs up static configuration from the AMB to the SMB through HSB, and backs up the status of the protocols that do not have the GR capability. Restores the session status of the protocol extended with the GR capability, with the help of the neighbouring routers.
The HA feature that integrates dual main control boards, GR, and HSB is called system-level GR. The function of the system-level GR is to decrease the impact of the AMB/SMB switchover on the packet forwarding. A router can perform the system-level GR on the following conditions:
l l l
The router has dual main control boards. BGP, OSPF, IS-IS, and LDP support the GR function. The router supports HSB.
NOTE
When a router supports only GR rather than HSB, this router can be used as a GR Helper to support the GR process of other routers.
Issue 03 (2010-03-31)
6-9
6 GR Configuration
A system fault triggers the AMB/SMB switchover. When upgrading the software or maintaining the system, the administrator manually triggers the AMB/SMB switchover.
To ensure that services are not affected during the switchover, configure information synchronization between AMB and SMB. So far, there are two modes: automatic and manual.
Pre-configuration Tasks
Before configuring system level GR, you need to complete the following tasks:
l l
For the detailed configurations of OSPF GR, IS-IS GR, and BGP GR, refer to the HUAWEI NetEngine80E/ 40E Router Configuration Guide - IP Routing; for the detailed configurations of LDP GR, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - MPLS.
Data Preparation
To configure the system-level GR, you need the following data. No. 1 Data Default slot number of the SMB
6.2.2 (Optional) Configuring the Default Slot Number for the SMB
Context
If both main boards are available, the system determines which one is to be the SMB when the router restarts. Set the default slot number of the SMB using the command mentioned in this section. Do as follows on the GR Restarter:
Procedure
Step 1 Run:
system-view
6-10
Issue 03 (2010-03-31)
6 GR Configuration
Procedure
Step 1 Run:
system-view
The automatic synchronization of the AMB/SMB configuration is enabled. If the save command is run on the AMB to save the configuration, the system automatically updates the configuration on the SMB to synchronize the configurations on the AMB and the SMB. By default, the automatic synchronization of configuration data between AMB and SMB is enabled. To disable the automatic synchronization of configuration data between AMB and SMB, run the undo slave auto-update config command. ----End
Procedure
Step 1 Run:
system-view
The force AMB/SMB switchover is enabled. After the configuration, you can run the slave switchover command to perform the force AMB/ SMB switchover manually. By default, the force AMB/SMB switchover is enabled.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-11
6 GR Configuration
To disable the force AMB/SMB switchover, run the slave switchover disable command. ----End
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run the display switchover state [ slot-number ] command to check the status of AMB and SMB. ----End
6.3 Maintaining HA
This section describes how to monitor the working status of the HA. 6.3.1 Monitoring the Running of HA
6 GR Configuration
Procedure
Step 1 Run the display switchover state [ slot-id ] command in any view to display the backup status of the AMB and the SMB according to the specified slot ID. ----End
In AS65009, OSPF is used as the IGP protocol; an EBGP connection is set up between Router A and Router B; Router C is a non-BGP router in the AS. Router B has dual main control boards. The AMB and the SMB back up each other, and support HSB. That is, the AMB and the SMB are configured with the HSB function. BGP GR is enabled on Router A; OSPF GR and BGP GR are enabled on Router B; and OSPF GR is enabled on Router C.
When Router B performs the AMB/SMB switchover triggered by the system fault or the administrator, it is required that the service is not interrupted, that is, the current network service is not affected. Figure 6-6 Networking diagram of configuring the system-level GR
GE1/0/0 10.1.4.1/24
GE2/0/0 10.1.3.1/24
Configuration Roadmap
The configuration roadmap is as follows: 1. Enable BGP GR on Router A; enable OSPF GR and BGP GR on Router B; enable OSPF GR on Router C; configure GR parameters.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 6-13
Issue 03 (2010-03-31)
6 GR Configuration
2.
Data Preparation
To complete the configuration, you need the following data:
l l l
Procedure
Step 1 Configure the IP address for each interface. The configuration details are not mentioned here. Step 2 Configure basic OSPF and BGP functions. The configuration details are not mentioned here. Step 3 Configure OSPF GR functions. # Enable the link-local signaling and out-of-band synchronization capability of OSPF on Router B. The configuration of Router C is the same as the configuration of Router B.
[RouterB] ospf 100 [RouterB-ospf-100] opaque-capability enable
# Enable the OSPF GR capability on Router B. The configuration of Router C is the same as the configuration of Router B.
[RouterB-ospf-100] graceful-restart [RouterB-ospf-100] graceful-restart period 600
Step 5 Configure the parameters of the AMB/SMB switchover. # Specify the default slot number of the SMB.
<RouterB> system-view [RouterB] slave default 17
6-14
Issue 03 (2010-03-31)
6 GR Configuration
Step 6 Verify the configuration. # Perform the force AMB/SMB switchover on Router B.
[RouterB] slave switchover Caution!!! Confirm switch slave to master[Y/N]?y
# Running the display fib command on Router C and Router A, you can view that the forwarding entry related to Router B still exists. The forwarding is not interrupted and the service transmission is not affected.
<RouterC> display fib FIB Table: Total number of Routes : 9 Destination/Mask Nexthop 127.0.0.1/32 127.0.0.1 127.0.0.0/8 127.0.0.1 10.1.2.2/32 127.0.0.1 10.1.2.0/24 10.1.2.2 10.1.2.1/32 10.1.2.1 10.1.3.1/32 127.0.0.1 10.1.3.0/24 10.1.3.1 3.3.3.3/32 127.0.0.1 10.1.4.0/24 10.1.2.1 <RouterA> display fib FIB Table: Total number of Routes : 10 Destination/Mask Nexthop 127.0.0.1/32 127.0.0.1 127.0.0.0/8 127.0.0.1 10.1.4.1/32 127.0.0.1 10.1.4.0/24 10.1.4.1 10.1.1.1/32 127.0.0.1 10.1.1.0/24 10.1.1.1 10.1.1.2/32 10.1.1.2 10.1.2.0/24 10.1.1.2 10.1.3.0/24 10.1.1.2 1.1.1.1/32 127.0.0.1
Flag HU U HU U HU HU U HU DGU
TimeStamp t[42] t[42] t[561] t[561] t[561] t[578] t[578] t[724] t[1422]
Interface InLoop0 InLoop0 InLoop0 Pos1/0/0 Pos1/0/0 InLoop0 GE1/0/0 InLoop0 Pos1/0/0
TunnelID 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
TimeStamp t[28] t[28] t[28] t[28] t[444] t[444] t[444] t[1402] t[1402] t[2060]
Interface InLoop0 InLoop0 InLoop0 GE1/0/0 InLoop0 Pos2/0/0 Pos2/0/0 Pos2/0/0 Pos2/0/0 InLoop0
TunnelID 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0
----End
Configuration Files
l
Issue 03 (2010-03-31)
6-15
6 GR Configuration
undo synchronization network 10.1.4.0 255.255.255.0 peer 10.1.1.2 enable # return l
6-16
Issue 03 (2010-03-31)
7
About This Chapter
This chapter describes the basic principles and the implementations of the Ethernet OAM. It also provides configuration examples. 7.1 Ethernet OAM Overview This section describes the background and functions of Ethernet OAM, and the Ethernet OAM functions supported by the NE80E/40E. 7.2 Configuring Basic EFM OAM This section describes how to configure basic EFM OAM. 7.3 Configuring EFM OAM Link Monitoring This section describes how to configure EFM OAM link monitoring. 7.4 Testing the Packet Loss Ratio on the Physical Link This section describes the method of testing the packet loss ratio on the link by configuring remote loopback and sending testing packets. 7.5 Associating EFM OAM with an Interface This section describes how to associate EFM OAM with an interface. 7.6 Configuring Basic Ethernet CFM This section describes how to configure basic Ethernet CFM. 7.7 Configuring Related Parameters of Ethernet CFM This section describes how to Configure Related Parameters of Ethernet CFM. 7.8 Fault Verification on the Ethernet This section describes the method of testing the connectivity on the Ethernet through 802.1ag MAC ping or MAC ping, and the method of detecting the connectivity on the PBB-TE tunnel through PBB-TE MAC ping. 7.9 Locating the Fault on the Ethernet This section describes the method of locating the connectivity fault on the Ethernet through 802.1ag MAC trace or MAC trace, and the method of locating the connectivity fault on the PBBTE tunnel through PBB-TE MAC trace. 7.10 Associating Ethernet CFM with an Interface
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-1
This section describes how to associate Ethernet CFM with an interface. 7.11 Associating EFM OAM with Ethernet CFM This section describes how to associate EFM OAM with Ethernet CFM. 7.12 Associating Ethernet CFM with VPLS 7.13 Associating Ethernet OAM with MPLS OAM or BFD This section describes how to associate Ethernet OAM with MPLS OAM or BFD. 7.14 Configuring Ethernet CFM and 1+1 Protection of Multicast VLANs This section describes how to configure Ethernet CFM and 1+1 Protection of Multicast VLANs. 7.15 Maintaining Ethernet OAM This section describes how to clear statistics of error CCMs, and how to monitor the running status of Ethernet OAM. 7.16 Configuration Examples This section provides several configuration examples of Ethernet OAM.
7-2
Issue 03 (2010-03-31)
Functions
Ethernet OAM has the following functions:
l
Fault management
Ethernet OAM can detect the network connectivity by sending detection messages regularly or through manual triggering. Ethernet OAM can locate faults on the Ethernet by using means similar to the Packet Internet Groper (ping) and traceroute tools on IP networks. Ethernet OAM can work with the Automatic Protection Switching (APS) to trigger protection switching when detecting connectivity faults. This ensures service interruption in no more than 50 ms to achieve carrier-class reliability.
Performance management Performance management is used to measure the packet loss ratio, delay, and jitter during the transmission of packets. It also collects statistics on various kinds of traffic. Performance management is implemented at the access point of users. By using the performance management tools, the ISP can monitor the network status and locate faults through the Network Management System (NMS). The ISP checks whether the forwarding capacity of the network complies with the Service Level Agreement (SLA) signed with users.
Ethernet OAM improves network management and maintenance capabilities on the Ethernet and guarantees a steady network.
Issue 03 (2010-03-31)
7-3
OAM discovery When an interface on the NE80E/40E and the remote interface are both enabled with EFM OAM, the interface and the remote interface send and respond with a slow protocol frame, that is, an OAM Protocol Data Unit (OAM PDU) to determine whether the EFM OAM configurations on both interfaces match. This is called OAM discovery. If the EFM OAM configurations on both interfaces match, the two interfaces enter the EFM OAM Detect state. In the Detect state, the two interfaces send OAM PDUs regularly to maintain adjacencies. In normal situations, the interval for sending OAM PDUs is 1 second.
Link monitoring Link monitoring is a mechanism for an interface to notify the peer of the fault by sending the event notification OAM PDU when the interface detects the errored frame event, errored code event, or errored frame seconds event.
The errored frame event means that the number of errored frames detected on an interface reaches or exceeds the specified threshold within a set period. The errored code event means that the number of errored codes detected on an interface reaches or exceeds the specified threshold within a set period. The errored frame seconds summary event means that the number of errored frame seconds detected on an interface reaches or exceeds the specified threshold within a set period.
An errored frame second is a one-second interval during which at least one errored frame is detected.
l
Fault notification When a link event about a fault occurs on the local interface, the local interface notifies the peer of the fault through OAM PDUs. The local interface then records the event in the log, and reports the event to the NMS. This is called fault notification. A link event can be one of the following:
The system reboots. The Line Processing Unit (LPU) resets. A physical link fails. OAM PDUs time out. Errors transmitted by the OAM management module.
After receiving OAM PDUs, the peer records the event carried in OAM PDUs to the log and reports it to the NMS.
l
Remote loopback When the local interface sends non-OAM PDUs to the peer, instead of forwarding nonOAM PDUs based on their destination MAC addresses, the peer loops back non-OAM
7-4
Issue 03 (2010-03-31)
PDUs to the local interface. This is called remote loopback. Remote loopback can be used to locate faults and test link performance. The working mode of EFM OAM is an attribute of the interface enabled with EFM OAM. The working mode of EFM OAM on an interface is active or passive. OAM discovery and remote loopback are initiated only by the interface in active mode.
Ethernet CFM
Connectivity Fault Management (CFM) defined in IEEE 802.1ag specifies the OAM functions of connectivity check for Ethernet bearer networks. It includes the Continuity Check (CC), Loopback (LB), and Linktrace (LT). Ethernet CFM applies to end-to-end scenarios on largescale networks. Ethernet CFM is OAM at the network level. Currently, IEEE 802.1ag has two versions, that is, IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007. Table 7-1 shows the differences between these two versions. Table 7-1 Differences between IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007 Feature Maintenance Domain IEEE 802.1ag Draft 7 Supported IEEE Standard 802.1ag-2007 Supported Remarks Thefeatures and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same. The features and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same. The features and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same.
Supported Supported
Supported
Supported
Issue 03 (2010-03-31)
7-5
Remarks The features and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same. The MIP generation rules in both 802.1ag Draft 7 and Standard 802.1ag-2007 are classified into the same types, that is, default, explicit, and none. The difference between the MIP generation rules in 802.1ag Draft 7 and Standard 802.1ag-2007, however, is as follows:
l
Supported
Supported
According to 802.1ag Draft 7, the MIP is created on the basis of the interface. According to Standard 802.1ag-200 7, the MIP is created on the basis of the MD or default MD.
7-6
Issue 03 (2010-03-31)
Remarks The features and configurations supported by 802.1ag Draft 7 and Standard 802.1ag-2007 are the same.
Basic concepts
MD A Maintenance Domain (MD) refers to the network or a part of the network where CFM is performed. Devices in an MD are managed by a single ISP.
Default MD According to IEEE Standard 802.1ag-2007, each device can be configured with one default MD. The default MD must be of a higher level than all MDs to which MEPs configured on the local device belong. In addition, the default MD must be of the same level as the high-level MD. The default MD transmits high-level CCMs and creates MIPs to reply LTR packets.
MA A Maintenance Association (MA) is part of an MD. An MD can be divided into one or multiple MAs. On the NE80E/40E, each MA is associated with a VLAN or a VSI. Ethernet CFM maintains the connectivity of each MA separately.
MEP A Maintenance association End Point (MEP) is an edge point within an MA. For the devices on the network enabled with Ethernet CFM, their MEPs are called local MEPs. For the other devices in the same MA, their MEPs are called the Remote Maintenance association End Points (RMEPs).
CAUTION
l
One Trunk interface can be configured with only one MEP, regardless of how many sub-interfaces the Trunk interface has. The system does not support hot swapping of boards.
MIP A Maintenance association Intermediate Point (MIP) is an intermediate point within an MA. According to IEEE 802.1ag Draft 7, MIPs reside on the interfaces of the device and are automatically generated on the basis of the interface. According to IEEE Standard 802.1ag-2007, MIPs are automatically generated on the basis of the MD or default MD.
Issue 03 (2010-03-31)
7-7
Connectivity check Ethernet CFM divides the network into one MD or multiple MDs. Each MD is further divided into one MA or multiple MAs. Ethernet CFM can detect the connectivity between MEPs within an MA by exchanging Continuity Check Messages (CCMs) periodically between MEPs.
Fault verification
802.1ag MAC ping Similar to ping, 802.1ag MAC ping works by sending test packets and waiting for a reply to test whether the destination device is reachable. 802.1ag MAC ping is initiated by a MEP and destined for a MEP or MIP within an MA.
GMAC ping GMAC ping works similarly to 802.1ag MAC ping. A MEP, however, is not required to initiate GMAC ping. The destination node does not need to be a MEP or a MIP. GMAC ping can be implemented without configuring the MD, MA, or MEP on the source device, the intermediate device, and the destination device.
PBB-TE Ping The Provider Backbone Bridging-Traffic Engineering (PBB-TE) ping operation is performed to detect connectivity of the PBB-TE tunnel.
Fault location
802.1ag MAC trace Similar to traceroute or tracert, 802.1ag MAC trace works by sending test packets and waiting for a reply to test the path between the local device and the destination device and to locate faults. 802.1ag MAC trace is initiated by a MEP and destined for a MEP or MIP within an MA.
GMAC trace GMAC trace works similarly to 802.1ag MAC trace. A MEP, however, is not required to initiate GMAC trace. The destination node does not need to be a MEP or a MIP. That is, GMAC trace can be implemented without configuring the MD, MA, or MEP on the source device, the intermediate device, and the destination device. All the intermediate devices can respond with a Linktrace Reply (LTR).
PBB-TE MAC trace PBB-TE MAC trace locates the connectivity fault on the PBB-TE tunnel. PBB-TE MAC trace is initiated by one end of the PBB-TE tunnel and destined for the other end.
Fault Association
l
Association between EFM OAM and an interface When EFM OAM is associated with the current interface and detects a link fault through the current interface, no other packets except EFM protocol packets can be forwarded on the interface and Layer 2 and Layer 3 services are blocked. Therefore, the association of EFM OAM and the current interface may greatly affect services. When the current interface detects the link fault recovery through EFM OAM, all packets can be forwarded on the interface and Layer 2 and Layer 3 services are unblocked. Before configuring the association between EFM OAM and an interface, ensure that the EFM OAM protocol on both ends of the link is in the detect state.
7-8
When a MEP detects a connectivity fault between the MEP and a specified RMEP within the same MA, the OAM management module performs the restart function, that is, shuts down the interface on which the MEP resides for seven seconds and then starts it.
l
Association between EFM OAM and the PBB-TE service instance (SI) When the EFM OAM module detects a connectivity fault, the OAM management module sends fault messages to the device at the other end through the PBB-TE tunnel to which the SI that EFM OAM associates with is bound.
Association between Ethernet CFM and the PBB-TE SI When the Ethernet CFM module detects a connectivity fault, the OAM management module sends fault messages to the device at the other end through the PBB-TE tunnel to which the SI that Ethernet CFM associates with is bound.
Association between Ethernet CFM and EFM OAM When the Ethernet CFM module detects a fault in an MA, the OAM management module sends fault messages to the peer device enabled with EFM OAM through the interface. When the EFM OAM module detects a fault, the OAM management module sends fault messages to the MA through the interface.
Ethernet CFM sends fault messages to EFM OAM. EFM OAM sends fault messages to Ethernet CFM. Ethernet CFM and EFM OAM perform bidirectional transmission of fault messages.
Association between Ethernet CFM and Ethernet CFM When the Ethernet CFM module detects a fault in an MA, the OAM management module sends fault messages to the MA at the other side through the binding relationship.
Ethernet CFM at one side sends fault messages to Ethernet CFM at the other side. Ethernet CFMs at both sides perform bidirectional transmission of fault messages.
Association between Ethernet CFM and Bidirectional Forwarding Detection (BFD) When the Ethernet CFM module detects a fault in an MA, the OAM management module sends fault messages to BFD at the other side through the binding relationship. When BFD detects a fault, BFD sends fault messages to the MA through the binding relationship.
Ethernet CFM sends fault messages to BFD. BFD sends fault messages to Ethernet CFM. Ethernet CFM and BFD perform bidirectional transmission of fault messages.
Association between Ethernet CFM and Multiprotocol Label Switching (MPLS) OAM When the Ethernet CFM module detects a fault in an MA, the OAM management module sends fault messages to MPLS OAM through the binding relationship. When MPLS OAM detects a fault, the OAM management module sends fault messages to the MA through the binding relationship.
Ethernet CFM sends fault messages to MPLS OAM. MPLS OAM sends fault messages to Ethernet CFM.
Association between EFM OAM and BFD When the EFM OAM module detects a fault, the OAM management module sends fault messages to BFD at the other side through the interface. When BFD detects a fault, BFD sends fault messages to EFM OAM through the interface.
EFM OAM sends fault messages to BFD. BFD sends fault messages to EFM OAM.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-9
Issue 03 (2010-03-31)
Association between EFM OAM and MPLS OAM When the EFM OAM module detects a fault, the OAM management module sends fault messages to MPLS OAM through the interface. When MPLS OAM detects a fault, the OAM management module sends fault messages to EFM OAM through the interface.
EFM OAM sends fault messages to MPLS OAM. MPLS OAM sends fault messages to EFM OAM.
As shown in Figure 7-1. Figure 7-1 Networking diagram of EFM OAM extension for VRRP
VLANIF/VPLS VRRP
UNI interface link detection by EFM OAM extension SoftX Master link Slave link link detection by EFM OAM extension
7-10
Issue 03 (2010-03-31)
Router A functions as the master router and Router B functions as the backup router. The SoftX uses two interface boards, namely, a master interface board and a slave interface board, to respectively connect both routers. On the master and slave interface boards, the interfaces that are respectively connected to Router A and Router B are configured with the same IP address. Normally, the IP address of the interface on the master interface board is valid. The SoftX is dual homed to the gateways, that is, Router A and Router B. A VRRP backup group is configured on VLANIF interfaces. The virtual IP address of the VRRP backup group and the IP addresses of Router A and Router B are in the same network segment. The downstream interfaces of Router A and Router B are common Ethernet interfaces. The VRRP backup group is configured to track the traffic of the downstream interfaces in reduce mode, and EFM OAM extension for VRRP is enabled. In addition, the link between Router A and Router B can be configured in either of the following modes:
Configuring the link in VLANIF mode - To configure the link in VLANIF mode, you need to perform the following steps:
Configure VLANIF interfaces. Therefore, both routers are in one broadcast domain, that is, a VLAN. Add the downstream interface (a Layer 2 interface) of each router into the VLAN.
Configuring the link in VPLS mode - To configure the link in VPLS mode, you need to perform the following steps:
Set up a PW, and configure the downstream interfaces of both routers as the attachment circuit (AC) interfaces to access the VPLS. Configure Layer 2 Virtual Ethernet (L2VE) interfaces between the routers, and bind the L2VE interfaces and VC interfaces into the same virtual switching instance (VSI). Configure the VRRP backup group on Layer 3 VE (L3VE) interfaces, and bind the L3VE interfaces and the L2VE interfaces into the same VE group. In this manner, you can configure Router A and Router B into the same broadcast domain.
All the preceding configurations ensure that the SoftX can detect the faults on the master link and slave link based on EFM OAM extension and all devices can achieve EFM OAM extension for VRRP. Generally, the SoftX decides the link status based on relevant calculations, and then advertises the link status information to the downstream interfaces of both routers by sending EFM OAM extension PDUs. As just mentioned, the VRRP backup group is configured to track the traffic of the downstream interfaces in reduce mode, and EFM OAM extension for VRRP is enabled. Therefore, after Router A receives the PDU indicating the link-down state, the VRRP priority of Router A is reduced, and Router A becomes the backup router. Conversely, after Router B receives the PDU indicating the link-up state, the VRRP priority of Router B is increased, and Router B becomes the master router. This can ensure the consistency between the VRRP master/slave status and the master/slave status of the downstream interfaces. In addition, if Router A is notified of a fault that is detected by EFM OAM extension, Router A considers that the master link is faulty, and thus lowers its VRRP priority. The SoftX then performs the master/slave failover, and sends the PDU indicating the link-up state to Router B. The VRRP priority of Router B is thus increased, and Router B becomes the master router. This can ensure the consistency between the master/slave status of the SoftX and the master/slave status of both routers.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-11
Link Failover Between Downstream Interfaces: If a fault on the master link is detected by EFM OAM extension, the SoftX performs the master/slave failover and sends the gratuitous ARP packet and EFM OAM extension PDU to Router B. 1. If Router B receives the gratuitous ARP packet earlier than the EFM OAM extension PDU, the procedure is as follows:
Router B refreshes the MAC entries and ARP entries, creates the route destined for the SoftX, and broadcasts the gratuitous ARP packet to Router A. Router A also refreshes ARP entries and updates the status of its downstream interface. In this manner, the downstream traffic from Router A to the SoftX is sent to Router B, and Router B then forwards the traffic to the SoftX according to its MAC table. At the moment, the downstream traffic is forwarded by Router B, but the backup link between Router B and the SoftX is still Down. Therefore, the downstream traffic is discarded.
Then Router B receives the PDU indicating the link-up state. Consequently, Router B advertises routes, increases the VRRP priority, and changes its link to the master link. The downstream traffic is thus directly forwarded by Router B. After Router A is informed of the fault detected by EFM OAM extension, Router A deletes all routes, lowers its VRRP priority, and changes its link to the backup link. Therefore, the upstream and downstream traffic through Router A is blocked.
2.
If Router B receives the PDU indicating the link-up state earlier than the gratuitous ARP packet, the procedure is as follows:
Router B advertises routes and unblocks its links. The VRRP priority of Router B is increased, and the VRRP link between Router B and the SoftX is switched into the master link. Then Router B forwards the upstream and downstream traffic, and sends gratuitous ARP packets to Router A and the SoftX. After Router A is informed of the fault detected by EFM OAM extension, Router A deletes all its routes, lowers its VRRP priority, and changes its VRRP link to the backup link. At the same time, Router A blocks its downstream interface. After the SoftX learns the gratuitous ARP packets sent by Router B, the SoftX establishes a route to Router B. Then the downstream traffic is forwarded by Router B.
When the faulty link between Router A and the SoftX recovers, the SoftX still notifies Router A of keeping the current slave state. Therefore, no gratuitous ARP packet is sent, and traffic is not switched from Router B to Router A.
Link Failover Between Upstream Interfaces: When the upstream link of Router A fails, the remote PE converges the route destined for Router A. Then both the downstream traffic and upstream traffic are forwarded by Router B.
7-12
Issue 03 (2010-03-31)
Figure 7-2 Networking diagram of EFM OAM extension for static routes IP/MPLS RouterA interface IP VRRP RouterB interface IP
Router A functions as the master router and Router B functions as the backup router. The SoftX uses two interface boards, namely, a master interface board and a slave interface board, to respectively connect both routers. On the master and slave interface boards, the interfaces that are respectively connected to Router A and Router B are configured with the same IP address. On Router A and Router B, the interfaces that are connected to the SoftX are configured with the same IP address. All the IP addresses are configured in the same network segment. A service IP address is configured on the SoftX to transmit services, and either router is configured with a static route destined for the service IP address. Router A and Router B, both as PEs, are connected through Ethernet interfaces or Eth-Trunk interfaces. The downstream interfaces of both routers are Ethernet interfaces. EFM OAM extension is enabled on the SoftX, and the SoftX advertises the link-status information to both routers; EFM OAM extension for static routes is enabled on both routers. Router A advertises the static route destined for the service IP address on the SoftX, and Router B does not advertise any route. If EFM OAM extension detects a fault, the link failover between Router A and Router B is performed. After route convergence is completed, the upstream and downstream traffic flows through the new master link.
Link Failover Between Downstream Interfaces: When the master link fails, the SoftX performs the link failover, and sends the PDU indicating the link-up state to Router B. After receiving the PDU, Router B changes to the master router, and advertises the static route destined for the service IP address on the SoftX. Router A, being informed of a fault detected by EFM OAM extension, changes to the backup router, and deletes the route destined for the service IP address on the SoftX. When the faulty link between the SoftX and Router A recovers, the SoftX still notifies Router A of keeping the current backup state. Therefore, the traffic is not switched from Router B to Router A, and Router A does not advertise any route.
Issue 03 (2010-03-31)
7-13
Link Failover Between Upstream Interfaces: When the upstream link of Router A fails, the remote PE converges the route destined for Router A. Then the downstream and downstream traffic is forwarded by Router B.
Pre-configuration Tasks
None.
Data Preparation
To configure EFM OAM, you need the following data. No. 1 Data (Optional) Maximum size of an EFM OAM PDU
7-14
Issue 03 (2010-03-31)
Procedure
Step 1 Run:
system-view
EFM OAM is enabled globally. By default, EFM OAM is disabled globally. ----End
The working mode of EFM OAM on the interface can be configured only after EFM OAM is enabled globally and before EFM OAM is enabled on the interface. The working mode of EFM OAM on the interface cannot be modified after EFM OAM is configured on the interface.
Procedure
Step 1 Run:
system-view
The interface view of an interface at one end of the link is displayed. Step 3 Run:
efm mode { active | passive }
The working mode of EFM OAM on the interface is configured. By default, EFM OAM on an interface works in active mode. At least one interface at both ends of the link must be configured to work in active mode. The interface in active mode initiates OAM discovery after EFM OAM is enabled on the interface. Instead of initiating OAM discovery, the interface in passive mode waits for an OAM PDU sent from the interface in active mode. If both interfaces are configured to work in active mode, you
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-15
can implement link detection. If both interfaces are configured to work in passive mode, OAM discovery fails. ----End
Procedure
Step 1 Run:
system-view
The interface view of an interface at one end of the link is displayed. Step 3 Run:
efm packet max-size size
The maximum size of an EFM OAM PDU is set. By default, the maximum size of an EFM OAM PDU on an interface is 128 bytes. EFM OAM PDUs that exceed 128 bytes are discarded as invalid packets. If the maximum size of an EFM OAM PDU on both interfaces of the link is configured differently, the two interfaces negotiate and determine the value during the OAM discovery process. The smaller maximum size of an EFM OAM PDU set on the local interface and the peer is selected. ----End
Procedure
Step 1 Run:
system-view
Step 3 Run:
efm enable
EFM OAM is enabled on the interface. By default, EFM OAM on an interface is disabled. ----End
Procedure
l l Run the display efm { all | interface interface-type interface-number } command to check information about EFM OAM on an interface. Run the display efm session { all | interface interface-type interface-number } command to check the status of the EFM OAM protocol on an interface.
----End
Example
Run the display efm command. You can view all the EFM OAM configurations on the local interface and part of the EFM OAM configurations on the remote interface. For example:
<HUAWEI> display efm interface gigabitethernet2/0/1 Item Value ---------------------------------------------------Interface: GigabitEthernet2/0/1 EFM Enable Flag: enable Mode: active OAMPDU MaxSize: 128 ErrCodeNotification: disable ErrCodePeriod: 1 ErrCodeThreshold: 1 ErrFrameNotification: disable ErrFramePeriod: 45 ErrFrameThreshold: 1 ErrFrameSecondNotification: disable ErrFrameSecondPeriod: 60 ErrFrameSecondThreshold: 1 TriggerIfDown: disable Remote MAC: 00e0-fc7f-724f Remote EFM Enable Flag: enable Remote Mode: passive Remote MaxSize: 128
Run the display efm session command. If the EFM OAM protocol on the interface is in the Detect state, it means that the configuration succeeds. The two interfaces succeed in negotiation and enter the Detect state.
<HUAWEI> display efm session interface gigabitethernet2/0/1 Interface EFM State Loopback Timeout -------------------------------------------------------------------GigabitEthernet2/0/1 detect --
Issue 03 (2010-03-31)
7-17
Pre-configuration Tasks
Before configuring EFM OAM link monitoring, complete the following tasks:
l
Data Preparation
To configure EFM OAM link monitoring, you need the following data. No. 1 2 3 Data (Optional) Period and threshold for detecting errored frames of EFM OAM (Optional) Period and threshold for detecting errored codes of EFM OAM (Optional) Period and threshold for detecting errored frame seconds of EFM OAM
Procedure
Step 1 Run:
system-view
The interface view of an interface at one end of the link is displayed. Step 3 Run:
efm error-frame period period
The period for detecting errored frames on the interface is set. By default, the period for detecting errored frames on an interface is 1 second. Step 4 Run:
efm error-frame threshold threshold
The threshold for detecting errored frames on the interface is set. By default, the threshold for detecting errored frames on an interface is 1. Step 5 Run:
efm error-frame notification enable
The interface is enabled to detect errored frames. By default, an interface cannot detect errored frames. ----End
Procedure
Step 1 Run:
system-view
The interface view of an interface at one end of the link is displayed. Step 3 Run:
efm error-code period period
Issue 03 (2010-03-31)
7-19
The period for detecting errored codes on the interface is set. By default, the period for detecting errored codes on an interface is 1 second. Step 4 Run:
efm error-code threshold threshold
The threshold for detecting errored codes on the interface is set. By default, the threshold for detecting errored codes on an interface is 1. Step 5 Run:
efm error-code notification enable
The interface is enabled to detect errored codes. By default, an interface cannot detect errored codes. ----End
Procedure
Step 1 Run:
system-view
The interface view of an interface at one end of the link is displayed. Step 3 Run:
efm error-frame-second period period
The period for detecting errored frame seconds on the interface is set. By default, the period for detecting errored frame seconds on an interface is 60 seconds. Step 4 Run:
efm error-frame-second threshold threshold
The threshold for detecting errored frame seconds on the interface is set. By default, the threshold for detecting errored frame seconds on an interface is 1. Step 5 Run:
7-20 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
The interface is enabled to detect errored frame seconds. By default, an interface cannot detect errored frame seconds. ----End
Procedure
Step 1 Run the display efm { all | interface interface-type interface-number } command to check information about EFM OAM on an interface. ----End
Example
Run the display efm command. You can view information about link monitoring on the interface. For example:
<HUAWEI> display efm interface gigabitethernet1/0/0 Item Value ---------------------------------------------------------Interface: GigabitEthernet1/0/0 EFM Enable Flag: enable Mode: active OAMPDU MaxSize: 128 ErrCodeNotification: enable ErrCodePeriod: 1 ErrCodeThreshold: 1 ErrFrameNotification: enable ErrFramePeriod: 45 ErrFrameThreshold: 1 ErrFrameSecondNotification: enable ErrFrameSecondPeriod: 60 ErrFrameSecondThreshold: 1 TriggerIfDown: disable RemoteMAC 00e0-fc7f-7258 Remote EFM Enable Flag enable Remote Mode passive Remote MaxSize 128
7.4.5 (Optional) Manually Disabling EFM OAM Remote Loopback 7.4.6 Checking the Configuration
CAUTION
The forwarding of service data is affected after EFM OAM remote loopback is enabled. So, enable EFM OAM remote loopback on the link that need not forward service data. You can perform the configuration task to detect the packet loss ratio on a link. As shown in Figure 7-4, enable EFM OAM on Router A and Router B and enable remote loopback on GE 1/0/1 on Router A. Send test packets from Router A to Router B. You can get the packet loss ratio on the link by observing the receiving of test packets on Router A. Figure 7-4 Diagram of testing the packet loss ratio on the link
Test packets RouterA GE1/0/1 (Active) EFM OAM RouterB GE2/0/1 (Passive) Test packets data flow
Pre-configuration Tasks
Before testing the packet loss ratio on the link, complete the following tasks:
l
Data Preparation
To test the packet loss ratio on the link, you need the following data. No. 1 2 Data Timeout period for remote loopback Destination MAC address, VLAN ID, outbound interface, size, number, and sending rate of test packets
7-22
Issue 03 (2010-03-31)
Procedure
Step 1 Run:
system-view
Remote loopback is initiated by the interface. By default, the timeout period for remote loopback is 20 minutes. After the timeout period, remote loopback is automatically disabled. You can set the timeout period to 0 for a link to remain in the remote loopback state. The following requirements must be met to implement remote loopback:
l l
The EFM OAM protocols on the local interface and the peer are in the Detect state. EFM OAM on the local interface works in active mode.
You can use the display efm session command to check whether the EFM OAM protocols running on the local interface and the peer are in the Detect state. Step 4 Run:
efm loopback action discard
The interface is configured to discard the packets looped back. By default, the interface discards the packets looped back. ----End
Procedure
Step 1 Run:
system-view
Step 2 Run:
test-packet start [ mac mac-address ] [ vlan vlan-id ] interface interface-type interface-number [ -c count | -p speed | -s size ] *
Test packets are sent. By default, the size of a test packet is 64 bytes; the transmitting rate is 1 Mbit/s; the number of test packets sent is 5. The outbound interface for the test packets is the interface that connects the link to be tested. ----End
Postrequisite
The parameter in this command cannot be modified when test packets are being sent. Press Ctrl+C to stop sending test packets.
Procedure
Step 1 Run:
display test-packet result
Statistics of the returned test packets are displayed. The displayed information includes:
l l l l l l l l
Number of sent test packets Number of received test packets Number of discarded test packets Total number of bytes of sent test packets Total number of bytes of received test packet Total number of bytes of discarded test packet Time to start the sending of test packet Time to end the sending of test packet
You can obtain the packet loss ratio on the link based on the preceding data. ----End
Procedure
Step 1 Run:
system-view
Remote loopback is disabled on the interface. If EFM OAM remote loopback is left enabled, the link fails to forward service data for a long time. To prevent this, EFM OAM remote loopback on the NE80E/40E can be automatically disabled after a timeout period. By default, the timeout period for remote loopback is 20 minutes. After 20 minutes, remote loopback stops. If you need to disable remote loopback manually, perform the preceding operation procedures. ----End
Procedure
Step 1 Run the display efm session { all | interface interface-type interface-number } command to check the status of the EFM OAM protocol on an interface. ----End
Example
Run the display efm session command on the device with an active interface on the link. If the EFM OAM protocol on the active interface is in the loopback (control) state, which indicates that the active interface initiates remote loopback, it means that the configuration succeeds.
<RouterA> display efm session interface gigabitethernet 1/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet1/0/1 Loopback(be controlled) 20
Run the display efm session command on the device with a passive interface on the link. If the EFM OAM protocol on the passive interface is in the loopback (be controlled) state, which indicates that the passive interface responds to remote loopback, it means that the configuration succeeds.
<RouterB> display efm session interface gigabitethernet 2/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet2/0/8 Loopback(be controlled) --
Issue 03 (2010-03-31)
7-25
Run the display efm session command on any of the devices on the link after remote loopback is automatically or manually disabled, you can view that the EFM OAM protocol status on the interface is no longer loopback (control) or loopback (be controlled).
<RouterA> display efm session interface gigabitethernet 1/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet2/0/8 Detect --
Pre-configuration Tasks
Before associating EFM OAM with an interface, complete the following tasks:
l
Data Preparation
To associate EFM OAM with an interface, you need the following data.
7-26
Issue 03 (2010-03-31)
No. 1
Procedure
Step 1 Run:
system-view
The interface view of an interface at one end of the link is displayed. Step 3 Run:
efm trigger if-down
EFM OAM is associated with the interface. By default, an interface is not associated with EFM OAM. The efm trigger if-down command is valid in the interface view only after EFM OAM is enabled on the interface with the efm enable command. When EFM OAM is associated with the current interface and detects a link fault through the current interface, no other packets except EFM protocol packets can be forwarded on the interface and Layer 2 and Layer 3 services are blocked. Therefore, the association of EFM OAM and the current interface may greatly affect services. When the current interface detects the link fault recovery through EFM OAM, all packets can be forwarded on the interface and Layer 2 and Layer 3 services are unblocked. Before configuring the association between EFM OAM and an interface, ensure that the EFM OAM protocol on both ends of the link is in the detect state. If Layer 2 and Layer 3 services are blocked due to a misoperation, you can run the undo efm trigger if-down command in the interface view to restore services. ----End
Procedure
Step 1 Run the display efm { all | interface interface-type interface-number } command to check the EFM OAM configuration information on an interface. ----End
Example
Run the display efm command. If the item "TriggerIfDown" is displayed as "enable", it means that the configuration succeeds.
<HUAWEI> display efm interface gigabitethernet1/0/1 Item Value ---------------------------------------------------Interface: GigabitEthernet1/0/1 EFM Enable Flag: enable Mode: active OAMPDU MaxSize: 128 ErrCodeNotification: disable ErrCodePeriod: 1 ErrCodeThreshold: 1 ErrFrameNotification: disable ErrFramePeriod: 1 ErrFrameThreshold: 1 ErrFrameSecondNotification: disable ErrFrameSecondPeriod: 60 ErrFrameSecondThreshold: 1 TriggerIfDown: enable TriggerMacRenew: disable Remote MAC: 0018-8200-0001 Remote EFM Enable Flag: enable Remote Mode: passive Remote MaxSize: 128
Automatic end-to-end connectivity detection Automatic connectivity detection on directly connected links
You need to ensure that the following conditions be met before implementing automatic endto-end connectivity detection on the Ethernet:
l
MDs are classified based on the ISP that manages the devices. All the devices that are managed by a single ISP and enabled with CFM can be configured in an MD. One default MD can be configured on each device, that it transmits high-level CCMs and generates MIPs to reply LTR packets.
MAs are classified based on different SIs. An MA is associated with a VLAN. A VLAN generally maps to an SI. When the MA is classified, fault detection in connectivity can be carried out on the network where an SI is transmitted. You need to determine the interfaces on which devices are located at the edge of the MA, that is, to determine that MEPs must be configured on the interfaces on which devices.
When implementing automatic connectivity detection on directly connected links, you also need to ensure that:
l l l
The devices at both ends must be configured in the same MA within an MD. An MA can be either associated with a VLAN or not. MEPs must be configured on the interfaces at both ends of the directly connected link.
Pre-configuration Tasks
None.
Data Preparation
To configure Ethernet CFM, you need the following data. No. 1 2 3 4 5 6 7
Issue 03 (2010-03-31)
Data Name and level of an MD (Optional) Name and level of a default MD Name of an MA, ID of the VLAN associated with the MA ID of a MEP, name of the interface on which the MEP resides, type of the MEP (Optional) ID of an RMEP and bridge MAC address of the device on which the RMEP resides Rule for creating a MIP Interval for a MEP sending or detecting CCMs in an MA
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-29
No. 8
Procedure
Step 1 Run:
system-view
All the devices on the network must be enabled with either IEEE 802.1ag Draft 7 or IEEE Standard 802.1ag-2007. IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007 cannot be enabled at the same time on a network.
----End
Procedure
Step 1 Run:
system-view
Ethernet CFM is enabled globally. By default, Ethernet CFM on the router is disabled globally. ----End
7-30 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
7.6.4 Creating an MD
Context
Do as follows on the router that requires Ethernet CFM:
Procedure
Step 1 Run:
system-view
An MD is created and the MD view is displayed. Parameters format, no-md-name, dnsname-and-mdname, and mac-address can be used only on the device running IEEE Standard 802.1ag-2007. By default, an MD is at level 0. Level 0 is the lowest level. Repeat Step 2 to create more MDs. Up to 64 MDs can be created on the NE80E/40E.
NOTE
The 802.1ag packets from a lower-level MD are discarded when being transmitted through the same level MD or a higher-level MD. The 802.1ag packets from a higher-level MD can be transmitted through a lowerlevel MD.
----End
Procedure
Step 1 Run:
system-view
The default MD is created and the default MD view is displayed. By default, the default MD is at Level 7, the highest level. Each device can create only one default MD.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-31
The default MD must be of a higher level than all MDs to which MEPs configured on the local device belong. In addition, the default MD must be of the same level as the high-level MD. The default MD transmits high-level CCMs and generates MIPs to reply LTR packets.
----End
7.6.6 Creating an MA
Context
Do as follows on the NE80E/40E that requires Ethernet CFM:
Procedure
Step 1 Run:
system-view
An MA is created and the MA view is displayed. Up to 4K MAs can be created in an MD. On the NE80E/40E, up to 4K MAs can be created. One or multiple MA can map to one VLAN. Step 4 Run:
map vlan vlan-id
Associate the MA with a VLAN. By default, an MA is not associated with any VLAN. Ethernet CFM maintains the connectivity of each MA separately. After an MA is associated with a VLAN, Ethernet CFM can detect the connectivity fault on the network within the VLAN. This step is optional. If an MA is classified to detect the connectivity fault between two directly connected devices, the MA is not required to be associated with a VLAN. Otherwise, the MA must be associated with a VLAN. ----End
Postrequisite
An MA is associated with a VLAN only.
l l
If you need to create multiple MAs in an MD, repeat Step 3 and Step 4. If you need to create multiple MAs in multiple MDs, repeat Step 2 to Step 4.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
7-32
When an inward-facing MEP is created, the MA must be associated with a VLAN and the interface on which the MEP resides must be added to the VLAN. The inward-facing MEP then broadcasts the OAMPDUs in the VLAN associated with the MA. That is, the inwarding-facing MEP sends the OAMPDUs out through all the interfaces excluding the interface on which the MEP resides in the VLAN associated with the MAC. When the outward-facing MEP is created, the MA is not required to be associated with a VLAN. However, if the MA is associated with a VLAN, the interface on which the MEP resides must be added to the VLAN. The outward-facing MEP sends out the OAMPDUs through the interface on which the MEP resides. When the VLAN-based MEP is created, the MA must be associated with a VLAN.
The following lists the requirements for the number and types of MEPs created in an MA:
l
The inward-facing interface-based MEP and the outward-facing interface-based MEP cannot coexist. Only one outward-facing interface-based MEP can be created. Multiple inward-facing interface-based MEPs can be created. However, only one inward-facing interface-based MEP can be created on an interface. Only one VLAN-based MEP can be created.
CAUTION
l
One Trunk interface can be configured with only one MEP, regardless of how many subinterfaces the Trunk interface has. The system does not support hot swapping of boards.
Procedure
Step 1 Run:
system-view
On the NE80E/40E, the VLAN-based MEP is only used to detect connectivity faults in the multicast VLAN. The interface-based MEP is used for other scenarios.
----End
Postrequisite
l l l
If you need to create multiple MEPs in an MA, repeat Step 4. If you need to create multiple MEPs in multiple MAs, repeat Step 3 and Step 4. If you need to create multiple MEPs in multiple MDs, repeat Step 2 to Step 4.
Procedure
Step 1 Run:
system-view
Postrequisite
l
7-34
If you need to create multiple RMEPs in multiple MAs, repeat Step 3 and Step 4. If you need to create multiple RMEPs in multiple MDs, repeat Step 2 to Step 4.
According to IEEE 802.1ag Draft 7, MIPs are automatically generated on the basis of the interface. According to IEEE Standard 802.1ag-2007, MIPs are automatically generated on the basis of the MD or default MD.
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Choose the following commands to configure the MIP generation rule.
l
To configure the MIP generation rule in accordance with IEEE 802.1ag Draft 7, run:
mip create-type { default | explicit | none } [ interface interface-type interface-number ]
The MIP generation rule in accordance with IEEE 802.1ag Draft 7 is configured.
l
To configure the MIP generation rule in accordance with IEEE Standard 802.1ag-2007, choose one of the following commands to enter the proper view. 1. Run:
cfm md md-name [ format { no-md-name | dnsname-and-mdname | mac-address | md-name } ] [ level level ]
The MIP generation rule in accordance with IEEE Standard 802.1ag-2007 is configured. By default, the rule for creating a MIP is set to none.
l
default: MIPs can be generated on the interface, to which the MD or default MD belongs, without a MEP of a higher level and a MIP of a lower level. explicit: MIPs can be generated on the interface, to which the MD or default MD belongs, with a MEP of a lower level but without a MEP of a higher level or a MIP of a lower level. none: MIPs cannot be generated on the interface, to which the MD or default MD belongs.
If the rule for creating the MIP is default or explicit, the device generates the MIP automatically according to the rule.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-35
The level of a MIP depends on the level of the MD generating the MIP and the level generation rule. ----End
Procedure
Step 1 Run:
system-view
The interval for the MEP sending or detecting CCMs within the local MA is set. By default, the interval for the MEP sending or detecting CCMs within an MA is 1 second.
l l
The sending of CCMs is enabled by using the mep ccm-send enable command. The receiving of CCMs is enabled by using the remote-mep ccm-receive enable command.
If any of the preceding conditions is met in an MA, the interval for sending or detecting CCMs in the MA cannot be modified. If you want to modify the interval for sending or detecting CCMs in an MA, you must run the related undo commands to disable the sending or receiving of CCMs. Step 5 Run:
mep ccm-send [ mep-id mep-id ] enable
The sending of CCMs is enabled on the MEP. By default, a MEP is disabled to send CCMs. If mep-id mep-id is not specified, all the MEPs in the MA are enabled to send CCMs. Step 6 Run:
remote-mep ccm-receive [ mep-id mep-id ] enable
The receiving of CCMs from the RMEP within the same MA is enabled on the local MEP. By default, the local MEP cannot receive CCMs from the RMEP.
7-36 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
When the local device is enabled to receive CCMs from an RMEP, and if connectivity faults are detected between the local device and the RMEP through CC detection, the local device prompts alarms of RMEP connectivity. If mep-id mep-id is not specified, all the MEPs in the MA are enabled to receive CCMs from all the RMEPs. ----End
Postrequisite
l l
If you need to enable the CC detection in multiple MAs, repeat Step 3 to Step 6. If you need to enable the CC detection in multiple MDs, repeat Step 2 to Step 6.
Procedure
Step 1 Run:
system-view
The default MD is created and the default MD view is displayed. Step 3 Run:
vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>
Procedure
l l l Run the display cfm md [ md-name ] [ | { begin | include | exclude } regularexpression ] command to check the configuration information about an MD. Run the display cfm ma [ md md-name [ ma ma-name ] ] [ | { begin | include | exclude } regular-expression ] command to check detailed information about an MA. Run the display cfm mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command to check detailed information about a MEP.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-37
Issue 03 (2010-03-31)
l l l l l
Run the display cfm remote-mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command to check detailed information about an RMEP. Run the display mip create-type [ interface interface-type interface-number ] command to check the rule for creating a MIP. Run the display cfm mip [ interface interface-type interface-number | level level ] command to check information about a MIP. Run the display cfm default md command to check the configuration of the default MD. Run the display cfm error-info [ interface { interface-name | interface-type interfacenumber } ] [ vlan vlanid | vsi vsi-name ] [ error-type { ccm-interval-error | maiderror | mac-error | cfm-leak } ] command to check information about incorrect configurations of the specified error type. Run the display cfm mp-info [ interface { interface-name | interface-type interfacenumber } [ level md-level ] [ inward | outward ] [ vlan vlanid | vsi vsi-name | no-associatedvlan ] command to check information about the CFM objects on the specified interface and VLAN or VSI.
----End
Example
The output of the display cfm md command on the device running IEEE 802.1ag Draft 7 is different from that on the device running IEEE Standard 802.1ag-2007. Run the display cfm md command on the device running IEEE 802.1ag Draft 7. If information about the MD and the MD level is displayed, it means that the MD is created successfully.
<HUAWEI> display cfm md The total number of MDs is 2 MD-Name Level -------------------------------------------------md2 7 md3 3
Run the display cfm md command on the device running IEEE Standard 802.1ag-2007. If information about the name of the MD, MD name format, MD level, MIP generation rule, and sender ID TLV type is displayed, it means that the MD is created successfully.
<HUAWEI> display cfm md mdcustomer The total number of MDs is : 1 -------------------------------------------------MD Name : mdcustomer MD Name Format : md-name Level : 1 MIP Create-type : default SenderID TLV-type : SendIdDefer MA list : MA name : macustomer Interval : 20 Vlan ID : 400 VSI Name : --
Run the display cfm ma command. If information about the MA is displayed, it means that the configuration is successful.
<HUAWEI> display cfm ma <HUAWEI> display cfm ma md md1 The total number of MAs is 2: MD Name : md1 MD Name Format : md-name Level : 7
7-38
Issue 03 (2010-03-31)
Run the display cfm mep command. If information about the MEP is displayed, it means that the configuration is successful.
The total number of MEPs is 2 MD Name : md2 Level : 7 MA Name : ma3 MEP ID : 40 Vlan ID : 10 VSI Name : -Interface Name : GigabitEthernet1/0/1 CCM Send : enabled Direction : outward MD Name : md3 Level : 3 MA Name : ma1 MEP ID : 100 Vlan ID : 20 VSI Name : -Interface Name : GigabitEthernet2/0/1 CCM Send : enabled Direction : outward
Run the display cfm remote-mep command. If information about the RMEP is displayed, it means that the configuration is successful.
<HUAWEI> display cfm remote-mep The total number of RMEPs is 2 MD Name : md2 Level : 7 MA Name : ma3 RMEP ID : 110 Vlan ID : 20 VSI Name : -MAC : 0000-0121-0222 CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up MD Name : md2 Level : 4 MA Name : ma3 RMEP ID : 30 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled
Issue 03 (2010-03-31)
7-39
Run the display mip create-type command. If the MIP generation rule is correct, it means that the configuration is successful.
<HUAWEI> display mip create-type interface gigabitethernet1/0/1 Interface Name MIP Create-Type MIP Create-Type On Interface --------------------------------------------------------------------------GigabitEthernet1/0/1 none --
Run the display cfm mip command. If information about the MIP is displayed, it means that the configuration is successful.
<HUAWEI> display cfm mip Interface Name Level ----------------------------------GigabitEthernet2/0/8 0
Run the display cfm default md command. If information about the level of the default MD, MIP generation rule, sender ID TLV type, and VLAN chain associated with the default MD is displayed, it means that the configuration is successful.
<HUAWEI> display cfm default md Level MIP Create-type SenderID TLV-type VLAN List --------------------------------------------------------------------------------------7 default SendIdDefer 100 to 200 2049
Run the display cfm error-info command. If information about the incorrect configuration of the specified error type is displayed, it means that the configuration is successful.
<HUAWEI> display cfm error-info interface gigabitethernet1/0/2 error-type cfm-leak The total number of Errors is : 1 ---------------------------------------Interface : gigabitethernet1/0/2 VLAN ID : 100 VSI Name : -Error Type : ccm-interval-error cfm-leak MD Name : md1 MA Name : ma1 Level : 3 MEP ID : 10 CCM-Interval : 20 MAC Address : 0018-8247-b977
Run the display cfm mp-info command. If information about the CFM objects of the specified interface and VLAN or VSI is displayed, it means that the configuration is successful.
<HUAWEI> display cfm mp-info interface gigabitethernet1/0/1 level 6 inward vlan 300 MD Name : md1 MD Name Format : md-name Level : 6 MA Name : ma1 MEP ID : 10 VLAN ID : 300 VSI Name : -Interface Name : gigabitethernet1/0/1 CCM Send :enable Direction : inward MAC Address : 0018-8247-b977 ----------------------------------------------------The total number of MPs is 1. The number of MEPs is 1. The number of MIPs is 0.
7-40
Issue 03 (2010-03-31)
RMEP activation time After the local device is enabled with the function of receiving CCMs from a certain RMEP, the local device can display RMEP connectivity alarm in one of the following situations:
If the CC detects a connectivity fault between the local MEP and the RMEP, then, the local device displays the alarm of the RMEP connectivity fault.. The physical link works normally between the local MEP and the RMEP. The peer device is not configured with a MEP when the CC is performed; or, the MEP configuration is performed after the CC is performed. In this case, if the local MEP does not receive any CCMs from the RMEP in three consecutive sending intervals, the local device considers that a connectivity fault occurs between the local MEP and the RMEP. According to the preceding description, the RMEP connectivity fault alarm is incorrect. To solve the problem, you can set the RMEP activation time.
If the local device is configured with the RMEP activation time and enabled with the function of receiving CCMs from a certain RMEP, the local device can receive CCMs at the set RMEP activation time. That is, the activation time for receiving CCMs from the RMEP is the time reserved for configuring the RMEP. At the set RMEP activation time, if the local MEP does not receive any CCMs in three consecutive sending intervals, this means that a connectivity fault occurs between the local MEP and the RMEP. In addition, the local device displays the alarm of the RMEP connectivity fault.
l
Anti-jitter time during alarm restoration All the RMEPs of each MA use the following timers:
Alarm generation timer: Its interval is set to the anti-jitter time during alarm generation. Alarm restoration timer: Its interval is set to the anti-jitter time during alarm restoration.
When the RMEP detects an alarm, the alarm generation timer is activated. After the timer expires, the alarm is notified to the device. When the RMEP detects that the alarm is restored, the alarm restoration timer is activated. After the timer expires, the alarm restoration event is notified to the device. If the RMEP frequently detects the alarm and alarm restoration signals, this means that alarm flapping occurs.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-41
To suppress alarm flapping, you can set the anti-jitter time during alarm generation.
l
VLAN or VLAN chain All interfaces of the specified VLAN generate MIPs according to the configured MIP generation rule in the MD.
Pre-configuration Tasks
None.
Data Preparation
To adjust parameters of Ethernet CFM, you need the following data. No. 1 2 3 Data (Optional) RMEP activation time (Optional) Anti-jitter time during alarm restoration (Optional) Anti-jitter time during alarm generation
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
For the network where the MD, MA, and MEP are configured, you can implement 802.1ag MAC ping to test the connectivity between MEPs at the same maintenance level or between MEPs and MIPs at the same maintenance level. For the network where the MD, MA, and MEP are not configured, you can implement Gmac ping to test the connectivity between two devices. You can implement PBB-TE MAC ping to test the connectivity on the PBB-TE tunnel.
Pre-configuration Tasks
Before implementing 802.1ag MAC ping, complete the following tasks:
l
No pre-configuration tasks are needed to implement Gmac ping and PBB-TE MAC ping.
Data Preparation
To detect the connectivity on the Ethernet, you need the following data. No. 1 2 3
7-44
Data (Optional) Bridge MAC address of the device on which the destination MEP resides or ID of the destination MEP (Optional) Bridge MAC address of the device on which the destination MIP resides (Optional) Number, size, timeout period, and outbound interface of LBMs
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
No. 4 5
Data (Optional) VLAN to which the destination node belongs (Optional) Name of the PBB-TE tunnel
Procedure
Step 1 Run:
system-view
The connectivity between a MEP and a MEP or a MIP on other devices is tested. When implementing 802.1ag MAC ping, ensure that:
l l l
The MA is associated with a VLAN. The MEP is configured in the MA. If the outbound interface is specified, it cannot be configured with an inward-facing MEP. The interface must be added to the VLAN associated with the MA. If the destination node is a MEP, either mac mac-address or remote-mep mep-id mep-id can be selected. If remote-mep mep-id mep-id is selected, the RMEP must already be created with the remote-mep command and the bridge MAC address of the device on which the RMEP resides must be specified. If the destination node is a MIP, select mac mac-address.
The intermediate device on the link to be tested only forwards LBMs and LBRs. In this manner, the MD, MA, or MEP are not required to be configured on the intermediate device. ----End
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-45
Procedure
Step 1 Run:
system-view
Gmac ping is enabled globally. By default, Gmac ping is disabled. When Gmac ping is enabled:
l l
MAC ping can be implemented on the routers. The routers can respond to LBMs.
Step 3 Run:
ping mac mac-address vlan vlan-id [ interface interface-type interface-number | -c count | -s packetsize |-t timeout ] *
The connectivity between the router and the remote device is tested. A MEP is not required to initiate Gmac ping. The destination node does not need to be a MEP or a MIP. Gmac ping can be implemented without configuring the MD, MA, or MEP on the source device, the intermediate device, and the destination device. The two devices must be enabled with 802.1ag of the same version. If the local device is enabled with IEEE 802.1ag Draft 7 and the peer is enabled with IEEE Standard 802.1ag-2007, the local device cannot ping through the peer device when the ping mac command is run to detect connectivity of the link between the local and peer devices. ----End
For the network where the MD, MA, and MEP are configured, you can implement 802.1ag MAC trace to locate the connectivity fault between MEPs at the same maintenance level or between MEPs and MIPs at the same maintenance level. For the network where the MD, MA, and MEP are not configured, you can implement Gmac trace to locate the connectivity fault between two devices. You can implement PBB-TE MAC trace to locate the connectivity fault on the PBB-TE tunnel.
Pre-configuration Tasks
Before implementing 802.1ag MAC trace, complete the following tasks:
l
No pre-configuration tasks are needed to implement Gmac trace and PBB-TE MAC trace.
Data Preparation
To locate the connectivity fault on the Ethernet, you need the following data. No. 1 2 3 4 5 6 7 Data (Optional) Bridge MAC address of the device on which the destination MEP resides or ID of the destination MEP (Optional) Bridge MAC address of the device on which the destination MIP resides (Optional) Outbound interface of Linktrace Messages (LTMs) (Optional) Timeout period for waiting for an LTR (Optional) Time to Live (TTL) of LTMs (Optional) VLAN to which the destination node belongs (Optional) Name of the PBB-TE tunnel
Procedure
Step 1 Run:
system-view
The connectivity fault between the router and the remote router is located. When implementing 802.1ag MAC trace, ensure that:
l l l
The MA is associated with a VLAN. The MEP is configured in the MA. If the outbound interface is specified, it cannot be configured with an inward-facing MEP. The interface must be added to the VLAN associated with the MA. If the destination node is a MEP, either mac mac-address or remote-mep mep-id mep-id can be selected. If remote-mep mep-id mep-id is selected, the RMEP must already be created with the remote-mep command and the bridge MAC address of the device on which the RMEP resides must be specified. If the destination node is a MIP, select mac mac-address. If the forwarding entry of the destination node does not exist in the MAC address table, interface interface-type interface-number must be specified.
l l
The intermediate device on the link to be tested only forwards LTMs and LTRs. In this manner, the MD, MA, or MEP are not required to be configured on the intermediate device. ----End
Procedure
Step 1 Configuring the routers at both Ends and the Intermediate router Do as follows on the routers at both ends and the intermediate router on the link to be tested: 1. Run:
system-view
7-48
Issue 03 (2010-03-31)
Gmac trace is enabled globally. By default, Gmac trace is disabled. The following can be performed only after Gmac trace is enabled:
l l
Gmac trace can be implemented on the router. The routers can respond to LTMs of Gmac trace.
Step 2 Implementing Gmac trace Do as follows on the router at one end of the link to be tested: 1. Run:
system-view
The connectivity fault between the router and the remote router is located. A MEP is not required to initiate Gmac trace. The destination node does not need to be a MEP or a MIP. Gmac trace can be implemented without configuring the MD, MA, or MEP on the source device, the intermediate device, and the destination device. The two devices must be enabled with 802.1ag of the same version. If the local device is enabled with IEEE 802.1ag Draft 7 and the peer device is enabled with IEEE Standard 802.1ag-2007, the faulty node cannot be located when the trace mac command is run to detect connectivity of the link between the local and peer devices. ----End
Ethernet CFM
RouterA
GE1/0/1 GE2/0/1
Ethernet CFM is used to detect a directly connected link shown in Figure 7-6, or a multi-hop link shown in Figure 7-7. Configure Ethernet CFM on Router A and Router B; associate Ethernet CFM with GE 1/0/1 on Router A. When the CFM OAM module on Router A detects a connectivity fault between Router A and Router B, the OAM management module shuts down GE 1/0/1 and then starts it so that the other interfaces on Router A can sense the fault. Figure 7-8 Diagram of associating Ethernet CFM with an interface (3)
Ethernet CFM GE1/0/1 Link1 GE1/0/2 Link2 RouterB Link3 GE1/0/3 Active link Inactive link Aggregation group in static LACP mode MEPs in MA1 MEPs in MA2 MEPs in MA3
Configure the link aggregation group in static LACP mode on Router A and Router B. Enable Ethernet CFM on Router A and Router B. Router A and Router B belong to the same MD. Configure the MEP on all the member interfaces of the aggregation group. MEPs on the interfaces of the same link are configured within the same MA. MEPs on the interfaces along the same link belong to the same MA. MEPs on the interfaces on different links belong to different MAs. Ethernet CFM detects the link connectivity by exchanging CCMs between MEPs of the same link. You can then associate Ethernet CFM with the interfaces. When a connectivity fault occurs on Link 1, the OAM management modules on Router A and Router B shut down and then turn on their GE 1/0/1 interfaces respectively. In this manner, the
7-50 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
LACP module senses the connectivity fault on Link 1 and switches the service data forwarded on Link 1 to the inactive Link 3. This implements protection switching in no more than 50 ms to achieve carrier-class reliability. Figure 7-9 Diagram of associating Ethernet CFM with an interface (4)
RouterC
rnet Ethe
GE2/0/1 CFM
GE2/0/2 Ethe rn
GE1/0/1
et C F
GE1/0/1
Eth-Trunk1
Ethe r
net
CFM
F et C hern
RouterB GE1/0/2
Configure the link aggregation group in 1:1 active/standby mode on Router A and Router B. Configure Ethernet CFM on Router A, Router B, Router C, and Router D respectively. Associate Ethernet CFM with GE 1/0/1 and GE 1/0/2 on Router A and Router B. Assume that a connectivity fault occurs on the link between Router A and Router C. The Ethernet CFM module detects the fault and notifies the OAM management module of the fault. The OAM management module shuts down and then starts GE 1/0/1. This allows the link aggregation group to sense the fault and switch the service data to the inactive link. The procedure for processing connectivity faults on the other links is similar to that for processing the link fault between Router A and Router C. This implements protection switching in no more than 50 ms to achieve carrierclass reliability.
Pre-configuration Tasks
Before associating Ethernet CFM with an interface, complete the following tasks:
l l
Data Preparation
To associate Ethernet CFM with an interface, you need the following data. No. 1 2 Data Type and number of an interface Name of an MD, MA, and ID of an RMEP
Issue 03 (2010-03-31)
7-51
Procedure
Step 1 Run:
system-view
The view of a member interface of the link aggregation group is displayed. Step 3 Run:
cfm md md-name ma ma-name remote-mep mep-id mep-id trigger if-down
Ethernet CFM is associated with an interface. By default, an interface is not associated with Ethernet CFM. It is required that outward-facing MEPs be created in the specified MA and the current interface is configured with outward-facing MEPs before you use the cfm md md-name ma ma-name remote-mep mep-id mep-id trigger if-down command. An interface can be associated with an RMEP only. You need to delete the current configurations to modify the mapping between the interface and the RMEP. If multiple member interfaces exist in the link aggregation group, you should repeat Step 2 and Step 3 to associate Ethernet CFM with all the member interfaces. ----End
Procedure
Step 1 Run the display cfm remote-mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command to check detailed information about an RMEP. ----End
Example
Run the display cfm remote-mep command. If the "Trigger If-down" field for the RMEP is displayed as "enable", it means that the configuration succeeds.
<HUAWEI> display cfm remote-mep
7-52
Issue 03 (2010-03-31)
As shown in Figure 7-10, EFM OAM or Ethernet CFM runs between CE1 and PE1, and between CE2 and PE2; Ethernet CFM runs between PE1 and PE2. Configure the association between Ethernet OAMs. When a fault occurs on the link between CE1 and PE1, Ethernet CFM sends alarms of the fault to CE2. Figure 7-10 Diagram of associating Ethernet OAM with Ethernet OAM
CE1
PE1
PE2
CE2
Issue 03 (2010-03-31)
7-53
Pre-configuration Tasks
Before associating Ethernet OAM with Ethernet OAM, complete the following tasks:
l l
Data Preparation
To associate Ethernet OAM with Ethernet OAM, you need the following data. No. 1 2 Data Number of the interfaces to be associated Name of an MD and an MA
Procedure
Step 1 Run:
system-view
The system view is displayed. Step 2 Run the following command as required.
l
Run:
oam-bind cfm md md-name ma ma-name efm interface interface-type interface-number
The bidirectional transmission of fault messages between EFM OAM and Ethernet CFM is configured.
l
Run:
oam-bind ingress efm interface interface-type interface-number egress cfm md mdname ma ma-name
Run:
oam-bind ingress cfm md md-name ma ma-name egress efm interface interface-type interface-number
Run:
oam-bind ingress cfm md md-name1 ma ma-name1 egress cfm md md-name2 ma ma-name2
Ethernet CFM at one side is configured to send fault messages to Ethernet CFM at the other side.
7-54 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Run:
oam-bind cfm md md-name1 ma ma-name1 cfm md md-name2 ma ma-name2
The bidirectional transmission of fault messages between Ethernet CFMs at both sides is configured.
NOTE
After Ethernet OAM is associated with other functional modules, note the following:
l l
If EFM OAM is disabled on an interface, the association between EFM OAM and other functional modules is deleted. If an MA or MD is deleted, the association between Ethernet CFM and other functional modules is deleted.
----End
CE1
802.1ag
PE1
PE2
VPLS
802.1ag
CE2
Issue 03 (2010-03-31)
7-55
Pre-configuration Tasks
Before associating Ethernet CFM with VPLS, complete the following tasks:
l l
Data Preparation
To associate Ethernet CFM with VPLS, you need the following data. No. 1 2 3 4 5 Data Name and ID of the VSI IP address of the peer and tunnel policy used for setting up the peer Interfaces bound to a VSI Types of detection packets Name of an MD and MA
7.12.2 Configuring Ethernet CFM Based on the VPLS Between the PEs
Context
NOTE
l l
If 802.1ag MAC trace needs to be implemented to locate the connectivity fault between the PEs, you cannot specify the outbound interface for sending trace packets. The current MA must be associated with a VSI and the type of the MEP must be inward-facing.
Procedure
Step 1 Run:
system-view
7-56
Issue 03 (2010-03-31)
The local MEP is enabled to receive CCMs from the RMEP within the same MA. ----End
The MA configured on the PE must be associated with a VSI and the type of the MEP must be outward-facing.
1.
Run:
system-view
Issue 03 (2010-03-31)
7-57
The local MEP is enabled to receive CCMs from the RMEP in a same MA. l Do as follows on the CEs:
NOTE
The MA configured on the CE must be associated with a VLAN and the type of the MEP must be outward-facing.
1.
Run:
system-view
The local MEP is enabled to receive CCMs from the RMEP in a same MA. ----End
7-58 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
l l l
The MA configured on the PE must be associated with a VSI and the type of the MEP must be inwardfacing. The MA configured on the CE must be associated with a VLAN and the type of the MEP must be outward-facing. The rule for creating the MIP needs to be configured on transit nodes.
Issue 03 (2010-03-31)
7-59
Figure 7-12 Diagram of associating Ethernet OAM with MPLS OAM or BFD
PE1
PE2
Pre-configuration Tasks
Before associating Ethernet OAM with MPLS OAM or BFD, complete the following tasks:
l l l
Configuring VLL Fast Reroute (FRR) in Martini mode Configuring the BFD session Configuring MPLS OAM
Data Preparation
To associate Ethernet OAM with MPLS OAM or BFD, you need the following data. No. 1 2 3 4 5 6 7 Data Numbers of the interfaces to be associated Name of an MD and an MA IP addresses of interfaces on each equipment, names of tunnel interfaces, and tunnel IDs Types of detect packets sent Ingresses and Egresses of the detected LSP and the backward tunnel BFD names Parameters of BFD sessions
Procedure
Step 1 Run:
system-view
The OAM management view is displayed. Step 3 Run the following command as required.
l
Run:
oam-bind ingress cfm md md-name ma ma-name egress bfd-session bfd-session-id
Run:
oam-bind ingress bfd-session bfd-session-id egress cfm md md-name ma ma-name
Run:
oam-bind cfm md md-name ma ma-name bfd-session bfd-session-id
The bidirectional transmission of fault messages between Ethernet CFM and BFD is configured.
l
Run:
oam-bind ingress efm interface interface-type interface-number egress bfdsession bfd-session-id
Run:
oam-bind ingress bfd-session bfd-session-id egress efm interface interface-type interface-number
Run:
oam-bind efm interface interface-type interface-number bfd-session bfd-sessionid
The bidirectional transmission of fault messages between EFM OAM and BFD is configured.
l
Run:
oam-bind efm interface md-name ma ma-name egress mpls oam tunnel tunnel-number
Run:
oam-bind ingress mpls oam { lsp-name lsp-name | lsr-id lsr-id tunnel-id tunnelid } egress cfm md md-name ma ma-name
Run:
oam-bind ingress efm interface interface-type interface-number egress mpls oam tunnel tunnel-number
Run:
oam-bind ingress mpls oam { lsp-name lsp-name | lsr-id ingress-lsr-id tunnel-id tunnel-id } egress efm interface interface-type interface-number
Context
For details, refer to the chapter "Layer 2 Multicast Configuration" in the the HUAWEI NetEngine80E/40E Router Configuration Guide - Device Management IP Multicast.
CAUTION
Statistics on Error CCMs cannot be restored after you clear it. So, confirm the action before you use the command.
7-62
Issue 03 (2010-03-31)
Procedure
Step 1 Run the reset reset cfm error-packet receive statistics [ md md-name [ ma ma-name [ remotemep mep-id mep-id ] ] ] command in the user view to clear statistics of error CCMs. ----End
Procedure
l l Run the display oam global configuration command in any view to check the global configurations of Ethernet OAM on the device. Run the display cfm error-packet statistics [ md md-name [ ma ma-name [ remote-mep mep-id mep-id ] ] ] command in any view to check statistics of error CCMs received on the device. Run the display cfm mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command in any view to check information about a MEP. Run the display cfm mip [ interface interface-type interface-number | level level ] command in any view to check information about a MIP. Run the display cfm remote-mep [ md md-name [ ma ma-name [ mep-id mep-id ] ] ] command in any view to check information about an RMEP. Run the display efm session { all | interface interface-type interface-number } command in any view to check information about the EFM OAM session between the specified interface and the peer.
l l l l
----End
7.16.10 Exmaple for Configuring EFM OAM Extension for Static Routes
Automatic connectivity detection can be performed on the link between Router A and Router B. After detecting connectivity faults, Router A and RouterB generate alarms. Router B monitors the errored frames, errored codes, and errored frame seconds on GE 2/0/1. When the number of errored frames, errored codes, and errored frame seconds exceed the corresponding threshold, Router B generates alarms.
RouterB
ISP network
GE2/0/1
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enable EFM OAM on Router A and Router B globally. Configure EFM OAM on GE 1/0/1 on Router A to work in passive mode. Configure GE 2/0/1 on Router B to detect the errored frames, errored codes, and errored frame seconds. Enable EFM OAM on GE 2/0/1 on Router B. Enable EFM OAM on GE 1/0/1 on Router A.
Data Preparation
To complete the configuration, you need the following data:
l
The period for detecting errored frames on GE 2/0/1 on Router B is five seconds and the threshold is five. The period for detecting errored codes on GE 2/0/1 on Router B is five seconds and the threshold is five. The period for detecting errored frame seconds on GE 2/0/1 on Router B is 120 seconds and the threshold is five.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
7-64
Procedure
Step 1 Enable EFM OAM globally. # Enable EFM OAM globally on Router A.
<HUAWEI> system-view [HUAWEI] sysname RouterA [RouterA] efm enable
Step 3 Configure GE 2/0/1 on Router B to detect the errored frames, errored codes, and errored frame seconds. # Configure GE 2/0/1 on Router B to detect the errored frames.
[RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] efm error-frame period 5 [RouterB-GigabitEthernet2/0/1] efm error-frame threshold 5 [RouterB-GigabitEthernet2/0/1] efm error-frame notification enable
Step 4 Enable EFM OAM on GE 2/0/1 on Router B. Enable EFM OAM on GE 1/0/1 on Router A. # Enable EFM OAM on GE 1/0/1 on Router A.
[RouterA-GigabitEthernet1/0/1] efm enable [RouterA-GigabitEthernet1/0/1] quit
Step 5 Verify the configuration. # Run the display efm session command. If the EFM OAM state on the interface is Detect, it means that the configuration succeeds. EFM OAM is correctly configured on Router A and Router B, and GE 2/0/1 and GE 1/0/1 succeed in negotiation and enter the Detect state. For example, the EFM OAM state on GE 2/0/1 on RouterB is displayed as follows:
[RouterB] display efm session interface gigabitethernet 2/0/1 Interface EFM State Loopback Timeout -------------------------------------------------------------------GigabitEthernet2/0/1 detect --
Issue 03 (2010-03-31)
7-65
# Run the display efm command. If the EFM OAM configuration information on GE 2/0/1 on Router B is displayed, it means that the configuration succeeds. The displayed information is as follows:
[RouterB] display efm interface gigabitethernet 2/0/1 Item Value ------------------------------------Interface: GigabitEthernet2/0/1 EFM Enable Flag: enable Mode: active OAMPDU MaxSize: 128 ErrCodeNotification: enable ErrCodePeriod: 5 ErrCodeThreshold: 5 ErrFrameNotification: enable ErrFramePeriod: 5 ErrFrameThreshold: 5 ErrFrameSecondNotification: enable ErrFrameSecondPeriod: 120 ErrFrameSecondThreshold: 5 TriggerIfDown: disable Remote MAC: 0010-0010-0010 Remote EFM Enable Flag: enable Remote Mode: passive Remote MaxSize: 128
----End
Configuration Files
l
7-66
Issue 03 (2010-03-31)
7.16.2 Example for Testing the Packet Loss Ratio on the Link
Networking Requirements
As shown in Figure 7-14, a user network is connected to an ISP network through Router A and Router B. Router A acts as the CE device. Router B acts as the UPE device. The link between Router A and Router B is newly established. The ISP needs to test the packet loss ratio on the link on Router B before using the link. Figure 7-14 Diagram of testing the packet loss ratio on the link
RouterB
ISP network
GE2/0/1
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Enable EFM OAM on Router A and Router B. Configure EFM OAM on GE 1/0/1 on Router A to work in passive mode. Enable EFM OAM remote loopback on Router B. Send test packets from RouterB to Router A. Check the returning of test packets on Router B.
Data Preparation
To complete the configuration, you need the following data:
l l
Timeout period for remote loopback Size, number, and sending rate of test packets
Procedure
Step 1 Configure EFM OAM. # Enable EFM OAM globally on Router B.
<HUAWEI> system-view [HUAWEI] sysname RouterB [RouterB] efm enable
Issue 03 (2010-03-31)
7-67
# Verify the configuration. Run the display efm session command. If the EFM OAM protocol on the interface is in the Detect state, it means that the configuration succeeds. EFM OAM is correctly configured on Router A and Router B, and GE 2/0/1 and GE 1/0/1 succeed in negotiation and enter the Detect state. For example, the EFM OAM state on GE 2/0/1 on Router B is displayed as follows:
[RouterB] display efm session interface gigabitethernet 2/0/1 Interface EFM State Loopback Timeout -------------------------------------------------------------------GigabitEthernet2/0/1 detect --
Step 2 Configure EFM OAM remote loopback. # Enable remote loopback on Router B.
[RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] efm loopback start [RouterB-GigabitEthernet2/0/1] quit
# Verify the configuration. Run the display efm session command on Router B. If the EFM OAM protocol on GE 2/0/1 is in the loopback (control) state, that is, GE 2/0/1 initiates remote loopback, it means that the configuration succeeds. The displayed information is as follows:
[RouterB] display efm session interface gigabitethernet2/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet2/0/1 Loopback(control) 20
Run the display efm session command on Router A. If the EFM OAM protocol on GE 1/0/1 is in the loopback (be controlled) state, that is, GE 1/0/1 responds to remote loopback, it means that the configuration succeeds. The displayed information is as follows:
[RouterA] display efm session interface gigabitethernet1/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet1/0/1 Loopback(be controlled) --
7-68
Issue 03 (2010-03-31)
You can obtain the packet loss ratio on the link based on the preceding data. Step 5 Disable EFM OAM remote loopback. # Disable EFM OAM remote loopback on Router B.
[RouterB] interface gigabitethernet 2/0/1 [RouterB-GigabitEthernet2/0/1] efm loopback stop [RouterB-GigabitEthernet2/0/1] quit
NOTE
By default, the timeout period for remote loopback is 20 minutes. After 20 minutes, remote loopback stops. To disable remote loopback, you can perform the preceding steps.
# Verify the configuration. Run the display efm session command after remote loopback is automatically or manually disabled, you can view that the status of the EFM OAM protocol on the interface is no longer loopback (control) or loopback (be controlled). For example, the EFM OAM status on GE 2/0/1 on RouterB is displayed as follows:
[RouterB] display efm session interface gigabitethernet2/0/1 Interface EFM State Loopback Timeout ---------------------------------------------------------------------GigabitEthernet2/0/1 Detect --
----End
Configuration Files
l
Issue 03 (2010-03-31)
7-69
VLAN2
VLAN2
GE1/0/1 RouterA GE1/0/0 GE1/0/1 RouterI GE1/0/2 GE1/0/1 MD2 RouterE GE1/0/0 RouterB RouterF GE1/0/1 GE1/0/2
GE1/0/0
MD1
GE1/0/2
GE1/0/1
VLAN2
VLAN3
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. Create VLANs and add interfaces to the corresponding VLAN. Create MD 1 at level 6 on all the routers. Create MA 1 within MD 1 on all the routers except Router G. Associate MA 1 with VLAN 2.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
7-70
4. 5. 6. 7. 8. 9.
Create MA 2 within MD 1 on all the routers except Router E and Router I. Associate MA 2 with VLAN 3. Create MD 2 at level 4 on Router A, Router B, Router C, and Router D. Create MA 3 within MD 2. Associate MA 3 with VLAN 4. Create MEPs and RMEPs on Router I, Router H, and Router E in MA 1 within MD 1. Create MEPs and RMEPs on Router H and Router G in MA 2 within MD 1. Create MEPs and RMEPs on Router A, Router C, and Router D in MA 3 within MD 2. Enable the sending and receiving of CCMs.
Data Preparation
To complete the configuration, you need the following data:
l l
MD 1 at level 6 MD 2 at level 4
Procedure
Step 1 Create VLANs and add interfaces to the corresponding VLAN. The detailed configuration is not mentioned here. Step 2 Create MD 1. # Create MD 1 on Router A.
<RouterA> system-view [RouterA] cfm enable [RouterA] cfm md md1 level 6
# Create MD 1 on Router B, Router C, Router D, Router E, Router F, Router G, Router H, and Router I. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. Step 3 Create and configure MA 1 within MD 1 on all the device except Router G. # Create and configure MA 1 on Router A within MD 1.
[RouterA-md-md1] ma ma1 [RouterA-md-md1-ma-ma1] map vlan 2 [RouterA-md-md1-ma-ma1] quit
# Create and configure MA 1 on Router B, Router C, Router D, Router E, Router F, Router H, and Router I within MD 1. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. Step 4 Create and configure MA 2 within MD 1 on all the device except Router E and Router I. # Create and configure MA 2 on Router A within MD 1.
[RouterA-md-md1] ma ma2 [RouterA-md-md1-ma-ma2] map vlan 3 [RouterA-md-md1-ma-ma2] quit [RouterA-md-md1] quit
Issue 03 (2010-03-31)
7-71
# Create and configure MA 2 on Router B, Router C, Router D, Router F, Router G, and Router H within MD 1. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. Step 5 Create MD 2 on Router A, Router B, Router C, and Router D. Create and configure MA 3 within MD 2. # Create MD 2 on Router A. Create and configure MA 3 within MD 2.
[RouterA] cfm md md2 level 4 [RouterA-md-md2] ma ma3 [RouterA-md-md2-ma-ma3] map vlan 4 [RouterA-md-md2-ma-ma3] quit [RouterA-md-md2] quit
# Create MD 2 on Router B, Router C, and RouterD. Create and configure MA 3 within MD 2. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. Step 6 Configure MEPs and RMEPs on Router E, Router H, and Router I in MA 1 within MD 1. # Configure a MEP on Router E in MA 1 within MD 1.
[RouterE] cfm md md1 [RouterE-md-md1] ma ma1 [RouterE-md-md1-ma-ma1] mep mep-id 3 interface gigabitethernet 1/0/1 inward
Step 7 Configure MEPs and RMEPs on Router H and Router G in MA 2 within MD 1. # Configure a MEP on Router H in MA 2 within MD 1.
[RouterH] cfm md md1 [RouterH-md-md1] ma ma2 [RouterH-md-md1-ma-ma2] mep mep-id 1 interface gigabitethernet 1/0/1 inward
7-72
Issue 03 (2010-03-31)
Step 8 Configure MEPs and RMEPs on Router A, Router C, and Router D in MA 3 within MD 2. # Configure a MEP on Router A in MA 3 within MD 2.
[RouterA] cfm md md2 [RouterA-md-md2] ma ma3 [RouterA-md-md2-ma-ma3] mep mep-id 1 interface gigabitethernet 1/0/0 inward
Step 9 Enable the sending and receiving of CCMs. # Enable the sending of CCMs on the MEP on Router A.
[RouterA-md-md2-ma-ma3] mep ccm-send enable
# Enable the sending of CCMs on MEPs and the receiving of CCMs from RMEPs on Router B, Router C, Router D, Router E, Router F, Router G, Router H, and Router I. The detailed configuration is not mentioned here. The configuration is similar to that on Router A. ----End
Configuration Files
l
Issue 03 (2010-03-31)
7-73
sysname RouterA # vlan batch 2 to 4 # cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 to 4 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 to 4 # interface GigabitEthernet1/0/2 portswitch port trunk allow-pass vlan 2 to 4 # cfm md md1 level 6 ma ma1 map vlan 2 ma ma2 map vlan 3 # cfm md md2 level 4 ma ma3 map vlan 4 mep mep-id 1 interface gigabitethernet 1/0/0 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # return l
7-74
Issue 03 (2010-03-31)
cfm enable # interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 to 4 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 to 4 # cfm md md1 level 6 ma ma1 map vlan 2 ma ma2 map vlan 3 # cfm md md2 level 4 ma ma3 map vlan 4 mep mep-id 2 interface gigabitethernet 1/0/0 outward mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # return l
Issue 03 (2010-03-31)
7-75
interface GigabitEthernet1/0/0 portswitch port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/1 portswitch port trunk allow-pass vlan 2 # cfm md md1 level 6 ma ma1 map vlan 2 mep mep-id 3 interface gigabitethernet 1/0/1 inward mep ccm-send mep-id 3 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # return l
7-76
Issue 03 (2010-03-31)
Issue 03 (2010-03-31)
7-77
RouterE
1/ 0/ 1
GE1/0/2
GE
E1 /0 /2
RouterF
RouterD GE1/0/3
GE1/0/1
VLAN2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. Switch IEEE 802.1ag Draft 7 to IEEE Standard 802.1ag-2007. Create a VLAN and add related interfaces to the VLAN. Create MD1 at Level 6 on all the devices except for Router B and Router C. Create MD2 at Level 4 on Router B and Router C. Create the default MD at Level 6 on Router B and Router C, associate the default MD with VLAN 2 and VLAN 3, and set the MIP generation rule to default. Create and configure MA1 within MD1 on all the devices except for Router B and Router C. (MA1 is associated with VLAN 2.) Create and configure MA2 within MD1 on all the devices except for Router B and Router C.. (MA2 is associated with VLAN 3.)
7-78 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
6. 7.
Create and configure MEPs and RMEPs on MA1 in MD1 of Router A and Router F. Create and configure MEPs and RMEPs in MA2 within MD1 of Router A and Router E. Enable the CCM transmission function.
Data Preparation
To complete the configuration, you need the following data:
l l l l
Range of VLAN IDs to which interfaces belong MD1 at Level 6 MD2 at Level 4 Default MD at Level 6
Procedure
Step 1 Switch the IEEE 802.1ag version.
NOTE
# Switch IEEE 802.1ag Draft 7 to IEEE Standard 802.1ag-2007 on Router B, Router C, Router D, Router E, and Router F. The configurations on Router B, Router C, Router D, Router E, and Router F are the same as the configurations on Router A, and are not mentioned here.
NOTE
All the devices on the network must be enabled with either IEEE 802.1ag Draft 7 or IEEE Standard 802.1ag-2007. IEEE 802.1ag Draft 7 and IEEE Standard 802.1ag-2007 cannot be enabled at the same time on a network.
Step 2 Create a VLAN and add related interfaces to the VLAN. The configuration is not mentioned here. Step 3 Create MD1. # Create MD1 on Router A.
<RouterA> system-view [RouterA] cfm enable Info: Enable the CFM successfully! [RouterA] cfm md md1 level 6 [RouterA] quit
# Create MD1 on Router D, Router E, and Router F. The configurations on Router D, Router E, and Router F are the same as the configurations on Router A, and are not mentioned here. Step 4 Create MD2. # Create MD2 on Router B.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-79
# Create MD2 on Router C. The configurations on Router C are the same as the configurations on Router B, and are not mentioned here. Step 5 Create the default MD and associate the default MD with VLAN 2 and VLAN 3 on Router B and Router C. # Create the default MD and associate the default MD to VLAN 2 and VLAN 3 on Router C.
<RouterB> system-view [RouterB] cfm default md level 6 [RouterB-default-md] vlan 2 to 3 [Router B-default-md] quit
Create the default MD and associate the default MD to VLAN 2 and VLAN 3 on Router C. The configurations on Router C are the same as the configurations on Router B, and are not mentioned here. Step 6 Set the MIP generation rule in the default MD on Router B and Router C. # Set the MIP generation rule in the default MD on Router B.
<RouterB> system-view [RouterB] cfm default md [RouterB-default-md] mip create-type default [RouterB-default-md] quit
# Set the MIP generation rule in the default MD on Router C. The configurations on Router C are the same as the configurations on Router B, and are not mentioned here. Step 7 Create and configure MA1 within MD1 on all the devices except for Router B and Router C. # Create MA1 within MD1 on Router A.
[RouterA] cfm md md1 [RouterA-md-md1] ma ma1 [RouterA-md-md1-ma-ma1] map vlan 2 [RouterA-md-md1-ma-ma1] quit
# Create MA1 within MD1 on Router D and Router F. The configurations on Router D and Router F are the same as the configurations on Router A, and are not mentioned here. Step 8 Create and configure MA2 within MD1 on all the devices except for Router B and Router C. # Create MA2 within MD1 on Router A.
[RouterA-md-md1] ma ma2 [RouterA-md-md1-ma-ma2] map vlan 3 [RouterA-md-md1-ma-ma2] quit [RouterA-md-md1] quit
The configurations on Router D and Router E are the same as the configurations on Router A, and are not mentioned here. Step 9 Create and configure MEPs and RMEPs in MA1 within MD1 on Router A and Router F. # Create and configure a MEP in MA1 within MD1 on Router A.
[RouterA] cfm md md1 [RouterA-md-md1] ma ma1 [RouterA-md-md1-ma-ma1] mep mep-id 2 interface gigabitethernet 1/0/1 inward
Step 10 Create and configure MEPs and RMEPs in MA2 within MD1 on Router A and Router E. # Create and configure a MEP in MA2 within MD1 on Router A.
[RouterA] cfm md md1 [RouterA-md-md1] ma ma2 [RouterA-md-md1-ma-ma2] mep mep-id 1 interface gigabitethernet 1/0/2 inward
Step 11 Enable the CCM transmission function. # Enable the function of sending CCMs on all MEPs of Router A.
[RouterA-md-md1-ma-ma2] mep ccm-send enable
# Enable Router A with the function of receiving CCMs from the RMEP.
[RouterA-md-md1-ma-ma2] remote-mep ccm-receive enable
# Enable the function of sending CCMs on all MEPs of Router E and Router F, and enable the function of receiving CCMs from all RMEPs on Router E and Router F. The configurations on Router E and Router F are the same as the configurations on Router A, and are not mentioned here. Step 12 Verify the configuration. After the preceding configurations are successful and the network converges, run the following commands to verify the configuration. Take the display on Router B and Router A as an example:
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-81
Run the display cfm default md command on Router B. You can view that the default MD at Level 6 is configured and associated with VLAN 2 and VLAN 3. You can also view that the MIP generation rule is set to default.
[RouterB] display cfm default md Level MIP Create-type SenderID TLV-type VLAN List --------------------------------------------------------------------------------------6 default SendIdDefer 2 to 3
Perform the 802.1ag MAC trace operation on Router A. You can view that the 802.1ag MAC trace operation is successful and no connectivity fault occurs between Router A and Router E
<RouterA> system [RouterA] cfm md md1 [RouterA-md-md1] ma ma1 [RouterA--md-md1-ma-ma1] trace mac-8021ag mac aa99-6600-5600 Tracing the route to aa99-6600-5600 over a maximum of 255 hops: Hops Mac Ingress Ingress Action Relay Action Forwarded Egress Egress Action Ismep 1 2155-2201-3302 gigabitethernet1/0/3 IngOK RlyFDB Forwarded gigabitethernet1/0/1 EgrOK 2 5522-1101-5503 gigabitethernet1/0/1 IngOK RlyFDB Forwarded gigabitethernet1/0/2 EgrOk 3 2234-6432-3344 gigabitethernet1/0/2 IngOK RlyFDB Forwarded gigabitethernet1/0/3 EgrOk 4 4323-5332-5522 gigabitethernet1/0/3 IngOK RlyFDB Forwarded gigabitethernet1/0/1 EgrOk 5 aa99-6600-5600 gigabitethernet1/0/1 IngOK RlyHit Not Forwarded Yes Info: Succeed in tracing the destination address aa99-6600-5600.
No No No No
----End
Configuration Files
l
7-82
Issue 03 (2010-03-31)
# cfm md md1 level 6 ma ma1 map vlan 2 mep mep-id 2 interface gigabitethernet 1/0/1 inward mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable ma ma2 map vlan 3 mep mep-id 1 interface gigabitethernet 1/0/2 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # return l
Issue 03 (2010-03-31)
7-83
7-84
Issue 03 (2010-03-31)
cfm enable # interface GigabitEthernet1/0/1 undo shutdown portswitch port trunk allow-pass vlan 2 # interface GigabitEthernet1/0/3 undo shutdown portswitch port trunk allow-pass vlan 2 # cfm md md1 level 6 ma ma1 map vlan 2 mep mep-id 1 interface gigabitethernet 1/0/1 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # return
The bandwidth for the user network to access the ISP network is 2000 Mbit/s and an inactive link that serves as a backup is provided. When the active link between the user network and the ISP network fails, the LACP module on the interface can sense the fault within 50 ms and stop forwarding data on the active link.
Issue 03 (2010-03-31)
7-85
Active link Inactive link Link aggregation group in static LACP mode
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. Configure the link aggregation group with three member interfaces on Router A and Router B respectively. The three member interfaces are all GE interfaces. Configure Ethernet CFM on Router A and Router B. To allow the LACP module to sense the connectivity fault within 50 ms, set the interval for sending and detecting CCMs to 10 ms within each MA. Associate Ethernet CFM with all the member interfaces of the aggregation groups in static LACP mode on Router A and Router B.
3.
Data Preparation
To complete the configuration, you need the following data:
l
The number of the aggregation groups in static LACP mode on Router A and Router B is 2. The three member interfaces of the aggregation group in static LACP mode on Router B are GE 1/0/1, GE 1/0/2, and GE 1/0/3. The three member interfaces of the aggregation group in static LACP mode on Router A are GE 1/0/1, GE 1/0/2, and GE 1/0/3.
7-86
Issue 03 (2010-03-31)
Procedure
Step 1 Configure the aggregation group in static LACP mode. The detailed configuration is not mentioned here. For details, refer to the HUAWEI NetEngine80E/40E Router Configuration Guide - LAN and MAN Access. Step 2 Configure Ethernet CFM. # Enable Ethernet CFM globally on Router A.
[RouterA] cfm enable
ccm-interval 10 mep mep-id 2 interface gigabitethernet 1/0/1 outward remote-mep mep-id 1 mep ccm-send enable remote-mep ccm-receive enable quit ccm-interval 10 mep mep-id 4 interface gigabitethernet 1/0/2 outward remote-mep mep-id 3 mep ccm-send enable remote-mep ccm-receive enable quit ccm-interval 10 mep mep-id 6 interface gigabitethernet 1/0/3 outward remote-mep mep-id 5 mep ccm-send enable remote-mep ccm-receive enable quit
ccm-interval 10 mep mep-id 1 interface gigabitethernet 1/0/1 outward remote-mep mep-id 2 mep ccm-send enable remote-mep ccm-receive enable quit ccm-interval 10 mep mep-id 3 interface gigabitethernet 1/0/2 outward remote-mep mep-id 4 mep ccm-send enable remote-mep ccm-receive enable quit ccm-interval 10 mep mep-id 5 interface gigabitethernet 1/0/3 outward remote-mep mep-id 6 mep ccm-send enable remote-mep ccm-receive enable quit
Issue 03 (2010-03-31)
7-87
# Verify the configuration. Run the display cfm mep command and the display cfm remote-mep command. If information about the MEP and RMEP is displayed, it means that the configuration succeeds. For example, the detailed information on Router B is displayed as follows:
[RouterB] display cfm mep md md1 The total number of MEPs is 3 MD Name : md1 Level : 0 MA Name : ma1 MEP ID : 1 Vlan ID : -VSI Name : -Interface Name : GigabitEthernet1/0/1 CCM Send : enabled Direction : outward MD Name : md1 Level : 0 MA Name : ma2 MEP ID : 3 Vlan ID : -VSI Name : -Interface Name : GigabitEthernet1/0/2 CCM Send : enabled Direction : outward MD Name : md1 Level : 0 MA Name : ma3 MEP ID : 5 Vlan ID : -VSI Name : -Interface Name : GigabitEthernet1/0/3 CCM Send : enabled Direction : outward [RouterB] display cfm remote-mep md md1 The total number of RMEPs is 3 The status of RMEPS : 3 up, 0 down -------------------------------------------------MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 2 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma2 RMEP ID : 4 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma3 RMEP ID : 6 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : disabled CFM Status : up
7-88
Issue 03 (2010-03-31)
Step 3 Associate Ethernet CFM with the member interfaces of the aggregation group in static LACP mode. # Associate Ethernet CFM with the member interfaces of Eth-Trunk 2 on Router A.
[RouterA] interface gigabitethernet1/0/1 [RouterA-GigabitEthernet1/0/1] cfm md md1 ma ma1 remote-mep mep-id 1 trigger if-down [RouterA-GigabitEthernet1/0/1] quit [RouterA] interface gigabitethernet1/0/2 [RouterA-GigabitEthernet1/0/2] cfm md md1 ma ma2 remote-mep mep-id 3 trigger if-down [RouterA-GigabitEthernet1/0/2] quit [RouterA] interface gigabitethernet1/0/3 [RouterA-GigabitEthernet1/0/3] cfm md md1 ma ma3 remote-mep mep-id 5 trigger if-down [RouterA-GigabitEthernet1/0/3] quit
# Verify the configuration. Run the display cfm remote-mep command. If the item of "Trigger-If-down" is displayed as "enable", it means that the configuration succeeds. For example, the detailed information on Router B is displayed as follows:
[RouterB] display cfm remote-mep md md1 The total number of RMEPs is 3 MD Name : md1 Level : 0 MA Name : ma1 RMEP ID : 2 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : enabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma2 RMEP ID : 4 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : enabled CFM Status : up MD Name : md1 Level : 0 MA Name : ma3 RMEP ID : 6 Vlan ID : -VSI Name : -MAC : -CCM Receive : enabled Trigger-If-Down : enabled CFM Status : up
----End
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-89
Configuration Files
l
if-down
if-down
if-down
outward
outward
outward
7-90
Issue 03 (2010-03-31)
if-down
outward
outward
outward
RouterA RouterB RouterC RouterD GE1/0/0 GE2/0/0 GE1/0/0 GE1/0/0 GE2/0/0 VLAN10 GE2/0/0 GE1/0/0 GE2/0/0 VLAN10
Configuration Roadmap
The configuration roadmap is as follows: 1.
Issue 03 (2010-03-31)
2. 3. 4. 5.
Configure EFM OAM to run between Router A and Router B. Configure Ethernet CFM to run between Router B and Router C. Configure EFM OAM to run between RouterC and RouterD. Associate EFM OAM with Ethernet CFM on Router B and Router C.
Procedure
Step 1 Create VLAN 10 and add interfaces to VLAN 10. Step 2 Configure EFM OAM to run between Router A and Router B. # Configure Router A.
[RouterA] efm enable [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] efm mode passive [RouterA-GigabitEthernet1/0/0] efm enable [RouterA-GigabitEthernet1/0/0] quit
# Configure RouterB.
[RouterB] efm enable [RouterB] interface gigabitethernet 1/0/0 [RouterB-GigabitEthernet1/0/0] efm enable [RouterB-GigabitEthernet1/0/0] quit
Step 3 Configure Ethernet CFM to run between Router B and Router C. # Configure Router B.
[RouterB] cfm enable [RouterB] cfm md md1 [RouterB-md-md1] ma ma1 [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1] [RouterB-md-md1-ma-ma1]
map vlan 10 mep mep-id 1 interface gigabitethernet 2/0/0 outward remote-mep mep-id 2 mep ccm-send enable remote-mep ccm-receive enable return
# Configure Router C.
[RouterC] cfm enable [RouterC] cfm md md1 [RouterC-md-md1] ma ma1 [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1] [RouterC-md-md1-ma-ma1]
map vlan 10 mep mep-id 2 interface gigabitethernet 2/0/0 outward remote-mep mep-id 1 mep ccm-send enable remote-mep ccm-receive enable return
Step 4 Configure EFM OAM to run between Router C and Router D. # Configure Router C.
[RouterC] efm enable [RouterC] interface gigabitethernet 1/0/0 [RouterC-GigabitEthernet1/0/0] efm enable [RouterC-GigabitEthernet1/0/0] quit
# Configure Router D.
[RouterD] efm enable [RouterD] interface gigabitethernet 1/0/0 [RouterD-GigabitEthernet1/0/0] efm mode passive
7-92
Issue 03 (2010-03-31)
Step 5 Associate EFM OAM with Ethernet CFM. # Associate EFM OAM running between Router A and Router B with Ethernet CFM running between Router B and Router C.
[RouterB] oam-mgr [RouterB] oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0
# Associate Ethernet CFM running between RouterB and RouterC with EFM OAM running between Router C and Router D.
[RouterC] oam-mgr [RouterC] oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0
Step 6 Verify the configuration. After the preceding configuration, when EFM OAM running between Router A and Router B detects faults, Ethernet CFM notifies EFM OAM running between Router C and Router D of the faults. ----End
Configuration Files
l
Issue 03 (2010-03-31)
7-93
ma ma1 map vlan 10 mep mep-id 1 interface gigabitethernet 2/0/0 outward mep ccm-send enable remote-mep mep-id 2 remote-mep ccm-receive enable # oam-mgr oam-bind cfm md md1 ma ma1 efm interface gigabitethernet 1/0/0 # return l
7-94
Issue 03 (2010-03-31)
CE3 GE1/0/0.1 10.1.1.3/24 PE3 GE1/0/0.1 GE2/0/0 100.2.1.2/30 GE3/0/0 100.2.1.1/30 Loopback1 1.1.1.1/32 GE1/0/0.1 GE1/0/0.1 10.1.1.1/24 CE1 GE3/0/0 100.3.1.2/30
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Run the Interior Gateway Protocol (IGP) on the backbone network. routers across the backbone network then can communicate. Configure the routing protocols on the backbone network to enable communication between routers and basic functions of MPLS. Set up LSP tunnels between PEs. Enable MPLS L2VPN on PEs. Create Virtual Switch Instances (VSIs) on PEs and bind VSIs to Attachment Circuit (AC) interfaces. Configure VPLS Ethernet CFM on PEs.
Data Preparation
To complete the configuration, you need the following data:
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-95
IP address of each interface MPLS LSR ID of each PE VSI name and VSI ID of each PE Interfaces bound to the VSI Name and level of the MD, name of the MA, MEP ID, name of the interface on which the MEP resides, and type of the MEP
Procedure
Step 1 Assign an IP address to each interface. # Configure PE1.
<HUAWEI> system-view [HUAWEI] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.1 32 [PE1-LoopBack1] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] ip address 100.1.1.1 30 [PE1-GigabitEthernet2/0/0] undo shutdown [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] ip address 100.2.1.1 30 [PE1-GigabitEthernet3/0/0] undo shutdown [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
<HUAWEI> system-view [HUAWEI] sysname PE2 [PE2] interface LoopBack 1 [PE2-LoopBack1] ip address 2.2.2.2 32 [PE2-LoopBack1] quit [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] ip address 100.1.1.2 30 [PE2-GigabitEthernet2/0/0] undo shutdown [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] ip address 100.3.1.1 30 [PE2-GigabitEthernet3/0/0] undo shutdown [PE2-GigabitEthernet3/0/0] quit
# Configure PE3.
<HUAWEI> system-view [HUAWEI] sysname PE3 [PE3] interface loopback 1 [PE3-LoopBack1] ip address 3.3.3.3 32 [PE3-LoopBack1] quit [PE3] interface gigabitethernet 2/0/0 [PE3-GigabitEthernet2/0/0] ip address 100.2.1.2 30 [PE3-GigabitEthernet2/0/0] undo shutdown [PE3-GigabitEthernet2/0/0] quit [PE3] interface gigabitethernet 3/0/0 [PE3-GigabitEthernet3/0/0] ip address 100.3.1.2 30 [PE3-GigabitEthernet3/0/0] undo shutdown [PE3-GigabitEthernet3/0/0] quit
Step 2 Configure the IGP on the MPLS backbone network. The Open Shortest Path First (OSPF) is used as the IGP protocol in this example.
NOTE
When configuring OSPF, advertise the 32-bit addresses of loopback interfaces on PEs.
7-96
Issue 03 (2010-03-31)
# Configure PE1.
[PE1] ospf 1 [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1-area-0.0.0.0] [PE1-ospf-1] quit
network 1.1.1.1 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 quit
# Configure PE2.
[PE2] ospf 1 [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1-area-0.0.0.0] [PE2-ospf-1] quit
network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.3.1.0 0.0.0.3 quit
# Configure PE3.
[PE3] ospf 1 [PE3-ospf-1] area 0 [PE3-ospf-1-area-0.0.0.0] [PE3-ospf-1-area-0.0.0.0] [PE3-ospf-1-area-0.0.0.0] [PE3-ospf-1-area-0.0.0.0] [PE3-ospf-1] quit
network 3.3.3.3 0.0.0.0 network 100.2.1.0 0.0.0.3 network 100.3.1.0 0.0.0.3 quit
After the preceding configuration, PE1 and PE2, PE1 and PE3 can learn IP addresses of loopback1 interfaces from each other through OSPF. Take the display on PE1 as an example.
[PE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 12 Routes : 13 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.2/32 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0 3.3.3.3/32 OSPF 10 2 D 100.2.1.2 GigabitEthernet3/0/0 100.1.1.0/30 Direct 0 0 D 100.1.1.1 GigabitEthernet2/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.1.1.2/32 Direct 0 0 D 100.1.1.2 GigabitEthernet2/0/0 100.3.1.0/30 OSPF 10 2 D 100.1.1.2 GigabitEthernet2/0/0 OSPF 10 2 D 100.2.1.2 GigabitEthernet3/0/0 100.2.1.0/30 Direct 0 0 D 100.2.1.1 GigabitEthernet3/0/0 100.2.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.2.1.2/32 Direct 0 0 D 100.2.1.2 GigabitEthernet3/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Step 3 Enable basic MPLS functions and LDP on the MPLS backbone network. # Configure PE1.
[PE1] mpls lsr-id 1.1.1.1 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] mpls [PE1-GigabitEthernet2/0/0] mpls ldp [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0
Issue 03 (2010-03-31)
7-97
# Configure PE2.
[PE2] mpls lsr-id 2.2.2.2 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface gigabitethernet2/0/0 [PE2-GigabitEthernet2/0/0] mpls [PE2-GigabitEthernet2/0/0] mpls ldp [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet3/0/0 [PE2-GigabitEthernet3/0/0] mpls [PE2-GigabitEthernet3/0/0] mpls ldp [PE2-GigabitEthernet3/0/0] quit
# Configure PE3.
[PE3] mpls lsr-id 3.3.3.3 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-mpls-ldp] quit [PE3] interface gigabitethernet [PE3-GigabitEthernet2/0/0] mpls [PE3-GigabitEthernet2/0/0] mpls [PE3-GigabitEthernet2/0/0] quit [PE3] interface gigabitethernet [PE3-GigabitEthernet3/0/0] mpls [PE3-GigabitEthernet3/0/0] mpls [PE3-GigabitEthernet3/0/0] quit
After the preceding configuration, LDP sessions are set up between PEs. Run the display mpls ldp session command. You can view that the Status field displays Operational. Take the display on PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------2.2.2.2:0 Operational DU Passive 000:00:02 10/10 3.3.3.3:0 Operational DU Passive 000:00:02 9/9 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
NOTE
If PEs are indirectly connected, you need to run the mpls ldp remote-peer command and the remote-ip command to create remote LDP sessions between PEs.
# Configure PE2.
[PE2] mpls l2vpn [PE2-l2vpn] quit
# Configure PE3.
7-98 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
Step 5 Create VSIs and specify LDP as the signaling protocol of VSIs. # Configure PE1.
[PE1] vsi ldp1 static [PE1-vsi-ldp1] pwsignal ldp [PE1-vsi-ldp1-ldp] vsi-id 2 [PE1-vsi-ldp1-ldp] peer 2.2.2.2 [PE1-vsi-ldp1-ldp] peer 3.3.3.3
# Configure PE2.
[PE2] vsi ldp1 static [PE2-vsi-ldp1] pwsignal ldp [PE2-vsi-ldp1-ldp] vsi-id 2 [PE2-vsi-ldp1-ldp] peer 1.1.1.1 [PE2-vsi-ldp1-ldp] peer 3.3.3.3
# Configure PE3.
[PE3] vsi ldp1 static [PE3-vsi-ldp1] pwsignal ldp [PE3-vsi-ldp1-ldp] vsi-id 2 [PE3-vsi-ldp1-ldp] peer 1.1.1.1 [PE3-vsi-ldp1-ldp] peer 2.2.2.2
Step 6 Bind VSIs to AC interfaces and connect CEs to PEs. # Configure PE1.
[PE1] interface gigabitethernet 1/0/0.1 [PE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE1-GigabitEthernet1/0/0.1] l2 binding vsi ldp1 [PE1-GigabitEthernet1/0/0.1] undo shutdown [PE1-GigabitEthernet1/0/0.1] quit
# Configure PE2.
[PE2] interface gigabitethernet 1/0/0.1 [PE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE2-GigabitEthernet1/0/0.1] l2 binding vsi ldp1 [PE2-GigabitEthernet1/0/0.1] undo shutdown [PE2-GigabitEthernet1/0/0.1] quit
# Configure PE3.
[PE3] interface gigabitethernet 1/0/0.1 [PE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [PE3-GigabitEthernet1/0/0.1] l2 binding vsi ldp1 [PE3-GigabitEthernet1/0/0.1] undo shutdown [PE3-GigabitEthernet1/0/0.1] quit
# Configure CE1.
<HUAWEI> system-view [HUAWEI] sysname CE1 [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE1-GigabitEthernet1/0/0.1] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Configure CE2.
<HUAWEI> system-view [HUAWEI] sysname CE2 [CE2] interface gigabitethernet 1/0/0.1
Issue 03 (2010-03-31)
7-99
# Configure CE3.
<HUAWEI> system-view [HUAWEI] sysname CE3 [CE3] interface gigabitethernet 1/0/0.1 [CE3-GigabitEthernet1/0/0.1] vlan-type dot1q 10 [CE3-GigabitEthernet1/0/0.1] ip address 10.1.1.3 24 [CE3-GigabitEthernet1/0/0.1] undo shutdown [CE3-GigabitEthernet1/0/0.1] quit
After the preceding configuration, run the display vsi name ldp1 verbose command on PE1. You can view that PWs are set up between PE1 and PE2, PE1 and PE3 by the VSI named ldp1. The VSI is in the Up state. Take the display on PE1 as an example.
[PE1] display vsi name bgp1 verbose ***VSI Name : ldp1 VSI Index : 0 PW Signaling : ldp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 VSI State : up VSI ID : 2 *Peer Router ID : 3.3.3.3 VC Label : 23552 Peer Type : dynamic Session : up Tunnel ID : 0x6002003, *Peer Router ID : 2.2.2.2 VC Label : 23553 Peer Type : dynamic Session : up Tunnel ID : 0x6002000, Interface Name : GigabitEthernet1/0/0.1 State : up **PW Information: *Peer Ip Address : 2.2.2.2 PW State : up Local VC Label : 23553 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x6002000, *Peer Ip Address : 3.3.3.3 PW State : up Local VC Label : 23552 Remote VC Label : 23552 PW Type : label Tunnel ID : 0x6002003,
Hosts attached to CE1, CE2, and CE3 can ping through each other. Take CE1 as an example.
[CE1] ping 10.1.1.2 PING 10.1.1.2: 56 data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.1.2 ping statistics ---
7-100
Issue 03 (2010-03-31)
5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/10/50 ms [CE1] ping 10.1.1.3 PING 10.1.1.3: 56 data bytes, press CTRL_C to break Reply from 10.1.1.3: bytes=56 Sequence=1 ttl=255 time=1 Reply from 10.1.1.3: bytes=56 Sequence=2 ttl=255 time=1 Reply from 10.1.1.3: bytes=56 Sequence=3 ttl=255 time=1 Reply from 10.1.1.3: bytes=56 Sequence=4 ttl=255 time=1 Reply from 10.1.1.3: bytes=56 Sequence=5 ttl=255 time=1 --- 10.1.1.3 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
ms ms ms ms ms
ccm-interval 30 map vsi ldp1 mep mep-id 1 interface gigabitethernet 1/0/0.1 inward remote-mep mep-id 2 remote-mep mep-id 3 mep ccm-send enable remote-mep ccm-receive enable quit
# Configure PE2.
[PE2] cfm enable [PE2] cfm md md1 [PE2-md-md1] ma ma1 [PE2-md-md1-ma-ma1] [PE2-md-md1-ma-ma1] [PE2-md-md1-ma-ma1] [PE2-md-md1-ma-ma1] [PE2-md-md1-ma-ma1] [PE2-md-md1-ma-ma1] [PE2-md-md1-ma-ma1] [PE2-md-md1-ma-ma1]
ccm-interval 30 map vsi ldp1 mep mep-id 2 interface gigabitethernet 1/0/0.1 inward remote-mep mep-id 1 remote-mep mep-id 3 mep ccm-send enable remote-mep ccm-receive enable quit
# Configure PE3.
[PE3] cfm enable [PE3] cfm md md1 [PE3-md-md1] ma ma1 [PE3-md-md1-ma-ma1] [PE3-md-md1-ma-ma1] [PE3-md-md1-ma-ma1] [PE3-md-md1-ma-ma1] [PE3-md-md1-ma-ma1] [PE3-md-md1-ma-ma1] [PE3-md-md1-ma-ma1] [PE3-md-md1-ma-ma1]
ccm-interval 30 map vsi ldp1 mep mep-id 3 interface gigabitethernet 1/0/0.1 inward remote-mep mep-id 1 remote-mep mep-id 2 mep ccm-send enable remote-mep ccm-receive enable quit
Step 8 Verify the configuration. After the preceding configuration, run the display cfm mep command and the display cfm remote-mep command on PE1, PE2, and PE3. You can view that the configuration of Ethernet CFM succeeds. Ethernet CFM can fast detect faults between PEs of VSIs and notify the NMS. Take PE1 as an example.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-101
----End
Configuration Files
l
7-102
Issue 03 (2010-03-31)
undo shutdown # interface GigabitEthernet1/0/0.1 undo shutdown vlan-type dot1q 10 l2 binding vsi ldp1 # interface GigabitEthernet2/0/0 undo shutdown ip address 100.1.1.1 255.255.255.252 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip address 100.2.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # cfm md md1 ma ma1 ccm-interval 30 map vsi ldp1 mep mep-id 1 interface gigabitethernet 1/0/0.1 inward mep ccm-send mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.2.1.0 0.0.0.3 # return l
Issue 03 (2010-03-31)
7-103
mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip address 100.3.1.1 255.255.255.252 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # cfm md md1 ma ma1 ccm-interval 30 map vsi ldp1 mep mep-id 2 interface gigabitethernet 1/0/0.1 inward mep ccm-send mep-id 2 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 3 remote-mep ccm-receive mep-id 3 enable # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 100.1.1.0 0.0.0.3 network 100.3.1.0 0.0.0.3 # return l
7-104
Issue 03 (2010-03-31)
ip address 3.3.3.3 255.255.255.255 # cfm md md1 ma ma1 ccm-interval 30 map vsi ldp1 mep mep-id 3 interface gigabitethernet 1/0/0.1 inward mep ccm-send mep-id 3 enable remote-mep mep-id 1 remote-mep ccm-receive mep-id 1 enable remote-mep mep-id 2 remote-mep ccm-receive mep-id 2 enable # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 100.2.1.0 0.0.0.3 network 100.3.1.0 0.0.0.3 # return l
Issue 03 (2010-03-31)
7-105
Configuring MPLS OAM between NPEs Configuring EFM OAM between UPEs and NPEs Associating EFM OAM with MPLS OAM
This allows MPLS OAM to send fault messages detected by EFM OAM running between UPE1 and NPE1 to EFM OAM running between NPE2 and UPE2. Figure 7-20 Diagram of associating EFM OAM with MPLS OAM Loopback1 4.4.4.4/32 P GE2/0/0 100.4.1.2/30 Loopback1 3.3.3.3/32 Loopback1 5.5.5.5/32 GE 1/0/0 100.5.1.2/30
GE 1/0/0 100.1.1.1/30 GE 2/0/0 GE 2/0/0 GE 1/0/0 GE 1/0/0 100.5.1.1/30 100.1.1.2/30 NPE1100.2.1.1/30 100.2.1.2/30 UPE1 NPE2
UPE2
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. Configure the IGP on the provider network so that devices can communicate. Configure MPLS OAM between NPEs. Configure EFM OAM between NPEs and UPEs. Configure EFM OAM between UPE1 and NPE1 to send fault messages to MPLS OAM and MPLS OAM then sends fault messages to EFM OAM between NPE2 and UPE2.
Data Preparation
To complete the configuration, you need the following data:
l l
IP addresses of the interface on the routers, name of tunnel interfaces, and tunnel ID Type of the sent detection packets
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
7-106
Procedure
Step 1 Configure IP addresses of the interfaces. Configure the IP address and mask for each interface including each loopback interface as shown in Figure 7-20. The detailed configuration is omitted here. For details, see "Configuration Files." Step 2 Configure the IGP. The Intermediate System-to-Intermediate System (IS-IS) is used as the IGP protocol in this example. # Configure UPE1.
[UPE1] isis 1 [UPE1-isis-1] network-entity 00.0005.0000.0000.0001.00 [UPE1-isis-1] is-level level-2 [UPE1-isis-1] quit [UPE1] interface gigabitethernet 1/0/0 [UPE1-GigabitEthernet1/0/0] isis enable 1 [UPE1-GigabitEthernet1/0/0] undo shutdown [UPE1-GigabitEthernet1/0/0] quit [UPE1] interface loopback 1 [UPE1-LoopBack1] isis enable 1 [UPE1-LoopBack1] quit
# Configure NPE1.
[NPE1] isis 1 [NPE1-isis-1] network-entity 00.0005.0000.0000.0002.00 [NPE1-isis-1] is-level level-2 [NPE1-isis-1] quit [NPE1] interface gigabitethernet 1/0/0 [NPE1-GigabitEthernet1/0/0] isis enable 1 [NPE1-GigabitEthernet1/0/0] undo shutdown [NPE1-GigabitEthernet1/0/0] quit [NPE1] interface gigabitethernet 2/0/0 [NPE1-GigabitEthernet2/0/0] isis enable 1 [NPE1-GigabitEthernet2/0/0] undo shutdown [NPE1-GigabitEthernet2/0/0] quit [NPE1] interface gigabitethernet 3/0/0 [NPE1-GigabitEthernet3/0/0] isis enable 1 [NPE1-GigabitEthernet3/0/0] undo shutdown [NPE1-GigabitEthernet3/0/0] quit [NPE1] interface loopback 1 [NPE1-LoopBack1] isis enable 1 [NPE1-LoopBack1] quit
# Configure P.
[P] isis 1 [P-isis-1] network-entity 00.0005.0000.0000.0004.00 [P-isis-1] is-level level-2 [P-isis-1] quit [P] interface gigabitethernet 1/0/0 [P-GigabitEthernet1/0/0] isis enable 1 [P-GigabitEthernet1/0/0] undo shutdown [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet 2/0/0 [P-GigabitEthernet2/0/0] isis enable 1 [P-GigabitEthernet2/0/0] undo shutdown [P-GigabitEthernet2/0/0] quit [P] interface loopback 1 [P-LoopBack1] isis enable 1 [P-LoopBack1] quit
# Configure NPE2.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-107
[NPE2] isis 1 [NPE2-isis-1] network-entity 00.0005.0000.0000.0003.00 [NPE2-isis-1] is-level level-2 [NPE2-isis-1] quit [NPE2] interface gigabitethernet 1/0/0 [NPE2-GigabitEthernet1/0/0] isis enable 1 [NPE2-GigabitEthernet1/0/0] undo shutdown [NPE2-GigabitEthernet1/0/0] quit [NPE2] interface gigabitethernet 2/0/0 [NPE2-GigabitEthernet2/0/0] isis enable 1 [NPE2-GigabitEthernet2/0/0] undo shutdown [NPE2-GigabitEthernet2/0/0] quit [NPE2] interface gigabitethernet 3/0/0 [NPE2-GigabitEthernet3/0/0] isis enable 1 [NPE2-GigabitEthernet3/0/0] undo shutdown [NPE2-GigabitEthernet3/0/0] quit [NPE2] interface loopback 1 [NPE2-LoopBack1] isis enable 1 [NPE2-LoopBack1] quit
# Configure UPE2.
[UPE2] isis 1 [UPE2-isis-1] network-entity 00.0005.0000.0000.0005.00 [UPE2-isis-1] is-level level-2 [UPE2-isis-1] quit [UPE2] interface gigabitethernet 1/0/0 [UPE2-GigabitEthernet1/0/0] isis enable 1 [UPE2-GigabitEthernet1/0/0] undo shutdown [UPE2-GigabitEthernet1/0/0] quit [UPE2] interface loopback 1 [UPE2-LoopBack1] isis enable 1 [UPE2-LoopBack1] quit
After the preceding configuration, run the display ip routing-table command on each router. You can view that the routers learn the routes from each other. Take the display on UPE1 as an example.
[UPE1] display ip routing-table Route Flags: R - relied, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 InLoopBack0 2.2.2.9/32 ISIS 15 10 D 100.1.1.2 GigabitEthernet1/0/0 3.3.3.9/32 ISIS 15 20 D 100.1.1.2 GigabitEthernet1/0/0 4.4.4.9/32 ISIS 15 20 D 100.1.1.2 GigabitEthernet1/0/0 5.5.5.9/32 ISIS 15 30 D 100.1.1.2 GigabitEthernet1/0/0 100.1.1.0/24 Direct 0 0 D 100.1.1.1 GigabitEthernet1/0/0 100.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 100.2.1.0/24 ISIS 15 20 D 100.1.1.2 GigabitEthernet1/0/0 100.3.1.0/24 ISIS 15 20 D 100.1.1.2 GigabitEthernet1/0/0 100.4.1.0/24 ISIS 15 30 D 100.1.1.2 GigabitEthernet1/0/0 100.5.1.0/24 ISIS 15 30 D 100.1.1.2 GigabitEthernet1/0/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
Step 3 Configure basic MPLS functions on NPEs and P; enable MPLS Traffic Engineering (TE), Resource Reservation Protocol TE (RSVP-TE), and Constraint Shortest Path First (CSPF). # Configure NPE1.
[NPE1] mpls [NPE1] mpls [NPE1-mpls] [NPE1-mpls] [NPE1-mpls] [NPE1-mpls] lsr-id 2.2.2.2 mpls te mpls rsvp-te mpls te cspf quit
7-108
Issue 03 (2010-03-31)
# Configure P.
[P] mpls lsr-id 4.4.4.4 [P] mpls [P-mpls] mpls te [P-mpls] mpls rsvp-te [P-mpls] quit [P] interface gigabitethernet [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] mpls [P-GigabitEthernet1/0/0] quit [P] interface gigabitethernet [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] mpls [P-GigabitEthernet2/0/0] quit
# Configure NPE2.
[NPE2] mpls lsr-id 3.3.3.3 [NPE2] mpls [NPE2-mpls] mpls te [NPE2-mpls] mpls rsvp-te [NPE2-mpls] mpls te cspf [NPE2-mpls] quit [NPE2] interface gigabitethernet [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] mpls [NPE2-GigabitEthernet2/0/0] quit [NPE2] interface gigabitethernet [NPE2-GigabitEthernet3/0/0] mpls [NPE2-GigabitEthernet3/0/0] mpls [NPE2-GigabitEthernet3/0/0] mpls [NPE2-GigabitEthernet3/0/0] quit
# Configure P.
[P] isis 1 [P-isis-1] cost-style wide [P-isis-1] traffic-eng level-2 [P-isis-1] quit
# Configure NPE2.
[NPE2] isis 1 [NPE2-isis-1] cost-style wide [NPE2-isis-1] traffic-eng level-2
Issue 03 (2010-03-31)
7-109
# Configure NPE2.
[NPE2] explicit-path npe2-to-npe1 [NPE2-explicit-path-npe2-to-npe1] next hop 100.4.1.2 [NPE2-explicit-path-npe2-to-npe1] quit [NPE2] interface tunnel 3/0/0 [NPE2-Tunnel3/0/0] ip address unnumbered interface loopback 1 [NPE2-Tunnel3/0/0] tunnel-protocol mpls te [NPE2-Tunnel3/0/0] destination 2.2.2.2 [NPE2-Tunnel3/0/0] mpls te tunnel-id 200 [NPE2-Tunnel3/0/0] mpls te signal-protocol rsvp-te [NPE2-Tunnel3/0/0] mpls te path explicit-path work [NPE2-Tunnel3/0/0] mpls te commit [NPE2-Tunnel3/0/0] quit
After the preceding configuration, run the display interface tunnel command on each NPE. You can view the tunnel interface is Up. Take the display on NPE1 as an example.
[NPE1] display interface tunnel Tunnel2/0/0 current state : UP Line protocol current state : UP Description : Tunnel2/0/0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is unnumbered, using address of LoopBack1(2.2.2.2/32) Encapsulation is TUNNEL, loopback not set Tunnel destination 3.3.3.3 Tunnel protocol/transport MPLS/MPLS, ILM is available, primary tunnel id is 0x1002001, secondary tunnel id is 0x0 The tunnelIfIndex is 0xc000505 5 minutes output rate 0 bits/s, 0 packets/s 0 packets output, 0 bytes 0 packets output dropped
Step 6 Configure MPLS OAM on NPEs. NPE1 acts as the ingress and NPE2 acts as the egress. # Configure NPE1.
[NPE1] mpls [NPE1-mpls] [NPE1-mpls] [NPE1] mpls [NPE1] mpls mpls oam quit oam ingress tunnel2/0/0 type ffd frequency 100 oam ingress enable all
# Configure NPE2.
[NPE2] mpls [NPE2-mpls] mpls oam [NPE2-mpls] quit [NPE2] mpls oam egress lsr-id 2.2.2.2 tunnel-id 100 auto-protocol backward-lsp tunnel 3/0/0 private
7-110
Issue 03 (2010-03-31)
After the preceding configuration, you can use the command to view the parameters and status of MPLS OAM on the ingress NPE1 and egress NPE2. The command output shows that the ingress and egress are in normal detection state. Take the display on NPE2 as an example.
[NPE2] display mpls oam egress all verbose ------------------------------------------------------------------------Verbose information about the NO.1 oam at the egress ------------------------------------------------------------------------lsp basic information: oam basic information: --------------------------------------------------------------------Lsp name : -Oam-Index : 256 Lsp signal status : Up Oam select board : 1 Lsp establish type : Rsvp lsp Enable-state : -Lsp incoming Label : 3 Auto-protocol : Enable Lsp ingress lsr-id : 2.2.2.2 Auto-overtime (s) : 300 Lsp tnl-id/lsp-id : 100/1 Ttsi/lsr-id : 2.2.2.2 Lsp Incoming-int GigabitEthernet2/0/0 Ttsi/tunnel-id : 100 oam detect information: oam backward information: --------------------------------------------------------------------Type : FFD Tunnel name : Tunnel2/0/0 Frequency : 100 ms Share attribute : Private Detect-state : Start Lsp signal status : Up Defect-state : Non-defect Bdi-frequency : Detect-freq Available state : Available Unavailable time (s): 0 ------------------------------------------------------------------------Total Oam Num: 1 Total Start Oam Num: 1 Total Defect Oam Num: 0 Total Unavaliable Oam Num: 0
# Configure NPE1.
[NPE1] efm enable [NPE1] interface gigabitethernet 1/0/0 [NPE1-GigabitEthernet1/0/0] efm enable [NPE1-GigabitEthernet1/0/0] quit
# Configure UPE2.
[UPE2] efm enable [UPE2] interface gigabitethernet 1/0/0 [UPE2-GigabitEthernet1/0/0] efm enable [UPE2-GigabitEthernet1/0/0] quit
# Configure NPE2.
[NPE2] efm enable [NPE2] interface gigabitethernet 1/0/0 [NPE2-GigabitEthernet1/0/0] efm enable [NPE2-GigabitEthernet1/0/0] quit
After the preceding configuration, run the display efm session command on UPEs or NPEs. You can view that the status of EFM OAM on GE 1/0/0 is detect. Take the display on UPE2 as an example.
[UPE2] display efm session interface gigabitethernet 1/0/0
Issue 03 (2010-03-31)
7-111
Step 8 Associate EFM OAM with MPLS OAM on NPEs. # Configure NPE1.
[NPE1] oam-mgr [NPE1-oam-mgr] oam tunnel 2/0/0 oam-bind ingress efm interface gigabitethernet 1/0/0 egress mpls
# Configure NPE2.
[NPE2] oam-mgr [NPE2-oam-mgr] oam-bind ingress mpls oam lsr-id 2.2.2.2 tunnel-id 200 egress efm interface gigabitethernet 1/0/0
NOTE
When you create static LSPs, MPLS OAM instances created accordingly record LSR ID and tunnel ID only, if lsr-id and tunnel-id are specified. In this manner, you must specify lsr-id and tunnel-id when associating Ethernet OAM with MPLS OAM.
Step 9 Verify the configuration. After the preceding configuration, when EFM OAM running between UPE1 and NPE1 detects faults, the faults can be sent to EFM OAM running between UPE2 and NPE2 through MPLS OAM. ----End
Configuration Files
l
7-112
Issue 03 (2010-03-31)
mpls te cspf # explicit-path npe1-to-npe2 next hop 100.2.1.2 # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0002.00 traffic-eng level-2 # interface GigabitEthernet1/0/0 undo shutdown ip address 100.1.1.2 255.255.255.252 isis enable 1 efm enable # interface GigabitEthernet2/0/0 undo shutdown ip address 100.2.1.2 255.255.255.252 isis enable 1 mpls mpls te mpls rsvp-te # interface GigabitEthernet3/0/0 undo shutdown ip address 100.3.1.1 255.255.255.252 isis enable 1 mpls mpls te mpls rsvp-te # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # interface Tunnel2/0/0 ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 3.3.3.3 mpls te tunnel-id 100 mpls te path explicit-path npe1-to-npe2 mpls te commit # mpls oam ingress Tunnel2/0/0 type ffd frequency 100 mpls oam ingress enable Tunnel2/0/0 # oam-mgr oam-bind ingress efm interface GigabitEthernet 1/0/0 egress mpls oam Tunnel 2/0/0 # return l
Configuration file of P
# sysname P # mpls lsr-id 4.4.4.4 mpls mpls te mpls rsvp-te # isis 1 is-level level-2 cost-style wide network-entity 00.0005.0000.0000.0004.00 traffic-eng level-2 # interface GigabitEthernet1/0/0
Issue 03 (2010-03-31)
7-113
7-114
Issue 03 (2010-03-31)
ip address unnumbered interface LoopBack1 tunnel-protocol mpls te destination 2.2.2.2 mpls te tunnel-id 200 mpls te path explicit-path npe2-to-npe1 mpls te commit # mpls oam egress lsr-id 1.1.1.1 tunnel-id 100 backward-lsp Tunnel3/0/0 private # oam-mgr oam-bind ingress mpls oam lsr-id 2.2.2.2 tunnel-id 200 egress efm interface GigabitEthernet 1/0/0 # return l
Issue 03 (2010-03-31)
7-115
Figure 7-21 Networking diagram of configuring EFM OAM extension for VRRP
AS:100
PO 100 S1/0/ .1.1 0 Loopback1 .1/2 Loopback1 P 4 1 OS1 1.1.1.1/32 /0/0 4.4.4.4/32 00. GE2/0/0 1.1 .2/2 Vlanif10 100.3.1.1/24 4 10.1.1.2/24 Loopback1 VRRP 4.4.4.4/32 Vlanif10 /0 GE2/0/0 2/0 CE1 10.1.1.3/24 OS .2/24 PE3 100.3.1.2/24 P (SoftX) .2.1 /0 100 GE 1/0 4 VPNA 3/0 POS .1.1/2 /0 .2 GE2/0/0 PE2 100 MPLS Vlanif10: Loopback1 backbone 10.1.1.1/24 3.3.3.3/32
/0/0 E3 G
The master interface board of CE1 is connected to the master router, and the slave interface board of CE1 is connected to the backup router. The interfaces on the master interface board and slave interface board that are connected to PE1 and PE2 are configured with the same IP address. Normally, the IP address of the interface on the master interface board is valid. The SoftX is dual homed to the gateways, that is, PE1 and PE2. VLAN IF interfaces are configured to group PE1 and PE2 into a broadcast domain, that is, a VLAN. Then the downstream interfaces (configured as a Layer 2 interfaces) of the two PEs are added into the VLAN. Based on EFM OAM extension, the SoftX can detect the faults on the links connecting the SoftX to PE1 and PE2.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure Intermediate System to Intermediate System (IS-IS) between PEs to implement interworking between the PEs. Establish MPLS Label Switched Paths (LSPs) between PEs. Configure VPN instances on PEs and associate the interfaces that connect the PEs to the CE with the corresponding VPN instances. Configure Multiprotocol Interior Border Gateway Protocol (MP IBGP) between PEs to exchange VPN routing information. Enable EFM OAM extension between PE1 and CE1, and between PE2 and CE1. Then associate EFM OAM extension with interfaces. Create the VRRP backup group and enable EFM OAM extension to track the interface status.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
7-116
Data Preparation
To complete the configuration, you need the following data:
l l l l
IP address of each interface, including the physical interface and VLANIF interface MPLS LSR IDs of PEs Names of the VPN instances, router distinguishers (RDs), and VPN targets on PEs Virtual IP address of the VRRP backup group and VRRP priorities of master and backup routers
Procedure
Step 1 Assign IP addresses to interfaces on PE1, PE2, PE3, and CE1. # Configure PE1. Create VLAN 10, and add GE 2/0/0 and GE 3/0/0 into VLAN 10.
<PE1> system-view [PE1] interface gigabitethernet 2/0/0 [PE1-GigabitEthernet2/0/0] portswitch [PE1-GigabitEthernet2/0/0] quit [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] portswitch [PE1-GigabitEthernet3/0/0] quit [PE1-vlan10] port gigabitethernet 2/0/0 [PE1-vlan10] port gigabitethernet 3/0/0 [PE1-vlan10] interface vlanif10 [PE1-vlanif10] ip address 10.1.1.2 255.255.255.0 [PE1-vlanif10] quit
# Configure PE2. Create VLAN 10, and add GE 2/0/0 and GE 3/0/0 into VLAN 10.
<PE2> system-view [PE2] interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] portswitch [PE2-GigabitEthernet2/0/0] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] portswitch [PE2-GigabitEthernet3/0/0] quit [PE2-vlan10] port gigabitethernet 2/0/0 [PE2-vlan10] port gigabitethernet 3/0/0 [PE2-vlan10] interface vlanif10 [PE2-vlanif10] ip address 10.1.1.3 255.255.255.0 [PE2-vlanif10] quit
# Configure CE1. Create VLAN 10, and add GE 1/0/0 and GE 2/0/0 into VLAN 10.
<CE1> system-view [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] portswitch [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] portswitch [CE1-GigabitEthernet2/0/0] quit [CE1-vlan10] port gigabitethernet 1/0/0 [CE1-vlan10] port gigabitethernet 2/0/0 [CE1-vlan10] interface vlanif10 [CE1-vlanif10] ip address 10.1.1.1 255.255.255.0 [CE1-vlanif10] quit
Step 2 Configure IGP on the MPLS backbone network to implement device interworking on the backbone network. # Configure PE1.
[PE1] interface loopback 1
Issue 03 (2010-03-31)
7-117
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.3 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.2.1.1 24 [PE2-Pos1/0/0] isis enable [PE2-Pos1/0/0] quit [PE2] isis 1 [PE2-isis-1] is-level level-1-2 [PE2-isis-1] network-entity 10.0000.0000.0002.00 [PE2-isis-1] quit
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 4.4.4.4 32 [PE3-LoopBack1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] ip address 100.1.1.2 24 [PE3-Pos1/0/0] isis enable [PE3-Pos1/0/0] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] ip address 100.2.1.2 24 [PE3-Pos2/0/0] isis enable [PE3-Pos2/0/0] quit [PE3] isis 1 [PE3-isis-1] is-level level-1-2 [PE3-isis-1] network-entity 10.0000.0000.0003.00 [PE3-isis-1] quit
Step 3 Configure basic MPLS functions and MPLS Label Distribution Protocol (LDP) on the MPLS backbone network and set up LDP LSPs. # Configure PE1.
[PE1] mpls lsr-id 2.2.2.2 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-ldp] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] mpls [PE1-Pos1/0/0] mpls ldp [PE1-Pos1/0/0] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit
7-118
Issue 03 (2010-03-31)
# Configure PE3.
[PE3] mpls lsr-id 4.4.4.4 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-ldp] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls [PE3-Pos1/0/0] mpls ldp [PE3-Pos1/0/0] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit
After the preceding configuration, LDP sessions are set up between PEs. Run the display mpls ldp session command. The command output shows that the Status field displays Operational. Step 4 Configure VPN instances on PE1 and PE2 so that CE1 can access both PEs. # Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit [PE1] interface vlanif 10 [PE1-vlanif10] ip binding vpn-instance vpna [PE1-vlanif10] ip address 10.1.1.2 24 [PE1-vlanif10] quit
# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 100:2 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] interface vlanif 10 [PE2-vlanif10] ip binding vpn-instance vpna [PE2-vlanif10] ip address 10.1.1.3 24 [PE2-vlanif10] quit
Step 5 Enable EFM OAM extension between PE1 and CE1, and between PE2 and CE1. # Configure PE1.
[PE1] efm enable [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] efm enable [PE1-GigabitEthernet3/0/0] efm trigger if-down [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
[PE2] efm enable [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] efm enable [PE2-GigabitEthernet3/0/0] efm trigger if-down [PE2-GigabitEthernet3/0/0] quit
Step 6 Configure the static routes on PE1 and PE2 that are destined for CE1, and import the static routes to the Border Gateway Protocol (BGP). # Configure PE1.
[PE1] ip route-static vpn-instance vpna 1.1.1.1 32 10.1.1.1 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna
Issue 03 (2010-03-31)
7-119
# Configure PE2.
[PE2] ip route-static vpn-instance vpna 1.1.1.1 32 10.1.1.1 [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-vpna] import-route direct [PE2-bgp-vpna] import-route static [PE2-bgp-vpna] quit
# Configure CE1. Configure the virtual IP address of the VRRP backup group as the gateway address.
[CE1] ip route-static 0.0.0.0 0.0.0.0 10.1.1.111
Step 7 Set up MP-IBGP peer relationships between PE1, PE2, and PE3. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface loopback 1 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface loopback 1 ipv4-family vpnv4 peer 3.3.3.3 enable peer 4.4.4.4 enable quit
# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface loopback 1 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface loopback 1 ipv4-family vpnv4 peer 2.2.2.2 enable peer 4.4.4.4 enable quit
# Configure PE3.
[PE3] bgp [PE3-bgp] [PE3-bgp] [PE3-bgp] [PE3-bgp] [PE3-bgp] [PE3-bgp] [PE3-bgp] [PE3-bgp] 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface loopback 1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface loopback 1 ipv4-family vpnv4 peer 2.2.2.2 enable peer 3.3.3.3 enable quit
Step 8 Configure the VRRP backup group on PE1 and PE2 to track the traffic of the downstream interface. # Configure PE1.
[PE1] interface vlanif 10 [PE1-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.111 [PE1-vlanif10] vrrp vrid 1 track interface gigabitethernet 3/0/0 reduced 60 [PE1-vlanif10] quit
7-120
Issue 03 (2010-03-31)
# Configure PE2.
[PE1] interface vlanif 10 [PE2-vlanif10] vrrp vrid 1 virtual-ip 10.1.1.111 [PE2-vlanif10] vrrp vrid 1 track interface gigabitethernet 3/0/0 reduced 60 [PE21-vlanif10] quit
Step 9 Verify the configuration. After the configuration, run the display interface command on PE2 to check the status of the backup interface. The command output shows that the protocol status of the backup interface is DOWN (EFM down). That is, the backup interface is blocked, and cannot forward traffic.
[PE2] display interface GigabitEthernet 3/0/0 GigabitEthernet3/0/0 current state : UP Line protocol current state : DOWN (EFM down) Description: GigabitEthernet3/0/0 Interface Switch Port,PVID : 10,The Maximum Transmit Unit is 1500 Internet protocol processing : disabled IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-0003-0003 The Vendor Name is AGILENT , The Vendor PN is HFCT-5710L Transceiver BW: 1G, Transceiver Mode: Single Mode WaveLength: 1310nm, Transmission Distance: 10km Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Receive Enable and Send Enable Last physical up time : 2008-12-27 19:40:57 Last physical down time : 2008-12-27 19:40:56Statistics last cleared:2008-12-27 17:13:58 Last 300 seconds input rate: 520 bits/sec, 1 packets/sec Last 300 seconds output rate: 592 bits/sec, 1 packets/sec Input: 2041312 bytes, 15821 packets Output: 591032 bytes, 9228 packets Input: Unicast: 6176 packets, Multicast: 9627 packets Broadcast: 18 packets, JumboOctets: 0 packets CRC: 0 packets, Symbol: 0 packets Overrun: 0 packets, InRangeLength: 0 packets LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets Fragment: 0 packets, Undersized Frame: 0 packets RxPause: 0 packets Output: Unicast: 21 packets, Multicast: 9144 packets Broadcast: 63 packets, JumboOctets: 0 packets Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets System: 0 packets, Overruns: 0 packets TxPause: 0 packets Unknown Vlan: 0 packets
Run the display vrrp command on PE1 and PE2 to check the status of the VRRP backup group. The command output shows that the VRRP status of PE1 is Master, and the VRRP status of PE2 is Backup. That is, PE1 functions as the master PE, and is responsible for forwarding traffic. PE2 functions as the backup PE, and cannot forward traffic.
[PE1] display vrrp Vlanif10 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 PriorityRun : 40 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 TimerRun : 1 TimerConfig : 1 Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES
Issue 03 (2010-03-31)
7-121
priority reduced : 60
priority reduced : 60
----End
Configuration Files
l
7-122
Issue 03 (2010-03-31)
bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct import-route static # ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.1.1.1 # return l
Issue 03 (2010-03-31)
7-123
peer 4.4.4.4 connect-interface LoopBack1 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct import-route static # ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.1.1.1 # return l
7-124
Issue 03 (2010-03-31)
7.16.10 Exmaple for Configuring EFM OAM Extension for Static Routes
Networking Requirements
Figure 7-22 shows the networking requirements: Figure 7-22 Networking diagram of configuring EFM OAM extension for static routes
EFM OAM Extension Loopback1 AS:100 2.2.2.2/32 GE1/0/0 PE1 P 10.1.1.1/24 O 100 S1/0/ .1.1 0 0/0 3/ Loopback1 .1/2 Loopback1 P GE 4 1 OS1 1.1.1.1/32 /0/0 4.4.4.4/32 00. 4 GE2/0/0 2 1.1 .2/ .2/2 100.3.1.1/24 1.1 4 0. 1 CE1 (SoftX) GE2/0/0 100.3.1.2/24 24 GE 0/0 3/0 S1/ VPNA /0 PO .1.1/24 .2 GE2/0/0 PE2 100 10.1.1.1/24 Loopback1 3.3.3.3/32 EFM OAM Extension
10.1 .1.2 /
MPLS backbone
The master interface board of CE1 (SoftX) is connected to the master router, and the slave interface board of CE1 is connected to the backup router. The interfaces on the master interface board and slave interface board that are connected to PE1 and PE2 are configured with the same IP address. Normally, the IP address of the interface on the master interface board is valid. The SoftX is dual homed to the gateways, that is, PE1 and PE2.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-125
On PE1 and PE2, static routes destined for CE1 are configured, and EFM OAM extension for static routes are configured to realize link protection and failover.
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Configure IS-IS between PEs to implement interworking between the PEs. Establish MPLS LSPs between PEs. Configure VPN instances on PEs and associate the interfaces that connect PEs to CEs with the corresponding VPN instances. Configure MP IBGP between PEs to exchange VPN routing information. Enable EFM OAM extension between PE1 and CE1, and between PE2 and CE1. Configure the static routes on PE1 and PE2 that are destined for CE1. Then configure EFM OAM extension for static routes, and import the static routes to BGP.
Data Preparation
To complete the configuration, you need the following data:
l l l
IP address of each physical interface MPLS LSR IDs of the PEs Names of the VPN instances, RDs, and VPN targets on the PEs
Procedure
Step 1 Configure IGP on the MPLS backbone network to implement device interworking on the backbone network. # Configure PE1.
[PE1] interface loopback 1 [PE1-LoopBack1] ip address 2.2.2.2 32 [PE1-LoopBack1] quit [PE1] interface pos 1/0/0 [PE1-Pos1/0/0] ip address 100.1.1.1 24 [PE1-Pos1/0/0] isis enable [PE1-Pos1/0/0] quit [PE1] interface pos 20/0 [PE1-Pos2//0] ip address 100.3.1.1 24 [PE1-Pos2/0/0] isis enable [PE1-Pos20/0] quit [PE1] isis 1 [PE1-isis-1] is-level level-1-2 [PE1-isis-1] network-entity 10.0000.0000.0001.00 [PE1-isis-1] quit
# Configure PE2.
[PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.3 32 [PE2-LoopBack1] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] ip address 100.2.1.1 24 [PE2-Pos1/0/0] isis enable [PE2-Pos1/0/0] quit [PE2] interface pos 20/0 [PE2-Pos2/0/0] ip address 100.3.1.1 24 [PE2-Pos2/0/0] isis enable
7-126
Issue 03 (2010-03-31)
# Configure PE3.
[PE3] interface loopback 1 [PE3-LoopBack1] ip address 4.4.4.4 32 [PE3-LoopBack1] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] ip address 100.1.1.2 24 [PE3-Pos1/0/0] isis enable [PE3-Pos1/0/0] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] ip address 100.2.1.2 24 [PE3-Pos2/0/0] isis enable [PE3-Pos2/0/0] quit [PE3] isis 1 [PE3-isis-1] is-level level-1-2 [PE3-isis-1] network-entity 10.0000.0000.0003.00 [PE3-isis-1] quit
After the configuration, IS-IS neighbor relationships are set up between PE1, PE2, and PE3. Run the display ip routing-table command. The command output shows that the PEs learn the Loopback1 route from each other. Take the display on PE1 as an example:
[PE1] display ip routing-table Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: Public Destinations : 29 Routes : 30 Destination/Mask 1.1.1.1/32 3.3.3.3/32 0/0 4.4.4.4/32 10.1.1.0/24 0/0 10.1.1.2/32 Direct 0 10.1.1.255/32 Direct 0 127.0.0.0/8 Direct 0 127.0.0.1/32 Direct 0 127.255.255.255/32 Direct 0 100.1.1.0/24 Direct 0 100.1.1.1/32 Direct 0 100.1.1.255/32 Direct 0 100.2.1.0/24 ISIS 15 0/0 ISIS 15 100.3.1.0/24 Direct 0 0/0 100.3.1.1/32 Direct 0 100.3.1.255/32 Direct 0 255.255.255.255/32 Direct 0 0 0 0 0 0 0 0 0 20 20 0 0 0 0 D D D D D D D D D D D D D D 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 127.0.0.1 100.1.1.1 127.0.0.1 127.0.0.1 100.3.1.2 100.1.1.2 100.3.1.1 127.0.0.1 127.0.0.1 127.0.0.1 InLoopBack0 InLoopBack0 InLoopBack0 InLoopBack0 InLoopBack0 POS1/0/0 InLoopBack0 InLoopBack0 GigabitEthernet2/ POS1/0/0 GigabitEthernet2/ InLoopBack0 InLoopBack0 InLoopBack0 ISIS 15 Direct 0 10 0 D D 100.1.1.2 10.1.1.2 POS1/0/0 GigabitEthernet3/ Proto Pre Cost 0 10 Flags NextHop D D 127.0.0.1 100.3.1.2 Interface InLoopBack0 GigabitEthernet2/
Direct 0 ISIS 15
Step 2 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network and set up LDP LSPs. # Configure PE1.
[PE1] mpls lsr-id 2.2.2.2 [PE1] mpls [PE1-mpls] quit
Issue 03 (2010-03-31)
7-127
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.3 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-ldp] quit [PE2] interface pos 1/0/0 [PE2-Pos1/0/0] mpls [PE2-Pos1/0/0] mpls ldp [PE2-Pos1/0/0] quit [PE2] interface pos 2/0/0 [PE2-Pos2/0/0] mpls [PE2-Pos2/0/0] mpls ldp [PE2-Pos2/0/0] quit
# Configure PE3.
[PE3] mpls lsr-id 4.4.4.4 [PE3] mpls [PE3-mpls] quit [PE3] mpls ldp [PE3-ldp] quit [PE3] interface pos 1/0/0 [PE3-Pos1/0/0] mpls [PE3-Pos1/0/0] mpls ldp [PE3-Pos1/0/0] quit [PE3] interface pos 2/0/0 [PE3-Pos2/0/0] mpls [PE3-Pos2/0/0] mpls ldp [PE3-Pos2/0/0] quit
After the preceding configuration, LDP sessions are set up between PEs. Run the display mpls ldp session command. The command output shows that the LDP session status is Operational. Take the display on PE1 as an example:
[PE1] display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv -----------------------------------------------------------------------------3.3.3.3:0 Operational DU Passive 000:02:22 572/572 4.4.4.4:0 Operational DU Passive 000:02:21 566/566 -----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
Step 3 Configure VPN instances on PE1 and PE2 so that CE1 can access both PEs. # Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] route-distinguisher 100:1 [PE1-vpn-instance-vpna] vpn-target 111:1 both [PE1-vpn-instance-vpna] quit
7-128
Issue 03 (2010-03-31)
# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] route-distinguisher 100:2 [PE2-vpn-instance-vpna] vpn-target 111:1 both [PE2-vpn-instance-vpna] quit [PE2] interface gigabitethernet 3/0/0 [PE2-GigabitEthernet3/0/0] ip binding vpn-instance vpna [PE2-GigabitEthernet3/0/0] ip address 10.1.1.2 24 [PE2-GigabitEthernet3/0/0] quit
# Configure CE1. Note that the IP addresses of the interfaces on the master and slave interface boards are the same.
[CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 2/0/0 [CE1-GigabitEthernet2/0/0] ip address 10.1.1.1 24 [CE1-GigabitEthernet2/0/0] quit
After the configuration, run the display ip vpn-instance verbose command on PEs. The command output shows the configurations of VPN instances. In addition, you can find that PE1 and PE2 can ping CE1 successfully. Take PE1 and CE1 as an example:
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2008/12/27 15:42:43 Up time : 0 days, 00 hours, 04 minutes and 15 seconds Route Distinguisher : 100:1 Export VPN Targets : 111:1 Import VPN Targets : 111:1 Label policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Interfaces : GigabitEthernet3/0/0 [PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=2 Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=2 Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=2 Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=2 --- 10.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/5 ms
ms ms ms ms ms
Step 4 Enable EFM OAM extension between PE1 and CE1, and between PE2 and CE1. # Configure PE1.
[PE1] efm enable [PE1] interface gigabitethernet 3/0/0 [PE1-GigabitEthernet3/0/0] efm enable [PE1-GigabitEthernet3/0/0] quit
# Configure PE2.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 7-129
# Configure CE1.
[CE1] efm enable [CE1] interface gigabitethernet 1/0/0 [PE2-GigabitEthernet1/0/0] efm enable [PE2-GigabitEthernet1/0/0] quit interface gigabitethernet 2/0/0 [PE2-GigabitEthernet2/0/0] efm enable [PE2-GigabitEthernet2/0/0] quit
Step 5 Configure the static routes on PE1 and PE2 that are destined for CE1. Then configure EFM OAM extension for static routes, and import the static routes to BGP. # Configure PE1.
[PE1] ip route-static vpn-instance vpna 1.1.1.1 32 10.1.1.1 track efm-state gigabitethernet 3/0/0 [PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] import-route static [PE1-bgp-vpna] quit [UPE] interface gigabitethernet 1/0/3 [UPE-GigabitEthernet1/0/2] efm enable [UPE-GigabitEthernet1/0/2] quit
# Configure PE2.
[PE2] ip route-static vpn-instance vpna 1.1.1.1 32 10.2.1.1 track efm-state gigabitethernet 3/0/0 [PE2] bgp 100 [PE2-bgp] ipv4-family vpn-instance vpna [PE2-bgp-vpna] import-route direct [PE2-bgp-vpna] import-route static [PE2-bgp-vpna] quit
Step 6 Set up MP-IBGP peer relationships between PE1, PE2, and PE3. # Configure PE1.
[PE1] bgp [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] [PE1-bgp] 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface loopback 1 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface loopback 1 ipv4-family vpnv4 peer 3.3.3.3 enable peer 4.4.4.4 enable quit
# Configure PE2.
[PE2] bgp [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] [PE2-bgp] 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface loopback 1 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface loopback 1 ipv4-family vpnv4 peer 2.2.2.2 enable peer 4.4.4.4 enable quit
# Configure PE3.
7-130 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
After the configuration, run the display bgp peer command on the PEs. The command output shows that peer relationships are set up between the PEs and the status of the peer relationships is Established.
[PE1] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 100 Total number of peers : 2 Peer 4.4.4.4 3.3.3.3 V 4 4 AS 100 100 MsgRcvd 205 197 MsgSent 202 254
Step 7 Verify the configuration. # # Run the display ip routing-table vpn-instance command on the PEs. The command output shows that the static route exists in the routing table of each PE.
[PE2] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre 60 0 0 0 255 255 255 0 Cost 0 0 0 0 0 0 0 0 Flags NextHop RD D D D RD RD RD D 10.1.1.1 10.1.1.2 127.0.0.1 127.0.0.1 3.3.3.9 4.4.4.4 4.4.4.4 127.0.0.1 InLoopBack0 InLoopBack0 POS1/0/0 POS1/0/0 InLoopBack0 Interface
1.1.1.1/32 Static GigabitEthernet3/0/0 10.1.1.0/24 Direct GigabitEthernet3/0/0 10.1.1.2/32 Direct 10.1.1.255/32 Direct 10.2.1.0/24 BGP GigabitEthernet2/0/0 10.3.1.0/24 BGP 10.3.1.2/32 BGP 255.255.255.255/32 Direct
[PE2] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre 255 255 0 0 0 255 Cost 0 0 0 0 0 0 Flags NextHop RD RD D D D RD 1.1.1.1 1.1.1.1 10.2.1.2 127.0.0.1 127.0.0.1 4.4.4.4 InLoopBack0 InLoopBack0 POS1/0/0 Interface
1.1.1.1/32 BGP GigabitEthernet3/0/0 10.1.1.0/24 BGP GigabitEthernet2/0/0 10.2.1.0/24 Direct GigabitEthernet3/0/0 10.2.1.2/32 Direct 10.2.1.255/32 Direct 10.3.1.0/24 BGP
Issue 03 (2010-03-31)
7-131
If the master/slave failover occurs on the interface boards of CE1, the gateway of CE1 also changes from PE1 to PE2. The routing information is displayed as follows:
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 BGP 255 0 RD 3.3.3.9 GigabitEthernet3/0/0 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet3/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.2.1.0/24 BGP 255 0 RD 3.3.3.9 GigabitEthernet2/0/0 10.3.1.0/24 BGP 255 0 RD 4.4.4.4 POS1/0/0 10.3.1.2/32 BGP 255 0 RD 4.4.4.4 POS1/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [PE2] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 8 Routes : 8 Destination/Mask Proto Pre 60 255 0 0 0 255 255 0 Cost 0 0 0 0 0 0 0 0 Flags NextHop RD RD D D D RD RD D 10.2.1.1 1.1.1.1 10.2.1.2 127.0.0.1 127.0.0.1 4.4.4.4 4.4.4.4 127.0.0.1 InLoopBack0 InLoopBack0 POS1/0/0 POS1/0/0 InLoopBack0 Interface
1.1.1.1/32 Static GigabitEthernet3/0/0 10.1.1.0/24 BGP GigabitEthernet2/0/0 10.2.1.0/24 Direct GigabitEthernet3/0/0 10.2.1.2/32 Direct 10.2.1.255/32 Direct 10.3.1.0/24 BGP 10.3.1.2/32 BGP 255.255.255.255/32 Direct
----End
Configuration Files
l
7-132
Issue 03 (2010-03-31)
interface GigabitEthernet3/0/0 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 efm enable # interface Pos1/0/0 link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.3.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct import-route static # ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.1.1.1 track efmstate gigabitethernet 3/0/0 # return l
Issue 03 (2010-03-31)
7-133
link-protocol ppp ip address 100.2.1.1 255.255.255.0 mpls mpls ldp # interface Pos2/0/0 link-protocol ppp ip address 100.3.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 100 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack1 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable peer 4.4.4.4 enable # ipv4-family vpn-instance vpna import-route direct import-route static # ip route-static vpn-instance vpna 1.1.1.1 255.255.255.255 10.2.1.1 track efmstate gigabitethernet 3/0/0 # return l
7-134
Issue 03 (2010-03-31)
Issue 03 (2010-03-31)
7-135
8 Configuring ISSU
8
About This Chapter
8.2 Implementing ISSU This section describes how to implement ISSU. 8.3 Maintaining ISSU This section describes how to monitor ISSU.
Configuring ISSU
This section describes the concepts, working mechanism, configuration procedures, and maintenance commands of ISSU, and provides configuration examples. 8.1 Introduction This section describes the concept, modes, and system requirements of ISSU.
8.4 Configuration Examples This section describes examples for configuring ISSU.
Issue 03 (2010-03-31)
8-1
8 Configuring ISSU
8.1 Introduction
This section describes the concept, modes, and system requirements of ISSU. 8.1.1 Introduction to ISSU 8.1.2 ISSU Supported by the NE80E/40E
The software version running in the system supports ISSU. The main boards support 1:1 redundancy backup and the interface board supports dual processes. A new process for the new version is created on the interface board because the interface board does not support 1:1 backup. During ISSU, the new process replaces the old process, which implements the switch of forwarding planes. During ISSU, the SMB is upgraded to the new version, and a new process is created on the interface board. Then, the SMB and the new process of the interface board replace the AMB and the old process of the interface board respectively. Finally, the original AMB is upgraded to the new version and thus ISSU of the whole device is complete. The system supports the Graceful Restart (GR). When the device is being reset and performing master/slave switch, its neighbors can forward and receive packets according to the routing table before switch. After being reset, the device obtains routing information from its neighbors. In this manner, service interruption can be minimized and thus network flapping caused by large-scale route recalculation is avoided. The configuration data of different versions before master/slave switch can be synchronized between the AMB and the SMB. ISSU synchronizes the configuration data of the AMB and the SMB by restoring configurations. That is, the AMB saves a temporary configuration file, through which the SMB restores the configurations.
Lossless ISSU In this mode, the configurations and data of the old AMB are synchronized with the new AMB; the configurations and data of the old process on the interface board are synchronized
8-2
Issue 03 (2010-03-31)
8 Configuring ISSU
with the new process on the interface board. This upgrade mode requires a higher performance of the system.
l
Lossy ISSU In this mode, the configurations of the old AMB are synchronized with the new AMB; the configurations of the old process on the interface board are synchronized with the new process on the interface board; however, the dynamic data is not synchronized.
NOTE
In lossless or lossy ISSU, the interface board that does not support ISSU is commonly reset. In this way, the interface board is commonly reset at the ISSU plane switch phase.
Lossy ISSU and lossless ISSU are simultaneously performed. Lossy ISSU and fast-startup ISSU are simultaneously performed.
ISSU Process
The ISSU process is as follows: 1. ISSU resets the SMB based on the new version and creates a new process based on the new version on the interface board. In this manner, the new process on the interface board and the SMB form a new forwarding plane and control plane. Data synchronization and configuration restoration are performed between the AMB and the SMB and between the new process and old process on the interface board. The old control plane and forwarding plane are replaced with the new control plane and forwarding plane. Then, ISSU is complete.
2. 3.
Issue 03 (2010-03-31)
8-3
8 Configuring ISSU
Pre-configuration Tasks
Before implementing ISSU, complete the following tasks:
l l l
Powering on the router or switch and starting it normally Configuring GR Downloading resource files of the new version to the AMB and SMB. For the configuration procedures of downloading resource files, refer to the chapter "Upgrade and Maintenance" in the HUAWEI NetEngine80E/40E Router Configuration Guide - Basic Configuration
Data Preparation
To implement ISSU, you need the following data. No. 1 Data Length of the ISSU rollback timer
Hardware compatibility check, also called resource check, is performed to determine whether the interface board supports ISSU. ISSU software compatibility check is performed to determine the ISSU modes supported by each module.
ISSU precheck has little impact on the system and does not cause the SMB to reset, and thus can be used in non-ISSU phases. Do as follows on the device on which ISSU is performed:
Procedure
Step 1 Run:
8-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
8 Configuring ISSU
The ISSU precheck is performed. After ISSU precheck is complete, the system automatically provides the precheck result. ----End
Procedure
Step 1 Run:
issu timer rollback time
The length of the ISSU rollback timer is set. When the system enters the ISSU check phase, the ISSU rollback timer is automatically activated and its length is 120 minutes by default. ----End
Procedure
Step 1 Run:
issu check system-software system-file paf paf-file license license-file
ISSU is checked. Once the command is run, the system has entered the ISSU check phase. ISSU check is performed to obtain the ISSU modes supported by the system and provides the check result in prompt information. ISSU check has the following impact on the system:
l l l
The SMB is reset on the basis of the new version and then becomes the new AMB. The system view cannot be entered. The ISSU rollback timer is activated. ISSU must be finished before the timer expires. Otherwise, ISSU may fail.
For the interactive information and description during ISSU check, refer to Table 8-1.
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. 8-5
8 Configuring ISSU
Table 8-1 Description of the issu check command output Interactive information Warning: The value of the ISSU rollback timer is 120 minutes. The system will begin the ISSU upgrade. Continue? [Y/N]: Description Warning: The length of the ISSU rollback timer is 120 minutes. The system will start ISSU. Continue? [Y/N]
l
If you enter y, the system starts ISSU and performs ISSU check. If you enter n, the system aborts the running of the issu check command and then quits ISSU.
Warning: The slave board will be rebooted and check the software compatibility. Continue? [Y/N]:
Warning: The SMB will be reset and then the system will check software compatibility. Continue? [Y/N]
l
When you enter y, the SMB will be reset on the basis of the new version. The process lasts about two minutes in normal situations. After the SMB is reset, the system checks software compatibility. If you enter n, the system aborts the running of the issu check command and then quits ISSU.
NOTE When the R versions are the same, the preceding prompt is displayed.
Warning: The slave board will be rebooted and generate the configuration file. Continue? [Y/N]:
Warning: The SMB will be reset and then the system will generate a configuration file. Continue? [Y/N]
l
When you enter y, the SMB will be reset on the basis of the new version. The process lasts about two minutes in normal situations. After the SMB is reset, the old AMB (that is, the SMB before reset) generates a configuration file. If you enter n, the system aborts the running of the issu check command and then quits ISSU.
l When the R versions are different, the preceding
versions, the system supports the ISSU lossy mode only. After the SMB is reset, the system skips software compatibility check, and instead the old AMB (that is, the SMB before reset) generates a configuration file.
Step 2 Run:
issu start
ISSU is started. If you need to abort ISSU, run the Step 4 command.
8-6 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
8 Configuring ISSU
For the interactive information and description during ISSU startup, refer to Table 8-2. Table 8-2 Description of the issu start command output Interactive information Info: The lossless ISSU process will start. Continue? [Y/N]: Description Info: Lossless ISSU will start. Continue? [Y/N]
l
If you enter Y, the system starts ISSU in lossless mode. If you enter N, the system aborts the running of the issu start command and waits for the next operation.
If you need to continue ISSU, run the issu start command according to the prompt before the ISSU rollback timer expires. If you need to abort ISSU, run the issu abort command. If you do not run the issu start or issu abort command before the ISSU rollback timer expires, the system rolls back and quits ISSU.
The board is set to common reset mode. If you consider the registration time of the new process or the configuration restoration time on an interface board to be over long, you can set the interface board to common reset mode. The interface board that is commonly reset does not create any new process or back up data. It is not commonly used. Step 4 (Optional) Run:
issu abort
ISSU is aborted.
l l
If you need to abort ISSU, follow this step instead of Step 5 and Step 6. If you need to continue ISSU, skip this step and follow Step Step 5.
For interactive information and description during ISSU check, refer to Table 8-3.
Issue 03 (2010-03-31)
8-7
8 Configuring ISSU
Table 8-3 Description of the issu abort command output Interactive information Warning: The ISSU upgrade will be aborted, and the system will roll back to old version. Continue? [Y/N]: Description Warning: The ISSU will be aborted, and the system will roll back to the old version. Continue? [Y/N]
l
If you enter y, the ISSU is aborted, and the system will roll back to the old version. If you enter n, the system aborts the running of the issu abort command and continues ISSU.
Warning: The ISSU will be aborted, the system will be rolled back to the old version, and the new AMB will be rebooted. This operation will take 10 minutes. Continue? [Y/N]:
Warning: The ISSU upgrade will be aborted, the system will roll back to the old version, and the new AMB will be reset on the basis of the old version. The process lasts 10 minutes. Continue? [Y/N]
l
If you enter y, the ISSU upgrade is aborted, the system will roll back to the old version, and the new AMB will be reset on the basis of the old version. If you enter n, the system aborts the running of the issu abort command and continues ISSU.
Step 5 Run:
issu slave-switchover [ force ]
During the ISSU plane switch, the Telnet connection may be terminated. This indicates a normal situation and you need to wait for 30 seconds. After 30 seconds, you can press Enter to re-log in to the device that performs ISSU.
Step 6 Run:
issu confirm
ISSU is confirmed.
NOTE
If you check the status of the AMB and SMB after the ISSU plane switch is complete, you can find that the new AMB is still in the slave state. This is because the hardware switch has not finished yet. After you run the issu confirm command to confirm the ISSU operation and the old AMB restarts with the new version, check the status of the AMB and SMB. At this time, you can find that both ISSU plane switch and hardware switch are complete and the status of the new AMB becomes Master.
----End
8-8
Issue 03 (2010-03-31)
8 Configuring ISSU
Procedure
l l l l l Run the display issu timer rollback command to view the length of the ISSU rollback timer. Run the display issu module [ slot slot-id ] command to view the modules that supports ISSU. Run the display issu check-result [ slot slot-id ] command to view the result of ISSU check. Run the display issu backup state [ slot slot-id ] command to view the status of ISSU backup. Run the display issu backup-result [ state { resource-prepare | backup-prepare | backup1 | backup2 | backup3 | smooth | smooth-over } ] [ slot slot-id ] command to view the result of ISSU backup. Run the display issu recover-configuration command to view the commands that fail to restore configurations. Run the display issu switch-result { check | prepare | age } [ slot slot-id ] command to view the result of ISSU switch check, switch preparation, and the cause of switch failure. Run the display issu state command to view which ISSU phase the system passes.
l l l
----End
Example
Run the display issu timer rollback command to view the length of the ISSU rollback timer.
<HUAWEI> display issu timer The length of the rollback timer is 60 minutes. There are 31 minutes left.
Run the display issu module [ slot slot-id ] command to view the modules that supports ISSU.
<HUAWEI> display issu module ----------------------------------------------------------Slot ModuleId ModuleName ----------------------------------------------------------9 0x41470000 AAA 9 0x40E90000 ND 9 0x40E00000 FIB6 9 0x41270000 RPR 9 0x416E0000 ARP 9 0x40A40000 CHDLC 9 0x400F0000 DHCPS 9 0x400D0000 DHCPR 9 0x404A0000 PPP ... ...... ...... 7 0x70120000 RM 7 0x70170000 OSPF 7 0x70180000 BGP 7 0x70290000 L3VPN 7 0x702B0000 TNLM 7 0x70320000 L3VPN V6 7 0x70140000 RIP -----------------------------------------------------------
Run the display issu check-result [ slot slot-id ] command to view the result of ISSU check.
<HUAWEI> display issu check-result System upgrade type : lossless System maximum down time : 500s Interface board compatibility: --------------------------------------------------------Slot Type SupportStatus MaxDownTime(s)
Issue 03 (2010-03-31)
8-9
8 Configuring ISSU
Run the display issu backup state [ slot slot-id ] command to view the status of ISSU backup.
<HUAWEI> display issu backup state Main board backup status: real-time backup Interface board backup status
Run the display issu backup-result [ state { resource-prepare | backup-prepare | backup1 | backup2 | backup3 | smooth | smooth-over } ] [ slot slot-id ] command to view the result of ISSU backup.
<HUAWEI> display issu backup-result System backup-result: -------------------------------------------State Result -------------------------------------------resource-prepare success backup-prepare success backup1 success backup2 success backup3 fail smooth smooth-all-over ------------------------------------------Interface board backup-result: ----------------------------------------------------------------Slot State Result 1 resource-prepare success 1 backup-prepare success 1 backup 1 success 1 backup2 fail 1 smooth 1 smooth-all-over 2 resource-prepare success 2 backup-prepare success 2 backup 1 success 2 backup 2 success 2 smooth 2 smooth-all-over -----------------------------------------------------------------
Run the display issu recover-configuration command to view the result of ISSU configuration restoration.
<HUAWEI> display issu recover-configuration --------------------------------------------------------------Slot ViewName Command Reason --------------------------------------------------------------9 System-view display bgp peer parse failure 9 Interface Ethernet 1/0/0 display this run failure ---------------------------------------------------------------
Run the display issu switch-result { check | prepare | age } [ slot slot-id ] command to view the result of ISSU switch and switch preparation, and the cause of switch failure.
8-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 03 (2010-03-31)
8 Configuring ISSU
Run the display issu state command to view which ISSU phase the system passes.
HUAWEI display issu state -----------------------------------------------Phase State -----------------------------------------------1.ISSU check finished 2.ISSU start finished 3.ISSU switchover finished 4.ISSU confirm -----------------------------------------------The cancel ISSU command : issu abort.
Procedure
l l l l l Run the display issu timer rollback command in the user view to view the length of the ISSU rollback timer. Run the display issu module [ slot slot-id ] command in the user view to view the modules that supports ISSU. Run the display issu check-result [ slot slot-id ] command in the user view to check the result of ISSU check. Run the display issu backup state [ slot slot-id ] command in the user view to check the status of ISSU backup. Run the display issu backup-result [ state { resource-prepare | backup-prepare | backup1 | backup2 | backup3 | smooth | smooth-over } ] [ slot slot-id ] command in the the user view to view the result of ISSU backup. Run the display issu recover-configuration command in the user view to view the result of ISSU configuration restoration.
Issue 03 (2010-03-31)
8-11
8 Configuring ISSU
Run the display issu switch-result { check | prepare | age } [ slot slot-id ] command in the user view to view the result of ISSU switch check, switch preparation, and the cause of switch failure.
----End
Configuration Roadmap
The configuration roadmap is as follows: 1. 2. 3. 4. 5. 6. Perform ISSU precheck to check whether the interface board supports ISSU and ISSU modes supported by each module. Set the length of the ISSU rollback timer. Perform ISSU feasibility check. Start ISSU. Switch planes. Confirm ISSU.
Data Preparation
To complete the configuration, you need the following data:
l l
System software, PAF file, and License file of the new version Length of the ISSU rollback timer
Procedure
Step 1 Perform ISSU precheck.
<HUAWEI> issu precheck system-software VRPV500R007.cc System Upgrade Type : lossless System Maximum Down Time : 500s Interface board compatibility: ------------------------------------------------------------------Slot Type SupportStatus MaxDownTime(s) Reason ------------------------------------------------------------------4 LPU ISSU 5 null 6 LPU fast-reboot 500 not enough memory
8-12
Issue 03 (2010-03-31)
8 Configuring ISSU
-------------------------------------------------------------------
Step 2 Set the length of the ISSU rollback timer to 240 minutes.
<HUAWEI> issu timer rollback 240 Info: Please complete the ISSU upgrade within 240 minutes. Otherwise, the system will roll back to the old version.
Issue 03 (2010-03-31)
8-13
8 Configuring ISSU
During the ISSU plane switch, the Telnet connection may be terminated. This indicates a normal situation and you need to wait for 30 seconds. After 30 seconds, you can press Enter to re-log in to the device that performs ISSU.
If you check the status of the AMB and SMB after the ISSU plane switch is complete, you can find that the new AMB is still in the slave state. This is because the hardware switch has not finished yet. After you run the ISSU confirm command to confirm the ISSU operation and the old AMB restarts with the new version, check the status of the AMB and SMB. At this time, you can find that both ISSU plane switch and hardware switch are complete and the status of the new AMB becomes Master.
Step 7 Check whether the software version of the current system is correct to further confirm ISSU.
<HUAWEI> display startup MainBoard: Configured startup system software: Startup system software: Next startup system software: Startup saved-configuration file: Next startup saved-configuration file: Startup paf file: Next startup paf file: Startup license file: Next startup license file: Startup patch package: Next startup patch package: SlaveBoard: Configured startup system software: Startup system software: Next startup system software: Startup saved-configuration file: Next startup saved-configuration file: Startup paf file: Next startup paf file: Startup license file: Next startup license file: Startup patch package: Next startup patch package: cfcard:/VRPV500R007.cc cfcard:/VRPV500R007.cc cfcard:/VRPV500R007.cc cfcard:/vrpcfg.cfg cfcard:/vrpcfg.cfg cfcard:/paf.txt cfcard:/paf.txt cfcard:/license.txt cfcard:/license.txt cfcard:/$_patchstate_a cfcard:/$_patchstate_a cfcard:/VRPV500R007.cc cfcard:/VRPV500R007.cc cfcard:/VRPV500R007.cc cfcard:/vrpcfg.cfg cfcard:/vrpcfg.cfg cfcard:/paf.txt cfcard:/paf.txt cfcard:/license.txt cfcard:/license.txt cfcard:/$_patchstate_a cfcard:/$_patchstate_a
----End
8-14
Issue 03 (2010-03-31)
8 Configuring ISSU
Configuration Files
None
Issue 03 (2010-03-31)
8-15
A Glossary
A
This appendix collates frequently used glossaries in this document. Numerics 802.1 ag MAC Trace 802.1ag MAC Ping
Glossary
Similar to traceroute or tracert, 802.1ag MAC trace works by sending test packets and waiting for a reply to test the path between the local device and the destination device and to locate faults. 802.1ag MAC trace is initiated by a MEP and destined for a MEP or MIP at the same maintenance level within any MA. Similar to ping, 802.1ag MAC ping works by sending test packets and waiting for a reply to test whether the destination device is reachable. 802.1ag MAC ping is initiated by a MEP and destined for an MEP or MIP at the same maintenance level within any MA.
A AMB B BFD BGP C CCM Termination CCMs are generated and also terminated by MEPs. A MEP forwards received CCMs at a higher level but drops CCMs at a lower level or at the same level. In this manner, CCMs from a lowlevel MD are confined within the bounds of the MD. Bidirectional Forwarding Detection Border Gateway Protocol Active Main Board
D DMTI DM E
Issue 03 (2010-03-31) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. A-1
A Glossary
Ethernet OAM at the link level, such as Ethernet in the First Mile OAM (EFM OAM) defined in IEEE 802.3ah, provides the following functions for the link between the two directly connected devices: Link connectivity check, Link monitoring, Remote failure indication, Remote loopback. Ethernet OAM at the network level, such as Ethernet Connectivity Fault Management (CFM) defined in IEEE 802.1ag, provides the following functions for the network: Fault detection, Fault notification, Fault verification, and Fault location.
F FRR G GR H HA L LSP M MA MD A Maintenance Association (MA) is part of an MD. An MD can be divided into one or multiple MAs. The Maintenance Domain (MD) refers to the network or the part of the network for which connectivity is managed by CFM. The devices in an MD are managed by a single ISP. A Maintenance association End Point (MEP) is an end point within an MA. There is a MEP database on each device enabled with Ethernet CFM. Each MEP database contains the local MEPs and RMEPs. A Maintenance association Intermediate Point (MIP) is an intermediate point within an MA. Either a MEP or a MIP is called a Maintenance Point (MP). Mean Time Between Failure Mean Time to Repair Label Switched Path High Availability Graceful Restart Fast ReRoute
A-2
Issue 03 (2010-03-31)
A Glossary
R RMEP RMTI S SMB SP U URL UMG V VRRP W working mode of EFM OAM WTR The working mode of EFM OAM is an attribute of the interface enabled with EFM OAM. EFM OAM has two working modes: active mode and passive mode. Wait To Restore Virtual Router Redundancy Protocol universal resource locator Universal Media Gateway Second Main Board service provider For the other devices in the same MA, their MEPs are called the Remote Maintenance association End Points (RMEPs). Required Min TX Interval
Issue 03 (2010-03-31)
A-3
B
A AMB B BFD BGP D DMTI DM F FRR G GR H HA L LSP M MPLS TE FRR MTBF
This appendix collates frequently used acronyms and abbreviations in this document.
Fast ReRoute
Graceful Restart
High Availability
MultiProtocol Label Switching Traffic Engineering Fast Reroute Mean Time Between Failure
Issue 03 (2010-03-31)
B-1
Wait To Restore
B-2
Issue 03 (2010-03-31)