ODP500058 VPN FRR Technology

ISSUE 1.0
www.huawei.com

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Objectives

Upon completion of this course, you will be able to:

Describe VPN FRR Technologies Evolution

Describe VPN FRR Technologies Principle

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Contents
1. Technology History 2. Technology Analysis

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

FRR Technology

FRR (fast re-route) technologies is a kind of mean about failure restoration.

IP FRR
MPLS TE FRR VPN FRR

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

MPLS TE FRR- Protect Link and Node

Protection methods is built between PEs (Outer Label) for Link and middle Node

IP Core
200
PE

210
Primary LSP

210 300 210 310 210

Backup LSP

PE

CE
PE

Deploy a backup LSP for the primary LSP, when the Primary LSP is broken, the traffic is transferred to the backup LSP. When the Primary LSP restores, the traffic comes back. The hot-standby mode the backup LSP is built in advance. The ordinary mode the backup LSP is built when the Primary LSP is broken. MPLS OAM should be used for this situation to detect the end-to-end failure of Primary LSP quickly.
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

WhyVPN FRR

PEs seriously fails, what happens?

IP Core
PE become down with Power Off, etc. IGP convergence LDP convergence Private route convergence PE PE

PE

CE

Traditional Methods

Long Time cost, for the carriers important service such as NGN,3G. How to quickly convergence??
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

IGP will convergence with several seconds LDP will convergence with several seconds Path switch will cost 5 seconds including internal and external label switch MBGP will convergence the private routers which depended by the quantity of routes

Why?- VPN FRR

Only Used In CE dual-home situation

IP Core
PE become down with Power Off, etc. PE IGP convergence LDP convergence Private route convergence PE PE

CE

The VPN FRR uses the VPN-based fast switchover technologies for private network routes. Forward entries pointing to the active and standby PEs are set on the remote PE, together with the fast PE fault detection, to reduce the time needed for the service convergence on a CE dual homing network in case of PE fault. This also breaks the correlation between the time for PE fault recovery and the quantity of private network routes in the bearer network.

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Contents
1. Technology History 2. Technology Analysis

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

VPN FRR
VRF for NGN VPN Site1 DIP PE-ID Interface MG2 PE3 POS2/Tunnel 2 Label Priority LSP Stat 200 20 Active

VRF for NGN VPN Site1 DIP PE-ID Interface MG2 PE2 MG2 PE3 POS1/Tunnel1 POS2/Tunnel 2

Label Priority LSP Stat 100 200 10 20 Active backup

NGN VPN Site1

Tunnel LSP1

PE1
MG1

PE2

NGN VPN Site2

IP/MPLS Core
Tunnel LSP2

MG2

PE3

The tunnel LSP can be built by VPN over RSVP, VPN over LDP, VPN over LDP over RSVP. For NGN VPN Site1, PE1 has two VPN routes to MG2. PE1 maintains the MP-BGP keep-alive MSGs with PE2 and PE3 to defect the neighbor failure. The timeout time is several seconds. When PE2 is broken, based on the keep-alive MSGs, PE1 would select the PE3 as the next-hop PE for MG2 in NGN VPN, the time of switch-over is several seconds. During the time, all the traffic from MG1 to MG2 by PE2 would be dropped.
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Switch-over by VPN FRR

VRF for NGN VPN Site1 DIP PE-ID Interface MG2 PE3 POS2/Tunnel 2 Label Priority LSP Stat 200 20 Active

VRF for NGN VPN Site1 DIP PE-ID Interface MG2 PE2 MG2 PE3 POS1/Tunnel1 POS2/Tunnel 2

Label Priority 100 200 10 20

LSP Stat Active backup

NGN VPN Site1

Tunnel LSP1

PE1
MG1
Hello Hello

PE2

NGN VPN Site2

IP/MPLS Core
Tunnel LSP2

MG2

PE3

Enable the multi-hop BFD between PE1 and PE2. Enable the multi-hop BFD between PE1 and PE3. When PE2 is broken, BFD finds it, the VRN interacts with BFD, and adopts the new routes. The time of switch-over can be 100-200 ms. VPN FRR is a node feature available in Huawei router. It need not to work with other vendor product to achieve the switchover advantages.

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

VPN FRR Analysis

Use the FRR technology Select optimum and suboptimum VPN routes from two PE These two routes both are written into forwarding entry The forwarding entry consists of forward prefix, internal label and selected external LSP tunnel

After VPN FRR Enabled PEA

VPN RT1

PE-B CE PE-C

FIB Priority LSP status

RT1 optimum available

RT2 suboptimum backup

VPN RT2

Prefix A

Prefix
I-label

A
m i

A
n j

Control flow Outer LSP

E-label

Both RT1 and RT2 are written in FIB

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

VPN FRR Analysis

Configure BFD to detect PE to PE faults When faults occur, set flag in FIB to unavailable Outer LSP will switch first Then the optimum FIB entry take in use with LSP status change

In use

When failure, BFD session down

PE-B CE PE-C
FIB Priority LSP status RT1 optimum RT2 RT2 suboptimum backup A n j

PE-A

BFD session VPN RT1

unavailable available
A m i

VPN RT2

Prefix I-label

In use after BFD session down

Control Flow Outer LSP Data Flow

E-label

RT2 FIB entry take in use

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Normal Forwarding Flow

VPN1(BGP) Route inner label outer label 10.0.0.0/24 M N 10.0.1.0/24 M N . 10.n.3.0/24 M N

PE-A

P-C
Z M IP Data

FTN and NHLFE Route inner label outer label 10.0.0.0/24 M Z 10.0.1.0/24 M Z 10.0.2.0/24 M Z

CE-A 10.0.0.0/24 10.0.1.0/24 10.0.2.0/24 .

PE-E PE-B P-D

CE-B 11.0.0.0/24 11.0.1.0/24

VPN1(BGP) Route inner label outer label 10.0.0.0/24 K L 10.0.1.0/24 K L . 10.n.3.0/24 K L

VPN1( BGP) Route inner label outer label priority 10.0.0.0/24 K Y sub-Primary 10.0.0.0/24 M Z primary 10.0.1.0/24 K Y sub-Primary 10.0.1.0/24 M Z Primary 10.n.2.0/24 K Y sub-Primary 10.0.2.0/24 M Z Primary

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Normal Forwarding Flow

VPN1(BGP) Route inner label outer label 10.0.0.0/24 M N 10.0.1.0/24 M N . 10.n.3.0/24 M N

PE-A

P-C

FTN and NHLFE Route inner label outer label 10.0.0.0/24 K M Z Y 10.0.1.0/24 M K Y Z 10.0.2.0/24 M K Z Y

M Y

Z K

IP IP

Data Data

CE-A 10.0.0.0/24 10.0.1.0/24 10.0.2.0/24 .

PE-E PE-B P-D

CE-B
11.0.0.0/24 11.0.1.0/24

VPN1(BGP) Route inner label outer label 10.0.0.0/24 K L 10.0.1.0/24 K L . 10.n.3.0/24 K L

VPN1( VPN1(BGP) BGP) Route Route inner innerlabel label outer outerlabel label priority priority 10.0.0.0/24 10.0.0.0/24 K K Y Y sub-Primary sub-Primary 10.0.1.0/24 10.0.0.0/24 K M Y Z sub-Primary primary 10.n.2.0/24 10.0.1.0/24 K K Y Y sub-Primary sub-Primary 10.0.1.0/24 M Z Primary 10.n.2.0/24 K Y sub-Primary 10.0.2.0/24 M Z Primary

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Traffic Forwarding by VPN FRR Enable

VPN1(BGP) Route inner label outer label 10.0.0.0/24 M N 10.0.1.0/24 M N . 10.n.3.0/24 M N

PE-A

P-C

BFD session Z M IP Data

FTN and NHLFE Route inner label outer label LSP stat 10.0.0.0/24 M Z available 10.0.1.0/24 M Z available 10.n.3.0/24 M Z available 10.0.0.0/24 K Y backup 10.0.1.0/24 K Y backup 10.n.3.0/24 K Y backup

CE-A
10.0.0.0/24 10.0.1.0/24 10.0.2.0/24

PE-E PE-B P-D

CE-B
11.0.0.0/24 11.0.1.0/24

VPN1(BGP) Route inner label outer label 10.0.0.0/24 K L 10.0.1.0/24 K L . 10.n.3.0/24 K L

VPN1( BGP) Route inner label outer label priority 10.0.0.0/24 K Y sub-Primary 10.0.0.0/24 M Z primary 10.0.1.0/24 K Y sub-Primary 10.0.1.0/24 M Z Primary 10.n.3.0/24 K Y sub-Primary 10.n.3.0/24 M Z Primary

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Traffic Forwarding by VPN FRR Enable

VPN1(BGP) Route inner label outer label 10.0.0.0/24 M N 10.0.1.0/24 M N . 10.n.3.0/24 M N

PE-A
BFD session

P-C

FTN and NHLFE FTN andouter NHLFE Route inner label label LSP stat Route inner label Stat 10.0.0.0/24 M outer Z label LSP available 10.0.0.0/24 M Z unavailable 10.0.1.0/24 M Z available 10.0.1.0/24 M Z unavailable 10.n.3.0/24 M Z available 10.n.3.0/24 M Z unavailable 10.0.0.0/24 K Y backup 10.0.0.0/24 K Y available 10.0.1.0/24 KK Y backup 10.0.1.0/24 Y available 10.n.3.0/24 Y available 10.n.3.0/24 KK Y backup

IP

Data

IP

Data

CE-A 10.0.0.0/24 10.0.1.0/24 10.0.2.0/24 .

PE-E PE-B P-D

CE-B
11.0.0.0/24 11.0.1.0/24

VPN1(BGP) Route inner label outer label 10.0.0.0/24 K L 10.0.1.0/24 K L . 10.n.3.0/24 K L

VPN1( BGP) Route inner label outer label priority 10.0.0.0/24 K Y sub-Primary 10.0.0.0/24 M Z primary 10.0.1.0/24 K Y sub-Primary 10.0.1.0/24 M Z Primary 10.n.3.0/24 K Y sub-Primary 10.n.3.0/24 M Z Primary

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

VPN FRR configure

Configure IP address on the interface (omitted) Configure IGP protocol In MPLS backbone (omitted) Configure MPLS basic capability and MPLS-TE for TE tunnel (omitted) Configure VPN instance on PE router (omitted) Establish EBGP(or igp) adjacency between PE and CE, import VPN route (omitted) Establish MP-IBGP adjacency between PEs (omitted) Configure VPN FRR on PE

Example:
#Configure VPN FRR route policy < PEA> system-view [PEA]ip ip-prefixlist vpn_frr_list permit 10.0.241.2 32 [PEA]route-policy vpn_frr_rp permit node 10 [PEA -route-policy]if-match ip nexthop ip-prefix vpn_frr_list [PEA -route-policy]apply backup-nexthop ip address sub-optimum [PEA -route-policy]quit #Enable VPN FRR [PEA] ip vpn-instance vpn1 [PEA-vpn-instance-vpn1] vpn frr route-policy vpn_frr_rp
Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.

Thank You
www.huawei.com
www.huawei.com

Copyright 2006 Huawei Technologies Co., Ltd. All rights reserved.