Labnario Huawei From Scratch

As you can see this post so probably new DNS servers started working correctly.

What’s new here on labnario?

In addition to a new look, a technical forum has been published. You can write your questions, describe technical problems or just talk about everything and nothing in Hyde Park category. It depends on you if this forum meets its goal. I wouldn’t like to close it due to a little activity. As I see, such a fate befalls most technical forums on the internet. I count on your activity here on the forum. Let’s build a forum of which we can be proud of.

I’m still working to properly assign links on the blog. Most of links direct you to the old blog. It will be changed ASAP.

As it was not possible to move all posts from the old blog automatically, I had to do this manually. That’s why there is a significant probability of mistakes. If you find them, just let me know.

Some time ago I wrote about local PBR and interface PBR.

It’s time to talk about routing policy, that is a different mechanism. Routing policy is applied to routing information and it is combined with routing protocols to form policies. PBR mechanism is applied to data flows and and packets are forwarded according to the configured policy.

Routing policy is a tool which can be used to filter routes and set route attributes, when importing routing information into OSPF, RIP, ISIS or BGP protocols. BGP can use routing policy to filter advertising routes as well. Routing policy defines which of the routes from the specific routing protocol are allowed to be imported into the target routing protocol. It can be also used to match routes or certain route attributes and to change these attributes when the matching rules are met.

Routing policy command syntax:

route-policy route-policy-name { permit | deny } node node

A route-policy may consists of multiple nodes, for example:

route-policy LABNARIO-POLICY permit node 10
route-policy LABNARIO-POLICY deny node 20

Last time IP FRR on Huawei routers was introduced. Let’s go on with VPN FRR today.

1. Configure IP addresses based on the topology (omitted)
2. Configure ISIS on PE1, PE2 and PE3.
3. Configure MPLS function on all PE routers and enable MPLS LDP to set up an LSP.
4. Configure VPN instance on all PE devices.
5. Configure MP-IBGP between PE routers.
6. Configure EBGP between CE and PE2/PE3 routers.
7. Configure VPN FRR policy on PE1.
8. Configure BFD session between PE1 and PE2.

Modified features:

• Fixed incorrect VRRP state of Switch while using MD5 authentication mode.
• Fixed loopback detection problem of Switch.
• Fixed IPSEC issue of AR while using ah-esp or esp protocol if no authentication mode is on.
• Fixed policy router+NAT issue of AR.
• Enhanced eNSP Client stability.

A new Huawei eNSP has been released:

What do we have in traditional IP networks?

Let’s assume that there is a fault at the physical or data link layers. Router sees that a physical interface becomes DOWN. After the router detects this fault, it informs upper layer routing system to update routing information. The convergence time is several seconds, what is critical for sensitive services.

That’s why IP FRR has been developed. After we configure IP FRR, a router doesn’t wait for network convergence but a backup link is immediately used to forward packets.

We have 2 scenarios of using IP FRR:

1. To protect routers in public networks.
2. To protect CE routers in private networks.

Let’s focus on the first one.