All_about_network

So time had come to (finally) leave the IPSec and move on to some other stuff. This scenario will show how to configure Frame Relay multilink, some QoS and all of that in combination with VRF and VRRP technology. As this topic is rather more extensive than the previous ones it will be divided into few parts.

The first thing we will have a look into is the Frame-Relay multilink as it is the lowest layer encountered in this post. So at the beginning What is this all about. You can look at the multilink as a bundle of slow FR links/cables just used as one fast (very similar to LACP or ether channel). Now when terminology is clear let’s start with hardware possibilities.

On AR-46 series – there is a link interface card that in combination with special cable is capable of communicate on 4 different Frame-Relay links over one port. First thing you should know is that the cable connectors are not standard so for interconnection with other than Huawei equipment you will have to create a new cable (for pinout/layout see the installation manual). The other option is to use serial ports which is a bit better for configuration but not much as the older cables/connectors have again the wrong pinout problem. In our case we will use the multicable cables even though it includes messing with the controller. If you can use normal serial cables instead – it will keep you sane.

Step one configure the interface mfr with standard compliance

#
interface MFR0
fr lmi type ansi
#

Now let’s setup the controller’s behaviour

#
controller E1 1/0/0
clock master
using e1
#
controller E1 1/0/1
clock master
using e1
#

Then let’s configure the serial interfaces that will be used for the multilink bundle

#
interface Serial1/0/0:0
link-protocol fr MFR0
mfr link-name link_0
#
interface Serial1/0/1:0
link-protocol fr MFR0
mfr link-name link_1
#

The :0 and :1 are used for binding of these virtual serial ports to the multilink-cable  controler. The other command is just saying that this interface empolys the MFR (and it’s number). And this is done. The MFR interface will now behave as any other interface – you will be able to create subinterfaces, assign IP adresses, bind with VRF or apply QoS.

Now with MFR running let’s have a look at the VRF. As you can find VRF is abbreviation for Virtual Routing and Forwarding. The name kind of says a bit what is this technology about. In very shortened version let’s say that this technology enables the use of overlapping IP address ranges inside one router via creating different routing tables and thus effectively separate them. The virtual routing table is called FIB which stands for forward information base in opposition to the devices with single routing which is in the case called RIB – router information base.  Now the router has multiple FIBs but no way of recognizing which traffic belongs to which FIB. The comes in play the route distinguisher which is in fact a number which specifies the virtual network. So in this manner you can define as many “virtual routers” as you want.  The only important point you have to know is that on Huawei equipment is VRF technology named as virtual-instance. So now as we know the theory and here is the set of commands you will need for doing this on vrp 3.40 (and probably on vrp 5.0 as well).

#
ip vpn-instance vrf1
route-distinguisher 192.168.1.4:1
#

So at firs I’ve created first VRF and named it accordingly and in second step I’ve just defined the IP address and the distinguisher (no. “1″) inside the VRF. Ok that was easy but there are two more steps you have to do in order to have it used effectively:

• Attaching VRF to the interface
• Defining routes (routing protocols) for the particular VRF

On any interface you desire to use VRF1 just issue the ip binding command. In this case used on multilink interface for FR.

#
interface MFR0.1
fr dlci 210
ip binding vpn-instance vrf1
ip address 192.168.1.6 255.255.255.252
ospf network-type p2p
#

It is also a good idea to use with sub-interfaces (VLANs) so you can separate L2 and L3 together and to have VRF active on a loopback interface so it is all the time up which is good because of routing protocols active inside the VRF.  So this being done let’s create a static and dynamic route for a VRF.

[Quidway]ip route-static vpn-instance 1 1.1.1.1 255.255.255.0 ?
Aux Aux interface
Ethernet Ethernet interface
NULL NULL interface
Virtual-Template Virtual template interface
X.X.X.X Next-hop IP address
vpn-instance Specify a VPN-Instance

You can just add the route as written is but there is one important point in this option – you can either route the traffic to a selected interface (as usual) or to another vpn-instance. This is opening quite wide range of opportunities what and how to interconnect. The example below is just for running OSPF inside certain VRF.

#
ospf 2 router-id 192.168.1.6 vpn-instance vrf1
vpn-instance-capability simple
import-route direct
area 0.0.0.1
network 192.168.1.9 0.0.0.0
#
area 0.0.0.0
network 192.168.1.6 0.0.0.0
#
The importance of this example is that you should remember that in every single VRF you have to define everything from beginning (in this case it is area 0). It is utmost important that you do not forger that the routing cannot leave the FIB so even if you have area 0 defined elsewhere it is totally of no significance unless you interconnect the areas somehow. This case is just an example of having two different areas in one VRF.

So that’s it for VRF.

Now let’s have a short look at VRRP. VRRP stands for Virtual Router Redundancy Protocol which is a protocol similar to HSRP from cisco but standardized and used by most vendors. VRRP is a system when you have (at least) two routers in a group with one virtual IP address. One is acting as active and the other as backup. In case of failure the backup router overtake the routing without any change of IP as it will see the shared virtual address so nobody will recognize the outage.

For enabling the VRRP you need to specify 3 things.

• IP of the host interface
• VRID
• IP of the virtual (shared) interface

All there operations are done under the interface that should participate so it should look like this:

#
interface Ethernet0/0/0
ip address 192.168.1.1 255.255.255.0
ip address 192.168.2.1 255.255.255.0 sub
vrrp vrid 1 virtual-ip 192.168.1.10
vrrp vrid 1 priority 1
vrrp vrid 2 virtual-ip 192.168.2.10
#

This config shows that the interface can participate in more than one VRRP groups. But there are some more options that you could find very useful.

In system view it is command vrrp ping-enable Which will enable icmp replies from the active gateway (very good for troubleshooting). The other commands are under vrrp command in the interface menu and can be customized for every vrrp group.

[Quidway-Ethernet0/0]vrrp vrid 1 ?
preempt-mode Specify preempt mode
priority                Specify priority
timer                     Specify timer
track                      Specify interface tracked
virtual-ip             Specify virtual IP address

So let’s go one-by-one

• preempt configures if the role switch over in case of failure is  permanent or temporal
• priority specifies in what order will the backup routers became the active ones (in case of more routers on stand-by)
• timer just sets the intensity of sending VRRP messages (for specific timer see list under vrrp vrid num timer option )
• track is watching a specified interface for its status (usually the outbound) so the router can switch over even if only the link fails and the active router is still ok but cannot forward traffic

The last two useful commands are under interface/vrrp menu vhere you can set authentication of vrrp peers and assign a VRF.

These functions altogether with some routing and QoS (both will be covered next time) will enable you to design a medium sized networks with some interesting features.

I hope this post will help in better use of the functions Huawei’s routers provide.