Technical White Paper for VPN FRR

Huawei Technologies Co., Ltd.

Technical White Paper for VPN FRR

Table of Contents
1 2 3 4 5 Preface ............................................................................................................................... 1 Brief Introduction ................................................................................................................ 1 Key Technologies ............................................................................................................... 2 Typical Application.............................................................................................................. 4 Conclusion.......................................................................................................................... 5

Appendix A Abbreviations and Acronyms.................................................................................. 5

Copyright 2007

Huawei Technologies Co., Ltd. All Rights Reserved.

i http://datacomm.huawei.com

Technical White Paper for VPN FRR

Technical White Paper for VPN FRR

Abstract: The VPN FRR is a technology for fast service convergence in case the PE
equipment in the CE dual homing network breaks off. This document describes the technical mechanism and typical application of the VPN FRR. The conclusion is that the VPN FRR is a simple, reliable, and easy-to-deploy technology that can effectively shorten the down time of end-to-end services in case the PE equipment in the CE dual homing network breaks off.

Keywords: VPN FRR, end-to-end convergence

1 Preface
With the rapid development of networking technologies, there is an urgent need to merge the telecom network, computer network and cable television network. Telecom operators now pay high attention to the service convergence in case of network fault. A bearer network is required, at least, to have its service switchover time from a faulty node to the adjacent node less than 50 ms, and end-to-end service convergence time less than 1 s. The MPLS TE FRR and fast IGP route convergence technologies are developed for this purpose. These technologies, however, fail to implement fast convergence for end-to-end services in the CE dual homing network in case the PE node goes wrong. The VPN FRR is introduced to limit the convergence time within 1 s in such case.

2 Brief Introduction
The MPLS TE FRR is one of the most frequently used technologies for fast switchover. Basic idea of this technology is to establish an end-to-end TE tunnel between two PEs and set up a standby LSP for the active one that needs protection. When the active LSP is detected unavailable (node fault or link fault), the traffic is fast
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. 1 http://datacomm.huawei.com

Technical White Paper for VPN FRR

switched to the standby LSP. In principle, the MPLS TE FRR can implement fast service switchover in case of any link/node fault between PEs at both ends of a TE tunnel. But it fails to address PE faults. Therefore, once a PE fails, service can only be recovered by means of end-to-end route convergence and LSP convergence. The service convergence time largely depends on the quantity of MPLS VPN internal routes and the bearer networks hops. It is 5 s in a typical network, far from the required 1 s. The VPN FRR uses the VPN-based fast switchover technologies for private network routes. Forward entries pointing to the active and standby PEs are set on the remote PE, together with the fast PE fault detection, to reduce the time needed for the service convergence on a CE dual homing network in case of PE fault. This also breaks the correlation between the time for PE fault recovery and the quantity of private network routes in the bearer network.

3 Key Technologies
As an example, a typical CE dual homing networking is shown as follows:

Suppose the path from CE-B to CE-A is: CE-BPE-EP-CPE-ACE-A When PE-A goes faulty, the path from CE-B to CE-A is converged to: CE-BPE-EP-DPE-BCE-A With standard MPLS L3 VPN technologies, both PE-A and PE-B send to PE-E the
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. 2 http://datacomm.huawei.com

Technical White Paper for VPN FRR

route to CE-A and assign the private network label. PE-E prefers the VPNV4 route sent by an MBGP neighbor (PE-A in this example) according to the policy. It only writes the routing information (including forward prefix, internal label, and selected external LSP tunnel) sent by PE-A to the forward entry for its forward engine. When PE-A becomes faulty (BGP neighbor down or external LSP tunnel unavailable) and PE-E is aware of it, PE-E reselects the route sent by PE-B and sends the forward entry again for end-to-end service convergence. Before PE-E sends the route sent by PE-B as the forward entry, the forward entry still points to the faulty PE-A, the end of external LSP tunnel. During this period, CE-B cannot access CE-A and the end-to-end service interrupts. The end-to-end service convergence time in the traditional technology include 1) PE-E aware of PE-A fault, 2) PE-E selecting VPN V4 route sent by PE-B, and 3) PE-E sending new forward entry to its forward engine. It is obvious that the time needed by 2) and 3) depends on the quantity of VPNV4 routes. The VPN FRR improves the traditional technology by enabling PE-E to select VPNV4 routes based on the matching policy. Not only the preferred routing information sent by PE-A but also the suboptimum information sent by PE-B are written to the forward entry. The routing information consists of forward prefix, internal label and selected external LSP tunnel. When PE-A goes faulty, PE-E is aware that the external LSP tunnel between PE-E and PE-A is unavailable with the BFD and MPLS OAM technologies. In a typical network, the time required is less than 500 ms. Then, PE-E sets the external tunnel flag in the LSP tunnel status table to Unavailable and writes it to the forward engine. When the forward engine selects a forward entry and find its LSP tunnel is unavailable, it will use the carried suboptimum route to forward packets. Thus, packets are labeled with the internal label assigned by PE-B and switched to PE-B through the external LSP tunnel between PE-E and PE-B, and
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. 3 http://datacomm.huawei.com

Technical White Paper for VPN FRR

then forwarded to CE-A. By this means, the service between CE-B and CE-A is quickly converged. With traditional convergence technologies, if the L3VPN carries a large number of routes, it takes long time to converge the service because all these VPN routes must be iterated to the new tunnel. The larger the number of VPN routes is, the longer time the convergence needs. With the VPN FRR technology, however, the traffic can be switched to the standby VPN FRR routes, no matter which VPN route the forward engine selects, by simply detecting and changing the status of the external LSP tunnels that the VPN route iterates. The convergence time is only related to the time of detecting PE fault and changing the external tunnel status in the forward engine, but not to the quantity of VPN routes.

4 Typical Application

The VPN FRR technology is based on the general networking with CE dual homing deployment. To enable fast convergence in case of active PE fault, you can apply VPN FRR to the remote PE and select the remote CE routes needing protection based on the route matching policy. The VPN FRR technology implements fast switchover based on the internal label. The external tunnel can be LDP LSP, RSVP TE, or even traditional IP VPN tunnel like the GRE. The forward engine can perform fast internal label based switchover when aware that the external tunnel is unavailable. The VPN FRR is a higher level switchover technology than external tunnel switchover
Copyright 2007 Huawei Technologies Co., Ltd. All Rights Reserved. 4 http://datacomm.huawei.com

Technical White Paper for VPN FRR

technologies like LDP FRR and MPLS TE FRR. Therefore, when they work together, the VPN FRR must have its fault detection time longer than that of the LDP FRR and MPLS TE FRR plus the tunnel switchover time. This ensures that VPN FRR switchover is not triggered where external tunnel switchover applies. This proves the general rule that lower-level switchover takes precedence over higher-level switchover.

5 Conclusion
Different from the well-known MPLS TE FRR technology, the VPN FRR enables fast convergence in case of tunnel end fault. The VPN FRR implementation is simple, reliable, easy-to-employ, and has its recovery time irrelated to the quantity of VPN routes. In addition, it does not require cooperation of other devices except in the case of fast detection of faults between PE. The VPN FRR deals with the internal label, or fast switchover of the internal tunnel. It can be easily extended to VLL/VPLS VPNs to effectively shorten the time of service interruption caused by terminating PE fault.

Appendix A
Abbreviation/ Acronym VPN FRR MPLS TE FRR BFD LSP

Abbreviations and Acronyms

Full Spelling Virtual Private Network Fast Re-route Multi-Protocol Label Switching Traffic Engineering Fast Re-route Bidirectional Forwarding Detection Label Switched Path

Copyright 2007

Huawei Technologies Co., Ltd. All Rights Reserved.

5 http://datacomm.huawei.com