IP FRR on Huawei routers

What do we have in traditional IP networks?

Let’s assume that there is a fault at the physical or data link layers. Router sees that a physical interface becomes DOWN. After the router detects this fault, it informs upper layer routing system to update routing information. The convergence time is several seconds, what is critical for sensitive services.

That’s why IP FRR has been developed. After we configure IP FRR, a router doesn’t wait for network convergence but a backup link is immediately used to forward packets.

We have 2 scenarios of using IP FRR:

  1. To protect routers in public networks.
  2. To protect CE routers in private networks.

Let’s focus on the first one.

IP FRR topology Continue reading

Advertisements

cheat sheet – information center

I am often asked how to find syslog commands on Huawei devices. As one is familiar with Cisco‘s devices, he is looking for “logging” command in Huawei’s VRP. And this is the main problem. Remember that equivalent of Cisco’s logging is info-center on Huawei.

The information center functions as an information hub. The information center manages most output information. Output information is classified and then effectively filtered. Together with debugging commands and the SNMP module, the information center provides powerful support for the network administrator to monitor the operation of devices and locate faults.

Generally speaking, the information center distributes three types of information with eight severity levels to ten information channels, and then outputs that information in different directions.

Today I decided to create a simple cheat sheet, describing Huawei’s information center:

Huawei Information Center cheat sheetIf you think this article is useful…

If you don’t want to miss a new one…

Join our Facebook community or click “Sign me up!” button on the blog.

Then you’ll never miss a new post.

configuring SNMPv3 on Huawei devices

SNMPv1 and SNMPv2c protocols security model uses the community-based pseudo-authentication. That means that a password (called a community string) is sent in a clear text between a network management station and managed devices. Both SNMPv1 and v2c are subject to packet sniffing because they do not implement encryption. Security has been the biggest weakness of the SNMP since the beginning. More about SNMPv2c concepts, operation and configuration you can find at “SNMPv2c configuration on Huawei devices“.

What if we want SNMP to be used over a public network?

SNMPv3 can be implemented. It provides important security features, which are not available in both SNMPv1 and v2c:

  • Confidentiality – encryption of packets to prevent snooping by an unauthorized source
  • Integrity – to ensure that a packet has not been tampered while in transit using optional packet reply protection
  • Authentication – to verify that a packet comes from a valid source.

Continue reading

bootrom update on Huawei S5300 switch

Some time ago I had a case with damaged file system on Huawei S5300 switch. It had been caused by power failure on one site. The switch was not able to decompress VRP software and rebooted itself all the time.

BIOS LOADING ...
Copyright (c) 2008-2010 HUAWEI TECH CO., LTD.
(Ver107, Jan 18 2011, 22:52:53)

Press Ctrl+B to enter BOOTROM menu... 1
Auto-booting...
Update Epld file ............................ None
Decompressing VRP software ..................

BIOS LOADING ...
Copyright (c) 2008-2010 HUAWEI TECH CO., LTD.
(Ver107, Jan 18 2011, 22:52:53)

Press Ctrl+B to enter BOOTROM menu... 1
Auto-booting...
Update Epld file ............................ None
Decompressing VRP software ..................

Continue reading

source interfaces for management communication

As you know, configuring management services on Huawei devices, you can add source interface or IP address for transmitting packets. This is an optional configuration. Below you can find configuration syntax for source interfaces in management communication. If you find out that anything else should be added to this list, just let me know.

Info-center source:

[labnario]info-center loghost source ?
  Aux              AUX interface
  Eth-Trunk        Ethernet Trunk interface
  GigabitEthernet  GigabitEthernet interface
  LoopBack         LoopBack interface
  NULL             NULL interface
  Pos              POS interface

Radius server source:

Continue reading