With the power of Huawei’s NE40 line routers – which can reach an amazing 960 Gbps of forwarding – we often have a lot of hardware for very little use of resources.
With this in mind, Huawei has developed a function called Virtual-System (VS).
Virtual-System (VS) is a function available on Huawei NE devices, which allows the division of a physical device into several virtual systems using hardware and software simulation. Each VS, in isolation, processes routes, configurations and management, but share the same hardware resources with the exception of interfaces, where an interface belongs to only one VS.
Yes, we are talking about virtual routers inside a physical router.
And how does it work?
There are two types of VS, Admin-VS and regular VS. The Common VS (VSn) has its hardware and software resources controlled by Admin-VS, and they work with their isolated routing tasks. As for the Admin-VS, all interfaces that are not allocated to the other VS’s created are available for use by the Admin, and it is also one of the means for accessing the other VS’s on the equipment.
Note: when you don’t use VSs on the router, you are only using Admin-VS
The VS’s contain some functions in addition to routing isolation, such as flexible resource management, at any time we can change the number of unicast routes, number of multicast routes, priority of processing use.
Note: Admin-VS priority is 10, that is, it has priority over other VSs
We also have the isolation of the file system of each VS, that is, each one will have a directory where it can store configuration files and log files.
The VS’s Alarm Report are separated, each VS will have its alert system that will be sent according to the settings to the VS administrator.
The initialization of the VS is done individually, it does not affect the other VS’s on the equipment. If there is a failure in one VS, the others will not be impacted.
How can I create VSs (virtual routers)?
To create the VS you need:
– name the VS
– put the type of mold holder for door
Example: creating the VS-TEST
admin
virtual-system VS-TESTE pvmb slot 3
port-mode port
description VS-TESTE
In each VS, the route limit is usually low by default. At the time of writing, for example, we have a limit of 10000 unicast routes. This generally does not apply well to all scenarios, and further tuning is required. We can change the number of IPv4/IPv6 routes, multicast settings, VRFs limit, CPU weight.
Below are some examples (adapt to your reality – do not use it without thinking).
admin
virtual-system VS-TESTE pvmb slot 3
resource u4route upper-limit 1048576
resource m4route upper-limit 2000
resource u6route upper-limit 1048576
resource m6route upper-limit 512
resource vpn-instance upper-limit 512
resource cpu weight 5
See the Huawei manual for more details on the “resource” commands.
How to bring VSs to life, I mean, how to connect them to the network?
VSs can be configured on either physical or logical interfaces, and an interface can only be assigned to a single VS. The logical interface configured on a physical interface works for the same VS on the equipment to which it belongs.
On the NE40E, two physical interfaces can be interconnected directly so that different VSs on the same physical system (PS) can communicate with each other. We give this the internal nickname of “coffin handle” (laughs).
To assign a Physical Interface to a VS:
system-view
interface GigabitEthernet0/3/6
undo shutdown
admin
virtual-system vs1
assign interface GigabitEthernet0/3/6
To assign a virtual interface to a VS:
system-view
interface GigabitEthernet0/3/6
undo shutdown
interface GigabitEthernet0/3/6.100
vlan-type dot1Q 100
admin
virtual-system vs1
assign interface GigabitEthernet0/3/6.100
And how to switch between VS-Admin and VS-Client?
After adding the VS-Client, to access and configure it, it is necessary to return to the Huawei default directory, outside the system-view and execute the command:
switch virtual-system VS-TESTE
Remembering that every added VS comes completely without configuration, as if it were a “new” equipment.
Some usage examples
In image 1, VS1 loads voice services, VS2 loads data services, and VS3 loads video services. Each type of service is passed through a separate VS and these services are isolated from each other. The VS’s share all resources except the interfaces. Each VS works as an individual router to process the services.
In image 2, the VS-ADMIN has all the BGP configuration of the sessions referring to mixed content, the VS1 the configurations referring to the IX / PTT contents, the VS2 the configurations referring to the CDN content. Each content is streamed through a separate VS and these contents are isolated from each other. The VS’s share all resources except the interfaces.
That’s it folks, can you imagine the power of this feature on your network?
If you have questions, please contact us! We are available to help them.
Cordial hugs,
Kevin Wauters
IT Consulting Team – Made4it