No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
SVPN Configuration Commands

SVPN Configuration Commands

NOTE:

The feature is just for beta test, and is not for commercial use. If the feature is required in the test, contact Huawei technical support personnel.

AR502G-L-D-H, AR502GR-L-D-H, AR510&AR530 do not support SVPN.

authentication

Function

The authentication command configures the user name and password for authentication in Hub-Spoke mode.

The undo authentication command cancels the user name and password.

By default, no user name or password is configured.

Format

authentication user-name user-name password cipher cipher-string

undo authentication

Parameters

Parameter

Description

Value

user-name user-name

Specifies a user name for authentication.

The value is a string of 1 to 32 case-sensitive characters without spaces.

password cipher cipher-string

Specifies the authentication password in cipher text.

The value is a string of case-sensitive characters without spaces. It can contain 1 to 16 characters in plain text or 32or 48 characters in cipher text.

Views

SVPN proposal view

Default Level

2: Configuration level

Usage Guidelines

To improve security in Hub-Spoke mode, two communicating parties authenticate each other before establishing an SVPN tunnel between them. An SVPN tunnel can be established only after the two parties pass authentication.

Example

# Set the authentication user name and password to Huawei and Huawei@1234.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] authentication user-name Huawei password cipher Huawei@1234

cmi-method (service view)

Function

The cmi-method command configures a composite measure indicator (CMI) calculation formula for the service flow forwarding path.

The undo cmi-method command restores the default configuration.

By default, the CMI calculation formula is CMI = 9000 - (D + J + L), where, D presents the delay; J presents the jitter; L represents the packet loss rate.

Format

cmi-method cmi-method-formula

undo cmi-method

Parameters

Parameter

Description

Value

cmi-method-formula

Specifies the CMI calculation formula.

  • The CMI calculation formula is CMI = 9000 - cmi-method. You can define how cmi-method is calculated based on service requirements, and the default value is D + J + L.

  • In the CMI calculation formula, if there is a coefficient before D, J, or L, the product of D, J, or L and the coefficient must be smaller than or equal to 5000, 3000, and 1000 respectively. If the product is larger than the maximum values (5000, 3000, and 1000), the maximum values are used. For example, when the formula CMI = 9000 - (10 x D + 10 x J + 10 x L) is used, and the D, J, and L are 1000 ms, 100 ms, and 10‰ respectively, the CMI is calculated as follows: CMI = 9000 - (5000 + 1000 + 100) = 2900. This is because 10 x D is 10000, which exceeds the maximum value 5000 and can only be calculated as 5000.

The value is a string of 1 to 20 characters. The value contains only digits, plus sign (+), asterisk (*), slash (/), and letters (D, d, L, l, J, or j).

Only the plus operator (+) can be used among parameters D, J, and L. These parameters can be multiplied or divided by a positive integer. For example:
  • 10 x D
  • D x 10 + J/10
  • D x 100 + J x 10 + L/10
NOTE:

D or d indicates the delay; J or j indicates the jitter; and L or l indicates the packet loss rate.

Views

Service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can run this command to customize the CMI calculation formula based on service requirements. SVPN determines link quality based on the CMI value and selects an optimal link to forward service data.

Precautions

After an SVPN proposal is bound to an SVPN tunnel interface, you need to unbind the SVPN proposal from the interface if you want to modify the CMI calculation formula for the service flow forwarding path.

Example

# Set the CMI calculation formula for the service flow forwarding path to CMI = 9000 - (D + J).

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] service s1 id 1
[Huawei-svpn-proposal-p1-service-s1] cmi-method d+j

cmi-threshold (service view)

Function

The cmi-threshold command configures a composite measure indicator (CMI) threshold for the service flow forwarding path.

The undo cmi-threshold command restores the default configuration.

By default, the CMI, delay, jitter, and packet loss rate thresholds are 0, 5000 ms, 3000 ms, and 1000‰ respectively.

Format

cmi-threshold { cmi cmi-threshold-value | delay delay-threshold-value | jitter jitter-threshold-value | loss loss-threshold-value } *

undo cmi-threshold

Parameters

Parameter

Description

Value

cmi cmi-threshold-value

Specifies a CMI threshold for a service flow forwarding path.

The value is an integer that ranges from 0 to 9000.

delay delay-threshold-value Specifies a delay threshold for a service flow forwarding path. The value is an integer that ranges from 0 to 5000, in milliseconds.
jitter jitter-threshold-value Specifies a jitter threshold for a service flow forwarding path. The value is an integer that ranges from 0 to 3000, in milliseconds.
loss loss-threshold-value Specifies a packet loss rate threshold for a service flow forwarding path. The value is an integer that ranges from 0 to 1000, in ‰.

Views

Service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • CMI is the composite measure indicator of a link. Many services have requirements for link delay, jitter, and packet loss rate. Therefore, users need to configure the correct CMI calculation formula according to service requirements and use the cmi-threshold command set the CMI threshold. When the calculated CMI value is lower than the configured CMI threshold, SVPN determines that the link CMI does not meet service requirements.

  • The service delay threshold is the maximum service delay allowed by services on a link. If services require a short delay, this threshold needs to be set.

  • The service jitter threshold is the maximum service jitter allowed by services on a link. If services require a low jitter, this threshold needs to be set.

  • The packet loss rate threshold is the maximum packet loss rate allowed by services on a link. If services require a low packet loss rate, this threshold needs to be set.

If either of the following occurs, the path does not meet the requirement.
  • The CMI value calculated using the CMI calculation formula is smaller than the configured CMI threshold.

  • The path delay is larger than the configured delay threshold.

  • The path jitter is larger than the configured delay threshold.

  • The packet loss rate value of a path is larger than the configured packet loss rate threshold.

Precautions

After an SVPN proposal is bound to an SVPN tunnel interface, you need to unbind the SVPN proposal from the interface if you want to modify the CMI threshold for the service traffic forwarding path.

If you run the cmi-threshold command multiple times, only the latest configuration takes effect.

Example

# Set the CMI threshold for an SVPN service flow forwarding path to 7000.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] service s1 id 1
[Huawei-svpn-proposal-p1-service-s1] cmi-threshold cmi 7000

encapsulation (SVPN proposal view)

Function

The encapsulation command configures the encapsulation type for SVPN packets.

The undo encapsulation command restores the default configuration.

By default, the encapsulation type of SVPN packets is NULL.

Format

encapsulation gre

undo encapsulation

Parameters

Parameter Description Value
gre Specifies the GRE encapsulation type for packets. -

Views

SVPN proposal view

Default Level

2: Configuration level

Usage Guidelines

You do not need to set the encapsulation type for SVPN packets to GRE when the device works in Lone Ranger mode. If the encapsulation type is set to GRE, you need to configure the SVPN function on the peer device and configure the peer device to work in Lone Ranger mode. Otherwise, service flows cannot be transmitted between the two devices.

In Hub-Spoke mode, you can use either of the following methods to set the encapsulation type for SVPN packets to GRE:
  • Run the encapsulation command to set the encapsulation type for SVPN packets to GRE. Packets on all service flow forwarding paths in the SVPN proposal use the GRE encapsulation type. If you want to set the GRE encapsulation type for packets on some service flow forwarding paths, use the following method.
  • Specify the encapsulation gre parameter when you run the source (SVPN proposal view) command to configure a forwarding path for the service flow. In this way, the encapsulation type for packets on the specified forwarding path is set to GRE.

Example

# Set the encapsulation type for SVPN packets to GRE.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] encapsulation gre

destination (SVPN proposal view)

Function

The destination command configures the destination address for a service flow forwarding path.

The undo destination command deletes the destination address of a service flow forwarding path.

By default, no destination address is configured for a service flow forwarding path.

Format

destination dest-ip-address

undo destination

Parameters

Parameter Description Value
dest-ip-address Specifies a destination address for a service flow forwarding path. The value is in dotted decimal notation.

Views

SVPN proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an SVPN proposal is created, you need to configure service flow forwarding paths for the SVPN proposal to direct packet forwarding. You can use the following methods to configure a service flow forwarding path.
  • Run the source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number } destination dest-ip-address { bandwidth { { up bw-value | down bw-value } * | bw-value } | encapsulation gre | track nqa admin-name test-name } * command to configure the source address/interface and destination address for a service flow forwarding path.
  • Run the source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number } { bandwidth { { up bw-value | down bw-value } * | bw-value } | encapsulation gre | track nqa admin-name test-name } * or source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number } command to configure the source address or source interface for a service flow forwarding path, and then run the destination dest-ip-address command to configure the destination address for the path.

Precautions

If you configure a service flow forwarding path using the source (service view) command without destination dest-ip-address specified or the source (SVPN proposal view) command, you must run the this command to configure the destination address for the path. Otherwise, the path cannot be used to forward SVPN packets.

Example

# Set the destination address of a service flow forwarding path to 2.2.2.9.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] destination 2.2.2.9

svpn-proposal (system view)

Function

The svpn-proposal command creates an SVPN proposal and enters the SVPN proposal view.

The undo svpn-proposal command deletes an SVPN proposal.

By default, no SVPN proposal is created on the device.

Format

svpn-proposal svpn-proposal-name

undo svpn-proposal svpn-proposal-name

Parameters

Parameter Description Value
svpn-proposal-name Specifies the name of an SVPN proposal. The value is a string of 1 to 31 case-sensitive characters without spaces or hyphens (-). When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

SVPN binds multiple WAN access lines to provide high bandwidth and highly reliable networks for customers. When the SVPN function is required, you can run this command to create an SVPN proposal.

Precautions

After you run the undo svpn-proposal command to delete an SVPN proposal, all configurations in the SVPN proposal are deleted.

Follow-up Procedure

After creating an SVPN proposal, you need to perform a series of configurations for the SVPN proposal. The mandatory operations are as follows:

  • Creating an SVPN service: Only after you run the service (SVPN proposal view) command to create an SVPN service, you can set other parameters for the service. The parameters include the forwarding path and scheduling mode for a service flow, and the packet matching mode.
  • Binding an SVPN proposal to an SVPN tunnel interface: Run the svpn-proposal (tunnel interface view) command to bind an SVPN proposal to an SVPN tunnel interface. After the SVPN proposal is bound to a tunnel interface, packets received by this interface are forwarded along the path for SVPN service packets.

Example

# Create an SVPN proposal p1.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] 

svpn-proposal (tunnel interface view)

Function

The svpn-proposal command binds an SVPN proposal to an SVPN tunnel interface.

The undo svpn-proposal command unbinds an SVPN proposal from an SVPN tunnel interface.

By default, no SVPN proposal is bound to a tunnel interface.

Format

svpn-proposal svpn-proposal-name

undo svpn-proposal svpn-proposal-name

Parameters

Parameter Description Value
svpn-proposal-name Specifies the name of an SVPN proposal. The value is an existing SVPN proposal name.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an SVPN proposal is created, you need to bind the SVPN proposal to an SVPN tunnel interface. After the SVPN proposal is bound to a tunnel interface, packets received by this interface are forwarded along the path for SVPN service packets.

Prerequisite

An SVPN proposal has been created by using the svpn-proposal (system view) command and the tunnel protocol type has been set to SVPN by using the tunnel-protocol svpn [ p2p | p2mp ] command.

Precautions

One SVPN proposal can be bound to only one tunnel interface. If you want to bind the SVPN proposal to another tunnel interface, unbind the SVPN proposal from the previous tunnel interface first.

All configurations in the SVPN proposal that has been bound to an SVPN tunnel interface cannot be modified. To modify the configurations, unbind the SVPN proposal from the tunnel interface.

Example

# Bind the SVPN proposal p1 to Tunnel0/0/1.

<Huawei> system-view
[Huawei] acl 3000
[Huawei-acl-adv-3000] rule 5 permit ip
[Huawei-acl-adv-3000] quit
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] encapsulation gre
[Huawei-svpn-proposal-p1] source 1.1.1.9 destination 2.2.2.9 bandwidth 1024
[Huawei-svpn-proposal-p1] service s1 id 1
[Huawei-svpn-proposal-p1-service-s1] schedule-type overflow
[Huawei-svpn-proposal-p1-service-s1] match acl 3000
[Huawei-svpn-proposal-p1-service-s1] source 1.1.1.9
[Huawei-svpn-proposal-p1-service-s1] quit
[Huawei-svpn-proposal-p1] quit
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol svpn p2p
[Huawei-Tunnel0/0/1] svpn-proposal p1

svpn-zone

Function

The svpn-zone command configures an SVPN zone for a tunnel interface.

The undo svpn-zone command restores the default configuration.

By default, a tunnel interface belongs to SVPN zone 0.

Format

svpn-zone zone-number

undo svpn-zone

Parameters

Parameter Description Value
zone-number Specifies an SVPN zone. The value is an integer that ranges from 1 to 1000. The default value is 0.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When multiple SVPN tunnel interfaces are configured on a device in an SVPN scenario, you need to run this command to configure different SVPN zones for these interfaces to ensure proper data forwarding.

Prerequisite

The tunnel protocol type has been set to SVPN by using the tunnel-protocol command.

Precautions

After an SVPN proposal is bound to a tunnel interface, you cannot modify the SVPN zone of the interface. To modify the SVPN zone of the interface, unbind the SVPN proposal from the interface first.

The SVPN zones of SVPN tunnel interfaces on a device must differ from one another, regardless of whether the device works in Lone Ranger or Hub-Spoke mode. If the device works in Hub-Spoke mode, the Hub and Spoke devices must be configured with the same SVPN zone. If the device works in Lone Ranger mode and uses the GRE encapsulation type, the connected devices must be configured with the same SVPN zone.

Example

# Set the SVPN zone of Tunnel0/0/1 to 1.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol svpn
[Huawei-Tunnel0/0/1] svpn-zone 1

match (service view)

Function

The match command configures an ACL rule or an application protocol type for matching service flows.

The undo match command deletes an ACL rule or an application protocol type for matching service flows.

By default, service flows do not match any rule.

Format

match { acl acl-number | application protocol-name }

undo match { acl acl-number | application protocol-name }

Parameters

Parameter Description Value
acl acl-number Indicates that the device matches service flows by ACL rule. The value is an integer that ranges from 2000 to 3999.
application protocol-name Indicates that the device matches service flows by application protocol type.
NOTE:

AR503GW-LM7, AR503GW-LcM7, AR509G-L-D-H, AR509GW-L-D-H do not support this parameter.

AR510 series do not support this parameter.

The value is a character string without spaces and varies with the feature library.

Views

Service view

Default Level

2: Configuration level

Usage Guidelines

SVPN distinguishes different service flows by matching ACL rules or application protocol types.

If no matching ACL rule or application protocol type is configured for SVPN service flows, all the service flows sent to the SVPN tunnel interface can be forwarded. SVPN randomly selects an available forwarding path.

Example

# Distinguish the service flow s1 by matching the ACL rule 3000.

<Huawei> system-view
[Huawei] acl number 3000
[Huawei-acl-adv-3000] rule 5 permit ip
[Huawei-acl-adv-3000] quit
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] service s1 id 1
[Huawei-svpn-proposal-p1-service-s1] match acl 3000

recovery-delay

Function

The recovery-delay command configures the delay for switching a service flow between forwarding paths when the scheduling mode is Priority.

The undo recovery-delay command restores the default configuration.

By default, the delay for switching a service flow between forwarding paths is 5s.

Format

recovery-delay delay-time

undo recovery-delay

Parameters

Parameter Description Value
delay-time Specifies the switching delay. The value is an integer that ranges from 0 to 30000, in seconds. The default value is 5s.

Views

SVPN proposal view

Default Level

2: Configuration level

Usage Guidelines

In an SVPN scenario, when the scheduling mode is set to Priority, the device usually switches a service flow to the optimal path in 5seconds when it detects that a better path is available. When a network is unstable, the service flow may be frequently switched between different paths, resulting in data loss. You can run this command to set an appropriate switching delay.

Example

# Set the delay for switching service flow between forwarding paths to 60s.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] recovery-delay 60

reorder-window

Function

The reorder-window command configures the size of the receive or transmit buffer for SVPN packets.

The undo reorder-window command restores the default configuration.

By default, the size of the receive or transmit buffer for SVPN packets is 64.

Format

reorder-window window-size

undo reorder-window

Parameters

Parameter Description Value
window-size Specifies the size of the receive or transmit buffer for SVPN packets. The value is an integer, which can be 32, 64, or 128.

Views

SVPN proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When SVPN binds multiple WAN access lines and the scheduling mode for a service flow is set to Overflow, packets in the service flow may be forwarded through multiple paths. As a result, the receiver end may receive mis-sequencing packets, leading to communication quality deterioration. You can run this command to adjust the size of the receive or transmit buffer for SVPN packets to reduce packet mis-sequencing.

Precautions

You are advised to specify the window-size parameter under the supervision of the technical support personnel.

Example

# Set the size of the receive or transmit buffer for SVPN packets to 128.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] reorder-window 128

schedule-type (service view)

Function

The schedule-type command configures a mode for scheduling a service flow to one or more forwarding paths.

The undo schedule-type command deletes the mode for scheduling a service flow to one or more forwarding paths.

By default, no mode is configured for scheduling a service flow.

Format

schedule-type { overflow | priority }

undo schedule-type

Parameters

Parameter Description Value
overflow Indicates that a service flow is scheduled based on the path bandwidth. -
priority Indicates that a service flow is scheduled based on the path priority. -

Views

Service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To configure the SVPN function, the device needs to distinguish different types of service flows. Multiple forwarding paths may be available for one type of service flow. You can run this command to configure a mode for scheduling a service flow to one or more forwarding paths.

  • Overflow mode: The device schedules the service flow based on the path bandwidth. Packets of one service flow can be transmitted over different paths. If the bandwidth of the first available path is occupied, packets are scheduled to a second available path, and so on.

    You can run the source index (service view) command to manually sequence the paths.

  • Priority mode: The device schedules the service flow based on the path priority. Packets of one service flow can be transmitted over only one optimal path. When selecting the optimal path, the device calculates forwarding paths that meet the criteria using link detection (associated NQA instances or the default link quality measurement method) and then selects the first available path from these paths.

    Multiple forwarding paths may meet the link quality criteria. To select the first available path from these paths, run the source index (service view) command to manually sequence the paths.

Precautions

Ensure that the schedule-type command is configured in the service view before you bind an SVPN proposal to an SVPN tunnel interface. After an SVPN proposal is bound to an SVPN tunnel interface, you need to unbind the SVPN proposal from the interface if you want to modify the mode for scheduling a service flow.

Example

# Set the mode for scheduling a service flow to Overflow.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] service s1 id 1
[Huawei-svpn-proposal-p1-service-s1] schedule-type overflow

service (SVPN proposal view)

Function

The service command creates an SVPN service and displays the service view.

The undo service command deletes an SVPN service.

By default, no SVPN service is created.

Format

service service-name [ id service-id ]

undo service service-name

Parameters

Parameter Description Value
service-name Specifies the name of an SVPN service. The value is a string of 1 to 31 case-sensitive characters without spaces or hyphens (-). The total length of the names of the SVPN service and SVPN proposal must be within 56 case-sensitive characters.
id service-id Specifies the ID of an SVPN service. The value is an integer that ranges from 1 to 8.

Views

SVPN proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an SVPN service is created, you can configure other parameters for the SVPN service to implement the SVPN function. The parameters include the forwarding path and scheduling mode for a service flow, and the packet matching mode.

Precautions

You must specify the id parameter when you create an SVPN service for the first time. The SVPN service ID is unique in an SVPN proposal and the created service ID cannot be modified.

After an SVPN service is created, you do not need to specify the id parameter in the service view.

If the device works in Hub-Spoke mode, the Hub and Spoke devices must be configured with the same service-id.

Example

# Create an SVPN service named s1 with the ID 1.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] service s1 id 1
[Huawei-svpn-proposal-p1-service-s1] 

source (SVPN proposal view)

Function

The source command configures one or more forwarding paths for a service flow.

The undo source command deletes the forwarding paths of a service flow.

By default, no forwarding path is configured for a service flow.

Format

source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number } [ destination dest-ip-address ] { bandwidth { { up bw-value | down bw-value } * | bw-value } | encapsulation gre | track nqa admin-name test-name } *

undo source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number }

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Specifies the name of the VPN instance to which the specified source address belongs. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
source-ip-address Specifies a source address for a service flow forwarding path. The value is in dotted decimal notation.
interface-type interface-number Specifies the type and number of the source interface for a service flow forwarding path.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-
destination dest-ip-address Specifies a destination address for a service flow forwarding path. The value is in dotted decimal notation.
bandwidth { { up bw-value | down bw-value } * | bw-value } Specifies the link bandwidth of a forwarding path.
  • up: indicates the uplink bandwidth.
  • down: indicates the downlink bandwidth.
  • If neither up or down is specified, this parameter indicates the uplink bandwidth and downlink bandwidth.
NOTE:

If this parameter is not specified, the bandwidth of the forwarding path is equal to the actual physical bandwidth of the source interface.

The value is an integer that ranges from 0 to 4000000000, in kbit/s.
encapsulation gre Specifies the GRE encapsulation type for packets on a forwarding path. -
track nqa admin-name test-name Specifies the name of the administrator of the NQA test instance and the name of the test instance associated with a service flow forwarding path.
NOTE:

If this parameter is not specified, the default link quality measurement method is used to calculate the delay and packet loss rate of the forwarding path.

The value of admin-name or test-name is a string of 1 to 32 case-sensitive characters without spaces.

Views

SVPN proposal view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After an SVPN proposal is created, you need to configure service flow forwarding paths for the SVPN proposal to direct packet forwarding. You can use the following methods to configure a service flow forwarding path.
  • Run the source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number } destination dest-ip-address { bandwidth { { up bw-value | down bw-value } * | bw-value } | encapsulation gre | track nqa admin-name test-name } * command to configure the source address/interface and destination address for a service flow forwarding path.
  • Run the source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number } { bandwidth { { up bw-value | down bw-value } * | bw-value } | encapsulation gre | track nqa admin-name test-name } * or source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number } command to configure the source address or source interface for a service flow forwarding path, and then run the destination dest-ip-address command to configure the destination address for the path.

After multiple forwarding paths are configured using this command, SVPN supports the following modes for scheduling service flows:

  • Overflow mode: The device schedules the service flow based on the path bandwidth. Packets of one service flow can be transmitted over different paths. If the bandwidth of the first available path is occupied, packets are scheduled to a second available path, and so on. You can run the source index (service view) command to manually sequence the paths.

    When the Overflow mode is used:
    • You can specify bandwidth to configure the bandwidth for a forwarding path. If bandwidth is not specified, the actual physical bandwidth of the source interface is used. In practice, SVPN adjusts the bandwidth of the forwarding paths based on the packet loss rate calculated using link detection (associated the default link quality measurement method) in real time to provide a better service.

    • If the link detection result shows that the delay of a second available path is much larger than the delay of the first available path, SVPN does not use this path but searches for another path that meets the link quality requirement.

  • Priority mode: The device schedules the service flow based on the path priority. Packets of one service flow can be transmitted over only one optimal path. When this mode is used, SVPN can select a path using either of the following methods:

    • Associate with NQA instances by specifying track nqa to calculate forwarding paths that meet the criteria and then select the first available path from these paths.
    • Use the default link quality measurement method to calculate forwarding paths that meet the criteria and then select the first available path from these paths.

    Multiple forwarding paths may meet the link quality criteria. To select the first available path from these paths, run the source index (service view) command to manually sequence the paths.

    NOTE:

    When this mode is used, the bandwidth parameter does not take effect even if it is specified for service flow forwarding path.

Precautions

  • A maximum of eight forwarding paths can be created for an SVPN proposal. You can run this command to configure one or more forwarding paths or run the source (service view) command to configure a new forwarding path for the SVPN service.

  • If you run this command multiple times, the latest configuration for the following parameters overrides the previous configuration. The parameters that are overridden include destination dest-ip-address, bandwidth { { up bw-value | down bw-value } * | bw-value }, and track nqa admin-name test-name.

  • Generally, the GRE encapsulation type is not required when you configure forwarding paths for a device working in Lone Ranger mode. If the encapsulation type is set to GRE, you need to configure the SVPN function on the peer device and configure the peer device to work in Lone Ranger mode. Otherwise, service flows cannot be transmitted between the two devices. In Hub-Spoke mode, you can use either of the following methods to set the encapsulation type for SVPN packets to GRE:
    • Set the encapsulation type to GRE by specifying the encapsulation gre parameter in this command.
    • Run the encapsulation (SVPN proposal view) command to set the encapsulation type for SVPN packets to GRE. Packets on all service flow forwarding paths in the SVPN proposal use the GRE encapsulation type. If you want to set the GRE encapsulation type for packets on some service flow forwarding paths, use the first method.
  • When you delete a forwarding path that has been referenced by the SVPN service, the forwarding path still exists in the service view as a newly created path.

Example

# Configure a forwarding path for the SVPN proposal p1, whose source address, destination address, and bandwidth are 1.1.1.9, 2.2.2.9, and 1024 kbit/s respectively.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] source 1.1.1.9 destination 2.2.2.9 bandwidth 1024

source (service view)

Function

The source command configures one or more service flow forwarding paths for the SVPN service.

The undo source command deletes one or more service flow forwarding paths for the SVPN service.

By default, no service flow forwarding path is configured for the SVPN service.

Format

source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number }

undo source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number }

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Specifies the name of the VPN instance to which the specified source address belongs. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
source-ip-address Specifies a source address for a service flow forwarding path. The value is in dotted decimal notation.
interface-type interface-number Specifies the type and number of the source interface for a service flow forwarding path.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-

Views

Service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After service flow forwarding paths are configured for an SVPN proposal, you can run this command to apply an existing forwarding path to the SVPN service. You can also run this command and the destination (SVPN proposal view) command to create a new service flow forwarding path for the SVPN service.

Precautions

If you run this command to create a new service flow forwarding path, the path uses the default link quality measurement method, actual physical bandwidth of the source interface, and packet encapsulation type configured for the SVPN proposal.

Currently, a maximum of eight forwarding paths can be configured for a service flow.

Example

# Apply the existing forwarding path with the source address 1.1.1.9, destination address 2.2.2.9, and packet encapsulation type GRE to the SVPN service s1.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] source 1.1.1.9 destination 2.2.2.9 encapsulation gre
[Huawei-svpn-proposal-p1] service s1 id 1
[Huawei-svpn-proposal-p1-service-s1] source 1.1.1.9

source index (service view)

Function

The source index command adjusts the sequence of forwarding paths for a service flow in the SVPN service.

By default, forwarding paths are sequenced according to the configuration time.

Format

source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number } index path-index

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Specifies the name of the VPN instance to which the specified source address belongs. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
source-ip-address Specifies a source address for a service flow forwarding path. The value is in dotted decimal notation.
interface-type interface-number Specifies the type and number of the source interface for a service flow forwarding path.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-
path-index Specifies an index for a service flow forwarding path.
NOTE:

The index cannot be larger than the total number of forwarding paths currently configured.

The value is an integer that ranges from 1 to 8.

Views

Service view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After forwarding paths are configured for an SVPN service flow, you can run this command to adjust the sequence of the forwarding paths.

Prerequisite

Before adjusting the sequence of the forwarding paths for a service flow, you need to run the source (SVPN proposal view) command to create a forwarding path and the source (service view) command to reference this forwarding path, or run the source (service view) command to create a forwarding path.

Precautions

After an SVPN proposal is bound to an SVPN tunnel interface, you need to unbind the SVPN proposal from the interface if you want to adjust the sequence of the forwarding paths.

When you adjust the sequence of the forwarding paths, the specified source related parameters must be the same as those of the forwarding path to be adjusted.

Example

# Set the index of the forwarding path with the source addresses of 1.1.1.9 to 2.

<Huawei> system-view
[Huawei] svpn-proposal p1
[Huawei-svpn-proposal-p1] destination 2.2.2.9
[Huawei-svpn-proposal-p1] service s1 id 1
[Huawei-svpn-proposal-p1-service-s1] source 1.1.1.9
[Huawei-svpn-proposal-p1-service-s1] source 3.3.3.9
[Huawei-svpn-proposal-p1-service-s1] source 4.4.4.9
[Huawei-svpn-proposal-p1-service-s1] source 1.1.1.9 index 2
[Huawei-svpn-proposal-p1-service-s1] display this
#
 service s1 id 1
  source 3.3.3.9
  source 1.1.1.9
  source 4.4.4.9
#
return

tunnel-protocol

Function

The tunnel-protocol command configures the tunnel protocol on a tunnel interface.

The undo tunnel-protocol command restores the tunnel protocol to the default configuration.

By default, no tunnel protocol is used on a tunnel interface.

Format

tunnel-protocol { gre [ p2mp ] | ipsec | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] | ipv4-ipv6 | svpn [ p2p | p2mp ] | none }

undo tunnel-protocol

Parameters

Parameter Description Value
gre

Indicates that the GRE tunnel protocol is configured on a tunnel interface.

-
gre p2mp

Indicates that the mGRE tunnel protocol is configured on a tunnel interface. If this parameter is not used, the tunnel protocol configured on a tunnel interface is a traditional point-to-point GRE.

-
ipsec

Indicates that the IPSec tunnel protocol is configured on a tunnel interface.

-
ipv4-ipv6

Indicates that the IPv4 to IPv6 tunnel protocol is configured on a tunnel interface.

-
ipv6-ipv4

Configures the tunnel protocol of the tunnel interface as ipv6-ipv4 and uses a manual IPv6 over IPv4 tunnel.

-
ipv6-ipv4 6to4

Indicates that the IPv6 to IPv4 tunnel protocol is configured on a tunnel interface using 6to4.

-
ipv6-ipv4 auto-tunnel

Configures the tunnel protocol of the tunnel interface as ipv6-ipv4 and uses an automatic IPv6 over IPv4 tunnel.

-
ipv6-ipv4 isatap

Indicates that the IPv6 to IPv4 tunnel protocol is configured on a tunnel interface using isatap.

-
svpn [ p2p | p2mp ]

Indicates that the SVPN tunnel protocol is configured on a tunnel interface.

  • p2p: indicates the P2P SVPN tunnel protocol.
  • p2mp: indicates the P2MP SVPN tunnel protocol.
-
none

Indicates that no tunnel protocol is configured on a tunnel interface.

-

Views

Tunnel interface view, Tunnel-Template interface view

NOTE:

The tunnel template interface view supports the ipsec and none parameters only.

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating a tunnel interface using the interface tunnel command, run the tunnel-protocol command to configure the tunnel encapsulation mode for the tunnel interface.

The following tunnel encapsulation modes are available:
  • GRE: encapsulates packets of some network layer protocols such as IP or IPX to enable these encapsulated packets to be transmitted on networks running other protocols such as IP. When the p2mp parameter is specified following gre, you can set the tunnel encapsulation mode to P2MP GRE. The destination address of a P2MP GRE tunnel does not need to be manually configured. Instead, the destination address of this tunnel can either be defined by a protocol (for example, NHRP in a DSVPN scenario) or be dynamically learned.
  • IPSec: protects the security of data transmitted on the Internet by establishing tunnels using the IPSec protocol.
  • IPv4-IPv6: creates tunnels on the IPv6 networks to connect IPv4 isolated sites so that IPv4 isolated sites can access other IPv4 networks through the IPv6 public network.
  • IPv6-IPv4: creates tunnels on the IPv4 networks to connect IPv6 isolated sites so that IPv6 packets can be transmitted on IPv4 networks.
  • SVPN: binds multiple WAN access lines to provide high bandwidth and highly reliable networks for customers.

    • When the SVPN mode is set to Hub-Spoke, specify p2p on the Spoke and p2mp on the hub when configuring a tunnel protocol.
    • When the SVPN mode is set to Lone Ranger, you must not specify p2p or p2mp.

Precautions

  • The none mode indicates the initial configuration, that is, no tunnel encapsulation mode is configured. In practice, you must select another tunnel encapsulation mode.
  • You must configure the tunnel encapsulation mode before setting the source IP address or other parameters for a tunnel interface. Changing the encapsulation mode of a tunnel interface deletes other parameters of the tunnel interface. When an SVPN proposal is bound to a tunnel interface, you cannot modify the tunnel encapsulation mode.

Example

# Set the tunnel encapsulation mode of Tunnel0/0/2 to mGRE.
<Huawei> system-view
[Huawei] interface tunnel 0/0/2
[Huawei-Tunnel0/0/2] tunnel-protocol gre p2mp
# Set the tunnel encapsulation mode of Tunnel0/0/2 to GRE.
<Huawei> system-view
[Huawei] interface tunnel 0/0/2
[Huawei-Tunnel0/0/2] tunnel-protocol gre
Related Topics
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 52395

Downloads: 102

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next