No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring and Applying a Tunnel Policy

Configuring and Applying a Tunnel Policy

Context

You need to configure tunnel policies on PEs when PWE3 services need to be transmitted over TE tunnels or when PWE3 services need to be load balanced among multiple tunnels to fully use network resources.

Service data on the PWE3 network is transmitted over tunnels. By default, LSP tunnels are used to transmit data, and each service is transmitted by only one LSP tunnel.

If the default tunnel configuration cannot meet PWE3 service requirements, apply tunnel policies to VPNs. You can configure either of the following types of tunnel policies based on service requirements:

  • Tunnel type prioritization policy: This policy can change the type of tunnels selected for PWE3 data transmission or select multiple tunnels for load balancing.
  • Tunnel binding policy: This policy can bind multiple TE tunnels to provide QoS guarantee for PWE3.

Pre-configuration Tasks

Before configuring and applying a tunnel policy, create a tunnel (a GRE, an LSP, or an MPLS TE tunnel) to transmit PWE3 services.

  • For details on how to create a GRE tunnel, see GRE Configuration.

  • For details on how to create an LSP tunnel, see MPLS LDP Configuration in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - MPLS.

  • For details on how to create a TE tunnel, see MPLS TE Configuration in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - MPLS.

Perform the following operations on the PEs that need to use a tunnel policy.

Procedure

  1. Configure a tunnel policy.

    Use either of the following methods to configure a tunnel policy.

    Configure a tunnel type prioritization policy.

    By default, no tunnel policy is configured. LSP tunnels are used to transmit PWE3 data and each VPN service is transmitted over one LSP tunnel.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      tunnel-policy policy-name

      A tunnel policy is created, and tunnel policy view is displayed.

    3. (Optional) Run:

      description description-information

      The description of the tunnel policy is configured.

    4. Run:

      tunnel select-seq { cr-lsp | gre | lsp } * load-balance-number load-balance-number

      The sequence in which each type of tunnel is selected and the number of tunnels participating in load balancing are set.

      NOTE:

      The device does not support GRE tunnels.

    Configure a tunnel binding policy.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface tunnel interface-number

      The tunnel interface view of the MPLS TE tunnel is displayed.

    3. Run:

      mpls te reserved-for-binding

      The binding capability of the TE tunnel is enabled.

    4. Run:

      mpls te commit

      The MPLS TE configuration is committed for the configuration to take effect.

    5. Run:

      quit

      Return to the system view.

    6. Run:

      tunnel-policy policy-name

      A tunnel policy is created.

    7. (Optional) Run:

      description description-information

      The description of the tunnel policy is configured.

    8. Run:

      tunnel binding destination dest-ip-address te { tunnel interface-number } &<1-6> [ ignore-destination-check ] [ down-switch ]

      The TE tunnel is bound to a specified tunnel policy.

      NOTE:
      • If the PE has multiple peers, you can run the tunnel binding command multiple times to specify different destination IP addresses in a tunnel policy.
      • If down-switch is specified in the command, the system selects available tunnels in an order of LSP and CR-LSP when the bound tunnels are unavailable.

  2. Apply the tunnel policy.

    Perform the following operations on AC interfaces on the PEs.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. Use either of the following methods to create a static PW, a dynamic PW, or PW switching.

      • To create a static PW, run:

        mpls static-l2vc { { destination ip-address | pw-template pw-template-name vc-id } * | destination ip-address [ vc-id ] } transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value tunnel-policy tnl-policy-name [ [ control-word | no-control-word ] | [ raw | tagged ] ] *
        NOTE:

        When the AC interfaces are Ethernet interfaces, you can specify the parameters raw and tagged.

      • To create a dynamic PW, run:

        mpls l2vc { ip-address | pw-template pw-template-name } * vc-id tunnel-policy policy-name [ group-id group-id | [ control-word | no-control-word ] | [ raw | tagged ] | mtu mtu-value | secondary ] *
        NOTE:

        When the AC interfaces are Ethernet interfaces, you can specify the parameters raw and tagged.

      • To create static PW switching, run:

        mpls switch-l2vc ip-address vc-id trans trans-label recv received-label [ tunnel-policy policy-name ] between ip-address vc-id trans trans-label recv received-label [ tunnel-policy policy-name ] encapsulation encapsulation-type [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ]
      • To create dynamic PW switching, run:

        mpls switch-l2vc ip-address vc-id [ tunnel-policy policy-name ] between ip-address vc-id [ tunnel-policy policy-name ] encapsulation encapsulation-type [ control-word-transparent ]
      • To create mixed PW switching, run:

        mpls switch-l2vc ip-address vc-id [ tunnel-policy policy-name ] between ip-address vc-id trans trans-label recv received-label [ tunnel-policy policy-name ] encapsulation encapsulation-type [ mtu mtu-value ] [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ]

Checking the Configuration

After configuring a tunnel policy and applying it to PWE3, you can check information about the tunnel policy applied to the PWE3 and tunnels in the system.

  • Run the display tunnel-info { tunnel-id tunnel-id | all | statistics [ slots ] } command to check information about tunnels in the system.
  • Run the display tunnel-policy [ tunnel-policy-name ] command to check the configurations of tunnel policies.
  • Run the display mpls static-l2vc [ vc-id | interface interface-type interface-number | state { down | up } ] command to check the information about static VCs.
  • Run the display mpls l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id | verbose ] | state { down | up } ] command to check the information about virtual circuits in LDP mode.
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141944

Views: 111923

Downloads: 588

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next