No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S1720, S2700, S5700, and S6720 V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring and Applying a Tunnel Policy

Configuring and Applying a Tunnel Policy

Pre-configuration Tasks

Before configuring a tunnel policy, complete the following tasks:

  • Create LSP or MPLS TE tunnels to transmit VPN services. For details about how to create an LSP tunnel and a TE tunnel, see MPLS LDP Configuration and MPLS TE Configuration in the S1720, S2700, S5700, and S6720 V200R010C00 Configuration Guide - MPLS.

  • Establish the basic VPN network. For details about BGP/MPLS IP VPN configuration, see Configuring Basic BGP/MPLS IP VPN Functions.

Context

VPN data is transmitted over tunnels. By default, LSP tunnels are used to transmit data, and each service is transmitted by only one LSP tunnel.

If the default tunnel configuration cannot meet VPN service requirements, apply tunnel policies to VPNs. You can configure either of the following types of tunnel policies according to service requirements:

  • Tunnel type prioritization policy: This policy can change the type of tunnels selected for VPN data transmission or select multiple tunnels for load balancing.
  • Tunnel binding policy: This policy can bind multiple TE tunnels to provide QoS guarantee for a VPN.

Procedure

  1. Configure a tunnel policy.

    Use either of the following methods to configure a tunnel policy.

    Configure a tunnel type prioritization policy.

    By default, no tunnel policy is configured. LSP tunnels are used to transmit VPN data and each VPN service is transmitted over one LSP tunnel.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      tunnel-policy policy-name

      A tunnel policy is created, and tunnel policy view is displayed.

    3. (Optional) Run:

      description description-information

      The description of the tunnel policy is configured.

    4. Run:

      tunnel select-seq { lsp | cr-lsp }* load-balance-number load-balance-number

      The sequence in which each type of tunnel is selected and the number of tunnels participating in load balancing are set.

    Configure a tunnel binding policy.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface tunnel interface-number

      A tunnel interface is created and the tunnel interface view is displayed.

    3. Run:

      tunnel-protocol mpls te

      MPLS TE is configured as a tunnel protocol.

    4. Run:

      mpls te reserved-for-binding

      The binding capability of the TE tunnel is enabled.

    5. Run:

      mpls te commit

      The MPLS TE configuration is committed for the configuration to take effect.

    6. Run:

      quit

      Return to the system view.

    7. Run:

      tunnel-policy policy-name

      A tunnel policy is created.

    8. (Optional) Run:

      description description-information

      The description of the tunnel policy is configured.

    9. Run:

      tunnel binding destination dest-ip-address te { tunnel interface-number } &<1-6> [ ignore-destination-check ] [ down-switch ]

      Bind specified TE tunnels in the policy.

      NOTE:
      • If the PE device has multiple peers, you can run the tunnel binding command multiple times to specify different destination IP addresses in a tunnel policy.
      • If down-switch is specified in the command, the system selects available tunnels in an order of LSP, CR-LSP when the bound tunnels are unavailable.

  2. Apply the tunnel policy.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run:

      ipv4-family

      The VPN instance IPv4 address family view is displayed.

    4. Run:

      tnl-policy policy-name

      A tunnel policy is applied to the VPN instance IPv4 address family.

Checking the Configuration

After configuring a tunnel policy and applying it to a VPN instance, you can check information about the tunnel policy applied to the VPN instance and tunnels in the system.

  • Run the display tunnel-info { tunnel-id tunnel-id | all | statistics [ slots ] } command to check information about tunnels in the system.
  • Run the display interface tunnel interface-number command to check detailed information about a specified tunnel interface.
  • Run the display tunnel-policy [ tunnel-policy-name ] command to check information about the specified tunnel policy.
  • Run the display ip vpn-instance verbose [ vpn-instance-name ] command to check the tunnel policy applied to the specified VPN instance.
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000141944

Views: 70402

Downloads: 501

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next