No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S9300, S9300E, and S9300X V200R010C00

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring and Applying a Tunnel Selector

Configuring and Applying a Tunnel Selector

Context

By configuring a tunnel selector, you can set route filtering conditions to iterate expected routes to the specified tunnels. A tunnel consists of two parts:
  • if-match clause: matches an attribute of routes, for example, RD and next hop.

    If no if-match clause is configured in a tunnel selector, all routes match the tunnel selector.

  • apply clause: applies a tunnel policy to the routes matching the filtering rules.

After a tunnel selector is applied to routes on an ASBR, or SPE device, the device filters routes using the specified filtering rules and iterates the matching routes to specified tunnels.

A tunnel selector takes effect for VPNv4 routes. When a tunnel selector is applied to a BGP-VPNv4 address family on an SPE device in HVPN networking or an ASBR in inter-AS VPN Option B networking, the SPE device or ASBR applies the tunnel policy to VPNv4 routes and iterates the matching routes to expected tunnels.

Procedure

  1. Create a tunnel selector.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      tunnel-selector tunnel-selector-name { permit | deny } node node

      A tunnel selector is created, and tunnel selector view is displayed.

    3. (Optional) Configure if-match clauses.

      If no if-match clause is configured in a tunnel selector, all routes match the tunnel selector.

      • To configure an if-match clause that filters routes based on router distinguishers (RDs), run if-match rd-filter rd-filter-number.
      • To configure an if-match clause that filters routes based on next-hop IPv4 addresses, run if-match ip next-hop { acl { acl-number | acl-name } | ip-prefix ip-prefix-name }.
      • To configure an if-match clause that filters routes based on next-hop IPv6 addresses, run if-match ipv6 next-hop prefix-list ipv6-prefix-name.

    4. Run:

      apply tunnel-policy tunnel-policy-name

      An apply clause is configured to specify a tunnel policy for the routes matching the if-match clause.

  2. Apply the tunnel selector.

    Perform the following steps on an SPE device in HoVPN networking or an ASBR in inter-AS VPN Option B networking:

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      bgp { as-number-plain | as-number-dot }

      The BGP view is displayed.

    3. Run:

      ipv4-family vpnv4

      The BGP-VPNv4 address family view is displayed.

    4. Run:

      tunnel-selector tunnel-selector-name

      The tunnel selector is applied to VPNv4 routes on the local device. The tunnel policy specified in the apply clause is applied to the VPNv4 routes that matching the if-match clause. The VPNv4 routes that are filtered out by the if-match clause are iterated to LSP tunnels.

Checking the Configuration

After configuring and applying a tunnel selector, run the following commands to check information about the tunnel selector and tunnel policy specified in the tunnel selector.

  • Run the display tunnel-selector tunnel-selector-name command to check detailed information about the tunnel selector.
  • Run the display tunnel-policy tunnel-policy-name command to check information about the tunnel policy specified by the apply clause in the tunnel selector.
  • Run the display bgp vpnv4 all routing-table ipv4-address [ mask [ longer-prefixes ] | mask-length [ longer-prefixes ] ] command to check tunnels selected for VPNv4 routes on the ASBR or SPE device.
  • Run the display tunnel-info { tunnel-id tunnel-id | all | statistics [ slots ] } command to check information about tunnels in the system.
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000142068

Views: 119404

Downloads: 212

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next