No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - VPN

This document describes the VPN configuration procedures and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring and Applying a Tunnel Policy

Configuring and Applying a Tunnel Policy

Pre-configuration Tasks

Before configuring a tunnel policy, complete the following tasks:

  • Create LSP or MPLS TE tunnels to transmit VPN services. For details about how to create an LSP tunnel and a TE tunnel, see MPLS LDP Configuration and MPLS TE Configuration in the S12700 V200R011C10 Configuration Guide - MPLS.

  • Establish the basic VPN network. For details about BGP/MPLS IPv6 VPN configuration, see Configuring Basic BGP/MPLS IPv6 VPN.

Context

VPN data is transmitted over tunnels. By default, LSP tunnels are used to transmit data, and each service is transmitted by only one LSP tunnel.

If the default tunnel configuration cannot meet VPN service requirements, apply tunnel policies to VPNs. You can configure either of the following types of tunnel policies based on service requirements:

  • Tunnel type prioritization policy: This policy can change the type of tunnels selected for VPN data transmission or select multiple tunnels for load balancing.
  • Tunnel binding policy: This policy can bind multiple TE tunnels to provide QoS guarantee for a VPN.

Procedure

  1. Configure a tunnel policy.

    Use either of the following methods to configure a tunnel policy.

    Configure a tunnel type prioritization policy.

    By default, no tunnel policy is configured. LSP tunnels are used to transmit VPN data and each VPN service is transmitted over one LSP tunnel.

    1. Run system-view

      The system view is displayed.

    2. Run tunnel-policy policy-name

      A tunnel policy is created, and tunnel policy view is displayed.

    3. (Optional) Run description description-information

      The description of the tunnel policy is configured.

    4. Run tunnel select-seq { gre | lsp | cr-lsp }* load-balance-number load-balance-number

      The sequence in which each type of tunnel is selected and the number of tunnels participating in load balancing are set.

      NOTE:

      Currently, the product does not support GRE tunnels.

    Configure a tunnel binding policy.

    1. Run system-view

      The system view is displayed.

    2. Run interface tunnel interface-number

      A tunnel interface is created and the tunnel interface view is displayed.

    3. Run tunnel-protocol mpls te

      MPLS TE is configured as a tunnel protocol.

    4. Run mpls te reserved-for-binding

      The binding capability of the TE tunnel is enabled.

    5. Run mpls te commit

      The MPLS TE configuration is committed for the configuration to take effect.

    6. Run quit

      Return to the system view.

    7. Run tunnel-policy policy-name

      A tunnel policy is created.

    8. (Optional) Run description description-information

      The description of the tunnel policy is configured.

    9. Run tunnel binding destination dest-ip-address te { tunnel interface-number } &<1-16> [ ignore-destination-check ] [ down-switch ]

      Bind specified TE tunnels in the policy.

      NOTE:
      • If the PE has multiple peers, you can run the tunnel binding command multiple times to specify different destination IP addresses in a tunnel policy.
      • If down-switch is specified in the command, the system selects available tunnels in an order of LSP, CR-LSP when the bound tunnels are unavailable.

  2. Apply the tunnel policy.
    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run ipv6-family

      The VPN instance IPv6 address family view is displayed.

    4. Run tnl-policy policy-name

      A tunnel policy is applied to the VPN instance IPv6 address family.

Verifying the Configuration

After configuring a tunnel policy and applying it to a VPN instance, you can check information about the tunnel policy applied to the VPN instance and tunnels in the system.

  • Run the display tunnel-info { tunnel-id tunnel-id | all | statistics [ slots ] } command to check information about tunnels in the system.
  • Run the display interface tunnel interface-number command to check detailed information about a specified tunnel interface.
  • Run the display tunnel-policy [ tunnel-policy-name ] command to check information about the specified tunnel policy.
  • Run the display ip vpn-instance verbose [ vpn-instance-name ] command to check the tunnel policy applied to the specified VPN instance.
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178118

Views: 159290

Downloads: 159

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next