No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring and Applying a Tunnel Policy

Configuring and Applying a Tunnel Policy

You need to configure tunnel policies on PEs when PWE3 services need to be transmitted over TE tunnels or when PWE3 services need to be load balanced among multiple tunnels to fully use network resources.

Context

Service data on the PWE3 network is transmitted over tunnels. By default, LSP tunnels are used to transmit data, and each service is transmitted by only one LSP tunnel.

If the default tunnel configuration cannot meet PWE3 service requirements, apply tunnel policies to VPNs. You can configure either of the following types of tunnel policies based on service requirements:

  • Tunnel type prioritization policy: This policy can change the type of tunnels selected for PWE3 data transmission or select multiple tunnels for load balancing.
  • Tunnel binding policy: This policy can bind multiple TE tunnels to provide QoS guarantee for PWE3.

Pre-configuration Tasks

Before configuring and applying a tunnel policy, complete the following task:

  • For details on how to create a GRE tunnel, see GRE Configuration in the Huawei AR Series Access Routers Configuration Guide - VPN.

  • For details on how to create an LSP tunnel, see MPLS LDP Configuration in the Huawei AR Series Access Routers Configuration Guide - MPLS.

  • For details on how to create a TE tunnel, see MPLS TE Configuration in the Huawei AR Series Access Routers Configuration Guide - MPLS.

Perform the following operations on the PEs that need to use a tunnel policy.

Procedure

  1. Configure a tunnel policy.

    Use either of the following methods to configure a tunnel policy.

    Configure a tunnel type prioritization policy.

    By default, no tunnel policy is configured. LSP tunnels are used to transmit PWE3 data and each VPN service is transmitted over one LSP tunnel.

    1. Run system-view

      The system view is displayed.

    2. Run tunnel-policy policy-name

      A tunnel policy is created, and tunnel policy view is displayed.

    3. (Optional) Run description description-information

      The description of the tunnel policy is configured.

    4. Run tunnel select-seq { cr-lsp | gre | lsp } * load-balance-number load-balance-number

      The sequence in which each type of tunnel is selected and the number of tunnels participating in load balancing are set.

    Configure a tunnel binding policy.

    1. Run system-view

      The system view is displayed.

    2. Run interface tunnel interface-number

      The tunnel interface view of the MPLS TE tunnel is displayed.

    3. Run mpls te reserved-for-binding

      The binding capability of the TE tunnel is enabled.

    4. Run mpls te commit

      The MPLS TE configuration is committed for the configuration to take effect.

    5. Run quit

      Return to the system view.

    6. Run tunnel-policy policy-name

      A tunnel policy is created.

    7. (Optional) Run description description-information

      The description of the tunnel policy is configured.

    8. Run tunnel binding destination dest-ip-address te { tunnel interface-number } &<1-16> [ ignore-destination-check ] [ down-switch ]

      The TE tunnel is bound to a specified tunnel policy.

      NOTE:
      • If the PE has multiple peers, you can run the tunnel binding command multiple times to specify different destination IP addresses in a tunnel policy.
      • If down-switch is specified in the command, the system selects available tunnels in an order of LSP, CR-LSP, and GRE when the bound tunnels are unavailable.

  2. Apply the tunnel policy.

    Perform the following operations on AC interfaces on the PEs.

    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Use either of the following methods to create a static PW, a dynamic PW, or PW switching.

      • To create a static PW, run:

        mpls static-l2vc { { destination ip-address | pw-template pw-template-name vc-id } * | destination ip-address [ vc-id ] } transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value tunnel-policy tnl-policy-name [ [ control-word | no-control-word ] | [ raw | tagged ] | secondary ] *
        NOTE:

        When the AC interfaces are Ethernet interfaces, you can specify the parameters raw and tagged.

      • To create a static PW, run:

        mpls static-l2vc { { destination ip-address | pw-template pw-template-name vc-id } * | destination ip-address [ vc-id ] } transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value tunnel-policy tnl-policy-name [ [ control-word | no-control-word ] | [ raw | tagged ] | idle-code idle-code-value | jitter-buffer depth | tdm-encapsulation number | tdm-sequence-number | secondary ] *
        NOTE:
        • When the AC interfaces are Ethernet interfaces, you can specify the parameters raw and tagged.

        • When the AC interfaces are serial interfaces, CE1/PRI interfaces, or E1-F interfaces, you can specify the parameters idle-code, jitter-buffer, tdm-encapsulation, and tdm-sequence-number.

      • To create a dynamic PW, run:

        mpls l2vc { ip-address | pw-template pw-template-name } * vc-id tunnel-policy policy-name [ [ control-word | no-control-word ] | [ raw | tagged ] | mtu mtu-value | secondary ] *
        NOTE:

        When the AC interfaces are Ethernet interfaces, you can specify the parameters raw and tagged.

      • To create a dynamic PW, run:

        mpls l2vc { ip-address | pw-template pw-template-name } * vc-id tunnel-policy policy-name [ [ control-word | no-control-word ] | [ raw | tagged ] | mtu mtu-value | idle-code idle-code-value | jitter-buffer depth | tdm-encapsulation-number number | tdm-sequence-number | secondary ] *
        NOTE:
        • When the AC interfaces are Ethernet interfaces, you can specify the parameters raw and tagged.

        • When the AC interfaces are serial interfaces, CE1/PRI interfaces, or E1-F interfaces, you can specify the parameters idle-code, jitter-buffer, tdm-encapsulation-number, and tdm-sequence-number.

      • To create static PW switching, run:

        mpls switch-l2vc ip-address vc-id trans trans-label recv received-label [ tunnel-policy policy-name ] between ip-address vc-id trans trans-label recv received-label [ tunnel-policy policy-name ] encapsulation encapsulation-type [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ] [ control-word-transparent ]
      • To create dynamic PW switching, run:

        mpls switch-l2vc ip-address vc-id [ tunnel-policy policy-name ] between ip-address vc-id [ tunnel-policy policy-name ] encapsulation encapsulation-type [ control-word-transparent ]
      • To create mixed PW switching, run:

        mpls switch-l2vc ip-address vc-id [ tunnel-policy policy-name ] between ip-address vc-id trans trans-label recv received-label [ tunnel-policy policy-name ] encapsulation encapsulation-type [ mtu mtu-value ] [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ] [ timeslotnum timeslotnum ] [ tdm-encapsulation number ] [ control-word-transparent ]
      • To create mixed PW switching, run:

        mpls switch-l2vc ip-address vc-id [ tunnel-policy policy-name ] between ip-address vc-id trans trans-label recv received-label [ tunnel-policy policy-name ] encapsulation encapsulation-type [ mtu mtu-value ] [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ] [ control-word-transparent ]

Verifying the Configuration

After configuring a tunnel policy and applying it to PWE3, you can check information about the tunnel policy applied to the PWE3 and tunnels in the system.

  • Run the display tunnel-info { tunnel-id tunnel-id | all | statistics [ slots ] } command to check information about tunnels in the system.
  • Run the display tunnel-policy [ tunnel-policy-name ] command to check the configurations of tunnel policies.
  • Run the display mpls static-l2vc [ vc-id | interface interface-type interface-number | state { down | up } ] command to check the information about static VCs.
  • Run the display mpls l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id | verbose ] | state { down | up } ] command to check the information about virtual circuits in LDP mode.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 150750

Downloads: 365

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next