No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Configuration Guide - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an IPv6 GRE Tunnel

Configuring an IPv6 GRE Tunnel

IPv6 Generic Routing Encapsulation (GRE) provides a mechanism of encapsulating packets of a protocol into packets of another protocol. This allows packets to be transmitted over heterogeneous networks. The channel for transmitting heterogeneous packets is called a tunnel.

Usage Scenario

A single network protocol is used to transmit packets on a backbone network, whereas other protocols are used to transmit packets on non-backbone networks. Because the backbone and non-backbone networks use different protocols, packets cannot be transmitted between the non-backbone networks over the backbone network. IPv6 GRE resolves this issue. IPv6 GRE provides a mechanism of encapsulating packets of a protocol into packets of another protocol.

NOTE:
For an IPv6 GRE tunnel:
  • The packet transmission protocol is IPv6.
  • Only IPv4 and IPv6 packets can be encapsulated and routed currently.

Pre-configuration Tasks

Before configuring an ordinary IPv6 GRE tunnel, configure reachable routes between the source and destination interfaces.

Configuration Procedures

Figure 4-1 Flowchart for configuring an IPv6 GRE tunnel

Configuring the Interface Bound to GRE

To enable the source interface or interface with the source IP address of a GRE tunnel to transmit GRE-encapsulated packets, the interface must be bound to GRE.

Context

Perform the following steps on the NEs at both ends of a tunnel.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-typeinterface-number

    The interface view is displayed.

  3. Run ip address ip-address { mask | mask-length }

    The IP address is set for the interface.

  4. Run binding tunnel gre

    The GRE protocol is bound to the interface.

  5. Run quit

    Return to the system view.

  6. Run commit

    The configuration is committed.

Configuring a Tunnel Interface

After creating a tunnel interface, specify IPv6 GRE as the encapsulation type, set the tunnel source address or source interface, and set the tunnel destination address. In addition, set the tunnel interface network address so that the tunnel can support route.

Context

An IPv6 GRE tunnel is established between two tunnel interfaces on two ends of a tunnel. Therefore, you need to configure tunnel interfaces of devices on both ends of the tunnel. Set the protocol type to IPv6 GRE, and specify a source address or interface and a destination address for the tunnel interface. Only tunnel interfaces with network addresses can support routes.

A tunnel interface is a logical interface, and its interface status changes to Down in the following cases:
  • The destination address of the tunnel interface is unreachable or is the same as the address of this interface.

  • The source interface status of the tunnel interface becomes Down.

  • The IP address of the tunnel interface is invalid.

NOTE:

After a tunnel interface is deleted, the interface configurations are also deleted.

Perform the following steps on the NEs at the two ends of a tunnel.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface tunnel interface-number

    A tunnel interface is created, and the tunnel interface view is displayed.

    NOTE:

    For an integrated GRE tunnel, the tunnel interface must be a three-dimensional interface (named by the slot ID, subcard ID, and interface number). The slot ID of the tunnel interface must be consistent with the ID of the slot in which the source interface-bound tunnel service board resides. If the slot IDs are different, the GRE tunnel cannot be established.

  3. Run tunnel-protocol gre ipv6

    The tunnel is encapsulated with IPv6 GRE.

  4. Run source { source-ipv6-address | interface-type interface-number }

    The source address or source interface of the tunnel is configured.

    NOTE:

    Run the binding tunnel gre command to bind GRE to the source interface or the interface where the source address resides. After the binding, a GRE tunnel can use the interface to forward packets encapsulated by GRE.

  5. Run destination [ vpn-instance vpn-instance-name ] des-ipv6-address

    The destination address of the tunnel is configured.

  6. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

    The IPv6 address of the tunnel interface is configured. To support dynamic routing protocols on a tunnel, configure a network address for the tunnel interface. The network address of the tunnel interface may not be a public address, but should be in the same network segment on both ends of the tunnel.

    By default, the network address of a tunnel interface is not set.

  7. Run commit

    The configuration is committed.

Configuring Tunnel Routes

Routes for a tunnel must be available on both the source and destination devices so that packets encapsulated with GRE can be forwarded correctly.

Context

Packets can be properly forwarded over an IPv6 GRE tunnel only if the local and remote devices both have routes that are advertised over the tunnel. Currently, only static routes can be advertised over an IPv6 GRE tunnel. A static route must be configured on both the source and destination devices. The destination address of the static route is neither the destination address of the tunnel nor the address of the destination tunnel interface. Instead, it is the destination address of the packet that is not encapsulated using IPv6 GRE. The outbound interface must be the tunnel interface at the local end.

Perform the following steps on the NEs at both ends of the tunnel:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Choose either of the following methods to configure static routes to be advertised over the IPv6 GRE tunnel:

    • If an IPv4 address is configured for the tunnel interface:

      Run the ip route-static dest-ip-address { mask | mask-length } tunnel interface-number [ description text ] command to configure an IPv4 static route.

    • If an IPv6 address is configured for the tunnel interface:

      Run the ipv6 route-static dest-ipv6-address prefix-length { interface-type interface-number [ nexthop-ipv6-address ] | vpn-instance vpn-instance-name nexthop-ipv6-address | nexthop-ipv6-address } [ description text ] command to configure an IPv6 static route.

  3. Run commit

    The configuration is committed.

Verifying the IPv6 GRE Tunnel Configuration

After configuring an IPv6 GRE tunnel, you can check the status of the tunnel interface and routing information.

Prerequisites

An IPv6 GRE tunnel has been configured.

Procedure

  • Run the display ipv6 interface tunnel command to check the status of a tunnel interface.
  • Run either of the following commands to check related information:

    If an IPv4 address is configured for the tunnel interface:

    • Run the display ip routing-table command to check the IPv4 routing table.
    • Run the ping -a source-ip-address dest-ip-address command to check tunnel connectivity.

    If an IPv6 address is configured for the tunnel interface:

    • Run the display ipv6 routing-table command to check the IPv6 routing table.
    • Run the ping ipv6 -a source-ipv6-address dest-ipv6-address command to check tunnel connectivity.

Example

Run the display ipv6 interface tunnel command at both ends of a tunnel. The command output shows that the status of the tunnel interface is Up.

<HUAWEI> display ipv6 interface Tunnel1
Tunnel1 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::200:174:A191:F872
  Global unicast address(es):
    2001:DB8:5::1, subnet is 2001:DB8:5::/64
  Joined group address(es):
    FF02::1:FF00:1
    FF02::1:FF91:F872
    FF02::2
    FF02::1
  MTU is 1448 bytes
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 1200000 milliseconds
  ND retransmit interval is 1000 milliseconds
  Hosts use stateless autoconfig for addresses

Run the display ipv6 routing-table command. The command output shows that the routing table contains routes forwarded by the tunnel interface.

<HUAWEI> display ipv6 routing-table
Routing Table : _public_
         Destinations : 12       Routes : 12

Destination  : ::1                                     PrefixLength : 128
NextHop      : ::1                                     Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : InLoopBack0                             Flags        : D

Destination  : ::FFFF:127.0.0.0                        PrefixLength : 104
NextHop      : ::FFFF:127.0.0.1                        Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : InLoopBack0                             Flags        : D

Destination  : ::FFFF:127.0.0.1                        PrefixLength : 128
NextHop      : ::1                                     Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : InLoopBack0                             Flags        : D

Destination  : 2001:DB8:1::                            PrefixLength : 64
NextHop      : 2001:DB8:1::1                           Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/1/0                    Flags        : D

Destination  : 2001:DB8:1::1                           PrefixLength : 128
NextHop      : ::1                                     Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/1/0                    Flags        : D

Destination  : 2001:DB8:2::                            PrefixLength : 64
NextHop      : FE80::3A00:10FF:FE03:0                  Preference   : 10
Cost         : 2                                       Protocol     : OSPFv3
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/1/0                    Flags        : D

Destination  : 2001:DB8:3::                            PrefixLength : 64
NextHop      : 2001:DB8:3::1                           Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/2/0                    Flags        : D

Destination  : 2001:DB8:3::1                           PrefixLength : 128
NextHop      : ::1                                     Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : GigabitEthernet0/2/0                    Flags        : D

Destination  : 2001:DB8:4::                            PrefixLength : 64
NextHop      : 2001:DB8:5::1                           Preference   : 60
Cost         : 0                                       Protocol     : Static
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : Tunnel1                                 Flags        : D

Destination  : 2001:DB8:5::                            PrefixLength : 64
NextHop      : 2001:DB8:5::1                           Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : Tunnel1                                 Flags        : D

Destination  : 2001:DB8:5::1                           PrefixLength : 128
NextHop      : ::1                                     Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : Tunnel1                                 Flags        : D

Destination  : FE80::                                  PrefixLength : 10
NextHop      : ::                                      Preference   : 0
Cost         : 0                                       Protocol     : Direct
RelayNextHop : ::                                      TunnelID     : 0x0
Interface    : NULL0                                   Flags        : D       

Run the ping ipv6 -a source-ipv6-address dest-ipv6-address command. The command output shows that the local tunnel interface can ping the destination tunnel interface.

<HUAWEI> ping ipv6 -a 2001:db8:5::1 2001:db8:5::2
  PING 2001:DB8:5::2 : 56  data bytes, press CTRL_C to break
    Reply from 2001:DB8:5::2
    bytes=56 Sequence=1 hop limit=64 time=6 ms
    Reply from 2001:DB8:5::2
    bytes=56 Sequence=2 hop limit=64 time=5 ms
    Reply from 2001:DB8:5::2
    bytes=56 Sequence=3 hop limit=64 time=5 ms
    Reply from 2001:DB8:5::2
    bytes=56 Sequence=4 hop limit=64 time=6 ms
    Reply from 2001:DB8:5::2
    bytes=56 Sequence=5 hop limit=64 time=4 ms

  --- 2001:DB8:5::2 ping statistics---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max=4/5/6 ms 
Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058925

Views: 27866

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next