No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring and Applying a Tunnel Policy

Configuring and Applying a Tunnel Policy

Pre-configuration Tasks

Before configuring and applying a tunnel policy, complete the following tasks:

  • Create LSP or MPLS TE tunnels to transmit VPN services. For details about how to create an LSP tunnel and a TE tunnel, see MPLS LDP Configuration and MPLS TE Configuration in the CloudEngine 12800 and 12800E Series Switches Configuration Guide - MPLS.

  • Establish the basic VPN network. For details about the BGP/MPLS IP VPN configuration, see Configuring Basic BGP/MPLS IP VPN Functions.

Context

VPN data is transmitted over tunnels. By default, LSP tunnels are used to transmit data. VPN data is not load balanced among LSP tunnels.

If the default tunnel configuration cannot meet VPN service requirements, apply tunnel policies to VPNs. You can configure either of the following types of tunnel policies according to service requirements:

  • Tunnel type prioritization policy: This policy can change the type of tunnels selected for VPN data transmission or select multiple tunnels for load balancing.
  • Tunnel binding policy: This policy can bind multiple TE tunnels to provide QoS guarantee for a VPN.

Procedure

  1. Configure a tunnel policy.

    Use either of the following methods to configure a tunnel policy.

    Configure a tunnel type prioritization policy.

    By default, no tunnel policy is configured. LSP tunnels are used to transmit VPN data. VPN data is not load balanced among LSP tunnels.

    1. Run system-view

      The system view is displayed.

    2. Run tunnel-policy policy-name

      A tunnel policy is created, and tunnel policy view is displayed.

    3. (Optional) Run description description-information

      A description is configured for the tunnel policy.

    4. Run tunnel select-seq { gre | lsp | cr-lsp | bgp | ldp | sr-lsp }* load-balance-number load-balance-number

      The sequence in which each type of tunnel is selected and the number of tunnels participating in load balancing are set.

      NOTE:

      Currently, the switch does not support GRE tunnels.

    5. Run commit

      The configuration is committed.

    Configure a tunnel binding policy.

    1. Run system-view

      The system view is displayed.

    2. Run interface tunnel interface-number

      A tunnel interface is created and the tunnel interface view is displayed.

    3. Run tunnel-protocol mpls te

      MPLS TE is configured as a tunneling protocol.

    4. Run mpls te reserved-for-binding

      The binding capability of the TE tunnel is enabled.

    5. Run quit

      Return to the system view.

    6. Run tunnel-policy policy-name

      A tunnel policy is created.

    7. (Optional) Run description description-information

      A description is configured for the tunnel policy.

    8. Run tunnel binding destination dest-ip-address te { tunnel interface-number } &<1-16> [ ignore-destination-check ] [ down-switch ]

      The TE tunnel is bound to a destination IP address.

      NOTE:
      • If the PE device has multiple peers, you can run the tunnel binding command multiple times to specify different destination IP addresses in a tunnel policy.
      • If down-switch is specified in the command, the system selects available tunnels, preferring LSPs and then CR-LSPs, when the bound tunnels are unavailable.

    9. Run commit

      The configuration is committed.

  2. Apply the tunnel policy.
    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    4. Run tnl-policy policy-name

      The tunnel policy is applied to the VPN instance IPv4 address family.

    5. Run commit

      The configuration is committed.

Verifying the Configuration

After configuring a tunnel policy and applying it to a VPN instance, you can check information about the tunnel policy applied to the VPN instance and tunnels in the system.

  • Run the display tunnel { tunnel-id | all | statistics } command to check information about tunnels in the system.
  • Run the display interface tunnel interface-number command to check detailed information about a specified tunnel interface.
  • Run the display tunnel-policy [ tunnel-policy-name ] command to check information about the specified tunnel policy.
  • Run the display ip vpn-instance verbose [ vpn-instance-name ] command to check the tunnel policy applied to the specified VPN instance.
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14233

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next