Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Tunnel policy configuration | 79.45 KB |
Tunnel policy configuration examples
Preferred tunnel configuration example
Exclusive tunnel configuration example
Tunnel selection order configuration example
Preferred tunnel and tunnel selection order configuration example
Configuring tunnel policies
Overview
Tunnel policies enable a PE to forward traffic for each MPLS VPN over a preferred tunnel or over multiple tunnels. The tunnels supported by MPLS VPN include MPLS LSPs, MPLS TE tunnels, and GRE tunnels.
For more information about MPLS TE, see "Configuring MPLS TE." For more information about GRE, see Layer 3—IP Services Configuration Guide. For more information about MPLS VPNs, see "Configuring MPLS L3VPN," "Configuring MPLS L2VPN," and "Configuring VPLS."
Configuring a tunnel policy
Configuration guidelines
When you configure a tunnel policy, follow these guidelines:
· To select a preferred tunnel, create a tunnel policy and configure the preferred tunnel with the preferred-path command. The destination address of the preferred tunnel identifies a peer PE so the PE will forward traffic destined for that peer PE over the preferred tunnel.
¡ If you configure multiple preferred tunnels that have the same destination address in a tunnel policy, only the first configured tunnel takes effect.
¡ If the first tunnel is not available, the second tunnel is used, and so forth. No load balancing will be performed on these tunnels.
This method explicitly specifies an MPLS TE tunnel or a GRE tunnel for an MPLS VPN, facilitating traffic planning. As a best practice, use this method.
· To select multiple tunnels for load sharing, create a tunnel policy and specify the tunnel selection order and the number of tunnels by using the select-seq load-balance-number command. A tunnel type closer to the select-seq keyword has a higher priority. For example, the select-seq lsp gre load-balance-number 3 command gives LSP higher priority over GRE. If no LSP is available or the number of LSPs is less than 3, VPN uses GRE tunnels. The tunnels selected by this method are not fixed, complicating traffic planning. As a best practice, do not use this method.
If you configure both methods for a tunnel policy, the tunnel policy selects tunnels in the following steps:
1. If the destination address of a preferred tunnel identifies a peer PE, the tunnel policy uses the preferred tunnel to forward traffic destined for the peer PE.
2. If not, the tunnel policy selects tunnels as configured by the select-seq load-balance-number command.
As shown in Figure 1, PE 1 and PE 2 have multiple tunnels in between and they are connected to multiple MPLS VPNs. You can control the paths for VPN traffic by using one of the following methods:
· Configure multiple tunnel policies, and specify a preferred tunnel for each policy by using the preferred-path command. Apply these policies to different MPLS VPNs to forward the traffic of each VPN over a specific tunnel.
· Configure one tunnel policy, and use the select-seq load-balance-number command to specify the tunnel selection order and the number of tunnels for load balancing. Apply the tunnel policy to MPLS VPNs to forward the traffic of every VPN over multiple tunnels.
The second method distributes traffic of a single VPN to multiple tunnels. The transmission delays on different tunnels can vary by a large amount. Therefore, the destination device or the upper layer application might take a great time to sequence the packets. As a best practice, do not use the second method.
Figure 1 MPLS VPN tunnel selection diagram
Configuration procedure
To configure a tunnel policy:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a tunnel policy, and enter tunnel policy view. |
tunnel-policy tunnel-policy-name |
By default, no tunnel policies exist. |
|
3. Configure tunnel selection methods. |
· (Method 1) Configure a tunnel as a preferred
tunnel: · (Method 2) Configure the tunnel selection
order and the number of tunnels for load balancing: |
Configure one or both methods. By default, no preferred tunnels are configured. By default, only one tunnel is selected in LSP—GRE—CRLSP order. |
|
|
NOTE: For a VPN to exclusively use a tunnel, you can specify the tunnel as the preferred tunnel in a tunnel policy, and apply the policy only to that VPN. |
Displaying tunnel information
Execute display commands in any view.
|
Task |
Command |
|
Display tunnel information. |
display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } } |
Tunnel policy configuration examples
Preferred tunnel configuration example
Network requirements
PE 1 has multiple tunnels to reach PE 2: one MPLS TE tunnel on interface Tunnel 1, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel.
Two MPLS VPN instances, vpna and vpnb, exist on PE 1. Configure PE 1 to use the MPLS TE tunnel to forward traffic for both VPNs.
Configuration procedure
1. Create a tunnel policy named preferredte1, and configure tunnel 1 as the preferred tunnel.
<PE1> system-view
[PE1] tunnel-policy preferredte1
[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1
[PE1-tunnel-policy-preferredte1] quit
2. Configure MPLS VPN instances and apply the tunnel policy to the VPN instances:
# Create MPLS VPN instance vpna, and apply tunnel policy preferredte1 to it.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy preferredte1
[PE1-vpn-instance-vpna] quit
# Create MPLS VPN instance vpnb, and apply tunnel policy preferredte1 to it.
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 100:2
[PE1-vpn-instance-vpnb] tnl-policy preferredte1
Exclusive tunnel configuration example
Network requirements
PE 1 has multiple tunnels to reach PE 2: one MPLS TE tunnel on interface Tunnel 1, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel.
Two MPLS VPNs, vpna and vpnb, exist on PE 1. The VPN vpna exclusively uses the MPLS TE tunnel, and the VPN vpnb exclusively uses the GRE tunnel.
Configuration procedure
1. Configure tunnel policies on PE 1:
# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.
<PE1> system-view
[PE1] tunnel-policy preferredte1
[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1
[PE1-tunnel-policy-preferredte1] quit
# Create tunnel policy preferredgre2, and configure tunnel 2 as the preferred tunnel.
[PE1] tunnel-policy preferredgre2
[PE1-tunnel-policy-preferredgre2] preferred-path tunnel 2
[PE1-tunnel-policy-preferredgre2] quit
2. Configure MPLS VPN instances and apply tunnel policies to the VPN instances:
# Create MPLS VPN instance vpna, and apply tunnel policy preferredte1 to it.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy preferredte1
[PE1-vpn-instance-vpna] quit
# Create MPLS VPN instance vpnb, and apply tunnel policy preferredgre2 to it.
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 100:2
[PE1-vpn-instance-vpnb] tnl-policy preferredgre2
Tunnel selection order configuration example
Network requirements
PE 1 has multiple tunnels to reach PE 2: one MPLS TE tunnel on interface Tunnel 1, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel.
Only one MPLS VPN, vpna, exists on PE 1. Select only one tunnel in LDP LSP-MPLS TE-GRE order for this VPN.
Configuration procedure
# Create tunnel policy seq-lsp-te-gre.
<PE1> system-view
[PE1] tunnel-policy seq-lsp-te-gre
# Specify the tunnel selection order, and set the number of tunnels for load balancing to 1—no load balancing.
[PE1-tunnel-policy-seq-lsp-te-gre] select-seq lsp cr-lsp gre load-balance-number 1
[PE1-tunnel-policy-seq-lsp-te-gre] quit
# Create MPLS VPN instance vpna, and apply tunnel policy seq-lsp-te-gre to it.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy seq-lsp-te-gre
Preferred tunnel and tunnel selection order configuration example
Network requirements
PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 3, one GRE tunnel on interface Tunnel 2, and one LDP LSP tunnel.
PE 1 has multiple MPLS VPN instances: vpna, vpnb, vpnc, vpnd, vpne, vpnf, and vpng. Table 1 shows the tunnel policy that PE 1 uses for each VPN instance.
Table 1 Tunnel policies used for VPN instances
|
VPN instance |
Tunnel policy |
|
vpna, vpnb |
Use MPLS TE tunnel Tunnel1 as the preferred tunnel. |
|
vpnc, vpnd |
Use MPLS TE tunnel Tunnel3 as the preferred tunnel. |
|
vpne, vpnf |
Use GRE tunnel Tunnel2 as the preferred tunnel. |
|
vpng |
Uses one tunnel selected in LDP LSP-GRE-MPLS TE order. |
Configuration procedure
1. Configure tunnel policies on PE 1:
# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.
<PE1> system-view
[PE1] tunnel-policy preferredte1
[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1
[PE1-tunnel-policy-preferredte1] quit
# Create tunnel policy preferredte3, and configure tunnel 3 as the preferred tunnel.
[PE1] tunnel-policy preferredte3
[PE1-tunnel-policy-preferredte3] preferred-path tunnel 3
[PE1-tunnel-policy-preferredte3] quit
# Create tunnel policy preferredgre2, and configure tunnel 2 as the preferred tunnel.
[PE1] tunnel-policy preferredgre2
[PE1-tunnel-policy-preferredgre2] preferred-path tunnel 2
[PE1-tunnel-policy-preferredgre2] quit
# Create tunnel policy select-lsp.
[PE1] tunnel-policy select-lsp
# Configure the policy to select only one tunnel in LDP LSP-GRE-MPLS TE order.
[PE1-tunnel-policy-select-lsp] select-seq lsp gre cr-lsp load-balance-number 1
[PE1-tunnel-policy-select-lsp] quit
2. Configure MPLS VPN instances and apply tunnel policies to the VPN instances:
# Create MPLS VPN instances vpna and vpnb, and apply tunnel policy preferredte1 to them.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy preferredte1
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 100:2
[PE1-vpn-instance-vpnb] tnl-policy preferredte1
[PE1-vpn-instance-vpnb] quit
# Create MPLS VPN instances vpnc and vpnd, and apply tunnel policy preferredte3 to them.
[PE1] ip vpn-instance vpnc
[PE1-vpn-instance-vpnc] route-distinguisher 100:3
[PE1-vpn-instance-vpnc] vpn-target 100:3
[PE1-vpn-instance-vpnc] tnl-policy preferredte3
[PE1-vpn-instance-vpnc] quit
[PE1] ip vpn-instance vpnd
[PE1-vpn-instance-vpnd] route-distinguisher 100:4
[PE1-vpn-instance-vpnd] vpn-target 100:4
[PE1-vpn-instance-vpnd] tnl-policy preferredte3
[PE1-vpn-instance-vpnd] quit
# Create MPLS VPN instances vpne and vpnf, and apply tunnel policy preferredgre2 to them.
[PE1] ip vpn-instance vpne
[PE1-vpn-instance-vpne] route-distinguisher 100:5
[PE1-vpn-instance-vpne] vpn-target 100:5
[PE1-vpn-instance-vpne] tnl-policy preferredgre2
[PE1-vpn-instance-vpne] quit
[PE1] ip vpn-instance vpnf
[PE1-vpn-instance-vpnf] route-distinguisher 100:6
[PE1-vpn-instance-vpnf] vpn-target 100:6
[PE1-vpn-instance-vpnf] tnl-policy preferredgre2
[PE1-vpn-instance-vpnf] quit
# Create MPLS VPN instance vpng, and apply tunnel policy select-lsp to it.
[PE1] ip vpn-instance vpng
[PE1-vpn-instance-vpng] route-distinguisher 100:7
[PE1-vpn-instance-vpng] vpn-target 100:7
[PE1-vpn-instance-vpng] tnl-policy select-lsp
