07-MPLS Configuration Guide

HomeSupportResource CenterH3C S6800[S6860][S6861] (R27xx) & S6820 (R630x) Switch Series Configuration Guide-6W10107-MPLS Configuration Guide
08-Tunnel policy configuration
Title Size Download
08-Tunnel policy configuration 91.95 KB

Configuring tunnel policies

About tunnel policies

Tunnel policies enable a PE to forward traffic for each MPLS VPN over a preferred tunnel or load share the traffic over multiple tunnels. Using tunnel policies can facilitate network planning and management and reduce processing overhead on PEs.

For more information about MPLS VPN, see "Configuring MPLS L2VPN," "Configuring VPLS," and "Configuring MPLS L3VPN."

Tunnel policy implementation

You can configure a tunnel policy by using the preferred tunnel method or the load sharing method.

Preferred tunnel

You can specify a tunnel as a preferred tunnel in a tunnel policy. If the destination address of the tunnel interface identifies a peer PE, the policy will forward traffic destined for that peer PE over the preferred tunnel.

If multiple preferred tunnels that have the same destination address are specified in a tunnel policy, the policy uses the following procedure to select a preferred tunnel:

1.     The policy selects the first configured preferred tunnel.

2.     If the first configured tunnel is not available, the policy selects the second tunnel, and so forth.

Since the policy uses only one tunnel, no load sharing will be performed on these tunnels. This method explicitly specifies a tunnel for an MPLS VPN, facilitating traffic planning. As a best practice, use this method.

Load sharing

You can configure tunnel load sharing by specifying the tunnel selection order and the number of tunnels for load sharing in a tunnel policy.

This method distributes traffic of a single VPN to multiple tunnels. The transmission delays on different tunnels can vary greatly. Therefore, the destination device or the upper layer application might take a great time to sequence the packets. As a best practice, do not use this method.

Tunnel selection rule

If you use both the preferred tunnel and load sharing methods to specify tunnels for a tunnel policy, the tunnel policy selects tunnels in the following steps:

·     If the destination address of a preferred tunnel identifies a peer PE, the tunnel policy uses the preferred tunnel to forward traffic destined for the peer PE.

·     If no preferred tunnel is available for a peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Supported tunnel types

Tunnel policies support the following tunnel types:

·     MPLS TE tunnels. For more information, see "Configuring MPLS TE."

·     MPLS LSPs. Only the load sharing method supports using MPLS LSPs.

Tunnel policy application scenario

As shown in Figure 1, PE 1 and PE 2 have multiple tunnels in between and they are connected to multiple MPLS VPNs. You can control the paths for VPN traffic by using one of the following methods:

·     Preferred tunnel—Configure multiple tunnel policies, and specify a preferred tunnel for each policy. Apply these policies to different MPLS VPNs to forward the traffic of each VPN over a specific tunnel.

·     Load sharing—Configure one tunnel policy, and specify the tunnel selection order and the number of tunnels for load sharing. Apply the tunnel policy to MPLS VPNs to forward the traffic of every VPN over multiple tunnels.

Figure 1 Tunnel policy application scenario

 

Restrictions and guidelines: Tunnel policy configuration

To configure a VPN to exclusively use a tunnel, perform the following operations:

1.     Use the preferred-path command to specify the tunnel as the preferred tunnel in a tunnel policy.

2.     Apply the policy only to that VPN.

Configuring a tunnel policy

1.     Enter system view.

system-view

2.     Create a tunnel policy, and enter tunnel policy view.

tunnel-policy tunnel-policy-name

3.     Configure the tunnel policy.

Choose one option as needed:

¡     Configure a preferred tunnel.

preferred-path tunnel number

By default, no preferred tunnels are configured.

¡     Configure tunnel load sharing.

select-seq { cr-lsp | lsp } * load-balance-number number

By default, the policy selects only one tunnel in LSP—CRLSP order.

Display and maintenance commands for tunnel policies

Execute display commands in any view.

 

Task

Command

Display tunnel information.

display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } }

Display tunnel policy information.

display tunnel-policy [ tunnel-policy-name ]

 

Tunnel policy configuration examples

Example: Configuring exclusive tunnels

Network configuration

PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interface Tunnel 1 and Tunnel 2, and one LDP LSP tunnel.

Two MPLS VPNs, vpna and vpnb, exist on PE 1. The VPN vpna exclusively uses the MPLS TE tunnel 1, and the VPN vpnb exclusively uses the MPLS TE tunnel 2.

Procedure

1.     Configure tunnel policies on PE 1:

# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.

<PE1> system-view

[PE1] tunnel-policy preferredte1

[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1

[PE1-tunnel-policy-preferredte1] quit

# Create tunnel policy preferredte2, and configure tunnel 2 as the preferred tunnel.

[PE1] tunnel-policy preferredte2

[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2

[PE1-tunnel-policy-preferredte2] quit

2.     Configure MPLS VPN instances and apply tunnel policies to the VPN instances:

# Create MPLS VPN instance vpna, and apply tunnel policy preferredte1 to it.

[PE1] ip vpn-instance vpna

[PE1-vpn-instance-vpna] route-distinguisher 100:1

[PE1-vpn-instance-vpna] vpn-target 100:1

[PE1-vpn-instance-vpna] tnl-policy preferredte1

[PE1-vpn-instance-vpna] quit

# Create MPLS VPN instance vpnb, and apply tunnel policy preferredte2 to it.

[PE1] ip vpn-instance vpnb

[PE1-vpn-instance-vpnb] route-distinguisher 100:2

[PE1-vpn-instance-vpnb] vpn-target 100:2

[PE1-vpn-instance-vpnb] tnl-policy preferredte2

Example: Configuring preferred tunnels and tunnel selection order

Network configuration

PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 2, and one LDP LSP tunnel.

PE 1 has multiple MPLS VPN instances: vpna, vpnb, vpnc, vpnd, and vpne. Table 1 shows the tunnel policy that PE 1 uses for each VPN instance.

Table 1 Tunnel policies used for VPN instances

VPN instance

Tunnel policy

vpna, vpnb

Use MPLS TE tunnel Tunnel 1 as the preferred tunnel.

vpnc, vpnd

Use MPLS TE tunnel Tunnel 2 as the preferred tunnel.

vpne

Uses one tunnel selected in LDP LSP-MPLS TE order.

 

Procedure

1.     Configure tunnel policies on PE 1:

# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.

<PE1> system-view

[PE1] tunnel-policy preferredte1

[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1

[PE1-tunnel-policy-preferredte1] quit

# Create tunnel policy preferredte2, and configure tunnel 2 as the preferred tunnel.

[PE1] tunnel-policy preferredte2

[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2

[PE1-tunnel-policy-preferredte2] quit

# Create tunnel policy select-lsp.

[PE1] tunnel-policy select-lsp

# Configure the policy to select only one tunnel in LDP LSP-MPLS TE order.

[PE1-tunnel-policy-select-lsp] select-seq lsp cr-lsp load-balance-number 1

[PE1-tunnel-policy-select-lsp] quit

2.     Configure MPLS VPN instances and apply tunnel policies to the VPN instances:

# Create MPLS VPN instances vpna and vpnb, and apply tunnel policy preferredte1 to them.

[PE1] ip vpn-instance vpna

[PE1-vpn-instance-vpna] route-distinguisher 100:1

[PE1-vpn-instance-vpna] vpn-target 100:1

[PE1-vpn-instance-vpna] tnl-policy preferredte1

[PE1-vpn-instance-vpna] quit

[PE1] ip vpn-instance vpnb

[PE1-vpn-instance-vpnb] route-distinguisher 100:2

[PE1-vpn-instance-vpnb] vpn-target 100:2

[PE1-vpn-instance-vpnb] tnl-policy preferredte1

[PE1-vpn-instance-vpnb] quit

# Create MPLS VPN instances vpnc and vpnd, and apply tunnel policy preferredte2 to them.

[PE1] ip vpn-instance vpnc

[PE1-vpn-instance-vpnc] route-distinguisher 100:3

[PE1-vpn-instance-vpnc] vpn-target 100:3

[PE1-vpn-instance-vpnc] tnl-policy preferredte2

[PE1-vpn-instance-vpnc] quit

[PE1] ip vpn-instance vpnd

[PE1-vpn-instance-vpnd] route-distinguisher 100:4

[PE1-vpn-instance-vpnd] vpn-target 100:4

[PE1-vpn-instance-vpnd] tnl-policy preferredte2

[PE1-vpn-instance-vpnd] quit

# Create MPLS VPN instance vpne, and apply tunnel policy select-lsp to it.

[PE1] ip vpn-instance vpne

[PE1-vpn-instance-vpne] route-distinguisher 100:5

[PE1-vpn-instance-vpne] vpn-target 100:5

[PE1-vpn-instance-vpne] tnl-policy select-lsp