04-Layer 3-IP Services Command Reference

HomeSupportResource CenterReference GuidesCommand ReferencesH3C S6805 & S6825 & S6850 & S9850 Command References-Release 66xx-6W10304-Layer 3-IP Services Command Reference
14-Tunneling commands
Title Size Download
14-Tunneling commands 126.37 KB

Tunneling commands

bandwidth

Use bandwidth to set the expected bandwidth for an interface.

Use undo bandwidth to restore the default.

Syntax

bandwidth bandwidth-value

undo bandwidth

Default

The expected bandwidth (in kbps) is the interface maximum rate divided by 1000.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

bandwidth-value: Specifies the expected bandwidth, in the range of 1 to 400000000 kbps.

Usage guidelines

The expected bandwidth for an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.

Examples

# Set the expected bandwidth for Tunnel 1 to 100 kbps.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] bandwidth 100

default

Use default to restore the default settings for a tunnel interface.

Syntax

default

Views

Tunnel interface view

Predefined user roles

network-admin

Usage guidelines

CAUTION

CAUTION:

The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network.

 

This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings of Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] default

description

Use description to configure the description of an interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description of a tunnel interface is Tunnelnumber Interface, for example, Tunnel1 Interface.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Usage guidelines

Configure descriptions for different interfaces for identification and management purposes.

You can use the display interface command to display the configured interface description.

Examples

# Configure the description of Tunnel 1 as tunnel1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] description tunnel1

Related commands

display interface tunnel

destination

Use destination to specify the destination address for a tunnel interface.

Use undo destination to restore the default.

Syntax

destination { ipv4-address | ipv6-address }

undo destination

Default

No tunnel destination address is configured.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies the tunnel destination IPv4 address.

ipv6-address: Specifies the tunnel destination IPv6 address.

Usage guidelines

For a manual tunnel interface, you must configure the destination address. For an automatic tunnel interface, you do not need to configure the destination address.

The tunnel destination address must be the address of the receiving interface on the tunnel peer. It is used as the destination address of tunneled packets.

The destination address of the local tunnel interface must be the source address of the peer tunnel interface. The source address of the local tunnel interface must be the destination address of the peer tunnel interface.

Do not specify the same tunnel source and destination addresses for the tunnel interfaces on the same device.

Examples

# VLAN-interface 100 on Sysname 1 uses the IP address 193.101.1.1 and VLAN-interface 100 on Sysname 2 uses the IP address 192.100.1.1. Configure the source address 193.101.1.1 and destination address 192.100.1.1 for the tunnel interface on Sysname 1.

<Sysname1> system-view

[Sysname1] interface tunnel 1 mode ipv6-ipv4

[Sysname1-Tunnel1] source 193.101.1.1

[Sysname1-Tunnel1] destination 192.100.1.1

# Configure the source address 192.100.1.1 and destination address 193.101.1.1 for the tunnel interface on Sysname 2.

<Sysname2> system-view

[Sysname2] interface tunnel 1 mode ipv6-ipv4

[Sysname2-Tunnel1] source 192.100.1.1

[Sysname2-Tunnel1] destination 193.101.1.1

Related commands

display interface tunnel

interface tunnel

source

display interface tunnel

Use display interface tunnel to display tunnel interface information.

Syntax

display interface [ tunnel [ number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel [ number ]: Specifies a tunnel interface. The number argument specifies the tunnel interface number. The specified tunnel interface must have been created. If you do not specify the tunnel keyword, this command displays information about all interfaces on the device. If you specify the tunnel keyword without the number argument, this command displays information about all existing tunnel interfaces.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 25 characters of interface descriptions.

down: Displays information about interfaces in the physical state of DOWN and the causes. If you do not specify this keyword, the command displays information about interfaces in all states.

Examples

# Display detailed information about Tunnel 1.

<Sysname> display interface tunnel 1

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64kbps

Maximum transmission unit: 1476

Internet address: 10.1.2.1/24 (primary)

Tunnel source 2002::1:1 (Vlan-interface10), destination 2001::2:1

Tunnel TOS 0xC8, Tunnel TTL 255

Tunnel protocol/transport GRE/IPv6

    GRE key disabled 

    Checksumming of GRE packets disabled

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Table 1 Command output

Field

Description

Tunnel1

Information about the tunnel interface Tunnel 1.

Current state

Physical link state of the tunnel interface:

·     Administratively DOWN—The interface has been shut down by using the shutdown command.

·     DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed).

·     UP—The interface is both administratively and physically up.

Line protocol state

Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer.

·     UP—The data link layer protocol is up.

·     UP (spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist. This attribute is typical of null interfaces and loopback interfaces.

·     DOWN—The data link layer protocol is down.

Description

Description of the tunnel interface.

Bandwidth

Expected bandwidth of the tunnel interface.

Maximum transmission unit

MTU of the tunnel interface.

Internet protocol processing: Disabled

The tunnel interface is not assigned an IP address and cannot process IP packets.

Internet address: ip-address/mask-length (Type)

IP address of the interface and type of the address in parentheses.

Possible IP address types include:

·     Primary—Manually configured primary IP address.

·     Sub—Manually configured secondary IP address. If the interface has both primary and secondary IP addresses, the primary IP address is displayed. If the interface has only secondary IP addresses, the lowest secondary IP address is displayed.

·     Unnumbered—IP address borrowed from another interface.

Tunnel source

Source address of the tunnel. If a source interface is specified for the tunnel interface, this field also displays the source interface in parentheses.

destination

Destination address of the tunnel.

Tunnel TOS

ToS of tunneled packets.

Tunnel TTL

TTL of tunneled packets.

Tunnel protocol/transport

Tunnel mode and transport protocol:

·     CR_LSP—MPLS TE tunnel mode.

·     GRE/IP—GRE/IPv4 tunnel mode.

·     GRE/IPv6—GRE/IPv6 tunnel mode.

·     IP/IP—IPv4 over IPv4 tunnel mode.

·     IPv6—IPv6 tunnel mode.

·     IPv6/IP—IPv6 over IPv4 manual tunnel mode.

·     IPv6/IP 6to4—IPv6 over IPv4 6to4 tunnel mode.

·     IPv6/IP ISATAP—IPv6 over IPv4 ISATAP tunnel mode.

·     UDP_VXLAN/IP—UDP-encapsulated IPv4 VXLAN tunnel mode.

·     UDP_VXLAN/IPv6—UDP-encapsulated IPv6 VXLAN tunnel mode.

·     UDP_VXLAN_DCI/IP—UDP-encapsulated IPv4 VXLAN-DCI tunnel mode.

·     UDP_VXLAN_DCI/IPv6—UDP-encapsulated IPv6 VXLAN-DCI tunnel mode.

GRE key disabled

This field is not supported in the current software version.

No GRE tunnel interface key is configured.

Checksumming of GRE packets disabled

This field is not supported in the current software version.

The GRE packet checksum feature is disabled.

Last clearing of counters

Last time when counters were cleared.

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Average input rate in the last 300 seconds.

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Average output rate in the last 300 seconds.

Input: 0 packets, 0 bytes, 0 drops

Total input packets, total input bytes, and total input packets dropped.

Input packets are counted after they are de-encapsulated by software.

Output: 0 packets, 0 bytes, 0 drops

Total output packets, total output bytes, and total output packets dropped.

Output packets are counted before they are encapsulated by software.

 

# Display brief information about Tunnel 1.

<Sysname> display interface tunnel 1 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP     Description

Tun1                 UP   UP       1.1.1.1        aaaaaaaaaaaaaaaaaaaaaaaaaaa

# Display brief information about Tunnel 1, including the complete interface description.

<Sysname> display interface tunnel 1 brief description

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP     Description

Tun1                 UP    UP      1.1.1.1        aaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

# Display information about interfaces in DOWN state and the causes.

<Sysname> display interface tunnel brief down

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Interface            Link Cause

Tun0                  DOWN Not connected

Tun1                  DOWN Not connected

Table 2 Command output

Field

Description

Interface

Abbreviated interface name.

Link

Physical link state of the interface:

·     UP—The interface is physically up.

·     DOWN—The interface is physically down.

·     ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command.

·     Stby—The interface is a backup interface in standby state.

Protocol

Data link layer protocol state of the interface:

·     UP—The data link layer protocol of the interface is up.

·     DOWN—The data link layer protocol of the interface is down.

·     UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces.

Primary IP

Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address.

Description

Description of the interface.

Cause

Cause for the physical link state of an interface to be DOWN:

·     Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command.

·     Not connected—The tunnel is not established.

 

Related commands

destination

interface tunnel

source

group

Use group to assign a VXLAN tunnel interface to a VXLAN tunnel group.

Use undo group to restore the default.

 

 

NOTE:

This command is supported only in Release 6635 and later.

 

Syntax

group group-id

undo group

Default

A VXLAN tunnel interface is not assigned to any VXLAN tunnel group.

Views

VXLAN tunnel interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies the ID of the VXLAN tunnel group. The value range for this argument varies by device model.

Usage guidelines

A VXLAN tunnel group can contain a maximum of 32 VXLAN tunnel interfaces on the device.

Use this command in conjunction with the traffic redirection feature to load share traffic among multiple VXLAN tunnels in a VXLAN tunnel group. For more information about traffic redirection, see QoS in ACL and QoS Command Reference.

A VXLAN tunnel interface can be assigned only to one VXLAN tunnel group. To assign the VXLAN tunnel interface to another VXLAN tunnel group, first remove the VXLAN tunnel interface from the original group by using the undo group command.

To assign an IPv6 tunnel interface to a VXLAN tunnel group, you must also bind the IPv6 tunnel interface to the VSI of the VXLAN.

Examples

# Assign VXLAN tunnel interface 1 to VXLAN tunnel group 2.

<Sysname> system-view

[Sysname] interface tunnel 1 mode vxlan

[Sysname-Tunnel1] group 2

interface tunnel

Use interface tunnel to create a tunnel interface, specify the tunnel mode, and enter tunnel interface view, or enter the view of an existing tunnel interface.

Use undo interface tunnel to delete a tunnel interface.

Syntax

interface tunnel number [ mode { gre [ ipv6 ] | ipv4-ipv4 | ipv6 | ipv6-ipv4 [ 6to4 | isatap ] | mpls-te | { vxlan | vxlan-dci } [ ipv6 ] } ]

undo interface tunnel number

Default

No tunnel interfaces exist.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies the number of the tunnel interface. The value range is 0 to 15359. The number of tunnel interfaces that can be created is restricted by the total number of interfaces and the memory.

mode gre: Specifies the GRE/IPv4 tunnel mode.

mode gre ipv6: Specifies the GRE/IPv6 tunnel mode.

mode ipv4-ipv4: Specifies the IPv4 over IPv4 tunnel mode.

mode ipv6: Specifies the IPv6 tunnel mode. Set this mode for IPv4 over IPv6 tunnels and IPv6 over IPv6 tunnels.

mode ipv6-ipv4: Specifies the IPv6 over IPv4 manual tunnel mode.

mode ipv6-ipv4 6to4: Specifies the 6to4 tunnel mode.

mode ipv6-ipv4 isatap: Specifies the ISATAP tunnel mode.

mode mpls-te: Specifies the MPLS TE tunnel mode.

mode vxlan: Specifies the IPv4 VXLAN tunnel mode.

mode vxlan ipv6: Specifies the IPv6 VXLAN tunnel mode.

mode vxlan-dci: Specifies the IPv4 VXLAN-DCI tunnel mode.

mode vxlan-dci ipv6: Specifies the IPv6 VXLAN-DCI tunnel mode.

Usage guidelines

To create a new tunnel interface, you must specify the tunnel mode in this command. To enter the view of an existing tunnel interface, you do not need to specify the tunnel mode.

A tunnel interface number is locally significant. The tunnel interfaces on the two ends of a tunnel can use the same or different interface numbers.

Examples

# Create GRE/IPv4 tunnel interface Tunnel 1 and enter tunnel interface view.

<Sysname> system-view

[Sysname] interface tunnel 1 mode gre

[Sysname-Tunnel1]

Related commands

destination

display interface tunnel

source

mtu

Use mtu to set the MTU on a tunnel interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

If the tunnel interface has never been up, the MTU is 64000 bytes.

If the tunnel interface is up, its MTU is identical to the outgoing interface's MTU minus the length of the tunnel headers. The outgoing interface is automatically obtained through routing table lookup based on the tunnel destination address.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

size: Specifies the MTU, in the range of 100 to 64000 bytes.

Usage guidelines

After you configure an MTU for a tunnel interface, the configured MTU applies regardless of the tunnel interface status (up/down) and the outgoing interface MTU.

To avoid fragmentation after tunnel encapsulation, set the tunnel interface MTU no greater than the value of the outgoing interface MTU minus the length of the tunnel headers.

Examples

# Set the MTU on Tunnel 1 to 10000 bytes.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] mtu 10000

Related commands

display interface tunnel

reset counters interface tunnel

Use reset counters interface tunnel to clear tunnel interface statistics.

Syntax

reset counters interface [ tunnel [ number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

tunnel [ number ]: Specifies a tunnel interface. The number argument specifies the tunnel interface number. If you do not specify the tunnel keyword, this command clears statistics for all interfaces. If you specify the tunnel keyword without the number argument, this command clears statistics for all tunnel interfaces.

Usage guidelines

Use this command to clear old statistics so you can observe new traffic statistics on a tunnel interface.

Examples

# Clear statistics for Tunnel 1.

<Sysname> reset counters interface tunnel 1

Related commands

display interface tunnel

service

Use service to specify a traffic processing slot for a tunnel interface.

Use undo service to restore the default.

Syntax

service slot slot-number

undo service slot

Default

No traffic processing slot is specified for a tunnel interface.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID.

Usage guidelines

Specify a traffic processing slot if a feature (for example, IPsec antireplay) requires that all traffic on a tunnel interface be processed on the same slot.

Make sure the specified traffic processing slot is available. If the specified traffic processing slot is unavailable, traffic on the tunnel interface cannot be forwarded, whether or not the tunnel interface is up. Traffic on the tunnel interface will not be forwarded until the traffic processing slot becomes available or until you respecify an available traffic processing slot.

Examples

# Specify a traffic processing slot for Tunnel 200.

<Sysname> system-view

[Sysname] interface tunnel 200

[Sysname-Tunnel200] service slot 1

shutdown

Use shutdown to shut down a tunnel interface.

Use undo shutdown to bring up a tunnel interface.

Syntax

shutdown

undo shutdown

Default

A tunnel interface is not administratively down.

Views

Tunnel interface view

Predefined user roles

network-admin

Usage guidelines

This command disconnects all links set up on the interface. Make sure you fully understand the impact of the command on your network.

Examples

# Shut down Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] shutdown

Related commands

display interface tunnel

source

Use source to specify the source address or source interface for a tunnel interface.

Use undo source to restore the default.

Syntax

source { ipv4-address | ipv6-address | interface-type interface-number }

undo source

Default

No source address or source interface is specified for a tunnel interface.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies the tunnel source IPv4 address.

ipv6-address: Specifies the tunnel source IPv6 address.

interface-type interface-number: Specifies the source interface by its type and number. The interface must be up and must have an IP address.

Usage guidelines

The specified source address or the address of the specified source interface is used as the source address of tunneled packets. To display the configured tunnel source address, use the display interface tunnel command.

Do not specify the same tunnel source and destination addresses for the tunnel interfaces on the same device.

The destination address of the local tunnel interface must be the source address of the peer tunnel interface. The source address of the local tunnel interface must be the destination address of the peer tunnel interface.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify VLAN-interface 10 as the source interface of Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode gre

[Sysname-Tunnel1] source vlan-interface 10

# Specify 192.100.1.1 as the source address of Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode gre

[Sysname-Tunnel1] source 192.100.1.1

Related commands

destination

display interface tunnel

interface tunnel

tunnel dfbit enable

Use tunnel dfbit enable to set the Don't Fragment (DF) bit for tunneled packets.

Use undo tunnel dfbit enable to restore the default.

Syntax

tunnel dfbit enable

undo tunnel dfbit enable

Default

The DF bit is not set for tunneled packets.

Views

Tunnel interface view

Predefined user roles

network-admin

Usage guidelines

To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than the tunneled packet length. To avoid discarding tunneled packets whose length is larger than the path MTU, do not set the DF bit.

This command is not supported on a GRE/IPv6 tunnel interface and an IPv6 tunnel interface.

Examples

# Set the DF bit for tunneled packets on Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode gre

[Sysname-Tunnel1] tunnel dfbit enable

tunnel discard ipv4-compatible-packet

Use tunnel discard ipv4-compatible-packet to enable dropping IPv6 packets that use IPv4-compatible IPv6 addresses.

Use undo tunnel discard ipv4-compatible-packet to restore the default.

Syntax

tunnel discard ipv4-compatible-packet

undo tunnel discard ipv4-compatible-packet

Default

IPv6 packets that use IPv4-compatible IPv6 addresses are not dropped.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to check the source and destination IPv6 addresses of the de-encapsulated IPv6 packets from a tunnel. If a packet uses an IPv4-compatible IPv6 address as the source or destination address, the device discards the packet.

Examples

# Enable dropping IPv6 packets that use IPv4-compatible IPv6 addresses.

<Sysname> system-view

[Sysname] tunnel discard ipv4-compatible-packet

tunnel exceed-mtu

Use tunnel exceed-mtu to specify an action for original packets that include a total length larger than the MTU of the output tunnel interface.

Use undo tunnel exceed-mtu to restore the default.

 

 

NOTE:

This command is supported only in Release 6635 and later.

 

Syntax

tunnel exceed-mtu { fragment | drop }

undo tunnel exceed-mtu

Default

The device does not fragment or drop original packets that include a total length larger than the MTU of the output tunnel interface.

Views

System view

Predefined user roles

network-admin

Parameters

fragment: Fragments original packets that include a total length larger than the MTU of the output tunnel interface.

drop: Drops original packets that include a total length larger than the MTU of the output tunnel interface.

Usage guidelines

On the device that performs hardware forwarding, the hardware does not check the length of the original packets to be tunneled. The length of the original packets in this feature refers to the total packet length included in the header of the original packets. The device does not fragment an original packet if its length is larger than the MTU of the output tunnel interface. With this command, the device handles the original packets to be tunneled as follows on a tunnel interface:

·     If the length of the original packets is smaller than or equal to the tunnel interface MTU, the device performs hardware forwarding for the packets.

·     If the length of the original packets is larger than the tunnel interface MTU, the device performs software forwarding for the packets.

¡     If the DF bit is set, the device drops the packets. For the device to send ICMP destination unreachable packets to the source, execute the ip unreachables enable command to enable sending of ICMP destination unreachable packets.

¡     If the DF bit is not set, the device fragments or drops the packets depending on the action configuration.

When you use the undo tunnel exceed-mtu command to restore the default, the device performs hardware forwarding for all packets.

You can use the ip mtu or mtu command to set the MTU of a tunnel interface.

·     If neither of the command is used, the MTU of the tunnel interface is identical to the outgoing interface's MTU minus the length of the tunnel headers. The outgoing interface is automatically obtained through routing table lookup based on the tunnel destination address.

·     If you use only one of the commands, the command setting takes effect.

·     If both the commands are used on a tunnel interface, the ip mtu command takes effect.

Examples

# Fragment original packets that include a total length larger than the MTU of the output tunnel interface.

<Sysname> system-view

[Sysname] tunnel exceed-mtu fragment

Related commands

ip mtu (Layer 3—IP Services Command Reference)

ip unreachables enable (Layer 3—IP Services Command Reference)

mtu

tunnel ip-in-ip decapsulate-any

Use tunnel ip-in-ip decapsulate-any to configure a source-destination address pair for IPv4-in-IPv4 packet decapsulation.

Use undo tunnel ip-in-ip decapsulate-any to restore the default.

 

 

NOTE:

This command is supported only in Release 6635 and later.

 

Syntax

tunnel ip-in-ip decapsulate-any [ destination ip-address ] source { ip-address | interface-type interface-number | direct }

undo tunnel ip-in-ip decapsulate-any

Views

System view

Default

No source-destination address pair is configured for IPv4-in-IPv4 packet decapsulation.

Predefined user roles

network-admin

Parameters

destination ip-address: Specifies a destination address. The IP address can be any IP address. If you do not specify a destination address, IP address 1.1.1.1 is used as the destination address for IPv4-in-IPv4 packet decapsulation.

source ip-address: Specifies a local IP address as the source IP address. The IP address can be an IP address on any of the following interfaces:

·     Layer 3 interfaces (except subinterfaces, interfaces in VPN instances, and inloopback interfaces).

·     VLAN interfaces.

·     Loopback interfaces.

source interface-type interface-number: Specifies a source interface by its type and number. The primary IP address of the interface is used as the source IP address.

source direct: Specifies a group of local IP addresses as the source IP addresses. If you specify this keyword, the system traverses all Layer 3 interfaces, VLAN interfaces, and loopback interfaces in up state on the device. The source IP addresses used for packet decapsulation are the primary IP addresses of the first 1000 interfaces (except subinterfaces, interfaces in VPN instances, and inloopback interfaces).

Usage guidelines

In some scenarios, a host needs to construct multi-layer encapsulated IPv4-in-IPv4 packets to detect whether a transmission path is reachable. Use this command on each node along the transmission path to configure a source-destination address pair used to decapsulate the IPv4-in-IPv4 packets.

Configure a source-destination address pair on each node along the path to be detected. On the end node, you can specify a source IP address, a source interface, or a group of source IP addresses. On the other nodes, you must use the source direct keyword to specify a group of source IP addresses.

Examples

# Configure a source-destination address pair for IPv4-in-IPv4 packet decapsulation. The destination IP address is 2.2.2.3 and the source IP address is 192.100.1.1.

<Sysname> system-view

[Sysname] tunnel ip-in-ip decapsulate-any destination 2.2.2.3 source 192.100.1.1

# Specify a group of IP addresses as the source IP addresses for IPv4-in-IPv4 packet decapsulation.

<Sysname> system-view

[Sysname] tunnel ip-in-ip decapsulate-any source direct

tunnel log updown with-tag

Use tunnel log updown with-tag to add the TUNNEL string to the PHY_UPDOWN log mnemonic for tunnel interfaces.

Use undo tunnel log updown with-tag to remove the TUNNEL string from the PHY_UPDOWN log mnemonic for tunnel interfaces.

Syntax

tunnel log updown with-tag

undo tunnel log updown with-tag

Default

The PHY_UPDOWN log mnemonic for tunnel interfaces does not contain the TUNNEL string.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command adds the TUNNEL string to the PHY_UPDOWN log mnemonic for tunnel interfaces. Use this command if you want to identify the interface state change logs for tunnel interfaces by using a regular expression that contains the TUNNEL string.

A tunnel interface state change log without the TUNNEL string in the mnemonic:

%Jan 8 18:45:33:621 2011 Sysname IFNET/3/PHY_UPDOWN: Physical state on the interface Tunnel1 changed to down.

A tunnel interface state change log with the TUNNEL string in the mnemonic:

%Jan 8 18:45:33:621 2011 Sysname IFNET/3/TUNNEL_PHY_UPDOWN: Physical state on the interface Tunnel1 changed to down.

Examples

# Add the TUNNEL string to the PHY_UPDOWN log mnemonic for tunnel interfaces.

<Sysname> system-view

[Sysname] tunnel log updown with-tag

tunnel tos

Use tunnel tos to set the ToS of tunneled packets.

Use undo tunnel tos to restore the default.

Syntax

tunnel tos tos-value

undo tunnel tos

Default

The ToS of tunneled packets is the same as the ToS of the original packets.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

tos-value: Specifies the ToS of tunneled packets, in the range of 0 to 255.

Usage guidelines

After you configure this command, all the tunneled packets of different services sent on the tunnel interface will use the same configured ToS. For more information about ToS, see ACL and QoS Configuration Guide.

This command takes effect only on packets forwarded through software forwarding. It cannot take effect on packets forwarded through hardware forwarding.

Examples

# Set the ToS of tunneled packets to 20 on Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode gre

[Sysname-Tunnel1] tunnel tos 20

Related commands

display interface tunnel

tunnel ttl

Use tunnel ttl to set the Time to Live (TTL) of tunneled packets.

Use undo tunnel ttl to restore the default.

Syntax

tunnel ttl ttl-value

undo tunnel ttl

Default

The TTL of tunneled packets is 255.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

ttl-value: Specifies the TTL of tunneled packets, in the range of 1 to 255.

Usage guidelines

The TTL determines the maximum number of hops that the tunneled packets can pass. When the TTL expires, the tunneled packets are discarded to avoid loops.

Examples

# Set the TTL of tunneled packets to 100 on Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode gre

[Sysname-Tunnel1] tunnel ttl 100

Related commands

display interface tunnel

tunnel vpn-instance

Use tunnel vpn-instance to specify a VPN instance for the destination address of a tunnel interface.

Use undo tunnel vpn-instance to restore the default.

 

 

NOTE:

This command is supported only in Release 6635 and later.

 

Syntax

tunnel vpn-instance vpn-instance-name

undo tunnel vpn-instance

Default

The destination address of a tunnel interface belongs to the public network.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

After this command is executed, the device looks up the routing table of the specified VPN instance to forward tunneled packets on the tunnel interface.

For a tunnel interface to come up, the tunnel source and destination must belong to the same VPN instance. To specify a VPN instance for the tunnel source, use the ip binding vpn-instance command on the tunnel source interface.

Examples

# Specify VPN instance vpn10 for the tunnel destination on Tunnel 1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn10

[Sysname-vpn-instance-vpn10] route-distinguisher 1:1

[Sysname-vpn-instance-vpn10] vpn-target 1:1

[Sysname-vpn-instance-vpn10] quit

[Sysname] interface vlan-interface 10

[Sysname-Vlan-interface10] ip binding vpn-instance vpn10

[Sysname-Vlan-interface10] ip address 1.1.1.1 24

[Sysname-Vlan-interface10] quit

[Sysname] interface tunnel 1 mode gre

[Sysname-Tunnel1] source vlan-interface 10

[Sysname-Tunnel1] destination 1.1.1.2

[Sysname-Tunnel1] tunnel vpn-instance vpn10

Related commands

ip binding vpn-instance (MPLS Command Reference)