Login

WelcomeuserNew H3C退出

Country / Region

Contact Sales Online Exhibition Center Resource Center Become a Partner
Back

06-Layer 3 - IP Services Command Reference

HomeSupportResource CenterRoutersH3C SR6600-X Router SeriesH3C SR6600-X Router SeriesTechnical DocumentsReference GuidesCommand ReferencesH3C SR6602-X Routers Command References-R7607-6W10006-Layer 3 - IP Services Command Reference
Table of Contents
Related Documents
16-Tunneling commands
Title Size Download
16-Tunneling commands 97.54 KB

Contents

Tunneling commands· 1

bandwidth· 1

default 1

description· 2

destination· 3

display ds-lite b4 information· 4

display interface tunnel 5

ds-lite enable· 9

interface tunnel 10

mtu· 11

reset counters interface· 12

service· 12

service standby· 14

shutdown· 15

source· 15

tunnel dfbit enable· 16

tunnel discard ipv4-compatible-packet 17

tunnel ipv6-fragmentation-check enable· 18

tunnel tos· 18

tunnel ttl 19

tunnel vpn-instance· 20

 

Tunneling commands

bandwidth

Use bandwidth to set the expected bandwidth for an interface.

Use undo bandwidth to restore the default.

Syntax

bandwidth bandwidth-value

undo bandwidth

Default

The expected bandwidth (in kbps) is the interface maximum rate divided by 1000.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.

Usage guidelines

The expected bandwidth for an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.

Examples

# Set the expected bandwidth for Tunnel 1 to 100 kbps.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] bandwidth 100

default

Use default to restore the default settings for a tunnel interface.

Syntax

default

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

CAUTION

CAUTION:

The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network.

 

This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to resolve the problem.

Examples

# Restore the default settings of interface tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] default

description

Use description to configure a description for a tunnel interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description for a tunnel interface is Tunnelnumber Interface, for example, Tunnel1 Interface.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Usage guidelines

Configure descriptions for different interfaces for identification and management purposes.

You can use the display interface command to display the configured interface description.

Examples

# Configure the description for interface Tunnel 1 as tunnel1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] description tunnel1

Related commands

display interface tunnel

destination

Use destination to specify the destination address for a tunnel interface.

Use undo destination to restore the default.

Syntax

destination { ipv4-address | ipv6-address | dhcp-alloc interface-type interface-number }

undo destination

Default

No tunnel destination address is configured.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv4-address: Specifies the tunnel destination IPv4 address.

ipv6-address: Specifies the tunnel destination IPv6 address.

dhcp-alloc interface-type interface-number: Specifies an interface by its type and number to obtain AFTR's IPv6 address from DHCPv6 packets.

Usage guidelines

For a manual tunnel interface, you must configure the destination address. For an automatic tunnel interface, you do not need to configure the destination address.

The tunnel destination address must be the address of the receiving interface on the tunnel peer. It is used as the destination address of tunneled packets.

The destination address of the local tunnel interface must be the source address of the peer tunnel interface. The source address of the local tunnel interface must be the destination address of the peer tunnel interface.

For a B4 router to automatically establish a DS-Lite tunnel with an AFTR, configure DHCPv6 client, IPv6 DNS client, and the destination dhcp-alloc command on the B4 router. In addition, make sure a DHCPv6 server and an IPv6 DNS server (for dynamic DNS) exist in the network.

After receiving a DHCPv6 packet from the interface specified by the destination dhcp-alloc command, the B4 router performs the following operations:

1.     Obtains the domain name of the AFTR from the packet.

2.     Sends a name query to the IPv6 DNS server to obtain the AFTR's IPv6 address.

The server resolves the domain name to the IPv6 address of AFTR.

For more information about DHCPv6 server, DHCPv6 client, and IPv6 DNS, see Layer 3—IP Services Configuration Guide.

Examples

# The interface GigabitEthernet 1/1/1 on Sysname 1 uses the IP address 193.101.1.1 and the interface GigabitEthernet 1/1/1 on Sysname 2 uses the IP address 192.100.1.1. Configure the source address 193.101.1.1 and destination address 192.100.1.1 for the tunnel interface on Sysname 1.

<Sysname1> system-view

[Sysname1] interface tunnel 1

[Sysname1-Tunnel1] source 193.101.1.1

[Sysname1-Tunnel1] destination 192.100.1.1

# Configure the source address 192.100.1.1 and destination address 193.101.1.1 for the tunnel interface on Sysname 2.

<Sysname2> system-view

[Sysname2] interface tunnel 1

[Sysname2-Tunnel1] source 192.100.1.1

[Sysname2-Tunnel1] destination 193.101.1.1

Related commands

display interface tunnel

interface tunnel

ipv6 address dhcp-alloc

source

display ds-lite b4 information

Use display ds-lite b4 information to display information about the connected B4 routers on the AFTR, including the IPv6 addresses of the B4 routers, and the assigned tunnel IDs.

Syntax

display ds-lite b4 information

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# (In standalone mode.) Display information about the connected B4 routers.

<Sysname> display ds-lite b4 information

Slot 0 Cpu 0:

 B4 address                                     Tunnel ID  Tunnel interface  Idle time

 1234:5678:1234:5678:abcd:abcd:efff:1234        0x00000023       1              12

 2000::100:1                                    0x80000013       2              13

 3000::2                                        0x00000015       3              2

 3001::2                                        0x00000032       --             --

 Total B4 addresses: 4

...

# (In IRF mode.) Display information about the connected B4 routers.

<Sysname> display ds-lite b4 information

Chassis 1 Slot 0 Cpu0:

 B4 address                                     Tunnel ID  Tunnel interface  Idle time

 1234:5678:1234:5678:abcd:abcd:efff:1234        0x00000023       1              12

 2000::100:1                                    0x80000013       2              13

 3000::2                                        0x00000015       3              2

 3001::2                                        0x00000032       --             --

 Total B4 addresses: 4

...

Table 1 Command output

Field

Description

Slot 0 Cpu0

Information about CPU 0 in slot 0.

Chassis 1 Slot 0 Cpu0

Information about CPU 0 in slot 0 on chassis 1.

B4 address

IPv6 address of the B4 router.

Tunnel ID

Tunnel ID that the IPv6 address of the B4 router maps to.

Tunnel interface

ID of the tunnel interface on the DS-Lite tunnel to which the mapping belongs.

When the tunnel to which the mapping belongs is removed or a tunnel with the same ID but different mode is created, this field displays hyphens (--).

Idle time

Remaining time in minutes for the mapping between the IPv6 address of the B4 router and tunnel ID.

When the mapping ages out but is still used by a session, this field displays hyphens (--).

Total B4 addresses

Total number of IPv6 addresses on the B4 router.

 

display interface tunnel

Use display interface tunnel to display information about tunnel interfaces, including the source address, destination address, and tunnel mode.

Syntax

display interface [ tunnel [ number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

number: Specifies the number of an existing tunnel interface.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions.

down: Displays information about interfaces in the physical state of DOWN and the causes. If you do not specify this keyword, the command displays information about interfaces in all states.

Usage guidelines

If you do not specify the tunnel keyword, this command displays information about all interfaces on the device.

If you specify the tunnel keyword without the number argument, this command displays information about all existing tunnel interfaces.

Examples

# Display detailed information about interface Tunnel 1.

<Sysname> display interface tunnel 1

Tunnel1

Current state: DOWN

Line protocol state: DOWN

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1500

Internet protocol processing: Disabled

Tunnel source unknown, destination unknown

Tunnel TTL 255

Tunnel protocol/transport IP/IP

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Table 2 Command output

Field

Description

Tunnel1

Information about the tunnel interface Tunnel 1.

Current state

State of the tunnel interface:

·     Administratively DOWN—The interface has been shut down by using the shutdown command.

·     DOWN—The interface is administratively up but its physical state is down.

·     UP—Both the administrative and physical states of the interface are up.

Line protocol state

Link layer protocol state of the tunnel interface. The value is determined by parameter negotiation on the link layer.

·     UP—The protocol state of the interface is up.

·     UP (spoofing)—The link protocol state of the interface is up, but the link is temporarily set up on demand or does not exist. This attribute is available for null interfaces and loopback interfaces.

·     DOWN—The protocol state of the interface is down.

Description

Description for the tunnel interface.

Bandwidth

Expected bandwidth for the tunnel interface.

Maximum transmission unit

MTU of the tunnel interface.

Internet address

IP address of the tunnel interface.

If no IP address is assigned to the interface, this field displays Internet protocol processing: disabled, and the tunnel interface cannot process packets.

If (primary) is displayed, the IP address is the primary IP address of the interface.

Tunnel source

Source address of the tunnel. If a source interface is specified for the tunnel interface, this field also displays the source interface in parentheses.

destination

Destination address of the tunnel.

Tunnel TOS

ToS of tunneled packets.

Tunnel TTL

TTL of tunneled packets.

Tunnel protocol/transport

Tunnel mode and transport protocol:

·     CR_LSP—MPLS TE tunnel mode.

·     DSLITE—DS-Lite tunnel mode on the AFTR.

·     GRE/IP—GRE/IPv4 tunnel mode.

·     GRE/IPv6—GRE/IPv6 tunnel mode.

·     GRE_ADVPN/IP—GRE-encapsulated IPv4 ADVPN tunnel mode.

·     GRE_ADVPN/IPv6—GRE-encapsulated IPv6 ADVPN tunnel mode.

·     GRE_EVI/IP—GRE-encapsulated IPv4 EVI tunnel mode.

·     IP/IP—IPv4 over IPv4 tunnel mode.

·     IP/IPv6—IPv4 over IPv6 tunnel mode.

·     IPv6/IP—IPv6 over IPv4 manual tunnel mode.

·     IPv6/IP 6to4—IPv6 over IPv4 6to4 tunnel mode.

·     IPv6/IP auto-tunnel—Automatic IPv6 over IPv4 tunnel mode.

·     IPv6/IP ISATAP—IPv6 over IPv4 ISATAP tunnel mode.

·     IPv6/IPv6—IPv6 over IPv6 tunnel mode.

·     UDP_ADVPN/IP—UDP-encapsulated IPv4 ADVPN tunnel mode.

·     UDP_ADVPN/IPv6—UDP-encapsulated IPv6 ADVPN tunnel mode.

·     UDP_VXLAN/IP—UDP-encapsulated IPv4 VXLAN tunnel mode.

GRE key value is 1

The GRE tunnel interface key is 1.

If no GRE tunnel interface key is configured, this field displays GRE key disabled.

Checksumming of GRE packets disabled

The GRE packet checksum feature is disabled.

If GRE packet checksum is enabled, this field displays Checksumming of GRE packets enabled.

Source port number is 18001

The source port number is 18001 in ADVPN packets sent by the UDP-encapsulated ADVPN tunnel interface.

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Urgent output queue statistics:
Number of packets in the queue/maximum number of packets that the queue can contain/number of packets discarded in the queue.

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Protocol output queue statistics:
Number of packets in the queue/maximum number of packets that the queue can contain/number of packets discarded in the queue.

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

FIFO output queue statistics:
Number of packets in the queue/maximum number of packets that the queue can contain/number of packets discarded in the queue.

When a CBQ or WFQ queue is configured, this field displays statistics for the CBQ or WFQ queue.

Last clearing of counters

Last time when counters were cleared.

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Average input rate in the last 300 seconds.

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Average output rate in the last 300 seconds.

Input: 0 packets, 0 bytes, 0 drops

Total input packets, total input bytes, and total input packets dropped.

Output: 0 packets, 0 bytes, 0 drops

Total output packets, total output bytes, and total output packets dropped.

 

# Display brief information about interface Tunnel 1.

<Sysname> display interface tunnel 1 brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP       Description

Tun1                 UP   UP       1.1.1.1          aaaaaaaaaaaaaaaaaaaaaaaaaaa

# Display brief information about interface Tunnel 1, including the complete interface description.

<Sysname> display interface tunnel 1 brief description

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP       Description

Tun1                 UP    UP      1.1.1.1          aaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

# Display information about interfaces in DOWN state and the causes.

<Sysname> display interface tunnel brief down

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Interface            Link Cause

Tun0                 DOWN Not connected

Tun1                 DOWN Not connected

Table 3 Command output

Field

Description

Brief information on interfaces in route mode

Brief information about Layer 3 interfaces.

Link: ADM - administratively down; Stby - standby

Link status:

·     ADM—The interface has been administratively shut down. To bring it up, use the undo shutdown command.

·     Stby—The interface is a backup interface. To show the primary interface, use the display interface-backup state command.

Protocol: (s) - spoofing

(s) indicates that the data link layer protocol state is UP, but the link is temporarily set up on demand or does not exist. This attribute is available for null interfaces and loopback interfaces.

Interface

Abbreviated interface name.

Link

Physical link state of the interface:

·     UP—The link is physically up.

·     DOWN—The link is physically down.

·     ADM—The link has been administratively shut down. To bring it up, use the undo shutdown command.

·     Stby—The interface is a backup interface.

Protocol

Data link layer protocol state of the interface:

·     UP—The data link protocol state of the interface is up.

·     DOWN—The data link protocol state of the interface is down.

·     UP(s)—The data link protocol state of the interface is up, but the link is temporarily set up on demand or does not exist. This attribute is available for null interfaces and loopback interfaces.

Primary IP

Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address.

Description

Description for the interface.

Cause

Causes for the physical state of DOWN:

·     Administratively—The link has been shut down by using the shutdown command. To bring it up, use the undo shutdown command.

·     Not connected—The tunnel is not established.

 

Related commands

destination

interface tunnel

source

ds-lite enable

Use ds-lite enable to enable DS-Lite tunneling on an interface.

Use undo ds-lite enable to disable DS-Lite tunneling on an interface.

Syntax

ds-lite enable

undo ds-lite enable

Default

DS-Lite tunneling is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Use this command on the AFTR's interface connected to the public IPv4 network, so the AFTR can forward IPv4 packets to the B4 router through the DS-Lite tunnel.

You cannot enable DS-Lite tunneling on a DS-Lite tunnel interface on the AFTR.

Examples

# Enable DS-Lite tunneling on GigabitEthernet 1/1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ds-lite enable

interface tunnel

Use interface tunnel to create a tunnel interface, specify the tunnel mode, and enter tunnel interface view, or enter the view of an existing tunnel interface.

Use undo interface tunnel to delete a tunnel interface.

Syntax

interface tunnel number [ mode { advpn { gre | udp } [ ipv6 ] | ds-lite-aftr | evi | gre [ ipv6 ] | ipv4-ipv4 | ipv4-ipv6 | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] | ipv6-ipv6 | mpls-te | vxlan } ]

undo interface tunnel number

Default

No tunnel interfaces exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies the number of the tunnel interface. The value range for this argument is 4095l. The number of tunnel interfaces that can be created is restricted by the total number of interfaces and the memory.

mode advpn gre: Specifies the GRE-encapsulated IPv4 ADVPN tunnel mode.

mode advpn udp: Specifies the UDP-encapsulated IPv4 ADVPN tunnel mode.

mode advpn gre ipv6: Specifies the GRE-encapsulated IPv6 ADVPN tunnel mode.

mode advpn udp ipv6: Specifies the UDP-encapsulated IPv6 ADVPN tunnel mode.

mode ds-lite-aftr: Specifies the DS-Lite tunnel mode on the AFTR.

mode evi: Specifies the IPv4 EVI tunnel mode.

mode gre: Specifies the GRE/IPv4 tunnel mode.

mode gre ipv6: Specifies the GRE/IPv6 tunnel mode.

mode ipv4-ipv4: Specifies the IPv4 over IPv4 tunnel mode.

mode ipv4-ipv6: Specifies the IPv4 over IPv6 tunnel mode.

mode ipv6-ipv4: Specifies the IPv6 over IPv4 manual tunnel mode.

mode ipv6-ipv4 6to4: Specifies the 6to4 tunnel mode.

mode ipv6-ipv4 auto-tunnel: Specifies the IPv4-compatible IPv6 automatic tunnel mode.

mode ipv6-ipv4 isatap: Specifies the ISATAP tunnel mode.

mode ipv6-ipv6: Specifies the IPv6 over IPv6 tunnel mode.

mode mpls-te: Specifies the MPLS TE tunnel mode.

mode vxlan: Specifies the VXLAN tunnel mode.

Usage guidelines

To create a new tunnel interface, you must specify the tunnel mode in this command. To enter the view of an existing tunnel interface, you do not need to specify the tunnel mode.

A tunnel interface number is locally significant. The tunnel interfaces on the two ends of a tunnel can use the same or different interface numbers.

Examples

# Create IPv4 over IPv4 tunnel interface Tunnel 1 and enter tunnel interface view.

<Sysname> system-view

[Sysname] interface tunnel 1 mode ipv4-ipv4

[Sysname-Tunnel1]

Related commands

destination

display interface tunnel

source

mtu

Use mtu to set the MTU on a tunnel interface.

Use undo mtu to restore the default.

Syntax

mtu size

undo mtu

Default

If the tunnel interface has never been up, the MTU is 1500 bytes.

If the tunnel interface is up, its MTU is identical to the outgoing interface's MTU minus the length of the tunnel headers. The outgoing interface is automatically obtained through routing table lookup based on the tunnel destination address.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

size: Specifies the MTU in the range of 100 to 9600 bytes.

Usage guidelines

After you configure an MTU for a tunnel interface, the configured MTU applies regardless of the tunnel interface status (up/down) and the outgoing interface MTU.

To avoid fragmentation after tunnel encapsulation, set the tunnel interface MTU no greater than the value of the outgoing interface MTU minus the length of the tunnel headers.

Examples

# Set the MTU on interface Tunnel 1 to 9600 bytes.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] mtu 9600

Related commands

display interface tunnel

reset counters interface

Use reset counters interface to clear interface statistics.

Syntax

reset counters interface [ tunnel [ number ] ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

tunnel: Specifies tunnel interfaces.

number: Specifies the interface number of an existing tunnel interface.

Usage guidelines

Use this command to clear old statistics so you can observe new traffic statistics on a tunnel interface.

·     If you do not specify any parameters, this command clears statistics for all interfaces.

·     If you specify only the tunnel keyword, this command clears statistics for all tunnel interfaces.

·     If you specify both the tunnel keyword and the number argument, this command clears statistics for the specified tunnel interface.

Examples

# Clear statistics for interface Tunnel 1.

<Sysname> reset counters interface tunnel 1

Related commands

display interface tunnel

service

Use service to specify a primary traffic processing slot for an interface.

Use undo service to restore the default.

Syntax

In standalone mode:

service slot slot-number

undo service slot

In IRF mode:

service chassis chassis-number slot slot-number

undo service chassis

Default

No primary traffic processing slot is specified for an interface.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies the slot number of the device, which is fixed at 0. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. (In IRF mode.)

Usage guidelines

This command is supported only in IRF mode.

Specify a traffic processing slot if a feature (for example, IPsec antireplay) requires that all traffic on a tunnel interface be processed on the same slot.

For high availability, you can specify one primary and one backup traffic processing slot by using the service command and the service standby command, respectively.

To avoid processing slot switchover, specify the primary slot before specifying the backup slot. If you specify the backup slot before specifying the primary slot, traffic is switched over to the primary slot immediately after you specify the primary slot.

If you specify both primary and backup slots for an interface, traffic on that interface is processed as follows:

·     The backup slot takes over when the primary slot becomes unavailable. The backup slot continues to process traffic for the interface after the primary slot becomes available again. The switchover will not occur until the backup slot becomes unavailable.

·     When no specified traffic processing slots are available, the traffic is processed on the slot at which it arrives. Then, the processing slot that first becomes available again takes over.

If you do not specify a primary or a backup traffic processing slot for an interface, traffic on that interface is processed on the slot at which the traffic arrives.

Examples

# Specify a primary traffic processing slot for Tunnel 200.

<Sysname> system-view

[Sysname] interface tunnel 200

[Sysname-Tunnel200] service chassis 1 slot 0

Related commands

service standby

service standby

Use service standby to specify a backup traffic processing slot for an interface.

Use undo service standby to restore the default.

Syntax

In standalone mode:

service standby slot slot-number

undo service standby slot

In IRF mode:

service standby chassis chassis-number slot slot-number

undo service standby chassis

Default

No backup traffic processing slot is specified for an interface.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies the slot number of the device, which is fixed at 0. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the device, which is fixed at 0. (In IRF mode.)

Usage guidelines

This command is supported only in IRF mode.

Specify a traffic processing slot if a feature (for example, IPsec antireplay) requires that all traffic on a tunnel interface be processed on the same slot.

For high availability, you can specify one primary and one backup traffic processing slot by using the service command and the service standby command, respectively.

To avoid processing slot switchover, specify the primary slot before specifying the backup slot. If you specify the backup slot before specifying the primary slot, traffic is switched over to the primary slot immediately after you specify the primary slot.

If you specify both primary and backup slots for an interface, traffic on that interface is processed as follows:

·     The backup slot takes over when the primary slot becomes unavailable. The backup slot continues to process traffic for the interface after the primary slot becomes available again. The switchover will not occur until the backup slot becomes unavailable.

·     When no specified traffic processing slots are available, the traffic is processed on the slot at which it arrives. Then, the processing slot that first becomes available again takes over.

If you do not specify a primary or a backup traffic processing slot for an interface, traffic on that interface is processed on the slot at which the traffic arrives.

Examples

# Specify a primary and a backup traffic processing slot for Tunnel 200.

<Sysname> system-view

[Sysname] interface tunnel 200

[Sysname-Tunnel200] service chassis 1 slot 0

[Sysname-Tunnel200] service standby chassis 2 slot 0

Related commands

service

shutdown

Use shutdown to shut down a tunnel interface.

Use undo shutdown to bring up a tunnel interface.

Syntax

shutdown

undo shutdown

Default

A tunnel interface is in up state.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command disconnects all links set up on the interface. Make sure you fully understand the impact of the command on your network.

Examples

# Shut down interface Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] shutdown

Related commands

display interface tunnel

source

Use source to specify the source address or source interface for a tunnel interface.

Use undo source to restore the default.

Syntax

source { ipv4-address | ipv6-address | interface-type interface-number }

undo source

Default

No source address or source interface is specified for a tunnel interface.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv4-address: Specifies the tunnel source IPv4 address.

ipv6-address: Specifies the tunnel source IPv6 address.

interface-type interface-number: Specifies the source interface by its type and number. The interface must be up and must have an IP address.

Usage guidelines

The specified source address or the address of the specified source interface is used as the source address of tunneled packets. To display the configured tunnel source address, use the display interface tunnel command.

The destination address of the local tunnel interface must be the source address of the peer tunnel interface. The source address of the local tunnel interface must be the destination address of the peer tunnel interface.

If you execute this command multiple times, the most recent configuration takes effect.

You cannot specify the tunnel interface of the DS-Lite tunnel on the AFTR as the source interface.

Examples

# Specify GigabitEthernet 1/1/1 as the source interface of interface Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] source gigabitethernet 1/1/1

# Specify 192.100.1.1 as the source address of interface Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] source 192.100.1.1

Related commands

destination

display interface tunnel

interface tunnel

tunnel dfbit enable

Use tunnel dfbit enable to set the Don't Fragment (DF) bit for tunneled packets.

Use undo tunnel dfbit enable to restore the default.

Syntax

tunnel dfbit enable

undo tunnel dfbit enable

Default

The DF bit is not set for tunneled packets.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than the tunneled packet length. To avoid discarding tunneled packets whose length is larger than the path MTU, do not set the DF bit.

This command is not supported on a GRE/IPv6 tunnel interface.

Examples

# Set the DF bit for tunneled packets on interface Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] tunnel dfbit enable

tunnel discard ipv4-compatible-packet

Use tunnel discard ipv4-compatible-packet to enable dropping IPv6 packets that use IPv4-compatible IPv6 addresses.

Use undo tunnel discard ipv4-compatible-packet to restore the default.

Syntax

tunnel discard ipv4-compatible-packet

undo tunnel discard ipv4-compatible-packet

Default

IPv6 packets that use IPv4-compatible IPv6 addresses are not dropped.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command enables the device to check the source and destination IPv6 addresses of the de-encapsulated IPv6 packets from a tunnel. If a packet uses an IPv4-compatible IPv6 address as the source or destination address, the device discards the packet.

Examples

# Enable dropping IPv6 packets that use IPv4-compatible IPv6 addresses.

<Sysname> system-view

[Sysname] tunnel discard ipv4-compatible-packet

tunnel ipv6-fragmentation-check enable

Use tunnel ipv6-fragmentation-check enable to enable fragmentation check for packets to be tunneled.

Use undo tunnel ipv6-fragmentation-check enable to disable fragmentation check for packets to be tunneled.

Syntax

tunnel ipv6-fragmentation-check enable

undo tunnel ipv6-fragmentation-check enable

Default

Fragmentation check is disabled for packets to be tunneled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command enables the tunnel source to perform fragmentation check for IPv6 packets to be tunneled through an IPv6 over IPv4 tunnel. The tunnel source returns an ICMPv6 Packet Too Big message to the packet sending source and discards the packet if the packet size exceeds both of the following values:

·     Outgoing interface MTU minus the IPv4 header length.

·     The minimum IPv6 path MTU 1280 bytes.

Examples

# Enable IPv6 fragmentation check for packets to be tunneled.

<Sysname> system-view

[Sysname] tunnel ipv6-fragmentation-check enable

tunnel tos

Use tunnel tos to set the ToS of tunneled packets.

Use undo tunnel tos to restore the default.

Syntax

tunnel tos { tos-value | copy-inner-tos }

undo tunnel tos

Default

The ToS is the same as that of the original packets for non-VXLAN packets, and the ToS is 0 for VXLAN tunneled packets.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

tos-value: Specifies the ToS of tunneled packets, in the range of 0 to 255.

copy-inner-tos: Configures tunneled packets to use the ToS of the original packets. This keyword is supported only by VXLAN tunnels.

Usage guidelines

After you configure this command, all the tunneled packets of different services sent on the tunnel interface will use the same configured ToS. For more information about ToS, see ACL and QoS Configuration Guide.

Examples

# Set the ToS of tunneled packets to 20 on interface Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] tunnel tos 20

# Configure VXLAN tunnel interface Tunnel 2 to use the ToS of the original packets as the ToS of tunneled packets.

<Sysname> system-view

[Sysname] interface tunnel 2 mode vxlan

[Sysname-Tunnel2] tunnel tos copy-inner-tos

Related commands

display interface tunnel

tunnel ttl

Use tunnel ttl to set the Time to Live (TTL) of tunneled packets.

Use undo tunnel ttl to restore the default.

Syntax

tunnel ttl ttl-value

undo tunnel ttl

Default

The TTL of tunneled packets is 255.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ttl-value: Specifies the TTL of tunneled packets, in the range of 1 to 255.

Usage guidelines

The TTL determines the maximum number of hops that the tunneled packets can pass. When the TTL expires, the tunneled packets are discarded to avoid loops.

Examples

# Set the TTL of tunneled packets to 100 on interface Tunnel 1.

<Sysname> system-view

[Sysname] interface tunnel 1

[Sysname-Tunnel1] tunnel ttl 100

Related commands

display interface tunnel

tunnel vpn-instance

Use tunnel vpn-instance to specify a VPN instance for the destination address of a tunnel interface.

Use undo tunnel vpn-instance to restore the default.

Syntax

tunnel vpn-instance vpn-instance-name

undo tunnel vpn-instance

Default

The destination address of a tunnel interface belongs to the public network.

Views

Tunnel interface view

Predefined user roles

network-admin

mdc-admin

Parameters

vpn-instance-name: Specifies the name of a VPN instance, a case-sensitive string of 1 to 31 characters.

Usage guidelines

After this command is executed, the device looks up the routing table of the specified VPN instance to forward tunneled packets on the tunnel interface.

For a tunnel interface to come up, the tunnel source and destination must belong to the same VPN. To specify a VPN instance for the tunnel source, use the ip binding vpn-instance command on the tunnel source interface.

Examples

# Specify VPN instance vpn10 for the tunnel destination on interface Tunnel 1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn10

[Sysname-vpn-instance-vpn10] route-distinguisher 1:1

[Sysname-vpn-instance-vpn10] vpn-target 1:1

[Sysname-vpn-instance-vpn10] quit

[Sysname] interface gigabitethernet 1/1/1

[Sysname-GigabitEthernet1/1/1] ip binding vpn-instance vpn10

[Sysname-GigabitEthernet1/1/1] ip address 1.1.1.1 24

[Sysname-GigabitEthernet1/1/1] quit

[Sysname] interface tunnel 1

[Sysname-Tunnel1] source gigabitethernet 1/1/1

[Sysname-Tunnel1] destination 1.1.1.2

[Sysname-Tunnel1] tunnel vpn-instance vpn10

Related commands

ip binding vpn-instance (MPLS Command Reference)

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products

Cloud & AI

H3C Workspace Cloud Desktop

Learn more

H3C UIS 3000 G5 HCI

Learn more

InterConnect

Intelligent Computing

H3C UniServer R4900 G5 Server

Learn more

Security

Situational Awareness

Learn more

Zero Trust Security Solution

Learn more

SMB Products

Intelligent Terminal Products

Industry Solutions

The Government Cloud “1+N+N+1” Innovation Model Becomes a Template

Learn more

Strong Support for the G20 Hangzhou Summit

Learn more
  • Product Support Services
  • Technical Service Solutions
All Services

Product Support Services

Technical Service Solutions

  • Resource Center
  • Policy
  • Online Help
All Support

Resource Center

Policy

Online Help

Training & Certification

  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners

Become a Partner

Partner Resources

Partner Business Management

  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us

Company Information

News & Events

Online Exhibition Center

Contact Us

新华三官网