- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
05-Tunnel interface commands | 94.07 KB |
Tunnel interface commands
destination
Use destination to specify the destination address for a tunnel interface.
Use undo destination to restore the default.
Syntax
destination ipv4-address
undo destination
Default
No tunnel destination address is configured.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the tunnel destination IPv4 address.
Usage guidelines
The tunnel destination address must be the address of the receiving interface on the tunnel peer. It is used as the destination address of tunneled packets.
The destination address of the local tunnel interface must be the source address of the peer tunnel interface. The source address of the local tunnel interface must be the destination address of the peer tunnel interface.
Do not specify the same tunnel source and destination addresses for the tunnel interfaces on the same device.
Examples
# The interface HundredGigE 1/0/1 on Sysname 1 uses the IP address 193.101.1.1 and the interface HundredGigE 1/0/1 on Sysname 2 uses the IP address 192.100.1.1. Configure the source address 193.101.1.1 and destination address 192.100.1.1 for the tunnel interface on Sysname 1.
<Sysname1> system-view
[Sysname1] interface tunnel 1 mode gre
[Sysname1-Tunnel1] source 193.101.1.1
[Sysname1-Tunnel1] destination 192.100.1.1
# Configure the source address 192.100.1.1 and destination address 193.101.1.1 for the tunnel interface on Sysname 2.
<Sysname2> system-view
[Sysname2] interface tunnel 1 mode gre
[Sysname2-Tunnel1] source 192.100.1.1
[Sysname2-Tunnel1] destination 193.101.1.1
display interface tunnel
display tunnel-interface
interface tunnel
source
display interface tunnel
Use display interface tunnel to display tunnel interface information.
Syntax
display interface [ tunnel [ number ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
tunnel [ number ]: Specifies a tunnel interface. The number argument specifies the tunnel interface number. The specified tunnel interface must have been created. If you do not specify the tunnel keyword, this command displays information about all interfaces on the device. If you specify the tunnel keyword without the number argument, this command displays information about all existing tunnel interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions.
down: Displays information about interfaces in the physical state of DOWN and the causes. If you do not specify this keyword, the command displays information about interfaces in all states.
Examples
# Display detailed information about Tunnel 1.
<Sysname> display interface tunnel 1
Tunnel1
Current state: DOWN
Line protocol state: DOWN
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 64000
Internet protocol processing: Disabled
Tunnel source unknown, destination unknown
Tunnel keepalive disabled
Tunnel TTL 255
Tunnel protocol/transport GRE/IP
GRE key disabled
Checksumming of GRE packets disabled
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 1 Command output
Field |
Description |
Tunnel1 |
Information about the tunnel interface Tunnel 1. |
Current state |
Physical link state of the tunnel interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed). · UP—The interface is both administratively and physically up. |
Line protocol state |
Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. · UP—The data link layer protocol is up. · UP (spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist. This attribute is typical of null interfaces and loopback interfaces. · DOWN—The data link layer protocol is down. |
Description |
Description of the tunnel interface. |
Bandwidth |
Expected bandwidth of the tunnel interface. |
Maximum transmission unit |
MTU of the tunnel interface. |
Internet protocol processing |
IP packet processing capability of the interface when the interface is not assigned an IP address: · Disabled—The interface cannot process IP packets. · Enabled—The interface can process IP packets. |
Internet address: ip-address/mask-length (Type) |
IP address of the interface and type of the address in parentheses. Possible IP address types include: · Primary—Manually configured primary IP address. · Sub—Manually configured secondary IP address. If the interface has both primary and secondary IP addresses, the primary IP address is displayed. If the interface has only secondary IP addresses, the lowest secondary IP address is displayed. · Unnumbered—IP address borrowed from another interface. |
Tunnel source |
Source address of the tunnel. If a source interface is specified for the tunnel interface, this field also displays the source interface in parentheses. |
destination |
Destination address of the tunnel. |
Tunnel TOS |
ToS of tunneled packets. |
Tunnel TTL |
TTL of tunneled packets. |
Tunnel protocol/transport |
Tunnel mode and transport protocol: · CR_LSP—MPLS TE tunnel mode. · GRE/IP—GRE/IPv4 tunnel mode. · IP/IP—IPv4 over IPv4 tunnel mode. · IPv6/IP—IPv6 over IPv4 tunnel mode. · UDP_VXLAN/IP—UDP-encapsulated IPv4 VXLAN tunnel mode. · UDP_VXLAN_DCI/IP—UDP-encapsulated IPv4 VXLAN-DCI tunnel mode. |
GRE key disabled |
No GRE tunnel interface key is configured. |
Checksumming of GRE packets disabled |
The GRE packet checksum feature is disabled. |
Last clearing of counters |
Last time when counters were cleared. |
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average input rate in the last 300 seconds. |
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average output rate in the last 300 seconds. |
Input: 0 packets, 0 bytes, 0 drops |
Total input packets, total input bytes, and total input packets dropped. Input packets are counted after hardware or software de-encapsulation. |
Output: 0 packets, 0 bytes, 0 drops |
Total output packets, total output bytes, and total output packets dropped. Output packets are counted before hardware or software encapsulation. |
# Display brief information about Tunnel 1.
<Sysname> display interface tunnel 1 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Tun1 UP UP 1.1.1.1 aaaaaaaaaaaaaaaaaaaaaaaaaaa
# Display brief information about Tunnel 1, including the complete interface description.
<Sysname> display interface tunnel 1 brief description
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Tun1 UP UP 1.1.1.1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
# Display information about interfaces in DOWN state and the causes.
<Sysname> display interface tunnel brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
Tun0 DOWN Not connected
Tun1 DOWN Not connected
Table 2 Command output
Field |
Description |
Interface |
Abbreviated interface name. |
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. |
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces. |
Primary IP |
Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address. |
Description |
Description of the interface. |
Cause |
Cause for the physical link state of an interface to be DOWN: · Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Not connected—The tunnel is not established. |
Related commands
destination
interface tunnel
source
display tunnel-interface
Use display tunnel-interface to display tunnel interface information.
Syntax
display tunnel-interface [ number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number: Specifies a tunnel interface by its number. The specified tunnel interface must have been created. If you do not specify a tunnel interface, this command displays information about all existing tunnel interfaces.
Examples
# Display information about tunnel interface 1.
<Sysname> display tunnel-interface 1
Tunnel ID : 1
Tunnel mode : gre
Tunnel VPN instance: --
Tunnel TTL : 255
Tunnel ToS : 2
Source interface : -
Source address : -
Destination address: -
Tunnel BFD : Disabled
BFD source IP : -
BFD destination IP : -
BFD destination MAC: -
Table 3 Command output
Field |
Description |
Tunnel VPN instance |
VPN instance to which the tunnel interface belongs. If the tunnel interface belongs to the public network, this field displays two hyphens (--). |
Tunnel TTL |
TTL for tunneled packets. |
Tunnel ToS |
ToS for tunneled packets. |
Tunnel BFD |
Status of the BFD feature. |
Related commands
destination
interface tunnel
source
interface tunnel
Use interface tunnel to create a tunnel interface, specify the tunnel mode, and enter tunnel interface view, or enter the view of an existing tunnel interface.
Use undo interface tunnel to delete a tunnel interface.
Syntax
interface tunnel number [ mode { gre | ipv4-ipv4 | ipv6-ipv4 | mpls-te | vxlan | vxlan-dci } ]
undo interface tunnel number
Default
No tunnel interfaces exist.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies the number of the tunnel interface. The value range for tunnel interface numbers is 0 to 9214. The number of tunnel interfaces that can be created is restricted by the total number of interfaces and the memory.
mode gre: Specifies the GRE/IPv4 tunnel mode.
mode ipv4-ipv4: Specifies the IPv4 over IPv4 tunnel mode.
mode ipv6-ipv4: Specifies the IPv6 over IPv4 tunnel mode.
mode mpls-te: Specifies the MPLS TE tunnel (CRLSP tunnel) mode.
mode vxlan: Specifies the VXLAN tunnel mode.
mode vxlan-dci: Specifies the VXLAN-DCI tunnel mode.
Usage guidelines
To create a new tunnel interface, you must specify the tunnel mode in this command. To enter the view of an existing tunnel interface, you do not need to specify the tunnel mode.
A tunnel interface number is locally significant. The tunnel interfaces on the two ends of a tunnel can use the same or different interface numbers.
Examples
# Create GRE/IPv4 tunnel interface Tunnel 1 and enter tunnel interface view.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1]
Related commands
destination
display interface tunnel
display tunnel-interface
source
mtu
Use mtu to set the MTU on a tunnel interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
If the tunnel interface has never been up, the MTU is 64000 bytes.
If the tunnel interface is up, its MTU is identical to the outgoing interface's MTU minus the length of the tunnel headers. The outgoing interface is automatically obtained through routing table lookup based on the tunnel destination address.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
size: Specifies the MTU, in the range of 100 to 64000 bytes.
Usage guidelines
If you do not configure an MTU for a tunnel interface or the configured MTU is 64000 bytes, the effective MTU depends on the tunnel interface status.
· If the tunnel interface is up, its MTU is identical to the outgoing interface's MTU minus the length of the tunnel headers.
· If the tunnel interface is down, the device does not calculate or update the MTU of the tunnel interface.
If you configure an MTU for a tunnel interface and the MTU is not 64000 bytes, the configured MTU applies regardless of the tunnel interface status (up/down) and the outgoing interface MTU.
To avoid fragmentation after tunnel encapsulation, set the tunnel interface MTU no greater than the value of the outgoing interface MTU minus the length of the tunnel headers.
If the MTU resources are insufficient to configure the MTU of a tunnel interface, use the undo mtu command on other tunnel interfaces to release MTU resources. Then, use the mtu command to configure an MTU for that tunnel interface.
Examples
# Set the MTU on Tunnel 1 to 10000 bytes.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunnel1] mtu 10000
Related commands
display interface tunnel
source
Use source to specify the source address or source interface for a tunnel interface.
Use undo source to restore the default.
Syntax
source { ipv4-address | interface-type interface-number }
undo source
Default
No source address or source interface is specified for a tunnel interface.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the tunnel source IPv4 address.
Usage guidelines
The specified source address or the address of the specified source interface is used as the source address of tunneled packets. To display the configured tunnel source address, use the display interface tunnel command.
Do not specify the same tunnel source and destination addresses for the tunnel interfaces on the same device.
The destination address of the local tunnel interface must be the source address of the peer tunnel interface. The source address of the local tunnel interface must be the destination address of the peer tunnel interface.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify HundredGigE 1/0/1 as the source interface of Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1] source hundredgige 1/0/1
# Specify 192.100.1.1 as the source address of Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1] source 192.100.1.1
destination
display interface tunnel
display tunnel-interface
interface tunnel
tunnel accelerate
Use tunnel accelerate to enable tunnel traffic forwarding acceleration.
Use undo tunnel accelerate to disable tunnel traffic forwarding acceleration.
Syntax
tunnel accelerate
undo tunnel accelerate
Default
Tunnel traffic forwarding acceleration is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use this command to accelerate the forwarding of tunneled packets when the IPsec, AFT, and LB services are not deployed.
Examples
# Enable tunnel traffic forwarding acceleration.
<Sysname> system-view
[Sysname] tunnel accelerate
tunnel dfbit enable
Use tunnel dfbit enable to set the Don't Fragment (DF) bit for tunneled packets.
Use undo tunnel dfbit enable to restore the default.
Syntax
tunnel dfbit enable
undo tunnel dfbit enable
Default
The DF bit is not set for tunneled packets.
Views
Tunnel interface view
Predefined user roles
network-admin
Usage guidelines
To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than the tunneled packet length. To avoid discarding tunneled packets whose length is larger than the path MTU, do not set the DF bit.
This command is not supported by GRE or MPLS TE tunnels.
Examples
# Set the DF bit for tunneled packets on Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode ipv4-ipv4
[Sysname-Tunnel1] tunnel dfbit enable
tunnel log updown with-tag
Use tunnel log updown with-tag to add the TUNNEL string to the PHY_UPDOWN log mnemonic for tunnel interfaces.
Use undo tunnel log updown with-tag to remove the TUNNEL string from the PHY_UPDOWN log mnemonic for tunnel interfaces.
Syntax
tunnel log updown with-tag
undo tunnel log updown with-tag
Default
The PHY_UPDOWN log mnemonic for tunnel interfaces does not contain the TUNNEL string.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command adds the TUNNEL string to the PHY_UPDOWN log mnemonic for tunnel interfaces. Use this command if you want to identify the interface state change logs for tunnel interfaces by using a regular expression that contains the TUNNEL string.
A tunnel interface state change log without the TUNNEL string in the mnemonic:
%Jan 8 18:45:33:621 2011 Sysname IFNET/3/PHY_UPDOWN: Physical state on the interface Tunnel1 changed to down.
A tunnel interface state change log with the TUNNEL string in the mnemonic:
%Jan 8 18:45:33:621 2011 Sysname IFNET/3/TUNNEL_PHY_UPDOWN: Physical state on the interface Tunnel1 changed to down.
Examples
# Add the TUNNEL string to the PHY_UPDOWN log mnemonic for tunnel interfaces.
<Sysname> system-view
[Sysname] tunnel log updown with-tag
tunnel tos
Use tunnel tos to set the ToS of tunneled packets.
Use undo tunnel tos to restore the default.
Syntax
tunnel tos tos-value
undo tunnel tos
Default
The ToS of tunneled packets is the same as the ToS of the original packets.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
tos-value: Specifies the ToS of tunneled packets, in the range of 0 to 255.
Usage guidelines
After you configure this command, all the tunneled packets of different services sent on the tunnel interface will use the same configured ToS. For more information about ToS, see ACL and QoS Configuration Guide.
This command is not supported by GRE or MPLS TE tunnels.
Examples
# Set the ToS of tunneled packets to 20 on Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode ipv4-ipv4
[Sysname-Tunnel1] tunnel tos 20
Related commands
display interface tunnel
display tunnel-interface
tunnel ttl
Use tunnel ttl to set the Time to Live (TTL) of tunneled packets.
Use undo tunnel ttl to restore the default.
Syntax
tunnel ttl ttl-value
undo tunnel ttl
Default
The TTL of tunneled packets is 255.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
ttl-value: Specifies the TTL of tunneled packets, in the range of 1 to 255.
Usage guidelines
The TTL determines the maximum number of hops that the tunneled packets can pass. When the TTL expires, the tunneled packets are discarded to avoid loops.
This command is not supported by MPLS TE tunnels.
Examples
# Set the TTL of tunneled packets to 100 on Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1] tunnel ttl 100
Related commands
display interface tunnel
display tunnel-interface
tunnel vpn-instance
Use tunnel vpn-instance to specify a VPN instance for the destination address of a tunnel interface.
Use undo tunnel vpn-instance to restore the default.
Syntax
tunnel vpn-instance vpn-instance-name
undo tunnel vpn-instance
Default
The destination address of a tunnel interface belongs to the public network.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
After this command is executed, the device looks up the routing table of the specified VPN instance to forward tunneled packets on the tunnel interface.
For a tunnel interface to come up, the tunnel source and destination must belong to the same VPN instance. To specify a VPN instance for the tunnel source, use the ip binding vpn-instance command on the tunnel source interface.
The tunnel vpn-instance command is not supported by MPLS TE tunnels.
Examples
# Specify VPN instance vpn10 for the tunnel destination on Tunnel 1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn10
[Sysname-vpn-instance-vpn10] route-distinguisher 1:1
[Sysname-vpn-instance-vpn10] vpn-target 1:1
[Sysname-vpn-instance-vpn10] quit
[Sysname] interface hundredgige 1/0/1
[Sysname-HundredGigE1/0/1] ip binding vpn-instance vpn10
[Sysname-HundredGigE1/0/1] ip address 1.1.1.1 24
[Sysname-HundredGigE1/0/1] quit
[Sysname] interface tunnel 1 mode vxlan
[Sysname-Tunnel1] source hundredgige 1/0/1
[Sysname-Tunnel1] destination 1.1.1.2
[Sysname-Tunnel1] tunnel vpn-instance vpn10
Related commands
ip binding vpn-instance (MPLS Command Reference)