Login
- Table of Contents
-
- 10-MPLS Command Reference
- 00-Preface
- 01-Basic MPLS commands
- 02-Static LSP commands
- 03-LDP commands
- 04-MPLS TE commands
- 05-Static CRLSP commands
- 06-RSVP commands
- 07-Tunnel policy commands
- 08-MPLS L3VPN commands
- 09-IPv6 MPLS L3VPN commands
- 10-MPLS L2VPN commands
- 11-VPLS commands
- 12-MPLS OAM commands
- 13-MCE commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Tunnel policy commands | 73.81 KB |
Tunnel policy commands
binding-destination
Use binding-destination to bind tunnels to a destination IP address in a tunnel policy, so the tunnels can be used only for a specific VPN service.
Use undo binding-destination to remove the tunnel bindings for a destination IP address.
Syntax
binding-destination dest-ip-address { sr-policy group sr-policy-group-id | te { tunnel number }&<1-n> } [ ignore-destination-check ] [ down-switch ]
undo binding-destination dest-ip-address
Default
A tunnel policy does not bind tunnels to a destination IP address.
Views
Tunnel policy view
Predefined user roles
network-admin
Parameters
dest-ip-address: Specifies a destination IP address.
sr-policy group sr-policy-group-id: Specifies the SR-MPLS TE policy group to be bound with the specified destination IP address. The sr-policy-group-id argument represents the ID of the SR-MPLS TE policy group, in the range of 1 to 4294967295.
te: Specifies TE tunnels for binding.
tunnel number: Specifies a tunnel to be bound with the specified destination IP address. The number argument represents an existing tunnel interface number on the device.
&<1-n>: Indicates that you can bind a maximum of n tunnels. The value for n is 16. If the value for n is greater than 1, traffic will be load shared among the bound tunnels.
ignore-destination-check: Ignores destination check. After this keyword is specified, a TE tunnel can be selected even if the tunnel's or SR-MPLS TE policy group's destination IP address is different from the destination IP address of the tunnel policy. If you do not specify this keyword, the destination address of a binding TE tunnel or SR-MPLS TE policy group must be the same as the destination IP address of the tunnel policy.
down-switch: Enables automatic tunnel switchover within the tunnel policy when the bound TE tunnels or SR-MPLS TE policy group tunnels are not available. After this keyword is specified, the tunnel policy selects a tunnel by using the following methods in descending order of priority: bound tunnel—preferred tunnel—load sharing. If you do not specify this keyword, the device selects tunnels only from the bound tunnels of the tunnel policy.
Usage guidelines
After a tunnel is bound to a destination IP address, traffic destined for the destination IP address will be forwarded only by the bound tunnel.
You can bind tunnels to multiple destination IP addresses in a tunnel policy. Tunnels bound to the same destination address will load share the traffic.
You can bind only one SR-MPLS TE policy group to a destination IP address in a tunnel policy.
If you bind different types of tunnels to the same destination IP address in the same tunnel policy, the most recent configuration takes effect.
Before binding MPLS TE tunnels to a destination IP address, first execute the mpls te reserved-for-binding command for the tunnels.
If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:
· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.
· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel (tunnel/tunnel bundle) whose destination address can identify the peer PE to forward traffic.
· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.
Example
# In tunnel policy policy1, bind destination address 100.1.1.9 to four TE tunnels. Ignore destination check, and allow tunnel selection using other tunnel selection methods within the tunnel policy when the bound TE tunnels are not available.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1] binding-destination 100.1.1.9 te tunnel 1 tunnel 2 tunnel 3 tunnel 4 ignore-destination-check down-switch
Related commands
mpls te reserved-for-binding
preferred-path
display mpls tunnel
Use display mpls tunnel to display tunnel information.
Syntax
display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all tunnels. GRE and MPLS TE tunnel information is displayed only when the network layer is up.
statistics: Displays tunnel statistics.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays tunnel information for the public network.
destination: Displays the tunnel destined for the specified address.
ipv4-address: Specifies the tunnel destination IPv4 address.
ipv6-address: Specifies the tunnel destination IPv6 address.
Examples
# Display information about all tunnels.
<Sysname> display mpls tunnel all
Destination Type Tunnel/NHLFE VPN Instance
2.2.2.2 LSP NHLFE1024 -
3.3.3.3 CRLSP Tunnel2 -
Table 1 Command output
|
Field |
Description |
|
Destination |
Tunnel destination address. |
|
Type |
Tunnel type: · LSP. · GRE. · CRLSP. · SRLSP. · SRPolicy (SR-MPLS TE policy). · SRPGroup (SR-MPLS TE policy group). |
|
Tunnel/NHLFE |
Tunnel, tunnel bundle, NHLFE entry, or SR-TR policy group ID. NHLFEnumber represents the ingress LSP or SR-MPLS TE policy group tunnel that matches the NHLFE entry with NID of number. |
|
VPN Instance |
VPN instance name. If the tunnel belongs to the public network, this field displays a hyphen (-). |
# Display tunnel statistics.
<Sysname> display mpls tunnel statistics
LSP : 1
GRE : 0
CRLSP: 0
SRLSP : 0
SRPOLICY: 0
SRPGROUP: 0
Table 2 Command output
|
Field |
Description |
|
LSP |
Number of LSP tunnels. |
|
GRE |
Number of GRE tunnels. |
|
CRLSP |
Number of CRLSP tunnels. |
|
SRLSP |
Number of SRLSP tunnels. |
|
SRPOLICY |
Number of SR-MPLS TE policy tunnels. |
|
SRPGROUP |
Number of SR-MPLS TE policy group tunnels. |
mpls te reserved-for-binding
Use mpls te reserved-for-binding to reserve an MPLS TE tunnel for tunnel binding in a tunnel policy.
Use undo mpls te reserved-for-binding to restore the default.
Syntax
mpls te reserved-for-binding
undo mpls te reserved-for-binding
Default
An MPLS TE tunnel can be used by any tunnel policy implementation methods.
Views
Tunnel interface view
Predefined user roles
network-admin
Usage guidelines
You must execute this command for a TE tunnel before the tunnel can be specified as a bound tunnel of a tunnel policy.
After you execute this command for a TE tunnel, the tunnel can only be used as a bound tunnel of a tunnel policy. For more information about tunnel bindings, see the binding-destination command.
Examples
# Reserve an MPLS TE tunnel for tunnel binding in a tunnel policy.
<Sysname> system-view
[Sysname] interface tunnel 10 mode mpls-te
[Sysname-Tunnel10] mpls te reserved-for-binding
Related commands
binding-destination
preferred-path
Use preferred-path to configure a tunnel as a preferred tunnel.
Use undo preferred-path to remove the preferred tunnel setting for a tunnel.
Syntax
preferred-path { tunnel number | tunnel-bundle number }
undo preferred-path { tunnel number | tunnel-bundle number }
Default
No preferred tunnels are configured.
Views
Tunnel policy view
Predefined user roles
network-admin
Parameters
tunnel number: Specifies an MPLS TE tunnel or a GRE tunnel by its tunnel interface number.The value range for the tunnel interface number is 0 to 20479.
tunnel-bundle number: Specifies a tunnel bundle by its tunnel bundle interface number. The value range for the tunnel bundle interface number is 0 to 1023.
Usage guidelines
You can specify a tunnel or tunnel bundle as a preferred tunnel of a tunnel policy.
As a best practice for an MPLS VPN, configure a preferred tunnel and make sure the destination address of the tunnel interface identifies the peer PE. In this method, the local PE forwards traffic destined for the peer PE over the preferred tunnel.
For a tunnel policy to solely use a tunnel, do not configure the tunnel as the preferred tunnel in other tunnel policies.
If you configure multiple preferred tunnels that have the same destination address in a tunnel policy, only the first configured tunnel takes effect. If the first tunnel is not available, the second tunnel is used, and so forth. No load balancing will be performed on these tunnels.
You can configure a maximum of 128 preferred tunnels in a tunnel policy.
If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:
· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.
· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.
· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.
Examples
# Configure tunnel 1 and tunnel 2 as preferred tunnels for tunnel policy policy1.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1] preferred-path tunnel 1
[Sysname-tunnel-policy-policy1] preferred-path tunnel 2
select-seq load-balance-number
Use select-seq load-balance-number to configure the tunnel selection order and set the number of tunnels for load balancing.
Use undo select-seq to restore the default.
Syntax
select-seq [ strict ] { cr-lsp | gre | lsp | sr-lsp | sr-policy } * load-balance-number number
undo select-seq
Default
The device selects only one tunnel in LSP—GRE—CRLSP—SRLSP—SR TE policy order.
Views
Tunnel policy view
Predefined user roles
network-admin
Parameters
strict: Uses the same type of tunnels for load balancing.
cr-lsp: Uses CRLSP tunnels.
gre: Uses GRE tunnels.
lsp: Uses LSP tunnels.
sr-lsp: Uses SRLSP tunnels.
sr-policy: Uses SR-MPLS TE policy tunnels.
load-balance-number number: Specifies the number of tunnels for load balancing. The value range for the number argument is 1 to 128.
Usage guidelines
A tunnel type closer to the select-seq keyword has a higher priority. The strict keyword determines whether the tunnel policy can select a hybrid of the specified types of tunnels for load balancing.
For example, the select-seq lsp cr-lsp load-balance-number 3 command specifies three tunnels for load balancing and gives LSP tunnels higher priority over CRLSP tunnels.
· If you specify the strict keyword, the tunnel policy selects only one type of tunnels. The tunnel policy will not select CRLSP tunnels when the number of LSP tunnels is less than 3 unless no LSP tunnels are available.
· If you do not specify the strict keyword, the tunnel policy can select CRLSP tunnels to remedy the deficiency of LSP tunnels.
SR-MPLS TE policy tunnels cannot share load with other types of tunnels regardless of whether you have specified the strict keyword or not.
Tunnels selected by this method are not fixed, making it hard to plan VPN traffic. As a best practice, do not use this method.
If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:
· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.
· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.
· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.
Examples
# Configure tunnel policy policy1 to use only MPLS TE tunnels, and set the load balancing number to 2.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1] select-seq cr-lsp load-balance-number 2
tunnel-policy (system view)
Use tunnel-policy to create a tunnel policy and enter its view, or enter the view of an existing tunnel policy.
Use undo tunnel-policy to delete a tunnel policy.
Syntax
tunnel-policy tunnel-policy-name
undo tunnel-policy tunnel-policy-name
Default
No tunnel policies exist.
Views
System view
Predefined user roles
network-admin
Parameters
tunnel-policy-name: Specifies a name for the tunnel policy, a case-sensitive string of 1 to 19 characters.
Examples
# Create tunnel policy policy1 and enter its view.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1]
