Login
- Table of Contents
-
- 06-MPLS Configuration Guide
- 00-Preface
- 01-Basic MPLS configuration
- 02-Static LSP configuration
- 03-LDP configuration
- 04-MPLS TE configuration
- 05-Static CRLSP configuration
- 06-RSVP configuration
- 07-Tunnel policy configuration
- 08-MPLS L3VPN configuration
- 09-MPLS L2VPN configuration
- 10-VPLS configuration
- 11-MPLS OAM configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Tunnel policy configuration | 101.06 KB |
Tunnel policy application scenario
Restrictions and guidelines: Tunnel policy configuration
Configuring a tunnel binding policy
Configuring a preferred tunnel policy
Configuring a load sharing policy
Display and maintenance commands for tunnel policies
Tunnel policy configuration examples
Example: Configuring exclusive tunnels
Example: Configuring tunnel bindings in a tunnel policy
Example: Configuring preferred tunnels and tunnel selection order
Configuring tunnel policies
About tunnel policies
Tunnel policies enable a PE to forward traffic for each MPLS VPN over a preferred tunnel or load share the traffic over multiple tunnels. Using tunnel policies can facilitate network planning and management and reduce processing overhead on PEs.
Tunnel policy implementation
Tunnel binding
You can bind a destination IP address to one or more tunnels in a tunnel policy. After the tunnel policy is applied to a VPN, the VPN traffic to the destination IP address will be forwarded by the bound tunnels.
Preferred tunnel
You can specify a tunnel or an SRv6 TE policy as a preferred tunnel in a tunnel policy. If the destination address of the preferred tunnel identifies a peer PE, the policy will forward traffic destined for that peer PE over the preferred tunnel.
If multiple preferred tunnels that have the same destination address are specified in a tunnel policy, the policy selects the preferred tunnel with the highest preference. If that tunnel is not available, the policy selects the tunnel with the second highest preference, and so forth.
Since the policy uses only one tunnel, no load sharing will be performed on these tunnels. This method explicitly specifies an MPLS TE tunnel or an SRv6 TE policy tunnel for an MPLS VPN, facilitating traffic planning. As a best practice, use this method.
Load sharing
You can configure tunnel load sharing by specifying the tunnel selection order and the number of tunnels for load sharing in a tunnel policy.
This method distributes traffic of a single VPN to multiple tunnels. The transmission delays on different tunnels can vary greatly. Therefore, the destination device or the upper layer application might take a great time to sequence the packets. As a best practice, do not use this method.
Tunnel selection rule
If you use all the tunnel binding, preferred tunnel, and load sharing methods to specify tunnels for a tunnel policy, the tunnel policy selects tunnels as follows:
· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE.
For an SRv6 TE policy, the tunnel destination address is the destination node address of the SRv6 TE policy.
· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.
· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.
Supported tunnel types
The tunnel types supported by tunnel policies include MPLS LSPs, MPLS TE tunnels and SRv6 TE policy tunnels.
For more information about MPLS TE, see "Configuring MPLS TE." For more information about MPLS VPNs, see "Configuring MPLS L3VPN," "Configuring MPLS L2VPN," and "Configuring VPLS." For more information about SRv6 TE policies, see Segment Routing Configuration Guide.
Tunnel policy application scenario
As shown in Figure 1, PE 1 and PE 2 have multiple tunnels in between and they are connected to multiple MPLS VPNs. You can control the paths for VPN traffic by using one of the following methods:
· Tunnel binding—Configure one tunnel policy, and bind different tunnels to different destination addresses in the tunnel policy. Apply the tunnel policy to the MPLS VPNs to forward the VPN traffic destined for the specified addresses over their respective bound tunnel.
· Preferred tunnel—Configure multiple tunnel policies, and specify a preferred tunnel for each policy. Apply these policies to different MPLS VPNs to forward the traffic of each VPN over a specific tunnel.
· Load sharing—Configure one tunnel policy, and specify the tunnel selection order and the number of tunnels for load sharing. Apply the tunnel policy to MPLS VPNs to forward the traffic of every VPN over multiple tunnels.
Figure 1 Tunnel policy application scenario
Restrictions and guidelines: Tunnel policy configuration
To configure a VPN to exclusively use a tunnel, perform the following operations:
1. Use the preferred-path command to specify the tunnel as the preferred tunnel in a tunnel policy.
2. Apply the policy only to that VPN.
Configuring a tunnel binding policy
1. Enter system view.
system-view
2. Enter the tunnel interface view of an MPLS TE tunnel.
interface tunnel number mode mpls-te
3. Reserve the MPLS TE tunnel for tunnel binding in a tunnel policy.
mpls te reserved-for-binding
By default, an MPLS TE tunnel can be used by any tunnel policy implementation methods.
4. Return to system view.
quit
5. Create a tunnel policy and enter tunnel policy view.
tunnel-policy tunnel-policy-name [ default ]
6. Bind tunnels to a destination IP address, so the tunnels can be used only for a specific VPN.
binding-destination dest-ip-address te { tunnel number }&<1-n> [ ignore-destination-check ] [ down-switch ]
binding-destination dest-ipv6-address { srv6-policy { name policy-name | end-point ipv6 ipv6-address color color-value } } [ ignore-destination-check ] [ down-switch ]
By default, a tunnel policy does not bind tunnels to a destination IP address.
You can bind tunnels to multiple destination IP addresses in a tunnel policy.
Configuring a preferred tunnel policy
1. Enter system view.
system-view
2. Create a tunnel policy and enter tunnel policy view.
tunnel-policy tunnel-policy-name [ default ]
3. Configure a preferred tunnel.
preferred-path { srv6-policy { name srv6-policy-name | end-point ipv6 ipv6-address color color-value } | tunnel number } [ preference value ]
By default, no preferred tunnels are configured.
Configuring a load sharing policy
1. Enter system view.
system-view
2. Create a tunnel policy and enter tunnel policy view.
tunnel-policy tunnel-policy-name [ default ]
3. Configure the tunnel selection order and the number of tunnels for load sharing.
select-seq [ strict ]{ cr-lsp | lsp | sr-lsp | srv6-policy } * load-balance-number number
By default, the policy selects only one tunnel in LSP, CRLSP, SRLSP, and SRv6-TE policy order.
Display and maintenance commands for tunnel policies
Execute display commands in any view.
|
Task |
Command |
|
Display tunnel information. |
display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } } [ slot slot-number ] |
|
Display information about IPv6 tunnels. |
display tunnel-info ipv6 { all | destination ipv6-address | statistics } |
|
Display tunnel policy information. |
display tunnel-policy [ tunnel-policy-name ] |
Tunnel policy configuration examples
Example: Configuring exclusive tunnels
Network configuration
PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 2, and one LDP LSP tunnel.
Two MPLS VPNs, vpna and vpnb, exist on PE 1. The VPN vpna exclusively uses the MPLS TE tunnel 1, and the VPN vpnb exclusively uses the MPLS TE tunnel 2.
Procedure
1. Configure tunnel policies on PE 1:
# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.
<PE1> system-view
[PE1] tunnel-policy preferredte1
[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1
[PE1-tunnel-policy-preferredte1] quit
# Create tunnel policy preferredte2, and configure tunnel 2 as the preferred tunnel.
[PE1] tunnel-policy preferredte2
[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2
[PE1-tunnel-policy-preferredte2] quit
2. Configure MPLS VPN instances and apply tunnel policies to the VPN instances:
# Create MPLS VPN instance vpna, and apply tunnel policy preferredte1 to it.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy preferredte1
[PE1-vpn-instance-vpna] quit
# Create MPLS VPN instance vpnb, and apply tunnel policy preferredte2 to it.
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 100:2
[PE1-vpn-instance-vpnb] tnl-policy preferredte2
Example: Configuring tunnel bindings in a tunnel policy
Network configuration
PE 1 has multiple tunnels to reach PE 2, including two MPLS TE tunnels. An MPLS VPN exists on PE 1. Configure a tunnel policy, so the two MPLS TE tunnels are only used to forward traffic for that VPN.
Procedure
1. Reserve the MPLS TE tunnels only for tunnel bindings:
# Reserve MPLS TE tunnel 1 for tunnel bindings.
<PE1> system-view
[PE1] interface tunnel 1 mode mpls-te
[PE1-Tunnel1] mpls te reserved-for-binding
[PE1-Tunnel1] quit
# Reserve MPLS TE tunnel 2 for tunnel bindings.
[PE1] interface tunnel 2 mode mpls-te
[PE1-Tunnel2] mpls te reserved-for-binding
[PE1-Tunnel2] quit
2. Configure a tunnel policy on PE 1.
# Create a tunnel policy named text, binding the MPLS TE tunnels to the IP address of the MP-BGP peer, so that the tunnels can forward traffic only for a specific VPN.
<PE1> system-view
[PE1] tunnel-policy text
[PE1-tunnel-policy-text] binding-destination 2.2.2.2 te tunnel 1 tunnel 2
[PE1-tunnel-policy-text] quit
3. Create MPLS VPN instance vpna, and apply tunnel policy text to it.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy text
[PE1-vpn-instance-vpna] quit
Example: Configuring preferred tunnels and tunnel selection order
Network configuration
PE 1 has multiple tunnels to reach PE 2: two MPLS TE tunnels on interfaces Tunnel 1 and Tunnel 2, and one LDP LSP tunnel.
PE 1 has multiple MPLS VPN instances: vpna, vpnb, vpnc, vpnd, and vpne. Table 1 shows the tunnel policy that PE 1 uses for each VPN instance.
Table 1 Tunnel policies used for VPN instances
|
VPN instance |
Tunnel policy |
|
vpna, vpnb |
Use MPLS TE tunnel Tunnel 1 as the preferred tunnel. |
|
vpnc, vpnd |
Use MPLS TE tunnel Tunnel 2 as the preferred tunnel. |
|
vpne |
Uses one tunnel selected in LDP LSP-MPLS TE order. |
Procedure
1. Configure tunnel policies on PE 1:
# Create tunnel policy preferredte1, and configure tunnel 1 as the preferred tunnel.
<PE1> system-view
[PE1] tunnel-policy preferredte1
[PE1-tunnel-policy-preferredte1] preferred-path tunnel 1
[PE1-tunnel-policy-preferredte1] quit
# Create tunnel policy preferredte2, and configure tunnel 2 as the preferred tunnel.
[PE1] tunnel-policy preferredte2
[PE1-tunnel-policy-preferredte2] preferred-path tunnel 2
[PE1-tunnel-policy-preferredte2] quit
# Create tunnel policy select-lsp.
[PE1] tunnel-policy select-lsp
# Configure the policy to select only one tunnel in LDP LSP-MPLS TE order.
[PE1-tunnel-policy-select-lsp] select-seq lsp cr-lsp load-balance-number 1
[PE1-tunnel-policy-select-lsp] quit
2. Configure MPLS VPN instances and apply tunnel policies to the VPN instances:
# Create MPLS VPN instances vpna and vpnb, and apply tunnel policy preferredte1 to them.
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna] vpn-target 100:1
[PE1-vpn-instance-vpna] tnl-policy preferredte1
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb] vpn-target 100:2
[PE1-vpn-instance-vpnb] tnl-policy preferredte1
[PE1-vpn-instance-vpnb] quit
# Create MPLS VPN instances vpnc and vpnd, and apply tunnel policy preferredte2 to them.
[PE1] ip vpn-instance vpnc
[PE1-vpn-instance-vpnc] route-distinguisher 100:3
[PE1-vpn-instance-vpnc] vpn-target 100:3
[PE1-vpn-instance-vpnc] tnl-policy preferredte2
[PE1-vpn-instance-vpnc] quit
[PE1] ip vpn-instance vpnd
[PE1-vpn-instance-vpnd] route-distinguisher 100:4
[PE1-vpn-instance-vpnd] vpn-target 100:4
[PE1-vpn-instance-vpnd] tnl-policy preferredte2
[PE1-vpn-instance-vpnd] quit
# Create MPLS VPN instance vpne, and apply tunnel policy select-lsp to it.
[PE1] ip vpn-instance vpne
[PE1-vpn-instance-vpne] route-distinguisher 100:5
[PE1-vpn-instance-vpne] vpn-target 100:5
[PE1-vpn-instance-vpne] tnl-policy select-lsp
