Contents

Tunnel policy commands· 1

binding-destination· 1

display mpls tunnel 2

display tunnel-info ipv6· 4

display tunnel-policy· 5

mpls te reserved-for-binding· 7

preferred-path· 8

select-seq load-balance-number 9

tunnel-policy (system view) 11

 

Tunnel policy commands

binding-destination

Use binding-destination to bind tunnels to a destination IP address in a tunnel policy, so the tunnels can be used only for a specific VPN service.

Use undo binding-destination to remove the tunnel bindings for a destination IP address.

Syntax

binding-destination dest-ipv4-address { te { tunnel number }&<1-n> } [ ignore-destination-check ] [ down-switch ]

binding-destination dest-ipv6-address { srv6-policy { name policy-name | end-point ipv6 ipv6-address color color-value } } [ ignore-destination-check ] [ down-switch ]

undo binding-destination { dest-ipv4-address | dest-ipv6-address }

Default

A tunnel policy does not bind tunnels to a destination IP address.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

dest-ipv4-address: Specifies a destination IPv4 address.

dest-ipv6-address: Specifies a destination IPv6 address.

te: Specifies TE tunnels for binding.

tunnel number: Specifies a tunnel to be bound with the specified destination IP address. The value range for the number argument is 0 to 65534. &<1-n>: Indicates that you can specify a maximum of n binding tunnels. The value range for n is 1 to 16. If the value for n is greater than 1, traffic will be load shared among the binding tunnels.

srv6-policy: Specifies the SRv6 TE policy to be bound with the specified destination IPv6 address.

name policy-name: Specifies an SRv6 TE policy by its name, a case-sensitive string of 1 to 59 characters.

end-point ipv6 ipv6-address color color-value: Specifies an SRv6 TE policy by the destination node address and color value. The ipv6-address argument specifies the IPv6 address of the destination node. The color-value argument represents the color value, in the range of 0 to 4294967295.

ignore-destination-check: Ignores destination check. After this keyword is specified, a bound tunnel (TE tunnel or SRv6 TE policy) can be selected even if the destination IP address of the bound tunnel is different from the destination IP address of the tunnel policy. If you do not specify this keyword, the destination address of a bound tunnel must be the same as the destination IP address of the tunnel policy.

down-switch: Enables automatic tunnel switchover within the tunnel policy when the bound tunnels (TE tunnels or SRv6 TE policy tunnels) are not available. After this keyword is specified, the tunnel policy selects a tunnel by using the following methods in descending order of priority: tunnel binding, preferred tunnel, and load sharing. If you do not specify this keyword, the device selects tunnels only from the bound tunnels of the tunnel policy.

Usage guidelines

After a tunnel is bound to a destination IP address, traffic destined for the destination IP address will be forwarded only by the bound tunnel.

You can bind tunnels to multiple destination IP addresses in a tunnel policy.

In the same tunnel policy and for the same IPv4 destination address:

·     If you execute this command multiple times to bind different types of tunnels, the most recent configuration takes effect.

·     If you execute this command multiple times to bind multiple MPLS TE tunnels, the specified MPLS TE tunnels will load share the traffic.

In the same tunnel policy and for the same IPv6 destination address:

·     If you execute this command multiple times to bind different types of tunnels, the most recent configuration takes effect.

·     If you execute this command multiple times to bind multiple SRv6 TE policies, the specified SRv6 TE policy tunnels will load share the traffic.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SRv6 TE policy, the tunnel destination address is the destination node address of the SRv6 TE policy.

·     If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Before binding MPLS TE tunnels to a destination IP address, first execute the mpls te reserved-for-binding command for the tunnels.

Example

# In tunnel policy policy1, bind destination address 100.1.1.9 to four TE tunnels. Ignore destination check, and allow tunnel selection using other tunnel selection methods within the tunnel policy when the binding TE tunnels are not available.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] binding-destination 100.1.1.9 te tunnel 1 tunnel 2 tunnel 3 tunnel 4 ignore-destination-check down-switch

Related commands

mpls te reserved-for-binding

preferred-path

display mpls tunnel

Use display mpls tunnel to display tunnel information.

Syntax

display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } } [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all tunnels. The command displays TE tunnels only when the network layer is up.

statistics: Displays tunnel statistics.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays tunnel information for the public network.

destination: Displays the tunnel destined for the specified address.

ipv4-address: Specifies the tunnel destination IPv4 address.

ipv6-address: Specifies the tunnel destination IPv6 address.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays tunnel information on the active MPU.

Examples

# Display information about all tunnels.

<Sysname> display mpls tunnel all

Destination      Type       Tunnel/NHLFE      VPN Instance

2.2.2.2          LSP        NHLFE1024         -

3.3.3.3          CRLSP      Tunnel2           -

4.4.4.4          SRPolicy   NHLFE20971521     -

4.4.4.4          SRPGroup   Group1            -

Table 1 Command output

Field	Description
Destination	Tunnel destination address.
Type	Tunnel type: ·     LSP. ·     GRE. (Not supported.) ·     CRLSP. ·     SRLSP. ·     SRPolicy—SR-MPLS TE policy tunnel. (Not supported.) ·     SRPGroup—SR-MPLS TE policy group tunnel. (Not supported.)
Tunnel/NHLFE	Tunnel NHLFE entry, or SR-MPLS TE policy group ID. NHLFEnumber represents the ingress LSP that matches the NHLFE entry with NID of number.
VPN Instance	VPN instance name. If the tunnel belongs to the public network, this field displays a hyphen (-).

 

# Display tunnel statistics.

<Sysname> display mpls tunnel statistics

LSP          : 1

GRE          : 0

CRLSP        : 0

SRLSP        : 0

SRPolicy     : 1

SRPGroup     : 1

Table 2 Command output

Field	Description
LSP	Number of LSP tunnels.
GRE	This field is not supported in the current software version. Number of GRE tunnels.
CRLSP	Number of CRLSPs.
SRLSP	Number of SRLSPs.
SRPolicy	This field is not supported in the current software version. Number of SR-MPLS TE policy tunnels.
SRPGroup	This field is not supported in the current software version. Number of SR-MPLS TE policy group tunnels.

‌

display tunnel-info ipv6

Use display tunnel-info ipv6 to display information about IPv6 tunnels.

Syntax

display tunnel-info ipv6 { all | destination ipv6-address | statistics }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Display information about all IPv6 tunnels.

destination ipv6-address: Displays information about tunnels with the specified destination IPv6 address.

Statistics: Displays statistics about IPv6 tunnels.

Examples

# Display information about all IPv6 tunnels.

<Sysname> display tunnel-info ipv6 all

Destination     : 222::2

Type            : SRv6-TE Policy

Color           : 10

Forwarding index: 2150629377

VPN instance    : -

Policy name     : P100

# Display statistics about IPv6 tunnels.

<Sysname> display tunnel-info ipv6 statistics

LSP                 :     0

GRE                 :     0

CRLSP               :     0

SRLSP               :     0

SRv6-TE Policy      :     0

SRv6-TE Policy Group:     0

Table 3 Command output

Field	Description
Destination	Tunnel destination address.
Type	Tunnel type: ·     MPLS LDP—Tunnel established on an IPv6 LDP LSP. ·     SRv6-TE Policy—Tunnel established on the forwarding path selected by an SRv6 TE policy.
Color	Color value of the SRv6 TE policy. This field is available only when the tunnel type is SRv6-TE Policy. If the color value is invalid, this field displays a hyphen (-).
Forwarding Index	Forwarding entry index.
VPN Instance	Name of the VPN instance. For the public network, this field displays a hyphen (-).
Policy Name	SRv6 TE policy name. This field is available only when the tunnel type is SRv6-TE Policy.
LSP	Number of LSP tunnels.
CRLSP	Number of CRLSP tunnels.
SRLSP	Number of SRLSP tunnels.
SRv6-TE Policy	Number of tunnels of the SRv6-TE Policy type.

‌

display tunnel-policy

Use display tunnel-policy to display tunnel policy information.

Syntax

display tunnel-policy [ tunnel-policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel-policy-name: Specifies a tunnel policy by its name, a case-sensitive string of 1 to 19 characters. If you do not specify a tunnel policy, this command displays information about all tunnel policies.

Examples

# Display information about all tunnel policies.

<Sysname> display tunnel-policy

Tunnel policy name: abc

  Select-Seq: LSP, GRE, CRLSP, SRLSP, SR-TE Policy, SRv6-TE Policy, SRv6-TE Policy Group

    Load balance number   : 1

    Strict                : No

  Preferred paths:

    Type  : TE

    Tunnel: Tunnel11

    Preference: 7

    Type  : SRv6-TE Policy(End-point/Color)

    Tunnel: 4::4/20

    Preference: 10

  Binding-destination:

    Destination IP address: 2.2.2.2

      Tunnel Type        : TE

      Tunnels            : Tunnel12

      Ignore destnation  : No

      Down switch        : No

    Destination IP address: 4::4

      Tunnel Type        : SRv6-TE Policy(Name)

      Tunnels            : abc

    Destination IP address: 4::4

      Tunnel Type        : SRv6-TE Policy(End-point/Color)

      Tunnels            : 1000::1/10

      Ignore destnation  : No

      Down switch        : No

Table 4 Command output

Field	Description
Select-Seq	Tunnel selection order. The tunnel types are displayed in descending order of priority in tunnel selection.
Load balance number	Number of tunnels for load balancing.
Strict	Whether the strict method is used to select tunnels for load balancing: ·     No—The tunnel policy can use a hybrid of the specified types of tunnels for load balancing. ·     Yes—The tunnel policy uses only one type of tunnels for load balancing.
Preferred paths	Preferred tunnels information.
Type	Type of the preferred tunnel: ·     TE—MPLS TE tunnel. ·     SRv6-TE Policy(Name)—SRv6 TE policy identified by its name. ·     SRv6-TE Policy(End-point/Color)—SRv6 TE policy identified by the endpoint address and color value.
Tunnel	Name of the preferred tunnel: ·     For an MPLS TE tunnel, this field displays the MPLS TE tunnel interface name in the format of Tunnelnumber. ·     For an SRv6 TE policy (endpoint/color), this field displays the endpoint address and color value of the SRv6 TE policy in the format of ip-address/color. ·     For an SRv6 TE policy (name), this field displays the name of the SRv6 TE policy.
Preference	Preference value of the preferred tunnel.
Binding-destination	Destination-tunnel binding information.
Destination IP address	Destination IP address for tunnel binding.
Tunnel type	Type of tunnels bound to the destination IP address: ·     TE—MPLS TE tunnel. ·     SRv6-TE Policy(Name)—SRv6 TE policy identified by its name. ·     SRv6-TE Policy(End-point/Color)—SRv6 TE policy identified by the endpoint address and color value.
Tunnels	Names of the bound tunnels: ·     For an MPLS TE tunnel, this field displays the MPLS TE tunnel interface name in the format of Tunnelnumber. ·     For an SRv6 TE policy (endpoint/color), this field displays the endpoint address and color value of the SRv6 TE policy in the format of ip-address/color. ·     For an SRv6 TE policy (name), this field displays the name of SRv6 TE policy.
Ignore destination	Whether to ignore the destination check. ·     No—Performs destination check. The destination address of a bound tunnel must be the same as the destination IP address of the tunnel policy. ·     Yes—Ignores the destination check. A bound tunnel can be selected even if its destination IP address is different from the destination IP address of the tunnel policy.
Down switch	Whether to enable automatic tunnel switchover within the tunnel policy when the bound tunnels are not available. ·     No—Not enabled. ·     Yes—Enabled.

‌

mpls te reserved-for-binding

Use mpls te reserved-for-binding to reserve an MPLS TE tunnel for tunnel binding in a tunnel policy.

Use undo mpls te reserved-for-binding to restore the default.

Syntax

mpls te reserved-for-binding

undo mpls te reserved-for-binding

Default

An MPLS TE tunnel can be used by any tunnel policy implementation methods.

Views

Tunnel interface view

Predefined user roles

network-admin

Usage guidelines

If a VPN has high requirements on bandwidth, you can select TE tunnels for the VPN by applying a tunnel policy bound with TE tunnels to the VPN.

You must execute this command for an MPLS TE tunnel before the tunnel can be bound to a destination address in a tunnel policy.

After you execute this command for an MPLS TE tunnel, the tunnel can only be used as a bound tunnel of a tunnel policy. For more information about tunnel binding, see the binding-destination command.

Examples

# Reserve an MPLS TE tunnel for tunnel binding in a tunnel policy.

<Sysname> system-view

[Sysname] interface tunnel 10 mode mpls-te

[Sysname-Tunnel10] mpls te reserved-for-binding

Related commands

binding-destination

preferred-path

Use preferred-path to configure a preferred tunnel.

Use undo preferred-path to remove a preferred tunnel.

Syntax

preferred-path { srv6-policy { name srv6-policy-name | end-point ipv6 ipv6-address color color-value } | tunnel number } [ preference value ]

undo preferred-path { srv6-policy { name srv6-policy-name | end-point ipv6 ipv6-address color color-value } | tunnel number } [ preference value ]

Default

No preferred tunnels are configured.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

srv6-policy: Specifies an SRv6-TE policy as the preferred tunnel.

name srv6-policy-name: Specifies an SRv6-TE policy by its name, a case-sensitive string of 1 to 59 characters.

end-point ipv6 ipv6-address color color-value: Specifies an SRv6-TE policy by the destination node address and color value. The ipv6-address argument specifies the IPv6 address of the destination node. The color-value argument represents the color value, in the range of 0 to 4294967295.

tunnel number: Specifies an MPLS TE tunnel by its tunnel interface number. The value range for the number argumet is 0 to 65534.

preference value: Specifies the preference value of the preferred tunnel, in the range of 0 to 65534. A smaller value represents a higher preference. If you do not specify this keyword, the system automatically calculates the preference value, which is the largest preference value existing in the current tunnel policy plus 100. If the preferred tunnel you are configuring is the first preferred in the current tunnel policy, the preference value for this preferred tunnel is 100 by default.

Usage guidelines

You can configure anSRv6 TE policy, an MPLS TE tunnel as a preferred tunnel of a tunnel policy.

As a best practice for an MPLS VPN, configure a preferred tunnel and make sure the destination address of the preferred tunnel identifies the peer PE. In this method, the local PE forwards traffic destined for the peer PE over the preferred tunnel.

For a tunnel policy to solely use a tunnel or an SRv6 TE policy tunnel, do not configure the tunnel as the preferred tunnel in other tunnel policies.

If you configure multiple preferred tunnels that have the same destination address in a tunnel policy, the system selects the preferred tunnel with the highest preference. If that tunnel is not available, the tunnel with second highest preference is used, and so forth. No load sharing will be performed on these tunnels.

When you configure preferences for preferred tunnels, follow these restrictions and guidelines:

·     You cannot assign the same preference value to different tunnels in the same tunnel policy.

·     If the largest preference value existing in a tunnel policy equals to or greater than 65435, you must specify the preference value when you configure a new preferred tunnel in the tunnel policy. If you do not dot specify the preference value, the preferred tunnel cannot be configured.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SRv6 TE policy, the tunnel destination address is the destination node address of the SRv6 TE policy.

·     If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Examples

# Configure tunnel 1 and tunnel 2 as preferred tunnels for tunnel policy policy1.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] preferred-path tunnel 1

[Sysname-tunnel-policy-policy1] preferred-path tunnel 2

select-seq load-balance-number

Use select-seq load-balance-number to configure the tunnel selection order and set the number of tunnels for load sharing.

Use undo select-seq to restore the default.

Syntax

select-seq [ strict ] { cr-lsp | lsp | sr-lsp | srv6-policy | srv6-policy-group } * load-balance-number number

undo select-seq

Default

The device selects only one tunnel in LSP, CRLSP, SRLSP, and SRv6 TE policy order.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

strict: Uses the same type of tunnels for load balancing.

·     If you specify this keyword, VPN uses only one type of tunnels for load balancing. For example, if the select-seq strict lsp cr-lsp load-balance-number 3 command is used, VPN uses only one type of tunnels. If LSP tunnels are available, VPN uses only LSP tunnels. If no LSP tunnels are available, VPN uses only CRLSP tunnels.

·     If you do not specify this keyword, VPN can use a hybrid of the specified types of tunnels for load balancing. For example, if the select-seq lsp cr-lsp load-balance-number 3 command is used, VPN preferentially uses LSP tunnels for load balancing. If the number of LSP tunnels is zero or less than three, VPN uses CRLSP tunnels to remedy the deficiency of LSP tunnels.

·     SRv6 TE policy tunnels cannot share load with other types of tunnels regardless of whether you have specified this keyword or not.

cr-lsp: Uses CRLSP tunnels.

lsp: Uses LSP tunnels.

sr-lsp: Uses SRLSP tunnels.

load-balance-number number: Specifies the number of tunnels for load sharing. The value range for the number argumet is 1 to 64.

Usage guidelines

A tunnel type closer to the select-seq keyword has a higher priority.

Tunnels selected by this method are not fixed, making it hard to plan VPN traffic. As a best practice, do not use this method.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SRv6 TE policy, the tunnel destination address is the destination node address of the SRv6 TE policy.

·     If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Examples

# Configure tunnel policy policy1 to use only CRLSP tunnels, and set the load sharing number to 2.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] select-seq cr-lsp load-balance-number 2

Related commands

binding-destination

preferred-path

tunnel-policy (system view)

Use tunnel-policy to create a tunnel policy and enter its view, or enter the view of an existing tunnel policy.

Use undo tunnel-policy to delete a tunnel policy.

Syntax

tunnel-policy tunnel-policy-name [ default ]

undo tunnel-policy tunnel-policy-name

Default

No tunnel policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

tunnel-policy-name: Specifies a name for the tunnel policy, a case-sensitive string of 1 to 19 characters.

default: Uses the policy as the global tunnel policy.

Usage guidelines

The device supports only one global tunnel policy.

By default, a tunnel policy selects only one tunnel in LSP—CRLSP—SRLSP order.

An MPLS VPN uses the global tunnel policy if it is not bound with a specific tunnel policy or the bound policy does not exist. If the bound policy exists but is null, the MPLS VPN selects only one tunnel in the default tunnel selection order.

Examples

# Create tunnel policy policy1 and enter its view.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1]