Configuring and Applying a Tunnel Policy

Pre-configuration Tasks

Before configuring a tunnel policy, complete the following tasks:

Create LSP or MPLS TE tunnels to transmit VPN services. For details about how to create an LSP tunnel and a TE tunnel, see MPLS LDP Configuration and MPLS TE Configuration in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - MPLS.
Establish the basic VPN network. For details about BGP/MPLS IP VPN configuration, see Configuring Basic BGP/MPLS IP VPN Functions.

Context

VPN data is transmitted over tunnels. By default, LSP tunnels are used to transmit data, and each service is transmitted by only one LSP tunnel.

If the default tunnel configuration cannot meet VPN service requirements, apply tunnel policies to VPNs. You can configure either of the following types of tunnel policies according to service requirements:

Tunnel type prioritization policy: This policy can change the type of tunnels selected for VPN data transmission or select multiple tunnels for load balancing.
Tunnel binding policy: This policy can bind multiple TE tunnels to provide QoS guarantee for a VPN.

Procedure

Configure a tunnel policy.
Use either of the following methods to configure a tunnel policy.

Configure a tunnel type prioritization policy.

By default, no tunnel policy is configured. LSP tunnels are used to transmit VPN data and each VPN service is transmitted over one LSP tunnel.
1. Run system-view
  The system view is displayed.
2. Run tunnel-policy policy-name
  A tunnel policy is created, and tunnel policy view is displayed.
3. (Optional) Run description description-information
  The description of the tunnel policy is configured.
4. Run tunnel select-seq { lsp | cr-lsp }^* load-balance-number load-balance-number
  The sequence in which each type of tunnel is selected and the number of tunnels participating in load balancing are set.
Configure a tunnel binding policy.
1. Run system-view
  The system view is displayed.
2. Run interface tunnel interface-number
  A tunnel interface is created and the tunnel interface view is displayed.
3. Run tunnel-protocol mpls te
  MPLS TE is configured as a tunnel protocol.
4. Run mpls te reserved-for-binding
  The binding capability of the TE tunnel is enabled.
5. Run mpls te commit
  The MPLS TE configuration is committed for the configuration to take effect.
6. Run quit
  Return to the system view.
7. Run tunnel-policy policy-name
  A tunnel policy is created.
8. (Optional) Run description description-information
  The description of the tunnel policy is configured.
9. Run tunnel binding destination dest-ip-address te { tunnel interface-number } &<1-6> [ ignore-destination-check ] [ down-switch ]
  Bind specified TE tunnels in the policy.
  - If the PE device has multiple peers, you can run the tunnel binding command multiple times to specify different destination IP addresses in a tunnel policy.
  - If down-switch is specified in the command, the system selects available tunnels in an order of LSP, CR-LSP when the bound tunnels are unavailable.
Apply the tunnel policy.
1. Run system-view
  The system view is displayed.
2. Run ip vpn-instance vpn-instance-name
  The VPN instance view is displayed.
3. Run ipv4-family
  The VPN instance IPv4 address family view is displayed.
4. Run tnl-policy policy-name
  A tunnel policy is applied to the VPN instance IPv4 address family.

Verifying the Configuration

After configuring a tunnel policy and applying it to a VPN instance, you can check information about the tunnel policy applied to the VPN instance and tunnels in the system.

Run the display tunnel-info { tunnel-id tunnel-id | all | statistics [ slots ] } command to check information about tunnels in the system.
Run the display interface tunnel interface-number command to check detailed information about a specified tunnel interface.
Run the display tunnel-policy [ tunnel-policy-name ] command to check information about the specified tunnel policy.
Run the display ip vpn-instance verbose [ vpn-instance-name ] command to check the tunnel policy applied to the specified VPN instance.