Configuring a Tunnel Interface

This section describes how to create a tunnel interface of a GRE tunnel to be established. After tunnel interfaces are created, set the encapsulation type to GRE and specify a tunnel source address or source interface, as well as a destination address for the GRE tunnel to be established. In addition, assign an IP address to the tunnel interface if a dynamic routing protocol is used.

Context

A tunnel interface must be configured on each end of a GRE tunnel to be established. For the tunnel interface, set the protocol type to GRE and configure a source IP address or interface, as well as a destination IP address. You also need to specify an IP address if a dynamic routing protocol is used.

Note that you must not specify the involved tunnel interface as the source interface for a GRE tunnel. Instead, specify another interface that can be either a common interface or the tunnel interface of another tunnel on the same device.

A configured interface MTU value is valid on locally originated packets that are encapsulated by GRE, but is invalid on the accepted packets that are encapsulated by GER and forwarded over the GRE tunnel.

A tunnel interface, which is a logical interface, goes down in any of the following situations:

  • The destination address configured for the tunnel interface is unreachable or is set to the IP address of the tunnel interface.

  • The source interface configured for the tunnel interface is down.

  • The IP address configured on the tunnel interface is invalid.

  • The Keepalive function is configured on the tunnel interface and detects that the tunnel remote end is unreachable.

If the tunnel interface is deleted, all configurations on the tunnel interface are also deleted.

Perform the following steps on both ends of a tunnel.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface tunnel interface-number

    A tunnel interface is created, and its view is displayed.

    For centralized GRE in which a three-dimensional tunnel interface is used, the slot ID of the tunnel interface must be the same as the slot ID of the tunnel service board on which the tunnel's source interface resides. A slot ID inconsistency causes a failure to establish a GRE tunnel.

  3. (Optional) Run description text

    A tunnel description is configured.

  4. Run tunnel-protocol gre

    GRE is configured as a tunneling protocol.

  5. Run source { ip-address | ifName | ifType ifNum }

    A source address or source interface of the tunnel is configured.

    The binding tunnel gre command must be run to bind GRE to the source interface or the interface where the source address resides. After the binding is configured, a GRE tunnel can use such an interface to forward packets encapsulated by GRE.

  6. Run destination [ vpn-instance vpn-instance-name ] ip-address

    The destination IP address of the tunnel is configured.

  7. (Optional) Run mtu mtu

    An MTU value of the tunnel interface is set.

  8. (Optional) Run tunnel pathmtu enable

    Path MTU learning is enabled.

    If two BGP nodes on which the peer path-mtu auto-discovery command is run communicate over a GRE tunnel, you can run the tunnel pathmtu enable command on tunnel interfaces of both nodes to prevent repetitive fragmentation for TCP packets carrying BGP messages when such packets are transmitted along the GRE tunnel, improving BGP message transmission efficiency.

  9. (Optional) Run tcp adjust-mss mss-value inbound

    An MSS value is set for inbound TCP SYN/SYN+ACK packets of the GRE tunnel.

    You can set the MSS value less than the sum of the configured interface MTU and GRE header length, so that the packets accepted by the tunnel interface will not be fragmented when being transmitted over the GRE tunnel.

  10. Configure an IP address for the tunnel interface. Perform either of the following operations:

    • To configure an IPv4 address, run the ip address ip-address { mask | mask-length } [ sub ] command.

    • To configure the tunnel interface to borrow an IPv4 address, run the ip address unnumbered interface interface-type interface-number command.

    If a dynamic routing protocol is used on the tunnel interface, configure an IP address for the tunnel interface. The IP addresses of the tunnel interfaces on both ends of the GRE tunnel can be public or private addresses and must be on the same network segment.

  11. (Optional) Run target reassemble board slot-id [ backup slave-slot-id ]

    A tunnel interface is mapped to a tunnel service board so that GRE fragments can be assembled on the tunnel service board.

    If GRE packets are fragmented during transmission over a tunnel (for example, when multiple intermediate links forward packets in load balancing mode), configure a packet reassembly board on the egress of the tunnel so that all fragmented packets are reassembled on the same board.

    The target reassemble board command takes effect for distributed GRE tunnels only.

  12. Run quit

    Exit the tunnel interface view.

  13. (Optional) Run global-gre forward-mode { through | loopback }

    A forwarding mode is specified, which takes effect on all distributed GRE tunnels.

    You can configure a proper forwarding mode based on service requirements.

    • through: enables the software loopback mode. It supports high forwarding performance, but does not support HQoS functions for outgoing packets.
    • loopback: enables the hardware loopback mode. It supports a half of forwarding performance as the software loopback mode does and also supports HQoS functions for outgoing packets.

    The command takes effect only for distributed GRE tunnels.

  14. Run commit

    The configuration is committed.

Parent Topic: Configuring a GRE Tunnel
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >