Applying a Tunnel Policy to a VPN

After being configured, a tunnel policy needs to be applied to a VPN service. The mode in which a tunnel policy is applied to VPN services varies according to the VPN type.

Context

A device can select proper tunnels for VPN data transmission based on the configured tunnel policy only after the policy is applied to VPN services.

The mode in which a tunnel policy is applied to VPN services varies according to the VPN type. Select one of the following modes as needed:

Procedure

  • Apply a tunnel policy to a BGP/MPLS IP VPN.

    For details about the BGP/MPLS IP VPN configuration, see Configuring Basic BGP/MPLS IP VPN Functions.

    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run ipv4-family

      The VPN instance IPv4 address family view is displayed.

    4. Run tnl-policy policy-name

      A tunnel policy is applied to the VPN instance IPv4 address family.

    5. Run commit

      The configuration is committed.

  • Apply a tunnel policy to a BGP/MPLS IPv6 VPN.

    For details about the BGP/MPLS IPv6 VPN configuration, see Configuring a Basic BGP/MPLS IPv6 VPN.

    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      The VPN instance view is displayed.

    3. Run ipv6-family

      The VPN instance IPv6 address family view is displayed.

    4. Run tnl-policy policy-name

      A tunnel policy is applied to the VPN instance IPv6 address family.

    5. Run commit

      The configuration is committed.

  • Apply a tunnel policy to SVC VPWS.

    For details about how to configure SVC VPWS, see Configuring SVC VPWS. Perform the following steps on the PEs with VCs configured:

    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The AC interface view is displayed.

    3. Run mpls static-l2vc { { destination ip-address | pw-template pw-template-name vc-id } * | destination ip-address [ vc-id ] } transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name [ endpoint endpoint-address color color-value ] | access-port | [ control-word | no-control-word ] | [ raw | tagged | ip-interworking ] ] * *

      A tunnel policy is applied to the VC.

    4. Run commit

      The configuration is committed.

  • Apply a tunnel policy to LDP VPWS.

    For details about how to configure LDP VPWS, see Configuring LDP VPWS . Perform the following steps on the PEs with VCs configured:

    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The AC interface view is displayed.

    3. Run mpls l2vc { pw-template pw-template-name | ip-address } * vc-id tunnel-policy policy-name

      A tunnel policy is applied to a specified VC of LDP VPWS.

    4. Run commit

      The configuration is committed.

  • Apply a tunnel policy to LDP VPLS.

    For details about how to configure LDP VPLS, see Configuring LDP VPLS. Perform the following steps on each endpoint PE of a PW:

    1. Run system-view

      The system view is displayed.

    2. Run vsi vsi-name [ auto | static ]

      A VSI is created.

    3. Run pwsignal ldp

      LDP is configured as a PW signaling protocol, and the VSI-LDP view is displayed.

    4. Run vsi-id vsi-id

      A VSI ID is set.

    5. Run peer peer-address [ negotiation-vc-id vc-id ] [ tnl-policy policy-name ]

      A VSI peer is configured, and a tunnel policy is applied to the VSI peer.

    6. Run commit

      The configuration is committed.

  • Apply a tunnel policy to an EVPN.

    For details about how to configure EVPN, see Configuring EVPN. Perform the following steps on PEs:

    • Apply a tunnel policy to Layer 2 services.

      1. Run system-view

        The system view is displayed.

      2. Run evpn vpn-instance vpn-instance-name [ vpws ] or evpn vpn-instance vpn-instance-name bd-mode

        The EVPN instance view is displayed.

      3. Run tnl-policy policy-name

        A tunnel policy is applied to the EVPN instance.

      4. Run commit

        The configuration is committed.

    • Apply a tunnel policy to Layer 3 services.

      1. Run system-view

        The system view is displayed.

      2. Run ip vpn-instance vpn-instance-name

        The VPN instance view is displayed.

      3. Run ipv4-family

        The VPN instance IPv4 address family view is displayed.

      4. Run tnl-policy policy-name evpn

        The EVPN routes that can be imported into the VPN instance IPv4 address family are associated with a tunnel policy.

      5. Run commit

        The configuration is committed.

    If an EVPN carries both Layer 2 and Layer 3 services, the preceding configurations for Layer 2 and Layer 3 services must be performed on each PE.

Parent Topic: Configuring and Applying a Tunnel Policy
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >