The tunnel management (TNLM) module is used to select a tunnel for an application according to specific configurations and notifies the application of the tunnel's status.
VPN tunnel management covers the introduction to common VPN tunnels and tunnel configuration management.
Common VPN tunnels are as follows:
LSP
LSPs are used as tunnels for VPN data forwarding over the Multiprotocol Label Switching (MPLS) backbone network. On an LSP, only provider edges (PEs) need to analyze IP packet headers. As such, the time to process VPN packets is shortened and the delay in VPN packet transmission is reduced. In addition, MPLS labels are supported by all link layer protocols.
MPLS TE
With MPLS deployed, carriers are generally required to provide VPN users with end-to-end QoS guarantees for various services, such as the audio, video, mission-critical, and regular Internet access services. In this situation, MPLS TE tunnels can be used to optimize network resources and offer users QoS-guaranteed services.
GRE
Generic Routing Encapsulation (GRE), which applies to both Layer 2 virtual private networks (L2VPNs) and Layer 3 virtual private networks (L3VPNs). LSPs are usually used as public network tunnels on the MPLS VPN backbone network. However, LSPs cannot be used as public network tunnels in the scenario where MPLS is supported by PEs, but not by Ps functioning as core devices on the backbone network and providing IP functions. Instead of LSPs, you can use GRE tunnels to provide an L3VPN or L2VPN solution for the backbone network.
Segment Routing-MPLS (SR-MPLS) TE Policy is a tunneling technology developed based on SR. An SR-MPLS TE Policy is represented by a set of candidate paths consisting of one or more segment lists, also known as segment ID (SID) lists. Each SID list identifies an end-to-end path from the source to the destination, instructing a device to forward traffic through the path, rather than the shortest path computed using an IGP. If a packet is steered into an SR-MPLS TE Policy, the ingress adds a SID list associated with that policy into the packet, so that other devices on the network can execute the instructions encapsulated into the list.
A Flex-Algo LSP is a label forwarding path that is established using Segment Routing (SR), and a prefix or node SID is used to guide data packet forwarding through such a path. An IGP uses the shortest path algorithm to calculate the optimal SR LSP based on a Flex-Algo topology. The establishment and data forwarding of a Flex-Algo LSP are similar to those of an LDP LSP. Flex-Algo LSPs have no tunnel interfaces.
IPv6 Segment Routing (SRv6) TE Policy is a tunneling traffic diversion technology developed based on SRv6. An SRv6 TE Policy is a set of candidate paths consisting of one or more segment lists, that is, segment ID (SID) lists. Each SID list identifies an end-to-end path from the source to the destination, instructing a device to forward traffic through the path, rather than the shortest path computed using an IGP. The header of a packet steered into an SRv6 TE Policy is augmented with an ordered list of segments associated with that SRv6 TE Policy, so that other devices on the network can execute the instructions encapsulated into the list.
The establishment and management of tunnels vary according to tunnel types. For example, MPLS TE tunnels, including constraint-based routed label switching paths (CR-LSPs) are established and managed using tunnel interfaces, whereas Label Distribution Protocol (LDP) LSPs are automatically created as long as corresponding protocols are configured.
This section focuses on the following aspects:
Tunnel interface configuration: You can specify a particular tunnel type for each tunnel interface. The configurations of tunnels vary according to tunnel types.
Tunnel management: The tunnel status is informed to the application that uses a tunnel, and a tunnel policy is provided to select a tunnel. The tunnel policy function is commonly used.
Tunnel management allows VPNs to can better use the tunneling technology to establish dedicated data transmission channels on the backbone network to transparently transmit packets.