Tunnel Policy

IPv4 Tunnel Type-based Prioritization Policy

Tunnel type-based priorities determine the sequence in which types of tunnels are selected and the maximum number of tunnels that can participate in load balancing. Tunnels that can be selected in a tunnel type-based prioritization policy include LSPs, GRE tunnels, CR-LSPs, and SR-MPLS TE Policies. Tunnels defined in a tunnel type-based prioritization policy are selected in sequence. The tunnel type specified first is selected as long as the tunnels of this type are up, regardless of whether the tunnel is selected by other services. Generally, the tunnels of a later specified type are not selected except when load balancing is required or when the preceding tunnels are all down.

For example, both the CR-LSPs and LSPs are defined in a tunnel type-based prioritization policy (with the CR-LSPs being defined first), and the maximum number of tunnels that can participate in load balancing defined in the tunnel policy is three. In this situation, the rule for selecting tunnels is as follows:

• CR-LSPs are preferred provided that they are up. If the number of CR-LSPs in the up state is greater than or equal to three, the first three CR-LSPs are selected. If the number of CR-LSPs is less than three, the system selects LSPs, in addition to existing CR-LSPs, to load-balance traffic among the three tunnels.

• Given that LSPs are available and one CR-LSP has already been selected, at most two LSPs can be selected. If no or only one LSP is available, tunnels are selected based on the default tunnel policy. If more than two LSPs are available, one CR-LSP and first two LSPs are selected.

• If no tunnel policy is applied to an application or the tunnel policy to be applied has not been created yet, the system selects one available LSP. If no available LSP exists, a local IFNET tunnel is selected.

• If a protection group is configured for a TE tunnel (that is, CR-LSP), the protection tunnel does not participate in selection.

• CR-LSPs include RSVP-TE and SR-MPLS TE tunnels. A tunnel that goes up earlier has a higher priority.

• LSPs include LDP LSPs, BGP LSPs, and SR-LSPs, whose priorities are in descending order. Specifically, if LSPs are used, LDP LSPs are preferentially selected for load balancing. If LDP LSPs are insufficient, the system searches for available BGP LSPs. If LDP and BGP LSPs are insufficient, SR-LSPs are selected.

IPv6 Tunnel Type-based Prioritization Policy

On an IPv6 network, SRv6 TE Policies and SRv6 TE Policy groups are involved in tunnel selection. Tunnels defined in a tunnel type-based prioritization policy are selected in sequence. The tunnels with the type specified first are selected as long as the tunnels of this type are up, regardless of whether the tunnels are selected by other services. Generally, the tunnels of a later specified type are not selected except when the preceding tunnels are all down.

For example, the SRv6 TE Policy and SRv6 TE Policy group are specified in a tunnel policy in sequence. In this situation, the rules for selecting tunnels are as follows:

An available SRv6 TE Policy is preferentially selected. If the status of an SRv6 TE Policy changes to down and no SRv6 TE Policy meets the selection rules, the SRv6 TE Policy group that meets the selection rules is selected.

• If no tunnel policy is applied to an application module or a nonexistent tunnel policy is applied to the application module, no tunnel is selected by default.
• SRv6 TE Policies and SRv6 TE Policy groups cannot be selected at the same time.

Tunnel Binding Policy

In a tunnel binding policy, you can bind one destination address to a tunnel. Then, VPN services applying the policy will be transmitted over the bound tunnel. The system does not check whether the bound tunnel is a TE tunnel, and the tunnel binding policy takes effect only on TE tunnels. Therefore, ensure that the tunnel binding policy is correctly configured. As shown in Figure 1, two MPLS TE tunnels (tunnel 1 and tunnel 2) are set up between PE1 and PE3.

Figure 1 Application of a tunnel binding policy

If you bind VPNA to tunnel 1 and VPNB to tunnel 2, VPNA and VPNB use separate MPLS TE tunnels. This means that tunnel 1 serves only VPNA and tunnel 2 serves only VPNB. In this manner, services of VPNA and VPNB are isolated from each other and also from other services. The bandwidth for VPNA and VPNB is therefore ensured, which facilitates later QoS deployment.

In tunnel binding, you can bind one destination address to one or more TE tunnels to load-balance services. In addition, you can configure the down-switch attribute to enable other types of tunnels to be selected when the specified tunnels are unavailable, ensuring traffic continuity.

A common tunnel binding policy selects common TE tunnels based on destination addresses and tunnel interface indexes. A tunnel binding policy observes the following tunnel selection rules:

• If the tunnel binding policy does not designate any TE tunnels for a destination IP address, an available tunnel is selected based on the default tunnel policy.

• If the tunnel binding policy designates several TE tunnels for a destination IP address and more than one designated TE tunnel is available, one of the available TE tunnels is selected.

• If the tunnel binding policy designates several TE tunnels for the destination IP address but none of the designated TE tunnels is available, tunnel selection is determined by the down-switch attribute. If the down-switch attribute is not configured, no tunnels are selected. If the down-switch attribute is configured, an available tunnel is selected based on the default tunnel policy.

Comparison of Tunnel Policies