Contents

Tunnel policy commands· 1

binding-destination· 1

display mpls tunnel 2

mpls te reserved-for-binding· 3

preferred-path· 4

select-seq load-balance-number 5

tunnel-policy (system view) 6

Tunnel selector commands· 1

if-match extcommunity· 1

tunnel-selector 2

 

Tunnel policy commands

binding-destination

Use binding-destination to bind tunnels to a destination IP address in a tunnel policy, so the tunnels can be used only for a specific VPN service.

Use undo binding-destination to remove the tunnel bindings for a destination IP address.

Syntax

binding-destination dest-ip-address te { tunnel number }&<1-n> [ ignore-destination-check ] [ down-switch ]

undo binding-destination dest-ip-address

Default

A tunnel policy does not bind tunnels to a destination IP address.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

dest-ip-address: Specifies a destination IP address.

te: Specifies TE tunnels for binding.

tunnel number: Specifies a tunnel to be bound with the specified destination IP address. The value range for the number argument is 0 to 65534. &<1-n>: Indicates that you can specify a maximum of n binding tunnels. The value range for n is 1 to 16. If the value for n is greater than 1, traffic will be load shared among the binding tunnels.

ignore-destination-check: Ignores destination check. After this keyword is specified, a TE tunnel can be selected even if the tunnel destination IP address is different from the destination IP address of the tunnel policy. If you do not specify this keyword, a TE tunnel can be selected only if the tunnel destination IP address is the same as the destination IP address of the tunnel policy.

down-switch: Enables automatic tunnel switchover within the tunnel policy when the binding TE tunnels are not available. After this keyword is specified, the tunnel policy selects a TE tunnel by using the following methods in descending order of priority: binding tunnel—preferred tunnel—load sharing. If you do not specify this keyword, the device selects tunnels only from the binding-destination tunnels of the tunnel policy.

Usage guidelines

You can bind tunnels to multiple destination IP addresses in a tunnel policy.

Before binding MPLS TE tunnels to a destination IP address, first execute the mpls te reserved-for-binding command for the tunnels.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a binding tunnel identifies a peer PE, the tunnel policy uses the binding tunnel to forward the traffic to the peer PE.

·     If no binding tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Example

# In tunnel policy policy1, bind destination address 100.1.1.9 to four TE tunnels. Ignore destination check, and allow tunnel selection using other tunnel selection methods within the tunnel policy when the binding TE tunnels are not available.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] binding-destination 100.1.1.9 te tunnel 1 tunnel 2 tunnel 3 tunnel 4 ignore-destination-check down-switch

Related commands

mpls te reserved-for-binding

preferred-path

display mpls tunnel

Use display mpls tunnel to display tunnel information.

Syntax

display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all tunnels. MPLS TE tunnels are displayed only when the network layer is up.

statistics: Displays tunnel statistics.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays tunnel information for the public network.

destination: Displays the tunnel destined for the specified address.

ipv4-address: Specifies the tunnel destination IPv4 address.

ipv6-address: Specifies the tunnel destination IPv6 address.

Examples

# Display information about all tunnels.

<Sysname> display mpls tunnel all

Destination      Type     Tunnel/NHLFE      VPN Instance

2.2.2.2          LSP      NHLFE1024         -

3.3.3.3          CRLSP    Tunnel2           -

Table 1 Command output

Field	Description
Destination	Tunnel destination address.
Type	Tunnel type: LSP, CRLSP, or SRLSP.
Tunnel/NHLFE	Tunnel or NHLFE entry. NHLFEnumber represents the ingress LSP that matches the NHLFE entry with NID of number.
VPN Instance	VPN instance name. If the tunnel belongs to the public network, this field displays a hyphen (-).

 

# Display tunnel statistics.

<Sysname> display mpls tunnel statistics

LSP  :     1

CRLSP:     0

SRLSP:     0

Table 2 Command output

Field	Description
LSP	Number of LSP tunnels.
CRLSP	Number of CRLSPs.
SRLSP	Number of SRLSPs.

 

mpls te reserved-for-binding

Use mpls te reserved-for-binding to reserve an MPLS TE tunnel for binding tunnels of a tunnel policy.

Use undo mpls te reserved-for-binding to restore the default.

Syntax

mpls te reserved-for-binding

undo mpls te reserved-for-binding

Default

An MPLS TE tunnel can be used by any tunnel policy implementation methods.

Views

Tunnel interface view

Predefined user roles

network-admin

Usage guidelines

If a VPN has high requirements on bandwidth, you can select TE tunnels for the VPN by applying a tunnel policy that has binding TE tunnels to the VPN.

You must execute this command for an MPLS TE tunnel before the tunnel can be specified as a binding tunnel of a tunnel policy.

After you execute this command for an MPLS TE tunnel, the tunnel can only be used as a binding tunnel of a tunnel policy. For more information about binding tunnels, see the binding-destination command.

Examples

# Reserve an MPLS TE tunnel for binding tunnels of a tunnel policy.

<Sysname> system-view

[Sysname] interface tunnel 10 mode mpls-te

[Sysname-Tunnel10] mpls te reserved-for-binding

Related commands

binding-destination

preferred-path

Use preferred-path to configure a tunnel as a preferred tunnel.

Use undo preferred-path to remove a preferred tunnel.

Syntax

preferred-path { tunnel number }

undo preferred-path { tunnel number }

Default

No preferred tunnels are configured.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

tunnel number: Specifies an MPLS TE tunnel by its tunnel interface number. The value range for the number argumet is 0 to 65534.

Usage guidelines

As a best practice for an MPLS VPN, configure a preferred tunnel and make sure the destination address of the tunnel interface identifies the peer PE. In this method, the local PE forwards traffic destined for the peer PE over the preferred tunnel.

For a tunnel policy to solely use a tunnel, do not configure the tunnel as the preferred tunnel in other tunnel policies.

If you configure multiple preferred tunnels that have the same destination address in a tunnel policy, only the first configured tunnel takes effect. If the first tunnel is not available, the second tunnel is used, and so forth. No load sharing will be performed on these tunnels.

You can configure a maximum of 128 preferred tunnels in a tunnel policy.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a binding tunnel identifies a peer PE, the tunnel policy uses the binding tunnel to forward the traffic to the peer PE.

·     If no binding tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Examples

# Configure tunnel 1 and tunnel 2 as preferred tunnels for tunnel policy policy1.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] preferred-path tunnel 1

[Sysname-tunnel-policy-policy1] preferred-path tunnel 2

select-seq load-balance-number

Use select-seq load-balance-number to configure the tunnel selection order and set the number of tunnels for load sharing.

Use undo select-seq to restore the default.

Syntax

select-seq [ strict ] { cr-lsp | lsp | sr-lsp } * load-balance-number number

undo select-seq

Default

The device selects only one tunnel in LSP, CRLSP, and SRLSP order.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

strict: Uses the same type of tunnels for load balancing.

cr-lsp: Uses CRLSP tunnels.

lsp: Uses LSP tunnels.

sr-lsp: Uses SRLSP tunnels.

load-balance-number number: Specifies the number of tunnels for load sharing. The value range for the number argumet is 1 to 64.

Usage guidelines

A tunnel type closer to the select-seq keyword has a higher priority. The strict keyword determines whether VPN can use a hybrid of the specified types of tunnels for load balancing.

For example, the select-seq lsp cr-lsp load-balance-number 3 command specifies three tunnels for load balancing and gives LSP tunnels higher priority over CRLSP or SRLSP tunnels.

·     If you do not specify the strict keyword, the VPN can use CRLSP or SRLSP tunnels to remedy the deficiency of LSP tunnels.

·     If you specify the strict keyword, the VPN uses only one type of tunnels. It uses CRLSP or SRLSP tunnels only if no LSP tunnels are available.

Tunnels selected by this method are not fixed, making it hard to plan VPN traffic. As a best practice, do not use this method.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a binding tunnel identifies a peer PE, the tunnel policy uses the binding tunnel to forward the traffic to the peer PE.

·     If no binding tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Examples

# Configure tunnel policy policy1 to use only MPLS TE tunnels, and set the load sharing number to 2.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] select-seq cr-lsp load-balance-number 2

Related commands

binding-destination

preferred-path

tunnel-policy (system view)

Use tunnel-policy to create a tunnel policy and enter its view, or enter the view of an existing tunnel policy.

Use undo tunnel-policy to delete a tunnel policy.

Syntax

tunnel-policy tunnel-policy-name [ default ]

undo tunnel-policy tunnel-policy-name

Default

No tunnel policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

tunnel-policy-name: Specifies a name for the tunnel policy, a case-sensitive string of 1 to 19 characters.

default: Uses the policy as the global tunnel policy.

Usage guidelines

The device supports only one global tunnel policy.

By default, a tunnel policy selects only one tunnel in LSP, CRLSP, and SRLSP order.

An MPLS VPN uses the global tunnel policy if it is not bound with a specific tunnel policy or the bound policy does not exist. If the bound policy exists but is null, the MPLS VPN selects only one tunnel in LSP—GRE—CRLSP—SRLSP order.

Examples

# Create tunnel policy policy1 and enter its view.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1]

Tunnel selector commands

if-match extcommunity

Use if-match extcommunity to configure an extended community list match criterion for BGP routes.

Use undo if-match extcommunity to delete an extended community list match criterion for BGP routes.

Syntax

if-match extcommunity { ext-comm-list-number | ext-comm-list-name }&<1-32>

undo if-match extcommunity [ ext-comm-list-number | ext-comm-list-name ]&<1-32>

Default

No BGP extended community list match criterion is configured.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

ext-comm-list-number: Specifies an extended community list by its number, in the range of 1 to 65535.

ext-comm-list-name: Specifies an extended community list by its name, a case-sensitive string of 1 to 63 characters that cannot contain only digits.

&<1-32>: Indicates that you can specify a maximum of 32 extended community lists.

Usage guidelines

If the extended community list specified for a match criterion does not exist, the criterion matches all BGP routes.

Examples

# Configure extended community lists 100 and 150 to permit BGP routes with RT 100:100 and RT 150:150, respectively. Then configure node 10 in permit mode for tunnel selector ts1 to use community list 100 and 150 to match BGP routes.

<Sysname> system-view

[Sysname] ip extcommunity-list 100 permit rt 100:100

[Sysname] ip extcommunity-list 150 permit rt 150:150

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match extcommunity 100 150

Related commands

ip extcommunity-list (Layer 3—IP Routing Command Reference)

tunnel-selector

Use tunnel-selector to create a tunnel selector and enter its view, or enter the view of an existing tunnel selector.

Use undo tunnel-selector to delete a tunnel selector.

Syntax

tunnel-selector tunnel-selector-name { deny | permit } node node-number

undo tunnel-selector tunnel-selector-name { deny | permit } node node-number

Default

No tunnel selectors exist.

Views

System view

Predefined user roles

network-admin

Parameters

tunnel-selector-name: Specifies the tunnel selector name, a case-sensitive string of 1 to 40 characters.

deny: Sets the match mode of the tunnel selector to deny. If a route matches all the if-match clauses of a node, the route is denied and does not match the next node. If a route does not match an if-match clause of a node, the route continues to match the next node.

permit: Sets the match mode of the tunnel selector to permit. If a route matches all the if-match clauses of a node, the route matches the node. If a route does not match an if-match clause of a node, the route continues to match the next node.

node node-number: Specifies a node number for the tunnel selector. The value range for node-number argument is 0 to 65535. The node with a smaller node number is matched first.

Usage guidelines

A tunnel selector is needed in the following BGP/MPLS L3VPN scenarios:

·     In an inter-AS Option B network, an ASBR is not configured with VPN instances but it needs to apply a tunnel policy to the BGP VPNv4 or BGP VPNv6 routes received from the PEs.

·     In an inter-AS Option C network, the local PE needs to apply a tunnel policy to the BGP labeled routes advertised to the remote PEs.

Examples

# Create a tunnel selector and enter its view. Specify the tunnel selector name as ts1, node number as 10, and match mode as permit.

<Sysname> system-view

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10]