interface "int-gre-tunnel" tunnel create
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
From 10.0R8 onward, the gre-tunnel parameter has been replaced by the
ip-tunnel parameter together with a sub-parameter
gre-header to identify this to be a GRE tunnel. In addition, the
to ip-address parameter has been deprecated and replaced with the sub-parameter
dest-ip.
interface "int-gre-tunnel" tunnel create
sap tunnel-1.private:1 create
ip-tunnel "gre-tunnel-1" create
dest-ip 10.0.0.2
gre-header
2.
|
The show gre tunnel command has been replaced by the show ip tunnel command.
|
*A:PE-1#configure card 1 mda 1 mda-type "isa-tunnel"
*A:PE-1# show mda
=========================================================
MDA Summary
=========================================================
Slot Mda Provisioned Equipped Admin Operational
Mda-type Mda-type State State
---------------------------------------------------------
snip-
1 2 isa-tunnel isa-ms up up
*A:PE-1# configure isa tunnel-group ?
- tunnel-group <tunnel-group-id> [create]
- no tunnel-group <tunnel-group-id>
<tunnel-group-id> : [1..16]
<create> : keyword - mandatory while creating an entry.
*A:PE-11# configure isa tunnel-group 1 create
MINOR: IPSECGRPMGR #1008 Chassis mode B or higher is required
*A:PE-1>config>isa>tunnel-grp#
[no] backup - Configure ISA-Tunnel-Group backup ISA
[no] description - Configure the ISA group description
[no] primary - Configure ISA-Tunnel-Group primary ISA
[no] shutdown - Administratively enable/disable an ISA-Tunnel-Group
A:PE-1>config>isa# info
----------------------------------------------
tunnel-group 1 create
primary 1/2
backup 2/1
no shutdown
exit
----------------------------------------------
*A:PE-1>config>isa>tunnel-grp# primary 1/2
MINOR: IPSECGRPMGR #1003 The specified MDA is primary in another Tunnel Group
*A:PE-1>config>isa>tunnel-grp# backup 1/2
MINOR: IPSECGRPMGR #1003 The specified MDA is primary in another Tunnel Group
*A:PE-1# show isa tunnel-group
============================================================
ISA Tunnel Groups
============================================================
Tunnel PrimaryIsa BackupIsa ActiveIsa Admin Oper
GroupId State State
------------------------------------------------------------
1 1/2 2/1 1/2 Up Up
*A:PE-1# show gre tunnel count
-----------------------------
GRE Tunnels: 1
*A:PE-1# show gre tunnel
===============================================================================
GRE Tunnels
===============================================================================
TunnelName LocalAddress SvcId Admn
SapId RemoteAddress DlvrySvcId Oper
To Bkup RemAddr DSCP Oper Rem Addr
-------------------------------------------------------------------------------
gre-tunnel-1 192.168.1.1 1 Up
tunnel-1.private:1 192.168.0.1 2 Up
10.0.0.2 None 192.168.0.1
protected-gre-tunnel 192.168.4.1 3 Up
tunnel-1.private:5 192.168.3.1 3 Up
10.0.0.5 None 192.168.3.1
-------------------------------------------------------------------------------
GRE Tunnels: 2
===============================================================================
*A:PE-1# show gre tunnel "gre-tunnel-1"
===============================================================================
GRE Tunnel Configuration Detail
===============================================================================
Service Id : 1 Sap Id : tunnel-1.private:1
Tunnel Name : gre-tunnel-1
Description : None
Target Address : 10.0.0.2 Delivery Service : 2
Admin State : Up Oper State : Up
Source Address : 192.168.1.1 Oper Remote Addr : 192.168.0.1
Remote Address : 192.168.0.1 Backup Address :
DSCP : None
Oper Flags : None
===============================================================================
GRE Tunnel Statistics: gre-tunnel-1
===============================================================================
Errors Rx : 0 Errors Tx : 0
Pkts Rx : 7 Pkts Tx : 7
Bytes Rx : 532 Bytes Tx : 364
Key Ignored Rx : 0 Too Big Tx : 0
Seq Ignored Rx : 0
Vers Unsup. Rx : 0
Invalid Chksum Rx: 0
Loops Rx : 0
The public tunnel SAP type has the format tunnel-
id.
private|
public:
tag (where the
id corresponds to the tunnel group) as shown in the following example.
*A:PE-1>config>service>ies>if# sap ?
tunnel-id - tunnel-<id>.<private|public>:<tag>
*A:PE-1>config>service>ies# info
----------------------------------------------
interface "int-tunnel-public" create
address 192.168.1.2/30
tos-marking-state untrusted
sap tunnel-1.public:1 create
exit
exit
no shutdown
*A:PE-1>config>service>ies# interface "tunnel-public" sap tunnel-1.public:1 create
INFO: PIP #1288 Cannot bind when there are /32 or /128 addresses configured
The private tunnel SAP has the format tunnel-
id.
private|
public:
tag (where the
id corresponds to the tunnel-group) as shown in the following CLI example where an unprotected GRE tunnel is configured under the SAP.
*A:PE-1>config>service>vprn>if# sap ?
tunnel-id - tunnel-<id>.<private|public>:<tag>
*A:PE-1>config>service>vprn# info
---------------------------------------------------------------
---snip--
interface "int-gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
bfd 100 receive 100 multiplier 3
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
---snip---
sap tunnel-1.private:1 <=> sap tunnel-1.public:2
*A:PE-1>config>service>vprn# info
---------------------------------------------------------------
---snip--
interface "gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
sap tunnel-1.private:1
gre-tunnel "gre-tunnel" to 10.0.0.2
---snip---
The to keyword followed by the private IP address of the remote tunnel endpoint is mandatory.
Under the gre-tunnel command, configure the following parameters:
*A:PE-1>config>service>vprn# info
---------------------------------------------------------------
---snip--
interface "gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
bfd 100 receive 100 multiplier 3
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
source 192.168.1.1
remote-ip 192.168.0.1
delivery-service 2
dscp af22
no shutdown
exit
*A:PE-1>config>service>vprn>if>sap# gre-tunnel "gre-tunnel-2" to 10.0.0.2 create
MINOR: SVCMGR #5120 Only one GRE tunnel allowed per SAP
A:PE-1# configure service vprn 1
A:PE-1>config>service>vprn# info
----------------------------------------------
route-distinguisher 64496:1
vrf-target target:64496:1
interface "int-gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
source 192.168.1.1
remote-ip 192.168.0.1
delivery-service 2
no shutdown
exit
exit
exit
static-route 172.16.1.1/32 next-hop 10.0.0.2
*A:PE-1# show router 1 static-route
===============================================================================
Static Route Table (Service: 1) Family: IPv4
===============================================================================
Prefix Tag Met Pref Type Act
Next Hop Interface
-------------------------------------------------------------------------------
172.16.1.1/32 0 1 5 NH Y
10.0.0.2 int-gre-tunnel
-------------------------------------------------------------------------------
No. of Static Routes: 1
*A:PE-1>config>service>vprn# info
----------------------------------------------
router-id 192.0.2.2
autonomous-system 64496
route-distinguisher 64496:1
vrf-target target:64496:1
interface "int-gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
source 192.168.1.1
remote-ip 192.168.0.1
delivery-service 2
no shutdown
exit
exit
static-route 172.16.1.1/32 next-hop 10.0.0.2
bgp
local-as 64496
router-id 192.0.2.2
group "group-1"
type internal
local-as 64496
local-address 172.32.1.1
neighbor 172.16.1.1
exit
exit
no shutdown
exit
*A:PE-1# show router 1 bgp neighbor
===============================================================================
BGP Neighbor
===============================================================================
Peer : 172.16.1.1
Group : group-1
-------------------------------------------------------------------------------
Peer AS : 64496 Peer Port : 179
Peer Address : 172.16.1.1
Local AS : 64496 Local Port : 49554
Local Address : 172.32.1.1
Peer Type : Internal
State : Established Last State : Active
---snip---
*A:PE-1>config>service>vprn# info
----------------------------------------------
router-id 192.0.2.2
route-distinguisher 64496:1
vrf-target target:64496:1
interface "int-gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
bfd 100 receive 100 multiplier 3
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
source 192.168.1.1
remote-ip 192.168.0.1
delivery-service 2
no shutdown
exit
exit
exit
ospf
area 0.0.0.0
interface "int-gre-tunnel"
exit
interface "int-CE-1"
interface-type point-to-point
exit
exit
exit
no shutdown
*A:PE-1# show router 1 ospf neighbor
===============================================================================
OSPF Neighbors
===============================================================================
Interface-Name Rtr Id State Pri RetxQ TTL
Area-Id
-------------------------------------------------------------------------------
int-gre-tunnel 192.0.2.1 Full 1 0 30
0.0.0.0
-------------------------------------------------------------------------------
No. of Neighbors: 1
===============================================================================
*A:PE-1# show router 1 route-table protocol ospf
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.1.1/32 Remote OSPF 00h04m58s 10
10.0.0.2 10
-------------------------------------------------------------------------------
*A:PE-1>config>ipsec# info
----------------------------------------------
ike-policy 1 create
dh-group 5
exit
ipsec-transform 1 create
esp-encryption-algorithm aes256
exit
----------------------------------------------
*A:PE-1# configure service vprn 3
*A:PE-1>config>service>vprn# info
----------------------------------------------
ipsec
security-policy 1 create
entry 1 create
local-ip 192.168.4.0/24
remote-ip 192.168.3.0/24
exit
exit
exit
route-distinguisher 64496:3
vrf-target target:64496:3
interface "int-private-ipsec-1" tunnel create
sap tunnel-1.private:3 create
ipsec-tunnel "ipsec-tunnel-for-gre-tunnel" create
security-policy 1
local-gateway-address 10.2.2.1 peer 10.1.1.1 delivery-service 4
dynamic-keying
ike-policy 1
pre-shared-key "ALU"
transform 1
exit
no shutdown
exit
exit
exit
interface "int-public-gre-1" create
address 192.168.4.2/24
sap tunnel-1.public:4 create
exit
exit
interface "int-private-gre-1" tunnel create
address 10.0.0.6/30
sap tunnel-1.private:5 create
gre-tunnel "protected-gre-tunnel" to 10.0.0.5 create
source 192.168.4.1
remote-ip 192.168.3.1
delivery-service 3
no shutdown
exit
exit
exit
static-route 192.168.3.0/24 ipsec-tunnel "ipsec-tunnel-for-gre-tunnel"
no shutdown
*A:PE-1>config>service>ies# info
----------------------------------------------
interface "public-ipsec-1" create
address 10.2.2.2/24
tos-marking-state untrusted
sap tunnel-1.public:3 create
exit
exit
*A:PE-1# show gre tunnel
===============================================================================
GRE Tunnels
===============================================================================
TunnelName LocalAddress SvcId Admn
SapId RemoteAddress DlvrySvcId Oper
To Bkup RemAddr DSCP Oper Rem Addr
-------------------------------------------------------------------------------
protected-gre-tunnel 192.168.4.1 3 Up
tunnel-1.private:5 192.168.3.1 3 Up
10.0.0.5 None 192.168.3.1
-------------------------------------------------------------------------------
*A:PE-1# show gre tunnel "gre-tunnel-1"
===============================================================================
GRE Tunnel Configuration Detail
===============================================================================
Service Id : 1 Sap Id : tunnel-1.private:1
Tunnel Name : gre-tunnel-1
Description : None
Target Address : 10.0.0.2 Delivery Service : 2
Admin State : Up Oper State : Up
Source Address : 192.168.1.1 Oper Remote Addr : 192.168.0.1
Remote Address : 192.168.0.1 Backup Address :
DSCP : None
Oper Flags : None
===============================================================================
GRE Tunnel Statistics: gre-tunnel-1
===============================================================================
Errors Rx : 0 Errors Tx : 0
Pkts Rx : 9164 Pkts Tx : 14176
Bytes Rx : 703812 Bytes Tx : 750429
Key Ignored Rx : 0 Too Big Tx : 0
Seq Ignored Rx : 0
Vers Unsup. Rx : 0
Invalid Chksum Rx: 0
Loops Rx : 0
*A:PE-1# show ipsec tunnel
===============================================================================
IPsec Tunnels
===============================================================================
TunnelName LocalAddress SvcId Admn Keying
SapId RemoteAddress DlvrySvcId Oper Sec
Plcy
-------------------------------------------------------------------------------
ipsec-tunnel-for-gre-tunnel 10.2.2.1 3 Up Dynamic
tunnel-1.private:3 10.1.1.1 4 Down 1
-------------------------------------------------------------------------------
*A:PE-1# ping router 3 10.0.0.5
PING 10.0.0.5 56 data bytes
64 bytes from 10.0.0.5: icmp_seq=1 ttl=64 time=4.64ms.
64 bytes from 10.0.0.5: icmp_seq=2 ttl=64 time=4.54ms.
64 bytes from 10.0.0.5: icmp_seq=3 ttl=64 time=4.42ms.
64 bytes from 10.0.0.5: icmp_seq=4 ttl=64 time=5.01ms.
64 bytes from 10.0.0.5: icmp_seq=5 ttl=64 time=4.40ms.
*A:PE-1# show ipsec tunnel
===============================================================================
IPsec Tunnels
===============================================================================
TunnelName LocalAddress SvcId Admn Keying
SapId RemoteAddress DlvrySvcId Oper Sec
Plcy
-------------------------------------------------------------------------------
ipsec-tunnel-for-gre-tunnel 10.2.2.1 3 Up Dynamic
tunnel-1.private:3 10.1.1.1 4 Up 1
-------------------------------------------------------------------------------
IPsec Tunnels: 1
===============================================================================
*A:PE-1>config>service>vprn# info
----------------------------------------------
router-id 192.0.2.2
route-distinguisher 64496:1
vrf-target target:64496:1
interface "int-gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
bfd 100 receive 100 multiplier 3
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
source 192.168.1.1
remote-ip 192.168.0.1
delivery-service 2
no shutdown
exit
exit
exit
static-route 172.16.1.1/32 next-hop 10.0.0.2 bfd-enable
*A:PE-1# show router 1 bfd session
===============================================================================
BFD Session
===============================================================================
Interface State Tx Intvl Rx Intvl Multipl
Remote Address Protocols Tx Pkts Rx Pkts Type
-------------------------------------------------------------------------------
gre-tunnel Up (3) 100 100 3
10.0.0.2 static N/A N/A cpm-np
-------------------------------------------------------------------------------
No. of BFD sessions: 1
===============================================================================
*A:PE-1>config>service>vprn# info
----------------------------------------------
router-id 192.0.2.2
route-distinguisher 64496:1
vrf-target target:64496:1
interface "int-gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
bfd 100 receive 100 multiplier 3
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
source 192.168.1.1
remote-ip 192.168.0.1
delivery-service 2
no shutdown
exit
exit
exit
ospf
area 0.0.0.0
interface "int-gre-tunnel"
bfd-enable
exit
---snip--
*A:PE-1# show router 1 bfd session
===============================================================================
BFD Session
===============================================================================
Interface State Tx Intvl Rx Intvl Multipl
Remote Address Protocols Tx Pkts Rx Pkts Type
-------------------------------------------------------------------------------
int-gre-tunnel Up (3) 100 100 3
10.0.0.2 ospf2 N/A N/A cpm-np
-------------------------------------------------------------------------------
*A:PE-1>config>service>vprn# info
----------------------------------------------
router-id 192.0.2.2
autonomous-system 64496
route-distinguisher 64496:1
vrf-target target:64496:1
interface "int-gre-tunnel" tunnel create
address 10.0.0.1/30
ip-mtu 1476
bfd 100 receive 100 multiplier 3
sap tunnel-1.private:1 create
gre-tunnel "gre-tunnel-1" to 10.0.0.2 create
source 192.168.1.1
remote-ip 192.168.0.1
delivery-service 2
no shutdown
exit
exit
exit
static-route 172.16.1.1/32 next-hop 10.0.0.2
bgp
local-as 64496
router-id 192.0.2.2
group "group-1"
type internal
local-as 64496
local-address 172.32.1.1
neighbor 172.16.1.1
bfd-enable
exit
exit
no shutdown
exit
*A:PE-1# show router 1 bfd session
===============================================================================
BFD Session
===============================================================================
Interface State Tx Intvl Rx Intvl Multipl
Remote Address Protocols Tx Pkts Rx Pkts Type
-------------------------------------------------------------------------------
int-CE-1 Up (3) 100 100 3
172.16.1.1 bgp N/A N/A cpm-np
-------------------------------------------------------------------------------
No. of BFD sessions: 1
===============================================================================
interface "gre-tunnel" tunnel create
address 10.0.0.1/30
sap tunnel-1.private:200 create
gre-tunnel "gre-tunnel" to 10.0.0.2
source 192.168.11.2
remote-ip 192.168.10.2
delivery-service 21
dscp af41
Maximum entries configured : 1000
Number of entries logged : 2
2010/12/13 18:26:15 Ip Filter: 10:10 Desc:
SAP: 1/1/1 Direction: Egress Action: Forward
Src MAC: 1c-2c-01-01-00-01 Dst MAC: 1c-2d-01-01-00-01 EtherType: 0800
Src IP: 192.168.11.2 Dst IP: 192.168.10.2 Flags: 0 TOS: 88 TTL: 254
vprn 1 customer 1 create
router-id 172.17.1.1
autonomous-system 650000
route-distinguisher 65000:1
interface "gre-tunnel" tunnel
address 10.0.0.1/30
ip-mtu 1476
sap tunnel-1.private:201
*A:PE-1# show router 1 interface "gre-tunnel" detail | match MTU
IP Oper MTU : 1476 ICMP Mask Reply : True
*A:PE-1>config>service>ies>if# sap tunnel-1.public:2 collect-stats
*A:PE-1>config>service>vprn>if# sap tunnel-1.private:2 collect-stats
*A:PE-1>config>service>vprn>if# info
----------------------------------------------
---snip---
sap tunnel-1.private:1 create
ingress
qos 10
filter ip 1
exit
egress
qos 10
filter ip 1
exit
*A:PE-1>config>service>ies>if# info
----------------------------------------------
address 192.168.1.2/30
tos-marking-state untrusted
sap tunnel-1.public:1 create
ingress
qos 10
filter ip 1
exit
egress
qos 10
filter ip 1
exit
*A:PE-1# show debug
debug
mirror-source 99
sap tunnel-1.private:3 egress ingress
sap tunnel-1.public:1 egress ingress
no shutdown
exit
exit