GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation
GigaSMART-enabled nodes with the Advanced Tunneling license installed can encapsulate traffic and send it through a GigaSMART tunnel to a destination GigaSMART-enabled node.
Use GigaSMART Layer 2 (L2) Generic Routing Encapsulation (GRE) tunnel encapsulation to send traffic from one GigaSMART node over the Internet to a second GigaSMART node using L2GRE encapsulation. Use GigaSMART L2GRE tunneldecapsulation at the second GigaSMART node to decapsulate the traffic before sending it to local tool ports.
GigaSMART Layer 2 GRE tunnel encapsulation/decapsulation provides the following:
• L2GRE tunnel initiation and encapsulation on the tool port at the sending end of the tunnel (for example, at a remote site)
• L2GRE tunnel termination and decapsulation on the network port at the receiving end of the tunnel (for example, at a main office site)
Refer to the following configuration examples:
• Example 1 – GigaSMART L2GRE Tunnel Encapsulation
• Example 2 – GigaSMART L2GRE Tunnel Encap Stateful LB
• Example 3 – GigaSMART L2GRE Tunnel Encap Stateless LB
• Example 4 – GigaSMART L2GRE Tunnel Decapsulation
• Example 5 – GigaSMART L2GRE IPv6 Tunnel Encap/Decap
Example 1 – GigaSMART L2GRE Tunnel Encapsulation
In this example, an IP interface is configured on the tool port. A GigaSMART operation for tunnel encapsulation is configured to encapsulate the filtered packets. A map is configured that uses the L2GRE tunnel encapsulation GigaSMART operation, which sends packets from the remote site over the Internet to the main office using the IP interface with tool port.
Step
Description
Command
1.
Configure a tool type of port and a network type of port.
(config) # port 1/1/x1 type tool
(config) # port 1/1/x2 type network
2.
Configure a GigaSMART group and associate it with a GigaSMART engine port.
(config) # gsgroup alias gsport1 port-list 1/1/e1
3.
Configure the IP interface with an IP address, subnet mask, default gateway, and MTU setting. Assign it to the GigaSMART group.
(config) # ip interface alias test
(config ip interface alias test) # attach 1/1/x1
(config ip interface alias test) # ip address 1.1.1.1 /29
(config ip interface alias test) # gw 1.1.1.2
(config ip interface alias test) # mtu 9400
(config ip interface alias test) # gsgroup add gsport1
(config ip interface alias test) # exit
4.
Configure the GigaSMART operation for tunnel encapsulation and assign it to the GigaSMART group. The tunnel encapsulation settings include the IP address (IPv4) of the IP interface on the destination GigaSMART node and the GRE key that identifies the source of the tunnel.
(config) # gsop alias gsop1 tunnel-encap type l2gre ipdst 4.4.4.4 key 12314 port-list gsport1
5.
Create a map using the tunnel encapsulation GigaSMART operation, with packets coming from the network port and being sent to the Internet through the tool port.
(config) # map alias tun_encap
(config map alias tun_encap) # type regular byRule
(config map alias tun_encap) # use gsop tunnelencap
(config map alias tun_encap) # rule add pass ipver 4
(config map alias tun_encap) # from 1/1/x2
(config map alias tun_encap) # to 1/1/x1
(config map alias tun_encap) # exit
(config) #
6.
Display the configuration for this example.
(config) # show gsgroup
(config) # show ip interfaces
(config) # show gsop
(config) # show map
Example 2 – GigaSMART L2GRE Tunnel Encap Stateful LB
Example 2 configures stateful load balancing of tunnel traffic to three tunnel endpoints based on a metric. Each tunnel endpoint is assigned a weight.
Step
Description
Command
1.
Configure a tool type of port and a network type of port.
(config) # port 1/3/x2 type tool
(config) # port 1/3/x1 type network
2.
Configure a GigaSMART group and associate it with a GigaSMART engine port.
(config) # gsgroup alias gsport1 port-list 1/1/e1
3.
Configure the IP interface with an IP address, subnet mask, default gateway, and MTU setting. Assign it to the GigaSMART group.
(config) # ip interface alias test
(config ip interface alias test) # attach 1/3/x2
(config ip interface alias test) # ip address 1.1.1.1 /29
(config ip interface alias test) # gw 1.1.1.100
(config ip interface alias test) # mtu 9400
(config ip interface alias test) # gsgroup add gsport1
(config ip interface alias test) # exit
4.
Configure tunnel endpoints. The alias is optional.
(config) # tunnel-endpoint te-id te1 alias tunnel_endpoint1
(config) # tunnel-endpoint te-id te1 type remote ip-address 1.1.1.200
(config) # tunnel-endpoint te-id te2 alias tunnel_endpoint2
(config) # tunnel-endpoint te-id te2 type remote ip-address 1.1.1.201
(config) # tunnel-endpoint te-id te3 alias tunnel_endpoint3
(config) # tunnel-endpoint te-id te3 type remote ip-address 1.1.1.202
5.
Create a port group and specify the list of tunnel endpoints for load balancing.
(config) # port-group alias pg1 te-list te1,te2,tunnel_endpoint3
6.
(Optional) Specify weights for each tunnel endpoint in the port group.
(config) # port-group alias pg1 weight te1 50
(config) # port-group alias pg1 weight te2 20
(config) # port-group alias pg1 weight te3 30
7.
Enable load balancing on the port group.
(config) # port-group alias pg1 smart-lb enable
8.
Configure the GigaSMART operation for tunnel encapsulation and assign it to the GigaSMART group. Include the tunnel application, port group, and load balancing metric for stateful load balancing.
(config) # gsop alias gsop1 tunnel-encap type l2gre pgdst pg1 key 123 session-field ip-any outer lb app tunnel metric round-robin port-list gsport1
9.
Create a map using the tunnel encapsulation GigaSMART operation.
(config) # map alias tun_encap
(config map alias tun_encap) # type regular byRule
(config map alias tun_encap) # roles replace admin to owner_roles
(config map alias tun_encap) # use gsop gsop1
(config map alias tun_encap) # rule add pass ipver 4
(config map alias tun_encap) # from 1/3/x1
(config map alias tun_encap) # to 1/3/x2
(config map alias tun_encap) # exit
(config) #
10.
Display the configuration for this example.
(config) # show gsgroup
(config) # show ip interfaces
(config) # show tunnel-endpoint
(config) # show port-group
(config) # show gsop
(config) # show map
(config) # show load-balance port-group stats
Example 3 – GigaSMART L2GRE Tunnel Encap Stateless LB
Example 3 configures stateless load balancing of tunnel traffic to three tunnel endpoints based on a hash value.
Example 3 differs from Example 2 in the configuration of the GigaSMART operation (gsop).
Step
Description
Command
1.
Configure a tool type of port and a network type of port.
(config) # port 1/3/x2 type tool
(config) # port 1/3/x1 type network
2.
Configure a GigaSMART group and associate it with a GigaSMART engine port.
(config) # gsgroup alias gsport1 port-list 1/1/e1
3.
Configure the IP interface with an IP address, subnet mask, default gateway, and MTU setting. Assign it to the GigaSMART group.
(config) # ip interface alias test
(config ip interface alias test) # attach 1/3/x2
(config ip interface alias test) # ip address 1.1.1.1 /29
(config ip interface alias test) # gw 1.1.1.100
(config ip interface alias test) # mtu 9400
(config ip interface alias test) # gsgroup add gsport1
(config ip interface alias test) # exit
4.
Configure tunnel endpoints. The alias is optional.
(config) # tunnel-endpoint te-id te1 alias tunnel_endpoint1
(config) # tunnel-endpoint te-id te1 type remote ip-address 1.1.1.200
(config) # tunnel-endpoint te-id te2 alias tunnel_endpoint2
(config) # tunnel-endpoint te-id te2 type remote ip-address 1.1.1.201
(config) # tunnel-endpoint te-id te3 alias tunnel_endpoint3
(config) # tunnel-endpoint te-id te3 type remote ip-address 1.1.1.202
5.
Create a port group and specify the list of tunnel endpoints for load balancing.
(config) # port-group alias pg1 te-list te1,te2,tunnel_endpoint3
6.
Enable load balancing on the port group.
(config) # port-group alias pg1 smart-lb enable
7.
Configure the GigaSMART operation for tunnel encapsulation and assign it to the GigaSMART group. Include the tunnel application, port group, and load balancing hashing for stateless load balancing.
(config) # gsop alias gsop2 tunnel-encap type l2gre pgdst pg1 key 123 lb hash 5-tuple outer port-list gsport1
8.
Create a map using the tunnel encapsulation GigaSMART operation.
(config) # map alias tun_encap
(config map alias tun_encap) # type regular byRule
(config map alias tun_encap) # roles replace admin to owner_roles
(config map alias tun_encap) # use gsop gsop2
(config map alias tun_encap) # rule add pass ipver 4
(config map alias tun_encap) # from 1/3/x1
(config map alias tun_encap) # to 1/3/x2
(config map alias tun_encap) # exit
(config) #
Example 4 – GigaSMART L2GRE Tunnel Decapsulation
In this example, an IP interface is configured on the network port. A GigaSMART operation for tunnel decapsulation is configured to decapsulate the filtered packets. A map is configured that uses the L2GRE tunnel decapsulation GigaSMART operation, which receives packets from the remote site over the Internet to the main office using the IP interface with tool port and then forwards packets over the tool port.
Step
Description
Command
1.
Configure a network type of port and a tool type of port.
(config) # port 1/1/x3 type network
(config) # port 1/1/x4 type tool
2.
Configure a GigaSMART group and associate it with a GigaSMART engine port.
(config) # gsgroup alias gsport1 port-list 1/1/e1
3.
Configure the IP interface with an IP address, subnet mask, default gateway, and MTU setting. Assign it to the GigaSMART group.
The IP address must match the destination IP address specified at the sending end of the tunnel.
(config) # ip interface alias test
(config ip interface alias test) # attach 1/1/x3
(config ip interface alias test) # ip address 2.1.1.1 /29
(config ip interface alias test) # gw 2.1.1.2
(config ip interface alias test) # mtu 9400
(config ip interface alias test) # gsgroup add gsport1
(config ip interface alias test) # exit
4.
Configure the GigaSMART operation for tunnel decapsulation and assign it to the GigaSMART group. The tunnel decapsulation settings include the GRE key that identifies the source of the tunnel.
(config) # gsop alias tunneldecap tunnel-decap type l2gre key 12314 port-list gsport1
5.
Create a map using the tunnel decapsulation GigaSMART operation, with packets coming from the Internet through the network port and being sent to the local tool port.
(config) # map alias tun_decap
(config map alias tun_decap) # type regular byRule
(config map alias tun_decap) # use gsop tunneldecap
(config map alias tun_decap) # rule add pass ipsrc 1.1.1.1 255.255.255.0
(config map alias tun_decap) # from 1/1/x3
(config map alias tun_decap) # to 1/1/x4
(config map alias tun_decap) # exit
(config) #
6.
Display the configuration for this example.
(config) # show ip interfaces
(config) # show gsop
(config) # show map
7.
Display Layer 2 GRE tunnel encapsulation/decapsulation statistics,
config) # show gsop stats alias tunnelencap
(config) # show gsop stats alias tunneldecap
Example 5 – GigaSMART L2GRE IPv6 Tunnel Encap/Decap
In this example, the encapsulation and decapsulation nodes are configured with IP interfaces using IPv6 addresses.
Step
Description
Command
On the encapsulation node, configure the sending end of the tunnel
1.
Configure a network type of port and a tool type of port.
(config) # port 1/3/x7 type network
(config) # port 1/3/x8 type tool
2.
Configure a GigaSMART group and associate it with a GigaSMART engine port.
(config) # gsgroup alias grp_en port-list 1/3/e1
3.
Configure the IP interface with an IPv6 address, prefix length, default gateway, and MTU setting. Assign it to the GigaSMART group.
(config) # ip interface alias test
(config ip interface alias test) # attach 1/3/x7
(config ip interface alias test) # ipv6 address 2001::2 /64
(config ip interface alias test) # gw-ipv6 2001::1
(config ip interface alias test) # mtu 9400
(config ip interface alias test) # gsgroup add grp_en
(config ip interface alias test) # exit
4.
Configure the GigaSMART operation for tunnel encapsulation and assign it to the GigaSMART group.
(config) # gsop alias gsen tunnel-encap type l2gre ip6dst 2001::3 key 5 port-list grp_en
5.
Create a map using the tunnel encapsulation GigaSMART operation.
(config) # map alias map_en
(config map alias map_en) # type regular byRule
(config map alias map_en) # use gsop gsen
(config map alias map_en) # rule add pass ipver 4
(config map alias map_en) # rule add pass ipver 6
(config map alias map_en) # from 1/3/x7
(config map alias map_en) # to 1/3/x8
(config map alias map_en) # exit
(config) #
6.
Display the configuration for this example.
(config) # show ip interfaces
(config) # show gsop
On the decapsulation node, configure the receiving end of the tunnel
7.
Configure a network type of port and a tool type of port.
(config) # port 1/4/x24 type network
(config) # port 1/4/x7 type tool
8.
Configure a GigaSMART group and associate it with a GigaSMART engine port.
(config) # gsgroup alias grp_de port-list 1/3/e1
9.
Configure the IP interface with an IPv6 address, prefix length, default gateway, and MTU setting. Assign it to the GigaSMART group.
(config) # ip interface alias test1
(config ip interface alias test1) # attach 1/4/x24
(config ip interface alias test1) # ipv6 address 2001::3 /64
(config ip interface alias test1) # gw-ipv6 2001::2
(config ip interface alias test1) # mtu 9400
(config ip interface alias test1) # gsgroup add grp_de
(config ip interface alias test1) # exit
10.
Configure the GigaSMART operation for tunnel decapsulation and assign it to the GigaSMART group.
(config) # gsop alias gsde tunnel-decap type l2gre key 5 port-list grp_de
11.
Create a map using the tunnel decapsulation GigaSMART operation.
(config) # map alias map_de
(config map alias map_de) # type regular byRule
(config map alias map_de) # use gsop gsde
(config map alias map_de) # rule add pass ipver 4
(config map alias map_de) # rule add pass ipver 6
(config map alias map_de) # from 1/4/x24
(config map alias map_de) # to 1/4/x7
(config map alias map_de) # exit
(config) #
12.
Display the configuration for this example.
(config) # show gsop
13.
Display IP interface configuration on the encapsulation node
Note: The show ip interfaces command for an IPv6 tunnel displays the gateway status as Reachable if neighbor discovery is completed with gateway or Not Reachable if neighbor discovery failed. Neighbor discovery is done only on the encapsulation node. On the decapsulation node, the gateway status will be Not Applicable.
(config) # show ip interface
14.
Display GigaSMART operation configuration on the decapsulation node
(config) # show gsop alias gsde
15.
Display the IP interface statistics
(config) # show ip interface stats
'업무이야기 > 패킷전달플랫폼' 카테고리의 다른 글
How do I reset the admin account password on H-Series products? (0) | 2020.06.03 |
---|---|
Flexible Inline include ISSL (0) | 2020.06.03 |
GigaSMART ERSPAN Tunnel Decapsulation (0) | 2020.06.03 |
GigaSMART VxLAN Tunnel Decapsulation (0) | 2020.06.03 |
Cluster B (0) | 2020.06.03 |