Tunnels
SoodarOS support many Layer 2 and Layer 3 tunnels including: GRE, IPIP, VXLAN and VPLS
Layer 3 Tunnels
Layer 3 Tunnels Includes:
GRE
IPIP
Create L3 Tunnel
- interface tunnel [vrf VRF] (0-1023)
Create a new tunnel with instance number input.
- no interface tunnel
Delete a tunnel
- tunnel source <A.B.C.D|X:X::X:X>
- tunnel destination <A.B.C.D|X:X::X:X>
- tunnel mode ipip
Set tunnel mode to IP-IP
- tunnel mode ipip multipoint
Set tunnel mode to IP-IP multipoint
- tunnel mode gre
- tunnel mode gre multipoint
Set tunnel mode to GRE MP.
Note
In
multipointmode,destinationshould not be set. usenhrpinstead.
- tunnel protection ipsec profile IPSECPROFILE
Protect tunnel with IPSec. see Profile
Warning
Currently protection mode is only supported in P2P tunnels.
Note
When tunnel is in protected mode, It will be put in shutdown mode untill the IPSec SAs are established.
Note
When IPSec SAs protecting a tunnel are gone, the tunnel will immediately shutdown. Reestablishing SAs make tunnel available again.
Logging
Debugging logs can be set in case of need.
- [no] debug tunnel event
log data plane installation processes and results
GRE configuration example
In first peer we have:
soodar1(config)# interface tunnel 10
soodar1(config-if)# tunnel source 200.1.2.1
soodar1(config-if)# tunnel destination 200.1.2.2
soodar1(config-if)# tunnel mode gre
soodar1(config-if)# ip address 192.168.1.1/32
In second peer we have:
soodar2(config)# interface tunnel 10
soodar2(config-if)# tunnel source 200.1.2.2
soodar2(config-if)# tunnel destination 200.1.2.1
soodar2(config-if)# tunnel mode gre
soodar2(config-if)# ip address 192.168.1.2/32
And then we add IP routes:
soodar1(config)# ip route 2.1.1.0/24 tunnel10
soodar2(config)# ip route 1.1.1.0/24 tunnel10
GRE-MP configuration example
Currently only NHRP static mapping is available.
In first peer we have:
soodar1(config)# interface tunnel 10
soodar1(config-if)# tunnel source 200.1.2.1
soodar1(config-if)# tunnel mode gre multipoint
soodar1(config-if)# ip address 192.168.1.1/32
soodar1(config-if)# ip nhrp map 192.168.1.2 200.1.2.2
In second peer we have:
soodar2(config)# interface tunnel 10
soodar2(config-if)# tunnel source 200.1.2.2
soodar2(config-if)# tunnel mode gre multipoint
soodar2(config-if)# ip address 192.168.1.2/32
soodar2(config-if)# ip nhrp map 192.168.1.1 200.1.2.1
And then we add IP routes:
soodar1(config)# ip route 2.1.1.0/24 192.168.1.2
soodar2(config)# ip route 1.1.1.0/24 192.168.1.1
VXLAN
Virtual Extensible LAN (VXLAN) is a proposed encapsulation protocol for running an overlay network on existing Layer 3 infrastructure.
- interface nve (0-1023)
Create a NVE interface with instance
Example :
soodar(config)# interface nve 40
- source-ip <A.B.C.D|X:X::X:X>
Set NVE source IP
- ingress-replication A.B.C.D
Set NVE destination IP
- member vni (1-16777214)
Associate NVE to VNI number.
Note
For now, each NVE interface can associate to
1VNI
- member vni (1-16777214) associate-vrf
Associate NVE to VNI number and VRF that use this VNI number. Now tunnel lookup its ingress-replication’s path from the VRF that shares the same VNI with tunnel.
Note
Each VRF can associate to
1VNIExample :
soodar(config)# interface nve 10 soodar(config-if)# source-ip 200.1.3.1 soodar(config-if)# ingress-replication 156.25.4.89 soodar(config-if)# member vni 40 soodar(config-if)# bridge-group 120 soodar(config-if)# int ge0 soodar(config-if)# no shutdown soodar(config-if)# bridge-group 120
soodar(config)# vrf green soodar(config-vrf)# vni 40 soodar(config)# int ge1 soodar(config-if)# ip vrf forwarding green soodar(config-if)# ip address 200.1.3.1/24 soodar(config)# interface nve 10 soodar(config-if)# source-ip 200.1.2.1 soodar(config-if)# ingress-replication 200.1.3.3 soodar(config-if)# member vni 40 associate-vrf soodar(config-if)# bridge-group 120 soodar(config-if)# int ge0 soodar(config-if)# no shutdown soodar(config-if)# bridge-group 120
Logging
Debugging logs can be set in case of need.
- [no] debug vxlan event
log data plane installation processes and results
VPLS
Virtual Private LAN Service( VPLS) is a method to extend LANs on network.
SoodarOS, Support VPLS on a MPLS core network. To achieve this, first we need to create a mpls-tunnel interface. This interface acts as a pseudowire, by adding another MPLS label to its passing traffic.
Using a TLDP( Targeted LDP) session, the tunnel label can be negotiated between two routers.
Note
To use VPLS, the connection should be full-mesh. If three router r1, r2 and r3 are going to form a VPLS, 3 connection is needed: r1-r2, r2-r3 and r1-r3
- interface mpls-tunnel
Creates a
mpls-tunnelinterface
- l2vpn NAME type vpls
Create a L2VPN using VPLS technology
- member pseudowire PW
Add a
mpls-tunnelto this L2VPN and enters member pseudowire configuration mode. PW is mpls-tunnel’s name
- neighbor lsr-id A.B.C.D
Target’s LSR-ID of this pseudowire.
Note
We should have route to target’s LSR-ID to establish targeted session.
- pw-id (1-4294967295)
An ID to distinguish pseudowires. if PW-IDs differ, the session will not be established.
Example :
soodar(config)# interface ge3
soodar(config-if)# bridge-group 200
soodar(config-if)# no shutdown
soodar(config)# interface mpls-tunnel0
soodar(config-if)# bridge-group 200 split-horizon group 100
soodar(config-if)# no shutdown
soodar(config)# interface mpls-tunnel1
soodar(config-if)# bridge-group 200 split-horizon group 100
soodar(config-if)# no shutdown
soodar(config)# mpls ldp
soodar(config-ldp)# router-id 222.1.1.1
soodar(config)# l2vpn exemplary-vpls type vpls
soodar(config-l2vpn)# member pseudowire mpls-tunnel0
soodar(config-l2vpn-pw)# neighbor lsr-id 222.7.7.7
soodar(config-l2vpn-pw)# pw-id 170
soodar(config-l2vpn)# member pseudowire mpls-tunnel1
soodar(config-l2vpn-pw)# neighbor lsr-id 222.14.14.14
soodar(config-l2vpn-pw)# pw-id 1140
Note
Note how mpls-tunnels share same split-horizon group id. It’s to prevent from loops in packets( since bridge flooding is enabled and our topology is full-mesh).
Logging
Debugging logs can be set in case of need.
- [no] debug vpls event
log data plane installation processes and results