Tunnels
SoodarOS support many Layer 2 and Layer 3 tunnels, including: GRE, IPIP, VXLAN and VPLS
Layer 3 Tunnels
Layer 3 Tunnels Includes:
GRE
IPIP
Create L3 Tunnel
- interface tunnel [vrf VRF] (0-1023)
Create a new tunnel with instance number input.
- no interface tunnel
Delete a tunnel
- tunnel source <A.B.C.D|X:X::X:X>
- tunnel destination <A.B.C.D|X:X::X:X>
- [no] tunnel vrf VRF
Lookup for tunnel destination in VRF’s FIB.
- tunnel mode ipip
Set tunnel mode to IP-IP
- tunnel mode ipip multipoint
Set tunnel mode to IP-IP multipoint
- tunnel mode gre
- tunnel mode gre multipoint
Set tunnel mode to GRE MP.
Note
In
multipointmode,destinationshould not be set. Usenhrpinstead.
- tunnel protection ipsec profile IPSECPROFILE
Protect tunnel with IPSec. see Profile
Warning
Currently, the protection mode is only supported in P2P tunnels.
Note
When a tunnel is in protected mode, It is put in shutdown mode until the IPSec SAs are established.
Note
When IPSec SAs protecting a tunnel are gone, the tunnel immediately shuts down. Reestablishing SAs make tunnel available again.
Logging
Debugging logs can be set in case of need.
- [no] debug tunnel event
log data plane installation processes and results
GRE configuration example
In the first peer we have:
soodar1(config)# interface tunnel 10
soodar1(config-if)# tunnel source 200.1.2.1
soodar1(config-if)# tunnel destination 200.1.2.2
soodar1(config-if)# tunnel mode gre
soodar1(config-if)# ip address 192.168.1.1/32
In the second peer we have:
soodar2(config)# interface tunnel 10
soodar2(config-if)# tunnel source 200.1.2.2
soodar2(config-if)# tunnel destination 200.1.2.1
soodar2(config-if)# tunnel mode gre
soodar2(config-if)# ip address 192.168.1.2/32
And then, we add IP routes:
soodar1(config)# ip route 2.1.1.0/24 tunnel10
soodar2(config)# ip route 1.1.1.0/24 tunnel10
GRE-MP configuration example
Currently, only NHRP static mapping is available.
In the first peer we have:
soodar1(config)# interface tunnel 10
soodar1(config-if)# tunnel source 200.1.2.1
soodar1(config-if)# tunnel mode gre multipoint
soodar1(config-if)# ip address 192.168.1.1/32
soodar1(config-if)# ip nhrp map 192.168.1.2 200.1.2.2
In the second peer we have:
soodar2(config)# interface tunnel 10
soodar2(config-if)# tunnel source 200.1.2.2
soodar2(config-if)# tunnel mode gre multipoint
soodar2(config-if)# ip address 192.168.1.2/32
soodar2(config-if)# ip nhrp map 192.168.1.1 200.1.2.1
And then, we add IP routes:
soodar1(config)# ip route 2.1.1.0/24 192.168.1.2
soodar2(config)# ip route 1.1.1.0/24 192.168.1.1
VXLAN
Virtual Extensible LAN (VXLAN) is a proposed encapsulation protocol for running an overlay network on existing Layer 3 infrastructure.
- interface nve (0-1023)
Create an NVE interface with instance
Example :
soodar(config)# interface nve 40
- source-ip <A.B.C.D|X:X::X:X>
Set NVE source IP
- ingress-replication A.B.C.D
Set NVE destination IP
- member vni (1-16777214)
Associate NVE to VNI number.
Note
For now, each NVE interface can associate to
1VNI
- member vni (1-16777214) associate-vrf
Associate NVE to VNI number and VRF that use this VNI number. Now tunnel lookup its ingress-replication’s path from the VRF that shares the same VNI with the tunnel.
Note
Each VRF can associate to
1VNIExample :
soodar(config)# interface nve 10 soodar(config-if)# source-ip 200.1.3.1 soodar(config-if)# ingress-replication 156.25.4.89 soodar(config-if)# member vni 40 soodar(config-if)# bridge-group 120 soodar(config-if)# int ge0 soodar(config-if)# no shutdown soodar(config-if)# bridge-group 120
soodar(config)# vrf green soodar(config-vrf)# vni 40 soodar(config)# int ge1 soodar(config-if)# ip vrf forwarding green soodar(config-if)# ip address 200.1.3.1/24 soodar(config)# interface nve 10 soodar(config-if)# source-ip 200.1.2.1 soodar(config-if)# ingress-replication 200.1.3.3 soodar(config-if)# member vni 40 associate-vrf soodar(config-if)# bridge-group 120 soodar(config-if)# int ge0 soodar(config-if)# no shutdown soodar(config-if)# bridge-group 120
Logging
Debugging logs can be set in case of need.
- [no] debug vxlan event
log data plane installation processes and results
VPLS
Virtual Private LAN Service( VPLS) is a method to extend LANs on the network.
SoodarOS Supports VPLS on an MPLS core network. First, we need to create a mpls-tunnel interface to achieve this. This interface acts as a pseudowire by adding another MPLS label to its passing traffic.
Using a TLDP( Targeted LDP) session, the tunnel label can be negotiated between two routers.
Note
To use VPLS, the connection should be full-mesh. If three router r1, r2 and r3 are going to form a VPLS, 3 connection is needed: r1-r2, r2-r3 and r1-r3
- interface mpls-tunnel
Creates a
mpls-tunnelinterface
- l2vpn NAME type vpls
Create an L2VPN using VPLS technology
- member pseudowire PW
Add a
mpls-tunnelto this L2VPN and enter member pseudowire configuration mode. PW is mpls-tunnel’s name
- neighbor lsr-id A.B.C.D
Target’s LSR-ID of this pseudowire.
Note
We should have a route to target’s LSR-ID to establish a targeted session.
- pw-id (1-4294967295)
An ID to distinguish pseudowires. If PW-IDs differ, the session will not be established.
Example :
soodar(config)# interface ge3
soodar(config-if)# bridge-group 200
soodar(config-if)# no shutdown
soodar(config)# interface mpls-tunnel0
soodar(config-if)# bridge-group 200 split-horizon group 100
soodar(config-if)# no shutdown
soodar(config)# interface mpls-tunnel1
soodar(config-if)# bridge-group 200 split-horizon group 100
soodar(config-if)# no shutdown
soodar(config)# mpls ldp
soodar(config-ldp)# router-id 222.1.1.1
soodar(config)# l2vpn exemplary-vpls type vpls
soodar(config-l2vpn)# member pseudowire mpls-tunnel0
soodar(config-l2vpn-pw)# neighbor lsr-id 222.7.7.7
soodar(config-l2vpn-pw)# pw-id 170
soodar(config-l2vpn)# member pseudowire mpls-tunnel1
soodar(config-l2vpn-pw)# neighbor lsr-id 222.14.14.14
soodar(config-l2vpn-pw)# pw-id 1140
Note
Note how mpls-tunnels share the same split-horizon group id. It’s to prevent loops in packets( since bridge flooding is enabled and our topology is full-mesh).
Logging
Debugging logs can be set in case of need.
- [no] debug vpls event
log data plane installation processes and results