1.1 Introduction to VPN Tunnels
This section provides an overview of tunnel management, and describes the different types of
tunnel policies and their implementation procedure.
Dedicated transmission channels, namely, tunnels, can be set up on the backbone networks of
virtual private networks (VPNs). Thus, packets are transparently transmitted through the tunnels.
Common VPN Tunnels
The common VPN tunnels are described as follows:
l LSP
An MPLS VPN public network uses label switched paths (LSPs) as tunnels to forward VPN
packets. An IP packet header is analyzed only on the PEs and not on each device that the
VPN packet traverses. Thus, the processing time of VPN packets shortens and the delay of
packet transmission decreases. In addition, MPLS labels are supported by all link layers.
The functions and security features of an LSP are the same as those of an Asynchronous
Transfer Mode (ATM) virtual circuit (VC) or a Frame Relay (FR) VC.
l MPLS TE
Generally, carriers need to provide VPN users with end-to-end quality of service (QoS) for
various services, such as the voice service, video service, mission-critical service, and
online service. To meet the requirements of users, an MPLS traffic engineering (TE) tunnel
can be used to optimize network resources and provide users QoS guaranteed services.
l GRE
A Generic Routing Encapsulation (GRE) tunnel is used in either of the following situations:
– The P does not support MPLS.
When the core device (P) on a backbone network provides only IP functions but does
not provide MPLS functions, the LSP cannot be used as the tunnel of the public network.
In this case, you can use the GRE tunnel to replace the LSP as the tunnel of VPN
backbone network.
– CEs and PEs are indirectly connected.
On an MPLS L3VPN, CEs and PEs should be directly connected. If they are not directly
connected, the GRE tunnels need to be set up between them; otherwise, the CEs cannot
connect to the MPLS VPN.
Tunnel Configuration Management
The setup and management of tunnels vary according to the tunnel types. For example, GRE
tunnels and MPLS TE tunnels (CR-LSP tunnels) are managed based on tunnel interfaces,
whereas MPLS LSPs are managed without using tunnel interfaces.
This chapter describes the configurations of tunnel interfaces and the configurations of general
tunnel management.
l Tunnel management module: provides the tunnel application module with the information
about tunnel status and checks the tunnel and tunnel policy based on the destination IP
address.
l Tunnel policy module: chooses tunnels according to the destination IP addresses.
1 VPN Tunnel Management
Quidway S9300 Terabit Routing Switch
Configuration Guide - VPN
1-2 Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2009-08-20)
To Next Page
Loading...
