Introduction To Vpn Tunnels - Huawei Quidway S9300 Configuration Manual

1 VPN Tunnel Management

1.1 Introduction to VPN Tunnels

This section provides an overview of tunnel management, and describes the different types of
tunnel policies and their implementation procedure.
Dedicated transmission channels, namely, tunnels, can be set up on the backbone networks of
virtual private networks (VPNs). Thus, packets are transparently transmitted through the tunnels.
Common VPN Tunnels
The common VPN tunnels are described as follows:
l
l
l
Tunnel Configuration Management
The setup and management of tunnels vary according to the tunnel types. For example, GRE
tunnels and MPLS TE tunnels (CR-LSP tunnels) are managed based on tunnel interfaces,
whereas MPLS LSPs are managed without using tunnel interfaces.
This chapter describes the configurations of tunnel interfaces and the configurations of general
tunnel management.
l
l
1-2
LSP
An MPLS VPN public network uses label switched paths (LSPs) as tunnels to forward VPN
packets. An IP packet header is analyzed only on the PEs and not on each device that the
VPN packet traverses. Thus, the processing time of VPN packets shortens and the delay of
packet transmission decreases. In addition, MPLS labels are supported by all link layers.
The functions and security features of an LSP are the same as those of an Asynchronous
Transfer Mode (ATM) virtual circuit (VC) or a Frame Relay (FR) VC.
MPLS TE
Generally, carriers need to provide VPN users with end-to-end quality of service (QoS) for
various services, such as the voice service, video service, mission-critical service, and
online service. To meet the requirements of users, an MPLS traffic engineering (TE) tunnel
can be used to optimize network resources and provide users QoS guaranteed services.
GRE
A Generic Routing Encapsulation (GRE) tunnel is used in either of the following situations:
The P does not support MPLS.
–
When the core device (P) on a backbone network provides only IP functions but does
not provide MPLS functions, the LSP cannot be used as the tunnel of the public network.
In this case, you can use the GRE tunnel to replace the LSP as the tunnel of VPN
backbone network.
CEs and PEs are indirectly connected.
–
On an MPLS L3VPN, CEs and PEs should be directly connected. If they are not directly
connected, the GRE tunnels need to be set up between them; otherwise, the CEs cannot
connect to the MPLS VPN.
Tunnel management module: provides the tunnel application module with the information
about tunnel status and checks the tunnel and tunnel policy based on the destination IP
address.
Tunnel policy module: chooses tunnels according to the destination IP addresses.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - VPN
Issue 01 (2009-07-28)