Extreme Networks ExtremeWare Command Reference Manual page 1759
Hide thumbs
Also See for ExtremeWare:
- Command reference manual (2620 pages) ,
- Command reference manual (2546 pages) ,
- Command reference manual (1598 pages)
Table of Contents
Advertisement
configure mpls add tls-tunnel
enabled on the VLAN that the ipaddress is assigned. The local_vlan_name parameter identifies the
layer-2 traffic that is to be transported. All of the local traffic that the switch receives for this VLAN is
transported across the tunnel.
When configuring static TLS tunnels, the tls-labels parameters specify the innermost labels of the tunnel
label stack. The egress_label is inserted into the MPLS header of layer-2 frames forwarded onto the
tunnel LSP by this switch, and must be meaningful to the peer TLS node. All traffic received from the
tunnel LSP that contains the ingress_label is forwarded to the local VLAN identified by the
local_vlan_name parameter. The tls-labels parameters are specified using hexadecimal notation. The
value of the ingress_label parameter must be unique within the switch (i.e., the same ingress_label value
cannot be used for two different tunnels). The valid range of the ingress label parameter is
[8C000..8FFFF]. The valid range of the egress_label parameter is [00010..FFFFF] (note that if the peer
LSR is also an Extreme switch, then the egress_label must be in the range [8C000..8FFFF]). Since LSPs
are unidirectional in nature, coordinated configuration is required at both tunnel endpoint switches.
The egress_label at one tunnel endpoint switch must match the ingress_label at the other tunnel
endpoint switch, and vice versa.
When configuring dynamic TLS tunnels, the defined vcid parameters are encoded in a new
martini-draft FEC-TLV and advertised in an LDP Label Mapping Message to the targeted LDP peer.
Included in the Label Mapping Message is the advertised egress TLS tunnel label that is encoded in the
Label TLV. The advertising LER automatically allocates the egress TLS tunnel label from the set of
unused labels in the TLS LER Label Partition [8C000-8FFFF]. When the Label Mapping Message is
received by the egress TLS tunnel peer, the egress TLS tunnel peer cross references the vcid parameters
advertised in the martini-draft FEC-TLV with its own locally defined TLS tunnel vcid parameter values.
If a vcid and groupid match is found, the TLS tunnel is bound to the local_vlan_name by correlating the
advertised egress TLS tunnel label with the local VLAN ID. Once the TLS tunnel label and the local
VLAN ID are dynamically bound, all traffic received from the tunnel LSP that contains the egress TLS
tunnel label is forwarded to the local VLAN identified by the local_vlan_name parameter. The optional
from command defines the local_endpoint_ipaddress from which the dynamic TLS tunnel is
established. Since dynamic TLS tunnels must first establish an LDP session to the targeted LDP peer
(TLS endpoint) prior to exchanging tunnel vcid parameters, the TLS endpoint switch must be capable of
accepting LDP Hello messages for the configured TLS tunnel's targeted ipaddress. By default, the
local_endpoint_ipaddress is the configured OSPF Router ID. The from parameter must be specified
when dynamic TLS tunnels are used in conjunction with ESRP. The local_endpoint_ipaddress should be
configured to match the local tunnel endpoint VLAN interface IP address (see Layer-2 Transport on
page 43 for discussion on how to use ESRP to provide TLS redundancy). This allows dynamic TLS
tunnels to properly fail over to the slave switch when both the master and the slave switch are
configured with the same local_endpoint_ipaddress. The vcid is a non-zero 32-bit ID that defines the
tunnel connection and the groupid is a 32-bit value that defines a dynamic TLS tunnel connection
group. The groupid may be used to simultaneously delete all dynamic TLS tunnels in a group. If the
groupid is not specified, its value defaults to zero.
When ingress traffic is forwarded to the local VLAN, the VLAN ID is set to the VLAN ID of the local
VLAN, without regard to the VLAN ID in the MAC header of the frame received from the tunnel LSP.
Thus, there is no requirement that all sites of an extended VLAN be configured to use the same VLAN
ID, which can simplify network management in some situations.
Example
The following command creates a TLS tunnel to 11.0.4.11 for traffic originating from VLAN unc:
configure mpls add tls-tunnel rt40 11.0.4.11 unc tls-labels 8f001 8f004
To add a static labeled TLS tunnel, use the following command:
configure mpls add tls-tunnel <tunnel_name> [lsp <lsp_name> | <ipaddress> |
<host_name>] <local_vlan_name> tls-labels <ingress_label> <egress_label>
ExtremeWare Software 7.3.0 Command Reference Guide
1759
Advertisement
Table of Contents
Related Manuals for Extreme Networks ExtremeWare
Related Products for Extreme Networks ExtremeWare
- Extreme Networks ExtremeWare XOS Command
- Extreme Networks ExtremeWare Enterprise Manager
- Extreme Networks EPICenter Guide
- Extreme Networks ExtremeXOS ScreenPlay
- Extreme Networks ExtremeWireless AP460i
- Extreme Networks ExtremeWireless AP460e
- Extreme Networks ExtremeSwitching Virtual Services Platform 4450GSX-DC
- Extreme Networks ExtremeSwitching 3600 Series
- Extreme Networks ExtremeSwitching ISW Series
- Extreme Networks ExtremeSwitching X440-G2-12t-10GE4
- Extreme Networks ExtremeSwitching X440-G2-12p-10GE4
- Extreme Networks ExtremeSwitching X440-G2-48t-10GE4
- Extreme Networks ExtremeSwitching X440-G2-12t8fx-GE4
- Extreme Networks ExtremeSwitching X450-G2-48t-10GE4
- Extreme Networks ExtremeSwitching X620-10x
- Extreme Networks ExtremeSwitching X460-G2-24p-10GE4