Gre tunnel backup at the headquarters – H3C Technologies H3C SecPath F1000-E User Manual
Page 36
24
GRE tunnel backup at the headquarters
Figure 20 GRE tunnel backup at the headquarters
, for higher network reliability, you can deploy multiple gateways at the
headquarters and specify one or more backup interfaces for the main tunnel interface on the main
gateway, such as Tunnel 1, to implement headquarters node backup and GRE tunnel backup. If the link
between the main gateway and the branch gateway goes down, the main tunnel interface will soon lose
the matching tunnel entry for forwarding packets to the branch. In this case, the main tunnel interface will
forward the packets to the backup interface, which will then forward the packets to the branch. You need
to configure the GRE over IPv4 mode on the backup interface.
When a matching tunnel entry exists, a backup interface can also participate in tunnel selection that is
based on tunnel priority. If you do not specify a GRE key on a backup interface, the backup interface will
have a lower priority than any P2MP tunnel entry. If you specify a GRE key on the backup interface, the
key value will be compared with the GRE key values in the P2MP tunnel entries, and the smaller the key
value, the higher the priority.
Advantages and restrictions of the P2MP GRE tunnel
technology
The P2MP GRE tunnel technology features the following advantages:
•
Simple configuration. On the headquarters node, you only need to configure the P2MP GRE tunnel
mode, instead of configuring a P2P GRE tunnel with each branch node.
•
Low maintenance cost. When a branch is added, no manual configuration is required on the
headquarters node; the headquarters node will learn the address of the added branch and then
establish a tunnel with the branch node.
•
Flexible access of branches. As the headquarters node learns tunnel destination addresses
dynamically, whether the branches obtain public addresses dynamically or not does not impact the
configurations on the headquarters node. This allows for more flexible accesses for branches.
•
Wonderful interoperability and investment protection. Based on the standard GRE protocol, the
P2MP GRE tunnel technology requires no special or proprietary protocol, nor special requirements
on branch gateways. The branch gateways can be from any vendors as long as they support GRE.
Device A
Device B
(Backup gateway)
IPv4 network
Device C
Tunnel0
Tunnel0
Tunnel0
Tunnel1
Tunnel1
Back interface
Tunnel1
Host A
Host B
Host C
GRE P2MP tunnel
GRE over IPv4 tunnel
Headquarters
Branch
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS