Network requirements, Configuring secpath a – H3C Technologies H3C SecPath F1000-E User Manual

43

Configuration example for P2MP GRE tunnel backup at a
branch

Network requirements

As shown in

Figure 43

, a branch uses two gateways at the egress of the internal network, with SecPath

C for backup. A P2MP GRE tunnel template is created on SecPath A, the gateway at the headquarters,

allowing SecPath A to establish two GRE tunnels to the branch network, one for connecting SecPath B

and the other for connecting SecPath C. SecPath A decides which GRE tunnel to use to send packets to

the hosts on the branch network.
To meet the above requirements, you need to configure different GRE keys for the GRE tunnels on SecPath

B and SecPath C, so that SecPath A can choose a tunnel according to the GRE key values.
In this example, the GRE tunnel between SecPath A and SecPath B has a higher priority.

Figure 43 Network diagram

Device Interface IP

address

Device

Interface

IP address

SecPath A

GE0/1

11.1.1.1/24

SecPath B

GE0/1

11.1.1.2/24

GE0/2

172.17.17.1/24

GE0/2

192.168.1.2/24

Tunnel0

192.168.22.1/24

Tunnel0

192.168.22.2/24

SecPath C

GE0/1

11.1.1.3/24

SecPath C

Tunnel0

192.168.22.3/24

GE0/2

192.168.1.3/24

Configuring SecPath A

1.

Configure an IPv4 address for each interface and assign the interfaces to security zones. (Details
not shown.)

2.

Create a P2MP GRE tunnel interface:

a.

Select VPN > GRE > P2MP from the navigation tree.

b.

Click Add to perform the configurations shown in

Figure 44

.

c.

Enter 0 in the Tunnel Interface field.

d.

Enter IP address/mask 192.168.22.1/24.

e.

Select Management from the Zone list. (Select a security zone according to your network
configuration.)

f.

Enter 11.1.1.1 as the tunnel source interface, 24 as the branch network address mask, and 10
as the tunnel entry aging time.