Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 69
57
Dest Addr Mask Tunnel Dest Addr Gre Key
# Ping Host A from Host C. View tunnel entries on SecPath B:
[SecPathB] display gre p2mp tunnel-table interface tunnel 0
Dest Addr Mask Tunnel Dest Addr Gre Key
192.168.12.0 255.255.255.0 11.1.1.3
Then, Host A can ping Host C.
The verification process indicates that:
•
After the link between SecPath A and SecPath C went down, the tunnel entry aging timer started to
work.
•
After the timer expired, the tunnel entry on SecPath A was removed.
•
After SecPath C sent a packet to SecPath B, a tunnel entry to the branch network was generated on
SecPath B. Packets from the headquarters to the branch network are delivered by SecPath A to
SecPath B through the backup interface, and then SecPath B forwards these packets to the branch.
Configuration example for P2MP GRE tunnel backup at a
branch
Network requirements
As shown in
, a branch uses two gateways at the egress of the internal network, with SecPath
C for backup. A P2MP GRE tunnel is created on SecPath A, the gateway at the headquarters, allowing
SecPath A to establish two GRE tunnels to the branch network, one for connecting SecPath B and the
other for connecting SecPath C. SecPath A decides which GRE tunnel to use to send packets to the hosts
on the branch network.
To meet the requirements, configure different GRE keys for the GRE tunnels on SecPath B and SecPath C,
so that SecPath A can choose a tunnel according to the GRE key values.
In this example, the GRE tunnel between SecPath A and SecPath B has a higher priority.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS