Terminate Transport Tunnels

Before you begin

  • Starting with release 21.1.1.0, Extreme 9920 software supports outer VXLAN headers.
  • Starting with release 21.1.2.0, Extreme 9920 software supports IPv6 GRE tunnel termination and MPLS Segment Routing in outer tunnel termination.

About this task

Perform this procedure to terminate GRE, nvGRE, VXLAN, IPIP, or GTP-U packet headers from incoming packets.

Procedure

  1. Create a transport tunnel with the required parameters.
    device(config)# transport-tunnel name tunnel-type [ gre | erspan ] [ src-ip ipaddr | mask mask ] [tunnel-id value ]
  2. Create an ingress-group with the required parameters.
    device(config)# ingress-group name
  3. Configure the required ingress-group traffic-type parameters for traffic classification:
    • To configure the traffic-type and mode, go to step 4.
    • To configure the traffic-type with the IP address to be matched, go to step 5.
    • To configure the VXLAN outermost header, go to step 6.
    • To configure the MPLS outer header, go to step 7.
  4. Configure the required traffic-type parameter and mode for the ingress-group.
    • Terminate mode: Decapsulates IPGRE, nvGRE, VXLAN, IPIP, or GTP-U packet headers.
    • Scope-shift mode: Shifts scope of IPGRE, nvGRE, VXLAN, IPIP, GTP-U packets to inner headers.
    device (config-ingress-group)# traffic-type {gre | gtpu | ipip | nvgre | vxlan} mode [decap | new-scope]
    • The outer (sap-id) and inner (inner-sap-id) tunnel SAP IDs are generated for tunnel levels one and two.
    • If the mode to decapsulate or terminate packet headers is not specified, packets are classified based on configured traffic type and tunnel ID parameters.
  5. Configure the traffic-type with the IP address to be matched for traffic classification.
    device(config-ingress-group)# traffic-type { gre | ipip | gtpu | vxlan | nvgre } ip [ A.B.C.D | X:X::X:X | any ]
  6. Configure the required VXLAN outermost header.
    • IP address in double encapsulation traffic:
      device(config-ingress-group)# traffic-type vxlan outer ip [ A.B.C.D | X:X::X:X | any ]
    • VNI match based classification:
      device(config-ingress-group)# traffic-type vxlan outer vni vni-value
    To configure packet mirroring, go to step 8. Otherwise, proceed to step 11.
  7. Configure the MPLS outer header.
    device(config-ingress-group)# traffic-type mpls outer { header1 [ label value | any ] }
    To configure packet mirroring, go to step 8. Otherwise, proceed to step 9.
  8. Optional: Configure the required mirroring for frames.
    1. Enable mirror configuration.
      device(config)# mirror mirr_1 device(config-mirror)#
    2. Configure the mirror destination port in slot and port format.
      device(config-mirror)# set interface ethernet NAME
    3. Configure the required VXLAN or MPLS mirror to the ingress-group.
      device(config-ingress-group)# traffic-type [ vxlan | mpls ] outer mirror mirr_1
  9. Capture and forward the VXLAN or MPLS packet to the next module in the pipeline.
    device(config-ingress-group)# traffic-type [ vxlan | mpls ] outer log
  10. Capture the VXLAN or MPLS packet and drop it into the pipeline.
    device(config-ingress-group)# traffic-type [ vxlan | mpls ] outer log_drop
  11. Attach the ingress group to the required ingress port or interface.
    device(config-ingress-group)# set ingress-group name
  12. Attach the ingress group to the transport tunnel.
    device(config)# transport-tunnel name device(config-transport-tunnel)# set ingress-group name
  13. Configure L3-ACL to forward the traffic:
    1. Set ACL in the route-map.
    2. Bind route-map to the ingress-group.
      device(config)# ip access-list name
      device(config)# route-map name sequence_number
      device(config-route-map)# match ip name
      device(config-route-map-name)# forward-action permit
  14. Configure the required ports, interfaces, or port-channel:
    • List of egress ports or interfaces in egress-group and associated group in route-map.
    • Egress interface in route-map.
    • Port-channel in egress-group and set the group in route-map.
    device(config)# interface ethernet slot/port 
    device(config-if)# set ingress-group ingress-group-name