Configure Fabric Extend Logical Interfaces

Use the following procedure to configure Fabric Extend (FE) between a Main office to a Branch office. This is a typical deployment. However, if your deployment creates tunnels between two switches that support Fabric Extend natively, repeat those steps and ignore the steps for switches that require an ONA.

Note

VRF is an optional parameter. If a VRF is not configured, then FE uses the GRT.

About this task

Configuring Fabric Extend consists of two primary tasks: configuring the tunnel source address and configuring the logical interface. These tasks must be completed on both ends of the tunnel.

Note

The VSP 4450 Series source address command is different than other platforms. The logical interface commands are different between Layer 2 and Layer 3 networks.

Procedure

The following steps are for platforms that support FE natively:

In the navigation pane, expand Configuration > IS-IS > IS-IS.
Select the Logical Interfaces tab.
Select Insert.
In the Id field, enter the index number that uniquely identifies this logical interface.
In the Name field, enter the name of this logical interface.
In the Type field, select the type of core network that the tunnel will traverse. If it is a Layer 2 Core, select layer2. If it is a Layer 3 Core, select ip.

Note

Different fields will be available depending on the type of core network you select.
To enable BFD, select enable in the BFDEnable field.
For a Layer 2 Core, configure the following fields:

Note

This step does not apply to XA1400 Series.
1. In the DestIfIndex field, select the ellipsis (...) to select the physical port that the logical interface connects to or enter the name of the MLT.
2. In the Vids field, enter the list of VLANs for this logical interface.
3. In the PrimaryVid field, enter the primary tunnel VLAN ID.
  
  Note
  
  The primary VLAN ID must be one of the VIDs listed in the Vids field.
For a Layer 3 Core, complete the following field:
1. In the DestIPAddr field, enter the destination IP address for the logical interface.
Optional: In the IpsecCompression field, select whether to enable compression for a Fabric Extend over IPsec connection.

Note

This step only applies to XA1400 Series.
In the IpsecEnable field, select whether to enable a Fabric Extend over IPsec connection for the logical interface.

Note

This step only applies to XA1400 Series.
Select the IPsec authentication method.

Note

This step only applies to XA1400 Series.
Optional: For a pre-shared key, in the AuthenticationKey field, enter the authentication key to secure your Fabric Extend over IPsec connection fo the logical interface.

Note

This step only applies to XA1400 Series.
In the ShapingRate field, enter the value in Mbps of the shaper used for Egress Tunnel Shaping.

Note

This step only applies to XA1400 Series.
In the Mtu field, enter a value to specify the size of the maximum transmission unit (MTU).
In the EncryptionKeyLength field, select the IPsec encryption key length.
Note

This step only applies to XA1400 Series.
- You cannot change the encryption key length when IPsec is enabled on the FE tunnel.
In the IpsecTunnelDestAddress field, enter the destination IP address for the IPsec tunnel.

Note

This step only applies to XA1400 Series.
Select Insert.

The following steps are for platforms that require an ONA to support FE:

Note

The interface VLAN connecting to the ONA network port is always in the GRT, and the member port that the VLAN is part of is always an access port.

In the navigation pane, expand Configuration > IS-IS > IS-IS.
Select the Logical Interfaces tab.
Select Insert.
In the Id field, enter the index number that uniquely identifies this logical interface.
In the Name field, enter the name of this logical interface.
In the Type field, select the type of core network that the tunnel will traverse. If it is a Layer 2 Core, select layer2. If it is a Layer 3 Core, select ip.

Note

Different fields will be available depending on the type of core network you select.
For a Layer 2 Core, complete the following fields:
1. In the DestIfIndex field, select the ellipsis (...) to select the physical port that the logical interface connects to or enter the name of the MLT.
2. In the Vids field, enter the list of VLANs for this logical interface.
3. In the PrimaryVid field, enter the primary tunnel VLAN ID.
  
  Note
  
  The primary VLAN ID must be one of the VIDs listed in the Vids field.
For a Layer 3 Core, configure the following field:
1. in the DestIPAddr field, enter the destination IP address for the logical interface.
In the IpsecEnable field, select whether to enable a Fabric Extend over IPsec connection for the logical interface.
In the AuthenticationKey field, enter the authentication key to secure your Fabric Extend over IPsec connection fo the logical interface.
In the ShapingRate field, enter the value in Mbps of the shaper used for Egress Tunnel Shaping.
Select Insert.

Logical Interfaces Field Descriptions

Use the data in the following table to use the Logical Interfaces tab and the Insert Logical Interfaces dialog. The available fields in the dialog differ depending on the type of core you select: layer 2 or ip.


Name	Description
Id	Specifies the index number that uniquely identifies this logical interface. This field displays on the Insert Logical Interfaces dialog only.
IfIndex	Specifies the index number that uniquely identifies this logical interface. This field is read-only. This field displays on the Logical Interfaces tab only.
Name	Specifies the administratively assigned name of this logical interface, which can be up to 64 characters.
Type Note: Exception: Type Layer 2 is not supported on XA1400 Series.	Specifies the type of logical interface to create: Specify layer 2 for a Layer 2 core network that the tunnel will traverse. Specify ip for a Layer 3 core network that the tunnel will traverse.
DestIPAddr	Specifies the destination IP address for the IP-type logical interface.
DestIfIndex Note: Exception: Not supported on XA1400 Series.	Specifies the physical port or MultiLink Trunking (MLT) that the Layer 2 logical interface is connected to.
Vids Note: Exception: Not supported on XA1400 Series.	Specifies the list of VLANs that are associated with this logical interface.
PrimaryVid Note: Exception: Not supported on XA1400 Series.	Specifies the primary tunnel VLAN ID associated with this L2 Intermediate-System-to-Intermediate-System (IS-IS) logical interface.
CircIndex Note: Exception: Not supported on XA1400 Series.	Identifies the IS-IS circuit created under the logical interface. This field displays on the Logical Interfaces tab only.
NextHopVrf Note: Exception: Not supported on XA1400 Series.	Identifies the next-hop VRF name to reach the logical tunnel destination IP. This field displays on the Logical Interfaces tab only.
IpsecEnable Note: Exception: Only supported on XA1400 Series.	Specifies whether the logical interace should use IPsec.
AuthenticationKey Note: Exception: Only supported on XA1400 Series.	Specifies the authentication key of this logical interface, which can be up to 32 characters.
ShapingRate Note: Exception: Only supported on XA1400 Series.	Specifies the value, in Mbps, of the Egress Tunnel Shaper applied to the logical interface.
Mtu	Specifies the Maximum Transmission Unit (MTU) size for each logical interface. The default MTU value is 1950.
EncryptionKeyLength Note: Exception: Only supported on XA1400 Series.	Specifies the IPsec encryption key length for FE tunnel, which can be 128 bit or 256 bit. The default value is len128bit.
IpsecTunnelDestAddress Note: Exception: Only supported on XA1400 Series.	Specifies the destination IP address for the IPsec tunnel.
BfdEnable Note: Exception: Not supported on VSP 8600 Series or VSP 4450 Series.	Enables or disables BFD on an IS-IS Logical Interface.
IpsecResponderOnly Note: Exception: Only supported on XA1400 Series.	Specifies whether the device is a Responder device in an IPsec Network Address Translation Traversal (NAT-T) connection.
IpsecRemoteNatIPAddr Note: Exception: Only supported on XA1400 Series.	Specifies the public IP address of the NAT router connected to the Responder device in an IPsec NAT-T connection.
IpsecAuthMethod Note: Exception: Only supported on XA1400 Series.	Configures the IPsec authentication method for the tunnel as either a pre-shared key or RSA signature for digital certificates. The default is pre-shared key.
IpsecCompression Note: Exception: Only supported on XA1400 Series.	Reduces the size of the IP datagram to improve the communication performance between hosts connected behind Backbone Edge Bridges (BEB). Tip: As a best practice, use IPsec compression only for Fabric Extend tunnels where latency is greater than 70ms.