- New and Changed Information for the Interfaces NX-OS Configuration Guide
- Preface
- Overview
- Configuring Basic Interface Parameters
- Configuring Layer 2 Interfaces
- Configuring Layer 3 Interfaces
- Configuring Bidirectional Forwarding Detection
- Configuring Port Channels
- Configuring vPCs
- Configuring IP Tunnels
- Configuring Q-in-Q VLAN Tunnels
- IETF RFCs Supported by Cisco NX-OS Interfaces
- Configuration Limits for Cisco NX-OS Interfaces
- Information About IP Tunnels
- Licensing Requirements for IP Tunnels
- Prerequisites for IP Tunnels
- Guidelines and Limitations
- Default Settings
- Configuring IP Tunnels
- Verifying the IP Tunnel Configuration
- Configuration Examples for IP Tunneling
- Additional References
- Feature History for Configuring IP Tunnels
Configuring IP Tunnels
This chapter describes how to configure IP tunnels using Generic Route Encapsulation (GRE) on Cisco NX-OS devices.
This chapter includes the following sections:
- Information About IP Tunnels
- Licensing Requirements for IP Tunnels
- Prerequisites for IP Tunnels
- Guidelines and Limitations
- Default Settings
- Configuring IP Tunnels
- Verifying the IP Tunnel Configuration
- Configuration Examples for IP Tunneling
- Additional References
- Feature History for Configuring IP Tunnels
Information About IP Tunnels
IP tunnels can encapsulate a same-layer or higher layer protocol and transport the result over IP through a tunnel created between two devices.
This section includes the following topics:
IP Tunnel Overview
IP tunnels consists of the following three main components:
- Passenger protocol—The protocol that needs to be encapsulated. IPv4 is an example of a passenger protocol.
- Carrier protocol—The protocol that is used to encapsulate the passenger protocol. Cisco NX-OS supports GRE as a carrier protocol.
- Transport protocol—The protocol that is used to carry the encapsulated protocol. IPv4 is an example of a transport protocol.
An IP tunnel takes a passenger protocol, such as IPv4, and encapsulates that protocol within a carrier protocol, such as GRE. The device then transmits this carrier protocol over a transport protocol, such as IPv4.
You configure a tunnel interface with matching characteristics on each end of the tunnel.
For more information, see the “Configuring IP Tunnels” section.
You must enable the tunnel feature before you can see configure it. Beginning in Cisco NX-OS Release 4.2, the system automatically takes a checkpoint prior to disabling the feature, and you can roll back to this checkpoint. See the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x, for information on roll backs and checkpoints.
Beginning with Cisco NX-OS Release 4.2, a tunnel configured in one VDC is isolated from a tunnel with the same number configured in another VDC. For example, Tunnel 0 in VDC 1 is independent of tunnel 0 in VDC 2.
Beginning with Cisco NX-OS Release 4.2, your tunnel source IP address and destination IP address should be in the same VRF.
GRE Tunnels
Note
Beginning with Cisco NX-OS Release 5.1(1), the software supports multicasting over GRE tunnels.
You can use generic routing encapsulation (GRE) as the carrier protocol for a variety of passenger protocols.
Figure 8-1 shows the IP tunnel components for a GRE tunnel. The original passenger protocol packet becomes the GRE payload and the device adds a GRE header to the packet. The device then adds the transport protocol header to the packet and transmits it.
Path MTU Discovery
Path maximum transmission unit (MTU) discovery (PMTUD) prevents fragmentation in the path between two endpoints by dynamically determining the lowest MTU along the path from the packet's source to its destination. PMTUD reduces the send MTU value for the connection if the interface receives information that the packet would require fragmentation.
When you enable PMTUD, the interface sets the Don't Fragment (DF) bit on all packets that traverse the tunnel. If a packet that enters the tunnel encounters a link with a smaller MTU than the MTU value for the packet, the remote link drops the packet and sends an ICMP message back to the sender of the packet. This message indicates that fragmentation was required (but not permitted) and provides the MTU of the link that dropped the packet.
Note PMTUD on a tunnel interface requires that the tunnel endpoint can receive ICMP messages generated by devices in the path of the tunnel. Check that ICMP messages can be received before using PMTUD over firewall connections.
Virtualization Support
You can configure IP tunnels only in the default virtual device context (VDC) and the default Virtual Routing and Forwarding (VRF) instance.
Beginning with Cisco NX-OS Release 4.2, you can configure a tunnel interface as a member of a Virtual Routing and Forwarding (VRF) instance and as a member of any VDC. By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. A tunnel configured in one VDC is isolated from a tunnel with the same number configured in another VDC. For example, Tunnel 0 in VDC 1 is independent of tunnel 0 in VDC 2.
Your tunnel source IP address and destination IP address should be in the same VRF. You can also configure what VRF to use to look up the tunnel destination. This VRF should match the VRF of the tunnel source IP address.
See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x, for information about VDCs and see the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x, for information about VRFs.
High Availability
IP tunnels support stateful restarts. A stateful restart occurs on a supervisor switchover. After the switchover, Cisco NX-OS applies the runtime configuration after the switchover.
Licensing Requirements for IP Tunnels
The following table shows the licensing requirements for this feature:
Prerequisites for IP Tunnels
Guidelines and Limitations
IP tunnels have the following configuration guidelines and limitations:
- Cisco NX-OS supports the GRE Header defined in IETF RFC 2784. Cisco NX-OS does not support tunnel keys and other options from IETF RFC 1701.
- Beginning with Cisco NX-OS Release 5.2(5) and for later 5.2(x) releases, you can configure the tunnel interface and the tunnel transport in different Virtual Routing and Forward instances (VRF). The tunnels are supported only on M1 Series cards on Cisco Nexus 7000 Series platforms.
- Cisco NX-OS does not support WCCP on tunnel interfaces.
- Cisco NX-OS does not support GRE tunnel keepalives.
Default Settings
Table 8-1 lists the default settings for IP tunnel parameters.
|
|
|
|---|---|
Configuring IP Tunnels
This section includes the following topics:
- Enabling Tunneling
- Creating a Tunnel Interface
- Configuring a GRE Tunnel
- Enabling Path MTU Discovery
- Assigning VRF Membership to a Tunnel Interface
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling Tunneling
You must enable the tunneling feature before you can configure any IP tunnels.
SUMMARY STEPS
DETAILED STEPS
Creating a Tunnel Interface
You can create a tunnel interface and then configure this logical interface for your IP tunnel.
BEFORE YOU BEGIN
Beginning with Cisco NX-OS Release 5.2(5) and for later 5.2(x) releases, you can configure the tunnel source and the tunnel destination in different VRFs. Ensure that you have enabled the tunneling feature.
SUMMARY STEPS
3. tunnel source { ip-address | interface-name }
4. tunnel destination { ip-address | host-name }
DETAILED STEPS
|
|
|
|
|---|---|---|
(Optional) Uses the configured VRF to look up the tunnel IP destination address. |
||
Use the no interface tunnel command to remove the tunnel interface and all associated configuration.
|
|
|
|---|---|
Deletes the tunnel interface and the associated configuration. |
You can configure the following optional parameters to tune the tunnel in interface configuration mode:
|
|
|
|---|---|
Sets the tunnel time-to-live value. The range is from 1 to 255. |
This example shows how to create a tunnel interface:
switch(config)# i nterface tunnel 1
switch(config-if)# tunnel source ethernet 1/2
Configuring a GRE Tunnel
BEFORE YOU BEGIN
SUMMARY STEPS
DETAILED STEPS
|
|
|
|
|---|---|---|
This example shows how to configure the tunnel interface to GRE and set the GRE tunnel keepalives:
switch(config)# i nterface tunnel 1
Enabling Path MTU Discovery
Use the tunnel path-mtu discovery command to enable path MTU discovery on a tunnel.
|
|
|
|---|---|
tunnel path-mtu-discovery [ age-timer min ] [ min-mtu bytes ] |
Enables Path MTU Discovery (PMTUD) on a tunnel interface. The parameters are as follows: |
Assigning VRF Membership to a Tunnel Interface
BEFORE YOU BEGIN
Ensure that you have enabled the tunneling feature.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Assign the IP address for a tunnel interface after you have configured the interface for a VRF.
SUMMARY STEPS
4. ip-address ip-prefix/length
DETAILED STEPS
|
|
|
|
|---|---|---|
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF. |
||
The following example shows how to add a tunnel interface to the VRF:
switch(config)# interface tunnel 0
switch(config-if)# vrf member RemoteOfficeVRF
Verifying the IP Tunnel Configuration
To verify IP tunnel configuration information, perform one of the following tasks:
Configuration Examples for IP Tunneling
The following example shows a simple GRE tunnel. Ethernet 1/2 is the tunnel source for router A and the tunnel destination for router B. Ethernet interface 2/1 is the tunnel source for router B and the tunnel destination for router A.
Additional References
For additional information related to implementing IP tunnels, see the following sections:
Related Documents
|
|
|
|---|---|
Cisco Nexus 7000 Series NX-OS Interfaces Command Reference, Release 5.x |
|
Resolve IP Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPSEC |
Standards
|
|
|
|---|---|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
Feature History for Configuring IP Tunnels
Table 8-2 lists the release history for this feature.
Feedback