Network requirements, Configuring secpath a – H3C Technologies H3C SecPath F1000-E User Manual
Page 55
43
Configuration example for P2MP GRE tunnel backup at a
branch
Network requirements
As shown in
, a branch uses two gateways at the egress of the internal network, with SecPath
C for backup. A P2MP GRE tunnel template is created on SecPath A, the gateway at the headquarters,
allowing SecPath A to establish two GRE tunnels to the branch network, one for connecting SecPath B
and the other for connecting SecPath C. SecPath A decides which GRE tunnel to use to send packets to
the hosts on the branch network.
To meet the above requirements, you need to configure different GRE keys for the GRE tunnels on SecPath
B and SecPath C, so that SecPath A can choose a tunnel according to the GRE key values.
In this example, the GRE tunnel between SecPath A and SecPath B has a higher priority.
Figure 43 Network diagram
Device Interface IP
address
Device
Interface
IP address
SecPath A
GE0/1
11.1.1.1/24
SecPath B
GE0/1
11.1.1.2/24
GE0/2
172.17.17.1/24
GE0/2
192.168.1.2/24
Tunnel0
192.168.22.1/24
Tunnel0
192.168.22.2/24
SecPath C
GE0/1
11.1.1.3/24
SecPath C
Tunnel0
192.168.22.3/24
GE0/2
192.168.1.3/24
Configuring SecPath A
1.
Configure an IPv4 address for each interface and assign the interfaces to security zones. (Details
not shown.)
2.
Create a P2MP GRE tunnel interface:
a.
Select VPN > GRE > P2MP from the navigation tree.
b.
Click Add to perform the configurations shown in
c.
Enter 0 in the Tunnel Interface field.
d.
Enter IP address/mask 192.168.22.1/24.
e.
Select Management from the Zone list. (Select a security zone according to your network
configuration.)
f.
Enter 11.1.1.1 as the tunnel source interface, 24 as the branch network address mask, and 10
as the tunnel entry aging time.