Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Tunnel-Service and IPSec-Service Overview
Tunnels provide a way of transporting datagrams between routers that do not support the same protocols. Often, these routers are separated by networks.
To configure tunneling, you must identify the tunnel-server ports that reside on modules that support tunnel services. You can then assign the tunnel-service interfaces that encapsulate protocols and enable them to be tunneled across the network.
Figure 13 displays the interface stacking for tunnel-service interfaces on a tunnel-server module.
Figure 13: Interface Stacking for Tunnel-Service Interfaces
This section describes the types of tunnel-server ports that you can configure on tunnel-server modules and the types of tunnel-service interfaces that you can run on these ports.
Types of Tunnel-Server Ports
E Series routers support two types of tunnel-server ports: dedicated tunnel-server ports and shared tunnel-server ports.
Dedicated Tunnel-Server Ports
Dedicated tunnel-server ports are virtual ports that are always present on dedicated tunnel-server modules. These modules offer only tunnel services; they do not offer access services.
Shared Tunnel-Server Ports
Shared tunnel-server ports are virtual ports that are always present on certain E Series line modules that provide tunnel services in addition to regular access services. You can configure the shared tunnel-server port to use a portion of the module’s bandwidth to provide tunnel services.
Shared tunnel-server ports offer the following benefits:
- Greater flexibility in deploying tunnel servers
You can use a shared tunnel-server module to provide tunnel services as an alternative to using a dedicated tunnel-server module.
- Cost savings
If you have limited tunnel-server processing needs, you can provide tunnel services on a single available port of a shared tunnel-server module instead of having to allocate the entire bandwidth of a dedicated tunnel-server module for this purpose.
Types of Tunnel-Service Interfaces
You can configure the following types of tunnel-service interfaces using dedicated tunnel-server ports and shared tunnel-server ports:
- Static IP interfaces that you configure and delete
Static IP interfaces include DVMRP and GRE tunnels. You must assign interfaces on other line modules to act as source endpoints for these tunnels. For information about configuring these tunnels, see Configuring IP Tunnels in JunosE IP Services Configuration Guide.
- Dynamic interfaces associated with
an L2TP LNS session
The router establishes dynamic interfaces when required and removes the interfaces when they are not required. For information about applications that use these dynamic interfaces, see L2TP Overview in JunosE Broadband Access Configuration Guide.
- Secure IP tunnels
IPSec-service modules are associated with secure IP tunnels. You must configure and delete these interfaces statically; however, the router assigns tunnels to the interfaces dynamically. This mechanism means that you must manage the interfaces for tunnels manually: however, the router adds and removes tunnels when required. For information about configuring secure IP tunnels, see Configuring IPSec in JunosE IP Services Configuration Guide.
