Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Soft GRE Capability

Soft GRE Capability Overview

The Soft GRE Capability enables tunneling of Q-in-Q Ethernet frames across network infrastructure, effectively facilitating routing, switching, and tunneling roles. This feature encapsulates and decapsulates Ethernet frames over GRE tunnels, preserving original Ethernet headers and MAC addresses for accurate traffic forwarding using VLAN tags. Quality of Service (QoS) is meticulously supported with traffic marking, classification, and prioritization based on PCP and DSCP values, alongside comprehensive policing mechanisms. The implementation also includes dynamic tunnel creation without signaling protocols and enhanced Connectivity Fault Management (CFM) support with detailed Ethernet OAM functionalities, ensuring robust performance monitoring and fault management.

Benefits of Soft GRE Capability

  • Enables efficient tunneling of Q-in-Q Ethernet frames over GRE tunnels, preserving original Ethernet headers and MAC addresses for accurate traffic forwarding using VLAN tags.

  • Supports comprehensive QoS mechanisms, including traffic marking, classification, and prioritization based on PCP and DSCP values, ensuring optimal traffic management.

  • Facilitates the dynamic creation of GRE tunnels without the need for signaling protocols, simplifying the setup process and reducing the complexity of network configuration.

  • Provides enhanced CFM support with detailed Ethernet OAM functionalities, allowing for robust performance monitoring and effective fault management in the network.

Understanding Dynamic Tunnel Configuration

The implementation of the Soft GRE capability enables the encapsulation and decapsulation of Q-in-Q Ethernet frames over GRE tunnels. This process begins by mapping S-VLAN, C-VLAN, and LAG interfaces to MPLS labels and GRE tunnel endpoints. By preserving the original Ethernet headers and MAC addresses, the feature ensures that traffic is forwarded accurately using VLAN tags. Through these mappings, you can achieve efficient tunneling of Ethernet traffic within network infrastructure.

Dynamic tunnel creation is a key aspect of the Soft GRE capability, as it allows GRE tunnels to be established without the need for signaling protocols. Instead, tunnels are dynamically created and bound to Q-in-Q interfaces using Layer 2 circuits. This simplifies the setup process and reduces network configuration complexity.

Configuring GRE or UDP dynamic tunnels involves setting specific attributes that enhance security and routing efficiency within complex network environments. By disabling anti-spoofing measures and preserving the input logical interface (IFL), you ensure that traffic is accurately routed based on the original input interface instead of the tunnel ID.

Configure Tunnel Attributes for GRE or UDP Dynamic Tunnels

You can configure GRE or UDP dynamic tunnels with specific attributes, to control how traffic is managed and routed within your network. By disabling anti-spoofing measures, you can ensure that legitimate traffic is not erroneously blocked.

The anti-spoofing configuration for GRE/UDP tunnels provides a powerful mechanism to secure your network against unauthorized traffic

This functionality allows you to configure the Tunnel Composite Nexthop (TCNH) to verify the source of incoming traffic by performing a reverse path lookup using the tunnel ID, thereby preventing malicious traffic from being routed through your network. Depending on the anti-spoofing setting, the system can either use the tunnel ID for validation or preserve the original WAN logical interface (IFL). Enabling anti-spoofing adds an essential layer of security, safeguarding your network against unauthorized access, while disabling it prioritizes performance in trusted environments.

The following example shows how to configure the policy options and the tunnel attributes. The policy options configuration involves specifying route filters and applying dynamic tunnel attributes to ensure that traffic destined for specific routes follows the defined policies. The routing options commands are used to set the dynamic tunnel types, disable anti-spoofing, and configure the dynamic tunnels based on next-hop addresses and source addresses.

To configure tunnel attributes and policy options configuration:

  1. Configure a policy with dynamic-tunnel-attributes as the action associates the dynamic tunnel to the prefix list. The policy from action allows the creation of tunnel with specified attributes for any matching condition.
  2. Create dynamic tunnel profiles. The dynamic tunnel profile specifies the tunnel type and the anchor Packet Forwarding Engine information. Enable next-hop-based dynamic GRE tunnel configuration.