Manual Chapter : Common elements for tunnel tasks

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP APM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP Link Controller

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP LTM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP AFM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP ASM

  • 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Common elements for tunnel tasks

  1. On the Main tab, click
    Network
    Tunnels
    Tunnel List
    Create
    or
    Carrier Grade NAT
    Tunnels
    Create
    .
    The New Tunnel screen opens.
  2. On the Main tab, click
    Network
    Tunnels
    Tunnel List
    Create
    .
    The New Tunnel screen opens.
  3. On the Main tab, click
    Network
    Tunnels
    Tunnel List
    Create
    , or
    Carrier Grade NAT
    Tunnels
    Create
    The New Tunnel screen opens.
  4. On the Main tab, click
    Network
    Tunnels
    Tunnel List
    Create
    The New Tunnel screen opens.
  5. In the
    Name
    field, type a unique name for the tunnel.
  6. From the
    Profile
    list, select the type that corresponds to the encapsulation protocol you want to use.
    The selection
    ipip
    is the same as
    ip4ip4
    , but
    ipip
    is compatible with configurations from an earlier release.
  7. From the
    Profile
    list, select the tunnel profile you created for network virtualization.
    This selection must be a profile based on either the
    gre
    or
    vxlan
    parent profile, depending on your virtualized network environment.
  8. From the
    Profile
    list, select
    fec
    .
    This setting tells the system which tunnel profile to use. The system-supplied
    fec
    profile is configured for adaptive behavior for the number of source and repair packets. If you create a new FEC profile with custom settings, the profile then appears in this list, where you can select it.
  9. From the
    Profile
    list, select
    vxlan
    .
    This setting tells the system which tunnel profile to use. The system-supplied VXLAN profile specifies port
    4789
    . To change the port number, you can create a new VXLAN profile, which then appears in this list.
  10. From the
    Profile
    list, select
    vxlan-multipoint
    .
  11. From the
    Profile
    list, select
    vxlan-gpe
    .
    This setting tells the system which tunnel profile to use. The system-supplied
    vxlan-gpe
    profile specifies port
    4790
    . To change the port number, you can create a new VXLAN-GPE profile, which then appears in this list.
  12. From the
    Profile
    list, select
    nvgre
    .
    This setting tells the system which tunnel profile to use. The system-supplied NVGRE profile is adequate. To change the settings, you can create a new NVGRE profile, which then appears in this list.
  13. From the
    Profile
    list, select
    ipip
    or
    gre
    .
    The
    ipip
    selection can also be one of the IPIP variations:
    ip4ip4
    ,
    ip4ip6
    ,
    ip6ip4
    , or
    ip6ip6
    .
  14. From the
    Profile
    list, select
    dslite
    .
  15. From the
    Profile
    list, select
    ip4ip6
    .
  16. From the
    Profile
    list, select
    IPsec
    .
  17. From the
    Profile
    list, select
    v6rd
    .
  18. From the
    Profile
    list, select
    lw4o6
    or the lw4o6 profile you created previously.
  19. From the
    Profile
    list, select the MAP profile you created previously.
  20. In the
    Local Address
    field, type the IP address of the BIG-IP system.
  21. In the
    Local Address
    field, type the IP address of the local endpoint.
    If you are using an iSession connection, use the same IP address you used for the iSession local endpoint. Otherwise, use any self IP address on the BIG-IP system.
  22. In the
    Local Address
    field, type the IPv6 address of the local BIG-IP device.
  23. In the
    Local Address
    field, type the IPv4 address of the BIG-IP device you are configuring.
  24. In the
    Local Address
    field, type
    0.0.0.0
    for an IPv4 network or
    ::
    for an IPv6 network.
  25. In the
    Local Address
    field, type the self IP address of the VLAN through which the remote hypervisor is reachable.
  26. In the
    Local Address
    field, type the floating IP address to be used for redundancy.
  27. In the
    Local Address
    field, type the local endpoint IP address.
    This should be a floating self IP address.
  28. In the
    Secondary Address
    field, select
    Specify
    , and type the non-floating local IP address of the tunnel, for use with locally initiated traffic, such as monitor traffic.
  29. In the
    Secondary Address
    field, select
    Specify
    , and type the non-floating local IP address of the tunnel.
  30. From the
    Remote Address
    list, select
    Specify
    , and type the IP address of the device at the other end of the tunnel.
  31. From the
    Remote Address
    list, retain the default selection,
    Any
    .
    This entry means that you do not have to specify the IP address of the remote end of the tunnel, which allows multiple devices to use the same tunnel.
  32. For the
    Remote Address
    list, retain the default selection,
    Any
    .
  33. From the
    Remote Address
    list, select
    Specify
    , and type the IP address of the BIG-IP device at the other end of the tunnel.
  34. From the
    Remote Address
    list, select
    Specify
    , and type the IPv6 address of the BIG-IP device at the other end of the tunnel.
  35. From the
    Remote Address
    list, select
    Specify
    , and type the IPv6 address of the BIG-IP system used as an AFTR device at the other end of the tunnel.
  36. From the
    Remote Address
    list, retain the default selection,
    Any
    .
    This entry means that you do not have to specify the IP address of the remote end of the tunnel, which allows multiple devices to use the same tunnel.
  37. For the
    Remote Address
    setting, retain the default selection,
    Any
    , which indicates a wildcard IP address.
  38. For the
    Remote Address
    list, retain the default selection,
    Any
    .
  39. In the
    Remote Address
    field, type the multicast group address associated with the VXLAN segment.
  40. In the
    Remote Address
    field, select
    Any
    , or select
    Specify
    and type the multicast group address associated with the VXLAN-GPE segment.
  41. For the
    Mode
    list, retain the default selection,
    Bidirectional
    .
  42. From the
    Mode
    list, select
    Inbound
    .
  43. Select the
    Transparent
    check box.
  44. In the
    MTU
    field, type the maximum transmission unit of the tunnel.
    The default value is
    0
    . The valid range is from
    0
    to
    65515
    .
  45. For the
    Use PMTU
    (Path MTU) setting, select or clear the check box.
    • If enabled and the tunnel MTU is set to
      0
      , the tunnel will use the PMTU information.
    • If enabled and the tunnel MTU is fixed to a non-zero value, the tunnel will use the minimum of PMTU and MTU.
    • If disabled, the tunnel will use fixed MTU or calculate its MTU using tunnel encapsulation configurations
    .
  46. From the
    TOS
    list, select
    Preserve
    , or select
    Specify
    and type a Type of Service (TOS) value.
    The valid range is from
    0
    to
    255
    .
  47. From the
    Auto-Last Hop
    list, select a value.
    • Choose
      Default
      if you want the system to use the global
      Auto Last Hop
      setting (if enabled).
    • Choose
      Enabled
      if you want this setting to take precedence over the global
      Auto Last Hop
      setting, for this tunnel only.
    • Choose
      Disabled
      if you want to disable auto last hop behavior for this tunnel only.
  48. In the
    Key
    field, type the VNI (Virtual Network Identifier) to use for the VXLAN tunnel.
    This field appears above the
    Profile
    field when you select a profile that requires this setting.
  49. In the
    Key
    field, type the VNI (Virtual Network Identifier) to use for the VXLAN-GPE tunnel.
    This field appears above the
    Profile
    field when you select a profile that requires this setting.
  50. In the
    Key
    field, type the VNI (Virtual Network Identifier) to use for the tunnel.
    This field appears above the
    Profile
    field when you select a profile that requires this setting.
  51. In the
    Key
    field, type the VNI (Virtual Network Identifier) to use for a VXLAN tunnel or the Virtual Subnet Identifier (VSID) to use for a NVGRE tunnel.
    This field appears above the
    Profile
    field when you select a profile that requires this setting.
  52. In the
    Key
    field, type the Virtual Subnet Identifier (VSID) to use for the NVGRE tunnel.
    This field appears above the
    Profile
    field when you select a profile that requires this setting.
  53. In the
    Key
    field, type the special Virtual Subnet Identifier (VSID) that is used by Hyper-V Network Virtualization distributed routers to forward all routed packets to a gateway.
    This field appears above the
    Profile
    field when you select a profile that requires this setting.
  54. From the
    Traffic Group
    list, select
    traffic-group-local-only
    .
  55. For the
    Traffic Group
    list, retain the default selection,
    None
    .
  56. From the
    Traffic Group
    list, select the traffic group that includes the local IP address for the tunnel.
  57. Click
    Finished
    .
The inbound tunnel maps inbound packets from the special VSID to the correct VSID and tunnel for forwarding.