Link Search Menu Expand Document

Tunnels Template

NOTE:If you are deploying an SD-WAN network, the Business Intent Overlays (BIOs) govern tunnel properties. In this case, you do not need this template.

If you are not creating overlays, use this template to assign and manage tunnel properties.

  • Tunnel templates can be applied to any appliances (with or without tunnels). However, only existing tunnels can accept the template settings. To enable an appliance to apply these same settings to future tunnels, selectMake these the Defaults for New Tunnels.

  • Toview,edit, anddeletetunnels, use theTunnelstab. TheModeselected determines the tabs that display.

img

Tunnels Template Settings

Field Description
Admin state Indicates whether the tunnel has been set to admin Up or Down.
Auto discover MTU enabled Allows an appliance to determine the best MTU to use.
Auto max BW enabled When enabled, allows the appliances to auto-negotiate the maximum tunnel bandwidth.
DSCP Determines the DSCP marking that the keep-alive messages should use.
Fastfail Thresholds When multiple tunnels are carrying data between two appliances, this feature determines how quickly to disqualify a tunnel from carrying data.

The Fastfail connectivity detection algorithm for the wait time from receipt of last packet before declaring abrownoutis:

Twait = Base + N * RTTavg

whereBaseis a value in milliseconds, andNis the multiplier of the average Round Trip Time over the past minute. For example, if:

Base = 200mS
N = 2

Then,

RTTavg = 50mS

The appliance declares a tunnel to be inbrownoutif it does not see a reply packet from the remote end within 300mS of receiving the most recent packet.

In the Tunnel Advanced Options,Baseis expressed asFastfail wait-time base offset(ms), andNis expressed asFastfail RTT multiplication factor.

Fastfail enabled——此选项隧道keepali时触发ve signal does not receive a reply. The options aredisable,enable, andcontinuous. If the disqualified tunnel subsequently receives a keepalive reply, its recovery is instantaneous.

If set todisable, keepalives are sent every second, and 30 seconds elapse before failover. In that time, all transmitted data is lost.

If set toenable, keepalives are sent every second, and a missed reply increases the rate at which keepalives are sent from one per second to ten per second. Failover occurs after one second.

When set tocontinuous, keepalives are continuously sent at ten per second. Therefore, failover occurs after one tenth of a second.

Thresholds forLatency,Loss, orJitterare checked once every second.

Receiving three successive measurements in a row that exceed the threshold puts the tunnel into a brownout situation and flows will attempt to fail over to another tunnel within the next 100mS.

Receiving three successive measurements in a row that drop below the threshold will drop the tunnel out of brownout.
FEC (Forward Error Correction) can be set toenable,disable, orauto.
FEC ratio Is an option when FEC is set toautothat specifies the maximum ratio. The options are1:2,1:5,1:10, or1:20.
IPSec anti-replay window Select a size from the drop-down list orDisableto disable the IPSec anti-replay window. If a size is selected, protection is provided against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet.
IPSec pre-shared key A shared, secret string of Unicode characters that is used for authentication of an IPSec connection between two parties.
Mode Indicates whether the tunnel protocol isudp,gre, oripsec.
MTU 最大传输单位(MTU)是最大的possible unit of data that can be sent on a given physical medium. For example, the MTU of Ethernet is 1500 bytes. MTUs up to 9000 bytes are supported. Auto allows the tunnel MTU to be discovered automatically, and it overrides the MTU setting.
Reorder wait Maximum time (in ms) the appliance holds an out-of-order packet when attempting to reorder. The100msdefault value should be adequate for most situations. FEC can introduce out-of-order packets if the reorder wait time is not set high enough.
Retry count Number of failed keep-alive messages that are allowed before the appliance brings the tunnel down.
UDP destination port Used in UDP mode. Accept the default value unless the port is blocked by a firewall.
UDP flows Used in UDP mode. Number of flows over which to distribute tunnel data. Accept the default.

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go toAruba EULA.

Baidu