Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configure EAST

Adding values to the GRE tunnel endpoint on EAST shows how to specify additional values for the tunnel endpoint on EAST that is created in Configure EAST.

  • A key 101088 is provided as a password-like mechanism. This value matches the key configured for WEST.
  • The TTL for packets is set to 220, ToS field is set to 55, and MTU for packets is set to 1460.
  • Two firewall rule sets are applied to the tunnel interface:
    • The tun0-fw-in rule set is applied to packets ingressing through the tunnel interface.
    • The tun0-fw-out rule set is applied to packets egressing through the tunnel interface.

    In the example, it is assumed that these firewall rule sets have already been defined. For information on defining firewall rule sets, refer to Ciena Vyatta Network OS Firewall Configuration Guide.

To configure the GRE tunnel endpoint, perform the following steps on EAST in configuration mode.

Table 1. Adding values to the GRE tunnel endpoint on EAST
StepCommand
Provide the authentication key.
vyatta@EAST# set interfaces tunnel tun0 parameters ip key 101088
Set the TTL.
vyatta@EAST# set interfaces tunnel tun0 parameters ip ttl 220
Set the ToS.
vyatta@EAST# set interfaces tunnel tun0 parameters ip tos 55
Set the MTU.
vyatta@EAST# set interfaces tunnel tun0 mtu 1460
Apply the firewall rule set for incoming packets.
vyatta@EAST# set interfaces tunnel tun0 firewall in name tun0-fw-in
Apply the firewall rule set for outgoing packets.
vyatta@EAST# set interfaces tunnel tun0 firewall out name tun0-fw-out
Commit the configuration.
vyatta@EAST# commit
View the configuration.
vyatta@EAST# show interfaces tunnel tun0
	address 10.20.20.2/24
	description "Tunnel to WEST"
	encapsulation gre
	firewall
		in {
			name tun0-fw-in
		}
		out {
			name tun0-fw-out
		}
	}
	local-ip 10.10.1.2
	mtu 1460
	parameters {
	ip {
		key 101088
			tos 55
			ttl 220
	}
}
	remote-ip 10.10.1.1