Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configure WEST

Adding values to the GRE tunnel endpoint on WEST shows how to specify additional values for the tunnel endpoint on WEST that is created in Configure WEST.

  • A key, 101088, is provided as a password-like mechanism. The key on each side must match.
  • The TTL for packets is set to 220, ToS field is set to 55, and MTU for packets is set to 1460.
  • Two firewall rule sets are applied to the tunnel interface:
    • The tun0-fw-in rule set is applied to packets ingressing through the tunnel interface.
    • The tun0-fw-out rule set is applied to packets egressing through the tunnel interface.

    In the example, it is assumed that these firewall rule sets have already been defined. For information on defining firewall rule sets, refer to Ciena Vyatta Network OS Firewall Configuration Guide.

To configure the GRE tunnel endpoint, perform the following steps on WEST in configuration mode.

Table 1. Adding values to the GRE tunnel endpoint on WEST
StepCommand
Provide the authentication key.
vyatta@WEST# set interfaces tunnel tun0 parameters ip key 101088
Set the TTL.
vyatta@WEST# set interfaces tunnel tun0 parameters ip ttl 220
Set the ToS.
vyatta@WEST# set interfaces tunnel tun0 parameters ip tos 55
Set the MTU.
vyatta@WEST# set interfaces tunnel tun0 mtu 1460
Apply the firewall rule set for incoming packets.
vyatta@WEST# set interfaces tunnel tun0 firewall in name tun0-fw-in
Apply the firewall rule set for outgoing packets.
vyatta@WEST# set interfaces tunnel tun0 firewall out name tun0-fw-out
Commit the configuration.
vyatta@WEST# commit
View the configuration.
vyatta@WEST# show interfaces tunnel tun0
	address 10.20.20.1/24
	description "Tunnel to EAST"
	encapsulation gre
	firewall
		in {
			name tun0-fw-in
		}
		out {
			name tun0-fw-out
		}
	}
	local-ip 10.10.1.1
	mtu 1460
	parameters {
	ip {
		key 101088
			tos 55
			ttl 220
	}
}
	remote-ip 10.10.1.2