Decap Groups

Decap Groups Overview

The Decap Group feature provides a data structure that receives encapsulated packets and extracts the payload. The switch then processes or forwards the extracted payload as required. Although packets cannot transmit through Decap Groups, use Nexthop Groups to create a reverse path for a packet. Decap Groups support payload extraction of packets received from Generic Routing Encapsulation (GRE) and IP-in-IP tunnels.

The Decap capabilities also support the Generic UDP Encapsulation (GUE). GUE provides a general method for encapsulating packets of random IP protocols within a UDP tunnel and contains an extensible header format with optional data.

The switch identifies a GUE packet based on the outer UDP destination port, terminates the tunnel based on the outer destination IP address, and removes the outer IP/UDP encapsulation. The outer UDP destination port also determines if the inner payload source as IP or MPLS. For IP payloads, the first instance of the inner payload distinguishes between IPv4 addresses and IPv6 addresses. The decapsulated packet then forwards to IP or MPLS forwarded based on the inner payload.

Decap Groups have the following constraints:
  • Destination IP addresses terminate tunnels and the source IP address has no impact.
  • Packets matching a decap group do not process through the ingress interface and VLAN.
  • During a tunnel termination, an ingress ACL filters the inner header of each decap group packet.
  • Decap Groups do not support VRF.

The decap support over GUE has the following constraints:
  • Does not support outer UDP checksum validation.
  • Does not support outer IP options handling.
  • Does not perform outer IP TTL check.
  • Does not provide exception handling on inner IP packets. Specifically, packets with inner IP TTL=1 or IP options attempt to forward in HW.
  • The DCS-7020, DCS-7280R, DCS-7280R2, DCS-7500R, and DCS-7500R2 switch series do not support VXLAN with GUE decap option on.
  • If enabling GUE with outer IP hashing, inner IP fields are not included in the load balance key of MPLS over GRE packets in tc-counters TCAM profile on DCS-7020, DCS-7280R, DCS-7280R2, DCS-7500R, and DCS-7500R2 switch series.

The tunnel type and decap IP address define the Decap Groups:
  • Tunnel type specifies the tunnel protocol that the switch uses to extract payload.
  • Decap IP address specifies the IP address where the switch receives decap group packets.

Decap Groups support Generic Routing Encapsulation (GRE) and IP-in-IP tunnels.

Configuring Decap Groups

Configure Decap Groups using the decap-group configuration mode. The decap-group configuration mode changes the running-configimmediately after entering commands. However, when exiting, the decap-group configuration mode does not affect running-config. The exit command returns the switch to global configuration mode.

Decap groups do not define a default destination address or tunnel type. You must configure both parameters. A decap group can contain multiple tunnel decap-ip statements.

Examples
  • Use this command to define a static CLI entry for the incoming-label.
    switch(config)# mpls static top-label 3400 ethernet 3/3/3 10.14.4.4 pop payload-type ipv4

  • Use this command to create a decap group named DC-1 and configure the group to terminate packets from GRE tunnel packets with the destination IP address of 10.14.3.2.
    switch(config)# ip decap-group DC-1
    switch(config-dg-DC-1)# tunnel type gre
    switch(config-dg-DC-1)# tunnel decap-ip 10.14.3.2
    switch(config-dg-DC-1)# show active
     ip decap-group DC-1
       tunnel type gre
       tunnel decap-ip 10.14.3.2
    switch(config-dg-DC-1)# end
    switch(config)#

Configuring Generic UDP Encapsulation (GUE) Decap Groups

The ip decap-group configuration specifies the GUE tunnel termination as follows:

switch(config)# ip decap-group test
switch(config-dg-test)# tunnel type UDP
switch(config-dg-test)# tunnel decap-ip 2.2.2.2
switch(config-dg-test)# tunnel decap-interface et1

Configure the global UDP destination port to payload type mapping:
switch(config)# ip decap-group type udp destination port 6080 payload ip
switch(config)# ip decap-group type udp destination port 5555 payload mpls
Note: Each payload type can be mapped to only one UDP port. Otherwise, the following error occurs:
switch(config)#ip decap-group type udp destination port 6080 payload ip
% There can be only one UDP destination port per payload type

MPLS over GUE Decap Group Configuration

The MPLS over GUE Decap Group requires the following platform configurations. First, the mpls-over-gre must be enabled since this supports the MPLS-over-GRE support in hardware:
switch(config)# platform fap mpls-over-gre

Then enable outer IP hashing:
(config)# load-balance policies 
switch(config-load-balance-policies)# load-balance sand profile default 
! profile default is a reserved profile
! profile default is the current global profile
switch(config-sand-load-balance-profile-default)# packet-type gue outer-ip

Decap Groups Commands

Decap Groups Show Command

ip decap-group

The ip decap-group command places the switch in decap-group configuration mode which permits the creation or modification of Decap Groups. A Decap Group provides a data structure that defines a method of extracting the payload from an encapsulated packet received on the switch receives at a specified IP address.

Decap Groups do not specify a default IP address group or tunnel type. These parameters must be explicitly configured before a Decap Group can function.

Commands entered in the decap-group configuration modeimmediately change the running-config. Exiting the decap-group configuration mode does not affect running-config. The exit command returns the switch to global configuration mode.

The no ip decap-group and default ip decap-group commands delete previously configured commands in the specified decap-group mode.

Command Mode

Global Configuration

Command Syntax

ip decap-group group_name

no ip decap-group group_name

default ip decap-group group_name

Parameters

group_name Decap group name.

Examples
  • This command creates a decap group named DC-1.

    switch(config)# ip decap-group DC-1
    switch(config-dg-DC-1)#

  • This command exits the decap-group mode for the DC-1 decap group.

    switch(config-dg-DC-1)# exit
    switch(config)#

  • This command delete the decap group named DC-1.

    switch(config)# no ip decap-group DC-1
    switch(config)#

show ip decap-group

The show ip decap-group command displays the IP decap groups available on the switch.

Command Mode

Global Configuration

Command Syntax

show ip decap-group [decap-group name | dynamic]

Parameters
  • decap-group name      The decap group name.
  • dynamic Displays the dynamic entries only.

Examples
  • This command displays the IP decap groups that are available in a switch.
    switch(config)# show ip decap-group
    NOTE: "D" column indicates dynamic entries
    D | Name                | Type       | Info            | Version | Addr Type
    --|---------------------|------------|-----------------|---------|--------
    * | d1                  | GRE        | 1.2.3.4         |         |
    * | d2                  | IP-in-IP   | Ethernet12/3    | IPv4    | primary
      | gre-with-intf       | GRE        |                 |         |
      | ipip-with-decapall  | IP-in-IP   | all             | IPv4    | all
      | ipip-with-decapall  | IP-in-IP   | all             | IPv6    | all
      | ipip-with-intf      | IP-in-IP   | Ethernet11/3    | IPv6    | all
      | ipip-with-intf      | IP-in-IP   | Ethernet11/3    | IPv4    | primary
    * | ipip-with-ip        | IP-in-IP   | 1001::1         | IPv6    |
    * | ipip-with-ip        | IP-in-IP   | 1.1.1.1         | IPv4    |
      | p1                  | GRE        | 100.100.100.100 |         |
      | p2                  | UNKNOWN    |                 |         |

  • This command displays the UDP decap groups that are available in a switch.
    switch(config)# show ip decap-group
    NOTE: "D" column indicates dynamic entries
    D | Name    | Type  | Info       | Version | Address  | UDP Dest | Payload
      |         |       |            |         | Type     | Port     | Type
    --|---------|-------|------------|---------|----------|----------|-----------
      | foo     | UDP   | Ethernet1  | IPv4    |  primary | 6080     | ip
      |         |       |            |         |          | 5555     | mpls
      | bar     | UDP   | 2.2.2.2    | IPv4    |          | 6080     | ip
      |         |       |            |         |          | 5555     | mpls

  • The following command displays the decap-groups configured in HW:
    switch(config)# show platform fap decap-group
    DecapIp                                   	LIF
    -------------------------------------------   ---------
    2.2.2.2                                  	|  	0
    3.3.3.3                                  	|  	1

tunnel decap-interface

The tunnel decap-interface command adds all locally configured IP addresses to the specific Layer 3 interface per Decap Group.

The no tunnel decap-interface command and the default tunnel decap-interface command restores the default state by removing the locally added IP addresses from the Decap Group.

Command Mode

Decap-Group Configuration

Command Syntax

tunnel decap-interface{ Ethernet | Loopback | Management | Port-Channel | Tunnel | Vlan | VXLAN | all}

no tunnel decap-interface {Ethernet | Loopback | Management | Port-Channel | Tunnel | Vlan | VXLAN | all}

default tunnel decap-interface{Ethernet | Loopback | Management | Port-Channel | Tunnel | Vlan | VXLAN | all}

Parameters
  • Ethernet e_num - Ethernet interface specified by e_num. The Ethernet port number ranges from 1 to 36.
  • Loopback l_num - Loopback interface specified by l_num. The loopback interface number ranges from 0 to 1000.
  • Management m_num - Management interface specified by m_num. The management port number ranges from 1 to 1.
  • Port-channel p_num - Port-channel interface specified by p_num. Options include the following:

    • Port-channel interface number. The port-channel interface number ranges from 1 to 2000.
    • Port-channel sub interface number. The port-channel sub interface number 1-2000,1-4094.

  • tunnel t_num     Tunnel interface specified by t_num. The tunnel interface number ranges from 0 to 255.
  • vlan v_num     VLAN interface specified by v_num. The VLAN interface number ranges from 1 to 4094.
  • VXLAN vx_num     VXLAN interface specified by vx_num. The VXLAN tunnel interface number ranges from 1 to 1.
  • all address-family     This parameter configures all L3 interfaces as a decap interface.

Example

These commands add locally configured IP addresses to the interface ethernet 1/1 for the dg1 Decap Group.
switch(config)# ip decap-group dg1
switch(config-dg-dg1)# tunnel decap-interface Ethernet1/1

switch(config-dg-dg1)# show active
ip decap-group dg1
   tunnel type ipip
   tunnel decap-interface Ethernet1/1
   tunnel decap-interface all address-family ipv6 address all

tunnel decap-ip

The tunnel decap-ip command specifies the IP address of packets handled by the configuration mode for the Decap Group. A Decap Group provides a data structure that defines a method of extracting the payload from an encapsulated packet received on the switch from a specified IP address.

Decap Groups do not define a default decap-ip address. A Decap Group does not become functional until an IP address is specified. Decap Groups can contain only one tunnel decap-ip statement. Subsequent commands replace any previously configured statements.

Command Mode

Decap-Group Configuration

Command Syntax

tunnel decap-ip ipv4_address

Parameter

ipv4_addr An IPv4 address.

Related Commands

Guidelines

A decap group does not specify a default IP address group or tunnel type. These parameters must be explicitly configured before a decap group can function.

Example

These commands configure 10.14.3.2 as the decap-IP address for the DC-1 decap group.
switch(config)# ip decap-group DC-1
switch(config-dg-DC-1)# tunnel decap-ip 10.14.3.2
switch(config-dg-DC-1)# show active
 ip decap-group DC-1
   tunnel decap-ip 10.14.3.2
switch(config-dg-DC-1)#

tunnel type

The tunnel type command specifies the tunnel protocol for extracting payload from encapsulated packets that arrive on the IP address specified for the configuration mode decap group. Supported tunnel protocols include General Routing Encapsulation (GRE) and IP-in-IP.

Decap groups do not define a default tunnel type. A decap group does not become functional until an IP address is specified. Decap groups can contain only one tunnel decap-ip statement. Subsequent commands replace previously configured statements.

Command Mode

Decap-group Configuration

Command Syntax

tunnel type gre

Related Commands

Guidelines

A decap group does not specify a default IP address group or tunnel type. These parameters must be explicitly configured before a decap group can function.

Example

This command configures decap group DC-1 to terminate packets from GRE tunnel packets.
switch(config)# ip decap-group DC-1
switch(config-dg-DC-1)# tunnel type gre
switch(config-dg-DC-1)# show active
 ip decap-group DC-1
   tunnel type gre
switch(config-dg-DC-1)#