Decap Groups
Decap Groups Overview
The Decap Group feature provides a data structure that receives encapsulated packets and extracts the payload. The switch then processes or forwards the extracted payload as required. Although packets cannot transmit through Decap Groups, use Nexthop Groups to create a reverse path for a packet. Decap Groups support payload extraction of packets received from Generic Routing Encapsulation (GRE) and IP-in-IP tunnels.
The Decap capabilities also support the Generic UDP Encapsulation (GUE). GUE provides a general method for encapsulating packets of random IP protocols within a UDP tunnel and contains an extensible header format with optional data.
The switch identifies a GUE packet based on the outer UDP destination port, terminates the tunnel based on the outer destination IP address, and removes the outer IP/UDP encapsulation. The outer UDP destination port also determines if the inner payload source as IP or MPLS. For IP payloads, the first instance of the inner payload distinguishes between IPv4 addresses and IPv6 addresses. The decapsulated packet then forwards to IP or MPLS forwarded based on the inner payload.
- Destination IP addresses terminate tunnels and the source IP address has no impact.
- Packets matching a decap group do not process through the ingress interface and VLAN.
- During a tunnel termination, an ingress ACL filters the inner header of each decap group packet.
- Decap Groups do not support VRF.
- Does not support outer UDP checksum validation.
- Does not support outer IP options handling.
- Does not perform outer IP TTL check.
- Does not provide exception handling on inner IP packets. Specifically, packets with inner IP TTL=1 or IP options attempt to forward in HW.
- The DCS-7020, DCS-7280R, DCS-7280R2, DCS-7500R, and DCS-7500R2 switch series do not support VXLAN with GUE decap option on.
- If enabling GUE with outer IP hashing, inner IP fields are not included in the load balance key of MPLS over GRE packets in tc-counters TCAM profile on DCS-7020, DCS-7280R, DCS-7280R2, DCS-7500R, and DCS-7500R2 switch series.
- Tunnel type specifies the tunnel protocol that the switch uses to extract payload.
- Decap IP address specifies the IP address where the switch receives decap group packets.
Decap Groups support Generic Routing Encapsulation (GRE) and IP-in-IP tunnels.
Configuring Decap Groups
- Specify the static CLI entry for the incoming label with the mpls static command.
- Specify the tunnel type with the tunnel type (Decap Group) command.
- Specify the Decap IP address with the tunnel decap-ip (Decap Group) command.
- Add the locally configured IP addresses to the Layer 3 interfaces using the tunnel decap-interface (Decap Group) command for a specified decap group.
Decap groups do not define a default destination address or tunnel type. You must configure both parameters. A decap group can contain multiple tunnel decap-ip statements.
- Use this command to define a static CLI entry for the
incoming-label.
switch(config)# mpls static top-label 3400 ethernet 3/3/3 10.14.4.4 pop payload-type ipv4
- Use this command to create a decap group named DC-1
and configure the group to terminate packets from GRE tunnel
packets with the destination IP address of
10.14.3.2.
switch(config)# ip decap-group DC-1 switch(config-dg-DC-1)# tunnel type gre switch(config-dg-DC-1)# tunnel decap-ip 10.14.3.2 switch(config-dg-DC-1)# show active ip decap-group DC-1 tunnel type gre tunnel decap-ip 10.14.3.2 switch(config-dg-DC-1)# end switch(config)#
Configuring Generic UDP Encapsulation (GUE) Decap Groups
The ip decap-group configuration specifies the GUE tunnel termination as follows:
switch(config)# ip decap-group test
switch(config-dg-test)# tunnel type UDP
switch(config-dg-test)# tunnel decap-ip 2.2.2.2
switch(config-dg-test)# tunnel decap-interface et1
switch(config)# ip decap-group type udp destination port 6080 payload ip
switch(config)# ip decap-group type udp destination port 5555 payload mpls
switch(config)# ip decap-group type udp destination port 6081 payload ip
% There can be only one UDP destination port per payload type
MPLS over GUE Decap Group Configuration
switch(config)# platform fap mpls-over-gre
(config)# load-balance policies
switch(config-load-balance-policies)# load-balance sand profile default
! profile default is a reserved profile
! profile default is the current global profile
switch(config-sand-load-balance-profile-default)# packet-type gue outer-ip
Decap Groups Commands
ip decap-group
The ip decap-group command places the switch in decap-group configuration mode which permits the creation or modification of Decap Groups. A Decap Group provides a data structure that defines a method of extracting the payload from an encapsulated packet received on the switch receives at a specified IP address.
Decap Groups do not specify a default IP address group or tunnel type. These parameters must be explicitly configured before a Decap Group can function.
Commands entered in the decap-group configuration modeimmediately change the running-config. Exiting the decap-group configuration mode does not affect running-config. The exit command returns the switch to global configuration mode.
The no ip decap-group and default ip decap-group commands delete previously configured commands in the specified decap-group mode.
Command Mode
Global Configuration
Command Syntax
ip decap-group group_name
no ip decap-group group_name
default ip decap-group group_name
Parameters
group_name Decap group name.
-
This command creates a decap group named DC-1.
switch(config)# ip decap-group DC-1 switch(config-dg-DC-1)#
-
This command exits the decap-group mode for the DC-1 decap group.
switch(config-dg-DC-1)# exit switch(config)#
-
This command delete the decap group named DC-1.
switch(config)# no ip decap-group DC-1 switch(config)#
show ip decap-group
The show ip decap-group command displays the IP decap groups available on the switch.
Command Mode
Global Configuration
Command Syntax
show ip decap-group [decap-group name | dynamic]
- decap-group name The decap group name.
- dynamic Displays the dynamic entries only.
- This command displays the IP decap groups that are available in a
switch.
switch(config)# show ip decap-group NOTE: "D" column indicates dynamic entries D | Name | Type | Info | Version | Addr Type --|---------------------|------------|-----------------|---------|-------- * | d1 | GRE | 1.2.3.4 | | * | d2 | IP-in-IP | Ethernet12/3 | IPv4 | primary | gre-with-intf | GRE | | | | ipip-with-decapall | IP-in-IP | all | IPv4 | all | ipip-with-decapall | IP-in-IP | all | IPv6 | all | ipip-with-intf | IP-in-IP | Ethernet11/3 | IPv6 | all | ipip-with-intf | IP-in-IP | Ethernet11/3 | IPv4 | primary * | ipip-with-ip | IP-in-IP | 1001::1 | IPv6 | * | ipip-with-ip | IP-in-IP | 1.1.1.1 | IPv4 | | p1 | GRE | 100.100.100.100 | | | p2 | UNKNOWN | | |
- This command displays the UDP decap groups that are available in a
switch.
switch(config)# show ip decap-group NOTE: "D" column indicates dynamic entries D | Name | Type | Info | Version | Address | UDP Dest | Payload | | | | | Type | Port | Type --|---------|-------|------------|---------|----------|----------|----------- | foo | UDP | Ethernet1 | IPv4 | primary | 6080 | ip | | | | | | 5555 | mpls | bar | UDP | 2.2.2.2 | IPv4 | | 6080 | ip | | | | | | 5555 | mpls
- The following command displays the decap-groups configured in
HW:
switch(config)# show platform fap decap-group DecapIp LIF ------------------------------------------- --------- 2.2.2.2 | 0 3.3.3.3 | 1
tunnel decap-interface
The tunnel decap-interface command adds all locally configured IP addresses to the specific Layer 3 interface per Decap Group.
The no tunnel decap-interface command and the default tunnel decap-interface command restores the default state by removing the locally added IP addresses from the Decap Group.
Command Mode
Decap-Group Configuration
Command Syntax
tunnel decap-interface{ Ethernet | Loopback | Management | Port-Channel | Tunnel | Vlan | VXLAN | all}
no tunnel decap-interface {Ethernet | Loopback | Management | Port-Channel | Tunnel | Vlan | VXLAN | all}
default tunnel decap-interface{Ethernet | Loopback | Management | Port-Channel | Tunnel | Vlan | VXLAN | all}
- Ethernet e_num - Ethernet interface specified by e_num. The Ethernet port number ranges from 1 to 36.
- Loopback l_num - Loopback interface specified by l_num. The loopback interface number ranges from 0 to 1000.
- Management m_num - Management interface specified by m_num. The management port number ranges from 1 to 1.
-
Port-channel p_num - Port-channel interface specified by p_num. Options include the following:
- Port-channel interface number. The port-channel interface number ranges from 1 to 2000.
- Port-channel sub interface number. The port-channel sub interface number 1-2000,1-4094.
- tunnel t_num Tunnel interface specified by t_num. The tunnel interface number ranges from 0 to 255.
- vlan v_num VLAN interface specified by v_num. The VLAN interface number ranges from 1 to 4094.
- VXLAN vx_num VXLAN interface specified by vx_num. The VXLAN tunnel interface number ranges from 1 to 1.
- all address-family This parameter configures all L3 interfaces as a decap interface.
Example
switch(config)# ip decap-group dg1
switch(config-dg-dg1)# tunnel decap-interface Ethernet1/1
switch(config-dg-dg1)# show active
ip decap-group dg1
tunnel type ipip
tunnel decap-interface Ethernet1/1
tunnel decap-interface all address-family ipv6 address all
tunnel decap-ip
The tunnel decap-ip command specifies the IP address of packets handled by the configuration mode for the Decap Group. A Decap Group provides a data structure that defines a method of extracting the payload from an encapsulated packet received on the switch from a specified IP address.
Decap Groups do not define a default decap-ip address. A Decap Group does not become functional until an IP address is specified. Decap Groups can contain only one tunnel decap-ip statement. Subsequent commands replace any previously configured statements.
Command Mode
Decap-Group Configuration
Command Syntax
tunnel decap-ip ipv4_address
Parameters
ipv4_addr An IPv4 address.
- The ip decap-group command places the switch in decap-group configuration mode.
- The tunnel type command specifies the tunnel protocol for extracting payload.
- The show ip decap-group command.
Guidelines
A decap group does not specify a default IP address group or tunnel type. These parameters must be explicitly configured before a decap group can function.
Example
switch(config)# ip decap-group DC-1
switch(config-dg-DC-1)# tunnel decap-ip 10.14.3.2
switch(config-dg-DC-1)# show active
ip decap-group DC-1
tunnel decap-ip 10.14.3.2
switch(config-dg-DC-1)#
tunnel type
The tunnel type command specifies the tunnel protocol for extracting payload from encapsulated packets that arrive on the IP address specified for the configuration mode decap group. Supported tunnel protocols include General Routing Encapsulation (GRE) and IP-in-IP.
Decap groups do not define a default tunnel type. A decap group does not become functional until an IP address is specified. Decap groups can contain only one tunnel decap-ip statement. Subsequent commands replace previously configured statements.
Command Mode
Decap-group Configuration
Command Syntax
tunnel type gre
- The ip decap-group command places the switch in decap-group configuration mode.
- The tunnel decap-ip command specifies the IP address of packets handled by the decap group.
- The show ip decap-group command.
Guidelines
A decap group does not specify a default IP address group or tunnel type. These parameters must be explicitly configured before a decap group can function.
Example
switch(config)# ip decap-group DC-1
switch(config-dg-DC-1)# tunnel type gre
switch(config-dg-DC-1)# show active
ip decap-group DC-1
tunnel type gre
switch(config-dg-DC-1)#