Users Guide
no shutdown
Multipoint Receive-Only Tunnels
A multipoint receive-only IP tunnel decapsulates packets from remote end-points and never forwards
packets on the tunnel. You can configure an additional level of security on a receive-only IP tunnel by
specifying a valid prefix or range of remote peers.
The operational status of a multipoint receive-only tunnel interface always remains up. Packets from the
remote addresses configured for a multipoint receive-only tunnel are decapsulated and are not marked
for neighbor resolution as for a standard tunnel’s destination address. Connected routes for the tunnel
interface’s IP subnet do not point towards the tunnel but towards the switch CPU for the receive-only
tunnel. The tunnel interface can function as an unnumbered interface with no IPv4/IPv6 address
assigned.
Guidelines for Configuring Multipoint Receive-Only Tunnels
• You can configure up to eight remote end-points for a multipoint receive-only tunnel. The maximum
number of remote end-points supported for all multipoint receive-only tunnels on the switch
depends on the hardware table size to setup termination.
• The IP MTU configured on the physical interface determines how multiple nested encapsulated
packets are handled in a multipoint receive-only tunnel.
• Control-plane packets received on a multipoint receive-only tunnel are destined to the local IP
address and routed to the CPU after decapsulation. A response to these packets from the switch is
only possible if the route to the sender does not pass through a receive-only tunnel.
• Multipathing over more than one VLAN interface is not supported on packets routed through the
tunnel interface.
• IP tunnel interfaces are supported over ECMP paths to the next hop. ECMP paths over IP tunnel
interfaces are supported. ARP and neighbor resolution for the IP tunnel next-hop are supported.
1022
Tunneling