F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

107BGRE tunnel backup at a branch

Figure 19 Backing up a GRE tunnel at a branch

As shown in 680HFigure 19, for higher network reliability, a branch can use multiple gateway devices so that

a GRE tunnel is established between the headquarters and each gateway of the branch for GRE tunnel

backup.

When creating a GRE tunnel on a gateway of the branch, you can configure the GRE key. The

headquarters device will read the GRE key from the GRE packet and record the GRE key value in the

corresponding tunnel entry. The headquarters device determines the priority of a tunnel entry according

to the value of the GRE key, and uses the tunnel corresponding to the tunnel entry with the highest priority

to forward packets destined for the peer and uses the other tunnels for backup. A tunnel entry without a

GRE key has the highest priority. For tunnel entries carrying a GRE key, a smaller key value means a

higher priority.

You can configure the GRE key only on a tunnel interface in P2P GRE tunnel mode. A tunnel interface

operating in P2MP GRE tunnel mode does not support the GRE key argument.

108BGRE tunnel backup at the headquarters

Figure 20 Backing up a GRE tunnel at the headquarters

As shown in 681HFigure 20, for higher network reliability, you can deploy multiple gateways at the

headquarters and specify one or more backup interfaces for the main tunnel interface on the main

Device A

Device B

(Backup gateway)

IPv4 network

Device C

Tunnel0

Tunnel1

(

Backup interface)

Tunnel1

Host A

Host B

Host C

GRE P2MP tunnel

GRE over IPv4 tunnel

Headquarters

Branch