Tunneling Between Data Centers

This chapter describes how to establish Generic Routing Encapsulation (GRE) and/or Virtual Extensible LAN (VxLAN) tunnels between DMF switches in different locations or between a DMF switch and a third-party device.

Understanding Tunneling

DMF can forward traffic between two DMF switches controlled by the same Controller over a tunnel. This feature can be used to extend a DMF deployment across multiple data centers or branch offices over networks connected by Layer-3 networks. This feature supports centralization or distribution of tools and taps across multiple locations when they cannot be cabled directly.
Note:For a list of the switches that support tunneling, refer to the DANZ Monitoring Fabric 8.5 Hardware Compatibility List. The DANZ Monitoring Fabric 8.4 Verified Scale Guide indicates the number of tunnels supported by each supported switch (Verified Scalability Values/encap tunnels/decap tunnels).
When enabling tunneling between DMF switches, keep the following in mind:
  • Connect switch ports in the main data center and the remote location to the appropriate WAN routers, and ping each interface to make sure that IP connectivity is established.
  • Create tunnel endpoints and configure the tunnel attributes on each end of the tunnel.
  • The CRC Check option must be enabled if tunneling is enabled, which it is by default. If CRC checking has been disabled, re-enable it before configuring a tunnel.
  • In case of GRE tunnels, the optional gre-key-decap value on the receiving end must match the GRE key value of the sender. You can set multiple values on the same tunnel to decapsulate traffic with different keys.
  • Multiple tunnels can be initiated from a single switch. For each tunnel (transmit-only or bidirectional), a separate encap-loopback-interface must be configured.
  • The loopback-mode must be set to mac on the encap-loopback-interface.
Figure 1. Connecting DMF Switches Using a Layer-2 GRE Tunnel
Note: For EOS switches running DMF 8.5: L2GRE tunneling is supported on Arista 7280R3 switches only and subject to the following limitations:
  • L2GRE tunnels are not supported on DMF 7280R and 7280R2 switches.
  • DSCP configuration is not supported.
  • Traffic steering for traffic arriving on an L2GRE tunnel will only allow for matching based on inner src/dst IP, IP protocol, and inner L4 src/dst port.
  • Packets may only be redirected to a single L2GRE tunnel.
  • Packets may not be load-balanced across multiple L2GRE tunnels.
  • Only IPv4 underlays in the default VRF are supported.
  • Matching on inner IPv6 headers may not be supported.
  • The maximum number of tunnels on EOS Jericho switches is 32.
  • There is no bi-directional tunnel support. The parent/uplink router-facing interface is used for either encapsulation or decapsulation, but not simultaneously.
  • When using tunnel-as-a-filter, there is no inner L3/L4 matching support immediately after decapsulation in the same switch pass. Using a loopback may potentially work around this limitation.
  • VxLAN tunnels are currently NOT supported on 7280 switches.

Encapsulation Type

DMF supports VxLAN tunnel type along with Level-2 Generic Routing Encapsulation (L2GRE). Tunnel type is a per-switch configuration, which means that the switch pipeline can either be set to VxLAN or L2GRE. Once the switch pipeline is set, all tunnels configured on the switch will use the same tunnel type.

The encapsulation type can be configured in the GUI while adding a new switch into the DMF Controller as shown in the figure below:
The encapsulation type can be edited for an existing switch from the Fabric > Switches > Configure Switch page as shown in the figure below:
The encapsulation type can also be configured or edited from the CLI in configuration mode: 
Ctrl-1(config)# switch Switch-1
Ctrl-1(config-switch)# tunnel-type
gre Select GRE as the tunnel type of the switch. (default selection)
vxlan Select VxLAN as the tunnel type of the switch.
The switch pipeline mode can be viewed from the CLI using the following command: 
Ctrl-1(config)# show switch
# Switch Name IP AddressState Pipeline Mode
-|-------------------|---------------------------|---------|----------------------------------|
1 Switch-1fe80::d6af:f7ff:fef9:e2b0%9 connected l3-l4-offset-match-push-vlan-vxlan
2 Switch-2fe80::e6f0:4ff:fe69:6aee%9connected l3-l4-offset-match-push-vlan
3 Switch-3fe80::e6f0:4ff:fe78:1ffe%9connected l3-l4-offset-match-push-vlan-vxlan
Ctrl-1(config)#

In the above CLI output, Switch-1 and Switch-3 are using the VxLAN tunnel type as seen in the Pipeline Mode column. Switch-2 is using the L2GRE tunnel type.

Using Tunnels in Policies

Tunnels can be used as a core link, as a filter interface, or as a delivery interface. The most common use case is for linking multiple sites, in which case the tunnel is treated as a core link. If used as a core link, DMF automatically discovers the link as if it was a physical link and determines connectivity (link-state) in the same manner. If the tunnel goes down for any reason, DMF treats the failure as it would a physical link failure.

Another typical use case for the tunnel is as A filter interface to decapsulate L2 GRE/VxLAN tunneled production traffic, or a tunnel initiated by another DMF instance managed by a different DMF Controller. Tunnel endpoint can also be used as a delivery interface to encapsulate filtered monitoring traffic to send to analysis tools or to send to another DANZ Monitoring Fabric managed by a different DMF Controller.

Note: By default, sFlow and other Arista Analytics meta data cannot be generated for decapsulated L2 GRE/VxLAN tunneled production traffic on a tunnel interface configured as a filter interface. In order to generate this meta data, create a policy with a filter interface as a tunnel interface and send the decapsulated traffic to a MAC loopback port configured in a filter-and-delivery role. Now create a second policy with the filter interface as the MAC loopback port and the delivery interface going to the tools. The sFlow and meta data will now be generated for the decapsulated tunnel traffic.

Using the GUI to Configure a GRE Tunnel

To configure a VxLAN tunnel, complete the following steps:

  1. Select Fabric > Switch .
  2. On the Switches page, click the Menu control to the left of the switch or interface to include in the tunnel and select Create Tunnel.
    Alternatively, tunnels can be configured from the Fabric > Interfaces page by clicking on the top Menu Control > Create Tunnel option. The system displays the dialog as shown in the figure below:
    Figure 2. Configure VxLAN Tunnel
  3. Complete the fields on this page, as described below.
    • Switch: From the drop down, select the DMF switch.
    • Encapsulation Type: The encapsulation type will automatically be selected based on the pipeline mode of the selected switch.
    • Name: Name of the tunnel, beginning with the word tunnel.
    • Rate Limit (Optional): Packets entering the tunnel can be rate limited to restrict the bandwidth usage of the tunnel. This can help ensure that a WAN link is not saturated with monitoring traffic being tunneled between sites. This setting is applicable on the tunnel encapsulation side.
    • Direction: Direction can be bidirectional, transmit-only or receive-only. For bidirectional tunnels, the tunnel direction should be bidirectional on both ends. For uni-directional tunnels from remote to main datacenter, the tunnel direction is transmit-only on the remote datacenter switch and receive-only on the main data center switch.
    • Local IP: Local IP address and subnet mask in CIDR format (/nn).
    • Gateway IP: IP address of the default (next-hop) gateway.
    • Remote IP: This is the IPv4 address of the other end (remote end) of the tunnel.
    • Parent Interface: Physical port or port-channel interface associated with the tunnel. This is the destination interface for the tunnel.
    • Loopback Interface: A physical interface on each switch with a transmit-only or a bidirectional tunnel endpoint. This physical interface will be used for tunnel encapsulation purposes, and cannot be used for any other DMF purpose, such as a filter, delivery, service, or core interface.
    • DSCP (Optional): Mark the tunnel traffic with the specified DSCP value.
  4. After configuring the appropriate options, click Submit.
    Note: This procedure should be configured on both switches, at each end of the tunnel. The Auto VLAN mode must be set to Push Per Policy or Push Per Filter Interface.

Using the CLI to Configure a GRE Tunnel

To configure a GRE tunnel using the CLI, complete the following steps:

  1. Connect switch ports (on remote and main datacenter) to their respective WAN routers and ensure that they can communicate via IP.
  2. Enable tunneling on the DMF network by entering the following command from config mode: 
    controller-1(config)# tunneling
Tunneling is an Arista Licensed feature. Please ensure that you have purchased the license
for tunneling before using this feature. enter "yes" (or "y") to continue: yes
controller-1(config)#
  3. Configure the MAC loopback mode, as shown in the following example: 
    controller-1(config)# switch DMF-CORE-SWITCH
controller-1(config-switch)# interface ethernet7
controller-1(config-switch-if)# loopback-mode mac
  4. Create tunnel endpoints.
The following CLI example configures a bi-directional tunnel from remote-dc1-filter-sw to main-dc-delivery-sw: 
!
switch remote-dc1-filter-sw
gre-tunnel-interface tunnel1
remote-ip 192.168.200.50
gre-key-decap 4097 === 4097 is the VPN key used for the tunnel ID
parent-interface ethernet6
local-ip 192.168.100.50 mask 255.255.255.0 gateway-ip 192.168.100.1
direction bidirectional encap-loopback-interface ethernet38
!
switch main-dc-delivery-sw
gre-tunnel-interface tunnel1
remote-ip 192.168.100.50
gre-key-decap 4097 === 4097 is the VPN key used for the tunnel ID
parent-interface ethernet5
local-ip 192.168.200.50 mask 255.255.255.0 gateway-ip 192.168.200.1
direction bidirectional encap-loopback-interface ethernet3
The following CLI example configures a uni-directional tunnel from remote-dc1-filter-sw to main-dc-delivery-sw: 
!
switch remote-dc1-filter-sw
gre-tunnel-interface tunnel1
remote-ip 192.168.200.50
gre-key-decap 4097 === 4097 is the VPN key used for the tunnel ID
interface parent-interface ethernet6
local-ip 192.168.100.50 mask 255.255.255.0 gateway-ip 192.168.100.1
direction transmit-only encap-loopback-interface ethernet38
!
switch main-dc-delivery-sw
gre-tunnel-interface tunnel1
remote-ip 192.168.100.50
gre-key-decap 4097 === 4097 is the VPN key used for the tunnel ID
parent-interface ethernet5
local-ip 192.168.200.50 mask 255.255.255.0 gateway-ip 192.168.200.1
direction receive-only

Using the CLI to Rate Limit the Packets on a GRE Tunnel

Packets entering the GRE tunnel can be rate limited to limit bandwidth usage by the tunnel and help ensure that a WAN link is not saturated with monitoring traffic being tunneled between sites. This setting is applicable on the tunnel encapsulation side.
Note: The minimum recommended value for rate limiting on the tunnel interface is 25 kbps. If you set a value below this, the switch will still set the rate limit value to 25 kbps.
switch DMF-CORE-SWITCH-1
gre-tunnel-interface tunnel1
direction bidirectional encap-loopback-interface ethernet10
------------------------------example truncated------------
interface ethernet10
rate-limit 1000

Using the CLI to View GRE Tunnel Interfaces

All CLI show commands for regular interfaces can be used for GRE tunnel interfaces, and the show running-configcommand can be used to view the configuration of tunnel interfaces.

Enter the show tunnel command to see the configuration parameters as well as runtime state for a tunnel interface. 
controller-1# show tunnel
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent NameLoopback Name
-|-------------------------|-----------|------------------|-------------|------------|------------|------------|-------------|
1 DMF-CORE-SWITCH-1 tunnel1 ESTABLISHED_TUNNEL bidirectional 198.82.215.1 216.47.143.1 ethernet5:1 ethernet6
2 DMF-CORE-SWITCH-2 tunnel1 ESTABLISHED_TUNNEL bidirectional 216.47.143.1 198.82.215.1 ethernet11:3 ethernet5
3 DMF-CORE-SWITCH-2 tunnel2 ESTABLISHED_TUNNEL bidirectional 192.168.43.1 192.168.42.1 ethernet11:4 ethernet17
4 DMF-CORE-SWITCH-3 tunnel2 ESTABLISHED_TUNNEL bidirectional 192.168.42.1 192.168.43.1 ethernet6 ethernet33

controller-1# show tunnel switch DMF-CORE-SWITCH-2
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent NameLoopback Name
-|-------------------------|-----------|------------------|-------------|------------|------------|------------|-------------|
1 DMF-CORE-SWITCH-2 tunnel1 ESTABLISHED_TUNNEL bidirectional 216.47.143.1 198.82.215.1 ethernet11:3 ethernet5
2 DMF-CORE-SWITCH-2 tunnel2 ESTABLISHED_TUNNEL bidirectional 192.168.43.1 192.168.42.1 ethernet11:4 ethernet17

controller-1# show tunnel switch DMF-CORE-SWITCH-2 tunnel1
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent NameLoopback Name
-|-------------------------|-----------|------------------|-------------|------------|------------|------------|-------------|
1 DMF-CORE-SWITCH-2 tunnel1 ESTABLISHED_TUNNEL bidirectional 216.47.143.1 198.82.215.1 ethernet11:3 ethernet5
controller-1#

Using the GUI to Configure a VxLAN Tunnel

To configure a VxLAN tunnel using the GUI, complete the following steps:

  1. Select Fabric > Switch .
  2. On the Switches page, click the Menu control to the left of the switch or interface to include in the tunnel and select Create Tunnel.
    Alternatively, tunnels can be configured from the Fabric > Interfaces page by clicking on the top Menu Control > Create Tunnel option. The system displays the dialog as shown in the figure below:
    Figure 3. Configure VxLAN Tunnel
  3. Complete the fields on this page, as described below:
    • Switch: From the drop down, select the DMF switch.
    • Encapsulation Type: Encapsulation type will automatically be selected based on the pipeline mode of the selected switch.
    • Name: Name of the tunnel, beginning with the word tunnel.
    • Rate Limit (Optional): Packets entering the tunnel can be rate limited to restrict bandwidth usage of the tunnel. This can help ensure that a WAN link is not saturated with monitoring traffic being tunneled between sites. This setting is applicable on the tunnel encap side.
    • Direction: bidirectional, transmit-only or receive-only. For bidirectional tunnels, tunnel-direction should be bidirectional on both ends. For uni-directional tunnels from remote to main datacenter, tunnel-direction is transmit only on the remote datacenter switch and the tunnel-direction is receive-only on the main data center switch.
    • Local IP: Local IP address and subnet mask in CIDR format (/nn).
    • Gateway IP: IP address of the default (next-hop) gateway.
    • Remote IP: This is the IPv4 address of the other end (remote end) of the tunnel.
    • Parent Interface: Physical port or port-channel interface associated with the tunnel. This is the destination interface for the tunnel.
    • Loopback Interface: A physical interface on each switch with a transmit-only or a bidirectional tunnel endpoint. This physical interface will be used for tunnel encapsulation purposes, and cannot be used for any other DMF purpose, such as a filter, delivery, service, or core interface.
    • DSCP (Optional): Mark the tunnel traffic with the specified DSCP value.
  4. After configuring the appropriate options, click Submit.
Note: This procedure should be configured on both switches, at each end of the tunnel. The Auto VLAN mode must be set to Push Per Policy or Push Per Filter Interface.

Using the CLI to Configure a VxLAN Tunnel

To configure a VxLAN tunnel using the CLI, complete the following steps:

  1. Connect switch ports (on remote and main datacenter) to their respective WAN routers and ensure that they can communicate via IP.
  2. Enable tunneling on the DMF network by entering the following command from config mode: 
    controller-1(config)# tunneling
Tunneling is an Arista Licensed feature. Please ensure that you have purchased the license
for tunneling before using this feature. enter "yes" (or "y") to continue: yes
controller-1(config)#
  3. Configure the MAC loopback mode, as shown in the following example: 
    controller-1(config)# switch DMF-CORE-SWITCH
controller-1(config-switch)# interface ethernet7
controller-1(config-switch-if)# loopback-mode mac
  4. Create tunnel endpoints.
The following CLI example configures a bi-directional tunnel from remote-dc1-filter-sw to main-dc-delivery-sw: 
!
switch remote-dc1-filter-sw
vxlan-tunnel-interface tunnel1
remote-ip 192.168.200.50
parent-interface ethernet6
local-ip 192.168.100.50 mask 255.255.255.0 gateway-ip 192.168.100.1
direction bidirectional encap-loopback-interface ethernet38
!
switch main-dc-delivery-sw
vxlan-tunnel-interface tunnel1
remote-ip 192.168.100.50
parent-interface ethernet5
local-ip 192.168.200.50 mask 255.255.255.0 gateway-ip 192.168.200.1
direction bidirectional encap-loopback-interface ethernet3
The following CLI example configures a uni-directional tunnel from remote-dc1-filter-sw to main-dc-delivery-sw: 
!
switch remote-dc1-filter-sw
vxlan-tunnel-interface tunnel1
remote-ip 192.168.200.50
interface parent-interface ethernet6
local-ip 192.168.100.50 mask 255.255.255.0 gateway-ip 192.168.100.1
direction transmit-only encap-loopback-interface ethernet38
!
switch main-dc-delivery-sw
vxlan-tunnel-interface tunnel1
remote-ip 192.168.100.50
parent-interface ethernet5
local-ip 192.168.200.50 mask 255.255.255.0 gateway-ip 192.168.200.1
direction receive-only

Using the CLI to Rate Limit the Packets on a VxLAN Tunnel

Packets entering the VxLAN tunnel can be rate limited to limit bandwidth usage by the tunnel and help ensure that a WAN link is not saturated with monitoring traffic being tunneled between sites. This setting is applicable on the tunnel encapsulation side.
Note:The minimum recommended value for rate limiting on the tunnel interface is 25 kbps. If you set a value below this, the switch will still set the rate limit value to 25 kbps.
switch DMF-CORE-SWITCH-1
vxlan-tunnel-interface tunnel1
direction bidirectional encap-loopback-interface ethernet10
<snip>
interface ethernet10
rate-limit 1000

Using the CLI to View VxLAN Tunnel Interfaces

All CLI show commands for regular interfaces can also be used for tunnel interfaces. The show running-config command can be used to display the configuration of tunnel interfaces.

Enter the show tunnel command to see the configuration parameters as well as runtime state for a VxLAN tunnel interface. 
controller-1# show tunnel
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent Name Loopback
Name
-|-------------------------|-----------|-----------------|-------------|------------|------------|------------|-------------|
1 DMF-CORE-SWITCH-1 tunnel1 ESTABLISHED_TUNNEL bidirectional 198.82.215.1 216.47.143.1 ethernet5:1 ethernet6
2 DMF-CORE-SWITCH-2 tunnel1 ESTABLISHED_TUNNEL bidirectional 216.47.143.1 198.82.215.1 ethernet11:3 ethernet5
3 DMF-CORE-SWITCH-2 tunnel2 ESTABLISHED_TUNNEL bidirectional 192.168.43.1 192.168.42.1 ethernet11:4 ethernet17
4 dMF-CORE-SWITCH-3 tunnel2 ESTABLISHED_TUNNEL bidirectional 192.168.42.1 192.168.43.1 ethernet6 ethernet33
controller-1#
controller-1# show tunnel switch DMF-CORE-SWITCH-2
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent Name Loopback Name
-|-----------------------|-----------|------------------|-------------|------------|------------|------------|-------------|
1 DMF-CORE-SWITCH-2 tunnel1 ESTABLISHED_TUNNEL bidirectional 216.47.143.1 198.82.215.1 ethernet11:3 ethernet5
2 DMF-CORE-SWITCH-2 tunnel2 ESTABLISHED_TUNNEL bidirectional 192.168.43.1 192.168.42.1 ethernet11:4 ethernet17
controller-1#
controller-1# show tunnel switch DMF-CORE-SWITCH-2 tunnel1
# Switch DPID Tunnel Name Tunnel Status Direction Src IP Dst IP Parent Name Loopback Name
-|-----------------------|-----------|------------------|-------------|------------|------------|------------|-------------|
1 DMF-CORE-SWITCH-2 tunnel1 ESTABLISHED_TUNNEL bidirectional 216.47.143.1 198.82.215.1 ethernet11:3 ethernet5
controller-1#

Viewing or Modifying Existing Tunnels

To view or modify the configuration of an existing tunnel, use the Fabric > Interfaces option. To view the tunnel configuration, expand the interface. DMF displays the tunnel configuration as illustrated in the following figure.
Tip: When multiple interfaces are present, use the Filter feature to locate tunnel interfaces after typing the first few letters of the word tunnel.
Figure 4. Tunnel Interfaces

The expanded row displays the status and other properties of the tunnel configured for the selected interface. Use the Menu control and select Configure Tunnel to modify the tunnel configuration. Select Delete Tunnel to remove the tunnel.

Using a Tunnel with User-defined Offsets

With an L2-GRE or VxLAN tunnel, matching traffic on a user-defined offset results in dropping interesting traffic. The offset calculation is thrown off by the tunnel header, and traffic that you want to select may be dropped. This behavior is due to the way switch hardware calculates the anchor and offset with respect to incoming packets. When the core link is a tunnel, the anchor and offset calculation is different when encapsulating packets compared to when decapsulating.

There are two ways to work around this issue:
  • Avoid matching on user-defined offsets on tunnel interfaces
  • Avoid using a tunnel as a core link when matching on a user-defined offset

You can avoid matching on user-defined offsets when the ingress filter interface is a tunnel by filtering on the user-defined offset before the traffic enters a tunnel used as a filter interface. This preserves the LLDP messaging on the core tunnel link, but it requires an extra physical loopback interface on the encapsulating switch. Figure below illustrates both of these workarounds. In either case, a UDF match is applied to the ingress traffic on filter interface F. For example, the policy might apply a match at offset 20 after the start of the L4 header. In both workarounds, the policy has been split into two policies:

P1: F to D1, match on user-defined offset P2: F1 to D, match any.

In the example on the left, the ingress interface on the decapsulating switch, which is included in a core tunnel link, no longer has to calculate the user-defined offset. This solution preserves LLDP messages on the tunnel link, but requires an extra loopback interface.
Figure 5. Using Tunnels with User-Defined Offsets

In the example on the right, the tunnel endpoints are configured as filter and delivery interfaces. This solution avoids using the tunnel as a core link and does not require an extra physical loopback interface. However, LLDP updates are lost on the tunnel link.

Wildcard Tunnels on SAND Platforms

The Wildcard tunneling feature allows the DANZ Monitoring Fabric (DMF) to decapsulate L2GRE-based tunneled traffic from any remote source. This feature, supported on SwitchLight OS (SWL) based DMF switches in prior releases, now allows wildcard tunnels on Arista EOS-based DMF switches.

Platform Compatibility

EOS switches with Jericho2 or higher ASICs compatible with DMF 8.5.0 that support L2GRE tunneling. L2GRE tunneling on EOS SAND platforms is only supported on Arista 7280R3 switches.

Configuring Wildcard Tunnels Using the CLI

Perform the following steps to configure the tunnels.
  1. Enable the tunneling feature before configuring tunnels on a switch using the tunneling command. Enter yes, when prompted to continue. 
    dmf-controller-1(config)# tunneling
Tunneling is an Arista Licensed feature. 
Please ensure that you have purchased the license for tunneling before using this feature.
Enter "yes" (or "y") to continue: y
dmf-controller-1(config)#
  2. Configure a tunnel by using the remote-ip as 0.0.0.0. 
    dmf-controller-1(config)# switch main-dc-delivery-sw
dmf-controller-1(config-switch)# gre-tunnel-interface tunnel1
dmf-controller-1(config-switch)# remote-ip 0.0.0.0 === this is to enable wildcard tunnel
dmf-controller-1(config-switch)# gre-key-decap 4097
dmf-controller-1(config-switch)# parent-interface ethernet5
dmf-controller-1(config-switch)# local-ip 192.168.200.50 mask 255.255.255.0 gateway-ip 192.168.200.1
dmf-controller-1(config-switch)# direction receive-only
Please refer to the Tunneling Between Data Centers chapter for more information on using L2GRE tunnels in DANZ Monitoring Fabric (DMF).

Show Commands

All CLI show commands for regular interfaces apply to GRE tunnel interfaces. Use the show running-config command to view the configuration of tunnel interfaces.

Enter the show tunnel command to view a tunnel interface's configuration parameters and runtime state.

Example

dmf-controller-1# show tunnel
# Switch DPID Tunnel Name Tunnel StatusDirection Src IP Dst IP Parent NameLoopback Name
-|-----------------|-----------|------------------|-------------|------------|------------|------------|-------------|
1 DMF-CORE-SWITCH-1 tunnel1 ESTABLISHED_TUNNEL bidirectional 198.82.215.1 216.47.143.1 ethernet5:1ethernet6
2 DMF-CORE-SWITCH-2 tunnel1 ESTABLISHED_TUNNEL bidirectional 216.47.143.1 198.82.215.1 ethernet11:3 ethernet5
3 DMF-CORE-SWITCH-2 tunnel2 ESTABLISHED_TUNNEL bidirectional 192.168.43.1 192.168.42.1 ethernet11:4 ethernet17
4 DMF-CORE-SWITCH-3 tunnel2 ESTABLISHED_TUNNEL bidirectional 192.168.42.1 192.168.43.1 ethernet6ethernet33

Configuring Wildcard Tunnels Using the GUI

In the DANZ Monitoring Fabric (DMF) UI, enable Tunneling by navigating to the DMF Features page and clicking on the gear icon in the navigation bar.

Figure 6. DMF Navigation Menu
Locate the Tunneling card feature on the page.
Tip: Use the search bar to quickly locate the feature.
Figure 7. DMF Features

Turn on the toggle switch to enable the Tunneling feature on DMF.

Steps to Enable Wildcard Tunnels

  1. Locate the Switches tab on the Fabric > Switches page.
    Figure 8. Fabric > Switches
  2. Click the Create Tunnel option from the table menu.
    Figure 9. Create Tunnel
  3. Create a Tunnel (select Encapsulation Type as GRE) by entering the required fields. To enable wildcard support, enter the Remote IP input with data as shown below.
    Figure 10. Configure Tunnel
  4. Click Submit to save the tunnel configuration.