Tunnel

Tunnel interfaces provide virtual point-to-point connections across IP networks, enabling secure communication, network extension, and overlay services through various encapsulation protocols including GRE, IPsec, and MPLS over IP. They support multiple tunnel types for different use cases such as site-to-site VPNs, dynamic routing over WANs, traffic engineering, and network virtualization while maintaining full Layer 3 functionality with routing protocol support and quality of service capabilities. Tunnel interfaces are essential for connecting remote sites, extending private networks across public infrastructure, implementing overlay networks, and providing secure communication channels that abstract the underlying physical network topology.

Diagram

Classes

interfaces (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory	Default Value
tunnels	List	`[tunnels]`	No

tunnels (iosxe.devices.configuration.interfaces)

Name	Type	Constraint	Mandatory
name	Integer		Yes
interface_groups	List	String	No
description	String		No
shutdown	Boolean	`true`, `false`	No
vrf_forwarding	String		No
ipv4	Class	`[ipv4]`	No
ipv6	Class	`[ipv6]`	No
bfd	Class	`[bfd]`	No
tunnel_destination_ipv4	IP		No
ospf	Class	`[ospf]`	No
ospfv3	Class	`[ospfv3]`	No
arp_timeout	Integer	min: `0`, max: `2147483`	No
ip_mtu	Integer	min: `576`, max: `1500`	No
load_interval	Integer	min: `30`, max: `600`	No
snmp_trap_link_status	Boolean	`true`, `false`	No
logging_event_link_status_enable	Boolean	`true`, `false`	No
tunnel_vrf	String		No
tunnel_mode_ipsec_ipv4	Boolean	`true`, `false`	No
tunnel_protection_ipsec_profile	String		No
tunnel_source	String		No

ipv4 (iosxe.devices.configuration.interfaces.tunnels)

Name	Type	Constraint	Mandatory
address	IP		No
address_mask	IP		No
proxy_arp	Boolean	`true`, `false`	No
arp_inspection_trust	Boolean	`true`, `false`	No
arp_inspection_limit_rate	Integer	min: `0`, max: `4294967295`	No
dhcp_snooping_trust	Boolean	`true`, `false`	No
dhcp_relay_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`, `PortChannel`	No
dhcp_relay_source_interface_id	String		No
helper_addresses	List	`[helper_addresses]`	No
access_group_in	String		No
access_group_out	String		No
flow_monitors	List	`[flow_monitors]`	No
redirects	Boolean	`true`, `false`	No
unreachables	Boolean	`true`, `false`	No
unnumbered	String		No

ipv6 (iosxe.devices.configuration.interfaces.tunnels)

Name	Type	Constraint	Mandatory
enable	Boolean	`true`, `false`	No
addresses	List	`[addresses]`	No
link_local_addresses	List	IP	No
address_autoconfig_default	Boolean	`true`, `false`	No
address_dhcp	Boolean	`true`, `false`	No
mtu	Integer	min: `1280`, max: `9976`	No
nd_ra_suppress_all	Boolean	`true`, `false`	No
flow_monitors	List	`[flow_monitors]`	No

bfd (iosxe.devices.configuration.interfaces.tunnels)

Name	Type	Constraint	Mandatory
template	String		No
enable	Boolean	`true`, `false`	No
local_address	String		No
interval	Integer	min: `50`, max: `9999`	No
interval_min_rx	Integer	min: `50`, max: `9999`	No
interval_multiplier	Integer	min: `3`, max: `50`	No
echo	Boolean	`true`, `false`	No

ospf (iosxe.devices.configuration.interfaces.tunnels)

Name	Type	Constraint	Mandatory
cost	Integer	min: `1`, max: `65535`	No
dead_interval	Integer	min: `1`, max: `65535`	No
hello_interval	Integer	min: `1`, max: `65535`	No
mtu_ignore	Boolean	`true`, `false`	No
network_type	Choice	`broadcast`, `non-broadcast`, `point-to-multipoint`, `point-to-point`	No
priority	Integer	min: `0`, max: `255`	No
ttl_security_hops	Integer	min: `1`, max: `254`	No
process_ids	List	`[process_ids]`	No
message_digest_keys	List	`[message_digest_keys]`	No

ospfv3 (iosxe.devices.configuration.interfaces.tunnels)

Name	Type	Constraint	Mandatory	Default Value
network_type	Choice	`broadcast`, `non-broadcast`, `point-to-multipoint`, `point-to-point`	No
cost	Integer	min: `1`, max: `65535`	No

helper_addresses (iosxe.devices.configuration.interfaces.tunnels.ipv4)

Name	Type	Constraint	Mandatory
address	IP		Yes
global	Boolean	`true`, `false`	No
vrf	String		No

flow_monitors (iosxe.devices.configuration.interfaces.tunnels.ipv4)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
direction	Choice	`input`, `output`	Yes

addresses (iosxe.devices.configuration.interfaces.tunnels.ipv6)

Name	Type	Constraint	Mandatory	Default Value
prefix	IP		Yes
eui_64	Boolean	`true`, `false`	No

process_ids (iosxe.devices.configuration.interfaces.tunnels.ospf)

Name	Type	Constraint	Mandatory	Default Value
id	Integer	min: `1`, max: `65535`	No
areas	List	String	No

message_digest_keys (iosxe.devices.configuration.interfaces.tunnels.ospf)

Name	Type	Constraint	Mandatory
id	Integer	min: `1`, max: `255`	Yes
md5_auth_key	String		No
md5_auth_type	Choice	`0`, `7`	No

Examples

iosxe:
  devices:
    - name: Device1
      configuration:
        interfaces:
          tunnels:
            - name: 100
              description: GRE Tunnel to Remote Site
              shutdown: false
              vrf_forwarding: WAN
              tunnel_destination_ipv4: 203.0.113.10
              tunnel_source: GigabitEthernet0/0/1
              tunnel_mode_ipsec_ipv4: false
              ipv4:
                address: 10.255.1.1
                address_mask: 255.255.255.252
                redirects: false
                unreachables: false
              ipv6:
                enable: true
                addresses:
                  - prefix: 2001:db8:tunnel::1/64
              bfd:
                enable: true
                interval: 100
                interval_multiplier: 3
              ospf:
                cost: 1000
                network_type: point-to-point
                process_ids:
                  - id: 1
                    areas:
                      - "0"
              load_interval: 30
              ip_mtu: 1476
            - name: 200
              description: IPsec VPN Tunnel
              shutdown: false
              tunnel_destination_ipv4: 198.51.100.20
              tunnel_source: GigabitEthernet0/0/0
              tunnel_mode_ipsec_ipv4: true
              tunnel_protection_ipsec_profile: IPSEC-PROFILE-1
              tunnel_vrf: INTERNET
              ipv4:
                address: 172.16.255.1
                address_mask: 255.255.255.252
              logging_event_link_status_enable: true
              snmp_trap_link_status: true