Tunnel Next Hops

Tunnels which utilize non-broadcast interfaces cannot locate peers using functions such as ARP and thus may require additional configuration for the dataplane to locate a direct adjacency.

Tunnel next hop entries create an association in the dataplane tunnel endpoint information database which defines a relationship between the overlay address (tunnel interface address) and underlay address (outer peer address used to establish the tunnel) of a particular peer.


In current versions of TNSR software the only tunnel types this applies to are WireGuard and IPIP.

To define a new tunnel next hop entry use tunnel next-hop <interface> from config mode. This command enters config-tunnel-nh-if mode where the next hop entries for that interface are defined.

Tunnel Next Hop Configuration

Within config-tunnel-nh-if mode the following command is available:

(ipv4-tunnel-destination|ipv6-tunnel-destination) <inner-address>

This command starts a new next hop definition for the address of a peer reachable using the tunnel interface. This is the internal address of the tunnel peer which is typically in a shared subnet with the local address on the tunnel interface.

The command takes one additional parameter:

(ipv4-next-hop-address|ipv6-next-hop-address) <outer-address>

This parameter specifies the external address of the tunnel peer.


The following example is for a peer interface address of on WireGuard instance 1 where the WireGuard peer external address is

tnsr(config)# tunnel next-hops wg1
tnsr(config-tunnel-nh-if)# ipv4-tunnel-destination ipv4-next-hop-address
tnsr(config-tunnel-nh-if)# exit

Tunnel Next Hop Status

To view a list of current tunnel next hop definitions, use the show tunnel next-hops command:

tnsr# show tunnel next-hops
Interface Destination Address Next Hop Address
--------- ------------------- ----------------