Tunnel Next Hops

Tunnels which utilize non-broadcast interfaces cannot locate peers using functions such as ARP and thus may require additional configuration for the dataplane to locate an adjacency.

Tunnel next hop entries create an association in the dataplane tunnel endpoint information database which defines a relationship between the overlay address (tunnel interface address) and underlay address (outer peer address used to establish the tunnel) of a particular peer.


In current versions of TNSR software the only tunnel type this applies to is WireGuard. See WireGuard Tunnel Next Hop for information specific to WireGuard.

To define a new tunnel next hop entry use tunnel next-hop <interface> from config mode. This command enters config-tunnel-nh-if mode where the next hop entries for that interface are defined.

Tunnel Next Hop Configuration

Within config-tunnel-nh-if mode the following command is available:

(ipv4-tunnel-destination|ipv6-tunnel-destination) <inner-address>

This command starts a new next hop definition for the address of a peer reachable using the tunnel interface. This is the internal address of the tunnel peer which is typically in a shared subnet with the local address on the tunnel interface.

The command takes one additional parameter:

(ipv4-next-hop-address|ipv6-next-hop-address) <outer-address>

This parameter specifies the external address of the tunnel peer.


The following example is for a peer interface address of on WireGuard instance 1 where the WireGuard peer external address is

tnsr(config)# tunnel next-hops wg1
tnsr(config-tunnel-nh-if)# ipv4-tunnel-destination ipv4-next-hop-address
tnsr(config-tunnel-nh-if)# exit

Tunnel Next Hop Status

To view a list of current tunnel next hop definitions, use the show tunnel next-hops command:

tnsr# show tunnel next-hops
Interface Destination Address Next Hop Address
--------- ------------------- ----------------