[j-nsp] GRE Between Juniper and Cisco

Pekka Savola pekkas at netcore.fi
Thu Oct 19 10:26:11 EDT 2006 

On Thu, 19 Oct 2006, Ranjit Bahad wrote:
> They are connected over a 100Mbps WAN link.

You have a tunnel PIC, right?

If you look closely, you see that both ends have both sent and 
received packets.

Does the 100 Mbit/s WAN link have high enough MTU to accommodate up to 
1514+encapsulation (about 1546) bytes?

You should also check filters at your Juniper physical outgoing 
interface.  Tunnels have a weird implementation which require that you 
accept packets with _your_ tunnel endpoint's address at the input of 
the physical interface.

> -----Original Message-----
> From: Erdem Sener [mailto:erdems at gmail.com]
> Sent: 19 October 2006 14:54
> To: Ranjit Bahad
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] GRE Between Juniper and Cisco
>
> Hi,
>
> How are these boxes are connected to each other?
>
> In first guess, it seems the problem is in some kind of switch between
> them.
>
> HTH
>
> On 10/19/06, Ranjit Bahad <Ranjit_Bahad at inmarsat.com> wrote:
>> Hi,
>>
>>
>>
>> I have a link services pic installed in a M10 and have configured a
> GRE
>> tunnel from this box to a Cisco router.
>>
>>
>>
>> Below are the configs:
>>
>>
>>
>> Juniper:
>>
>>
>>
>>   gr-1/0/0 {
>>
>>        unit 10 {
>>
>>            tunnel {
>>
>>                source 172.30.9.2;
>>
>>                destination 172.30.12.2;
>>
>>            }
>>
>>            family inet {
>>
>>                mtu 1514;
>>
>>                address 1.1.1.1/24;
>>
>>            }
>>
>>        }
>>
>>    }
>>
>>
>>
>> show interfaces gr-1/0/0
>>
>> Physical interface: gr-1/0/0, Enabled, Physical link is Up
>>
>>  Interface index: 147, SNMP ifIndex: 69
>>
>>  Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps
>>
>>  Device flags   : Present Running
>>
>>  Interface flags: Point-To-Point SNMP-Traps
>>
>>  Input rate     : 0 bps (0 pps)
>>
>>  Output rate    : 0 bps (0 pps)
>>
>>
>>
>>  Logical interface gr-1/0/0.10 (Index 105) (SNMP ifIndex 86)
>>
>>    Flags: Point-To-Point SNMP-Traps 16384
>>
>>    IP-Header 172.30.12.2:172.30.9.2:47:df:64:0000000000000000
>> Encapsulation: GRE-NULL
>>
>>  Input packets : 26
>>
>>  Output packets: 29
>>
>>    Protocol inet, MTU: 1514
>>
>>      Flags: User-MTU
>>
>>      Addresses, Flags: Is-Preferred Is-Primary
>>
>>        Destination: 1.1.1/24, Local: 1.1.1.1, Broadcast: 1.1.1.255
>>
>>
>>
>> Cisco:
>>
>>
>>
>> sh int tunnel 10
>>
>> Tunnel10 is up, line protocol is up
>>
>>  Hardware is Tunnel
>>
>>  Internet address is 1.1.1.2/24
>>
>>  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
>>
>>     reliability 255/255, txload 1/255, rxload 1/255
>>
>>  Encapsulation TUNNEL, loopback not set
>>
>>  Keepalive not set
>>
>>  Tunnel source 172.30.12.2, destination 172.30.9.2, fastswitch TTL 255
>>
>>  Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
>>
>>  Tunnel TTL 255
>>
>>  Checksumming of packets disabled, fast tunneling enabled
>>
>>  Last input 00:09:41, output 00:05:06, output hang never
>>
>>  Last clearing of "show interface" counters never
>>
>>  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
>>
>>  Queueing strategy: fifo
>>
>>  Output queue: 0/0 (size/max)
>>
>>  5 minute input rate 0 bits/sec, 0 packets/sec
>>
>>  5 minute output rate 0 bits/sec, 0 packets/sec
>>
>>  L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
>>
>>  L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
>>
>>  L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
>>
>>     3 packets input, 888 bytes, 0 no buffer
>>
>>     Received 0 broadcasts (0 IP multicasts)
>>
>>     0 runts, 0 giants, 0 throttles
>>
>>     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>>
>>     36 packets output, 4012 bytes, 0 underruns
>>
>>     0 output errors, 0 collisions, 0 interface resets
>>
>>     0 output buffer failures, 0 output buffers swapped out
>>
>> AMCORRTR02#
>>
>> AMCORRTR02#
>>
>> AMCORRTR02#sh run int tun
>>
>> AMCORRTR02#sh run int tunnel 10
>>
>> Building configuration...
>>
>>
>>
>> Current configuration : 118 bytes
>>
>> !
>>
>> interface Tunnel10
>>
>>  ip address 1.1.1.2 255.255.255.0
>>
>>  tunnel source 172.30.12.2
>>
>>  tunnel destination 172.30.9.2
>>
>> end
>>
>>
>>
>> Neither end of the tunnel can ping each other. Pinging the physical
> IP's
>> of each host router is ok. Any help will be greatly appreciated!
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Raj.
>>
>>
>> _____________________________________________________________________
>> This e-mail has been scanned for viruses by Verizon Business Internet
> Managed Scanning Services - powered by MessageLabs. For further
> information visit http://www.mci.com
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

More information about the juniper-nsp mailing list