[j-nsp] GRE Between Juniper and Cisco
Ranjit Bahad
Ranjit_Bahad at inmarsat.com
Thu Oct 19 10:33:09 EDT 2006
I've reduced the MTU on both sides to 1360 to negate any MTU size
limitation problems. What's weird is that when pinging from the Cisco to
Juniper, the Juniper sees packets coming in and corresponds with the
same number of outbound traffic. The Cisco still get no ping responses.
When pinging from the Juniper to Cisco, no pings are seen coming into
the Cisco GRE interface. However, when tracerouting from the Juniper to
Cisco, it works fine and the interface counters on the Cisco see the
packets come in!
I'll check to see if filters are in place.
-----Original Message-----
From: Pekka Savola [mailto:pekkas at netcore.fi]
Sent: 19 October 2006 15:26
To: Ranjit Bahad
Cc: Erdem Sener; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] GRE Between Juniper and Cisco
On Thu, 19 Oct 2006, Ranjit Bahad wrote:
> They are connected over a 100Mbps WAN link.
You have a tunnel PIC, right?
If you look closely, you see that both ends have both sent and
received packets.
Does the 100 Mbit/s WAN link have high enough MTU to accommodate up to
1514+encapsulation (about 1546) bytes?
You should also check filters at your Juniper physical outgoing
interface. Tunnels have a weird implementation which require that you
accept packets with _your_ tunnel endpoint's address at the input of
the physical interface.
> -----Original Message-----
> From: Erdem Sener [mailto:erdems at gmail.com]
> Sent: 19 October 2006 14:54
> To: Ranjit Bahad
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] GRE Between Juniper and Cisco
>
> Hi,
>
> How are these boxes are connected to each other?
>
> In first guess, it seems the problem is in some kind of switch between
> them.
>
> HTH
>
> On 10/19/06, Ranjit Bahad <Ranjit_Bahad at inmarsat.com> wrote:
>> Hi,
>>
>>
>>
>> I have a link services pic installed in a M10 and have configured a
> GRE
>> tunnel from this box to a Cisco router.
>>
>>
>>
>> Below are the configs:
>>
>>
>>
>> Juniper:
>>
>>
>>
>> gr-1/0/0 {
>>
>> unit 10 {
>>
>> tunnel {
>>
>> source 172.30.9.2;
>>
>> destination 172.30.12.2;
>>
>> }
>>
>> family inet {
>>
>> mtu 1514;
>>
>> address 1.1.1.1/24;
>>
>> }
>>
>> }
>>
>> }
>>
>>
>>
>> show interfaces gr-1/0/0
>>
>> Physical interface: gr-1/0/0, Enabled, Physical link is Up
>>
>> Interface index: 147, SNMP ifIndex: 69
>>
>> Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps
>>
>> Device flags : Present Running
>>
>> Interface flags: Point-To-Point SNMP-Traps
>>
>> Input rate : 0 bps (0 pps)
>>
>> Output rate : 0 bps (0 pps)
>>
>>
>>
>> Logical interface gr-1/0/0.10 (Index 105) (SNMP ifIndex 86)
>>
>> Flags: Point-To-Point SNMP-Traps 16384
>>
>> IP-Header 172.30.12.2:172.30.9.2:47:df:64:0000000000000000
>> Encapsulation: GRE-NULL
>>
>> Input packets : 26
>>
>> Output packets: 29
>>
>> Protocol inet, MTU: 1514
>>
>> Flags: User-MTU
>>
>> Addresses, Flags: Is-Preferred Is-Primary
>>
>> Destination: 1.1.1/24, Local: 1.1.1.1, Broadcast: 1.1.1.255
>>
>>
>>
>> Cisco:
>>
>>
>>
>> sh int tunnel 10
>>
>> Tunnel10 is up, line protocol is up
>>
>> Hardware is Tunnel
>>
>> Internet address is 1.1.1.2/24
>>
>> MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
>>
>> reliability 255/255, txload 1/255, rxload 1/255
>>
>> Encapsulation TUNNEL, loopback not set
>>
>> Keepalive not set
>>
>> Tunnel source 172.30.12.2, destination 172.30.9.2, fastswitch TTL
255
>>
>> Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
>>
>> Tunnel TTL 255
>>
>> Checksumming of packets disabled, fast tunneling enabled
>>
>> Last input 00:09:41, output 00:05:06, output hang never
>>
>> Last clearing of "show interface" counters never
>>
>> Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
0
>>
>> Queueing strategy: fifo
>>
>> Output queue: 0/0 (size/max)
>>
>> 5 minute input rate 0 bits/sec, 0 packets/sec
>>
>> 5 minute output rate 0 bits/sec, 0 packets/sec
>>
>> L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
>>
>> L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
>>
>> L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
>>
>> 3 packets input, 888 bytes, 0 no buffer
>>
>> Received 0 broadcasts (0 IP multicasts)
>>
>> 0 runts, 0 giants, 0 throttles
>>
>> 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>>
>> 36 packets output, 4012 bytes, 0 underruns
>>
>> 0 output errors, 0 collisions, 0 interface resets
>>
>> 0 output buffer failures, 0 output buffers swapped out
>>
>> AMCORRTR02#
>>
>> AMCORRTR02#
>>
>> AMCORRTR02#sh run int tun
>>
>> AMCORRTR02#sh run int tunnel 10
>>
>> Building configuration...
>>
>>
>>
>> Current configuration : 118 bytes
>>
>> !
>>
>> interface Tunnel10
>>
>> ip address 1.1.1.2 255.255.255.0
>>
>> tunnel source 172.30.12.2
>>
>> tunnel destination 172.30.9.2
>>
>> end
>>
>>
>>
>> Neither end of the tunnel can ping each other. Pinging the physical
> IP's
>> of each host router is ok. Any help will be greatly appreciated!
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Raj.
>>
>>
>> _____________________________________________________________________
>> This e-mail has been scanned for viruses by Verizon Business Internet
> Managed Scanning Services - powered by MessageLabs. For further
> information visit http://www.mci.com
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_____________________________________________________________________
This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com
More information about the juniper-nsp
mailing list