[j-nsp] GRE Between Juniper and Cisco

Scott Morris swm at emanon.com
Thu Oct 19 11:25:05 EDT 2006 

GRE encapsulation only takes like 8 bytes as I recall.  So if you want to be
specific in your GRE setup, change the MTU there to 1492 and see what works.

Your ethernet MTU shouldn't need to be modified in order to get this
working.

Scott
 

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Pekka Savola
Sent: Thursday, October 19, 2006 10:26 AM
To: Ranjit Bahad
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] GRE Between Juniper and Cisco

On Thu, 19 Oct 2006, Ranjit Bahad wrote:
> They are connected over a 100Mbps WAN link.

You have a tunnel PIC, right?

If you look closely, you see that both ends have both sent and received
packets.

Does the 100 Mbit/s WAN link have high enough MTU to accommodate up to 
1514+encapsulation (about 1546) bytes?

You should also check filters at your Juniper physical outgoing interface.
Tunnels have a weird implementation which require that you accept packets
with _your_ tunnel endpoint's address at the input of the physical
interface.

> -----Original Message-----
> From: Erdem Sener [mailto:erdems at gmail.com]
> Sent: 19 October 2006 14:54
> To: Ranjit Bahad
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] GRE Between Juniper and Cisco
>
> Hi,
>
> How are these boxes are connected to each other?
>
> In first guess, it seems the problem is in some kind of switch between 
> them.
>
> HTH
>
> On 10/19/06, Ranjit Bahad <Ranjit_Bahad at inmarsat.com> wrote:
>> Hi,
>>
>>
>>
>> I have a link services pic installed in a M10 and have configured a
> GRE
>> tunnel from this box to a Cisco router.
>>
>>
>>
>> Below are the configs:
>>
>>
>>
>> Juniper:
>>
>>
>>
>>   gr-1/0/0 {
>>
>>        unit 10 {
>>
>>            tunnel {
>>
>>                source 172.30.9.2;
>>
>>                destination 172.30.12.2;
>>
>>            }
>>
>>            family inet {
>>
>>                mtu 1514;
>>
>>                address 1.1.1.1/24;
>>
>>            }
>>
>>        }
>>
>>    }
>>
>>
>>
>> show interfaces gr-1/0/0
>>
>> Physical interface: gr-1/0/0, Enabled, Physical link is Up
>>
>>  Interface index: 147, SNMP ifIndex: 69
>>
>>  Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps
>>
>>  Device flags   : Present Running
>>
>>  Interface flags: Point-To-Point SNMP-Traps
>>
>>  Input rate     : 0 bps (0 pps)
>>
>>  Output rate    : 0 bps (0 pps)
>>
>>
>>
>>  Logical interface gr-1/0/0.10 (Index 105) (SNMP ifIndex 86)
>>
>>    Flags: Point-To-Point SNMP-Traps 16384
>>
>>    IP-Header 172.30.12.2:172.30.9.2:47:df:64:0000000000000000
>> Encapsulation: GRE-NULL
>>
>>  Input packets : 26
>>
>>  Output packets: 29
>>
>>    Protocol inet, MTU: 1514
>>
>>      Flags: User-MTU
>>
>>      Addresses, Flags: Is-Preferred Is-Primary
>>
>>        Destination: 1.1.1/24, Local: 1.1.1.1, Broadcast: 1.1.1.255
>>
>>
>>
>> Cisco:
>>
>>
>>
>> sh int tunnel 10
>>
>> Tunnel10 is up, line protocol is up
>>
>>  Hardware is Tunnel
>>
>>  Internet address is 1.1.1.2/24
>>
>>  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
>>
>>     reliability 255/255, txload 1/255, rxload 1/255
>>
>>  Encapsulation TUNNEL, loopback not set
>>
>>  Keepalive not set
>>
>>  Tunnel source 172.30.12.2, destination 172.30.9.2, fastswitch TTL 
>> 255
>>
>>  Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
>>
>>  Tunnel TTL 255
>>
>>  Checksumming of packets disabled, fast tunneling enabled
>>
>>  Last input 00:09:41, output 00:05:06, output hang never
>>
>>  Last clearing of "show interface" counters never
>>
>>  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 
>> 0
>>
>>  Queueing strategy: fifo
>>
>>  Output queue: 0/0 (size/max)
>>
>>  5 minute input rate 0 bits/sec, 0 packets/sec
>>
>>  5 minute output rate 0 bits/sec, 0 packets/sec
>>
>>  L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
>>
>>  L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
>>
>>  L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
>>
>>     3 packets input, 888 bytes, 0 no buffer
>>
>>     Received 0 broadcasts (0 IP multicasts)
>>
>>     0 runts, 0 giants, 0 throttles
>>
>>     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>>
>>     36 packets output, 4012 bytes, 0 underruns
>>
>>     0 output errors, 0 collisions, 0 interface resets
>>
>>     0 output buffer failures, 0 output buffers swapped out
>>
>> AMCORRTR02#
>>
>> AMCORRTR02#
>>
>> AMCORRTR02#sh run int tun
>>
>> AMCORRTR02#sh run int tunnel 10
>>
>> Building configuration...
>>
>>
>>
>> Current configuration : 118 bytes
>>
>> !
>>
>> interface Tunnel10
>>
>>  ip address 1.1.1.2 255.255.255.0
>>
>>  tunnel source 172.30.12.2
>>
>>  tunnel destination 172.30.9.2
>>
>> end
>>
>>
>>
>> Neither end of the tunnel can ping each other. Pinging the physical
> IP's
>> of each host router is ok. Any help will be greatly appreciated!
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Raj.
>>
>>
>> _____________________________________________________________________
>> This e-mail has been scanned for viruses by Verizon Business Internet
> Managed Scanning Services - powered by MessageLabs. For further 
> information visit http://www.mci.com
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list