[j-nsp] GRE between J-series and Cisco for VRF-lite

Jonathan Looney jonlooney at gmail.com
Wed Jan 21 09:24:07 EST 2009


If both the source and destination of the GRE tunnel are in the main table,
you don't need (actually, you don't want) the routing-instance line in the
GRE configuration.  Rather, you place the GRE interface itself in the
routing-instance.  I believe the GRE packets themselves will still use the
main routing table by default (even if the interface is placed in a routing
instance):

routing-instances {
    cust10 {
        interface gr-0/0/0.1;
    }
}


Note that you may need to adjust the input filters on your outbound
interface to allow the outbound traffic.  So, in this case you would want to
make sure your input filters allow GRE traffic from 123.123.123.1 to
99.99.99.1, as well as GRE traffic from 99.99.99.1 to 123.123.123.1.  I know
it sounds strange, but it is true. ;-)

-Jon


On Wed, Jan 21, 2009 at 6:24 AM, Ian MacKinnon <ian.mackinnon at lumison.net>wrote:

> Hi All,
>
> I know Juniper does not support direclty the idea of vrf-lite, but I am
> looking at using simple vrfs with GRE tunnels to a Cisco router, like in the
> Cisco book Building MPLS-Based Broadband Access VPNs chapter 7
>
> My tunnel is coming up, but I am not getting any packets across it.
>
> I am new to J-series, so could it be the firewalling? How do I turn all
> firewalling off completely on a J?
> If I monitor the physcial interface (monitor traffic <blah>) I see gre
> traffic, but if i monitor the gr-0/0/0.1 interface I see nothing.
>
> This is in a lab so the ip's are not real.
>
> I have
> gr-0/0/0 {
>    unit 1 {
>        tunnel {
>            source 123.123.123.1;
>            destination 99.99.99.1;
>            routing-instance {
>                destination cust10;
>            }
>        }
>        family inet {
>            mtu 1400;
>            filter {
>                input test;
>                output test;
>            }
>            address 77.77.77.78/30;
>        }
>    }
> }
>
> I have tried with and without the routing-instance line
>
> The tunnel source/dest should be in the global table, with the tunnel being
> in table csut10
>
> Any suggestions?
>
> Thanks
>
>
>
> --
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the sender. Any
> offers or quotation of service are subject to formal specification.
> Errors and omissions excepted.  Please note that any views or opinions
> presented in this email are solely those of the author and do not
> necessarily represent those of Lumison and nPlusOne.
> Finally, the recipient should check this email and any attachments for the
> presence of viruses.  Lumison and nPlusOne accept no liability for any
> damage caused by any virus transmitted by this email.
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list