[j-nsp] GRE between J-series and Cisco for VRF-lite

Ian MacKinnon ian.mackinnon at lumison.net
Wed Jan 21 09:37:16 EST 2009


Thanks for that Jon,

an upgrade from 9.1 export to 9.3 domestic got it working without the 
instance line as you say!


On 21/01/2009 14:24, Jonathan Looney wrote:
> If both the source and destination of the GRE tunnel are in the main 
> table, you don't need (actually, you don't want) the routing-instance 
> line in the GRE configuration.  Rather, you place the GRE interface 
> itself in the routing-instance.  I believe the GRE packets themselves 
> will still use the main routing table by default (even if the 
> interface is placed in a routing instance):
>
> routing-instances {
>     cust10 {
>         interface gr-0/0/0.1;
>     }
> }
>
>
> Note that you may need to adjust the input filters on your outbound 
> interface to allow the outbound traffic.  So, in this case you would 
> want to make sure your input filters allow GRE traffic from 
> 123.123.123.1 to 99.99.99.1, as well as GRE traffic from 99.99.99.1 to 
> 123.123.123.1.  I know it sounds strange, but it is true. ;-)
>
> -Jon
>
>
> On Wed, Jan 21, 2009 at 6:24 AM, Ian MacKinnon 
> <ian.mackinnon at lumison.net <mailto:ian.mackinnon at lumison.net>> wrote:
>
>     Hi All,
>
>     I know Juniper does not support direclty the idea of vrf-lite, but
>     I am looking at using simple vrfs with GRE tunnels to a Cisco
>     router, like in the Cisco book Building MPLS-Based Broadband
>     Access VPNs chapter 7
>
>     My tunnel is coming up, but I am not getting any packets across it.
>
>     I am new to J-series, so could it be the firewalling? How do I
>     turn all firewalling off completely on a J?
>     If I monitor the physcial interface (monitor traffic <blah>) I see
>     gre traffic, but if i monitor the gr-0/0/0.1 interface I see nothing.
>
>     This is in a lab so the ip's are not real.
>
>     I have
>     gr-0/0/0 {
>        unit 1 {
>            tunnel {
>                source 123.123.123.1;
>                destination 99.99.99.1;
>                routing-instance {
>                    destination cust10;
>                }
>            }
>            family inet {
>                mtu 1400;
>                filter {
>                    input test;
>                    output test;
>                }
>                address 77.77.77.78/30 <http://77.77.77.78/30>;
>            }
>        }
>     }
>
>     I have tried with and without the routing-instance line
>
>     The tunnel source/dest should be in the global table, with the
>     tunnel being in table csut10
>
>     Any suggestions?
>
>     Thanks
>
>
>
>     --
>
>     This email and any files transmitted with it are confidential and
>     intended
>     solely for the use of the individual or entity to whom they are
>     addressed.
>     If you have received this email in error please notify the sender. Any
>     offers or quotation of service are subject to formal specification.
>     Errors and omissions excepted.  Please note that any views or opinions
>     presented in this email are solely those of the author and do not
>     necessarily represent those of Lumison and nPlusOne.
>     Finally, the recipient should check this email and any attachments
>     for the
>     presence of viruses.  Lumison and nPlusOne accept no liability for any
>     damage caused by any virus transmitted by this email.
>
>     _______________________________________________
>     juniper-nsp mailing list juniper-nsp at puck.nether.net
>     <mailto:juniper-nsp at puck.nether.net>
>     https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>


-- 
Ian MacKinnon
Lumison
t: 0845 1199 900
d: 0131 514 4055
P.S. Do you love Lumison?

p.s. Looking for remote access?
Chat to our team about our award winning broadband and VoIP solutions
for remote and home working, or visit www.lumison.net




--

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Any
offers or quotation of service are subject to formal specification.
Errors and omissions excepted.  Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Lumison and nPlusOne.
Finally, the recipient should check this email and any attachments for the
presence of viruses.  Lumison and nPlusOne accept no liability for any
damage caused by any virus transmitted by this email.



More information about the juniper-nsp mailing list