Switching

I am trying to set up a GRE tunnel between 2 EX3200 switches. This tunnel goes over a network over which I have no control, and which only knows how to route to the 10.128.80.17/28 subnet.

As you can see from the config below, the external network is connected to one vrouter (ext-vrouter) which hosts the GRE tunnel on a loopback interface. The GRE tunnel itself then connects to another vrouter (mgmt-vrouter) which is connected to the local network (vlan.4).

From the switch, I can successfully ping the other end of the tunnel (10.128.137.65). However, machines connected to the vlan.4 interface don't seem to be able to route packets down the tunnel: If I ping a host in the 10.128.128.0/27 subnet, the packets are routed via the default route, and if I try to ping 10.128.137.65 then the packets seem to be dropped (counters on the GRE tunnel are certainly not incremented).

This leads me to the conclusion that encapsulating the packets onto the GRE tunnel is somehow failing. Why would this happen?

interfaces {
    lo0 {
        unit 0 {
            family inet {
                address 10.128.80.17/32;
            }
        }
    }
    vlan {
        unit 4 {
            family inet {
                address 10.128.80.17/28;
            }
        }
    }
    gre {
        unit 0 {
            tunnel {
                source 10.128.80.17;
                destination 10.128.128.1;
                routing-instance {
                    destination ext-vrouter;
                }
            }
            family inet {
                address 10.128.137.66/30;
            }
        }
    }
    ge-0/0/1 {
        apply-macro juniper-port-profile {
            "Routed Uplink";
        }
        description "firewall uplink";
        ether-options {
            no-auto-negotiation;
            link-mode full-duplex;
            speed {
                100m;
            }
        }
        unit 0 {
            family inet {
                address 10.128.8.22/30;
            }
        }
    }

   ...
}

routing-instances {
    ext-vrouter {
        instance-type virtual-router;
        interface ge-0/0/1.0;
        interface lo0.0;
        routing-options {
            static {
                route 10.128.128.0/27 next-hop 10.128.8.21;
            }
        }
    }
    
    mgmt-vrouter {
        instance-type virtual-router;
        interface gre.0;
        interface vlan.4;
        routing-options {
            static {
                route 0.0.0.0/0 {
                    next-hop 10.128.137.21;
                    metric 100;
                }
                route 10.128.128.0/27 next-hop gre.0;
            }
        }
    }
}

The simple answer is that GRE tunnels are currently not supported in software on the switch.  The GRE interface you are configuring is reserved for the routing engine.  You can check with your local account team or VAR/partner on when GRE will be supported on the product

When you say "not in "software" does that mean there is some hardware mode in which they are supported? i.e. would they work connected to a hardware interface rather than loopback? Or do you mean that the tunnels cannot be used to forward packets?

If the latter, how would they be used?

Thanks

EDIT http://knol.google.com/k/juniper-hacks/gre-tunnel-between-a-linux-host-and/1xqkuq3r2h459/43# seems to suggest it is supported, at least on hardware interfaces.

The hardware is designed to allow for GRE tunnels, but that functionality has not yet been implemented in software to allow it to be used.

try modifying your configuration from the 'gre' interface to the 'gr-0/0/0' interface.  I seem to remember the 'gre' interface is supposed to be a non-configurable interface that is used internally by Junos, whereas the gr- interface is what you actually configure

KB article on configuring a GRE tunnel for J-Series: http://kb.juniper.net/KB12769

Its been ~1 year since I tried, but I recall having GRE working on an EX4200 on 9.5 -- it may not be 'supported' but that doesn't mean it wont 'work'.  Its possible that the forwarding of GRE packets would be software-based instead of hardware based until it becomes officially supported.  That means probably less throughput than you may require for your application.

good luck,

Will

Thanks Will, I tried your suggestion, the configuration checks out and commits OK, but I can't see the resulting gr-* interface anywhere under show interfaces.

I will try configuring the gre.0 interface on a physical interface - maybe that will work.

  This is an aggravating issue. We purchased a ton of EX switches two years ago because they were going to support GRE tunnels. You will need the advanced license if you need more than 7 tunnels. And GRE is still not supported in the EX series.

  What happened to "JunOS is JunOS" and "One JunOS"? The capability was removed or disabled from the EX code string. And is still hasn't been added back.

  The last I asked my account team, I was told that it was put on a back burner so that the SRX series could be given additional resources for launch.

Hi  you can choose to use 12.1R.x

it can suport GRE

BR

ANDY

GRE tunnels were just now enabled in 12.1Rx software. So upgrading to a rev in that release should make this work.