Hi All,
I was interested in the problem so decided to replicate it in my lab. I'm using 12.1R2.
The results are interesting. I configure GRE tunnel (it works)
gr-0/0/0 {
unit 0 {
tunnel {
source 10.1.0.1;
destination 10.1.0.2;
}
family inet {
address 10.10.0.1/24;
}
}
}
,and then just move gr-0/0/0.0 to the routing instance. According to KB24592, it should just work, but no, the tunnel is down and in the logs I have
Jul 23 13:20:18 jsrxB-1 fwdd[1115]: IFP error> ../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@2143:(errno=1000) create nsp tunnel failed 1
Jul 23 13:20:18 jsrxB-1 fwdd[1115]: IFP error> ../../../../../../../src/pfe/usp/control/applications/interface/ifp.c@2938:(errno=1000) tunnel session add(gr-0/0/0) failed
also, "show sec flow session tunnel" is empty on this side. Then I add a route to the other end of the tunnel in the routing instance,
set routing-instances vr routing-options static route 10.1.0.2/32 next-table inet.0
and guess what, it starts working!
lab@jsrxB-1# run show security flow session tunnel
Session ID: 218, Policy name: N/A, Timeout: N/A, Valid
In: 10.1.0.2/1 --> 10.1.0.1/1;gre, If: ge-0/0/1.0, Pkts: 0, Bytes: 0
Total sessions: 1
[edit]
lab@jsrxB-1# run ping 10.10.0.2 routing-instance vr source 10.10.0.1
PING 10.10.0.2 (10.10.0.2): 56 data bytes
64 bytes from 10.10.0.2: icmp_seq=0 ttl=64 time=3.129 ms
64 bytes from 10.10.0.2: icmp_seq=1 ttl=64 time=2.930 ms
When I delete that static route, everything is still working fine. However, after "restart forwarding", GRE is down again. So this route seems to be required for initial setup of a tunnel session. A bug or a feature? 🙂