SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  GRE Keepalive

    Posted 08-14-2019 01:03

    Hi 

    I try to monitor GRE status. The output are below 

    Logical interface gr-0/0/0.0 (Index 76) (SNMP ifIndex 535)
    Flags: Hardware-Down Up Point-To-Point SNMP-Traps 0x0 IP-Header 10.1.2.1:10.1.2.5:47:df:64:0000000000000000
    Encapsulation: GRE-NULL
    Copy-tos-to-outer-ip-header: Off, Copy-tos-to-outer-ip-header-transit: Off
    Gre keepalives configured: On, Gre keepalives adjacency state: up
    Input packets : 10716
    Output packets: 10711
    Security: Zone: tunnel
    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp
    finger ftp tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh telnet
    traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp webapi-clear-text webapi-ssl tcp-encap sdwan-appqoe
    Protocol inet, MTU: 1400
    Max nh cache: 0, New hold nh limit: 0, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0
    Flags: Sendbcast-pkt-to-re, User-MTU
    Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
    Destination: 10.1.100.0/30, Local: 10.1.100.2, Broadcast: 10.1.100.3

     

    Gre keepalives configured: On,

    Gre keepalives adjacency state: up < What's meaning for this?  Gre keepalives adjacency state always is up even gr interface (gr-0/0/0) down



  • 2.  RE: GRE Keepalive

    Posted 08-14-2019 01:24

    Hi Halo,

     

    Please refer the following technical documentation for GRE Keepalive Time - https://www.juniper.net/documentation/en_US/junos/topics/concept/gre-keepalive-time-overview.html

     

    Also, note that, When the hold time expires,

    • The GRE tunnel will stay up even though the interface cannot send or receive traffic.

    • The Link status will be Up and the Gre keepalives adjacency state will be Down.



  • 3.  RE: GRE Keepalive

     
    Posted 08-14-2019 07:55

    Hi Halo,

    Is this GRE configured over IPSec on SRX platform?

    Can you please share following two output

    show version brief
     show oam gre-keepalive interface-name gr-0/0/0.0

    Thanks
    Vishal



  • 4.  RE: GRE Keepalive

    Posted 08-14-2019 16:04

    Halo,

     

    As per Juniper documentation the keepalives are processed by the RE. I believe one reason that could explain the behavior could be that the keepalives can still be sent via the underlying interfaces of the GRE interface. These will be the interfaces configured with the IPs highlighted below.

     

    gr-0/0/0 {
    unit 0 {
        tunnel {
            source 1.1.1.1;
            destination 2.2.2.1;
        }
        family inet {
            address 192.168.1.1/24;
        }
    }

     

    Hence even though the GRE interface is down, the keepalive adjacency state will be up because the keepalives can be still sent without problems.

     

    Can you bring down one physical interface and confirm if the keepalive adjacency still shows up?

     



  • 5.  RE: GRE Keepalive

     
    Posted 08-21-2019 00:00

    Hi Halo, were you able to confirm the results of the suggested test?

     



  • 6.  RE: GRE Keepalive

    Posted 08-21-2019 06:51

    I think status might be lately update a bit becuase of keepalive time. However, I will try again and let you know all output and result by next week.