Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Configuration of a GRE tunnel when the tunnel destination is in a routing-instance

0

0

Article ID: KB24592 KB Last Updated: 16 May 2016Version: 4.0
Summary:

This article explains the configuration of a GRE tunnel in two scenarios:

  1. When the tunnel destination is in default routing-instance
  2. When the tunnel destination is in non-default routing-instance
Symptoms:
Configuration of a GRE (Generic Routing Encapsulation) tunnel requires defining the tunnel source and tunnel destination addresses. It is important to note that the tunnel destination address is by default considered to be reachable using the default routing table "inet.0".

If the tunnel destination is in a routing-instance, there may be a need to specify the correct routing-instance and also the routing table to be used to reach the configured tunnel destination address.
Solution:

There are two possible scenarios:

  1. Physical interface, which is used to reach tunnel destination address, is in default routing-instance
  2. Physical interface, which is used to reach tunnel destination address, is in non-default routing-instance

Physical interface, which is used to reach tunnel destination address, is in default routing-instance:

In this scenario, the gr-0/0/0 interface does not need to have configured the routing-instance that is going to be used to reach the tunnel destination, as by default, the routing table inet.0 will be used.

An example of the relevant configuration for this scenario:

interfaces {
    gr-0/0/0 {
        unit 0 {
            tunnel {
                source 172.16.0.1;
                destination 10.10.1.2;
            }
            family inet {
                address 192.168.100.1/30;
            }
        }
    }
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 172.30.73.56/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 172.16.0.1/32;
            }
        }
    }
    ...
}
routing-options {
    static {
        route 10.10.1.2/32 next-hop 172.30.73.57;                   # Tunnel destination is reachable from default routing-instance
        ...
    }
}
routing-instances {
    test {
        instance-type virtual-router;
        interface gr-0/0/0.0;
        routing-options {
            ...
        }
    }
}

Physical interface, which is used to reach tunnel destination address, is in non-default routing-instance:

In this scenario, the gr-0/0/0 interface has to be configured with routing-instance that should be used to reach the tunnel destination. Also the correct routing table to be used must be configured. These should be done with following commands:

set interface gr-0/0/0 unit 0 tunnel routing-instance destination <routing-instance-name>
set routing-options static route 10.10.1.2/32 next-table <routing-table-name>


An example of relevant configuration for this scenario:

interfaces {
    gr-0/0/0 {
        unit 0 {
            tunnel {
                source 172.16.0.1;
                destination 10.10.1.2;
                routing-instance {
                    destination test;                               # Routing-instance to reach tunnel destination
                }
            }
            family inet {
                address 192.168.100.1/30;
            }
        }
    }
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 172.30.73.56/24;
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 172.16.0.1/32;
            }
        }
    }
    ...
}

routing-options {
     static {
         route 10.10.1.2/32 next-table test.inet.0;                 # Tunnel destination is reachable via test.inet.0
     ...
     }
}

routing-instances {
     test {
         instance-type virtual-router;
         interface ge-0/0/0;
         routing-options {
             static {
                 route 10.10.1.2/32 next-hop 172.30.73.57;          # Tunnel destination is reachable from non-default routing-instance
                 ...
             }
         }
     }
}


Note: When SRX is in packet mode, you do not need to configure a static route to make the tunnel destination reachable from inet.0. However, you still need to specify the correct routing-instance under the gr-0/0/0 interface.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search