Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] How to monitor GRE host-path traffic

1

0

Article ID: KB31819 KB Last Updated: 11 Jul 2017Version: 1.0
Summary:
To monitor host-path GRE traffic, it is necessary to monitor the physical interface for the outbound traffic and monitor the GRE interface for the inbound traffic. This article provides a configuration example.
 
Solution:

Topology

‚ÄčT4K(loopback:5.5.0.1)-------MX------------(ae82)MX1(loopback192.168.253.1)

T4K GRE configuration:
set interfaces gr-6/0/0 unit 0 tunnel source 5.5.0.1
set interfaces gr-6/0/0 unit 0 tunnel destination 192.168.253.1
set interfaces gr-6/0/0 unit 0 family inet address 199.199.199.2/30
set interfaces gr-6/0/0 unit 0 family iso
set interfaces gr-6/0/0 unit 0 family mpls

MX1 GRE configuration:
set interfaces gr-8/0/0 unit 0 tunnel source 192.168.253.1
set interfaces gr-8/0/0 unit 0 tunnel destination 5.5.0.1
set interfaces gr-8/0/0 unit 0 family inet address 199.199.199.1/30
set interfaces gr-8/0/0 unit 0 family iso
set interfaces gr-8/0/0 unit 0 family mpls

Procedure

On MX1, ping GRE remote IP 199.199.199.2 from 199.199.199.1. On the monitor sending GRE traffic from MX1 to physical interface, only outbound GRE encapsulated traffic is seen:

MX1# run monitor traffic interface ae82 no-resolve matching "proto 47" size 2000

Verbose output is suppressed; use <detail> or <extensive> for full protocol decode. Address resolution is OFF.

Listening on ae82, capture size 2000 bytes: 

19:02:33.291785 Out IP 192.168.253.1 > 5.5.0.1: IP 199.199.199.1 > 199.199.199.2: ICMP echo request, id 562, seq 313, length 64 (gre encap)
19:02:34.077105 Out IP 192.168.253.1 > 5.5.0.1: IS-IS, L2 LSP, lsp-id 0050.0500.0005.00-00, seq 0x0000e651, lifetime  3994s, length 953 (gre encap)
19:02:34.107856 Out IP 192.168.253.1 > 5.5.0.1: IS-IS, L2 LSP, lsp-id 0050.0500.0001.00-00, seq 0x0001034f, lifetime  3992s, length 888 (gre encap)
19:02:34.118313 Out IP 192.168.253.1 > 5.5.0.1: IP 199.199.199.1 > 199.199.199.2: RSVPv1 Hello Message, length: 76 (gre encap)
19:02:34.291945 Out IP 192.168.253.1 > 5.5.0.1: IP 199.199.199.1 > 199.199.199.2: ICMP echo request, id 562, seq 314, length 64 (gre encap)
19:02:35.009798 Out IP 192.168.253.1 > 5.5.0.1: ES-IS, ISH, length 24 (gre encap)
19:02:35.108265 Out IP 192.168.253.1 > 5.5.0.1: IS-IS, L2 PSNP, src-id 1921.6825.5001.00, length 54 (gre encap)
19:02:36.529486 Out IP 192.168.253.1 > 5.5.0.1: IS-IS, p2p IIH, src-id 1921.6825.5001, length 85 (gre encap)

On GRE traffic monitor, traffic is received on MX1 on GRE interface, only inbound decapsulated GRE traffic is seen:

MX1# run monitor traffic interface gr-8/0/0 no-resolve                              

Verbose output is suppressed; use <detail> or <extensive> for full protocol decode. Address resolution is OFF.

Listening on gr-8/0/0, capture size 96 bytes:

19:06:55.425645  In IP 199.199.199.2 > 199.199.199.1: ICMP echo reply, id 562, seq 574, length 64
19:06:55.915806  In IP 199.199.199.2 > 199.199.199.1: RSVPv1 Hello Message, length: 68
19:06:56.423767  In IP 199.199.199.2 > 199.199.199.1: ICMP echo reply, id 562, seq 575, length 64
19:06:57.138517  In IP 5.5.0.1 > 192.168.253.1: IS-IS, L2 LSP, lsp-id 0050.0500.0001.00-00, seq 0x0001039e, lifetime  3998s, length 694 (gre encap)
19:06:57.163619  In IP 5.5.0.1 > 192.168.253.1: IS-IS, L2 LSP, lsp-id 0050.0500.0005.00-00, seq 0x0000e68f, lifetime  3994s, length 759 (gre encap)
19:06:57.508395  In IP 199.199.199.2 > 199.199.199.1: ICMP echo reply, id 562, seq 576, length 64
19:06:58.075643  In IP 5.5.0.1 > 192.168.253.1: IS-IS, L2 PSNP, src-id 0050.0500.0001.00, length 54 (gre encap)
19:06:58.435996  In IP 199.199.199.2 > 199.199.199.1: ICMP echo reply, id 562, seq 577, length 64
 

 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search