GRE tunnel between Juniper and Linux

This is a short howto about how you can bring up a GRE tunnel between Juniper devices and Linux, Ubuntu in this case.

Just to provide some basics about GRE tunnels:

  • Each endpoint has to have reachability to the other endpoint
  • One endpoint must use the GRE tunnel to reach the destination of the tunnel(recursive routing)

Considering the, this is our diagram:

 

 

This is the current status of the interfaces on Linux device:

 

root@UBUNTU-11:~# ifconfig
eth2      Link encap:Ethernet  HWaddr 56:68:a5:c2:41:61
          inet addr:100.100.100.100  Bcast:100.100.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14562 errors:32 dropped:0 overruns:0 frame:32
          TX packets:15050 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1720624 (1.7 MB)  TX bytes:1544124 (1.5 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:64 errors:0 dropped:0 overruns:0 frame:0
          TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:8504 (8.5 KB)  TX bytes:8504 (8.5 KB)

lo:100    Link encap:Local Loopback
          inet addr:1.1.1.1  Mask:255.255.255.255
          UP LOOPBACK RUNNING  MTU:65536  Metric:1

root@UBUNTU-11:~#

 

As mentioned, on Linux there is a static route for R1’s Loopback0 IP address:

 

root@UBUNTU-11:~# netstat -nr -4
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
1.1.1.2         100.100.100.201 255.255.255.255 UGH       0 0          0 eth2
100.100.100.0   0.0.0.0         255.255.255.0   U         0 0          0 eth2
root@UBUNTU-11:~#

 

Next, let’s check the configuration on R1.

To be able to configure GRE tunnels on EX9200, you need to configure the “tunnel-services”:

 

[edit]
root@R1# show chassis
fpc 0 {
    pic 3 {
        tunnel-services {
            bandwidth 1g;
        }
    }
}

[edit]
root@R1#

 

Next, this is how the GRE tunnel interface is configured on Juniper device:

 

[edit]
root@R1# show interfaces
ge-0/0/3 {
    unit 0 {
        family inet {
            address 100.100.100.201/24;
        }
    }
}
gr-0/3/10 {
    unit 0 {
        tunnel {
            source 1.1.1.2;
            destination 1.1.1.1;
        }
        family inet {
            address 10.10.10.2/24;
        }
    }
}
lo0 {
    unit 0 {
        family inet {
            address 1.1.1.2/32;
        }
    }
}

[edit]
root@R1#

 

It’s time to configure the GRE tunnel interface on the Linux device.

First you need to make sure that the kernel module is loaded:

 

root@UBUNTU-11:~# lsmod | grep gr
 ip_gre                 20480  0
 ip_tunnel              28672  1 ip_gre
 gre                    16384  1 ip_gre
 root@UBUNTU-11:~#

 

If it’s not loaded, you can load it like this:

 

root@UBUNTU-11:~# modprobe ip_gre

 

Next, the GRE interface will be configured with the source and destination of the tunnel:

 

root@UBUNTU-11:~# ip tunnel add gre1 mode gre remote 1.1.1.2 local 1.1.1.1 ttl 255

 

Then, the GRE interface is brought up:

 

root@UBUNTU-11:~# ip link set gre1 up

 

And finally, the IP address is configured on the GRE interface:

 

root@UBUNTU-11:~# ip addr add 10.10.10.1/24 dev gre1

 

This is the routing table on Linux:

 

root@UBUNTU-11:~# netstat -nr -4
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
1.1.1.2         100.100.100.201 255.255.255.255 UGH       0 0          0 eth2
10.10.10.0      0.0.0.0         255.255.255.0   U         0 0          0 gre1
100.100.100.0   0.0.0.0         255.255.255.0   U         0 0          0 eth2
root@UBUNTU-11:~#

 

After this, R1 should be able to ping the IP address configured on GRE tunnel interface on Linux:

 

[edit]
root@R1# run ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1): 56 data bytes
64 bytes from 10.10.10.1: icmp_seq=0 ttl=64 time=4.672 ms
^C
--- 10.10.10.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.672/4.672/4.672/0.000 ms

[edit]
root@R1#

 

And this is how you can bring up a GRE tunnel interface between a Juniper device and Linux.

I hope you found this interesting.

 

The following two tabs change content below.

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Comments

This post currently has 3 responses

Leave a Reply

Your email address will not be published. Required fields are marked *

Sidebar



%d bloggers like this: