[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring a Unicast Tunnel

To configure a unicast tunnel, you configure the gr interface (to use GRE encapsulation) or the ip interface (to use IP-IP encapsulation) and include the tunnel and family statements:



gr-fpc/pic/port or ip-fpc/pic/port {



unit logical-unit-number {

copy-tos-to-outer-ip-header;

reassemble-packets;



tunnel {

allow-fragmentation;

backup-destination address;

destination destination-address; 

do-not-fragment;

key number;

routing-instance {

destination routing-instance-name;
}

source-address address; 

ttl number;
}





family family {



address address {

destination address;
}


}


}


}

You can configure these statements at the following hierarchy levels:

[edit interfaces]
[edit logical-systems logical-system-name interfaces]

You can configure multiple logical units for each GRE or IP-IP interface, and you can configure only one tunnel per unit.

Each tunnel interface must be a point-to-point interface. Point to point is the default interface connection type, so you do not need to include the point-to-point statement in the logical interface configuration.

You must specify the tunnel’s destination and source addresses. The remaining statements are optional.

Note: For transit packets exiting the tunnel, forwarding path features, such as reverse path forwarding (RPF), forwarding table filtering, source class usage, destination class usage, and stateless firewall filtering, are not supported on the interfaces you configure as tunnel sources.

However, class-of-service (CoS) information obtained from the GRE or IP-IP header is carried over the tunnel and is used by the re-entering packets. For more information, see the JUNOS Class of Service Configuration Guide.

To prevent an invalid configuration, JUNOS software disallows setting the address specified by the source or destination statement at the [edit interfaces gr-fpc/pic/port unit logical-unit-number tunnel] hierarchy level to be the same as the interface’s own subnet address, specified by the address statement at the [edit interfaces gr-fpc/pic/port unit logical-unit-number family family-name] hierarchy level.

To set the time-to-live (TTL) field that is included in the encapsulating header, include the ttl statement. If you explicitly configure a TTL value for the tunnel, you must configure it to be one larger than the number of hops in the tunnel. For example, if the tunnel has seven hops, you must configure a TTL value of 8.

You must configure at least one family on the logical interface. To enable MPLS over GRE tunnel interfaces, you must include the family mpls statement in the GRE interface configuration. In addition, you must include the appropriate statements at the [edit protocols] hierarchy level to enable Resource Reservation Protocol (RSVP), MPLS, and label-switched paths (LSPs) over GRE tunnels. Unicast tunnels are bidirectional.

A configured tunnel cannot go through Network Address Translation (NAT) at any point along the way to the destination. For more information, see Example: Configuring Unicast Tunnels and the JUNOS MPLS Applications Configuration Guide.

For a GRE tunnel, the default is to set the ToS bits in the outer IP header to all zeros. To have the Routing Engine copy the ToS bits from the inner IP header to the outer, include the copy-tos-bits-to-outer-ip-header statement. (This inner-to-outer ToS bits copying is already the default behavior for IP-IP tunnels.)

For GRE tunnel interfaces on Adaptive Services or MultiServices PICs, you can configure additional tunnel attributes, as described in the following sections:

[Contents] [Prev] [Next] [Index] [Report an Error]