For Adaptive Services and MultiServices interfaces on M-series and T-series routing platforms, you can assign a key value to identify an individual traffic flow within a GRE tunnel, as defined in RFC 2890, Key and Sequence Number Extensions to GRE. However, only one key is allowed for each tunnel source and destination pair.
Each IP version 4 (IPv4) packet entering the tunnel is encapsulated with the GRE tunnel key value. Each IPv4 packet exiting the tunnel is verified by the GRE tunnel key value and de-encapsulated. The Adaptive Services or MultiServices PIC drops packets that do not match the configured key value.
To assign a key value to a GRE tunnel interface, include the key statement:
-
key number;
You can include this statement at the following hierarchy levels:
The key number can be 0 through 4,294,967,295. You must configure the same GRE tunnel key value on tunnel endpoints.
The following example illustrates the use of the key statement in a GRE tunnel configuration:
- interfaces {
-
- gr-1/2/0 {
-
- unit 0 {
-
- tunnel {
- source 10.58.255.193;
- destination 10.58.255.195;
- key 1234;
- }
- ...
-
- family inet {
- mtu 1500;
- address 10.200.0.1/30;
- ...
- }
- }
- }
- }