SRX

 View Only
last person joined: 4 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  GRE tunnel and key

    Posted 03-21-2011 01:50

    Hi, fellows,

     

    I need to set up GRE tunnel on SRX240 with a key.

    In ScreenOS was possible to use

    set interface tunnel.101 tunnel encap gre key 12345678

    in linux I can use

    ip tunnel add tun0 mode gre remote 192.168.191.253 local 192.168.193.253 key klic ttl 255

    but I do not see any key option in Junos/SRX?

    Have you any idea how to add this option?

     

    Best regards

    Vencour


    #GRE


  • 2.  RE: GRE tunnel and key

    Posted 03-23-2011 04:07

    On Cisco 3620 I can make following config ...

    !
    interface Tunnel22
    no ip address
    tunnel source 2.3.4.5
    tunnel destination 6.7.8.9
    tunnel key 234234234
    !

     

     

    In RFC 1701 is written ...

    Packet header

    The GRE packet header has the form:

    0 1 2 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |C|R|K|S|s|Recur| Flags | Ver | Protocol Type |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Checksum (optional) | Offset (optional) |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Key (optional) |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Sequence Number (optional) |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Routing (optional)
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    Flags and version (2 octets)

    The GRE flags are encoded in the first two octets. Bit 0 is the
    most significant bit, bit 15 is the least significant bit. Bits
    13 through 15 are reserved for the Version field. Bits 5 through
    12 are reserved for future use and MUST be transmitted as zero.
    ...
    Key Present (bit 2)

    If the Key Present bit is set to 1, then it indicates that the Key
    field is present in the GRE header. Otherwise, the Key field is
    not present in the GRE header.

    on srx240 I do not see such option ...

    # set interfaces gr-0/0/0.0 tunnel ?
    Possible completions:
    allow-fragmentation Do not set DF bit on packets
    + apply-groups Groups from which to inherit configuration data
    + apply-groups-except Don't inherit configuration data from these groups
    destination Tunnel destination
    do-not-fragment Set DF bit on packets
    no-path-mtu-discovery Don't enable path MTU discovery for tunnels
    path-mtu-discovery Enable path MTU discovery for tunnels
    > routing-instance Routing instance to which tunnel ends belong
    source Tunnel source
    ttl Time to live (0..255)
    [edit]

    Also: is "gre key" option (feature) supported on SRX?



  • 3.  RE: GRE tunnel and key
    Best Answer

    Posted 03-24-2011 13:54

    JTAC response is:

     

    GRE key feature is not supported on srx devices till now.
    Moreover keep-alive interval and  threshold for gre is also not supported on srx till now.
    And other thing on chassis cluster GRE itself is not supported on srx.

     

    This is NOT solution ... but conclusion only



  • 4.  RE: GRE tunnel and key

    Posted 05-25-2012 08:07

    Has it changed? 

    Supported GRE and IP-IP Interface Standards

    (http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/standards/interfaces-gre-ip-ip.html) says that RFC 2890, Key and Sequence Number Extensions to GRE is supported. Although I am not able to find such option on SRX...



  • 5.  RE: GRE tunnel and key

    Posted 06-01-2012 12:36
    Ok, maybe is GRE better reported. And in HA too? I check this later and put here conclusion.