I am trying to set up a GRE tunnel between 2 EX3200 switches. This tunnel goes over a network over which I have no control, and which only knows how to route to the 10.128.80.17/28 subnet.
As you can see from the config below, the external network is connected to one vrouter (ext-vrouter) which hosts the GRE tunnel on a loopback interface. The GRE tunnel itself then connects to another vrouter (mgmt-vrouter) which is connected to the local network (vlan.4).
From the switch, I can successfully ping the other end of the tunnel (10.128.137.65). However, machines connected to the vlan.4 interface don't seem to be able to route packets down the tunnel: If I ping a host in the 10.128.128.0/27 subnet, the packets are routed via the default route, and if I try to ping 10.128.137.65 then the packets seem to be dropped (counters on the GRE tunnel are certainly not incremented).
This leads me to the conclusion that encapsulating the packets onto the GRE tunnel is somehow failing. Why would this happen?
interfaces {
lo0 {
unit 0 {
family inet {
address 10.128.80.17/32;
}
}
}
vlan {
unit 4 {
family inet {
address 10.128.80.17/28;
}
}
}
gre {
unit 0 {
tunnel {
source 10.128.80.17;
destination 10.128.128.1;
routing-instance {
destination ext-vrouter;
}
}
family inet {
address 10.128.137.66/30;
}
}
}
ge-0/0/1 {
apply-macro juniper-port-profile {
"Routed Uplink";
}
description "firewall uplink";
ether-options {
no-auto-negotiation;
link-mode full-duplex;
speed {
100m;
}
}
unit 0 {
family inet {
address 10.128.8.22/30;
}
}
}
...
}
routing-instances {
ext-vrouter {
instance-type virtual-router;
interface ge-0/0/1.0;
interface lo0.0;
routing-options {
static {
route 10.128.128.0/27 next-hop 10.128.8.21;
}
}
}
mgmt-vrouter {
instance-type virtual-router;
interface gre.0;
interface vlan.4;
routing-options {
static {
route 0.0.0.0/0 {
next-hop 10.128.137.21;
metric 100;
}
route 10.128.128.0/27 next-hop gre.0;
}
}
}
}