[Junos] GRE Configuration Example 05/06/24, 9:35 PM

[Junos] GRE Configuration Example

Article ID KB19371 Created 2010-11-02 Last Updated 2023-10-09

Description

This article provides a generic routing encapsulation (GRE) tunnel

configuration example between two Juniper SRX firewalls. However, the
configuration applies for any other devices running Juniper Networks
Junos OS.
GRE Overview
Generic routing encapsulation (GRE) is a protocol for encapsulation of an
arbitrary network layer protocol over another arbitrary network layer
protocol.
In the most general case, a system has a packet that needs to be
encapsulated and delivered to some destination, which is called the
payload. The payload is first encapsulated in a GRE packet. The resulting
GRE packet can then be encapsulated in some other protocol and then
forwarded. This outer protocol is called the delivery protocol.
GRE tunnels are designed to be completely stateless. This means that
each tunnel end-point does not keep any information about the state or
availability of the remote tunnel end-point. Normally, a GRE tunnel
interface comes up as soon as it is configured and it stays up as long as
there is a valid tunnel source address or interface, which is up and
reachable. If there is no route to the tunnel end point, the gr-0/0/0
interface might go down.
Some of the common uses for a GRE tunnel are:
Tunneling non-IP address traffic over an IP address network.
IP address multicast tunneling
IPv6 tunneling over IPv4 GRE tunnel

The following are other useful configuration examples:

[SRX] GRE over IPsec configuration example
[SRX] OSPF over GRE over IPSec Configuration Example
[MX] How configure GRE over IPSec with the MS-MIC/MS-MPC or
MS-DPC
[M/T]How to: Configure GRE over IPSec (ES PIC)
[EX/QFX] How to configure GRE tunnels with OSPF to deploy BGP

Solution
This section contains the following:

https://supportportal.juniper.net/s/article/Junos-GRE-Configuration-Example?language=en_US Page 1 of 6
[Junos] GRE Configuration Example 05/06/24, 9:35 PM

Basic GRE Configuration Example

Verification

Basic Steps Needed to Configure GRE

1. Configure a GRE (gr) interface. The gr interface contains a local
address and a destination address. It comes up as soon as it is
configured. You can even configure an IP address on the gr interface.
(It is not mandatory.)
2. Configure a route to reach the destination subnet (end-to-end
connectivity). You can configure either a static route through the gr
interface or use an interior gateway protocol (IGP) [that is, Open
Shortest Path First (OSPF) can be used for this purpose]. If there is
no end-to-end connectivity, the gr-0/0/0 interface will be down.

Basic GRE Configuration Example

The following example illustrates a configuration with the following
settings:

Topology

The local subnet interface is ge-0/0/0 with the IPv4 address as

10.10.11.1/24.
The destination subnet is 10.10.10.0/24 with the tunnel end point
IPv4 interface as 10.10.10.1/24.
Bind the gr- 0/0/0 interface to a security zone (this step is required
only on SRX platforms).

Configuration Using a Static Route

[edit interfaces]
root@SRX-1# show
ge-0/0/0 {
unit 0 {
family inet {
address 10.10.11.1/24;
}
}
}

gr-0/0/0 {

https://supportportal.juniper.net/s/article/Junos-GRE-Configuration-Example?language=en_US Page 2 of 6
[Junos] GRE Configuration Example 05/06/24, 9:35 PM

unit 0 {
tunnel {
source 192.168.1.2;
destination 192.168.1.1;
}
family inet {
address 172.16.0.9/30;
}
}
}

ge-0/0/1 {
unit 0 {
family inet {
address 172.16.0.2/30;
}
}
}

[edit security] (Security zone configuration is required only on SRX platforms.)

root@SRX-1# show
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
gr-0/0/0.0; <<< Add the interface to the appropriate security zone.
}
}
}

root@SRX-1# show routing-options

static {
route 10.10.10.0/24 next-hop gr-0/0/0.0;
}

If you do not want to define a static route, OSPF or any routing protocol
can be configured between the interfaces.

https://supportportal.juniper.net/s/article/Junos-GRE-Configuration-Example?language=en_US Page 3 of 6
[Junos] GRE Configuration Example 05/06/24, 9:35 PM

[edit protocols]
root@SRX-1# show
ospf {
area 0.0.0.0 {
interface ge-0/0/0.0;
interface gr-0/0/0.0 {
passive;
}
}
}

Verify your work.

1. Verify that the GR interface is up:

root@SRX-1>show interfaces gr-0/0/0 terse

Interface Admin Link Proto Local Remote

gr-0/0/0 up up
gr-0/0/0.0 up up inet 172.16.0.9/30

2. Verify that the route for the destination network is reachable

through the GRE tunnel:

[edit]
root@SRX-1> show route 10.10.10.0/24
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.10.10.0/24 *[Static/5] 00:22:32
> via gr-0/0/0.

3. Ping a destination address through the tunnel:

[edit]

root@SRX-1> clear interfaces statistics all

root@SRX-1> ping 10.10.10.2 source 10.10.11.1 rapid count 100

PING 10.10.10.2 (10.10.10.2): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--- 10.10.10.2 ping statistics ---
100 packets transmitted, 100 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.831/1.033/10.033/1.286 ms

[edit]

https://supportportal.juniper.net/s/article/Junos-GRE-Configuration-Example?language=en_US Page 4 of 6
[Junos] GRE Configuration Example 05/06/24, 9:35 PM

root@SRX-1> show interfaces gr-0/0/0 extensive

Physical interface: gr-0/0/0, Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 40, Generation: 17
Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: 800mbps
Hold-times : Up 0 ms, Down 0 ms
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps
Statistics last cleared: 2005-08-05 21:39:41 UTC (00:00:47 ago)
Traffic statistics:
Input bytes : 8400 0 bps
Output bytes : 8400 0 bps
Input packets: 100 0 pps
Output packets: 100 0 pps

Logical interface gr-0/0/0.0 (Index 72) (SNMP ifIndex 28) (Generation 17)
Flags: Point-To-Point SNMP-Traps 16384
IP-Header 10.1.1.2:10.1.1.1:47:df:64:0000000000000000
Encapsulation: GRE-NULL
Traffic statistics:
Input bytes : 8400
Output bytes : 8400
Input packets: 100
Output packets: 100
Local statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Transit statistics:
Input bytes : 8400 0 bps
Output bytes : 8400 0 bps
Input packets: 100 0 pps
Output packets: 100 0 pps
Protocol inet, MTU: 1476, Generation: 25, Route table: 0
Flags: None
Addresses, Flags: Is-Primary
Destination: Unspecified, Local: 100.1.1.1, Broadcast: Unspecified,
Generation: 30

Modification History

2020-06-29: Adapted article to Junos OS instead of SRX only; also

removed J-Series
2020-03-26: Article reviewed for accuracy; it is valid and accurate
2022-09-27: Article reviewed for accuracy, added troubleshooting tips
and modified IPs to comply with RFCs.

Related Information

Sometimes GRE Tunnel does not pass any traffic after a reboot .The

https://supportportal.juniper.net/s/article/Junos-GRE-Configuration-Example?language=en_US Page 5 of 6
[Junos] GRE Configuration Example 05/06/24, 9:35 PM

workaround is to deactivate the gr interface and activate it again.

Verifying a CoS GRE Tunnel Queuing Configuration:
[SRX] GRE over IPSEC Configuration Example

AFFECTED PRODUCT SERIES / FEATURES

https://supportportal.juniper.net/s/article/Junos-GRE-Configuration-Example?language=en_US Page 6 of 6