decapsulate gre [ routing-instance instance-name ]

At a customer-facing interface on an MX Series router installed at the provider edge (PE) of an IPv4 transport network, enable decapsulation of generic routing encapsulation (GRE) packets transported through a filter-based GRE tunnel.

You can configure a filter term that pairs this action with a match condition that includes a packet header match for the GRE protocol. For an IPv4 filter, include the protocol gre (or protocol 47) match condition. Attach the filter to the input of an Ethernet logical interface or aggregated Ethernet interface on a Modular Interface Card (MIC) or Modular Port Concentrator (MPC) in the router. If you commit a configuration that attaches a de-encapsulating filter to an interface that does not support filter-based GRE tunneling, the system writes a syslog warning message that the interface does not support the filter.

• Remove the outer GRE header.
• Forward the inner payload packet to its original destination by performing destination lookup.

By default, the Packet Forwarding Engine uses the default routing instance to forward payload packets to the destination network. If the payload is MPLS, the Packet Forwarding Engine performs route lookup on the MPLS path routing table using the route label in the MPLS header.

If you specify the decapsulate action with an optional routing instance name, the Packet Forwarding Engine performs route lookup on the routing-instance, and the instance must be configured.

For more information, see Understanding Filter-Based Tunneling Across IPv4 Networks and Components of Filter-Based Tunneling Across IPv4 Networks.

• family inet

encapsulate template-name

At a customer-facing interface on an MX Series router installed at the provider edge (PE) of an IPv4 transport network, enable filter-based generic routing encapsulation (GRE) tunneling using the specified tunnel template.

You can configure a filter term that pairs this action with the appropriate match conditions, and then attach the filter to the input of an Ethernet logical interface or aggregated Ethernet interface on a Modular Interface Card (MIC) or Modular Port Concentrator (MPC) in the router. If you commit a configuration that attaches an encapsulating filter to an interface that does not support filter-based GRE tunneling, the system writes a syslog warning message that the interface does not support the filter.

1. Attach a GRE header (with or without a tunnel key value, as specified in the tunnel template.
2. Attach a header for the IPv4 transport protocol.
3. Forward the resulting GRE packet from the tunnel source interface to the tunnel destination (the remote PE router).

The specified tunnel template must be configured using the tunnel-end-point statement under the [edit firewall] or [edit logical-systems logical-system-name firewall] statement hierarchy. For more information, see Understanding Filter-Based Tunneling Across IPv4 Networks.

• family inet
• family inet6
• family any
• family mpls

reject message-type

• If no message-type is specified, a destination unreachable message is returned by default.
• If tcp-reset is specified as the message-type, tcp-reset is returned only if the packet is a TCP packet. Otherwise, the administratively-prohibited message, which has a value of 13, is returned.
• If any other message-type is specified, that message is returned.

Note: Rejected packets can be sampled or logged if you configure the sample or syslog action.

The message-type can be one of the following values: address-unreachable, administratively-prohibited, bad-host-tos, bad-network-tos, beyond-scope, fragmentation-needed, host-prohibited, host-unknown, host-unreachable, network-prohibited, network-unknown, network-unreachable, no-route, port-unreachable, precedence-cutoff, precedence-violation, protocol-unreachable, source-host-isolated, source-route-failed, or tcp-reset.

• family inet
• family inet6

topology topology-name

Direct the packet to the specified topology.

Note: This action is not supported on PTX Series Packet Transport Routers.

Each routing instance (master or virtual-router) supports one default topology to which all forwarding classes are forwarded. For multitopology routing, you can configure a firewall filter on the ingress interface to match a specific forwarding class, such as expedited forwarding, with a specific topology. The traffic that matches the specified forwarding class is then added to the routing table for that topology.

• family inet
• family inet6