Supported Platforms
Related Documentation
- EX Series, QFX Series standalone switches
- Verifying That Generic Routing Encapsulation Tunneling Is Working Correctly
- Understanding Generic Routing Encapsulation
- QFX Series standalone switches
- Configuring a Firewall Filter to De-encapsulate GRE Traffic on a QFX5100 Switch
Configuring Generic Routing Encapsulation Tunneling
Generic routing encapsulation (GRE) provides a private, secure path for transporting packets through an otherwise public network by encapsulating (or tunneling) the packets. GRE tunneling is accomplished through tunnel endpoints that encapsulate or de-encapsulate traffic.
You can also use a firewall filter to de-encapsulate GRE traffic on a QFX5100 switch. This feature provides significant benefits in terms of scalability, performance, and flexibility because you don't need to create a tunnel interface to perform the de-encapsulation. For example, you can terminate many tunnels from multiple source IP addresses with one firewall term. For more information on this feature, see Configuring a Firewall Filter to De-encapsulate GRE Traffic on a QFX5100 Switch.
This topic describes:
Configuring a GRE Tunnel
To configure a GRE tunnel interface:
- Create a GRE interface with a unit number and address:[edit interfaces]user@switch# set gr-0/0/0 unit number family inet address
Note: The base name of the interface must be gr-0/0/0.
This is a pseudo interface, and the address you specify can be any IP address. The routing table must specify gr-0/0/0.x as the outgoing interface for any packets that will be tunneled.
If you configure a GRE interface on a QFX5100 switch that is a member of a Virtual Chassis and later change the Virtual Chassis member number of the switch, the name of the GRE interface does not change in any way (because it is a pseudo interface). For example, if you change the member number from 0 to 5, the GRE interface name does not change from gr-0/0/0.x to gr-5/0/0.x.
- Specify the tunnel source address for the logical interface:
- Specify the destination address:[edit interfaces]user@switch# set gr-0/0/0 unit number tunnel destination destination-address
The destination address must be reachable through static or dynamic routing. If you use static routing, you must get the destination MAC address (for example, by using ping) before user traffic can be forwarded through the tunnel.
Related Documentation
- EX Series, QFX Series standalone switches
- Verifying That Generic Routing Encapsulation Tunneling Is Working Correctly
- Understanding Generic Routing Encapsulation
- QFX Series standalone switches
- Configuring a Firewall Filter to De-encapsulate GRE Traffic on a QFX5100 Switch
Published: 2014-07-23
Supported Platforms
Related Documentation
- EX Series, QFX Series standalone switches
- Verifying That Generic Routing Encapsulation Tunneling Is Working Correctly
- Understanding Generic Routing Encapsulation
- QFX Series standalone switches
- Configuring a Firewall Filter to De-encapsulate GRE Traffic on a QFX5100 Switch
