Native GRE Tunnels
Generic Routing Encapsulation (GRE) is a lightweight tunneling protocol that encapsulates L3 traffic in an L3 and GRE header. The SSR Networking Platform now supports both a GRE plugin as well as native GRE tunnels.
This is not an SVR feature. GRE tunnels are not created to send packets between peered SSR routers. However, a packet coming from SVR can egress into a GRE tunnel, and vice versa.
When a GRE tunnel is configured, sessions are set up to and from the endpoints. With a GRE tunnel configured as a possible path for the service, the load balancer has the option of choosing the tunnel as the packet’s next hop.
When the tunnel is selcted as the next hop the session sets up normally, and the the appropriate headers are added for the tunnel.
On the receiving end, a static flow is created to receive all traffic coming from that tunnel. When a GRE encapsulated packet arrives, the tunnel headers are removed and the packet is forwarded to the normal lookup path. If a session exists, the packet is processed by the corresponding flow. If the session for this packet does not yet exist, a session is created.
Use the following information to configure a GRE tunnel.
Network-interfaces can be configured as gre-tunnels. These interfaces are virtual interfaces, which must share a VLAN tag with a non-virtual interface. The shared VLAN tag indicates which non-virtual interface the tunnel is associated with.
Configuration from the GUI
The following procedure describes configuring a GRE Tunnel using the GUI.
- Under Configuration, select the Router.
- Scroll down and select the Node.
- Select the Device Interface.
- Scroll down to Network Interfaces and click ADD.
- Enter a name for the device interface and click SAVE.
- Under Type, select GRE Tunnel.
- Under Network Interface Tunnel Settings, choose either Inherited or Custom. The Source is the IP address of the start the tunnel. It can be inherited from the associated non-virtual network interface, or configured explicitly using Custom.
- Add the Destination IP address for the tunnel.
- Click Validate and Commit.
The following example configuration describes using the PCLI to configure a GRE Tunnel. Router and node configuration are provided for context:
- Create a device interface
- Create a non-tunnel interface,
- Create a tunnel interface,
tunnel. This is the virtual interface representing the tunnel. Set the type field to
Please note that in this configuration, the
base interface and the gre-tunnel interface
tunnel share the same vlan. For this to work, they must be on a single device-interface.
- Create the tunnel container with a destination of the IP address for the destination of the tunnel. The source identifies how the local IP address is obtained. Setting it to
network-interfaceacquires the address from
- Create two service-routes for the tunnel, an outbound and inbound. Be sure to specify the virtual tunnel interface as the outbound service-route interface.
next-hop test1 tunnel
next-hop test1 eth
The following tunnel encapsulation statistics provide details on encapsulation and decapsulation success, as well as failure modes.
stats packet-processing action success tunnel gre encapsulate
stats packet-processing action success tunnel gre decapsulate
stats packet-processing action failure tunnel gre decapsulate: The decapsulate failure indicates that the packets entering from the tunnel either were not tunneled properly, or are otherwise malformed.
stats packet-processing action failure tunnel invalid-entry: The
invalid-entrystat should be 0; it indicates a system error with propagating the tunnel configuration.