Configuring/Monitoring GRE Keepalives

How to configure and monitor GRE keepalives on M/MX Router.

A GRE tunnel is a point-to-point logical connection between two Routers that encapsulates many transport protocols inside a common IPv4 GRE header, a logical interface is created on each end, such interface doesn’t have a built-in mechanism to bring down the line protocol or react to any specific issue between the two tunnel endpoints.

A stateless firewall is configured on one of the Routers in between the two GRE endpoints, silently discarding
GRE packets in one direction, making the GRE tunnel unusable at the protocol level.

The following configuration (On both Juniper GRE endpoints), enables the GRE keepalive mechanism, making the tunnel aware of any blockage or
issues in the middle:

After a bad firewall is implemented somewhere in the middle between these two tunnel endpoints and the hold-time expires the following
will show:

What happens after the hold-time expires?
– The GRE tunnel will stay up even though the interface cannot send or receive traffic
– The Link status will be Up and the GRE keepalives adjacency state will be Down

The most important fact about this feature is that when the hold-time expires, any routes that have the GRE interface as an exit interface will be removed from the routing table allowing you to configure backup routes through alternate paths, when the adjecency comes back up, the primary route will be re-installed

About the author

James Palmer

Leave a Comment