How to configure and monitor GRE keepalives on M/MX Router.
A GRE tunnel is a point-to-point logical connection between two Routers that encapsulates many transport protocols inside a common IPv4 GRE header, a logical interface is created on each end, such interface doesn’t have a built-in mechanism to bring down the line protocol or react to any specific issue between the two tunnel endpoints.
A stateless firewall is configured on one of the Routers in between the two GRE endpoints, silently discarding
GRE packets in one direction, making the GRE tunnel unusable at the protocol level.
The following configuration (On both Juniper GRE endpoints), enables the GRE keepalive mechanism, making the tunnel aware of any blockage or
issues in the middle:
[edit protocols] user@host# show oam gre-tunnel interface gr-0/0/0.0 { keepalive-time 10; hold-time 30;
After a bad firewall is implemented somewhere in the middle between these two tunnel endpoints and the hold-time expires the following
will show:
user@host> show interfaces gr-0/0/0.0 extensive Logical interface gr-0/0/0.0 (Index 01) (SNMP ifIndex 594) (Generation 900) Flags: Point-To-Point SNMP-Traps 0x4000 IP-Header 10.1.19.11:10.1.19.12:47:df:64:0000000000000000 Encapsulation: GRE-NULL Gre keepalives configured: On, Gre keepalives adjacency state: down ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^output ommited^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
What happens after the hold-time expires?
– The GRE tunnel will stay up even though the interface cannot send or receive traffic
– The Link status will be Up and the GRE keepalives adjacency state will be Down
The most important fact about this feature is that when the hold-time expires, any routes that have the GRE interface as an exit interface will be removed from the routing table allowing you to configure backup routes through alternate paths, when the adjecency comes back up, the primary route will be re-installed