I have 2x Juniper EX-4550 in two different sites with internet connectivity and I want to route some public IPs (less than /24) from Site A to Site B. I configured a GRE tunnel but I fail to properly route traffic through it. What am I missing? Any chance I should be using filter-based tunneling instead to encapsulate/decapsulate traffic?
SITE-A
- Juniper EX 4550 (Junos 14.1X53-D25.2)
- Static IP: 1.1.1.2
- GRE IP: 10.254.254.1
- IPs to use: 3.0.0.0/25 (3.0.0.0/24 already routed)
SITE-B
- Juniper EX 4550 (Junos 14.1X53-D25.2)
- Static IP: 2.2.2.2
- GRE IP: 10.254.254.2
- IPs to use: 3.0.0.128/25 (from Site-A)
- Test server: 3.0.0.130 (mask 255.255.255.128, gw 3.0.0.129)
ISSUES
#1: ICMP ping from Site-A's EX to 3.0.0.130 passes traffic through GRE tunnel, reaches destination (packet uses src-IP 10.254.254.1), but there's no response as 3.0.0.130 cannot ping 10.254.254.1 (only .2 of Site-B's EX).
#2: ICMP ping from internet to 3.0.0.130 reaches Site-A's EX but does not pass through GRE tunnel, nor reaches destination.
#3: ICMP ping from 3.0.0.130 to internet does not pass through GRE tunnel. vlan-filter-count counter increases (confirming filter matches packets) but packets do not pass through GRE, nor reach destination.
Thank you all !
[SITE A: BASIC SETUP + GRE TUNNEL]
# WAN / Default route set interfaces vlan unit 200 family inet address 1.1.1.2/30 set vlans v200 interface xe-0/0/31.0 set vlans v200 l3-interface vlan.200 set routing-options static route 0.0.0.0/0 next-hop 1.1.1.1 # User VLAN set interfaces vlan unit 100 family inet address 3.0.0.1/25 set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members v100 set vlans v100 vlan-id 100 set vlans v100 l3-interface vlan.100 # Tunnel setup set chassis fpc 0 pic 0 tunnel-port 20 tunnel-services set interfaces gr-0/0/20 unit 0 tunnel source 1.1.1.2 set interfaces gr-0/0/20 unit 0 tunnel destination 2.2.2.2 set interfaces gr-0/0/20 unit 0 family inet address 10.254.254.1/30
[SITE B: BASIC SETUP + GRE TUNNEL]
# WAN / Default route set interfaces vlan unit 200 family inet address 2.2.2.2/30 set vlans v200 interface xe-0/0/31.0 set vlans v200 l3-interface vlan.200 set routing-options static route 0.0.0.0/0 next-hop 2.2.2.1 # User VLAN set interfaces vlan unit 100 family inet address 3.0.0.129/25 set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members v100 set vlans v100 vlan-id 100 set vlans v100 l3-interface vlan.100 # Tunnel setup set chassis fpc 0 pic 0 tunnel-port 20 tunnel-services set interfaces gr-0/0/20 unit 0 tunnel source 2.2.2.2 set interfaces gr-0/0/20 unit 0 tunnel destination 1.1.1.2 set interfaces gr-0/0/20 unit 0 family inet address 10.254.254.2/30
[SITE A: DESTINATION-BASED ROUTING] -- Issue #1
set routing-options static route 3.0.0.128/25 next-hop 10.254.254.2 #or: next-hop gr-0/0/20.0
[SITE B: SOURCE-BASED ROUTING ATTEMPT #1] -- Issue #2 & #3
set interfaces vlan unit 100 family inet filter input vlan-filter set firewall family inet filter vlan-filter term t1 from source-address 3.0.0.128/25 set firewall family inet filter vlan-filter term t1 then count vlan-filter-count set firewall family inet filter vlan-filter term t1 then routing-instance gre-instance set firewall family inet filter vlan-filter term t1000 then accept set protocols ospf rib-group sr-group set protocols ospf area 0.0.0.0 interface all set routing-instances gre-instance instance-type forwarding set routing-instances gre-instance routing-options static route 0.0.0.0/0 next-hop 10.254.254.1 set routing-options rib-groups sr-group import-rib inet.0 set routing-options rib-groups sr-group import-rib gre-instance.inet.0
[SITE B: SOURCE-BASED ROUTING ATTEMPT #2] -- Issue #2 & #3
set interfaces vlan unit 100 family inet filter input vlan-filter set firewall family inet filter vlan-filter term t1 from source-address 3.0.0.128/25 set firewall family inet filter vlan-filter term t1 then count vlan-filter-count set firewall family inet filter vlan-filter term t1 then routing-instance gre-instance set firewall family inet filter vlan-filter term t1000 then accept set routing-instances gre-instance instance-type virtual-router set routing-instances gre-instance interface gr-0/0/20.0 set routing-instances gre-instance routing-options static route 0.0.0.0/0 next-hop 10.254.254.1 set routing-options interface-routes rib-group inet sr-group set policy-options policy-statement sr-policy term t1 from route-filter 0.0.0.0/0 exact set policy-options policy-statement sr-policy term t1 then reject set policy-options policy-statement sr-policy term t1000 then accept set routing-options rib-groups sr-group import-rib inet.0 set routing-options rib-groups sr-group import-rib vrf-route-table.inet.0 set routing-options rib-groups sr-group import-policy sr-policy