Configuring filter-based GRE tunneling

Traffic matching an IP filter can be tunneled with GRE using the following mechanisms:

• Configure a GRE tunnel template.

• Associate the GRE tunnel template with the forwarding action of an IPv4 or IPv6 filter using the forward gre-tunnel gre-tunnel-template command.

The gre-tunnel-template defines the parameters to create the GRE header used to encapsulate matching IP traffic:

• One or more destination IP addresses must be defined in the gre-tunnel-template.

  • If more than one destination is configured, traffic is hashed across all available destinations.

  • GRE-Tunnel-templates using IPv6 transport are limited to a single destination address.

  • Traffic is routed to the selected destination address based on the route table in the forwarding context of the IP filter.

• The source address can be configured to any value and is not validated against a local IP address on the local router.

• The optional gre-key field can be populated with the ifIndex of the ingress interface on which the matching IP packet was received.

• An optional template command, skip-ttl-decrement, allows the TTL of the encapsulated IP packet not to be decremented when encapsulated into the GRE header.

The following is an example configuration for an IPv4 based GRE tunnel template and then an IPv6 based GRE tunnel template:

Example: MD-CLI

*[pr:/configure filter]
A:admin@cses-V27# info
    ip-filter "1" {
        entry 1 {
            pbr-down-action-override forward
            action {
            }
        }
    }
    ip-filter "2" {
        entry 1 {
            action {
                forward {
                    gre-tunnel "greTunnel_ipv6"
                }
            }
        }
    }
    gre-tunnel-template "greTunnel_ipv4" {
        description "10.20.1.5"
        ipv4 {
            source-address 10.20.1.3
            destination-address 9.9.9.9 { }
            destination-address 10.20.1.5 { }
            destination-address 13.13.13.13 { }
        }
    }
    gre-tunnel-template "greTunnel_ipv6" {
        ipv6 {
            source-address 3ffe::a14:100
            gre-key if-index
            destination-address 3ffe::a01:102 { }
        }
    }

Example: classic CLI

*A:admin@cses-V27>config>filter>ip-filter$ default-action 
        gre-tunnel-template "greTunnel_ipv4" create 
            description "10.20.1.5" 
            ipv4 
                source-address 10.20.1.3 
                destination-address 9.9.9.9 
                destination-address 10.20.1.5 
                destination-address 13.13.13.13 
            exit 
        exit 
        ip-filter 1 name "1" create 
            entry 1 create 
                action 
                exit 
                pbr-down-action-override forward 
            exit  
            entry 2 create 
                action 
                    forward gre-tunnel "greTunnel_ipv4" 
                exit 
            exit  
        exit 

*A:admin@cses-V27>config>filter# info
        gre-tunnel-template "greTunnel_ipv6" create
            ipv6
                gre-key if-index .    (optional)
                source-address 3ffe::a14:100
                destination-address 3ffe::a01:102
            exit
        exit
        ip-filter 2 name "2" create
            entry 1 create
                action
                    forward gre-tunnel "greTunnel_ipv6"
                exit
            exit
        exit