NOTE: I originally published this page in 2018; instructions may now be out of date.
If you will be creating GRE tunnels on a Juniper vMX device you will first need to enable the tunnel services. If you do not do this you will not have any GRE interfaces available on the FPC.
- Log into the vMX routing engine and enter configuration mode.
- Enable the tunnel services:
set chassis fpc 0 pic 0 tunnel-services bandwidth 10g
- Commit the configuration to apply it.
You will then be able to use gr-0/0/0 for GRE tunnels, they can be configured the same as any other Juniper device which supports GRE tunnels.
GRE Interface Example
This is a sample GRE interface configuration:
gr-0/0/0 {
description "GRE Tunnels";
unit 0 {
description "GRE Tunnel Example";
tunnel {
source 192.168.1.1;
destination 192.168.1.2;
allow-fragmentation;
path-mtu-discovery;
}
family inet {
mtu 1400;
tcp-mss 1360;
address 10.1.1.1/30;
}
family inet6 {
mtu 1400;
tcp-mss 1360;
address fd12:3456:f:ff2a::1/64;
}
}
}In this case I set a low tcp-mss and MTU due to the GRE tunnel running over IPSEC. If you are using IPSEC on a vMX device, check out the instructions to enable the adaptive services interface here.
Possible Problems
On some hosts I have experienced an issue where the GRE tunnel will not pass any traffic. To fix that I changed the bandwidth from 10g to 1g. If you experience the same problem, it might we worth trying this first:
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
Changing the bandwidth from 10g to 1g will also cause the GRE interfaces to rename, the GRE interface will change from gr-0/0/0 to gr-0/0/10. If you have any defined GRE tunnels you will need to rename the interface as well:
edit interfaces rename gr-0/0/0 to gr-0/0/10
If you also have the gr-0/0/0 interface defined anywhere else (perhaps under protocols or routing-instances) you will also need to change those. You can quickly check by using this command:
run show configuration | display set | grep gr-0/0/0