Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. juniper
GRE tunnel requires PIC?
billp at wjp
Aug 28, 2003, 2:58 AM
Post #1 of 6 (1633 views)
Permalink
I have been unable to find this in the documentation explicitly.

If I wish to configure a GRE (IP) tunnel between two Juniper
routers, is the Tunnel Services PIC required or recommended?

thanks
bill
GRE tunnel requires PIC? [ In reply to ]
a-gui at 163
Aug 28, 2003, 3:11 AM
Post #2 of 6 (1607 views)
Permalink
yes It's need Tunnel Services PIC
----- Original Message -----
From: "billp" <billp@wjp.net>
To: <juniper-nsp@puck.nether.net>
Sent: Thursday, August 28, 2003 12:56 PM
Subject: [j-nsp] GRE tunnel requires PIC?


> I have been unable to find this in the documentation explicitly.
>
> If I wish to configure a GRE (IP) tunnel between two Juniper
> routers, is the Tunnel Services PIC required or recommended?
>
> thanks
> bill
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
GRE tunnel requires PIC? [ In reply to ]
igor at nullrouteit
Aug 28, 2003, 3:17 AM
Post #3 of 6 (1609 views)
Permalink
:: I have been unable to find this in the documentation explicitly.
::
:: If I wish to configure a GRE (IP) tunnel between two Juniper
:: routers, is the Tunnel Services PIC required or recommended?

It's required. If you want to do GRE, you need either the Tunnel Services
PIC or the new Adaptive Services PIC.

-igor
GRE tunnel requires PIC? [ In reply to ]
ras at e-gerbil
Aug 28, 2003, 12:59 PM
Post #4 of 6 (1621 views)
Permalink
On Wed, Aug 27, 2003 at 09:56:52PM -0700, billp wrote:
> I have been unable to find this in the documentation explicitly.
>
> If I wish to configure a GRE (IP) tunnel between two Juniper
> routers, is the Tunnel Services PIC required or recommended?

Without the tunnel services PIC, the only component which can do tunneling
is the routing engine. Without a tunnel pic you can still configure
tunneling, and it will work if you want to tunnel out the fxp0, but since
Juniper turned off the PFE->re forwarding (to stop people from trying to
route with the fxp0 I guess) you can't do it if it involves sending the
packet over the normal hardware. Personally I think it is a shame that you
can't do 64Kbps of v6-in-v4 tunneling without having to buy a tunnel pic
because some twits called for support on their fxp0 routing configuration,
but when has useful functionality and easing the adoption of a new
protocol ever stopped a router vendor before. :)

--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
GRE tunnel requires PIC? [ In reply to ]
harry at juniper
Aug 28, 2003, 1:50 PM
Post #5 of 6 (1614 views)
Permalink
Routing transit traffic over fxp0 is dangerous because it can generate a
lot of traffic over the internal PFE/RE link (fxp1).

While a TS PIC is not free, I believe that Juniper felt it was better to
pay more for being able to turn on services without the possibility of
impacting existing services and routing protocol convergence/stability.



> -----Original Message-----
> From: juniper-nsp-bounces@puck.nether.net
> [mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of
> Richard A Steenbergen
> Sent: Thursday, August 28, 2003 9:59 AM
> To: billp
> Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] GRE tunnel requires PIC?
>
>
> On Wed, Aug 27, 2003 at 09:56:52PM -0700, billp wrote:
> > I have been unable to find this in the documentation explicitly.
> >
> > If I wish to configure a GRE (IP) tunnel between two
> Juniper routers,
> > is the Tunnel Services PIC required or recommended?
>
> Without the tunnel services PIC, the only component which can
> do tunneling is the routing engine. Without a tunnel pic you
> can still configure tunneling, and it will work if you want
> to tunnel out the fxp0, but since Juniper turned off the
> PFE->re forwarding (to stop people from trying to route with
> the fxp0 I guess) you can't do it if it involves sending the
> packet over the normal hardware. Personally I think it is a
> shame that you can't do 64Kbps of v6-in-v4 tunneling without
> having to buy a tunnel pic
> because some twits called for support on their fxp0 routing
> configuration, but when has useful functionality and easing
> the adoption of a new
> protocol ever stopped a router vendor before. :)
>
> --
> Richard A Steenbergen <ras@e-gerbil.net>
> http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59
> 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>
GRE tunnel requires PIC? [ In reply to ]
ras at e-gerbil
Aug 28, 2003, 11:02 PM
Post #6 of 6 (1616 views)
Permalink
On Thu, Aug 28, 2003 at 10:50:12AM -0700, harry wrote:
> Routing transit traffic over fxp0 is dangerous because it can generate a
> lot of traffic over the internal PFE/RE link (fxp1).
>
> While a TS PIC is not free, I believe that Juniper felt it was better to
> pay more for being able to turn on services without the possibility of
> impacting existing services and routing protocol convergence/stability.

Last I looked, the risks I was willing to take on my network by enabling
or disabling certain features was my choice, not my vendors'. :)

Besides, that's nonsense... You run the risk of having the fxp1 link
filled by DoS if you choose not to place filters and policers on your lo0,
you could easily do the same to limit v6-in-v4 tunnel traffic to small
amounts.

--
Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal