Discussion:
[j-nsp] GRE tunnel requires PIC?
billp
2003-08-28 07:58:09 UTC
Permalink
I have been unable to find this in the documentation explicitly.

If I wish to configure a GRE (IP) tunnel between two Juniper
routers, is the Tunnel Services PIC required or recommended?

thanks
bill
Agui He
2003-08-28 08:11:43 UTC
Permalink
yes It's need Tunnel Services PIC
----- Original Message -----
From: "billp" <***@wjp.net>
To: <juniper-***@puck.nether.net>
Sent: Thursday, August 28, 2003 12:56 PM
Subject: [j-nsp] GRE tunnel requires PIC?
Post by billp
I have been unable to find this in the documentation explicitly.
If I wish to configure a GRE (IP) tunnel between two Juniper
routers, is the Tunnel Services PIC required or recommended?
thanks
bill
_______________________________________________
http://puck.nether.net/mailman/listinfo/juniper-nsp
Igor Gashinsky
2003-08-28 08:17:55 UTC
Permalink
:: I have been unable to find this in the documentation explicitly.
::
:: If I wish to configure a GRE (IP) tunnel between two Juniper
:: routers, is the Tunnel Services PIC required or recommended?

It's required. If you want to do GRE, you need either the Tunnel Services
PIC or the new Adaptive Services PIC.

-igor
Richard A Steenbergen
2003-08-28 17:59:29 UTC
Permalink
Post by billp
I have been unable to find this in the documentation explicitly.
If I wish to configure a GRE (IP) tunnel between two Juniper
routers, is the Tunnel Services PIC required or recommended?
Without the tunnel services PIC, the only component which can do tunneling
is the routing engine. Without a tunnel pic you can still configure
tunneling, and it will work if you want to tunnel out the fxp0, but since
Juniper turned off the PFE->re forwarding (to stop people from trying to
route with the fxp0 I guess) you can't do it if it involves sending the
packet over the normal hardware. Personally I think it is a shame that you
can't do 64Kbps of v6-in-v4 tunneling without having to buy a tunnel pic
because some twits called for support on their fxp0 routing configuration,
but when has useful functionality and easing the adoption of a new
protocol ever stopped a router vendor before. :)
--
Richard A Steenbergen <***@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
harry
2003-08-28 18:50:19 UTC
Permalink
Routing transit traffic over fxp0 is dangerous because it can generate a
lot of traffic over the internal PFE/RE link (fxp1).

While a TS PIC is not free, I believe that Juniper felt it was better to
pay more for being able to turn on services without the possibility of
impacting existing services and routing protocol convergence/stability.
-----Original Message-----
Richard A Steenbergen
Sent: Thursday, August 28, 2003 9:59 AM
To: billp
Subject: Re: [j-nsp] GRE tunnel requires PIC?
Post by billp
I have been unable to find this in the documentation explicitly.
If I wish to configure a GRE (IP) tunnel between two
Juniper routers,
Post by billp
is the Tunnel Services PIC required or recommended?
Without the tunnel services PIC, the only component which can
do tunneling is the routing engine. Without a tunnel pic you
can still configure tunneling, and it will work if you want
to tunnel out the fxp0, but since Juniper turned off the
PFE->re forwarding (to stop people from trying to route with
the fxp0 I guess) you can't do it if it involves sending the
packet over the normal hardware. Personally I think it is a
shame that you can't do 64Kbps of v6-in-v4 tunneling without
having to buy a tunnel pic
because some twits called for support on their fxp0 routing
configuration, but when has useful functionality and easing
the adoption of a new
protocol ever stopped a router vendor before. :)
--
http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59
8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
_______________________________________________
http://puck.nether.net/mailman/listinfo/junipe> r-nsp
Richard A Steenbergen
2003-08-29 04:02:04 UTC
Permalink
Post by harry
Routing transit traffic over fxp0 is dangerous because it can generate a
lot of traffic over the internal PFE/RE link (fxp1).
While a TS PIC is not free, I believe that Juniper felt it was better to
pay more for being able to turn on services without the possibility of
impacting existing services and routing protocol convergence/stability.
Last I looked, the risks I was willing to take on my network by enabling
or disabling certain features was my choice, not my vendors'. :)

Besides, that's nonsense... You run the risk of having the fxp1 link
filled by DoS if you choose not to place filters and policers on your lo0,
you could easily do the same to limit v6-in-v4 tunnel traffic to small
amounts.
--
Richard A Steenbergen <***@e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Loading...