GRE itself is purely session-less stuff and there is no built-in mechanism to detect the tunnel status. Different vendor then create different method to check the GRE tunnel status.
For example, Cisco IOS can config "keep alive" on the GRE interface, and Juniper JUNOS can config "keep alive" under [edit protocol oam gre-tunnel interface-name] level.
Unfortunately, Juniper J-series and SRX do not support [protocol oam] at this moment. The unconditionally "up" status on GRE interface could potentially lead to black hole.
In my environment, I do have BGP peering over the GRE tunnel between devices on two ends. Fortunately I can use BFD on BGP peering session to detect the connectivity and able to react to network failure quicker.
It's very easy to config BFD on Juniper BGP protocol, as below
[edit protocol bgp group XXX] or
[edit protocol bgp group XXX neighbor YYY]
set bfd-liveness-detection minimum-interval 1000
Where the unit of internal is ms, hence 1000 means 1 second.
During the setup of BFD, original BGP session status is intact. It is safe to setup BFD on one side and then work on another side. Also "clear bfd adaptation" command is hitless.
It is always good to have OAM or BFD when running things over Metro-E or Tunnel.
No comments:
Post a Comment