Configuration Guide User guide
FastIron Configuration Guide 1047
53-1002494-02
IPv4 point-to-point GRE tunnels
the destination endpoint of the tunnel. The router that terminates the tunnel (i.e., the router where
the tunnel endpoint is an ingress interface) de-encapsulates the GRE tunneled packet to retrieve
the native multicast data packets. After de-encapsulation, data packets are forwarded in the
direction of its receivers, and control packets may be consumed. This creates a PIM-enabled virtual
or logical link between the two GRE tunnel endpoints.
Strict RPF check for multicast protocols
IronWare software enforces strict Reverse Path Forwarding (RPF) check rules on an (s,g) entry on a
GRE tunnel interface. The (s,g) entry uses the GRE tunnel as an RPF interface. During unicast
routing transit, GRE tunnel packets may arrive at different physical interfaces. The strict RPF check
limits GRE PIM tunnel interfaces to accept the (s,g) GRE tunnel traffic.
NOTE
For the FESX624 device, and the SX-FI624C, SX-FI624P, SX-FI624HF, and the SX-FI62XG modules
loopback ports are required for de-encapsulating the GRE tunneled packet. On these hardware
devices, when the GRE-encapsulated multicast packet is received, the unicast GRE mechanism
takes care of de-encapsulating the packet. The packet then egresses and re-ingresses the tunnel
interface loopback port as the native multicast packet. The hardware RPF check is done, not on the
tunnel interface directly, but on the loopback port - the hardware compares this port number with
the port number configured in the Multicast table (s,g) entry. If they match, the packet is routed.
Otherwise it is sent to the CPU for error processing. In unicast, it is permissible for multiple tunnel
interfaces to use a single loopback port. However, in multicast, this will not allow the hardware to
determine the tunnel interface that the packet was received on in order to do an RPF check.
Therefore, when IPv4 Multicast Routing is enabled on a GRE tunnel, the tunnel interface must have
a dedicated loopback port.
GRE support with other features
This section describes how GRE tunnels may affect other features on FESX, FSX, and FCX devices.
Support for ECMP for routes through a GRE tunnel
Equal-Cost Multi-Path (ECMP) load sharing allows for load distribution of traffic among available
routes. When GRE is enabled, a mix of GRE tunnels and normal IP routes is supported. If multiple
routes are using GRE tunnels to a destination, packets are automatically load-balanced between
tunnels, or between tunnels and normal IP routes.
ACL, QoS, and PBR support for traffic through a GRE tunnel
NOTE
PBR and ACL filtering for packets terminating on a GRE tunnel is not supported on FCX devices.
However, PBR can be used to map IP traffic into a GRE tunnel, but it cannot be used to route GRE
traffic. On FCX devices, QoS support for GRE encapsulated packets is limited to copying DSCP values
from the inner header onto the outer header.