05-30-2011 01:50 AM
Hi,
This is a well know issue that keepalives configured on tunnel interfaces in vrf brings it down. I did some wireshark capture on the link between Ts1 and tS2 but did not come up with any findings.
I wanted to find out what happens internally in the router and why the keepalives dont reach the other end.
Tunnel 111 is associated with ip vrf forwarding GREEN , tunnel loopbacks in VRF RED and tunnel vrf RED.
R1 - Ts1 --------------------------------------------------- Ts2 - R3
Any help appreciated..
Please find below the configurations:
Router TS1 config:
interface Loopback1
ip vrf forwarding RED
ip address 1.1.1.1 255.255.255.255
interface Tunnel111
ip vrf forwarding GREEN
ip address 10.1.1.1 255.255.255.252
tunnel source Loopback1
tunnel destination 2.2.2.2
tunnel vrf RED
interface GigabitEthernet0/0
ip vrf forwarding GREEN
ip address 3.1.1.2 255.255.255.0
duplex full
speed 1000
media-type gbic
negotiation auto
interface GigabitEthernet1/0
ip vrf forwarding RED
ip address 150.1.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
router eigrp 1
auto-summary
address-family ipv4 vrf GREEN
network 0.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
router ospf 1 vrf RED
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
TS1 Sh log:
sh log
*May 30 06:18:58.501: Tunnel111: sending keepalive, 2.2.2.2->1.1.1.1 (len=24 ttl=255), counter=1783
*May 30 06:18:58.501: Tunnel111: GRE/IP encapsulated 1.1.1.1->2.2.2.2 (linktype=7, len=48)
*May 30 06:18:58.505: Tunnel111 count tx, adding 0 encap bytes
*May 30 06:19:01.393: Tunnel111: GRE/IP classify 2.2.2.2->1.1.1.1 tbl=1,"IPv4:RED" failed, tunnel down
*May 30 06:19:01.393: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:01.397: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:01.501: Tunnel111: tunnel notify state change - current down, evaluated down
interface - current down
*May 30 06:19:01.501: Tunnel111: sending keepalive, 2.2.2.2->1.1.1.1 (len=24 ttl=255), counter=1784
*May 30 06:19:01.505: Tunnel111: GRE/IP encapsulated 1.1.1.1->2.2.2.2 (linktype=7, len=48)
*May 30 06:19:01.505: Tunnel111 count tx, adding 0 encap bytes
*May 30 06:19:04.393: Tunnel111: GRE/IP classify 2.2.2.2->1.1.1.1 tbl=1,"IPv4:RED" failed, tunnel down
*May 30 06:19:04.397: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:04.397: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:06.157: %SYS-5-CONFIG_I: Configured from console by console
*May 30 06:19:07.405: Tunnel111: tunnel notify state change - current down, evaluated up
interface - current down
*May 30 06:19:07.405: Tunnel111: GRE/IP classify 2.2.2.2->1.1.1.1 tbl=1,"IPv4:RED" failed, tunnel down
*May 30 06:19:07.405: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:07.405: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:08.405: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel111, changed state to up
*May 30 06:19:08.409: FIBtunnel: Tu111: stacking IP 0.0.0.0 to RED:2.2.2.2
*May 30 06:19:10.105: Tunnel111: GRE/IP encapsulated 1.1.1.1->2.2.2.2 (linktype=7, len=84)
*May 30 06:19:10.109: Tunnel111 count tx, adding 0 encap bytes
*May 30 06:19:10.405: Tunnel111: GRE/IP to classify 2.2.2.2->1.1.1.1 (tbl=1,"IPv4:RED" len=48 ttl=254 tos=0xC0)
*May 30 06:19:10.405: Tunnel111: tunnel notify state change - current up, evaluated up
interface - current up
*May 30 06:19:10.409: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:10.413: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:13.329: Tunnel111: GRE/IP to classify 2.2.2.2->1.1.1.1 (tbl=1,"IPv4:RED" len=48 ttl=254 tos=0xC0)
*May 30 06:19:13.333: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:13.333: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:13.405: Tunnel111: tunnel notify state change - current up, evaluated up
interface - current up
TS2:
ip vrf GREEN
rd 500:500
ip vrf RED
rd 400:400
interface Loopback2
ip vrf forwarding RED
ip address 2.2.2.2 255.255.255.255
interface Tunnel111
ip vrf forwarding GREEN
ip address 10.1.1.2 255.255.255.252
tunnel source Loopback2
tunnel destination 1.1.1.1
tunnel vrf RED
interface GigabitEthernet0/0
ip vrf forwarding GREEN
ip address 4.1.1.2 255.255.255.0
duplex full
speed 1000
media-type gbic
negotiation auto
interface GigabitEthernet1/0
ip vrf forwarding RED
ip address 150.1.1.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
router eigrp 1
auto-summary
address-family ipv4 vrf GREEN
network 0.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
router ospf 1 vrf RED
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
05-30-2011 06:07 AM
GRE tunnel keepalive is not supported in cases where virtual route forwarding (VRF) is applied to a GRE tunnel, except for on the most recent IOS-XE (3.3) version that runs on the ASR1k hardware
Source: http://www.cisco.com/en/US/docs/ios/12_4/interface/configuration/guide/inb_tun.html
11-10-2017 12:38 PM
Hi,
I am responding to an old thread but i came across similar issue and spent couple of days to resolve it so i am updating this thread as it may help someone.
The difference was that my tunnel was not part of VRF. The problem was that line protocol on tunnel interface was down. Phase 1 and Phase 2 were successful. Ipsec encaps and decaps were happening. We ran a debug on tunnel interface and noticed below logs, when we will shut and no shut the tunnel, it will briefly come up and then go down.
So removing keepalives from tunnel interface resolved the issue. We were using 4331 and 2921 routers for setting up tunnels. Thanks
Nov 10 19:02:46.166: FIBtunnel: Tu101: stacking IP 0.0.0.0 to Default:x.x.x.x,route-via: FALSE
Nov 10 19:02:54.239: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to down
Nov 10 19:02:54.246: FIBtunnel: Tu101: unstacking 0.0.0.0
Nov 10 19:03:02.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to up
Nov 10 19:03:02.040: FIBtunnel: Tu101: stacking IP 0.0.0.0 to Default:x.x.x.x,route-via: FALSE
Nov 10 19:03:04.244: Tunnel101: Tunnel linestate change - current up,evaluated down - keepalive down
Nov 10 19:03:04.245: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to down
Nov 10 19:03:04.246: Tunnel101: Current Interface MTU: 9976, New Interface MTU: 9950
Nov 10 19:03:04.246: Tunnel101: Current Transport MTU: 1476, New Transport MTU: 1450
Nov 10 19:03:04.251: Tunnel101: GRE/IP (PS) to decaps x.x.x.x->x.x.x.x (tbl=0,"default" len=24 ttl=248)
Nov 10 19:03:04.251: FIBtunnel: Tu101: unstacking 0.0.0.0
Nov 10 19:03:04.261: Tunnel101: GRE/IP (PS) to decaps x.x.x.x->x.x.x.x (tbl=0,"default" len=24 ttl=248)
Nov 10 19:03:14.246: Tunnel101: Tunnel linestate change - current down,evaluated up
Nov 10 19:03:14.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to up
Nov 10 19:03:14.248: FIBtunnel: Tu101: stacking IP 0.0.0.0 to Default:x.x.x.x,route-via: FALSE
Nov 10 19:03:44.247: Tunnel101: Tunnel linestate change - current up,evaluated down - keepalive down
Nov 10 19:03:44.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to down
Nov 10 19:03:44.253: FIBtunnel: Tu101: unstacking 0.0.0.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide