cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4377
Views
10
Helpful
2
Replies

Keepalive brings tunnel in vrf down..

kaustav.gupta
Level 1
Level 1

Hi,

This is a well know issue that keepalives configured on tunnel interfaces in vrf brings it down. I did some wireshark capture on the link between Ts1 and tS2  but did not come up with any findings.

I wanted to find out what happens internally in the router and why the keepalives dont reach the other end.

Tunnel 111 is associated with ip vrf forwarding GREEN , tunnel loopbacks in VRF RED and tunnel vrf RED.

R1 - Ts1 --------------------------------------------------- Ts2 - R3

Any help appreciated..     

Please find below the configurations:

Router TS1 config:
interface Loopback1
ip vrf forwarding RED
ip address 1.1.1.1 255.255.255.255

interface Tunnel111
ip vrf forwarding GREEN
ip address 10.1.1.1 255.255.255.252
tunnel source Loopback1
tunnel destination 2.2.2.2
tunnel vrf RED


interface GigabitEthernet0/0
ip vrf forwarding GREEN
ip address 3.1.1.2 255.255.255.0
duplex full
speed 1000
media-type gbic
negotiation auto

interface GigabitEthernet1/0
ip vrf forwarding RED
ip address 150.1.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto


router eigrp 1
auto-summary

address-family ipv4 vrf GREEN
  network 0.0.0.0
  no auto-summary
  autonomous-system 100
exit-address-family

router ospf 1 vrf RED
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0

TS1 Sh log:


sh log
*May 30 06:18:58.501: Tunnel111: sending keepalive, 2.2.2.2->1.1.1.1 (len=24 ttl=255), counter=1783
*May 30 06:18:58.501: Tunnel111: GRE/IP encapsulated 1.1.1.1->2.2.2.2 (linktype=7, len=48)
*May 30 06:18:58.505: Tunnel111 count tx, adding 0 encap bytes
*May 30 06:19:01.393: Tunnel111: GRE/IP classify 2.2.2.2->1.1.1.1 tbl=1,"IPv4:RED" failed, tunnel down
*May 30 06:19:01.393: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:01.397: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:01.501: Tunnel111: tunnel notify state change - current down, evaluated down
interface - current down
*May 30 06:19:01.501: Tunnel111: sending keepalive, 2.2.2.2->1.1.1.1 (len=24 ttl=255), counter=1784
*May 30 06:19:01.505: Tunnel111: GRE/IP encapsulated 1.1.1.1->2.2.2.2 (linktype=7, len=48)
*May 30 06:19:01.505: Tunnel111 count tx, adding 0 encap bytes
*May 30 06:19:04.393: Tunnel111: GRE/IP classify 2.2.2.2->1.1.1.1 tbl=1,"IPv4:RED" failed, tunnel down
*May 30 06:19:04.397: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:04.397: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:06.157: %SYS-5-CONFIG_I: Configured from console by console
*May 30 06:19:07.405: Tunnel111: tunnel notify state change - current down, evaluated up
interface - current down
*May 30 06:19:07.405: Tunnel111: GRE/IP classify 2.2.2.2->1.1.1.1 tbl=1,"IPv4:RED" failed, tunnel down
*May 30 06:19:07.405: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:07.405: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:08.405: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel111, changed state to up
*May 30 06:19:08.409: FIBtunnel: Tu111: stacking IP 0.0.0.0 to RED:2.2.2.2
*May 30 06:19:10.105: Tunnel111: GRE/IP encapsulated 1.1.1.1->2.2.2.2 (linktype=7, len=84)
*May 30 06:19:10.109: Tunnel111 count tx, adding 0 encap bytes
*May 30 06:19:10.405: Tunnel111: GRE/IP to classify 2.2.2.2->1.1.1.1 (tbl=1,"IPv4:RED" len=48 ttl=254 tos=0xC0)
*May 30 06:19:10.405: Tunnel111: tunnel notify state change - current up, evaluated up
interface - current up
*May 30 06:19:10.409: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:10.413: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:13.329: Tunnel111: GRE/IP to classify 2.2.2.2->1.1.1.1 (tbl=1,"IPv4:RED" len=48 ttl=254 tos=0xC0)
*May 30 06:19:13.333: Tunnel111: GRE/IP (PS) to decaps 2.2.2.2->1.1.1.1 tbl=1,"RED" len=48 ttl=254)
*May 30 06:19:13.333: Tunnel111: GRE decapsulated IP packet (linktype=7, len=24)
*May 30 06:19:13.405: Tunnel111: tunnel notify state change - current up, evaluated up
interface - current up


TS2:
ip vrf GREEN
rd 500:500

ip vrf RED
rd 400:400


interface Loopback2
ip vrf forwarding RED
ip address 2.2.2.2 255.255.255.255


interface Tunnel111
ip vrf forwarding GREEN
ip address 10.1.1.2 255.255.255.252
tunnel source Loopback2
tunnel destination 1.1.1.1
tunnel vrf RED

interface GigabitEthernet0/0
ip vrf forwarding GREEN
ip address 4.1.1.2 255.255.255.0
duplex full
speed 1000
media-type gbic
negotiation auto

interface GigabitEthernet1/0
ip vrf forwarding RED
ip address 150.1.1.2 255.255.255.252
ip ospf network point-to-point
negotiation auto


router eigrp 1
auto-summary

address-family ipv4 vrf GREEN
  network 0.0.0.0
  no auto-summary
  autonomous-system 100
exit-address-family

router ospf 1 vrf RED
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0

2 Replies 2

yashfaqu
Level 1
Level 1

GRE tunnel keepalive is not supported in cases where virtual route forwarding (VRF) is applied to a GRE tunnel, except for  on the most recent IOS-XE (3.3) version that runs on  the ASR1k hardware

Source: http://www.cisco.com/en/US/docs/ios/12_4/interface/configuration/guide/inb_tun.html

Hi,

 

I am responding to an old thread but i came across similar issue and spent couple of days to resolve it so i am updating this thread as it may help someone.

 

The difference was that my tunnel was not part of VRF. The problem was that line protocol on tunnel interface was down. Phase 1 and Phase 2 were successful. Ipsec encaps and decaps were happening. We ran a debug on tunnel interface and noticed below logs, when we will shut and no shut the tunnel, it will briefly come up and then go down. 

 

So removing keepalives from tunnel interface resolved the issue. We were using 4331 and 2921 routers for setting up tunnels. Thanks

 

Nov 10 19:02:46.166: FIBtunnel: Tu101: stacking IP 0.0.0.0 to Default:x.x.x.x,route-via: FALSE
Nov 10 19:02:54.239: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to down
Nov 10 19:02:54.246: FIBtunnel: Tu101: unstacking 0.0.0.0
Nov 10 19:03:02.039: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to up
Nov 10 19:03:02.040: FIBtunnel: Tu101: stacking IP 0.0.0.0 to Default:x.x.x.x,route-via: FALSE
Nov 10 19:03:04.244: Tunnel101: Tunnel linestate change - current up,evaluated down - keepalive down
Nov 10 19:03:04.245: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to down
Nov 10 19:03:04.246: Tunnel101: Current Interface MTU: 9976, New Interface MTU: 9950
Nov 10 19:03:04.246: Tunnel101: Current Transport MTU: 1476, New Transport MTU: 1450
Nov 10 19:03:04.251: Tunnel101: GRE/IP (PS) to decaps x.x.x.x->x.x.x.x (tbl=0,"default" len=24 ttl=248)
Nov 10 19:03:04.251: FIBtunnel: Tu101: unstacking 0.0.0.0
Nov 10 19:03:04.261: Tunnel101: GRE/IP (PS) to decaps x.x.x.x->x.x.x.x (tbl=0,"default" len=24 ttl=248)
Nov 10 19:03:14.246: Tunnel101: Tunnel linestate change - current down,evaluated up
Nov 10 19:03:14.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to up
Nov 10 19:03:14.248: FIBtunnel: Tu101: stacking IP 0.0.0.0 to Default:x.x.x.x,route-via: FALSE
Nov 10 19:03:44.247: Tunnel101: Tunnel linestate change - current up,evaluated down - keepalive down
Nov 10 19:03:44.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel101, changed state to down
Nov 10 19:03:44.253: FIBtunnel: Tu101: unstacking 0.0.0.0

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: