cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3101
Views
0
Helpful
3
Replies

vrf-lite through GRE tunnel

fsebera
Level 4
Level 4

Can ANYONE help; I cannot get my EIGRP neighbors to sync up across the VRF-Lite/GRE tunnel between R2 and R4.

When I apply the tunnel vrf DMZ to both tunnel99, both tunnel99 shut down automatically.

Thanks for any assistance

BTW, I am trying to share routing tables between R1 and R3 via R2/R4 cloud.

The link between R2/R4 is routed and used by many other groups so I cannot modify this link.

Topology:
                Tunnel99
R1--------R2-----------------R4---------R3
           .18             .17

Configurations:

R2#
ip vrf DMZ
rd 64701:35
route-target export 64701:35
route-target import 64701:35
!
interface GigabitEthernet0/0
ip address 10.64.241.18 255.255.255.252
!
interface Tunnel99
ip unnumbered GigabitEthernet0/0
keepalive 12 36
tunnel source GigabitEthernet0/0
tunnel destination 10.64.241.17
!
interface FastEthernet0/0/2
switchport access vlan 99
!
interface Vlan99
ip vrf forwarding DMZ
ip address 172.20.2.2 255.255.255.248
!
router eigrp 100
!
address-family ipv4 vrf DMZ
  network 172.20.2.0 0.0.0.7
  no auto-summary
  autonomous-system 55
exit-address-family

R4#
ip vrf DMZ
description Bedford <===> McLean DMZs PTP
rd 64701:35
route-target export 64701:35
route-target import 64701:35
!
interface Tunnel99
ip unnumbered GigabitEthernet0/0
tunnel source GigabitEthernet0/0
tunnel destination 10.64.241.18
!
interface GigabitEthernet0/0
ip address 10.64.241.17 255.255.255.252
!
interface FastEthernet0/0/2
switchport access vlan 99
!
interface Vlan99
ip vrf forwarding DMZ
ip address 172.20.2.3 255.255.255.248
!
router eigrp 100
!
address-family ipv4 vrf DMZ
  network 172.20.2.0 0.0.0.7
  no auto-summary
  autonomous-system 55
exit-address-family


R2
Interface                  IP-Address      OK? Method Status  Protocol
GigabitEthernet0/0         10.64.241.18    YES manual up      up     
FastEthernet0/0/2          unassigned      YES unset  up      up     
Vlan99                     172.20.2.2      YES manual up      up     
Tunnel99                   10.64.241.18    YES TFTP   up      up     

R4
Interface                  IP-Address      OK? Method Status Protocol
GigabitEthernet0/0         10.64.241.17    YES NVRAM  up     up     
FastEthernet0/0/2          unassigned      YES unset  up     up
Vlan99                     172.20.2.3      YES manual up     up     
Tunnel99                   10.64.241.17    YES TFTP   up     up     

R2#sh ip eigrp vrf DMZ nei
IP-EIGRP neighbors for process 55
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.20.2.1              Vl99              11 02:33:10    3   200  0  18


R4#sh ip eigrp vrf DMZ nei
sh ip eigrp vrf DMZ neighbors
IP-EIGRP neighbors for process 55
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.20.2.4              Vl99              13 01:17:56    2   200  0  16

1 Accepted Solution

Accepted Solutions

Rolf Fischer
Level 9
Level 9

Hi,

if the tunnel IP belongs to a VRF and the tunnel source/destination to another (or to the global context), you cannot use keepalives.

This config should work:

R2:

interface Tunnel 99

ip vrf forwarding DMZ

ip unnumbered VLAN99

tunnel source Gi0/0

tunnel destination 10.64.241.17

no keepalive

!

R4:

interface Tunnel99

ip vrf forwarding DMZ

ip unnumbered VLAN99

tunnel source Gi0/0

tunnel destination 10.64.241.18

no keepalive

!

HTH

Rolf

View solution in original post

3 Replies 3

Rolf Fischer
Level 9
Level 9

Hi,

if the tunnel IP belongs to a VRF and the tunnel source/destination to another (or to the global context), you cannot use keepalives.

This config should work:

R2:

interface Tunnel 99

ip vrf forwarding DMZ

ip unnumbered VLAN99

tunnel source Gi0/0

tunnel destination 10.64.241.17

no keepalive

!

R4:

interface Tunnel99

ip vrf forwarding DMZ

ip unnumbered VLAN99

tunnel source Gi0/0

tunnel destination 10.64.241.18

no keepalive

!

HTH

Rolf

One more note:

You're using the same IP subnet for VLAN99 on both sides of the tunnel.

GRE is a layer-3 tunnel protocol, so you should assign another subnet on one side and use a (extra) common subnet for the tunnel.

The partitioning of VLAN99  with a GRE-tunnel will lead to connectivity problems.

Best regards

Rolf

Hey Bolf,

YES YES YES, silly me, GRE keepalives and vrf-Lite do not mix.

THANK YOU

Operating as designed!!

Best Regards

Frank