Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
0
Helpful
5
Replies

GRE Tunnel - Problems

carlosz
Level 1
Level 1

‎05-13-2004 11:23 AM - edited ‎03-02-2019 03:41 PM

I've created an environment based in GRE Tunnels. The idea is force IP packets to pass through a path beetowen a switch that have an IDS to check all packets. My tunnel is used only when the packet is sent by remote router and when this packet returns uses it's normal path. Physically, my remote router and Secondary router don't have an serial interface connected (but my frame-relay network provide and redundancy,in the draw above, I have on remote one serial interface with one IP address. On primary and backup, I have an ATM interface connected to a Frame-Relay network with the same address. My redundacy is provided by a Frame-Relay switch who is responsible to manage the logical links), by this reason, I have to use an GRE tunnel to force my traffic to pass over the switch + IDS. Follow a draw.

/-------------Primary Router

/ |

/ |

Remote-------\ |

\(Virtual Path) Switch + IDS

\ GRE Tunnel |

\ |

\----------Secondary Router

My problem is when my secondary router is down (It's the tunnel's end) my packets try to use tunnel every 60 or 50 seconds that causes a lost of 2 packets.

Everyone knows something about this?

Follow a sample of my configuration:

Remote

interface Loopback0

ip address 192.168.244.29 255.255.255.255

!

interface Tunnel35

bandwidth 128

ip address 172.16.96.102 255.255.255.252

ip mtu 1514

tunnel source 172.31.62.1

tunnel destination 192.168.244.2

!

interface Ethernet0

ip address 172.31.62.1 255.255.255.0

no keepalive

!

interface Serial0

bandwidth 128

no ip address

encapsulation frame-relay IETF

load-interval 30

no fair-queue

frame-relay traffic-shaping

frame-relay lmi-type ansi

!

interface Serial0.1 point-to-point

bandwidth 64

ip address 172.16.192.102 255.255.255.252

frame-relay interface-dlci 16

!

router eigrp 100

network 172.16.192.102 0.0.0.0

distribute-list 5 in

no auto-summary

eigrp router-id 172.16.96.102

ip route 0.0.0.0 0.0.0.0 Tunnel35

ip route 0.0.0.0 0.0.0.0 Serial0.1 50

access-list 5 permit 192.168.244.2

Primary

router eigrp 100

redistribute ospf 1 metric 10 1000 255 1 1500 route-map OSPF-EIGRP

network 172.16.192.2 0.0.0.0

network 172.16.192.97 0.0.0.0

network 172.16.192.101 0.0.0.0

network 172.16.194.237 0.0.0.0

network 192.168.0.0

no auto-summary

eigrp router-id 192.168.244.1

interface ATM1/0.35 point-to-point

ip address 172.16.192.101 255.255.255.252

pvc 2/75

abr 128 64

broadcast

oam-pvc manage

Secondary

interface Loopback0

ip address 192.168.244.2 255.255.255.255

ip ospf authentication-key 7 120B0C10131D

interface Tunnel35

ip address 172.16.96.101 255.255.255.252

ip mtu 1543

delay 100

tunnel source 192.168.244.2

tunnel destination 172.31.62.1

My routing environment is working, I did some tests to check if my redundancy is activate when the secondary is down and it works perfectly. The tunnel interface is up but the protocol is down. The only problem is when the router try to check the Tunnel interface and turns the protocol on. It try to send some packtes to it (2 packets) and after it is displayed and Recursive problem and the router turn off the tunnel interface. After this all packets is sent to the default route (serial interface). After 50 or 60 seconds this problem occurs again.

I hope that somebody can help me!

Thanks.

Carlos Zen

(5511)8136-1353

carloz@spread.com.br

Labels:
0 Helpful
5 Replies 5

olorunloba
Level 5
Level 5

‎05-13-2004 01:26 PM

I think more details of the interfaces might be needed. You did ont give any information concerning the physical interfaces on the secondary router. Also more information on the routing processes.

Though, it seems the problem might be due to recursive routing. Hence check this link.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a0080087093.html

0 Helpful

carlosz
Level 1
Level 1
In response to olorunloba

‎05-14-2004 06:13 AM

My physical interface on secondary router is the same of primary (IP Address and Physicall interface), my redundacy is made by a frame-relay switch, so if something is bad, this switch can change the link internally. About the routing process, we use EIGRP to connect remote to the primary router and between the primary and secondary OSPF. In the remote router we have two default route, one to tunnel and another to serial interface with cost of 50. This second route only is applied when the tunnel goes down. It's the time when the problems come, the router try to check if the tunnel is up every 50 or 60 seconds because physically it's up but the protocol is down. I'll try to use a command called "keepalive" to check if the problem is corrected. But this command is only available on some IOS like 12.2.8T which is required more memory and flash. I've to know if is possible to solve this problem without IOS changes. Do you know if is possible to set keepalive or try to check the tunnel state without send some packets to it?

Thanks in advance

0 Helpful

carlosz
Level 1
Level 1
In response to carlosz

‎05-14-2004 08:24 AM

I did a test using KEEPALIVE 2 2 command on GRE Tunnel and works very good. I didn't lost any packet and my routing environment made all necessary to send my information to destination. But I still need other opinions because I had to do this in 600 routers and it means costs because this command is only avalilable on 12.2.8T or above. Does anybody knows something about it?

Thanks in advance.

0 Helpful

smif101
Level 4
Level 4

‎05-14-2004 09:17 AM

The one thing that I see immediatly is that the primary and secondary router doesn't know how to reach the tunnel destination network of 172.31.62.x. I see that you have the loopbacks in eigrp but not the tunnel interface. That will be a problem. Were you even able to ping the remote tunnel interface? Maybe you typed in the configs but I wouldn't set the network statements as you have them, I would but in the subnet mask of the actual interface and not down as a host.

Jason Smith

www.smif101.com

0 Helpful

carlosz
Level 1
Level 1
In response to smif101

‎05-14-2004 10:16 AM

I've theses routes:

Primary

ip route 172.31.62.0 255.255.254.0 ATM1/0.35

ip route 172.31.62.0 255.255.254.0 172.26.0.3 200

Secondary

ip route 172.31.62.0 255.255.254.0 ATM1/0.35

In EIGRP only my Serial interface on remote and ATM interface on Primary are as network.

The tunnel interface is used only when the remote router send an information, so the backup only receive. This was created because I'll check the information only when the remotes routers send something. This was the project was designed (by the way was designed by other company).

Thanks.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card