Solved: Re: Cannot get Tunnel Interface to route

jjevans1 · ‎03-22-2024

Hello All,

I have three routers in a lab with BGP peering.

Router 1 - Location A

Router 2 – ISP

Router 3 – Location B

I cannot seem to get the tunnel interface to come up because I cannot ping the other side.

I can ping all interfaces but the tunnel interface.

I am missing something and cannot figure out what it is. I am not worried about the IPSec configuration. I have that working in a different lab.

Any insight is appreciated.

MHM Cisco World · ‎03-22-2024

this lab for you
and Friend NEVER advertise the source and destination of tunnel and tunnel itself via same IGP/BGP NEVER
this case in tunnel cause recursive routing

Router1#show running-config
Building configuration...

Current configuration : 2005 bytes
!
! Last configuration change at 22:32:42 UTC Fri Mar 22 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 5.0.0.1 255.255.255.0
tunnel source Loopback0
tunnel destination 2.2.2.2
!
interface FastEthernet0/0
ip address 100.0.0.10 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router bgp 100
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 100.0.0.1 remote-as 1000
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Router1#

Router2#show run
Router2#show running-config
Building configuration...

*Mar 22 22:34:05.579: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 2005 bytes
!
! Last configuration change at 22:34:05 UTC Fri Mar 22 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 5.0.0.2 255.255.255.0
tunnel source Loopback0
tunnel destination 1.1.1.1
!
interface FastEthernet0/0
no ip address
shutdown
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 200.0.0.20 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router bgp 200
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 200.0.0.1 remote-as 1000
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

ISP#show run
ISP#show running-config
Building configuration...

Current configuration : 1844 bytes
!
! Last configuration change at 22:32:59 UTC Fri Mar 22 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 200.0.0.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router bgp 1000
bgp log-neighbor-changes
neighbor 100.0.0.10 remote-as 100
neighbor 200.0.0.20 remote-as 200
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!

View solution in original post

MHM Cisco World · ‎03-22-2024

From my first view this not work.

You need to add new LO in each router (except ISP router)

Advertise these LO in bgp

Use these LO as tunnel source and tunnel destination

MHM

jjevans1 · ‎03-22-2024

@MHM Cisco World

Thank you for your suggestion. I tried the loopback with the same results.
The loopback was advertised just like the ethernet interfaces. Both interfaces are up, advertised but for some reason not in the BGP routing table.

MHM Cisco World · ‎03-22-2024

Can I see your last config

MHM

jjevans1 · ‎03-22-2024

Yes of course, TY the other side is inversed of course.

Router #1 - Location A

interface Loopback0
description Tunnel Interface
ip address 10.0.0.1 255.255.255.0

interface Tunnel10
description Tunnel Interface
ip address 10.0.0.1 255.255.255.0
ip mtu 1500
tunnel source 10.0.0.1
tunnel destination 20.0.0.1
tunnel mode ipsec ipv4
tunnel path-mtu-discovery
tunnel protection ipsec profile XXXX_IPSEC_PROFILE

router bgp 65530
bgp log-neighbor-changes
network 10.1.1.0 mask 255.255.255.0
network 10.0.0.1 mask 255.255.255.0
network 198.145.32.0
neighbor 198.145.32.1 remote-as 65111

MHM Cisco World · ‎03-22-2024

this lab for you
and Friend NEVER advertise the source and destination of tunnel and tunnel itself via same IGP/BGP NEVER
this case in tunnel cause recursive routing

Router1#show running-config
Building configuration...

Current configuration : 2005 bytes
!
! Last configuration change at 22:32:42 UTC Fri Mar 22 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 5.0.0.1 255.255.255.0
tunnel source Loopback0
tunnel destination 2.2.2.2
!
interface FastEthernet0/0
ip address 100.0.0.10 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router bgp 100
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 100.0.0.1 remote-as 1000
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Router1#

Router2#show run
Router2#show running-config
Building configuration...

*Mar 22 22:34:05.579: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 2005 bytes
!
! Last configuration change at 22:34:05 UTC Fri Mar 22 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 5.0.0.2 255.255.255.0
tunnel source Loopback0
tunnel destination 1.1.1.1
!
interface FastEthernet0/0
no ip address
shutdown
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 200.0.0.20 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router bgp 200
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 200.0.0.1 remote-as 1000
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

ISP#show run
ISP#show running-config
Building configuration...

Current configuration : 1844 bytes
!
! Last configuration change at 22:32:59 UTC Fri Mar 22 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 200.0.0.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet3/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet4/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet5/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet6/1
no ip address
shutdown
speed auto
duplex auto
!
router bgp 1000
bgp log-neighbor-changes
neighbor 100.0.0.10 remote-as 100
neighbor 200.0.0.20 remote-as 200
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!

jjevans1 · ‎03-23-2024

Thank you for your config info and warning. Very helpful.

paul driver · ‎03-22-2024

Hello

@jjevans1 wrote:

I am missing something and cannot figure out what it is. I am not worried about the IPSec configuration. I have that working in a different lab.

Site-a = tunnel key 10
Site-b = tunnel key 20

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

jjevans1 · ‎03-22-2024

I read that the tunnel key was just an identifier. I have removed that part from the config but results are the same.

Georg Pauwen · ‎03-24-2024

Hello,

post the full running configs (full output of 'sh run') of all three routers, as IPSec is also involved.

paul driver · ‎03-24-2024

Hello
FYI - The tunnel key will negate communication between the tunnels is they differ

By default the logical tunnel interface will establish as soon as you create it even without any other configuration being applied to it so are you saying the tunnel itself is not establishing or the fact the tunnel protocol is down, if so check the communication between tunnel source/destination ip addressing from each rtr as communication is required for the tunnel to come up.

Also suggest remove IPsec for the time being and just focus on the reachabilty once you have that them append IPsec

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul