Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
2
Replies

DMVPN up/down reason

paul amaral
Level 4
Level 4

‎08-22-2023 12:28 PM

Hi, is there a way to find out why a NBMA neighbor went down. In the case below You can see that the neighbor is only up for 1 day and 4 hours. However am unable to find out why. I checked OSPF and neighbor status and it never went down. I did see a few anti replay errors but am unable to find out what caused this bounce. 

TIA, Paul 

Interface Tunnel0 is up/up, Addr. is 10.2.2.1, VRF ""
   Tunnel Src./Dest. addr: 172.17.3.1/Multipoint, Tunnel VRF ""
   Protocol/Transport: "multi-GRE/IP", Protect "ENS_ipsec_profile"
   Interface State Control: Disabled
   nhrp event-publisher : Disabled
Type:Hub, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1 172.17.3.2             10.2.2.2    UP    1d04h     D        10.2.2.2/32
Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎08-22-2023 12:44 PM

have you checked on the Spoke side any errors and uptime of the Far end device ?

is this one of time you seeing this issue ? or frequent  ?

what model of router and ios code running - best is enable syslog see if you can get logs in co-relating the issue if that occurs again.

I have Good document for troubleshooting DMVPN in case reference :

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-3052.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul amaral
Level 4
Level 4
In response to balaji.bandi

‎08-22-2023 02:46 PM - edited ‎08-22-2023 03:10 PM

Hi, BB. This is happening on ASR 1K routers. It's happening between two routers, its not frequent but it happens every week or so. I looked at OSPF and it doesn't correlate with DMVPN being up/down, nor to I see ipsec bouncing. Although I do see the occasion replay error. I did notice that one of these routers comes close to maxing out the CIR but I do have QOS for routing matching dscp 48/CS6. I was just looking to see why the DMPVN peers cycles at times. I wasn't sure if there is way to figure this out as I don't see anything specific in the logs. IOS XE version, 16.12.05. 

BTW, thanks for the reply, I will check out the document.

Paul 

 

update: It looks the the DMVPN is correlated with invalid SPI, I just happen to catch it now. Of course now I need to figure out what is happening. I didn't know that invalid SPI would reset the ipsec tunnel. 

Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
K - No IKE
ivrf = (none)
Peer I/F Username Group/Phase1_id Uptime Status
172.17.3.2 Tu0 172.17.3.2 00:53:57 UA

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card