Thank you Georg for quick reply, If we have network statement they are not forming the neighbors as we are running on IPSEC and I believe IPSEC do not allow Multicast traffic.

I have no access to those systems and I did not saw any q count on that neighbors at any time of the Neighbor relation if that you want to see.

Georg, Nani,

Please allow me to join.

Nani, the messages you are seeing suggest that the EIGRP traffic is being lost between your R1 and R2. The meaning of the messages is:

• "interface peer termination received": The neighbor sent us a Hello packet with an indication that the neighbor is tearing down the adjacency with us.
• "Hold timer expired": We have not received any valid Hello packet from the neighbor for the last Hold seconds (by default 15)
• "retries exceeded": We tried to retransmit a reliable EIGRP packet (Update, Query, Reply, SIA-Query, SIA-Reply) for too many times without receiving any Acknowledgment from the neighbor.

You wrote that the "peer termination" message appears on R1, and "Hold timer expired" / "retries exceeded" appear on R2. Is this always the case, or do the R1 and R2 also report other (perhaps mixed) reasons for the adjacency flaps?

Either way, we are definitely looking at a connectivity issue, and in your case, it is unicast connectivity since you are using the neighbor commands. One question, though: You are using IPsec, yes, but I assume that the IPsec only encrypts the transit traffic between R1 and R2, not the traffic originated and terminated on 192.168.1.1 and 192.168.1.2, respectively - because that would prevent IPsec from even coming up in the first place. Therefore, I suspect more that it is your local policy, rather than IPsec, that forces you to go for purely unicast EIGRP connectivity. Would you agree? In any case, if you share the ACL 100, we will be able to tell for sure.

Therefore, we first need to identify the reason for the unicast connectivity flaps between R1 and R2.

I have noted that you are already using an IP SLA probe to ping 192.168.1.2. What is the probe used for? My suggestion is to use the probe (or create a new one) to keep one router continuously ping the other, and find out how often does the outage occur, and how long does it last. For this, it would be nice to send the ping every 1s and use a timeout of 2s, and refer to the IP SLA probe in a phony track object such as:

track 1 ip sla 1

You do not need to use it anywhere, but every time the IP SLA probe 1 fails or recovers, the track object will go down or back up, and this event will be logged. This way, you can track when did the ping fail, how long did it fail, and when did it come back up.

Sorry for not being able to suggest more here but you see, we are hunting down an issue that may either be caused by the IPsec, or by the elementary IP connectivity. EIGRP is very likely only a victim here.

Best regards,
Peter

Hi peter!

  Thank you for responce, ACL is alow any any and IPsec is up and active were able to encrypt the traffic. However, we have the same setup running at different location which seems lo working good. I would like to add the track statement which you send and will see if it give any more details.

For trouble shooting more, we created a bfd and saw a log at a particular time RX down which we are assuming there is a problem in the circuit. 

It is helpful to know that your acl for crypto is permit ip any any. Cisco advises not to do this as it may cause problems. I suggest that you create a new acl and as Peter has suggested in that acl specify transit traffic (and perhaps eigrp traffic).

HTH

Rick

Thank you Richard, I will make those changes.

We are making those changes and will let you know the result.

Thank you.

Hello,

  We bring back GRE tunnel up on DEC 31, and running on multicast routing. we experienced the neighbor drops on 1 st and since then neighbors are stable. However, one of our server lost visibility to the PC connected to that network and IP SLA have some failures. Is it good enough to say it is Transport issue.

Thank you

It is good to know that you brought back GRE tunnel. That is a better environment for running EIGRP over ipsec vpn. It is interesting that the neighbors have been stable but that a server lost visibility to some PC. It is probably more significant that IP SLA is reporting some failures. Can you provide some detail of how you set up IP SLA (what address is it monitoring, what threshold, etc)? 

HTH

Rick

Yes, It is directly connected subnet. We are working with the ISP from the day of issue started they are unable to find the issue on their circuit.