Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1269
Views
4
Helpful
15
Replies

EIGRP Neighbors reset (Flapping) in DMVPN Connection

Go to solution
MohammadSalih
Level 1
Level 1

‎04-03-2024 11:38 PM

hi every one,
i have an issue with EIGRP Relationship in DMVPN connections,
the neighbor reset between the hub and the spoke
and i got the Errors:

%DUAL-5-NBRCHANGE: EIGRP-IPv4 77: Neighbor 172.19.1.36 (Tunnel191) is down: Interface PEER-TERMINATION received
%DUAL-5-NBRCHANGE: EIGRP-IPv4 77: Neighbor 172.19.1.36 (Tunnel191) is up: new adjacency
%DUAL-5-NBRCHANGE: EIGRP-IPv4 77: Neighbor 172.19.1.137 (Tunnel191) is down: Interface PEER-TERMINATION received
%DUAL-5-NBRCHANGE: EIGRP-IPv4 77: Neighbor 172.19.1.137 (Tunnel191) is up: new adjacency
%DUAL-5-NBRCHANGE: EIGRP-IPv4 77: Neighbor 172.19.1.126 (Tunnel191) is down: Interface PEER-TERMINATION received
%PIM-5-NBRCHG: neighbor 172.19.4.127 UP on interface Tunnel194
%DUAL-5-NBRCHANGE: EIGRP-IPv4 77: Neighbor 172.19.1.126 (Tunnel191) is up: new adjacency
%DUAL-5-NBRCHANGE: EIGRP-IPv4 77: Neighbor 172.19.4.127 (Tunnel194) is up: new adjacency
%DUAL-3-SIA: Route 77.77.61.0/24 stuck-in-active state in base 77. Cleaning up
%DUAL-5-NBRCHANGE: EIGRP-IPv4 77: Neighbor 172.19.1.93 (Tunnel191) is down: stuck in active
EIGRP: Build goodbye tlv for 172.19.1.93

i have VSAT connection between hub and spokes,the underlay connection work fine without any packet loss
also i have more than DMVPN connection with different underlay connection.
like Fiber optic and it works fine without any problem,

only the VSAT connection have this issue.

the configuration:
HUB

interface Tunnel191
description ** VSAT **
bandwidth 10
ip address 172.19.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1400
ip nbar protocol-discovery
no ip split-horizon eigrp 77
ip pim nbma-mode
ip pim sparse-dense-mode
ip nhrp map multicast dynamic
ip nhrp network-id 111
ip summary-address eigrp 77 79.0.0.0 255.0.0.0
ip summary-address eigrp 77 182.0.0.0 255.0.0.0
ip tcp adjust-mss 1360
qos pre-classify
tunnel source GigabitEthernet0/0.8
tunnel mode gre multipoint
tunnel key 111
end

Spokes
interface Tunnel191
description ** VSAT **
ip address 172.19.1.126 255.255.255.0
ip mtu 1400
ip nbar protocol-discovery
ip pim nbma-mode
ip pim sparse-mode
ip nhrp map multicast 172.22.8.5
ip nhrp map 172.19.1.254 172.22.8.5
ip nhrp network-id 111
ip nhrp nhs 172.19.1.254
delay 1000
qos pre-classify
tunnel source 172.22.8.242
tunnel destination 172.22.8.5
tunnel key 111
end

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Ruess
VIP
VIP

‎04-04-2024 05:12 PM

Hello,

 

It seems you have a lot of latency to bet getting SIA messages and eventually tearing down the neighbor ship. A couple things you could try is upping the hello/hold time to 60/120. That wont inherently fix the issue of latency but if your EIGRP neighbors remain stable it could point you to issues with the connection.

Another thing I notices was your tunnel BW is 10. By default EIGRP is allowed to use up to 50% up that. It could be your updates are being dropped after hitting that limit which is very small.

You could also try static EIGRP neighbors to see if this also fixes the issue.

Lastly you could remove EIGRP and use static routes and do some ping tests. If you get packet drops then your connection is likely to blame.

 

-David

View solution in original post

15 Replies 15

Go to solution
MHM Cisco World
VIP
VIP

‎04-03-2024 11:45 PM

Share below one by one dont run both in same time 

 

Debug tunnel protection 

Debug dmvpn detail crypto 

MHM

0 Helpful

Go to solution
MohammadSalih
Level 1
Level 1
In response to MHM Cisco World

‎04-03-2024 11:55 PM - edited ‎04-03-2024 11:56 PM

first command not exist

second command no show any error.

note: i didn't enable tunnel protection because i don't need it.

Go to solution
MHM Cisco World
VIP
VIP
In response to MohammadSalih

‎04-04-2024 12:11 AM

Show ip eigrp neighbor detail 

Show ip eigrp interface details 

MHM

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎04-04-2024 12:18 AM

In spoke tunnel 

tunnel source 172.22.8.242 <<- use interface instead of IP
tunnel destination 172.22.8.5 <<- use tunnel mode gre multipoint instead of this command 

MHM

0 Helpful

Go to solution
MohammadSalih
Level 1
Level 1
In response to MHM Cisco World

‎04-04-2024 12:31 AM

 
Preview file
41 KB
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to MohammadSalih

‎04-04-2024 12:37 AM

The RTO is 5000 and there is always one message in queue.

There is issue in unicast since neighbor is list (hub IP)

And I make double check you mix phaseII with PhaseI of dmvpn 

I think this issue 

Try run phaseII in both hub and spoke 

Check my previous note about spoke tunnel 

MHM

0 Helpful

Go to solution
MohammadSalih
Level 1
Level 1
In response to MHM Cisco World

‎04-04-2024 02:25 AM

i change config , and still the same problem.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to MohammadSalih

‎04-04-2024 03:20 AM

What did you change ?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎04-04-2024 12:24 AM

Hello @MohammadSalih ,

on your Hub router interface tunnel 191 config you have the following lines :

ip summary-address eigrp 77 79.0.0.0 255.0.0.0
ip summary-address eigrp 77 182.0.0.0 255.0.0.0

Are you sure they are not covering the public IP address of the HUB causing recursion ?

Hope to help

Giuseppe

 

0 Helpful

Go to solution
MohammadSalih
Level 1
Level 1
In response to Giuseppe Larosa

‎04-04-2024 12:32 AM

Yes, it's not covering public IP's of the HUB.

Go to solution
Georg Pauwen
VIP
VIP

‎04-04-2024 02:25 AM

Hello,

looking at your config snippets, and not knowing what QoS policy you have implemented, the 'qos pre-classify' might cause packet drops or latency that messes with your EIGRP.

For the sake of testing, can you turn it off ?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎04-04-2024 05:00 AM

there is so many SIAQUERY in show ip eigrp you share, this can be because the Link is flapping (you can check this by show ip interface in time EIGRP log down) or it can because you use EIGRP between Spokes and when Spokes or it route is flapping, the other Spokes send SIAQUERY .
you need some kind of Stub 
also can you reduce some of EIGRP by use 
no ip eigrp next-hop-self 


23 172.19.1.31 Tu191 12 00:03:32 543 5000 12 44
Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 2
Topology-ids from peer - 0
HELLO seq 44 ser 0-0
SIAQUERY seq 7881723 ser 15354381-15354381 Sequenced
SIAQUERY seq 7881737 ser 15354421-15354421 Sequenced
QUERY seq 7881800 ser 15354446-15354449 Sequenced
UPDATE seq 7881811 ser 15354774-15354777 Sequenced
QUERY seq 7881813 ser 15354822-15354848 Sequenced
UPDATE seq 7881814 ser 15355166-15355177 Sequenced
UPDATE seq 7881884 ser 15355426-15355427 Sequenced
SIAQUERY seq 7881915 ser 15355434-15355434 Sequenced
SIAQUERY seq 7881944 ser 15355445-15355445 Sequenced
SIAQUERY seq 7881969 ser 15355456-15355456 Sequenced
SIAQUERY seq 7881979 ser 15355467-15355467 Sequenced
19 172.19.1.155 Tu191 14 00:03:32 543 5000 12 406
Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 2
Topology-ids from peer - 0
HELLO seq 406 ser 0-0
SIAQUERY seq 7881722 ser 15354380-15354380 Sequenced
SIAQUERY seq 7881736 ser 15354420-15354420 Sequenced
QUERY seq 7881800 ser 15354446-15354449 Sequenced
UPDATE seq 7881811 ser 15354774-15354777 Sequenced
QUERY seq 7881813 ser 15354822-15354848 Sequenced
UPDATE seq 7881814 ser 15355166-15355177 Sequenced
UPDATE seq 7881884 ser 15355426-15355427 Sequenced
SIAQUERY seq 7881902 ser 15355433-15355433 Sequenced
SIAQUERY seq 7881943 ser 15355444-15355444 Sequenced
SIAQUERY seq 7881968 ser 15355455-15355455 Sequenced
SIAQUERY seq 7881978 ser 15355466-15355466 Sequenced
15 172.19.1.218 Tu191 12 00:03:32 545 5000 12 460
Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 2
Topology-ids from peer - 0
HELLO seq 460 ser 0-0
SIAQUERY seq 7881721 ser 15354379-15354379 Sequenced
SIAQUERY seq 7881735 ser 15354419-15354419 Sequenced
QUERY seq 7881800 ser 15354446-15354449 Sequenced
UPDATE seq 7881811 ser 15354774-15354777 Sequenced
QUERY seq 7881813 ser 15354822-15354848 Sequenced
UPDATE seq 7881814 ser 15355166-15355177 Sequenced
UPDATE seq 7881884 ser 15355426-15355427 Sequenced
SIAQUERY seq 7881901 ser 15355432-15355432 Sequenced
SIAQUERY seq 7881942 ser 15355443-15355443 Sequenced
SIAQUERY seq 7881967 ser 15355454-15355454 Sequenced
SIAQUERY seq 7881977 ser 15355465-15355465 Sequenced

0 Helpful

Go to solution
David Ruess
VIP
VIP

‎04-04-2024 05:12 PM

Hello,

 

It seems you have a lot of latency to bet getting SIA messages and eventually tearing down the neighbor ship. A couple things you could try is upping the hello/hold time to 60/120. That wont inherently fix the issue of latency but if your EIGRP neighbors remain stable it could point you to issues with the connection.

Another thing I notices was your tunnel BW is 10. By default EIGRP is allowed to use up to 50% up that. It could be your updates are being dropped after hitting that limit which is very small.

You could also try static EIGRP neighbors to see if this also fixes the issue.

Lastly you could remove EIGRP and use static routes and do some ping tests. If you get packet drops then your connection is likely to blame.

 

-David

Go to solution
MohammadSalih
Level 1
Level 1
In response to David Ruess

‎04-14-2024 11:36 PM

thanks for replying.

when i remove the tunnel BW (10) The EIGRP neighbors become stable.

my question is why the BW effect on eigrp neighbor relationship ,what i know about the values (BW ,MTU,Load,Delay and Reli)

effect of path selection of eigrp multi-tunnel and not effect on the physical interface. is that right?

thanks for helping.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card