Is this physical interface

ali.mouslmani · ‎02-08-2017

Hello,

We are facing a problem with eigrp neighborship between branches and HO in a DMVPN network.

The eigrp between several branch routers and HO router, is flapping all the time (most probably due to link issue).

However, at certain point the neighborship goes down and doesn't go up although the tunnel is up and there is reachability from both sides.

The neighborship doesn't go up unless we clear DMVPN or shut/no shut the tunnel interface.

During the problem, the traffic passes through Tunnel2(which is on a stable link) and the "show ip route" output doesn't show entries corresponding to Tunnel1(eigrp flapping)

HO Router 7200

#show log

Feb 8 08:12:20 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.17.254 (Tunnel1) is up: new adjacency
Feb 8 08:12:22 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.1 (Tunnel1) is up: new adjacency
Feb 8 08:12:45 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.2 (Tunnel1) is down: retry limit exceeded
Feb 8 08:12:49 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.2 (Tunnel1) is up: new adjacency
Feb 8 08:13:13 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.2 (Tunnel1) is down: stuck in INIT state
Feb 8 08:13:13 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.1 (Tunnel1) is down: stuck in INIT state
Feb 8 08:13:13 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.17.254 (Tunnel1) is down: stuck in INIT state
Feb 8 08:13:13 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.1 (Tunnel1) is up: new adjacency
Feb 8 08:13:14 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.17.254 (Tunnel1) is up: new adjacency
Feb 8 08:13:17 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.2 (Tunnel1) is up: new adjacency
Feb 8 08:14:24 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.1 (Tunnel1) is down: stuck in INIT state
Feb 8 08:14:24 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.16.2 (Tunnel1) is down: stuck in INIT state
Feb 8 08:14:24 Beirut: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.214.17.254 (Tunnel1) is down: stuck in INIT state

#sh ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 20-Jun-13 13:06 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)

BR1274R1 uptime is 11 weeks, 1 day, 4 hours, 33 minutes
System returned to ROM by power-on
System restarted at 08:11:14 Beirut Thu Nov 10 2016
System image file is "flash0:c2900-universalk9-mz.SPA.152-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: power-on

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2911/K9 (revision 1.0) with 471040K/53248K bytes of memory.
Processor board ID FCZ174170WX
3 Gigabit Ethernet interfaces
2 Serial(sync/async) interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
8 Voice FXO interfaces
4 Voice FXS interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2911/K9 FCZ174170WX

Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc uck9 Permanent uck9
data None None None

Configuration register is 0x2102

Mark Malone · ‎02-08-2017

The eigrp between several branch routers and HO router, is flapping all the time (most probably due to link issue).

So you have several branches all having issues flapping , is it the core link you see an issue on are you seeing issues on the physical link that may be causing this , crcs , up.down etc

are you using standard eigrp timers or have you set them more aggressively , can you post the dmvpn spoke and hub config with the eigrp config to see what way its setup

have you tried lowering the mtu on the tunnel make sure it matches both sides too and your tcp adjust is set, increase the timers as a test too , hello and holdown

is this like this since it was installed or has it only stared happening recently ?

probably need a debug to see exactly why its flapping ...debug eigrp packet

ali.mouslmani · ‎02-08-2017

Hello Mark,

Thanks for your reply.

However, this a DMVPN setup of couple hundred routers, and changing mtu, mss, hello and holdown timers cannot be done between a spoke and the hub unless done on all.

We will check eigrp packet debugs.

Mark Malone · ‎02-08-2017

ah ok yes then don't change the timers if you have working links I thought the issue was all links were effected in the dmvpn setup

you could run an ip sla between the effected link and the hub see how much traffic its dropping traffic too as a test , the debug may provide something concrete though

Julio E. Moisa · ‎02-08-2017

Hi,

Could you please check the routing table and verify if the tunnel destination is not being received through the tunnel.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

ali.mouslmani · ‎02-08-2017

it is statically routed

Mark Malone · ‎02-08-2017

Is this physical interface racking up errors constantly ?

paul driver · ‎02-08-2017

Hello

How are you mapping multicast to the NHRP NHS , Dynamically or statically?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ali.mouslmani · ‎02-08-2017

Hi,

Statically.

Julio E. Moisa · ‎02-08-2017

Could you please share the tunnel configuration? multicast dynamic on the hub?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

ali.mouslmani · ‎02-08-2017

interface Tunnel1
description Branch MW DMVPN
bandwidth 512
ip address 10.214.17.148 255.255.254.0
no ip redirects
ip mtu 1400
ip flow ingress
ip flow egress
ip nhrp authentication evx9ql*0
ip nhrp group MW_NHRP
ip nhrp map multicast 10.214.104.1
ip nhrp map 10.214.16.1 10.214.104.1
ip nhrp map 10.214.16.2 10.214.104.5
ip nhrp map multicast 10.214.104.5
ip nhrp map 10.214.17.254 10.214.111.245
ip nhrp map multicast 10.214.111.245
ip nhrp network-id 1
ip nhrp holdtime 450
ip nhrp nhs 10.214.16.1
ip nhrp nhs 10.214.17.254
ip nhrp nhs 10.214.16.2
load-interval 30
delay 30000
if-state nhrp
qos pre-classify
tunnel source GigabitEthernet0/2
tunnel mode gre multipoint
tunnel key 153072607
tunnel protection ipsec profile mw_prof

Julio E. Moisa · ‎02-08-2017

do you have 2 hubs? I see 2 multicast maps.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

ali.mouslmani · ‎02-09-2017

Yes. 2 hubs.

paul driver · ‎02-09-2017

Hello

Can you do the following and the test again

NHC
Int tun 1
shut
no ip nhrp map 10.214.16.2 10.214.104.5
no ip nhrp map multicast 10.214.104.5
no ip nhrp map 10.214.17.254 10.214.111.245
no ip nhrp map multicast 10.214.111.245
ip nhrp map multicast 10.214.104.5
ip nhrp map 10.214.16.2 10.214.104.5
ip nhrp map multicast 10.214.111.245
ip nhrp map 10.214.17.254 10.214.111.245
no shut

NHS
clear ip eigrp neighbors x.x.x.x (NHC) _ this will just reset that specific adjacency

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ali.mouslmani · ‎02-09-2017

I will try this and get back to you.

EIGRP Neighborship stays down