07-14-2013 07:45 PM - edited 03-04-2019 08:27 PM
Hi.
There is a 7201 router:
Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 15.0(1)M8, RELEASE SOFTWARE (fc1)
It has half of a hundred NHRP spokes, which often send EIGRP peer-termination due to SIA condition.
What i noticed is zero SIA traffic counters on this router:
#sho ip eigrp vrf LAN traffic
EIGRP-IPv4 Traffic Statistics for AS(134) VRF(LAN)
Hellos sent/received: 505500/1554130
Updates sent/received: 20130/13078
Queries sent/received: 10149/18275
Replies sent/received: 17229/10176
Acks sent/received: 36341/53444
SIA-Queries sent/received: 0/0
SIA-Replies sent/received: 0/0
Hello Process ID: 325
PDM Process ID: 322
Socket Queue: 0/2000/24/0 (current/max/highest/drops)
Input Queue: 0/2000/24/0 (current/max/highest/drops)
Is it just a counter bug in VRF code, or router really did not received any SIA queries (which is really hard to beleive) ?
07-15-2013 01:38 PM
We do not know enough about the topology of your network and about how your EIGRP is set up to be able to determine what is going on here. But I notice that you talk about NHRP which is usually associated with WAN environments and that you are looking at counters in vrf LAN. Do you perhaps have a vrf for WAN and a different vrf for LAN? That could easily explain why the EIGRP in vrf LAN did not receive SIA.
HTH
Rick
07-15-2013 08:57 PM
EIGRP runs only in this vrf.
Also, there is not only NHRP hub, but usual tunnels too.
Some of neigbours are stubs, some not, and i do not use summaries (yet).
All of this tunnels are in one LAN vrf.
07-16-2013 12:53 AM
Hello
Are you using just one eigrp process domain?
What is the diameter of this domain? ( meaning how many routers does SIA quires go through to reach the edge of your network?
Are the neighbors adjacencies being reset or are you seeing SIA log messages?
Can you show the output from show ip eigrp topology active
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
07-16-2013 02:25 AM
It's one AS. We have some links with friendly organization, which has same AS and we share common 10/8 network.
The radius could be 6-7 hops sometimes. Not all equipment under my control.
07-16-2013 02:57 AM
Hello,
This is very hard to troubleshoot as you are providing very little information to work with!
When you say you share this network range- are you advertising the same network block on every router or do you have summarisation in place to avoid such eirgp queries traversing the whole of the network and possible creating these SIA issues
Can you post the output from the command I posted eailier and possible run config of the hub router.
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
07-16-2013 04:09 AM
As i said before - i do not use summaries.
Also there were no routes in active states, so there were nothing to post.
Here is router's config:
ip cef
!
!
ip vrf LAN
rd 5:5
snmp context LAN
!
!
!
interface Loopback2
description IPSec NHRP HUB source
ip vrf forwarding LAN
ip address x.y.z.x 255.255.255.255
!
!
interface Loopback3
description NHRP HUB source
ip vrf forwarding LAN
ip address x.y.z.y 255.255.255.255
!
!
interface Tunnel5056
bandwidth 100
ip vrf forwarding LAN
ip address -cut- 255.255.255.252
delay 5500
tunnel source -cut-
tunnel destination -cut-
tunnel vrf LAN
!
!
interface Tunnel5607
bandwidth 10000
ip vrf forwarding LAN
ip address -cut- 255.255.255.252
ip flow egress
load-interval 30
delay 100
keepalive 10 3
tunnel source -cut-
tunnel destination -cut-
tunnel vrf LAN
!
!
interface Tunnel7056
bandwidth 100
ip vrf forwarding LAN
ip address -cut- 255.255.255.252
delay 5500
tunnel source -cut-
tunnel destination -cut-
tunnel vrf LAN
!
!
interface Tunnel11111
description test
ip vrf forwarding LAN
ip address -cut- 255.255.255.252
load-interval 30
shutdown
keepalive 10 3
tunnel source -cut-
tunnel mode ipsec ipv4
tunnel destination -cut-
tunnel vrf LAN
tunnel protection ipsec profile TUN-AES256
!
!
interface Tunnel50056
description Syktivkar, Perv, Inet, RTC - Kartel
bandwidth 90
ip vrf forwarding LAN
ip address -cut- 255.255.255.252
ip mtu 1394
ip flow ingress
ip flow egress
load-interval 30
delay 20
qos pre-classify
tunnel source -cut-
tunnel mode ipsec ipv4
tunnel destination -cut-
tunnel vrf LAN
tunnel protection ipsec profile TUN-AES256
!
!
interface Tunnel56000
description IPSec NHRP HUB
ip vrf forwarding LAN
ip address 10.96.255.56 255.255.255.0
no ip redirects
ip mtu 1394
ip flow ingress
ip flow egress
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 600
no ip route-cache cef
no ip split-horizon eigrp 134
delay 5500
tunnel source -cut-
tunnel mode gre multipoint
tunnel key 56
tunnel vrf LAN
tunnel protection ipsec profile LIGHT
!
!
interface Tunnel56034
description Surgut, Inet, RTC - USI
bandwidth 1900
ip vrf forwarding LAN
ip address -cut- 255.255.255.252
ip flow ingress
ip flow egress
load-interval 30
delay 30500
keepalive 10 3
tunnel source -cut-
tunnel mode ipsec ipv4
tunnel destination -cut-
tunnel vrf LAN
tunnel protection ipsec profile LIGHT
!
!
interface Tunnel56050
description Syktivkar, Inet, Rostelecom - Sovintel
bandwidth 100
ip vrf forwarding LAN
ip address -cut- 255.255.255.252
ip mtu 1394
ip flow ingress
ip flow egress
delay 20
qos pre-classify
tunnel source -cut-
tunnel mode ipsec ipv4
tunnel destination -cut-
tunnel vrf LAN
tunnel protection ipsec profile TUN-AES256
!
!
interface Tunnel56901
description Moscow, UTG, Inet, RTC
ip vrf forwarding LAN
ip address -cut- 255.255.255.252
ip access-group UTG_IN in
ip access-group UTG_OUT out
ip flow ingress
ip flow egress
keepalive 10 3
tunnel source -cut-
tunnel mode ipsec ipv4
tunnel destination -cut-
tunnel vrf LAN
tunnel protection ipsec profile TUN-AES
!
!
interface Tunnel506000
description NHRP HUB
ip vrf forwarding LAN
ip address -cut- 255.255.255.0
no ip redirects
ip mtu 1394
ip flow ingress
ip flow egress
ip nhrp map multicast dynamic
ip nhrp network-id 506
ip nhrp holdtime 600
no ip route-cache cef
no ip split-horizon eigrp 134
tunnel source -cut-
tunnel mode gre multipoint
tunnel key 506
tunnel vrf LAN
!
!
interface Null0
no ip unreachables
!
interface GigabitEthernet0/3
description inter-VRF link, LAN-INET
ip vrf forwarding LAN
ip address -cut- 255.255.255.254
no ip proxy-arp
ip nat outside
ip virtual-reassembly max-reassemblies 256
load-interval 30
duplex auto
speed auto
negotiation auto
no mop enabled
crypto map LAN_OUTSIDE
!
service-policy output pol_LAN_INET
!
router eigrp 134
!
address-family ipv4 vrf LAN autonomous-system 134
redistribute static route-map rm_static
network 10.95.0.0 0.0.0.1
network 10.95.1.0 0.0.0.255
network 10.95.2.0 0.0.1.255
network 10.95.4.0 0.0.1.255
network 10.95.38.0 0.0.0.255
network 10.95.56.0 0.0.0.255
network 10.96.4.160 0.0.0.15
network 10.96.4.176 0.0.0.15
network 10.96.37.0 0.0.0.255
network 10.96.62.68 0.0.0.3
network 10.96.62.124 0.0.0.3
network 10.96.62.180 0.0.0.3
network 10.96.62.188 0.0.0.3
network 10.96.63.48 0.0.0.3
network 10.96.63.160 0.0.0.3
network 10.96.63.164 0.0.0.3
network 10.96.63.200 0.0.0.3
network 10.96.63.220 0.0.0.3
network 10.96.100.0 0.0.0.255
network 10.96.200.56 0.0.0.0
network 10.96.243.0 0.0.0.255
network 10.96.245.0 0.0.0.255
network 10.96.253.4 0.0.0.3
network 10.96.255.0 0.0.0.255
network 10.123.123.1 0.0.0.0
passive-interface default
no passive-interface Tunnel56000
no passive-interface Tunnel506000
no passive-interface GigabitEthernet0/1.35
no passive-interface Tunnel50056
no passive-interface Tunnel56050
no passive-interface Tunnel56034
no passive-interface Virtual-Template1
no passive-interface Tunnel7056
no passive-interface Tunnel5056
no passive-interface Tunnel11111
no passive-interface Tunnel5607
eigrp event-log-size 100000
exit-address-family
!
!
route-map rm_static permit 10
match tag 134
!
route-map rm_static permit 20
match tag 4
set metric 1 200 255 1 1500
!
route-map rm_static permit 30
match tag 135
set metric 100000 20 255 1 1500
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide