Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
1
Helpful
18
Replies

EIGRP Tunnel Hold Time Expires Top of the Hour

Verbatim
Level 1
Level 1

‎01-12-2024 06:54 PM - edited ‎01-13-2024 11:00 AM

Spoke logs attached; hub seems to show corresponding “peer termination received” entries. Hold time seems to be expiring at the top of the hour in most cases shown (exceptions: Dec 2nd, 4th, 16th, and 17th). Unlikely enabling debugs on the hub will be acceptable, log load would be too high (unless there’s a way to only debug for this particular spoke).

Will show excerpts of the config for hub and spoke below. Note that there are 2 tunnels on the spoke; not experiencing any issues on the other tunnel, which I believe is configured very similarly to this one, to connect to a different hub.

Would it be a good idea to setup a capture filter on the hub?

rx57-409vt-2 (Spoke):
interface Tunnel1100
description Tunnel to rx7-208vt10 hub
bandwidth 20000
ip flow monitor MONITOR_IPV4 input
ip address 10.23.9.171 255.255.254.0
no ip redirects
no ip proxy-arp
ip mtu 1350
ip hello-interval eigrp 895 60
ip hold-time eigrp 895 180
ip nhrp authentication TunnAuth
ip nhrp map 10.23.8.1 aaa.bbb.ccc.ddd
ip nhrp network-id 10001
ip nhrp holdtime 300
ip nhrp nhs 10.23.8.1
ip tcp adjust-mss 1300
delay 1100
ipv6 flow monitor MONITOR_IPV6 input
tunnel source GigabitEthernet0/0/0
tunnel destination aaa.bbb.ccc.ddd
tunnel key 10001
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN-PROFILE
!
interface GigabitEthernet0/0/0
description NNM-MON to Comcast (redacted), Boeing (redacted), 20M, RJ45
bandwidth 20000
ip flow monitor MONITOR_IPV4 input
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
ip access-group Protect-the-Router-Inbound in
load-interval 30
negotiation auto
no cdp enable
ipv6 flow monitor MONITOR_IPV6 input
service-policy output QOS-WAN-UPLINK
ip virtual-reassembly
!

router eigrp 895
network 10.6.125.72 0.0.0.7
network 10.23.8.0 0.0.1.255
network 10.23.72.0 0.0.1.255
network 10.28.68.171 0.0.0.0
passive-interface default
no passive-interface Tunnel1000
no passive-interface Tunnel1100
eigrp stub connected
!

rx7-208vt10 (Hub):
interface Tunnel1100
description From authenticated spoke routers
bandwidth 10000000
ip address 10.23.8.1 255.255.254.0
no ip redirects
ip mtu 1350
ip hello-interval eigrp 895 60
ip hold-time eigrp 895 180
no ip next-hop-self eigrp 895
no ip split-horizon eigrp 895
ip flow monitor MONITOR_IPV4 input
ip nhrp authentication TunnAuth
ip nhrp map multicast dynamic
ip nhrp network-id 10001
ip nhrp holdtime 600
ip nhrp max-send 500 every 10
zone-member security external
ip summary-address eigrp 895 0.0.0.0 0.0.0.0
ip tcp adjust-mss 1300
delay 1100
ipv6 flow monitor MONITOR_IPV6 input
qos pre-classify
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 10001
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN-PROFILE
!

router eigrp 895
network 10.23.8.0 0.0.1.255
passive-interface default
no passive-interface Tunnel1100
!

 

Labels:
Preview file
22 KB
Preview file
2 KB
0 Helpful
18 Replies 18

marce1000
VIP
VIP

‎01-12-2024 10:53 PM

 

      - FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCdv72353

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Georg Pauwen
VIP
VIP

‎01-13-2024 02:20 AM

Hello,

apparently you have a ZBF configured on the hub ? If we call this hub the 'problem' hub, does the other 'non-problem' hub have a ZBF configured as well ?

0 Helpful

Verbatim
Level 1
Level 1
In response to Georg Pauwen

‎01-13-2024 10:25 AM

Yes, it does.

0 Helpful

MHM Cisco World
VIP
VIP

‎01-13-2024 02:51 AM

the answer from your Post 
not all time the eigrp flapping 
so sure there is EIGRP packet is drop due to high traffic flow 
this make neighbor assume the EIGRP is down 
I think the solution is use below command and make the percentage 50%
ip bandwidth-percent eigrp as-number percent

MHM

0 Helpful

Verbatim
Level 1
Level 1
In response to MHM Cisco World

‎01-13-2024 10:41 AM

Competing for bandwidth and dropping the eigrp packets would explain what was going on. The spoke tunnels are both sourced from the one interface, and it is true the other tunnel on the working hub carries a lot more traffic than the problem tunnel. However, QoS on the spoke router source interface for the tunnels does not show drops taking place in the signaling class, which includes dscp cs3 (24) af31 (26) cs6 (48) cs7 (56). There were drops shown for the tunnel interface before the counters were cleared; in the last 16 hours, there are no drops shown on it, but the tunnel flapped again 11 hours ago.

With that said, all of that is on the spoke side; perhaps there's a bandwidth constraint problem on the hub side. That's something I'll have to dig into.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Verbatim

‎01-13-2024 10:48 AM

when it happened again 
show ip eigrp interface detail 
if the counter is increase then the eigrp packet not ack from hub and eigrp reset.
MHM

0 Helpful

Verbatim
Level 1
Level 1
In response to MHM Cisco World

‎01-13-2024 11:05 AM

terminal.png

0 Helpful

Verbatim
Level 1
Level 1
In response to MHM Cisco World

‎01-13-2024 11:07 AM

I also posted show interface tunnel 1100 output as text file to the initial post; it shows there isn't a lot of traffic on this tunnel.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Verbatim

‎01-13-2024 11:13 AM - edited ‎01-13-2024 11:14 AM

Show ip eigrp neighbor detail 

Share this 

Also what is this platform' it not ios nor ios xe.

MHM

0 Helpful

Verbatim
Level 1
Level 1
In response to MHM Cisco World

‎01-13-2024 11:30 AM

rx57-409vt-2#show platform
Chassis type: C1111-8P

rx57-409vt-2>show version
Cisco IOS XE Software, Version 16.09.04

System image file is "bootflash:c1100-universalk9_ias.16.09.04.SPA.bin"

terminal2.png

0 Helpful

MHM Cisco World
VIP
VIP
In response to Verbatim

‎01-13-2024 11:40 AM

As I guess 

The retrans count is 1 and rto is 600 (little high).

Check qos and bw.

MHM

0 Helpful

Verbatim
Level 1
Level 1
In response to MHM Cisco World

‎01-13-2024 11:02 AM

Problem does not appear to be a bandwidth constraint issue from the hub side. That doesn't mean that there isn't a bandwidth related issue causing drops somewhere in the route between the hub and spoke, but that's going to be quite a rabbit hole to dive down.

0 Helpful

paul driver
VIP
VIP

‎01-13-2024 03:37 AM

Hello
As you are using phase 2 DMVPN with dynamic eigrp routing, trying mapping the spoke to the hub for multicast

rx57-409vt-2 (Spoke)
interface Tunnel1100
ip nhrp map multicast aaa.bbb.ccc.ddd
no tunnel destination aaa.bbb.ccc.ddd
tunnel mode gre multipoint


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Verbatim
Level 1
Level 1
In response to paul driver

‎01-13-2024 11:12 AM

I'm not sure whether we are using phase 2 DMVPN with dynamic eigrp routing. What would I see if we were?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card