EIGRP Tunnel Hold Time Expires Top of the Hour - Page 2

Verbatim · ‎01-12-2024

Spoke logs attached; hub seems to show corresponding “peer termination received” entries. Hold time seems to be expiring at the top of the hour in most cases shown (exceptions: Dec 2nd, 4th, 16th, and 17th). Unlikely enabling debugs on the hub will be acceptable, log load would be too high (unless there’s a way to only debug for this particular spoke).

Will show excerpts of the config for hub and spoke below. Note that there are 2 tunnels on the spoke; not experiencing any issues on the other tunnel, which I believe is configured very similarly to this one, to connect to a different hub.

Would it be a good idea to setup a capture filter on the hub?

rx57-409vt-2 (Spoke):
interface Tunnel1100
description Tunnel to rx7-208vt10 hub
bandwidth 20000
ip flow monitor MONITOR_IPV4 input
ip address 10.23.9.171 255.255.254.0
no ip redirects
no ip proxy-arp
ip mtu 1350
ip hello-interval eigrp 895 60
ip hold-time eigrp 895 180
ip nhrp authentication TunnAuth
ip nhrp map 10.23.8.1 aaa.bbb.ccc.ddd
ip nhrp network-id 10001
ip nhrp holdtime 300
ip nhrp nhs 10.23.8.1
ip tcp adjust-mss 1300
delay 1100
ipv6 flow monitor MONITOR_IPV6 input
tunnel source GigabitEthernet0/0/0
tunnel destination aaa.bbb.ccc.ddd
tunnel key 10001
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN-PROFILE
!
interface GigabitEthernet0/0/0
description NNM-MON to Comcast (redacted), Boeing (redacted), 20M, RJ45
bandwidth 20000
ip flow monitor MONITOR_IPV4 input
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
ip access-group Protect-the-Router-Inbound in
load-interval 30
negotiation auto
no cdp enable
ipv6 flow monitor MONITOR_IPV6 input
service-policy output QOS-WAN-UPLINK
ip virtual-reassembly
!

router eigrp 895
network 10.6.125.72 0.0.0.7
network 10.23.8.0 0.0.1.255
network 10.23.72.0 0.0.1.255
network 10.28.68.171 0.0.0.0
passive-interface default
no passive-interface Tunnel1000
no passive-interface Tunnel1100
eigrp stub connected
!

rx7-208vt10 (Hub):
interface Tunnel1100
description From authenticated spoke routers
bandwidth 10000000
ip address 10.23.8.1 255.255.254.0
no ip redirects
ip mtu 1350
ip hello-interval eigrp 895 60
ip hold-time eigrp 895 180
no ip next-hop-self eigrp 895
no ip split-horizon eigrp 895
ip flow monitor MONITOR_IPV4 input
ip nhrp authentication TunnAuth
ip nhrp map multicast dynamic
ip nhrp network-id 10001
ip nhrp holdtime 600
ip nhrp max-send 500 every 10
zone-member security external
ip summary-address eigrp 895 0.0.0.0 0.0.0.0
ip tcp adjust-mss 1300
delay 1100
ipv6 flow monitor MONITOR_IPV6 input
qos pre-classify
tunnel source GigabitEthernet0/0/0
tunnel mode gre multipoint
tunnel key 10001
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN-PROFILE
!

router eigrp 895
network 10.23.8.0 0.0.1.255
passive-interface default
no passive-interface Tunnel1100
!

MHM Cisco World · ‎01-13-2024

@paul driver correct you missing add

Under spoke tunnel

ip nhrp map multicast <hub ip>

MHM

Verbatim · ‎01-13-2024

The working tunnel doesn't have multicast:

interface Tunnel1000
description Tunnel to rx81-998vt10 hub
bandwidth 20000
ip flow monitor MONITOR_IPV4 input
ip address 10.23.72.171 255.255.254.0
no ip redirects
no ip proxy-arp
ip mtu 1350
ip hello-interval eigrp 895 60
ip hold-time eigrp 895 180
ip nhrp authentication TunnAuth
ip nhrp map 10.23.72.1 (redacted)
ip nhrp network-id 10000
ip nhrp holdtime 300
ip nhrp nhs 10.23.72.1
ip tcp adjust-mss 1300
delay 1000
ipv6 flow monitor MONITOR_IPV6 input
tunnel source GigabitEthernet0/0/0
tunnel destination (redacted)
tunnel key 10000
tunnel path-mtu-discovery
tunnel protection ipsec profile DMVPN-PROFILE
!

MHM Cisco World · ‎01-13-2024

The working router use neighbors under eigrp ?

MHM

Verbatim · ‎01-13-2024

Not exactly sure what you mean. The tunnel 1000 is pointing to working hub, rx81-998vt10. It does use eigrp.