Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2967
Views
0
Helpful
5
Replies

GRE Tunnel flapping after every one hour

mandar1607
Level 1
Level 1

‎10-11-2017 01:02 AM - edited ‎03-05-2019 09:16 AM

We have GRE tunnel which goes down after every one hour.

As far as I undersrand GRE dont use any keep alive by default.

Source Interface and Destination is reachable.

Not sure why still Tunnel is going down.

Labels:
0 Helpful
5 Replies 5

Moses Fernandes
Level 1
Level 1

‎10-11-2017 02:49 AM

Hello,

I did face this issue. What I did was to change the #tunnel source to physical interface of the router(#tunnel source GigabitEthernet0/0). It did help me to maintain the tunnel (not sure why but that did the trick for me). You can try it as well. Let us know the results.

 

Missing/skipping the keepalive command will ensure that the tunnel doesnt go down when the destination address is not reachable.

You may use to following command on the tunnel interface to  keepalive 10 50

 

If you still face issue, Kindly share the log.

 

Hope thats helpful.

Regards,

Moses.

0 Helpful

mandar1607
Level 1
Level 1
In response to Moses Fernandes

‎10-11-2017 02:51 AM

We are using phyical interface as tunnel source.

As tunnel is part of VRF we cannot use keep alive.

 

0 Helpful

mandar1607
Level 1
Level 1
In response to mandar1607

‎11-07-2017 01:50 AM

one more observation we are seeing with ikev2  phase 2 lifetime getting expired tunnel goes down 

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni

‎11-07-2017 04:03 AM - edited ‎11-07-2017 04:04 AM

Hi 

Try to tune up the tunnel for the overhead.

 

int tunnel X

ip mtu 1476

ip tcp-adjust mss 1436

 

Also you can configure an IP SLA to verify the connectivity. 

Hope it is useful

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Julio E. Moisa

‎11-07-2017 11:42 AM

The original post described this as a GRE tunnel. And the suggestions made in the posts responding are pretty much based on the assumption that this is a simple GRE tunnel. But the added observation which mentions ISAKMP makes it fairly clear that this is not a simple GRE tunnel but is a tunnel with encryption. This makes it a significantly different situation. I have seen many situations with an encrypted tunnel that goes down and it turns out that what causes the tunnel to go down is related to the encryption.

 

To offer helpful advice we need more and better information, starting with the configuration related to this tunnel and to the encryption.

 

Without having that information I will offer my first guess at what is causing this behavior. My guess is that initially there is interesting traffic, the presence of interesting traffic causes negotiation of the IPsec SA (including its lifetime) and that brings up the tunnel. The tunnel stays up during the negotiated lifetime. When the lifetime expires there is not interesting traffic to negotiate a new lifetime and the tunnel goes down. One way to verify this would be to bring up the tunnel and then to use commands to show the IPsec SA. Repeat these commands from time to time and watch the lifetime. As the lifetime gets toward zero see if the tunnel comes down. You might also get verification of this using debug output for IPsec negotiation.

 

HTH

 

Rick 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents