11-25-2022 08:54 PM
Hello there,
I've created this post because i'm having such a hard time trying to resolve this problem.
I have a GRE Tunnel between two stores with a Cisco 891 in one and a Cisco 4200 in the another. The store with the 4200 have a MPLS service, and the 891 only have a common ISP service.
From the 4200, i'm unable to reach the 891. But from the 891 i can get to any IP routed in the other device. There is no restrictions of ICMP or blocking traffic from the 891.
I found out that the 4200 has problems with the communication over the GRE tunnel, showing this in the interface
sh int tunnel48
Tunnel48 is up, line protocol is up
Hardware is Tunnel
Description: CDP_TMZ
Internet address is 192.168.112.2/30
MTU 9976 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 15/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation up
Tunnel source 192.168.110.133 (Loopback48), destination 192.168.111.28
Tunnel Subblocks:
src-track:
Tunnel48 source tracking subblock associated with Loopback48
Set of tunnels with source Loopback48, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output 00:00:08, output hang never
Last clearing of "show interface" counters 04:20:53
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 6000 bits/sec, 4 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
170234 packets output, 90680855 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
As you can see, the interface has 0 inputs packets and input rate. Theres no communication to the 891 interface.
ping 192.168.111.28 source 192.168.110.133
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.111.28, timeout is 2 seconds:
Packet sent with a source address of 192.168.110.133
.....
Success rate is 0 percent (0/5)
But, from the 891, checking the Tunnel interface I have different results
sh int Tunnel48
Tunnel48 is up, line protocol is up
Hardware is Tunnel
Description: Tunel al Resto-TMZ
Internet address is 192.168.112.1/30
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 17/255, rxload 35/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.111.28 (Loopback48), destination 192.168.110.133
Tunnel Subblocks:
src-track:
Tunnel48 source tracking subblock associated with Loopback48
Set of tunnels with source Loopback48, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:00, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 75
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 14000 bits/sec, 11 packets/sec
5 minute output rate 7000 bits/sec, 4 packets/sec
336883 packets input, 114183922 bytes, 0 no buffer
Received 0 broadcasts (154689 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
171547 packets output, 45965047 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
And pinging the tunnel from the 891
ping 192.168.110.133 source 192.168.111.28
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.110.133, timeout is 2 seconds:
Packet sent with a source address of 192.168.111.28
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/41/44 ms
Before the 891 there was a 881 device working perfectly, some days ago the 881 broke and by requerimentes of the market it needed to be changed inmmediatly, so I put the 891 with a backup with the same configuration that the 881 had before.
Also, there are A LOT of packet loss reaching the 4200 tunnel.
ping 192.168.110.133 source 192.168.111.28 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.110.133, timeout is 2 seconds:
Packet sent with a source address of 192.168.111.28
!!!!!!.!!.!!!!!!!!!!!.!!!.!!!!!!!!!!!!!!!!!!!.!!!.!!.!!.!!!!!!!!.!.!!!
!!!!!!.!.!!!!!!!!!!!!!!!!!!!!!
Success rate is 88 percent (88/100), round-trip min/avg/max = 40/42/52 ms
Any suggestions on resolving this issue?
Thanks
11-26-2022 12:39 AM
- Usually you need to change and or lower MTU values on a GRE tunnel , I also see some conflicting values , from the show tunnel outputs (4200)Tunnel 48 has ...> MTU 9976 bytes , but the transport MTU is 1476 bytes. On the 891 Tunnel48 has >...MTU 17196 , but transport MTU is also 1476 bytes.
M.
11-26-2022 01:39 AM
you have 100% issue with tunnel destination reachable,
can I see the routing table of 4200 ??
11-26-2022 09:17 AM - edited 11-26-2022 09:19 AM
Hello
Do you obtain the same intermittent connection if you DONT source from the loopbacks in your ping?
Can you share the ip route table for those tunnel addresses please?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide