Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3603
Views
0
Helpful
9
Replies

GRE Tunnel using HSRP addresses

Enrico
Level 1
Level 1

‎06-12-2017 07:58 AM - edited ‎03-05-2019 08:41 AM

Hi All, just wanted to know if something has changed regarding the possibility to establish GRE tunnels specifying HSRP addresses as source/destination of the tunnel.
I read several old posts where it was defined as not possible, or people discouraged from doing that.
I have recently simulated such thing and everything works fine. Has anything changed so far? Is there any best practice or recommendation with respect to use or not to use these addresses?
Many thanks,

best regards

1 person had this problem
Labels:
0 Helpful
9 Replies 9

Philip D'Ath
VIP Alumni
VIP Alumni

‎06-12-2017 10:12 PM

I'm not aware of any issues with using HSRP as a GRE tunnel source or destination.

If it fits your design better - use it.

0 Helpful

Enrico
Level 1
Level 1
In response to Philip D'Ath

‎06-14-2017 07:38 AM

Ok, thank you Philip.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎06-13-2017 05:14 AM

Have you tried a GRE tunnel with packet sequence checking enabled?

0 Helpful

Enrico
Level 1
Level 1
In response to Joseph W. Doherty

‎06-14-2017 07:41 AM

Not sure about what you mean, can you please point me at an example of what you suggest?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Enrico

‎06-14-2017 12:21 PM

GRE tunnel interface command: tunnel sequence-datagrams

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Joseph W. Doherty

‎06-17-2017 09:45 AM

While the tunnel might come up and things look like they are working I believe that it introduces the possibility of several problems. For starters since the GRE tunnel is a point to point connection and the HSRP destination address might appear on different remote routers you would need to configure a tunnel on each of the remote routers (perhaps we might call them remoteA and remoteB. So our router would connect to either remoteA or remoteB but it does not know which one it is connected to. Is it possible that the route table at remoteA has some things that are different from remoteB? How would our router know which routes to use?

Let us also consider the aspect of which address will be used for the physical packet being sent over the tunnel. The post suggests that our router will be configured with our HSRP address as the source and that remoteA and remoteB will be configured with our HSRP address as the tunnel destination. But when our router sends a packet over the tunnel the packet source address will be the interface IP address and not the HSRP address. Will there be an impact when remoteA receives a GRE packet but the source address is not what it expected?

I suspect that there are some other potential issues but these are what comes easily to mind. I would suggest that you not use HSRP for the GRE source or destination address. Many of us have learned the lesson that while you CAN configure something does not necessarily mean that you SHOULD configure it.

HTH

Rick 

HTH

Rick
0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Richard Burts

‎06-18-2017 12:16 AM

There wont be any problems rburts.  When using a GRE tunnel with an HSRP address the tunnel only comes up on the active HSRP router.  All packets are sent using the HSRP address - never the routers own address.  Remote sites will only see the HSRP address and only need to talk to the HSRP address.  It truely looks like a single router to remote sites.

I've used this configuration lots as it is super simple and reliable.

0 Helpful

Matej.Ciso
Level 1
Level 1
In response to Philip D'Ath

‎06-18-2018 03:58 AM - edited ‎06-19-2018 02:15 AM

Hello Philip,

 

I´ve got one question regarding the hsrp configuration, how did you configured, lets call them destination tunnels, on those two remote routers? When I tried this configuration while running eigrp on both remote HSRP routers, eigrp neighbourship over tunnels was not established. 

 

The thing is that, when i configure same tunnel ends on both remote routers (source address is VIP), eigrp routing throught those tunnels does not work... i assume it is because of "dual homed" end of tunnels... 

 

Do you have any toughts regarding this issue?

THX

 

Picture attached.....

 

EDIT 18.6.2018:

Ok so i have found solution, at first i used GLBP insted of HSRP, and that made a quite difference... Did not realize it. And next thing was that i forgot to configure network in eigrp routing to make neighbourship (on one of those two remote routers....).

Preview file
14 KB
0 Helpful

Enrico
Level 1
Level 1
In response to Richard Burts

‎06-20-2017 12:15 AM

Thank you Richard, from what I can see on a test enviroment, it works as Philip described:

 - one tunnel up at a time (with the active HSRP endpoint)

 - GRE packets use HSRP address

It seems to me that it's not offending any rule with respect to establishing a simple tunnel: it is still a point to point connection as the HSRP address is effectively active just on one node at a time.

My goal is to provide tunnel redundancy for a customer without him to perform any change on its side. On my side, both routers are configured exactly the same, no route table differences.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card