cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1267
Views
0
Helpful
29
Replies
Highlighted
Beginner

looped chain attempting to stack

Hey everyone I'm running into an issue with recursive routing and can't seem to figure out how to fix it. I have an IPSEC with GRE runnning OSPF. The tunnel comes up fine but OSPF is flapping. It appears that the route to the destination is via the tunnel itself which is an issue. I inflated the ospf cost of the tunnel interfaces but that didn't help. I also added in a static route to the tunnel destination on each router but that didn't help either. From what I've read in most cases this causes the tunnel to go down but in my case the tunnel stays up on both sides. Configs are attached.

CaptureError.PNG

head1.PNGHeadend route to branch tunnel IP

branch1.PNGBranch route to Headend tunnel IP

Everyone's tags (3)
29 REPLIES 29
VIP Advisor

Re: looped chain attempting to stack

check this document may help you.

 

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/22327-gre-flap.html

BB
*** Rate All Helpful Responses ***
VIP Engager

Re: looped chain attempting to stack

Hi,

I have noticed there is some miss configuration on the branch router routing. Also, confirm that are you advertising any default route on the OSPF?

 

Please make below changes in the branch router configuration:

 

no ip route 10.192.0.254 255.255.255.255 2.2.2.1
ip route 1.1.1.1 255.255.255.255 2.2.2.1 

 

Here, I am assuming that you have changed the IP address in attached configuration or this is a lab (because 1.1.1.1 is known IP). Here 1.1.1.1 is your Head office IP address and 2.2.2.1 is your branch office gateway. 

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Resume duty after a long holiday
VIP Advisor

Re: looped chain attempting to stack

Hello


1) Remove the static routes for each tunel interfaces that are pointing to what looks like a recursive next-hop


Head
no ip route 10.192.0.17 255.255.255.255 198.190.160.1

 

Spoke
no ip route 10.192.0.254 255.255.255.255 2.2.2.1


2) Check your default routes to make sure their next-hop address are correct as it lookslike you have typo's
Head
ip route 0.0.0.0 0.0.0.0 1.1.1.1 < ?

interface GigabitEthernet0/0/1
 description WAN UPLINK
 ip address 1.1.1.1 255.255.255.0

3)
router ospf 1
passive interface default

no passive interface tunnel x



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Beginner

Re: looped chain attempting to stack

I made the suggested changes. I fixed the typo's and uploaded new configs. I'm still getting the same error. Also here is a snip of the routing table from the branch router after making the changes. I don't think it should be learning 10.192.0.17 right?

 

branchroute.PNG

VIP Engager

Re: looped chain attempting to stack

Hi,

Also, make below changes in the configuration:

Head Office:

interface Tunnel1

no ip policy route-map VPN-Internal

 

And Why are you ignoring a Basic OSPF area concept? Why everything in the Area1? It is not making an issue in current network but will make issue while increasing spokes in the network. 

 

Branch Office:

 

crypto ipsec transform-set trans2 esp-aes esp-md5-hmac
mode transport

!

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Resume duty after a long holiday
Beginner

Re: looped chain attempting to stack

I removed the route map from the headend and made the change on the branch, bounced the tunnel and got the same error message. 

 

This tunnel will act as a backup for WAN sites. All WAN sites are in area 1. Campus area 100 and backbone area 0. 

VIP Engager

Re: looped chain attempting to stack

Hi,

Again I went through the DMVPN configuration and found that you have enabled Phase3 on the HUB site as below:

 

interface Tunnel1
ip nhrp redirect

 

And you didn't enable on the Spoke router. Spoke is still working on Phase2. try below commands:

 

interface Tunnel1
ip nhrp shortcut

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Resume duty after a long holiday
Beginner

Re: looped chain attempting to stack

That command (ip nhrp shortcut) isn't explicitly stated when active on the tunnel interface. But is stated when you enter no ip nhrp shortcut. When I enter the ip nhrp shortcut command it breaks the OSPF adjancy. 

VIP Engager

Re: looped chain attempting to stack

Hi,

Share OSPF routing and routing output.

 

Show ip route ospf

 

Sho ip route

 

Sho ip nhre brief

 

show Dmvpn 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Resume duty after a long holiday
Beginner

Re: looped chain attempting to stack

Show commands are attached. The DMVPM results is interesting (at least I think). I ran the command a few times and had different results. You will notice that the state changed from NHRP to UP in the photo below. But I think the issue is NRHP the next hop and target network are the same.

 

dmvpn.PNG.jpg

 

NHRP.PNG

 

 

 

 

Enthusiast

Re: looped chain attempting to stack

I believe you have made the changes the others suggested. However, I noticed that both your Hub and Spoke are configured with same OSPF priority.

 

ip ospf priority 2

 

The Hub should always be the DR, hence set it with the highest priority or make the Spokes 0 priority.

Beginner

Re: looped chain attempting to stack

I made that change on the branch and I'm still seeing the same looped chain message. Here is the sh ip NHRP result.

 

Router#sh ip nhrp
10.192.0.254/32 via 10.192.0.254 - I think this is the problem.
Tunnel1 created 00:02:56, never expire
Type: static, Flags:
NBMA address: 1.1.1.237

Enthusiast

Re: looped chain attempting to stack

There is nothing wrong with the output of Sh ip nhrp. That is the correct output, as you should see only the Hub address mapped to the NBMA. This is not recursive routing. You can ping any address behind the Hub from the Spoke, with the tunnel IP as the source and see if it goes through the tunnel or not

 

If you're worried about recursive routing in the future, then put the WAN interface in a VRF and also reference the VRF in the Tunnel interface (Tunnel vrf command) and static default route.

 

If I may ask, why is your NBMA 1.1.1.237, while the Hub config file shows 1.1.1.2. Was that a typo?

 

 

Beginner

Re: looped chain attempting to stack

Configure the WAN in a VRF on the spoke? I can ping the tunnel IP but nothing else. There is a typo in the config file....trying to mask the public IP. 

 

ping.PNG

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards