No traffice on GRE Tunnel

faamin011 · ‎01-05-2013

Cisco 3750x (IP Services)

interface Tunnel0

description " /\/\/\/\ XXX /\/\/\/\ "

bandwidth 256

ip flow ingress

ip address 192.168.1.1 255.255.255.252

keepalive 5 3

tunnel source 10.100.100.1

tunnel destination 10.100.100.2

end

interface GigabitEthernet1/0/24

description """XXX"""

no switchport

ip address 10.100.100.1 255.255.255.252

router ospf 1
network 10.50.50.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.3 area 0

sh int tun 0

Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec

sh int gi 1/0/24

Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec

Why traffic is not travelling from tun 0

gaurav bhardwaj · ‎01-05-2013

send the full configuration both side

cadet alain · ‎01-05-2013

Hi,

Which traffic ?

Regards.

Alain

Don't forget to rate helpful posts.

Joseph W. Doherty · ‎01-05-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

3650/3750 series do not support tunnel interfaces (at least through 12.5[55]).

See

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swuncli.html#wp1021184

Rolf Fischer · ‎01-05-2013

Looks like you are "tunneling" a directly connected neighbor on network 10.100.100.0/30.

interface Tunnel0

tunnel source 10.100.100.1

tunnel destination 10.100.100.2

!

interface GigabitEthernet1/0/24

ip address 10.100.100.1 255.255.255.252

!

This doesn't make sense because the physical connection will be the prefered one.

Taken from https://supportforums.cisco.com/docs/DOC-15948:

"Recursive routes

(...)

GRE tunnel has better metric over physical link as they are directly connected

(...)"

HTH

Rolf

shamax_1983 · ‎01-05-2013

Hi Fahad,

Yes as Rolf explained it wouldn't send traffic through the tunnel because you have a connected subnet.

you can simply verify this by looking at your routing table and check which interface is shown as the nexthop for the interrested network.

If you want to force traffic over the tunnel for any specific network, remove that from the OSPF and have static routes pointing the tunnel.

Please rate this post if you find it helpful.

Shamal

Rolf Fischer · ‎01-06-2013

On closer inspection I noticed that network 10.100.100.0/30 seems not to run OSPF anyway, so I've to correct my previous post regarding recursive routing.

I assume, an adjacency has been established?

R1#show ip ospf interface tunnel 0

Tunnel0 is up, line protocol is up

Internet Address 192.168.1.1/30, Area 0

Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 11111

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

...

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 2.2.2.2

Suppress hello for 0 neighbor(s)

If so, at least control traffic should be send across Tunnel0 (among keepalives).

R1#show ip ospf traffic | beg Tunnel0

Interface Tunnel0

OSPF packets received/sent

Invalid Hellos DB-des LS-req LS-upd LS-ack Total

Rx: 0 135 2 1 1 2 141

Tx: 0 138 3 0 3 1 145

Regards

Rolf

P.S.: Are you just playing around or what do you want to achieve with this setup?

faamin011 · ‎01-06-2013

We are running huge infrastructure around 200 nodes on similar gre configuration and found no issue. Right now we have procured new 3750x 24SE (12.2 (58) SE2) which seems no traffice on tunnel . its new configuration for new node..

As 10.100.100.0 is not advertised on ospf then it should be route via tunnel but whenever i generate traffic by only generating icmp packets towards destination then traffice comes on giga but not on tunnel, as shown above.

Although ospf neighbourship has been establised via tunnel but don't know why traffic not touching there.

Richard Burts · ‎01-06-2013

The configuration that you have posted looks appropriate and I do not see any particular issues with it.

You have posted output of show commands about the interfaces but not about OSPF. It would help if you could post the output of show ip ospf interface from the switch to verify that OSPF is correctly running on the interface, and the output os show ip ospf neighbor to verify that OSPF is successfully establishing a neighbor relationship.

Assuming that those look correct it would then be helpful if you post the output of show ip route so that we can see what routes are advertised via OSPF via the tunnel.

HTH

Rick

HTH

Rick

faamin011 · ‎01-24-2013

I have replaced ospf with static routing, it's ok in lab, will apply in production and let u aware

Joshua Senft · ‎01-25-2013

It would seem to me that this would work with /32 subsets on the physical interfaces but making them /30's causes the issue.

EDIT: Well it would work if the .2 address is physically the next hop but then why the GRE tunnel? Planning on applying encryption or something?

Sent from Cisco Technical Support iPad App

paul driver · ‎01-26-2013

Hello Fared,

Joseph is correct:

The General Routing Encapsulation (GRE) tunnel is not supported by the Cisco Catalyst 3750 Series Switches. Even though this feature can be configured with CLI, the packets can be neither switched by hardware, nor by software, which increases the CPU utilization.

Note: Only Distance Vector Multicast Routing Protocol (DVMRP) tunnel interfaces are supported for multicast routing in the Catalyst 3750. Even for this, packets cannot be switched with hardware. The packets routed through this tunnel must be switched through software. The larger number of packets forwarded through this tunnel increases CPU utilization.

There is no workaround for this problem. This is a hardware limitation in the Catalyst 3750 Series Switches.

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a00807213f5.shtml

Please don't forget to rate this post if it has been helpful.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul