04-14-2023 06:57 AM - last edited on 04-17-2023 10:29 PM by Translator
Basically, I have created a GRE tunnel
I'd put Packet Tracer file, but the discussion won't accept the format
these are the networks
OSPF 10
area 0
GRE tunnel
172.16.100.0 /30
CS1-R1 net
192.168.1.0 /30
R1-ISP net
1.1.1.0 /30
R2-ISP net
1.1.1.4 /30
R2-CS2
192.168.2.0 /30
The errors started randomly 10-15 minutes after finalizing the setup
you can check everything in the command log. There is a chance I am missing something, a newbie yet
these are the errors from R1
00:20:10: %OSPF-5-ADJCHG: Process 10, Nbr 5.5.5.5 on Tunnel1 from LOADING to FULL, Loading Done
00:20:50: %OSPF-5-ADJCHG: Process 10, Nbr 5.5.5.5 on Tunnel1 from FULL to DOWN, Neighbor Down: Dead timer expired
00:20:50: %OSPF-5-ADJCHG: Process 10, Nbr 5.5.5.5 on Tunnel1 from FULL to DOWN, Neighbor Down: Interface down or detached
Error from R2:
03:20:53: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on Tunnel1 from LOADING to FULL, Loading Done
%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of 1 65E900C0 - looped chain attempting to stack
%TUN-5-RECURDOWN: 1 temporarily disabled due to recursive routing
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of 1 65E900C0 - looped chain attempting to stack
%TUN-5-RECURDOWN: 1 temporarily disabled due to recursive routing
03:21:03: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on Tunnel1 from FULL to DOWN, Neighbor Down: Interface down or detached
Solved! Go to Solution.
04-14-2023 10:30 AM
Hello
You have recursive routing - the tunnel source/destinations are being learned through the tunnel itself, hence the error logging.
you need to negate advertising tunnel source/destination subnets via the tunnel
04-14-2023 10:38 AM
I entered No default-information originate on R1 and no more errors occured, I'm still really new to networking, so might miss something obvious, but probably this was PT bug
04-14-2023 08:45 AM - last edited on 04-17-2023 10:31 PM by Translator
Hi @George Vanyan ,
The issue is that the tunnel destination on R1 and R2 is being learnt via ospf and that creates a loop. You need to configure a static route on R1 and R2 for the tunnel destination.
R1:
ip route 1.1.1.6 255.255.255.255 1.1.1.1
R2:
ip route 1.1.1.2 255.255.255.255 1.1.1.5
This will take care of the loop.
Regards,
04-14-2023 09:23 AM
ip route 0.0.0.0 0.0.0.0 1.1.1.1 111 Remove this ip route 172.16.100.2 255.255.255.255 GigabitEthernet0/0/0 Remove this ip route 172.16.100.2 255.255.255.255 1.1.1.1
04-14-2023 09:23 AM
ip route 0.0.0.0 0.0.0.0 1.1.1.5 111 Remove this ip route 172.16.100.1 255.255.255.255 GigabitEthernet0/0/0 Remove this ip route 172.16.100.1 255.255.255.255 1.1.1.5
04-14-2023 09:25 AM
Also NAT with overload config' I dont get it' can you more elaborate more about this config.
04-14-2023 10:03 AM
yeah, NAT overload enables PAT which was actually needed to block the traffic in the 10.10.1.0; 2.0; 3.0; 4.0; 5.0 and 6.0 networks from moving via ISP router. It should've made the traffic move via only the tunnel. that was the idea
04-14-2023 10:05 AM
04-14-2023 10:16 AM
both recommendations implemented - same error occurs
04-14-2023 10:21 AM
Only remove the NAT from both side and check
04-14-2023 10:28 AM - last edited on 04-17-2023 10:33 PM by Translator
no ip nat inside source list GRE interface
GigabitEthernet0/0/0 overload
this one is needed, right
04-14-2023 10:59 AM - last edited on 04-17-2023 10:34 PM by Translator
Yes I think it NATing issue if you remove static route I mention before.
For recursive routing it happened when you run routing protocol in tunnel have AD better than routing protocol for tunnel source
Here ospf ad=90 and default route ad=1
So I think it NATing issue.
How I know that I run one time lab for dmvpn the tunnel flapping when NAT is config.
So we need to exclude gre from NAT
Deny gre any any I think is need.
I am out now when back home I will check again.
04-14-2023 10:30 AM
Hello
You have recursive routing - the tunnel source/destinations are being learned through the tunnel itself, hence the error logging.
you need to negate advertising tunnel source/destination subnets via the tunnel
04-14-2023 10:31 AM
apologies I see @Harold Ritter has already provides a solution
04-14-2023 10:34 AM
@Harold Ritter ' s solution did not work
04-14-2023 10:46 AM
Configuring the tunnel destination as a static route towards the ISP is a very commonly seen solution to ensure that you do not get into a loop. I am not sure why it didn't work for you.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide