Solved: OSPF Adjchg error, adj-5-parent error, recursive routing error in PT

George Vanyan · ‎04-14-2023

Basically, I have created a GRE tunnel

I'd put Packet Tracer file, but the discussion won't accept the format

these are the networks

OSPF 10
area 0

GRE tunnel
172.16.100.0 /30

CS1-R1 net
192.168.1.0 /30

R1-ISP net
1.1.1.0 /30

R2-ISP net
1.1.1.4 /30

R2-CS2
192.168.2.0 /30

The errors started randomly 10-15 minutes after finalizing the setup

you can check everything in the command log. There is a chance I am missing something, a newbie yet

these are the errors from R1

00:20:10: %OSPF-5-ADJCHG: Process 10, Nbr 5.5.5.5 on Tunnel1 from LOADING to FULL, Loading Done

00:20:50: %OSPF-5-ADJCHG: Process 10, Nbr 5.5.5.5 on Tunnel1 from FULL to DOWN, Neighbor Down: Dead timer expired

00:20:50: %OSPF-5-ADJCHG: Process 10, Nbr 5.5.5.5 on Tunnel1 from FULL to DOWN, Neighbor Down: Interface down or detached

Error from R2: 

03:20:53: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on Tunnel1 from LOADING to FULL, Loading Done

%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of 1 65E900C0 - looped chain attempting to stack

%TUN-5-RECURDOWN: 1 temporarily disabled due to recursive routing

%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down

%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of 1 65E900C0 - looped chain attempting to stack

%TUN-5-RECURDOWN: 1 temporarily disabled due to recursive routing

03:21:03: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on Tunnel1 from FULL to DOWN, Neighbor Down: Interface down or detached

paul driver · ‎04-14-2023

Hello
You have recursive routing - the tunnel source/destinations are being learned through the tunnel itself, hence the error logging.
you need to negate advertising tunnel source/destination subnets via the tunnel

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

George Vanyan · ‎04-14-2023

I entered No default-information originate on R1 and no more errors occured, I'm still really new to networking, so might miss something obvious, but probably this was PT bug

View solution in original post

Harold Ritter · ‎04-14-2023

Hi @George Vanyan ,

The issue is that the tunnel destination on R1 and R2 is being learnt via ospf and that creates a loop. You need to configure a static route on R1 and R2 for the tunnel destination.

R1:

ip route 1.1.1.6 255.255.255.255 1.1.1.1

R2:

ip route 1.1.1.2 255.255.255.255 1.1.1.5

This will take care of the loop.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎04-14-2023

ip route 0.0.0.0 0.0.0.0 1.1.1.1 111
Remove this ip route 172.16.100.2 255.255.255.255 GigabitEthernet0/0/0 
Remove this ip route 172.16.100.2 255.255.255.255 1.1.1.1

MHM Cisco World · ‎04-14-2023

ip route 0.0.0.0 0.0.0.0 1.1.1.5 111
Remove this ip route 172.16.100.1 255.255.255.255 GigabitEthernet0/0/0 
Remove this ip route 172.16.100.1 255.255.255.255 1.1.1.5

MHM Cisco World · ‎04-14-2023

Also NAT with overload config' I dont get it' can you more elaborate more about this config.

George Vanyan · ‎04-14-2023

yeah, NAT overload enables PAT which was actually needed to block the traffic in the 10.10.1.0; 2.0; 3.0; 4.0; 5.0 and 6.0 networks from moving via ISP router. It should've made the traffic move via only the tunnel. that was the idea

George Vanyan · ‎04-14-2023

here's how it all looks

George Vanyan · ‎04-14-2023

both recommendations implemented - same error occurs

MHM Cisco World · ‎04-14-2023

Only remove the NAT from both side and check

George Vanyan · ‎04-14-2023

no ip nat inside source list GRE interface

GigabitEthernet0/0/0 overload

this one is needed, right

MHM Cisco World · ‎04-14-2023

Yes I think it NATing issue if you remove static route I mention before.

For recursive routing it happened when you run routing protocol in tunnel have AD better than routing protocol for tunnel source

Here ospf ad=90 and default route ad=1

So I think it NATing issue.

How I know that I run one time lab for dmvpn the tunnel flapping when NAT is config.

So we need to exclude gre from NAT

Deny gre any any I think is need.

I am out now when back home I will check again.

paul driver · ‎04-14-2023

Hello
You have recursive routing - the tunnel source/destinations are being learned through the tunnel itself, hence the error logging.
you need to negate advertising tunnel source/destination subnets via the tunnel

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎04-14-2023

apologies I see @Harold Ritter has already provides a solution

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

George Vanyan · ‎04-14-2023

@Harold Ritter ' s solution did not work

Harold Ritter · ‎04-14-2023

@George Vanyan ,

Configuring the tunnel destination as a static route towards the ISP is a very commonly seen solution to ensure that you do not get into a loop. I am not sure why it didn't work for you.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México