Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1876
Views
0
Helpful
4
Replies

ospf over gre-tunnel, shut-down of physikal Interface no failover

Go to solution
gaigl
Level 3
Level 3

‎10-10-2010 10:50 PM - edited ‎03-04-2019 10:03 AM

Hello together,

we have a branche Office connected to the Headquarter via leased line and backup over ISDN.

on the leased line is a gre-tunnel configuered and over the tunnel runs a ospf-process. now we want replace the ISDN with a adsl-connection. Over the adsl connection is a 2. Tunnel configured and the 2.tunnle takse part in the ospf routing.

so now, if i shut down the primary tunnel, the traffic switches to the secondary tunnel -> fine!

but if i shut down the PHYSIKAL Interface of the primary Tunnel the traffic switches to the ISDN-Connection (not Part of the OSPF-process) !!!???

first i thought its an issue of Router id, but after establishing loopback interface and configuering router-id, its the same.

any Idea?

Thanks for help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to gaigl

‎10-11-2010 12:17 AM

Hello Karl,

Everything you described is OK but I have a feeling we do not understand each other. It is logical to see a failover if you deactivate the Tunnel interface because then, obviously, no packets can be tunneled through it. However, I am saying that deactivating the physical interface will not solve your problem, and neither will adding the physical's interface IP address into your routing protocol (doing so may even aggravate the situation by creating a recursive routing entry in the router adjacent over a tunnel).

Please read my earlier post more carefully. My primary point is: despite deactivating the physical interface, the primary's tunnel destination is still reachable thanks to other routing entries in the routing table, and therefore the tunnel remains up and running and from the OSPF viewpoint, there is no point in doing any failover - OSPF does not see any change whatsoever.

Perhaps it would be helpful if you posted these outputs:

  • show ip route when the primary physical interface is up
  • show ip route when the primary physical interface is down
  • show runn interface TunnelX to see the configuration of your TunnelX (substitute the X with the number of your primary Tunnel)

Best regards,

Peter

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎10-10-2010 11:46 PM

Karl,

Most probably, what happens is that even if you shutdown the primary physical interface, there is still a route entry available in your routing table that allows the primary Tunnel interface to reach its destination defined using the tunnel destination command. Because of this route, the Tunnel remains fully functional and you see no failover. Note that this has nothing to do with the OSPF configuration - the OSPF is run inside the tunnel while the issue that you are experiencing deals with the tunnel itself.

The solution should be quite simple in your case: Let's assume that the tunnel destination is 192.0.2.2 and that the primary physical interface is Fa0/0. Your routing table then needs to contain an entry that matches specifically the tunnel destination - 192.0.2.2, and either points towards the Fa0/0 interface, or it points towards the Null0 interface to discard the packets if the Fa0/0 is not operable:

ip route 192.0.2.2 255.255.255.255 Fa0/0 A.B.C.D
ip route 192.0.2.2 255.255.255.255 Null0 2

The A.B.C.D is the next-hop router connected to the Fa0/0 interface. This way, if the Fa0/0 is working, the tunnel destination will be reachable through it. If the Fa0/0 is not working, the route will be replaced with the discard route pointing towards Null0.

Note that having just the first routing entry would not help to solve the entire issue - if you have a default route in your router pointing towards the ISDN, it would also match the tunnel destination - and I suppose it is something that happens right now - so you won't see any failover because from the viewpoint of the tunnel, none is necessary.

Best regards,

Peter

0 Helpful

Go to solution
gaigl
Level 3
Level 3
In response to Peter Paluch

‎10-11-2010 12:06 AM

Hi Peter,

1. in our case the the Tunnel is the Basis of the OSPF-Process; the participating Networks are the Network adresses of the Tunnel.

2. I see a failover if i shut down the Tunnel Interface (lost of 5 Pings, different Routing Table, different Latency)

3. to establish the Tunnel, there are static Routes with different metrics

branch#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
Router-id of headquarter    0   FULL/  -        00:00:32    192.168.191.102 Tunnel100 (adsl)
Router-id of headquarter    0   FULL/  -        00:00:30    192.168.191.2   Tunnel0      (primary, leased-line)

so from my view:

the Tunnels are absolut ok, i think the Routing Process needs the IP-Adress of the Primary Physical Interface and that schoudn't!

if you need some more Info, please let me know

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to gaigl

‎10-11-2010 12:17 AM

Hello Karl,

Everything you described is OK but I have a feeling we do not understand each other. It is logical to see a failover if you deactivate the Tunnel interface because then, obviously, no packets can be tunneled through it. However, I am saying that deactivating the physical interface will not solve your problem, and neither will adding the physical's interface IP address into your routing protocol (doing so may even aggravate the situation by creating a recursive routing entry in the router adjacent over a tunnel).

Please read my earlier post more carefully. My primary point is: despite deactivating the physical interface, the primary's tunnel destination is still reachable thanks to other routing entries in the routing table, and therefore the tunnel remains up and running and from the OSPF viewpoint, there is no point in doing any failover - OSPF does not see any change whatsoever.

Perhaps it would be helpful if you posted these outputs:

  • show ip route when the primary physical interface is up
  • show ip route when the primary physical interface is down
  • show runn interface TunnelX to see the configuration of your TunnelX (substitute the X with the number of your primary Tunnel)

Best regards,

Peter

0 Helpful

Go to solution
gaigl
Level 3
Level 3
In response to Peter Paluch

‎10-11-2010 06:34 AM

Hello Peter

,

seems you were right.

i recognized that the secondary tunnel was established over the primary physical Interface instead of Dialer Interface of ADSL :-((

Now i've managed it to establish 2 DIFFERENT Tunnels.

"sh crypto session" and "sh crypto isakmp sa" show 2 different Endpoints and Sessions

But i can't test the failover of OSPF until Friday

Thanks a lot

Karl

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card