Tunnel Interfaces on 2951 router

Richard Bradfield · ‎04-12-2011

We have just installed our first 2951 router, and were suprised to see in our Netflow collector that Tunnel interfaces appeared even though we

did not configure any, I have seen other posts talking about PIM tunnel when using Multicast, but we dont use multicast and the tunnel is GRE

questions are, where do these interfaces come from? how do they pick up an IP address? can we shut them down?

IOS is 150-1.M4 loopback interface ip address is 172.16.224.238 ( tunnel source)

see output from sh int below

Tunnel0 is up, line protocol is up
Hardware is Tunnel
Interface is unnumbered. Using address of Tunnel1 (172.16.0.1)
MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 99/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 172.16.224.238
Tunnel protocol/transport multi-GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1472 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output never, output hang never
Last clearing of "show interface" counters 2d23h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 39000 bits/sec, 27 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     21403569 packets output, 27600802831 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

daedae7878 · ‎04-12-2011

I'm not sure why it is up by default doesn't make a whole lot of sense. It's a form of unencrypted VPN used for authentication and integrity. But you can get into it just like a loopback address. I have no idea why it pulled private address and assigned them. Did you get it used

Router(config)# interface tunnel0

Router(config-if)# shutdown

Latchum Naidu · ‎04-13-2011

Are you able to see the tunnel interface in router "sh int brief"? If the interface is there in router you just need to make shutdown that.

Even if the interface is not there in router bust still appearing in NetFlow, Check whether you are getting any stats on the tunnel interface.

And also you can just unmanage the interface in NetFlow?

Please rate the all helpfull posts.
Regards,
Naidu.

Richard Bradfield · ‎04-13-2011

Naidu

Yes the interfaces appear in the "sh ip int br" see below

Serial0/1/0:9 unassigned YES unset up up

Serial0/1/0:15 unassigned YES NVRAM up up

Loopback0 172.16.224.238 YES NVRAM up up

Tunnel0 172.16.0.1 YES unset up up

Tunnel1 172.16.0.1 YES unset up up

Tunnel2 172.16.0.1 YES unset up up

and doing a sh int tu0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 1216000 bits/sec, 127 packets/sec

tu1

5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec

tu2

5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 89000 bits/sec, 71 packets/sec

there is no destination address on these tunnels, so what is this data and where s it going?

daedae7878 · ‎04-13-2011

If tha is the show ip interface brief command then those tunnels aren't going anywhere. Since the tunnel travels through pre-established links. Not to mention it's sending them to a private address. As you can tell in the output of that command it is only sending data, it's not showing you that it's dropping it. This is the reason why there is no incoming. Just go into each tunnel like it was a loopback address and shut them down

Richard Bradfield · ‎04-17-2011

Derrick,

when go into router to try and shut down get messages as below

BRLRTR01(config)#int tu1
% This interface cannot be modified
BRLRTR01(config)#int tu0
% This interface cannot be modified

so I think these interfaces are part of the 2951 Architecture

paolo bevilacqua · ‎04-18-2011

chrbradf1 wrote:

Derrick,

when go into router to try and shut down get messages as below

BRLRTR01(config)#int tu1
% This interface cannot be modified
BRLRTR01(config)#int tu0
% This interface cannot be modified

so I think these interfaces are part of the 2951 Architecture

No, they are not. You have some other commands creating these and preventing modifications.

mariomon · ‎08-09-2017

It seems that its related to WCCP.

https://supportforums.cisco.com/document/60636/gre-redirection-wccp-creates-new-tunnel-interfaces

Richard Burts · ‎08-09-2017

Yes I have seen situations where IOS using layer 3 redirection for WCCP does create GRE tunnels to carry the traffic to the web cache engine. And this would help explain why the observed GRE tunnels were operating one way, sending but not receiving data.

HTH

Rick

HTH

Rick